diff --git a/creusot/src/analysis/borrows.rs b/creusot/src/analysis/borrows.rs index 22c68660f6..6043e49e63 100644 --- a/creusot/src/analysis/borrows.rs +++ b/creusot/src/analysis/borrows.rs @@ -121,7 +121,7 @@ impl<'tcx> Analysis<'tcx> for Borrows<'_, '_, 'tcx> { } fn apply_primary_statement_effect( - &mut self, + &self, trans: &mut Self::Domain, stmt: &mir::Statement<'tcx>, location: Location, @@ -162,7 +162,6 @@ impl<'tcx> Analysis<'tcx> for Borrows<'_, '_, 'tcx> { mir::StatementKind::FakeRead(..) | mir::StatementKind::SetDiscriminant { .. } - | mir::StatementKind::Deinit(..) | mir::StatementKind::Retag { .. } | mir::StatementKind::PlaceMention(..) | mir::StatementKind::AscribeUserType(..) @@ -175,7 +174,7 @@ impl<'tcx> Analysis<'tcx> for Borrows<'_, '_, 'tcx> { } fn apply_primary_terminator_effect<'mir>( - &mut self, + &self, trans: &mut Self::Domain, terminator: &'mir mir::Terminator<'tcx>, location: Location, diff --git a/creusot/src/analysis/liveness_no_drop.rs b/creusot/src/analysis/liveness_no_drop.rs index 17883813cd..85e93c7d16 100644 --- a/creusot/src/analysis/liveness_no_drop.rs +++ b/creusot/src/analysis/liveness_no_drop.rs @@ -60,7 +60,7 @@ impl<'a, 'tcx> Analysis<'tcx> for MaybeLiveExceptDrop<'a, 'tcx> { // No variables are live until we observe a use } fn apply_primary_statement_effect( - &mut self, + &self, trans: &mut Self::Domain, statement: &mir::Statement<'tcx>, location: Location, @@ -69,7 +69,7 @@ impl<'a, 'tcx> Analysis<'tcx> for MaybeLiveExceptDrop<'a, 'tcx> { } fn apply_primary_terminator_effect<'mir>( - &mut self, + &self, trans: &mut Self::Domain, terminator: &'mir mir::Terminator<'tcx>, location: Location, @@ -79,7 +79,7 @@ impl<'a, 'tcx> Analysis<'tcx> for MaybeLiveExceptDrop<'a, 'tcx> { } fn apply_call_return_effect( - &mut self, + &self, trans: &mut Self::Domain, _block: mir::BasicBlock, return_places: CallReturnPlaces<'_, 'tcx>, @@ -174,8 +174,7 @@ impl DefUse { MutatingUseContext::Call | MutatingUseContext::Yield | MutatingUseContext::AsmOutput - | MutatingUseContext::Store - | MutatingUseContext::Deinit, + | MutatingUseContext::Store, ) => { if place_contains_borrow_deref(place.as_ref(), &ctx.body, ctx.tcx) { // Treat derefs of (mutable) borrows as a use of the base local. diff --git a/creusot/src/analysis/not_final_places.rs b/creusot/src/analysis/not_final_places.rs index 46b28245a7..5233e2b48f 100644 --- a/creusot/src/analysis/not_final_places.rs +++ b/creusot/src/analysis/not_final_places.rs @@ -239,7 +239,7 @@ impl<'tcx> Analysis<'tcx> for NotFinalPlaces<'tcx> { fn initialize_start_block(&self, _: &mir::Body<'tcx>, _: &mut Self::Domain) {} fn apply_primary_statement_effect( - &mut self, + &self, trans: &mut Self::Domain, statement: &mir::Statement<'tcx>, location: mir::Location, @@ -248,7 +248,7 @@ impl<'tcx> Analysis<'tcx> for NotFinalPlaces<'tcx> { } fn apply_primary_terminator_effect<'mir>( - &mut self, + &self, trans: &mut Self::Domain, terminator: &'mir mir::Terminator<'tcx>, location: mir::Location, diff --git a/creusot/src/backend.rs b/creusot/src/backend.rs index 053f7cb273..cc67a34dbe 100644 --- a/creusot/src/backend.rs +++ b/creusot/src/backend.rs @@ -72,7 +72,7 @@ impl<'tcx> Why3Generator<'tcx> { debug!("translating {:?}", def_id); let translated_item = match self.item_type(def_id) { - ItemType::Impl if self.tcx.impl_trait_ref(def_id).is_some() => { + ItemType::Impl if self.tcx.impl_opt_trait_ref(def_id).is_some() => { let modls = traits::lower_impl(self, def_id); TranslatedItem::Impl { modls } } diff --git a/creusot/src/backend/clone_map/elaborator.rs b/creusot/src/backend/clone_map/elaborator.rs index 21bf4f731c..5569c66682 100644 --- a/creusot/src/backend/clone_map/elaborator.rs +++ b/creusot/src/backend/clone_map/elaborator.rs @@ -662,7 +662,7 @@ fn traitref_of_item<'tcx>( return Some(TraitRef::new(tcx, cont, subst)); } - let trait_ref = tcx.impl_trait_ref(cont)?.instantiate(tcx, subst); + let trait_ref = tcx.impl_opt_trait_ref(cont)?.instantiate(tcx, subst); Some(tcx.normalize_erasing_regions(typing_env, trait_ref)) } diff --git a/creusot/src/backend/dependency.rs b/creusot/src/backend/dependency.rs index 2bf92c6cd1..d4cd070956 100644 --- a/creusot/src/backend/dependency.rs +++ b/creusot/src/backend/dependency.rs @@ -85,7 +85,7 @@ impl<'tcx> Dependency<'tcx> { let mut name = lowercase_prefix("f_", name.strip_suffix("_logic").unwrap_or(name)); let first_ty = if let Some(parent) = ctx.impl_of_assoc(did) - && let Some(trait_ref) = ctx.impl_trait_ref(parent) + && let Some(trait_ref) = ctx.impl_opt_trait_ref(parent) { // AssocFn in a trait impl: get the instantiated Self type first_ty_arg(trait_ref.instantiate(ctx.tcx, subst).args) diff --git a/creusot/src/backend/logic/vcgen.rs b/creusot/src/backend/logic/vcgen.rs index 6efa911aeb..46b44d7818 100644 --- a/creusot/src/backend/logic/vcgen.rs +++ b/creusot/src/backend/logic/vcgen.rs @@ -630,7 +630,6 @@ impl<'tcx> VCGen<'_, 'tcx> { def(ProjectionElem::Downcast(symbol, variant_idx)) } ProjectionElem::OpaqueCast(ty) => def(ProjectionElem::OpaqueCast(ty)), - ProjectionElem::Subtype(ty) => def(ProjectionElem::Subtype(ty)), ProjectionElem::UnwrapUnsafeBinder(ty) => { def(ProjectionElem::UnwrapUnsafeBinder(ty)) } diff --git a/creusot/src/backend/optimization/invariants.rs b/creusot/src/backend/optimization/invariants.rs index 742631ede3..1e1f23d1e2 100644 --- a/creusot/src/backend/optimization/invariants.rs +++ b/creusot/src/backend/optimization/invariants.rs @@ -124,7 +124,6 @@ fn place_to_term<'tcx>( ProjectionElem::Subslice { .. } => return None, ProjectionElem::Downcast(_, _) => return None, ProjectionElem::OpaqueCast(_) => return None, - ProjectionElem::Subtype(_) => return None, ProjectionElem::UnwrapUnsafeBinder(_) => return None, } diff --git a/creusot/src/backend/projections.rs b/creusot/src/backend/projections.rs index 8582e2c155..290b841819 100644 --- a/creusot/src/backend/projections.rs +++ b/creusot/src/backend/projections.rs @@ -240,7 +240,6 @@ pub(crate) fn projections_to_expr<'tcx, 'a>( ProjectionElem::ConstantIndex { .. } | ProjectionElem::Subslice { .. } | ProjectionElem::OpaqueCast(_) - | ProjectionElem::Subtype(_) | ProjectionElem::UnwrapUnsafeBinder(_) => { ctx.dcx().span_bug(span, format!("Unsupported projection {proj:?}")) } @@ -295,9 +294,7 @@ pub(crate) fn borrow_generated_id<'tcx, V: Debug>( ctx.dcx().span_bug(span, format!("Unsupported projection {proj:?} in reborrow")) } // Nothing to do - ProjectionElem::Downcast(..) - | ProjectionElem::OpaqueCast(_) - | ProjectionElem::Subtype(_) => {} + ProjectionElem::Downcast(..) | ProjectionElem::OpaqueCast(_) => {} } } borrow_id @@ -382,12 +379,7 @@ pub(crate) fn projections_term<'tcx, 'a, V: Debug>( (ProjectionElem::ConstantIndex { .. } | ProjectionElem::Subslice { .. }, _) => { ctx.dcx().span_bug(span, "Array and slice patterns are currently not supported") } - ( - ProjectionElem::OpaqueCast(_) - | ProjectionElem::Subtype(_) - | ProjectionElem::UnwrapUnsafeBinder(_), - _, - ) => { + (ProjectionElem::OpaqueCast(_) | ProjectionElem::UnwrapUnsafeBinder(_), _) => { unreachable!("{el:?} unsupported projection.") } } diff --git a/creusot/src/callbacks.rs b/creusot/src/callbacks.rs index d9a2964d24..f6f64c116a 100644 --- a/creusot/src/callbacks.rs +++ b/creusot/src/callbacks.rs @@ -4,7 +4,6 @@ use rustc_driver::{Callbacks, Compilation}; use rustc_hir::def_id::{DefId, LocalDefId}; use rustc_interface::{Config, interface::Compiler}; use rustc_middle::{mir, ty::TyCtxt}; -use rustc_span::ErrorGuaranteed; use std::{cell::RefCell, collections::HashMap, thread_local}; @@ -71,18 +70,36 @@ impl Callbacks for ToWhy { fn config(&mut self, config: &mut Config) { self.set_output_dir(config); - // HACK: remove this once `config.locale_resources` is defined as a Vec - let mut locale_resources = config.locale_resources.to_vec(); - locale_resources.push(crate::DEFAULT_LOCALE_RESOURCE); - config.locale_resources = locale_resources; + config.locale_resources.push(crate::DEFAULT_LOCALE_RESOURCE); config.override_queries = Some(|_sess, providers| { + // Remove MIR of Pearlite code (logic functions, contracts, assertions, snapshots) + // One might wonder why not override `mir_promoted` instead: that would be too late because + // drops are inserted then, and that results in errors because many types are not Drop. providers.mir_built = |tcx, def_id| { let mir = (rustc_interface::DEFAULT_QUERY_PROVIDERS.mir_built)(tcx, def_id); let mut mir = mir.steal(); - cleanup_spec_closures(tcx, def_id.to_def_id(), &mut mir); + cleanup_spec_closures(tcx, def_id, &mut mir); tcx.alloc_steal_mir(mir) }; + // Store borrow-checked bodies for translation + providers.mir_borrowck = |tcx, local_id| { + copy_mir_bodies(tcx, local_id); + (rustc_interface::DEFAULT_QUERY_PROVIDERS.mir_borrowck)(tcx, local_id) + }; + + // The `check_liveness` query is where unused variable warnings are emitted. + // We reintroduce the MIR of Pearlite code for this analysis. + // Then we remove it again for good. + providers.check_liveness = |tcx, local_id| { + restore_mir_for_liveness_check(tcx, local_id); + let value = + (rustc_interface::DEFAULT_QUERY_PROVIDERS.check_liveness)(tcx, local_id); + cleanup_spec_closures_final(tcx, local_id); + value + }; + + // Remove ghost code for codegen providers.mir_drops_elaborated_and_const_checked = |tcx, def_id| { let mir = (rustc_interface::DEFAULT_QUERY_PROVIDERS .mir_drops_elaborated_and_const_checked)(tcx, def_id); @@ -90,9 +107,6 @@ impl Callbacks for ToWhy { remove_ghost_closures(tcx, &mut mir); tcx.alloc_steal_mir(mir) }; - - providers.mir_borrowck = |tcx, def_id| mir_borrowck(tcx, def_id); - // TODO override mir_borrowck_const_arg }); let previous = config.register_lints.take(); @@ -115,10 +129,7 @@ impl Callbacks for ToWhy { } } -fn mir_borrowck<'tcx, 'a>( - tcx: TyCtxt<'tcx>, - def_id: LocalDefId, -) -> Result<&'a mir::DefinitionSiteHiddenTypes<'tcx>, ErrorGuaranteed> { +fn copy_mir_bodies<'tcx, 'a>(tcx: TyCtxt<'tcx>, def_id: LocalDefId) { let opts = ConsumerOptions::RegionInferenceContext; let bodies_with_facts = rustc_borrowck::consumers::get_bodies_with_borrowck_facts(tcx, def_id, opts); @@ -144,13 +155,10 @@ fn mir_borrowck<'tcx, 'a>( assert!(map.insert(def_id, body).is_none()); } }); - - (rustc_interface::DEFAULT_QUERY_PROVIDERS.mir_borrowck)(tcx, def_id) } /// Try to retrieve the promoted MIR for a body from a thread local cache. /// The cache is populated when rustc runs the `mir_borrowck` query. -/// After a body was retrieved, calling this function again for the same `def_id` will return `None`. pub fn get_body<'tcx, 'a>( tcx: TyCtxt<'tcx>, def_id: LocalDefId, diff --git a/creusot/src/cleanup_spec_closures.rs b/creusot/src/cleanup_spec_closures.rs index 8c26511824..0b107c736e 100644 --- a/creusot/src/cleanup_spec_closures.rs +++ b/creusot/src/cleanup_spec_closures.rs @@ -1,56 +1,170 @@ -use crate::contracts_items::{is_logic, is_no_translate}; +use crate::contracts_items::{is_logic, is_no_translate, is_opaque}; use indexmap::IndexSet; -use rustc_hir::def_id::DefId; +use rustc_abi::FieldIdx; +use rustc_data_structures::sync::RwLock; +use rustc_hir::def_id::{DefId, LocalDefId}; use rustc_index::{Idx, IndexVec}; use rustc_middle::{ mir::{ - AggregateKind, BasicBlock, BasicBlockData, Body, Local, Location, Rvalue, SourceInfo, + self, AggregateKind, BasicBlock, BasicBlockData, Body, Local, Location, Rvalue, SourceInfo, StatementKind, Terminator, TerminatorKind, visit::{MutVisitor, PlaceContext}, }, ty::TyCtxt, }; +use std::{cell::RefCell, collections::HashMap}; + +thread_local! { + pub static PEARLITE_MIR: + RefCell>>> = + RefCell::new(HashMap::new()); + + pub static REMOVED_MIR: + RefCell>> = + RefCell::new(HashMap::new()); +} + +pub(crate) fn restore_mir_for_liveness_check<'tcx>(tcx: TyCtxt<'tcx>, local_id: LocalDefId) { + let def_id = local_id.to_def_id(); + let (mir, _) = tcx.mir_promoted(local_id); + // This is a terrible hack but it shouldn't affect correctness: + // we've already copied MIR bodies right after borrow checking. + // This is only used for warnings about unused variables. + let mut mir = mir.risky_hack_borrow_mut(); + if is_no_translate(tcx, def_id) || is_logic(tcx, def_id) { + if is_opaque(tcx, def_id) { + return; + } + PEARLITE_MIR.with(|map| { + // SAFETY: The target lifetime 'tcx is the actual lifetime of the data before it was put in PEARLITE_MIR. + *mir.basic_blocks_mut() = + unsafe { std::mem::transmute(map.borrow_mut().remove(&local_id).unwrap()) }; + }); + } else { + // SAFETY: The target lifetime 'tcx is the actual lifetime of the data before it was put in PEARLITE_MIR. + let removed = REMOVED_MIR.with(|map| unsafe { + std::mem::transmute(map.borrow_mut().remove(&local_id).unwrap()) + }); + restore_statements(&mut mir, removed); + } +} /// Hide non-linear specification code from the borrow checker /// /// Specifications in Creusot are encoded inside of special closures that are inserted throughout the code. /// The code inside those closures is meant to be Pearlite and is thus not subject to Rust's borrow checker, however it needs to be able to refer to normal Rust variables. /// To prevent the closures from intererring with the borrow checking of the surrounding environment, we replace the MIR body of the closure with an empty loop and remove all of the arguments to the closure in the surrounding MIR. -pub(crate) fn cleanup_spec_closures<'tcx>(tcx: TyCtxt<'tcx>, def_id: DefId, body: &mut Body<'tcx>) { - trace!("cleanup_spec_closures: {:?}", def_id); +pub(crate) fn cleanup_spec_closures<'tcx>( + tcx: TyCtxt<'tcx>, + local_id: LocalDefId, + body: &mut Body<'tcx>, +) { + cleanup_spec_closures_(tcx, local_id, body, true) +} + +/// Like `cleanup_spec_closures` but don't write into `PEARLITE_MIR` or `REMOVED_MIR`. +pub(crate) fn cleanup_spec_closures_final<'tcx>(tcx: TyCtxt<'tcx>, local_id: LocalDefId) { + let (mir, _) = tcx.mir_promoted(local_id); + let mut mir = mir.risky_hack_borrow_mut(); + cleanup_spec_closures_(tcx, local_id, &mut mir, false); +} + +fn cleanup_spec_closures_<'tcx>( + tcx: TyCtxt<'tcx>, + local_id: LocalDefId, + body: &mut Body<'tcx>, + remember: bool, +) { + trace!("cleanup_spec_closures: {:?}", local_id); + let def_id = local_id.to_def_id(); if is_no_translate(tcx, def_id) || is_logic(tcx, def_id) { trace!("replacing function body"); - *body.basic_blocks_mut() = make_loop(tcx); + let bb = std::mem::replace(body.basic_blocks_mut(), make_loop()); + if remember { + PEARLITE_MIR.with(|map| { + // SAFETY: Consumers cast the lifetime back to 'tcx + let bb = unsafe { std::mem::transmute(bb) }; + map.borrow_mut().insert(local_id, bb); + }); + } } else { - let mut cleanup = NoTranslateNoMoves { tcx, unused: IndexSet::new() }; + let mut cleanup = NoTranslateNoMoves::new(tcx); cleanup.visit_body(body); - - cleanup_statements(body, &cleanup.unused); - let map = map_locals(&mut body.local_decls, &cleanup.unused); - let mut updater = LocalUpdater { map, tcx }; - updater.visit_body(body); - - body.local_decls.shrink_to_fit(); + let closures = cleanup.closures; + let assigns = cleanup_statements(body, &cleanup.unused); + if remember { + REMOVED_MIR.with(|map| { + // SAFETY: Consumers cast the lifetime back to 'tcx + let removed = unsafe { std::mem::transmute(RemovedMir { closures, assigns }) }; + map.borrow_mut().insert(local_id, removed); + }); + } } } -fn cleanup_statements<'tcx>(body: &mut Body<'tcx>, unused: &IndexSet) { +struct RemovedMir<'tcx> { + closures: SpecClosures<'tcx>, + assigns: SpecAssigns<'tcx>, +} + +type SpecClosures<'tcx> = HashMap>>; +type SpecAssigns<'tcx> = HashMap, Rvalue<'tcx>)>>; + +fn cleanup_statements<'tcx>(body: &mut Body<'tcx>, unused: &IndexSet) -> SpecAssigns<'tcx> { + let mut assigns: SpecAssigns = HashMap::new(); for data in body.basic_blocks_mut() { data.statements.retain(|statement| match &statement.kind { StatementKind::StorageLive(local) | StatementKind::StorageDead(local) => { !unused.contains(local) } StatementKind::PlaceMention(place) => !unused.contains(&place.local), - StatementKind::Assign(box (place, _)) | StatementKind::FakeRead(box (_, place)) => { - !unused.contains(&place.local) + StatementKind::Assign(box (place, rvalue)) => { + let dropped = unused.contains(&place.local); + if dropped { + assigns.entry(place.local).or_insert(Vec::new()).push((*place, rvalue.clone())); + } + !dropped } + StatementKind::FakeRead(box (_, place)) => !unused.contains(&place.local), _ => true, }) } + assigns +} + +fn restore_statements<'tcx>(body: &mut Body<'tcx>, mut removed: RemovedMir<'tcx>) { + for data in body.basic_blocks_mut() { + let old_statements = std::mem::take(&mut data.statements); + for mut s in old_statements { + if let Some((_, rvalue)) = s.kind.as_assign_mut() + && let Rvalue::Aggregate(box AggregateKind::Closure(def_id, _), substs) = rvalue + && let Some(old_substs) = removed.closures.remove(def_id) + { + *substs = old_substs; + for p in substs.iter() { + if p.is_move() { + let place = p.place().unwrap(); + if let Some(local) = place.as_local() { + let Some(assigns) = removed.assigns.remove(&local) else { + continue; + }; + for (place, rvalue) in assigns { + data.statements.push(mir::Statement::new( + s.source_info, + StatementKind::Assign(Box::new((place, rvalue))), + )) + } + } + } + } + } + data.statements.push(s); + } + } } -pub(crate) fn make_loop(_: TyCtxt) -> IndexVec { +pub(crate) fn make_loop<'tcx>() -> IndexVec> { let mut body = IndexVec::new(); body.push(BasicBlockData::new( Some(Terminator { @@ -65,6 +179,13 @@ pub(crate) fn make_loop(_: TyCtxt) -> IndexVec { pub struct NoTranslateNoMoves<'tcx> { pub tcx: TyCtxt<'tcx>, pub unused: IndexSet, + pub closures: SpecClosures<'tcx>, +} + +impl<'tcx> NoTranslateNoMoves<'tcx> { + fn new(tcx: TyCtxt<'tcx>) -> Self { + Self { tcx, unused: IndexSet::new(), closures: HashMap::new() } + } } impl<'tcx> MutVisitor<'tcx> for NoTranslateNoMoves<'tcx> { @@ -82,15 +203,15 @@ impl<'tcx> MutVisitor<'tcx> for NoTranslateNoMoves<'tcx> { match rvalue { Rvalue::Aggregate(box AggregateKind::Closure(def_id, _), substs) => { if is_no_translate(self.tcx, *def_id) { - substs.iter_mut().for_each(|p| { + for p in substs.iter() { if p.is_move() { let place = p.place().unwrap(); if let Some(loc) = place.as_local() { self.unused.insert(loc); } } - }); - *substs = IndexVec::new(); + } + self.closures.insert(*def_id, std::mem::take(substs)); } } _ => self.super_rvalue(rvalue, l), diff --git a/creusot/src/contracts_items/attributes.rs b/creusot/src/contracts_items/attributes.rs index 29dbcc08c0..f801e321c9 100644 --- a/creusot/src/contracts_items/attributes.rs +++ b/creusot/src/contracts_items/attributes.rs @@ -277,7 +277,7 @@ fn get_attrs<'a>(attrs: &'a [Attribute], path: &[&str]) -> Vec<&'a Attribute> { let mut matched = Vec::new(); for attr in attrs.iter() { - if attr.is_doc_comment() { + if attr.is_doc_comment().is_some() { continue; } diff --git a/creusot/src/ctx.rs b/creusot/src/ctx.rs index 12d057976a..d73db70194 100644 --- a/creusot/src/ctx.rs +++ b/creusot/src/ctx.rs @@ -25,7 +25,7 @@ use creusot_args::options::Options; use indexmap::{IndexMap, IndexSet}; use once_map::unsync::OnceMap; use rustc_ast::{ - Fn, FnSig, NodeId, + AttrVec, Fn, FnSig, NodeId, visit::{FnKind, Visitor, walk_fn}, }; use rustc_borrowck::consumers::BodyWithBorrowckFacts; @@ -202,7 +202,7 @@ impl<'tcx> Deref for TranslationCtx<'tcx> { pub(crate) fn gather_params_open_inv(tcx: TyCtxt) -> HashMap> { struct VisitFns<'tcx, 'a>(TyCtxt<'tcx>, HashMap>, &'a ResolverAstLowering); impl<'a> Visitor<'a> for VisitFns<'_, 'a> { - fn visit_fn(&mut self, fk: FnKind<'a>, _: Span, node: NodeId) { + fn visit_fn(&mut self, fk: FnKind<'a>, _: &AttrVec, _: Span, node: NodeId) { let decl = match fk { FnKind::Fn(_, _, Fn { sig: FnSig { decl, .. }, .. }) => decl, FnKind::Closure(_, _, decl, _) => decl, diff --git a/creusot/src/lib.rs b/creusot/src/lib.rs index 56717097a6..ed53574007 100644 --- a/creusot/src/lib.rs +++ b/creusot/src/lib.rs @@ -2,7 +2,7 @@ #![feature(box_patterns)] #![feature(never_type, try_blocks)] #![feature(closure_lifetime_binder, assert_matches)] -#![feature(if_let_guard, slice_as_array)] +#![feature(if_let_guard, alloc_slice_into_array)] #![feature(iter_intersperse, map_try_insert)] extern crate either; diff --git a/creusot/src/naming.rs b/creusot/src/naming.rs index e9b02b8d94..21b8b33be6 100644 --- a/creusot/src/naming.rs +++ b/creusot/src/naming.rs @@ -181,7 +181,7 @@ impl ComaNames { /// For inherent impls, generate name `impl_$TY`. /// For trait impls, generate name `impl_$TRAIT_for_$TY` fn impl_name<'tcx>(tcx: TyCtxt<'tcx>, id: LocalDefId) -> String { - if let Some(trait_ref) = tcx.impl_trait_ref(id.to_def_id()) { + if let Some(trait_ref) = tcx.impl_opt_trait_ref(id.to_def_id()) { let trait_ref: rustc_type_ir::TraitRef> = trait_ref.skip_binder(); let mut name = ascii_item_name("impl_", tcx, trait_ref.def_id); name.push_str("_for"); diff --git a/creusot/src/translation/function.rs b/creusot/src/translation/function.rs index ac32cd487f..63b96d1d17 100644 --- a/creusot/src/translation/function.rs +++ b/creusot/src/translation/function.rs @@ -445,7 +445,6 @@ impl<'body, 'tcx> BodyTranslator<'body, 'tcx> { } mir::ProjectionElem::Downcast(s, ix) => mir::ProjectionElem::Downcast(s, ix), mir::ProjectionElem::OpaqueCast(ty) => mir::ProjectionElem::OpaqueCast(ty), - mir::ProjectionElem::Subtype(ty) => mir::ProjectionElem::Subtype(ty), mir::ProjectionElem::UnwrapUnsafeBinder(ty) => { mir::ProjectionElem::UnwrapUnsafeBinder(ty) } diff --git a/creusot/src/translation/function/statement.rs b/creusot/src/translation/function/statement.rs index 490feedf47..1187313310 100644 --- a/creusot/src/translation/function/statement.rs +++ b/creusot/src/translation/function/statement.rs @@ -13,8 +13,8 @@ use crate::{ use rustc_ast::Mutability; use rustc_middle::{ mir::{ - BorrowKind::*, CastKind, Location, NullOp, Operand::*, Place, Rvalue, SourceInfo, - Statement, StatementKind, + BorrowKind::*, CastKind, Location, Operand::*, Place, Rvalue, SourceInfo, Statement, + StatementKind, }, ty::{ConstKind, Ty, TyKind, UintTy, adjustment::PointerCoercion}, }; @@ -47,7 +47,6 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { StatementKind::Intrinsic(_) => { self.crash_and_error(statement.source_info.span, "intrinsics are not supported") } - StatementKind::Deinit(_) => unreachable!("Deinit unsupported"), } } @@ -196,14 +195,11 @@ impl<'tcx> BodyTranslator<'_, 'tcx> { | CastKind::FloatToInt | CastKind::FnPtrToPtr | CastKind::FloatToFloat + | CastKind::Subtype | CastKind::Transmute, _, _, ) => self.ctx.crash_and_error(si.span, format!("Unsupported pointer cast: {rvalue:?}")), - Rvalue::NullaryOp(NullOp::SizeOf, _) => self - .ctx - .fatal_error(si.span, format!("MIR code used Rvalue SizeOf: {rvalue:?}")) - .with_note("If you are trying to use the vec! macro, you should use the version provided by creusot-contracts.").emit(), Rvalue::CopyForDeref(_) | Rvalue::ShallowInitBox(_, _) | Rvalue::NullaryOp(_, _) diff --git a/creusot/src/translation/pearlite/from_thir.rs b/creusot/src/translation/pearlite/from_thir.rs index c2942c2f77..68a60bae2a 100644 --- a/creusot/src/translation/pearlite/from_thir.rs +++ b/creusot/src/translation/pearlite/from_thir.rs @@ -608,7 +608,7 @@ impl<'tcx> ThirTerm<'_, 'tcx> { Ok(Pattern { ty: pat.ty, span: pat.span, kind: PatternKind::Wildcard }) } PatKind::Binding { mode, var, subpattern, .. } => { - if mode.0 == ByRef::Yes(Mutability::Mut) { + if let ByRef::Yes(_, Mutability::Mut) = mode.0 { return Err(self .ctx .dcx() diff --git a/creusot/src/translation/specification.rs b/creusot/src/translation/specification.rs index 4e817c5aab..24c44301be 100644 --- a/creusot/src/translation/specification.rs +++ b/creusot/src/translation/specification.rs @@ -210,7 +210,7 @@ pub(crate) fn inherited_extern_spec<'tcx>( } let assoc = ctx.opt_associated_item(def_id)?; - let trait_ref = ctx.impl_trait_ref(assoc.container_id(ctx.tcx))?; + let trait_ref = ctx.impl_opt_trait_ref(assoc.impl_container(ctx.tcx)?)?; let id = assoc.trait_item_def_id()?; if ctx.extern_spec(id).is_none() { diff --git a/creusot/src/translation/traits.rs b/creusot/src/translation/traits.rs index 834cd06691..43054e29b9 100644 --- a/creusot/src/translation/traits.rs +++ b/creusot/src/translation/traits.rs @@ -47,8 +47,8 @@ impl<'tcx> TranslationCtx<'tcx> { } pub(crate) fn translate_impl(&self, impl_id: DefId) -> Vec> { - assert!(self.trait_id_of_impl(impl_id).is_some(), "{impl_id:?} is not a trait impl"); - let trait_ref = self.impl_trait_ref(impl_id).unwrap().instantiate_identity(); + assert!(self.impl_opt_trait_id(impl_id).is_some(), "{impl_id:?} is not a trait impl"); + let trait_ref = self.impl_trait_ref(impl_id).instantiate_identity(); let implementor_map = self.tcx.impl_item_implementor_ids(impl_id); @@ -175,7 +175,7 @@ pub(crate) fn evaluate_additional_predicates<'tcx>( let obligation = Obligation { cause, param_env, recursion_depth: 0, predicate }; fulfill_cx.register_predicate_obligation(infcx, obligation); } - let errors = fulfill_cx.select_all_or_error(infcx); + let errors = fulfill_cx.evaluate_obligations_error_on_ambiguity(infcx); if !errors.is_empty() { Err(errors) } else { Ok(()) } } @@ -484,8 +484,7 @@ impl<'tcx> GraphTraversal<'tcx> { Box::new(candidates.filter(|&child| { let infcx = self.infcx.fork(); let args = infcx.fresh_args_for_item(DUMMY_SP, child); - let trait_ref_child = - self.tcx.impl_trait_ref(child).unwrap().instantiate(self.tcx, args); + let trait_ref_child = self.tcx.impl_trait_ref(child).instantiate(self.tcx, args); infcx .at(&ObligationCause::dummy(), self.param_env) .eq(DefineOpaqueTypes::Yes, trait_ref_child, self.trait_ref) diff --git a/creusot/src/util.rs b/creusot/src/util.rs index e499d763da..6db5371d82 100644 --- a/creusot/src/util.rs +++ b/creusot/src/util.rs @@ -138,6 +138,8 @@ fn hashed_symbol(data: DefPathData) -> Option { | AnonConst | OpaqueTy | SyntheticCoroutineBody + | LateAnonConst + | DesugaredAnonymousLifetime | NestedStatic => None, } } @@ -146,7 +148,7 @@ pub fn impl_subject<'tcx>( tcx: TyCtxt<'tcx>, id: DefId, ) -> Result, ty::Ty<'tcx>> { - match tcx.impl_trait_ref(id) { + match tcx.impl_opt_trait_ref(id) { Some(trait_ref) => Ok(trait_ref.skip_binder()), None => Err(tcx.type_of(id).skip_binder()), } diff --git a/creusot/src/validate/terminates.rs b/creusot/src/validate/terminates.rs index 35188a125f..707d3856ff 100644 --- a/creusot/src/validate/terminates.rs +++ b/creusot/src/validate/terminates.rs @@ -390,7 +390,7 @@ impl<'tcx> BuildFunctionsGraph<'tcx> { return (node, bounds); } - let trait_id = ctx.trait_id_of_impl(impl_id.into()).unwrap(); + let trait_id = ctx.impl_trait_id(impl_id.to_def_id()); let spec_node_def = if let Some(def_impl) = ctx.impl_of_assoc(item_id) { specialization_graph::Node::Impl(def_impl) diff --git a/creusot/src/validate/traits.rs b/creusot/src/validate/traits.rs index 0f2543e96e..fae561601d 100644 --- a/creusot/src/validate/traits.rs +++ b/creusot/src/validate/traits.rs @@ -49,7 +49,7 @@ pub(crate) fn validate_impls<'tcx>(ctx: &TranslationCtx<'tcx>) { continue; } use rustc_middle::ty::print::PrintTraitRefExt; - let trait_ref = ctx.impl_trait_ref(*impl_id).unwrap().skip_binder(); + let trait_ref = ctx.impl_trait_ref(*impl_id).skip_binder(); if is_trusted(ctx.tcx, trait_ref.def_id) != is_trusted(ctx.tcx, impl_id.to_def_id()) { let msg = if is_trusted(ctx.tcx, trait_ref.def_id) { diff --git a/creusot/src/very_stable_hash.rs b/creusot/src/very_stable_hash.rs index 863ec11d80..ac37935482 100644 --- a/creusot/src/very_stable_hash.rs +++ b/creusot/src/very_stable_hash.rs @@ -4,9 +4,8 @@ use rustc_hir::{ def_id::{CrateNum, DefId}, definitions::{DefPath, DefPathData, DisambiguatedDefPathData}, }; -use rustc_middle::{ty, ty::TyCtxt}; +use rustc_middle::ty::TyCtxt; use rustc_span::Symbol; -use rustc_type_ir::TyKind::*; use std::hash::{Hash, Hasher}; // HashStable is not stable enough for our purposes @@ -136,6 +135,8 @@ impl VeryStableHash for DefPathData { | AnonConst | OpaqueTy | SyntheticCoroutineBody + | LateAnonConst + | DesugaredAnonymousLifetime | NestedStatic => {} TypeNs(symbol) | ValueNs(symbol) @@ -146,444 +147,3 @@ impl VeryStableHash for DefPathData { } } } - -impl<'tcx> VeryStableHash> for ty::Ty<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.kind().very_stable_hash(tcx, hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::TyKind<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - Bool => {} - Char => {} - Int(int_ty) => int_ty.very_stable_hash(tcx, hcx), - Uint(int_ty) => int_ty.very_stable_hash(tcx, hcx), - Float(float_ty) => float_ty.hash(hcx), - Adt(adt, substs) => { - adt.did().very_stable_hash(tcx, hcx); - substs.very_stable_hash(tcx, hcx); - } - Foreign(ffi) => ffi.very_stable_hash(tcx, hcx), - Str => {} - Array(ty, len) => { - ty.very_stable_hash(tcx, hcx); - len.very_stable_hash(tcx, hcx); - } - Slice(ty) => ty.very_stable_hash(tcx, hcx), - RawPtr(ty, m) => { - ty.very_stable_hash(tcx, hcx); - m.hash(hcx); - } - Ref(reg, ty, m) => { - reg.very_stable_hash(tcx, hcx); - ty.very_stable_hash(tcx, hcx); - m.hash(hcx); - } - FnDef(def_id, substs) => { - def_id.very_stable_hash(tcx, hcx); - substs.very_stable_hash(tcx, hcx); - } - FnPtr(binder, sig) => { - binder.very_stable_hash(tcx, hcx); - sig.very_stable_hash(tcx, hcx); - } - Dynamic(trait_ty, region) => { - trait_ty.very_stable_hash(tcx, hcx); - region.very_stable_hash(tcx, hcx); - } - Closure(def_id, substs) => { - def_id.very_stable_hash(tcx, hcx); - substs.very_stable_hash(tcx, hcx); - } - Coroutine(def_id, substs) => { - def_id.very_stable_hash(tcx, hcx); - substs.very_stable_hash(tcx, hcx); - } - CoroutineWitness(def_id, substs) => { - def_id.very_stable_hash(tcx, hcx); - substs.very_stable_hash(tcx, hcx); - } - Tuple(tys) => tys.very_stable_hash(tcx, hcx), - Never => {} - Infer(infer_ty) => infer_ty.hash(hcx), - Alias(ty_kind, ty) => { - ty_kind.very_stable_hash(tcx, hcx); - ty.very_stable_hash(tcx, hcx); - } - Error(_) => {} - Pat(ty, pat) => { - ty.very_stable_hash(tcx, hcx); - pat.very_stable_hash(tcx, hcx); - } - CoroutineClosure(id, args) => { - id.very_stable_hash(tcx, hcx); - args.very_stable_hash(tcx, hcx); - } - Param(p) => p.very_stable_hash(tcx, hcx), - Bound(i, _) => i.very_stable_hash(tcx, hcx), - Placeholder(p) => p.very_stable_hash(tcx, hcx), - UnsafeBinder(b) => b.very_stable_hash(tcx, hcx), - } - } -} - -impl<'tcx> VeryStableHash> for ty::TraitRef<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.def_id.very_stable_hash(tcx, hcx); - self.args.very_stable_hash(tcx, hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::ExistentialTraitRef<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.def_id.very_stable_hash(tcx, hcx); - self.args.very_stable_hash(tcx, hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::ExistentialProjection<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.def_id.very_stable_hash(tcx, hcx); - self.args.very_stable_hash(tcx, hcx); - todo! {"self.term.very_stable_hash(tcx, hcx);"} // Do we want to hash terms - } -} - -impl<'tcx> VeryStableHash> for ty::ExistentialPredicate<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::ExistentialPredicate::Trait(trait_ref) => trait_ref.very_stable_hash(tcx, hcx), - ty::ExistentialPredicate::Projection(projection) => { - projection.very_stable_hash(tcx, hcx) - } - ty::ExistentialPredicate::AutoTrait(def_id) => def_id.very_stable_hash(tcx, hcx), - } - } -} - -impl<'tcx> VeryStableHash> for ty::PatternKind<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - match self { - ty::PatternKind::Range { start, end } => { - start.very_stable_hash(tcx, hcx); - end.very_stable_hash(tcx, hcx); - } - ty::PatternKind::Or(pats) => pats.very_stable_hash(tcx, hcx), - } - } -} - -impl<'tcx> VeryStableHash> for ty::Pattern<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - (**self).very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash> for ty::FnHeader> { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - self.c_variadic.hash(hcx); - self.safety.very_stable_hash(tcx, hcx); - self.abi.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for rustc_abi::ExternAbi { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - use rustc_abi::ExternAbi::*; - match self { - C { unwind } - | System { unwind } - | Cdecl { unwind } - | Stdcall { unwind } - | Fastcall { unwind } - | Thiscall { unwind } - | Vectorcall { unwind } - | SysV64 { unwind } - | Win64 { unwind } => unwind.very_stable_hash(tcx, hcx), - _ => (), - } - } -} - -impl VeryStableHash for rustc_hir::Safety { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - } -} - -impl<'ctx, T: VeryStableHash>> VeryStableHash> for ty::Binder<'_, T> { - fn very_stable_hash(&self, tcx: &TyCtxt<'ctx>, hcx: &mut StableHasher) { - self.as_ref().skip_binder().very_stable_hash(tcx, hcx); - } -} - -impl<'ctx> VeryStableHash> for ty::FnSigTys> { - fn very_stable_hash(&self, tcx: &TyCtxt<'ctx>, hcx: &mut StableHasher) { - self.inputs_and_output.very_stable_hash(tcx, hcx); - } -} - -impl<'tcx, CTX, T: VeryStableHash> VeryStableHash for ty::EarlyBinder<'tcx, T> { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - self.as_ref().skip_binder().very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for ty::AliasTyKind { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::AliasTy<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.args.very_stable_hash(tcx, hcx); - self.def_id.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash> for ty::Region<'_> { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - self.kind().very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for ty::EarlyParamRegion { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - self.index.very_stable_hash(tcx, hcx); - self.name.very_stable_hash(tcx, hcx); // TODO: do we want to hash this? - } -} - -impl VeryStableHash for ty::DebruijnIndex { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.as_u32().hash(hcx); - } -} - -impl VeryStableHash> for ty::LateParamRegion { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - self.scope.very_stable_hash(tcx, hcx); - self.kind.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash> for ty::LateParamRegionKind { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::LateParamRegionKind::Anon(n) => n.very_stable_hash(tcx, hcx), - ty::LateParamRegionKind::Named(def_id) => { - def_id.very_stable_hash(tcx, hcx); - } - ty::LateParamRegionKind::ClosureEnv => {} - ty::LateParamRegionKind::NamedAnon(id, sym) => { - id.very_stable_hash(tcx, hcx); - sym.very_stable_hash(tcx, hcx); - } - } - } -} - -impl VeryStableHash> for ty::BoundRegionKind { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::BoundRegionKind::Anon => {} - ty::BoundRegionKind::Named(id) => { - id.very_stable_hash(tcx, hcx); - } - ty::BoundRegionKind::ClosureEnv => {} - ty::BoundRegionKind::NamedAnon(sym) => { - sym.very_stable_hash(tcx, hcx); - } - } - } -} - -impl VeryStableHash for ty::RegionVid { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.as_u32().hash(hcx); - } -} - -impl> VeryStableHash for ty::Placeholder { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - self.universe.very_stable_hash(tcx, hcx); - self.bound.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for ty::UniverseIndex { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.as_u32().hash(hcx); - } -} - -impl VeryStableHash for ty::BoundVar { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.as_u32().hash(hcx); - } -} - -impl VeryStableHash> for ty::BoundRegion { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - self.var.very_stable_hash(tcx, hcx); - self.kind.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash> for ty::RegionKind<'_> { - fn very_stable_hash(&self, tcx: &TyCtxt<'_>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::RegionKind::ReEarlyParam(p) => p.very_stable_hash(tcx, hcx), - ty::RegionKind::ReBound(debruijn_index, _) => debruijn_index.very_stable_hash(tcx, hcx), - ty::RegionKind::ReLateParam(p) => p.very_stable_hash(tcx, hcx), - ty::RegionKind::ReStatic => {} - ty::RegionKind::ReVar(region_vid) => region_vid.very_stable_hash(tcx, hcx), - ty::RegionKind::RePlaceholder(p) => p.very_stable_hash(tcx, hcx), - ty::RegionKind::ReErased => {} - ty::RegionKind::ReError(_) => {} - } - } -} - -impl VeryStableHash> for ty::BoundTy { - fn very_stable_hash(&self, tcx: &TyCtxt, hcx: &mut StableHasher) { - self.var.very_stable_hash(tcx, hcx); - self.kind.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash> for ty::BoundTyKind { - fn very_stable_hash(&self, tcx: &TyCtxt, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::BoundTyKind::Anon => {} - ty::BoundTyKind::Param(def_id) => { - def_id.very_stable_hash(tcx, hcx); - } - } - } -} - -impl VeryStableHash for ty::ParamTy { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - self.index.hash(hcx); - self.name.very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for ty::InferTy { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - todo! {} - } -} - -impl VeryStableHash for ty::IntTy { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.hash(hcx); - } -} - -impl VeryStableHash for ty::UintTy { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.hash(hcx); - } -} - -impl VeryStableHash for ty::FloatTy { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.hash(hcx); - } -} - -impl> VeryStableHash for ty::List { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - self.as_slice().very_stable_hash(tcx, hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::Const<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.kind().very_stable_hash(tcx, hcx); - } -} - -impl VeryStableHash for ty::ScalarInt { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.hash(hcx); - } -} - -impl VeryStableHash for ty::ValTree<'_> { - fn very_stable_hash(&self, tcx: &CTX, hcx: &mut StableHasher) { - let kind = **self; - std::mem::discriminant(kind).hash(hcx); - match kind { - ty::ValTreeKind::Leaf(ty) => ty.very_stable_hash(tcx, hcx), - ty::ValTreeKind::Branch(b) => b.very_stable_hash(tcx, hcx), - } - } -} - -impl VeryStableHash for ty::ParamConst { - fn very_stable_hash(&self, _tcx: &CTX, hcx: &mut StableHasher) { - self.index.hash(hcx); - self.name.hash(hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::ConstKind<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - std::mem::discriminant(self).hash(hcx); - match self { - ty::ConstKind::Unevaluated(unev) => unev.very_stable_hash(tcx, hcx), - ty::ConstKind::Param(param) => param.very_stable_hash(tcx, hcx), - ty::ConstKind::Value(v) => { - v.ty.very_stable_hash(tcx, hcx); - v.valtree.very_stable_hash(tcx, hcx); - } - ty::ConstKind::Infer(_) => todo!(), - ty::ConstKind::Bound(i, b) => { - i.very_stable_hash(tcx, hcx); - b.very_stable_hash(tcx, hcx); - } - ty::ConstKind::Placeholder(p) => p.very_stable_hash(tcx, hcx), - ty::ConstKind::Error(_) => {} - ty::ConstKind::Expr(_) => todo!(), - } - } -} - -impl<'tcx> VeryStableHash> for ty::BoundConst { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.var.very_stable_hash(tcx, hcx) - } -} - -impl<'tcx> VeryStableHash> for ty::UnevaluatedConst<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - self.def.very_stable_hash(tcx, hcx); - self.args.very_stable_hash(tcx, hcx); - } -} - -impl<'tcx> VeryStableHash> for ty::GenericArg<'tcx> { - fn very_stable_hash(&self, tcx: &TyCtxt<'tcx>, hcx: &mut StableHasher) { - let gak = self.kind(); - std::mem::discriminant(&gak).hash(hcx); - match gak { - rustc_type_ir::GenericArgKind::Lifetime(l) => l.very_stable_hash(tcx, hcx), - rustc_type_ir::GenericArgKind::Type(t) => t.very_stable_hash(tcx, hcx), - rustc_type_ir::GenericArgKind::Const(c) => c.very_stable_hash(tcx, hcx), - } - } -} diff --git a/rust-toolchain b/rust-toolchain index d39230f3f6..9c3b894db6 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1,3 +1,3 @@ [toolchain] -channel = "nightly-2025-10-01" +channel = "nightly-2025-11-13" components = [ "rustfmt", "rustc-dev", "llvm-tools" ] diff --git a/tests/creusot-contracts/creusot-contracts.coma b/tests/creusot-contracts/creusot-contracts.coma index fe1658b1e2..1f0c50e69f 100644 --- a/tests/creusot-contracts/creusot-contracts.coma +++ b/tests/creusot-contracts/creusot-contracts.coma @@ -27,9 +27,9 @@ module M_cell__permcell__impl_PermCellOwn_T__id_ghost (* cell::permcell::PermCel let rec id_ghost_T (self: t_PermCellOwn_T) (return (x: t_Id)) = {[@expl:id_ghost 'self' type invariant] inv_ref_PermCellOwn_T self} (! bb0 - [ bb0 = s0 [ s0 = [ &_3 <- id_T self ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = into_ghost_Id {_3} (fun (_ret: t_Id) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: t_Id = Any.any_l () | & self: t_PermCellOwn_T = self | & _3: t_Id = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_4 <- id_T self ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = into_ghost_Id {_4} (fun (_ret: t_Id) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: t_Id = Any.any_l () | & self: t_PermCellOwn_T = self | & _4: t_Id = Any.any_l () ]) [ return (result: t_Id) -> {[@expl:id_ghost ensures] result = id_T self} (! return {result}) ] end module M_cell__permcell__impl_PermCell_T_1__id_ghost (* cell::permcell::PermCell *) @@ -49,9 +49,9 @@ module M_cell__permcell__impl_PermCell_T_1__id_ghost (* cell::permcell::PermCell meta "select_lsinst" "all" let rec id_ghost_T (self: t_PermCell_T) (return (x: t_Id)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_3 <- id_T self ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = into_ghost_Id {_3} (fun (_ret: t_Id) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: t_Id = Any.any_l () | & self: t_PermCell_T = self | & _3: t_Id = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_4 <- id_T self ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = into_ghost_Id {_4} (fun (_ret: t_Id) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: t_Id = Any.any_l () | & self: t_PermCell_T = self | & _4: t_Id = Any.any_l () ]) [ return (result: t_Id) -> {[@expl:id_ghost ensures] result = id_T self} (! return {result}) ] end module M_cell__permcell__impl_PermCell_T_2__take (* cell::permcell::PermCell *) @@ -207,13 +207,13 @@ module M_cell__permcell__impl_PermCell_T_2__take (* cell::permcell::PermCell {[@expl:take 'perm' type invariant] inv_Ghost_ref_PermCellOwn_T perm} {[@expl:take requires] id_T self = id_T'0 perm.current} (! bb0 - [ bb0 = s0 [ s0 = default_T (fun (_ret: t_T) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = replace_T {self} {perm} {_9} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = default_T (fun (_ret: t_T) -> [ &_15 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = replace_T {self} {perm} {_15} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] [ & _0: t_T = Any.any_l () | & self: t_PermCell_T = self | & perm: MutBorrow.t t_PermCellOwn_T = perm - | & _9: t_T = Any.any_l () ]) + | & _15: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:take result type invariant] inv_T result} {[@expl:take ensures #0] id_T self = id_T'0 (fin_Ghost_ref_PermCellOwn_T perm)} {[@expl:take ensures #1] result = view_PermCellOwn_T perm.current} @@ -329,10 +329,10 @@ module M_ghost__fn_ghost__impl_Clone_for_FnGhostWrapper_F__clone (* [ &_3 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = _3 } ] s1 | s1 = bb2 ] + [ bb0 = s0 [ s0 = clone_F {self.f0} (fun (_ret: t_F) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = _4 } ] s1 | s1 = bb2 ] | bb2 = return {_0} ] - [ & _0: t_FnGhostWrapper_F = Any.any_l () | & self: t_FnGhostWrapper_F = self | & _3: t_F = Any.any_l () ]) + [ & _0: t_FnGhostWrapper_F = Any.any_l () | & self: t_FnGhostWrapper_F = self | & _4: t_F = Any.any_l () ]) [ return (result: t_FnGhostWrapper_F) -> {[@expl:clone result type invariant] inv_FnGhostWrapper_F result} {[@expl:clone ensures] postcondition_clone () (view_FnGhostWrapper_F self) (view_FnGhostWrapper_F result)} (! return {result}) ] @@ -703,9 +703,9 @@ module M_ghost__local_invariant__impl_LocalInvariantExt_for_Ghost_ref_T__open (* -> precondition_open () { f0 = new_ref_Target'0 this; f1 = tokens; f2 = f }} (! bb0 [ bb0 = s0 - [ s0 = [ &_13 <- self ] s1 | s1 = deref_Ghost_ref_T {_13} (fun (_ret: t_T) -> [ &_11 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = deref_T {_11} (fun (_ret: t_Target) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = new_ref_Target {_9} (fun (_ret: t_Target) -> [ &this <- _ret ] s1) | s1 = bb3 ] + [ s0 = [ &_20 <- self ] s1 | s1 = deref_Ghost_ref_T {_20} (fun (_ret: t_T) -> [ &_18 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = deref_T {_18} (fun (_ret: t_Target) -> [ &_16 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = new_ref_Target {_16} (fun (_ret: t_Target) -> [ &this <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = open_Ghost_ref_Target {this} {tokens} {f} (fun (_ret: t_A) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] | bb5 = return {_0} ] [ & _0: t_A = Any.any_l () @@ -713,9 +713,9 @@ module M_ghost__local_invariant__impl_LocalInvariantExt_for_Ghost_ref_T__open (* | & tokens: t_Tokens = tokens | & f: t_F = f | & this: t_Target = Any.any_l () - | & _9: t_Target = Any.any_l () - | & _11: t_T = Any.any_l () - | & _13: t_T = Any.any_l () ]) + | & _16: t_Target = Any.any_l () + | & _18: t_T = Any.any_l () + | & _20: t_T = Any.any_l () ]) [ return (result: t_A) -> {[@expl:open result type invariant] inv_A result} {[@expl:open ensures] exists this: t_Target. postcondition_deref () self this /\ postcondition_open () { f0 = new_ref_Target'0 this; f1 = tokens; f2 = f } result} @@ -867,14 +867,14 @@ module M_ghost__local_invariant__impl_LocalInvariantExt_for_ref_Ghost_L__open (* {[@expl:open 'f' type invariant] inv_F f} {[@expl:open requires] precondition_open () { f0 = new_ref_L self; f1 = tokens; f2 = f }} (! bb0 - [ bb0 = s0 [ s0 = borrow_L {self} (fun (_ret: t_L) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = open_Ghost_ref_L {_6} {tokens} {f} (fun (_ret: t_A) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] + [ bb0 = s0 [ s0 = borrow_L {self} (fun (_ret: t_L) -> [ &_12 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = open_Ghost_ref_L {_12} {tokens} {f} (fun (_ret: t_A) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] | bb3 = return {_0} ] [ & _0: t_A = Any.any_l () | & self: t_L = self | & tokens: t_Tokens = tokens | & f: t_F = f - | & _6: t_L = Any.any_l () ]) + | & _12: t_L = Any.any_l () ]) [ return (result: t_A) -> {[@expl:open result type invariant] inv_A result} {[@expl:open ensures] postcondition_open () { f0 = new_ref_L self; f1 = tokens; f2 = f } result} (! return {result}) ] @@ -1103,10 +1103,10 @@ module M_ghost__ptr_own__impl_PtrOwn_T_1__drop (* ghost::ptr_own::PtrOwn *) {[@expl:drop 'own' type invariant] inv_Ghost_PtrOwn_T own} {[@expl:drop requires] ptr = ptr_T own} (! bb0 - [ bb0 = s0 [ s0 = to_box_T {ptr} {own} (fun (_ret: t_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = {[@expl:type invariant] inv_Box_T_Global _4} s1 | s1 = -{resolve_Box_T_Global _4}- s2 | s2 = bb2 ] + [ bb0 = s0 [ s0 = to_box_T {ptr} {own} (fun (_ret: t_T) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = {[@expl:type invariant] inv_Box_T_Global _6} s1 | s1 = -{resolve_Box_T_Global _6}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: () = Any.any_l () | & ptr: Opaque.ptr = ptr | & own: t_PtrOwn_T = own | & _4: t_T = Any.any_l () ]) + [ & _0: () = Any.any_l () | & ptr: Opaque.ptr = ptr | & own: t_PtrOwn_T = own | & _6: t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_ghost__ptr_own__impl_PtrOwn_T_1__ptr_is_aligned_lemma (* ghost::ptr_own::PtrOwn *) @@ -2137,35 +2137,35 @@ module M_ghost__resource__fmap_view__impl_Authority_K_V__insert (* ghost::resour {[@expl:insert requires] not contains_K'0 (view_Authority_K_V self.current) k} (! bb0 [ bb0 = s0 [ s0 = [ &s <- self.current ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_16 <- { f0 = v } ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &_26 <- { f0 = v } ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_14 <- { f0'0 = k; f1'0 = _16 } ] s1 - | s1 = [ &_13 <- { f0'1 = _14 } ] s2 + [ s0 = [ &_24 <- { f0'0 = k; f1'0 = _26 } ] s1 + | s1 = [ &_23 <- { f0'1 = _24 } ] s2 | s2 = MutBorrow.borrow_final {self.current.f0'2} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Resource_View_AuthViewRel_FMap_K_Ag_V) -> - [ &_12 <- _ret ] [ &self <- { self with current = { f0'2 = _ret.final } } ] s3) - | s3 = update_View_AuthViewRel_FMap_K_Ag_V {_12} {_13} (fun (_ret: ()) -> [ &_11 <- _ret ] s4) + [ &_22 <- _ret ] [ &self <- { self with current = { f0'2 = _ret.final } } ] s3) + | s3 = update_View_AuthViewRel_FMap_K_Ag_V {_22} {_23} (fun (_ret: ()) -> [ &_21 <- _ret ] s4) | s4 = bb3 ] | bb3 = s0 [ s0 = {[@expl:assertion] ext_eq_K (view_Authority_K_V self.current) (insert_K'0 (view_Authority_K_V s) k v)} s1 | s1 = {[@expl:type invariant] inv_ref_Authority_K_V self} s2 | s2 = -{resolve_ref_Authority_K_V self}- s3 | s3 = core_View_AuthViewRel_FMap_K_Ag_V'0 {self.current.f0'2} - (fun (_ret: t_Resource_View_AuthViewRel_FMap_K_Ag_V) -> [ &_20 <- _ret ] s4) + (fun (_ret: t_Resource_View_AuthViewRel_FMap_K_Ag_V) -> [ &_35 <- _ret ] s4) | s4 = bb4 ] - | bb4 = s0 [ s0 = [ &_0 <- { f0'7 = _20; f1'7 = k; f2'7 = v } ] s1 | s1 = return {_0} ] ] + | bb4 = s0 [ s0 = [ &_0 <- { f0'7 = _35; f1'7 = k; f2'7 = v } ] s1 | s1 = return {_0} ] ] [ & _0: t_Fragment_K_V = Any.any_l () | & self: MutBorrow.t t_Authority_K_V = self | & k: t_K = k | & v: t_V = v | & s: t_Authority_K_V = Any.any_l () - | & _11: () = Any.any_l () - | & _12: MutBorrow.t t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () - | & _13: t_AuthUpdate_FMapInsertLocalUpdate_K_Ag_V = Any.any_l () - | & _14: t_FMapInsertLocalUpdate_K_Ag_V = Any.any_l () - | & _16: t_Ag_V = Any.any_l () - | & _20: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) + | & _21: () = Any.any_l () + | & _22: MutBorrow.t t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () + | & _23: t_AuthUpdate_FMapInsertLocalUpdate_K_Ag_V = Any.any_l () + | & _24: t_FMapInsertLocalUpdate_K_Ag_V = Any.any_l () + | & _26: t_Ag_V = Any.any_l () + | & _35: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) [ return (result: t_Fragment_K_V) -> {[@expl:insert result type invariant] inv_Fragment_K_V result} {[@expl:insert ensures #0] view_Authority_K_V self.final = insert_K'0 (view_Authority_K_V self.current) k v} {[@expl:insert ensures #1] id_K self.final = id_K self.current} @@ -2630,8 +2630,8 @@ module M_ghost__resource__fmap_view__impl_Authority_K_V__contains (* ghost::reso {[@expl:contains requires] id_K self = id_K'0 frag} (! bb0 [ bb0 = s0 - [ s0 = [ &_8 <- frag.f0 ] s1 - | s1 = join_shared_View_AuthViewRel_FMap_K_Ag_V {self.f0'0} {_8} + [ s0 = [ &_12 <- frag.f0 ] s1 + | s1 = join_shared_View_AuthViewRel_FMap_K_Ag_V {self.f0'0} {_12} (fun (_ret: t_Resource_View_AuthViewRel_FMap_K_Ag_V) -> [ &new_resource <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 @@ -2644,7 +2644,7 @@ module M_ghost__resource__fmap_view__impl_Authority_K_V__contains (* ghost::reso | & self: t_Authority_K_V = self | & frag: t_Fragment_K_V = frag | & new_resource: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () - | & _8: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) + | & _12: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) [ return (result: ()) -> {[@expl:contains ensures] get_K'0 (view_Authority_K_V self) (view_Fragment_K_V frag).f0'5 = Some'3 ((view_Fragment_K_V frag).f1'5)} (! return {result}) ] @@ -3040,12 +3040,12 @@ module M_ghost__resource__fmap_view__impl_Clone_for_Fragment_K_V__clone (* [ &_4 <- _ret ] s1) + (fun (_ret: t_Resource_View_AuthViewRel_FMap_K_Ag_V) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = _4; f1 = self.f1; f2 = self.f2 } ] s1 | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = _6; f1 = self.f1; f2 = self.f2 } ] s1 | s1 = return {_0} ] ] [ & _0: t_Fragment_K_V = Any.any_l () | & self: t_Fragment_K_V = self - | & _4: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) + | & _6: t_Resource_View_AuthViewRel_FMap_K_Ag_V = Any.any_l () ]) [ return (result: t_Fragment_K_V) -> {[@expl:clone result type invariant] inv_Fragment_K_V result} {[@expl:clone ensures #0] view_Fragment_K_V result = view_Fragment_K_V self} {[@expl:clone ensures #1] id_K result = id_K self} @@ -3145,24 +3145,24 @@ module M_ghost__resource__m__impl_Resource_R__split_off (* ghost::resource::m::R let rec split_off_R (self: MutBorrow.t t_Resource_R) (r: t_R) (s: t_R) (return (x: t_Resource_R)) = {[@expl:split_off requires] incl_eq_op_R r s (view_Resource_R self.current)} (! bb0 - [ bb0 = s0 [ s0 = dummy_R (fun (_ret: t_Resource_R) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = dummy_R (fun (_ret: t_Resource_R) -> [ &_17 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {self.current} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_9 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = replace_Resource_R {_9} {_10} (fun (_ret: t_Resource_R) -> [ &this <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_16 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = replace_Resource_R {_16} {_17} (fun (_ret: t_Resource_R) -> [ &this <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = split_R {this} {r} {s} (fun (_ret: tup2_Resource_R_Resource_R) -> [ &_13 <- _ret ] s1) | s1 = bb3 ] + [ s0 = split_R {this} {r} {s} (fun (_ret: tup2_Resource_R_Resource_R) -> [ &_20 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &r'0 <- _13.f0 ] s1 - | s1 = [ &this'0 <- _13.f1 ] s2 + [ s0 = [ &r'0 <- _20.f0 ] s1 + | s1 = [ &this'0 <- _20.f1 ] s2 | s2 = MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_18 <- _ret ] [ &self <- { self with current = _ret.final } ] s3) - | s3 = replace_Resource_R {_18} {this'0} (fun (_ret: t_Resource_R) -> [ &_17 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_25 <- _ret ] [ &self <- { self with current = _ret.final } ] s3) + | s3 = replace_Resource_R {_25} {this'0} (fun (_ret: t_Resource_R) -> [ &_24 <- _ret ] s4) | s4 = bb4 ] | bb4 = s0 [ s0 = -{resolve_ref_Resource_R self}- s1 - | s1 = -{resolve_Resource_R _17}- s2 + | s1 = -{resolve_Resource_R _24}- s2 | s2 = [ &_0 <- r'0 ] s3 | s3 = return {_0} ] ] [ & _0: t_Resource_R = Any.any_l () @@ -3170,13 +3170,13 @@ module M_ghost__resource__m__impl_Resource_R__split_off (* ghost::resource::m::R | & r: t_R = r | & s: t_R = s | & this: t_Resource_R = Any.any_l () - | & _9: MutBorrow.t t_Resource_R = Any.any_l () - | & _10: t_Resource_R = Any.any_l () + | & _16: MutBorrow.t t_Resource_R = Any.any_l () + | & _17: t_Resource_R = Any.any_l () | & r'0: t_Resource_R = Any.any_l () | & this'0: t_Resource_R = Any.any_l () - | & _13: tup2_Resource_R_Resource_R = Any.any_l () - | & _17: t_Resource_R = Any.any_l () - | & _18: MutBorrow.t t_Resource_R = Any.any_l () ]) + | & _20: tup2_Resource_R_Resource_R = Any.any_l () + | & _24: t_Resource_R = Any.any_l () + | & _25: MutBorrow.t t_Resource_R = Any.any_l () ]) [ return (result: t_Resource_R) -> {[@expl:split_off ensures #0] id_R self.final = id_R self.current /\ id_R result = id_R self.current} {[@expl:split_off ensures #1] view_Resource_R self.final = s} @@ -3266,28 +3266,28 @@ module M_ghost__resource__m__impl_Resource_R__join_in (* ghost::resource::m::Res let rec join_in_R (self: MutBorrow.t t_Resource_R) (other: t_Resource_R) (return (x: ())) = {[@expl:join_in requires] id_R self.current = id_R other} (! bb0 - [ bb0 = s0 [ s0 = dummy_R (fun (_ret: t_Resource_R) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = dummy_R (fun (_ret: t_Resource_R) -> [ &_13 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {self.current} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_7 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = replace_Resource_R {_7} {_8} (fun (_ret: t_Resource_R) -> [ &this <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_12 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = replace_Resource_R {_12} {_13} (fun (_ret: t_Resource_R) -> [ &this <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = join_R {this} {other} (fun (_ret: t_Resource_R) -> [ &this'0 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_13 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = replace_Resource_R {_13} {this'0} (fun (_ret: t_Resource_R) -> [ &_12 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_18 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = replace_Resource_R {_18} {this'0} (fun (_ret: t_Resource_R) -> [ &_17 <- _ret ] s2) | s2 = bb4 ] - | bb4 = s0 [ s0 = -{resolve_ref_Resource_R self}- s1 | s1 = -{resolve_Resource_R _12}- s2 | s2 = return {_0} ] ] + | bb4 = s0 [ s0 = -{resolve_ref_Resource_R self}- s1 | s1 = -{resolve_Resource_R _17}- s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_Resource_R = self | & other: t_Resource_R = other | & this: t_Resource_R = Any.any_l () - | & _7: MutBorrow.t t_Resource_R = Any.any_l () - | & _8: t_Resource_R = Any.any_l () + | & _12: MutBorrow.t t_Resource_R = Any.any_l () + | & _13: t_Resource_R = Any.any_l () | & this'0: t_Resource_R = Any.any_l () - | & _12: t_Resource_R = Any.any_l () - | & _13: MutBorrow.t t_Resource_R = Any.any_l () ]) + | & _17: t_Resource_R = Any.any_l () + | & _18: MutBorrow.t t_Resource_R = Any.any_l () ]) [ return (result: ()) -> {[@expl:join_in ensures #0] id_R self.final = id_R self.current} {[@expl:join_in ensures #1] Some (view_Resource_R self.final) = op_R (view_Resource_R self.current) (view_Resource_R other)} @@ -3397,17 +3397,17 @@ module M_ghost__resource__m__impl_Resource_R__weaken (* ghost::resource::m::Reso [ bb0 = s0 [ s0 = [ &f <- unwrap_Option_R (factor_R (view_Resource_R self.current) target) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_9 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = split_off_R {_9} {f} {target} (fun (_ret: t_Resource_R) -> [ &_8 <- _ret ] s2) - | s2 = -{resolve_Resource_R _8}- s3 + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_16 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = split_off_R {_16} {f} {target} (fun (_ret: t_Resource_R) -> [ &_15 <- _ret ] s2) + | s2 = -{resolve_Resource_R _15}- s3 | s3 = bb2 ] | bb2 = s0 [ s0 = -{resolve_ref_Resource_R self}- s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_Resource_R = self | & target: t_R = target | & f: t_R = Any.any_l () - | & _8: t_Resource_R = Any.any_l () - | & _9: MutBorrow.t t_Resource_R = Any.any_l () ]) + | & _15: t_Resource_R = Any.any_l () + | & _16: MutBorrow.t t_Resource_R = Any.any_l () ]) [ return (result: ()) -> {[@expl:weaken ensures #0] id_R self.final = id_R self.current} {[@expl:weaken ensures #1] view_Resource_R self.final = target} (! return {result}) ] @@ -3565,12 +3565,12 @@ module M_ghost__resource__m__impl_Resource_R__update (* ghost::resource::m::Reso | s1 = {[@expl:assertion] forall f: t_R. op_R v f <> None -> (exists ch: t_Choice. op_R (update_U upd v ch) f <> None)} s2 - | s2 = [ &_14 <- () ] s3 + | s2 = [ &_27 <- () ] s3 | s3 = bb3 ] | bb3 = s0 [ s0 = MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} - (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_17 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = update_raw_R {_17} {target_s} (fun (_ret: t_R) -> [ &r <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Resource_R) -> [ &_30 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = update_raw_R {_30} {target_s} (fun (_ret: t_R) -> [ &r <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = -{resolve_ref_Resource_R self}- s1 @@ -3582,9 +3582,9 @@ module M_ghost__resource__m__impl_Resource_R__update (* ghost::resource::m::Reso | & upd: t_U = upd | & v: t_R = Any.any_l () | & target_s: Set.set t_R = Any.any_l () - | & _14: () = Any.any_l () + | & _27: () = Any.any_l () | & r: t_R = Any.any_l () - | & _17: MutBorrow.t t_Resource_R = Any.any_l () ]) + | & _30: MutBorrow.t t_Resource_R = Any.any_l () ]) [ return (result: t_Choice) -> {[@expl:update ensures #0] id_R self.final = id_R self.current} {[@expl:update ensures #1] view_Resource_R self.final = update_U upd (view_Resource_R self.current) result} (! return {result}) ] @@ -3636,9 +3636,9 @@ module M_ghost__impl_Clone_for_Ghost_T__clone (* as std::clone: let rec clone_Ghost_T (self: t_T) (return (x: t_T)) = {[@expl:clone 'self' type invariant] inv_ref_Ghost_T self} (! bb0 - [ bb0 = s0 [ s0 = deref_Ghost_T {self} (fun (_ret: t_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = new_T {_4} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: t_T = Any.any_l () | & self: t_T = self | & _4: t_T = Any.any_l () ]) + [ bb0 = s0 [ s0 = deref_Ghost_T {self} (fun (_ret: t_T) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = new_T {_5} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: t_T = Any.any_l () | & self: t_T = self | & _5: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:clone result type invariant] inv_Ghost_T result} {[@expl:clone ensures] result = self} (! return {result}) ] @@ -3761,16 +3761,16 @@ module M_invariant__impl_Clone_for_Subset_T__clone (* as s meta "select_lsinst" "all" let rec clone_Subset_T (self: t_Subset_T) (return (x: t_Subset_T)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_3 <- () ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = deref_Subset_T {self} (fun (_ret: t_T) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = clone_T {_7} (fun (_ret: t_T) -> [ &_5 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_T'0 {_5} (fun (_ret: t_Subset_T) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] + [ bb0 = s0 [ s0 = [ &_4 <- () ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = deref_Subset_T {self} (fun (_ret: t_T) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = clone_T {_8} (fun (_ret: t_T) -> [ &_6 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_T'0 {_6} (fun (_ret: t_Subset_T) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: t_Subset_T = Any.any_l () | & self: t_Subset_T = self - | & _3: () = Any.any_l () - | & _5: t_T = Any.any_l () - | & _7: t_T = Any.any_l () ]) + | & _4: () = Any.any_l () + | & _6: t_T = Any.any_l () + | & _8: t_T = Any.any_l () ]) [ return (result: t_Subset_T) -> {[@expl:clone ensures] postcondition_clone () (view_Subset_T self) (view_Subset_T result)} (! return {result}) ] @@ -4024,10 +4024,10 @@ module M_logic__fmap__impl_FMap_K_V_0__contains_ghost (* logic::fmap::FMap {[@expl:contains_ghost 'self' type invariant] inv_ref_FMap_K_V self} {[@expl:contains_ghost 'key' type invariant] inv_ref_K key} (! bb0 - [ bb0 = s0 [ s0 = get_ghost_K {self} {key} (fun (_ret: t_Option_ref_V) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_some_ref_V {_5} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = get_ghost_K {self} {key} (fun (_ret: t_Option_ref_V) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_some_ref_V {_7} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] - [ & _0: bool = Any.any_l () | & self: t_FMap_K_V = self | & key: t_K = key | & _5: t_Option_ref_V = Any.any_l () ]) + [ & _0: bool = Any.any_l () | & self: t_FMap_K_V = self | & key: t_K = key | & _7: t_Option_ref_V = Any.any_l () ]) [ return (result: bool) -> {[@expl:contains_ghost ensures] result = contains_K self key} (! return {result}) ] end module M_logic__fmap__impl_Index_for_FMap_K_V__index (* as std::ops::Index<&'a K>> *) @@ -4152,14 +4152,14 @@ module M_logic__fmap__impl_Index_for_FMap_K_V__index (* {[@expl:index 'key' type invariant] inv_ref_K key} {[@expl:index requires] contains_K self key} (! bb0 - [ bb0 = s0 [ s0 = get_ghost_K {self} {key} (fun (_ret: t_Option_ref_V) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap_ref_V {_6} (fun (_ret: t_V) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- _5 ] s1 | s1 = return {_0} ] ] + [ bb0 = s0 [ s0 = get_ghost_K {self} {key} (fun (_ret: t_Option_ref_V) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = unwrap_ref_V {_10} (fun (_ret: t_V) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- _9 ] s1 | s1 = return {_0} ] ] [ & _0: t_V = Any.any_l () | & self: t_FMap_K_V = self | & key: t_K = key - | & _5: t_V = Any.any_l () - | & _6: t_Option_ref_V = Any.any_l () ]) + | & _9: t_V = Any.any_l () + | & _10: t_Option_ref_V = Any.any_l () ]) [ return (result: t_V) -> {[@expl:index result type invariant] inv_ref_V result} {[@expl:index ensures] Some'0 result = get_K self key} (! return {result}) ] @@ -4431,9 +4431,9 @@ module M_logic__fmap__impl_Iterator_for_FMapIter_K_V__next (* {self.current.inner} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_FMap_K_V) -> - [ &_3 <- _ret ] -{inv_FMap_K_V _ret.final}- + [ &_4 <- _ret ] -{inv_FMap_K_V _ret.final}- [ &self <- { self with current = { inner = _ret.final } } ] s1) - | s1 = remove_one_ghost_K {_3} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s2) + | s1 = remove_one_ghost_K {_4} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_FMapIter_K_V self} s1 @@ -4441,7 +4441,7 @@ module M_logic__fmap__impl_Iterator_for_FMapIter_K_V__next (* {[@expl:next result type invariant] inv_Option_tup2_K_V result} {[@expl:next ensures] match result with | None'0 -> completed_FMapIter_K_V self @@ -4783,9 +4783,9 @@ module M_logic__fmap__impl_IntoIterator_for_ref_FMap_K_V__into_iter (* <&'a logi {[@expl:into_iter 'self' type invariant] inv_ref_FMap_K_V self} (! bb0 [ bb0 = s0 [ s0 = [ &_self <- self ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = as_ref_ghost_K {self} (fun (_ret: t_FMap_ref_K_ref_V) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = as_ref_ghost_K {self} (fun (_ret: t_FMap_ref_K_ref_V) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &result <- { inner = _6 } ] s1 + [ s0 = [ &result <- { inner = _8 } ] s1 | s1 = {[@expl:assertion] ext_eq_K (view_FMapIterRef_K_V result) _self} s2 | s2 = [ &_0 <- result ] s3 | s3 = return {_0} ] ] @@ -4793,7 +4793,7 @@ module M_logic__fmap__impl_IntoIterator_for_ref_FMap_K_V__into_iter (* <&'a logi | & self: t_FMap_K_V = self | & _self: t_FMap_K_V = Any.any_l () | & result: t_FMapIterRef_K_V = Any.any_l () - | & _6: t_FMap_ref_K_ref_V = Any.any_l () ]) + | & _8: t_FMap_ref_K_ref_V = Any.any_l () ]) [ return (result: t_FMapIterRef_K_V) -> {[@expl:into_iter result type invariant] inv_FMapIterRef_K_V result} {[@expl:into_iter ensures] view_FMapIterRef_K_V result = self} (! return {result}) ] @@ -6084,9 +6084,9 @@ module M_logic__id__impl_PartialEq_for_Id__ne (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- not _4 ] s1 | s1 = return {_0} ] ] - [ & _0: bool = Any.any_l () | & self: t_Id = self | & other: t_Id = other | & _4: bool = Any.any_l () ]) + [ bb0 = s0 [ s0 = eq_Id {self} {other} (fun (_ret: bool) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- not _6 ] s1 | s1 = return {_0} ] ] + [ & _0: bool = Any.any_l () | & self: t_Id = self | & other: t_Id = other | & _6: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:ne ensures] result <> (self = other)} (! return {result}) ] end module M_logic__int__impl_Clone_for_Int__clone (* *) @@ -23376,14 +23376,14 @@ module M_logic__seq__impl_Index_for_Seq_T__index (* as std:: {[@expl:index 'self' type invariant] inv_ref_Seq_T self} {[@expl:index requires] 0 <= index /\ index < Seq.length self} (! bb0 - [ bb0 = s0 [ s0 = get_ghost_T {self} {index} (fun (_ret: t_Option_ref_T) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap_ref_T {_6} (fun (_ret: t_T) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- _5 ] s1 | s1 = return {_0} ] ] + [ bb0 = s0 [ s0 = get_ghost_T {self} {index} (fun (_ret: t_Option_ref_T) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = unwrap_ref_T {_10} (fun (_ret: t_T) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- _9 ] s1 | s1 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & self: Seq.seq t_T = self | & index: int = index - | & _5: t_T = Any.any_l () - | & _6: t_Option_ref_T = Any.any_l () ]) + | & _9: t_T = Any.any_l () + | & _10: t_Option_ref_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:index result type invariant] inv_ref_T result} {[@expl:index ensures] result = Seq.get self index} (! return {result}) ] @@ -23489,19 +23489,19 @@ module M_logic__seq__impl_IndexMut_for_Seq_T__index_mut (* a [ s0 = {inv_Seq_T self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t (Seq.seq t_T)) -> - [ &_10 <- _ret ] -{inv_Seq_T _ret.final}- + [ &_17 <- _ret ] -{inv_Seq_T _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = get_mut_ghost_T {_10} {index} (fun (_ret: t_Option_ref_T) -> [ &_9 <- _ret ] s2) + | s1 = get_mut_ghost_T {_17} {index} (fun (_ret: t_Option_ref_T) -> [ &_16 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = unwrap_ref_T {_9} (fun (_ret: MutBorrow.t t_T) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap_ref_T {_16} (fun (_ret: MutBorrow.t t_T) -> [ &_15 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + [ s0 = {inv_T _15.current} + MutBorrow.borrow_final {_15.current} {MutBorrow.get_id _15} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _8} s2 - | s2 = -{resolve_ref_T _8}- s3 + [ &_15 <- { _15 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _15} s2 + | s2 = -{resolve_ref_T _15}- s3 | s3 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -23516,9 +23516,9 @@ module M_logic__seq__impl_IndexMut_for_Seq_T__index_mut (* a | & self: MutBorrow.t (Seq.seq t_T) = self | & index: int = index | & _3: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () - | & _9: t_Option_ref_T = Any.any_l () - | & _10: MutBorrow.t (Seq.seq t_T) = Any.any_l () ]) + | & _15: MutBorrow.t t_T = Any.any_l () + | & _16: t_Option_ref_T = Any.any_l () + | & _17: MutBorrow.t (Seq.seq t_T) = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:index_mut result type invariant] inv_ref_T result} {[@expl:index_mut ensures #0] Seq.length self.current = Seq.length self.final} {[@expl:index_mut ensures #1] result.current = Seq.get self.current index @@ -23685,9 +23685,9 @@ module M_logic__seq__impl_Iterator_for_SeqIter_T__next (* {self.current.inner} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t (Seq.seq t_T)) -> - [ &_3 <- _ret ] -{inv_Seq_T _ret.final}- + [ &_4 <- _ret ] -{inv_Seq_T _ret.final}- [ &self <- { self with current = { inner = _ret.final } } ] s1) - | s1 = pop_front_ghost_T {_3} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) + | s1 = pop_front_ghost_T {_4} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_SeqIter_T self} s1 @@ -23695,7 +23695,7 @@ module M_logic__seq__impl_Iterator_for_SeqIter_T__next (* {[@expl:next result type invariant] inv_Option_T result} {[@expl:next ensures] match result with | None -> completed_SeqIter_T self @@ -23826,15 +23826,15 @@ module M_logic__seq__impl_IntoIterator_for_ref_Seq_T__into_iter (* <&'a logic::s let rec into_iter_ref_Seq_T (self: Seq.seq t_T) (return (x: t_SeqIterRef_T)) = {[@expl:into_iter 'self' type invariant] inv_ref_Seq_T self} (! bb0 - [ bb0 = s0 [ s0 = len_ghost_T {self} (fun (_ret: int) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = len_ghost_T {self} (fun (_ret: int) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = sub_Int {_5} {_7} (fun (_ret: int) -> [ &_4 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = [ &_0 <- { inner = self; index = _4 } ] s1 | s1 = return {_0} ] ] + [ bb0 = s0 [ s0 = len_ghost_T {self} (fun (_ret: int) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = len_ghost_T {self} (fun (_ret: int) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = sub_Int {_6} {_8} (fun (_ret: int) -> [ &_5 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = [ &_0 <- { inner = self; index = _5 } ] s1 | s1 = return {_0} ] ] [ & _0: t_SeqIterRef_T = Any.any_l () | & self: Seq.seq t_T = self - | & _4: int = Any.any_l () | & _5: int = Any.any_l () - | & _7: int = Any.any_l () ]) + | & _6: int = Any.any_l () + | & _8: int = Any.any_l () ]) [ return (result: t_SeqIterRef_T) -> {[@expl:into_iter result type invariant] inv_SeqIterRef_T result} {[@expl:into_iter ensures] view_SeqIterRef_T result = self} (! return {result}) ] @@ -23973,9 +23973,9 @@ module M_logic__seq__impl_Iterator_for_SeqIterRef_T__next (* [ &_5 <- _ret ] s1) + [ s0 = get_ghost_T {self.current.inner} {self.current.index} (fun (_ret: t_Option_ref_T) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_5 = None} (! bb6) | br1 (x0: t_T) -> {_5 = Some x0} (! bb4) ] + | bb2 = any [ br0 -> {_7 = None} (! bb6) | br1 (x0: t_T) -> {_7 = Some x0} (! bb4) ] | bb6 = s0 [ s0 = {[@expl:type invariant] inv_ref_SeqIterRef_T self} s1 | s1 = -{resolve_ref_SeqIterRef_T self}- s2 @@ -23984,11 +23984,11 @@ module M_logic__seq__impl_Iterator_for_SeqIterRef_T__next (* [ &res <- r0 ] s1) + [ s0 = elim_Some {_7} (fun (r0: t_T) -> [ &res <- r0 ] s1) | s1 = MutBorrow.borrow_final {self.current.index} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t int) -> - [ &_11 <- _ret ] [ &self <- { self with current = { self.current with index = _ret.final } } ] s2) - | s2 = incr_ghost {_11} (fun (_ret: ()) -> [ &_10 <- _ret ] s3) + [ &_13 <- _ret ] [ &self <- { self with current = { self.current with index = _ret.final } } ] s2) + | s2 = incr_ghost {_13} (fun (_ret: ()) -> [ &_12 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv_ref_SeqIterRef_T self} s1 @@ -24000,10 +24000,10 @@ module M_logic__seq__impl_Iterator_for_SeqIterRef_T__next (* {[@expl:next result type invariant] inv_Option_ref_T result} {[@expl:next ensures] match result with | None -> completed_SeqIterRef_T self @@ -27578,12 +27578,12 @@ module M_peano__impl_Clone_for_PeanoInt__clone (* [ &_3 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = _3 } ] s1 | s1 = return {_0} ] ] + [ s0 = [ &_6 <- self.f0 ] s1 | s1 = clone_u64 {_6} (fun (_ret: UInt64.t) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = _4 } ] s1 | s1 = return {_0} ] ] [ & _0: t_PeanoInt = Any.any_l () | & self: t_PeanoInt = self - | & _3: UInt64.t = Any.any_l () - | & _5: UInt64.t = Any.any_l () ]) + | & _4: UInt64.t = Any.any_l () + | & _6: UInt64.t = Any.any_l () ]) [ return (result: t_PeanoInt) -> {[@expl:clone ensures] postcondition_clone () self.f0 result.f0} (! return {result}) ] end @@ -28463,12 +28463,12 @@ module M_peano__impl_PartialOrd_for_PeanoInt__partial_cmp (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- Some _4 ] s1 | s1 = return {_0} ] ] + [ bb0 = s0 [ s0 = cmp_PeanoInt {self} {other} (fun (_ret: t_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- Some _6 ] s1 | s1 = return {_0} ] ] [ & _0: t_Option_Ordering = Any.any_l () | & self: t_PeanoInt = self | & other: t_PeanoInt = other - | & _4: t_Ordering = Any.any_l () ]) + | & _6: t_Ordering = Any.any_l () ]) [ return (result: t_Option_Ordering) -> {[@expl:partial_cmp ensures] result = Some (cmp_log_PeanoInt self other)} (! return {result}) ] end @@ -28609,9 +28609,9 @@ module M_peano__impl_PartialOrd_for_PeanoInt__lt (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_PeanoInt {self} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -28620,7 +28620,7 @@ module M_peano__impl_PartialOrd_for_PeanoInt__lt (* {[@expl:lt ensures] result = UInt64.lt (view_PeanoInt self) (view_PeanoInt other)} (! return {result}) ] end @@ -28761,9 +28761,9 @@ module M_peano__impl_PartialOrd_for_PeanoInt__le (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_PeanoInt {self} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -28772,7 +28772,7 @@ module M_peano__impl_PartialOrd_for_PeanoInt__le (* {[@expl:le ensures] result = UInt64.le (view_PeanoInt self) (view_PeanoInt other)} (! return {result}) ] end @@ -28913,9 +28913,9 @@ module M_peano__impl_PartialOrd_for_PeanoInt__gt (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_PeanoInt {self} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -28924,7 +28924,7 @@ module M_peano__impl_PartialOrd_for_PeanoInt__gt (* {[@expl:gt ensures] result = UInt64.gt (view_PeanoInt self) (view_PeanoInt other)} (! return {result}) ] end @@ -29065,9 +29065,9 @@ module M_peano__impl_PartialOrd_for_PeanoInt__ge (* [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_PeanoInt {self} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -29076,7 +29076,7 @@ module M_peano__impl_PartialOrd_for_PeanoInt__ge (* {[@expl:ge ensures] result = UInt64.ge (view_PeanoInt self) (view_PeanoInt other)} (! return {result}) ] end @@ -29256,14 +29256,14 @@ module M_peano__impl_Ord_for_PeanoInt__cmp (* let rec cmp_PeanoInt (self: t_PeanoInt) (other: t_PeanoInt) (return (x: t_Ordering)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- other.f0 ] s1 - | s1 = cmp_u64 {self.f0} {_6} (fun (_ret: t_Ordering) -> [ &_0 <- _ret ] s2) + [ s0 = [ &_8 <- other.f0 ] s1 + | s1 = cmp_u64 {self.f0} {_8} (fun (_ret: t_Ordering) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = return {_0} ] [ & _0: t_Ordering = Any.any_l () | & self: t_PeanoInt = self | & other: t_PeanoInt = other - | & _6: UInt64.t = Any.any_l () ]) + | & _8: UInt64.t = Any.any_l () ]) [ return (result: t_Ordering) -> {[@expl:cmp ensures] result = cmp_log_PeanoInt self other} (! return {result}) ] end module M_peano__impl_PartialEq_for_PeanoInt__eq (* *) @@ -30880,9 +30880,9 @@ module M_std__cmp__extern_spec_std_cmp_PartialEq_Rhs_ne_body {[@expl:extern_spec_std_cmp_PartialEq_Rhs_ne_body 'self_' type invariant] inv_ref_Self_ self_} {[@expl:extern_spec_std_cmp_PartialEq_Rhs_ne_body 'rhs' type invariant] inv_ref_Rhs rhs} (! bb0 - [ bb0 = s0 [ s0 = eq_ref_Self_ {self_} {rhs} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- not _4 ] s1 | s1 = return {_0} ] ] - [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & rhs: t_Rhs = rhs | & _4: bool = Any.any_l () ]) + [ bb0 = s0 [ s0 = eq_ref_Self_ {self_} {rhs} (fun (_ret: bool) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- not _6 ] s1 | s1 = return {_0} ] ] + [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & rhs: t_Rhs = rhs | & _6: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_cmp_PartialEq_Rhs_ne_body ensures] result = (deep_model_ref_Self_ self_ <> deep_model_ref_Rhs rhs)} (! return {result}) ] @@ -31024,9 +31024,9 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_lt_body {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_lt_body 'other' type invariant] inv_ref_Rhs other} (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -31035,7 +31035,7 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_lt_body [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & other: t_Rhs = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_lt_body ensures] result = lt_log_DeepModelTy (deep_model_ref_Self_ self_) (deep_model_ref_Rhs other)} (! return {result}) ] @@ -31177,9 +31177,9 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_le_body {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_le_body 'other' type invariant] inv_ref_Rhs other} (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -31188,7 +31188,7 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_le_body [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & other: t_Rhs = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_le_body ensures] result = le_log_DeepModelTy (deep_model_ref_Self_ self_) (deep_model_ref_Rhs other)} (! return {result}) ] @@ -31330,9 +31330,9 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_gt_body {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_gt_body 'other' type invariant] inv_ref_Rhs other} (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -31341,7 +31341,7 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_gt_body [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & other: t_Rhs = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_gt_body ensures] result = gt_log_DeepModelTy (deep_model_ref_Self_ self_) (deep_model_ref_Rhs other)} (! return {result}) ] @@ -31483,9 +31483,9 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_ge_body {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_ge_body 'other' type invariant] inv_ref_Rhs other} (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_Self_ {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -31494,7 +31494,7 @@ module M_std__cmp__extern_spec_std_cmp_PartialOrd_Rhs_ge_body [ & _0: bool = Any.any_l () | & self_: t_Self_ = self_ | & other: t_Rhs = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_cmp_PartialOrd_Rhs_ge_body ensures] result = ge_log_DeepModelTy (deep_model_ref_Self_ self_) (deep_model_ref_Rhs other)} (! return {result}) ] @@ -31611,8 +31611,8 @@ module M_std__cmp__extern_spec_std_cmp_Ord_max_body {[@expl:extern_spec_std_cmp_Ord_max_body 'self_' type invariant] inv_Self_ self_} {[@expl:extern_spec_std_cmp_Ord_max_body 'o' type invariant] inv_Self_ o} (! bb0 - [ bb0 = s0 [ s0 = le_Self_ {self_} {o} (fun (_ret: bool) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_8 = false} (! bb3) | br1 -> {_8} (! bb2) ] + [ bb0 = s0 [ s0 = le_Self_ {self_} {o} (fun (_ret: bool) -> [ &_16 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_16 = false} (! bb3) | br1 -> {_16} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_Self_ self_} s1 | s1 = -{resolve_Self_ self_}- s2 @@ -31624,7 +31624,7 @@ module M_std__cmp__extern_spec_std_cmp_Ord_max_body | s2 = [ &_0 <- self_ ] s3 | s3 = bb6 ] | bb6 = return {_0} ] - [ & _0: t_Self_ = Any.any_l () | & self_: t_Self_ = self_ | & o: t_Self_ = o | & _8: bool = Any.any_l () ]) + [ & _0: t_Self_ = Any.any_l () | & self_: t_Self_ = self_ | & o: t_Self_ = o | & _16: bool = Any.any_l () ]) [ return (result: t_Self_) -> {[@expl:extern_spec_std_cmp_Ord_max_body result type invariant] inv_Self_ result} {[@expl:extern_spec_std_cmp_Ord_max_body ensures #0] ge_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ self_)} {[@expl:extern_spec_std_cmp_Ord_max_body ensures #1] ge_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ o)} @@ -31747,8 +31747,8 @@ module M_std__cmp__extern_spec_std_cmp_Ord_min_body {[@expl:extern_spec_std_cmp_Ord_min_body 'self_' type invariant] inv_Self_ self_} {[@expl:extern_spec_std_cmp_Ord_min_body 'o' type invariant] inv_Self_ o} (! bb0 - [ bb0 = s0 [ s0 = lt_Self_ {self_} {o} (fun (_ret: bool) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_8 = false} (! bb3) | br1 -> {_8} (! bb2) ] + [ bb0 = s0 [ s0 = lt_Self_ {self_} {o} (fun (_ret: bool) -> [ &_16 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_16 = false} (! bb3) | br1 -> {_16} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_Self_ o} s1 | s1 = -{resolve_Self_ o}- s2 @@ -31760,7 +31760,7 @@ module M_std__cmp__extern_spec_std_cmp_Ord_min_body | s2 = [ &_0 <- o ] s3 | s3 = bb6 ] | bb6 = return {_0} ] - [ & _0: t_Self_ = Any.any_l () | & self_: t_Self_ = self_ | & o: t_Self_ = o | & _8: bool = Any.any_l () ]) + [ & _0: t_Self_ = Any.any_l () | & self_: t_Self_ = self_ | & o: t_Self_ = o | & _16: bool = Any.any_l () ]) [ return (result: t_Self_) -> {[@expl:extern_spec_std_cmp_Ord_min_body result type invariant] inv_Self_ result} {[@expl:extern_spec_std_cmp_Ord_min_body ensures #0] le_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ self_)} {[@expl:extern_spec_std_cmp_Ord_min_body ensures #1] le_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ o)} @@ -31902,8 +31902,8 @@ module M_std__cmp__extern_spec_std_cmp_Ord_clamp_body {[@expl:extern_spec_std_cmp_Ord_clamp_body 'max' type invariant] inv_Self_ max} {[@expl:extern_spec_std_cmp_Ord_clamp_body requires] le_log_DeepModelTy (deep_model_Self_ min) (deep_model_Self_ max)} (! bb0 - [ bb0 = s0 [ s0 = gt_Self_ {self_} {max} (fun (_ret: bool) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] + [ bb0 = s0 [ s0 = gt_Self_ {self_} {max} (fun (_ret: bool) -> [ &_19 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_19 = false} (! bb3) | br1 -> {_19} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_Self_ min} s1 | s1 = -{resolve_Self_ min}- s2 @@ -31914,9 +31914,9 @@ module M_std__cmp__extern_spec_std_cmp_Ord_clamp_body | bb3 = s0 [ s0 = {[@expl:type invariant] inv_Self_ max} s1 | s1 = -{resolve_Self_ max}- s2 - | s2 = lt_Self_ {self_} {min} (fun (_ret: bool) -> [ &_12 <- _ret ] s3) + | s2 = lt_Self_ {self_} {min} (fun (_ret: bool) -> [ &_22 <- _ret ] s3) | s3 = bb4 ] - | bb4 = any [ br0 -> {_12 = false} (! bb6) | br1 -> {_12} (! bb5) ] + | bb4 = any [ br0 -> {_22 = false} (! bb6) | br1 -> {_22} (! bb5) ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv_Self_ self_} s1 | s1 = -{resolve_Self_ self_}- s2 @@ -31932,8 +31932,8 @@ module M_std__cmp__extern_spec_std_cmp_Ord_clamp_body | & self_: t_Self_ = self_ | & min: t_Self_ = min | & max: t_Self_ = max - | & _9: bool = Any.any_l () - | & _12: bool = Any.any_l () ]) + | & _19: bool = Any.any_l () + | & _22: bool = Any.any_l () ]) [ return (result: t_Self_) -> {[@expl:extern_spec_std_cmp_Ord_clamp_body result type invariant] inv_Self_ result} {[@expl:extern_spec_std_cmp_Ord_clamp_body ensures #0] ge_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ min)} {[@expl:extern_spec_std_cmp_Ord_clamp_body ensures #1] le_log_DeepModelTy (deep_model_Self_ result) (deep_model_Self_ max)} @@ -32250,9 +32250,9 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i8_i8_lt_body (self_: Int8.t) (other: Int8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32261,7 +32261,7 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_lt_body [ & _0: bool = Any.any_l () | & self_: Int8.t = self_ | & other: Int8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i8_i8_lt_body ensures] result = (deep_model_ref_i8 self_ < deep_model_ref_i8 other)} (! return {result}) ] @@ -32343,9 +32343,9 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i8_i8_le_body (self_: Int8.t) (other: Int8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32354,7 +32354,7 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_le_body [ & _0: bool = Any.any_l () | & self_: Int8.t = self_ | & other: Int8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i8_i8_le_body ensures] result = (deep_model_ref_i8 self_ <= deep_model_ref_i8 other)} (! return {result}) ] @@ -32436,9 +32436,9 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i8_i8_gt_body (self_: Int8.t) (other: Int8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32447,7 +32447,7 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_gt_body [ & _0: bool = Any.any_l () | & self_: Int8.t = self_ | & other: Int8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i8_i8_gt_body ensures] result = (deep_model_ref_i8 self_ > deep_model_ref_i8 other)} (! return {result}) ] @@ -32529,9 +32529,9 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i8_i8_ge_body (self_: Int8.t) (other: Int8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32540,7 +32540,7 @@ module M_std__cmp__extern_spec_PartialOrd_i8_i8_ge_body [ & _0: bool = Any.any_l () | & self_: Int8.t = self_ | & other: Int8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i8_i8_ge_body ensures] result = (deep_model_ref_i8 self_ >= deep_model_ref_i8 other)} (! return {result}) ] @@ -32622,9 +32622,9 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i16_i16_lt_body (self_: Int16.t) (other: Int16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32633,7 +32633,7 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_lt_body [ & _0: bool = Any.any_l () | & self_: Int16.t = self_ | & other: Int16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i16_i16_lt_body ensures] result = (deep_model_ref_i16 self_ < deep_model_ref_i16 other)} (! return {result}) ] @@ -32715,9 +32715,9 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i16_i16_le_body (self_: Int16.t) (other: Int16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32726,7 +32726,7 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_le_body [ & _0: bool = Any.any_l () | & self_: Int16.t = self_ | & other: Int16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i16_i16_le_body ensures] result = (deep_model_ref_i16 self_ <= deep_model_ref_i16 other)} (! return {result}) ] @@ -32808,9 +32808,9 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i16_i16_gt_body (self_: Int16.t) (other: Int16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32819,7 +32819,7 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_gt_body [ & _0: bool = Any.any_l () | & self_: Int16.t = self_ | & other: Int16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i16_i16_gt_body ensures] result = (deep_model_ref_i16 self_ > deep_model_ref_i16 other)} (! return {result}) ] @@ -32901,9 +32901,9 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i16_i16_ge_body (self_: Int16.t) (other: Int16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -32912,7 +32912,7 @@ module M_std__cmp__extern_spec_PartialOrd_i16_i16_ge_body [ & _0: bool = Any.any_l () | & self_: Int16.t = self_ | & other: Int16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i16_i16_ge_body ensures] result = (deep_model_ref_i16 self_ >= deep_model_ref_i16 other)} (! return {result}) ] @@ -32994,9 +32994,9 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i32_i32_lt_body (self_: Int32.t) (other: Int32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33005,7 +33005,7 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_lt_body [ & _0: bool = Any.any_l () | & self_: Int32.t = self_ | & other: Int32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i32_i32_lt_body ensures] result = (deep_model_ref_i32 self_ < deep_model_ref_i32 other)} (! return {result}) ] @@ -33087,9 +33087,9 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i32_i32_le_body (self_: Int32.t) (other: Int32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33098,7 +33098,7 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_le_body [ & _0: bool = Any.any_l () | & self_: Int32.t = self_ | & other: Int32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i32_i32_le_body ensures] result = (deep_model_ref_i32 self_ <= deep_model_ref_i32 other)} (! return {result}) ] @@ -33180,9 +33180,9 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i32_i32_gt_body (self_: Int32.t) (other: Int32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33191,7 +33191,7 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_gt_body [ & _0: bool = Any.any_l () | & self_: Int32.t = self_ | & other: Int32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i32_i32_gt_body ensures] result = (deep_model_ref_i32 self_ > deep_model_ref_i32 other)} (! return {result}) ] @@ -33273,9 +33273,9 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i32_i32_ge_body (self_: Int32.t) (other: Int32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33284,7 +33284,7 @@ module M_std__cmp__extern_spec_PartialOrd_i32_i32_ge_body [ & _0: bool = Any.any_l () | & self_: Int32.t = self_ | & other: Int32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i32_i32_ge_body ensures] result = (deep_model_ref_i32 self_ >= deep_model_ref_i32 other)} (! return {result}) ] @@ -33366,9 +33366,9 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i64_i64_lt_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33377,7 +33377,7 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_lt_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i64_i64_lt_body ensures] result = (deep_model_ref_i64 self_ < deep_model_ref_i64 other)} (! return {result}) ] @@ -33459,9 +33459,9 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i64_i64_le_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33470,7 +33470,7 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_le_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i64_i64_le_body ensures] result = (deep_model_ref_i64 self_ <= deep_model_ref_i64 other)} (! return {result}) ] @@ -33552,9 +33552,9 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i64_i64_gt_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33563,7 +33563,7 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_gt_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i64_i64_gt_body ensures] result = (deep_model_ref_i64 self_ > deep_model_ref_i64 other)} (! return {result}) ] @@ -33645,9 +33645,9 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_i64_i64_ge_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_i64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33656,7 +33656,7 @@ module M_std__cmp__extern_spec_PartialOrd_i64_i64_ge_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i64_i64_ge_body ensures] result = (deep_model_ref_i64 self_ >= deep_model_ref_i64 other)} (! return {result}) ] @@ -33739,9 +33739,9 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_lt_body let rec extern_spec_PartialOrd_i128_i128_lt_body (self_: Int128.t) (other: Int128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33750,7 +33750,7 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_lt_body [ & _0: bool = Any.any_l () | & self_: Int128.t = self_ | & other: Int128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i128_i128_lt_body ensures] result = (deep_model_ref_i128 self_ < deep_model_ref_i128 other)} (! return {result}) ] @@ -33833,9 +33833,9 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_le_body let rec extern_spec_PartialOrd_i128_i128_le_body (self_: Int128.t) (other: Int128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33844,7 +33844,7 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_le_body [ & _0: bool = Any.any_l () | & self_: Int128.t = self_ | & other: Int128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i128_i128_le_body ensures] result = (deep_model_ref_i128 self_ <= deep_model_ref_i128 other)} (! return {result}) ] @@ -33927,9 +33927,9 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_gt_body let rec extern_spec_PartialOrd_i128_i128_gt_body (self_: Int128.t) (other: Int128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -33938,7 +33938,7 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_gt_body [ & _0: bool = Any.any_l () | & self_: Int128.t = self_ | & other: Int128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i128_i128_gt_body ensures] result = (deep_model_ref_i128 self_ > deep_model_ref_i128 other)} (! return {result}) ] @@ -34021,9 +34021,9 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_ge_body let rec extern_spec_PartialOrd_i128_i128_ge_body (self_: Int128.t) (other: Int128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_i128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34032,7 +34032,7 @@ module M_std__cmp__extern_spec_PartialOrd_i128_i128_ge_body [ & _0: bool = Any.any_l () | & self_: Int128.t = self_ | & other: Int128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_i128_i128_ge_body ensures] result = (deep_model_ref_i128 self_ >= deep_model_ref_i128 other)} (! return {result}) ] @@ -34116,9 +34116,9 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_lt_body let rec extern_spec_PartialOrd_isize_isize_lt_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34127,7 +34127,7 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_lt_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_isize_isize_lt_body ensures] result = (deep_model_ref_isize self_ < deep_model_ref_isize other)} (! return {result}) ] @@ -34211,9 +34211,9 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_le_body let rec extern_spec_PartialOrd_isize_isize_le_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34222,7 +34222,7 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_le_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_isize_isize_le_body ensures] result = (deep_model_ref_isize self_ <= deep_model_ref_isize other)} (! return {result}) ] @@ -34306,9 +34306,9 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_gt_body let rec extern_spec_PartialOrd_isize_isize_gt_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34317,7 +34317,7 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_gt_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_isize_isize_gt_body ensures] result = (deep_model_ref_isize self_ > deep_model_ref_isize other)} (! return {result}) ] @@ -34401,9 +34401,9 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_ge_body let rec extern_spec_PartialOrd_isize_isize_ge_body (self_: Int64.t) (other: Int64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_isize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34412,7 +34412,7 @@ module M_std__cmp__extern_spec_PartialOrd_isize_isize_ge_body [ & _0: bool = Any.any_l () | & self_: Int64.t = self_ | & other: Int64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_isize_isize_ge_body ensures] result = (deep_model_ref_isize self_ >= deep_model_ref_isize other)} (! return {result}) ] @@ -34494,9 +34494,9 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u8_u8_lt_body (self_: UInt8.t) (other: UInt8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34505,7 +34505,7 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_lt_body [ & _0: bool = Any.any_l () | & self_: UInt8.t = self_ | & other: UInt8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u8_u8_lt_body ensures] result = (deep_model_ref_u8 self_ < deep_model_ref_u8 other)} (! return {result}) ] @@ -34587,9 +34587,9 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u8_u8_le_body (self_: UInt8.t) (other: UInt8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34598,7 +34598,7 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_le_body [ & _0: bool = Any.any_l () | & self_: UInt8.t = self_ | & other: UInt8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u8_u8_le_body ensures] result = (deep_model_ref_u8 self_ <= deep_model_ref_u8 other)} (! return {result}) ] @@ -34680,9 +34680,9 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u8_u8_gt_body (self_: UInt8.t) (other: UInt8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34691,7 +34691,7 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_gt_body [ & _0: bool = Any.any_l () | & self_: UInt8.t = self_ | & other: UInt8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u8_u8_gt_body ensures] result = (deep_model_ref_u8 self_ > deep_model_ref_u8 other)} (! return {result}) ] @@ -34773,9 +34773,9 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u8_u8_ge_body (self_: UInt8.t) (other: UInt8.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u8 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34784,7 +34784,7 @@ module M_std__cmp__extern_spec_PartialOrd_u8_u8_ge_body [ & _0: bool = Any.any_l () | & self_: UInt8.t = self_ | & other: UInt8.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u8_u8_ge_body ensures] result = (deep_model_ref_u8 self_ >= deep_model_ref_u8 other)} (! return {result}) ] @@ -34866,9 +34866,9 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u16_u16_lt_body (self_: UInt16.t) (other: UInt16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34877,7 +34877,7 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_lt_body [ & _0: bool = Any.any_l () | & self_: UInt16.t = self_ | & other: UInt16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u16_u16_lt_body ensures] result = (deep_model_ref_u16 self_ < deep_model_ref_u16 other)} (! return {result}) ] @@ -34959,9 +34959,9 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u16_u16_le_body (self_: UInt16.t) (other: UInt16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -34970,7 +34970,7 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_le_body [ & _0: bool = Any.any_l () | & self_: UInt16.t = self_ | & other: UInt16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u16_u16_le_body ensures] result = (deep_model_ref_u16 self_ <= deep_model_ref_u16 other)} (! return {result}) ] @@ -35052,9 +35052,9 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u16_u16_gt_body (self_: UInt16.t) (other: UInt16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35063,7 +35063,7 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_gt_body [ & _0: bool = Any.any_l () | & self_: UInt16.t = self_ | & other: UInt16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u16_u16_gt_body ensures] result = (deep_model_ref_u16 self_ > deep_model_ref_u16 other)} (! return {result}) ] @@ -35145,9 +35145,9 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u16_u16_ge_body (self_: UInt16.t) (other: UInt16.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u16 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35156,7 +35156,7 @@ module M_std__cmp__extern_spec_PartialOrd_u16_u16_ge_body [ & _0: bool = Any.any_l () | & self_: UInt16.t = self_ | & other: UInt16.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u16_u16_ge_body ensures] result = (deep_model_ref_u16 self_ >= deep_model_ref_u16 other)} (! return {result}) ] @@ -35238,9 +35238,9 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u32_u32_lt_body (self_: UInt32.t) (other: UInt32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35249,7 +35249,7 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_lt_body [ & _0: bool = Any.any_l () | & self_: UInt32.t = self_ | & other: UInt32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u32_u32_lt_body ensures] result = (deep_model_ref_u32 self_ < deep_model_ref_u32 other)} (! return {result}) ] @@ -35331,9 +35331,9 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u32_u32_le_body (self_: UInt32.t) (other: UInt32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35342,7 +35342,7 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_le_body [ & _0: bool = Any.any_l () | & self_: UInt32.t = self_ | & other: UInt32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u32_u32_le_body ensures] result = (deep_model_ref_u32 self_ <= deep_model_ref_u32 other)} (! return {result}) ] @@ -35424,9 +35424,9 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u32_u32_gt_body (self_: UInt32.t) (other: UInt32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35435,7 +35435,7 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_gt_body [ & _0: bool = Any.any_l () | & self_: UInt32.t = self_ | & other: UInt32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u32_u32_gt_body ensures] result = (deep_model_ref_u32 self_ > deep_model_ref_u32 other)} (! return {result}) ] @@ -35517,9 +35517,9 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u32_u32_ge_body (self_: UInt32.t) (other: UInt32.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u32 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35528,7 +35528,7 @@ module M_std__cmp__extern_spec_PartialOrd_u32_u32_ge_body [ & _0: bool = Any.any_l () | & self_: UInt32.t = self_ | & other: UInt32.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u32_u32_ge_body ensures] result = (deep_model_ref_u32 self_ >= deep_model_ref_u32 other)} (! return {result}) ] @@ -35610,9 +35610,9 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_lt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u64_u64_lt_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35621,7 +35621,7 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_lt_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u64_u64_lt_body ensures] result = (deep_model_ref_u64 self_ < deep_model_ref_u64 other)} (! return {result}) ] @@ -35703,9 +35703,9 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_le_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u64_u64_le_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35714,7 +35714,7 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_le_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u64_u64_le_body ensures] result = (deep_model_ref_u64 self_ <= deep_model_ref_u64 other)} (! return {result}) ] @@ -35796,9 +35796,9 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_gt_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u64_u64_gt_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35807,7 +35807,7 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_gt_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u64_u64_gt_body ensures] result = (deep_model_ref_u64 self_ > deep_model_ref_u64 other)} (! return {result}) ] @@ -35889,9 +35889,9 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_ge_body meta "select_lsinst" "all" let rec extern_spec_PartialOrd_u64_u64_ge_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ bb0 = s0 [ s0 = partial_cmp_u64 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35900,7 +35900,7 @@ module M_std__cmp__extern_spec_PartialOrd_u64_u64_ge_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u64_u64_ge_body ensures] result = (deep_model_ref_u64 self_ >= deep_model_ref_u64 other)} (! return {result}) ] @@ -35983,9 +35983,9 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_lt_body let rec extern_spec_PartialOrd_u128_u128_lt_body (self_: UInt128.t) (other: UInt128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -35994,7 +35994,7 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_lt_body [ & _0: bool = Any.any_l () | & self_: UInt128.t = self_ | & other: UInt128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u128_u128_lt_body ensures] result = (deep_model_ref_u128 self_ < deep_model_ref_u128 other)} (! return {result}) ] @@ -36077,9 +36077,9 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_le_body let rec extern_spec_PartialOrd_u128_u128_le_body (self_: UInt128.t) (other: UInt128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36088,7 +36088,7 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_le_body [ & _0: bool = Any.any_l () | & self_: UInt128.t = self_ | & other: UInt128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u128_u128_le_body ensures] result = (deep_model_ref_u128 self_ <= deep_model_ref_u128 other)} (! return {result}) ] @@ -36171,9 +36171,9 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_gt_body let rec extern_spec_PartialOrd_u128_u128_gt_body (self_: UInt128.t) (other: UInt128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36182,7 +36182,7 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_gt_body [ & _0: bool = Any.any_l () | & self_: UInt128.t = self_ | & other: UInt128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u128_u128_gt_body ensures] result = (deep_model_ref_u128 self_ > deep_model_ref_u128 other)} (! return {result}) ] @@ -36265,9 +36265,9 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_ge_body let rec extern_spec_PartialOrd_u128_u128_ge_body (self_: UInt128.t) (other: UInt128.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_u128 {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36276,7 +36276,7 @@ module M_std__cmp__extern_spec_PartialOrd_u128_u128_ge_body [ & _0: bool = Any.any_l () | & self_: UInt128.t = self_ | & other: UInt128.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_u128_u128_ge_body ensures] result = (deep_model_ref_u128 self_ >= deep_model_ref_u128 other)} (! return {result}) ] @@ -36360,9 +36360,9 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_lt_body let rec extern_spec_PartialOrd_usize_usize_lt_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36371,7 +36371,7 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_lt_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_usize_usize_lt_body ensures] result = (deep_model_ref_usize self_ < deep_model_ref_usize other)} (! return {result}) ] @@ -36455,9 +36455,9 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_le_body let rec extern_spec_PartialOrd_usize_usize_le_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb5) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb2) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36466,7 +36466,7 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_le_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_usize_usize_le_body ensures] result = (deep_model_ref_usize self_ <= deep_model_ref_usize other)} (! return {result}) ] @@ -36550,9 +36550,9 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_gt_body let rec extern_spec_PartialOrd_usize_usize_gt_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb2) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36561,7 +36561,7 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_gt_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_usize_usize_gt_body ensures] result = (deep_model_ref_usize self_ > deep_model_ref_usize other)} (! return {result}) ] @@ -36645,9 +36645,9 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_ge_body let rec extern_spec_PartialOrd_usize_usize_ge_body (self_: UInt64.t) (other: UInt64.t) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb2) | br1 (x0: t_Ordering) -> {_4 = Some x0} (! bb3) ] - | bb3 = elim_Some {_4} + [ s0 = partial_cmp_usize {self_} {other} (fun (_ret: t_Option_Ordering) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = None} (! bb2) | br1 (x0: t_Ordering) -> {_6 = Some x0} (! bb3) ] + | bb3 = elim_Some {_6} (fun (r0: t_Ordering) -> any [ br0 -> {r0 = Less} (! bb2) | br1 -> {r0 = Equal} (! bb5) | br2 -> {r0 = Greater} (! bb5) ]) | bb2 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb6 ] @@ -36656,7 +36656,7 @@ module M_std__cmp__extern_spec_PartialOrd_usize_usize_ge_body [ & _0: bool = Any.any_l () | & self_: UInt64.t = self_ | & other: UInt64.t = other - | & _4: t_Option_Ordering = Any.any_l () ]) + | & _6: t_Option_Ordering = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_PartialOrd_usize_usize_ge_body ensures] result = (deep_model_ref_usize self_ >= deep_model_ref_usize other)} (! return {result}) ] @@ -39576,13 +39576,13 @@ module M_std__iter__map_inv__impl_Iterator_for_MapInv_I_F__next (* {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_6 <- _ret ] -{inv_I _ret.final}- + [ &_8 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_6} (fun (_ret: t_Option_Item) -> [ &_5 <- _ret ] s2) + | s1 = next_I {_8} (fun (_ret: t_Option_Item) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] - | bb2 = any [ br0 -> {_5 = None} (! bb5) | br1 (x0: t_Item) -> {_5 = Some x0} (! bb6) ] + | bb2 = any [ br0 -> {_7 = None} (! bb5) | br1 (x0: t_Item) -> {_7 = Some x0} (! bb6) ] | bb6 = s0 - [ s0 = elim_Some {_5} (fun (r0: t_Item) -> [ &v <- r0 ] s1) + [ s0 = elim_Some {_7} (fun (r0: t_Item) -> [ &v <- r0 ] s1) | s1 = {[@expl:assertion] precondition_F self.current.func { f0 = v; f1 = self.current.produced }} s2 | s2 = [ &produced'0 <- Seq.snoc self.current.produced v ] s3 | s3 = bb7 ] @@ -39590,14 +39590,14 @@ module M_std__iter__map_inv__impl_Iterator_for_MapInv_I_F__next (* {self.current.func} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_F) -> - [ &_14 <- _ret ] -{inv_F _ret.final}- + [ &_21 <- _ret ] -{inv_F _ret.final}- [ &self <- { self with current = { self.current with func = _ret.final } } ] s1) - | s1 = [ &_15 <- { f0 = v; f1 = self.current.produced } ] s2 - | s2 = call_mut_F {_14} {_15} (fun (_ret: t_B) -> [ &r <- _ret ] s3) + | s1 = [ &_22 <- { f0 = v; f1 = self.current.produced } ] s2 + | s2 = call_mut_F {_21} {_22} (fun (_ret: t_B) -> [ &r <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 [ s0 = [ &self <- { self with current = { self.current with produced = produced'0 } } ] s1 - | s1 = [ &_19 <- () ] s2 + | s1 = [ &_26 <- () ] s2 | s2 = bb10 ] | bb10 = s0 [ s0 = {[@expl:assertion] produces_one_I old_self r self.current} s1 @@ -39605,9 +39605,9 @@ module M_std__iter__map_inv__impl_Iterator_for_MapInv_I_F__next (* {[@expl:next result type invariant] inv_Option_B result} {[@expl:next ensures] match result with | None'0 -> completed_MapInv_I_F self @@ -41179,13 +41179,13 @@ module M_std__iter__trait_IteratorSpec__map_inv {[@expl:map_inv requires #2] preservation_Self self func'0} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = [ &_9 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- { iter = self; func = func'0; produced = _9 } ] s1 | s1 = bb6 ] + | bb1 = s0 [ s0 = [ &_14 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- { iter = self; func = func'0; produced = _14 } ] s1 | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: t_MapInv_Self_F = Any.any_l () | & self: t_Self = self | & func'0: t_F = func'0 - | & _9: Seq.seq t_Item = Any.any_l () ]) + | & _14: Seq.seq t_Item = Any.any_l () ]) [ return (result: t_MapInv_Self_F) -> {[@expl:map_inv result type invariant] inv_MapInv_Self_F result} {[@expl:map_inv ensures] result = { iter = self; func = func'0; produced = Seq.empty: Seq.seq t_Item }} (! return {result}) ] @@ -41312,22 +41312,22 @@ module M_std__mem__extern_spec_std_mem_replace_body [ s0 = [ &src'0 <- src ] s1 | s1 = {inv_T src'0} MutBorrow.borrow_mut {src'0} - (fun (_ret: MutBorrow.t t_T) -> [ &_9 <- _ret ] -{inv_T _ret.final}- [ &src'0 <- _ret.final ] s2) + (fun (_ret: MutBorrow.t t_T) -> [ &_12 <- _ret ] -{inv_T _ret.final}- [ &src'0 <- _ret.final ] s2) | s2 = {inv_T dest.current} MutBorrow.borrow_final {dest.current} {MutBorrow.get_id dest} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_10 <- _ret ] -{inv_T _ret.final}- [ &dest <- { dest with current = _ret.final } ] s3) - | s3 = {inv_T _9.current} - MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + | s3 = {inv_T _12.current} + MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- - [ &_9 <- { _9 with current = _ret.final } ] s4) - | s4 = swap_T {_7} {_8} (fun (_ret: ()) -> [ &_6 <- _ret ] s5) + [ &_11 <- _ret ] -{inv_T _ret.final}- + [ &_12 <- { _12 with current = _ret.final } ] s4) + | s4 = swap_T {_10} {_11} (fun (_ret: ()) -> [ &_9 <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = {[@expl:type invariant] inv_ref_T _9} s1 - | s1 = -{resolve_ref_T _9}- s2 + [ s0 = {[@expl:type invariant] inv_ref_T _12} s1 + | s1 = -{resolve_ref_T _12}- s2 | s2 = {[@expl:type invariant] inv_ref_T dest} s3 | s3 = -{resolve_ref_T dest}- s4 | s4 = [ &_0 <- src'0 ] s5 @@ -41337,10 +41337,10 @@ module M_std__mem__extern_spec_std_mem_replace_body | & dest: MutBorrow.t t_T = dest | & src: t_T = src | & src'0: t_T = Any.any_l () - | & _6: () = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () - | & _9: MutBorrow.t t_T = Any.any_l () ]) + | & _9: () = Any.any_l () + | & _10: MutBorrow.t t_T = Any.any_l () + | & _11: MutBorrow.t t_T = Any.any_l () + | & _12: MutBorrow.t t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:extern_spec_std_mem_replace_body result type invariant] inv_T result} {[@expl:extern_spec_std_mem_replace_body ensures #0] dest.final = src} {[@expl:extern_spec_std_mem_replace_body ensures #1] result = dest.current} @@ -41451,20 +41451,20 @@ module M_std__mem__extern_spec_std_mem_take_body let rec extern_spec_std_mem_take_body_T (dest: MutBorrow.t t_T) (return (x: t_T)) = {[@expl:extern_spec_std_mem_take_body 'dest' type invariant] inv_ref_T dest} (! bb0 - [ bb0 = s0 [ s0 = default_T (fun (_ret: t_T) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = default_T (fun (_ret: t_T) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_T dest.current} MutBorrow.borrow_final {dest.current} {MutBorrow.get_id dest} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- + [ &_6 <- _ret ] -{inv_T _ret.final}- [ &dest <- { dest with current = _ret.final } ] s1) - | s1 = replace_T {_4} {_5} (fun (_ret: t_T) -> [ &_0 <- _ret ] s2) + | s1 = replace_T {_6} {_7} (fun (_ret: t_T) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_T dest} s1 | s1 = -{resolve_ref_T dest}- s2 | s2 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & dest: MutBorrow.t t_T = dest - | & _4: MutBorrow.t t_T = Any.any_l () - | & _5: t_T = Any.any_l () ]) + | & _6: MutBorrow.t t_T = Any.any_l () + | & _7: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:extern_spec_std_mem_take_body result type invariant] inv_T result} {[@expl:extern_spec_std_mem_take_body ensures #0] result = dest.current} {[@expl:extern_spec_std_mem_take_body ensures #1] postcondition_default () () dest.final} @@ -42031,12 +42031,12 @@ module M_std__ops__extern_spec_core_option_T_Try_Option_T_branch_body (! bb0 [ bb0 = any [ br0 -> {self_ = None} (! bb3) | br1 (x0: t_T) -> {self_ = Some x0} (! bb4) ] | bb4 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &v <- r0 ] s1) | s1 = [ &_0 <- Continue v ] s2 | s2 = bb8 ] - | bb3 = s0 [ s0 = [ &_6 <- None'0 ] s1 | s1 = [ &_0 <- Break _6 ] s2 | s2 = bb8 ] + | bb3 = s0 [ s0 = [ &_7 <- None'0 ] s1 | s1 = [ &_0 <- Break _7 ] s2 | s2 = bb8 ] | bb8 = return {_0} ] [ & _0: t_ControlFlow_Option_Infallible_T = Any.any_l () | & self_: t_Option_T = self_ | & v: t_T = Any.any_l () - | & _6: t_Option_Infallible = Any.any_l () ]) + | & _7: t_Option_Infallible = Any.any_l () ]) [ return (result: t_ControlFlow_Option_Infallible_T) -> {[@expl:extern_spec_core_option_T_Try_Option_T_branch_body result type invariant] inv_ControlFlow_Option_Infallible_T result} {[@expl:extern_spec_core_option_T_Try_Option_T_branch_body ensures] match self_ with @@ -42201,15 +42201,15 @@ module M_std__ops__extern_spec_core_result_T_E_Try_Result_T_E_branch_body {[@expl:extern_spec_core_result_T_E_Try_Result_T_E_branch_body 'self_' type invariant] inv_Result_T_E self_} (! bb0 [ bb0 = any [ br0 (x0: t_T) -> {self_ = Ok x0} (! bb4) | br1 (x0: t_E) -> {self_ = Err x0} (! bb3) ] - | bb3 = s0 [ s0 = elim_Err {self_} (fun (r0: t_E) -> [ &e <- r0 ] s1) | s1 = [ &_7 <- Err'0 e ] s2 | s2 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- Break _7 ] s1 | s1 = bb11 ] + | bb3 = s0 [ s0 = elim_Err {self_} (fun (r0: t_E) -> [ &e <- r0 ] s1) | s1 = [ &_8 <- Err'0 e ] s2 | s2 = bb7 ] + | bb7 = s0 [ s0 = [ &_0 <- Break _8 ] s1 | s1 = bb11 ] | bb4 = s0 [ s0 = elim_Ok {self_} (fun (r0: t_T) -> [ &v <- r0 ] s1) | s1 = [ &_0 <- Continue v ] s2 | s2 = bb11 ] | bb11 = return {_0} ] [ & _0: t_ControlFlow_Result_Infallible_E_T = Any.any_l () | & self_: t_Result_T_E = self_ | & v: t_T = Any.any_l () | & e: t_E = Any.any_l () - | & _7: t_Result_Infallible_E = Any.any_l () ]) + | & _8: t_Result_Infallible_E = Any.any_l () ]) [ return (result: t_ControlFlow_Result_Infallible_E_T) -> {[@expl:extern_spec_core_result_T_E_Try_Result_T_E_branch_body result type invariant] inv_ControlFlow_Result_Infallible_E_T result} {[@expl:extern_spec_core_result_T_E_Try_Result_T_E_branch_body ensures] match self_ with @@ -42346,14 +42346,14 @@ module M_std__ops__extern_spec_core_result_T_E_F_FromResidual_Result_Infallible_ (! bb0 [ bb0 = s0 [ s0 = elim_Err {residual} (fun (r0: t_E) -> [ &e <- r0 ] s1) - | s1 = from_F {e} (fun (_ret: t_F) -> [ &_4 <- _ret ] s2) + | s1 = from_F {e} (fun (_ret: t_F) -> [ &_5 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- Err'0 _4 ] s1 | s1 = bb4 ] + | bb1 = s0 [ s0 = [ &_0 <- Err'0 _5 ] s1 | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: t_Result_T_F = Any.any_l () | & residual: t_Result_Infallible_E = residual | & e: t_E = Any.any_l () - | & _4: t_F = Any.any_l () ]) + | & _5: t_F = Any.any_l () ]) [ return (result: t_Result_T_F) -> {[@expl:extern_spec_core_result_T_E_F_FromResidual_Result_Infallible_E_Result_T_F_from_residual_body result type invariant] inv_Result_T_F result} {[@expl:extern_spec_core_result_T_E_F_FromResidual_Result_Infallible_E_Result_T_F_from_residual_body ensures] match { f0 = result; @@ -42454,22 +42454,22 @@ module M_std__option__extern_spec_T_PartialEq_Option_T_eq_body {[@expl:extern_spec_T_PartialEq_Option_T_eq_body 'rhs' type invariant] inv_ref_Option_T rhs} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- { f0 = self_; f1 = rhs } ] s1 - | s1 = any [ br0 -> {_4.f0 = None} (! bb2) | br1 (x0: t_T) -> {_4.f0 = Some x0} (! bb4) ] ] - | bb4 = any [ br0 -> {_4.f1 = None} (! bb1) | br1 (x0: t_T) -> {_4.f1 = Some x0} (! bb6) ] + [ s0 = [ &_6 <- { f0 = self_; f1 = rhs } ] s1 + | s1 = any [ br0 -> {_6.f0 = None} (! bb2) | br1 (x0: t_T) -> {_6.f0 = Some x0} (! bb4) ] ] + | bb4 = any [ br0 -> {_6.f1 = None} (! bb1) | br1 (x0: t_T) -> {_6.f1 = Some x0} (! bb6) ] | bb6 = s0 - [ s0 = elim_Some {_4.f0} (fun (r0: t_T) -> [ &x <- r0 ] s1) - | s1 = elim_Some {_4.f1} (fun (r0: t_T) -> [ &y <- r0 ] s2) + [ s0 = elim_Some {_6.f0} (fun (r0: t_T) -> [ &x <- r0 ] s1) + | s1 = elim_Some {_6.f1} (fun (r0: t_T) -> [ &y <- r0 ] s2) | s2 = eq_ref_T {x} {y} (fun (_ret: bool) -> [ &_0 <- _ret ] s3) | s3 = bb9 ] - | bb2 = any [ br0 -> {_4.f1 = None} (! bb7) | br1 (x0: t_T) -> {_4.f1 = Some x0} (! bb1) ] + | bb2 = any [ br0 -> {_6.f1 = None} (! bb7) | br1 (x0: t_T) -> {_6.f1 = Some x0} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb9 ] | bb7 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb9 ] | bb9 = return {_0} ] [ & _0: bool = Any.any_l () | & self_: t_Option_T = self_ | & rhs: t_Option_T = rhs - | & _4: tup2_ref_Option_T_ref_Option_T = Any.any_l () + | & _6: tup2_ref_Option_T_ref_Option_T = Any.any_l () | & x: t_T = Any.any_l () | & y: t_T = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_T_PartialEq_Option_T_eq_body ensures] result @@ -42598,15 +42598,15 @@ module M_std__option__extern_spec_T_Clone_Option_T_clone_body [ bb0 = any [ br0 -> {self_ = None} (! bb4) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &x <- r0 ] s1) - | s1 = clone_T {x} (fun (_ret: t_T) -> [ &_5 <- _ret ] s2) + | s1 = clone_T {x} (fun (_ret: t_T) -> [ &_6 <- _ret ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Some _5 ] s1 | s1 = bb7 ] + | bb5 = s0 [ s0 = [ &_0 <- Some _6 ] s1 | s1 = bb7 ] | bb4 = s0 [ s0 = [ &_0 <- None ] s1 | s1 = bb7 ] | bb7 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self_: t_Option_T = self_ | & x: t_T = Any.any_l () - | & _5: t_T = Any.any_l () ]) + | & _6: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_T_Clone_Option_T_clone_body result type invariant] inv_Option_T result} {[@expl:extern_spec_T_Clone_Option_T_clone_body ensures] match { f0 = self_; f1 = result } with @@ -42725,8 +42725,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_is_some_and_body | bb1 = any [ br0 -> {self_ = None} (! bb3) | br1 (x0: t_T) -> {self_ = Some x0} (! bb4) ] | bb4 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = [ &_9 <- t ] s2 - | s2 = call_once_impl_32_FnOnce_40_T_41__32__45__62__32_bool_32__43__32_Destruct {f} {_9} + | s1 = [ &_13 <- t ] s2 + | s2 = call_once_impl_32_FnOnce_40_T_41__32__45__62__32_bool_32__43__32_Destruct {f} {_13} (fun (_ret: bool) -> [ &_0 <- _ret ] s3) | s3 = bb11 ] | bb3 = s0 @@ -42739,7 +42739,7 @@ module M_std__option__extern_spec_std_option_T_Option_T_is_some_and_body | & self_: t_Option_T = self_ | & f: impl_32_FnOnce_40_T_41__32__45__62__32_bool_32__43__32_Destruct = f | & t: t_T = Any.any_l () - | & _9: t_T = Any.any_l () ]) + | & _13: t_T = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_option_T_Option_T_is_some_and_body ensures] match self_ with | None -> result = false | Some t -> postcondition_once_impl_32_FnOnce_40_T_41__32__45__62__32_bool_32__43__32_Destruct f t result @@ -42786,9 +42786,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_is_none_body let rec extern_spec_std_option_T_Option_T_is_none_body_T (self_: t_Option_T) (return (x: bool)) = {[@expl:extern_spec_std_option_T_Option_T_is_none_body 'self_' type invariant] inv_ref_Option_T self_} (! bb0 - [ bb0 = s0 [ s0 = is_some_T {self_} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- not _4 ] s1 | s1 = return {_0} ] ] - [ & _0: bool = Any.any_l () | & self_: t_Option_T = self_ | & _4: bool = Any.any_l () ]) + [ bb0 = s0 [ s0 = is_some_T {self_} (fun (_ret: bool) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- not _6 ] s1 | s1 = return {_0} ] ] + [ & _0: bool = Any.any_l () | & self_: t_Option_T = self_ | & _6: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_std_option_T_Option_T_is_none_body ensures] result = (self_ = None)} (! return {result}) ] end @@ -42942,9 +42942,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_mut_body | s1 = {inv_T t.current} MutBorrow.borrow_final {t.current} {MutBorrow.get_id t} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_10 <- _ret ] -{inv_T _ret.final}- [ &t <- { t with current = _ret.final } ] s2) - | s2 = [ &_0 <- Some'0 _7 ] s3 + | s2 = [ &_0 <- Some'0 _10 ] s3 | s3 = {[@expl:type invariant] inv_ref_T t} s4 | s4 = -{resolve_ref_T t}- s5 | s5 = bb5 ] @@ -42960,7 +42960,7 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_mut_body [ & _0: t_Option_ref_T = Any.any_l () | & self_: MutBorrow.t t_Option_T = self_ | & t: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) + | & _10: MutBorrow.t t_T = Any.any_l () ]) [ return (result: t_Option_ref_T) -> {[@expl:extern_spec_std_option_T_Option_T_as_mut_body result type invariant] inv_Option_ref_T result} {[@expl:extern_spec_std_option_T_Option_T_as_mut_body ensures #0] self_.current = None @@ -43060,9 +43060,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_slice_body [ bb0 = any [ br0 -> {self_ = None} (! bb4) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = from_ref_T {t} (fun (_ret: Slice64.slice t_T) -> [ &_9 <- _ret ] s2) + | s1 = from_ref_T {t} (fun (_ret: Slice64.slice t_T) -> [ &_10 <- _ret ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = [ &_3 <- _9 ] s1 | s1 = bb6 ] + | bb5 = s0 [ s0 = [ &_4 <- _10 ] s1 | s1 = bb6 ] | bb4 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 @@ -43072,18 +43072,18 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_slice_body | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Slice64.array t_T = Any.any_l () | & _1: Slice64.array t_T = Any.any_l () ] - [ _const_ret (_const: Slice64.array t_T) -> [ &_11 <- _const ] s1 ] - | s1 = [ &_6 <- _11 ] s2 - | s2 = [ &_3 <- _6 ] s3 + [ _const_ret (_const: Slice64.array t_T) -> [ &_12 <- _const ] s1 ] + | s1 = [ &_7 <- _12 ] s2 + | s2 = [ &_4 <- _7 ] s3 | s3 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- _3 ] s1 | s1 = return {_0} ] ] + | bb6 = s0 [ s0 = [ &_0 <- _4 ] s1 | s1 = return {_0} ] ] [ & _0: Slice64.slice t_T = Any.any_l () | & self_: t_Option_T = self_ - | & _3: Slice64.slice t_T = Any.any_l () - | & _6: Slice64.array t_T = Any.any_l () + | & _4: Slice64.slice t_T = Any.any_l () + | & _7: Slice64.array t_T = Any.any_l () | & t: t_T = Any.any_l () - | & _9: Slice64.slice t_T = Any.any_l () - | & _11: Slice64.array t_T = Any.any_l () ]) + | & _10: Slice64.slice t_T = Any.any_l () + | & _12: Slice64.array t_T = Any.any_l () ]) [ return (result: Slice64.slice t_T) -> {[@expl:extern_spec_std_option_T_Option_T_as_slice_body result type invariant] inv_ref_slice_T result} {[@expl:extern_spec_std_option_T_Option_T_as_slice_body ensures] match self_ with @@ -43231,18 +43231,18 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_mut_slice_body | s1 = {inv_T t.current} MutBorrow.borrow_final {t.current} {MutBorrow.get_id t} (fun (_ret: MutBorrow.t t_T) -> - [ &_11 <- _ret ] -{inv_T _ret.final}- + [ &_12 <- _ret ] -{inv_T _ret.final}- [ &t <- { t with current = _ret.final } ] s2) - | s2 = from_mut_T {_11} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_10 <- _ret ] s3) + | s2 = from_mut_T {_12} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_11 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = {inv_slice_T _10.current} - MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + [ s0 = {inv_slice_T _11.current} + MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_4 <- _ret ] -{inv_slice_T _ret.final}- - [ &_10 <- { _10 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_slice_T _10} s2 - | s2 = -{resolve_ref_slice_T _10}- s3 + [ &_5 <- _ret ] -{inv_slice_T _ret.final}- + [ &_11 <- { _11 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_slice_T _11} s2 + | s2 = -{resolve_ref_slice_T _11}- s3 | s3 = {[@expl:type invariant] inv_ref_T t} s4 | s4 = -{resolve_ref_T t}- s5 | s5 = bb6 ] @@ -43261,31 +43261,31 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_mut_slice_body [ &_1 <- _ret.final ] s2'0) | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: MutBorrow.t (Slice64.array t_T) = Any.any_l () | & _1: Slice64.array t_T = Any.any_l () ] - [ _const_ret (_const: MutBorrow.t (Slice64.array t_T)) -> [ &_12 <- _const ] s1 ] - | s1 = {inv_array_T_0 _12.current} - MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + [ _const_ret (_const: MutBorrow.t (Slice64.array t_T)) -> [ &_13 <- _const ] s1 ] + | s1 = {inv_array_T_0 _13.current} + MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} (fun (_ret: MutBorrow.t (Slice64.array t_T)) -> - [ &_7 <- _ret ] -{inv_array_T_0 _ret.final}- - [ &_12 <- { _12 with current = _ret.final } ] s2) - | s2 = {inv_array_T_0 _7.current} - MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + [ &_8 <- _ret ] -{inv_array_T_0 _ret.final}- + [ &_13 <- { _13 with current = _ret.final } ] s2) + | s2 = {inv_array_T_0 _8.current} + MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} (fun (_ret: MutBorrow.t (Slice64.array t_T)) -> - [ &_6 <- _ret ] -{inv_array_T_0 _ret.final}- - [ &_7 <- { _7 with current = _ret.final } ] s3) - | s3 = [ &_4 <- _6 ] s4 - | s4 = {[@expl:type invariant] inv_ref_array_T_0 _7} s5 - | s5 = -{resolve_ref_array_T_0 _7}- s6 + [ &_7 <- _ret ] -{inv_array_T_0 _ret.final}- + [ &_8 <- { _8 with current = _ret.final } ] s3) + | s3 = [ &_5 <- _7 ] s4 + | s4 = {[@expl:type invariant] inv_ref_array_T_0 _8} s5 + | s5 = -{resolve_ref_array_T_0 _8}- s6 | s6 = bb8 ] | bb8 = s0 - [ s0 = {[@expl:type invariant] inv_ref_array_T_0 _12} s1 | s1 = -{resolve_ref_array_T_0 _12}- s2 | s2 = bb6 ] + [ s0 = {[@expl:type invariant] inv_ref_array_T_0 _13} s1 | s1 = -{resolve_ref_array_T_0 _13}- s2 | s2 = bb6 ] | bb6 = s0 - [ s0 = {inv_slice_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + [ s0 = {inv_slice_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_2 <- _ret ] -{inv_slice_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_slice_T _4} s2 - | s2 = -{resolve_ref_slice_T _4}- s3 + [ &_5 <- { _5 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_slice_T _5} s2 + | s2 = -{resolve_ref_slice_T _5}- s3 | s3 = {inv_slice_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> @@ -43299,13 +43299,13 @@ module M_std__option__extern_spec_std_option_T_Option_T_as_mut_slice_body [ & _0: MutBorrow.t (Slice64.slice t_T) = Any.any_l () | & self_: MutBorrow.t t_Option_T = self_ | & _2: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _4: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _6: MutBorrow.t (Slice64.array t_T) = Any.any_l () + | & _5: MutBorrow.t (Slice64.slice t_T) = Any.any_l () | & _7: MutBorrow.t (Slice64.array t_T) = Any.any_l () + | & _8: MutBorrow.t (Slice64.array t_T) = Any.any_l () | & t: MutBorrow.t t_T = Any.any_l () - | & _10: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _11: MutBorrow.t t_T = Any.any_l () - | & _12: MutBorrow.t (Slice64.array t_T) = Any.any_l () ]) + | & _11: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _12: MutBorrow.t t_T = Any.any_l () + | & _13: MutBorrow.t (Slice64.array t_T) = Any.any_l () ]) [ return (result: MutBorrow.t (Slice64.slice t_T)) -> {[@expl:extern_spec_std_option_T_Option_T_as_mut_slice_body result type invariant] inv_ref_slice_T result} {[@expl:extern_spec_std_option_T_Option_T_as_mut_slice_body ensures] match self_.current with @@ -43501,13 +43501,13 @@ module M_std__option__extern_spec_std_option_T_Option_T_unwrap_or_else_body | bb1 = any [ br0 -> {self_ = None} (! bb4) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb5 ] | bb5 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) | s1 = [ &_0 <- t ] s2 | s2 = bb10 ] - | bb4 = s0 [ s0 = call_once_F {f} {_9} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb10 ] + | bb4 = s0 [ s0 = call_once_F {f} {_13} (fun (_ret: t_T) -> [ &_0 <- _ret ] s1) | s1 = bb10 ] | bb10 = return {_0} ] [ & _0: t_T = Any.any_l () | & self_: t_Option_T = self_ | & f: t_F = f | & t: t_T = Any.any_l () - | & _9: () = Any.any_l () ]) + | & _13: () = Any.any_l () ]) [ return (result: t_T) -> {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body result type invariant] inv_T result} {[@expl:extern_spec_std_option_T_Option_T_unwrap_or_else_body ensures] match self_ with @@ -43745,10 +43745,10 @@ module M_std__option__extern_spec_std_option_T_Option_T_map_body | bb1 = any [ br0 -> {self_ = None} (! bb4) | br1 (x0: t_T) -> {self_ = Some x0} (! bb5) ] | bb5 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = [ &_10 <- t ] s2 - | s2 = call_once_F {f} {_10} (fun (_ret: t_U) -> [ &_8 <- _ret ] s3) + | s1 = [ &_14 <- t ] s2 + | s2 = call_once_F {f} {_14} (fun (_ret: t_U) -> [ &_12 <- _ret ] s3) | s3 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- Some'0 _8 ] s1 | s1 = bb12 ] + | bb7 = s0 [ s0 = [ &_0 <- Some'0 _12 ] s1 | s1 = bb12 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = [ &_0 <- None'0 ] s3 | s3 = bb12 ] | bb12 = return {_0} ] @@ -43756,8 +43756,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_map_body | & self_: t_Option_T = self_ | & f: t_F = f | & t: t_T = Any.any_l () - | & _8: t_U = Any.any_l () - | & _10: t_T = Any.any_l () ]) + | & _12: t_U = Any.any_l () + | & _14: t_T = Any.any_l () ]) [ return (result: t_Option_U) -> {[@expl:extern_spec_std_option_T_Option_T_map_body result type invariant] inv_Option_U result} {[@expl:extern_spec_std_option_T_Option_T_map_body ensures] match self_ with @@ -43833,9 +43833,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_inspect_body [ bb0 = any [ br0 -> {self_ = None} (! bb2) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = [ &_12 <- t ] s2 - | s2 = [ &_10 <- _12 ] s3 - | s3 = call_once_F {f} {_10} (fun (_ret: ()) -> [ &_8 <- _ret ] s4) + | s1 = [ &_17 <- t ] s2 + | s2 = [ &_15 <- _17 ] s3 + | s3 = call_once_F {f} {_15} (fun (_ret: ()) -> [ &_13 <- _ret ] s4) | s4 = bb5 ] | bb5 = s0 [ s0 = [ &_0 <- Some t ] s1 | s1 = bb10 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb4 ] @@ -43845,9 +43845,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_inspect_body | & self_: t_Option_T = self_ | & f: t_F = f | & t: t_T = Any.any_l () - | & _8: () = Any.any_l () - | & _10: t_T = Any.any_l () - | & _12: t_T = Any.any_l () ]) + | & _13: () = Any.any_l () + | & _15: t_T = Any.any_l () + | & _17: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_inspect_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option_T_inspect_body ensures #0] result = self_} @@ -43926,8 +43926,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_map_or_body [ s0 = {[@expl:type invariant] inv_U default} s1 | s1 = -{resolve_U default}- s2 | s2 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s3) - | s3 = [ &_9 <- t ] s4 - | s4 = call_once_F {f} {_9} (fun (_ret: t_U) -> [ &_0 <- _ret ] s5) + | s3 = [ &_14 <- t ] s4 + | s4 = call_once_F {f} {_14} (fun (_ret: t_U) -> [ &_0 <- _ret ] s5) | s5 = bb11 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb4 ] | bb4 = s0 [ s0 = [ &_0 <- default ] s1 | s1 = bb11 ] @@ -43937,7 +43937,7 @@ module M_std__option__extern_spec_std_option_T_Option_T_map_or_body | & default: t_U = default | & f: t_F = f | & t: t_T = Any.any_l () - | & _9: t_T = Any.any_l () ]) + | & _14: t_T = Any.any_l () ]) [ return (result: t_U) -> {[@expl:extern_spec_std_option_T_Option_T_map_or_body result type invariant] inv_U result} {[@expl:extern_spec_std_option_T_Option_T_map_or_body ensures] match self_ with | None -> result = default @@ -44026,19 +44026,19 @@ module M_std__option__extern_spec_std_option_T_Option_T_map_or_else_body [ s0 = {[@expl:type invariant] inv_D default} s1 | s1 = -{resolve_D default}- s2 | s2 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s3) - | s3 = [ &_11 <- t ] s4 - | s4 = call_once_F {f} {_11} (fun (_ret: t_U) -> [ &_0 <- _ret ] s5) + | s3 = [ &_17 <- t ] s4 + | s4 = call_once_F {f} {_17} (fun (_ret: t_U) -> [ &_0 <- _ret ] s5) | s5 = bb12 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb4 ] - | bb4 = s0 [ s0 = call_once_D {default} {_8} (fun (_ret: t_U) -> [ &_0 <- _ret ] s1) | s1 = bb12 ] + | bb4 = s0 [ s0 = call_once_D {default} {_14} (fun (_ret: t_U) -> [ &_0 <- _ret ] s1) | s1 = bb12 ] | bb12 = return {_0} ] [ & _0: t_U = Any.any_l () | & self_: t_Option_T = self_ | & default: t_D = default | & f: t_F = f - | & _8: () = Any.any_l () + | & _14: () = Any.any_l () | & t: t_T = Any.any_l () - | & _11: t_T = Any.any_l () ]) + | & _17: t_T = Any.any_l () ]) [ return (result: t_U) -> {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body result type invariant] inv_U result} {[@expl:extern_spec_std_option_T_Option_T_map_or_else_body ensures] match self_ with @@ -44184,14 +44184,14 @@ module M_std__option__extern_spec_std_option_T_Option_T_ok_or_else_body | s2 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s3) | s3 = [ &_0 <- Ok t ] s4 | s4 = bb11 ] - | bb4 = s0 [ s0 = call_once_F {err} {_8} (fun (_ret: t_E) -> [ &_6 <- _ret ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Err _6 ] s1 | s1 = bb11 ] + | bb4 = s0 [ s0 = call_once_F {err} {_12} (fun (_ret: t_E) -> [ &_10 <- _ret ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = [ &_0 <- Err _10 ] s1 | s1 = bb11 ] | bb11 = return {_0} ] [ & _0: t_Result_T_E = Any.any_l () | & self_: t_Option_T = self_ | & err: t_F = err - | & _6: t_E = Any.any_l () - | & _8: () = Any.any_l () + | & _10: t_E = Any.any_l () + | & _12: () = Any.any_l () | & t: t_T = Any.any_l () ]) [ return (result: t_Result_T_E) -> {[@expl:extern_spec_std_option_T_Option_T_ok_or_else_body result type invariant] inv_Result_T_E result} @@ -44361,8 +44361,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_and_then_body [ bb0 = any [ br0 -> {self_ = None} (! bb2) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = [ &_8 <- t ] s2 - | s2 = call_once_F {f} {_8} (fun (_ret: t_Option_U) -> [ &_0 <- _ret ] s3) + | s1 = [ &_12 <- t ] s2 + | s2 = call_once_F {f} {_12} (fun (_ret: t_Option_U) -> [ &_0 <- _ret ] s3) | s3 = bb10 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb4 ] | bb4 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb10 ] @@ -44371,7 +44371,7 @@ module M_std__option__extern_spec_std_option_T_Option_T_and_then_body | & self_: t_Option_T = self_ | & f: t_F = f | & t: t_T = Any.any_l () - | & _8: t_T = Any.any_l () ]) + | & _12: t_T = Any.any_l () ]) [ return (result: t_Option_U) -> {[@expl:extern_spec_std_option_T_Option_T_and_then_body result type invariant] inv_Option_U result} {[@expl:extern_spec_std_option_T_Option_T_and_then_body ensures] match self_ with @@ -44451,11 +44451,11 @@ module M_std__option__extern_spec_std_option_T_Option_T_filter_body [ bb0 = any [ br0 -> {self_ = None} (! bb2) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = [ &_11 <- t ] s2 - | s2 = [ &_9 <- _11 ] s3 - | s3 = call_once_P {predicate'} {_9} (fun (_ret: bool) -> [ &_7 <- _ret ] s4) + | s1 = [ &_15 <- t ] s2 + | s2 = [ &_13 <- _15 ] s3 + | s3 = call_once_P {predicate'} {_13} (fun (_ret: bool) -> [ &_11 <- _ret ] s4) | s4 = bb5 ] - | bb5 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb6) ] + | bb5 = any [ br0 -> {_11 = false} (! bb8) | br1 -> {_11} (! bb6) ] | bb6 = s0 [ s0 = [ &_0 <- Some t ] s1 | s1 = bb14 ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_T t} s1 | s1 = -{resolve_T t}- s2 | s2 = bb9 ] | bb9 = s0 [ s0 = [ &_0 <- None ] s1 | s1 = bb14 ] @@ -44466,9 +44466,9 @@ module M_std__option__extern_spec_std_option_T_Option_T_filter_body | & self_: t_Option_T = self_ | & predicate': t_P = predicate' | & t: t_T = Any.any_l () - | & _7: bool = Any.any_l () - | & _9: t_T = Any.any_l () - | & _11: t_T = Any.any_l () ]) + | & _11: bool = Any.any_l () + | & _13: t_T = Any.any_l () + | & _15: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_filter_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option_T_filter_body ensures] match self_ with @@ -44600,12 +44600,12 @@ module M_std__option__extern_spec_std_option_T_Option_T_or_else_body | s2 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s3) | s3 = [ &_0 <- Some t ] s4 | s4 = bb10 ] - | bb4 = s0 [ s0 = call_once_F {f} {_7} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s1) | s1 = bb10 ] + | bb4 = s0 [ s0 = call_once_F {f} {_11} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s1) | s1 = bb10 ] | bb10 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self_: t_Option_T = self_ | & f: t_F = f - | & _7: () = Any.any_l () + | & _11: () = Any.any_l () | & t: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_or_else_body result type invariant] inv_Option_T result} @@ -44660,46 +44660,46 @@ module M_std__option__extern_spec_std_option_T_Option_T_xor_body {[@expl:extern_spec_std_option_T_Option_T_xor_body 'self_' type invariant] inv_Option_T self_} {[@expl:extern_spec_std_option_T_Option_T_xor_body 'optb' type invariant] inv_Option_T optb} (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- { f0 = self_; f1 = optb } ] s1 | s1 = bb2 ] - | bb2 = any [ br0 -> {_4.f0 = None} (! bb6) | br1 (x0: t_T) -> {_4.f0 = Some x0} (! bb4) ] + [ bb0 = s0 [ s0 = [ &_6 <- { f0 = self_; f1 = optb } ] s1 | s1 = bb2 ] + | bb2 = any [ br0 -> {_6.f0 = None} (! bb6) | br1 (x0: t_T) -> {_6.f0 = Some x0} (! bb4) ] | bb4 = s0 - [ s0 = {[@expl:type invariant] inv_Option_T _4.f1} s1 - | s1 = -{resolve_Option_T _4.f1}- s2 - | s2 = any [ br0 -> {_4.f1 = None} (! bb9) | br1 (x0: t_T) -> {_4.f1 = Some x0} (! bb24) ] ] + [ s0 = {[@expl:type invariant] inv_Option_T _6.f1} s1 + | s1 = -{resolve_Option_T _6.f1}- s2 + | s2 = any [ br0 -> {_6.f1 = None} (! bb9) | br1 (x0: t_T) -> {_6.f1 = Some x0} (! bb24) ] ] | bb24 = s0 - [ s0 = {[@expl:type invariant] match _4 with + [ s0 = {[@expl:type invariant] match _6 with | {f0 = Some x} -> inv_T x | _ -> true end} s1 - | s1 = -{match _4 with + | s1 = -{match _6 with | {f0 = Some x} -> resolve_T x | _ -> true end}- s2 | s2 = bb3 ] - | bb9 = s0 [ s0 = elim_Some {_4.f0} (fun (r0: t_T) -> [ &t <- r0 ] s1) | s1 = bb10 ] - | bb6 = any [ br0 -> {_4.f1 = None} (! bb23) | br1 (x0: t_T) -> {_4.f1 = Some x0} (! bb8) ] + | bb9 = s0 [ s0 = elim_Some {_6.f0} (fun (r0: t_T) -> [ &t <- r0 ] s1) | s1 = bb10 ] + | bb6 = any [ br0 -> {_6.f1 = None} (! bb23) | br1 (x0: t_T) -> {_6.f1 = Some x0} (! bb8) ] | bb23 = s0 - [ s0 = {[@expl:type invariant] match _4 with + [ s0 = {[@expl:type invariant] match _6 with | {f1 = Some x} -> inv_T x | _ -> true end} s1 - | s1 = -{match _4 with + | s1 = -{match _6 with | {f1 = Some x} -> resolve_T x | _ -> true end}- s2 | s2 = bb3 ] | bb3 = s0 [ s0 = [ &_0 <- None ] s1 | s1 = bb16 ] - | bb8 = s0 [ s0 = elim_Some {_4.f1} (fun (r0: t_T) -> [ &t <- r0 ] s1) | s1 = bb10 ] + | bb8 = s0 [ s0 = elim_Some {_6.f1} (fun (r0: t_T) -> [ &t <- r0 ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = [ &_0 <- Some t ] s1 | s1 = bb16 ] | bb16 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self_: t_Option_T = self_ | & optb: t_Option_T = optb - | & _4: tup2_Option_T_Option_T = Any.any_l () + | & _6: tup2_Option_T_Option_T = Any.any_l () | & t: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_xor_body result type invariant] inv_Option_T result} @@ -44781,11 +44781,11 @@ module M_std__option__extern_spec_std_option_T_Option_T_insert_body {[@expl:extern_spec_std_option_T_Option_T_insert_body 'self_' type invariant] inv_ref_Option_T self_} {[@expl:extern_spec_std_option_T_Option_T_insert_body 'value' type invariant] inv_T value} (! bb0 - [ bb0 = s0 [ s0 = [ &_6 <- Some value ] s1 | s1 = bb2 ] + [ bb0 = s0 [ s0 = [ &_9 <- Some value ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_Option_T self_.current} s1 | s1 = -{resolve_Option_T self_.current}- s2 - | s2 = [ &self_ <- { self_ with current = _6 } ] s3 + | s2 = [ &self_ <- { self_ with current = _9 } ] s3 | s3 = bb4 ] | bb4 = any [ br0 -> {self_.current = None} (! bb6) | br1 (x0: t_T) -> {self_.current = Some x0} (! bb7) ] | bb7 = s0 @@ -44799,17 +44799,17 @@ module M_std__option__extern_spec_std_option_T_Option_T_insert_body | s1 = {inv_T v.current} MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- _ret ] -{inv_T _ret.final}- [ &v <- { v with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_T v} s3 | s3 = -{resolve_ref_T v}- s4 - | s4 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + | s4 = {inv_T _11.current} + MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s5) - | s5 = {[@expl:type invariant] inv_ref_T _8} s6 - | s6 = -{resolve_ref_T _8}- s7 + [ &_11 <- { _11 with current = _ret.final } ] s5) + | s5 = {[@expl:type invariant] inv_ref_T _11} s6 + | s6 = -{resolve_ref_T _11}- s7 | s7 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -44829,8 +44829,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_insert_body | & self_: MutBorrow.t t_Option_T = self_ | & value: t_T = value | & _3: MutBorrow.t t_T = Any.any_l () - | & _6: t_Option_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () + | & _9: t_Option_T = Any.any_l () + | & _11: MutBorrow.t t_T = Any.any_l () | & v: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:extern_spec_std_option_T_Option_T_insert_body result type invariant] inv_ref_T result} @@ -44914,11 +44914,11 @@ module M_std__option__extern_spec_std_option_T_Option_T_get_or_insert_body (! bb0 [ bb0 = any [ br0 -> {self_.current = None} (! bb4) | br1 (x0: t_T) -> {self_.current = Some x0} (! bb3) ] | bb3 = s0 [ s0 = {[@expl:type invariant] inv_T value} s1 | s1 = -{resolve_T value}- s2 | s2 = bb9 ] - | bb4 = s0 [ s0 = [ &_7 <- Some value ] s1 | s1 = bb6 ] + | bb4 = s0 [ s0 = [ &_9 <- Some value ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = {[@expl:type invariant] inv_Option_T self_.current} s1 | s1 = -{resolve_Option_T self_.current}- s2 - | s2 = [ &self_ <- { self_ with current = _7 } ] s3 + | s2 = [ &self_ <- { self_ with current = _9 } ] s3 | s3 = bb9 ] | bb9 = any [ br0 -> {self_.current = None} (! bb11) | br1 (x0: t_T) -> {self_.current = Some x0} (! bb12) ] | bb12 = s0 @@ -44932,17 +44932,17 @@ module M_std__option__extern_spec_std_option_T_Option_T_get_or_insert_body | s1 = {inv_T v.current} MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} (fun (_ret: MutBorrow.t t_T) -> - [ &_9 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- _ret ] -{inv_T _ret.final}- [ &v <- { v with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_T v} s3 | s3 = -{resolve_ref_T v}- s4 - | s4 = {inv_T _9.current} - MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + | s4 = {inv_T _11.current} + MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_9 <- { _9 with current = _ret.final } ] s5) - | s5 = {[@expl:type invariant] inv_ref_T _9} s6 - | s6 = -{resolve_ref_T _9}- s7 + [ &_11 <- { _11 with current = _ret.final } ] s5) + | s5 = {[@expl:type invariant] inv_ref_T _11} s6 + | s6 = -{resolve_ref_T _11}- s7 | s7 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -44962,8 +44962,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_get_or_insert_body | & self_: MutBorrow.t t_Option_T = self_ | & value: t_T = value | & _3: MutBorrow.t t_T = Any.any_l () - | & _7: t_Option_T = Any.any_l () - | & _9: MutBorrow.t t_T = Any.any_l () + | & _9: t_Option_T = Any.any_l () + | & _11: MutBorrow.t t_T = Any.any_l () | & v: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_body result type invariant] inv_ref_T result} @@ -45098,51 +45098,51 @@ module M_std__option__extern_spec_std_option_T_Option_T_get_or_insert_with_body | s3 = {inv_T t.current} MutBorrow.borrow_final {t.current} {MutBorrow.get_id t} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- + [ &_10 <- _ret ] -{inv_T _ret.final}- [ &t <- { t with current = _ret.final } ] s4) | s4 = {[@expl:type invariant] inv_ref_T t} s5 | s5 = -{resolve_ref_T t}- s6 | s6 = bb12 ] - | bb4 = s0 [ s0 = call_once_F {f} {_12} (fun (_ret: t_T) -> [ &_10 <- _ret ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &_9 <- Some _10 ] s1 | s1 = bb7 ] + | bb4 = s0 [ s0 = call_once_F {f} {_16} (fun (_ret: t_T) -> [ &_14 <- _ret ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = [ &_13 <- Some _14 ] s1 | s1 = bb7 ] | bb7 = s0 [ s0 = {[@expl:type invariant] inv_Option_T self_.current} s1 | s1 = -{resolve_Option_T self_.current}- s2 - | s2 = [ &self_ <- { self_ with current = _9 } ] s3 + | s2 = [ &self_ <- { self_ with current = _13 } ] s3 | s3 = bb9 ] | bb9 = s0 [ s0 = {inv_Option_T self_.current} MutBorrow.borrow_final {self_.current} {MutBorrow.get_id self_} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_15 <- _ret ] -{inv_Option_T _ret.final}- + [ &_19 <- _ret ] -{inv_Option_T _ret.final}- [ &self_ <- { self_ with current = _ret.final } ] s1) - | s1 = as_mut_T {_15} (fun (_ret: t_Option_ref_T) -> [ &_14 <- _ret ] s2) + | s1 = as_mut_T {_19} (fun (_ret: t_Option_ref_T) -> [ &_18 <- _ret ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = unwrap_ref_T {_14} (fun (_ret: MutBorrow.t t_T) -> [ &_13 <- _ret ] s1) | s1 = bb11 ] + | bb10 = s0 [ s0 = unwrap_ref_T {_18} (fun (_ret: MutBorrow.t t_T) -> [ &_17 <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = {inv_T _13.current} - MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + [ s0 = {inv_T _17.current} + MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- - [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _13} s2 - | s2 = -{resolve_ref_T _13}- s3 - | s3 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + [ &_12 <- _ret ] -{inv_T _ret.final}- + [ &_17 <- { _17 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _17} s2 + | s2 = -{resolve_ref_T _17}- s3 + | s3 = {inv_T _12.current} + MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s4) - | s4 = {[@expl:type invariant] inv_ref_T _8} s5 - | s5 = -{resolve_ref_T _8}- s6 + [ &_10 <- _ret ] -{inv_T _ret.final}- + [ &_12 <- { _12 with current = _ret.final } ] s4) + | s4 = {[@expl:type invariant] inv_ref_T _12} s5 + | s5 = -{resolve_ref_T _12}- s6 | s6 = bb12 ] | bb12 = s0 - [ s0 = {inv_T _6.current} - MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + [ s0 = {inv_T _10.current} + MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_6 <- { _6 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _6} s2 - | s2 = -{resolve_ref_T _6}- s3 + [ &_10 <- { _10 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _10} s2 + | s2 = -{resolve_ref_T _10}- s3 | s3 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -45159,14 +45159,14 @@ module M_std__option__extern_spec_std_option_T_Option_T_get_or_insert_with_body | & self_: MutBorrow.t t_Option_T = self_ | & f: t_F = f | & _3: MutBorrow.t t_T = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () - | & _9: t_Option_T = Any.any_l () - | & _10: t_T = Any.any_l () - | & _12: () = Any.any_l () - | & _13: MutBorrow.t t_T = Any.any_l () - | & _14: t_Option_ref_T = Any.any_l () - | & _15: MutBorrow.t t_Option_T = Any.any_l () + | & _10: MutBorrow.t t_T = Any.any_l () + | & _12: MutBorrow.t t_T = Any.any_l () + | & _13: t_Option_T = Any.any_l () + | & _14: t_T = Any.any_l () + | & _16: () = Any.any_l () + | & _17: MutBorrow.t t_T = Any.any_l () + | & _18: t_Option_ref_T = Any.any_l () + | & _19: MutBorrow.t t_Option_T = Any.any_l () | & t: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:extern_spec_std_option_T_Option_T_get_or_insert_with_body result type invariant] inv_ref_T result} @@ -45228,13 +45228,13 @@ module M_std__option__extern_spec_std_option_T_Option_T_take_body {[@expl:extern_spec_std_option_T_Option_T_take_body 'self_' type invariant] inv_ref_Option_T self_} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- None ] s1 + [ s0 = [ &_5 <- None ] s1 | s1 = {inv_Option_T self_.current} MutBorrow.borrow_final {self_.current} {MutBorrow.get_id self_} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_3 <- _ret ] -{inv_Option_T _ret.final}- + [ &_4 <- _ret ] -{inv_Option_T _ret.final}- [ &self_ <- { self_ with current = _ret.final } ] s2) - | s2 = replace_Option_T {_3} {_4} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) + | s2 = replace_Option_T {_4} {_5} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_T self_} s1 @@ -45242,8 +45242,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_take_body | s2 = return {_0} ] ] [ & _0: t_Option_T = Any.any_l () | & self_: MutBorrow.t t_Option_T = self_ - | & _3: MutBorrow.t t_Option_T = Any.any_l () - | & _4: t_Option_T = Any.any_l () ]) + | & _4: MutBorrow.t t_Option_T = Any.any_l () + | & _5: t_Option_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_take_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option_T_take_body ensures] result = self_.current /\ self_.final = None} @@ -45352,22 +45352,22 @@ module M_std__option__extern_spec_std_option_T_Option_T_take_if_body | s1 = {inv_T t.current} MutBorrow.borrow_final {t.current} {MutBorrow.get_id t} (fun (_ret: MutBorrow.t t_T) -> - [ &_10 <- _ret ] -{inv_T _ret.final}- + [ &_14 <- _ret ] -{inv_T _ret.final}- [ &t <- { t with current = _ret.final } ] s2) - | s2 = [ &_9 <- _10 ] s3 - | s3 = call_once_P {predicate'} {_9} (fun (_ret: bool) -> [ &_7 <- _ret ] s4) + | s2 = [ &_13 <- _14 ] s3 + | s3 = call_once_P {predicate'} {_13} (fun (_ret: bool) -> [ &_11 <- _ret ] s4) | s4 = bb5 ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv_ref_T t} s1 | s1 = -{resolve_ref_T t}- s2 - | s2 = any [ br0 -> {_7 = false} (! bb8) | br1 -> {_7} (! bb6) ] ] + | s2 = any [ br0 -> {_11 = false} (! bb8) | br1 -> {_11} (! bb6) ] ] | bb6 = s0 [ s0 = {inv_Option_T self_.current} MutBorrow.borrow_final {self_.current} {MutBorrow.get_id self_} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_11 <- _ret ] -{inv_Option_T _ret.final}- + [ &_15 <- _ret ] -{inv_Option_T _ret.final}- [ &self_ <- { self_ with current = _ret.final } ] s1) - | s1 = take_T {_11} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) + | s1 = take_T {_15} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_T self_} s1 | s1 = -{resolve_ref_Option_T self_}- s2 | s2 = bb12 ] @@ -45386,10 +45386,10 @@ module M_std__option__extern_spec_std_option_T_Option_T_take_if_body | & self_: MutBorrow.t t_Option_T = self_ | & predicate': t_P = predicate' | & t: MutBorrow.t t_T = Any.any_l () - | & _7: bool = Any.any_l () - | & _9: MutBorrow.t t_T = Any.any_l () - | & _10: MutBorrow.t t_T = Any.any_l () - | & _11: MutBorrow.t t_Option_T = Any.any_l () ]) + | & _11: bool = Any.any_l () + | & _13: MutBorrow.t t_T = Any.any_l () + | & _14: MutBorrow.t t_T = Any.any_l () + | & _15: MutBorrow.t t_Option_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_take_if_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option_T_take_if_body ensures] match self_.current with @@ -45458,14 +45458,14 @@ module M_std__option__extern_spec_std_option_T_Option_T_replace_body {[@expl:extern_spec_std_option_T_Option_T_replace_body 'self_' type invariant] inv_ref_Option_T self_} {[@expl:extern_spec_std_option_T_Option_T_replace_body 'value' type invariant] inv_T value} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- Some value ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_7 <- Some value ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_Option_T self_.current} MutBorrow.borrow_final {self_.current} {MutBorrow.get_id self_} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_4 <- _ret ] -{inv_Option_T _ret.final}- + [ &_6 <- _ret ] -{inv_Option_T _ret.final}- [ &self_ <- { self_ with current = _ret.final } ] s1) - | s1 = replace_Option_T {_4} {_5} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) + | s1 = replace_Option_T {_6} {_7} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_T self_} s1 | s1 = -{resolve_ref_Option_T self_}- s2 | s2 = bb3 ] @@ -45473,8 +45473,8 @@ module M_std__option__extern_spec_std_option_T_Option_T_replace_body [ & _0: t_Option_T = Any.any_l () | & self_: MutBorrow.t t_Option_T = self_ | & value: t_T = value - | & _4: MutBorrow.t t_Option_T = Any.any_l () - | & _5: t_Option_T = Any.any_l () ]) + | & _6: MutBorrow.t t_Option_T = Any.any_l () + | & _7: t_Option_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option_T_replace_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option_T_replace_body ensures] result = self_.current @@ -45571,40 +45571,40 @@ module M_std__option__extern_spec_std_option_T_Option_T_zip_body {[@expl:extern_spec_std_option_T_Option_T_zip_body 'self_' type invariant] inv_Option_T self_} {[@expl:extern_spec_std_option_T_Option_T_zip_body 'other' type invariant] inv_Option_U other} (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- { f0 = self_; f1 = other } ] s1 | s1 = bb2 ] - | bb2 = any [ br0 -> {_4.f0 = None} (! bb25) | br1 (x0: t_T) -> {_4.f0 = Some x0} (! bb4) ] + [ bb0 = s0 [ s0 = [ &_6 <- { f0 = self_; f1 = other } ] s1 | s1 = bb2 ] + | bb2 = any [ br0 -> {_6.f0 = None} (! bb25) | br1 (x0: t_T) -> {_6.f0 = Some x0} (! bb4) ] | bb25 = s0 - [ s0 = {[@expl:type invariant] inv_Option_U _4.f1} s1 - | s1 = -{resolve_Option_U _4.f1}- s2 - | s2 = {[@expl:type invariant] match _4 with + [ s0 = {[@expl:type invariant] inv_Option_U _6.f1} s1 + | s1 = -{resolve_Option_U _6.f1}- s2 + | s2 = {[@expl:type invariant] match _6 with | {f0 = Some x} -> inv_T x | _ -> true end} s3 - | s3 = -{match _4 with + | s3 = -{match _6 with | {f0 = Some x} -> resolve_T x | _ -> true end}- s4 | s4 = bb3 ] - | bb4 = any [ br0 -> {_4.f1 = None'0} (! bb26) | br1 (x0: t_U) -> {_4.f1 = Some'0 x0} (! bb6) ] + | bb4 = any [ br0 -> {_6.f1 = None'0} (! bb26) | br1 (x0: t_U) -> {_6.f1 = Some'0 x0} (! bb6) ] | bb26 = s0 - [ s0 = {[@expl:type invariant] match _4 with + [ s0 = {[@expl:type invariant] match _6 with | {f1 = Some'0 x} -> inv_U x | _ -> true end} s1 - | s1 = -{match _4 with + | s1 = -{match _6 with | {f1 = Some'0 x} -> resolve_U x | _ -> true end}- s2 - | s2 = {[@expl:type invariant] match _4 with + | s2 = {[@expl:type invariant] match _6 with | {f0 = Some x} -> inv_T x | _ -> true end} s3 - | s3 = -{match _4 with + | s3 = -{match _6 with | {f0 = Some x} -> resolve_T x | _ -> true end}- @@ -45612,19 +45612,19 @@ module M_std__option__extern_spec_std_option_T_Option_T_zip_body | s4 = bb3 ] | bb3 = s0 [ s0 = [ &_0 <- None'1 ] s1 | s1 = bb15 ] | bb6 = s0 - [ s0 = elim_Some {_4.f0} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = elim_Some'0 {_4.f1} (fun (r0: t_U) -> [ &u <- r0 ] s2) - | s2 = [ &_11 <- { f0'0 = t; f1'0 = u } ] s3 + [ s0 = elim_Some {_6.f0} (fun (r0: t_T) -> [ &t <- r0 ] s1) + | s1 = elim_Some'0 {_6.f1} (fun (r0: t_U) -> [ &u <- r0 ] s2) + | s2 = [ &_13 <- { f0'0 = t; f1'0 = u } ] s3 | s3 = bb8 ] - | bb8 = s0 [ s0 = [ &_0 <- Some'1 _11 ] s1 | s1 = bb15 ] + | bb8 = s0 [ s0 = [ &_0 <- Some'1 _13 ] s1 | s1 = bb15 ] | bb15 = return {_0} ] [ & _0: t_Option_tup2_T_U = Any.any_l () | & self_: t_Option_T = self_ | & other: t_Option_U = other - | & _4: tup2_Option_T_Option_U = Any.any_l () + | & _6: tup2_Option_T_Option_U = Any.any_l () | & t: t_T = Any.any_l () | & u: t_U = Any.any_l () - | & _11: tup2_T_U = Any.any_l () ]) + | & _13: tup2_T_U = Any.any_l () ]) [ return (result: t_Option_tup2_T_U) -> {[@expl:extern_spec_std_option_T_Option_T_zip_body result type invariant] inv_Option_tup2_T_U result} {[@expl:extern_spec_std_option_T_Option_T_zip_body ensures] match { f0 = self_; f1 = other } with @@ -45708,24 +45708,24 @@ module M_std__option__extern_spec_std_option_T_U_Option_tuple2_T_U_unzip_body | bb4 = s0 [ s0 = elim_Some {self_} (fun (r0: tup2_T_U) -> [ &t <- r0.f0 ] s1) | s1 = elim_Some {self_} (fun (r0: tup2_T_U) -> [ &u <- r0.f1 ] s2) - | s2 = [ &_6 <- Some'0 t ] s3 + | s2 = [ &_7 <- Some'0 t ] s3 | s3 = bb5 ] - | bb5 = s0 [ s0 = [ &_8 <- Some'1 u ] s1 | s1 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- { f0'0 = _6; f1'0 = _8 } ] s1 | s1 = bb14 ] + | bb5 = s0 [ s0 = [ &_9 <- Some'1 u ] s1 | s1 = bb6 ] + | bb6 = s0 [ s0 = [ &_0 <- { f0'0 = _7; f1'0 = _9 } ] s1 | s1 = bb14 ] | bb3 = s0 - [ s0 = [ &_10 <- None'0 ] s1 - | s1 = [ &_11 <- None'1 ] s2 - | s2 = [ &_0 <- { f0'0 = _10; f1'0 = _11 } ] s3 + [ s0 = [ &_11 <- None'0 ] s1 + | s1 = [ &_12 <- None'1 ] s2 + | s2 = [ &_0 <- { f0'0 = _11; f1'0 = _12 } ] s3 | s3 = bb14 ] | bb14 = return {_0} ] [ & _0: tup2_Option_T_Option_U = Any.any_l () | & self_: t_Option_tup2_T_U = self_ | & t: t_T = Any.any_l () | & u: t_U = Any.any_l () - | & _6: t_Option_T = Any.any_l () - | & _8: t_Option_U = Any.any_l () - | & _10: t_Option_T = Any.any_l () - | & _11: t_Option_U = Any.any_l () ]) + | & _7: t_Option_T = Any.any_l () + | & _9: t_Option_U = Any.any_l () + | & _11: t_Option_T = Any.any_l () + | & _12: t_Option_U = Any.any_l () ]) [ return (result: tup2_Option_T_Option_U) -> {[@expl:extern_spec_std_option_T_U_Option__tuple2_T_U_unzip_body result type invariant] inv_tup2_Option_T_Option_U result} {[@expl:extern_spec_std_option_T_U_Option__tuple2_T_U_unzip_body ensures] match self_ with @@ -45921,15 +45921,15 @@ module M_std__option__extern_spec_std_option_T_Option_ref_T_cloned_body [ bb0 = any [ br0 -> {self_ = None} (! bb4) | br1 (x0: t_T) -> {self_ = Some x0} (! bb3) ] | bb3 = s0 [ s0 = elim_Some {self_} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = clone_T {t} (fun (_ret: t_T) -> [ &_5 <- _ret ] s2) + | s1 = clone_T {t} (fun (_ret: t_T) -> [ &_6 <- _ret ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Some'0 _5 ] s1 | s1 = bb7 ] + | bb5 = s0 [ s0 = [ &_0 <- Some'0 _6 ] s1 | s1 = bb7 ] | bb4 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb7 ] | bb7 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self_: t_Option_ref_T = self_ | & t: t_T = Any.any_l () - | & _5: t_T = Any.any_l () ]) + | & _6: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option__ref_T_cloned_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option__ref_T_cloned_body ensures] match { f0 = self_; f1 = result } with @@ -46151,15 +46151,15 @@ module M_std__option__extern_spec_std_option_T_Option_refmut_T_cloned_body [ s0 = elim_Some {self_} (fun (r0: MutBorrow.t t_T) -> [ &t <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_T t} s2 | s2 = -{resolve_ref_T t}- s3 - | s3 = clone_T {t.current} (fun (_ret: t_T) -> [ &_5 <- _ret ] s4) + | s3 = clone_T {t.current} (fun (_ret: t_T) -> [ &_6 <- _ret ] s4) | s4 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Some'0 _5 ] s1 | s1 = bb7 ] + | bb5 = s0 [ s0 = [ &_0 <- Some'0 _6 ] s1 | s1 = bb7 ] | bb4 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb7 ] | bb7 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self_: t_Option_ref_T = self_ | & t: MutBorrow.t t_T = Any.any_l () - | & _5: t_T = Any.any_l () ]) + | & _6: t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:extern_spec_std_option_T_Option__refmut_T_cloned_body result type invariant] inv_Option_T result} {[@expl:extern_spec_std_option_T_Option__refmut_T_cloned_body ensures] match { f0 = self_; f1 = result } with @@ -46254,16 +46254,16 @@ module M_std__option__extern_spec_std_option_T_E_Option_Result_T_E_transpose_bod | s2 = bb15 ] | bb6 = s0 [ s0 = elim_Some {self_} (fun (r0: t_Result_T_E) -> elim_Ok {r0} (fun (r0'0: t_T) -> [ &ok <- r0'0 ] s1)) - | s1 = [ &_7 <- Some'0 ok ] s2 + | s1 = [ &_8 <- Some'0 ok ] s2 | s2 = bb9 ] - | bb9 = s0 [ s0 = [ &_0 <- Ok'0 _7 ] s1 | s1 = bb15 ] - | bb7 = s0 [ s0 = [ &_5 <- None'0 ] s1 | s1 = [ &_0 <- Ok'0 _5 ] s2 | s2 = bb15 ] + | bb9 = s0 [ s0 = [ &_0 <- Ok'0 _8 ] s1 | s1 = bb15 ] + | bb7 = s0 [ s0 = [ &_6 <- None'0 ] s1 | s1 = [ &_0 <- Ok'0 _6 ] s2 | s2 = bb15 ] | bb15 = return {_0} ] [ & _0: t_Result_Option_T_E = Any.any_l () | & self_: t_Option_Result_T_E = self_ - | & _5: t_Option_T = Any.any_l () + | & _6: t_Option_T = Any.any_l () | & ok: t_T = Any.any_l () - | & _7: t_Option_T = Any.any_l () + | & _8: t_Option_T = Any.any_l () | & err: t_E = Any.any_l () ]) [ return (result: t_Result_Option_T_E) -> {[@expl:extern_spec_std_option_T_E_Option_Result_T_E_transpose_body result type invariant] inv_Result_Option_T_E result} @@ -47301,8 +47301,8 @@ module M_std__ptr__extern_spec_T_ptrconst_T_cast_body meta "select_lsinst" "all" let rec extern_spec_T__ptrconst_T_cast_body_T (self_: Opaque.ptr) (return (x: Opaque.ptr)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- Opaque.thin self_ ] s1 | s1 = [ &_0 <- _4 ] s2 | s2 = return {_0} ] ] - [ & _0: Opaque.ptr = Any.any_l () | & self_: Opaque.ptr = self_ | & _4: Opaque.ptr = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_6 <- Opaque.thin self_ ] s1 | s1 = [ &_0 <- _6 ] s2 | s2 = return {_0} ] ] + [ & _0: Opaque.ptr = Any.any_l () | & self_: Opaque.ptr = self_ | & _6: Opaque.ptr = Any.any_l () ]) [ return (result: Opaque.ptr) -> {[@expl:extern_spec_T__ptrconst_T_cast_body ensures] result = Opaque.thin self_} (! return {result}) ] end @@ -47352,9 +47352,9 @@ module M_std__ptr__extern_spec_T_ptrconst_T_is_aligned_body meta "select_lsinst" "all" let rec extern_spec_T__ptrconst_T_is_aligned_body_T (self_: Opaque.ptr) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = align_of_T'0 (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_aligned_to_T {self_} {_5} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & _5: UInt64.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = align_of_T'0 (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_aligned_to_T {self_} {_7} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & _7: UInt64.t = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_T__ptrconst_T_is_aligned_body ensures] result = is_aligned_ptr_T self_} (! return {result}) ] @@ -47465,13 +47465,13 @@ module M_std__ptr__extern_spec_T_ptrconst_T_is_aligned_to_body {[@expl:extern_spec_T__ptrconst_T_is_aligned_to_body requires] align <> (0: UInt64BW.t) /\ UInt64BW.bw_and align (UInt64BW.sub align (1: UInt64BW.t)) = (0: UInt64BW.t)} (! bb0 - [ bb0 = s0 [ s0 = is_power_of_two {align} (fun (_ret: bool) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_7 = false} (! bb3) | br1 -> {_7} (! bb2) ] - | bb2 = s0 [ s0 = addr_T {self_} (fun (_ret: UInt64BW.t) -> [ &_17 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = is_power_of_two {align} (fun (_ret: bool) -> [ &_12 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_12 = false} (! bb3) | br1 -> {_12} (! bb2) ] + | bb2 = s0 [ s0 = addr_T {self_} (fun (_ret: UInt64BW.t) -> [ &_22 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt64BW.sub {align} {(1: UInt64BW.t)} (fun (_ret: UInt64BW.t) -> [ &_19 <- _ret ] s1) - | s1 = [ &_16 <- UInt64BW.bw_and _17 _19 ] s2 - | s2 = [ &_0 <- _16 = (0: UInt64BW.t) ] s3 + [ s0 = UInt64BW.sub {align} {(1: UInt64BW.t)} (fun (_ret: UInt64BW.t) -> [ &_24 <- _ret ] s1) + | s1 = [ &_21 <- UInt64BW.bw_and _22 _24 ] s2 + | s2 = [ &_0 <- _21 = (0: UInt64BW.t) ] s3 | s3 = return {_0} ] | bb3 = s0 [ s0 = bb0'0 @@ -47484,21 +47484,21 @@ module M_std__ptr__extern_spec_T_ptrconst_T_is_aligned_to_body | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Slice64.array string = Any.any_l () | & _1: Slice64.array string = Any.any_l () ] - [ _const_ret (_const: Slice64.array string) -> [ &_21 <- _const ] s1 ] - | s1 = [ &_14 <- _21 ] s2 - | s2 = new_const {_14} (fun (_ret: t_Arguments) -> [ &_12 <- _ret ] s3) + [ _const_ret (_const: Slice64.array string) -> [ &_26 <- _const ] s1 ] + | s1 = [ &_19 <- _26 ] s2 + | s2 = new_const {_19} (fun (_ret: t_Arguments) -> [ &_17 <- _ret ] s3) | s3 = bb4 ] | bb4 = {false} any ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & align: UInt64BW.t = align - | & _7: bool = Any.any_l () - | & _12: t_Arguments = Any.any_l () - | & _14: Slice64.array string = Any.any_l () - | & _16: UInt64BW.t = Any.any_l () - | & _17: UInt64BW.t = Any.any_l () - | & _19: UInt64BW.t = Any.any_l () - | & _21: Slice64.array string = Any.any_l () ]) + | & _12: bool = Any.any_l () + | & _17: t_Arguments = Any.any_l () + | & _19: Slice64.array string = Any.any_l () + | & _21: UInt64BW.t = Any.any_l () + | & _22: UInt64BW.t = Any.any_l () + | & _24: UInt64BW.t = Any.any_l () + | & _26: Slice64.array string = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_T__ptrconst_T_is_aligned_to_body ensures] result = is_aligned_to_ptr_T self_ align} (! return {result}) ] @@ -47516,8 +47516,8 @@ module M_std__ptr__extern_spec_T_ptrmut_T_cast_body meta "select_lsinst" "all" let rec extern_spec_T__ptrmut_T_cast_body_T (self_: Opaque.ptr) (return (x: Opaque.ptr)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- Opaque.thin self_ ] s1 | s1 = [ &_0 <- _4 ] s2 | s2 = return {_0} ] ] - [ & _0: Opaque.ptr = Any.any_l () | & self_: Opaque.ptr = self_ | & _4: Opaque.ptr = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_6 <- Opaque.thin self_ ] s1 | s1 = [ &_0 <- _6 ] s2 | s2 = return {_0} ] ] + [ & _0: Opaque.ptr = Any.any_l () | & self_: Opaque.ptr = self_ | & _6: Opaque.ptr = Any.any_l () ]) [ return (result: Opaque.ptr) -> {[@expl:extern_spec_T__ptrmut_T_cast_body ensures] result = Opaque.thin self_} (! return {result}) ] end @@ -47570,9 +47570,9 @@ module M_std__ptr__extern_spec_T_ptrmut_T_is_aligned_body meta "select_lsinst" "all" let rec extern_spec_T__ptrmut_T_is_aligned_body_T (self_: Opaque.ptr) (return (x: bool)) = (! bb0 - [ bb0 = s0 [ s0 = align_of_T'0 (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_aligned_to_T {self_} {_5} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & _5: UInt64.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = align_of_T'0 (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_aligned_to_T {self_} {_7} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & _7: UInt64.t = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_T__ptrmut_T_is_aligned_body ensures] result = is_aligned_ptr_T self_} (! return {result}) ] end @@ -47682,13 +47682,13 @@ module M_std__ptr__extern_spec_T_ptrmut_T_is_aligned_to_body {[@expl:extern_spec_T__ptrmut_T_is_aligned_to_body requires] align <> (0: UInt64BW.t) /\ UInt64BW.bw_and align (UInt64BW.sub align (1: UInt64BW.t)) = (0: UInt64BW.t)} (! bb0 - [ bb0 = s0 [ s0 = is_power_of_two {align} (fun (_ret: bool) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_7 = false} (! bb3) | br1 -> {_7} (! bb2) ] - | bb2 = s0 [ s0 = addr_T {self_} (fun (_ret: UInt64BW.t) -> [ &_17 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = is_power_of_two {align} (fun (_ret: bool) -> [ &_12 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_12 = false} (! bb3) | br1 -> {_12} (! bb2) ] + | bb2 = s0 [ s0 = addr_T {self_} (fun (_ret: UInt64BW.t) -> [ &_22 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt64BW.sub {align} {(1: UInt64BW.t)} (fun (_ret: UInt64BW.t) -> [ &_19 <- _ret ] s1) - | s1 = [ &_16 <- UInt64BW.bw_and _17 _19 ] s2 - | s2 = [ &_0 <- _16 = (0: UInt64BW.t) ] s3 + [ s0 = UInt64BW.sub {align} {(1: UInt64BW.t)} (fun (_ret: UInt64BW.t) -> [ &_24 <- _ret ] s1) + | s1 = [ &_21 <- UInt64BW.bw_and _22 _24 ] s2 + | s2 = [ &_0 <- _21 = (0: UInt64BW.t) ] s3 | s3 = return {_0} ] | bb3 = s0 [ s0 = bb0'0 @@ -47701,21 +47701,21 @@ module M_std__ptr__extern_spec_T_ptrmut_T_is_aligned_to_body | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Slice64.array string = Any.any_l () | & _1: Slice64.array string = Any.any_l () ] - [ _const_ret (_const: Slice64.array string) -> [ &_21 <- _const ] s1 ] - | s1 = [ &_14 <- _21 ] s2 - | s2 = new_const {_14} (fun (_ret: t_Arguments) -> [ &_12 <- _ret ] s3) + [ _const_ret (_const: Slice64.array string) -> [ &_26 <- _const ] s1 ] + | s1 = [ &_19 <- _26 ] s2 + | s2 = new_const {_19} (fun (_ret: t_Arguments) -> [ &_17 <- _ret ] s3) | s3 = bb4 ] | bb4 = {false} any ] [ & _0: bool = Any.any_l () | & self_: Opaque.ptr = self_ | & align: UInt64BW.t = align - | & _7: bool = Any.any_l () - | & _12: t_Arguments = Any.any_l () - | & _14: Slice64.array string = Any.any_l () - | & _16: UInt64BW.t = Any.any_l () - | & _17: UInt64BW.t = Any.any_l () - | & _19: UInt64BW.t = Any.any_l () - | & _21: Slice64.array string = Any.any_l () ]) + | & _12: bool = Any.any_l () + | & _17: t_Arguments = Any.any_l () + | & _19: Slice64.array string = Any.any_l () + | & _21: UInt64BW.t = Any.any_l () + | & _22: UInt64BW.t = Any.any_l () + | & _24: UInt64BW.t = Any.any_l () + | & _26: Slice64.array string = Any.any_l () ]) [ return (result: bool) -> {[@expl:extern_spec_T__ptrmut_T_is_aligned_to_body ensures] result = is_aligned_to_ptr_T self_ align} (! return {result}) ] @@ -48176,20 +48176,20 @@ module M_std__slice__impl_SliceExt_for_slice_T__as_ptr_own (* <[T] as std::slice {[@expl:as_ptr_own 'self' type invariant] inv_ref_slice_T self} (! bb0 [ bb0 = s0 - [ s0 = from_ref_slice_T {self} (fun (_ret: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T) -> [ &_7 <- _ret ] s1) + [ s0 = from_ref_slice_T {self} (fun (_ret: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &ptr <- _7.f0 ] s1 - | s1 = [ &own <- _7.f1 ] s2 - | s2 = [ &_9 <- Opaque.thin ptr ] s3 - | s3 = [ &_0 <- { f0'0 = _9; f1'0 = own } ] s4 + [ s0 = [ &ptr <- _9.f0 ] s1 + | s1 = [ &own <- _9.f1 ] s2 + | s2 = [ &_11 <- Opaque.thin ptr ] s3 + | s3 = [ &_0 <- { f0'0 = _11; f1'0 = own } ] s4 | s4 = return {_0} ] ] [ & _0: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () | & self: Slice64.slice t_T = self | & ptr: Opaque.ptr = Any.any_l () | & own: t_PtrOwn_slice_T = Any.any_l () - | & _7: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () - | & _9: Opaque.ptr = Any.any_l () ]) + | & _9: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () + | & _11: Opaque.ptr = Any.any_l () ]) [ return (result: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T) -> {[@expl:as_ptr_own result type invariant] inv_tup2_ptr_T_Ghost_ref_PtrOwn_slice_T result} {[@expl:as_ptr_own ensures #0] result.f0'0 = Opaque.thin (ptr_slice_T result.f1'0)} @@ -48364,15 +48364,15 @@ module M_std__slice__impl_SliceExt_for_slice_T__as_mut_ptr_own (* <[T] as std::s [ s0 = {inv_slice_T self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_9 <- _ret ] -{inv_slice_T _ret.final}- + [ &_12 <- _ret ] -{inv_slice_T _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = from_mut_slice_T {_9} (fun (_ret: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T) -> [ &_8 <- _ret ] s2) + | s1 = from_mut_slice_T {_12} (fun (_ret: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T) -> [ &_11 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &ptr <- _8.f0 ] s1 - | s1 = [ &own <- _8.f1 ] s2 - | s2 = [ &_10 <- Opaque.thin ptr ] s3 - | s3 = [ &_0 <- { f0'0 = _10; f1'0 = own } ] s4 + [ s0 = [ &ptr <- _11.f0 ] s1 + | s1 = [ &own <- _11.f1 ] s2 + | s2 = [ &_13 <- Opaque.thin ptr ] s3 + | s3 = [ &_0 <- { f0'0 = _13; f1'0 = own } ] s4 | s4 = {[@expl:type invariant] inv_ref_slice_T self} s5 | s5 = -{resolve_ref_slice_T self}- s6 | s6 = return {_0} ] ] @@ -48380,9 +48380,9 @@ module M_std__slice__impl_SliceExt_for_slice_T__as_mut_ptr_own (* <[T] as std::s | & self: MutBorrow.t (Slice64.slice t_T) = self | & ptr: Opaque.ptr = Any.any_l () | & own: MutBorrow.t t_PtrOwn_slice_T = Any.any_l () - | & _8: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () - | & _9: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _10: Opaque.ptr = Any.any_l () ]) + | & _11: tup2_ptr_slice_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () + | & _12: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _13: Opaque.ptr = Any.any_l () ]) [ return (result: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T) -> {[@expl:as_mut_ptr_own result type invariant] inv_tup2_ptr_T_Ghost_ref_PtrOwn_slice_T result} {[@expl:as_mut_ptr_own ensures #0] result.f0'0 = Opaque.thin (ptr_slice_T result.f1'0.current)} diff --git a/tests/should_fail/bug/01_resolve_unsoundness.coma b/tests/should_fail/bug/01_resolve_unsoundness.coma index ccadaf7f9e..4757cf18a9 100644 --- a/tests/should_fail/bug/01_resolve_unsoundness.coma +++ b/tests/should_fail/bug/01_resolve_unsoundness.coma @@ -78,11 +78,11 @@ module M_make_vec_of_size (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_10 <- UInt64.le i n ] s1 | s1 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb4) ] ] + [ s0 = [ &_13 <- UInt64.le i n ] s1 | s1 = any [ br0 -> {_13 = false} (! bb6) | br1 -> {_13} (! bb4) ] ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {out} - (fun (_ret: MutBorrow.t t_Vec_bool_Global) -> [ &_14 <- _ret ] [ &out <- _ret.final ] s1) - | s1 = push_bool {_14} {false} (fun (_ret: ()) -> [ &_13 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_bool_Global) -> [ &_17 <- _ret ] [ &out <- _ret.final ] s1) + | s1 = push_bool {_17} {false} (fun (_ret: ()) -> [ &_16 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb2 ] ] ] | bb6 = s0 [ s0 = [ &_0 <- out ] s1 | s1 = bb7 ] @@ -91,9 +91,9 @@ module M_make_vec_of_size | & n: UInt64.t = n | & out: t_Vec_bool_Global = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _10: bool = Any.any_l () - | & _13: () = Any.any_l () - | & _14: MutBorrow.t t_Vec_bool_Global = Any.any_l () ]) + | & _13: bool = Any.any_l () + | & _16: () = Any.any_l () + | & _17: MutBorrow.t t_Vec_bool_Global = Any.any_l () ]) [ return (result: t_Vec_bool_Global) -> {[@expl:make_vec_of_size ensures] Seq.length (view_Vec_bool_Global result) = UInt64.t'int n} (! return {result}) ] diff --git a/tests/should_fail/bug/222.coma b/tests/should_fail/bug/222.coma index c0bb5ffc32..aea7b93207 100644 --- a/tests/should_fail/bug/222.coma +++ b/tests/should_fail/bug/222.coma @@ -88,17 +88,17 @@ module M_uses_invariant [ s0 = {inv_Option_T x.current.f0} MutBorrow.borrow_final {x.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id x) 1} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_5 <- _ret ] -{inv_Option_T _ret.final}- + [ &_7 <- _ret ] -{inv_Option_T _ret.final}- [ &x <- { x with current = { f0 = _ret.final } } ] s1) - | s1 = take_T {_5} (fun (_ret: t_Option_T) -> [ &_4 <- _ret ] s2) - | s2 = {[@expl:type invariant] inv_Option_T _4} s3 - | s3 = -{resolve_Option_T _4}- s4 + | s1 = take_T {_7} (fun (_ret: t_Option_T) -> [ &_6 <- _ret ] s2) + | s2 = {[@expl:type invariant] inv_Option_T _6} s3 + | s3 = -{resolve_Option_T _6}- s4 | s4 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Once_T x} s1 | s1 = -{resolve_ref_Once_T x}- s2 | s2 = bb2 ] | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & x: MutBorrow.t t_Once_T = x - | & _4: t_Option_T = Any.any_l () - | & _5: MutBorrow.t t_Option_T = Any.any_l () ]) + | & _6: t_Option_T = Any.any_l () + | & _7: MutBorrow.t t_Option_T = Any.any_l () ]) [ return (result: ()) -> {[@expl:uses_invariant ensures] invariant_Once_T x.final} (! return {result}) ] end diff --git a/tests/should_fail/bug/436_2.stderr b/tests/should_fail/bug/436_2.stderr index c4a15b1b8a..9b4a009c81 100644 --- a/tests/should_fail/bug/436_2.stderr +++ b/tests/should_fail/bug/436_2.stderr @@ -1,4 +1,4 @@ -error: encountered a cycle during translation: [Item(DefId(0:7 ~ 436_2[2f9f]::Bad::None), ['{erased}]), Type(creusot_contracts::snapshot::Snapshot<&'{erased} mut Bad<'{erased}>>), Type(Bad<'{erased}>), Item(DefId(0:9 ~ 436_2[2f9f]::Bad::Some), ['{erased}])] +error: encountered a cycle during translation: [Item(DefId(0:7 ~ 436_2[acee]::Bad::None), ['{erased}]), Type(creusot_contracts::snapshot::Snapshot<&'{erased} mut Bad<'{erased}>>), Type(Bad<'{erased}>), Item(DefId(0:9 ~ 436_2[acee]::Bad::Some), ['{erased}])] --> 436_2.rs:5:5 | 5 | None, diff --git a/tests/should_fail/bug/492.coma b/tests/should_fail/bug/492.coma index 44690e73a8..4a033e58e5 100644 --- a/tests/should_fail/bug/492.coma +++ b/tests/should_fail/bug/492.coma @@ -36,13 +36,13 @@ module M_reborrow_tuple [ s0 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_3 <- _ret ] -{inv_T _ret.final}- + [ &_4 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = [ &_0 <- { f0 = _3; f1 = (32: UInt32.t) } ] s2 + | s1 = [ &_0 <- { f0 = _4; f1 = (32: UInt32.t) } ] s2 | s2 = {[@expl:type invariant] inv_ref_T x} s3 | s3 = -{resolve_ref_T x}- s4 | s4 = return {_0} ] ] - [ & _0: tup2_ref_T_u32 = Any.any_l () | & x: MutBorrow.t t_T = x | & _3: MutBorrow.t t_T = Any.any_l () ]) + [ & _0: tup2_ref_T_u32 = Any.any_l () | & x: MutBorrow.t t_T = x | & _4: MutBorrow.t t_T = Any.any_l () ]) [ return (result: tup2_ref_T_u32) -> {[@expl:reborrow_tuple result type invariant] inv_tup2_ref_T_u32 result} {[@expl:reborrow_tuple ensures] result.f0.current = x.current} (! return {result}) ] diff --git a/tests/should_fail/bug/695.coma b/tests/should_fail/bug/695.coma index ebfcbcce45..2c7d60966c 100644 --- a/tests/should_fail/bug/695.coma +++ b/tests/should_fail/bug/695.coma @@ -88,21 +88,21 @@ module M_inversed_if [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_C cond} s1 | s1 = -{resolve_C cond}- s2 - | s2 = call_C {cond} {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s3) + | s2 = call_C {cond} {_11} (fun (_ret: bool) -> [ &_9 <- _ret ] s3) | s3 = bb1 ] - | bb1 = any [ br0 -> {_5 = false} (! bb3) | br1 -> {_5} (! bb2) ] + | bb1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] | bb2 = s0 - [ s0 = [ &_11 <- false ] s1 | s1 = call_once_B {branch} {_11} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb8 ] + [ s0 = [ &_15 <- false ] s1 | s1 = call_once_B {branch} {_15} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb8 ] | bb3 = s0 - [ s0 = [ &_9 <- true ] s1 | s1 = call_once_B {branch} {_9} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb8 ] + [ s0 = [ &_13 <- true ] s1 | s1 = call_once_B {branch} {_13} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb8 ] | bb8 = return {_0} ] [ & _0: () = Any.any_l () | & cond: t_C = cond | & branch: t_B = branch - | & _5: bool = Any.any_l () - | & _7: () = Any.any_l () | & _9: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: () = Any.any_l () + | & _13: bool = Any.any_l () + | & _15: bool = Any.any_l () ]) [ return (result: ()) -> {[@expl:inversed_if ensures] exists b: bool. postcondition_C cond () b /\ postcondition_once_B branch (not b) ()} (! return {result}) ] @@ -312,9 +312,9 @@ module M_valid [ s0 = [ &r <- (0: UInt32.t) ] s1 | s1 = [ &cond <- { c0 = n } ] s2 | s2 = MutBorrow.borrow_mut {r} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &r <- _ret.final ] s3) - | s3 = [ &branch <- { c0'0 = _7 } ] s4 - | s4 = inversed_if_closure1 {cond} {branch} (fun (_ret: ()) -> [ &_8 <- _ret ] s5) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_8 <- _ret ] [ &r <- _ret.final ] s3) + | s3 = [ &branch <- { c0'0 = _8 } ] s4 + | s4 = inversed_if_closure1 {cond} {branch} (fun (_ret: ()) -> [ &_9 <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] false} s1 | s1 = [ &_0 <- r ] s2 | s2 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () @@ -322,8 +322,8 @@ module M_valid | & r: UInt32.t = Any.any_l () | & cond: closure1 = Any.any_l () | & branch: closure2 = Any.any_l () - | & _7: MutBorrow.t UInt32.t = Any.any_l () - | & _8: () = Any.any_l () ]) + | & _8: MutBorrow.t UInt32.t = Any.any_l () + | & _9: () = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:valid ensures] UInt32.gt n (7: UInt32.t) /\ result = (2: UInt32.t) \/ UInt32.le n (7: UInt32.t) /\ result = (1: UInt32.t)} (! return {result}) ] diff --git a/tests/should_fail/bug/869.coma b/tests/should_fail/bug/869.coma index 6e98250832..94ae865d40 100644 --- a/tests/should_fail/bug/869.coma +++ b/tests/should_fail/bug/869.coma @@ -28,15 +28,15 @@ module M_unsound | bb2 = s0 [ s0 = {[@expl:assertion] bg.current = true /\ bg.final = true} s1 | s1 = MutBorrow.borrow_final {xm.current} {MutBorrow.get_id xm} - (fun (_ret: MutBorrow.t bool) -> [ &_12 <- _ret ] [ &xm <- { xm with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} - (fun (_ret: MutBorrow.t bool) -> [ &evil <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_Snapshot_bool _12}- s4 + (fun (_ret: MutBorrow.t bool) -> [ &_14 <- _ret ] [ &xm <- { xm with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + (fun (_ret: MutBorrow.t bool) -> [ &evil <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_Snapshot_bool _14}- s4 | s4 = {[@expl:assertion] (evil = bg) = (evil.final = true)} s5 - | s5 = [ &_15 <- if evil = bg then false else true ] s6 + | s5 = [ &_19 <- if evil = bg then false else true ] s6 | s6 = bb3 ] | bb3 = s0 - [ s0 = [ &evil <- { evil with current = _15 } ] s1 + [ s0 = [ &evil <- { evil with current = _19 } ] s1 | s1 = -{resolve_ref_Snapshot_bool evil}- s2 | s2 = -{resolve_ref_Snapshot_bool xm}- s3 | s3 = {[@expl:assertion] evil.current = (not evil.final)} s4 @@ -50,6 +50,6 @@ module M_unsound | & _6: MutBorrow.t bool = Any.any_l () | & bg: MutBorrow.t bool = Any.any_l () | & evil: MutBorrow.t bool = Any.any_l () - | & _12: MutBorrow.t bool = Any.any_l () - | & _15: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _14: MutBorrow.t bool = Any.any_l () + | & _19: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_fail/bug/ice-final-borrows.stderr b/tests/should_fail/bug/ice-final-borrows.stderr index 9abb0078af..9d52fb74ed 100644 --- a/tests/should_fail/bug/ice-final-borrows.stderr +++ b/tests/should_fail/bug/ice-final-borrows.stderr @@ -2,7 +2,7 @@ error[E0594]: cannot assign to `*x`, which is behind a `&` reference --> ice-final-borrows.rs:9:5 | 9 | *x = 1; - | ^^^^^^ `x` is a `&` reference, so the data it refers to cannot be written + | ^^^^^^ `x` is a `&` reference, so it cannot be written to | help: consider changing this to be a mutable reference | diff --git a/tests/should_fail/diagnostics/div_unimplemented.stderr b/tests/should_fail/diagnostics/div_unimplemented.stderr index 9380092ead..c8d175e49f 100644 --- a/tests/should_fail/diagnostics/div_unimplemented.stderr +++ b/tests/should_fail/diagnostics/div_unimplemented.stderr @@ -1,23 +1,31 @@ error[E0277]: Cannot divide `i32` by `_` in logic - --> div_unimplemented.rs:8:5 - | -8 | x / y - | ^---- - | | - | no implementation for `i32 / _` in logic - | required by a bound introduced by this call - | - = help: the trait `creusot_contracts::logic::ops::DivLogic<_>` is not implemented for `i32` - = help: the trait `creusot_contracts::logic::ops::DivLogic` is implemented for `creusot_contracts::logic::Int` + --> div_unimplemented.rs:8:5 + | + 8 | x / y + | ^---- + | | + | no implementation for `i32 / _` in logic + | required by a bound introduced by this call + | + = help: the trait `creusot_contracts::logic::ops::DivLogic<_>` is not implemented for `i32` +help: the trait `creusot_contracts::logic::ops::DivLogic` is implemented for `creusot_contracts::logic::Int` + --> ./creusot-contracts/src/logic/int.rs:178:1 + | +178 | impl DivLogic for Int { + | ^^^^^^^^^^^^^^^^^^^^^ error[E0277]: Cannot divide `i32` by `i32` in logic - --> div_unimplemented.rs:8:5 - | -8 | x / y - | ^^^^^ no implementation for `i32 / i32` in logic - | - = help: the trait `creusot_contracts::logic::ops::DivLogic` is not implemented for `i32` - = help: the trait `creusot_contracts::logic::ops::DivLogic` is implemented for `creusot_contracts::logic::Int` + --> div_unimplemented.rs:8:5 + | + 8 | x / y + | ^^^^^ no implementation for `i32 / i32` in logic + | + = help: the trait `creusot_contracts::logic::ops::DivLogic` is not implemented for `i32` +help: the trait `creusot_contracts::logic::ops::DivLogic` is implemented for `creusot_contracts::logic::Int` + --> ./creusot-contracts/src/logic/int.rs:178:1 + | +178 | impl DivLogic for Int { + | ^^^^^^^^^^^^^^^^^^^^^ error: aborting due to 2 previous errors diff --git a/tests/should_fail/diagnostics/rem_unimplemented.stderr b/tests/should_fail/diagnostics/rem_unimplemented.stderr index 151a941cd5..3dbe73f8d9 100644 --- a/tests/should_fail/diagnostics/rem_unimplemented.stderr +++ b/tests/should_fail/diagnostics/rem_unimplemented.stderr @@ -1,23 +1,31 @@ error[E0277]: cannot calculate the remainder of `i32` divided by `_` in logic - --> rem_unimplemented.rs:8:5 - | -8 | x % y - | ^---- - | | - | no implementation for `i32 % _` in logic - | required by a bound introduced by this call - | - = help: the trait `creusot_contracts::logic::ops::RemLogic<_>` is not implemented for `i32` - = help: the trait `creusot_contracts::logic::ops::RemLogic` is implemented for `creusot_contracts::logic::Int` + --> rem_unimplemented.rs:8:5 + | + 8 | x % y + | ^---- + | | + | no implementation for `i32 % _` in logic + | required by a bound introduced by this call + | + = help: the trait `creusot_contracts::logic::ops::RemLogic<_>` is not implemented for `i32` +help: the trait `creusot_contracts::logic::ops::RemLogic` is implemented for `creusot_contracts::logic::Int` + --> ./creusot-contracts/src/logic/int.rs:188:1 + | +188 | impl RemLogic for Int { + | ^^^^^^^^^^^^^^^^^^^^^ error[E0277]: cannot calculate the remainder of `i32` divided by `i32` in logic - --> rem_unimplemented.rs:8:5 - | -8 | x % y - | ^^^^^ no implementation for `i32 % i32` in logic - | - = help: the trait `creusot_contracts::logic::ops::RemLogic` is not implemented for `i32` - = help: the trait `creusot_contracts::logic::ops::RemLogic` is implemented for `creusot_contracts::logic::Int` + --> rem_unimplemented.rs:8:5 + | + 8 | x % y + | ^^^^^ no implementation for `i32 % i32` in logic + | + = help: the trait `creusot_contracts::logic::ops::RemLogic` is not implemented for `i32` +help: the trait `creusot_contracts::logic::ops::RemLogic` is implemented for `creusot_contracts::logic::Int` + --> ./creusot-contracts/src/logic/int.rs:188:1 + | +188 | impl RemLogic for Int { + | ^^^^^^^^^^^^^^^^^^^^^ error: aborting due to 2 previous errors diff --git a/tests/should_fail/final_borrows.coma b/tests/should_fail/final_borrows.coma index 0b33cc9ef4..e8cff72bfa 100644 --- a/tests/should_fail/final_borrows.coma +++ b/tests/should_fail/final_borrows.coma @@ -163,14 +163,14 @@ module M_call_changes_prophecy (fun (_ret: MutBorrow.t Int32.t) -> [ &b1 <- _ret ] [ &bor <- { bor with current = _ret.final } ] s1) | s1 = [ &b1_snap <- b1 ] s2 | s2 = bb2 ] - | bb2 = s0 [ s0 = inner (fun (_ret: Int32.t) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = inner (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &b1 <- { b1 with current = _7 } ] s1 + [ s0 = [ &b1 <- { b1 with current = _9 } ] s1 | s1 = -{resolve_ref_i32 b1}- s2 - | s2 = inner (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s3) + | s2 = inner (fun (_ret: Int32.t) -> [ &_10 <- _ret ] s3) | s3 = bb4 ] | bb4 = s0 - [ s0 = [ &bor <- { bor with current = _8 } ] s1 + [ s0 = [ &bor <- { bor with current = _10 } ] s1 | s1 = -{resolve_ref_i32 bor}- s2 | s2 = {[@expl:assertion] b1_snap = bor_snap} s3 | s3 = return {_0} ] ] @@ -179,8 +179,8 @@ module M_call_changes_prophecy | & bor_snap: MutBorrow.t Int32.t = Any.any_l () | & b1: MutBorrow.t Int32.t = Any.any_l () | & b1_snap: MutBorrow.t Int32.t = Any.any_l () - | & _7: Int32.t = Any.any_l () - | & _8: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: Int32.t = Any.any_l () + | & _10: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_unnesting_fails use creusot.int.Int32 @@ -272,7 +272,7 @@ module M_move_place_without_deref [ &bor <- { bor with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_T b1} s2 | s2 = -{resolve_ref_T b1}- s3 - | s3 = inner_T {bor} (fun (_ret: ()) -> [ &_5 <- _ret ] s4) + | s3 = inner_T {bor} (fun (_ret: ()) -> [ &_6 <- _ret ] s4) | s4 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] b1.current = bor_snap.current /\ b1.final = bor_snap.final} s1 @@ -283,5 +283,5 @@ module M_move_place_without_deref | & bor: MutBorrow.t t_T = bor | & bor_snap: MutBorrow.t t_T = Any.any_l () | & b1: MutBorrow.t t_T = Any.any_l () - | & _5: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_fail/generic_deref_ghost.coma b/tests/should_fail/generic_deref_ghost.coma index b55f50a6dc..743f77572d 100644 --- a/tests/should_fail/generic_deref_ghost.coma +++ b/tests/should_fail/generic_deref_ghost.coma @@ -101,9 +101,9 @@ module M_deref_wrap let rec deref_wrap_T (x: t_T) (return (x'0: t_Target)) = {[@expl:deref_wrap 'x' type invariant] inv_ref_T x} {[@expl:deref_wrap requires] precondition_deref () x} (! bb0 - [ bb0 = s0 [ s0 = [ &_6 <- x ] s1 | s1 = deref_T {_6} (fun (_ret: t_Target) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _4 ] s1 | s1 = return {_0} ] ] - [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _4: t_Target = Any.any_l () | & _6: t_T = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_8 <- x ] s1 | s1 = deref_T {_8} (fun (_ret: t_Target) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- _6 ] s1 | s1 = return {_0} ] ] + [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _6: t_Target = Any.any_l () | & _8: t_T = Any.any_l () ]) [ return (result: t_Target) -> {[@expl:deref_wrap result type invariant] inv_ref_Target result} {[@expl:deref_wrap ensures] postcondition_deref () x result} (! return {result}) ] diff --git a/tests/should_fail/generic_deref_snap.coma b/tests/should_fail/generic_deref_snap.coma index d6b53c8763..5bc3492abd 100644 --- a/tests/should_fail/generic_deref_snap.coma +++ b/tests/should_fail/generic_deref_snap.coma @@ -101,9 +101,9 @@ module M_deref_wrap let rec deref_wrap_T (x: t_T) (return (x'0: t_Target)) = {[@expl:deref_wrap 'x' type invariant] inv_ref_T x} {[@expl:deref_wrap requires] precondition_deref () x} (! bb0 - [ bb0 = s0 [ s0 = [ &_6 <- x ] s1 | s1 = deref_T {_6} (fun (_ret: t_Target) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _4 ] s1 | s1 = return {_0} ] ] - [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _4: t_Target = Any.any_l () | & _6: t_T = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_8 <- x ] s1 | s1 = deref_T {_8} (fun (_ret: t_Target) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- _6 ] s1 | s1 = return {_0} ] ] + [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _6: t_Target = Any.any_l () | & _8: t_T = Any.any_l () ]) [ return (result: t_Target) -> {[@expl:deref_wrap result type invariant] inv_ref_Target result} {[@expl:deref_wrap ensures] postcondition_deref () x result} (! return {result}) ] diff --git a/tests/should_fail/terminates/incorrect_variant.coma b/tests/should_fail/terminates/incorrect_variant.coma index 0fd6a24d32..11de4f5d5a 100644 --- a/tests/should_fail/terminates/incorrect_variant.coma +++ b/tests/should_fail/terminates/incorrect_variant.coma @@ -58,46 +58,46 @@ module M_incorrect_recursion let rec incorrect_recursion (x: Int32.t) (return (x'0: ())) = (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- Int32.lt x (-10: Int32.t) ] s1 | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb13) ] ] + [ s0 = [ &_4 <- Int32.lt x (-10: Int32.t) ] s1 | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb13) ] ] | bb2 = s0 - [ s0 = [ &_5 <- Int32.gt x (10: Int32.t) ] s1 | s1 = any [ br0 -> {_5 = false} (! bb5) | br1 -> {_5} (! bb13) ] ] + [ s0 = [ &_6 <- Int32.gt x (10: Int32.t) ] s1 | s1 = any [ br0 -> {_6 = false} (! bb5) | br1 -> {_6} (! bb13) ] ] | bb5 = s0 - [ s0 = [ &_9 <- x ] s1 - | s1 = [ &_10 <- (2: Int32.t) = (0: Int32.t) ] s2 - | s2 = {[@expl:remainder by zero] not _10} s3 + [ s0 = [ &_10 <- x ] s1 + | s1 = [ &_11 <- (2: Int32.t) = (0: Int32.t) ] s2 + | s2 = {[@expl:remainder by zero] not _11} s3 | s3 = bb6 ] | bb6 = s0 - [ s0 = [ &_11 <- (2: Int32.t) = (-1: Int32.t) ] s1 - | s1 = [ &_12 <- _9 = (-2147483648: Int32.t) ] s2 - | s2 = [ &_13 <- Bool.bw_and _11 _12 ] s3 - | s3 = {[@expl:Rem overflow] not _13} s4 + [ s0 = [ &_12 <- (2: Int32.t) = (-1: Int32.t) ] s1 + | s1 = [ &_13 <- _10 = (-2147483648: Int32.t) ] s2 + | s2 = [ &_14 <- Bool.bw_and _12 _13 ] s3 + | s3 = {[@expl:Rem overflow] not _14} s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = Int32.rem {_9} {(2: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- _8 = (0: Int32.t) ] s2 - | s2 = any [ br0 -> {_7 = false} (! bb10) | br1 -> {_7} (! bb8) ] ] + [ s0 = Int32.rem {_10} {(2: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- _9 = (0: Int32.t) ] s2 + | s2 = any [ br0 -> {_8 = false} (! bb10) | br1 -> {_8} (! bb8) ] ] | bb8 = s0 - [ s0 = Int32.add {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &_14 <- _ret ] s1) - | s1 = incorrect_recursion {_14} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) + [ s0 = Int32.add {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &_15 <- _ret ] s1) + | s1 = incorrect_recursion {_15} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb13 ] | bb10 = s0 - [ s0 = Int32.sub {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &_16 <- _ret ] s1) - | s1 = incorrect_recursion {_16} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) + [ s0 = Int32.sub {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &_17 <- _ret ] s1) + | s1 = incorrect_recursion {_17} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb13 ] | bb13 = return {_0} ] [ & _0: () = Any.any_l () | & x: Int32.t = x - | & _3: bool = Any.any_l () - | & _5: bool = Any.any_l () - | & _7: bool = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _4: bool = Any.any_l () + | & _6: bool = Any.any_l () + | & _8: bool = Any.any_l () | & _9: Int32.t = Any.any_l () - | & _10: bool = Any.any_l () + | & _10: Int32.t = Any.any_l () | & _11: bool = Any.any_l () | & _12: bool = Any.any_l () | & _13: bool = Any.any_l () - | & _14: Int32.t = Any.any_l () - | & _16: Int32.t = Any.any_l () ] + | & _14: bool = Any.any_l () + | & _15: Int32.t = Any.any_l () + | & _17: Int32.t = Any.any_l () ] [ incorrect_recursion (x: Int32.t) (_ret (_r: ())) -> {[@expl:function variant] well_founded_relation_i32 function_variant x} incorrect_recursion {x} (_ret) ] [ function_variant: Int32.t = x ]) [ return (result: ()) -> (! return {result}) ] @@ -196,39 +196,39 @@ module M_incorrect_loop_variant | bb1invariant = (! [ &variant_old_bb1 <- x ] s0 [ s0 = bb2 ]) [ bb2 = s0 - [ s0 = [ &_5 <- Int32.ge x (-10: Int32.t) ] s1 - | s1 = any [ br0 -> {_5 = false} (! bb12) | br1 -> {_5} (! bb3) ] ] + [ s0 = [ &_6 <- Int32.ge x (-10: Int32.t) ] s1 + | s1 = any [ br0 -> {_6 = false} (! bb12) | br1 -> {_6} (! bb3) ] ] | bb3 = s0 - [ s0 = [ &_7 <- Int32.le x (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_7 = false} (! bb12) | br1 -> {_7} (! bb4) ] ] + [ s0 = [ &_8 <- Int32.le x (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_8 = false} (! bb12) | br1 -> {_8} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_11 <- x ] s1 - | s1 = [ &_12 <- (2: Int32.t) = (0: Int32.t) ] s2 - | s2 = {[@expl:remainder by zero] not _12} s3 + [ s0 = [ &_12 <- x ] s1 + | s1 = [ &_13 <- (2: Int32.t) = (0: Int32.t) ] s2 + | s2 = {[@expl:remainder by zero] not _13} s3 | s3 = bb5 ] | bb5 = s0 - [ s0 = [ &_13 <- (2: Int32.t) = (-1: Int32.t) ] s1 - | s1 = [ &_14 <- _11 = (-2147483648: Int32.t) ] s2 - | s2 = [ &_15 <- Bool.bw_and _13 _14 ] s3 - | s3 = {[@expl:Rem overflow] not _15} s4 + [ s0 = [ &_14 <- (2: Int32.t) = (-1: Int32.t) ] s1 + | s1 = [ &_15 <- _12 = (-2147483648: Int32.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Rem overflow] not _16} s4 | s4 = bb6 ] | bb6 = s0 - [ s0 = Int32.rem {_11} {(2: Int32.t)} (fun (_ret: Int32.t) -> [ &_10 <- _ret ] s1) - | s1 = [ &_9 <- _10 = (0: Int32.t) ] s2 - | s2 = any [ br0 -> {_9 = false} (! bb8) | br1 -> {_9} (! bb7) ] ] + [ s0 = Int32.rem {_12} {(2: Int32.t)} (fun (_ret: Int32.t) -> [ &_11 <- _ret ] s1) + | s1 = [ &_10 <- _11 = (0: Int32.t) ] s2 + | s2 = any [ br0 -> {_10 = false} (! bb8) | br1 -> {_10} (! bb7) ] ] | bb7 = s0 [ s0 = Int32.add {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &x <- _ret ] s1) | s1 = bb1 ] | bb8 = s0 [ s0 = Int32.sub {x} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &x <- _ret ] s1) | s1 = bb1 ] ] ] | bb12 = return {_0} ] [ & _0: () = Any.any_l () | & x: Int32.t = x - | & _5: bool = Any.any_l () - | & _7: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: Int32.t = Any.any_l () + | & _6: bool = Any.any_l () + | & _8: bool = Any.any_l () + | & _10: bool = Any.any_l () | & _11: Int32.t = Any.any_l () - | & _12: bool = Any.any_l () + | & _12: Int32.t = Any.any_l () | & _13: bool = Any.any_l () | & _14: bool = Any.any_l () | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () | & variant_old_bb1: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_fail/terminates/trait_def_and_impl_disagree.stderr b/tests/should_fail/terminates/trait_def_and_impl_disagree.stderr index f2e9b4496e..b277db1c46 100644 --- a/tests/should_fail/terminates/trait_def_and_impl_disagree.stderr +++ b/tests/should_fail/terminates/trait_def_and_impl_disagree.stderr @@ -1,9 +1,3 @@ -error: Expected `h` to be `#[check(ghost)]` as specified by the trait declaration - --> trait_def_and_impl_disagree.rs:22:5 - | -22 | fn h() {} - | ^^^^^^ - error: Expected `f` to be `#[check(terminates)]` as specified by the trait declaration --> trait_def_and_impl_disagree.rs:17:5 | @@ -16,5 +10,11 @@ error: Expected `g` to be `#[check(ghost)]` as specified by the trait declaratio 20 | fn g() {} | ^^^^^^ +error: Expected `h` to be `#[check(ghost)]` as specified by the trait declaration + --> trait_def_and_impl_disagree.rs:22:5 + | +22 | fn h() {} + | ^^^^^^ + error: aborting due to 3 previous errors diff --git a/tests/should_fail/type_invariants/borrows.coma b/tests/should_fail/type_invariants/borrows.coma index bf5ec276cb..d413da0a68 100644 --- a/tests/should_fail/type_invariants/borrows.coma +++ b/tests/should_fail/type_invariants/borrows.coma @@ -62,10 +62,10 @@ module M_impl_NonZero__inner_mut (* NonZero *) [ bb0 = s0 [ s0 = MutBorrow.borrow_final {self.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_5 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _5}- s3 + [ &_7 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _7}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -75,7 +75,7 @@ module M_impl_NonZero__inner_mut (* NonZero *) [ & _0: MutBorrow.t Int32.t = Any.any_l () | & self: MutBorrow.t t_NonZero = self | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () ]) + | & _7: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:inner_mut ensures #0] Int32.to_int self.current.f0 = Int32.to_int result.current} {[@expl:inner_mut ensures #1] Int32.to_int self.final.f0 = Int32.to_int result.final} @@ -128,21 +128,21 @@ module M_simple (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {x.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id x) 1} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_6 <- _ret ] [ &x <- { x with current = { f0 = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_5 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = inc {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s3) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] [ &x <- { x with current = { f0 = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s2) + | s2 = inc {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_i32 _6}- s1 + [ s0 = -{resolve_ref_i32 _8}- s1 | s1 = {[@expl:type invariant] inv_ref_NonZero x} s2 | s2 = -{resolve_ref_NonZero x}- s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: MutBorrow.t t_NonZero = x - | & _4: () = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: () = Any.any_l () + | & _7: MutBorrow.t Int32.t = Any.any_l () + | & _8: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_hard use creusot.prelude.MutBorrow @@ -200,26 +200,26 @@ module M_hard [ s0 = {inv_NonZero x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_NonZero) -> - [ &_7 <- _ret ] -{inv_NonZero _ret.final}- + [ &_9 <- _ret ] -{inv_NonZero _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = inner_mut {_7} (fun (_ret: MutBorrow.t Int32.t) -> [ &_6 <- _ret ] s2) + | s1 = inner_mut {_9} (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_5 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s1) - | s1 = inc {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) + [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s1) + | s1 = inc {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = -{resolve_ref_i32 _6}- s1 + [ s0 = -{resolve_ref_i32 _8}- s1 | s1 = {[@expl:type invariant] inv_ref_NonZero x} s2 | s2 = -{resolve_ref_NonZero x}- s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: MutBorrow.t t_NonZero = x - | & _4: () = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () - | & _7: MutBorrow.t t_NonZero = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: () = Any.any_l () + | & _7: MutBorrow.t Int32.t = Any.any_l () + | & _8: MutBorrow.t Int32.t = Any.any_l () + | & _9: MutBorrow.t t_NonZero = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_tuple use creusot.int.Int32 @@ -284,21 +284,21 @@ module M_tuple | s1 = [ &x <- { x with f0'0 = { f0 = (0: Int32.t) } } ] s2 | s2 = MutBorrow.borrow_final {x.f1'0.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id x.f1'0) 1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_6 <- _ret ] [ &x <- { x with f1'0 = { x.f1'0 with current = { f0 = _ret.final } } } ] s3) - | s3 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_5 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s4) - | s4 = inc {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s5) + [ &_8 <- _ret ] [ &x <- { x with f1'0 = { x.f1'0 with current = { f0 = _ret.final } } } ] s3) + | s3 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s4) + | s4 = inc {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_i32 _6}- s1 + [ s0 = -{resolve_ref_i32 _8}- s1 | s1 = {[@expl:type invariant] inv_tup2_NonZero_ref_NonZero x} s2 | s2 = -{resolve_tup2_NonZero_ref_NonZero x}- s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: tup2_NonZero_ref_NonZero = x - | & _4: () = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: () = Any.any_l () + | & _7: MutBorrow.t Int32.t = Any.any_l () + | & _8: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_partial_move use creusot.int.Int32 @@ -358,13 +358,13 @@ module M_partial_move | s1 = {[@expl:type invariant] inv_NonZero a} s2 | s2 = MutBorrow.borrow_final {x.f1'0.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id x.f1'0) 1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_7 <- _ret ] [ &x <- { x with f1'0 = { x.f1'0 with current = { f0 = _ret.final } } } ] s3) - | s3 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s4) - | s4 = inc {_6} (fun (_ret: ()) -> [ &_5 <- _ret ] s5) + [ &_9 <- _ret ] [ &x <- { x with f1'0 = { x.f1'0 with current = { f0 = _ret.final } } } ] s3) + | s3 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s4) + | s4 = inc {_8} (fun (_ret: ()) -> [ &_7 <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_i32 _7}- s1 + [ s0 = -{resolve_ref_i32 _9}- s1 | s1 = {[@expl:type invariant] inv_ref_NonZero x.f1'0} s2 | s2 = -{resolve_ref_NonZero x.f1'0}- s3 | s3 = [ &a <- { f0 = (0: Int32.t) } ] s4 @@ -372,9 +372,9 @@ module M_partial_move [ & _0: () = Any.any_l () | & x: tup2_NonZero_ref_NonZero = x | & a: t_NonZero = Any.any_l () - | & _5: () = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () - | & _7: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _7: () = Any.any_l () + | & _8: MutBorrow.t Int32.t = Any.any_l () + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_destruct use creusot.int.Int32 @@ -435,13 +435,13 @@ module M_destruct | s2 = [ &b <- x.f1'0 ] s3 | s3 = [ &a <- { f0 = (0: Int32.t) } ] s4 | s4 = MutBorrow.borrow_final {b.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id b) 1} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] [ &b <- { b with current = { f0 = _ret.final } } ] s5) - | s5 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s6) - | s6 = inc {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s7) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_10 <- _ret ] [ &b <- { b with current = { f0 = _ret.final } } ] s5) + | s5 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s6) + | s6 = inc {_9} (fun (_ret: ()) -> [ &_8 <- _ret ] s7) | s7 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_i32 _8}- s1 + [ s0 = -{resolve_ref_i32 _10}- s1 | s1 = {[@expl:type invariant] inv_ref_NonZero b} s2 | s2 = -{resolve_ref_NonZero b}- s3 | s3 = return {_0} ] ] @@ -449,9 +449,9 @@ module M_destruct | & x: tup2_NonZero_ref_NonZero = x | & a: t_NonZero = Any.any_l () | & b: MutBorrow.t t_NonZero = Any.any_l () - | & _6: () = Any.any_l () - | & _7: MutBorrow.t Int32.t = Any.any_l () - | & _8: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: () = Any.any_l () + | & _9: MutBorrow.t Int32.t = Any.any_l () + | & _10: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_frozen_dead use creusot.int.Int32 @@ -506,16 +506,16 @@ module M_frozen_dead | s1 = {inv_NonZero y.current} MutBorrow.borrow_final {y.current} {MutBorrow.get_id y} (fun (_ret: MutBorrow.t t_NonZero) -> - [ &_6 <- _ret ] -{inv_NonZero _ret.final}- + [ &_8 <- _ret ] -{inv_NonZero _ret.final}- [ &y <- { y with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_NonZero x} s3 | s3 = -{resolve_ref_NonZero x}- s4 - | s4 = [ &x <- _6 ] s5 + | s4 = [ &x <- _8 ] s5 | s5 = {[@expl:type invariant] inv_ref_NonZero x} s6 | s6 = -{resolve_ref_NonZero x}- s7 | s7 = MutBorrow.borrow_final {_a.current} {MutBorrow.get_id _a} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] [ &_a <- { _a with current = _ret.final } ] s8) - | s8 = inc {_8} (fun (_ret: ()) -> [ &_7 <- _ret ] s9) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_10 <- _ret ] [ &_a <- { _a with current = _ret.final } ] s8) + | s8 = inc {_10} (fun (_ret: ()) -> [ &_9 <- _ret ] s9) | s9 = bb1 ] | bb1 = s0 [ s0 = -{resolve_ref_i32 _a}- s1 @@ -526,9 +526,9 @@ module M_frozen_dead | & x: MutBorrow.t t_NonZero = x | & y: MutBorrow.t t_NonZero = y | & _a: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t t_NonZero = Any.any_l () - | & _7: () = Any.any_l () - | & _8: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: MutBorrow.t t_NonZero = Any.any_l () + | & _9: () = Any.any_l () + | & _10: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_impl_SumTo10__foo (* SumTo10 *) use creusot.int.Int32 @@ -583,33 +583,33 @@ module M_impl_SumTo10__foo (* SumTo10 *) [ bb0 = s0 [ s0 = MutBorrow.borrow_final {self.current.a} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_5 <- _ret ] [ &self <- { self with current = { self.current with a = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_4 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = inc {_4} (fun (_ret: ()) -> [ &_3 <- _ret ] s3) + [ &_6 <- _ret ] [ &self <- { self with current = { self.current with a = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_5 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) + | s2 = inc {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_i32 _5}- s1 + [ s0 = -{resolve_ref_i32 _6}- s1 | s1 = MutBorrow.borrow_final {self.current.b} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_8 <- _ret ] [ &self <- { self with current = { self.current with b = _ret.final } } ] s2) - | s2 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s3) - | s3 = dec {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s4) + [ &_9 <- _ret ] [ &self <- { self with current = { self.current with b = _ret.final } } ] s2) + | s2 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s3) + | s3 = dec {_8} (fun (_ret: ()) -> [ &_7 <- _ret ] s4) | s4 = bb2 ] | bb2 = s0 - [ s0 = -{resolve_ref_i32 _8}- s1 + [ s0 = -{resolve_ref_i32 _9}- s1 | s1 = {[@expl:type invariant] inv_ref_SumTo10 self} s2 | s2 = -{resolve_ref_SumTo10 self}- s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_SumTo10 = self - | & _3: () = Any.any_l () - | & _4: MutBorrow.t Int32.t = Any.any_l () + | & _4: () = Any.any_l () | & _5: MutBorrow.t Int32.t = Any.any_l () - | & _6: () = Any.any_l () - | & _7: MutBorrow.t Int32.t = Any.any_l () - | & _8: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: MutBorrow.t Int32.t = Any.any_l () + | & _7: () = Any.any_l () + | & _8: MutBorrow.t Int32.t = Any.any_l () + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_inc use creusot.int.Int32 diff --git a/tests/should_fail/type_invariants/borrows.rs b/tests/should_fail/type_invariants/borrows.rs index 1523bcd88e..71cceeba0d 100644 --- a/tests/should_fail/type_invariants/borrows.rs +++ b/tests/should_fail/type_invariants/borrows.rs @@ -48,6 +48,7 @@ pub fn tuple(mut x: (NonZero, &mut NonZero)) { // here we resolve x and thus assert x.inv() which is not provable } +#[allow(unused)] #[requires(x.1.0@ < i32::MAX@)] #[requires(x.1.0@ != -1)] pub fn partial_move(x: (NonZero, &mut NonZero)) { @@ -56,6 +57,7 @@ pub fn partial_move(x: (NonZero, &mut NonZero)) { a.0 = 0; } +#[allow(unused)] #[requires(x.1.0@ < i32::MAX@)] #[requires(x.1.0@ != -1)] pub fn destruct(x: (NonZero, &mut NonZero)) { @@ -64,14 +66,14 @@ pub fn destruct(x: (NonZero, &mut NonZero)) { inc(&mut b.0); } +#[allow(unused)] #[requires(x.0@ < i32::MAX@)] #[requires(x.0@ != -1)] pub fn frozen_dead<'a>(mut x: &'a mut NonZero, y: &'a mut NonZero) { let _a = &mut x.0; // here we have to resolve x // assert x.inv() fails: depends on ^a which is unknown - (#[allow(unused_assignments)] - x) = y; + x = y; inc(_a); // assert old(x).inv() } diff --git a/tests/should_fail/type_invariants/partial_instance.coma b/tests/should_fail/type_invariants/partial_instance.coma index 312365f10f..51623e78a2 100644 --- a/tests/should_fail/type_invariants/partial_instance.coma +++ b/tests/should_fail/type_invariants/partial_instance.coma @@ -19,9 +19,9 @@ module M_mk_s meta "select_lsinst" "all" let rec mk_s_T (t: Int32.t) (return (x: t_S_T)) = (! bb0 - [ bb0 = s0 [ s0 = null_T (fun (_ret: Opaque.ptr) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = t; f1 = _5 } ] s1 | s1 = return {_0} ] ] - [ & _0: t_S_T = Any.any_l () | & t: Int32.t = t | & _5: Opaque.ptr = Any.any_l () ]) + [ bb0 = s0 [ s0 = null_T (fun (_ret: Opaque.ptr) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = t; f1 = _6 } ] s1 | s1 = return {_0} ] ] + [ & _0: t_S_T = Any.any_l () | & t: Int32.t = t | & _6: Opaque.ptr = Any.any_l () ]) [ return (result: t_S_T) -> {[@expl:mk_s result type invariant] inv_S_T result} {[@expl:mk_s ensures] result.f0 = t} (! return {result}) ] diff --git a/tests/should_fail/unsupported/hash_map.coma b/tests/should_fail/unsupported/hash_map.coma index 22f7b9e42b..ce8ca2ee3e 100644 --- a/tests/should_fail/unsupported/hash_map.coma +++ b/tests/should_fail/unsupported/hash_map.coma @@ -72,7 +72,7 @@ module M_impl_Foo__add (* Foo *) | & self: MutBorrow.t t_Foo = self | & num: UInt64.t = num | & bar: UInt8.t = bar - | & _6: MutBorrow.t UInt8.t = Any.any_l () ]) + | & _9: MutBorrow.t UInt8.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:add ensures] get_Int (view_Foo self.final) (UInt64.t'int num) = Some bar} (! return {result}) ] end diff --git a/tests/should_succeed/100doors.coma b/tests/should_succeed/100doors.coma index 9129837ad9..4201cb9f93 100644 --- a/tests/should_succeed/100doors.coma +++ b/tests/should_succeed/100doors.coma @@ -135,21 +135,21 @@ module M_f [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_16 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_23 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_15 <- _ret ] [ &_16 <- { _16 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_15} (fun (_ret: t_Option_usize) -> [ &_14 <- _ret ] s3) + [ &_22 <- _ret ] [ &_23 <- { _23 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_22} (fun (_ret: t_Option_usize) -> [ &_21 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_usize _16}- s1 - | s1 = any [ br0 -> {_14 = None} (! bb19) | br1 (x0: UInt64.t) -> {_14 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_usize _23}- s1 + | s1 = any [ br0 -> {_21 = None} (! bb19) | br1 (x0: UInt64.t) -> {_21 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_14} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_19 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_21} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_26 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _19 ] s1 + [ s0 = [ &produced <- _26 ] s1 | s1 = [ &pass <- __creusot_proc_iter_elem ] s2 | s2 = [ &door <- pass ] s3 | s3 = bb13 ] @@ -159,21 +159,21 @@ module M_f (! s0) [ s0 = bb14 ] [ bb14 = s0 - [ s0 = [ &_26 <- UInt64.le door (100: UInt64.t) ] s1 - | s1 = any [ br0 -> {_26 = false} (! bb5) | br1 -> {_26} (! bb15) ] ] + [ s0 = [ &_38 <- UInt64.le door (100: UInt64.t) ] s1 + | s1 = any [ br0 -> {_38 = false} (! bb5) | br1 -> {_38} (! bb15) ] ] | bb15 = s0 - [ s0 = UInt64.sub {door} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_31 <- _ret ] s1) - | s1 = index_Vec_bool_Global'0 {door_open} {_31} (fun (_ret: bool) -> [ &_29 <- _ret ] s2) + [ s0 = UInt64.sub {door} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_43 <- _ret ] s1) + | s1 = index_Vec_bool_Global'0 {door_open} {_43} (fun (_ret: bool) -> [ &_41 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = MutBorrow.borrow_mut {door_open} - (fun (_ret: MutBorrow.t t_Vec_bool_Global) -> [ &_34 <- _ret ] [ &door_open <- _ret.final ] s1) - | s1 = UInt64.sub {door} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_35 <- _ret ] s2) - | s2 = index_mut_Vec_bool_Global {_34} {_35} (fun (_ret: MutBorrow.t bool) -> [ &_33 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Vec_bool_Global) -> [ &_46 <- _ret ] [ &door_open <- _ret.final ] s1) + | s1 = UInt64.sub {door} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_47 <- _ret ] s2) + | s2 = index_mut_Vec_bool_Global {_46} {_47} (fun (_ret: MutBorrow.t bool) -> [ &_45 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = [ &_33 <- { _33 with current = not _29 } ] s1 - | s1 = -{resolve_ref_bool _33}- s2 + [ s0 = [ &_45 <- { _45 with current = not _41 } ] s1 + | s1 = -{resolve_ref_bool _45}- s2 | s2 = UInt64.add {door} {pass} (fun (_ret: UInt64.t) -> [ &door <- _ret ] s3) | s3 = bb13 ] ] ] ] ] | bb19 = return {_0} ] @@ -183,17 +183,17 @@ module M_f | & _3: t_Range_usize = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _14: t_Option_usize = Any.any_l () - | & _15: MutBorrow.t t_Range_usize = Any.any_l () - | & _16: MutBorrow.t t_Range_usize = Any.any_l () + | & _21: t_Option_usize = Any.any_l () + | & _22: MutBorrow.t t_Range_usize = Any.any_l () + | & _23: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _19: Seq.seq UInt64.t = Any.any_l () + | & _26: Seq.seq UInt64.t = Any.any_l () | & pass: UInt64.t = Any.any_l () | & door: UInt64.t = Any.any_l () - | & _26: bool = Any.any_l () - | & _29: bool = Any.any_l () - | & _31: UInt64.t = Any.any_l () - | & _33: MutBorrow.t bool = Any.any_l () - | & _34: MutBorrow.t t_Vec_bool_Global = Any.any_l () - | & _35: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _38: bool = Any.any_l () + | & _41: bool = Any.any_l () + | & _43: UInt64.t = Any.any_l () + | & _45: MutBorrow.t bool = Any.any_l () + | & _46: MutBorrow.t t_Vec_bool_Global = Any.any_l () + | & _47: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/all_zero.coma b/tests/should_succeed/all_zero.coma index 3bab1f7031..a202bef77b 100644 --- a/tests/should_succeed/all_zero.coma +++ b/tests/should_succeed/all_zero.coma @@ -70,9 +70,9 @@ module M_all_zero | s2 = [ &value <- { value with current = (0: UInt32.t) } ] s3 | s3 = -{resolve_ref_u32 value}- s4 | s4 = MutBorrow.borrow_final {next.current} {MutBorrow.get_id next} - (fun (_ret: MutBorrow.t t_List) -> [ &_14 <- _ret ] [ &next <- { next with current = _ret.final } ] s5) + (fun (_ret: MutBorrow.t t_List) -> [ &_21 <- _ret ] [ &next <- { next with current = _ret.final } ] s5) | s5 = -{resolve_ref_List loop_l}- s6 - | s6 = [ &loop_l <- _14 ] s7 + | s6 = [ &loop_l <- _21 ] s7 | s7 = -{resolve_ref_Box_List_Global next}- s8 | s8 = bb2 ] ] ] | bb6 = s0 [ s0 = -{resolve_ref_List loop_l}- s1 | s1 = return {_0} ] ] @@ -82,7 +82,7 @@ module M_all_zero | & loop_l: MutBorrow.t t_List = Any.any_l () | & value: MutBorrow.t UInt32.t = Any.any_l () | & next: MutBorrow.t t_List = Any.any_l () - | & _14: MutBorrow.t t_List = Any.any_l () ]) + | & _21: MutBorrow.t t_List = Any.any_l () ]) [ return (result: ()) -> {[@expl:all_zero ensures #0] forall i: int. 0 <= i /\ i < len l.current -> get l.final i = Some (0: UInt32.t)} {[@expl:all_zero ensures #1] len l.current = len l.final} diff --git a/tests/should_succeed/bdd.coma b/tests/should_succeed/bdd.coma index 8516237d2b..7261e595ff 100644 --- a/tests/should_succeed/bdd.coma +++ b/tests/should_succeed/bdd.coma @@ -119,16 +119,16 @@ module M_hashmap__impl_Hash_for_tup2_U_V__hash (* <(U, V) as hashmap::Hash> *) let rec hash_tup2_U_V (self: tup2_U_V) (return (x: UInt64.t)) = {[@expl:hash 'self' type invariant] inv_ref_tup2_U_V self} (! bb0 - [ bb0 = s0 [ s0 = hash_U {self.f0} (fun (_ret: UInt64.t) -> [ &_3 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = hash_V {self.f1} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = wrapping_mul {_6} {(17: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = wrapping_add {_3} {_5} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] + [ bb0 = s0 [ s0 = hash_U {self.f0} (fun (_ret: UInt64.t) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = hash_V {self.f1} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = wrapping_mul {_7} {(17: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = wrapping_add {_4} {_6} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: UInt64.t = Any.any_l () | & self: tup2_U_V = self - | & _3: UInt64.t = Any.any_l () - | & _5: UInt64.t = Any.any_l () - | & _6: UInt64.t = Any.any_l () ]) + | & _4: UInt64.t = Any.any_l () + | & _6: UInt64.t = Any.any_l () + | & _7: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:hash ensures] UInt64.t'int result = hash_log_tup2_U_V (deep_model_ref_tup2_U_V self)} (! return {result}) ] @@ -192,55 +192,55 @@ module M_impl_PartialEq_for_Node__eq (* as std::cmp::PartialEq> *) let rec eq_Node (self: t_Node) (rhs: t_Node) (return (x: bool)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- { f0'0 = self; f1'0 = rhs } ] s1 + [ s0 = [ &_6 <- { f0'0 = self; f1'0 = rhs } ] s1 | s1 = any - [ br0 -> {_4.f0'0 = False'} (! bb2) - | br1 -> {_4.f0'0 = True'} (! bb4) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_4.f0'0 = If x0 x1 x2} (! bb6) ] ] + [ br0 -> {_6.f0'0 = False'} (! bb2) + | br1 -> {_6.f0'0 = True'} (! bb4) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_6.f0'0 = If x0 x1 x2} (! bb6) ] ] | bb6 = any - [ br0 -> {_4.f1'0 = False'} (! bb1) - | br1 -> {_4.f1'0 = True'} (! bb1) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_4.f1'0 = If x0 x1 x2} (! bb8) ] + [ br0 -> {_6.f1'0 = False'} (! bb1) + | br1 -> {_6.f1'0 = True'} (! bb1) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_6.f1'0 = If x0 x1 x2} (! bb8) ] | bb8 = s0 - [ s0 = elim_If {_4.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v_1 <- rv ] s1) - | s1 = elim_If {_4.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt_1 <- rchildt ] s2) - | s2 = elim_If {_4.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf_1 <- rchildf ] s3) - | s3 = elim_If {_4.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v_2 <- rv ] s4) - | s4 = elim_If {_4.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt_2 <- rchildt ] s5) - | s5 = elim_If {_4.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf_2 <- rchildf ] s6) - | s6 = eq_Bdd {childf_1} {childf_2} (fun (_ret: bool) -> [ &_17 <- _ret ] s7) + [ s0 = elim_If {_6.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v_1 <- rv ] s1) + | s1 = elim_If {_6.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt_1 <- rchildt ] s2) + | s2 = elim_If {_6.f0'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf_1 <- rchildf ] s3) + | s3 = elim_If {_6.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v_2 <- rv ] s4) + | s4 = elim_If {_6.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt_2 <- rchildt ] s5) + | s5 = elim_If {_6.f1'0} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf_2 <- rchildf ] s6) + | s6 = eq_Bdd {childf_1} {childf_2} (fun (_ret: bool) -> [ &_19 <- _ret ] s7) | s7 = bb11 ] - | bb11 = any [ br0 -> {_17 = false} (! bb19) | br1 -> {_17} (! bb12) ] - | bb12 = s0 [ s0 = eq_Bdd {childt_1} {childt_2} (fun (_ret: bool) -> [ &_20 <- _ret ] s1) | s1 = bb13 ] - | bb13 = any [ br0 -> {_20 = false} (! bb19) | br1 -> {_20} (! bb14) ] - | bb14 = s0 [ s0 = [ &_23 <- v_1 = v_2 ] s1 | s1 = any [ br0 -> {_23 = false} (! bb19) | br1 -> {_23} (! bb15) ] ] + | bb11 = any [ br0 -> {_19 = false} (! bb19) | br1 -> {_19} (! bb12) ] + | bb12 = s0 [ s0 = eq_Bdd {childt_1} {childt_2} (fun (_ret: bool) -> [ &_22 <- _ret ] s1) | s1 = bb13 ] + | bb13 = any [ br0 -> {_22 = false} (! bb19) | br1 -> {_22} (! bb14) ] + | bb14 = s0 [ s0 = [ &_25 <- v_1 = v_2 ] s1 | s1 = any [ br0 -> {_25 = false} (! bb19) | br1 -> {_25} (! bb15) ] ] | bb15 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb21 ] | bb19 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb21 ] | bb4 = any - [ br0 -> {_4.f1'0 = False'} (! bb1) - | br1 -> {_4.f1'0 = True'} (! bb9) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_4.f1'0 = If x0 x1 x2} (! bb1) ] + [ br0 -> {_6.f1'0 = False'} (! bb1) + | br1 -> {_6.f1'0 = True'} (! bb9) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_6.f1'0 = If x0 x1 x2} (! bb1) ] | bb9 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb21 ] | bb2 = any - [ br0 -> {_4.f1'0 = False'} (! bb10) - | br1 -> {_4.f1'0 = True'} (! bb1) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_4.f1'0 = If x0 x1 x2} (! bb1) ] + [ br0 -> {_6.f1'0 = False'} (! bb10) + | br1 -> {_6.f1'0 = True'} (! bb1) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_6.f1'0 = If x0 x1 x2} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb21 ] | bb10 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb21 ] | bb21 = return {_0} ] [ & _0: bool = Any.any_l () | & self: t_Node = self | & rhs: t_Node = rhs - | & _4: tup2_ref_Node_ref_Node = Any.any_l () + | & _6: tup2_ref_Node_ref_Node = Any.any_l () | & v_1: UInt64.t = Any.any_l () | & childt_1: t_Bdd = Any.any_l () | & childf_1: t_Bdd = Any.any_l () | & v_2: UInt64.t = Any.any_l () | & childt_2: t_Bdd = Any.any_l () | & childf_2: t_Bdd = Any.any_l () - | & _17: bool = Any.any_l () - | & _20: bool = Any.any_l () - | & _23: bool = Any.any_l () ]) + | & _19: bool = Any.any_l () + | & _22: bool = Any.any_l () + | & _25: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:eq ensures] result = (deep_model_ref_Node self = deep_model_ref_Node rhs)} (! return {result}) ] end @@ -395,14 +395,14 @@ module M_impl_Clone_for_Node__clone (* as std::clone::Clone> *) [ s0 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v_1 <- rv ] s1) | s1 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt_1 <- rchildt ] s2) | s2 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf_1 <- rchildf ] s3) - | s3 = [ &_9 <- v_1 ] s4 - | s4 = clone_u64 {_9} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s5) + | s3 = [ &_10 <- v_1 ] s4 + | s4 = clone_u64 {_10} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s5) | s5 = bb7 ] | bb7 = s0 - [ s0 = [ &_12 <- childt_1 ] s1 | s1 = clone_Bdd {_12} (fun (_ret: t_Bdd) -> [ &_10 <- _ret ] s2) | s2 = bb8 ] + [ s0 = [ &_13 <- childt_1 ] s1 | s1 = clone_Bdd {_13} (fun (_ret: t_Bdd) -> [ &_11 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &_15 <- childf_1 ] s1 | s1 = clone_Bdd {_15} (fun (_ret: t_Bdd) -> [ &_13 <- _ret ] s2) | s2 = bb9 ] - | bb9 = s0 [ s0 = [ &_0 <- If _7 _10 _13 ] s1 | s1 = bb10 ] + [ s0 = [ &_16 <- childf_1 ] s1 | s1 = clone_Bdd {_16} (fun (_ret: t_Bdd) -> [ &_14 <- _ret ] s2) | s2 = bb9 ] + | bb9 = s0 [ s0 = [ &_0 <- If _8 _11 _14 ] s1 | s1 = bb10 ] | bb5 = s0 [ s0 = [ &_0 <- True' ] s1 | s1 = bb10 ] | bb6 = s0 [ s0 = [ &_0 <- False' ] s1 | s1 = bb10 ] | bb10 = return {_0} ] @@ -411,12 +411,12 @@ module M_impl_Clone_for_Node__clone (* as std::clone::Clone> *) | & v_1: UInt64.t = Any.any_l () | & childt_1: t_Bdd = Any.any_l () | & childf_1: t_Bdd = Any.any_l () - | & _7: UInt64.t = Any.any_l () - | & _9: UInt64.t = Any.any_l () - | & _10: t_Bdd = Any.any_l () - | & _12: t_Bdd = Any.any_l () + | & _8: UInt64.t = Any.any_l () + | & _10: UInt64.t = Any.any_l () + | & _11: t_Bdd = Any.any_l () | & _13: t_Bdd = Any.any_l () - | & _15: t_Bdd = Any.any_l () ]) + | & _14: t_Bdd = Any.any_l () + | & _16: t_Bdd = Any.any_l () ]) [ return (result: t_Node) -> {[@expl:clone ensures] match { f0'0 = self; f1'0 = result } with | {f0'0 = False'; f1'0 = False'} -> true | {f0'0 = True'; f1'0 = True'} -> true @@ -510,12 +510,12 @@ module M_impl_Hash_for_Node__hash (* as hashmap::Hash> *) [ s0 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &v <- rv ] s1) | s1 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childt <- rchildt ] s2) | s2 = elim_If {self} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childf <- rchildf ] s3) - | s3 = wrapping_mul {childt.f1} {(5: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_9 <- _ret ] s4) + | s3 = wrapping_mul {childt.f1} {(5: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s4) | s4 = bb7 ] - | bb7 = s0 [ s0 = wrapping_add {v} {_9} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb8 ] + | bb7 = s0 [ s0 = wrapping_add {v} {_10} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = wrapping_mul {childf.f1} {(7: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb9 ] - | bb9 = s0 [ s0 = wrapping_add {_7} {_11} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = bb11 ] + [ s0 = wrapping_mul {childf.f1} {(7: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) | s1 = bb9 ] + | bb9 = s0 [ s0 = wrapping_add {_8} {_12} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = bb11 ] | bb5 = s0 [ s0 = [ &_0 <- (2: UInt64.t) ] s1 | s1 = bb11 ] | bb6 = s0 [ s0 = [ &_0 <- (1: UInt64.t) ] s1 | s1 = bb11 ] | bb11 = return {_0} ] @@ -524,9 +524,9 @@ module M_impl_Hash_for_Node__hash (* as hashmap::Hash> *) | & v: UInt64.t = Any.any_l () | & childt: t_Bdd = Any.any_l () | & childf: t_Bdd = Any.any_l () - | & _7: UInt64.t = Any.any_l () - | & _9: UInt64.t = Any.any_l () - | & _11: UInt64.t = Any.any_l () ]) + | & _8: UInt64.t = Any.any_l () + | & _10: UInt64.t = Any.any_l () + | & _12: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:hash ensures] UInt64.t'int result = hash_log_Node (view_Node self)} (! return {result}) ] end @@ -1917,28 +1917,28 @@ module M_impl_Context_0__hashcons (* Context<'arena> *) {[@expl:hashcons requires] is_valid_node self.current n} (! bb0 [ bb0 = s0 - [ s0 = [ &_11 <- n ] s1 - | s1 = get_Node {self.current.hashcons} {_11} (fun (_ret: t_Option_ref_Bdd) -> [ &_8 <- _ret ] s2) + [ s0 = [ &_16 <- n ] s1 + | s1 = get_Node {self.current.hashcons} {_16} (fun (_ret: t_Option_ref_Bdd) -> [ &_13 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_8 = None} (! bb4) | br1 (x0: t_Bdd) -> {_8 = Some x0} (! bb2) ] + | bb1 = any [ br0 -> {_13 = None} (! bb4) | br1 (x0: t_Bdd) -> {_13 = Some x0} (! bb2) ] | bb4 = s0 - [ s0 = alloc_Node {self.current.alloc} {n} (fun (_ret: MutBorrow.t t_Node) -> [ &_19 <- _ret ] s1) | s1 = bb5 ] + [ s0 = alloc_Node {self.current.alloc} {n} (fun (_ret: MutBorrow.t t_Node) -> [ &_26 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = -{resolve_ref_Node _19}- s1 - | s1 = [ &r'0 <- { f0 = _19.current; f1 = self.current.cnt.f0'0 } ] s2 + [ s0 = -{resolve_ref_Node _26}- s1 + | s1 = [ &r'0 <- { f0 = _26.current; f1 = self.current.cnt.f0'0 } ] s2 | s2 = MutBorrow.borrow_final {self.current.hashcons} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_MyHashMap_Node_Bdd) -> - [ &_24 <- _ret ] [ &self <- { self with current = { self.current with hashcons = _ret.final } } ] s3) - | s3 = add_Node {_24} {n} {r'0} (fun (_ret: ()) -> [ &_23 <- _ret ] s4) + [ &_31 <- _ret ] [ &self <- { self with current = { self.current with hashcons = _ret.final } } ] s3) + | s3 = add_Node {_31} {n} {r'0} (fun (_ret: ()) -> [ &_30 <- _ret ] s4) | s4 = bb6 ] - | bb6 = s0 [ s0 = [ &_27 <- Map.set self.current.hashcons_ghost r'0.f1 r'0.f0 ] s1 | s1 = bb7 ] + | bb6 = s0 [ s0 = [ &_34 <- Map.set self.current.hashcons_ghost r'0.f1 r'0.f0 ] s1 | s1 = bb7 ] | bb7 = s0 - [ s0 = [ &self <- { self with current = { self.current with hashcons_ghost = _27 } } ] s1 - | s1 = incr {self.current.cnt} (fun (_ret: t_PeanoInt) -> [ &_29 <- _ret ] s2) + [ s0 = [ &self <- { self with current = { self.current with hashcons_ghost = _34 } } ] s1 + | s1 = incr {self.current.cnt} (fun (_ret: t_PeanoInt) -> [ &_39 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &self <- { self with current = { self.current with cnt = _29 } } ] s1 + [ s0 = [ &self <- { self with current = { self.current with cnt = _39 } } ] s1 | s1 = {[@expl:type invariant] inv_ref_Context self} s2 | s2 = -{resolve_ref_Context self}- s3 | s3 = [ &_0 <- r'0 ] s4 @@ -1946,7 +1946,7 @@ module M_impl_Context_0__hashcons (* Context<'arena> *) | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = elim_Some {_8} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) + [ s0 = elim_Some {_13} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) | s1 = {[@expl:assertion] view_Node r.f0 = view_Node n} s2 | s2 = [ &_0 <- r ] s3 | s3 = bb9 ] @@ -1954,15 +1954,15 @@ module M_impl_Context_0__hashcons (* Context<'arena> *) [ & _0: t_Bdd = Any.any_l () | & self: MutBorrow.t t_Context = self | & n: t_Node = n - | & _8: t_Option_ref_Bdd = Any.any_l () - | & _11: t_Node = Any.any_l () + | & _13: t_Option_ref_Bdd = Any.any_l () + | & _16: t_Node = Any.any_l () | & r: t_Bdd = Any.any_l () | & r'0: t_Bdd = Any.any_l () - | & _19: MutBorrow.t t_Node = Any.any_l () - | & _23: () = Any.any_l () - | & _24: MutBorrow.t t_MyHashMap_Node_Bdd = Any.any_l () - | & _27: Map.map UInt64.t t_Node = Any.any_l () - | & _29: t_PeanoInt = Any.any_l () ]) + | & _26: MutBorrow.t t_Node = Any.any_l () + | & _30: () = Any.any_l () + | & _31: MutBorrow.t t_MyHashMap_Node_Bdd = Any.any_l () + | & _34: Map.map UInt64.t t_Node = Any.any_l () + | & _39: t_PeanoInt = Any.any_l () ]) [ return (result: t_Bdd) -> {[@expl:hashcons ensures #0] result.f0 = n} {[@expl:hashcons ensures #1] grows self} {[@expl:hashcons ensures #2] is_valid_bdd self.final result} @@ -2170,21 +2170,21 @@ module M_impl_Context_0__node (* Context<'arena> *) {[@expl:node requires #1] is_valid_bdd self.current childf} {[@expl:node requires #2] UInt64.t'int x < leastvar childt /\ UInt64.t'int x < leastvar childf} (! bb0 - [ bb0 = s0 [ s0 = eq_Bdd {childt} {childf} (fun (_ret: bool) -> [ &_13 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_13 = false} (! bb3) | br1 -> {_13} (! bb2) ] + [ bb0 = s0 [ s0 = eq_Bdd {childt} {childf} (fun (_ret: bool) -> [ &_26 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_26 = false} (! bb3) | br1 -> {_26} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = [ &_0 <- childt ] s3 | s3 = bb5 ] | bb3 = s0 - [ s0 = [ &_18 <- If x childt childf ] s1 + [ s0 = [ &_31 <- If x childt childf ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t t_Context) -> - [ &_17 <- _ret ] -{inv_Context _ret.final}- + [ &_30 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = hashcons'0 {_17} {_18} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) + | s2 = hashcons'0 {_30} {_31} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) | s3 = bb4 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = bb5 ] @@ -2194,9 +2194,9 @@ module M_impl_Context_0__node (* Context<'arena> *) | & x: UInt64.t = x | & childt: t_Bdd = childt | & childf: t_Bdd = childf - | & _13: bool = Any.any_l () - | & _17: MutBorrow.t t_Context = Any.any_l () - | & _18: t_Node = Any.any_l () ]) + | & _26: bool = Any.any_l () + | & _30: MutBorrow.t t_Context = Any.any_l () + | & _31: t_Node = Any.any_l () ]) [ return (result: t_Bdd) -> {[@expl:node ensures #0] grows self} {[@expl:node ensures #1] is_valid_bdd self.final result} {[@expl:node ensures #2] forall v: Map.map UInt64.t bool. interp result v @@ -2393,13 +2393,13 @@ module M_impl_Context_0__true (* Context<'arena> *) {[@expl:true_ 'self' type invariant] inv_ref_Context self} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- True' ] s1 + [ s0 = [ &_9 <- True' ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t t_Context) -> - [ &_6 <- _ret ] -{inv_Context _ret.final}- + [ &_8 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = hashcons'0 {_6} {_7} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) + | s2 = hashcons'0 {_8} {_9} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 @@ -2407,8 +2407,8 @@ module M_impl_Context_0__true (* Context<'arena> *) | s2 = return {_0} ] ] [ & _0: t_Bdd = Any.any_l () | & self: MutBorrow.t t_Context = self - | & _6: MutBorrow.t t_Context = Any.any_l () - | & _7: t_Node = Any.any_l () ]) + | & _8: MutBorrow.t t_Context = Any.any_l () + | & _9: t_Node = Any.any_l () ]) [ return (result: t_Bdd) -> {[@expl:true_ ensures #0] grows self} {[@expl:true_ ensures #1] is_valid_bdd self.final result} {[@expl:true_ ensures #2] forall v: Map.map UInt64.t bool. interp result v} @@ -2604,13 +2604,13 @@ module M_impl_Context_0__false (* Context<'arena> *) {[@expl:false_ 'self' type invariant] inv_ref_Context self} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- False' ] s1 + [ s0 = [ &_9 <- False' ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t t_Context) -> - [ &_6 <- _ret ] -{inv_Context _ret.final}- + [ &_8 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = hashcons'0 {_6} {_7} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) + | s2 = hashcons'0 {_8} {_9} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 @@ -2618,8 +2618,8 @@ module M_impl_Context_0__false (* Context<'arena> *) | s2 = return {_0} ] ] [ & _0: t_Bdd = Any.any_l () | & self: MutBorrow.t t_Context = self - | & _6: MutBorrow.t t_Context = Any.any_l () - | & _7: t_Node = Any.any_l () ]) + | & _8: MutBorrow.t t_Context = Any.any_l () + | & _9: t_Node = Any.any_l () ]) [ return (result: t_Bdd) -> {[@expl:false_ ensures #0] grows self} {[@expl:false_ ensures #1] is_valid_bdd self.final result} {[@expl:false_ ensures #2] forall v: Map.map UInt64.t bool. not interp result v} @@ -2843,25 +2843,25 @@ module M_impl_Context_0__v (* Context<'arena> *) [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_7 <- _ret ] -{inv_Context _ret.final}- + [ &_10 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = true_ {_7} (fun (_ret: t_Bdd) -> [ &t <- _ret ] s2) + | s1 = true_ {_10} (fun (_ret: t_Bdd) -> [ &t <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_9 <- _ret ] -{inv_Context _ret.final}- + [ &_12 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = false_ {_9} (fun (_ret: t_Bdd) -> [ &f <- _ret ] s2) + | s1 = false_ {_12} (fun (_ret: t_Bdd) -> [ &f <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t t_Context) -> - [ &_10 <- _ret ] -{inv_Context _ret.final}- + [ &_13 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = node {_10} {x} {t} {f} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s2) + | s1 = node {_13} {x} {t} {f} (fun (_ret: t_Bdd) -> [ &_0 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 @@ -2871,10 +2871,10 @@ module M_impl_Context_0__v (* Context<'arena> *) | & self: MutBorrow.t t_Context = self | & x: UInt64.t = x | & t: t_Bdd = Any.any_l () - | & _7: MutBorrow.t t_Context = Any.any_l () + | & _10: MutBorrow.t t_Context = Any.any_l () | & f: t_Bdd = Any.any_l () - | & _9: MutBorrow.t t_Context = Any.any_l () - | & _10: MutBorrow.t t_Context = Any.any_l () ]) + | & _12: MutBorrow.t t_Context = Any.any_l () + | & _13: MutBorrow.t t_Context = Any.any_l () ]) [ return (result: t_Bdd) -> {[@expl:v ensures #0] grows self} {[@expl:v ensures #1] is_valid_bdd self.final result} {[@expl:v ensures #2] forall v'0: Map.map UInt64.t bool. interp result v'0 = Map.get v'0 x} @@ -3140,10 +3140,10 @@ module M_impl_Context_0__not (* Context<'arena> *) {[@expl:not requires] is_valid_bdd self.current x} (! bb0 [ bb0 = s0 - [ s0 = [ &_13 <- x ] s1 - | s1 = get_Bdd {self.current.not_memo} {_13} (fun (_ret: t_Option_ref_Bdd) -> [ &_10 <- _ret ] s2) + [ s0 = [ &_20 <- x ] s1 + | s1 = get_Bdd {self.current.not_memo} {_20} (fun (_ret: t_Option_ref_Bdd) -> [ &_17 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_10 = None} (! bb4) | br1 (x0: t_Bdd) -> {_10 = Some x0} (! bb2) ] + | bb1 = any [ br0 -> {_17 = None} (! bb4) | br1 (x0: t_Bdd) -> {_17 = Some x0} (! bb2) ] | bb4 = any [ br0 -> {x.f0 = False'} (! bb9) | br1 -> {x.f0 = True'} (! bb10) @@ -3155,48 +3155,48 @@ module M_impl_Context_0__not (* Context<'arena> *) | s3 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_25 <- _ret ] -{inv_Context _ret.final}- + [ &_32 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s4) - | s4 = not' {_25} {childt} (fun (_ret: t_Bdd) -> [ &childt'0 <- _ret ] s5) + | s4 = not' {_32} {childt} (fun (_ret: t_Bdd) -> [ &childt'0 <- _ret ] s5) | s5 = bb13 ] | bb13 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_28 <- _ret ] -{inv_Context _ret.final}- + [ &_35 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = not' {_28} {childf} (fun (_ret: t_Bdd) -> [ &childf'0 <- _ret ] s2) + | s1 = not' {_35} {childf} (fun (_ret: t_Bdd) -> [ &childf'0 <- _ret ] s2) | s2 = bb14 ] | bb14 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_30 <- _ret ] -{inv_Context _ret.final}- + [ &_37 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = node {_30} {v} {childt'0} {childf'0} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) + | s1 = node {_37} {v} {childt'0} {childf'0} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) | s2 = bb16 ] | bb10 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_19 <- _ret ] -{inv_Context _ret.final}- + [ &_26 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = false_ {_19} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) + | s1 = false_ {_26} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) | s2 = bb16 ] | bb9 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_20 <- _ret ] -{inv_Context _ret.final}- + [ &_27 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = true_ {_20} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) + | s1 = true_ {_27} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = MutBorrow.borrow_final {self.current.not_memo} {MutBorrow.inherit_id (MutBorrow.get_id self) 4} (fun (_ret: MutBorrow.t t_MyHashMap_Bdd_Bdd) -> - [ &_35 <- _ret ] [ &self <- { self with current = { self.current with not_memo = _ret.final } } ] s1) - | s1 = add_Bdd {_35} {x} {r'0} (fun (_ret: ()) -> [ &_34 <- _ret ] s2) + [ &_42 <- _ret ] [ &self <- { self with current = { self.current with not_memo = _ret.final } } ] s1) + | s1 = add_Bdd {_42} {x} {r'0} (fun (_ret: ()) -> [ &_41 <- _ret ] s2) | s2 = bb17 ] | bb17 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 @@ -3205,27 +3205,27 @@ module M_impl_Context_0__not (* Context<'arena> *) | s3 = bb18 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = bb3 ] - | bb3 = s0 [ s0 = elim_Some {_10} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) | s1 = [ &_0 <- r ] s2 | s2 = bb18 ] + | bb3 = s0 [ s0 = elim_Some {_17} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) | s1 = [ &_0 <- r ] s2 | s2 = bb18 ] | bb18 = return {_0} ] [ & _0: t_Bdd = Any.any_l () | & self: MutBorrow.t t_Context = self | & x: t_Bdd = x - | & _10: t_Option_ref_Bdd = Any.any_l () - | & _13: t_Bdd = Any.any_l () + | & _17: t_Option_ref_Bdd = Any.any_l () + | & _20: t_Bdd = Any.any_l () | & r: t_Bdd = Any.any_l () | & r'0: t_Bdd = Any.any_l () - | & _19: MutBorrow.t t_Context = Any.any_l () - | & _20: MutBorrow.t t_Context = Any.any_l () + | & _26: MutBorrow.t t_Context = Any.any_l () + | & _27: MutBorrow.t t_Context = Any.any_l () | & v: UInt64.t = Any.any_l () | & childt: t_Bdd = Any.any_l () | & childf: t_Bdd = Any.any_l () | & childt'0: t_Bdd = Any.any_l () - | & _25: MutBorrow.t t_Context = Any.any_l () + | & _32: MutBorrow.t t_Context = Any.any_l () | & childf'0: t_Bdd = Any.any_l () - | & _28: MutBorrow.t t_Context = Any.any_l () - | & _30: MutBorrow.t t_Context = Any.any_l () - | & _34: () = Any.any_l () - | & _35: MutBorrow.t t_MyHashMap_Bdd_Bdd = Any.any_l () ] + | & _35: MutBorrow.t t_Context = Any.any_l () + | & _37: MutBorrow.t t_Context = Any.any_l () + | & _41: () = Any.any_l () + | & _42: MutBorrow.t t_MyHashMap_Bdd_Bdd = Any.any_l () ] [ not' (self: MutBorrow.t t_Context) (x: t_Bdd) (_ret (_r: t_Bdd)) -> {[@expl:function variant] well_founded_relation_Int function_variant (size x)} not' {self} {x} (_ret) ] [ function_variant: int = size x ]) @@ -3553,130 +3553,130 @@ module M_impl_Context_0__and (* Context<'arena> *) {[@expl:and requires #1] is_valid_bdd self.current b} (! bb0 [ bb0 = s0 - [ s0 = [ &_16 <- { f0'0 = a; f1'0 = b } ] s1 - | s1 = [ &_15 <- _16 ] s2 - | s2 = get_tup2_Bdd_Bdd {self.current.and_memo} {_15} (fun (_ret: t_Option_ref_Bdd) -> [ &_12 <- _ret ] s3) + [ s0 = [ &_28 <- { f0'0 = a; f1'0 = b } ] s1 + | s1 = [ &_27 <- _28 ] s2 + | s2 = get_tup2_Bdd_Bdd {self.current.and_memo} {_27} (fun (_ret: t_Option_ref_Bdd) -> [ &_24 <- _ret ] s3) | s3 = bb1 ] - | bb1 = any [ br0 -> {_12 = None} (! bb4) | br1 (x0: t_Bdd) -> {_12 = Some x0} (! bb2) ] + | bb1 = any [ br0 -> {_24 = None} (! bb4) | br1 (x0: t_Bdd) -> {_24 = Some x0} (! bb2) ] | bb4 = s0 - [ s0 = [ &_23 <- { f0'3 = a.f0; f1'3 = b.f0 } ] s1 + [ s0 = [ &_35 <- { f0'3 = a.f0; f1'3 = b.f0 } ] s1 | s1 = any - [ br0 -> {_23.f0'3 = False'} (! bb5) - | br1 -> {_23.f0'3 = True'} (! bb16) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_23.f0'3 = If x0 x1 x2} (! bb5) ] ] + [ br0 -> {_35.f0'3 = False'} (! bb5) + | br1 -> {_35.f0'3 = True'} (! bb16) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_35.f0'3 = If x0 x1 x2} (! bb5) ] ] | bb5 = any - [ br0 -> {_23.f1'3 = False'} (! bb7) - | br1 -> {_23.f1'3 = True'} (! bb15) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_23.f1'3 = If x0 x1 x2} (! bb7) ] + [ br0 -> {_35.f1'3 = False'} (! bb7) + | br1 -> {_35.f1'3 = True'} (! bb15) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_35.f1'3 = If x0 x1 x2} (! bb7) ] | bb7 = any - [ br0 -> {_23.f0'3 = False'} (! bb14) - | br1 -> {_23.f0'3 = True'} (! bb9) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_23.f0'3 = If x0 x1 x2} (! bb9) ] + [ br0 -> {_35.f0'3 = False'} (! bb14) + | br1 -> {_35.f0'3 = True'} (! bb9) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_35.f0'3 = If x0 x1 x2} (! bb9) ] | bb9 = any - [ br0 -> {_23.f1'3 = False'} (! bb14) - | br1 -> {_23.f1'3 = True'} (! bb10) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_23.f1'3 = If x0 x1 x2} (! bb11) ] + [ br0 -> {_35.f1'3 = False'} (! bb14) + | br1 -> {_35.f1'3 = True'} (! bb10) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_35.f1'3 = If x0 x1 x2} (! bb11) ] | bb11 = any - [ br0 -> {_23.f0'3 = False'} (! bb10) - | br1 -> {_23.f0'3 = True'} (! bb10) - | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_23.f0'3 = If x0 x1 x2} (! bb12) ] + [ br0 -> {_35.f0'3 = False'} (! bb10) + | br1 -> {_35.f0'3 = True'} (! bb10) + | br2 (x0: UInt64.t) (x1: t_Bdd) (x2: t_Bdd) -> {_35.f0'3 = If x0 x1 x2} (! bb12) ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = {false} any ] | bb12 = s0 - [ s0 = elim_If {_23.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &va <- rv ] s1) - | s1 = elim_If {_23.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childta <- rchildt ] s2) - | s2 = elim_If {_23.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childfa <- rchildf ] s3) - | s3 = elim_If {_23.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &vb <- rv ] s4) - | s4 = elim_If {_23.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childtb <- rchildt ] s5) - | s5 = elim_If {_23.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childfb <- rchildf ] s6) - | s6 = [ &_45 <- vb ] s7 - | s7 = cmp_u64 {va} {_45} (fun (_ret: t_Ordering) -> [ &_42 <- _ret ] s8) + [ s0 = elim_If {_35.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &va <- rv ] s1) + | s1 = elim_If {_35.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childta <- rchildt ] s2) + | s2 = elim_If {_35.f0'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childfa <- rchildf ] s3) + | s3 = elim_If {_35.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &vb <- rv ] s4) + | s4 = elim_If {_35.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childtb <- rchildt ] s5) + | s5 = elim_If {_35.f1'3} (fun (rv: UInt64.t) (rchildt: t_Bdd) (rchildf: t_Bdd) -> [ &childfb <- rchildf ] s6) + | s6 = [ &_57 <- vb ] s7 + | s7 = cmp_u64 {va} {_57} (fun (_ret: t_Ordering) -> [ &_54 <- _ret ] s8) | s8 = bb18 ] - | bb18 = any [ br0 -> {_42 = Less} (! bb23) | br1 -> {_42 = Equal} (! bb22) | br2 -> {_42 = Greater} (! bb24) ] + | bb18 = any [ br0 -> {_54 = Less} (! bb23) | br1 -> {_54 = Equal} (! bb22) | br2 -> {_54 = Greater} (! bb24) ] | bb24 = s0 [ s0 = [ &v <- vb ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_49 <- _ret ] -{inv_Context _ret.final}- + [ &_61 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_49} {a} {childtb} (fun (_ret: t_Bdd) -> [ &_48 <- _ret ] s3) + | s2 = and {_61} {a} {childtb} (fun (_ret: t_Bdd) -> [ &_60 <- _ret ] s3) | s3 = bb25 ] | bb25 = s0 - [ s0 = [ &childt <- _48 ] s1 + [ s0 = [ &childt <- _60 ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_53 <- _ret ] -{inv_Context _ret.final}- + [ &_65 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_53} {a} {childfb} (fun (_ret: t_Bdd) -> [ &_52 <- _ret ] s3) + | s2 = and {_65} {a} {childfb} (fun (_ret: t_Bdd) -> [ &_64 <- _ret ] s3) | s3 = bb26 ] - | bb26 = s0 [ s0 = [ &childf <- _52 ] s1 | s1 = bb31 ] + | bb26 = s0 [ s0 = [ &childf <- _64 ] s1 | s1 = bb31 ] | bb22 = s0 [ s0 = [ &v <- va ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_67 <- _ret ] -{inv_Context _ret.final}- + [ &_79 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_67} {childta} {childtb} (fun (_ret: t_Bdd) -> [ &_66 <- _ret ] s3) + | s2 = and {_79} {childta} {childtb} (fun (_ret: t_Bdd) -> [ &_78 <- _ret ] s3) | s3 = bb29 ] | bb29 = s0 - [ s0 = [ &childt <- _66 ] s1 + [ s0 = [ &childt <- _78 ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_71 <- _ret ] -{inv_Context _ret.final}- + [ &_83 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_71} {childfa} {childfb} (fun (_ret: t_Bdd) -> [ &_70 <- _ret ] s3) + | s2 = and {_83} {childfa} {childfb} (fun (_ret: t_Bdd) -> [ &_82 <- _ret ] s3) | s3 = bb30 ] - | bb30 = s0 [ s0 = [ &childf <- _70 ] s1 | s1 = bb31 ] + | bb30 = s0 [ s0 = [ &childf <- _82 ] s1 | s1 = bb31 ] | bb23 = s0 [ s0 = [ &v <- va ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_58 <- _ret ] -{inv_Context _ret.final}- + [ &_70 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_58} {childta} {b} (fun (_ret: t_Bdd) -> [ &_57 <- _ret ] s3) + | s2 = and {_70} {childta} {b} (fun (_ret: t_Bdd) -> [ &_69 <- _ret ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = [ &childt <- _57 ] s1 + [ s0 = [ &childt <- _69 ] s1 | s1 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_62 <- _ret ] -{inv_Context _ret.final}- + [ &_74 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s2) - | s2 = and {_62} {childfa} {b} (fun (_ret: t_Bdd) -> [ &_61 <- _ret ] s3) + | s2 = and {_74} {childfa} {b} (fun (_ret: t_Bdd) -> [ &_73 <- _ret ] s3) | s3 = bb28 ] - | bb28 = s0 [ s0 = [ &childf <- _61 ] s1 | s1 = bb31 ] + | bb28 = s0 [ s0 = [ &childf <- _73 ] s1 | s1 = bb31 ] | bb31 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_74 <- _ret ] -{inv_Context _ret.final}- + [ &_86 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = node {_74} {v} {childt} {childf} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) + | s1 = node {_86} {v} {childt} {childf} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) | s2 = bb33 ] | bb14 = s0 [ s0 = {inv_Context self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Context) -> - [ &_31 <- _ret ] -{inv_Context _ret.final}- + [ &_43 <- _ret ] -{inv_Context _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = false_ {_31} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) + | s1 = false_ {_43} (fun (_ret: t_Bdd) -> [ &r'0 <- _ret ] s2) | s2 = bb33 ] | bb15 = s0 [ s0 = [ &r'0 <- a ] s1 | s1 = bb33 ] | bb16 = s0 [ s0 = [ &r'0 <- b ] s1 | s1 = bb33 ] | bb33 = s0 - [ s0 = [ &_80 <- { f0'0 = a; f1'0 = b } ] s1 + [ s0 = [ &_92 <- { f0'0 = a; f1'0 = b } ] s1 | s1 = MutBorrow.borrow_final {self.current.and_memo} {MutBorrow.inherit_id (MutBorrow.get_id self) 5} (fun (_ret: MutBorrow.t t_MyHashMap_tup2_Bdd_Bdd_Bdd) -> - [ &_79 <- _ret ] [ &self <- { self with current = { self.current with and_memo = _ret.final } } ] s2) - | s2 = add_tup2_Bdd_Bdd {_79} {_80} {r'0} (fun (_ret: ()) -> [ &_78 <- _ret ] s3) + [ &_91 <- _ret ] [ &self <- { self with current = { self.current with and_memo = _ret.final } } ] s2) + | s2 = add_tup2_Bdd_Bdd {_91} {_92} {r'0} (fun (_ret: ()) -> [ &_90 <- _ret ] s3) | s3 = bb34 ] | bb34 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 @@ -3685,19 +3685,19 @@ module M_impl_Context_0__and (* Context<'arena> *) | s3 = bb35 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Context self} s1 | s1 = -{resolve_ref_Context self}- s2 | s2 = bb3 ] - | bb3 = s0 [ s0 = elim_Some {_12} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) | s1 = [ &_0 <- r ] s2 | s2 = bb35 ] + | bb3 = s0 [ s0 = elim_Some {_24} (fun (r0: t_Bdd) -> [ &r <- r0 ] s1) | s1 = [ &_0 <- r ] s2 | s2 = bb35 ] | bb35 = return {_0} ] [ & _0: t_Bdd = Any.any_l () | & self: MutBorrow.t t_Context = self | & a: t_Bdd = a | & b: t_Bdd = b - | & _12: t_Option_ref_Bdd = Any.any_l () - | & _15: tup2_Bdd_Bdd = Any.any_l () - | & _16: tup2_Bdd_Bdd = Any.any_l () + | & _24: t_Option_ref_Bdd = Any.any_l () + | & _27: tup2_Bdd_Bdd = Any.any_l () + | & _28: tup2_Bdd_Bdd = Any.any_l () | & r: t_Bdd = Any.any_l () | & r'0: t_Bdd = Any.any_l () - | & _23: tup2_Node_Node = Any.any_l () - | & _31: MutBorrow.t t_Context = Any.any_l () + | & _35: tup2_Node_Node = Any.any_l () + | & _43: MutBorrow.t t_Context = Any.any_l () | & va: UInt64.t = Any.any_l () | & childta: t_Bdd = Any.any_l () | & childfa: t_Bdd = Any.any_l () @@ -3707,24 +3707,24 @@ module M_impl_Context_0__and (* Context<'arena> *) | & v: UInt64.t = Any.any_l () | & childt: t_Bdd = Any.any_l () | & childf: t_Bdd = Any.any_l () - | & _42: t_Ordering = Any.any_l () - | & _45: UInt64.t = Any.any_l () - | & _48: t_Bdd = Any.any_l () - | & _49: MutBorrow.t t_Context = Any.any_l () - | & _52: t_Bdd = Any.any_l () - | & _53: MutBorrow.t t_Context = Any.any_l () - | & _57: t_Bdd = Any.any_l () - | & _58: MutBorrow.t t_Context = Any.any_l () - | & _61: t_Bdd = Any.any_l () - | & _62: MutBorrow.t t_Context = Any.any_l () - | & _66: t_Bdd = Any.any_l () - | & _67: MutBorrow.t t_Context = Any.any_l () - | & _70: t_Bdd = Any.any_l () - | & _71: MutBorrow.t t_Context = Any.any_l () + | & _54: t_Ordering = Any.any_l () + | & _57: UInt64.t = Any.any_l () + | & _60: t_Bdd = Any.any_l () + | & _61: MutBorrow.t t_Context = Any.any_l () + | & _64: t_Bdd = Any.any_l () + | & _65: MutBorrow.t t_Context = Any.any_l () + | & _69: t_Bdd = Any.any_l () + | & _70: MutBorrow.t t_Context = Any.any_l () + | & _73: t_Bdd = Any.any_l () | & _74: MutBorrow.t t_Context = Any.any_l () - | & _78: () = Any.any_l () - | & _79: MutBorrow.t t_MyHashMap_tup2_Bdd_Bdd_Bdd = Any.any_l () - | & _80: tup2_Bdd_Bdd = Any.any_l () ] + | & _78: t_Bdd = Any.any_l () + | & _79: MutBorrow.t t_Context = Any.any_l () + | & _82: t_Bdd = Any.any_l () + | & _83: MutBorrow.t t_Context = Any.any_l () + | & _86: MutBorrow.t t_Context = Any.any_l () + | & _90: () = Any.any_l () + | & _91: MutBorrow.t t_MyHashMap_tup2_Bdd_Bdd_Bdd = Any.any_l () + | & _92: tup2_Bdd_Bdd = Any.any_l () ] [ and (self: MutBorrow.t t_Context) (a: t_Bdd) (b: t_Bdd) (_ret (_r: t_Bdd)) -> {[@expl:function variant] well_founded_relation_Int function_variant (size a + size b)} and {self} {a} {b} (_ret) ] [ function_variant: int = size a + size b ]) diff --git a/tests/should_succeed/bdd/proof.json b/tests/should_succeed/bdd/proof.json index f5a0a4cb4c..83d73ccf60 100644 --- a/tests/should_succeed/bdd/proof.json +++ b/tests/should_succeed/bdd/proof.json @@ -7,14 +7,14 @@ ], "proofs": { "M_hashmap__impl_Hash_for_tup2_U_V__hash": { - "vc_hash_U": { "prover": "cvc5@1.3.1", "time": 0.036 }, - "vc_hash_V": { "prover": "cvc5@1.3.1", "time": 0.039 }, + "vc_hash_U": { "prover": "cvc5@1.3.1", "time": 0.016 }, + "vc_hash_V": { "prover": "cvc5@1.3.1", "time": 0.015 }, "vc_hash_tup2_U_V": { "prover": "z3@4.15.3", "time": 0.021 }, - "vc_wrapping_add": { "prover": "cvc5@1.3.1", "time": 0.039 }, - "vc_wrapping_mul": { "prover": "cvc5@1.3.1", "time": 0.039 } + "vc_wrapping_add": { "prover": "cvc5@1.3.1", "time": 0.015 }, + "vc_wrapping_mul": { "prover": "cvc5@1.3.1", "time": 0.015 } }, "M_hashmap__impl_Hash_for_tup2_U_V__hash__refines": { - "refines": { "prover": "cvc5@1.3.1", "time": 0.025 } + "refines": { "prover": "cvc5@1.3.1", "time": 0.008 } }, "M_impl_Bdd__size": { "vc_size": { "prover": "cvc5@1.3.1", "time": 0.014 } @@ -25,7 +25,7 @@ "M_impl_Clone_for_Node__clone": { "vc_clone_Bdd": { "prover": "cvc5@1.3.1", "time": 0.017 }, "vc_clone_Node": { "prover": "cvc5@1.3.1", "time": 0.03 }, - "vc_clone_u64": { "prover": "cvc5@1.3.1", "time": 0.027 }, + "vc_clone_u64": { "prover": "cvc5@1.3.1", "time": 0.012 }, "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.014 } }, "M_impl_Context_0__and": { @@ -36,17 +36,17 @@ { "tactic": "split_vc", "children": [ - { "prover": "alt-ergo@2.6.2", "time": 1.4 }, - { "prover": "cvc5@1.3.1", "time": 0.09 }, - { "prover": "cvc5@1.3.1", "time": 0.097 }, - { "prover": "cvc5@1.3.1", "time": 0.062 }, - { "prover": "cvc5@1.3.1", "time": 0.044 }, - { "prover": "cvc5@1.3.1", "time": 0.051 }, - { "prover": "cvc5@1.3.1", "time": 0.12 }, + { "prover": "alt-ergo@2.6.2", "time": 0.436 }, + { "prover": "cvc5@1.3.1", "time": 0.031 }, + { "prover": "cvc5@1.3.1", "time": 0.037 }, + { "prover": "cvc5@1.3.1", "time": 0.026 }, + { "prover": "cvc5@1.3.1", "time": 0.022 }, + { "prover": "cvc5@1.3.1", "time": 0.019 }, + { "prover": "cvc5@1.3.1", "time": 0.039 }, { "prover": "z3@4.15.3", "time": 0.015 }, - { "prover": "cvc5@1.3.1", "time": 0.172 }, + { "prover": "cvc5@1.3.1", "time": 0.061 }, { "prover": "z3@4.15.3", "time": 0.025 }, - { "prover": "cvc5@1.3.1", "time": 0.062 }, + { "prover": "cvc5@1.3.1", "time": 0.017 }, { "tactic": "split_vc", "children": [ @@ -60,7 +60,7 @@ { "prover": "cvc5@1.3.1", "time": 0.064 }, { "prover": "z3@4.15.3", "time": 0.015 }, { "prover": "z3@4.15.3", "time": 0.018 }, - { "prover": "z3@4.15.3", "time": 0.024 }, + { "prover": "z3@4.15.3", "time": 0.049 }, { "prover": "z3@4.15.3", "time": 0.025 }, { "prover": "cvc5@1.3.1", "time": 0.078 }, { "prover": "cvc5@1.3.1", "time": 0.076 }, @@ -84,65 +84,72 @@ { "prover": "z3@4.15.3", "time": 0.031 } ] }, - { "prover": "cvc5@1.3.1", "time": 0.101 }, - { "prover": "cvc5@1.3.1", "time": 0.106 }, + { "prover": "cvc5@1.3.1", "time": 0.044 }, + { "prover": "cvc5@1.3.1", "time": 0.035 }, { "prover": "cvc5@1.3.1", "time": 0.047 }, - { "prover": "cvc5@1.3.1", "time": 0.045 }, - { "prover": "cvc5@1.3.1", "time": 0.05 }, - { "prover": "cvc5@1.3.1", "time": 0.056 }, - { "prover": "cvc5@1.3.1", "time": 0.061 }, + { "prover": "cvc5@1.3.1", "time": 0.021 }, + { "prover": "cvc5@1.3.1", "time": 0.02 }, + { "prover": "cvc5@1.3.1", "time": 0.028 }, + { "prover": "cvc5@1.3.1", "time": 0.027 }, { "prover": "cvc5@1.3.1", "time": 0.059 }, - { "prover": "cvc5@1.3.1", "time": 0.057 }, - { "prover": "cvc5@1.3.1", "time": 0.061 }, + { "prover": "cvc5@1.3.1", "time": 0.027 }, + { "prover": "cvc5@1.3.1", "time": 0.021 }, { "prover": "cvc5@1.3.1", "time": 0.062 }, - { "prover": "cvc5@1.3.1", "time": 0.152 }, - { "prover": "cvc5@1.3.1", "time": 0.073 }, - { "prover": "cvc5@1.3.1", "time": 0.145 }, - { "prover": "cvc5@1.3.1", "time": 0.044 }, - { "prover": "cvc5@1.3.1", "time": 0.061 }, - { "prover": "cvc5@1.3.1", "time": 0.111 }, - { "prover": "cvc5@1.3.1", "time": 0.068 }, - { "prover": "cvc4@1.8", "time": 0.167 }, - { "prover": "cvc5@1.3.1", "time": 0.171 }, - { "prover": "cvc5@1.3.1", "time": 0.058 }, - { "prover": "cvc5@1.3.1", "time": 0.116 }, - { "prover": "cvc5@1.3.1", "time": 0.064 }, - { "prover": "cvc5@1.3.1", "time": 0.181 }, - { "prover": "cvc5@1.3.1", "time": 0.174 }, - { "prover": "cvc5@1.3.1", "time": 0.054 }, - { "prover": "cvc5@1.3.1", "time": 0.126 }, + { "prover": "cvc5@1.3.1", "time": 0.047 }, + { "prover": "cvc5@1.3.1", "time": 0.026 }, + { "prover": "cvc5@1.3.1", "time": 0.048 }, + { "prover": "cvc5@1.3.1", "time": 0.019 }, + { "prover": "cvc5@1.3.1", "time": 0.029 }, + { "prover": "cvc5@1.3.1", "time": 0.05 }, + { "prover": "cvc5@1.3.1", "time": 0.023 }, + { "prover": "cvc4@1.8", "time": 0.065 }, + { "prover": "cvc5@1.3.1", "time": 0.074 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, + { "prover": "cvc5@1.3.1", "time": 0.048 }, + { "prover": "cvc5@1.3.1", "time": 0.029 }, + { "prover": "cvc5@1.3.1", "time": 0.072 }, + { "prover": "cvc5@1.3.1", "time": 0.074 }, + { "prover": "cvc5@1.3.1", "time": 0.027 }, { "prover": "cvc5@1.3.1", "time": 0.056 }, - { "prover": "cvc4@1.8", "time": 0.185 }, + { "prover": "cvc5@1.3.1", "time": 0.021 }, + { "prover": "cvc4@1.8", "time": 0.059 }, { "prover": "cvc5@1.3.1", "time": 0.181 }, - { "prover": "cvc5@1.3.1", "time": 0.032 }, + { "prover": "cvc5@1.3.1", "time": 0.015 }, { "prover": "cvc5@1.3.1", "time": 0.079 }, { "prover": "cvc5@1.3.1", "time": 0.047 }, { "prover": "cvc5@1.3.1", "time": 0.033 }, - { "prover": "cvc5@1.3.1", "time": 0.127 }, - { "prover": "cvc5@1.3.1", "time": 0.046 }, + { "prover": "cvc5@1.3.1", "time": 0.052 }, + { "prover": "cvc5@1.3.1", "time": 0.018 }, { "prover": "cvc5@1.3.1", "time": 0.094 }, - { "prover": "cvc5@1.3.1", "time": 0.058 }, + { "prover": "cvc5@1.3.1", "time": 0.029 }, { "prover": "cvc5@1.3.1", "time": 0.13 }, - { "prover": "cvc5@1.3.1", "time": 0.161 }, + { "prover": "cvc5@1.3.1", "time": 0.08 }, { "prover": "cvc5@1.3.1", "time": 0.047 }, { "prover": "cvc5@1.3.1", "time": 0.053 }, - { "prover": "cvc5@1.3.1", "time": 0.063 }, - { "prover": "cvc5@1.3.1", "time": 0.056 }, - { "prover": "cvc5@1.3.1", "time": 0.077 }, + { "prover": "cvc5@1.3.1", "time": 0.029 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, { "prover": "cvc5@1.3.1", "time": 0.045 }, { "tactic": "split_vc", "children": [ { "prover": "z3@4.15.3", "time": 0.075 }, - { "prover": "z3@4.15.3", "time": 0.078 }, - { "prover": "z3@4.15.3", "time": 0.078 }, - { "prover": "z3@4.15.3", "time": 0.075 }, - { "prover": "z3@4.15.3", "time": 0.094 }, - { "prover": "z3@4.15.3", "time": 0.111 }, - { "prover": "z3@4.15.3", "time": 0.511 }, - { "prover": "z3@4.15.3", "time": 0.516 }, - { "prover": "z3@4.15.3", "time": 0.431 }, - { "prover": "z3@4.15.3", "time": 0.1 }, + { "prover": "z3@4.15.3", "time": 0.03 }, + { "prover": "z3@4.15.3", "time": 0.027 }, + { "prover": "z3@4.15.3", "time": 0.036 }, + { "prover": "z3@4.15.3", "time": 0.027 }, + { "prover": "z3@4.15.3", "time": 0.048 }, + { "prover": "cvc4@1.8", "time": 1.2 }, + { "prover": "cvc4@1.8", "time": 1.1 }, + { + "tactic": "split_vc", + "children": [ + { "prover": "z3@4.15.3", "time": 0.017 }, + { "prover": "z3@4.15.3", "time": 0.029 }, + { "prover": "z3@4.15.3", "time": 0.017 } + ] + }, + { "prover": "z3@4.15.3", "time": 0.036 }, { "prover": "z3@4.15.3", "time": 0.069 }, { "prover": "z3@4.15.3", "time": 0.056 }, { @@ -153,8 +160,8 @@ { "prover": "cvc5@1.3.1", "time": 0.108 } ] }, - { "prover": "z3@4.15.3", "time": 1.2 }, - { "prover": "z3@4.15.3", "time": 0.641 }, + { "prover": "z3@4.15.3", "time": 0.471 }, + { "prover": "z3@4.15.3", "time": 0.173 }, { "tactic": "split_vc", "children": [ @@ -165,88 +172,88 @@ } ] }, - { "prover": "cvc5@1.3.1", "time": 0.091 }, + { "prover": "cvc5@1.3.1", "time": 0.034 }, { "prover": "z3@4.15.3", "time": 0.057 }, - { "prover": "cvc5@1.3.1", "time": 0.117 }, + { "prover": "cvc5@1.3.1", "time": 0.046 }, { "prover": "z3@4.15.3", "time": 0.192 }, { "tactic": "split_vc", "children": [ - { "prover": "z3@4.15.3", "time": 0.067 }, + { "prover": "z3@4.15.3", "time": 0.025 }, { "prover": "z3@4.15.3", "time": 0.18 }, { "prover": "z3@4.15.3", "time": 0.071 }, { "prover": "z3@4.15.3", "time": 0.062 }, - { "prover": "z3@4.15.3", "time": 0.161 }, - { "prover": "z3@4.15.3", "time": 0.209 }, + { "prover": "z3@4.15.3", "time": 0.061 }, + { "prover": "z3@4.15.3", "time": 0.094 }, { "prover": "cvc5@1.3.1", "time": 0.149 }, { "prover": "cvc4@1.8", "time": 0.148 }, { "prover": "z3@4.15.3", "time": 0.041 }, - { "prover": "z3@4.15.3", "time": 0.155 }, - { "prover": "z3@4.15.3", "time": 0.366 }, + { "prover": "z3@4.15.3", "time": 0.063 }, + { "prover": "z3@4.15.3", "time": 0.175 }, { "prover": "z3@4.15.3", "time": 0.218 }, - { "prover": "z3@4.15.3", "time": 0.492 }, + { "prover": "z3@4.15.3", "time": 0.206 }, { "prover": "z3@4.15.3", "time": 0.389 }, - { "prover": "z3@4.15.3", "time": 0.506 }, - { "prover": "z3@4.15.3", "time": 0.459 }, + { "prover": "z3@4.15.3", "time": 0.22 }, + { "prover": "z3@4.15.3", "time": 0.125 }, { "prover": "z3@4.15.3", "time": 0.06 }, { "prover": "z3@4.15.3", "time": 0.062 }, { "prover": "z3@4.15.3", "time": 0.111 }, - { "prover": "z3@4.15.3", "time": 0.07 }, + { "prover": "z3@4.15.3", "time": 0.027 }, { "prover": "z3@4.15.3", "time": 0.069 }, - { "prover": "z3@4.15.3", "time": 0.112 }, + { "prover": "z3@4.15.3", "time": 0.039 }, { "prover": "cvc5@1.3.1", "time": 0.306 }, { "prover": "cvc5@1.3.1", "time": 0.432 }, { "prover": "z3@4.15.3", "time": 0.361 }, { "prover": "z3@4.15.3", "time": 0.06 }, { "prover": "z3@4.15.3", "time": 0.051 }, { "prover": "z3@4.15.3", "time": 0.091 }, - { "prover": "cvc5@1.3.1", "time": 0.427 }, + { "prover": "cvc5@1.3.1", "time": 0.179 }, { "prover": "cvc5@1.3.1", "time": 0.279 }, { "prover": "cvc5@1.3.1", "time": 0.281 }, - { "prover": "alt-ergo@2.6.2", "time": 1.6 } + { "prover": "alt-ergo@2.6.2", "time": 0.396 } ] }, - { "prover": "z3@4.15.3", "time": 0.119 }, - { "prover": "z3@4.15.3", "time": 0.072 }, + { "prover": "z3@4.15.3", "time": 0.049 }, + { "prover": "z3@4.15.3", "time": 0.032 }, { "prover": "z3@4.15.3", "time": 0.181 }, { "prover": "cvc5@1.3.1", "time": 0.173 }, - { "prover": "cvc5@1.3.1", "time": 0.051 }, - { "prover": "cvc5@1.3.1", "time": 0.053 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.3.1", "time": 0.141 }, - { "prover": "z3@4.15.3", "time": 0.084 }, - { "prover": "cvc5@1.3.1", "time": 0.124 }, - { "prover": "cvc5@1.3.1", "time": 0.146 }, - { "prover": "z3@4.15.3", "time": 0.062 }, + { "prover": "cvc5@1.3.1", "time": 0.056 }, + { "prover": "z3@4.15.3", "time": 0.027 }, + { "prover": "cvc5@1.3.1", "time": 0.056 }, + { "prover": "cvc5@1.3.1", "time": 0.066 }, + { "prover": "z3@4.15.3", "time": 0.027 }, { "prover": "z3@4.15.3", "time": 0.063 }, - { "prover": "cvc5@1.3.1", "time": 0.139 }, - { "prover": "cvc5@1.3.1", "time": 0.124 }, - { "prover": "z3@4.15.3", "time": 0.045 }, - { "prover": "z3@4.15.3", "time": 0.036 }, + { "prover": "cvc5@1.3.1", "time": 0.064 }, + { "prover": "cvc5@1.3.1", "time": 0.052 }, + { "prover": "z3@4.15.3", "time": 0.015 }, + { "prover": "z3@4.15.3", "time": 0.015 }, { "prover": "z3@4.15.3", "time": 0.054 }, { "prover": "z3@4.15.3", "time": 0.088 }, - { "prover": "cvc5@1.3.1", "time": 0.144 }, - { "prover": "cvc5@1.3.1", "time": 0.143 }, - { "prover": "cvc5@1.3.1", "time": 0.191 }, - { "prover": "z3@4.15.3", "time": 0.113 }, - { "prover": "cvc5@1.3.1", "time": 0.122 }, - { "prover": "cvc5@1.3.1", "time": 0.147 }, - { "prover": "cvc5@1.3.1", "time": 0.155 }, - { "prover": "cvc5@1.3.1", "time": 0.155 }, + { "prover": "cvc5@1.3.1", "time": 0.056 }, + { "prover": "cvc5@1.3.1", "time": 0.054 }, + { "prover": "cvc5@1.3.1", "time": 0.093 }, + { "prover": "z3@4.15.3", "time": 0.056 }, + { "prover": "cvc5@1.3.1", "time": 0.046 }, + { "prover": "cvc5@1.3.1", "time": 0.058 }, + { "prover": "cvc5@1.3.1", "time": 0.065 }, + { "prover": "cvc5@1.3.1", "time": 0.05 }, { "prover": "z3@4.15.3", "time": 0.04 }, - { "prover": "z3@4.15.3", "time": 0.037 }, - { "prover": "cvc5@1.3.1", "time": 0.119 }, + { "prover": "z3@4.15.3", "time": 0.015 }, + { "prover": "cvc5@1.3.1", "time": 0.046 }, { "prover": "cvc5@1.3.1", "time": 0.098 }, - { "prover": "z3@4.15.3", "time": 0.055 }, - { "prover": "z3@4.15.3", "time": 0.052 }, - { "prover": "z3@4.15.3", "time": 0.042 }, + { "prover": "z3@4.15.3", "time": 0.026 }, + { "prover": "z3@4.15.3", "time": 0.012 }, + { "prover": "z3@4.15.3", "time": 0.018 }, { "prover": "z3@4.15.3", "time": 0.035 }, { "prover": "cvc5@1.3.1", "time": 0.099 }, - { "prover": "cvc5@1.3.1", "time": 0.112 }, - { "prover": "cvc5@1.3.1", "time": 0.098 }, - { "prover": "z3@4.15.3", "time": 0.08 } + { "prover": "cvc5@1.3.1", "time": 0.055 }, + { "prover": "cvc5@1.3.1", "time": 0.048 }, + { "prover": "z3@4.15.3", "time": 0.036 } ] }, { "prover": "cvc5@1.3.1", "time": 0.115 }, @@ -266,13 +273,13 @@ }, "M_impl_Context_0__false": { "vc_false_": { "prover": "cvc5@1.3.1", "time": 0.063 }, - "vc_hashcons'0": { "prover": "cvc5@1.3.1", "time": 0.029 } + "vc_hashcons'0": { "prover": "cvc5@1.3.1", "time": 0.011 } }, "M_impl_Context_0__hashcons": { - "vc_add_Node": { "prover": "cvc5@1.3.1", "time": 0.024 }, + "vc_add_Node": { "prover": "cvc5@1.3.1", "time": 0.012 }, "vc_alloc_Node": { "prover": "cvc5@1.3.1", "time": 0.023 }, "vc_elim_Some": { "prover": "cvc5@1.3.1", "time": 0.026 }, - "vc_get_Node": { "prover": "cvc5@1.3.1", "time": 0.034 }, + "vc_get_Node": { "prover": "cvc5@1.3.1", "time": 0.015 }, "vc_hashcons'0": { "tactic": "compute_specified", "children": [ @@ -280,15 +287,15 @@ "tactic": "split_vc", "children": [ { "prover": "z3@4.15.3", "time": 0.769 }, - { "prover": "cvc5@1.3.1", "time": 0.042 }, + { "prover": "cvc5@1.3.1", "time": 0.02 }, { "prover": "cvc5@1.3.1", "time": 0.085 }, - { "prover": "cvc5@1.3.1", "time": 0.052 }, - { "prover": "cvc5@1.3.1", "time": 0.038 }, + { "prover": "cvc5@1.3.1", "time": 0.021 }, + { "prover": "cvc5@1.3.1", "time": 0.017 }, { "prover": "cvc5@1.3.1", "time": 0.056 }, { "prover": "cvc5@1.3.1", "time": 0.141 }, { "prover": "cvc5@1.3.1", "time": 0.057 }, - { "prover": "cvc5@1.3.1", "time": 0.051 }, - { "prover": "cvc5@1.3.1", "time": 0.041 } + { "prover": "cvc5@1.3.1", "time": 0.025 }, + { "prover": "cvc5@1.3.1", "time": 0.016 } ] } ] @@ -303,16 +310,16 @@ "vc_new_tup2_Bdd_Bdd": { "prover": "cvc5@1.3.1", "time": 0.013 } }, "M_impl_Context_0__node": { - "vc_eq_Bdd": { "prover": "cvc5@1.3.1", "time": 0.021 }, + "vc_eq_Bdd": { "prover": "cvc5@1.3.1", "time": 0.009 }, "vc_hashcons'0": { "prover": "cvc5@1.3.1", "time": 0.027 }, "vc_node": { "prover": "cvc5@1.3.1", "time": 0.1 } }, "M_impl_Context_0__not": { "vc_add_Bdd": { "prover": "cvc5@1.3.1", "time": 0.033 }, - "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.039 }, + "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.018 }, "vc_elim_Some": { "prover": "cvc5@1.3.1", "time": 0.026 }, "vc_false_": { "prover": "cvc5@1.3.1", "time": 0.03 }, - "vc_get_Bdd": { "prover": "cvc5@1.3.1", "time": 0.045 }, + "vc_get_Bdd": { "prover": "cvc5@1.3.1", "time": 0.018 }, "vc_node": { "prover": "cvc5@1.3.1", "time": 0.03 }, "vc_not'": { "tactic": "compute_specified", @@ -322,14 +329,14 @@ "children": [ { "prover": "cvc5@1.3.1", "time": 0.039 }, { "prover": "cvc5@1.3.1", "time": 0.041 }, - { "prover": "alt-ergo@2.6.2", "time": 1.8 }, - { "prover": "cvc5@1.3.1", "time": 0.098 }, + { "prover": "alt-ergo@2.6.2", "time": 0.724 }, + { "prover": "cvc5@1.3.1", "time": 0.045 }, { "prover": "cvc5@1.3.1", "time": 0.093 }, { "prover": "cvc5@1.3.1", "time": 0.051 }, { "prover": "cvc5@1.3.1", "time": 0.052 }, - { "prover": "cvc5@1.3.1", "time": 0.037 }, + { "prover": "cvc5@1.3.1", "time": 0.018 }, { "prover": "cvc5@1.3.1", "time": 0.038 }, - { "prover": "alt-ergo@2.6.2", "time": 1.4 }, + { "prover": "alt-ergo@2.6.2", "time": 0.534 }, { "prover": "cvc5@1.3.1", "time": 0.078 }, { "prover": "cvc5@1.3.1", "time": 0.076 }, { "prover": "cvc5@1.3.1", "time": 0.049 }, @@ -337,63 +344,63 @@ { "prover": "cvc5@1.3.1", "time": 0.039 }, { "prover": "cvc5@1.3.1", "time": 0.079 }, { "prover": "cvc5@1.3.1", "time": 0.036 }, - { "prover": "cvc5@1.3.1", "time": 0.091 }, - { "prover": "cvc5@1.3.1", "time": 0.057 }, - { "prover": "cvc5@1.3.1", "time": 0.1 }, { "prover": "cvc5@1.3.1", "time": 0.042 }, - { "prover": "cvc5@1.3.1", "time": 0.14 }, - { "prover": "cvc5@1.3.1", "time": 0.05 }, + { "prover": "cvc5@1.3.1", "time": 0.026 }, + { "prover": "cvc5@1.3.1", "time": 0.043 }, + { "prover": "cvc5@1.3.1", "time": 0.042 }, + { "prover": "cvc5@1.3.1", "time": 0.066 }, + { "prover": "cvc5@1.3.1", "time": 0.025 }, { "prover": "cvc5@1.3.1", "time": 0.058 }, - { "prover": "cvc5@1.3.1", "time": 0.144 }, + { "prover": "cvc5@1.3.1", "time": 0.066 }, { "prover": "cvc5@1.3.1", "time": 0.053 }, { "prover": "cvc5@1.3.1", "time": 0.17 }, { "tactic": "split_vc", "children": [ - { "prover": "cvc5@1.3.1", "time": 0.13 }, - { "prover": "z3@4.15.3", "time": 0.056 }, - { "prover": "cvc5@1.3.1", "time": 0.165 }, - { "prover": "cvc5@1.3.1", "time": 0.168 }, + { "prover": "cvc5@1.3.1", "time": 0.057 }, + { "prover": "z3@4.15.3", "time": 0.023 }, + { "prover": "cvc5@1.3.1", "time": 0.068 }, + { "prover": "cvc5@1.3.1", "time": 0.052 }, { "prover": "z3@4.15.3", "time": 0.087 }, { "prover": "z3@4.15.3", "time": 0.04 }, - { "prover": "z3@4.15.3", "time": 0.08 }, - { "prover": "z3@4.15.3", "time": 0.06 }, - { "prover": "z3@4.15.3", "time": 0.091 }, - { "prover": "z3@4.15.3", "time": 0.093 }, + { "prover": "z3@4.15.3", "time": 0.032 }, + { "prover": "z3@4.15.3", "time": 0.029 }, + { "prover": "z3@4.15.3", "time": 0.035 }, + { "prover": "z3@4.15.3", "time": 0.034 }, { "prover": "z3@4.15.3", "time": 0.052 }, { "prover": "z3@4.15.3", "time": 0.048 }, { "prover": "cvc5@1.3.1", "time": 0.109 }, { "prover": "cvc5@1.3.1", "time": 0.115 }, - { "prover": "cvc5@1.3.1", "time": 0.125 }, - { "prover": "z3@4.15.3", "time": 0.14 }, + { "prover": "cvc5@1.3.1", "time": 0.059 }, + { "prover": "z3@4.15.3", "time": 0.069 }, { "prover": "cvc5@1.3.1", "time": 0.134 }, { "prover": "cvc5@1.3.1", "time": 0.127 }, - { "prover": "cvc5@1.3.1", "time": 0.119 }, - { "prover": "cvc5@1.3.1", "time": 0.148 }, + { "prover": "cvc5@1.3.1", "time": 0.04 }, + { "prover": "cvc5@1.3.1", "time": 0.065 }, { "prover": "z3@4.15.3", "time": 0.04 }, - { "prover": "z3@4.15.3", "time": 0.043 }, - { "prover": "cvc5@1.3.1", "time": 0.142 }, - { "prover": "cvc5@1.3.1", "time": 0.145 }, + { "prover": "z3@4.15.3", "time": 0.016 }, + { "prover": "cvc5@1.3.1", "time": 0.052 }, + { "prover": "cvc5@1.3.1", "time": 0.058 }, { "prover": "z3@4.15.3", "time": 0.044 }, - { "prover": "z3@4.15.3", "time": 0.051 }, + { "prover": "z3@4.15.3", "time": 0.017 }, { "prover": "z3@4.15.3", "time": 0.028 }, { "prover": "z3@4.15.3", "time": 0.024 }, { "prover": "cvc5@1.3.1", "time": 0.089 }, { "prover": "cvc5@1.3.1", "time": 0.098 }, { "prover": "cvc5@1.3.1", "time": 0.115 }, - { "prover": "z3@4.15.3", "time": 0.037 } + { "prover": "z3@4.15.3", "time": 0.018 } ] }, { "prover": "cvc5@1.3.1", "time": 0.176 }, { "prover": "cvc5@1.3.1", "time": 0.123 }, - { "prover": "cvc5@1.3.1", "time": 0.16 }, + { "prover": "cvc5@1.3.1", "time": 0.065 }, { "prover": "cvc5@1.3.1", "time": 0.121 }, { "prover": "cvc5@1.3.1", "time": 0.046 }, { "prover": "cvc5@1.3.1", "time": 0.036 }, { "prover": "cvc5@1.3.1", "time": 0.04 }, - { "prover": "cvc5@1.3.1", "time": 0.039 }, + { "prover": "cvc5@1.3.1", "time": 0.019 }, { "prover": "cvc5@1.3.1", "time": 0.077 }, - { "prover": "z3@4.15.3", "time": 0.028 }, + { "prover": "z3@4.15.3", "time": 0.013 }, { "prover": "cvc5@1.3.1", "time": 0.127 }, { "prover": "z3@4.15.3", "time": 0.024 }, { "prover": "cvc5@1.3.1", "time": 0.031 } @@ -404,8 +411,8 @@ "vc_true_": { "prover": "cvc5@1.3.1", "time": 0.035 } }, "M_impl_Context_0__true": { - "vc_hashcons'0": { "prover": "cvc5@1.3.1", "time": 0.029 }, - "vc_true_": { "prover": "cvc5@1.3.1", "time": 0.058 } + "vc_hashcons'0": { "prover": "cvc5@1.3.1", "time": 0.011 }, + "vc_true_": { "prover": "cvc5@1.3.1", "time": 0.022 } }, "M_impl_Context_0__v": { "vc_false_": { "prover": "cvc5@1.3.1", "time": 0.033 }, @@ -417,13 +424,13 @@ "vc_bdd_canonical": { "prover": "cvc5@1.3.1", "time": 0.116 } }, "M_impl_Context__discr_valuation": { - "vc_discr_valuation": { "prover": "alt-ergo@2.6.2", "time": 1.6 } + "vc_discr_valuation": { "prover": "alt-ergo@2.6.2", "time": 0.717 } }, "M_impl_Context__grows_is_valid_bdd": { "vc_grows_is_valid_bdd": { "prover": "cvc5@1.3.1", "time": 0.024 } }, "M_impl_Context__grows_trans": { - "vc_grows_trans": { "prover": "cvc5@1.3.1", "time": 0.053 } + "vc_grows_trans": { "prover": "cvc5@1.3.1", "time": 0.021 } }, "M_impl_Context__set_irrelevent_var": { "vc_set_irrelevent_var": { "prover": "cvc5@1.3.1", "time": 0.063 } @@ -437,20 +444,20 @@ "M_impl_Eq_for_Node__assert_receiver_is_total_eq": { "vc_assert_receiver_is_total_eq_Node": { "prover": "cvc5@1.3.1", - "time": 0.044 + "time": 0.016 } }, "M_impl_Hash_for_Bdd__hash": { - "vc_hash_Bdd": { "prover": "cvc5@1.3.1", "time": 0.026 } + "vc_hash_Bdd": { "prover": "cvc5@1.3.1", "time": 0.011 } }, "M_impl_Hash_for_Bdd__hash__refines": { "refines": { "prover": "cvc5@1.3.1", "time": 0.021 } }, "M_impl_Hash_for_Node__hash": { - "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.027 }, + "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.012 }, "vc_hash_Node": { "prover": "z3@4.15.3", "time": 0.029 }, "vc_wrapping_add": { "prover": "cvc5@1.3.1", "time": 0.014 }, - "vc_wrapping_mul": { "prover": "cvc5@1.3.1", "time": 0.027 } + "vc_wrapping_mul": { "prover": "cvc5@1.3.1", "time": 0.012 } }, "M_impl_Hash_for_Node__hash__refines": { "refines": { "prover": "cvc5@1.3.1", "time": 0.025 } @@ -462,8 +469,8 @@ "refines": { "prover": "cvc5@1.3.1", "time": 0.025 } }, "M_impl_PartialEq_for_Node__eq": { - "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.029 }, - "vc_eq_Bdd": { "prover": "cvc5@1.3.1", "time": 0.043 }, + "vc_elim_If": { "prover": "cvc5@1.3.1", "time": 0.011 }, + "vc_eq_Bdd": { "prover": "cvc5@1.3.1", "time": 0.014 }, "vc_eq_Node": { "prover": "cvc5@1.3.1", "time": 0.027 } }, "M_impl_PartialEq_for_Node__eq__refines": { diff --git a/tests/should_succeed/binary_search.coma b/tests/should_succeed/binary_search.coma index be816c62da..8008f975c0 100644 --- a/tests/should_succeed/binary_search.coma +++ b/tests/should_succeed/binary_search.coma @@ -96,11 +96,11 @@ module M_impl_List_T__index (* List *) | bb4 = s0 [ s0 = elim_Cons {l} (fun (r0: t_T) (r1: t_List_T) -> [ &t <- r0 ] s1) | s1 = elim_Cons {l} (fun (r0: t_T) (r1: t_List_T) -> [ &ls <- r1 ] s2) - | s2 = [ &_16 <- UInt64.gt ix (0: UInt64.t) ] s3 - | s3 = any [ br0 -> {_16 = false} (! bb6) | br1 -> {_16} (! bb5) ] ] + | s2 = [ &_27 <- UInt64.gt ix (0: UInt64.t) ] s3 + | s3 = any [ br0 -> {_27 = false} (! bb6) | br1 -> {_27} (! bb5) ] ] | bb5 = s0 - [ s0 = [ &_19 <- ls ] s1 - | s1 = [ &l <- _19 ] s2 + [ s0 = [ &_30 <- ls ] s1 + | s1 = [ &l <- _30 ] s2 | s2 = UInt64.sub {ix} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &ix <- _ret ] s3) | s3 = bb1 ] ] ] | bb7 = {false} any @@ -112,8 +112,8 @@ module M_impl_List_T__index (* List *) | & l: t_List_T = Any.any_l () | & t: t_T = Any.any_l () | & ls: t_List_T = Any.any_l () - | & _16: bool = Any.any_l () - | & _19: t_List_T = Any.any_l () ]) + | & _27: bool = Any.any_l () + | & _30: t_List_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:index result type invariant] inv_ref_T result} {[@expl:index ensures] Some result = get_T self (UInt64.t'int ix)} (! return {result}) ] @@ -381,9 +381,9 @@ module M_binary_search {[@expl:binary_search requires #0] len_u32 arr <= 1000000} {[@expl:binary_search requires #1] is_sorted arr} (! bb0 - [ bb0 = s0 [ s0 = len_u32'0 {arr} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len_u32'0 {arr} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _10 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] + [ s0 = [ &_17 <- _18 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_17 = false} (! bb3) | br1 -> {_17} (! bb2) ] ] | bb2 = s0 [ s0 = [ &_0 <- Err (0: UInt64.t) ] s1 | s1 = bb21 ] | bb3 = s0 [ s0 = len_u32'0 {arr} (fun (_ret: UInt64.t) -> [ &size <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &base <- (0: UInt64.t) ] s1 | s1 = bb5 ] @@ -396,57 +396,57 @@ module M_binary_search (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = [ &_22 <- UInt64.gt size (1: UInt64.t) ] s1 - | s1 = any [ br0 -> {_22 = false} (! bb13) | br1 -> {_22} (! bb7) ] ] + [ s0 = [ &_40 <- UInt64.gt size (1: UInt64.t) ] s1 + | s1 = any [ br0 -> {_40 = false} (! bb13) | br1 -> {_40} (! bb7) ] ] | bb7 = s0 - [ s0 = [ &_26 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _26} s2 | s2 = bb8 ] + [ s0 = [ &_44 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _44} s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UInt64.div {size} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &half <- _ret ] s1) | s1 = UInt64.add {base} {half} (fun (_ret: UInt64.t) -> [ &mid <- _ret ] s2) - | s2 = index_u32 {arr} {mid} (fun (_ret: UInt32.t) -> [ &_33 <- _ret ] s3) + | s2 = index_u32 {arr} {mid} (fun (_ret: UInt32.t) -> [ &_51 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = [ &_31 <- UInt32.gt _33 elem ] s1 - | s1 = any [ br0 -> {_31 = false} (! bb11) | br1 -> {_31} (! bb10) ] ] - | bb10 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb12 ] - | bb11 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb12 ] + [ s0 = [ &_49 <- UInt32.gt _51 elem ] s1 + | s1 = any [ br0 -> {_49 = false} (! bb11) | br1 -> {_49} (! bb10) ] ] + | bb10 = s0 [ s0 = [ &_48 <- base ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_48 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &base <- _30 ] s1 + [ s0 = [ &base <- _48 ] s1 | s1 = UInt64.sub {size} {half} (fun (_ret: UInt64.t) -> [ &size <- _ret ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index_u32 {arr} {base} (fun (_ret: UInt32.t) -> [ &_40 <- _ret ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index_u32 {arr} {base} (fun (_ret: UInt32.t) -> [ &_58 <- _ret ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = [ &cmp <- _40 ] s1 - | s1 = [ &_43 <- cmp = elem ] s2 - | s2 = any [ br0 -> {_43 = false} (! bb16) | br1 -> {_43} (! bb15) ] ] + [ s0 = [ &cmp <- _58 ] s1 + | s1 = [ &_61 <- cmp = elem ] s2 + | s2 = any [ br0 -> {_61 = false} (! bb16) | br1 -> {_61} (! bb15) ] ] | bb15 = s0 [ s0 = [ &_0 <- Ok base ] s1 | s1 = bb21 ] | bb16 = s0 - [ s0 = [ &_47 <- UInt32.lt cmp elem ] s1 | s1 = any [ br0 -> {_47 = false} (! bb18) | br1 -> {_47} (! bb17) ] ] + [ s0 = [ &_65 <- UInt32.lt cmp elem ] s1 | s1 = any [ br0 -> {_65 = false} (! bb18) | br1 -> {_65} (! bb17) ] ] | bb17 = s0 - [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_50 <- _ret ] s1) - | s1 = [ &_0 <- Err _50 ] s2 + [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_68 <- _ret ] s1) + | s1 = [ &_0 <- Err _68 ] s2 | s2 = bb21 ] | bb18 = s0 [ s0 = [ &_0 <- Err base ] s1 | s1 = bb21 ] | bb21 = return {_0} ] [ & _0: t_Result_usize_usize = Any.any_l () | & arr: t_List_u32 = arr | & elem: UInt32.t = elem - | & _9: bool = Any.any_l () - | & _10: UInt64.t = Any.any_l () + | & _17: bool = Any.any_l () + | & _18: UInt64.t = Any.any_l () | & size: UInt64.t = Any.any_l () | & base: UInt64.t = Any.any_l () - | & _22: bool = Any.any_l () + | & _40: bool = Any.any_l () | & half: UInt64.t = Any.any_l () - | & _26: bool = Any.any_l () + | & _44: bool = Any.any_l () | & mid: UInt64.t = Any.any_l () - | & _30: UInt64.t = Any.any_l () - | & _31: bool = Any.any_l () - | & _33: UInt32.t = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _49: bool = Any.any_l () + | & _51: UInt32.t = Any.any_l () | & cmp: UInt32.t = Any.any_l () - | & _40: UInt32.t = Any.any_l () - | & _43: bool = Any.any_l () - | & _47: bool = Any.any_l () - | & _50: UInt64.t = Any.any_l () ]) + | & _58: UInt32.t = Any.any_l () + | & _61: bool = Any.any_l () + | & _65: bool = Any.any_l () + | & _68: UInt64.t = Any.any_l () ]) [ return (result: t_Result_usize_usize) -> {[@expl:binary_search ensures #0] forall x: UInt64.t. result = Ok x -> get_u32 arr (UInt64.t'int x) = Some elem} {[@expl:binary_search ensures #1] forall x: UInt64.t. result = Err x diff --git a/tests/should_succeed/bitvectors/bitwalker.coma b/tests/should_succeed/bitvectors/bitwalker.coma index f43d5458aa..55a6200a3b 100644 --- a/tests/should_succeed/bitvectors/bitwalker.coma +++ b/tests/should_succeed/bitvectors/bitwalker.coma @@ -56,17 +56,17 @@ module M_peek_bit_u8 {[@expl:peek_bit_u8 requires] UInt64.lt left (8: UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UInt64.sub {(7: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) - | s1 = UInt8.shl {(1: UInt8.t)} {UInt64.t'int _5} (fun (_ret: UInt8.t) -> [ &mask <- _ret ] s2) - | s2 = [ &_7 <- UInt8.bw_and x mask ] s3 - | s3 = [ &_0 <- _7 <> (0: UInt8.t) ] s4 + [ s0 = UInt64.sub {(7: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) + | s1 = UInt8.shl {(1: UInt8.t)} {UInt64.t'int _6} (fun (_ret: UInt8.t) -> [ &mask <- _ret ] s2) + | s2 = [ &_8 <- UInt8.bw_and x mask ] s3 + | s3 = [ &_0 <- _8 <> (0: UInt8.t) ] s4 | s4 = return {_0} ] ] [ & _0: bool = Any.any_l () | & x: UInt8.t = x | & left: UInt64.t = left | & mask: UInt8.t = Any.any_l () - | & _5: UInt64.t = Any.any_l () - | & _7: UInt8.t = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] + | & _6: UInt64.t = Any.any_l () + | & _8: UInt8.t = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] end module M_peek_bit_array8 use creusot.int.UInt64 @@ -155,20 +155,20 @@ module M_peek_bit_array8 {[@expl:peek_bit_array8 requires] UInt64.t'int left < 8 * Seq.length (Slice64.view addr)} (! bb0 [ bb0 = s0 - [ s0 = [ &_8 <- (8: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _8} s2 | s2 = bb1 ] + [ s0 = [ &_10 <- (8: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _10} s2 | s2 = bb1 ] | bb1 = s0 - [ s0 = UInt64.div {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) - | s1 = get_u8 {addr} {_6} (fun (_ret: t_Option_ref_u8) -> [ &_4 <- _ret ] s2) + [ s0 = UInt64.div {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) + | s1 = get_u8 {addr} {_8} (fun (_ret: t_Option_ref_u8) -> [ &_6 <- _ret ] s2) | s2 = bb2 ] - | bb2 = any [ br0 -> {_4 = None} (! bb5) | br1 (x0: UInt8.t) -> {_4 = Some x0} (! bb6) ] + | bb2 = any [ br0 -> {_6 = None} (! bb5) | br1 (x0: UInt8.t) -> {_6 = Some x0} (! bb6) ] | bb6 = s0 - [ s0 = elim_Some {_4} (fun (r0: UInt8.t) -> [ &v <- r0 ] s1) - | s1 = [ &_14 <- (8: UInt64.t) = (0: UInt64.t) ] s2 - | s2 = {[@expl:remainder by zero] not _14} s3 + [ s0 = elim_Some {_6} (fun (r0: UInt8.t) -> [ &v <- r0 ] s1) + | s1 = [ &_16 <- (8: UInt64.t) = (0: UInt64.t) ] s2 + | s2 = {[@expl:remainder by zero] not _16} s3 | s3 = bb7 ] | bb7 = s0 - [ s0 = UInt64.rem {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) - | s1 = peek_bit_u8 {v} {_12} (fun (_ret: bool) -> [ &_0 <- _ret ] s2) + [ s0 = UInt64.rem {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) + | s1 = peek_bit_u8 {v} {_14} (fun (_ret: bool) -> [ &_0 <- _ret ] s2) | s2 = bb11 ] | bb5 = any [ br0 -> {false = false} (! bb9) | br1 -> {false} (! bb10) ] | bb10 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb11 ] @@ -177,12 +177,12 @@ module M_peek_bit_array8 [ & _0: bool = Any.any_l () | & addr: Slice64.slice UInt8.t = addr | & left: UInt64.t = left - | & _4: t_Option_ref_u8 = Any.any_l () - | & _6: UInt64.t = Any.any_l () - | & _8: bool = Any.any_l () + | & _6: t_Option_ref_u8 = Any.any_l () + | & _8: UInt64.t = Any.any_l () + | & _10: bool = Any.any_l () | & v: UInt8.t = Any.any_l () - | & _12: UInt64.t = Any.any_l () - | & _14: bool = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] + | & _14: UInt64.t = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] end module M_poke_bit_64 use creusot.int.UInt64 @@ -241,19 +241,19 @@ module M_poke_bit_64 {[@expl:poke_bit_64 requires] UInt64.lt left (64: UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UInt64.sub {(63: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) - | s1 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int _6} (fun (_ret: UInt64.t) -> [ &mask <- _ret ] s2) + [ s0 = UInt64.sub {(63: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) + | s1 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int _7} (fun (_ret: UInt64.t) -> [ &mask <- _ret ] s2) | s2 = any [ br0 -> {flag = false} (! bb2) | br1 -> {flag} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- UInt64.bw_or value mask ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_14 <- UInt64.bw_not mask ] s1 | s1 = [ &_0 <- UInt64.bw_and value _14 ] s2 | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &_15 <- UInt64.bw_not mask ] s1 | s1 = [ &_0 <- UInt64.bw_and value _15 ] s2 | s2 = bb3 ] | bb3 = return {_0} ] [ & _0: UInt64.t = Any.any_l () | & value: UInt64.t = value | & left: UInt64.t = left | & flag: bool = flag | & mask: UInt64.t = Any.any_l () - | & _6: UInt64.t = Any.any_l () - | & _14: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _7: UInt64.t = Any.any_l () + | & _15: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_peek use creusot.int.UInt64 @@ -329,29 +329,29 @@ module M_peek {[@expl:peek requires #2] UInt64.t'int start + UInt64.t'int length <= 8 * Seq.length (Slice64.view addr)} (! bb0 [ bb0 = s0 - [ s0 = UInt64.add {start} {length} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) - | s1 = len_u8 {addr} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s2) + [ s0 = UInt64.add {start} {length} (fun (_ret: UInt64.t) -> [ &_15 <- _ret ] s1) + | s1 = len_u8 {addr} (fun (_ret: UInt64.t) -> [ &_19 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = UInt64.mul {(8: UInt64.t)} {_14} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s1) - | s1 = [ &_9 <- UInt64.gt _10 _13 ] s2 - | s2 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] + [ s0 = UInt64.mul {(8: UInt64.t)} {_19} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) + | s1 = [ &_14 <- UInt64.gt _15 _18 ] s2 + | s2 = any [ br0 -> {_14 = false} (! bb3) | br1 -> {_14} (! bb2) ] ] | bb2 = {false} any | bb3 = s0 [ s0 = [ &retval <- (0: UInt64.t) ] s1 | s1 = [ &i <- (0: UInt64.t) ] s2 | s2 = bb5 ] | bb5 = bb5 [ bb5 = (! s0 - [ s0 = [ &_21 <- UInt64.lt i length ] s1 | s1 = any [ br0 -> {_21 = false} (! bb9) | br1 -> {_21} (! bb6) ] ]) + [ s0 = [ &_26 <- UInt64.lt i length ] s1 | s1 = any [ br0 -> {_26 = false} (! bb9) | br1 -> {_26} (! bb6) ] ]) [ bb6 = s0 - [ s0 = UInt64.add {start} {i} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s1) - | s1 = peek_bit_array8 {addr} {_26} (fun (_ret: bool) -> [ &flag <- _ret ] s2) + [ s0 = UInt64.add {start} {i} (fun (_ret: UInt64.t) -> [ &_31 <- _ret ] s1) + | s1 = peek_bit_array8 {addr} {_31} (fun (_ret: bool) -> [ &flag <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = UInt64.sub {length} {i} (fun (_ret: UInt64.t) -> [ &_32 <- _ret ] s1) - | s1 = UInt64.sub {(64: UInt64.t)} {_32} (fun (_ret: UInt64.t) -> [ &_31 <- _ret ] s2) - | s2 = poke_bit_64 {retval} {_31} {flag} (fun (_ret: UInt64.t) -> [ &_29 <- _ret ] s3) + [ s0 = UInt64.sub {length} {i} (fun (_ret: UInt64.t) -> [ &_37 <- _ret ] s1) + | s1 = UInt64.sub {(64: UInt64.t)} {_37} (fun (_ret: UInt64.t) -> [ &_36 <- _ret ] s2) + | s2 = poke_bit_64 {retval} {_36} {flag} (fun (_ret: UInt64.t) -> [ &_34 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = [ &retval <- _29 ] s1 + [ s0 = [ &retval <- _34 ] s1 | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s2) | s2 = bb5 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- retval ] s1 | s1 = return {_0} ] ] @@ -359,18 +359,18 @@ module M_peek | & start: UInt64.t = start | & length: UInt64.t = length | & addr: Slice64.slice UInt8.t = addr - | & _9: bool = Any.any_l () - | & _10: UInt64.t = Any.any_l () - | & _13: UInt64.t = Any.any_l () - | & _14: UInt64.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: UInt64.t = Any.any_l () + | & _18: UInt64.t = Any.any_l () + | & _19: UInt64.t = Any.any_l () | & retval: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _21: bool = Any.any_l () + | & _26: bool = Any.any_l () | & flag: bool = Any.any_l () - | & _26: UInt64.t = Any.any_l () - | & _29: UInt64.t = Any.any_l () | & _31: UInt64.t = Any.any_l () - | & _32: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _34: UInt64.t = Any.any_l () + | & _36: UInt64.t = Any.any_l () + | & _37: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_peek_64bit use creusot.int.UInt64 @@ -429,17 +429,17 @@ module M_peek_64bit {[@expl:peek_64bit requires] UInt64.lt left (64: UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UInt64.sub {(63: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) - | s1 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int _5} (fun (_ret: UInt64.t) -> [ &mask <- _ret ] s2) - | s2 = [ &_7 <- UInt64.bw_and value mask ] s3 - | s3 = [ &_0 <- _7 <> (0: UInt64.t) ] s4 + [ s0 = UInt64.sub {(63: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) + | s1 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int _6} (fun (_ret: UInt64.t) -> [ &mask <- _ret ] s2) + | s2 = [ &_8 <- UInt64.bw_and value mask ] s3 + | s3 = [ &_0 <- _8 <> (0: UInt64.t) ] s4 | s4 = return {_0} ] ] [ & _0: bool = Any.any_l () | & value: UInt64.t = value | & left: UInt64.t = left | & mask: UInt64.t = Any.any_l () - | & _5: UInt64.t = Any.any_l () - | & _7: UInt64.t = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] + | & _6: UInt64.t = Any.any_l () + | & _8: UInt64.t = Any.any_l () ]) [ return (result: bool) -> (! return {result}) ] end module M_poke_8bit use creusot.int.UInt64 @@ -499,19 +499,19 @@ module M_poke_8bit {[@expl:poke_8bit requires] UInt64.lt left (8: UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = UInt64.sub {(7: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) - | s1 = UInt8.shl {(1: UInt8.t)} {UInt64.t'int _6} (fun (_ret: UInt8.t) -> [ &mask <- _ret ] s2) + [ s0 = UInt64.sub {(7: UInt64.t)} {left} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) + | s1 = UInt8.shl {(1: UInt8.t)} {UInt64.t'int _7} (fun (_ret: UInt8.t) -> [ &mask <- _ret ] s2) | s2 = any [ br0 -> {flag = false} (! bb2) | br1 -> {flag} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- UInt8.bw_or byte mask ] s1 | s1 = bb3 ] - | bb2 = s0 [ s0 = [ &_14 <- UInt8.bw_not mask ] s1 | s1 = [ &_0 <- UInt8.bw_and byte _14 ] s2 | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &_15 <- UInt8.bw_not mask ] s1 | s1 = [ &_0 <- UInt8.bw_and byte _15 ] s2 | s2 = bb3 ] | bb3 = return {_0} ] [ & _0: UInt8.t = Any.any_l () | & byte: UInt8.t = byte | & left: UInt64.t = left | & flag: bool = flag | & mask: UInt8.t = Any.any_l () - | & _6: UInt64.t = Any.any_l () - | & _14: UInt8.t = Any.any_l () ]) [ return (result: UInt8.t) -> (! return {result}) ] + | & _7: UInt64.t = Any.any_l () + | & _15: UInt8.t = Any.any_l () ]) [ return (result: UInt8.t) -> (! return {result}) ] end module M_poke_8bit_array use creusot.int.UInt64 @@ -584,35 +584,35 @@ module M_poke_8bit_array {[@expl:poke_8bit_array requires] UInt64.t'int left < 8 * Seq.length (Slice64.view addr.current)} (! bb0 [ bb0 = s0 - [ s0 = [ &_8 <- (8: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _8} s2 | s2 = bb1 ] + [ s0 = [ &_11 <- (8: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _11} s2 | s2 = bb1 ] | bb1 = s0 [ s0 = UInt64.div {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) - | s1 = [ &_11 <- (8: UInt64.t) = (0: UInt64.t) ] s2 - | s2 = {[@expl:remainder by zero] not _11} s3 + | s1 = [ &_14 <- (8: UInt64.t) = (0: UInt64.t) ] s2 + | s2 = {[@expl:remainder by zero] not _14} s3 | s3 = bb2 ] | bb2 = s0 [ s0 = UInt64.rem {left} {(8: UInt64.t)} (fun (_ret: UInt64.t) -> [ &k <- _ret ] s1) - | s1 = [ &_14 <- i ] s2 + | s1 = [ &_17 <- i ] s2 | s2 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length addr.current}- [ &_15 <- _ptr ] s3) - | s3 = [ &_16 <- Slice64.slice_ptr_len _15 ] s4 - | s4 = [ &_17 <- UInt64.lt _14 _16 ] s5 - | s5 = {[@expl:index in bounds] _17} s6 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length addr.current}- [ &_18 <- _ptr ] s3) + | s3 = [ &_19 <- Slice64.slice_ptr_len _18 ] s4 + | s4 = [ &_20 <- UInt64.lt _17 _19 ] s5 + | s5 = {[@expl:index in bounds] _20} s6 | s6 = bb3 ] | bb3 = s0 - [ s0 = Slice64.get {addr.current} {_14} - (fun (r: UInt8.t) -> poke_8bit {r} {k} {flag} (fun (_ret: UInt8.t) -> [ &_12 <- _ret ] s1)) + [ s0 = Slice64.get {addr.current} {_17} + (fun (r: UInt8.t) -> poke_8bit {r} {k} {flag} (fun (_ret: UInt8.t) -> [ &_15 <- _ret ] s1)) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_20 <- i ] s1 + [ s0 = [ &_23 <- i ] s1 | s1 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length addr.current}- [ &_21 <- _ptr ] s2) - | s2 = [ &_22 <- Slice64.slice_ptr_len _21 ] s3 - | s3 = [ &_23 <- UInt64.lt _20 _22 ] s4 - | s4 = {[@expl:index in bounds] _23} s5 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length addr.current}- [ &_24 <- _ptr ] s2) + | s2 = [ &_25 <- Slice64.slice_ptr_len _24 ] s3 + | s3 = [ &_26 <- UInt64.lt _23 _25 ] s4 + | s4 = {[@expl:index in bounds] _26} s5 | s5 = bb5 ] | bb5 = s0 - [ s0 = Slice64.set {addr.current} {_20} {_12} + [ s0 = Slice64.set {addr.current} {_23} {_15} (fun (r: Slice64.slice UInt8.t) -> [ &addr <- { addr with current = r } ] s1) | s1 = -{resolve_ref_slice_u8 addr}- s2 | s2 = return {_0} ] ] @@ -621,18 +621,18 @@ module M_poke_8bit_array | & left: UInt64.t = left | & flag: bool = flag | & i: UInt64.t = Any.any_l () - | & _8: bool = Any.any_l () - | & k: UInt64.t = Any.any_l () | & _11: bool = Any.any_l () - | & _12: UInt8.t = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _15: Opaque.ptr = Any.any_l () - | & _16: UInt64.t = Any.any_l () - | & _17: bool = Any.any_l () - | & _20: UInt64.t = Any.any_l () - | & _21: Opaque.ptr = Any.any_l () - | & _22: UInt64.t = Any.any_l () - | & _23: bool = Any.any_l () ]) + | & k: UInt64.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: UInt8.t = Any.any_l () + | & _17: UInt64.t = Any.any_l () + | & _18: Opaque.ptr = Any.any_l () + | & _19: UInt64.t = Any.any_l () + | & _20: bool = Any.any_l () + | & _23: UInt64.t = Any.any_l () + | & _24: Opaque.ptr = Any.any_l () + | & _25: UInt64.t = Any.any_l () + | & _26: bool = Any.any_l () ]) [ return (result: ()) -> {[@expl:poke_8bit_array ensures] Seq.length (Slice64.view addr.final) = Seq.length (Slice64.view addr.current)} (! return {result}) ] @@ -720,21 +720,21 @@ module M_poke (! bb0 [ bb0 = s0 [ s0 = len_u8 {addr.current} (fun (_ret: UInt64.t) -> [ &ghost_len <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UInt64.add {start} {length} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) - | s1 = len_u8 {addr.current} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s2) + [ s0 = UInt64.add {start} {length} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s1) + | s1 = len_u8 {addr.current} (fun (_ret: UInt64.t) -> [ &_24 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = UInt64.mul {(8: UInt64.t)} {_18} (fun (_ret: UInt64.t) -> [ &_17 <- _ret ] s1) - | s1 = [ &_13 <- UInt64.gt _14 _17 ] s2 - | s2 = any [ br0 -> {_13 = false} (! bb4) | br1 -> {_13} (! bb3) ] ] + [ s0 = UInt64.mul {(8: UInt64.t)} {_24} (fun (_ret: UInt64.t) -> [ &_23 <- _ret ] s1) + | s1 = [ &_19 <- UInt64.gt _20 _23 ] s2 + | s2 = any [ br0 -> {_19 = false} (! bb4) | br1 -> {_19} (! bb3) ] ] | bb3 = s0 [ s0 = -{resolve_ref_slice_u8 addr}- s1 | s1 = [ &_0 <- (-1: Int8.t) ] s2 | s2 = bb16 ] | bb4 = s0 - [ s0 = [ &_22 <- UInt64.lt length (64: UInt64.t) ] s1 - | s1 = any [ br0 -> {_22 = false} (! bb9) | br1 -> {_22} (! bb5) ] ] + [ s0 = [ &_28 <- UInt64.lt length (64: UInt64.t) ] s1 + | s1 = any [ br0 -> {_28 = false} (! bb9) | br1 -> {_28} (! bb5) ] ] | bb5 = s0 - [ s0 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int length} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s1) - | s1 = [ &_24 <- UInt64.ge value _26 ] s2 - | s2 = any [ br0 -> {_24 = false} (! bb9) | br1 -> {_24} (! bb7) ] ] + [ s0 = UInt64.shl {(1: UInt64.t)} {UInt64.t'int length} (fun (_ret: UInt64.t) -> [ &_32 <- _ret ] s1) + | s1 = [ &_30 <- UInt64.ge value _32 ] s2 + | s2 = any [ br0 -> {_30 = false} (! bb9) | br1 -> {_30} (! bb7) ] ] | bb7 = s0 [ s0 = -{resolve_ref_slice_u8 addr}- s1 | s1 = [ &_0 <- (-2: Int8.t) ] s2 | s2 = bb16 ] | bb9 = s0 [ s0 = UInt64.sub {(64: UInt64.t)} {length} (fun (_ret: UInt64.t) -> [ &lstart <- _ret ] s1) @@ -748,19 +748,19 @@ module M_poke (! s0) [ s0 = bb11 ] [ bb11 = s0 - [ s0 = [ &_37 <- UInt64.lt i length ] s1 - | s1 = any [ br0 -> {_37 = false} (! bb15) | br1 -> {_37} (! bb12) ] ] + [ s0 = [ &_47 <- UInt64.lt i length ] s1 + | s1 = any [ br0 -> {_47 = false} (! bb15) | br1 -> {_47} (! bb12) ] ] | bb12 = s0 [ s0 = {[@expl:assertion] UInt64.t'int i < UInt64.t'int length} s1 - | s1 = UInt64.add {lstart} {i} (fun (_ret: UInt64.t) -> [ &_44 <- _ret ] s2) - | s2 = peek_64bit {value} {_44} (fun (_ret: bool) -> [ &flag <- _ret ] s3) + | s1 = UInt64.add {lstart} {i} (fun (_ret: UInt64.t) -> [ &_56 <- _ret ] s2) + | s2 = peek_64bit {value} {_56} (fun (_ret: bool) -> [ &flag <- _ret ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = UInt64.add {start} {i} (fun (_ret: UInt64.t) -> [ &_49 <- _ret ] s1) + [ s0 = UInt64.add {start} {i} (fun (_ret: UInt64.t) -> [ &_61 <- _ret ] s1) | s1 = MutBorrow.borrow_mut {addr.current} (fun (_ret: MutBorrow.t (Slice64.slice UInt8.t)) -> - [ &_48 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s2) - | s2 = poke_8bit_array {_48} {_49} {flag} (fun (_ret: ()) -> [ &_47 <- _ret ] s3) + [ &_60 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s2) + | s2 = poke_8bit_array {_60} {_61} {flag} (fun (_ret: ()) -> [ &_59 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 [ s0 = {[@expl:assertion] Seq.length (Slice64.view addr.current) = UInt64.t'int ghost_len} s1 @@ -774,21 +774,21 @@ module M_poke | & addr: MutBorrow.t (Slice64.slice UInt8.t) = addr | & value: UInt64.t = value | & ghost_len: UInt64.t = Any.any_l () - | & _13: bool = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _17: UInt64.t = Any.any_l () - | & _18: UInt64.t = Any.any_l () - | & _22: bool = Any.any_l () - | & _24: bool = Any.any_l () - | & _26: UInt64.t = Any.any_l () + | & _19: bool = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _23: UInt64.t = Any.any_l () + | & _24: UInt64.t = Any.any_l () + | & _28: bool = Any.any_l () + | & _30: bool = Any.any_l () + | & _32: UInt64.t = Any.any_l () | & lstart: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _37: bool = Any.any_l () + | & _47: bool = Any.any_l () | & flag: bool = Any.any_l () - | & _44: UInt64.t = Any.any_l () - | & _47: () = Any.any_l () - | & _48: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () - | & _49: UInt64.t = Any.any_l () + | & _56: UInt64.t = Any.any_l () + | & _59: () = Any.any_l () + | & _60: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () + | & _61: UInt64.t = Any.any_l () | & old_10_0: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () ]) [ return (result: Int8.t) -> {[@expl:poke ensures] Seq.length (Slice64.view addr.final) = Seq.length (Slice64.view addr.current)} @@ -881,8 +881,8 @@ module M_peekthenpoke | bb1 = s0 [ s0 = MutBorrow.borrow_final {addr.current} {MutBorrow.get_id addr} (fun (_ret: MutBorrow.t (Slice64.slice UInt8.t)) -> - [ &_14 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s1) - | s1 = poke {start} {length} {_14} {value} (fun (_ret: Int8.t) -> [ &res <- _ret ] s2) + [ &_19 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s1) + | s1 = poke {start} {length} {_19} {value} (fun (_ret: Int8.t) -> [ &res <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve_ref_slice_u8 addr}- s1 | s1 = [ &_0 <- res ] s2 | s2 = return {_0} ] ] [ & _0: Int8.t = Any.any_l () @@ -891,7 +891,7 @@ module M_peekthenpoke | & addr: MutBorrow.t (Slice64.slice UInt8.t) = addr | & value: UInt64.t = Any.any_l () | & res: Int8.t = Any.any_l () - | & _14: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () ]) [ return (result: Int8.t) -> (! return {result}) ] + | & _19: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () ]) [ return (result: Int8.t) -> (! return {result}) ] end module M_pokethenpeek use creusot.prelude.MutBorrow @@ -980,8 +980,8 @@ module M_pokethenpeek [ bb0 = s0 [ s0 = MutBorrow.borrow_final {addr.current} {MutBorrow.get_id addr} (fun (_ret: MutBorrow.t (Slice64.slice UInt8.t)) -> - [ &_11 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s1) - | s1 = poke {start} {length} {_11} {value} (fun (_ret: Int8.t) -> [ &_res <- _ret ] s2) + [ &_16 <- _ret ] [ &addr <- { addr with current = _ret.final } ] s1) + | s1 = poke {start} {length} {_16} {value} (fun (_ret: Int8.t) -> [ &_res <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = -{resolve_ref_slice_u8 addr}- s1 @@ -994,6 +994,6 @@ module M_pokethenpeek | & addr: MutBorrow.t (Slice64.slice UInt8.t) = addr | & value: UInt64.t = value | & _res: Int8.t = Any.any_l () - | & _11: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () + | & _16: MutBorrow.t (Slice64.slice UInt8.t) = Any.any_l () | & peek_result: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end diff --git a/tests/should_succeed/bitvectors/popcount.coma b/tests/should_succeed/bitvectors/popcount.coma index b6bde96c77..3d27ef30a4 100644 --- a/tests/should_succeed/bitvectors/popcount.coma +++ b/tests/should_succeed/bitvectors/popcount.coma @@ -20,28 +20,28 @@ module M_count8 let rec count8 (n: UInt8BW.t) (return (x: UInt8BW.t)) = (! bb0 [ bb0 = s0 [ s0 = [ &x <- n ] s1 - | s1 = UInt8BW.shr {x} {Int32BW.to_int (1: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_7 <- _ret ] s2) - | s2 = [ &_6 <- UInt8BW.bw_and _7 (85: UInt8BW.t) ] s3 - | s3 = UInt8BW.sub {x} {_6} (fun (_ret: UInt8BW.t) -> [ &x <- _ret ] s4) - | s4 = [ &_9 <- UInt8BW.bw_and x (51: UInt8BW.t) ] s5 - | s5 = UInt8BW.shr {x} {Int32BW.to_int (2: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_12 <- _ret ] s6) - | s6 = [ &_11 <- UInt8BW.bw_and _12 (51: UInt8BW.t) ] s7 - | s7 = UInt8BW.add {_9} {_11} (fun (_ret: UInt8BW.t) -> [ &x <- _ret ] s8) - | s8 = UInt8BW.shr {x} {Int32BW.to_int (4: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_16 <- _ret ] s9) - | s9 = UInt8BW.add {x} {_16} (fun (_ret: UInt8BW.t) -> [ &_14 <- _ret ] s10) - | s10 = [ &x <- UInt8BW.bw_and _14 (15: UInt8BW.t) ] s11 + | s1 = UInt8BW.shr {x} {Int32BW.to_int (1: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_8 <- _ret ] s2) + | s2 = [ &_7 <- UInt8BW.bw_and _8 (85: UInt8BW.t) ] s3 + | s3 = UInt8BW.sub {x} {_7} (fun (_ret: UInt8BW.t) -> [ &x <- _ret ] s4) + | s4 = [ &_10 <- UInt8BW.bw_and x (51: UInt8BW.t) ] s5 + | s5 = UInt8BW.shr {x} {Int32BW.to_int (2: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_13 <- _ret ] s6) + | s6 = [ &_12 <- UInt8BW.bw_and _13 (51: UInt8BW.t) ] s7 + | s7 = UInt8BW.add {_10} {_12} (fun (_ret: UInt8BW.t) -> [ &x <- _ret ] s8) + | s8 = UInt8BW.shr {x} {Int32BW.to_int (4: Int32BW.t)} (fun (_ret: UInt8BW.t) -> [ &_17 <- _ret ] s9) + | s9 = UInt8BW.add {x} {_17} (fun (_ret: UInt8BW.t) -> [ &_15 <- _ret ] s10) + | s10 = [ &x <- UInt8BW.bw_and _15 (15: UInt8BW.t) ] s11 | s11 = [ &_0 <- x ] s12 | s12 = return {_0} ] ] [ & _0: UInt8BW.t = Any.any_l () | & n: UInt8BW.t = n | & x: UInt8BW.t = Any.any_l () - | & _6: UInt8BW.t = Any.any_l () | & _7: UInt8BW.t = Any.any_l () - | & _9: UInt8BW.t = Any.any_l () - | & _11: UInt8BW.t = Any.any_l () + | & _8: UInt8BW.t = Any.any_l () + | & _10: UInt8BW.t = Any.any_l () | & _12: UInt8BW.t = Any.any_l () - | & _14: UInt8BW.t = Any.any_l () - | & _16: UInt8BW.t = Any.any_l () ]) + | & _13: UInt8BW.t = Any.any_l () + | & _15: UInt8BW.t = Any.any_l () + | & _17: UInt8BW.t = Any.any_l () ]) [ return (result: UInt8BW.t) -> {[@expl:count8 ensures #0] UInt8BW.t'int result <= 8} {[@expl:count8 ensures #1] UInt8BW.t'int result = count8_log n} (! return {result}) ] diff --git a/tests/should_succeed/bitvectors/rightmostbit.coma b/tests/should_succeed/bitvectors/rightmostbit.coma index b19843e3d0..d358ce77bd 100644 --- a/tests/should_succeed/bitvectors/rightmostbit.coma +++ b/tests/should_succeed/bitvectors/rightmostbit.coma @@ -67,9 +67,9 @@ module M_rightmost_bit_8 meta "select_lsinst" "all" let rec rightmost_bit_8 (x: Int8BW.t) (return (x'0: Int8BW.t)) = (! bb0 - [ bb0 = s0 [ s0 = wrapping_neg {x} (fun (_ret: Int8BW.t) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- Int8BW.bw_and x _8 ] s1 | s1 = return {_0} ] ] - [ & _0: Int8BW.t = Any.any_l () | & x: Int8BW.t = x | & _8: Int8BW.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = wrapping_neg {x} (fun (_ret: Int8BW.t) -> [ &_13 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- Int8BW.bw_and x _13 ] s1 | s1 = return {_0} ] ] + [ & _0: Int8BW.t = Any.any_l () | & x: Int8BW.t = x | & _13: Int8BW.t = Any.any_l () ]) [ return (result: Int8BW.t) -> {[@expl:rightmost_bit_8 ensures #0] Int8BW.ge x (0: Int8BW.t) -> Int8BW.le (0: Int8BW.t) result /\ Int8BW.le result x} {[@expl:rightmost_bit_8 ensures #1] Int8BW.le x (0: Int8BW.t) /\ Int8BW.gt x const_MIN @@ -140,9 +140,9 @@ module M_rightmost_bit_64 meta "select_lsinst" "all" let rec rightmost_bit_64 (x: Int64BW.t) (return (x'0: Int64BW.t)) = (! bb0 - [ bb0 = s0 [ s0 = wrapping_neg {x} (fun (_ret: Int64BW.t) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- Int64BW.bw_and x _7 ] s1 | s1 = return {_0} ] ] - [ & _0: Int64BW.t = Any.any_l () | & x: Int64BW.t = x | & _7: Int64BW.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = wrapping_neg {x} (fun (_ret: Int64BW.t) -> [ &_11 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- Int64BW.bw_and x _11 ] s1 | s1 = return {_0} ] ] + [ & _0: Int64BW.t = Any.any_l () | & x: Int64BW.t = x | & _11: Int64BW.t = Any.any_l () ]) [ return (result: Int64BW.t) -> {[@expl:rightmost_bit_64 ensures #0] Int64BW.ge x (0: Int64BW.t) -> Int64BW.le (0: Int64BW.t) result /\ Int64BW.le result x} {[@expl:rightmost_bit_64 ensures #1] Int64BW.le x (0: Int64BW.t) /\ Int64BW.gt x const_MIN diff --git a/tests/should_succeed/bug/1396.coma b/tests/should_succeed/bug/1396.coma index 6f8aca298d..65ce060ebe 100644 --- a/tests/should_succeed/bug/1396.coma +++ b/tests/should_succeed/bug/1396.coma @@ -20,8 +20,8 @@ module M_apply_once let rec apply_once_F (f: t_F) (return (x: ())) = {[@expl:apply_once 'f' type invariant] inv_F f} {[@expl:apply_once requires] precondition_F f ()} (! bb0 - [ bb0 = s0 [ s0 = call_once_F {f} {_5} (fun (_ret: ()) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] - [ & _0: () = Any.any_l () | & f: t_F = f | & _5: () = Any.any_l () ]) + [ bb0 = s0 [ s0 = call_once_F {f} {_7} (fun (_ret: ()) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] + [ & _0: () = Any.any_l () | & f: t_F = f | & _7: () = Any.any_l () ]) [ return (result: ()) -> {[@expl:apply_once ensures] postcondition_once_F f () ()} (! return {result}) ] end module M_apply_mut @@ -85,12 +85,12 @@ module M_apply_mut [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_4 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_mut_F {_4} {_5} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_6 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_mut_F {_6} {_7} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: () = Any.any_l () | & f: t_F = f | & _4: MutBorrow.t t_F = Any.any_l () | & _5: () = Any.any_l () ]) + [ & _0: () = Any.any_l () | & f: t_F = f | & _6: MutBorrow.t t_F = Any.any_l () | & _7: () = Any.any_l () ]) [ return (result: ()) -> {[@expl:apply_mut ensures] exists g: t_F. postcondition_mut_F f () g () /\ resolve_F g} (! return {result}) ] end @@ -243,9 +243,9 @@ module M_foo1 | s2 = [ &snap_r <- r ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- { start = (0: Int32.t); end' = _8 } ] s2 - | s2 = into_iter_Range_i32 {_7} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) + [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- { start = (0: Int32.t); end' = _9 } ] s2 + | s2 = into_iter_Range_i32 {_8} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb4 ] @@ -261,24 +261,24 @@ module M_foo1 [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_21} (fun (_ret: t_Option_i32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_32} (fun (_ret: t_Option_i32) -> [ &_31 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_i32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb10) | br1 (x0: Int32.t) -> {_20 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_i32 _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb10) | br1 (x0: Int32.t) -> {_31 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_20} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = MutBorrow.borrow_mut {r.current} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_29 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) - | s2 = [ &_28 <- { c0 = _29 } ] s3 - | s3 = apply_mut_closure10 {_28} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_42 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) + | s2 = [ &_41 <- { c0 = _42 } ] s3 + | s3 = apply_mut_closure10 {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = -{resolve_ref_i32 r}- s1 | s1 = {[@expl:assertion] Int32.to_int x = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -286,18 +286,18 @@ module M_foo1 | & r: MutBorrow.t Int32.t = Any.any_l () | & snap_r: MutBorrow.t Int32.t = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _7: t_Range_i32 = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _8: t_Range_i32 = Any.any_l () + | & _9: Int32.t = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _20: t_Option_i32 = Any.any_l () - | & _21: MutBorrow.t t_Range_i32 = Any.any_l () - | & _22: MutBorrow.t t_Range_i32 = Any.any_l () + | & _31: t_Option_i32 = Any.any_l () + | & _32: MutBorrow.t t_Range_i32 = Any.any_l () + | & _33: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _25: Seq.seq Int32.t = Any.any_l () - | & _27: () = Any.any_l () - | & _28: closure10 = Any.any_l () - | & _29: MutBorrow.t Int32.t = Any.any_l () + | & _36: Seq.seq Int32.t = Any.any_l () + | & _40: () = Any.any_l () + | & _41: closure10 = Any.any_l () + | & _42: MutBorrow.t Int32.t = Any.any_l () | & old_5_0: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_foo2 @@ -458,9 +458,9 @@ module M_foo2 | s2 = [ &snap_r <- r ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- { start = (0: Int32.t); end' = _8 } ] s2 - | s2 = into_iter_Range_i32 {_7} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) + [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- { start = (0: Int32.t); end' = _9 } ] s2 + | s2 = into_iter_Range_i32 {_8} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb5 ] @@ -474,24 +474,24 @@ module M_foo2 [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_21} (fun (_ret: t_Option_i32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_32} (fun (_ret: t_Option_i32) -> [ &_31 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_i32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb10) | br1 (x0: Int32.t) -> {_20 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_i32 _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb10) | br1 (x0: Int32.t) -> {_31 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_20} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = MutBorrow.borrow_mut {r} - (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_29 <- _ret ] [ &r <- _ret.final ] s2) - | s2 = [ &_28 <- { c0 = _29 } ] s3 - | s3 = apply_mut_closure10 {_28} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_42 <- _ret ] [ &r <- _ret.final ] s2) + | s2 = [ &_41 <- { c0 = _42 } ] s3 + | s3 = apply_mut_closure10 {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = -{resolve_ref_i32 r}- s1 | s1 = {[@expl:assertion] Int32.to_int x = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -499,18 +499,18 @@ module M_foo2 | & r: MutBorrow.t Int32.t = Any.any_l () | & snap_r: MutBorrow.t Int32.t = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _7: t_Range_i32 = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _8: t_Range_i32 = Any.any_l () + | & _9: Int32.t = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _20: t_Option_i32 = Any.any_l () - | & _21: MutBorrow.t t_Range_i32 = Any.any_l () - | & _22: MutBorrow.t t_Range_i32 = Any.any_l () + | & _31: t_Option_i32 = Any.any_l () + | & _32: MutBorrow.t t_Range_i32 = Any.any_l () + | & _33: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _25: Seq.seq Int32.t = Any.any_l () - | & _27: () = Any.any_l () - | & _28: closure10 = Any.any_l () - | & _29: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _36: Seq.seq Int32.t = Any.any_l () + | & _40: () = Any.any_l () + | & _41: closure10 = Any.any_l () + | & _42: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_foo3 use creusot.int.Int32 @@ -661,9 +661,9 @@ module M_foo3 | s2 = [ &snap_r <- r ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- { start = (0: Int32.t); end' = _8 } ] s2 - | s2 = into_iter_Range_i32 {_7} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) + [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- { start = (0: Int32.t); end' = _9 } ] s2 + | s2 = into_iter_Range_i32 {_8} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb4 ] @@ -679,24 +679,24 @@ module M_foo3 [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_21} (fun (_ret: t_Option_i32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_32} (fun (_ret: t_Option_i32) -> [ &_31 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_i32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb10) | br1 (x0: Int32.t) -> {_20 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_i32 _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb10) | br1 (x0: Int32.t) -> {_31 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_20} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = MutBorrow.borrow_mut {r.current} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_29 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) - | s2 = [ &_28 <- { c0 = _29 } ] s3 - | s3 = apply_mut_closure1 {_28} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_42 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) + | s2 = [ &_41 <- { c0 = _42 } ] s3 + | s3 = apply_mut_closure1 {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = -{resolve_ref_i32 r}- s1 | s1 = {[@expl:assertion] Int32.to_int x = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -704,18 +704,18 @@ module M_foo3 | & r: MutBorrow.t Int32.t = Any.any_l () | & snap_r: MutBorrow.t Int32.t = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _7: t_Range_i32 = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _8: t_Range_i32 = Any.any_l () + | & _9: Int32.t = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _20: t_Option_i32 = Any.any_l () - | & _21: MutBorrow.t t_Range_i32 = Any.any_l () - | & _22: MutBorrow.t t_Range_i32 = Any.any_l () + | & _31: t_Option_i32 = Any.any_l () + | & _32: MutBorrow.t t_Range_i32 = Any.any_l () + | & _33: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _25: Seq.seq Int32.t = Any.any_l () - | & _27: () = Any.any_l () - | & _28: closure1 = Any.any_l () - | & _29: MutBorrow.t Int32.t = Any.any_l () + | & _36: Seq.seq Int32.t = Any.any_l () + | & _40: () = Any.any_l () + | & _41: closure1 = Any.any_l () + | & _42: MutBorrow.t Int32.t = Any.any_l () | & old_5_0: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_foo4 @@ -826,9 +826,9 @@ module M_foo4 | s2 = [ &snap_r <- r ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- { start = (0: Int32.t); end' = _8 } ] s2 - | s2 = into_iter_Range_i32 {_7} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) + [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- { start = (0: Int32.t); end' = _9 } ] s2 + | s2 = into_iter_Range_i32 {_8} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb4 ] @@ -844,24 +844,24 @@ module M_foo4 [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_21} (fun (_ret: t_Option_i32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_32} (fun (_ret: t_Option_i32) -> [ &_31 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_i32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb10) | br1 (x0: Int32.t) -> {_20 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_i32 _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb10) | br1 (x0: Int32.t) -> {_31 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_20} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = MutBorrow.borrow_mut {r.current} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_29 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) - | s2 = [ &_28 <- { c0 = _29 } ] s3 - | s3 = apply_once_closure10 {_28} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_42 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) + | s2 = [ &_41 <- { c0 = _42 } ] s3 + | s3 = apply_once_closure10 {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = -{resolve_ref_i32 r}- s1 | s1 = {[@expl:assertion] Int32.to_int x = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -869,18 +869,18 @@ module M_foo4 | & r: MutBorrow.t Int32.t = Any.any_l () | & snap_r: MutBorrow.t Int32.t = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _7: t_Range_i32 = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _8: t_Range_i32 = Any.any_l () + | & _9: Int32.t = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _20: t_Option_i32 = Any.any_l () - | & _21: MutBorrow.t t_Range_i32 = Any.any_l () - | & _22: MutBorrow.t t_Range_i32 = Any.any_l () + | & _31: t_Option_i32 = Any.any_l () + | & _32: MutBorrow.t t_Range_i32 = Any.any_l () + | & _33: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _25: Seq.seq Int32.t = Any.any_l () - | & _27: () = Any.any_l () - | & _28: closure10 = Any.any_l () - | & _29: MutBorrow.t Int32.t = Any.any_l () + | & _36: Seq.seq Int32.t = Any.any_l () + | & _40: () = Any.any_l () + | & _41: closure10 = Any.any_l () + | & _42: MutBorrow.t Int32.t = Any.any_l () | & old_5_0: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_foo5 @@ -991,9 +991,9 @@ module M_foo5 | s2 = [ &snap_r <- r ] s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) - | s1 = [ &_7 <- { start = (0: Int32.t); end' = _8 } ] s2 - | s2 = into_iter_Range_i32 {_7} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) + [ s0 = Int32.sub {(42: Int32.t)} {(13: Int32.t)} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) + | s1 = [ &_8 <- { start = (0: Int32.t); end' = _9 } ] s2 + | s2 = into_iter_Range_i32 {_8} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb4 ] @@ -1009,24 +1009,24 @@ module M_foo5 [ s0 = bb6 ] [ bb6 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_21} (fun (_ret: t_Option_i32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_32} (fun (_ret: t_Option_i32) -> [ &_31 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Range_i32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb10) | br1 (x0: Int32.t) -> {_20 = Some x0} (! bb11) ] ] + [ s0 = -{resolve_ref_Range_i32 _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb10) | br1 (x0: Int32.t) -> {_31 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_20} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = MutBorrow.borrow_mut {r.current} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_29 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) - | s2 = [ &_28 <- { c0 = _29 } ] s3 - | s3 = apply_once_closure10 {_28} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_42 <- _ret ] [ &r <- { r with current = _ret.final } ] s2) + | s2 = [ &_41 <- { c0 = _42 } ] s3 + | s3 = apply_once_closure10 {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = -{resolve_ref_i32 r}- s1 | s1 = {[@expl:assertion] Int32.to_int x = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -1034,17 +1034,17 @@ module M_foo5 | & r: MutBorrow.t Int32.t = Any.any_l () | & snap_r: MutBorrow.t Int32.t = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _7: t_Range_i32 = Any.any_l () - | & _8: Int32.t = Any.any_l () + | & _8: t_Range_i32 = Any.any_l () + | & _9: Int32.t = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _20: t_Option_i32 = Any.any_l () - | & _21: MutBorrow.t t_Range_i32 = Any.any_l () - | & _22: MutBorrow.t t_Range_i32 = Any.any_l () + | & _31: t_Option_i32 = Any.any_l () + | & _32: MutBorrow.t t_Range_i32 = Any.any_l () + | & _33: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _25: Seq.seq Int32.t = Any.any_l () - | & _27: () = Any.any_l () - | & _28: closure10 = Any.any_l () - | & _29: MutBorrow.t Int32.t = Any.any_l () + | & _36: Seq.seq Int32.t = Any.any_l () + | & _40: () = Any.any_l () + | & _41: closure10 = Any.any_l () + | & _42: MutBorrow.t Int32.t = Any.any_l () | & old_5_0: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/bug/1410.coma b/tests/should_succeed/bug/1410.coma index 1fb96e90c4..7203fbfd7a 100644 --- a/tests/should_succeed/bug/1410.coma +++ b/tests/should_succeed/bug/1410.coma @@ -116,8 +116,8 @@ module M_bar {[@expl:bar requires] precondition_F f ()} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- { start = (0: Int32.t); end' = (1: Int32.t) } ] s1 - | s1 = into_iter_Range_i32 {_4} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s2) + [ s0 = [ &_5 <- { start = (0: Int32.t); end' = (1: Int32.t) } ] s1 + | s1 = into_iter_Range_i32 {_5} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb4 ] @@ -131,39 +131,39 @@ module M_bar [ s0 = bb5 ] [ bb5 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_18 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_17 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s2) - | s2 = next_Range_i32 {_17} (fun (_ret: t_Option_i32) -> [ &_16 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_28 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s2) + | s2 = next_Range_i32 {_27} (fun (_ret: t_Option_i32) -> [ &_26 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Range_i32 _18}- s1 - | s1 = any [ br0 -> {_16 = None} (! bb9) | br1 (x0: Int32.t) -> {_16 = Some x0} (! bb10) ] ] + [ s0 = -{resolve_ref_Range_i32 _28}- s1 + | s1 = any [ br0 -> {_26 = None} (! bb9) | br1 (x0: Int32.t) -> {_26 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_16} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_21 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_26} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_31 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _21 ] s1 + [ s0 = [ &produced <- _31 ] s1 | s1 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_24 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s2) - | s2 = call_mut_F {_24} {_25} (fun (_ret: ()) -> [ &_23 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_F) -> [ &_36 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s2) + | s2 = call_mut_F {_36} {_37} (fun (_ret: ()) -> [ &_35 <- _ret ] s3) | s3 = bb4 ] ] ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb13 ] | bb13 = return {_0} ] [ & _0: () = Any.any_l () | & f: t_F = f | & iter: t_Range_i32 = Any.any_l () - | & _4: t_Range_i32 = Any.any_l () + | & _5: t_Range_i32 = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _16: t_Option_i32 = Any.any_l () - | & _17: MutBorrow.t t_Range_i32 = Any.any_l () - | & _18: MutBorrow.t t_Range_i32 = Any.any_l () + | & _26: t_Option_i32 = Any.any_l () + | & _27: MutBorrow.t t_Range_i32 = Any.any_l () + | & _28: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _21: Seq.seq Int32.t = Any.any_l () - | & _23: () = Any.any_l () - | & _24: MutBorrow.t t_F = Any.any_l () - | & _25: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _31: Seq.seq Int32.t = Any.any_l () + | & _35: () = Any.any_l () + | & _36: MutBorrow.t t_F = Any.any_l () + | & _37: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/bug/164.coma b/tests/should_succeed/bug/164.coma index e21bf7b416..4a3376161a 100644 --- a/tests/should_succeed/bug/164.coma +++ b/tests/should_succeed/bug/164.coma @@ -115,42 +115,42 @@ module M_main [ bb0 = s0 [ s0 = [ &x <- (0: UInt64.t) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:loop invariant] x = (0: UInt64.t)} s1 - | s1 = [ &_6 <- x = (0: UInt64.t) ] s2 - | s2 = any [ br0 -> {_6 = false} (! bb5) | br1 -> {_6} (! bb2) ] ] + | s1 = [ &_7 <- x = (0: UInt64.t) ] s2 + | s2 = any [ br0 -> {_7 = false} (! bb5) | br1 -> {_7} (! bb2) ] ] | bb2 = s0 [ s0 = [ &x <- (1: UInt64.t) ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = {[@expl:loop invariant] x = (1: UInt64.t)} s1 - | s1 = [ &_13 <- x = (1: UInt64.t) ] s2 - | s2 = any [ br0 -> {_13 = false} (! bb10) | br1 -> {_13} (! bb7) ] ] + | s1 = [ &_15 <- x = (1: UInt64.t) ] s2 + | s2 = any [ br0 -> {_15 = false} (! bb10) | br1 -> {_15} (! bb7) ] ] | bb7 = s0 [ s0 = [ &x <- (2: UInt64.t) ] s1 | s1 = bb10 ] | bb10 = s0 [ s0 = {[@expl:loop invariant] true} s1 | s1 = bb14 ] | bb14 = s0 [ s0 = {[@expl:loop invariant] x = (2: UInt64.t)} s1 | s1 = bb16 ] | bb16 = bb16 [ bb16 = (! s0 - [ s0 = [ &_27 <- x <> (3: UInt64.t) ] s1 | s1 = any [ br0 -> {_27 = false} (! bb19) | br1 -> {_27} (! bb17) ] ]) + [ s0 = [ &_30 <- x <> (3: UInt64.t) ] s1 | s1 = any [ br0 -> {_30 = false} (! bb19) | br1 -> {_30} (! bb17) ] ]) [ bb17 = s0 [ s0 = [ &x <- (3: UInt64.t) ] s1 | s1 = bb16 ] ] ] | bb19 = bb19 [ bb19 = {[@expl:loop invariant] UInt64.le x (4: UInt64.t)} (! s0) [ s0 = bb20 ] [ bb20 = s0 - [ s0 = [ &_35 <- UInt64.lt x (4: UInt64.t) ] s1 - | s1 = any [ br0 -> {_35 = false} (! bb26) | br1 -> {_35} (! bb22) ] ] + [ s0 = [ &_39 <- UInt64.lt x (4: UInt64.t) ] s1 + | s1 = any [ br0 -> {_39 = false} (! bb26) | br1 -> {_39} (! bb22) ] ] | bb22 = s0 [ s0 = {[@expl:loop invariant] UInt64.le x (3: UInt64.t)} s1 | s1 = [ &x <- (4: UInt64.t) ] s2 - | s2 = [ &_40 <- x = (4: UInt64.t) ] s3 - | s3 = any [ br0 -> {_40 = false} (! bb24) | br1 -> {_40} (! bb19) ] ] ] ] + | s2 = [ &_45 <- x = (4: UInt64.t) ] s3 + | s3 = any [ br0 -> {_45 = false} (! bb24) | br1 -> {_45} (! bb19) ] ] ] ] | bb24 = {false} any | bb26 = s0 [ s0 = {[@expl:loop invariant] x = (4: UInt64.t)} s1 | s1 = bb28 ] | bb28 = bb28 [ bb28 = (! s0 - [ s0 = [ &_49 <- x <> (5: UInt64.t) ] s1 | s1 = any [ br0 -> {_49 = false} (! bb30) | br1 -> {_49} (! bb29) ] ]) + [ s0 = [ &_55 <- x <> (5: UInt64.t) ] s1 | s1 = any [ br0 -> {_55 = false} (! bb30) | br1 -> {_55} (! bb29) ] ]) [ bb29 = s0 [ s0 = [ &x <- (5: UInt64.t) ] s1 | s1 = bb28 ] ] ] | bb30 = any [ br0 -> {false} (! bb33) | br1 -> {true} (! bb33) ] | bb33 = s0 - [ s0 = [ &_57 <- { start = (0: Int32.t); end' = (10: Int32.t) } ] s1 - | s1 = into_iter_Range_i32 {_57} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s2) + [ s0 = [ &_63 <- { start = (0: Int32.t); end' = (10: Int32.t) } ] s1 + | s1 = into_iter_Range_i32 {_63} (fun (_ret: t_Range_i32) -> [ &iter <- _ret ] s2) | s2 = bb34 ] | bb34 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb35 ] | bb35 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int32.t ] s1 | s1 = bb37 ] @@ -160,35 +160,35 @@ module M_main | s2 = {[@expl:for invariant] produces_Range_i32 iter_old produced iter} s3 | s3 = {[@expl:loop invariant] x = (5: UInt64.t)} s4 | s4 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_69 <- _ret ] [ &iter <- _ret.final ] s5) - | s5 = MutBorrow.borrow_final {_69.current} {MutBorrow.get_id _69} - (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_68 <- _ret ] [ &_69 <- { _69 with current = _ret.final } ] s6) - | s6 = next_Range_i32 {_68} (fun (_ret: t_Option_i32) -> [ &_67 <- _ret ] s7) + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_82 <- _ret ] [ &iter <- _ret.final ] s5) + | s5 = MutBorrow.borrow_final {_82.current} {MutBorrow.get_id _82} + (fun (_ret: MutBorrow.t t_Range_i32) -> [ &_81 <- _ret ] [ &_82 <- { _82 with current = _ret.final } ] s6) + | s6 = next_Range_i32 {_81} (fun (_ret: t_Option_i32) -> [ &_80 <- _ret ] s7) | s7 = bb38 ] | bb38 = s0 - [ s0 = -{resolve_ref_Range_i32 _69}- s1 - | s1 = any [ br0 -> {_67 = None} (! bb44) | br1 (x0: Int32.t) -> {_67 = Some x0} (! bb42) ] ] + [ s0 = -{resolve_ref_Range_i32 _82}- s1 + | s1 = any [ br0 -> {_80 = None} (! bb44) | br1 (x0: Int32.t) -> {_80 = Some x0} (! bb42) ] ] | bb42 = s0 - [ s0 = elim_Some {_67} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_72 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_80} (fun (r0: Int32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_85 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb43 ] - | bb43 = s0 [ s0 = [ &produced <- _72 ] s1 | s1 = bb44 ] + | bb43 = s0 [ s0 = [ &produced <- _85 ] s1 | s1 = bb44 ] | bb44 = return {_0} ] [ & _0: () = Any.any_l () | & x: UInt64.t = Any.any_l () - | & _6: bool = Any.any_l () - | & _13: bool = Any.any_l () - | & _27: bool = Any.any_l () - | & _35: bool = Any.any_l () - | & _40: bool = Any.any_l () - | & _49: bool = Any.any_l () + | & _7: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _30: bool = Any.any_l () + | & _39: bool = Any.any_l () + | & _45: bool = Any.any_l () + | & _55: bool = Any.any_l () | & iter: t_Range_i32 = Any.any_l () - | & _57: t_Range_i32 = Any.any_l () + | & _63: t_Range_i32 = Any.any_l () | & iter_old: t_Range_i32 = Any.any_l () | & produced: Seq.seq Int32.t = Any.any_l () - | & _67: t_Option_i32 = Any.any_l () - | & _68: MutBorrow.t t_Range_i32 = Any.any_l () - | & _69: MutBorrow.t t_Range_i32 = Any.any_l () + | & _80: t_Option_i32 = Any.any_l () + | & _81: MutBorrow.t t_Range_i32 = Any.any_l () + | & _82: MutBorrow.t t_Range_i32 = Any.any_l () | & __creusot_proc_iter_elem: Int32.t = Any.any_l () - | & _72: Seq.seq Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _85: Seq.seq Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/bug/164.stderr b/tests/should_succeed/bug/164.stderr index 62ec6655b7..078b3a7ef2 100644 --- a/tests/should_succeed/bug/164.stderr +++ b/tests/should_succeed/bug/164.stderr @@ -1,3 +1,12 @@ +warning: value assigned to `produced` is never read + --> 164.rs:61:5 + | +61 | for _ in 0..10 { + | ^^^ + | + = help: maybe it is overwritten before being read? + = note: `#[warn(unused_assignments)]` (part of `#[warn(unused)]`) on by default + warning: This loop does not loop. This invariant could just be an assertion. --> 164.rs:8:17 | @@ -46,5 +55,5 @@ warning: This loop does not loop. This invariant could just be an assertion. 60 | #[invariant(x == 5usize)] | ^^^^^^^^^^^ -warning: 8 warnings emitted +warning: 9 warnings emitted diff --git a/tests/should_succeed/bug/1743.coma b/tests/should_succeed/bug/1743.coma index abc908f4f4..53411b4e9b 100644 --- a/tests/should_succeed/bug/1743.coma +++ b/tests/should_succeed/bug/1743.coma @@ -130,17 +130,17 @@ module M_impl_S__minimize (* S *) [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_ref_S self} s1 | s1 = -{resolve_ref_S self}- s2 - | s2 = deref_Ghost_PtrOwn_i32 {self.current.perm} (fun (_ret: t_PtrOwn_i32) -> [ &_9 <- _ret ] s3) + | s2 = deref_Ghost_PtrOwn_i32 {self.current.perm} (fun (_ret: t_PtrOwn_i32) -> [ &_12 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = [ &_8 <- _9 ] s1 - | s1 = new_ref_PtrOwn_i32 {_8} (fun (_ret: t_PtrOwn_i32) -> [ &_6 <- _ret ] s2) + [ s0 = [ &_11 <- _12 ] s1 + | s1 = new_ref_PtrOwn_i32 {_11} (fun (_ret: t_PtrOwn_i32) -> [ &_9 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = as_ref_i32 {self.current.ptr} {_6} (fun (_ret: Int32.t) -> [ &r <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = as_ref_i32 {self.current.ptr} {_9} (fun (_ret: Int32.t) -> [ &r <- _ret ] s1) | s1 = bb4 ] | bb4 = bb4 [ bb4 = {[@expl:loop invariant] 0 <= Int32.to_int (val_i32 self.current.perm)} (! s0) [ s0 = bb4 ] ] ] [ & self: MutBorrow.t t_S = self | & r: Int32.t = Any.any_l () - | & _6: t_PtrOwn_i32 = Any.any_l () - | & _8: t_PtrOwn_i32 = Any.any_l () - | & _9: t_PtrOwn_i32 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: t_PtrOwn_i32 = Any.any_l () + | & _11: t_PtrOwn_i32 = Any.any_l () + | & _12: t_PtrOwn_i32 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/bug/181_ident.coma b/tests/should_succeed/bug/181_ident.coma index d6f86851aa..a64ea8250c 100644 --- a/tests/should_succeed/bug/181_ident.coma +++ b/tests/should_succeed/bug/181_ident.coma @@ -10,11 +10,11 @@ module M_max_usize meta "select_lsinst" "all" let rec max_usize (a: UInt64.t) (b: UInt64.t) (return (x: UInt64.t)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] + [ bb0 = s0 [ s0 = [ &_6 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return {_0} ] - [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _4: bool = Any.any_l () ]) + [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _6: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:max_usize ensures] UInt64.t'int result = max_int (UInt64.t'int a) (UInt64.t'int b)} (! return {result}) ] diff --git a/tests/should_succeed/bug/552.coma b/tests/should_succeed/bug/552.coma index 932c0f1019..d92ac18c68 100644 --- a/tests/should_succeed/bug/552.coma +++ b/tests/should_succeed/bug/552.coma @@ -20,10 +20,10 @@ module M_impl_MachineTrait_for_Machine__step (* *) (! bb0 [ bb0 = s0 [ s0 = -{resolve_ref_Machine self}- s1 - | s1 = transition {self.current} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) + | s1 = transition {self.current} (fun (_ret: ()) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = return {_0} ] ] - [ & _0: bool = Any.any_l () | & self: MutBorrow.t () = self | & _4: () = Any.any_l () ]) + [ & _0: bool = Any.any_l () | & self: MutBorrow.t () = self | & _6: () = Any.any_l () ]) [ return (result: bool) -> {[@expl:step ensures] invariants_Machine self.final} (! return {result}) ] end module M_impl_Machine__transition (* Machine *) diff --git a/tests/should_succeed/bug/570.rs b/tests/should_succeed/bug/570.rs index cbb130e215..a0fc0a2bf7 100644 --- a/tests/should_succeed/bug/570.rs +++ b/tests/should_succeed/bug/570.rs @@ -13,6 +13,7 @@ pub fn test_program(s: S2) { s.s1.f; } +#[allow(unused)] pub fn test_assign(mut s: S2) { s.s1.f = 2; } diff --git a/tests/should_succeed/bug/682.coma b/tests/should_succeed/bug/682.coma index 34857f42bf..a6f2172512 100644 --- a/tests/should_succeed/bug/682.coma +++ b/tests/should_succeed/bug/682.coma @@ -138,15 +138,15 @@ module M_foo [ bb0 = s0 [ s0 = [ &a_p <- a.current ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_final {a.current} {MutBorrow.get_id a} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_7 <- _ret ] [ &a <- { a with current = _ret.final } ] s1) - | s1 = add_some {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s2) + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_10 <- _ret ] [ &a <- { a with current = _ret.final } ] s1) + | s1 = add_some {_10} (fun (_ret: ()) -> [ &_9 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve_ref_u64 a}- s1 | s1 = {[@expl:assertion] UInt64.gt a.current a_p} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & a: MutBorrow.t UInt64.t = a | & a_p: UInt64.t = Any.any_l () - | & _6: () = Any.any_l () - | & _7: MutBorrow.t UInt64.t = Any.any_l () ]) + | & _9: () = Any.any_l () + | & _10: MutBorrow.t UInt64.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:foo ensures] UInt64.gt a.final a.current} (! return {result}) ] end diff --git a/tests/should_succeed/bug/761.coma b/tests/should_succeed/bug/761.coma index b71c74af9f..6343b4a0af 100644 --- a/tests/should_succeed/bug/761.coma +++ b/tests/should_succeed/bug/761.coma @@ -72,19 +72,19 @@ module M_try_option {[@expl:try_option 'x' type invariant] inv_Option_T x} (! bb0 [ bb0 = s0 - [ s0 = branch_Option_T {x} (fun (_ret: t_ControlFlow_Option_Infallible_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + [ s0 = branch_Option_T {x} (fun (_ret: t_ControlFlow_Option_Infallible_T) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] | bb1 = any - [ br0 (x0: t_T) -> {_4 = Continue x0} (! bb4) | br1 (x0: t_Option_Infallible) -> {_4 = Break x0} (! bb5) ] + [ br0 (x0: t_T) -> {_5 = Continue x0} (! bb4) | br1 (x0: t_Option_Infallible) -> {_5 = Break x0} (! bb5) ] | bb5 = s0 - [ s0 = elim_Break {_4} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_5} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) | s1 = from_residual_Option_T {residual} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) | s2 = bb11 ] - | bb4 = s0 [ s0 = elim_Continue {_4} (fun (r0: t_T) -> [ &val' <- r0 ] s1) | s1 = bb7 ] + | bb4 = s0 [ s0 = elim_Continue {_5} (fun (r0: t_T) -> [ &val' <- r0 ] s1) | s1 = bb7 ] | bb7 = s0 [ s0 = [ &_0 <- Some val' ] s1 | s1 = bb11 ] | bb11 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & x: t_Option_T = x - | & _4: t_ControlFlow_Option_Infallible_T = Any.any_l () + | & _5: t_ControlFlow_Option_Infallible_T = Any.any_l () | & residual: t_Option_Infallible = Any.any_l () | & val': t_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:try_option result type invariant] inv_Option_T result} @@ -240,19 +240,19 @@ module M_try_result {[@expl:try_result 'x' type invariant] inv_Result_T_E x} (! bb0 [ bb0 = s0 - [ s0 = branch_Result_T_E {x} (fun (_ret: t_ControlFlow_Result_Infallible_E_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + [ s0 = branch_Result_T_E {x} (fun (_ret: t_ControlFlow_Result_Infallible_E_T) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] | bb1 = any - [ br0 (x0: t_T) -> {_4 = Continue x0} (! bb4) | br1 (x0: t_Result_Infallible_E) -> {_4 = Break x0} (! bb5) ] + [ br0 (x0: t_T) -> {_5 = Continue x0} (! bb4) | br1 (x0: t_Result_Infallible_E) -> {_5 = Break x0} (! bb5) ] | bb5 = s0 - [ s0 = elim_Break {_4} (fun (r0: t_Result_Infallible_E) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_5} (fun (r0: t_Result_Infallible_E) -> [ &residual <- r0 ] s1) | s1 = from_residual_Result_T_E {residual} (fun (_ret: t_Result_T_E) -> [ &_0 <- _ret ] s2) | s2 = bb12 ] - | bb4 = s0 [ s0 = elim_Continue {_4} (fun (r0: t_T) -> [ &val' <- r0 ] s1) | s1 = bb7 ] + | bb4 = s0 [ s0 = elim_Continue {_5} (fun (r0: t_T) -> [ &val' <- r0 ] s1) | s1 = bb7 ] | bb7 = s0 [ s0 = [ &_0 <- Ok val' ] s1 | s1 = bb12 ] | bb12 = return {_0} ] [ & _0: t_Result_T_E = Any.any_l () | & x: t_Result_T_E = x - | & _4: t_ControlFlow_Result_Infallible_E_T = Any.any_l () + | & _5: t_ControlFlow_Result_Infallible_E_T = Any.any_l () | & residual: t_Result_Infallible_E = Any.any_l () | & val': t_T = Any.any_l () ]) [ return (result: t_Result_T_E) -> {[@expl:try_result result type invariant] inv_Result_T_E result} diff --git a/tests/should_succeed/bug/922.coma b/tests/should_succeed/bug/922.coma index baf28cf104..64a45c8229 100644 --- a/tests/should_succeed/bug/922.coma +++ b/tests/should_succeed/bug/922.coma @@ -28,10 +28,10 @@ module M_g [ bb0 = s0 [ s0 = MutBorrow.borrow_final {x.f0'0.f1.current} {MutBorrow.get_id x.f0'0.f1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_4 <- _ret ] [ &x <- { x with f0'0 = { x.f0'0 with f1 = { x.f0'0.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _4}- s3 + [ &_5 <- _ret ] [ &x <- { x with f0'0 = { x.f0'0 with f1 = { x.f0'0.f1 with current = _ret.final } } } ] s1) + | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _5}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -40,7 +40,7 @@ module M_g [ & _0: MutBorrow.t Int32.t = Any.any_l () | & x: tup2_tup2_i32_ref_i32_i32 = x | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _4: MutBorrow.t Int32.t = Any.any_l () ]) + | & _5: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:g ensures] result = x.f0'0.f1} (! return {result}) ] end module M_f1 @@ -66,11 +66,11 @@ module M_f1 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {b.current.f1.current} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_6 <- _ret ] + [ &_9 <- _ret ] [ &b <- { b with current = { b.current with f1 = { b.current.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _6}- s3 + | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _9}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -79,7 +79,7 @@ module M_f1 [ & _0: MutBorrow.t Int32.t = Any.any_l () | & b: MutBorrow.t tup2_i32_ref_i32 = b | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:f1 ensures #0] result.current = b.current.f1.current} {[@expl:f1 ensures #1] result.final = b.final.f1.current} {[@expl:f1 ensures #2] b.current.f1.final = b.final.f1.final} @@ -108,11 +108,11 @@ module M_f2 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x0.current.f1.current} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_6 <- _ret ] + [ &_9 <- _ret ] [ &x0 <- { x0 with current = { x0.current with f1 = { x0.current.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _6}- s3 + | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _9}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -121,7 +121,7 @@ module M_f2 [ & _0: MutBorrow.t Int32.t = Any.any_l () | & x0: MutBorrow.t tup2_i32_ref_i32 = x0 | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:f2 ensures #0] result.current = x0.current.f1.current} {[@expl:f2 ensures #1] result.final = x0.final.f1.current} {[@expl:f2 ensures #2] x0.current.f1.final = x0.final.f1.final} @@ -150,11 +150,11 @@ module M_f3 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x1.current.f1.current} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_6 <- _ret ] + [ &_9 <- _ret ] [ &x1 <- { x1 with current = { x1.current with f1 = { x1.current.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _6}- s3 + | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _9}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -163,7 +163,7 @@ module M_f3 [ & _0: MutBorrow.t Int32.t = Any.any_l () | & x1: MutBorrow.t tup2_i32_ref_i32 = x1 | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:f3 ensures #0] result.current = x1.current.f1.current} {[@expl:f3 ensures #1] result.final = x1.final.f1.current} {[@expl:f3 ensures #2] x1.current.f1.final = x1.final.f1.final} @@ -192,11 +192,11 @@ module M_f4 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x2.current.f1.current} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_6 <- _ret ] + [ &_9 <- _ret ] [ &x2 <- { x2 with current = { x2.current with f1 = { x2.current.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _6}- s3 + | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _9}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -205,7 +205,7 @@ module M_f4 [ & _0: MutBorrow.t Int32.t = Any.any_l () | & x2: MutBorrow.t tup2_i32_ref_i32 = x2 | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () ]) + | & _9: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:f4 ensures #0] result.current = x2.current.f1.current} {[@expl:f4 ensures #1] result.final = x2.final.f1.current} {[@expl:f4 ensures #2] x2.current.f1.final = x2.final.f1.final} diff --git a/tests/should_succeed/bug/962.coma b/tests/should_succeed/bug/962.coma index 3cd60a3e68..6dd41caed7 100644 --- a/tests/should_succeed/bug/962.coma +++ b/tests/should_succeed/bug/962.coma @@ -73,11 +73,11 @@ module M_disjoint_captures [ bb0 = s0 [ s0 = [ &p0 <- p.f0 ] s1 | s1 = MutBorrow.borrow_mut {p.f1} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_6 <- _ret ] [ &p <- { p with f1 = _ret.final } ] s2) - | s2 = [ &clos <- { c0 = _6 } ] s3 + (fun (_ret: MutBorrow.t Int32.t) -> [ &_7 <- _ret ] [ &p <- { p with f1 = _ret.final } ] s2) + | s2 = [ &clos <- { c0 = _7 } ] s3 | s3 = MutBorrow.borrow_mut {clos} - (fun (_ret: MutBorrow.t closure2) -> [ &_8 <- _ret ] [ &clos <- _ret.final ] s4) - | s4 = closure2 {_8} (fun (_ret: ()) -> [ &_7 <- _ret ] s5) + (fun (_ret: MutBorrow.t closure2) -> [ &_9 <- _ret ] [ &clos <- _ret.final ] s4) + | s4 = closure2 {_9} (fun (_ret: ()) -> [ &_8 <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 [ s0 = -{resolve_closure2 clos}- s1 @@ -87,9 +87,9 @@ module M_disjoint_captures | & p: tup2_i32_i32 = p | & p0: Int32.t = Any.any_l () | & clos: closure2 = Any.any_l () - | & _6: MutBorrow.t Int32.t = Any.any_l () - | & _7: () = Any.any_l () - | & _8: MutBorrow.t closure2 = Any.any_l () - | & _9: () = Any.any_l () ]) + | & _7: MutBorrow.t Int32.t = Any.any_l () + | & _8: () = Any.any_l () + | & _9: MutBorrow.t closure2 = Any.any_l () + | & _10: () = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:disjoint_captures ensures] Int32.to_int result = 2} (! return {result}) ] end diff --git a/tests/should_succeed/bug/box_borrow_resolve.coma b/tests/should_succeed/bug/box_borrow_resolve.coma index b7e3d0c966..4372bae377 100644 --- a/tests/should_succeed/bug/box_borrow_resolve.coma +++ b/tests/should_succeed/bug/box_borrow_resolve.coma @@ -18,10 +18,10 @@ module M_borrow_in_box let rec borrow_in_box (x: MutBorrow.t Int32.t) (return (x'0: MutBorrow.t Int32.t)) = (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_4 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) - | s1 = MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _4}- s3 + (fun (_ret: MutBorrow.t Int32.t) -> [ &_5 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) + | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + (fun (_ret: MutBorrow.t Int32.t) -> [ &_2 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _5}- s3 | s3 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t Int32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s4) | s4 = -{resolve_ref_i32 _2}- s5 @@ -31,6 +31,6 @@ module M_borrow_in_box [ & _0: MutBorrow.t Int32.t = Any.any_l () | & x: MutBorrow.t Int32.t = x | & _2: MutBorrow.t Int32.t = Any.any_l () - | & _4: MutBorrow.t Int32.t = Any.any_l () ]) + | & _5: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: MutBorrow.t Int32.t) -> {[@expl:borrow_in_box ensures] result = x} (! return {result}) ] end diff --git a/tests/should_succeed/bug/final_borrows.coma b/tests/should_succeed/bug/final_borrows.coma index b79a48c26a..bc73fd87ef 100644 --- a/tests/should_succeed/bug/final_borrows.coma +++ b/tests/should_succeed/bug/final_borrows.coma @@ -81,15 +81,15 @@ module M_select | s2 = {inv_T r1.current} MutBorrow.borrow_final {r1.current} {MutBorrow.get_id r1} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- _ret ] -{inv_T _ret.final}- [ &r1 <- { r1 with current = _ret.final } ] s3) - | s3 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + | s3 = {inv_T _11.current} + MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s4) - | s4 = {[@expl:type invariant] inv_ref_T _8} s5 - | s5 = -{resolve_ref_T _8}- s6 + [ &_9 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- { _11 with current = _ret.final } ] s4) + | s4 = {[@expl:type invariant] inv_ref_T _11} s5 + | s5 = -{resolve_ref_T _11}- s6 | s6 = bb3 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_T r1} s1 @@ -97,17 +97,17 @@ module M_select | s2 = {inv_T r2.current} MutBorrow.borrow_final {r2.current} {MutBorrow.get_id r2} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- _ret ] -{inv_T _ret.final}- [ &r2 <- { r2 with current = _ret.final } ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = {inv_T _6.current} - MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + [ s0 = {inv_T _9.current} + MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t t_T) -> [ &_4 <- _ret ] -{inv_T _ret.final}- - [ &_6 <- { _6 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _6} s2 - | s2 = -{resolve_ref_T _6}- s3 + [ &_9 <- { _9 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _9} s2 + | s2 = -{resolve_ref_T _9}- s3 | s3 = {inv_T _4.current} MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} (fun (_ret: MutBorrow.t t_T) -> @@ -125,8 +125,8 @@ module M_select | & r1: MutBorrow.t t_T = r1 | & r2: MutBorrow.t t_T = r2 | & _4: MutBorrow.t t_T = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () ]) + | & _9: MutBorrow.t t_T = Any.any_l () + | & _11: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:select result type invariant] inv_ref_T result} {[@expl:select ensures] if b then result = r1 else result = r2} (! return {result}) ] @@ -181,15 +181,15 @@ module M_reborrow_field [ s0 = {inv_T r.current.f0} MutBorrow.borrow_final {r.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id r) 1} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- + [ &_5 <- _ret ] -{inv_T _ret.final}- [ &r <- { r with current = { r.current with f0 = _ret.final } } ] s1) - | s1 = {inv_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + | s1 = {inv_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _4} s3 - | s3 = -{resolve_ref_T _4}- s4 + [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _5} s3 + | s3 = -{resolve_ref_T _5}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -203,7 +203,7 @@ module M_reborrow_field [ & _0: MutBorrow.t t_T = Any.any_l () | & r: MutBorrow.t tup2_T_T = r | & _2: MutBorrow.t t_T = Any.any_l () - | & _4: MutBorrow.t t_T = Any.any_l () ]) + | & _5: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:reborrow_field result type invariant] inv_ref_T result} {[@expl:reborrow_field ensures] result = MutBorrow.borrow_logic r.current.f0 r.final.f0 (MutBorrow.inherit_id (MutBorrow.get_id r) 1)} @@ -275,14 +275,14 @@ module M_disjoint_fields | s2 = {inv_T r0.current} MutBorrow.borrow_final {r0.current} {MutBorrow.get_id r0} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- + [ &_8 <- _ret ] -{inv_T _ret.final}- [ &r0 <- { r0 with current = _ret.final } ] s3) | s3 = {inv_T r1.current} MutBorrow.borrow_final {r1.current} {MutBorrow.get_id r1} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- _ret ] -{inv_T _ret.final}- [ &r1 <- { r1 with current = _ret.final } ] s4) - | s4 = [ &_0 <- { f0'0 = _6; f1'0 = _7 } ] s5 + | s4 = [ &_0 <- { f0'0 = _8; f1'0 = _9 } ] s5 | s5 = {[@expl:type invariant] inv_ref_T r1} s6 | s6 = -{resolve_ref_T r1}- s7 | s7 = {[@expl:type invariant] inv_ref_T r0} s8 @@ -294,8 +294,8 @@ module M_disjoint_fields | & r: MutBorrow.t tup2_T_T = r | & r0: MutBorrow.t t_T = Any.any_l () | & r1: MutBorrow.t t_T = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) + | & _8: MutBorrow.t t_T = Any.any_l () + | & _9: MutBorrow.t t_T = Any.any_l () ]) [ return (result: tup2_ref_T_ref_T) -> {[@expl:disjoint_fields result type invariant] inv_tup2_ref_T_ref_T result} {[@expl:disjoint_fields ensures #0] result.f0'0 = MutBorrow.borrow_logic r.current.f0 r.final.f0 (MutBorrow.inherit_id (MutBorrow.get_id r) 1)} @@ -378,15 +378,15 @@ module M_nested_fields | s1 = {inv_T borrow1.current.f1} MutBorrow.borrow_final {borrow1.current.f1} {MutBorrow.inherit_id (MutBorrow.get_id borrow1) 2} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- + [ &_6 <- _ret ] -{inv_T _ret.final}- [ &borrow1 <- { borrow1 with current = { borrow1.current with f1 = _ret.final } } ] s2) - | s2 = {inv_T _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + | s2 = {inv_T _6.current} + MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s3) - | s3 = {[@expl:type invariant] inv_ref_T _5} s4 - | s4 = -{resolve_ref_T _5}- s5 + [ &_6 <- { _6 with current = _ret.final } ] s3) + | s3 = {[@expl:type invariant] inv_ref_T _6} s4 + | s4 = -{resolve_ref_T _6}- s5 | s5 = {[@expl:type invariant] inv_ref_tup2_T_T borrow1} s6 | s6 = -{resolve_ref_tup2_T_T borrow1}- s7 | s7 = {inv_T _2.current} @@ -403,7 +403,7 @@ module M_nested_fields | & r: MutBorrow.t tup2_tup2_T_T_T = r | & _2: MutBorrow.t t_T = Any.any_l () | & borrow1: MutBorrow.t tup2_T_T = Any.any_l () - | & _5: MutBorrow.t t_T = Any.any_l () ]) + | & _6: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:nested_fields result type invariant] inv_ref_T result} {[@expl:nested_fields ensures] result = MutBorrow.borrow_logic r.current.f0'0.f1 r.final.f0'0.f1 (MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id r) 1) 2)} @@ -580,17 +580,17 @@ module M_select_field [ s0 = {inv_Option_T x.current.f0} MutBorrow.borrow_final {x.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id x) 1} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_4 <- _ret ] -{inv_Option_T _ret.final}- + [ &_5 <- _ret ] -{inv_Option_T _ret.final}- [ &x <- { x with current = { x.current with f0 = _ret.final } } ] s1) - | s1 = any [ br0 -> {_4.current = None} (! bb2) | br1 (x0: t_T) -> {_4.current = Some x0} (! bb3) ] ] + | s1 = any [ br0 -> {_5.current = None} (! bb2) | br1 (x0: t_T) -> {_5.current = Some x0} (! bb3) ] ] | bb3 = s0 - [ s0 = elim_Some {_4.current} + [ s0 = elim_Some {_5.current} (fun (r0: t_T) -> {inv_T r0} - MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _4) 1} + MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _5) 1} (fun (_ret: MutBorrow.t t_T) -> [ &r <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = Some _ret.final } ] s1)) + [ &_5 <- { _5 with current = Some _ret.final } ] s1)) | s1 = {inv_T r.current} MutBorrow.borrow_final {r.current} {MutBorrow.get_id r} (fun (_ret: MutBorrow.t t_T) -> @@ -598,23 +598,23 @@ module M_select_field [ &r <- { r with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_T r} s3 | s3 = -{resolve_ref_T r}- s4 - | s4 = {[@expl:type invariant] inv_ref_Option_T _4} s5 - | s5 = -{resolve_ref_Option_T _4}- s6 + | s4 = {[@expl:type invariant] inv_ref_Option_T _5} s5 + | s5 = -{resolve_ref_Option_T _5}- s6 | s6 = bb5 ] - | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_T _4} s1 | s1 = -{resolve_ref_Option_T _4}- s2 | s2 = bb4 ] + | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_T _5} s1 | s1 = -{resolve_ref_Option_T _5}- s2 | s2 = bb4 ] | bb4 = s0 [ s0 = {inv_T x.current.f1} MutBorrow.borrow_final {x.current.f1} {MutBorrow.inherit_id (MutBorrow.get_id x) 2} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = { x.current with f1 = _ret.final } } ] s1) - | s1 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + | s1 = {inv_T _9.current} + MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t t_T) -> [ &_0 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _8} s3 - | s3 = -{resolve_ref_T _8}- s4 + [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _9} s3 + | s3 = -{resolve_ref_T _9}- s4 | s4 = bb5 ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv_ref_tup2_Option_T_T x} s1 @@ -622,9 +622,9 @@ module M_select_field | s2 = return {_0} ] ] [ & _0: MutBorrow.t t_T = Any.any_l () | & x: MutBorrow.t tup2_Option_T_T = x - | & _4: MutBorrow.t t_Option_T = Any.any_l () + | & _5: MutBorrow.t t_Option_T = Any.any_l () | & r: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () ]) + | & _9: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:select_field result type invariant] inv_ref_T result} {[@expl:select_field ensures] match x.current.f0 with | None -> result = MutBorrow.borrow_logic x.current.f1 x.final.f1 (MutBorrow.inherit_id (MutBorrow.get_id x) 2) @@ -792,15 +792,15 @@ module M_unnesting_non_extensional [ s0 = {inv_T x.current.current} MutBorrow.borrow_mut {x.current.current} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- + [ &_7 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = { x.current with current = _ret.final } } ] s1) - | s1 = {inv_T _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + | s1 = {inv_T _7.current} + MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _5} s3 - | s3 = -{resolve_ref_T _5}- s4 + [ &_7 <- { _7 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _7} s3 + | s3 = -{resolve_ref_T _7}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -814,7 +814,7 @@ module M_unnesting_non_extensional [ & _0: MutBorrow.t t_T = Any.any_l () | & x: MutBorrow.t (MutBorrow.t t_T) = x | & _2: MutBorrow.t t_T = Any.any_l () - | & _5: MutBorrow.t t_T = Any.any_l () ]) + | & _7: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:unnesting_non_extensional result type invariant] inv_ref_T result} {[@expl:unnesting_non_extensional ensures #0] result.current = x.current.current} {[@expl:unnesting_non_extensional ensures #1] result.final = x.final.current} @@ -878,11 +878,11 @@ module M_write_inner_borrow [ s0 = {inv_T b.current} MutBorrow.borrow_final {b.current} {MutBorrow.get_id b} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_8 <- _ret ] -{inv_T _ret.final}- [ &b <- { b with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_T x.current} s2 | s2 = -{resolve_ref_T x.current}- s3 - | s3 = [ &x <- { x with current = _7 } ] s4 + | s3 = [ &x <- { x with current = _8 } ] s4 | s4 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_T x.current.current} s1 @@ -899,7 +899,7 @@ module M_write_inner_borrow | & value: t_T = value | & r: MutBorrow.t t_T = Any.any_l () | & snap: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_box_deref use creusot.prelude.Any @@ -1038,15 +1038,15 @@ module M_box_reborrow_indirect [ s0 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- + [ &_5 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = {inv_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + | s1 = {inv_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t t_T) -> [ &borrow <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _4} s3 - | s3 = -{resolve_ref_T _4}- s4 + [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _5} s3 + | s3 = -{resolve_ref_T _5}- s4 | s4 = {[@expl:type invariant] inv_ref_T borrow} s5 | s5 = -{resolve_ref_T borrow}- s6 | s6 = [ &_0 <- borrow.current ] s7 @@ -1056,7 +1056,7 @@ module M_box_reborrow_indirect [ & _0: t_T = Any.any_l () | & x: MutBorrow.t t_T = x | & borrow: MutBorrow.t t_T = Any.any_l () - | & _4: MutBorrow.t t_T = Any.any_l () ]) + | & _5: MutBorrow.t t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:box_reborrow_indirect result type invariant] inv_T result} {[@expl:box_reborrow_indirect ensures] result = x.current} (! return {result}) ] @@ -1087,11 +1087,11 @@ module M_box_reborrow_in_struct [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x.current.f1.current} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_5 <- _ret ] + [ &_6 <- _ret ] [ &x <- { x with current = { x.current with f1 = { x.current.f1 with current = _ret.final } } } ] s1) - | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _5}- s3 + | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _6}- s3 | s3 = -{resolve_ref_i32 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 | s5 = -{resolve_ref_tup2_i32_ref_Box_i32_Global x}- s6 @@ -1099,7 +1099,7 @@ module M_box_reborrow_in_struct [ & _0: Int32.t = Any.any_l () | & x: MutBorrow.t tup2_i32_ref_Box_i32_Global = x | & borrow: MutBorrow.t Int32.t = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () ]) + | & _6: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:box_reborrow_in_struct ensures] Int32.to_int result = 3} (! return {result}) ] end module M_borrow_in_box @@ -1143,15 +1143,15 @@ module M_borrow_in_box [ s0 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- + [ &_5 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = {inv_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + | s1 = {inv_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _4} s3 - | s3 = -{resolve_ref_T _4}- s4 + [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _5} s3 + | s3 = -{resolve_ref_T _5}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -1166,7 +1166,7 @@ module M_borrow_in_box [ & _0: MutBorrow.t t_T = Any.any_l () | & x: MutBorrow.t t_T = x | & _2: MutBorrow.t t_T = Any.any_l () - | & _4: MutBorrow.t t_T = Any.any_l () ]) + | & _5: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:borrow_in_box result type invariant] inv_ref_T result} {[@expl:borrow_in_box ensures] result = x} (! return {result}) ] @@ -1200,10 +1200,10 @@ module M_borrow_in_box_tuple_1 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {x.f1.current} {MutBorrow.get_id x.f1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_5 <- _ret ] [ &x <- { x with f1 = { x.f1 with current = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _5}- s3 + [ &_6 <- _ret ] [ &x <- { x with f1 = { x.f1 with current = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _6}- s3 | s3 = -{resolve_ref_i32 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 | s5 = -{resolve_Box_tup2_i32_ref_i32_Global x}- s6 @@ -1212,7 +1212,7 @@ module M_borrow_in_box_tuple_1 [ & _0: Int32.t = Any.any_l () | & x: tup2_i32_ref_i32 = x | & borrow: MutBorrow.t Int32.t = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () ]) + | & _6: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:borrow_in_box_tuple_1 ensures] Int32.to_int result = 2} (! return {result}) ] end module M_borrow_in_box_tuple_2 @@ -1245,10 +1245,10 @@ module M_borrow_in_box_tuple_2 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {x.f1.current} {MutBorrow.get_id x.f1} (fun (_ret: MutBorrow.t Int32.t) -> - [ &_5 <- _ret ] [ &x <- { x with f1 = { x.f1 with current = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_i32 _5}- s3 + [ &_6 <- _ret ] [ &x <- { x with f1 = { x.f1 with current = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + (fun (_ret: MutBorrow.t Int32.t) -> [ &borrow <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_i32 _6}- s3 | s3 = -{resolve_ref_i32 borrow}- s4 | s4 = [ &_0 <- borrow.current ] s5 | s5 = -{resolve_tup2_i32_Box_ref_i32_Global x}- s6 @@ -1257,7 +1257,7 @@ module M_borrow_in_box_tuple_2 [ & _0: Int32.t = Any.any_l () | & x: tup2_i32_Box_ref_i32_Global = x | & borrow: MutBorrow.t Int32.t = Any.any_l () - | & _5: MutBorrow.t Int32.t = Any.any_l () ]) + | & _6: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:borrow_in_box_tuple_2 ensures] Int32.to_int result = 2} (! return {result}) ] end module M_reborrow_in_box @@ -1310,15 +1310,15 @@ module M_reborrow_in_box [ s0 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- + [ &_5 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = {inv_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + | s1 = {inv_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _4} s3 - | s3 = -{resolve_ref_T _4}- s4 + [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _5} s3 + | s3 = -{resolve_ref_T _5}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -1332,7 +1332,7 @@ module M_reborrow_in_box [ & _0: MutBorrow.t t_T = Any.any_l () | & x: MutBorrow.t t_T = x | & _2: MutBorrow.t t_T = Any.any_l () - | & _4: MutBorrow.t t_T = Any.any_l () ]) + | & _5: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:reborrow_in_box result type invariant] inv_ref_T result} {[@expl:reborrow_in_box ensures] result = MutBorrow.borrow_logic x.current x.final (MutBorrow.get_id x)} (! return {result}) ] @@ -1607,29 +1607,29 @@ module M_index_mut_slice {[@expl:index_mut_slice requires] Seq.length (Slice64.view v.current) = 42} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- (12: UInt64.t) ] s1 + [ s0 = [ &_8 <- (12: UInt64.t) ] s1 | s1 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length v.current}- [ &_7 <- _ptr ] s2) - | s2 = [ &_8 <- Slice64.slice_ptr_len _7 ] s3 - | s3 = [ &_9 <- UInt64.lt _6 _8 ] s4 - | s4 = {[@expl:index in bounds] _9} s5 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length v.current}- [ &_9 <- _ptr ] s2) + | s2 = [ &_10 <- Slice64.slice_ptr_len _9 ] s3 + | s3 = [ &_11 <- UInt64.lt _8 _10 ] s4 + | s4 = {[@expl:index in bounds] _11} s5 | s5 = bb1 ] | bb1 = s0 - [ s0 = Slice64.get {v.current} {_6} + [ s0 = Slice64.get {v.current} {_8} (fun (r: t_T) -> {inv_T r} - MutBorrow.borrow_final {r} {MutBorrow.inherit_id (MutBorrow.get_id v) (UInt64.t'int _6)} + MutBorrow.borrow_final {r} {MutBorrow.inherit_id (MutBorrow.get_id v) (UInt64.t'int _8)} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- - Slice64.set {v.current} {_6} {_ret.final} + [ &_7 <- _ret ] -{inv_T _ret.final}- + Slice64.set {v.current} {_8} {_ret.final} (fun (r'0: Slice64.slice t_T) -> [ &v <- { v with current = r'0 } ] s1))) - | s1 = {inv_T _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + | s1 = {inv_T _7.current} + MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _5} s3 - | s3 = -{resolve_ref_T _5}- s4 + [ &_7 <- { _7 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _7} s3 + | s3 = -{resolve_ref_T _7}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -1643,11 +1643,11 @@ module M_index_mut_slice [ & _0: MutBorrow.t t_T = Any.any_l () | & v: MutBorrow.t (Slice64.slice t_T) = v | & _2: MutBorrow.t t_T = Any.any_l () - | & _5: MutBorrow.t t_T = Any.any_l () - | & _6: UInt64.t = Any.any_l () - | & _7: Opaque.ptr = Any.any_l () + | & _7: MutBorrow.t t_T = Any.any_l () | & _8: UInt64.t = Any.any_l () - | & _9: bool = Any.any_l () ]) + | & _9: Opaque.ptr = Any.any_l () + | & _10: UInt64.t = Any.any_l () + | & _11: bool = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:index_mut_slice result type invariant] inv_ref_T result} {[@expl:index_mut_slice ensures] result = MutBorrow.borrow_logic (index_slice_T v.current 12) (index_slice_T v.final 12) (MutBorrow.inherit_id (MutBorrow.get_id v) 12)} @@ -1725,26 +1725,26 @@ module M_index_mut_array {[@expl:index_mut_array 'v' type invariant] inv_ref_array_T_31 v} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- (12: UInt64.t) ] s1 - | s1 = [ &_6 <- UInt64.lt _5 (31: UInt64.t) ] s2 - | s2 = {[@expl:index in bounds] _6} s3 + [ s0 = [ &_6 <- (12: UInt64.t) ] s1 + | s1 = [ &_7 <- UInt64.lt _6 (31: UInt64.t) ] s2 + | s2 = {[@expl:index in bounds] _7} s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Slice64.get {v.current} {_5} + [ s0 = Slice64.get {v.current} {_6} (fun (r: t_T) -> {inv_T r} - MutBorrow.borrow_final {r} {MutBorrow.inherit_id (MutBorrow.get_id v) (UInt64.t'int _5)} + MutBorrow.borrow_final {r} {MutBorrow.inherit_id (MutBorrow.get_id v) (UInt64.t'int _6)} (fun (_ret: MutBorrow.t t_T) -> - [ &_4 <- _ret ] -{inv_T _ret.final}- - Slice64.set {v.current} {_5} {_ret.final} + [ &_5 <- _ret ] -{inv_T _ret.final}- + Slice64.set {v.current} {_6} {_ret.final} (fun (r'0: Slice64.array t_T) -> [ &v <- { v with current = r'0 } ] s1))) - | s1 = {inv_T _4.current} - MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} + | s1 = {inv_T _5.current} + MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} (fun (_ret: MutBorrow.t t_T) -> [ &_2 <- _ret ] -{inv_T _ret.final}- - [ &_4 <- { _4 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _4} s3 - | s3 = -{resolve_ref_T _4}- s4 + [ &_5 <- { _5 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _5} s3 + | s3 = -{resolve_ref_T _5}- s4 | s4 = {inv_T _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_T) -> @@ -1758,9 +1758,9 @@ module M_index_mut_array [ & _0: MutBorrow.t t_T = Any.any_l () | & v: MutBorrow.t (Slice64.array t_T) = v | & _2: MutBorrow.t t_T = Any.any_l () - | & _4: MutBorrow.t t_T = Any.any_l () - | & _5: UInt64.t = Any.any_l () - | & _6: bool = Any.any_l () ]) + | & _5: MutBorrow.t t_T = Any.any_l () + | & _6: UInt64.t = Any.any_l () + | & _7: bool = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:index_mut_array result type invariant] inv_ref_T result} {[@expl:index_mut_array ensures] result = MutBorrow.borrow_logic (index_array_T_31 v.current (12: UInt64.t)) (index_array_T_31 v.final (12: UInt64.t)) (MutBorrow.inherit_id (MutBorrow.get_id v) (UInt64.t'int (12: UInt64.t)))} diff --git a/tests/should_succeed/bug/nonreturning.coma b/tests/should_succeed/bug/nonreturning.coma index 3e927b4b91..84d6f05bf4 100644 --- a/tests/should_succeed/bug/nonreturning.coma +++ b/tests/should_succeed/bug/nonreturning.coma @@ -26,7 +26,7 @@ module M_g let rec g (b: bool) (return (x: ())) = (! bb0 [ bb0 = any [ br0 -> {b = false} (! bb2) | br1 -> {b} (! bb1) ] - | bb1 = s0 [ s0 = f (fun (_ret: ()) -> [ &_5 <- _ret ] s1) | s1 = {false} any ] - | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & b: bool = b | & _5: () = Any.any_l () ]) + | bb1 = s0 [ s0 = f (fun (_ret: ()) -> [ &_6 <- _ret ] s1) | s1 = {false} any ] + | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & b: bool = b | & _6: () = Any.any_l () ]) [ return (result: ()) -> {[@expl:g ensures] not b} (! return {result}) ] end diff --git a/tests/should_succeed/bug/two_phase.coma b/tests/should_succeed/bug/two_phase.coma index 74ab2d3297..00b09e8196 100644 --- a/tests/should_succeed/bug/two_phase.coma +++ b/tests/should_succeed/bug/two_phase.coma @@ -36,18 +36,18 @@ module M_test meta "select_lsinst" "all" let rec test (v: MutBorrow.t t_Vec_usize_Global) (return (x: ())) = (! bb0 - [ bb0 = s0 [ s0 = len_usize {v.current} (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len_usize {v.current} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_4 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) - | s1 = push_usize {_4} {_5} (fun (_ret: ()) -> [ &_3 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_5 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) + | s1 = push_usize {_5} {_6} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve_ref_Vec_usize_Global v}- s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_usize_Global = v - | & _3: () = Any.any_l () - | & _4: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _5: UInt64.t = Any.any_l () ]) + | & _4: () = Any.any_l () + | & _5: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _6: UInt64.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:test ensures] UInt64.t'int (index_Vec_usize_Global v.final (Seq.length (view_Vec_usize_Global v.current))) = Seq.length (view_Vec_usize_Global v.current)} diff --git a/tests/should_succeed/cc/collections.coma b/tests/should_succeed/cc/collections.coma index 926176a7b3..8d7d919d0b 100644 --- a/tests/should_succeed/cc/collections.coma +++ b/tests/should_succeed/cc/collections.coma @@ -633,9 +633,9 @@ module M_roundtrip_hashmap_iter_mut [ s0 = {inv_HashMap_K_V_RandomState xs.current} MutBorrow.borrow_final {xs.current} {MutBorrow.get_id xs} (fun (_ret: MutBorrow.t t_HashMap_K_V_RandomState) -> - [ &_6 <- _ret ] -{inv_HashMap_K_V_RandomState _ret.final}- + [ &_9 <- _ret ] -{inv_HashMap_K_V_RandomState _ret.final}- [ &xs <- { xs with current = _ret.final } ] s1) - | s1 = iter_mut_K {_6} (fun (_ret: t_IterMut_K_V) -> [ &it <- _ret ] s2) + | s1 = iter_mut_K {_9} (fun (_ret: t_IterMut_K_V) -> [ &it <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &it0 <- it ] s1 | s1 = bb2 ] | bb2 = s0 @@ -657,7 +657,7 @@ module M_roundtrip_hashmap_iter_mut [ & _0: t_HashMap_ref_K_ref_V_RandomState = Any.any_l () | & xs: MutBorrow.t t_HashMap_K_V_RandomState = xs | & it: t_IterMut_K_V = Any.any_l () - | & _6: MutBorrow.t t_HashMap_K_V_RandomState = Any.any_l () + | & _9: MutBorrow.t t_HashMap_K_V_RandomState = Any.any_l () | & it0: t_IterMut_K_V = Any.any_l () | & r: t_HashMap_ref_K_ref_V_RandomState = Any.any_l () ]) [ return (result: t_HashMap_ref_K_ref_V_RandomState) -> @@ -781,12 +781,12 @@ module M_roundtrip_hashset_into_iter let rec roundtrip_hashset_into_iter_T (xs: t_HashSet_T_RandomState) (return (x: t_HashSet_T_RandomState)) = {[@expl:roundtrip_hashset_into_iter 'xs' type invariant] inv_HashSet_T_RandomState xs} (! bb0 - [ bb0 = s0 [ s0 = into_iter_HashSet_T_RandomState {xs} (fun (_ret: t_IntoIter_T) -> [ &_3 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = collect_IntoIter_T {_3} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] + [ bb0 = s0 [ s0 = into_iter_HashSet_T_RandomState {xs} (fun (_ret: t_IntoIter_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = collect_IntoIter_T {_4} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] | bb3 = return {_0} ] [ & _0: t_HashSet_T_RandomState = Any.any_l () | & xs: t_HashSet_T_RandomState = xs - | & _3: t_IntoIter_T = Any.any_l () ]) + | & _4: t_IntoIter_T = Any.any_l () ]) [ return (result: t_HashSet_T_RandomState) -> {[@expl:roundtrip_hashset_into_iter result type invariant] inv_HashSet_T_RandomState result} {[@expl:roundtrip_hashset_into_iter ensures] view_HashSet_T_RandomState result = view_HashSet_T_RandomState xs} @@ -918,12 +918,12 @@ module M_roundtrip_hashset_iter let rec roundtrip_hashset_iter_T (xs: t_HashSet_T_RandomState) (return (x: t_HashSet_ref_T_RandomState)) = {[@expl:roundtrip_hashset_iter 'xs' type invariant] inv_ref_HashSet_T_RandomState xs} (! bb0 - [ bb0 = s0 [ s0 = iter_T {xs} (fun (_ret: t_Iter_T) -> [ &_3 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = collect_Iter_T {_3} (fun (_ret: t_HashSet_ref_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = iter_T {xs} (fun (_ret: t_Iter_T) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = collect_Iter_T {_4} (fun (_ret: t_HashSet_ref_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] [ & _0: t_HashSet_ref_T_RandomState = Any.any_l () | & xs: t_HashSet_T_RandomState = xs - | & _3: t_Iter_T = Any.any_l () ]) + | & _4: t_Iter_T = Any.any_l () ]) [ return (result: t_HashSet_ref_T_RandomState) -> {[@expl:roundtrip_hashset_iter result type invariant] inv_HashSet_ref_T_RandomState result} {[@expl:roundtrip_hashset_iter ensures] view_HashSet_ref_T_RandomState result = view_HashSet_T_RandomState xs} @@ -1124,20 +1124,20 @@ module M_hashset_intersection {[@expl:hashset_intersection 'ys' type invariant] inv_ref_HashSet_T_RandomState ys} (! bb0 [ bb0 = s0 - [ s0 = intersection_T {xs} {ys} (fun (_ret: t_Intersection_T_RandomState) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + [ s0 = intersection_T {xs} {ys} (fun (_ret: t_Intersection_T_RandomState) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = copied_Intersection_T_RandomState {_5} - (fun (_ret: t_Copied_Intersection_T_RandomState) -> [ &_4 <- _ret ] s1) + [ s0 = copied_Intersection_T_RandomState {_7} + (fun (_ret: t_Copied_Intersection_T_RandomState) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = collect_Copied_Intersection_T_RandomState {_4} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) + [ s0 = collect_Copied_Intersection_T_RandomState {_6} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] | bb3 = return {_0} ] [ & _0: t_HashSet_T_RandomState = Any.any_l () | & xs: t_HashSet_T_RandomState = xs | & ys: t_HashSet_T_RandomState = ys - | & _4: t_Copied_Intersection_T_RandomState = Any.any_l () - | & _5: t_Intersection_T_RandomState = Any.any_l () ]) + | & _6: t_Copied_Intersection_T_RandomState = Any.any_l () + | & _7: t_Intersection_T_RandomState = Any.any_l () ]) [ return (result: t_HashSet_T_RandomState) -> {[@expl:hashset_intersection result type invariant] inv_HashSet_T_RandomState result} {[@expl:hashset_intersection ensures] view_HashSet_T_RandomState result @@ -1338,19 +1338,19 @@ module M_hashset_difference {[@expl:hashset_difference 'xs' type invariant] inv_ref_HashSet_T_RandomState xs} {[@expl:hashset_difference 'ys' type invariant] inv_ref_HashSet_T_RandomState ys} (! bb0 - [ bb0 = s0 [ s0 = difference_T {xs} {ys} (fun (_ret: t_Difference_T_RandomState) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = difference_T {xs} {ys} (fun (_ret: t_Difference_T_RandomState) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = copied_Difference_T_RandomState {_5} (fun (_ret: t_Copied_Difference_T_RandomState) -> [ &_4 <- _ret ] s1) + [ s0 = copied_Difference_T_RandomState {_7} (fun (_ret: t_Copied_Difference_T_RandomState) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = collect_Copied_Difference_T_RandomState {_4} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) + [ s0 = collect_Copied_Difference_T_RandomState {_6} (fun (_ret: t_HashSet_T_RandomState) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] | bb3 = return {_0} ] [ & _0: t_HashSet_T_RandomState = Any.any_l () | & xs: t_HashSet_T_RandomState = xs | & ys: t_HashSet_T_RandomState = ys - | & _4: t_Copied_Difference_T_RandomState = Any.any_l () - | & _5: t_Difference_T_RandomState = Any.any_l () ]) + | & _6: t_Copied_Difference_T_RandomState = Any.any_l () + | & _7: t_Difference_T_RandomState = Any.any_l () ]) [ return (result: t_HashSet_T_RandomState) -> {[@expl:hashset_difference result type invariant] inv_HashSet_T_RandomState result} {[@expl:hashset_difference ensures] view_HashSet_T_RandomState result diff --git a/tests/should_succeed/cc/fmap.coma b/tests/should_succeed/cc/fmap.coma index 58ec2f764d..69a11a5293 100644 --- a/tests/should_succeed/cc/fmap.coma +++ b/tests/should_succeed/cc/fmap.coma @@ -215,9 +215,9 @@ module M_resolves | bb3 = s0 [ s0 = [ &snap_v <- bor_v ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {s} - (fun (_ret: MutBorrow.t t_FMap_ref_usize_ref_usize) -> [ &_14 <- _ret ] [ &s <- _ret.final ] s1) - | s1 = insert_ghost_ref_usize {_14} {bor_k} {bor_v} (fun (_ret: t_Option_ref_usize) -> [ &_13 <- _ret ] s2) - | s2 = -{resolve_Option_ref_usize _13}- s3 + (fun (_ret: MutBorrow.t t_FMap_ref_usize_ref_usize) -> [ &_16 <- _ret ] [ &s <- _ret.final ] s1) + | s1 = insert_ghost_ref_usize {_16} {bor_k} {bor_v} (fun (_ret: t_Option_ref_usize) -> [ &_15 <- _ret ] s2) + | s2 = -{resolve_Option_ref_usize _15}- s3 | s3 = bb5 ] | bb5 = s0 [ s0 = into_iter_FMap_ref_usize_ref_usize {s} (fun (_ret: t_FMapIter_ref_usize_ref_usize) -> [ &iter <- _ret ] s1) @@ -238,27 +238,27 @@ module M_resolves [ s0 = {inv_FMapIter_ref_usize_ref_usize iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_FMapIter_ref_usize_ref_usize) -> - [ &_34 <- _ret ] -{inv_FMapIter_ref_usize_ref_usize _ret.final}- + [ &_47 <- _ret ] -{inv_FMapIter_ref_usize_ref_usize _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_FMapIter_ref_usize_ref_usize _34.current} - MutBorrow.borrow_final {_34.current} {MutBorrow.get_id _34} + | s1 = {inv_FMapIter_ref_usize_ref_usize _47.current} + MutBorrow.borrow_final {_47.current} {MutBorrow.get_id _47} (fun (_ret: MutBorrow.t t_FMapIter_ref_usize_ref_usize) -> - [ &_33 <- _ret ] -{inv_FMapIter_ref_usize_ref_usize _ret.final}- - [ &_34 <- { _34 with current = _ret.final } ] s2) - | s2 = next_FMapIter_ref_usize_ref_usize {_33} - (fun (_ret: t_Option_tup2_ref_usize_ref_usize) -> [ &_32 <- _ret ] s3) + [ &_46 <- _ret ] -{inv_FMapIter_ref_usize_ref_usize _ret.final}- + [ &_47 <- { _47 with current = _ret.final } ] s2) + | s2 = next_FMapIter_ref_usize_ref_usize {_46} + (fun (_ret: t_Option_tup2_ref_usize_ref_usize) -> [ &_45 <- _ret ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = {[@expl:type invariant] inv_ref_FMapIter_ref_usize_ref_usize _34} s1 - | s1 = -{resolve_ref_FMapIter_ref_usize_ref_usize _34}- s2 + [ s0 = {[@expl:type invariant] inv_ref_FMapIter_ref_usize_ref_usize _47} s1 + | s1 = -{resolve_ref_FMapIter_ref_usize_ref_usize _47}- s2 | s2 = any - [ br0 -> {_32 = None'0} (! bb14) | br1 (x0: tup2_ref_usize_ref_usize) -> {_32 = Some'0 x0} (! bb15) ] ] + [ br0 -> {_45 = None'0} (! bb14) | br1 (x0: tup2_ref_usize_ref_usize) -> {_45 = Some'0 x0} (! bb15) ] ] | bb15 = s0 - [ s0 = elim_Some {_32} (fun (r0: tup2_ref_usize_ref_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_37 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_45} (fun (r0: tup2_ref_usize_ref_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_50 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &produced <- _37 ] s1 + [ s0 = [ &produced <- _50 ] s1 | s1 = [ &k2 <- __creusot_proc_iter_elem.f0 ] s2 | s2 = [ &v2 <- __creusot_proc_iter_elem.f1 ] s3 | s3 = [ &k2 <- { k2 with current = (1: UInt64.t) } ] s4 @@ -283,16 +283,16 @@ module M_resolves | & bor_v: MutBorrow.t UInt64.t = Any.any_l () | & snap_k: MutBorrow.t UInt64.t = Any.any_l () | & snap_v: MutBorrow.t UInt64.t = Any.any_l () - | & _13: t_Option_ref_usize = Any.any_l () - | & _14: MutBorrow.t t_FMap_ref_usize_ref_usize = Any.any_l () + | & _15: t_Option_ref_usize = Any.any_l () + | & _16: MutBorrow.t t_FMap_ref_usize_ref_usize = Any.any_l () | & iter: t_FMapIter_ref_usize_ref_usize = Any.any_l () | & iter_old: t_FMapIter_ref_usize_ref_usize = Any.any_l () | & produced: Seq.seq tup2_ref_usize_ref_usize = Any.any_l () - | & _32: t_Option_tup2_ref_usize_ref_usize = Any.any_l () - | & _33: MutBorrow.t t_FMapIter_ref_usize_ref_usize = Any.any_l () - | & _34: MutBorrow.t t_FMapIter_ref_usize_ref_usize = Any.any_l () + | & _45: t_Option_tup2_ref_usize_ref_usize = Any.any_l () + | & _46: MutBorrow.t t_FMapIter_ref_usize_ref_usize = Any.any_l () + | & _47: MutBorrow.t t_FMapIter_ref_usize_ref_usize = Any.any_l () | & __creusot_proc_iter_elem: tup2_ref_usize_ref_usize = Any.any_l () - | & _37: Seq.seq tup2_ref_usize_ref_usize = Any.any_l () + | & _50: Seq.seq tup2_ref_usize_ref_usize = Any.any_l () | & k2: MutBorrow.t UInt64.t = Any.any_l () | & v2: MutBorrow.t UInt64.t = Any.any_l () | & variant_old_bb9: int = Any.any_l () ]) diff --git a/tests/should_succeed/cc/string.coma b/tests/should_succeed/cc/string.coma index b0091fcbf2..ddc921fada 100644 --- a/tests/should_succeed/cc/string.coma +++ b/tests/should_succeed/cc/string.coma @@ -164,12 +164,12 @@ module M_test_split_at = Seq.create 1 [|Char.of_int 195|]} {[@expl:test_split_at requires #1] to_utf8_char (Char.of_int 195) = Seq.create 2 [|(195: UInt8.t);(131: UInt8.t)|]} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- flat_map_singleton_char ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_7 <- flat_map_singleton_char ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] Seq.([..]) (view_str s) 0 1 = view_str s} s1 | s1 = split_at {s} {(2: UInt64.t)} (fun (_ret: tup2_ref_str_ref_str) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] - | bb2 = return {_0} ] [ & _0: tup2_ref_str_ref_str = Any.any_l () | & s: string = s | & _5: () = Any.any_l () ]) + | bb2 = return {_0} ] [ & _0: tup2_ref_str_ref_str = Any.any_l () | & s: string = s | & _7: () = Any.any_l () ]) [ return (result: tup2_ref_str_ref_str) -> {[@expl:test_split_at ensures] view_str result.f0 = view_str s /\ view_str result.f1 = (Seq.empty: Seq.seq Char.t)} (! return {result}) ] diff --git a/tests/should_succeed/cell/01_basic.coma b/tests/should_succeed/cell/01_basic.coma index 606aa17388..c3b2aac3cf 100644 --- a/tests/should_succeed/cell/01_basic.coma +++ b/tests/should_succeed/cell/01_basic.coma @@ -28,19 +28,19 @@ module M_adds_two (! bb0 [ bb0 = s0 [ s0 = get_u32 {c} (fun (_ret: UInt32.t) -> [ &v <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- UInt32.lt v (100000: UInt32.t) ] s1 - | s1 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb2) ] ] + [ s0 = [ &_6 <- UInt32.lt v (100000: UInt32.t) ] s1 + | s1 = any [ br0 -> {_6 = false} (! bb4) | br1 -> {_6} (! bb2) ] ] | bb2 = s0 - [ s0 = UInt32.add {v} {(2: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_9 <- _ret ] s1) - | s1 = set_u32 {c} {_9} (fun (_ret: ()) -> [ &_7 <- _ret ] s2) + [ s0 = UInt32.add {v} {(2: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s1) + | s1 = set_u32 {c} {_10} (fun (_ret: ()) -> [ &_8 <- _ret ] s2) | s2 = bb6 ] - | bb4 = s0 [ s0 = set_u32 {c} {(0: UInt32.t)} (fun (_ret: ()) -> [ &_11 <- _ret ] s1) | s1 = bb6 ] + | bb4 = s0 [ s0 = set_u32 {c} {(0: UInt32.t)} (fun (_ret: ()) -> [ &_12 <- _ret ] s1) | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: () = Any.any_l () | & c: t_PredCell_u32 = c | & v: UInt32.t = Any.any_l () - | & _5: bool = Any.any_l () - | & _7: () = Any.any_l () - | & _9: UInt32.t = Any.any_l () - | & _11: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: bool = Any.any_l () + | & _8: () = Any.any_l () + | & _10: UInt32.t = Any.any_l () + | & _12: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/cell/02_fib.coma b/tests/should_succeed/cell/02_fib.coma index 7a7d77df58..c27c50373f 100644 --- a/tests/should_succeed/cell/02_fib.coma +++ b/tests/should_succeed/cell/02_fib.coma @@ -158,55 +158,55 @@ module M_fib_memo (! bb0 [ bb0 = s0 [ s0 = index_Vec_PredCell_Option_usize_Global {mem.f0} {i} - (fun (_ret: t_PredCell_Option_usize) -> [ &_8 <- _ret ] s1) + (fun (_ret: t_PredCell_Option_usize) -> [ &_12 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = get_Option_usize {_8} (fun (_ret: t_Option_usize) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_6 = None} (! bb5) | br1 (x0: UInt64.t) -> {_6 = Some x0} (! bb6) ] - | bb6 = s0 [ s0 = elim_Some {_6} (fun (r0: UInt64.t) -> [ &v <- r0 ] s1) | s1 = [ &_0 <- v ] s2 | s2 = bb18 ] + | bb1 = s0 [ s0 = get_Option_usize {_12} (fun (_ret: t_Option_usize) -> [ &_10 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_10 = None} (! bb5) | br1 (x0: UInt64.t) -> {_10 = Some x0} (! bb6) ] + | bb6 = s0 [ s0 = elim_Some {_10} (fun (r0: UInt64.t) -> [ &v <- r0 ] s1) | s1 = [ &_0 <- v ] s2 | s2 = bb18 ] | bb5 = s0 - [ s0 = [ &_14 <- i = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb7) ] ] + [ s0 = [ &_18 <- i = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb8) | br1 -> {_18} (! bb7) ] ] | bb7 = s0 [ s0 = [ &fib_i <- (0: UInt64.t) ] s1 | s1 = bb15 ] | bb8 = s0 - [ s0 = [ &_16 <- i = (1: UInt64.t) ] s1 | s1 = any [ br0 -> {_16 = false} (! bb10) | br1 -> {_16} (! bb9) ] ] + [ s0 = [ &_20 <- i = (1: UInt64.t) ] s1 | s1 = any [ br0 -> {_20 = false} (! bb10) | br1 -> {_20} (! bb9) ] ] | bb9 = s0 [ s0 = [ &fib_i <- (1: UInt64.t) ] s1 | s1 = bb15 ] - | bb10 = s0 [ s0 = [ &_18 <- () ] s1 | s1 = bb11 ] + | bb10 = s0 [ s0 = [ &_22 <- () ] s1 | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) - | s1 = fib_memo {mem} {_22} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s2) + [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s1) + | s1 = fib_memo {mem} {_26} (fun (_ret: UInt64.t) -> [ &_24 <- _ret ] s2) | s2 = bb12 ] | bb12 = s0 - [ s0 = UInt64.sub {i} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s1) - | s1 = fib_memo {mem} {_26} (fun (_ret: UInt64.t) -> [ &_24 <- _ret ] s2) + [ s0 = UInt64.sub {i} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_30 <- _ret ] s1) + | s1 = fib_memo {mem} {_30} (fun (_ret: UInt64.t) -> [ &_28 <- _ret ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = UInt64.add {_20} {_24} (fun (_ret: UInt64.t) -> [ &fib_i <- _ret ] s1) | s1 = bb15 ] + | bb13 = s0 [ s0 = UInt64.add {_24} {_28} (fun (_ret: UInt64.t) -> [ &fib_i <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 [ s0 = {[@expl:assertion] UInt64.t'int fib_i = fib (UInt64.t'int i)} s1 | s1 = index_Vec_PredCell_Option_usize_Global {mem.f0} {i} - (fun (_ret: t_PredCell_Option_usize) -> [ &_32 <- _ret ] s2) + (fun (_ret: t_PredCell_Option_usize) -> [ &_38 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &_35 <- Some fib_i ] s1 - | s1 = set_Option_usize {_32} {_35} (fun (_ret: ()) -> [ &_30 <- _ret ] s2) + [ s0 = [ &_41 <- Some fib_i ] s1 + | s1 = set_Option_usize {_38} {_41} (fun (_ret: ()) -> [ &_36 <- _ret ] s2) | s2 = bb17 ] | bb17 = s0 [ s0 = [ &_0 <- fib_i ] s1 | s1 = bb18 ] | bb18 = return {_0} ] [ & _0: UInt64.t = Any.any_l () | & mem: t_FibCache = mem | & i: UInt64.t = i - | & _6: t_Option_usize = Any.any_l () - | & _8: t_PredCell_Option_usize = Any.any_l () + | & _10: t_Option_usize = Any.any_l () + | & _12: t_PredCell_Option_usize = Any.any_l () | & v: UInt64.t = Any.any_l () | & fib_i: UInt64.t = Any.any_l () - | & _14: bool = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: () = Any.any_l () - | & _20: UInt64.t = Any.any_l () - | & _22: UInt64.t = Any.any_l () + | & _18: bool = Any.any_l () + | & _20: bool = Any.any_l () + | & _22: () = Any.any_l () | & _24: UInt64.t = Any.any_l () | & _26: UInt64.t = Any.any_l () - | & _30: () = Any.any_l () - | & _32: t_PredCell_Option_usize = Any.any_l () - | & _35: t_Option_usize = Any.any_l () ]) + | & _28: UInt64.t = Any.any_l () + | & _30: UInt64.t = Any.any_l () + | & _36: () = Any.any_l () + | & _38: t_PredCell_Option_usize = Any.any_l () + | & _41: t_Option_usize = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:fib_memo ensures] UInt64.t'int result = fib (UInt64.t'int i)} (! return {result}) ] end diff --git a/tests/should_succeed/cell/03_as_slice_of_cells.coma b/tests/should_succeed/cell/03_as_slice_of_cells.coma index eec4a05ea3..2e6f3b033a 100644 --- a/tests/should_succeed/cell/03_as_slice_of_cells.coma +++ b/tests/should_succeed/cell/03_as_slice_of_cells.coma @@ -68,38 +68,38 @@ module M_splits_up [ s0 = as_slice_of_cells_u32 {cell} {snapshot} (fun (_ret: Slice64.slice t_PredCell_u32) -> [ &slice <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_11 <- (0: UInt64.t) ] s1 - | s1 = [ &_12 <- Slice64.length slice ] s2 - | s2 = [ &_13 <- UInt64.lt _11 _12 ] s3 - | s3 = {[@expl:index in bounds] _13} s4 + [ s0 = [ &_12 <- (0: UInt64.t) ] s1 + | s1 = [ &_13 <- Slice64.length slice ] s2 + | s2 = [ &_14 <- UInt64.lt _12 _13 ] s3 + | s3 = {[@expl:index in bounds] _14} s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = Slice64.get {slice} {_11} - (fun (r: t_PredCell_u32) -> get_u32 {r} (fun (_ret: UInt32.t) -> [ &_9 <- _ret ] s1)) + [ s0 = Slice64.get {slice} {_12} + (fun (r: t_PredCell_u32) -> get_u32 {r} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s1)) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_16 <- (1: UInt64.t) ] s1 - | s1 = [ &_17 <- Slice64.length slice ] s2 - | s2 = [ &_18 <- UInt64.lt _16 _17 ] s3 - | s3 = {[@expl:index in bounds] _18} s4 + [ s0 = [ &_17 <- (1: UInt64.t) ] s1 + | s1 = [ &_18 <- Slice64.length slice ] s2 + | s2 = [ &_19 <- UInt64.lt _17 _18 ] s3 + | s3 = {[@expl:index in bounds] _19} s4 | s4 = bb5 ] | bb5 = s0 - [ s0 = Slice64.get {slice} {_16} - (fun (r: t_PredCell_u32) -> get_u32 {r} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s1)) + [ s0 = Slice64.get {slice} {_17} + (fun (r: t_PredCell_u32) -> get_u32 {r} (fun (_ret: UInt32.t) -> [ &_15 <- _ret ] s1)) | s1 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- { f0 = _9; f1 = _14 } ] s1 | s1 = return {_0} ] ] + | bb6 = s0 [ s0 = [ &_0 <- { f0 = _10; f1 = _15 } ] s1 | s1 = return {_0} ] ] [ & _0: tup2_u32_u32 = Any.any_l () | & cell: t_PredCell_slice_u32 = cell | & snapshot: Seq.seq (Map.map UInt32.t bool) = Any.any_l () | & slice: Slice64.slice t_PredCell_u32 = Any.any_l () - | & _9: UInt32.t = Any.any_l () - | & _11: UInt64.t = Any.any_l () + | & _10: UInt32.t = Any.any_l () | & _12: UInt64.t = Any.any_l () - | & _13: bool = Any.any_l () - | & _14: UInt32.t = Any.any_l () - | & _16: UInt64.t = Any.any_l () + | & _13: UInt64.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: UInt32.t = Any.any_l () | & _17: UInt64.t = Any.any_l () - | & _18: bool = Any.any_l () ]) + | & _18: UInt64.t = Any.any_l () + | & _19: bool = Any.any_l () ]) [ return (result: tup2_u32_u32) -> {[@expl:splits_up ensures] Int.mod (UInt32.t'int result.f0) 2 = 0 /\ Int.mod (UInt32.t'int result.f1) 2 = 1} (! return {result}) ] diff --git a/tests/should_succeed/checked_ops.coma b/tests/should_succeed/checked_ops.coma index 9416a5858e..ff702c79e7 100644 --- a/tests/should_succeed/checked_ops.coma +++ b/tests/should_succeed/checked_ops.coma @@ -173,24 +173,24 @@ module M_test_u8_add_overflow let rec test_u8_add_overflow (a: UInt8.t) (return (x: ())) = {[@expl:test_u8_add_overflow requires] UInt8.t'int a <> 0} (! bb0 - [ bb0 = s0 [ s0 = checked_add {(255: UInt8.t)} {a} (fun (_ret: t_Option_u8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_u8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_add {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_add {(255: UInt8.t)} {a} (fun (_ret: t_Option_u8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_u8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_add {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt8.sub {a} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_13 <- _ret ] s1) - | s1 = [ &_10 <- _11 = _13 ] s2 - | s2 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_add {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_18 <- _ret ] s1) | s1 = bb8 ] + [ s0 = UInt8.sub {a} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_14 <- _ret ] s1) + | s1 = [ &_11 <- _12 = _14 ] s2 + | s2 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_add {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_19 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_17 <- _18 = (255: UInt8.t) ] s1 | s1 = any [ br0 -> {_17 = false} (! bb10) | br1 -> {_17} (! bb9) ] ] + [ s0 = [ &_18 <- _19 = (255: UInt8.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_add {(255: UInt8.t)} {a} (fun (_ret: tup2_u8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt8.sub {a} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_26 <- _ret ] s1) - | s1 = [ &_24 <- res.f0 = _26 ] s2 - | s2 = any [ br0 -> {_24 = false} (! bb16) | br1 -> {_24} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_28 <- res.f1 ] s1 | s1 = any [ br0 -> {_28 = false} (! bb16) | br1 -> {_28} (! bb13) ] ] + [ s0 = UInt8.sub {a} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_27 <- _ret ] s1) + | s1 = [ &_25 <- res.f0 = _27 ] s2 + | s2 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_29 <- res.f1 ] s1 | s1 = any [ br0 -> {_29 = false} (! bb16) | br1 -> {_29} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -198,17 +198,17 @@ module M_test_u8_add_overflow | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: UInt8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_u8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: UInt8.t = Any.any_l () - | & _13: UInt8.t = Any.any_l () - | & _17: bool = Any.any_l () - | & _18: UInt8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_u8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: UInt8.t = Any.any_l () + | & _14: UInt8.t = Any.any_l () + | & _18: bool = Any.any_l () + | & _19: UInt8.t = Any.any_l () | & res: tup2_u8_bool = Any.any_l () - | & _24: bool = Any.any_l () - | & _26: UInt8.t = Any.any_l () - | & _28: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _25: bool = Any.any_l () + | & _27: UInt8.t = Any.any_l () + | & _29: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_u8_wrapping_add use creusot.int.UInt8 @@ -468,25 +468,25 @@ module M_test_u8_sub_overflow let rec test_u8_sub_overflow (a: UInt8.t) (return (x: ())) = {[@expl:test_u8_sub_overflow requires] UInt8.t'int a <> 0} (! bb0 - [ bb0 = s0 [ s0 = checked_sub {(0: UInt8.t)} {a} (fun (_ret: t_Option_u8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_u8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_sub {(0: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_sub {(0: UInt8.t)} {a} (fun (_ret: t_Option_u8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_u8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_sub {(0: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = UInt8.sub {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_14 <- _ret ] s1) - | s1 = UInt8.add {_14} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_13 <- _ret ] s2) - | s2 = [ &_10 <- _11 = _13 ] s3 - | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_sub {(0: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_19 <- _ret ] s1) | s1 = bb8 ] + [ s0 = UInt8.sub {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_15 <- _ret ] s1) + | s1 = UInt8.add {_15} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_14 <- _ret ] s2) + | s2 = [ &_11 <- _12 = _14 ] s3 + | s3 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_sub {(0: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_18 <- _19 = (0: UInt8.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] + [ s0 = [ &_19 <- _20 = (0: UInt8.t) ] s1 | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_sub {(0: UInt8.t)} {a} (fun (_ret: tup2_u8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = UInt8.sub {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_28 <- _ret ] s1) - | s1 = UInt8.add {_28} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_27 <- _ret ] s2) - | s2 = [ &_25 <- res.f0 = _27 ] s3 - | s3 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_30 <- res.f1 ] s1 | s1 = any [ br0 -> {_30 = false} (! bb16) | br1 -> {_30} (! bb13) ] ] + [ s0 = UInt8.sub {(255: UInt8.t)} {a} (fun (_ret: UInt8.t) -> [ &_29 <- _ret ] s1) + | s1 = UInt8.add {_29} {(1: UInt8.t)} (fun (_ret: UInt8.t) -> [ &_28 <- _ret ] s2) + | s2 = [ &_26 <- res.f0 = _28 ] s3 + | s3 = any [ br0 -> {_26 = false} (! bb16) | br1 -> {_26} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_31 <- res.f1 ] s1 | s1 = any [ br0 -> {_31 = false} (! bb16) | br1 -> {_31} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -494,19 +494,19 @@ module M_test_u8_sub_overflow | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: UInt8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_u8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: UInt8.t = Any.any_l () - | & _13: UInt8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_u8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: UInt8.t = Any.any_l () | & _14: UInt8.t = Any.any_l () - | & _18: bool = Any.any_l () - | & _19: UInt8.t = Any.any_l () + | & _15: UInt8.t = Any.any_l () + | & _19: bool = Any.any_l () + | & _20: UInt8.t = Any.any_l () | & res: tup2_u8_bool = Any.any_l () - | & _25: bool = Any.any_l () - | & _27: UInt8.t = Any.any_l () + | & _26: bool = Any.any_l () | & _28: UInt8.t = Any.any_l () - | & _30: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _29: UInt8.t = Any.any_l () + | & _31: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_u8_wrapping_sub use creusot.int.UInt8 @@ -1013,49 +1013,49 @@ module M_test_u8_div_no_overflow let rec test_u8_div_no_overflow (a: UInt8.t) (b: UInt8.t) (return (x: ())) = {[@expl:test_u8_div_no_overflow requires] UInt8.t'int b <> 0} (! bb0 - [ bb0 = s0 [ s0 = checked_div {a} {b} (fun (_ret: t_Option_u8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap_u8 {_7} (fun (_ret: UInt8.t) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = checked_div {a} {b} (fun (_ret: t_Option_u8) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = unwrap_u8 {_8} (fun (_ret: UInt8.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_12 <- b ] s1 - | s1 = [ &_13 <- _12 = (0: UInt8.t) ] s2 - | s2 = {[@expl:division by zero] not _13} s3 + [ s0 = [ &_13 <- b ] s1 + | s1 = [ &_14 <- _13 = (0: UInt8.t) ] s2 + | s2 = {[@expl:division by zero] not _14} s3 | s3 = bb3 ] | bb3 = s0 - [ s0 = UInt8.div {a} {_12} (fun (_ret: UInt8.t) -> [ &_10 <- _ret ] s1) - | s1 = [ &_5 <- _6 = _10 ] s2 - | s2 = any [ br0 -> {_5 = false} (! bb5) | br1 -> {_5} (! bb4) ] ] - | bb4 = s0 [ s0 = wrapping_div {a} {b} (fun (_ret: UInt8.t) -> [ &_17 <- _ret ] s1) | s1 = bb6 ] + [ s0 = UInt8.div {a} {_13} (fun (_ret: UInt8.t) -> [ &_11 <- _ret ] s1) + | s1 = [ &_6 <- _7 = _11 ] s2 + | s2 = any [ br0 -> {_6 = false} (! bb5) | br1 -> {_6} (! bb4) ] ] + | bb4 = s0 [ s0 = wrapping_div {a} {b} (fun (_ret: UInt8.t) -> [ &_18 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_22 <- b ] s1 - | s1 = [ &_23 <- _22 = (0: UInt8.t) ] s2 - | s2 = {[@expl:division by zero] not _23} s3 + [ s0 = [ &_23 <- b ] s1 + | s1 = [ &_24 <- _23 = (0: UInt8.t) ] s2 + | s2 = {[@expl:division by zero] not _24} s3 | s3 = bb7 ] | bb7 = s0 - [ s0 = UInt8.div {a} {_22} (fun (_ret: UInt8.t) -> [ &_20 <- _ret ] s1) - | s1 = [ &_16 <- _17 = _20 ] s2 - | s2 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb8) ] ] - | bb8 = s0 [ s0 = saturating_div {a} {b} (fun (_ret: UInt8.t) -> [ &_27 <- _ret ] s1) | s1 = bb10 ] + [ s0 = UInt8.div {a} {_23} (fun (_ret: UInt8.t) -> [ &_21 <- _ret ] s1) + | s1 = [ &_17 <- _18 = _21 ] s2 + | s2 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb8) ] ] + | bb8 = s0 [ s0 = saturating_div {a} {b} (fun (_ret: UInt8.t) -> [ &_28 <- _ret ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = [ &_32 <- b ] s1 - | s1 = [ &_33 <- _32 = (0: UInt8.t) ] s2 - | s2 = {[@expl:division by zero] not _33} s3 + [ s0 = [ &_33 <- b ] s1 + | s1 = [ &_34 <- _33 = (0: UInt8.t) ] s2 + | s2 = {[@expl:division by zero] not _34} s3 | s3 = bb11 ] | bb11 = s0 - [ s0 = UInt8.div {a} {_32} (fun (_ret: UInt8.t) -> [ &_30 <- _ret ] s1) - | s1 = [ &_26 <- _27 = _30 ] s2 - | s2 = any [ br0 -> {_26 = false} (! bb13) | br1 -> {_26} (! bb12) ] ] + [ s0 = UInt8.div {a} {_33} (fun (_ret: UInt8.t) -> [ &_31 <- _ret ] s1) + | s1 = [ &_27 <- _28 = _31 ] s2 + | s2 = any [ br0 -> {_27 = false} (! bb13) | br1 -> {_27} (! bb12) ] ] | bb12 = s0 [ s0 = overflowing_div {a} {b} (fun (_ret: tup2_u8_bool) -> [ &res <- _ret ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = [ &_43 <- b ] s1 - | s1 = [ &_44 <- _43 = (0: UInt8.t) ] s2 - | s2 = {[@expl:division by zero] not _44} s3 + [ s0 = [ &_44 <- b ] s1 + | s1 = [ &_45 <- _44 = (0: UInt8.t) ] s2 + | s2 = {[@expl:division by zero] not _45} s3 | s3 = bb15 ] | bb15 = s0 - [ s0 = UInt8.div {a} {_43} (fun (_ret: UInt8.t) -> [ &_41 <- _ret ] s1) - | s1 = [ &_39 <- res.f0 = _41 ] s2 - | s2 = any [ br0 -> {_39 = false} (! bb20) | br1 -> {_39} (! bb16) ] ] + [ s0 = UInt8.div {a} {_44} (fun (_ret: UInt8.t) -> [ &_42 <- _ret ] s1) + | s1 = [ &_40 <- res.f0 = _42 ] s2 + | s2 = any [ br0 -> {_40 = false} (! bb20) | br1 -> {_40} (! bb16) ] ] | bb16 = s0 - [ s0 = [ &_45 <- res.f1 = false ] s1 | s1 = any [ br0 -> {_45 = false} (! bb20) | br1 -> {_45} (! bb17) ] ] + [ s0 = [ &_46 <- res.f1 = false ] s1 | s1 = any [ br0 -> {_46 = false} (! bb20) | br1 -> {_46} (! bb17) ] ] | bb17 = return {_0} | bb20 = {false} any | bb13 = {false} any @@ -1064,28 +1064,28 @@ module M_test_u8_div_no_overflow [ & _0: () = Any.any_l () | & a: UInt8.t = a | & b: UInt8.t = b - | & _5: bool = Any.any_l () - | & _6: UInt8.t = Any.any_l () - | & _7: t_Option_u8 = Any.any_l () - | & _10: UInt8.t = Any.any_l () - | & _12: UInt8.t = Any.any_l () - | & _13: bool = Any.any_l () - | & _16: bool = Any.any_l () - | & _17: UInt8.t = Any.any_l () - | & _20: UInt8.t = Any.any_l () - | & _22: UInt8.t = Any.any_l () - | & _23: bool = Any.any_l () - | & _26: bool = Any.any_l () - | & _27: UInt8.t = Any.any_l () - | & _30: UInt8.t = Any.any_l () - | & _32: UInt8.t = Any.any_l () - | & _33: bool = Any.any_l () + | & _6: bool = Any.any_l () + | & _7: UInt8.t = Any.any_l () + | & _8: t_Option_u8 = Any.any_l () + | & _11: UInt8.t = Any.any_l () + | & _13: UInt8.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _17: bool = Any.any_l () + | & _18: UInt8.t = Any.any_l () + | & _21: UInt8.t = Any.any_l () + | & _23: UInt8.t = Any.any_l () + | & _24: bool = Any.any_l () + | & _27: bool = Any.any_l () + | & _28: UInt8.t = Any.any_l () + | & _31: UInt8.t = Any.any_l () + | & _33: UInt8.t = Any.any_l () + | & _34: bool = Any.any_l () | & res: tup2_u8_bool = Any.any_l () - | & _39: bool = Any.any_l () - | & _41: UInt8.t = Any.any_l () - | & _43: UInt8.t = Any.any_l () - | & _44: bool = Any.any_l () - | & _45: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _40: bool = Any.any_l () + | & _42: UInt8.t = Any.any_l () + | & _44: UInt8.t = Any.any_l () + | & _45: bool = Any.any_l () + | & _46: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_u8_div_zero use creusot.int.UInt8 @@ -1323,26 +1323,26 @@ module M_test_i8_add_overflow_pos let rec test_i8_add_overflow_pos (a: Int8.t) (return (x: ())) = {[@expl:test_i8_add_overflow_pos requires] Int8.to_int a > 0} (! bb0 - [ bb0 = s0 [ s0 = checked_add {(127: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_i8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_add {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_add {(127: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_i8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_add {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.sub {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s1) - | s1 = Int8.sub {_14} {(2: Int8.t)} (fun (_ret: Int8.t) -> [ &_13 <- _ret ] s2) - | s2 = [ &_10 <- _11 = _13 ] s3 - | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_add {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_19 <- _ret ] s1) | s1 = bb8 ] + [ s0 = Int8.sub {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_15 <- _ret ] s1) + | s1 = Int8.sub {_15} {(2: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s2) + | s2 = [ &_11 <- _12 = _14 ] s3 + | s3 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_add {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_18 <- _19 = (127: Int8.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] + [ s0 = [ &_19 <- _20 = (127: Int8.t) ] s1 | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_add {(127: Int8.t)} {a} (fun (_ret: tup2_i8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.sub {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s1) - | s1 = Int8.sub {_28} {(2: Int8.t)} (fun (_ret: Int8.t) -> [ &_27 <- _ret ] s2) - | s2 = [ &_25 <- res.f0 = _27 ] s3 - | s3 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_30 <- res.f1 ] s1 | s1 = any [ br0 -> {_30 = false} (! bb16) | br1 -> {_30} (! bb13) ] ] + [ s0 = Int8.sub {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_29 <- _ret ] s1) + | s1 = Int8.sub {_29} {(2: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s2) + | s2 = [ &_26 <- res.f0 = _28 ] s3 + | s3 = any [ br0 -> {_26 = false} (! bb16) | br1 -> {_26} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_31 <- res.f1 ] s1 | s1 = any [ br0 -> {_31 = false} (! bb16) | br1 -> {_31} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -1350,19 +1350,19 @@ module M_test_i8_add_overflow_pos | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: Int8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_i8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: Int8.t = Any.any_l () - | & _13: Int8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_i8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: Int8.t = Any.any_l () | & _14: Int8.t = Any.any_l () - | & _18: bool = Any.any_l () - | & _19: Int8.t = Any.any_l () + | & _15: Int8.t = Any.any_l () + | & _19: bool = Any.any_l () + | & _20: Int8.t = Any.any_l () | & res: tup2_i8_bool = Any.any_l () - | & _25: bool = Any.any_l () - | & _27: Int8.t = Any.any_l () + | & _26: bool = Any.any_l () | & _28: Int8.t = Any.any_l () - | & _30: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _29: Int8.t = Any.any_l () + | & _31: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_i8_add_overflow_neg use creusot.int.Int8 @@ -1416,26 +1416,26 @@ module M_test_i8_add_overflow_neg let rec test_i8_add_overflow_neg (a: Int8.t) (return (x: ())) = {[@expl:test_i8_add_overflow_neg requires] Int8.to_int a < 0} (! bb0 - [ bb0 = s0 [ s0 = checked_add {(-128: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_i8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_add {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_add {(-128: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_i8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_add {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.add {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s1) - | s1 = Int8.add {_14} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_13 <- _ret ] s2) - | s2 = [ &_10 <- _11 = _13 ] s3 - | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_add {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_19 <- _ret ] s1) | s1 = bb8 ] + [ s0 = Int8.add {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_15 <- _ret ] s1) + | s1 = Int8.add {_15} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s2) + | s2 = [ &_11 <- _12 = _14 ] s3 + | s3 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_add {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_18 <- _19 = (-128: Int8.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] + [ s0 = [ &_19 <- _20 = (-128: Int8.t) ] s1 | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_add {(-128: Int8.t)} {a} (fun (_ret: tup2_i8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.add {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s1) - | s1 = Int8.add {_28} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_27 <- _ret ] s2) - | s2 = [ &_25 <- res.f0 = _27 ] s3 - | s3 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_30 <- res.f1 ] s1 | s1 = any [ br0 -> {_30 = false} (! bb16) | br1 -> {_30} (! bb13) ] ] + [ s0 = Int8.add {a} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_29 <- _ret ] s1) + | s1 = Int8.add {_29} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s2) + | s2 = [ &_26 <- res.f0 = _28 ] s3 + | s3 = any [ br0 -> {_26 = false} (! bb16) | br1 -> {_26} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_31 <- res.f1 ] s1 | s1 = any [ br0 -> {_31 = false} (! bb16) | br1 -> {_31} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -1443,19 +1443,19 @@ module M_test_i8_add_overflow_neg | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: Int8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_i8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: Int8.t = Any.any_l () - | & _13: Int8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_i8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: Int8.t = Any.any_l () | & _14: Int8.t = Any.any_l () - | & _18: bool = Any.any_l () - | & _19: Int8.t = Any.any_l () + | & _15: Int8.t = Any.any_l () + | & _19: bool = Any.any_l () + | & _20: Int8.t = Any.any_l () | & res: tup2_i8_bool = Any.any_l () - | & _25: bool = Any.any_l () - | & _27: Int8.t = Any.any_l () + | & _26: bool = Any.any_l () | & _28: Int8.t = Any.any_l () - | & _30: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _29: Int8.t = Any.any_l () + | & _31: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_i8_wrapping_add use creusot.int.Int8 @@ -1749,26 +1749,26 @@ module M_test_i8_sub_overflow_pos let rec test_i8_sub_overflow_pos (a: Int8.t) (return (x: ())) = {[@expl:test_i8_sub_overflow_pos requires] Int8.to_int a > 0} (! bb0 - [ bb0 = s0 [ s0 = checked_sub {(-128: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_i8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_sub {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_sub {(-128: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_i8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_sub {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s1) - | s1 = Int8.add {_14} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_13 <- _ret ] s2) - | s2 = [ &_10 <- _11 = _13 ] s3 - | s3 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_sub {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_19 <- _ret ] s1) | s1 = bb8 ] + [ s0 = Int8.sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_15 <- _ret ] s1) + | s1 = Int8.add {_15} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s2) + | s2 = [ &_11 <- _12 = _14 ] s3 + | s3 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_sub {(-128: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_18 <- _19 = (-128: Int8.t) ] s1 | s1 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb9) ] ] + [ s0 = [ &_19 <- _20 = (-128: Int8.t) ] s1 | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_sub {(-128: Int8.t)} {a} (fun (_ret: tup2_i8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s1) - | s1 = Int8.add {_28} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_27 <- _ret ] s2) - | s2 = [ &_25 <- res.f0 = _27 ] s3 - | s3 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_30 <- res.f1 ] s1 | s1 = any [ br0 -> {_30 = false} (! bb16) | br1 -> {_30} (! bb13) ] ] + [ s0 = Int8.sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_29 <- _ret ] s1) + | s1 = Int8.add {_29} {(1: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s2) + | s2 = [ &_26 <- res.f0 = _28 ] s3 + | s3 = any [ br0 -> {_26 = false} (! bb16) | br1 -> {_26} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_31 <- res.f1 ] s1 | s1 = any [ br0 -> {_31 = false} (! bb16) | br1 -> {_31} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -1776,19 +1776,19 @@ module M_test_i8_sub_overflow_pos | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: Int8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_i8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: Int8.t = Any.any_l () - | & _13: Int8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_i8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: Int8.t = Any.any_l () | & _14: Int8.t = Any.any_l () - | & _18: bool = Any.any_l () - | & _19: Int8.t = Any.any_l () + | & _15: Int8.t = Any.any_l () + | & _19: bool = Any.any_l () + | & _20: Int8.t = Any.any_l () | & res: tup2_i8_bool = Any.any_l () - | & _25: bool = Any.any_l () - | & _27: Int8.t = Any.any_l () + | & _26: bool = Any.any_l () | & _28: Int8.t = Any.any_l () - | & _30: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _29: Int8.t = Any.any_l () + | & _31: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_i8_sub_overflow_neg use creusot.int.Int8 @@ -1842,28 +1842,28 @@ module M_test_i8_sub_overflow_neg let rec test_i8_sub_overflow_neg (a: Int8.t) (return (x: ())) = {[@expl:test_i8_sub_overflow_neg requires] Int8.to_int a < 0} (! bb0 - [ bb0 = s0 [ s0 = checked_sub {(127: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = is_none_i8 {_6} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb2 ] - | bb2 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb3) ] - | bb3 = s0 [ s0 = wrapping_sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_11 <- _ret ] s1) | s1 = bb5 ] + [ bb0 = s0 [ s0 = checked_sub {(127: Int8.t)} {a} (fun (_ret: t_Option_i8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = is_none_i8 {_7} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] + | bb2 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] + | bb3 = s0 [ s0 = wrapping_sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = Int8.add {(2: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_15 <- _ret ] s1) - | s1 = Int8.neg {_15} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s2) - | s2 = Int8.sub {_14} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_13 <- _ret ] s3) - | s3 = [ &_10 <- _11 = _13 ] s4 - | s4 = any [ br0 -> {_10 = false} (! bb7) | br1 -> {_10} (! bb6) ] ] - | bb6 = s0 [ s0 = saturating_sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] + [ s0 = Int8.add {(2: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_16 <- _ret ] s1) + | s1 = Int8.neg {_16} (fun (_ret: Int8.t) -> [ &_15 <- _ret ] s2) + | s2 = Int8.sub {_15} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_14 <- _ret ] s3) + | s3 = [ &_11 <- _12 = _14 ] s4 + | s4 = any [ br0 -> {_11 = false} (! bb7) | br1 -> {_11} (! bb6) ] ] + | bb6 = s0 [ s0 = saturating_sub {(127: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_21 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_19 <- _20 = (127: Int8.t) ] s1 | s1 = any [ br0 -> {_19 = false} (! bb10) | br1 -> {_19} (! bb9) ] ] + [ s0 = [ &_20 <- _21 = (127: Int8.t) ] s1 | s1 = any [ br0 -> {_20 = false} (! bb10) | br1 -> {_20} (! bb9) ] ] | bb9 = s0 [ s0 = overflowing_sub {(127: Int8.t)} {a} (fun (_ret: tup2_i8_bool) -> [ &res <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 - [ s0 = Int8.add {(2: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_30 <- _ret ] s1) - | s1 = Int8.neg {_30} (fun (_ret: Int8.t) -> [ &_29 <- _ret ] s2) - | s2 = Int8.sub {_29} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_28 <- _ret ] s3) - | s3 = [ &_26 <- res.f0 = _28 ] s4 - | s4 = any [ br0 -> {_26 = false} (! bb16) | br1 -> {_26} (! bb12) ] ] - | bb12 = s0 [ s0 = [ &_32 <- res.f1 ] s1 | s1 = any [ br0 -> {_32 = false} (! bb16) | br1 -> {_32} (! bb13) ] ] + [ s0 = Int8.add {(2: Int8.t)} {a} (fun (_ret: Int8.t) -> [ &_31 <- _ret ] s1) + | s1 = Int8.neg {_31} (fun (_ret: Int8.t) -> [ &_30 <- _ret ] s2) + | s2 = Int8.sub {_30} {(127: Int8.t)} (fun (_ret: Int8.t) -> [ &_29 <- _ret ] s3) + | s3 = [ &_27 <- res.f0 = _29 ] s4 + | s4 = any [ br0 -> {_27 = false} (! bb16) | br1 -> {_27} (! bb12) ] ] + | bb12 = s0 [ s0 = [ &_33 <- res.f1 ] s1 | s1 = any [ br0 -> {_33 = false} (! bb16) | br1 -> {_33} (! bb13) ] ] | bb13 = return {_0} | bb16 = {false} any | bb10 = {false} any @@ -1871,21 +1871,21 @@ module M_test_i8_sub_overflow_neg | bb4 = {false} any ] [ & _0: () = Any.any_l () | & a: Int8.t = a - | & _4: bool = Any.any_l () - | & _6: t_Option_i8 = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: Int8.t = Any.any_l () - | & _13: Int8.t = Any.any_l () + | & _5: bool = Any.any_l () + | & _7: t_Option_i8 = Any.any_l () + | & _11: bool = Any.any_l () + | & _12: Int8.t = Any.any_l () | & _14: Int8.t = Any.any_l () | & _15: Int8.t = Any.any_l () - | & _19: bool = Any.any_l () - | & _20: Int8.t = Any.any_l () + | & _16: Int8.t = Any.any_l () + | & _20: bool = Any.any_l () + | & _21: Int8.t = Any.any_l () | & res: tup2_i8_bool = Any.any_l () - | & _26: bool = Any.any_l () - | & _28: Int8.t = Any.any_l () + | & _27: bool = Any.any_l () | & _29: Int8.t = Any.any_l () | & _30: Int8.t = Any.any_l () - | & _32: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _31: Int8.t = Any.any_l () + | & _33: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_i8_wrapping_sub use creusot.int.Int8 @@ -2489,77 +2489,77 @@ module M_test_i8_div_no_overflow let rec test_i8_div_no_overflow (a: Int8.t) (b: Int8.t) (return (x: ())) = {[@expl:test_i8_div_no_overflow requires] Int8.to_int b <> 0 /\ (Int8.to_int a <> - 128 \/ Int8.to_int b <> - 1)} (! bb0 - [ bb0 = s0 [ s0 = checked_div {a} {b} (fun (_ret: t_Option_i8) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = unwrap_i8 {_7} (fun (_ret: Int8.t) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = checked_div {a} {b} (fun (_ret: t_Option_i8) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = unwrap_i8 {_9} (fun (_ret: Int8.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_11 <- a ] s1 - | s1 = [ &_12 <- b ] s2 - | s2 = [ &_13 <- _12 = (0: Int8.t) ] s3 - | s3 = {[@expl:division by zero] not _13} s4 + [ s0 = [ &_13 <- a ] s1 + | s1 = [ &_14 <- b ] s2 + | s2 = [ &_15 <- _14 = (0: Int8.t) ] s3 + | s3 = {[@expl:division by zero] not _15} s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = [ &_14 <- _12 = (-1: Int8.t) ] s1 - | s1 = [ &_15 <- _11 = (-128: Int8.t) ] s2 - | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 - | s3 = {[@expl:Div overflow] not _16} s4 + [ s0 = [ &_16 <- _14 = (-1: Int8.t) ] s1 + | s1 = [ &_17 <- _13 = (-128: Int8.t) ] s2 + | s2 = [ &_18 <- Bool.bw_and _16 _17 ] s3 + | s3 = {[@expl:Div overflow] not _18} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = Int8.div {_11} {_12} (fun (_ret: Int8.t) -> [ &_10 <- _ret ] s1) - | s1 = [ &_5 <- _6 = _10 ] s2 - | s2 = any [ br0 -> {_5 = false} (! bb6) | br1 -> {_5} (! bb5) ] ] - | bb5 = s0 [ s0 = wrapping_div {a} {b} (fun (_ret: Int8.t) -> [ &_20 <- _ret ] s1) | s1 = bb7 ] + [ s0 = Int8.div {_13} {_14} (fun (_ret: Int8.t) -> [ &_12 <- _ret ] s1) + | s1 = [ &_7 <- _8 = _12 ] s2 + | s2 = any [ br0 -> {_7 = false} (! bb6) | br1 -> {_7} (! bb5) ] ] + | bb5 = s0 [ s0 = wrapping_div {a} {b} (fun (_ret: Int8.t) -> [ &_22 <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = [ &_24 <- a ] s1 - | s1 = [ &_25 <- b ] s2 - | s2 = [ &_26 <- _25 = (0: Int8.t) ] s3 - | s3 = {[@expl:division by zero] not _26} s4 + [ s0 = [ &_26 <- a ] s1 + | s1 = [ &_27 <- b ] s2 + | s2 = [ &_28 <- _27 = (0: Int8.t) ] s3 + | s3 = {[@expl:division by zero] not _28} s4 | s4 = bb8 ] | bb8 = s0 - [ s0 = [ &_27 <- _25 = (-1: Int8.t) ] s1 - | s1 = [ &_28 <- _24 = (-128: Int8.t) ] s2 - | s2 = [ &_29 <- Bool.bw_and _27 _28 ] s3 - | s3 = {[@expl:Div overflow] not _29} s4 + [ s0 = [ &_29 <- _27 = (-1: Int8.t) ] s1 + | s1 = [ &_30 <- _26 = (-128: Int8.t) ] s2 + | s2 = [ &_31 <- Bool.bw_and _29 _30 ] s3 + | s3 = {[@expl:Div overflow] not _31} s4 | s4 = bb9 ] | bb9 = s0 - [ s0 = Int8.div {_24} {_25} (fun (_ret: Int8.t) -> [ &_23 <- _ret ] s1) - | s1 = [ &_19 <- _20 = _23 ] s2 - | s2 = any [ br0 -> {_19 = false} (! bb11) | br1 -> {_19} (! bb10) ] ] - | bb10 = s0 [ s0 = saturating_div {a} {b} (fun (_ret: Int8.t) -> [ &_33 <- _ret ] s1) | s1 = bb12 ] + [ s0 = Int8.div {_26} {_27} (fun (_ret: Int8.t) -> [ &_25 <- _ret ] s1) + | s1 = [ &_21 <- _22 = _25 ] s2 + | s2 = any [ br0 -> {_21 = false} (! bb11) | br1 -> {_21} (! bb10) ] ] + | bb10 = s0 [ s0 = saturating_div {a} {b} (fun (_ret: Int8.t) -> [ &_35 <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &_37 <- a ] s1 - | s1 = [ &_38 <- b ] s2 - | s2 = [ &_39 <- _38 = (0: Int8.t) ] s3 - | s3 = {[@expl:division by zero] not _39} s4 + [ s0 = [ &_39 <- a ] s1 + | s1 = [ &_40 <- b ] s2 + | s2 = [ &_41 <- _40 = (0: Int8.t) ] s3 + | s3 = {[@expl:division by zero] not _41} s4 | s4 = bb13 ] | bb13 = s0 - [ s0 = [ &_40 <- _38 = (-1: Int8.t) ] s1 - | s1 = [ &_41 <- _37 = (-128: Int8.t) ] s2 - | s2 = [ &_42 <- Bool.bw_and _40 _41 ] s3 - | s3 = {[@expl:Div overflow] not _42} s4 + [ s0 = [ &_42 <- _40 = (-1: Int8.t) ] s1 + | s1 = [ &_43 <- _39 = (-128: Int8.t) ] s2 + | s2 = [ &_44 <- Bool.bw_and _42 _43 ] s3 + | s3 = {[@expl:Div overflow] not _44} s4 | s4 = bb14 ] | bb14 = s0 - [ s0 = Int8.div {_37} {_38} (fun (_ret: Int8.t) -> [ &_36 <- _ret ] s1) - | s1 = [ &_32 <- _33 = _36 ] s2 - | s2 = any [ br0 -> {_32 = false} (! bb16) | br1 -> {_32} (! bb15) ] ] + [ s0 = Int8.div {_39} {_40} (fun (_ret: Int8.t) -> [ &_38 <- _ret ] s1) + | s1 = [ &_34 <- _35 = _38 ] s2 + | s2 = any [ br0 -> {_34 = false} (! bb16) | br1 -> {_34} (! bb15) ] ] | bb15 = s0 [ s0 = overflowing_div {a} {b} (fun (_ret: tup2_i8_bool) -> [ &res <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &_51 <- a ] s1 - | s1 = [ &_52 <- b ] s2 - | s2 = [ &_53 <- _52 = (0: Int8.t) ] s3 - | s3 = {[@expl:division by zero] not _53} s4 + [ s0 = [ &_53 <- a ] s1 + | s1 = [ &_54 <- b ] s2 + | s2 = [ &_55 <- _54 = (0: Int8.t) ] s3 + | s3 = {[@expl:division by zero] not _55} s4 | s4 = bb18 ] | bb18 = s0 - [ s0 = [ &_54 <- _52 = (-1: Int8.t) ] s1 - | s1 = [ &_55 <- _51 = (-128: Int8.t) ] s2 - | s2 = [ &_56 <- Bool.bw_and _54 _55 ] s3 - | s3 = {[@expl:Div overflow] not _56} s4 + [ s0 = [ &_56 <- _54 = (-1: Int8.t) ] s1 + | s1 = [ &_57 <- _53 = (-128: Int8.t) ] s2 + | s2 = [ &_58 <- Bool.bw_and _56 _57 ] s3 + | s3 = {[@expl:Div overflow] not _58} s4 | s4 = bb19 ] | bb19 = s0 - [ s0 = Int8.div {_51} {_52} (fun (_ret: Int8.t) -> [ &_50 <- _ret ] s1) - | s1 = [ &_48 <- res.f0 = _50 ] s2 - | s2 = any [ br0 -> {_48 = false} (! bb24) | br1 -> {_48} (! bb20) ] ] + [ s0 = Int8.div {_53} {_54} (fun (_ret: Int8.t) -> [ &_52 <- _ret ] s1) + | s1 = [ &_50 <- res.f0 = _52 ] s2 + | s2 = any [ br0 -> {_50 = false} (! bb24) | br1 -> {_50} (! bb20) ] ] | bb20 = s0 - [ s0 = [ &_57 <- res.f1 = false ] s1 | s1 = any [ br0 -> {_57 = false} (! bb24) | br1 -> {_57} (! bb21) ] ] + [ s0 = [ &_59 <- res.f1 = false ] s1 | s1 = any [ br0 -> {_59 = false} (! bb24) | br1 -> {_59} (! bb21) ] ] | bb21 = return {_0} | bb24 = {false} any | bb16 = {false} any @@ -2568,44 +2568,44 @@ module M_test_i8_div_no_overflow [ & _0: () = Any.any_l () | & a: Int8.t = a | & b: Int8.t = b - | & _5: bool = Any.any_l () - | & _6: Int8.t = Any.any_l () - | & _7: t_Option_i8 = Any.any_l () - | & _10: Int8.t = Any.any_l () - | & _11: Int8.t = Any.any_l () + | & _7: bool = Any.any_l () + | & _8: Int8.t = Any.any_l () + | & _9: t_Option_i8 = Any.any_l () | & _12: Int8.t = Any.any_l () - | & _13: bool = Any.any_l () - | & _14: bool = Any.any_l () + | & _13: Int8.t = Any.any_l () + | & _14: Int8.t = Any.any_l () | & _15: bool = Any.any_l () | & _16: bool = Any.any_l () - | & _19: bool = Any.any_l () - | & _20: Int8.t = Any.any_l () - | & _23: Int8.t = Any.any_l () - | & _24: Int8.t = Any.any_l () + | & _17: bool = Any.any_l () + | & _18: bool = Any.any_l () + | & _21: bool = Any.any_l () + | & _22: Int8.t = Any.any_l () | & _25: Int8.t = Any.any_l () - | & _26: bool = Any.any_l () - | & _27: bool = Any.any_l () + | & _26: Int8.t = Any.any_l () + | & _27: Int8.t = Any.any_l () | & _28: bool = Any.any_l () | & _29: bool = Any.any_l () - | & _32: bool = Any.any_l () - | & _33: Int8.t = Any.any_l () - | & _36: Int8.t = Any.any_l () - | & _37: Int8.t = Any.any_l () + | & _30: bool = Any.any_l () + | & _31: bool = Any.any_l () + | & _34: bool = Any.any_l () + | & _35: Int8.t = Any.any_l () | & _38: Int8.t = Any.any_l () - | & _39: bool = Any.any_l () - | & _40: bool = Any.any_l () + | & _39: Int8.t = Any.any_l () + | & _40: Int8.t = Any.any_l () | & _41: bool = Any.any_l () | & _42: bool = Any.any_l () + | & _43: bool = Any.any_l () + | & _44: bool = Any.any_l () | & res: tup2_i8_bool = Any.any_l () - | & _48: bool = Any.any_l () - | & _50: Int8.t = Any.any_l () - | & _51: Int8.t = Any.any_l () + | & _50: bool = Any.any_l () | & _52: Int8.t = Any.any_l () - | & _53: bool = Any.any_l () - | & _54: bool = Any.any_l () + | & _53: Int8.t = Any.any_l () + | & _54: Int8.t = Any.any_l () | & _55: bool = Any.any_l () | & _56: bool = Any.any_l () - | & _57: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _57: bool = Any.any_l () + | & _58: bool = Any.any_l () + | & _59: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_i8_div_zero use creusot.int.Int8 diff --git a/tests/should_succeed/closures/01_basic.rs b/tests/should_succeed/closures/01_basic.rs index 390d18e1d6..ae7f562428 100644 --- a/tests/should_succeed/closures/01_basic.rs +++ b/tests/should_succeed/closures/01_basic.rs @@ -31,12 +31,11 @@ pub fn new_ref<'a, T>() -> &'a mut T { panic!() } +#[allow(unused)] pub fn move_mut() { - #[allow(unused)] let mut x = &mut 0u32; let mut a = move || { - #[allow(unused)] x = new_ref(); }; (a)(); diff --git a/tests/should_succeed/closures/06_fn_specs.coma b/tests/should_succeed/closures/06_fn_specs.coma index fce5fb7200..3110a39395 100644 --- a/tests/should_succeed/closures/06_fn_specs.coma +++ b/tests/should_succeed/closures/06_fn_specs.coma @@ -210,8 +210,8 @@ module M_fn_once_user {[@expl:fn_once_user requires] precondition_F f (0: UInt64.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- (0: UInt64.t) ] s1 | s1 = call_once_F {f} {_4} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] - | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & f: t_F = f | & _4: UInt64.t = Any.any_l () ]) + [ s0 = [ &_5 <- (0: UInt64.t) ] s1 | s1 = call_once_F {f} {_5} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] + | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & f: t_F = f | & _5: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_caller diff --git a/tests/should_succeed/closures/07_mutable_capture.coma b/tests/should_succeed/closures/07_mutable_capture.coma index bbbc7f22f2..20685025a6 100644 --- a/tests/should_succeed/closures/07_mutable_capture.coma +++ b/tests/should_succeed/closures/07_mutable_capture.coma @@ -84,29 +84,29 @@ module M_test_fnmut (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_4 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = [ &c <- { c0 = _4 } ] s2 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = [ &c <- { c0 = _5 } ] s2 | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure1) -> [ &_6 <- _ret ] [ &c <- _ret.final ] s3) - | s3 = closure1 {_6} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s4) + (fun (_ret: MutBorrow.t closure1) -> [ &_7 <- _ret ] [ &c <- _ret.final ] s3) + | s3 = closure1 {_7} (fun (_ret: Int32.t) -> [ &_6 <- _ret ] s4) | s4 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure1) -> [ &_9 <- _ret ] [ &c <- _ret.final ] s1) - | s1 = closure1 {_9} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s2) + (fun (_ret: MutBorrow.t closure1) -> [ &_10 <- _ret ] [ &c <- _ret.final ] s1) + | s1 = closure1 {_10} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = -{resolve_closure1 c}- s1 | s1 = {[@expl:assertion] UInt32.t'int x = 100002} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: UInt32.t = x | & c: closure1 = Any.any_l () - | & _4: MutBorrow.t UInt32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () - | & _6: MutBorrow.t closure1 = Any.any_l () - | & _7: () = Any.any_l () - | & _8: Int32.t = Any.any_l () - | & _9: MutBorrow.t closure1 = Any.any_l () - | & _10: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () + | & _7: MutBorrow.t closure1 = Any.any_l () + | & _8: () = Any.any_l () + | & _9: Int32.t = Any.any_l () + | & _10: MutBorrow.t closure1 = Any.any_l () + | & _11: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_call_fnmut use creusot.prelude.MutBorrow @@ -172,24 +172,24 @@ module M_call_fnmut [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_6 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_mut_F {_6} {_7} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_mut_F {_9} {_10} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_8 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_mut_F {_8} {_9} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_11 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_mut_F {_11} {_12} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb3 ] | bb3 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f - | & _5: Int32.t = Any.any_l () - | & _6: MutBorrow.t t_F = Any.any_l () - | & _7: () = Any.any_l () - | & _8: MutBorrow.t t_F = Any.any_l () - | & _9: () = Any.any_l () ]) + | & _8: Int32.t = Any.any_l () + | & _9: MutBorrow.t t_F = Any.any_l () + | & _10: () = Any.any_l () + | & _11: MutBorrow.t t_F = Any.any_l () + | & _12: () = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_fnmut ensures] exists st1: t_F, st2: t_F, r: Int32.t. postcondition_mut_F f () st1 r /\ postcondition_mut_F st1 () st2 result /\ resolve_F st2} @@ -219,8 +219,8 @@ module M_call_fnonce let rec call_fnonce_F (f: t_F) (return (x: Int32.t)) = {[@expl:call_fnonce 'f' type invariant] inv_F f} {[@expl:call_fnonce requires] precondition_F f ()} (! bb0 - [ bb0 = s0 [ s0 = call_once_F {f} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] - | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _5: () = Any.any_l () ]) + [ bb0 = s0 [ s0 = call_once_F {f} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _7: () = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_fnonce ensures] postcondition_once_F f () result} (! return {result}) ] end module M_test_fnmut2 @@ -376,21 +376,21 @@ module M_test_fnmut2 (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_4 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = [ &c <- { c0 = _4 } ] s2 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = [ &c <- { c0 = _5 } ] s2 | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure1) -> [ &_6 <- _ret ] [ &c <- _ret.final ] s3) - | s3 = call_fnmut_ref_closure1 {_6} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s4) + (fun (_ret: MutBorrow.t closure1) -> [ &_7 <- _ret ] [ &c <- _ret.final ] s3) + | s3 = call_fnmut_ref_closure1 {_7} (fun (_ret: Int32.t) -> [ &_6 <- _ret ] s4) | s4 = bb1 ] - | bb1 = s0 [ s0 = call_fnmut_closure1 {c} (fun (_ret: Int32.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = call_fnmut_closure1 {c} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] UInt32.t'int x = 100004} s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: UInt32.t = x | & c: closure1 = Any.any_l () - | & _4: MutBorrow.t UInt32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () - | & _6: MutBorrow.t closure1 = Any.any_l () - | & _7: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () + | & _7: MutBorrow.t closure1 = Any.any_l () + | & _8: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_fnmut3 use creusot.prelude.MutBorrow @@ -495,21 +495,21 @@ module M_test_fnmut3 (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_4 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = [ &c <- { c0 = _4 } ] s2 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = [ &c <- { c0 = _5 } ] s2 | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure0) -> [ &_6 <- _ret ] [ &c <- _ret.final ] s3) - | s3 = call_fnonce_ref_closure0 {_6} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s4) + (fun (_ret: MutBorrow.t closure0) -> [ &_7 <- _ret ] [ &c <- _ret.final ] s3) + | s3 = call_fnonce_ref_closure0 {_7} (fun (_ret: Int32.t) -> [ &_6 <- _ret ] s4) | s4 = bb1 ] - | bb1 = s0 [ s0 = call_fnonce_closure0 {c} (fun (_ret: Int32.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = call_fnonce_closure0 {c} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] UInt32.t'int x = 100002} s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: UInt32.t = x | & c: closure0 = Any.any_l () - | & _4: MutBorrow.t UInt32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () - | & _6: MutBorrow.t closure0 = Any.any_l () - | & _7: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () + | & _7: MutBorrow.t closure0 = Any.any_l () + | & _8: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_fnmut2box use creusot.prelude.MutBorrow @@ -808,22 +808,22 @@ module M_test_fnmut2box (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_4 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = [ &c <- { c0 = _4 } ] s2 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = [ &c <- { c0 = _5 } ] s2 | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure1) -> [ &_7 <- _ret ] [ &c <- _ret.final ] s3) + (fun (_ret: MutBorrow.t closure1) -> [ &_8 <- _ret ] [ &c <- _ret.final ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = call_fnmut_Box_ref_closure1_Global {_7} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s1) | s1 = bb4 ] + | bb1 = s0 [ s0 = call_fnmut_Box_ref_closure1_Global {_8} (fun (_ret: Int32.t) -> [ &_6 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = call_fnmut_Box_Box_closure1_Global_Global {c} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) | s1 = bb5 ] + [ s0 = call_fnmut_Box_Box_closure1_Global_Global {c} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = {[@expl:assertion] UInt32.t'int x = 100004} s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: UInt32.t = x | & c: closure1 = Any.any_l () - | & _4: MutBorrow.t UInt32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () - | & _7: MutBorrow.t closure1 = Any.any_l () - | & _8: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () + | & _8: MutBorrow.t closure1 = Any.any_l () + | & _9: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_fnmut3box use creusot.prelude.MutBorrow @@ -992,24 +992,24 @@ module M_test_fnmut3box (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_4 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = [ &c <- { c0 = _4 } ] s2 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = [ &c <- { c0 = _5 } ] s2 | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t closure0) -> [ &_7 <- _ret ] [ &c <- _ret.final ] s3) - | s3 = MutBorrow.borrow_mut {_7} - (fun (_ret: MutBorrow.t (MutBorrow.t closure0)) -> [ &_6 <- _ret ] [ &_7 <- _ret.final ] s4) - | s4 = call_fnonce_ref_ref_closure0 {_6} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s5) + (fun (_ret: MutBorrow.t closure0) -> [ &_8 <- _ret ] [ &c <- _ret.final ] s3) + | s3 = MutBorrow.borrow_mut {_8} + (fun (_ret: MutBorrow.t (MutBorrow.t closure0)) -> [ &_7 <- _ret ] [ &_8 <- _ret.final ] s4) + | s4 = call_fnonce_ref_ref_closure0 {_7} (fun (_ret: Int32.t) -> [ &_6 <- _ret ] s5) | s5 = bb1 ] - | bb1 = s0 [ s0 = -{resolve_ref_closure0 _7}- s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = -{resolve_ref_closure0 _8}- s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = call_fnonce_Box_Box_closure0_Global_Global {c} (fun (_ret: Int32.t) -> [ &_8 <- _ret ] s1) | s1 = bb4 ] + [ s0 = call_fnonce_Box_Box_closure0_Global_Global {c} (fun (_ret: Int32.t) -> [ &_9 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = {[@expl:assertion] UInt32.t'int x = 100002} s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: UInt32.t = x | & c: closure0 = Any.any_l () - | & _4: MutBorrow.t UInt32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () - | & _6: MutBorrow.t (MutBorrow.t closure0) = Any.any_l () - | & _7: MutBorrow.t closure0 = Any.any_l () - | & _8: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () + | & _7: MutBorrow.t (MutBorrow.t closure0) = Any.any_l () + | & _8: MutBorrow.t closure0 = Any.any_l () + | & _9: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/closures/10_tyinv.coma b/tests/should_succeed/closures/10_tyinv.coma index 34cadfe5bd..11a6e0a8ea 100644 --- a/tests/should_succeed/closures/10_tyinv.coma +++ b/tests/should_succeed/closures/10_tyinv.coma @@ -49,14 +49,14 @@ module M_f (! bb0 [ bb0 = s0 [ s0 = {[@expl:assertion] UInt32.t'int self.c0'0.f0 = 0} s1 - | s1 = [ &_5 <- self.c0'0 ] s2 - | s2 = [ &res <- _5.f0 ] s3 + | s1 = [ &_6 <- self.c0'0 ] s2 + | s2 = [ &res <- _6.f0 ] s3 | s3 = [ &_0 <- res ] s4 | s4 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & self: closure1 = self | & res: UInt32.t = Any.any_l () - | & _5: t_Zero_T = Any.any_l () ]) + | & _6: t_Zero_T = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:closure ensures] UInt32.t'int result = 0} (! return {result}) ] predicate inv_closure0 [@inline:trivial] (_1: closure0) = @@ -78,17 +78,17 @@ module M_f [ bb0 = s0 [ s0 = {[@expl:assertion] UInt32.t'int self.c0.f0 = 0} s1 | s1 = [ &clos2 <- { c0'0 = self.c1 } ] s2 - | s2 = closure1 {clos2} (fun (_ret: UInt32.t) -> [ &_7 <- _ret ] s3) + | s2 = closure1 {clos2} (fun (_ret: UInt32.t) -> [ &_8 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = [ &_10 <- self.c0 ] s1 | s1 = [ &res <- _10.f0 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return {_0} ] ] + [ s0 = [ &_11 <- self.c0 ] s1 | s1 = [ &res <- _11.f0 ] s2 | s2 = [ &_0 <- res ] s3 | s3 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & self: closure0 = self | & res: UInt32.t = Any.any_l () | & clos2: closure1 = Any.any_l () - | & _7: UInt32.t = Any.any_l () - | & _9: () = Any.any_l () - | & _10: t_Zero_T = Any.any_l () ]) + | & _8: UInt32.t = Any.any_l () + | & _10: () = Any.any_l () + | & _11: t_Zero_T = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:closure ensures] UInt32.t'int result = 0} (! return {result}) ] meta "compute_max_steps" 1000000 diff --git a/tests/should_succeed/closures/13_ref_box.coma b/tests/should_succeed/closures/13_ref_box.coma index 26810ecd64..63d5790c88 100644 --- a/tests/should_succeed/closures/13_ref_box.coma +++ b/tests/should_succeed/closures/13_ref_box.coma @@ -76,11 +76,11 @@ module M_call_fn [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 - | s2 = [ &_6 <- x ] s3 - | s3 = call_F {f} {_6} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) + | s2 = [ &_10 <- x ] s3 + | s3 = call_F {f} {_10} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) | s4 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _6: Int32.t = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _10: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_fn ensures] postcondition_F f x result} (! return {result}) ] end module M_call_fnmut @@ -145,17 +145,17 @@ module M_call_fnmut [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_5 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = [ &_6 <- x ] s2 - | s2 = call_mut_F {_5} {_6} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = [ &_10 <- x ] s2 + | s2 = call_mut_F {_9} {_10} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x - | & _5: MutBorrow.t t_F = Any.any_l () - | & _6: Int32.t = Any.any_l () ]) + | & _9: MutBorrow.t t_F = Any.any_l () + | & _10: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_fnmut ensures] exists f2: t_F. postcondition_mut_F f x f2 result /\ resolve_F f2} (! return {result}) ] @@ -185,9 +185,9 @@ module M_call_fnonce {[@expl:call_fnonce requires] precondition_F f x} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- x ] s1 | s1 = call_once_F {f} {_6} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] + [ s0 = [ &_10 <- x ] s1 | s1 = call_once_F {f} {_10} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _6: Int32.t = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _10: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_fnonce ensures] postcondition_once_F f x result} (! return {result}) ] end module M_test1 @@ -858,12 +858,12 @@ module M_test5 [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_5 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_fnmut_ref_F {_5} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_fnmut_ref_F {_9} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _5: MutBorrow.t t_F = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _9: MutBorrow.t t_F = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test5 ensures] postcondition_F f x result} (! return {result}) ] end module M_test6 @@ -1134,12 +1134,12 @@ module M_test8 [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_5 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_fnonce_ref_F {_5} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_fnonce_ref_F {_9} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _5: MutBorrow.t t_F = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _9: MutBorrow.t t_F = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test8 ensures] postcondition_F f x result} (! return {result}) ] end module M_test9 @@ -1363,12 +1363,12 @@ module M_test10 [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_5 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_fnmut_ref_F {_5} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_fnmut_ref_F {_9} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _5: MutBorrow.t t_F = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _9: MutBorrow.t t_F = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test10 ensures] exists f2: t_F. postcondition_mut_F f x f2 result /\ resolve_F f2} (! return {result}) ] @@ -1517,12 +1517,12 @@ module M_test12 [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_5 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = call_fnonce_ref_F {_5} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_F) -> [ &_9 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = call_fnonce_ref_F {_9} {x} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] - [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _5: MutBorrow.t t_F = Any.any_l () ]) + [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & x: Int32.t = x | & _9: MutBorrow.t t_F = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test12 ensures] exists f2: t_F. postcondition_mut_F f x f2 result /\ resolve_F f2} (! return {result}) ] diff --git a/tests/should_succeed/closures/14_move_resolve.coma b/tests/should_succeed/closures/14_move_resolve.coma index fb980c01ce..8be9d61528 100644 --- a/tests/should_succeed/closures/14_move_resolve.coma +++ b/tests/should_succeed/closures/14_move_resolve.coma @@ -54,7 +54,7 @@ module M_f | & x: t_T = x | & xx: t_T = Any.any_l () | & f: closure1 = Any.any_l () - | & _8: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _11: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_g use creusot.prelude.Any @@ -114,5 +114,5 @@ module M_g | & x: t_T = x | & xx: t_T = Any.any_l () | & f: closure0 = Any.any_l () - | & _8: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _11: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/closures/inference.coma b/tests/should_succeed/closures/inference.coma index 05b239343d..a7be20ae85 100644 --- a/tests/should_succeed/closures/inference.coma +++ b/tests/should_succeed/closures/inference.coma @@ -76,10 +76,10 @@ module M_call_with_one [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 - | s2 = [ &_5 <- (1: Int32.t) ] s3 - | s3 = call_F {f} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) + | s2 = [ &_7 <- (1: Int32.t) ] s3 + | s3 = call_F {f} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) | s4 = bb2 ] - | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _5: Int32.t = Any.any_l () ]) + | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_with_one ensures] postcondition_F f (1: Int32.t) result} (! return {result}) ] end @@ -151,16 +151,16 @@ module M_call_with_one_mut [ s0 = {inv_F f.current} MutBorrow.borrow_final {f.current} {MutBorrow.get_id f} (fun (_ret: MutBorrow.t t_F) -> - [ &_4 <- _ret ] -{inv_F _ret.final}- + [ &_6 <- _ret ] -{inv_F _ret.final}- [ &f <- { f with current = _ret.final } ] s1) - | s1 = [ &_5 <- (1: Int32.t) ] s2 - | s2 = call_mut_F {_4} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) + | s1 = [ &_7 <- (1: Int32.t) ] s2 + | s2 = call_mut_F {_6} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_F f} s1 | s1 = -{resolve_ref_F f}- s2 | s2 = return {_0} ] ] [ & _0: Int32.t = Any.any_l () | & f: MutBorrow.t t_F = f - | & _4: MutBorrow.t t_F = Any.any_l () - | & _5: Int32.t = Any.any_l () ]) + | & _6: MutBorrow.t t_F = Any.any_l () + | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_with_one_mut ensures] postcondition_mut_F f.current (1: Int32.t) f.final result} (! return {result}) ] @@ -190,10 +190,10 @@ module M_call_with_one_once {[@expl:call_with_one_once requires] precondition_F f (1: Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- (1: Int32.t) ] s1 - | s1 = call_once_F {f} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + [ s0 = [ &_7 <- (1: Int32.t) ] s1 + | s1 = call_once_F {f} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] - | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _5: Int32.t = Any.any_l () ]) + | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:call_with_one_once ensures] postcondition_once_F f (1: Int32.t) result} (! return {result}) ] end diff --git a/tests/should_succeed/duration.coma b/tests/should_succeed/duration.coma index 99ffdf41d9..6884bd7ac9 100644 --- a/tests/should_succeed/duration.coma +++ b/tests/should_succeed/duration.coma @@ -257,10 +257,10 @@ module M_test_duration [ bb0 = s0 [ s0 = new {(0: UInt64.t)} {(0: UInt32.t)} (fun (_ret: t_Duration) -> [ &zero <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] view_Duration zero = 0} s1 - | s1 = as_nanos {zero} (fun (_ret: UInt128.t) -> [ &_6 <- _ret ] s2) + | s1 = as_nanos {zero} (fun (_ret: UInt128.t) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = [ &_5 <- _6 = (0: UInt128.t) ] s1 | s1 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb3) ] ] + [ s0 = [ &_6 <- _7 = (0: UInt128.t) ] s1 | s1 = any [ br0 -> {_6 = false} (! bb4) | br1 -> {_6} (! bb3) ] ] | bb3 = s0 [ s0 = new {const_MAX} {(999999999: UInt32.t)} (fun (_ret: t_Duration) -> [ &max <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = from_secs {(1: UInt64.t)} (fun (_ret: t_Duration) -> [ &d_secs <- _ret ] s1) | s1 = bb6 ] @@ -278,72 +278,72 @@ module M_test_duration | s2 = bb9 ] | bb9 = s0 [ s0 = {[@expl:assertion] view_Duration d_nanos = 1} s1 - | s1 = is_zero {zero} (fun (_ret: bool) -> [ &_23 <- _ret ] s2) + | s1 = is_zero {zero} (fun (_ret: bool) -> [ &_28 <- _ret ] s2) | s2 = bb10 ] - | bb10 = any [ br0 -> {_23 = false} (! bb12) | br1 -> {_23} (! bb11) ] - | bb11 = s0 [ s0 = is_zero {d_secs} (fun (_ret: bool) -> [ &_27 <- _ret ] s1) | s1 = bb13 ] - | bb13 = any [ br0 -> {_27 = false} (! bb15) | br1 -> {_27} (! bb14) ] + | bb10 = any [ br0 -> {_28 = false} (! bb12) | br1 -> {_28} (! bb11) ] + | bb11 = s0 [ s0 = is_zero {d_secs} (fun (_ret: bool) -> [ &_32 <- _ret ] s1) | s1 = bb13 ] + | bb13 = any [ br0 -> {_32 = false} (! bb15) | br1 -> {_32} (! bb14) ] | bb14 = {false} any - | bb15 = s0 [ s0 = as_secs {d_secs} (fun (_ret: UInt64.t) -> [ &_32 <- _ret ] s1) | s1 = bb16 ] + | bb15 = s0 [ s0 = as_secs {d_secs} (fun (_ret: UInt64.t) -> [ &_37 <- _ret ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = [ &_31 <- (1: UInt64.t) = _32 ] s1 | s1 = any [ br0 -> {_31 = false} (! bb18) | br1 -> {_31} (! bb17) ] ] - | bb17 = s0 [ s0 = subsec_millis {d_secs} (fun (_ret: UInt32.t) -> [ &_37 <- _ret ] s1) | s1 = bb19 ] + [ s0 = [ &_36 <- (1: UInt64.t) = _37 ] s1 | s1 = any [ br0 -> {_36 = false} (! bb18) | br1 -> {_36} (! bb17) ] ] + | bb17 = s0 [ s0 = subsec_millis {d_secs} (fun (_ret: UInt32.t) -> [ &_42 <- _ret ] s1) | s1 = bb19 ] | bb19 = s0 - [ s0 = [ &_36 <- (0: UInt32.t) = _37 ] s1 | s1 = any [ br0 -> {_36 = false} (! bb21) | br1 -> {_36} (! bb20) ] ] - | bb20 = s0 [ s0 = subsec_micros {d_secs} (fun (_ret: UInt32.t) -> [ &_42 <- _ret ] s1) | s1 = bb22 ] + [ s0 = [ &_41 <- (0: UInt32.t) = _42 ] s1 | s1 = any [ br0 -> {_41 = false} (! bb21) | br1 -> {_41} (! bb20) ] ] + | bb20 = s0 [ s0 = subsec_micros {d_secs} (fun (_ret: UInt32.t) -> [ &_47 <- _ret ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = [ &_41 <- (0: UInt32.t) = _42 ] s1 | s1 = any [ br0 -> {_41 = false} (! bb24) | br1 -> {_41} (! bb23) ] ] - | bb23 = s0 [ s0 = subsec_nanos {d_secs} (fun (_ret: UInt32.t) -> [ &_47 <- _ret ] s1) | s1 = bb25 ] + [ s0 = [ &_46 <- (0: UInt32.t) = _47 ] s1 | s1 = any [ br0 -> {_46 = false} (! bb24) | br1 -> {_46} (! bb23) ] ] + | bb23 = s0 [ s0 = subsec_nanos {d_secs} (fun (_ret: UInt32.t) -> [ &_52 <- _ret ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = [ &_46 <- (0: UInt32.t) = _47 ] s1 | s1 = any [ br0 -> {_46 = false} (! bb27) | br1 -> {_46} (! bb26) ] ] - | bb26 = s0 [ s0 = subsec_millis {d_millis} (fun (_ret: UInt32.t) -> [ &_53 <- _ret ] s1) | s1 = bb28 ] + [ s0 = [ &_51 <- (0: UInt32.t) = _52 ] s1 | s1 = any [ br0 -> {_51 = false} (! bb27) | br1 -> {_51} (! bb26) ] ] + | bb26 = s0 [ s0 = subsec_millis {d_millis} (fun (_ret: UInt32.t) -> [ &_58 <- _ret ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = UInt128.of_int {UInt32.t'int _53} (fun (_ret_from: UInt128.t) -> [ &_52 <- _ret_from ] s1) - | s1 = as_millis {d_millis} (fun (_ret: UInt128.t) -> [ &_55 <- _ret ] s2) + [ s0 = UInt128.of_int {UInt32.t'int _58} (fun (_ret_from: UInt128.t) -> [ &_57 <- _ret_from ] s1) + | s1 = as_millis {d_millis} (fun (_ret: UInt128.t) -> [ &_60 <- _ret ] s2) | s2 = bb29 ] - | bb29 = s0 [ s0 = [ &_51 <- _52 = _55 ] s1 | s1 = any [ br0 -> {_51 = false} (! bb31) | br1 -> {_51} (! bb30) ] ] - | bb30 = s0 [ s0 = subsec_micros {d_micros} (fun (_ret: UInt32.t) -> [ &_61 <- _ret ] s1) | s1 = bb32 ] + | bb29 = s0 [ s0 = [ &_56 <- _57 = _60 ] s1 | s1 = any [ br0 -> {_56 = false} (! bb31) | br1 -> {_56} (! bb30) ] ] + | bb30 = s0 [ s0 = subsec_micros {d_micros} (fun (_ret: UInt32.t) -> [ &_66 <- _ret ] s1) | s1 = bb32 ] | bb32 = s0 - [ s0 = UInt128.of_int {UInt32.t'int _61} (fun (_ret_from: UInt128.t) -> [ &_60 <- _ret_from ] s1) - | s1 = as_micros {d_micros} (fun (_ret: UInt128.t) -> [ &_63 <- _ret ] s2) + [ s0 = UInt128.of_int {UInt32.t'int _66} (fun (_ret_from: UInt128.t) -> [ &_65 <- _ret_from ] s1) + | s1 = as_micros {d_micros} (fun (_ret: UInt128.t) -> [ &_68 <- _ret ] s2) | s2 = bb33 ] - | bb33 = s0 [ s0 = [ &_59 <- _60 = _63 ] s1 | s1 = any [ br0 -> {_59 = false} (! bb35) | br1 -> {_59} (! bb34) ] ] - | bb34 = s0 [ s0 = subsec_nanos {d_nanos} (fun (_ret: UInt32.t) -> [ &_69 <- _ret ] s1) | s1 = bb36 ] + | bb33 = s0 [ s0 = [ &_64 <- _65 = _68 ] s1 | s1 = any [ br0 -> {_64 = false} (! bb35) | br1 -> {_64} (! bb34) ] ] + | bb34 = s0 [ s0 = subsec_nanos {d_nanos} (fun (_ret: UInt32.t) -> [ &_74 <- _ret ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = UInt128.of_int {UInt32.t'int _69} (fun (_ret_from: UInt128.t) -> [ &_68 <- _ret_from ] s1) - | s1 = as_nanos {d_nanos} (fun (_ret: UInt128.t) -> [ &_71 <- _ret ] s2) + [ s0 = UInt128.of_int {UInt32.t'int _74} (fun (_ret_from: UInt128.t) -> [ &_73 <- _ret_from ] s1) + | s1 = as_nanos {d_nanos} (fun (_ret: UInt128.t) -> [ &_76 <- _ret ] s2) | s2 = bb37 ] - | bb37 = s0 [ s0 = [ &_67 <- _68 = _71 ] s1 | s1 = any [ br0 -> {_67 = false} (! bb39) | br1 -> {_67} (! bb38) ] ] - | bb38 = s0 [ s0 = checked_add {d_secs} {max} (fun (_ret: t_Option_Duration) -> [ &_77 <- _ret ] s1) | s1 = bb40 ] - | bb40 = s0 [ s0 = is_none_Duration {_77} (fun (_ret: bool) -> [ &_75 <- _ret ] s1) | s1 = bb41 ] - | bb41 = any [ br0 -> {_75 = false} (! bb43) | br1 -> {_75} (! bb42) ] + | bb37 = s0 [ s0 = [ &_72 <- _73 = _76 ] s1 | s1 = any [ br0 -> {_72 = false} (! bb39) | br1 -> {_72} (! bb38) ] ] + | bb38 = s0 [ s0 = checked_add {d_secs} {max} (fun (_ret: t_Option_Duration) -> [ &_82 <- _ret ] s1) | s1 = bb40 ] + | bb40 = s0 [ s0 = is_none_Duration {_82} (fun (_ret: bool) -> [ &_80 <- _ret ] s1) | s1 = bb41 ] + | bb41 = any [ br0 -> {_80 = false} (! bb43) | br1 -> {_80} (! bb42) ] | bb42 = s0 - [ s0 = checked_add {d_secs} {d_secs} (fun (_ret: t_Option_Duration) -> [ &_84 <- _ret ] s1) | s1 = bb44 ] - | bb44 = s0 [ s0 = is_some_Duration {_84} (fun (_ret: bool) -> [ &_82 <- _ret ] s1) | s1 = bb45 ] - | bb45 = any [ br0 -> {_82 = false} (! bb47) | br1 -> {_82} (! bb46) ] - | bb46 = s0 [ s0 = checked_sub {d_secs} {max} (fun (_ret: t_Option_Duration) -> [ &_91 <- _ret ] s1) | s1 = bb48 ] - | bb48 = s0 [ s0 = is_none_Duration {_91} (fun (_ret: bool) -> [ &_89 <- _ret ] s1) | s1 = bb49 ] - | bb49 = any [ br0 -> {_89 = false} (! bb51) | br1 -> {_89} (! bb50) ] + [ s0 = checked_add {d_secs} {d_secs} (fun (_ret: t_Option_Duration) -> [ &_89 <- _ret ] s1) | s1 = bb44 ] + | bb44 = s0 [ s0 = is_some_Duration {_89} (fun (_ret: bool) -> [ &_87 <- _ret ] s1) | s1 = bb45 ] + | bb45 = any [ br0 -> {_87 = false} (! bb47) | br1 -> {_87} (! bb46) ] + | bb46 = s0 [ s0 = checked_sub {d_secs} {max} (fun (_ret: t_Option_Duration) -> [ &_96 <- _ret ] s1) | s1 = bb48 ] + | bb48 = s0 [ s0 = is_none_Duration {_96} (fun (_ret: bool) -> [ &_94 <- _ret ] s1) | s1 = bb49 ] + | bb49 = any [ br0 -> {_94 = false} (! bb51) | br1 -> {_94} (! bb50) ] | bb50 = s0 - [ s0 = checked_sub {d_secs} {d_millis} (fun (_ret: t_Option_Duration) -> [ &_98 <- _ret ] s1) | s1 = bb52 ] - | bb52 = s0 [ s0 = is_some_Duration {_98} (fun (_ret: bool) -> [ &_96 <- _ret ] s1) | s1 = bb53 ] - | bb53 = any [ br0 -> {_96 = false} (! bb55) | br1 -> {_96} (! bb54) ] + [ s0 = checked_sub {d_secs} {d_millis} (fun (_ret: t_Option_Duration) -> [ &_103 <- _ret ] s1) | s1 = bb52 ] + | bb52 = s0 [ s0 = is_some_Duration {_103} (fun (_ret: bool) -> [ &_101 <- _ret ] s1) | s1 = bb53 ] + | bb53 = any [ br0 -> {_101 = false} (! bb55) | br1 -> {_101} (! bb54) ] | bb54 = s0 - [ s0 = checked_mul {max} {(2: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_105 <- _ret ] s1) | s1 = bb56 ] - | bb56 = s0 [ s0 = is_none_Duration {_105} (fun (_ret: bool) -> [ &_103 <- _ret ] s1) | s1 = bb57 ] - | bb57 = any [ br0 -> {_103 = false} (! bb59) | br1 -> {_103} (! bb58) ] + [ s0 = checked_mul {max} {(2: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_110 <- _ret ] s1) | s1 = bb56 ] + | bb56 = s0 [ s0 = is_none_Duration {_110} (fun (_ret: bool) -> [ &_108 <- _ret ] s1) | s1 = bb57 ] + | bb57 = any [ br0 -> {_108 = false} (! bb59) | br1 -> {_108} (! bb58) ] | bb58 = s0 - [ s0 = checked_mul {d_secs} {(10: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_111 <- _ret ] s1) | s1 = bb60 ] - | bb60 = s0 [ s0 = is_some_Duration {_111} (fun (_ret: bool) -> [ &_109 <- _ret ] s1) | s1 = bb61 ] - | bb61 = any [ br0 -> {_109 = false} (! bb63) | br1 -> {_109} (! bb62) ] + [ s0 = checked_mul {d_secs} {(10: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_116 <- _ret ] s1) | s1 = bb60 ] + | bb60 = s0 [ s0 = is_some_Duration {_116} (fun (_ret: bool) -> [ &_114 <- _ret ] s1) | s1 = bb61 ] + | bb61 = any [ br0 -> {_114 = false} (! bb63) | br1 -> {_114} (! bb62) ] | bb62 = s0 - [ s0 = checked_div {d_secs} {(0: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_117 <- _ret ] s1) | s1 = bb64 ] - | bb64 = s0 [ s0 = is_none_Duration {_117} (fun (_ret: bool) -> [ &_115 <- _ret ] s1) | s1 = bb65 ] - | bb65 = any [ br0 -> {_115 = false} (! bb67) | br1 -> {_115} (! bb66) ] + [ s0 = checked_div {d_secs} {(0: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_122 <- _ret ] s1) | s1 = bb64 ] + | bb64 = s0 [ s0 = is_none_Duration {_122} (fun (_ret: bool) -> [ &_120 <- _ret ] s1) | s1 = bb65 ] + | bb65 = any [ br0 -> {_120 = false} (! bb67) | br1 -> {_120} (! bb66) ] | bb66 = s0 - [ s0 = checked_div {d_secs} {(10: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_123 <- _ret ] s1) | s1 = bb68 ] - | bb68 = s0 [ s0 = is_some_Duration {_123} (fun (_ret: bool) -> [ &_121 <- _ret ] s1) | s1 = bb69 ] - | bb69 = any [ br0 -> {_121 = false} (! bb71) | br1 -> {_121} (! bb70) ] + [ s0 = checked_div {d_secs} {(10: UInt32.t)} (fun (_ret: t_Option_Duration) -> [ &_128 <- _ret ] s1) | s1 = bb68 ] + | bb68 = s0 [ s0 = is_some_Duration {_128} (fun (_ret: bool) -> [ &_126 <- _ret ] s1) | s1 = bb69 ] + | bb69 = any [ br0 -> {_126 = false} (! bb71) | br1 -> {_126} (! bb70) ] | bb70 = s0 [ s0 = add_Duration {d_millis} {d_micros} (fun (_ret: t_Duration) -> [ &sum <- _ret ] s1) | s1 = bb72 ] | bb72 = s0 [ s0 = sub_Duration {d_millis} {d_micros} (fun (_ret: t_Duration) -> [ &difference <- _ret ] s1) | s1 = bb73 ] @@ -370,51 +370,51 @@ module M_test_duration | bb4 = {false} any ] [ & _0: () = Any.any_l () | & zero: t_Duration = Any.any_l () - | & _5: bool = Any.any_l () - | & _6: UInt128.t = Any.any_l () + | & _6: bool = Any.any_l () + | & _7: UInt128.t = Any.any_l () | & max: t_Duration = Any.any_l () | & d_secs: t_Duration = Any.any_l () | & d_millis: t_Duration = Any.any_l () | & d_micros: t_Duration = Any.any_l () | & d_nanos: t_Duration = Any.any_l () - | & _23: bool = Any.any_l () - | & _27: bool = Any.any_l () - | & _31: bool = Any.any_l () - | & _32: UInt64.t = Any.any_l () + | & _28: bool = Any.any_l () + | & _32: bool = Any.any_l () | & _36: bool = Any.any_l () - | & _37: UInt32.t = Any.any_l () + | & _37: UInt64.t = Any.any_l () | & _41: bool = Any.any_l () | & _42: UInt32.t = Any.any_l () | & _46: bool = Any.any_l () | & _47: UInt32.t = Any.any_l () | & _51: bool = Any.any_l () - | & _52: UInt128.t = Any.any_l () - | & _53: UInt32.t = Any.any_l () - | & _55: UInt128.t = Any.any_l () - | & _59: bool = Any.any_l () + | & _52: UInt32.t = Any.any_l () + | & _56: bool = Any.any_l () + | & _57: UInt128.t = Any.any_l () + | & _58: UInt32.t = Any.any_l () | & _60: UInt128.t = Any.any_l () - | & _61: UInt32.t = Any.any_l () - | & _63: UInt128.t = Any.any_l () - | & _67: bool = Any.any_l () + | & _64: bool = Any.any_l () + | & _65: UInt128.t = Any.any_l () + | & _66: UInt32.t = Any.any_l () | & _68: UInt128.t = Any.any_l () - | & _69: UInt32.t = Any.any_l () - | & _71: UInt128.t = Any.any_l () - | & _75: bool = Any.any_l () - | & _77: t_Option_Duration = Any.any_l () - | & _82: bool = Any.any_l () - | & _84: t_Option_Duration = Any.any_l () - | & _89: bool = Any.any_l () - | & _91: t_Option_Duration = Any.any_l () - | & _96: bool = Any.any_l () - | & _98: t_Option_Duration = Any.any_l () - | & _103: bool = Any.any_l () - | & _105: t_Option_Duration = Any.any_l () - | & _109: bool = Any.any_l () - | & _111: t_Option_Duration = Any.any_l () - | & _115: bool = Any.any_l () - | & _117: t_Option_Duration = Any.any_l () - | & _121: bool = Any.any_l () - | & _123: t_Option_Duration = Any.any_l () + | & _72: bool = Any.any_l () + | & _73: UInt128.t = Any.any_l () + | & _74: UInt32.t = Any.any_l () + | & _76: UInt128.t = Any.any_l () + | & _80: bool = Any.any_l () + | & _82: t_Option_Duration = Any.any_l () + | & _87: bool = Any.any_l () + | & _89: t_Option_Duration = Any.any_l () + | & _94: bool = Any.any_l () + | & _96: t_Option_Duration = Any.any_l () + | & _101: bool = Any.any_l () + | & _103: t_Option_Duration = Any.any_l () + | & _108: bool = Any.any_l () + | & _110: t_Option_Duration = Any.any_l () + | & _114: bool = Any.any_l () + | & _116: t_Option_Duration = Any.any_l () + | & _120: bool = Any.any_l () + | & _122: t_Option_Duration = Any.any_l () + | & _126: bool = Any.any_l () + | & _128: t_Option_Duration = Any.any_l () | & sum: t_Duration = Any.any_l () | & difference: t_Duration = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/filter_positive.coma b/tests/should_succeed/filter_positive.coma index 2531349523..3592402492 100644 --- a/tests/should_succeed/filter_positive.coma +++ b/tests/should_succeed/filter_positive.coma @@ -195,13 +195,13 @@ module M_m {[@expl:loop invariant #2] UInt64.t'int count = num_of_pos 0 (UInt64.t'int i) (view_Vec_i32_Global t)} (! s0) [ s0 = bb2 ] - [ bb2 = s0 [ s0 = len_i32 {t} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s1) | s1 = bb3 ] + [ bb2 = s0 [ s0 = len_i32 {t} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &_11 <- UInt64.lt i _13 ] s1 | s1 = any [ br0 -> {_11 = false} (! bb9) | br1 -> {_11} (! bb4) ] ] - | bb4 = s0 [ s0 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_18 <- _ret ] s1) | s1 = bb5 ] + [ s0 = [ &_18 <- UInt64.lt i _20 ] s1 | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb4) ] ] + | bb4 = s0 [ s0 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_25 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = [ &_16 <- Int32.gt _18 (0: Int32.t) ] s1 - | s1 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb6) ] ] + [ s0 = [ &_23 <- Int32.gt _25 (0: Int32.t) ] s1 + | s1 = any [ br0 -> {_23 = false} (! bb8) | br1 -> {_23} (! bb6) ] ] | bb6 = s0 [ s0 = UInt64.add {count} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &count <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb1 ] ] ] @@ -214,13 +214,13 @@ module M_m = num_of_pos 0 (Seq.length (view_Vec_i32_Global t)) (view_Vec_i32_Global t)} (! s0) [ s0 = bb12 ] - [ bb12 = s0 [ s0 = len_i32 {t} (fun (_ret: UInt64.t) -> [ &_30 <- _ret ] s1) | s1 = bb13 ] + [ bb12 = s0 [ s0 = len_i32 {t} (fun (_ret: UInt64.t) -> [ &_42 <- _ret ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = [ &_28 <- UInt64.lt i _30 ] s1 | s1 = any [ br0 -> {_28 = false} (! bb21) | br1 -> {_28} (! bb14) ] ] - | bb14 = s0 [ s0 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_35 <- _ret ] s1) | s1 = bb15 ] + [ s0 = [ &_40 <- UInt64.lt i _42 ] s1 | s1 = any [ br0 -> {_40 = false} (! bb21) | br1 -> {_40} (! bb14) ] ] + | bb14 = s0 [ s0 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_47 <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = [ &_33 <- Int32.gt _35 (0: Int32.t) ] s1 - | s1 = any [ br0 -> {_33 = false} (! bb20) | br1 -> {_33} (! bb16) ] ] + [ s0 = [ &_45 <- Int32.gt _47 (0: Int32.t) ] s1 + | s1 = any [ br0 -> {_45 = false} (! bb20) | br1 -> {_45} (! bb16) ] ] | bb16 = s0 [ s0 = {[@expl:assertion] let _ = lemma_num_of_pos_strictly_increasing (UInt64.t'int i) (view_Vec_i32_Global u) in num_of_pos 0 (UInt64.t'int i) (view_Vec_i32_Global t) @@ -230,16 +230,16 @@ module M_m + 1) (Seq.length (view_Vec_i32_Global t)) (view_Vec_i32_Global t) in UInt64.t'int count < Seq.length (view_Vec_i32_Global u)} s2 - | s2 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_43 <- _ret ] s3) + | s2 = index_Vec_i32_Global {t} {i} (fun (_ret: Int32.t) -> [ &_62 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 [ s0 = MutBorrow.borrow_mut {u} - (fun (_ret: MutBorrow.t t_Vec_i32_Global) -> [ &_47 <- _ret ] [ &u <- _ret.final ] s1) - | s1 = index_mut_Vec_i32_Global {_47} {count} (fun (_ret: MutBorrow.t Int32.t) -> [ &_46 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_i32_Global) -> [ &_66 <- _ret ] [ &u <- _ret.final ] s1) + | s1 = index_mut_Vec_i32_Global {_66} {count} (fun (_ret: MutBorrow.t Int32.t) -> [ &_65 <- _ret ] s2) | s2 = bb18 ] | bb18 = s0 - [ s0 = [ &_46 <- { _46 with current = _43 } ] s1 - | s1 = -{resolve_ref_i32 _46}- s2 + [ s0 = [ &_65 <- { _65 with current = _62 } ] s1 + | s1 = -{resolve_ref_i32 _65}- s2 | s2 = UInt64.add {count} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &count <- _ret ] s3) | s3 = bb20 ] | bb20 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb11 ] ] ] @@ -249,16 +249,16 @@ module M_m | & t: t_Vec_i32_Global = t | & count: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () - | & _13: UInt64.t = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: Int32.t = Any.any_l () + | & _18: bool = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _23: bool = Any.any_l () + | & _25: Int32.t = Any.any_l () | & u: t_Vec_i32_Global = Any.any_l () - | & _28: bool = Any.any_l () - | & _30: UInt64.t = Any.any_l () - | & _33: bool = Any.any_l () - | & _35: Int32.t = Any.any_l () - | & _43: Int32.t = Any.any_l () - | & _46: MutBorrow.t Int32.t = Any.any_l () - | & _47: MutBorrow.t t_Vec_i32_Global = Any.any_l () ]) [ return (result: t_Vec_i32_Global) -> (! return {result}) ] + | & _40: bool = Any.any_l () + | & _42: UInt64.t = Any.any_l () + | & _45: bool = Any.any_l () + | & _47: Int32.t = Any.any_l () + | & _62: Int32.t = Any.any_l () + | & _65: MutBorrow.t Int32.t = Any.any_l () + | & _66: MutBorrow.t t_Vec_i32_Global = Any.any_l () ]) [ return (result: t_Vec_i32_Global) -> (! return {result}) ] end diff --git a/tests/should_succeed/fmap_indexing.coma b/tests/should_succeed/fmap_indexing.coma index 25d7d8803b..9805bc5d29 100644 --- a/tests/should_succeed/fmap_indexing.coma +++ b/tests/should_succeed/fmap_indexing.coma @@ -68,20 +68,20 @@ module M_foo | bb2 = s0 [ s0 = [ &map <- _3 ] s1 | s1 = {[@expl:assertion] index_FMap_Int_Int map 1 = 3} s2 - | s2 = [ &_7 <- insert_Int map 2 42 ] s3 + | s2 = [ &_9 <- insert_Int map 2 42 ] s3 | s3 = bb3 ] | bb3 = s0 - [ s0 = [ &map <- _7 ] s1 + [ s0 = [ &map <- _9 ] s1 | s1 = {[@expl:assertion] index_FMap_Int_Int map 1 = 3 /\ index_FMap_Int_Int map 2 = 42} s2 - | s2 = [ &_11 <- insert_Int map 1 4 ] s3 + | s2 = [ &_15 <- insert_Int map 1 4 ] s3 | s3 = bb4 ] | bb4 = s0 - [ s0 = [ &map <- _11 ] s1 + [ s0 = [ &map <- _15 ] s1 | s1 = {[@expl:assertion] index_FMap_Int_Int map 1 = 4 /\ index_FMap_Int_Int map 2 = 42} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & map: t_FMap_Int_Int = Any.any_l () | & _3: t_FMap_Int_Int = Any.any_l () - | & _7: t_FMap_Int_Int = Any.any_l () - | & _11: t_FMap_Int_Int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: t_FMap_Int_Int = Any.any_l () + | & _15: t_FMap_Int_Int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/fn_ghost.coma b/tests/should_succeed/fn_ghost.coma index 97d493a821..42f3ed5566 100644 --- a/tests/should_succeed/fn_ghost.coma +++ b/tests/should_succeed/fn_ghost.coma @@ -284,10 +284,10 @@ module M_takes_ghost_fn [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 - | s2 = [ &_5 <- (1: Int32.t) ] s3 - | s3 = call_F {f} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) + | s2 = [ &_7 <- (1: Int32.t) ] s3 + | s3 = call_F {f} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s4) | s4 = bb2 ] - | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _5: Int32.t = Any.any_l () ]) + | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:takes_ghost_fn ensures] postcondition_F f (1: Int32.t) result} (! return {result}) ] end @@ -353,16 +353,16 @@ module M_takes_ghost_fnmut [ bb0 = s0 [ s0 = {inv_F f} MutBorrow.borrow_mut {f} - (fun (_ret: MutBorrow.t t_F) -> [ &_4 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) - | s1 = [ &_5 <- (1: Int32.t) ] s2 - | s2 = call_mut_F {_4} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_F) -> [ &_6 <- _ret ] -{inv_F _ret.final}- [ &f <- _ret.final ] s1) + | s1 = [ &_7 <- (1: Int32.t) ] s2 + | s2 = call_mut_F {_6} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_F f} s1 | s1 = -{resolve_F f}- s2 | s2 = bb2 ] | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f - | & _4: MutBorrow.t t_F = Any.any_l () - | & _5: Int32.t = Any.any_l () ]) + | & _6: MutBorrow.t t_F = Any.any_l () + | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:takes_ghost_fnmut ensures] exists f2: t_F. postcondition_mut_F f (1: Int32.t) f2 result} (! return {result}) ] @@ -392,10 +392,10 @@ module M_takes_ghost_fnonce {[@expl:takes_ghost_fnonce requires] precondition_F f (1: Int32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- (1: Int32.t) ] s1 - | s1 = call_once_F {f} {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) + [ s0 = [ &_7 <- (1: Int32.t) ] s1 + | s1 = call_once_F {f} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] - | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _5: Int32.t = Any.any_l () ]) + | bb2 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & f: t_F = f | & _7: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:takes_ghost_fnonce ensures] postcondition_once_F f (1: Int32.t) result} (! return {result}) ] end diff --git a/tests/should_succeed/generic_deref.coma b/tests/should_succeed/generic_deref.coma index 312fefd94c..ceafe82600 100644 --- a/tests/should_succeed/generic_deref.coma +++ b/tests/should_succeed/generic_deref.coma @@ -101,9 +101,9 @@ module M_deref_wrap let rec deref_wrap_T (x: t_T) (return (x'0: t_Target)) = {[@expl:deref_wrap 'x' type invariant] inv_ref_T x} {[@expl:deref_wrap requires] precondition_deref () x} (! bb0 - [ bb0 = s0 [ s0 = [ &_6 <- x ] s1 | s1 = deref_T {_6} (fun (_ret: t_Target) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _4 ] s1 | s1 = return {_0} ] ] - [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _4: t_Target = Any.any_l () | & _6: t_T = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_8 <- x ] s1 | s1 = deref_T {_8} (fun (_ret: t_Target) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- _6 ] s1 | s1 = return {_0} ] ] + [ & _0: t_Target = Any.any_l () | & x: t_T = x | & _6: t_Target = Any.any_l () | & _8: t_T = Any.any_l () ]) [ return (result: t_Target) -> {[@expl:deref_wrap result type invariant] inv_ref_Target result} {[@expl:deref_wrap ensures] postcondition_deref () x result} (! return {result}) ] @@ -230,25 +230,25 @@ module M_deref_mut_wrap [ s0 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = {inv_T _7.current} - MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + | s1 = {inv_T _9.current} + MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- - [ &_7 <- { _7 with current = _ret.final } ] s2) - | s2 = deref_mut_T {_6} (fun (_ret: MutBorrow.t t_Target) -> [ &_5 <- _ret ] s3) + [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = deref_mut_T {_8} (fun (_ret: MutBorrow.t t_Target) -> [ &_7 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = {inv_Target _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + [ s0 = {inv_Target _7.current} + MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} (fun (_ret: MutBorrow.t t_Target) -> [ &_2 <- _ret ] -{inv_Target _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _7} s2 - | s2 = -{resolve_ref_T _7}- s3 - | s3 = {[@expl:type invariant] inv_ref_Target _5} s4 - | s4 = -{resolve_ref_Target _5}- s5 + [ &_7 <- { _7 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _9} s2 + | s2 = -{resolve_ref_T _9}- s3 + | s3 = {[@expl:type invariant] inv_ref_Target _7} s4 + | s4 = -{resolve_ref_Target _7}- s5 | s5 = {inv_Target _2.current} MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t t_Target) -> @@ -262,9 +262,9 @@ module M_deref_mut_wrap [ & _0: MutBorrow.t t_Target = Any.any_l () | & x: MutBorrow.t t_T = x | & _2: MutBorrow.t t_Target = Any.any_l () - | & _5: MutBorrow.t t_Target = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) + | & _7: MutBorrow.t t_Target = Any.any_l () + | & _8: MutBorrow.t t_T = Any.any_l () + | & _9: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_Target) -> {[@expl:deref_mut_wrap result type invariant] inv_ref_Target result} {[@expl:deref_mut_wrap ensures] postcondition_deref_mut () x result} (! return {result}) ] diff --git a/tests/should_succeed/ghost/fmap_iter.coma b/tests/should_succeed/ghost/fmap_iter.coma index fd878bb7d2..570dd2155d 100644 --- a/tests/should_succeed/ghost/fmap_iter.coma +++ b/tests/should_succeed/ghost/fmap_iter.coma @@ -265,12 +265,12 @@ module M_complicated_identity let rec complicated_identity_K (m: t_FMap_K_V) (return (x: t_FMap_K_V)) = {[@expl:complicated_identity 'm' type invariant] inv_Ghost_FMap_K_V m} (! bb0 - [ bb0 = s0 [ s0 = new_K (fun (_ret: t_FMap_K_V) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = into_inner_FMap_K_V {_5} (fun (_ret: t_FMap_K_V) -> [ &result <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = new_K (fun (_ret: t_FMap_K_V) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = into_inner_FMap_K_V {_6} (fun (_ret: t_FMap_K_V) -> [ &result <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &len <- len_K m ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &m_snap <- m ] s1 | s1 = bb4 ] - | bb4 = s0 [ s0 = into_inner_FMap_K_V {m} (fun (_ret: t_FMap_K_V) -> [ &_12 <- _ret ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = into_iter_FMap_K_V {_12} (fun (_ret: t_FMapIter_K_V) -> [ &iter <- _ret ] s1) | s1 = bb6 ] + | bb4 = s0 [ s0 = into_inner_FMap_K_V {m} (fun (_ret: t_FMap_K_V) -> [ &_15 <- _ret ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = into_iter_FMap_K_V {_15} (fun (_ret: t_FMapIter_K_V) -> [ &iter <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb7 ] | bb7 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq tup2_K_V ] s1 | s1 = bb9 ] | bb9 = bb9invariant @@ -286,35 +286,35 @@ module M_complicated_identity [ s0 = {inv_FMapIter_K_V iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_FMapIter_K_V) -> - [ &_27 <- _ret ] -{inv_FMapIter_K_V _ret.final}- + [ &_41 <- _ret ] -{inv_FMapIter_K_V _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_FMapIter_K_V _27.current} - MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} + | s1 = {inv_FMapIter_K_V _41.current} + MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_FMapIter_K_V) -> - [ &_26 <- _ret ] -{inv_FMapIter_K_V _ret.final}- - [ &_27 <- { _27 with current = _ret.final } ] s2) - | s2 = next_FMapIter_K_V {_26} (fun (_ret: t_Option_tup2_K_V) -> [ &_25 <- _ret ] s3) + [ &_40 <- _ret ] -{inv_FMapIter_K_V _ret.final}- + [ &_41 <- { _41 with current = _ret.final } ] s2) + | s2 = next_FMapIter_K_V {_40} (fun (_ret: t_Option_tup2_K_V) -> [ &_39 <- _ret ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = {[@expl:type invariant] inv_ref_FMapIter_K_V _27} s1 - | s1 = -{resolve_ref_FMapIter_K_V _27}- s2 - | s2 = any [ br0 -> {_25 = None'0} (! bb14) | br1 (x0: tup2_K_V) -> {_25 = Some'0 x0} (! bb15) ] ] + [ s0 = {[@expl:type invariant] inv_ref_FMapIter_K_V _41} s1 + | s1 = -{resolve_ref_FMapIter_K_V _41}- s2 + | s2 = any [ br0 -> {_39 = None'0} (! bb14) | br1 (x0: tup2_K_V) -> {_39 = Some'0 x0} (! bb15) ] ] | bb15 = s0 - [ s0 = elim_Some {_25} (fun (r0: tup2_K_V) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_30 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_39} (fun (r0: tup2_K_V) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_44 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &produced <- _30 ] s1 + [ s0 = [ &produced <- _44 ] s1 | s1 = [ &k <- __creusot_proc_iter_elem.f0 ] s2 | s2 = [ &v <- __creusot_proc_iter_elem.f1 ] s3 | s3 = {inv_FMap_K_V result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t t_FMap_K_V) -> - [ &_35 <- _ret ] -{inv_FMap_K_V _ret.final}- + [ &_51 <- _ret ] -{inv_FMap_K_V _ret.final}- [ &result <- _ret.final ] s4) - | s4 = insert_ghost_K {_35} {k} {v} (fun (_ret: t_Option_V) -> [ &_34 <- _ret ] s5) - | s5 = {[@expl:type invariant] inv_Option_V _34} s6 - | s6 = -{resolve_Option_V _34}- s7 + | s4 = insert_ghost_K {_51} {k} {v} (fun (_ret: t_Option_V) -> [ &_50 <- _ret ] s5) + | s5 = {[@expl:type invariant] inv_Option_V _50} s6 + | s6 = -{resolve_Option_V _50}- s7 | s7 = bb9 ] ] ] | bb14 = s0 [ s0 = {[@expl:type invariant] inv_FMapIter_K_V iter} s1 | s1 = -{resolve_FMapIter_K_V'0 iter}- s2 | s2 = bb23 ] @@ -326,22 +326,22 @@ module M_complicated_identity [ & _0: t_FMap_K_V = Any.any_l () | & m: t_FMap_K_V = m | & result: t_FMap_K_V = Any.any_l () - | & _5: t_FMap_K_V = Any.any_l () + | & _6: t_FMap_K_V = Any.any_l () | & len: int = Any.any_l () | & m_snap: t_FMap_K_V = Any.any_l () | & iter: t_FMapIter_K_V = Any.any_l () - | & _12: t_FMap_K_V = Any.any_l () + | & _15: t_FMap_K_V = Any.any_l () | & iter_old: t_FMapIter_K_V = Any.any_l () | & produced: Seq.seq tup2_K_V = Any.any_l () - | & _25: t_Option_tup2_K_V = Any.any_l () - | & _26: MutBorrow.t t_FMapIter_K_V = Any.any_l () - | & _27: MutBorrow.t t_FMapIter_K_V = Any.any_l () + | & _39: t_Option_tup2_K_V = Any.any_l () + | & _40: MutBorrow.t t_FMapIter_K_V = Any.any_l () + | & _41: MutBorrow.t t_FMapIter_K_V = Any.any_l () | & __creusot_proc_iter_elem: tup2_K_V = Any.any_l () - | & _30: Seq.seq tup2_K_V = Any.any_l () + | & _44: Seq.seq tup2_K_V = Any.any_l () | & k: t_K = Any.any_l () | & v: t_V = Any.any_l () - | & _34: t_Option_V = Any.any_l () - | & _35: MutBorrow.t t_FMap_K_V = Any.any_l () + | & _50: t_Option_V = Any.any_l () + | & _51: MutBorrow.t t_FMap_K_V = Any.any_l () | & variant_old_bb9: int = Any.any_l () ]) [ return (result: t_FMap_K_V) -> {[@expl:complicated_identity result type invariant] inv_Ghost_FMap_K_V result} {[@expl:complicated_identity ensures] result = m} @@ -635,8 +635,8 @@ module M_merge_fmaps [ bb0 = s0 [ s0 = [ &merge <- merge_K m1 m2 (fun (__0: tup2_V_V) -> let {f0 = v1} = __0 in v1) ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = into_inner_FMap_K_V {m2} (fun (_ret: t_FMap_K_V) -> [ &result <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &len <- len_K m1 ] s1 | s1 = bb3 ] - | bb3 = s0 [ s0 = into_inner_FMap_K_V {m1} (fun (_ret: t_FMap_K_V) -> [ &_13 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = into_iter_FMap_K_V {_13} (fun (_ret: t_FMapIter_K_V) -> [ &iter <- _ret ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = into_inner_FMap_K_V {m1} (fun (_ret: t_FMap_K_V) -> [ &_18 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = into_iter_FMap_K_V {_18} (fun (_ret: t_FMapIter_K_V) -> [ &iter <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq tup2_K_V ] s1 | s1 = bb8 ] | bb8 = bb8invariant @@ -652,35 +652,35 @@ module M_merge_fmaps [ s0 = {inv_FMapIter_K_V iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_FMapIter_K_V) -> - [ &_29 <- _ret ] -{inv_FMapIter_K_V _ret.final}- + [ &_46 <- _ret ] -{inv_FMapIter_K_V _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_FMapIter_K_V _29.current} - MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} + | s1 = {inv_FMapIter_K_V _46.current} + MutBorrow.borrow_final {_46.current} {MutBorrow.get_id _46} (fun (_ret: MutBorrow.t t_FMapIter_K_V) -> - [ &_28 <- _ret ] -{inv_FMapIter_K_V _ret.final}- - [ &_29 <- { _29 with current = _ret.final } ] s2) - | s2 = next_FMapIter_K_V {_28} (fun (_ret: t_Option_tup2_K_V) -> [ &_27 <- _ret ] s3) + [ &_45 <- _ret ] -{inv_FMapIter_K_V _ret.final}- + [ &_46 <- { _46 with current = _ret.final } ] s2) + | s2 = next_FMapIter_K_V {_45} (fun (_ret: t_Option_tup2_K_V) -> [ &_44 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv_ref_FMapIter_K_V _29} s1 - | s1 = -{resolve_ref_FMapIter_K_V _29}- s2 - | s2 = any [ br0 -> {_27 = None'0} (! bb13) | br1 (x0: tup2_K_V) -> {_27 = Some'0 x0} (! bb14) ] ] + [ s0 = {[@expl:type invariant] inv_ref_FMapIter_K_V _46} s1 + | s1 = -{resolve_ref_FMapIter_K_V _46}- s2 + | s2 = any [ br0 -> {_44 = None'0} (! bb13) | br1 (x0: tup2_K_V) -> {_44 = Some'0 x0} (! bb14) ] ] | bb14 = s0 - [ s0 = elim_Some {_27} (fun (r0: tup2_K_V) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_32 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_44} (fun (r0: tup2_K_V) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_49 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _32 ] s1 + [ s0 = [ &produced <- _49 ] s1 | s1 = [ &k <- __creusot_proc_iter_elem.f0'1 ] s2 | s2 = [ &v <- __creusot_proc_iter_elem.f1'1 ] s3 | s3 = {inv_FMap_K_V result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t t_FMap_K_V) -> - [ &_37 <- _ret ] -{inv_FMap_K_V _ret.final}- + [ &_56 <- _ret ] -{inv_FMap_K_V _ret.final}- [ &result <- _ret.final ] s4) - | s4 = insert_ghost_K {_37} {k} {v} (fun (_ret: t_Option_V) -> [ &_36 <- _ret ] s5) - | s5 = {[@expl:type invariant] inv_Option_V _36} s6 - | s6 = -{resolve_Option_V _36}- s7 + | s4 = insert_ghost_K {_56} {k} {v} (fun (_ret: t_Option_V) -> [ &_55 <- _ret ] s5) + | s5 = {[@expl:type invariant] inv_Option_V _55} s6 + | s6 = -{resolve_Option_V _55}- s7 | s7 = bb8 ] ] ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_FMapIter_K_V iter} s1 | s1 = -{resolve_FMapIter_K_V'0 iter}- s2 | s2 = bb22 ] @@ -696,18 +696,18 @@ module M_merge_fmaps | & result: t_FMap_K_V = Any.any_l () | & len: int = Any.any_l () | & iter: t_FMapIter_K_V = Any.any_l () - | & _13: t_FMap_K_V = Any.any_l () + | & _18: t_FMap_K_V = Any.any_l () | & iter_old: t_FMapIter_K_V = Any.any_l () | & produced: Seq.seq tup2_K_V = Any.any_l () - | & _27: t_Option_tup2_K_V = Any.any_l () - | & _28: MutBorrow.t t_FMapIter_K_V = Any.any_l () - | & _29: MutBorrow.t t_FMapIter_K_V = Any.any_l () + | & _44: t_Option_tup2_K_V = Any.any_l () + | & _45: MutBorrow.t t_FMapIter_K_V = Any.any_l () + | & _46: MutBorrow.t t_FMapIter_K_V = Any.any_l () | & __creusot_proc_iter_elem: tup2_K_V = Any.any_l () - | & _32: Seq.seq tup2_K_V = Any.any_l () + | & _49: Seq.seq tup2_K_V = Any.any_l () | & k: t_K = Any.any_l () | & v: t_V = Any.any_l () - | & _36: t_Option_V = Any.any_l () - | & _37: MutBorrow.t t_FMap_K_V = Any.any_l () + | & _55: t_Option_V = Any.any_l () + | & _56: MutBorrow.t t_FMap_K_V = Any.any_l () | & variant_old_bb8: int = Any.any_l () ]) [ return (result: t_FMap_K_V) -> {[@expl:merge_fmaps result type invariant] inv_Ghost_FMap_K_V result} {[@expl:merge_fmaps ensures] result = merge_K m1 m2 (fun (__0: tup2_V_V) -> let {f0 = v1} = __0 in v1)} diff --git a/tests/should_succeed/ghost/ghost_let.coma b/tests/should_succeed/ghost/ghost_let.coma index 7d99574e36..2ac4503988 100644 --- a/tests/should_succeed/ghost/ghost_let.coma +++ b/tests/should_succeed/ghost/ghost_let.coma @@ -96,21 +96,21 @@ module M_bar let rec bar (g2: MutBorrow.t Int32.t) (return (x: ())) = (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {g2} - (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_6 <- _ret ] [ &g2 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_i32 {_6} (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_5 <- _ret ] s2) + (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_7 <- _ret ] [ &g2 <- _ret.final ] s1) + | s1 = deref_mut_Ghost_ref_i32 {_7} (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &_5 <- { _5 with current = { _5.current with current = (1: Int32.t) } } ] s1 - | s1 = -{resolve_ref_ref_i32 _5}- s2 + [ s0 = [ &_6 <- { _6 with current = { _6.current with current = (1: Int32.t) } } ] s1 + | s1 = -{resolve_ref_ref_i32 _6}- s2 | s2 = -{resolve_Ghost_ref_i32 g2}- s3 - | s3 = new_unit {_4} (fun (_ret: ()) -> [ &_3 <- _ret ] s4) + | s3 = new_unit {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s4) | s4 = bb2 ] | bb2 = return {_0} ] [ & _0: () = Any.any_l () | & g2: MutBorrow.t Int32.t = g2 - | & _3: () = Any.any_l () | & _4: () = Any.any_l () - | & _5: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () - | & _6: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () ]) + | & _5: () = Any.any_l () + | & _6: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () + | & _7: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () ]) [ return (result: ()) -> {[@expl:bar ensures] g2.final = (1: Int32.t)} (! return {result}) ] end diff --git a/tests/should_succeed/ghost/ghost_map.coma b/tests/should_succeed/ghost/ghost_map.coma index aa74e7883e..4cd65e2aa8 100644 --- a/tests/should_succeed/ghost/ghost_map.coma +++ b/tests/should_succeed/ghost/ghost_map.coma @@ -163,79 +163,79 @@ module M_ghost_map | bb1 = s0 [ s0 = {[@expl:assertion] forall k: Int32.t. not contains_i32 map k} s1 | s1 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_9 <- _ret ] [ &map <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FMap_i32_i32 {_9} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_8 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_10 <- _ret ] [ &map <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FMap_i32_i32 {_10} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_9 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 - [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_7} {(1: Int32.t)} {(21: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_6 <- _ret ] s2) + [ s0 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_8} {(1: Int32.t)} {(21: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_7 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _8}- s1 - | s1 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_12 <- _ret ] s2) + [ s0 = -{resolve_ref_FMap_i32_i32 _9}- s1 + | s1 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_13 <- _ret ] s2) | s2 = bb4 ] - | bb4 = s0 [ s0 = len_ghost_i32 {_12} (fun (_ret: int) -> [ &length1 <- _ret ] s1) | s1 = bb5 ] + | bb4 = s0 [ s0 = len_ghost_i32 {_13} (fun (_ret: int) -> [ &length1 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = {[@expl:assertion] lookup_i32 map (1: Int32.t) = (21: Int32.t)} s1 | s1 = {[@expl:assertion] length1 = 1} s2 | s2 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_22 <- _ret ] [ &map <- _ret.final ] s3) - | s3 = deref_mut_Ghost_FMap_i32_i32 {_22} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_21 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_25 <- _ret ] [ &map <- _ret.final ] s3) + | s3 = deref_mut_Ghost_FMap_i32_i32 {_25} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_24 <- _ret ] s4) | s4 = bb6 ] | bb6 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_162 <- _const ] s1 ] - | s1 = [ &_24 <- _162 ] s2 - | s2 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_20 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s3) - | s3 = get_mut_ghost_i32 {_20} {_24} (fun (_ret: t_Option_ref_i32) -> [ &_19 <- _ret ] s4) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_183 <- _const ] s1 ] + | s1 = [ &_27 <- _183 ] s2 + | s2 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_23 <- _ret ] [ &_24 <- { _24 with current = _ret.final } ] s3) + | s3 = get_mut_ghost_i32 {_23} {_27} (fun (_ret: t_Option_ref_i32) -> [ &_22 <- _ret ] s4) | s4 = bb7 ] - | bb7 = any [ br0 -> {_19 = None'0} (! bb10) | br1 (x0: MutBorrow.t Int32.t) -> {_19 = Some'0 x0} (! bb9) ] + | bb7 = any [ br0 -> {_22 = None'0} (! bb10) | br1 (x0: MutBorrow.t Int32.t) -> {_22 = Some'0 x0} (! bb9) ] | bb10 = s0 - [ s0 = -{match _19 with + [ s0 = -{match _22 with | Some'0 x'1 -> resolve_ref_i32 x'1 | _ -> true end}- s1 - | s1 = -{resolve_ref_FMap_i32_i32 _21}- s2 + | s1 = -{resolve_ref_FMap_i32_i32 _24}- s2 | s2 = bb11 ] | bb9 = s0 - [ s0 = elim_Some {_19} (fun (r0: MutBorrow.t Int32.t) -> [ &x <- r0 ] s1) + [ s0 = elim_Some {_22} (fun (r0: MutBorrow.t Int32.t) -> [ &x <- r0 ] s1) | s1 = [ &x <- { x with current = (43: Int32.t) } ] s2 | s2 = -{resolve_ref_i32 x}- s3 - | s3 = -{resolve_ref_FMap_i32_i32 _21}- s4 + | s3 = -{resolve_ref_FMap_i32_i32 _24}- s4 | s4 = bb11 ] | bb11 = s0 [ s0 = {[@expl:assertion] lookup_i32 map (1: Int32.t) = (43: Int32.t)} s1 | s1 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_33 <- _ret ] [ &map <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FMap_i32_i32 {_33} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_32 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_37 <- _ret ] [ &map <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FMap_i32_i32 {_37} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_36 <- _ret ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_31 <- _ret ] [ &_32 <- { _32 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_31} {(2: Int32.t)} {(50: Int32.t)} + [ s0 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_35} {(2: Int32.t)} {(50: Int32.t)} (fun (_ret: t_Option_i32) -> [ &inserted_none <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _32}- s1 + [ s0 = -{resolve_ref_FMap_i32_i32 _36}- s1 | s1 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_37 <- _ret ] [ &map <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FMap_i32_i32 {_37} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_36 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_41 <- _ret ] [ &map <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FMap_i32_i32 {_41} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_40 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_35} {(2: Int32.t)} {(100: Int32.t)} + [ s0 = MutBorrow.borrow_final {_40.current} {MutBorrow.get_id _40} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_39 <- _ret ] [ &_40 <- { _40 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_39} {(2: Int32.t)} {(100: Int32.t)} (fun (_ret: t_Option_i32) -> [ &inserted_some <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _36}- s1 - | s1 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_40 <- _ret ] s2) + [ s0 = -{resolve_ref_FMap_i32_i32 _40}- s1 + | s1 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_44 <- _ret ] s2) | s2 = bb16 ] - | bb16 = s0 [ s0 = len_ghost_i32 {_40} (fun (_ret: int) -> [ &length2 <- _ret ] s1) | s1 = bb17 ] + | bb16 = s0 [ s0 = len_ghost_i32 {_44} (fun (_ret: int) -> [ &length2 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = {[@expl:assertion] inserted_none = None} s1 | s1 = {[@expl:assertion] inserted_some = Some (50: Int32.t)} s2 @@ -243,141 +243,141 @@ module M_ghost_map | s3 = {[@expl:assertion] lookup_i32 map (2: Int32.t) = (100: Int32.t)} s4 | s4 = {[@expl:assertion] lookup_i32 map (1: Int32.t) = (43: Int32.t)} s5 | s5 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_57 <- _ret ] [ &map <- _ret.final ] s6) - | s6 = deref_mut_Ghost_FMap_i32_i32 {_57} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_56 <- _ret ] s7) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_66 <- _ret ] [ &map <- _ret.final ] s6) + | s6 = deref_mut_Ghost_FMap_i32_i32 {_66} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_65 <- _ret ] s7) | s7 = bb18 ] | bb18 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_161 <- _const ] s1 ] - | s1 = [ &_59 <- _161 ] s2 - | s2 = MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_55 <- _ret ] [ &_56 <- { _56 with current = _ret.final } ] s3) - | s3 = split_mut_ghost_i32 {_55} {_59} (fun (_ret: tup2_ref_i32_ref_FMap_i32_i32) -> [ &_54 <- _ret ] s4) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_182 <- _const ] s1 ] + | s1 = [ &_68 <- _182 ] s2 + | s2 = MutBorrow.borrow_final {_65.current} {MutBorrow.get_id _65} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_64 <- _ret ] [ &_65 <- { _65 with current = _ret.final } ] s3) + | s3 = split_mut_ghost_i32 {_64} {_68} (fun (_ret: tup2_ref_i32_ref_FMap_i32_i32) -> [ &_63 <- _ret ] s4) | s4 = bb19 ] | bb19 = s0 - [ s0 = [ &x'0 <- _54.f0 ] s1 - | s1 = [ &map2 <- _54.f1 ] s2 - | s2 = -{resolve_ref_FMap_i32_i32 _56}- s3 + [ s0 = [ &x'0 <- _63.f0 ] s1 + | s1 = [ &map2 <- _63.f1 ] s2 + | s2 = -{resolve_ref_FMap_i32_i32 _65}- s3 | s3 = [ &x'0 <- { x'0 with current = (42: Int32.t) } ] s4 | s4 = -{resolve_ref_i32 x'0}- s5 | s5 = MutBorrow.borrow_mut {map2.current} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> - [ &_62 <- _ret ] [ &map2 <- { map2 with current = _ret.final } ] s6) - | s6 = insert_ghost_i32 {_62} {(2: Int32.t)} {(200: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_61 <- _ret ] s7) + [ &_71 <- _ret ] [ &map2 <- { map2 with current = _ret.final } ] s6) + | s6 = insert_ghost_i32 {_71} {(2: Int32.t)} {(200: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_70 <- _ret ] s7) | s7 = bb20 ] | bb20 = s0 [ s0 = MutBorrow.borrow_final {map2.current} {MutBorrow.get_id map2} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> - [ &_64 <- _ret ] [ &map2 <- { map2 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_64} {(1: Int32.t)} {(56: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_63 <- _ret ] s2) + [ &_73 <- _ret ] [ &map2 <- { map2 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_73} {(1: Int32.t)} {(56: Int32.t)} (fun (_ret: t_Option_i32) -> [ &_72 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 [ s0 = -{resolve_ref_FMap_i32_i32 map2}- s1 | s1 = {[@expl:assertion] lookup_i32 map (1: Int32.t) = (42: Int32.t)} s2 | s2 = {[@expl:assertion] lookup_i32 map (2: Int32.t) = (200: Int32.t)} s3 | s3 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_72 <- _ret ] [ &map <- _ret.final ] s4) - | s4 = deref_mut_Ghost_FMap_i32_i32 {_72} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_71 <- _ret ] s5) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_83 <- _ret ] [ &map <- _ret.final ] s4) + | s4 = deref_mut_Ghost_FMap_i32_i32 {_83} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_82 <- _ret ] s5) | s5 = bb22 ] | bb22 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (3: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_160 <- _const ] s1 ] - | s1 = [ &_74 <- _160 ] s2 - | s2 = MutBorrow.borrow_final {_71.current} {MutBorrow.get_id _71} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_70 <- _ret ] [ &_71 <- { _71 with current = _ret.final } ] s3) - | s3 = remove_ghost_i32 {_70} {_74} (fun (_ret: t_Option_i32) -> [ &remove_none1 <- _ret ] s4) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_181 <- _const ] s1 ] + | s1 = [ &_85 <- _181 ] s2 + | s2 = MutBorrow.borrow_final {_82.current} {MutBorrow.get_id _82} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_81 <- _ret ] [ &_82 <- { _82 with current = _ret.final } ] s3) + | s3 = remove_ghost_i32 {_81} {_85} (fun (_ret: t_Option_i32) -> [ &remove_none1 <- _ret ] s4) | s4 = bb23 ] | bb23 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _71}- s1 + [ s0 = -{resolve_ref_FMap_i32_i32 _82}- s1 | s1 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_79 <- _ret ] [ &map <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FMap_i32_i32 {_79} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_78 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_90 <- _ret ] [ &map <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FMap_i32_i32 {_90} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_89 <- _ret ] s3) | s3 = bb24 ] | bb24 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (2: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_159 <- _const ] s1 ] - | s1 = [ &_81 <- _159 ] s2 - | s2 = MutBorrow.borrow_final {_78.current} {MutBorrow.get_id _78} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_77 <- _ret ] [ &_78 <- { _78 with current = _ret.final } ] s3) - | s3 = remove_ghost_i32 {_77} {_81} (fun (_ret: t_Option_i32) -> [ &remove_some <- _ret ] s4) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_180 <- _const ] s1 ] + | s1 = [ &_92 <- _180 ] s2 + | s2 = MutBorrow.borrow_final {_89.current} {MutBorrow.get_id _89} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_88 <- _ret ] [ &_89 <- { _89 with current = _ret.final } ] s3) + | s3 = remove_ghost_i32 {_88} {_92} (fun (_ret: t_Option_i32) -> [ &remove_some <- _ret ] s4) | s4 = bb25 ] | bb25 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _78}- s1 + [ s0 = -{resolve_ref_FMap_i32_i32 _89}- s1 | s1 = MutBorrow.borrow_mut {map} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_86 <- _ret ] [ &map <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FMap_i32_i32 {_86} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_85 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_97 <- _ret ] [ &map <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FMap_i32_i32 {_97} (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_96 <- _ret ] s3) | s3 = bb26 ] | bb26 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (2: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_158 <- _const ] s1 ] - | s1 = [ &_88 <- _158 ] s2 - | s2 = MutBorrow.borrow_final {_85.current} {MutBorrow.get_id _85} - (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_84 <- _ret ] [ &_85 <- { _85 with current = _ret.final } ] s3) - | s3 = remove_ghost_i32 {_84} {_88} (fun (_ret: t_Option_i32) -> [ &remove_none2 <- _ret ] s4) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_179 <- _const ] s1 ] + | s1 = [ &_99 <- _179 ] s2 + | s2 = MutBorrow.borrow_final {_96.current} {MutBorrow.get_id _96} + (fun (_ret: MutBorrow.t t_FMap_i32_i32) -> [ &_95 <- _ret ] [ &_96 <- { _96 with current = _ret.final } ] s3) + | s3 = remove_ghost_i32 {_95} {_99} (fun (_ret: t_Option_i32) -> [ &remove_none2 <- _ret ] s4) | s4 = bb27 ] | bb27 = s0 - [ s0 = -{resolve_ref_FMap_i32_i32 _85}- s1 + [ s0 = -{resolve_ref_FMap_i32_i32 _96}- s1 | s1 = {[@expl:assertion] remove_none1 = None} s2 | s2 = {[@expl:assertion] remove_some = Some (200: Int32.t)} s3 | s3 = {[@expl:assertion] remove_none2 = None} s4 | s4 = {[@expl:assertion] get_i32 map (2: Int32.t) = None} s5 - | s5 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_100 <- _ret ] s6) + | s5 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_115 <- _ret ] s6) | s6 = bb28 ] | bb28 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_157 <- _const ] s1 ] - | s1 = [ &_103 <- _157 ] s2 - | s2 = contains_ghost_i32 {_100} {_103} (fun (_ret: bool) -> [ &contains1 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_178 <- _const ] s1 ] + | s1 = [ &_118 <- _178 ] s2 + | s2 = contains_ghost_i32 {_115} {_118} (fun (_ret: bool) -> [ &contains1 <- _ret ] s3) | s3 = bb29 ] - | bb29 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_107 <- _ret ] s1) | s1 = bb30 ] + | bb29 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_122 <- _ret ] s1) | s1 = bb30 ] | bb30 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (2: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_156 <- _const ] s1 ] - | s1 = [ &_110 <- _156 ] s2 - | s2 = contains_ghost_i32 {_107} {_110} (fun (_ret: bool) -> [ &contains2 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_177 <- _const ] s1 ] + | s1 = [ &_125 <- _177 ] s2 + | s2 = contains_ghost_i32 {_122} {_125} (fun (_ret: bool) -> [ &contains2 <- _ret ] s3) | s3 = bb31 ] - | bb31 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_114 <- _ret ] s1) | s1 = bb32 ] + | bb31 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_129 <- _ret ] s1) | s1 = bb32 ] | bb32 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (3: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_155 <- _const ] s1 ] - | s1 = [ &_117 <- _155 ] s2 - | s2 = contains_ghost_i32 {_114} {_117} (fun (_ret: bool) -> [ &contains3 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_176 <- _const ] s1 ] + | s1 = [ &_132 <- _176 ] s2 + | s2 = contains_ghost_i32 {_129} {_132} (fun (_ret: bool) -> [ &contains3 <- _ret ] s3) | s3 = bb33 ] | bb33 = s0 [ s0 = {[@expl:assertion] contains1} s1 | s1 = {[@expl:assertion] not contains2} s2 | s2 = {[@expl:assertion] not contains3} s3 - | s3 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_127 <- _ret ] s4) + | s3 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_145 <- _ret ] s4) | s4 = bb34 ] | bb34 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_154 <- _const ] s1 ] - | s1 = [ &_130 <- _154 ] s2 - | s2 = get_ghost_i32 {_127} {_130} (fun (_ret: t_Option_ref_i32'0) -> [ &get1 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_175 <- _const ] s1 ] + | s1 = [ &_148 <- _175 ] s2 + | s2 = get_ghost_i32 {_145} {_148} (fun (_ret: t_Option_ref_i32'0) -> [ &get1 <- _ret ] s3) | s3 = bb35 ] - | bb35 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_134 <- _ret ] s1) | s1 = bb36 ] + | bb35 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_152 <- _ret ] s1) | s1 = bb36 ] | bb36 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (2: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_153 <- _const ] s1 ] - | s1 = [ &_137 <- _153 ] s2 - | s2 = get_ghost_i32 {_134} {_137} (fun (_ret: t_Option_ref_i32'0) -> [ &get2 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_174 <- _const ] s1 ] + | s1 = [ &_155 <- _174 ] s2 + | s2 = get_ghost_i32 {_152} {_155} (fun (_ret: t_Option_ref_i32'0) -> [ &get2 <- _ret ] s3) | s3 = bb37 ] - | bb37 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_141 <- _ret ] s1) | s1 = bb38 ] + | bb37 = s0 [ s0 = deref_Ghost_FMap_i32_i32 {map} (fun (_ret: t_FMap_i32_i32) -> [ &_159 <- _ret ] s1) | s1 = bb38 ] | bb38 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (3: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_152 <- _const ] s1 ] - | s1 = [ &_144 <- _152 ] s2 - | s2 = get_ghost_i32 {_141} {_144} (fun (_ret: t_Option_ref_i32'0) -> [ &get3 <- _ret ] s3) + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_173 <- _const ] s1 ] + | s1 = [ &_162 <- _173 ] s2 + | s2 = get_ghost_i32 {_159} {_162} (fun (_ret: t_Option_ref_i32'0) -> [ &get3 <- _ret ] s3) | s3 = bb39 ] | bb39 = s0 [ s0 = {[@expl:assertion] get1 = Some'1 (42: Int32.t)} s1 @@ -390,81 +390,81 @@ module M_ghost_map | & map: t_FMap_i32_i32 = Any.any_l () | & _2: () = Any.any_l () | & _3: () = Any.any_l () - | & _6: t_Option_i32 = Any.any_l () - | & _7: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _7: t_Option_i32 = Any.any_l () | & _8: MutBorrow.t t_FMap_i32_i32 = Any.any_l () | & _9: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _10: MutBorrow.t t_FMap_i32_i32 = Any.any_l () | & length1: int = Any.any_l () - | & _12: t_FMap_i32_i32 = Any.any_l () - | & _19: t_Option_ref_i32 = Any.any_l () - | & _20: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _21: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _22: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _24: Int32.t = Any.any_l () + | & _13: t_FMap_i32_i32 = Any.any_l () + | & _22: t_Option_ref_i32 = Any.any_l () + | & _23: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _24: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _25: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _27: Int32.t = Any.any_l () | & x: MutBorrow.t Int32.t = Any.any_l () | & inserted_none: t_Option_i32 = Any.any_l () - | & _31: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _32: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _33: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & inserted_some: t_Option_i32 = Any.any_l () | & _35: MutBorrow.t t_FMap_i32_i32 = Any.any_l () | & _36: MutBorrow.t t_FMap_i32_i32 = Any.any_l () | & _37: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & inserted_some: t_Option_i32 = Any.any_l () + | & _39: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _40: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _41: MutBorrow.t t_FMap_i32_i32 = Any.any_l () | & length2: int = Any.any_l () - | & _40: t_FMap_i32_i32 = Any.any_l () + | & _44: t_FMap_i32_i32 = Any.any_l () | & x'0: MutBorrow.t Int32.t = Any.any_l () | & map2: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _54: tup2_ref_i32_ref_FMap_i32_i32 = Any.any_l () - | & _55: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _56: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _57: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _59: Int32.t = Any.any_l () - | & _61: t_Option_i32 = Any.any_l () - | & _62: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _63: t_Option_i32 = Any.any_l () + | & _63: tup2_ref_i32_ref_FMap_i32_i32 = Any.any_l () | & _64: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & remove_none1: t_Option_i32 = Any.any_l () - | & _70: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _65: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _66: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _68: Int32.t = Any.any_l () + | & _70: t_Option_i32 = Any.any_l () | & _71: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _72: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _74: Int32.t = Any.any_l () + | & _72: t_Option_i32 = Any.any_l () + | & _73: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & remove_none1: t_Option_i32 = Any.any_l () + | & _81: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _82: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _83: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _85: Int32.t = Any.any_l () | & remove_some: t_Option_i32 = Any.any_l () - | & _77: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _78: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _79: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _81: Int32.t = Any.any_l () + | & _88: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _89: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _90: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _92: Int32.t = Any.any_l () | & remove_none2: t_Option_i32 = Any.any_l () - | & _84: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _85: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _86: MutBorrow.t t_FMap_i32_i32 = Any.any_l () - | & _88: Int32.t = Any.any_l () + | & _95: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _96: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _97: MutBorrow.t t_FMap_i32_i32 = Any.any_l () + | & _99: Int32.t = Any.any_l () | & contains1: bool = Any.any_l () - | & _100: t_FMap_i32_i32 = Any.any_l () - | & _103: Int32.t = Any.any_l () + | & _115: t_FMap_i32_i32 = Any.any_l () + | & _118: Int32.t = Any.any_l () | & contains2: bool = Any.any_l () - | & _107: t_FMap_i32_i32 = Any.any_l () - | & _110: Int32.t = Any.any_l () + | & _122: t_FMap_i32_i32 = Any.any_l () + | & _125: Int32.t = Any.any_l () | & contains3: bool = Any.any_l () - | & _114: t_FMap_i32_i32 = Any.any_l () - | & _117: Int32.t = Any.any_l () + | & _129: t_FMap_i32_i32 = Any.any_l () + | & _132: Int32.t = Any.any_l () | & get1: t_Option_ref_i32'0 = Any.any_l () - | & _127: t_FMap_i32_i32 = Any.any_l () - | & _130: Int32.t = Any.any_l () + | & _145: t_FMap_i32_i32 = Any.any_l () + | & _148: Int32.t = Any.any_l () | & get2: t_Option_ref_i32'0 = Any.any_l () - | & _134: t_FMap_i32_i32 = Any.any_l () - | & _137: Int32.t = Any.any_l () - | & get3: t_Option_ref_i32'0 = Any.any_l () - | & _141: t_FMap_i32_i32 = Any.any_l () - | & _144: Int32.t = Any.any_l () - | & _152: Int32.t = Any.any_l () - | & _153: Int32.t = Any.any_l () - | & _154: Int32.t = Any.any_l () + | & _152: t_FMap_i32_i32 = Any.any_l () | & _155: Int32.t = Any.any_l () - | & _156: Int32.t = Any.any_l () - | & _157: Int32.t = Any.any_l () - | & _158: Int32.t = Any.any_l () - | & _159: Int32.t = Any.any_l () - | & _160: Int32.t = Any.any_l () - | & _161: Int32.t = Any.any_l () - | & _162: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & get3: t_Option_ref_i32'0 = Any.any_l () + | & _159: t_FMap_i32_i32 = Any.any_l () + | & _162: Int32.t = Any.any_l () + | & _173: Int32.t = Any.any_l () + | & _174: Int32.t = Any.any_l () + | & _175: Int32.t = Any.any_l () + | & _176: Int32.t = Any.any_l () + | & _177: Int32.t = Any.any_l () + | & _178: Int32.t = Any.any_l () + | & _179: Int32.t = Any.any_l () + | & _180: Int32.t = Any.any_l () + | & _181: Int32.t = Any.any_l () + | & _182: Int32.t = Any.any_l () + | & _183: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/ghost/ghost_set.coma b/tests/should_succeed/ghost/ghost_set.coma index e82ef228a5..9e837a0449 100644 --- a/tests/should_succeed/ghost/ghost_set.coma +++ b/tests/should_succeed/ghost/ghost_set.coma @@ -59,115 +59,115 @@ module M_ghost_map | bb1 = s0 [ s0 = {[@expl:assertion] forall k: Int32.t. not contains_i32 set k} s1 | s1 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_9 <- _ret ] [ &set <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FSet_i32 {_9} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_8 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_10 <- _ret ] [ &set <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FSet_i32 {_10} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_9 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 - [ s0 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + [ s0 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_7} {(1: Int32.t)} (fun (_ret: bool) -> [ &_6 <- _ret ] s2) + [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_8} {(1: Int32.t)} (fun (_ret: bool) -> [ &_7 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = -{resolve_ref_FSet_i32 _8}- s1 - | s1 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_12 <- _ret ] s2) + [ s0 = -{resolve_ref_FSet_i32 _9}- s1 + | s1 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_13 <- _ret ] s2) | s2 = bb4 ] - | bb4 = s0 [ s0 = len_ghost_i32 {_12} (fun (_ret: int) -> [ &length1 <- _ret ] s1) | s1 = bb5 ] + | bb4 = s0 [ s0 = len_ghost_i32 {_13} (fun (_ret: int) -> [ &length1 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = {[@expl:assertion] contains_i32 set (1: Int32.t) /\ not contains_i32 set (2: Int32.t)} s1 | s1 = {[@expl:assertion] length1 = 1} s2 - | s2 = [ &_21 <- { f0 = (1: Int32.t); f1 = (2: Int32.t); f2 = (3: Int32.t) } ] s3 - | s3 = [ &x1 <- _21.f0 ] s4 - | s4 = [ &x2 <- _21.f1 ] s5 - | s5 = [ &x3 <- _21.f2 ] s6 + | s2 = [ &_24 <- { f0 = (1: Int32.t); f1 = (2: Int32.t); f2 = (3: Int32.t) } ] s3 + | s3 = [ &x1 <- _24.f0 ] s4 + | s4 = [ &x2 <- _24.f1 ] s5 + | s5 = [ &x3 <- _24.f2 ] s6 | s6 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_25 <- _ret ] [ &set <- _ret.final ] s7) - | s7 = deref_mut_Ghost_FSet_i32 {_25} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_24 <- _ret ] s8) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_28 <- _ret ] [ &set <- _ret.final ] s7) + | s7 = deref_mut_Ghost_FSet_i32 {_28} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_27 <- _ret ] s8) | s8 = bb6 ] | bb6 = s0 - [ s0 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} + [ s0 = MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_23 <- _ret ] [ &_24 <- { _24 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_23} {(2: Int32.t)} (fun (_ret: bool) -> [ &inserted_true <- _ret ] s2) + [ &_26 <- _ret ] [ &_27 <- { _27 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_26} {(2: Int32.t)} (fun (_ret: bool) -> [ &inserted_true <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_FSet_i32 _24}- s1 + [ s0 = -{resolve_ref_FSet_i32 _27}- s1 | s1 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_29 <- _ret ] [ &set <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FSet_i32 {_29} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_28 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_32 <- _ret ] [ &set <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FSet_i32 {_32} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_31 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + [ s0 = MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s1) - | s1 = insert_ghost_i32 {_27} {(2: Int32.t)} (fun (_ret: bool) -> [ &inserted_false <- _ret ] s2) + [ &_30 <- _ret ] [ &_31 <- { _31 with current = _ret.final } ] s1) + | s1 = insert_ghost_i32 {_30} {(2: Int32.t)} (fun (_ret: bool) -> [ &inserted_false <- _ret ] s2) | s2 = bb9 ] | bb9 = s0 - [ s0 = -{resolve_ref_FSet_i32 _28}- s1 - | s1 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_32 <- _ret ] s2) + [ s0 = -{resolve_ref_FSet_i32 _31}- s1 + | s1 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_35 <- _ret ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = len_ghost_i32 {_32} (fun (_ret: int) -> [ &length2 <- _ret ] s1) | s1 = bb11 ] + | bb10 = s0 [ s0 = len_ghost_i32 {_35} (fun (_ret: int) -> [ &length2 <- _ret ] s1) | s1 = bb11 ] | bb11 = s0 [ s0 = {[@expl:assertion] inserted_true /\ not inserted_false} s1 | s1 = {[@expl:assertion] length2 = 2} s2 | s2 = {[@expl:assertion] contains_i32 set (1: Int32.t) /\ contains_i32 set (2: Int32.t)} s3 | s3 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_43 <- _ret ] [ &set <- _ret.final ] s4) - | s4 = deref_mut_Ghost_FSet_i32 {_43} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_42 <- _ret ] s5) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_50 <- _ret ] [ &set <- _ret.final ] s4) + | s4 = deref_mut_Ghost_FSet_i32 {_50} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_49 <- _ret ] s5) | s5 = bb12 ] | bb12 = s0 - [ s0 = [ &_45 <- x3 ] s1 - | s1 = MutBorrow.borrow_final {_42.current} {MutBorrow.get_id _42} + [ s0 = [ &_52 <- x3 ] s1 + | s1 = MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_41 <- _ret ] [ &_42 <- { _42 with current = _ret.final } ] s2) - | s2 = remove_ghost_i32 {_41} {_45} (fun (_ret: bool) -> [ &remove_false1 <- _ret ] s3) + [ &_48 <- _ret ] [ &_49 <- { _49 with current = _ret.final } ] s2) + | s2 = remove_ghost_i32 {_48} {_52} (fun (_ret: bool) -> [ &remove_false1 <- _ret ] s3) | s3 = bb13 ] | bb13 = s0 - [ s0 = -{resolve_ref_FSet_i32 _42}- s1 + [ s0 = -{resolve_ref_FSet_i32 _49}- s1 | s1 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_49 <- _ret ] [ &set <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FSet_i32 {_49} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_48 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_56 <- _ret ] [ &set <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FSet_i32 {_56} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_55 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = [ &_51 <- x2 ] s1 - | s1 = MutBorrow.borrow_final {_48.current} {MutBorrow.get_id _48} + [ s0 = [ &_58 <- x2 ] s1 + | s1 = MutBorrow.borrow_final {_55.current} {MutBorrow.get_id _55} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_47 <- _ret ] [ &_48 <- { _48 with current = _ret.final } ] s2) - | s2 = remove_ghost_i32 {_47} {_51} (fun (_ret: bool) -> [ &remove_true <- _ret ] s3) + [ &_54 <- _ret ] [ &_55 <- { _55 with current = _ret.final } ] s2) + | s2 = remove_ghost_i32 {_54} {_58} (fun (_ret: bool) -> [ &remove_true <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = -{resolve_ref_FSet_i32 _48}- s1 + [ s0 = -{resolve_ref_FSet_i32 _55}- s1 | s1 = MutBorrow.borrow_mut {set} - (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_55 <- _ret ] [ &set <- _ret.final ] s2) - | s2 = deref_mut_Ghost_FSet_i32 {_55} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_54 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_62 <- _ret ] [ &set <- _ret.final ] s2) + | s2 = deref_mut_Ghost_FSet_i32 {_62} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> [ &_61 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = [ &_57 <- x2 ] s1 - | s1 = MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} + [ s0 = [ &_64 <- x2 ] s1 + | s1 = MutBorrow.borrow_final {_61.current} {MutBorrow.get_id _61} (fun (_ret: MutBorrow.t (Fset.fset Int32.t)) -> - [ &_53 <- _ret ] [ &_54 <- { _54 with current = _ret.final } ] s2) - | s2 = remove_ghost_i32 {_53} {_57} (fun (_ret: bool) -> [ &remove_false2 <- _ret ] s3) + [ &_60 <- _ret ] [ &_61 <- { _61 with current = _ret.final } ] s2) + | s2 = remove_ghost_i32 {_60} {_64} (fun (_ret: bool) -> [ &remove_false2 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = -{resolve_ref_FSet_i32 _54}- s1 + [ s0 = -{resolve_ref_FSet_i32 _61}- s1 | s1 = {[@expl:assertion] not remove_false1 /\ remove_true /\ not remove_false2} s2 | s2 = {[@expl:assertion] not contains_i32 set (2: Int32.t)} s3 | s3 = {[@expl:assertion] Fset.cardinal set = 1} s4 - | s4 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_66 <- _ret ] s5) + | s4 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_78 <- _ret ] s5) | s5 = bb18 ] | bb18 = s0 - [ s0 = [ &_69 <- x1 ] s1 - | s1 = contains_ghost_i32 {_66} {_69} (fun (_ret: bool) -> [ &contains1 <- _ret ] s2) + [ s0 = [ &_81 <- x1 ] s1 + | s1 = contains_ghost_i32 {_78} {_81} (fun (_ret: bool) -> [ &contains1 <- _ret ] s2) | s2 = bb19 ] - | bb19 = s0 [ s0 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_72 <- _ret ] s1) | s1 = bb20 ] + | bb19 = s0 [ s0 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_84 <- _ret ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = [ &_75 <- x2 ] s1 - | s1 = contains_ghost_i32 {_72} {_75} (fun (_ret: bool) -> [ &contains2 <- _ret ] s2) + [ s0 = [ &_87 <- x2 ] s1 + | s1 = contains_ghost_i32 {_84} {_87} (fun (_ret: bool) -> [ &contains2 <- _ret ] s2) | s2 = bb21 ] - | bb21 = s0 [ s0 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_78 <- _ret ] s1) | s1 = bb22 ] + | bb21 = s0 [ s0 = deref_Ghost_FSet_i32 {set} (fun (_ret: Fset.fset Int32.t) -> [ &_90 <- _ret ] s1) | s1 = bb22 ] | bb22 = s0 - [ s0 = [ &_81 <- x3 ] s1 - | s1 = contains_ghost_i32 {_78} {_81} (fun (_ret: bool) -> [ &contains3 <- _ret ] s2) + [ s0 = [ &_93 <- x3 ] s1 + | s1 = contains_ghost_i32 {_90} {_93} (fun (_ret: bool) -> [ &contains3 <- _ret ] s2) | s2 = bb23 ] | bb23 = s0 [ s0 = {[@expl:assertion] contains1} s1 @@ -180,48 +180,48 @@ module M_ghost_map | & set: Fset.fset Int32.t = Any.any_l () | & _2: () = Any.any_l () | & _3: () = Any.any_l () - | & _6: bool = Any.any_l () - | & _7: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _7: bool = Any.any_l () | & _8: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _9: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _10: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & length1: int = Any.any_l () - | & _12: Fset.fset Int32.t = Any.any_l () + | & _13: Fset.fset Int32.t = Any.any_l () | & x1: Int32.t = Any.any_l () | & x2: Int32.t = Any.any_l () | & x3: Int32.t = Any.any_l () - | & _21: tup3_i32_i32_i32 = Any.any_l () + | & _24: tup3_i32_i32_i32 = Any.any_l () | & inserted_true: bool = Any.any_l () - | & _23: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _24: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _25: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & inserted_false: bool = Any.any_l () + | & _26: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _27: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _28: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _29: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & inserted_false: bool = Any.any_l () + | & _30: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _31: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _32: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & length2: int = Any.any_l () - | & _32: Fset.fset Int32.t = Any.any_l () + | & _35: Fset.fset Int32.t = Any.any_l () | & remove_false1: bool = Any.any_l () - | & _41: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _42: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _43: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _45: Int32.t = Any.any_l () - | & remove_true: bool = Any.any_l () - | & _47: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _48: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _49: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _51: Int32.t = Any.any_l () - | & remove_false2: bool = Any.any_l () - | & _53: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _50: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _52: Int32.t = Any.any_l () + | & remove_true: bool = Any.any_l () | & _54: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () | & _55: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () - | & _57: Int32.t = Any.any_l () + | & _56: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _58: Int32.t = Any.any_l () + | & remove_false2: bool = Any.any_l () + | & _60: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _61: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _62: MutBorrow.t (Fset.fset Int32.t) = Any.any_l () + | & _64: Int32.t = Any.any_l () | & contains1: bool = Any.any_l () - | & _66: Fset.fset Int32.t = Any.any_l () - | & _69: Int32.t = Any.any_l () + | & _78: Fset.fset Int32.t = Any.any_l () + | & _81: Int32.t = Any.any_l () | & contains2: bool = Any.any_l () - | & _72: Fset.fset Int32.t = Any.any_l () - | & _75: Int32.t = Any.any_l () + | & _84: Fset.fset Int32.t = Any.any_l () + | & _87: Int32.t = Any.any_l () | & contains3: bool = Any.any_l () - | & _78: Fset.fset Int32.t = Any.any_l () - | & _81: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _90: Fset.fset Int32.t = Any.any_l () + | & _93: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/ghost/ghost_vec.coma b/tests/should_succeed/ghost/ghost_vec.coma index bf18895796..9313fd780d 100644 --- a/tests/should_succeed/ghost/ghost_vec.coma +++ b/tests/should_succeed/ghost/ghost_vec.coma @@ -101,351 +101,351 @@ module M_ghost_vec [ bb0 = s0 [ s0 = new_i32 (fun (_ret: Seq.seq Int32.t) -> [ &v <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] forall i: int. get_i32 v i = None} s1 - | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_9 <- _ret ] s2) + | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_10 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = is_empty_ghost_i32 {_9} (fun (_ret: bool) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] - | bb3 = any [ br0 -> {_7 = false} (! bb5) | br1 -> {_7} (! bb4) ] + | bb2 = s0 [ s0 = is_empty_ghost_i32 {_10} (fun (_ret: bool) -> [ &_8 <- _ret ] s1) | s1 = bb3 ] + | bb3 = any [ br0 -> {_8 = false} (! bb5) | br1 -> {_8} (! bb4) ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_15 <- _ret ] [ &v <- _ret.final ] s1) - | s1 = deref_mut_Ghost_Seq_i32 {_15} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_14 <- _ret ] s2) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_16 <- _ret ] [ &v <- _ret.final ] s1) + | s1 = deref_mut_Ghost_Seq_i32 {_16} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_15 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + [ s0 = MutBorrow.borrow_final {_15.current} {MutBorrow.get_id _15} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_13 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s1) - | s1 = push_back_ghost_i32 {_13} {(21: Int32.t)} (fun (_ret: ()) -> [ &_12 <- _ret ] s2) + [ &_14 <- _ret ] [ &_15 <- { _15 with current = _ret.final } ] s1) + | s1 = push_back_ghost_i32 {_14} {(21: Int32.t)} (fun (_ret: ()) -> [ &_13 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_Seq_i32 _14}- s1 - | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_19 <- _ret ] s2) + [ s0 = -{resolve_ref_Seq_i32 _15}- s1 + | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_20 <- _ret ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = is_empty_ghost_i32 {_19} (fun (_ret: bool) -> [ &_17 <- _ret ] s1) | s1 = bb9 ] - | bb9 = any [ br0 -> {_17 = false} (! bb11) | br1 -> {_17} (! bb10) ] + | bb8 = s0 [ s0 = is_empty_ghost_i32 {_20} (fun (_ret: bool) -> [ &_18 <- _ret ] s1) | s1 = bb9 ] + | bb9 = any [ br0 -> {_18 = false} (! bb11) | br1 -> {_18} (! bb10) ] | bb10 = {false} any | bb11 = s0 [ s0 = {[@expl:assertion] Seq.get v 0 = (21: Int32.t)} s1 | s1 = {[@expl:assertion] Seq.length v = 1} s2 | s2 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_29 <- _ret ] [ &v <- _ret.final ] s3) - | s3 = deref_mut_Ghost_Seq_i32 {_29} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_28 <- _ret ] s4) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_32 <- _ret ] [ &v <- _ret.final ] s3) + | s3 = deref_mut_Ghost_Seq_i32 {_32} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_31 <- _ret ] s4) | s4 = bb12 ] | bb12 = s0 - [ s0 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + [ s0 = MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s1) - | s1 = push_back_ghost_i32 {_27} {(10: Int32.t)} (fun (_ret: ()) -> [ &_26 <- _ret ] s2) + [ &_30 <- _ret ] [ &_31 <- { _31 with current = _ret.final } ] s1) + | s1 = push_back_ghost_i32 {_30} {(10: Int32.t)} (fun (_ret: ()) -> [ &_29 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = -{resolve_ref_Seq_i32 _28}- s1 + [ s0 = -{resolve_ref_Seq_i32 _31}- s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_33 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_33} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_32 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_36 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_36} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_35 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + [ s0 = MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_31 <- _ret ] [ &_32 <- { _32 with current = _ret.final } ] s1) - | s1 = push_back_ghost_i32 {_31} {(30: Int32.t)} (fun (_ret: ()) -> [ &_30 <- _ret ] s2) + [ &_34 <- _ret ] [ &_35 <- { _35 with current = _ret.final } ] s1) + | s1 = push_back_ghost_i32 {_34} {(30: Int32.t)} (fun (_ret: ()) -> [ &_33 <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 - [ s0 = -{resolve_ref_Seq_i32 _32}- s1 - | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_36 <- _ret ] s2) + [ s0 = -{resolve_ref_Seq_i32 _35}- s1 + | s1 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_39 <- _ret ] s2) | s2 = bb16 ] - | bb16 = s0 [ s0 = len_ghost_i32 {_36} (fun (_ret: int) -> [ &len <- _ret ] s1) | s1 = bb17 ] + | bb16 = s0 [ s0 = len_ghost_i32 {_39} (fun (_ret: int) -> [ &len <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = {[@expl:assertion] len = 3} s1 | s1 = {[@expl:assertion] Seq.get v 0 = (21: Int32.t) /\ Seq.get v 1 = (10: Int32.t) /\ Seq.get v 2 = (30: Int32.t)} s2 - | s2 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_44 <- _ret ] s3) + | s2 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_49 <- _ret ] s3) | s3 = bb18 ] - | bb18 = s0 [ s0 = new {(1: Int128.t)} (fun (_ret: int) -> [ &_47 <- _ret ] s1) | s1 = bb19 ] - | bb19 = s0 [ s0 = into_inner_Int {_47} (fun (_ret: int) -> [ &_46 <- _ret ] s1) | s1 = bb20 ] - | bb20 = s0 [ s0 = get_ghost_i32 {_44} {_46} (fun (_ret: t_Option_ref_i32) -> [ &get1 <- _ret ] s1) | s1 = bb21 ] - | bb21 = s0 [ s0 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_50 <- _ret ] s1) | s1 = bb22 ] - | bb22 = s0 [ s0 = new {(3: Int128.t)} (fun (_ret: int) -> [ &_53 <- _ret ] s1) | s1 = bb23 ] - | bb23 = s0 [ s0 = into_inner_Int {_53} (fun (_ret: int) -> [ &_52 <- _ret ] s1) | s1 = bb24 ] - | bb24 = s0 [ s0 = get_ghost_i32 {_50} {_52} (fun (_ret: t_Option_ref_i32) -> [ &get2 <- _ret ] s1) | s1 = bb25 ] + | bb18 = s0 [ s0 = new {(1: Int128.t)} (fun (_ret: int) -> [ &_52 <- _ret ] s1) | s1 = bb19 ] + | bb19 = s0 [ s0 = into_inner_Int {_52} (fun (_ret: int) -> [ &_51 <- _ret ] s1) | s1 = bb20 ] + | bb20 = s0 [ s0 = get_ghost_i32 {_49} {_51} (fun (_ret: t_Option_ref_i32) -> [ &get1 <- _ret ] s1) | s1 = bb21 ] + | bb21 = s0 [ s0 = deref_Ghost_Seq_i32 {v} (fun (_ret: Seq.seq Int32.t) -> [ &_55 <- _ret ] s1) | s1 = bb22 ] + | bb22 = s0 [ s0 = new {(3: Int128.t)} (fun (_ret: int) -> [ &_58 <- _ret ] s1) | s1 = bb23 ] + | bb23 = s0 [ s0 = into_inner_Int {_58} (fun (_ret: int) -> [ &_57 <- _ret ] s1) | s1 = bb24 ] + | bb24 = s0 [ s0 = get_ghost_i32 {_55} {_57} (fun (_ret: t_Option_ref_i32) -> [ &get2 <- _ret ] s1) | s1 = bb25 ] | bb25 = s0 [ s0 = {[@expl:assertion] get1 = Some'0 (10: Int32.t)} s1 | s1 = {[@expl:assertion] get2 = None'0} s2 | s2 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_62 <- _ret ] [ &v <- _ret.final ] s3) - | s3 = deref_mut_Ghost_Seq_i32 {_62} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_61 <- _ret ] s4) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_69 <- _ret ] [ &v <- _ret.final ] s3) + | s3 = deref_mut_Ghost_Seq_i32 {_69} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_68 <- _ret ] s4) | s4 = bb26 ] - | bb26 = s0 [ s0 = new {(0: Int128.t)} (fun (_ret: int) -> [ &_64 <- _ret ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = into_inner_Int {_64} (fun (_ret: int) -> [ &_63 <- _ret ] s1) | s1 = bb28 ] + | bb26 = s0 [ s0 = new {(0: Int128.t)} (fun (_ret: int) -> [ &_71 <- _ret ] s1) | s1 = bb27 ] + | bb27 = s0 [ s0 = into_inner_Int {_71} (fun (_ret: int) -> [ &_70 <- _ret ] s1) | s1 = bb28 ] | bb28 = s0 - [ s0 = MutBorrow.borrow_final {_61.current} {MutBorrow.get_id _61} + [ s0 = MutBorrow.borrow_final {_68.current} {MutBorrow.get_id _68} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_60 <- _ret ] [ &_61 <- { _61 with current = _ret.final } ] s1) - | s1 = get_mut_ghost_i32 {_60} {_63} (fun (_ret: t_Option_ref_i32'0) -> [ &_59 <- _ret ] s2) + [ &_67 <- _ret ] [ &_68 <- { _68 with current = _ret.final } ] s1) + | s1 = get_mut_ghost_i32 {_67} {_70} (fun (_ret: t_Option_ref_i32'0) -> [ &_66 <- _ret ] s2) | s2 = bb29 ] - | bb29 = any [ br0 -> {_59 = None'1} (! bb32) | br1 (x0: MutBorrow.t Int32.t) -> {_59 = Some'1 x0} (! bb31) ] + | bb29 = any [ br0 -> {_66 = None'1} (! bb32) | br1 (x0: MutBorrow.t Int32.t) -> {_66 = Some'1 x0} (! bb31) ] | bb32 = s0 - [ s0 = -{match _59 with + [ s0 = -{match _66 with | Some'1 x'0 -> resolve_ref_i32 x'0 | _ -> true end}- s1 - | s1 = -{resolve_ref_Seq_i32 _61}- s2 + | s1 = -{resolve_ref_Seq_i32 _68}- s2 | s2 = bb33 ] | bb31 = s0 - [ s0 = elim_Some {_59} (fun (r0: MutBorrow.t Int32.t) -> [ &x <- r0 ] s1) + [ s0 = elim_Some {_66} (fun (r0: MutBorrow.t Int32.t) -> [ &x <- r0 ] s1) | s1 = [ &x <- { x with current = (42: Int32.t) } ] s2 | s2 = -{resolve_ref_i32 x}- s3 - | s3 = -{resolve_ref_Seq_i32 _61}- s4 + | s3 = -{resolve_ref_Seq_i32 _68}- s4 | s4 = bb33 ] | bb33 = s0 [ s0 = {[@expl:assertion] Seq.get v 0 = (42: Int32.t)} s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_72 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_72} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_71 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_80 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_80} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_79 <- _ret ] s3) | s3 = bb34 ] | bb34 = s0 - [ s0 = MutBorrow.borrow_final {_71.current} {MutBorrow.get_id _71} + [ s0 = MutBorrow.borrow_final {_79.current} {MutBorrow.get_id _79} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_70 <- _ret ] [ &_71 <- { _71 with current = _ret.final } ] s1) - | s1 = pop_back_ghost_i32 {_70} (fun (_ret: t_Option_i32) -> [ &pop1 <- _ret ] s2) + [ &_78 <- _ret ] [ &_79 <- { _79 with current = _ret.final } ] s1) + | s1 = pop_back_ghost_i32 {_78} (fun (_ret: t_Option_i32) -> [ &pop1 <- _ret ] s2) | s2 = bb35 ] | bb35 = s0 - [ s0 = -{resolve_ref_Seq_i32 _71}- s1 + [ s0 = -{resolve_ref_Seq_i32 _79}- s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_76 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_76} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_75 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_84 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_84} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_83 <- _ret ] s3) | s3 = bb36 ] | bb36 = s0 - [ s0 = MutBorrow.borrow_final {_75.current} {MutBorrow.get_id _75} + [ s0 = MutBorrow.borrow_final {_83.current} {MutBorrow.get_id _83} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_74 <- _ret ] [ &_75 <- { _75 with current = _ret.final } ] s1) - | s1 = pop_back_ghost_i32 {_74} (fun (_ret: t_Option_i32) -> [ &pop2 <- _ret ] s2) + [ &_82 <- _ret ] [ &_83 <- { _83 with current = _ret.final } ] s1) + | s1 = pop_back_ghost_i32 {_82} (fun (_ret: t_Option_i32) -> [ &pop2 <- _ret ] s2) | s2 = bb37 ] | bb37 = s0 - [ s0 = -{resolve_ref_Seq_i32 _75}- s1 + [ s0 = -{resolve_ref_Seq_i32 _83}- s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_80 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_80} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_79 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_88 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_88} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_87 <- _ret ] s3) | s3 = bb38 ] | bb38 = s0 - [ s0 = MutBorrow.borrow_final {_79.current} {MutBorrow.get_id _79} + [ s0 = MutBorrow.borrow_final {_87.current} {MutBorrow.get_id _87} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_78 <- _ret ] [ &_79 <- { _79 with current = _ret.final } ] s1) - | s1 = pop_back_ghost_i32 {_78} (fun (_ret: t_Option_i32) -> [ &pop3 <- _ret ] s2) + [ &_86 <- _ret ] [ &_87 <- { _87 with current = _ret.final } ] s1) + | s1 = pop_back_ghost_i32 {_86} (fun (_ret: t_Option_i32) -> [ &pop3 <- _ret ] s2) | s2 = bb39 ] | bb39 = s0 - [ s0 = -{resolve_ref_Seq_i32 _79}- s1 + [ s0 = -{resolve_ref_Seq_i32 _87}- s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_84 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_84} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_83 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_92 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_92} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_91 <- _ret ] s3) | s3 = bb40 ] | bb40 = s0 - [ s0 = MutBorrow.borrow_final {_83.current} {MutBorrow.get_id _83} + [ s0 = MutBorrow.borrow_final {_91.current} {MutBorrow.get_id _91} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_82 <- _ret ] [ &_83 <- { _83 with current = _ret.final } ] s1) - | s1 = pop_back_ghost_i32 {_82} (fun (_ret: t_Option_i32) -> [ &pop4 <- _ret ] s2) + [ &_90 <- _ret ] [ &_91 <- { _91 with current = _ret.final } ] s1) + | s1 = pop_back_ghost_i32 {_90} (fun (_ret: t_Option_i32) -> [ &pop4 <- _ret ] s2) | s2 = bb41 ] | bb41 = s0 - [ s0 = -{resolve_ref_Seq_i32 _83}- s1 + [ s0 = -{resolve_ref_Seq_i32 _91}- s1 | s1 = MutBorrow.borrow_mut {v} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_88 <- _ret ] [ &v <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_88} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_87 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_96 <- _ret ] [ &v <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_96} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_95 <- _ret ] s3) | s3 = bb42 ] | bb42 = s0 - [ s0 = MutBorrow.borrow_final {_87.current} {MutBorrow.get_id _87} + [ s0 = MutBorrow.borrow_final {_95.current} {MutBorrow.get_id _95} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_86 <- _ret ] [ &_87 <- { _87 with current = _ret.final } ] s1) - | s1 = pop_back_ghost_i32 {_86} (fun (_ret: t_Option_i32) -> [ &pop5 <- _ret ] s2) + [ &_94 <- _ret ] [ &_95 <- { _95 with current = _ret.final } ] s1) + | s1 = pop_back_ghost_i32 {_94} (fun (_ret: t_Option_i32) -> [ &pop5 <- _ret ] s2) | s2 = bb43 ] | bb43 = s0 - [ s0 = -{resolve_ref_Seq_i32 _87}- s1 + [ s0 = -{resolve_ref_Seq_i32 _95}- s1 | s1 = {[@expl:assertion] pop1 = Some (30: Int32.t)} s2 | s2 = {[@expl:assertion] pop2 = Some (10: Int32.t)} s3 | s3 = {[@expl:assertion] pop3 = Some (42: Int32.t)} s4 | s4 = {[@expl:assertion] pop4 = None} s5 | s5 = {[@expl:assertion] pop5 = None} s6 - | s6 = new_unit {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s7) + | s6 = new_unit {_6} (fun (_ret: ()) -> [ &_5 <- _ret ] s7) | s7 = bb44 ] | bb44 = s0 [ s0 = new_i32 (fun (_ret: Seq.seq Int32.t) -> [ &v'0 <- _ret ] s1) | s1 = bb45 ] | bb45 = s0 [ s0 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_105 <- _ret ] [ &v'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_Seq_i32 {_105} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_104 <- _ret ] s2) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_118 <- _ret ] [ &v'0 <- _ret.final ] s1) + | s1 = deref_mut_Ghost_Seq_i32 {_118} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_117 <- _ret ] s2) | s2 = bb46 ] | bb46 = s0 - [ s0 = MutBorrow.borrow_final {_104.current} {MutBorrow.get_id _104} + [ s0 = MutBorrow.borrow_final {_117.current} {MutBorrow.get_id _117} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_103 <- _ret ] [ &_104 <- { _104 with current = _ret.final } ] s1) - | s1 = push_front_ghost_i32 {_103} {(1: Int32.t)} (fun (_ret: ()) -> [ &_102 <- _ret ] s2) + [ &_116 <- _ret ] [ &_117 <- { _117 with current = _ret.final } ] s1) + | s1 = push_front_ghost_i32 {_116} {(1: Int32.t)} (fun (_ret: ()) -> [ &_115 <- _ret ] s2) | s2 = bb47 ] | bb47 = s0 - [ s0 = -{resolve_ref_Seq_i32 _104}- s1 + [ s0 = -{resolve_ref_Seq_i32 _117}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_109 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_109} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_108 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_122 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_122} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_121 <- _ret ] s3) | s3 = bb48 ] | bb48 = s0 - [ s0 = MutBorrow.borrow_final {_108.current} {MutBorrow.get_id _108} + [ s0 = MutBorrow.borrow_final {_121.current} {MutBorrow.get_id _121} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_107 <- _ret ] [ &_108 <- { _108 with current = _ret.final } ] s1) - | s1 = push_front_ghost_i32 {_107} {(2: Int32.t)} (fun (_ret: ()) -> [ &_106 <- _ret ] s2) + [ &_120 <- _ret ] [ &_121 <- { _121 with current = _ret.final } ] s1) + | s1 = push_front_ghost_i32 {_120} {(2: Int32.t)} (fun (_ret: ()) -> [ &_119 <- _ret ] s2) | s2 = bb49 ] | bb49 = s0 - [ s0 = -{resolve_ref_Seq_i32 _108}- s1 + [ s0 = -{resolve_ref_Seq_i32 _121}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_113 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_113} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_112 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_126 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_126} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_125 <- _ret ] s3) | s3 = bb50 ] | bb50 = s0 - [ s0 = MutBorrow.borrow_final {_112.current} {MutBorrow.get_id _112} + [ s0 = MutBorrow.borrow_final {_125.current} {MutBorrow.get_id _125} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_111 <- _ret ] [ &_112 <- { _112 with current = _ret.final } ] s1) - | s1 = push_front_ghost_i32 {_111} {(3: Int32.t)} (fun (_ret: ()) -> [ &_110 <- _ret ] s2) + [ &_124 <- _ret ] [ &_125 <- { _125 with current = _ret.final } ] s1) + | s1 = push_front_ghost_i32 {_124} {(3: Int32.t)} (fun (_ret: ()) -> [ &_123 <- _ret ] s2) | s2 = bb51 ] | bb51 = s0 - [ s0 = -{resolve_ref_Seq_i32 _112}- s1 + [ s0 = -{resolve_ref_Seq_i32 _125}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_117 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_117} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_116 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_130 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_130} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_129 <- _ret ] s3) | s3 = bb52 ] | bb52 = s0 - [ s0 = MutBorrow.borrow_final {_116.current} {MutBorrow.get_id _116} + [ s0 = MutBorrow.borrow_final {_129.current} {MutBorrow.get_id _129} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_115 <- _ret ] [ &_116 <- { _116 with current = _ret.final } ] s1) - | s1 = pop_front_ghost_i32 {_115} (fun (_ret: t_Option_i32) -> [ &pop1'0 <- _ret ] s2) + [ &_128 <- _ret ] [ &_129 <- { _129 with current = _ret.final } ] s1) + | s1 = pop_front_ghost_i32 {_128} (fun (_ret: t_Option_i32) -> [ &pop1'0 <- _ret ] s2) | s2 = bb53 ] | bb53 = s0 - [ s0 = -{resolve_ref_Seq_i32 _116}- s1 + [ s0 = -{resolve_ref_Seq_i32 _129}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_121 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_121} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_120 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_134 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_134} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_133 <- _ret ] s3) | s3 = bb54 ] | bb54 = s0 - [ s0 = MutBorrow.borrow_final {_120.current} {MutBorrow.get_id _120} + [ s0 = MutBorrow.borrow_final {_133.current} {MutBorrow.get_id _133} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_119 <- _ret ] [ &_120 <- { _120 with current = _ret.final } ] s1) - | s1 = pop_front_ghost_i32 {_119} (fun (_ret: t_Option_i32) -> [ &pop2'0 <- _ret ] s2) + [ &_132 <- _ret ] [ &_133 <- { _133 with current = _ret.final } ] s1) + | s1 = pop_front_ghost_i32 {_132} (fun (_ret: t_Option_i32) -> [ &pop2'0 <- _ret ] s2) | s2 = bb55 ] | bb55 = s0 - [ s0 = -{resolve_ref_Seq_i32 _120}- s1 + [ s0 = -{resolve_ref_Seq_i32 _133}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_125 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_125} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_124 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_138 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_138} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_137 <- _ret ] s3) | s3 = bb56 ] | bb56 = s0 - [ s0 = MutBorrow.borrow_final {_124.current} {MutBorrow.get_id _124} + [ s0 = MutBorrow.borrow_final {_137.current} {MutBorrow.get_id _137} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_123 <- _ret ] [ &_124 <- { _124 with current = _ret.final } ] s1) - | s1 = pop_front_ghost_i32 {_123} (fun (_ret: t_Option_i32) -> [ &pop3'0 <- _ret ] s2) + [ &_136 <- _ret ] [ &_137 <- { _137 with current = _ret.final } ] s1) + | s1 = pop_front_ghost_i32 {_136} (fun (_ret: t_Option_i32) -> [ &pop3'0 <- _ret ] s2) | s2 = bb57 ] | bb57 = s0 - [ s0 = -{resolve_ref_Seq_i32 _124}- s1 + [ s0 = -{resolve_ref_Seq_i32 _137}- s1 | s1 = MutBorrow.borrow_mut {v'0} - (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_129 <- _ret ] [ &v'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_Seq_i32 {_129} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_128 <- _ret ] s3) + (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_142 <- _ret ] [ &v'0 <- _ret.final ] s2) + | s2 = deref_mut_Ghost_Seq_i32 {_142} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> [ &_141 <- _ret ] s3) | s3 = bb58 ] | bb58 = s0 - [ s0 = MutBorrow.borrow_final {_128.current} {MutBorrow.get_id _128} + [ s0 = MutBorrow.borrow_final {_141.current} {MutBorrow.get_id _141} (fun (_ret: MutBorrow.t (Seq.seq Int32.t)) -> - [ &_127 <- _ret ] [ &_128 <- { _128 with current = _ret.final } ] s1) - | s1 = pop_front_ghost_i32 {_127} (fun (_ret: t_Option_i32) -> [ &pop4'0 <- _ret ] s2) + [ &_140 <- _ret ] [ &_141 <- { _141 with current = _ret.final } ] s1) + | s1 = pop_front_ghost_i32 {_140} (fun (_ret: t_Option_i32) -> [ &pop4'0 <- _ret ] s2) | s2 = bb59 ] | bb59 = s0 - [ s0 = -{resolve_ref_Seq_i32 _128}- s1 + [ s0 = -{resolve_ref_Seq_i32 _141}- s1 | s1 = {[@expl:assertion] pop1'0 = Some (3: Int32.t)} s2 | s2 = {[@expl:assertion] pop2'0 = Some (2: Int32.t)} s3 | s3 = {[@expl:assertion] pop3'0 = Some (1: Int32.t)} s4 | s4 = {[@expl:assertion] pop4'0 = None} s5 - | s5 = new_unit {_101} (fun (_ret: ()) -> [ &_100 <- _ret ] s6) + | s5 = new_unit {_114} (fun (_ret: ()) -> [ &_113 <- _ret ] s6) | s6 = bb60 ] | bb60 = return {_0} | bb5 = {false} any ] [ & _0: () = Any.any_l () | & v: Seq.seq Int32.t = Any.any_l () - | & _4: () = Any.any_l () | & _5: () = Any.any_l () - | & _7: bool = Any.any_l () - | & _9: Seq.seq Int32.t = Any.any_l () - | & _12: () = Any.any_l () - | & _13: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _6: () = Any.any_l () + | & _8: bool = Any.any_l () + | & _10: Seq.seq Int32.t = Any.any_l () + | & _13: () = Any.any_l () | & _14: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _15: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: Seq.seq Int32.t = Any.any_l () - | & _26: () = Any.any_l () - | & _27: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _28: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _29: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _30: () = Any.any_l () + | & _16: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _18: bool = Any.any_l () + | & _20: Seq.seq Int32.t = Any.any_l () + | & _29: () = Any.any_l () + | & _30: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _31: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _32: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _33: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _33: () = Any.any_l () + | & _34: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _35: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _36: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & len: int = Any.any_l () - | & _36: Seq.seq Int32.t = Any.any_l () + | & _39: Seq.seq Int32.t = Any.any_l () | & get1: t_Option_ref_i32 = Any.any_l () - | & _44: Seq.seq Int32.t = Any.any_l () - | & _46: int = Any.any_l () - | & _47: int = Any.any_l () - | & get2: t_Option_ref_i32 = Any.any_l () - | & _50: Seq.seq Int32.t = Any.any_l () + | & _49: Seq.seq Int32.t = Any.any_l () + | & _51: int = Any.any_l () | & _52: int = Any.any_l () - | & _53: int = Any.any_l () - | & _59: t_Option_ref_i32'0 = Any.any_l () - | & _60: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _61: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _62: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _63: int = Any.any_l () - | & _64: int = Any.any_l () + | & get2: t_Option_ref_i32 = Any.any_l () + | & _55: Seq.seq Int32.t = Any.any_l () + | & _57: int = Any.any_l () + | & _58: int = Any.any_l () + | & _66: t_Option_ref_i32'0 = Any.any_l () + | & _67: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _68: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _69: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _70: int = Any.any_l () + | & _71: int = Any.any_l () | & x: MutBorrow.t Int32.t = Any.any_l () | & pop1: t_Option_i32 = Any.any_l () - | & _70: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _71: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _72: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop2: t_Option_i32 = Any.any_l () - | & _74: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _75: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _76: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop3: t_Option_i32 = Any.any_l () | & _78: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _79: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _80: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop4: t_Option_i32 = Any.any_l () + | & pop2: t_Option_i32 = Any.any_l () | & _82: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _83: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _84: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop5: t_Option_i32 = Any.any_l () + | & pop3: t_Option_i32 = Any.any_l () | & _86: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _87: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _88: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop4: t_Option_i32 = Any.any_l () + | & _90: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _91: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _92: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop5: t_Option_i32 = Any.any_l () + | & _94: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _95: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _96: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & v'0: Seq.seq Int32.t = Any.any_l () - | & _100: () = Any.any_l () - | & _101: () = Any.any_l () - | & _102: () = Any.any_l () - | & _103: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _104: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _105: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _106: () = Any.any_l () - | & _107: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _108: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _109: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _110: () = Any.any_l () - | & _111: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _112: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _113: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop1'0: t_Option_i32 = Any.any_l () - | & _115: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _113: () = Any.any_l () + | & _114: () = Any.any_l () + | & _115: () = Any.any_l () | & _116: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _117: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop2'0: t_Option_i32 = Any.any_l () - | & _119: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _118: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _119: () = Any.any_l () | & _120: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _121: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop3'0: t_Option_i32 = Any.any_l () - | & _123: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _122: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _123: () = Any.any_l () | & _124: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () | & _125: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & pop4'0: t_Option_i32 = Any.any_l () - | & _127: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _126: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop1'0: t_Option_i32 = Any.any_l () | & _128: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () - | & _129: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _129: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _130: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop2'0: t_Option_i32 = Any.any_l () + | & _132: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _133: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _134: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop3'0: t_Option_i32 = Any.any_l () + | & _136: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _137: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _138: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & pop4'0: t_Option_i32 = Any.any_l () + | & _140: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _141: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () + | & _142: MutBorrow.t (Seq.seq Int32.t) = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/ghost/integers.coma b/tests/should_succeed/ghost/integers.coma index 16e2009361..28b32c2a62 100644 --- a/tests/should_succeed/ghost/integers.coma +++ b/tests/should_succeed/ghost/integers.coma @@ -42,15 +42,15 @@ module M_in_ghost_block | bb9 = s0 [ s0 = mul_Int {z} {_15} (fun (_ret: int) -> [ &w <- _ret ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = {[@expl:assertion] w = 9} s1 | s1 = new_unit {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb11 ] - | bb11 = s0 [ s0 = new {(4: Int128.t)} (fun (_ret: int) -> [ &_23 <- _ret ] s1) | s1 = bb12 ] - | bb12 = s0 [ s0 = into_inner_Int {_23} (fun (_ret: int) -> [ &_22 <- _ret ] s1) | s1 = bb13 ] - | bb13 = s0 [ s0 = new {(13: Int128.t)} (fun (_ret: int) -> [ &_25 <- _ret ] s1) | s1 = bb14 ] - | bb14 = s0 [ s0 = into_inner_Int {_25} (fun (_ret: int) -> [ &_24 <- _ret ] s1) | s1 = bb15 ] - | bb15 = s0 [ s0 = new {(5: Int128.t)} (fun (_ret: int) -> [ &_27 <- _ret ] s1) | s1 = bb16 ] - | bb16 = s0 [ s0 = into_inner_Int {_27} (fun (_ret: int) -> [ &_26 <- _ret ] s1) | s1 = bb17 ] - | bb17 = s0 [ s0 = ghost_function {_22} {_24} {_26} (fun (_ret: int) -> [ &x'0 <- _ret ] s1) | s1 = bb18 ] + | bb11 = s0 [ s0 = new {(4: Int128.t)} (fun (_ret: int) -> [ &_24 <- _ret ] s1) | s1 = bb12 ] + | bb12 = s0 [ s0 = into_inner_Int {_24} (fun (_ret: int) -> [ &_23 <- _ret ] s1) | s1 = bb13 ] + | bb13 = s0 [ s0 = new {(13: Int128.t)} (fun (_ret: int) -> [ &_26 <- _ret ] s1) | s1 = bb14 ] + | bb14 = s0 [ s0 = into_inner_Int {_26} (fun (_ret: int) -> [ &_25 <- _ret ] s1) | s1 = bb15 ] + | bb15 = s0 [ s0 = new {(5: Int128.t)} (fun (_ret: int) -> [ &_28 <- _ret ] s1) | s1 = bb16 ] + | bb16 = s0 [ s0 = into_inner_Int {_28} (fun (_ret: int) -> [ &_27 <- _ret ] s1) | s1 = bb17 ] + | bb17 = s0 [ s0 = ghost_function {_23} {_25} {_27} (fun (_ret: int) -> [ &x'0 <- _ret ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = {[@expl:assertion] x'0 = 7} s1 | s1 = new_unit {_20} (fun (_ret: ()) -> [ &_19 <- _ret ] s2) | s2 = bb19 ] + [ s0 = {[@expl:assertion] x'0 = 7} s1 | s1 = new_unit {_21} (fun (_ret: ()) -> [ &_20 <- _ret ] s2) | s2 = bb19 ] | bb19 = return {_0} ] [ & _0: () = Any.any_l () | & x: int = Any.any_l () @@ -65,15 +65,15 @@ module M_in_ghost_block | & w: int = Any.any_l () | & _15: int = Any.any_l () | & _16: int = Any.any_l () - | & _19: () = Any.any_l () | & _20: () = Any.any_l () + | & _21: () = Any.any_l () | & x'0: int = Any.any_l () - | & _22: int = Any.any_l () | & _23: int = Any.any_l () | & _24: int = Any.any_l () | & _25: int = Any.any_l () | & _26: int = Any.any_l () - | & _27: int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _27: int = Any.any_l () + | & _28: int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_ghost_function use mach.int.Int @@ -90,9 +90,9 @@ module M_ghost_function meta "select_lsinst" "all" let rec ghost_function (x: int) (y: int) (z: int) (return (x'0: int)) = (! bb0 - [ bb0 = s0 [ s0 = rem_Int {y} {z} (fun (_ret: int) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = add_Int {x} {_6} (fun (_ret: int) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = rem_Int {y} {z} (fun (_ret: int) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = add_Int {x} {_9} (fun (_ret: int) -> [ &_0 <- _ret ] s1) | s1 = bb2 ] | bb2 = return {_0} ] - [ & _0: int = Any.any_l () | & x: int = x | & y: int = y | & z: int = z | & _6: int = Any.any_l () ]) + [ & _0: int = Any.any_l () | & x: int = x | & y: int = y | & z: int = z | & _9: int = Any.any_l () ]) [ return (result: int) -> {[@expl:ghost_function ensures] result = x + Int.mod y z} (! return {result}) ] end diff --git a/tests/should_succeed/ghost/loop_in_ghost.coma b/tests/should_succeed/ghost/loop_in_ghost.coma index 5d9b8f2571..7fd6dc2453 100644 --- a/tests/should_succeed/ghost/loop_in_ghost.coma +++ b/tests/should_succeed/ghost/loop_in_ghost.coma @@ -67,8 +67,8 @@ module M_foo (! [ &variant_old_bb1 <- i ] s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = [ &_11 <- UInt32.gt i (0: UInt32.t) ] s1 - | s1 = any [ br0 -> {_11 = false} (! bb4) | br1 -> {_11} (! bb3) ] ] + [ s0 = [ &_16 <- UInt32.gt i (0: UInt32.t) ] s1 + | s1 = any [ br0 -> {_16 = false} (! bb4) | br1 -> {_16} (! bb3) ] ] | bb3 = s0 [ s0 = UInt32.sub {i} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &i <- _ret ] s1) | s1 = UInt32.add {y} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &y <- _ret ] s2) @@ -79,7 +79,7 @@ module M_foo | & x: UInt32.t = x | & y: UInt32.t = Any.any_l () | & i: UInt32.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _16: bool = Any.any_l () | & variant_old_bb1: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:foo ensures] result = x} (! return {result}) ] end diff --git a/tests/should_succeed/ghost/seq_iter.coma b/tests/should_succeed/ghost/seq_iter.coma index 6d5d23c93c..c008f68f7c 100644 --- a/tests/should_succeed/ghost/seq_iter.coma +++ b/tests/should_succeed/ghost/seq_iter.coma @@ -164,10 +164,10 @@ module M_reverse_ghost {[@expl:reverse_ghost 's' type invariant] inv_Ghost_Seq_T s} (! bb0 [ bb0 = s0 [ s0 = [ &len <- Seq.length s ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = new_T (fun (_ret: Seq.seq t_T) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = into_inner_Seq_T {_7} (fun (_ret: Seq.seq t_T) -> [ &result <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = into_inner_Seq_T {s} (fun (_ret: Seq.seq t_T) -> [ &_10 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = into_iter_Seq_T {_10} (fun (_ret: t_SeqIter_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] + | bb1 = s0 [ s0 = new_T (fun (_ret: Seq.seq t_T) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = into_inner_Seq_T {_9} (fun (_ret: Seq.seq t_T) -> [ &result <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = into_inner_Seq_T {s} (fun (_ret: Seq.seq t_T) -> [ &_12 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = into_iter_Seq_T {_12} (fun (_ret: t_SeqIter_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq t_T ] s1 | s1 = bb8 ] | bb8 = bb8invariant @@ -182,32 +182,32 @@ module M_reverse_ghost [ s0 = {inv_SeqIter_T iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_SeqIter_T) -> - [ &_25 <- _ret ] -{inv_SeqIter_T _ret.final}- + [ &_37 <- _ret ] -{inv_SeqIter_T _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_SeqIter_T _25.current} - MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + | s1 = {inv_SeqIter_T _37.current} + MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} (fun (_ret: MutBorrow.t t_SeqIter_T) -> - [ &_24 <- _ret ] -{inv_SeqIter_T _ret.final}- - [ &_25 <- { _25 with current = _ret.final } ] s2) - | s2 = next_SeqIter_T {_24} (fun (_ret: t_Option_T) -> [ &_23 <- _ret ] s3) + [ &_36 <- _ret ] -{inv_SeqIter_T _ret.final}- + [ &_37 <- { _37 with current = _ret.final } ] s2) + | s2 = next_SeqIter_T {_36} (fun (_ret: t_Option_T) -> [ &_35 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv_ref_SeqIter_T _25} s1 - | s1 = -{resolve_ref_SeqIter_T _25}- s2 - | s2 = any [ br0 -> {_23 = None} (! bb13) | br1 (x0: t_T) -> {_23 = Some x0} (! bb14) ] ] + [ s0 = {[@expl:type invariant] inv_ref_SeqIter_T _37} s1 + | s1 = -{resolve_ref_SeqIter_T _37}- s2 + | s2 = any [ br0 -> {_35 = None} (! bb13) | br1 (x0: t_T) -> {_35 = Some x0} (! bb14) ] ] | bb14 = s0 - [ s0 = elim_Some {_23} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_28 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_35} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_40 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _28 ] s1 + [ s0 = [ &produced <- _40 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv_Seq_T result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t (Seq.seq t_T)) -> - [ &_32 <- _ret ] -{inv_Seq_T _ret.final}- + [ &_46 <- _ret ] -{inv_Seq_T _ret.final}- [ &result <- _ret.final ] s3) - | s3 = push_front_ghost_T {_32} {x} (fun (_ret: ()) -> [ &_31 <- _ret ] s4) + | s3 = push_front_ghost_T {_46} {x} (fun (_ret: ()) -> [ &_45 <- _ret ] s4) | s4 = bb8 ] ] ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_SeqIter_T iter} s1 | s1 = -{resolve_SeqIter_T'0 iter}- s2 | s2 = bb20 ] @@ -217,19 +217,19 @@ module M_reverse_ghost | & s: Seq.seq t_T = s | & len: int = Any.any_l () | & result: Seq.seq t_T = Any.any_l () - | & _7: Seq.seq t_T = Any.any_l () + | & _9: Seq.seq t_T = Any.any_l () | & iter: t_SeqIter_T = Any.any_l () - | & _10: Seq.seq t_T = Any.any_l () + | & _12: Seq.seq t_T = Any.any_l () | & iter_old: t_SeqIter_T = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _23: t_Option_T = Any.any_l () - | & _24: MutBorrow.t t_SeqIter_T = Any.any_l () - | & _25: MutBorrow.t t_SeqIter_T = Any.any_l () + | & _35: t_Option_T = Any.any_l () + | & _36: MutBorrow.t t_SeqIter_T = Any.any_l () + | & _37: MutBorrow.t t_SeqIter_T = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _28: Seq.seq t_T = Any.any_l () + | & _40: Seq.seq t_T = Any.any_l () | & x: t_T = Any.any_l () - | & _31: () = Any.any_l () - | & _32: MutBorrow.t (Seq.seq t_T) = Any.any_l () + | & _45: () = Any.any_l () + | & _46: MutBorrow.t (Seq.seq t_T) = Any.any_l () | & variant_old_bb8: int = Any.any_l () ]) [ return (result: Seq.seq t_T) -> {[@expl:reverse_ghost result type invariant] inv_Ghost_Seq_T result} {[@expl:reverse_ghost ensures] result = Reverse.reverse s} @@ -427,10 +427,10 @@ module M_reverse_ghost_ref {[@expl:reverse_ghost_ref 's' type invariant] inv_Ghost_ref_Seq_T s} (! bb0 [ bb0 = s0 [ s0 = [ &len <- Seq.length s ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = new_ref_T (fun (_ret: Seq.seq t_T) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = into_inner_Seq_ref_T {_7} (fun (_ret: Seq.seq t_T) -> [ &result <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = into_inner_ref_Seq_T {s} (fun (_ret: Seq.seq t_T) -> [ &_10 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = into_iter_ref_Seq_T {_10} (fun (_ret: t_SeqIterRef_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] + | bb1 = s0 [ s0 = new_ref_T (fun (_ret: Seq.seq t_T) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = into_inner_Seq_ref_T {_9} (fun (_ret: Seq.seq t_T) -> [ &result <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = into_inner_ref_Seq_T {s} (fun (_ret: Seq.seq t_T) -> [ &_12 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = into_iter_ref_Seq_T {_12} (fun (_ret: t_SeqIterRef_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq t_T ] s1 | s1 = bb8 ] | bb8 = bb8invariant @@ -445,32 +445,32 @@ module M_reverse_ghost_ref [ s0 = {inv_SeqIterRef_T iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_SeqIterRef_T) -> - [ &_25 <- _ret ] -{inv_SeqIterRef_T _ret.final}- + [ &_37 <- _ret ] -{inv_SeqIterRef_T _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_SeqIterRef_T _25.current} - MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + | s1 = {inv_SeqIterRef_T _37.current} + MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} (fun (_ret: MutBorrow.t t_SeqIterRef_T) -> - [ &_24 <- _ret ] -{inv_SeqIterRef_T _ret.final}- - [ &_25 <- { _25 with current = _ret.final } ] s2) - | s2 = next_SeqIterRef_T {_24} (fun (_ret: t_Option_ref_T) -> [ &_23 <- _ret ] s3) + [ &_36 <- _ret ] -{inv_SeqIterRef_T _ret.final}- + [ &_37 <- { _37 with current = _ret.final } ] s2) + | s2 = next_SeqIterRef_T {_36} (fun (_ret: t_Option_ref_T) -> [ &_35 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv_ref_SeqIterRef_T _25} s1 - | s1 = -{resolve_ref_SeqIterRef_T _25}- s2 - | s2 = any [ br0 -> {_23 = None} (! bb13) | br1 (x0: t_T) -> {_23 = Some x0} (! bb14) ] ] + [ s0 = {[@expl:type invariant] inv_ref_SeqIterRef_T _37} s1 + | s1 = -{resolve_ref_SeqIterRef_T _37}- s2 + | s2 = any [ br0 -> {_35 = None} (! bb13) | br1 (x0: t_T) -> {_35 = Some x0} (! bb14) ] ] | bb14 = s0 - [ s0 = elim_Some {_23} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_28 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_35} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_40 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _28 ] s1 + [ s0 = [ &produced <- _40 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv_Seq_ref_T result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t (Seq.seq t_T)) -> - [ &_32 <- _ret ] -{inv_Seq_ref_T _ret.final}- + [ &_46 <- _ret ] -{inv_Seq_ref_T _ret.final}- [ &result <- _ret.final ] s3) - | s3 = push_front_ghost_ref_T {_32} {x} (fun (_ret: ()) -> [ &_31 <- _ret ] s4) + | s3 = push_front_ghost_ref_T {_46} {x} (fun (_ret: ()) -> [ &_45 <- _ret ] s4) | s4 = bb8 ] ] ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_SeqIterRef_T iter} s1 @@ -482,19 +482,19 @@ module M_reverse_ghost_ref | & s: Seq.seq t_T = s | & len: int = Any.any_l () | & result: Seq.seq t_T = Any.any_l () - | & _7: Seq.seq t_T = Any.any_l () + | & _9: Seq.seq t_T = Any.any_l () | & iter: t_SeqIterRef_T = Any.any_l () - | & _10: Seq.seq t_T = Any.any_l () + | & _12: Seq.seq t_T = Any.any_l () | & iter_old: t_SeqIterRef_T = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _23: t_Option_ref_T = Any.any_l () - | & _24: MutBorrow.t t_SeqIterRef_T = Any.any_l () - | & _25: MutBorrow.t t_SeqIterRef_T = Any.any_l () + | & _35: t_Option_ref_T = Any.any_l () + | & _36: MutBorrow.t t_SeqIterRef_T = Any.any_l () + | & _37: MutBorrow.t t_SeqIterRef_T = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _28: Seq.seq t_T = Any.any_l () + | & _40: Seq.seq t_T = Any.any_l () | & x: t_T = Any.any_l () - | & _31: () = Any.any_l () - | & _32: MutBorrow.t (Seq.seq t_T) = Any.any_l () + | & _45: () = Any.any_l () + | & _46: MutBorrow.t (Seq.seq t_T) = Any.any_l () | & variant_old_bb8: int = Any.any_l () ]) [ return (result: Seq.seq t_T) -> {[@expl:reverse_ghost_ref result type invariant] inv_Ghost_Seq_ref_T result} {[@expl:reverse_ghost_ref ensures] result = Reverse.reverse s} diff --git a/tests/should_succeed/ghost/typing.coma b/tests/should_succeed/ghost/typing.coma index 94c658cf0c..ce2ab517b1 100644 --- a/tests/should_succeed/ghost/typing.coma +++ b/tests/should_succeed/ghost/typing.coma @@ -89,9 +89,9 @@ module M_snapshot_enter_ghost | bb2 = s0 [ s0 = [ &g_mut <- _6 ] s1 | s1 = {[@expl:assertion] view_NonCopy g_mut = 3} s2 - | s2 = [ &_10 <- { f0 = (4: Int32.t) } ] s3 + | s2 = [ &_11 <- { f0 = (4: Int32.t) } ] s3 | s3 = bb3 ] - | bb3 = s0 [ s0 = [ &g_mut <- _10 ] s1 | s1 = new_unit {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb4 ] + | bb3 = s0 [ s0 = [ &g_mut <- _11 ] s1 | s1 = new_unit {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = {[@expl:assertion] view_NonCopy g_read = 1} s1 | s1 = {[@expl:assertion] view_NonCopy g_mut = 4} s2 @@ -102,7 +102,7 @@ module M_snapshot_enter_ghost | & _4: () = Any.any_l () | & _5: () = Any.any_l () | & _6: t_NonCopy = Any.any_l () - | & _10: t_NonCopy = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _11: t_NonCopy = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_copy_enter_ghost use creusot.int.Int32 diff --git a/tests/should_succeed/hashmap.coma b/tests/should_succeed/hashmap.coma index 70fc331236..b903c98270 100644 --- a/tests/should_succeed/hashmap.coma +++ b/tests/should_succeed/hashmap.coma @@ -393,17 +393,17 @@ module M_impl_MyHashMap_K_V_0__new (* MyHashMap *) let rec new_K (size: UInt64.t) (return (x: t_MyHashMap_K_V)) = {[@expl:new requires] 0 < UInt64.t'int size} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- Nil ] s1 - | s1 = from_elem_List_tup2_K_V {_6} {size} (fun (_ret: t_Vec_List_tup2_K_V_Global) -> [ &_5 <- _ret ] s2) + [ s0 = [ &_7 <- Nil ] s1 + | s1 = from_elem_List_tup2_K_V {_7} {size} (fun (_ret: t_Vec_List_tup2_K_V_Global) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &res <- { buckets = _5 } ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &res <- { buckets = _6 } ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &_0 <- res ] s1 | s1 = bb3 ] | bb3 = return {_0} ] [ & _0: t_MyHashMap_K_V = Any.any_l () | & size: UInt64.t = size | & res: t_MyHashMap_K_V = Any.any_l () - | & _5: t_Vec_List_tup2_K_V_Global = Any.any_l () - | & _6: t_List_tup2_K_V = Any.any_l () ]) + | & _6: t_Vec_List_tup2_K_V_Global = Any.any_l () + | & _7: t_List_tup2_K_V = Any.any_l () ]) [ return (result: t_MyHashMap_K_V) -> {[@expl:new result type invariant] inv_MyHashMap_K_V result} {[@expl:new ensures] forall i: t_DeepModelTy. Map.get (view_MyHashMap_K_V result) i = None} (! return {result}) ] @@ -740,37 +740,37 @@ module M_impl_MyHashMap_K_V_0__add (* MyHashMap *) [ bb0 = s0 [ s0 = [ &old_self <- self ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len_List_tup2_K_V {self.current.buckets} (fun (_ret: UInt64.t) -> [ &length <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = hash_K {key} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = hash_K {key} (fun (_ret: UInt64.t) -> [ &_15 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = UInt64.of_int {UInt64.t'int _11} (fun (_ret_from: UInt64.t) -> [ &_10 <- _ret_from ] s1) - | s1 = [ &_13 <- length ] s2 - | s2 = [ &_14 <- _13 = (0: UInt64.t) ] s3 - | s3 = {[@expl:remainder by zero] not _14} s4 + [ s0 = UInt64.of_int {UInt64.t'int _15} (fun (_ret_from: UInt64.t) -> [ &_14 <- _ret_from ] s1) + | s1 = [ &_17 <- length ] s2 + | s2 = [ &_18 <- _17 = (0: UInt64.t) ] s3 + | s3 = {[@expl:remainder by zero] not _18} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = UInt64.rem {_10} {_13} (fun (_ret: UInt64.t) -> [ &index <- _ret ] s1) + [ s0 = UInt64.rem {_14} {_17} (fun (_ret: UInt64.t) -> [ &index <- _ret ] s1) | s1 = {inv_Vec_List_tup2_K_V_Global self.current.buckets} MutBorrow.borrow_final {self.current.buckets} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Vec_List_tup2_K_V_Global) -> - [ &_18 <- _ret ] -{inv_Vec_List_tup2_K_V_Global _ret.final}- + [ &_22 <- _ret ] -{inv_Vec_List_tup2_K_V_Global _ret.final}- [ &self <- { self with current = { buckets = _ret.final } } ] s2) - | s2 = index_mut_Vec_List_tup2_K_V_Global {_18} {index} - (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> [ &_17 <- _ret ] s3) + | s2 = index_mut_Vec_List_tup2_K_V_Global {_22} {index} + (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> [ &_21 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = {inv_List_tup2_K_V _17.current} - MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} + [ s0 = {inv_List_tup2_K_V _21.current} + MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> - [ &_16 <- _ret ] -{inv_List_tup2_K_V _ret.final}- - [ &_17 <- { _17 with current = _ret.final } ] s1) - | s1 = {inv_List_tup2_K_V _16.current} - MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} + [ &_20 <- _ret ] -{inv_List_tup2_K_V _ret.final}- + [ &_21 <- { _21 with current = _ret.final } ] s1) + | s1 = {inv_List_tup2_K_V _20.current} + MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> [ &l <- _ret ] -{inv_List_tup2_K_V _ret.final}- - [ &_16 <- { _16 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_List_tup2_K_V _16} s3 - | s3 = -{resolve_ref_List_tup2_K_V _16}- s4 + [ &_20 <- { _20 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_List_tup2_K_V _20} s3 + | s3 = -{resolve_ref_List_tup2_K_V _20}- s4 | s4 = [ &old_l <- l ] s5 | s5 = bb7 ] | bb7 = bb7 @@ -818,40 +818,40 @@ module M_impl_MyHashMap_K_V_0__add (* MyHashMap *) | s3 = [ &tl'0 <- tl ] s4 | s4 = {[@expl:type invariant] inv_ref_K'0 k} s5 | s5 = -{resolve_ref_K k}- s6 - | s6 = eq_K {k.current} {key} (fun (_ret: bool) -> [ &_38 <- _ret ] s7) + | s6 = eq_K {k.current} {key} (fun (_ret: bool) -> [ &_61 <- _ret ] s7) | s7 = bb11 ] - | bb11 = any [ br0 -> {_38 = false} (! bb13) | br1 -> {_38} (! bb12) ] + | bb11 = any [ br0 -> {_61 = false} (! bb13) | br1 -> {_61} (! bb12) ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_ref_V v} s1 | s1 = -{resolve_ref_V v}- s2 | s2 = {inv_List_tup2_K_V tl'0.current} MutBorrow.borrow_final {tl'0.current} {MutBorrow.get_id tl'0} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> - [ &_44 <- _ret ] -{inv_List_tup2_K_V _ret.final}- + [ &_67 <- _ret ] -{inv_List_tup2_K_V _ret.final}- [ &tl'0 <- { tl'0 with current = _ret.final } ] s3) - | s3 = {inv_List_tup2_K_V _44.current} - MutBorrow.borrow_final {_44.current} {MutBorrow.get_id _44} + | s3 = {inv_List_tup2_K_V _67.current} + MutBorrow.borrow_final {_67.current} {MutBorrow.get_id _67} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> - [ &_43 <- _ret ] -{inv_List_tup2_K_V _ret.final}- - [ &_44 <- { _44 with current = _ret.final } ] s4) + [ &_66 <- _ret ] -{inv_List_tup2_K_V _ret.final}- + [ &_67 <- { _67 with current = _ret.final } ] s4) | s4 = {[@expl:type invariant] inv_ref_List_tup2_K_V l} s5 | s5 = -{resolve_ref_List_tup2_K_V l}- s6 - | s6 = [ &l <- _43 ] s7 - | s7 = {[@expl:type invariant] inv_ref_List_tup2_K_V _44} s8 - | s8 = -{resolve_ref_List_tup2_K_V _44}- s9 + | s6 = [ &l <- _66 ] s7 + | s7 = {[@expl:type invariant] inv_ref_List_tup2_K_V _67} s8 + | s8 = -{resolve_ref_List_tup2_K_V _67}- s9 | s9 = {[@expl:type invariant] inv_ref_Box_List_tup2_K_V_Global tl'0} s10 | s10 = -{resolve_ref_Box_List_tup2_K_V_Global tl'0}- s11 | s11 = bb7 ] ] ] - | bb14 = s0 [ s0 = [ &_47 <- { f0 = key; f1 = val' } ] s1 | s1 = [ &_51 <- Nil ] s2 | s2 = bb15 ] - | bb15 = s0 [ s0 = [ &_46 <- Cons _47 _51 ] s1 | s1 = bb17 ] + | bb14 = s0 [ s0 = [ &_70 <- { f0 = key; f1 = val' } ] s1 | s1 = [ &_74 <- Nil ] s2 | s2 = bb15 ] + | bb15 = s0 [ s0 = [ &_69 <- Cons _70 _74 ] s1 | s1 = bb17 ] | bb17 = s0 [ s0 = {[@expl:type invariant] inv_List_tup2_K_V l.current} s1 | s1 = -{resolve_List_tup2_K_V'0 l.current}- s2 - | s2 = [ &l <- { l with current = _46 } ] s3 + | s2 = [ &l <- { l with current = _69 } ] s3 | s3 = {[@expl:type invariant] inv_ref_List_tup2_K_V l} s4 | s4 = -{resolve_ref_List_tup2_K_V l}- s5 - | s5 = {[@expl:type invariant] inv_ref_List_tup2_K_V _17} s6 - | s6 = -{resolve_ref_List_tup2_K_V _17}- s7 + | s5 = {[@expl:type invariant] inv_ref_List_tup2_K_V _21} s6 + | s6 = -{resolve_ref_List_tup2_K_V _21}- s7 | s7 = {[@expl:type invariant] inv_ref_MyHashMap_K_V self} s8 | s8 = -{resolve_ref_MyHashMap_K_V self}- s9 | s9 = bb20 ] @@ -861,8 +861,8 @@ module M_impl_MyHashMap_K_V_0__add (* MyHashMap *) | s2 = [ &v <- { v with current = val' } ] s3 | s3 = {[@expl:type invariant] inv_ref_V v} s4 | s4 = -{resolve_ref_V v}- s5 - | s5 = {[@expl:type invariant] inv_ref_List_tup2_K_V _17} s6 - | s6 = -{resolve_ref_List_tup2_K_V _17}- s7 + | s5 = {[@expl:type invariant] inv_ref_List_tup2_K_V _21} s6 + | s6 = -{resolve_ref_List_tup2_K_V _21}- s7 | s7 = {[@expl:type invariant] inv_ref_List_tup2_K_V l} s8 | s8 = -{resolve_ref_List_tup2_K_V l}- s9 | s9 = {[@expl:type invariant] inv_ref_MyHashMap_K_V self} s10 @@ -876,25 +876,25 @@ module M_impl_MyHashMap_K_V_0__add (* MyHashMap *) | & old_self: MutBorrow.t t_MyHashMap_K_V = Any.any_l () | & length: UInt64.t = Any.any_l () | & index: UInt64.t = Any.any_l () - | & _10: UInt64.t = Any.any_l () - | & _11: UInt64.t = Any.any_l () - | & _13: UInt64.t = Any.any_l () - | & _14: bool = Any.any_l () + | & _14: UInt64.t = Any.any_l () + | & _15: UInt64.t = Any.any_l () + | & _17: UInt64.t = Any.any_l () + | & _18: bool = Any.any_l () | & l: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _16: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _17: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _18: MutBorrow.t t_Vec_List_tup2_K_V_Global = Any.any_l () + | & _20: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _21: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _22: MutBorrow.t t_Vec_List_tup2_K_V_Global = Any.any_l () | & old_l: MutBorrow.t t_List_tup2_K_V = Any.any_l () | & k: MutBorrow.t t_K = Any.any_l () | & v: MutBorrow.t t_V = Any.any_l () | & tl: MutBorrow.t t_List_tup2_K_V = Any.any_l () | & tl'0: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _38: bool = Any.any_l () - | & _43: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _44: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _46: t_List_tup2_K_V = Any.any_l () - | & _47: tup2_K_V = Any.any_l () - | & _51: t_List_tup2_K_V = Any.any_l () ]) + | & _61: bool = Any.any_l () + | & _66: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _67: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _69: t_List_tup2_K_V = Any.any_l () + | & _70: tup2_K_V = Any.any_l () + | & _74: t_List_tup2_K_V = Any.any_l () ]) [ return (result: ()) -> {[@expl:add ensures] forall i: t_DeepModelTy. Map.get (view_MyHashMap_K_V self.final) i = (if i = deep_model_K key then Some val' else Map.get (view_MyHashMap_K_V self.current) i)} (! return {result}) ] @@ -1139,17 +1139,17 @@ module M_impl_MyHashMap_K_V_0__get (* MyHashMap *) {[@expl:get 'self' type invariant] inv_ref_MyHashMap_K_V self} {[@expl:get 'key' type invariant] inv_K key} (! bb0 - [ bb0 = s0 [ s0 = hash_K {key} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = hash_K {key} (fun (_ret: UInt64.t) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = UInt64.of_int {UInt64.t'int _7} (fun (_ret_from: UInt64.t) -> [ &_6 <- _ret_from ] s1) - | s1 = len_List_tup2_K_V {self.buckets} (fun (_ret: UInt64.t) -> [ &_9 <- _ret ] s2) + [ s0 = UInt64.of_int {UInt64.t'int _9} (fun (_ret_from: UInt64.t) -> [ &_8 <- _ret_from ] s1) + | s1 = len_List_tup2_K_V {self.buckets} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &_11 <- _9 = (0: UInt64.t) ] s1 | s1 = {[@expl:remainder by zero] not _11} s2 | s2 = bb3 ] + | bb2 = s0 [ s0 = [ &_13 <- _11 = (0: UInt64.t) ] s1 | s1 = {[@expl:remainder by zero] not _13} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UInt64.rem {_6} {_9} (fun (_ret: UInt64.t) -> [ &index <- _ret ] s1) - | s1 = index_Vec_List_tup2_K_V_Global {self.buckets} {index} (fun (_ret: t_List_tup2_K_V) -> [ &_13 <- _ret ] s2) + [ s0 = UInt64.rem {_8} {_11} (fun (_ret: UInt64.t) -> [ &index <- _ret ] s1) + | s1 = index_Vec_List_tup2_K_V_Global {self.buckets} {index} (fun (_ret: t_List_tup2_K_V) -> [ &_15 <- _ret ] s2) | s2 = bb4 ] - | bb4 = s0 [ s0 = [ &l <- _13 ] s1 | s1 = bb5 ] + | bb4 = s0 [ s0 = [ &l <- _15 ] s1 | s1 = bb5 ] | bb5 = bb5 [ bb5 = {[@expl:loop invariant #0] inv_ref_List_tup2_K_V l} {[@expl:loop invariant #1] get_K (bucket_K self (deep_model_K key)) (deep_model_K key) @@ -1161,10 +1161,10 @@ module M_impl_MyHashMap_K_V_0__get (* MyHashMap *) [ s0 = elim_Cons {l} (fun (r0: tup2_K_V) (r1: t_List_tup2_K_V) -> [ &k <- r0.f0 ] s1) | s1 = elim_Cons {l} (fun (r0: tup2_K_V) (r1: t_List_tup2_K_V) -> [ &v <- r0.f1 ] s2) | s2 = elim_Cons {l} (fun (r0: tup2_K_V) (r1: t_List_tup2_K_V) -> [ &tl <- r1 ] s3) - | s3 = eq_K {k} {key} (fun (_ret: bool) -> [ &_26 <- _ret ] s4) + | s3 = eq_K {k} {key} (fun (_ret: bool) -> [ &_32 <- _ret ] s4) | s4 = bb9 ] - | bb9 = any [ br0 -> {_26 = false} (! bb11) | br1 -> {_26} (! bb10) ] - | bb11 = s0 [ s0 = [ &_32 <- tl ] s1 | s1 = [ &l <- _32 ] s2 | s2 = bb5 ] ] ] + | bb9 = any [ br0 -> {_32 = false} (! bb11) | br1 -> {_32} (! bb10) ] + | bb11 = s0 [ s0 = [ &_38 <- tl ] s1 | s1 = [ &l <- _38 ] s2 | s2 = bb5 ] ] ] | bb12 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb13 ] | bb10 = s0 [ s0 = [ &_0 <- Some'0 v ] s1 | s1 = bb13 ] | bb13 = return {_0} ] @@ -1172,17 +1172,17 @@ module M_impl_MyHashMap_K_V_0__get (* MyHashMap *) | & self: t_MyHashMap_K_V = self | & key: t_K = key | & index: UInt64.t = Any.any_l () - | & _6: UInt64.t = Any.any_l () - | & _7: UInt64.t = Any.any_l () + | & _8: UInt64.t = Any.any_l () | & _9: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _11: UInt64.t = Any.any_l () + | & _13: bool = Any.any_l () | & l: t_List_tup2_K_V = Any.any_l () - | & _13: t_List_tup2_K_V = Any.any_l () + | & _15: t_List_tup2_K_V = Any.any_l () | & k: t_K = Any.any_l () | & v: t_V = Any.any_l () | & tl: t_List_tup2_K_V = Any.any_l () - | & _26: bool = Any.any_l () - | & _32: t_List_tup2_K_V = Any.any_l () ]) + | & _32: bool = Any.any_l () + | & _38: t_List_tup2_K_V = Any.any_l () ]) [ return (result: t_Option_ref_V) -> {[@expl:get result type invariant] inv_Option_ref_V result} {[@expl:get ensures] match result with | Some'0 v -> Map.get (view_MyHashMap_K_V self) (deep_model_K key) = Some v @@ -1475,10 +1475,11 @@ module M_impl_MyHashMap_K_V_0__resize (* MyHashMap *) {[@expl:resize requires] Seq.length (view_Vec_List_tup2_K_V_Global self.current.buckets) < 1000} (! bb0 [ bb0 = s0 [ s0 = [ &old_self <- self ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len_List_tup2_K_V {self.current.buckets} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 + [ s0 = len_List_tup2_K_V {self.current.buckets} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt64.mul {_8} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) - | s1 = new_K {_7} (fun (_ret: t_MyHashMap_K_V) -> [ &new <- _ret ] s2) + [ s0 = UInt64.mul {_11} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) + | s1 = new_K {_10} (fun (_ret: t_MyHashMap_K_V) -> [ &new <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &i <- (0: UInt64.t) ] s1 | s1 = [ &old_4_0 <- self ] s2 | s2 = bb4 ] | bb4 = bb4 @@ -1500,37 +1501,37 @@ module M_impl_MyHashMap_K_V_0__resize (* MyHashMap *) (! s0) [ s0 = bb5 ] [ bb5 = s0 - [ s0 = len_List_tup2_K_V {self.current.buckets} (fun (_ret: UInt64.t) -> [ &_23 <- _ret ] s1) | s1 = bb6 ] + [ s0 = len_List_tup2_K_V {self.current.buckets} (fun (_ret: UInt64.t) -> [ &_41 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_21 <- UInt64.lt i _23 ] s1 | s1 = any [ br0 -> {_21 = false} (! bb22) | br1 -> {_21} (! bb7) ] ] + [ s0 = [ &_39 <- UInt64.lt i _41 ] s1 | s1 = any [ br0 -> {_39 = false} (! bb22) | br1 -> {_39} (! bb7) ] ] | bb7 = s0 [ s0 = {inv_Vec_List_tup2_K_V_Global self.current.buckets} MutBorrow.borrow_mut {self.current.buckets} (fun (_ret: MutBorrow.t t_Vec_List_tup2_K_V_Global) -> - [ &_29 <- _ret ] -{inv_Vec_List_tup2_K_V_Global _ret.final}- + [ &_47 <- _ret ] -{inv_Vec_List_tup2_K_V_Global _ret.final}- [ &self <- { self with current = { buckets = _ret.final } } ] s1) - | s1 = index_mut_Vec_List_tup2_K_V_Global {_29} {i} - (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> [ &_28 <- _ret ] s2) + | s1 = index_mut_Vec_List_tup2_K_V_Global {_47} {i} + (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> [ &_46 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = {inv_List_tup2_K_V _28.current} - MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + [ s0 = {inv_List_tup2_K_V _46.current} + MutBorrow.borrow_final {_46.current} {MutBorrow.get_id _46} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> - [ &_27 <- _ret ] -{inv_List_tup2_K_V _ret.final}- - [ &_28 <- { _28 with current = _ret.final } ] s1) - | s1 = [ &_31 <- Nil ] s2 - | s2 = {inv_List_tup2_K_V _27.current} - MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} + [ &_45 <- _ret ] -{inv_List_tup2_K_V _ret.final}- + [ &_46 <- { _46 with current = _ret.final } ] s1) + | s1 = [ &_49 <- Nil ] s2 + | s2 = {inv_List_tup2_K_V _45.current} + MutBorrow.borrow_final {_45.current} {MutBorrow.get_id _45} (fun (_ret: MutBorrow.t t_List_tup2_K_V) -> - [ &_26 <- _ret ] -{inv_List_tup2_K_V _ret.final}- - [ &_27 <- { _27 with current = _ret.final } ] s3) - | s3 = replace_List_tup2_K_V {_26} {_31} (fun (_ret: t_List_tup2_K_V) -> [ &l <- _ret ] s4) + [ &_44 <- _ret ] -{inv_List_tup2_K_V _ret.final}- + [ &_45 <- { _45 with current = _ret.final } ] s3) + | s3 = replace_List_tup2_K_V {_44} {_49} (fun (_ret: t_List_tup2_K_V) -> [ &l <- _ret ] s4) | s4 = bb9 ] | bb9 = s0 - [ s0 = {[@expl:type invariant] inv_ref_List_tup2_K_V _28} s1 - | s1 = -{resolve_ref_List_tup2_K_V _28}- s2 - | s2 = {[@expl:type invariant] inv_ref_List_tup2_K_V _27} s3 - | s3 = -{resolve_ref_List_tup2_K_V _27}- s4 + [ s0 = {[@expl:type invariant] inv_ref_List_tup2_K_V _46} s1 + | s1 = -{resolve_ref_List_tup2_K_V _46}- s2 + | s2 = {[@expl:type invariant] inv_ref_List_tup2_K_V _45} s3 + | s3 = -{resolve_ref_List_tup2_K_V _45}- s4 | s4 = bb10 ] | bb10 = bb10 [ bb10 = {[@expl:loop invariant #0] inv_MyHashMap_K_V new} @@ -1560,9 +1561,9 @@ module M_impl_MyHashMap_K_V_0__resize (* MyHashMap *) | s3 = {inv_MyHashMap_K_V new} MutBorrow.borrow_mut {new} (fun (_ret: MutBorrow.t t_MyHashMap_K_V) -> - [ &_46 <- _ret ] -{inv_MyHashMap_K_V _ret.final}- + [ &_80 <- _ret ] -{inv_MyHashMap_K_V _ret.final}- [ &new <- _ret.final ] s4) - | s4 = add_K {_46} {k} {v} (fun (_ret: ()) -> [ &_45 <- _ret ] s5) + | s4 = add_K {_80} {k} {v} (fun (_ret: ()) -> [ &_79 <- _ret ] s5) | s5 = bb15 ] | bb15 = s0 [ s0 = [ &l <- tl ] s1 | s1 = bb10 ] ] ] | bb18 = s0 @@ -1585,22 +1586,22 @@ module M_impl_MyHashMap_K_V_0__resize (* MyHashMap *) | & self: MutBorrow.t t_MyHashMap_K_V = self | & old_self: MutBorrow.t t_MyHashMap_K_V = Any.any_l () | & new: t_MyHashMap_K_V = Any.any_l () - | & _7: UInt64.t = Any.any_l () - | & _8: UInt64.t = Any.any_l () + | & _10: UInt64.t = Any.any_l () + | & _11: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _21: bool = Any.any_l () - | & _23: UInt64.t = Any.any_l () + | & _39: bool = Any.any_l () + | & _41: UInt64.t = Any.any_l () | & l: t_List_tup2_K_V = Any.any_l () - | & _26: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _27: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _28: MutBorrow.t t_List_tup2_K_V = Any.any_l () - | & _29: MutBorrow.t t_Vec_List_tup2_K_V_Global = Any.any_l () - | & _31: t_List_tup2_K_V = Any.any_l () + | & _44: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _45: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _46: MutBorrow.t t_List_tup2_K_V = Any.any_l () + | & _47: MutBorrow.t t_Vec_List_tup2_K_V_Global = Any.any_l () + | & _49: t_List_tup2_K_V = Any.any_l () | & k: t_K = Any.any_l () | & v: t_V = Any.any_l () | & tl: t_List_tup2_K_V = Any.any_l () - | & _45: () = Any.any_l () - | & _46: MutBorrow.t t_MyHashMap_K_V = Any.any_l () + | & _79: () = Any.any_l () + | & _80: MutBorrow.t t_MyHashMap_K_V = Any.any_l () | & old_4_0: MutBorrow.t t_MyHashMap_K_V = Any.any_l () ]) [ return (result: ()) -> {[@expl:resize ensures] forall k: t_DeepModelTy. Map.get (view_MyHashMap_K_V self.final) k = Map.get (view_MyHashMap_K_V self.current) k} diff --git a/tests/should_succeed/heapsort_generic.coma b/tests/should_succeed/heapsort_generic.coma index 5f66435b66..a3eec4b0b6 100644 --- a/tests/should_succeed/heapsort_generic.coma +++ b/tests/should_succeed/heapsort_generic.coma @@ -374,50 +374,50 @@ module M_sift_down (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_30 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _30} s2 | s2 = bb4 ] + [ s0 = [ &_74 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _74} s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = UInt64.div {end'} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_28 <- _ret ] s1) - | s1 = [ &_26 <- UInt64.ge i _28 ] s2 - | s2 = any [ br0 -> {_26 = false} (! bb6) | br1 -> {_26} (! bb5) ] ] + [ s0 = UInt64.div {end'} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_72 <- _ret ] s1) + | s1 = [ &_70 <- UInt64.ge i _72 ] s2 + | s2 = any [ br0 -> {_70 = false} (! bb6) | br1 -> {_70} (! bb5) ] ] | bb6 = s0 - [ s0 = UInt64.mul {(2: UInt64.t)} {i} (fun (_ret: UInt64.t) -> [ &_33 <- _ret ] s1) - | s1 = UInt64.add {_33} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &child <- _ret ] s2) - | s2 = UInt64.add {child} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_37 <- _ret ] s3) - | s3 = [ &_36 <- UInt64.lt _37 end' ] s4 - | s4 = any [ br0 -> {_36 = false} (! bb15) | br1 -> {_36} (! bb7) ] ] - | bb7 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {child} (fun (_ret: t_T) -> [ &_42 <- _ret ] s1) | s1 = bb9 ] + [ s0 = UInt64.mul {(2: UInt64.t)} {i} (fun (_ret: UInt64.t) -> [ &_77 <- _ret ] s1) + | s1 = UInt64.add {_77} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &child <- _ret ] s2) + | s2 = UInt64.add {child} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_81 <- _ret ] s3) + | s3 = [ &_80 <- UInt64.lt _81 end' ] s4 + | s4 = any [ br0 -> {_80 = false} (! bb15) | br1 -> {_80} (! bb7) ] ] + | bb7 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {child} (fun (_ret: t_T) -> [ &_86 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = UInt64.add {child} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_48 <- _ret ] s1) - | s1 = index_Vec_T_Global'0 {v.current} {_48} (fun (_ret: t_T) -> [ &_46 <- _ret ] s2) + [ s0 = UInt64.add {child} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_92 <- _ret ] s1) + | s1 = index_Vec_T_Global'0 {v.current} {_92} (fun (_ret: t_T) -> [ &_90 <- _ret ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = lt_T {_42} {_46} (fun (_ret: bool) -> [ &_40 <- _ret ] s1) | s1 = bb11 ] - | bb11 = any [ br0 -> {_40 = false} (! bb15) | br1 -> {_40} (! bb12) ] + | bb10 = s0 [ s0 = lt_T {_86} {_90} (fun (_ret: bool) -> [ &_84 <- _ret ] s1) | s1 = bb11 ] + | bb11 = any [ br0 -> {_84 = false} (! bb15) | br1 -> {_84} (! bb12) ] | bb12 = s0 [ s0 = UInt64.add {child} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &child <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = index_Vec_T_Global'0 {v.current} {child} (fun (_ret: t_T) -> [ &_53 <- _ret ] s1) | s1 = bb16 ] - | bb16 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {i} (fun (_ret: t_T) -> [ &_57 <- _ret ] s1) | s1 = bb17 ] - | bb17 = s0 [ s0 = le_T {_53} {_57} (fun (_ret: bool) -> [ &_51 <- _ret ] s1) | s1 = bb18 ] - | bb18 = any [ br0 -> {_51 = false} (! bb20) | br1 -> {_51} (! bb19) ] + [ s0 = index_Vec_T_Global'0 {v.current} {child} (fun (_ret: t_T) -> [ &_97 <- _ret ] s1) | s1 = bb16 ] + | bb16 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {i} (fun (_ret: t_T) -> [ &_101 <- _ret ] s1) | s1 = bb17 ] + | bb17 = s0 [ s0 = le_T {_97} {_101} (fun (_ret: bool) -> [ &_95 <- _ret ] s1) | s1 = bb18 ] + | bb18 = any [ br0 -> {_95 = false} (! bb20) | br1 -> {_95} (! bb19) ] | bb20 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_64 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_108 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = deref_mut_Vec_T_Global {_64} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_63 <- _ret ] s2) + | s1 = deref_mut_Vec_T_Global {_108} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_107 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 - [ s0 = {inv_slice_T _63.current} - MutBorrow.borrow_final {_63.current} {MutBorrow.get_id _63} + [ s0 = {inv_slice_T _107.current} + MutBorrow.borrow_final {_107.current} {MutBorrow.get_id _107} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_62 <- _ret ] -{inv_slice_T _ret.final}- - [ &_63 <- { _63 with current = _ret.final } ] s1) - | s1 = swap_T {_62} {i} {child} (fun (_ret: ()) -> [ &_61 <- _ret ] s2) + [ &_106 <- _ret ] -{inv_slice_T _ret.final}- + [ &_107 <- { _107 with current = _ret.final } ] s1) + | s1 = swap_T {_106} {i} {child} (fun (_ret: ()) -> [ &_105 <- _ret ] s2) | s2 = bb22 ] | bb22 = s0 - [ s0 = {[@expl:type invariant] inv_ref_slice_T _63} s1 - | s1 = -{resolve_ref_slice_T _63}- s2 + [ s0 = {[@expl:type invariant] inv_ref_slice_T _107} s1 + | s1 = -{resolve_ref_slice_T _107}- s2 | s2 = [ &i <- child ] s3 | s3 = bb2 ] ] ] | bb5 = s0 @@ -431,24 +431,24 @@ module M_sift_down | & end': UInt64.t = end' | & old_v: MutBorrow.t t_Vec_T_Global = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _26: bool = Any.any_l () - | & _28: UInt64.t = Any.any_l () - | & _30: bool = Any.any_l () + | & _70: bool = Any.any_l () + | & _72: UInt64.t = Any.any_l () + | & _74: bool = Any.any_l () | & child: UInt64.t = Any.any_l () - | & _33: UInt64.t = Any.any_l () - | & _36: bool = Any.any_l () - | & _37: UInt64.t = Any.any_l () - | & _40: bool = Any.any_l () - | & _42: t_T = Any.any_l () - | & _46: t_T = Any.any_l () - | & _48: UInt64.t = Any.any_l () - | & _51: bool = Any.any_l () - | & _53: t_T = Any.any_l () - | & _57: t_T = Any.any_l () - | & _61: () = Any.any_l () - | & _62: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _63: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _64: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _77: UInt64.t = Any.any_l () + | & _80: bool = Any.any_l () + | & _81: UInt64.t = Any.any_l () + | & _84: bool = Any.any_l () + | & _86: t_T = Any.any_l () + | & _90: t_T = Any.any_l () + | & _92: UInt64.t = Any.any_l () + | & _95: bool = Any.any_l () + | & _97: t_T = Any.any_l () + | & _101: t_T = Any.any_l () + | & _105: () = Any.any_l () + | & _106: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _107: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _108: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_2_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:sift_down ensures #0] heap_frag_DeepModelTy (deep_model_Vec_T_Global v.final) (UInt64.t'int start) (UInt64.t'int end')} @@ -696,11 +696,11 @@ module M_heap_sort {[@expl:heap_sort 'v' type invariant] inv_ref_Vec_T_Global'0 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_9 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _9} s2 | s2 = bb3 ] + [ s0 = [ &_12 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _12} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UInt64.div {_7} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &start <- _ret ] s1) + [ s0 = UInt64.div {_10} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &start <- _ret ] s1) | s1 = [ &old_4_0 <- v ] s2 | s2 = bb4 ] | bb4 = bb4 @@ -712,19 +712,19 @@ module M_heap_sort (! s0) [ s0 = bb5 ] [ bb5 = s0 - [ s0 = [ &_17 <- UInt64.gt start (0: UInt64.t) ] s1 - | s1 = any [ br0 -> {_17 = false} (! bb9) | br1 -> {_17} (! bb6) ] ] + [ s0 = [ &_27 <- UInt64.gt start (0: UInt64.t) ] s1 + | s1 = any [ br0 -> {_27 = false} (! bb9) | br1 -> {_27} (! bb6) ] ] | bb6 = s0 [ s0 = UInt64.sub {start} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &start <- _ret ] s1) - | s1 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s2) + | s1 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_32 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_20 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_30 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = sift_down_T {_20} {start} {_22} (fun (_ret: ()) -> [ &_19 <- _ret ] s2) + | s1 = sift_down_T {_30} {start} {_32} (fun (_ret: ()) -> [ &_29 <- _ret ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &end' <- _ret ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = [ &old_11_0 <- v ] s1 | s1 = bb11 ] @@ -741,28 +741,28 @@ module M_heap_sort (! s0) [ s0 = bb12 ] [ bb12 = s0 - [ s0 = [ &_34 <- UInt64.gt end' (1: UInt64.t) ] s1 - | s1 = any [ br0 -> {_34 = false} (! bb17) | br1 -> {_34} (! bb13) ] ] + [ s0 = [ &_55 <- UInt64.gt end' (1: UInt64.t) ] s1 + | s1 = any [ br0 -> {_55 = false} (! bb17) | br1 -> {_55} (! bb13) ] ] | bb13 = s0 [ s0 = UInt64.sub {end'} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &end' <- _ret ] s1) | s1 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_39 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_60 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s2) - | s2 = deref_mut_Vec_T_Global {_39} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_38 <- _ret ] s3) + | s2 = deref_mut_Vec_T_Global {_60} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_59 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = {inv_slice_T _38.current} - MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} + [ s0 = {inv_slice_T _59.current} + MutBorrow.borrow_final {_59.current} {MutBorrow.get_id _59} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_37 <- _ret ] -{inv_slice_T _ret.final}- - [ &_38 <- { _38 with current = _ret.final } ] s1) - | s1 = swap_T {_37} {(0: UInt64.t)} {end'} (fun (_ret: ()) -> [ &_36 <- _ret ] s2) + [ &_58 <- _ret ] -{inv_slice_T _ret.final}- + [ &_59 <- { _59 with current = _ret.final } ] s1) + | s1 = swap_T {_58} {(0: UInt64.t)} {end'} (fun (_ret: ()) -> [ &_57 <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv_ref_slice_T _38} s1 - | s1 = -{resolve_ref_slice_T _38}- s2 + [ s0 = {[@expl:type invariant] inv_ref_slice_T _59} s1 + | s1 = -{resolve_ref_slice_T _59}- s2 | s2 = {[@expl:assertion] let _ = heap_frag_max_DeepModelTy (deep_model_ref_Vec_T_Global v) 0 (UInt64.t'int end') in forall i: int, j: int. 0 <= i @@ -772,9 +772,9 @@ module M_heap_sort | s3 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_44 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_67 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s4) - | s4 = sift_down_T {_44} {(0: UInt64.t)} {end'} (fun (_ret: ()) -> [ &_43 <- _ret ] s5) + | s4 = sift_down_T {_67} {(0: UInt64.t)} {end'} (fun (_ret: ()) -> [ &_66 <- _ret ] s5) | s5 = bb11 ] ] ] | bb17 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global'0 v} s1 @@ -784,20 +784,20 @@ module M_heap_sort | & v: MutBorrow.t t_Vec_T_Global = v | & old_v: MutBorrow.t t_Vec_T_Global = Any.any_l () | & start: UInt64.t = Any.any_l () - | & _7: UInt64.t = Any.any_l () - | & _9: bool = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: () = Any.any_l () - | & _20: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _22: UInt64.t = Any.any_l () + | & _10: UInt64.t = Any.any_l () + | & _12: bool = Any.any_l () + | & _27: bool = Any.any_l () + | & _29: () = Any.any_l () + | & _30: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _32: UInt64.t = Any.any_l () | & end': UInt64.t = Any.any_l () - | & _34: bool = Any.any_l () - | & _36: () = Any.any_l () - | & _37: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _38: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _39: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _43: () = Any.any_l () - | & _44: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _55: bool = Any.any_l () + | & _57: () = Any.any_l () + | & _58: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _59: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _60: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _66: () = Any.any_l () + | & _67: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_4_0: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_11_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:heap_sort ensures #0] sorted_DeepModelTy (deep_model_Vec_T_Global v.final)} diff --git a/tests/should_succeed/hillel.coma b/tests/should_succeed/hillel.coma index 787d7e1228..6684c212ee 100644 --- a/tests/should_succeed/hillel.coma +++ b/tests/should_succeed/hillel.coma @@ -102,16 +102,16 @@ module M_right_pad {[@expl:loop invariant #5] inv_ref_Vec_T_Global str} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len_T {str.current} (fun (_ret: UInt64.t) -> [ &_21 <- _ret ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len_T {str.current} (fun (_ret: UInt64.t) -> [ &_48 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_20 <- UInt64.lt _21 len ] s1 | s1 = any [ br0 -> {_20 = false} (! bb7) | br1 -> {_20} (! bb5) ] ] + [ s0 = [ &_47 <- UInt64.lt _48 len ] s1 | s1 = any [ br0 -> {_47 = false} (! bb7) | br1 -> {_47} (! bb5) ] ] | bb5 = s0 [ s0 = {inv_Vec_T_Global str.current} MutBorrow.borrow_mut {str.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_25 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_52 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &str <- { str with current = _ret.final } ] s1) - | s1 = push_T {_25} {pad} (fun (_ret: ()) -> [ &_24 <- _ret ] s2) + | s1 = push_T {_52} {pad} (fun (_ret: ()) -> [ &_51 <- _ret ] s2) | s2 = bb2 ] ] ] | bb7 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global str} s1 @@ -122,10 +122,10 @@ module M_right_pad | & len: UInt64.t = len | & pad: t_T = pad | & old_str: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _20: bool = Any.any_l () - | & _21: UInt64.t = Any.any_l () - | & _24: () = Any.any_l () - | & _25: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _47: bool = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _51: () = Any.any_l () + | & _52: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_2_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:right_pad ensures #0] Seq.length (view_Vec_T_Global str.final) >= UInt64.t'int len /\ Seq.length (view_Vec_T_Global str.final) >= Seq.length (view_Vec_T_Global str.current)} @@ -253,19 +253,19 @@ module M_left_pad {[@expl:loop invariant #6] inv_ref_Vec_T_Global str} (! s0) [ s0 = bb4 ] - [ bb4 = s0 [ s0 = len_T {str.current} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) | s1 = bb5 ] + [ bb4 = s0 [ s0 = len_T {str.current} (fun (_ret: UInt64.t) -> [ &_48 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = [ &_21 <- UInt64.lt _22 len ] s1 | s1 = any [ br0 -> {_21 = false} (! bb9) | br1 -> {_21} (! bb6) ] ] + [ s0 = [ &_47 <- UInt64.lt _48 len ] s1 | s1 = any [ br0 -> {_47 = false} (! bb9) | br1 -> {_47} (! bb6) ] ] | bb6 = s0 [ s0 = {inv_Vec_T_Global str.current} MutBorrow.borrow_mut {str.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_26 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_52 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &str <- { str with current = _ret.final } ] s1) - | s1 = insert_T {_26} {(0: UInt64.t)} {pad} (fun (_ret: ()) -> [ &_25 <- _ret ] s2) + | s1 = insert_T {_52} {(0: UInt64.t)} {pad} (fun (_ret: ()) -> [ &_51 <- _ret ] s2) | s2 = bb7 ] - | bb7 = s0 [ s0 = [ &_28 <- 1 + c ] s1 | s1 = bb8 ] - | bb8 = s0 [ s0 = [ &c <- _28 ] s1 | s1 = bb3 ] ] ] + | bb7 = s0 [ s0 = [ &_54 <- 1 + c ] s1 | s1 = bb8 ] + | bb8 = s0 [ s0 = [ &c <- _54 ] s1 | s1 = bb3 ] ] ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global str} s1 | s1 = -{resolve_ref_Vec_T_Global str}- s2 @@ -276,11 +276,11 @@ module M_left_pad | & pad: t_T = pad | & old_str: MutBorrow.t t_Vec_T_Global = Any.any_l () | & c: int = Any.any_l () - | & _21: bool = Any.any_l () - | & _22: UInt64.t = Any.any_l () - | & _25: () = Any.any_l () - | & _26: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _28: int = Any.any_l () + | & _47: bool = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _51: () = Any.any_l () + | & _52: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _54: int = Any.any_l () | & old_3_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:left_pad ensures #0] Seq.length (view_Vec_T_Global str.final) >= UInt64.t'int len /\ Seq.length (view_Vec_T_Global str.final) >= Seq.length (view_Vec_T_Global str.current)} @@ -584,7 +584,7 @@ module M_insert_unique {[@expl:insert_unique 'elem' type invariant] inv_T elem} {[@expl:insert_unique requires] is_unique_DeepModelTy (deep_model_ref_Vec_T_Global vec)} (! bb0 - [ bb0 = s0 [ s0 = [ &_8 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_15 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] is_subset_DeepModelTy (deep_model_ref_Vec_T_Global vec) (Seq.snoc (deep_model_ref_Vec_T_Global vec) (deep_model_T elem))} @@ -592,9 +592,9 @@ module M_insert_unique | s1 = [ &ghost_vec <- vec ] s2 | s2 = bb2 ] | bb2 = s0 - [ s0 = deref_Vec_T_Global {vec.current} (fun (_ret: Slice64.slice t_T) -> [ &_18 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = iter_T {_18} (fun (_ret: t_Iter_T) -> [ &_16 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = into_iter_Iter_T {_16} (fun (_ret: t_Iter_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] + [ s0 = deref_Vec_T_Global {vec.current} (fun (_ret: Slice64.slice t_T) -> [ &_28 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = iter_T {_28} (fun (_ret: t_Iter_T) -> [ &_26 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = into_iter_Iter_T {_26} (fun (_ret: t_Iter_T) -> [ &iter <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq t_T ] s1 | s1 = bb8 ] | bb8 = bb8 @@ -609,30 +609,30 @@ module M_insert_unique [ s0 = {inv_Iter_T iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_32 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_50 <- _ret ] -{inv_Iter_T _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Iter_T _32.current} - MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + | s1 = {inv_Iter_T _50.current} + MutBorrow.borrow_final {_50.current} {MutBorrow.get_id _50} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_31 <- _ret ] -{inv_Iter_T _ret.final}- - [ &_32 <- { _32 with current = _ret.final } ] s2) - | s2 = next_Iter_T {_31} (fun (_ret: t_Option_ref_T) -> [ &_30 <- _ret ] s3) + [ &_49 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_50 <- { _50 with current = _ret.final } ] s2) + | s2 = next_Iter_T {_49} (fun (_ret: t_Option_ref_T) -> [ &_48 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Iter_T _32} s1 - | s1 = -{resolve_ref_Iter_T _32}- s2 - | s2 = any [ br0 -> {_30 = None} (! bb13) | br1 (x0: t_T) -> {_30 = Some x0} (! bb14) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Iter_T _50} s1 + | s1 = -{resolve_ref_Iter_T _50}- s2 + | s2 = any [ br0 -> {_48 = None} (! bb13) | br1 (x0: t_T) -> {_48 = Some x0} (! bb14) ] ] | bb14 = s0 - [ s0 = elim_Some {_30} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_35 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_48} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_53 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _35 ] s1 + [ s0 = [ &produced <- _53 ] s1 | s1 = [ &e <- __creusot_proc_iter_elem ] s2 | s2 = {[@expl:assertion] e = index_Vec_T_Global ghost_vec.current (Seq.length produced - 1)} s3 - | s3 = eq_ref_T {e} {elem} (fun (_ret: bool) -> [ &_40 <- _ret ] s4) + | s3 = eq_ref_T {e} {elem} (fun (_ret: bool) -> [ &_63 <- _ret ] s4) | s4 = bb16 ] - | bb16 = any [ br0 -> {_40 = false} (! bb8) | br1 -> {_40} (! bb17) ] ] ] + | bb16 = any [ br0 -> {_63 = false} (! bb8) | br1 -> {_63} (! bb17) ] ] ] | bb17 = s0 [ s0 = {[@expl:type invariant] inv_Iter_T iter} s1 | s1 = -{resolve_Iter_T iter}- s2 @@ -651,9 +651,9 @@ module M_insert_unique | s4 = {inv_Vec_T_Global vec.current} MutBorrow.borrow_final {vec.current} {MutBorrow.get_id vec} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_53 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_82 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &vec <- { vec with current = _ret.final } ] s5) - | s5 = push_T {_53} {elem} (fun (_ret: ()) -> [ &_52 <- _ret ] s6) + | s5 = push_T {_82} {elem} (fun (_ret: ()) -> [ &_81 <- _ret ] s6) | s6 = bb19 ] | bb19 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global'0 vec} s1 @@ -663,22 +663,22 @@ module M_insert_unique [ & _0: () = Any.any_l () | & vec: MutBorrow.t t_Vec_T_Global = vec | & elem: t_T = elem - | & _8: () = Any.any_l () + | & _15: () = Any.any_l () | & ghost_vec: MutBorrow.t t_Vec_T_Global = Any.any_l () | & iter: t_Iter_T = Any.any_l () - | & _16: t_Iter_T = Any.any_l () - | & _18: Slice64.slice t_T = Any.any_l () + | & _26: t_Iter_T = Any.any_l () + | & _28: Slice64.slice t_T = Any.any_l () | & iter_old: t_Iter_T = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _30: t_Option_ref_T = Any.any_l () - | & _31: MutBorrow.t t_Iter_T = Any.any_l () - | & _32: MutBorrow.t t_Iter_T = Any.any_l () + | & _48: t_Option_ref_T = Any.any_l () + | & _49: MutBorrow.t t_Iter_T = Any.any_l () + | & _50: MutBorrow.t t_Iter_T = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _35: Seq.seq t_T = Any.any_l () + | & _53: Seq.seq t_T = Any.any_l () | & e: t_T = Any.any_l () - | & _40: bool = Any.any_l () - | & _52: () = Any.any_l () - | & _53: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) + | & _63: bool = Any.any_l () + | & _81: () = Any.any_l () + | & _82: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:insert_unique ensures #0] is_unique_DeepModelTy (deep_model_Vec_T_Global vec.final)} {[@expl:insert_unique ensures #1] is_subset_DeepModelTy (deep_model_ref_Vec_T_Global vec) (deep_model_Vec_T_Global vec.final)} @@ -891,10 +891,10 @@ module M_unique (! bb0 [ bb0 = s0 [ s0 = new_T (fun (_ret: t_Vec_T_Global) -> [ &unique <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &sub_str <- Seq.empty: Seq.seq t_T ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = len_T {str} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb3 ] + | bb2 = s0 [ s0 = len_T {str} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &_10 <- { start = (0: UInt64.t); end' = _11 } ] s1 - | s1 = into_iter_Range_usize {_10} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_12 <- { start = (0: UInt64.t); end' = _13 } ] s1 + | s1 = into_iter_Range_usize {_12} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb7 ] @@ -910,47 +910,47 @@ module M_unique [ s0 = bb8 ] [ bb8 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_28 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_43 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_43.current} {MutBorrow.get_id _43} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_27} (fun (_ret: t_Option_usize) -> [ &_26 <- _ret ] s3) + [ &_42 <- _ret ] [ &_43 <- { _43 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_42} (fun (_ret: t_Option_usize) -> [ &_41 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = -{resolve_ref_Range_usize _28}- s1 - | s1 = any [ br0 -> {_26 = None} (! bb12) | br1 (x0: UInt64.t) -> {_26 = Some x0} (! bb13) ] ] + [ s0 = -{resolve_ref_Range_usize _43}- s1 + | s1 = any [ br0 -> {_41 = None} (! bb12) | br1 (x0: UInt64.t) -> {_41 = Some x0} (! bb13) ] ] | bb13 = s0 - [ s0 = elim_Some {_26} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_31 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_41} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_46 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = [ &produced <- _31 ] s1 + [ s0 = [ &produced <- _46 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = [ &_35 <- i ] s3 - | s3 = [ &_36 <- Slice64.length str ] s4 - | s4 = [ &_37 <- UInt64.lt _35 _36 ] s5 - | s5 = {[@expl:index in bounds] _37} s6 + | s2 = [ &_52 <- i ] s3 + | s3 = [ &_53 <- Slice64.length str ] s4 + | s4 = [ &_54 <- UInt64.lt _52 _53 ] s5 + | s5 = {[@expl:index in bounds] _54} s6 | s6 = bb15 ] | bb15 = s0 - [ s0 = Slice64.get {str} {_35} (fun (r: t_T) -> [ &elem <- r ] s1) + [ s0 = Slice64.get {str} {_52} (fun (r: t_T) -> [ &elem <- r ] s1) | s1 = {inv_Vec_T_Global unique} MutBorrow.borrow_mut {unique} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_40 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_57 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &unique <- _ret.final ] s2) - | s2 = {inv_Vec_T_Global _40.current} - MutBorrow.borrow_final {_40.current} {MutBorrow.get_id _40} + | s2 = {inv_Vec_T_Global _57.current} + MutBorrow.borrow_final {_57.current} {MutBorrow.get_id _57} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_39 <- _ret ] -{inv_Vec_T_Global _ret.final}- - [ &_40 <- { _40 with current = _ret.final } ] s3) - | s3 = insert_unique_T {_39} {elem} (fun (_ret: ()) -> [ &_38 <- _ret ] s4) + [ &_56 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_57 <- { _57 with current = _ret.final } ] s3) + | s3 = insert_unique_T {_56} {elem} (fun (_ret: ()) -> [ &_55 <- _ret ] s4) | s4 = bb16 ] | bb16 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global _40} s1 - | s1 = -{resolve_ref_Vec_T_Global _40}- s2 - | s2 = [ &_42 <- Seq.snoc sub_str elem ] s3 + [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global _57} s1 + | s1 = -{resolve_ref_Vec_T_Global _57}- s2 + | s2 = [ &_59 <- Seq.snoc sub_str elem ] s3 | s3 = bb17 ] - | bb17 = s0 [ s0 = [ &sub_str <- _42 ] s1 | s1 = bb7 ] ] ] + | bb17 = s0 [ s0 = [ &sub_str <- _59 ] s1 | s1 = bb7 ] ] ] | bb12 = s0 [ s0 = {[@expl:assertion] is_subset_DeepModelTy (Seq.([..]) (deep_model_ref_slice_T str) 0 (Seq.length (Slice64.view str))) (deep_model_Vec_T_Global unique)} @@ -966,24 +966,24 @@ module M_unique | & unique: t_Vec_T_Global = Any.any_l () | & sub_str: Seq.seq t_T = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _10: t_Range_usize = Any.any_l () - | & _11: UInt64.t = Any.any_l () + | & _12: t_Range_usize = Any.any_l () + | & _13: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _26: t_Option_usize = Any.any_l () - | & _27: MutBorrow.t t_Range_usize = Any.any_l () - | & _28: MutBorrow.t t_Range_usize = Any.any_l () + | & _41: t_Option_usize = Any.any_l () + | & _42: MutBorrow.t t_Range_usize = Any.any_l () + | & _43: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _31: Seq.seq UInt64.t = Any.any_l () + | & _46: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & elem: t_T = Any.any_l () - | & _35: UInt64.t = Any.any_l () - | & _36: UInt64.t = Any.any_l () - | & _37: bool = Any.any_l () - | & _38: () = Any.any_l () - | & _39: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _40: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _42: Seq.seq t_T = Any.any_l () ]) + | & _52: UInt64.t = Any.any_l () + | & _53: UInt64.t = Any.any_l () + | & _54: bool = Any.any_l () + | & _55: () = Any.any_l () + | & _56: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _57: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _59: Seq.seq t_T = Any.any_l () ]) [ return (result: t_Vec_T_Global) -> {[@expl:unique result type invariant] inv_Vec_T_Global result} {[@expl:unique ensures #0] is_unique_DeepModelTy (deep_model_Vec_T_Global result)} {[@expl:unique ensures #1] is_subset_DeepModelTy (deep_model_Vec_T_Global result) (deep_model_ref_slice_T str)} @@ -1318,25 +1318,25 @@ module M_fulcrum [ s0 = {inv_Iter_u32 iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Iter_u32) -> - [ &_23 <- _ret ] -{inv_Iter_u32 _ret.final}- + [ &_38 <- _ret ] -{inv_Iter_u32 _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Iter_u32 _23.current} - MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + | s1 = {inv_Iter_u32 _38.current} + MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} (fun (_ret: MutBorrow.t t_Iter_u32) -> - [ &_22 <- _ret ] -{inv_Iter_u32 _ret.final}- - [ &_23 <- { _23 with current = _ret.final } ] s2) - | s2 = next_Iter_u32 {_22} (fun (_ret: t_Option_ref_u32) -> [ &_21 <- _ret ] s3) + [ &_37 <- _ret ] -{inv_Iter_u32 _ret.final}- + [ &_38 <- { _38 with current = _ret.final } ] s2) + | s2 = next_Iter_u32 {_37} (fun (_ret: t_Option_ref_u32) -> [ &_36 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Iter_u32 _23} s1 - | s1 = -{resolve_ref_Iter_u32 _23}- s2 - | s2 = any [ br0 -> {_21 = None} (! bb9) | br1 (x0: UInt32.t) -> {_21 = Some x0} (! bb10) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Iter_u32 _38} s1 + | s1 = -{resolve_ref_Iter_u32 _38}- s2 + | s2 = any [ br0 -> {_36 = None} (! bb9) | br1 (x0: UInt32.t) -> {_36 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_21} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_26 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_36} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_41 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _26 ] s1 + [ s0 = [ &produced <- _41 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = UInt32.add {total} {x} (fun (_ret: UInt32.t) -> [ &total <- _ret ] s3) | s3 = bb4 ] ] ] @@ -1347,11 +1347,11 @@ module M_fulcrum | s3 = [ &min_i <- (0: UInt64.t) ] s4 | s4 = [ &min_dist <- total ] s5 | s5 = [ &sum <- (0: UInt32.t) ] s6 - | s6 = len_u32 {s} (fun (_ret: UInt64.t) -> [ &_39 <- _ret ] s7) + | s6 = len_u32 {s} (fun (_ret: UInt64.t) -> [ &_58 <- _ret ] s7) | s7 = bb12 ] | bb12 = s0 - [ s0 = [ &_38 <- { start = (0: UInt64.t); end' = _39 } ] s1 - | s1 = into_iter_Range_usize {_38} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) + [ s0 = [ &_57 <- { start = (0: UInt64.t); end' = _58 } ] s1 + | s1 = into_iter_Range_usize {_57} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 [ s0 = [ &iter_old'0 <- iter'0 ] s1 | s1 = bb14 ] | bb14 = s0 [ s0 = [ &produced'0 <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb16 ] @@ -1370,37 +1370,37 @@ module M_fulcrum [ s0 = bb17 ] [ bb17 = s0 [ s0 = MutBorrow.borrow_mut {iter'0} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_56 <- _ret ] [ &iter'0 <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_95 <- _ret ] [ &iter'0 <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_95.current} {MutBorrow.get_id _95} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_55 <- _ret ] [ &_56 <- { _56 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_55} (fun (_ret: t_Option_usize) -> [ &_54 <- _ret ] s3) + [ &_94 <- _ret ] [ &_95 <- { _95 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_94} (fun (_ret: t_Option_usize) -> [ &_93 <- _ret ] s3) | s3 = bb18 ] | bb18 = s0 - [ s0 = -{resolve_ref_Range_usize _56}- s1 - | s1 = any [ br0 -> {_54 = None'0} (! bb21) | br1 (x0: UInt64.t) -> {_54 = Some'0 x0} (! bb22) ] ] + [ s0 = -{resolve_ref_Range_usize _95}- s1 + | s1 = any [ br0 -> {_93 = None'0} (! bb21) | br1 (x0: UInt64.t) -> {_93 = Some'0 x0} (! bb22) ] ] | bb22 = s0 - [ s0 = elim_Some'0 {_54} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) - | s1 = [ &_59 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 + [ s0 = elim_Some'0 {_93} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) + | s1 = [ &_98 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 | s2 = bb23 ] | bb23 = s0 - [ s0 = [ &produced'0 <- _59 ] s1 + [ s0 = [ &produced'0 <- _98 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem'0 ] s2 - | s2 = UInt32.sub {total} {sum} (fun (_ret: UInt32.t) -> [ &_64 <- _ret ] s3) - | s3 = abs_diff'0 {sum} {_64} (fun (_ret: UInt32.t) -> [ &dist <- _ret ] s4) + | s2 = UInt32.sub {total} {sum} (fun (_ret: UInt32.t) -> [ &_105 <- _ret ] s3) + | s3 = abs_diff'0 {sum} {_105} (fun (_ret: UInt32.t) -> [ &dist <- _ret ] s4) | s4 = bb24 ] | bb24 = s0 - [ s0 = [ &_68 <- UInt32.lt dist min_dist ] s1 - | s1 = any [ br0 -> {_68 = false} (! bb27) | br1 -> {_68} (! bb25) ] ] + [ s0 = [ &_109 <- UInt32.lt dist min_dist ] s1 + | s1 = any [ br0 -> {_109 = false} (! bb27) | br1 -> {_109} (! bb25) ] ] | bb25 = s0 [ s0 = [ &min_i <- i ] s1 | s1 = [ &min_dist <- dist ] s2 | s2 = bb27 ] | bb27 = s0 - [ s0 = [ &_74 <- i ] s1 - | s1 = [ &_75 <- Slice64.length s ] s2 - | s2 = [ &_76 <- UInt64.lt _74 _75 ] s3 - | s3 = {[@expl:index in bounds] _76} s4 + [ s0 = [ &_115 <- i ] s1 + | s1 = [ &_116 <- Slice64.length s ] s2 + | s2 = [ &_117 <- UInt64.lt _115 _116 ] s3 + | s3 = {[@expl:index in bounds] _117} s4 | s4 = bb28 ] | bb28 = s0 - [ s0 = Slice64.get {s} {_74} + [ s0 = Slice64.get {s} {_115} (fun (r: UInt32.t) -> UInt32.add {sum} {r} (fun (_ret: UInt32.t) -> [ &sum <- _ret ] s1)) | s1 = bb16 ] ] ] | bb21 = s0 [ s0 = [ &_0 <- min_i ] s1 | s1 = return {_0} ] ] @@ -1410,32 +1410,32 @@ module M_fulcrum | & iter: t_Iter_u32 = Any.any_l () | & iter_old: t_Iter_u32 = Any.any_l () | & produced: Seq.seq UInt32.t = Any.any_l () - | & _21: t_Option_ref_u32 = Any.any_l () - | & _22: MutBorrow.t t_Iter_u32 = Any.any_l () - | & _23: MutBorrow.t t_Iter_u32 = Any.any_l () + | & _36: t_Option_ref_u32 = Any.any_l () + | & _37: MutBorrow.t t_Iter_u32 = Any.any_l () + | & _38: MutBorrow.t t_Iter_u32 = Any.any_l () | & __creusot_proc_iter_elem: UInt32.t = Any.any_l () - | & _26: Seq.seq UInt32.t = Any.any_l () + | & _41: Seq.seq UInt32.t = Any.any_l () | & x: UInt32.t = Any.any_l () | & min_i: UInt64.t = Any.any_l () | & min_dist: UInt32.t = Any.any_l () | & sum: UInt32.t = Any.any_l () | & iter'0: t_Range_usize = Any.any_l () - | & _38: t_Range_usize = Any.any_l () - | & _39: UInt64.t = Any.any_l () + | & _57: t_Range_usize = Any.any_l () + | & _58: UInt64.t = Any.any_l () | & iter_old'0: t_Range_usize = Any.any_l () | & produced'0: Seq.seq UInt64.t = Any.any_l () - | & _54: t_Option_usize = Any.any_l () - | & _55: MutBorrow.t t_Range_usize = Any.any_l () - | & _56: MutBorrow.t t_Range_usize = Any.any_l () + | & _93: t_Option_usize = Any.any_l () + | & _94: MutBorrow.t t_Range_usize = Any.any_l () + | & _95: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem'0: UInt64.t = Any.any_l () - | & _59: Seq.seq UInt64.t = Any.any_l () + | & _98: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & dist: UInt32.t = Any.any_l () - | & _64: UInt32.t = Any.any_l () - | & _68: bool = Any.any_l () - | & _74: UInt64.t = Any.any_l () - | & _75: UInt64.t = Any.any_l () - | & _76: bool = Any.any_l () ]) + | & _105: UInt32.t = Any.any_l () + | & _109: bool = Any.any_l () + | & _115: UInt64.t = Any.any_l () + | & _116: UInt64.t = Any.any_l () + | & _117: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:fulcrum ensures #0] 0 <= UInt64.t'int result /\ UInt64.t'int result < Seq.length (Slice64.view s)} {[@expl:fulcrum ensures #1] forall i: int. 0 <= i /\ i < Seq.length (Slice64.view s) diff --git a/tests/should_succeed/inferred_invariants.coma b/tests/should_succeed/inferred_invariants.coma index 50131efcb7..eb8610447d 100644 --- a/tests/should_succeed/inferred_invariants.coma +++ b/tests/should_succeed/inferred_invariants.coma @@ -62,13 +62,13 @@ module M_simple [ s0 = {inv_T x.current} MutBorrow.borrow_mut {x.current} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- + [ &_7 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s1) - | s1 = f_T {_6} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) + | s1 = f_T {_7} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] ] ] ] [ & x: MutBorrow.t t_T = x | & _4: () = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () + | & _7: MutBorrow.t t_T = Any.any_l () | & old_1_0: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_swapper @@ -110,25 +110,25 @@ module M_swapper | s1 = {inv_T y.current} MutBorrow.borrow_final {y.current} {MutBorrow.get_id y} (fun (_ret: MutBorrow.t t_T) -> - [ &_9 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- _ret ] -{inv_T _ret.final}- [ &y <- { y with current = _ret.final } ] s2) - | s2 = [ &x <- _9 ] s3 + | s2 = [ &x <- _11 ] s3 | s3 = {inv_T c.current} MutBorrow.borrow_final {c.current} {MutBorrow.get_id c} (fun (_ret: MutBorrow.t t_T) -> - [ &_10 <- _ret ] -{inv_T _ret.final}- + [ &_12 <- _ret ] -{inv_T _ret.final}- [ &c <- { c with current = _ret.final } ] s4) | s4 = {[@expl:type invariant] inv_ref_T y} s5 | s5 = -{resolve_ref_T y}- s6 - | s6 = [ &y <- _10 ] s7 + | s6 = [ &y <- _12 ] s7 | s7 = {[@expl:type invariant] inv_ref_T c} s8 | s8 = -{resolve_ref_T c}- s9 | s9 = bb1 ] ] ] ] [ & x: MutBorrow.t t_T = x | & y: MutBorrow.t t_T = y | & c: MutBorrow.t t_T = Any.any_l () - | & _9: MutBorrow.t t_T = Any.any_l () - | & _10: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _11: MutBorrow.t t_T = Any.any_l () + | & _12: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_tuple use creusot.prelude.MutBorrow @@ -206,13 +206,13 @@ module M_temp_move | s1 = {inv_T c.current} MutBorrow.borrow_final {c.current} {MutBorrow.get_id c} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_8 <- _ret ] -{inv_T _ret.final}- [ &c <- { c with current = _ret.final } ] s2) - | s2 = [ &x <- _7 ] s3 + | s2 = [ &x <- _8 ] s3 | s3 = {[@expl:type invariant] inv_ref_T c} s4 | s4 = -{resolve_ref_T c}- s5 | s5 = bb1 ] ] ] ] - [ & x: MutBorrow.t t_T = x | & c: MutBorrow.t t_T = Any.any_l () | & _7: MutBorrow.t t_T = Any.any_l () ]) + [ & x: MutBorrow.t t_T = x | & c: MutBorrow.t t_T = Any.any_l () | & _8: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_y @@ -282,31 +282,31 @@ module M_y {[@expl:loop invariant #1] UInt64.t'int i <= 10} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len_i32 {v.current} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len_i32 {v.current} (fun (_ret: UInt64.t) -> [ &_16 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_10 <- UInt64.lt i _12 ] s1 | s1 = any [ br0 -> {_10 = false} (! bb8) | br1 -> {_10} (! bb5) ] ] + [ s0 = [ &_14 <- UInt64.lt i _16 ] s1 | s1 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb5) ] ] | bb5 = s0 [ s0 = MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_i32_Global) -> - [ &_15 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) - | s1 = index_mut_Vec_i32_Global {_15} {i} (fun (_ret: MutBorrow.t Int32.t) -> [ &_14 <- _ret ] s2) + [ &_19 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) + | s1 = index_mut_Vec_i32_Global {_19} {i} (fun (_ret: MutBorrow.t Int32.t) -> [ &_18 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_14 <- { _14 with current = (0: Int32.t) } ] s1 | s1 = -{resolve_ref_i32 _14}- s2 | s2 = bb8 ] + [ s0 = [ &_18 <- { _18 with current = (0: Int32.t) } ] s1 | s1 = -{resolve_ref_i32 _18}- s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) - | s1 = [ &_17 <- UInt64.gt i (10: UInt64.t) ] s2 - | s2 = any [ br0 -> {_17 = false} (! bb2) | br1 -> {_17} (! bb9) ] ] ] ] + | s1 = [ &_21 <- UInt64.gt i (10: UInt64.t) ] s2 + | s2 = any [ br0 -> {_21 = false} (! bb2) | br1 -> {_21} (! bb9) ] ] ] ] | bb9 = s0 [ s0 = -{resolve_ref_Vec_i32_Global v}- s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_i32_Global = v | & old_v: MutBorrow.t t_Vec_i32_Global = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _10: bool = Any.any_l () - | & _12: UInt64.t = Any.any_l () - | & _14: MutBorrow.t Int32.t = Any.any_l () - | & _15: MutBorrow.t t_Vec_i32_Global = Any.any_l () - | & _17: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _16: UInt64.t = Any.any_l () + | & _18: MutBorrow.t Int32.t = Any.any_l () + | & _19: MutBorrow.t t_Vec_i32_Global = Any.any_l () + | & _21: bool = Any.any_l () | & old_2_0: MutBorrow.t t_Vec_i32_Global = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_nested_loops @@ -332,8 +332,8 @@ module M_nested_loops (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = [ &_9 <- Int32.gt i (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_9 = false} (! bb4) | br1 -> {_9} (! bb3) ] ] + [ s0 = [ &_12 <- Int32.gt i (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_12 = false} (! bb4) | br1 -> {_12} (! bb3) ] ] | bb4 = s0 [ s0 = Int32.add {i} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &i <- _ret ] s1) | s1 = [ &j <- (0: Int32.t) ] s2 @@ -345,8 +345,8 @@ module M_nested_loops (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = [ &_16 <- Int32.gt j (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb1) ] ] + [ s0 = [ &_20 <- Int32.gt j (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_20 = false} (! bb8) | br1 -> {_20} (! bb1) ] ] | bb8 = s0 [ s0 = Int32.add {j} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &j <- _ret ] s1) | s1 = [ &x <- { x with current = (0: Int32.t) } ] s2 @@ -355,9 +355,9 @@ module M_nested_loops [ & _0: () = Any.any_l () | & x: MutBorrow.t Int32.t = x | & i: Int32.t = Any.any_l () - | & _9: bool = Any.any_l () + | & _12: bool = Any.any_l () | & j: Int32.t = Any.any_l () - | & _16: bool = Any.any_l () + | & _20: bool = Any.any_l () | & old_5_0: MutBorrow.t Int32.t = Any.any_l () | & old_1_0: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:nested_loops ensures] x.final = (0: Int32.t)} (! return {result}) ] @@ -395,8 +395,8 @@ module M_nested_borrows (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = [ &_12 <- Int32.gt i (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_12 = false} (! bb4) | br1 -> {_12} (! bb3) ] ] + [ s0 = [ &_17 <- Int32.gt i (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_17 = false} (! bb4) | br1 -> {_17} (! bb3) ] ] | bb4 = s0 [ s0 = Int32.add {i} {(1: Int32.t)} (fun (_ret: Int32.t) -> [ &i <- _ret ] s1) | s1 = [ &x <- { x with current = { x.current with current = (0: Int32.t) } } ] s2 @@ -404,10 +404,10 @@ module M_nested_borrows | bb3 = s0 [ s0 = MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t (MutBorrow.t Int32.t)) -> - [ &_16 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) + [ &_21 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) | s1 = MutBorrow.borrow_final {y.current} {MutBorrow.get_id y} - (fun (_ret: MutBorrow.t Int32.t) -> [ &_17 <- _ret ] [ &y <- { y with current = _ret.final } ] s2) - | s2 = replace_ref_i32 {_16} {_17} (fun (_ret: MutBorrow.t Int32.t) -> [ &b <- _ret ] s3) + (fun (_ret: MutBorrow.t Int32.t) -> [ &_22 <- _ret ] [ &y <- { y with current = _ret.final } ] s2) + | s2 = replace_ref_i32 {_21} {_22} (fun (_ret: MutBorrow.t Int32.t) -> [ &b <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = -{resolve_ref_ref_i32 x}- s1 @@ -419,10 +419,10 @@ module M_nested_borrows | & x: MutBorrow.t (MutBorrow.t Int32.t) = x | & y: MutBorrow.t Int32.t = y | & i: Int32.t = Any.any_l () - | & _12: bool = Any.any_l () + | & _17: bool = Any.any_l () | & b: MutBorrow.t Int32.t = Any.any_l () - | & _16: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () - | & _17: MutBorrow.t Int32.t = Any.any_l () + | & _21: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () + | & _22: MutBorrow.t Int32.t = Any.any_l () | & old_1_0: MutBorrow.t (MutBorrow.t Int32.t) = Any.any_l () | & old_1_1: MutBorrow.t Int32.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:nested_borrows ensures #0] x.final = y} diff --git a/tests/should_succeed/inplace_list_reversal.coma b/tests/should_succeed/inplace_list_reversal.coma index faa4801211..7c4e5c95b7 100644 --- a/tests/should_succeed/inplace_list_reversal.coma +++ b/tests/should_succeed/inplace_list_reversal.coma @@ -82,13 +82,13 @@ module M_rev [ bb0 = s0 [ s0 = [ &old_l <- l ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &prev <- Nil ] s1 - | s1 = [ &_8 <- Nil ] s2 + | s1 = [ &_10 <- Nil ] s2 | s2 = {inv_List_T l.current} MutBorrow.borrow_mut {l.current} (fun (_ret: MutBorrow.t t_List_T) -> - [ &_7 <- _ret ] -{inv_List_T _ret.final}- + [ &_9 <- _ret ] -{inv_List_T _ret.final}- [ &l <- { l with current = _ret.final } ] s3) - | s3 = replace_List_T {_7} {_8} (fun (_ret: t_List_T) -> [ &head <- _ret ] s4) + | s3 = replace_List_T {_9} {_10} (fun (_ret: t_List_T) -> [ &head <- _ret ] s4) | s4 = bb3 ] | bb3 = bb3 [ bb3 = {[@expl:loop invariant #0] inv_List_T prev} @@ -102,8 +102,8 @@ module M_rev | s1 = [ &next <- curr.f1 ] s2 | s2 = bb7 ] | bb7 = s0 [ s0 = [ &curr <- { curr with f1 = prev } ] s1 | s1 = bb9 ] - | bb9 = s0 [ s0 = [ &_19 <- Cons curr ] s1 | s1 = bb11 ] - | bb11 = s0 [ s0 = [ &prev <- _19 ] s1 | s1 = bb14 ] + | bb9 = s0 [ s0 = [ &_26 <- Cons curr ] s1 | s1 = bb11 ] + | bb11 = s0 [ s0 = [ &prev <- _26 ] s1 | s1 = bb14 ] | bb14 = s0 [ s0 = [ &head <- next ] s1 | s1 = bb3 ] ] ] | bb18 = s0 [ s0 = {[@expl:type invariant] match head with @@ -130,10 +130,10 @@ module M_rev | & old_l: MutBorrow.t t_List_T = Any.any_l () | & prev: t_List_T = Any.any_l () | & head: t_List_T = Any.any_l () - | & _7: MutBorrow.t t_List_T = Any.any_l () - | & _8: t_List_T = Any.any_l () + | & _9: MutBorrow.t t_List_T = Any.any_l () + | & _10: t_List_T = Any.any_l () | & curr: tup2_T_List_T = Any.any_l () | & next: t_List_T = Any.any_l () - | & _19: t_List_T = Any.any_l () ]) + | & _26: t_List_T = Any.any_l () ]) [ return (result: ()) -> {[@expl:rev ensures] l.final = rev_append_T l.current (Nil)} (! return {result}) ] end diff --git a/tests/should_succeed/insertion_sort.coma b/tests/should_succeed/insertion_sort.coma index 35ff552a77..877fc37067 100644 --- a/tests/should_succeed/insertion_sort.coma +++ b/tests/should_succeed/insertion_sort.coma @@ -194,8 +194,8 @@ module M_insertion_sort [ bb0 = s0 [ s0 = [ &original <- array ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = len_i32 {array.current} (fun (_ret: UInt64.t) -> [ &n <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_10 <- { start = (1: UInt64.t); end' = n } ] s1 - | s1 = into_iter_Range_usize {_10} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_13 <- { start = (1: UInt64.t); end' = n } ] s1 + | s1 = into_iter_Range_usize {_13} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb5 ] @@ -212,21 +212,21 @@ module M_insertion_sort [ s0 = bb7 ] [ bb7 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_26 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_26.current} {MutBorrow.get_id _26} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_41 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_25 <- _ret ] [ &_26 <- { _26 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_25} (fun (_ret: t_Option_usize) -> [ &_24 <- _ret ] s3) + [ &_40 <- _ret ] [ &_41 <- { _41 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_40} (fun (_ret: t_Option_usize) -> [ &_39 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve_ref_Range_usize _26}- s1 - | s1 = any [ br0 -> {_24 = None} (! bb11) | br1 (x0: UInt64.t) -> {_24 = Some x0} (! bb12) ] ] + [ s0 = -{resolve_ref_Range_usize _41}- s1 + | s1 = any [ br0 -> {_39 = None} (! bb11) | br1 (x0: UInt64.t) -> {_39 = Some x0} (! bb12) ] ] | bb12 = s0 - [ s0 = elim_Some {_24} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_29 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_39} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_44 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _29 ] s1 + [ s0 = [ &produced <- _44 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &j <- i ] s3 | s3 = [ &old_14_0 <- array ] s4 @@ -245,39 +245,39 @@ module M_insertion_sort (! s0) [ s0 = bb15 ] [ bb15 = s0 - [ s0 = [ &_39 <- UInt64.gt j (0: UInt64.t) ] s1 - | s1 = any [ br0 -> {_39 = false} (! bb6) | br1 -> {_39} (! bb16) ] ] + [ s0 = [ &_68 <- UInt64.gt j (0: UInt64.t) ] s1 + | s1 = any [ br0 -> {_68 = false} (! bb6) | br1 -> {_68} (! bb16) ] ] | bb16 = s0 - [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_44 <- _ret ] s1) + [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_73 <- _ret ] s1) | s1 = Opaque.fresh_ptr (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length array.current}- - [ &_46 <- _ptr ] s2) - | s2 = [ &_47 <- Slice64.slice_ptr_len _46 ] s3 - | s3 = [ &_48 <- UInt64.lt _44 _47 ] s4 - | s4 = {[@expl:index in bounds] _48} s5 + [ &_75 <- _ptr ] s2) + | s2 = [ &_76 <- Slice64.slice_ptr_len _75 ] s3 + | s3 = [ &_77 <- UInt64.lt _73 _76 ] s4 + | s4 = {[@expl:index in bounds] _77} s5 | s5 = bb17 ] | bb17 = s0 - [ s0 = [ &_50 <- j ] s1 + [ s0 = [ &_79 <- j ] s1 | s1 = Opaque.fresh_ptr (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length array.current}- - [ &_51 <- _ptr ] s2) - | s2 = [ &_52 <- Slice64.slice_ptr_len _51 ] s3 - | s3 = [ &_53 <- UInt64.lt _50 _52 ] s4 - | s4 = {[@expl:index in bounds] _53} s5 + [ &_80 <- _ptr ] s2) + | s2 = [ &_81 <- Slice64.slice_ptr_len _80 ] s3 + | s3 = [ &_82 <- UInt64.lt _79 _81 ] s4 + | s4 = {[@expl:index in bounds] _82} s5 | s5 = bb18 ] | bb18 = s0 - [ s0 = Slice64.get {array.current} {_50} + [ s0 = Slice64.get {array.current} {_79} (fun (r: Int32.t) -> - Slice64.get {array.current} {_44} (fun (r'0: Int32.t) -> [ &_42 <- Int32.gt r'0 r ] s1)) - | s1 = any [ br0 -> {_42 = false} (! bb6) | br1 -> {_42} (! bb19) ] ] + Slice64.get {array.current} {_73} (fun (r'0: Int32.t) -> [ &_71 <- Int32.gt r'0 r ] s1)) + | s1 = any [ br0 -> {_71 = false} (! bb6) | br1 -> {_71} (! bb19) ] ] | bb19 = s0 - [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_56 <- _ret ] s1) + [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_85 <- _ret ] s1) | s1 = MutBorrow.borrow_mut {array.current} (fun (_ret: MutBorrow.t (Slice64.slice Int32.t)) -> - [ &_55 <- _ret ] [ &array <- { array with current = _ret.final } ] s2) - | s2 = swap_i32 {_55} {_56} {j} (fun (_ret: ()) -> [ &_54 <- _ret ] s3) + [ &_84 <- _ret ] [ &array <- { array with current = _ret.final } ] s2) + | s2 = swap_i32 {_84} {_85} {j} (fun (_ret: ()) -> [ &_83 <- _ret ] s3) | s3 = bb20 ] | bb20 = s0 [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &j <- _ret ] s1) | s1 = bb14 ] ] ] ] ] @@ -292,29 +292,29 @@ module M_insertion_sort | & original: MutBorrow.t (Slice64.slice Int32.t) = Any.any_l () | & n: UInt64.t = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _10: t_Range_usize = Any.any_l () + | & _13: t_Range_usize = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _24: t_Option_usize = Any.any_l () - | & _25: MutBorrow.t t_Range_usize = Any.any_l () - | & _26: MutBorrow.t t_Range_usize = Any.any_l () + | & _39: t_Option_usize = Any.any_l () + | & _40: MutBorrow.t t_Range_usize = Any.any_l () + | & _41: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _29: Seq.seq UInt64.t = Any.any_l () + | & _44: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _39: bool = Any.any_l () - | & _42: bool = Any.any_l () - | & _44: UInt64.t = Any.any_l () - | & _46: Opaque.ptr = Any.any_l () - | & _47: UInt64.t = Any.any_l () - | & _48: bool = Any.any_l () - | & _50: UInt64.t = Any.any_l () - | & _51: Opaque.ptr = Any.any_l () - | & _52: UInt64.t = Any.any_l () - | & _53: bool = Any.any_l () - | & _54: () = Any.any_l () - | & _55: MutBorrow.t (Slice64.slice Int32.t) = Any.any_l () - | & _56: UInt64.t = Any.any_l () + | & _68: bool = Any.any_l () + | & _71: bool = Any.any_l () + | & _73: UInt64.t = Any.any_l () + | & _75: Opaque.ptr = Any.any_l () + | & _76: UInt64.t = Any.any_l () + | & _77: bool = Any.any_l () + | & _79: UInt64.t = Any.any_l () + | & _80: Opaque.ptr = Any.any_l () + | & _81: UInt64.t = Any.any_l () + | & _82: bool = Any.any_l () + | & _83: () = Any.any_l () + | & _84: MutBorrow.t (Slice64.slice Int32.t) = Any.any_l () + | & _85: UInt64.t = Any.any_l () | & old_14_0: MutBorrow.t (Slice64.slice Int32.t) = Any.any_l () | & old_6_0: MutBorrow.t (Slice64.slice Int32.t) = Any.any_l () ]) [ return (result: ()) -> diff --git a/tests/should_succeed/instant.coma b/tests/should_succeed/instant.coma index f748781abd..1b3843459e 100644 --- a/tests/should_succeed/instant.coma +++ b/tests/should_succeed/instant.coma @@ -355,59 +355,59 @@ module M_test_instant | s2 = bb18 ] | bb18 = s0 [ s0 = {[@expl:assertion] view_Instant instant < view_Instant even_greater_instant} s1 - | s1 = checked_sub {instant} {zero_dur} (fun (_ret: t_Option_Instant) -> [ &_42 <- _ret ] s2) + | s1 = checked_sub {instant} {zero_dur} (fun (_ret: t_Option_Instant) -> [ &_46 <- _ret ] s2) | s2 = bb19 ] - | bb19 = s0 [ s0 = unwrap_Instant {_42} (fun (_ret: t_Instant) -> [ &_41 <- _ret ] s1) | s1 = bb20 ] - | bb20 = s0 [ s0 = eq_Instant {_41} {instant} (fun (_ret: bool) -> [ &_39 <- _ret ] s1) | s1 = bb21 ] - | bb21 = any [ br0 -> {_39 = false} (! bb23) | br1 -> {_39} (! bb22) ] - | bb22 = s0 [ s0 = sub_Instant {instant} {zero_dur} (fun (_ret: t_Instant) -> [ &_50 <- _ret ] s1) | s1 = bb24 ] - | bb24 = s0 [ s0 = eq_Instant {_50} {instant} (fun (_ret: bool) -> [ &_48 <- _ret ] s1) | s1 = bb25 ] - | bb25 = any [ br0 -> {_48 = false} (! bb27) | br1 -> {_48} (! bb26) ] + | bb19 = s0 [ s0 = unwrap_Instant {_46} (fun (_ret: t_Instant) -> [ &_45 <- _ret ] s1) | s1 = bb20 ] + | bb20 = s0 [ s0 = eq_Instant {_45} {instant} (fun (_ret: bool) -> [ &_43 <- _ret ] s1) | s1 = bb21 ] + | bb21 = any [ br0 -> {_43 = false} (! bb23) | br1 -> {_43} (! bb22) ] + | bb22 = s0 [ s0 = sub_Instant {instant} {zero_dur} (fun (_ret: t_Instant) -> [ &_54 <- _ret ] s1) | s1 = bb24 ] + | bb24 = s0 [ s0 = eq_Instant {_54} {instant} (fun (_ret: bool) -> [ &_52 <- _ret ] s1) | s1 = bb25 ] + | bb25 = any [ br0 -> {_52 = false} (! bb27) | br1 -> {_52} (! bb26) ] | bb26 = s0 [ s0 = sub_Instant {instant} {three_seconds} (fun (_ret: t_Instant) -> [ &lesser_instant <- _ret ] s1) | s1 = bb28 ] | bb28 = s0 [ s0 = {[@expl:assertion] view_Instant instant > view_Instant lesser_instant} s1 - | s1 = sub_Instant'0 {instant} {instant} (fun (_ret: t_Duration) -> [ &_63 <- _ret ] s2) + | s1 = sub_Instant'0 {instant} {instant} (fun (_ret: t_Duration) -> [ &_69 <- _ret ] s2) | s2 = bb29 ] - | bb29 = s0 [ s0 = eq_Duration {_63} {zero_dur} (fun (_ret: bool) -> [ &_61 <- _ret ] s1) | s1 = bb30 ] - | bb30 = any [ br0 -> {_61 = false} (! bb32) | br1 -> {_61} (! bb31) ] + | bb29 = s0 [ s0 = eq_Duration {_69} {zero_dur} (fun (_ret: bool) -> [ &_67 <- _ret ] s1) | s1 = bb30 ] + | bb30 = any [ br0 -> {_67 = false} (! bb32) | br1 -> {_67} (! bb31) ] | bb31 = s0 - [ s0 = sub_Instant'0 {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_71 <- _ret ] s1) | s1 = bb33 ] - | bb33 = s0 [ s0 = eq_Duration {_71} {zero_dur} (fun (_ret: bool) -> [ &_69 <- _ret ] s1) | s1 = bb34 ] - | bb34 = any [ br0 -> {_69 = false} (! bb36) | br1 -> {_69} (! bb35) ] + [ s0 = sub_Instant'0 {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_77 <- _ret ] s1) | s1 = bb33 ] + | bb33 = s0 [ s0 = eq_Duration {_77} {zero_dur} (fun (_ret: bool) -> [ &_75 <- _ret ] s1) | s1 = bb34 ] + | bb34 = any [ br0 -> {_75 = false} (! bb36) | br1 -> {_75} (! bb35) ] | bb35 = s0 - [ s0 = sub_Instant'0 {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_79 <- _ret ] s1) | s1 = bb37 ] - | bb37 = s0 [ s0 = gt_Duration {_79} {zero_dur} (fun (_ret: bool) -> [ &_77 <- _ret ] s1) | s1 = bb38 ] - | bb38 = any [ br0 -> {_77 = false} (! bb40) | br1 -> {_77} (! bb39) ] + [ s0 = sub_Instant'0 {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_85 <- _ret ] s1) | s1 = bb37 ] + | bb37 = s0 [ s0 = gt_Duration {_85} {zero_dur} (fun (_ret: bool) -> [ &_83 <- _ret ] s1) | s1 = bb38 ] + | bb38 = any [ br0 -> {_83 = false} (! bb40) | br1 -> {_83} (! bb39) ] | bb39 = s0 - [ s0 = duration_since {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_87 <- _ret ] s1) | s1 = bb41 ] - | bb41 = s0 [ s0 = gt_Duration {_87} {zero_dur} (fun (_ret: bool) -> [ &_85 <- _ret ] s1) | s1 = bb42 ] - | bb42 = any [ br0 -> {_85 = false} (! bb44) | br1 -> {_85} (! bb43) ] + [ s0 = duration_since {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_93 <- _ret ] s1) | s1 = bb41 ] + | bb41 = s0 [ s0 = gt_Duration {_93} {zero_dur} (fun (_ret: bool) -> [ &_91 <- _ret ] s1) | s1 = bb42 ] + | bb42 = any [ br0 -> {_91 = false} (! bb44) | br1 -> {_91} (! bb43) ] | bb43 = s0 - [ s0 = duration_since {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_95 <- _ret ] s1) | s1 = bb45 ] - | bb45 = s0 [ s0 = eq_Duration {_95} {zero_dur} (fun (_ret: bool) -> [ &_93 <- _ret ] s1) | s1 = bb46 ] - | bb46 = any [ br0 -> {_93 = false} (! bb48) | br1 -> {_93} (! bb47) ] + [ s0 = duration_since {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_101 <- _ret ] s1) | s1 = bb45 ] + | bb45 = s0 [ s0 = eq_Duration {_101} {zero_dur} (fun (_ret: bool) -> [ &_99 <- _ret ] s1) | s1 = bb46 ] + | bb46 = any [ br0 -> {_99 = false} (! bb48) | br1 -> {_99} (! bb47) ] | bb47 = s0 - [ s0 = checked_duration_since {greater_instant} {instant} (fun (_ret: t_Option_Duration) -> [ &_103 <- _ret ] s1) + [ s0 = checked_duration_since {greater_instant} {instant} (fun (_ret: t_Option_Duration) -> [ &_109 <- _ret ] s1) | s1 = bb49 ] - | bb49 = s0 [ s0 = is_some_Duration {_103} (fun (_ret: bool) -> [ &_101 <- _ret ] s1) | s1 = bb50 ] - | bb50 = any [ br0 -> {_101 = false} (! bb52) | br1 -> {_101} (! bb51) ] + | bb49 = s0 [ s0 = is_some_Duration {_109} (fun (_ret: bool) -> [ &_107 <- _ret ] s1) | s1 = bb50 ] + | bb50 = any [ br0 -> {_107 = false} (! bb52) | br1 -> {_107} (! bb51) ] | bb51 = s0 - [ s0 = checked_duration_since {instant} {greater_instant} (fun (_ret: t_Option_Duration) -> [ &_110 <- _ret ] s1) + [ s0 = checked_duration_since {instant} {greater_instant} (fun (_ret: t_Option_Duration) -> [ &_116 <- _ret ] s1) | s1 = bb53 ] - | bb53 = s0 [ s0 = is_none_Duration {_110} (fun (_ret: bool) -> [ &_108 <- _ret ] s1) | s1 = bb54 ] - | bb54 = any [ br0 -> {_108 = false} (! bb56) | br1 -> {_108} (! bb55) ] + | bb53 = s0 [ s0 = is_none_Duration {_116} (fun (_ret: bool) -> [ &_114 <- _ret ] s1) | s1 = bb54 ] + | bb54 = any [ br0 -> {_114 = false} (! bb56) | br1 -> {_114} (! bb55) ] | bb55 = s0 - [ s0 = saturating_duration_since {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_117 <- _ret ] s1) + [ s0 = saturating_duration_since {greater_instant} {instant} (fun (_ret: t_Duration) -> [ &_123 <- _ret ] s1) | s1 = bb57 ] - | bb57 = s0 [ s0 = gt_Duration {_117} {zero_dur} (fun (_ret: bool) -> [ &_115 <- _ret ] s1) | s1 = bb58 ] - | bb58 = any [ br0 -> {_115 = false} (! bb60) | br1 -> {_115} (! bb59) ] + | bb57 = s0 [ s0 = gt_Duration {_123} {zero_dur} (fun (_ret: bool) -> [ &_121 <- _ret ] s1) | s1 = bb58 ] + | bb58 = any [ br0 -> {_121 = false} (! bb60) | br1 -> {_121} (! bb59) ] | bb59 = s0 - [ s0 = saturating_duration_since {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_125 <- _ret ] s1) + [ s0 = saturating_duration_since {instant} {greater_instant} (fun (_ret: t_Duration) -> [ &_131 <- _ret ] s1) | s1 = bb61 ] - | bb61 = s0 [ s0 = eq_Duration {_125} {zero_dur} (fun (_ret: bool) -> [ &_123 <- _ret ] s1) | s1 = bb62 ] - | bb62 = any [ br0 -> {_123 = false} (! bb64) | br1 -> {_123} (! bb63) ] + | bb61 = s0 [ s0 = eq_Duration {_131} {zero_dur} (fun (_ret: bool) -> [ &_129 <- _ret ] s1) | s1 = bb62 ] + | bb62 = any [ br0 -> {_129 = false} (! bb64) | br1 -> {_129} (! bb63) ] | bb63 = return {_0} | bb64 = {false} any | bb60 = {false} any @@ -436,28 +436,28 @@ module M_test_instant | & three_seconds: t_Duration = Any.any_l () | & greater_instant: t_Instant = Any.any_l () | & even_greater_instant: t_Instant = Any.any_l () - | & _39: bool = Any.any_l () - | & _41: t_Instant = Any.any_l () - | & _42: t_Option_Instant = Any.any_l () - | & _48: bool = Any.any_l () - | & _50: t_Instant = Any.any_l () + | & _43: bool = Any.any_l () + | & _45: t_Instant = Any.any_l () + | & _46: t_Option_Instant = Any.any_l () + | & _52: bool = Any.any_l () + | & _54: t_Instant = Any.any_l () | & lesser_instant: t_Instant = Any.any_l () - | & _61: bool = Any.any_l () - | & _63: t_Duration = Any.any_l () - | & _69: bool = Any.any_l () - | & _71: t_Duration = Any.any_l () - | & _77: bool = Any.any_l () - | & _79: t_Duration = Any.any_l () - | & _85: bool = Any.any_l () - | & _87: t_Duration = Any.any_l () - | & _93: bool = Any.any_l () - | & _95: t_Duration = Any.any_l () - | & _101: bool = Any.any_l () - | & _103: t_Option_Duration = Any.any_l () - | & _108: bool = Any.any_l () - | & _110: t_Option_Duration = Any.any_l () - | & _115: bool = Any.any_l () - | & _117: t_Duration = Any.any_l () - | & _123: bool = Any.any_l () - | & _125: t_Duration = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _67: bool = Any.any_l () + | & _69: t_Duration = Any.any_l () + | & _75: bool = Any.any_l () + | & _77: t_Duration = Any.any_l () + | & _83: bool = Any.any_l () + | & _85: t_Duration = Any.any_l () + | & _91: bool = Any.any_l () + | & _93: t_Duration = Any.any_l () + | & _99: bool = Any.any_l () + | & _101: t_Duration = Any.any_l () + | & _107: bool = Any.any_l () + | & _109: t_Option_Duration = Any.any_l () + | & _114: bool = Any.any_l () + | & _116: t_Option_Duration = Any.any_l () + | & _121: bool = Any.any_l () + | & _123: t_Duration = Any.any_l () + | & _129: bool = Any.any_l () + | & _131: t_Duration = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/integer_ops.coma b/tests/should_succeed/integer_ops.coma index 6efb31ff24..fac33816ea 100644 --- a/tests/should_succeed/integer_ops.coma +++ b/tests/should_succeed/integer_ops.coma @@ -2001,16 +2001,16 @@ module M_u8__test_div /\ Int.div (UInt8.t'int l) (UInt8.t'int r) <= UInt8.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt8.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt8.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt8.div {l} {_7} (fun (_ret: UInt8.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt8.div {l} {_12} (fun (_ret: UInt8.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt8.t = Any.any_l () | & l: UInt8.t = l | & r: UInt8.t = r - | & _7: UInt8.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt8.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt8.t) -> {[@expl:test_div ensures] UInt8.t'int result = Int.div (UInt8.t'int l) (UInt8.t'int r)} (! return {result}) ] @@ -2034,16 +2034,16 @@ module M_u8__test_div_bw /\ Int.div (UInt8BW.t'int l) (UInt8BW.t'int r) <= UInt8BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt8BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt8BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt8BW.div {l} {_7} (fun (_ret: UInt8BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt8BW.div {l} {_12} (fun (_ret: UInt8BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt8BW.t = Any.any_l () | & l: UInt8BW.t = l | & r: UInt8BW.t = r - | & _7: UInt8BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt8BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt8BW.t) -> {[@expl:test_div_bw ensures] UInt8BW.t'int result = Int.div (UInt8BW.t'int l) (UInt8BW.t'int r)} (! return {result}) ] @@ -2066,57 +2066,57 @@ module M_u8__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt8.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt8.t = Any.any_l () | & _1: UInt8.t = Any.any_l () ] - [ _const_ret (_const: UInt8.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt8.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt8.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt8.t = Any.any_l () ] [ _const_ret (_const: UInt8.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt8.t = Any.any_l () ] [ _const_ret (_const: UInt8.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt8.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt8.t = Any.any_l () | & _1: UInt8.t = Any.any_l () ] - [ _const_ret (_const: UInt8.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt8.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt8.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt8.t = Any.any_l () ] [ _const_ret (_const: UInt8.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt8.t = Any.any_l () ] [ _const_ret (_const: UInt8.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt8.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt8.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u8_ref_u8 = Any.any_l () + | & _5: tup2_ref_u8_ref_u8 = Any.any_l () | & left_val: UInt8.t = Any.any_l () | & right_val: UInt8.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt8.t = Any.any_l () - | & _21: UInt8.t = Any.any_l () - | & _24: tup2_ref_u8_ref_u8 = Any.any_l () + | & _20: UInt8.t = Any.any_l () + | & _22: UInt8.t = Any.any_l () + | & _25: tup2_ref_u8_ref_u8 = Any.any_l () | & left_val'0: UInt8.t = Any.any_l () | & right_val'0: UInt8.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt8.t = Any.any_l () - | & _41: UInt8.t = Any.any_l () - | & _44: UInt8.t = Any.any_l () + | & _40: UInt8.t = Any.any_l () + | & _42: UInt8.t = Any.any_l () | & _45: UInt8.t = Any.any_l () | & _46: UInt8.t = Any.any_l () - | & _47: UInt8.t = Any.any_l () ]) + | & _47: UInt8.t = Any.any_l () + | & _48: UInt8.t = Any.any_l () ]) [ return (result: UInt8.t) -> {[@expl:test_from_bool ensures] result = UInt8.of_bool b} (! return {result}) ] end module M_u8__test_from_bool_bw @@ -2137,57 +2137,57 @@ module M_u8__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt8BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt8BW.t = Any.any_l () | & _1: UInt8BW.t = Any.any_l () ] - [ _const_ret (_const: UInt8BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt8BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt8BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt8BW.t = Any.any_l () ] [ _const_ret (_const: UInt8BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt8BW.t = Any.any_l () ] [ _const_ret (_const: UInt8BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt8BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt8BW.t = Any.any_l () | & _1: UInt8BW.t = Any.any_l () ] - [ _const_ret (_const: UInt8BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt8BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt8BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt8BW.t = Any.any_l () ] [ _const_ret (_const: UInt8BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt8BW.t = Any.any_l () ] [ _const_ret (_const: UInt8BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt8BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt8BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u8_ref_u8 = Any.any_l () + | & _5: tup2_ref_u8_ref_u8 = Any.any_l () | & left_val: UInt8BW.t = Any.any_l () | & right_val: UInt8BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt8BW.t = Any.any_l () - | & _21: UInt8BW.t = Any.any_l () - | & _24: tup2_ref_u8_ref_u8 = Any.any_l () + | & _20: UInt8BW.t = Any.any_l () + | & _22: UInt8BW.t = Any.any_l () + | & _25: tup2_ref_u8_ref_u8 = Any.any_l () | & left_val'0: UInt8BW.t = Any.any_l () | & right_val'0: UInt8BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt8BW.t = Any.any_l () - | & _41: UInt8BW.t = Any.any_l () - | & _44: UInt8BW.t = Any.any_l () + | & _40: UInt8BW.t = Any.any_l () + | & _42: UInt8BW.t = Any.any_l () | & _45: UInt8BW.t = Any.any_l () | & _46: UInt8BW.t = Any.any_l () - | & _47: UInt8BW.t = Any.any_l () ]) + | & _47: UInt8BW.t = Any.any_l () + | & _48: UInt8BW.t = Any.any_l () ]) [ return (result: UInt8BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt8BW.of_bool b} (! return {result}) ] end module M_u8__test_shl @@ -2507,27 +2507,27 @@ module M_i8__test_div /\ Int.div (Int8.to_int l) (Int8.to_int r) <= Int8.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int8.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int8.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int8.t) ] s1 - | s1 = [ &_10 <- _6 = (-128: Int8.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int8.t) ] s1 + | s1 = [ &_15 <- _11 = (-128: Int8.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int8.div {_6} {_7} (fun (_ret: Int8.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int8.div {_11} {_12} (fun (_ret: Int8.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int8.t = Any.any_l () | & l: Int8.t = l | & r: Int8.t = r - | & _6: Int8.t = Any.any_l () - | & _7: Int8.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int8.t = Any.any_l () + | & _12: Int8.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int8.t) -> {[@expl:test_div ensures] Int8.to_int result = Int.div (Int8.to_int l) (Int8.to_int r)} (! return {result}) ] end @@ -2551,27 +2551,27 @@ module M_i8__test_div_bw /\ Int.div (Int8BW.to_int l) (Int8BW.to_int r) <= Int8BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int8BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int8BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (255: Int8BW.t) ] s1 - | s1 = [ &_10 <- _6 = (128: Int8BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (255: Int8BW.t) ] s1 + | s1 = [ &_15 <- _11 = (128: Int8BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int8BW.div {_6} {_7} (fun (_ret: Int8BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int8BW.div {_11} {_12} (fun (_ret: Int8BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int8BW.t = Any.any_l () | & l: Int8BW.t = l | & r: Int8BW.t = r - | & _6: Int8BW.t = Any.any_l () - | & _7: Int8BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int8BW.t = Any.any_l () + | & _12: Int8BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int8BW.t) -> {[@expl:test_div_bw ensures] Int8BW.to_int result = Int.div (Int8BW.to_int l) (Int8BW.to_int r)} (! return {result}) ] @@ -2594,57 +2594,57 @@ module M_i8__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int8.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int8.t = Any.any_l () | & _1: Int8.t = Any.any_l () ] - [ _const_ret (_const: Int8.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int8.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int8.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int8.t = Any.any_l () ] [ _const_ret (_const: Int8.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int8.t = Any.any_l () ] [ _const_ret (_const: Int8.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int8.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int8.t = Any.any_l () | & _1: Int8.t = Any.any_l () ] - [ _const_ret (_const: Int8.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int8.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int8.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int8.t = Any.any_l () ] [ _const_ret (_const: Int8.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int8.t = Any.any_l () ] [ _const_ret (_const: Int8.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int8.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int8.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i8_ref_i8 = Any.any_l () + | & _5: tup2_ref_i8_ref_i8 = Any.any_l () | & left_val: Int8.t = Any.any_l () | & right_val: Int8.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int8.t = Any.any_l () - | & _21: Int8.t = Any.any_l () - | & _24: tup2_ref_i8_ref_i8 = Any.any_l () + | & _20: Int8.t = Any.any_l () + | & _22: Int8.t = Any.any_l () + | & _25: tup2_ref_i8_ref_i8 = Any.any_l () | & left_val'0: Int8.t = Any.any_l () | & right_val'0: Int8.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int8.t = Any.any_l () - | & _41: Int8.t = Any.any_l () - | & _44: Int8.t = Any.any_l () + | & _40: Int8.t = Any.any_l () + | & _42: Int8.t = Any.any_l () | & _45: Int8.t = Any.any_l () | & _46: Int8.t = Any.any_l () - | & _47: Int8.t = Any.any_l () ]) + | & _47: Int8.t = Any.any_l () + | & _48: Int8.t = Any.any_l () ]) [ return (result: Int8.t) -> {[@expl:test_from_bool ensures] result = Int8.of_bool b} (! return {result}) ] end module M_i8__test_from_bool_bw @@ -2665,57 +2665,57 @@ module M_i8__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int8BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int8BW.t = Any.any_l () | & _1: Int8BW.t = Any.any_l () ] - [ _const_ret (_const: Int8BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int8BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int8BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int8BW.t = Any.any_l () ] [ _const_ret (_const: Int8BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int8BW.t = Any.any_l () ] [ _const_ret (_const: Int8BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int8BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int8BW.t = Any.any_l () | & _1: Int8BW.t = Any.any_l () ] - [ _const_ret (_const: Int8BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int8BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int8BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int8BW.t = Any.any_l () ] [ _const_ret (_const: Int8BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int8BW.t = Any.any_l () ] [ _const_ret (_const: Int8BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int8BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int8BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i8_ref_i8 = Any.any_l () + | & _5: tup2_ref_i8_ref_i8 = Any.any_l () | & left_val: Int8BW.t = Any.any_l () | & right_val: Int8BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int8BW.t = Any.any_l () - | & _21: Int8BW.t = Any.any_l () - | & _24: tup2_ref_i8_ref_i8 = Any.any_l () + | & _20: Int8BW.t = Any.any_l () + | & _22: Int8BW.t = Any.any_l () + | & _25: tup2_ref_i8_ref_i8 = Any.any_l () | & left_val'0: Int8BW.t = Any.any_l () | & right_val'0: Int8BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int8BW.t = Any.any_l () - | & _41: Int8BW.t = Any.any_l () - | & _44: Int8BW.t = Any.any_l () + | & _40: Int8BW.t = Any.any_l () + | & _42: Int8BW.t = Any.any_l () | & _45: Int8BW.t = Any.any_l () | & _46: Int8BW.t = Any.any_l () - | & _47: Int8BW.t = Any.any_l () ]) + | & _47: Int8BW.t = Any.any_l () + | & _48: Int8BW.t = Any.any_l () ]) [ return (result: Int8BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int8BW.of_bool b} (! return {result}) ] end module M_i8__test_shl @@ -3069,16 +3069,16 @@ module M_u16__test_div /\ Int.div (UInt16.t'int l) (UInt16.t'int r) <= UInt16.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt16.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt16.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt16.div {l} {_7} (fun (_ret: UInt16.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt16.div {l} {_12} (fun (_ret: UInt16.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt16.t = Any.any_l () | & l: UInt16.t = l | & r: UInt16.t = r - | & _7: UInt16.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt16.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt16.t) -> {[@expl:test_div ensures] UInt16.t'int result = Int.div (UInt16.t'int l) (UInt16.t'int r)} (! return {result}) ] @@ -3102,16 +3102,16 @@ module M_u16__test_div_bw /\ Int.div (UInt16BW.t'int l) (UInt16BW.t'int r) <= UInt16BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt16BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt16BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt16BW.div {l} {_7} (fun (_ret: UInt16BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt16BW.div {l} {_12} (fun (_ret: UInt16BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt16BW.t = Any.any_l () | & l: UInt16BW.t = l | & r: UInt16BW.t = r - | & _7: UInt16BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt16BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt16BW.t) -> {[@expl:test_div_bw ensures] UInt16BW.t'int result = Int.div (UInt16BW.t'int l) (UInt16BW.t'int r)} (! return {result}) ] @@ -3134,57 +3134,57 @@ module M_u16__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt16.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt16.t = Any.any_l () | & _1: UInt16.t = Any.any_l () ] - [ _const_ret (_const: UInt16.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt16.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt16.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt16.t = Any.any_l () ] [ _const_ret (_const: UInt16.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt16.t = Any.any_l () ] [ _const_ret (_const: UInt16.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt16.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt16.t = Any.any_l () | & _1: UInt16.t = Any.any_l () ] - [ _const_ret (_const: UInt16.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt16.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt16.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt16.t = Any.any_l () ] [ _const_ret (_const: UInt16.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt16.t = Any.any_l () ] [ _const_ret (_const: UInt16.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt16.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt16.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u16_ref_u16 = Any.any_l () + | & _5: tup2_ref_u16_ref_u16 = Any.any_l () | & left_val: UInt16.t = Any.any_l () | & right_val: UInt16.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt16.t = Any.any_l () - | & _21: UInt16.t = Any.any_l () - | & _24: tup2_ref_u16_ref_u16 = Any.any_l () + | & _20: UInt16.t = Any.any_l () + | & _22: UInt16.t = Any.any_l () + | & _25: tup2_ref_u16_ref_u16 = Any.any_l () | & left_val'0: UInt16.t = Any.any_l () | & right_val'0: UInt16.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt16.t = Any.any_l () - | & _41: UInt16.t = Any.any_l () - | & _44: UInt16.t = Any.any_l () + | & _40: UInt16.t = Any.any_l () + | & _42: UInt16.t = Any.any_l () | & _45: UInt16.t = Any.any_l () | & _46: UInt16.t = Any.any_l () - | & _47: UInt16.t = Any.any_l () ]) + | & _47: UInt16.t = Any.any_l () + | & _48: UInt16.t = Any.any_l () ]) [ return (result: UInt16.t) -> {[@expl:test_from_bool ensures] result = UInt16.of_bool b} (! return {result}) ] end module M_u16__test_from_bool_bw @@ -3205,57 +3205,57 @@ module M_u16__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt16BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt16BW.t = Any.any_l () | & _1: UInt16BW.t = Any.any_l () ] - [ _const_ret (_const: UInt16BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt16BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt16BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt16BW.t = Any.any_l () ] [ _const_ret (_const: UInt16BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt16BW.t = Any.any_l () ] [ _const_ret (_const: UInt16BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt16BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt16BW.t = Any.any_l () | & _1: UInt16BW.t = Any.any_l () ] - [ _const_ret (_const: UInt16BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt16BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt16BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt16BW.t = Any.any_l () ] [ _const_ret (_const: UInt16BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt16BW.t = Any.any_l () ] [ _const_ret (_const: UInt16BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt16BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt16BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u16_ref_u16 = Any.any_l () + | & _5: tup2_ref_u16_ref_u16 = Any.any_l () | & left_val: UInt16BW.t = Any.any_l () | & right_val: UInt16BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt16BW.t = Any.any_l () - | & _21: UInt16BW.t = Any.any_l () - | & _24: tup2_ref_u16_ref_u16 = Any.any_l () + | & _20: UInt16BW.t = Any.any_l () + | & _22: UInt16BW.t = Any.any_l () + | & _25: tup2_ref_u16_ref_u16 = Any.any_l () | & left_val'0: UInt16BW.t = Any.any_l () | & right_val'0: UInt16BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt16BW.t = Any.any_l () - | & _41: UInt16BW.t = Any.any_l () - | & _44: UInt16BW.t = Any.any_l () + | & _40: UInt16BW.t = Any.any_l () + | & _42: UInt16BW.t = Any.any_l () | & _45: UInt16BW.t = Any.any_l () | & _46: UInt16BW.t = Any.any_l () - | & _47: UInt16BW.t = Any.any_l () ]) + | & _47: UInt16BW.t = Any.any_l () + | & _48: UInt16BW.t = Any.any_l () ]) [ return (result: UInt16BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt16BW.of_bool b} (! return {result}) ] end @@ -3490,27 +3490,27 @@ module M_i16__test_div /\ Int.div (Int16.to_int l) (Int16.to_int r) <= Int16.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int16.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int16.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int16.t) ] s1 - | s1 = [ &_10 <- _6 = (-32768: Int16.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int16.t) ] s1 + | s1 = [ &_15 <- _11 = (-32768: Int16.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int16.div {_6} {_7} (fun (_ret: Int16.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int16.div {_11} {_12} (fun (_ret: Int16.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int16.t = Any.any_l () | & l: Int16.t = l | & r: Int16.t = r - | & _6: Int16.t = Any.any_l () - | & _7: Int16.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int16.t = Any.any_l () + | & _12: Int16.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int16.t) -> {[@expl:test_div ensures] Int16.to_int result = Int.div (Int16.to_int l) (Int16.to_int r)} (! return {result}) ] @@ -3535,27 +3535,27 @@ module M_i16__test_div_bw /\ Int.div (Int16BW.to_int l) (Int16BW.to_int r) <= Int16BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int16BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int16BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (65535: Int16BW.t) ] s1 - | s1 = [ &_10 <- _6 = (32768: Int16BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (65535: Int16BW.t) ] s1 + | s1 = [ &_15 <- _11 = (32768: Int16BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int16BW.div {_6} {_7} (fun (_ret: Int16BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int16BW.div {_11} {_12} (fun (_ret: Int16BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int16BW.t = Any.any_l () | & l: Int16BW.t = l | & r: Int16BW.t = r - | & _6: Int16BW.t = Any.any_l () - | & _7: Int16BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int16BW.t = Any.any_l () + | & _12: Int16BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int16BW.t) -> {[@expl:test_div_bw ensures] Int16BW.to_int result = Int.div (Int16BW.to_int l) (Int16BW.to_int r)} (! return {result}) ] @@ -3578,57 +3578,57 @@ module M_i16__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int16.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int16.t = Any.any_l () | & _1: Int16.t = Any.any_l () ] - [ _const_ret (_const: Int16.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int16.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int16.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int16.t = Any.any_l () ] [ _const_ret (_const: Int16.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int16.t = Any.any_l () ] [ _const_ret (_const: Int16.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int16.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int16.t = Any.any_l () | & _1: Int16.t = Any.any_l () ] - [ _const_ret (_const: Int16.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int16.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int16.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int16.t = Any.any_l () ] [ _const_ret (_const: Int16.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int16.t = Any.any_l () ] [ _const_ret (_const: Int16.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int16.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int16.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i16_ref_i16 = Any.any_l () + | & _5: tup2_ref_i16_ref_i16 = Any.any_l () | & left_val: Int16.t = Any.any_l () | & right_val: Int16.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int16.t = Any.any_l () - | & _21: Int16.t = Any.any_l () - | & _24: tup2_ref_i16_ref_i16 = Any.any_l () + | & _20: Int16.t = Any.any_l () + | & _22: Int16.t = Any.any_l () + | & _25: tup2_ref_i16_ref_i16 = Any.any_l () | & left_val'0: Int16.t = Any.any_l () | & right_val'0: Int16.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int16.t = Any.any_l () - | & _41: Int16.t = Any.any_l () - | & _44: Int16.t = Any.any_l () + | & _40: Int16.t = Any.any_l () + | & _42: Int16.t = Any.any_l () | & _45: Int16.t = Any.any_l () | & _46: Int16.t = Any.any_l () - | & _47: Int16.t = Any.any_l () ]) + | & _47: Int16.t = Any.any_l () + | & _48: Int16.t = Any.any_l () ]) [ return (result: Int16.t) -> {[@expl:test_from_bool ensures] result = Int16.of_bool b} (! return {result}) ] end module M_i16__test_from_bool_bw @@ -3649,57 +3649,57 @@ module M_i16__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int16BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int16BW.t = Any.any_l () | & _1: Int16BW.t = Any.any_l () ] - [ _const_ret (_const: Int16BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int16BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int16BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int16BW.t = Any.any_l () ] [ _const_ret (_const: Int16BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int16BW.t = Any.any_l () ] [ _const_ret (_const: Int16BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int16BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int16BW.t = Any.any_l () | & _1: Int16BW.t = Any.any_l () ] - [ _const_ret (_const: Int16BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int16BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int16BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int16BW.t = Any.any_l () ] [ _const_ret (_const: Int16BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int16BW.t = Any.any_l () ] [ _const_ret (_const: Int16BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int16BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int16BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i16_ref_i16 = Any.any_l () + | & _5: tup2_ref_i16_ref_i16 = Any.any_l () | & left_val: Int16BW.t = Any.any_l () | & right_val: Int16BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int16BW.t = Any.any_l () - | & _21: Int16BW.t = Any.any_l () - | & _24: tup2_ref_i16_ref_i16 = Any.any_l () + | & _20: Int16BW.t = Any.any_l () + | & _22: Int16BW.t = Any.any_l () + | & _25: tup2_ref_i16_ref_i16 = Any.any_l () | & left_val'0: Int16BW.t = Any.any_l () | & right_val'0: Int16BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int16BW.t = Any.any_l () - | & _41: Int16BW.t = Any.any_l () - | & _44: Int16BW.t = Any.any_l () + | & _40: Int16BW.t = Any.any_l () + | & _42: Int16BW.t = Any.any_l () | & _45: Int16BW.t = Any.any_l () | & _46: Int16BW.t = Any.any_l () - | & _47: Int16BW.t = Any.any_l () ]) + | & _47: Int16BW.t = Any.any_l () + | & _48: Int16BW.t = Any.any_l () ]) [ return (result: Int16BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int16BW.of_bool b} (! return {result}) ] end module M_i16__test_shl @@ -3933,16 +3933,16 @@ module M_u32__test_div /\ Int.div (UInt32.t'int l) (UInt32.t'int r) <= UInt32.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt32.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt32.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt32.div {l} {_7} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt32.div {l} {_12} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & l: UInt32.t = l | & r: UInt32.t = r - | & _7: UInt32.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt32.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:test_div ensures] UInt32.t'int result = Int.div (UInt32.t'int l) (UInt32.t'int r)} (! return {result}) ] @@ -3966,16 +3966,16 @@ module M_u32__test_div_bw /\ Int.div (UInt32BW.t'int l) (UInt32BW.t'int r) <= UInt32BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt32BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt32BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt32BW.div {l} {_7} (fun (_ret: UInt32BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt32BW.div {l} {_12} (fun (_ret: UInt32BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt32BW.t = Any.any_l () | & l: UInt32BW.t = l | & r: UInt32BW.t = r - | & _7: UInt32BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt32BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt32BW.t) -> {[@expl:test_div_bw ensures] UInt32BW.t'int result = Int.div (UInt32BW.t'int l) (UInt32BW.t'int r)} (! return {result}) ] @@ -3998,57 +3998,57 @@ module M_u32__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt32.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt32.t = Any.any_l () | & _1: UInt32.t = Any.any_l () ] - [ _const_ret (_const: UInt32.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt32.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt32.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt32.t = Any.any_l () | & _1: UInt32.t = Any.any_l () ] - [ _const_ret (_const: UInt32.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt32.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt32.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt32.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u32_ref_u32 = Any.any_l () + | & _5: tup2_ref_u32_ref_u32 = Any.any_l () | & left_val: UInt32.t = Any.any_l () | & right_val: UInt32.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt32.t = Any.any_l () - | & _21: UInt32.t = Any.any_l () - | & _24: tup2_ref_u32_ref_u32 = Any.any_l () + | & _20: UInt32.t = Any.any_l () + | & _22: UInt32.t = Any.any_l () + | & _25: tup2_ref_u32_ref_u32 = Any.any_l () | & left_val'0: UInt32.t = Any.any_l () | & right_val'0: UInt32.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt32.t = Any.any_l () - | & _41: UInt32.t = Any.any_l () - | & _44: UInt32.t = Any.any_l () + | & _40: UInt32.t = Any.any_l () + | & _42: UInt32.t = Any.any_l () | & _45: UInt32.t = Any.any_l () | & _46: UInt32.t = Any.any_l () - | & _47: UInt32.t = Any.any_l () ]) + | & _47: UInt32.t = Any.any_l () + | & _48: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:test_from_bool ensures] result = UInt32.of_bool b} (! return {result}) ] end module M_u32__test_from_bool_bw @@ -4069,57 +4069,57 @@ module M_u32__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt32BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt32BW.t = Any.any_l () | & _1: UInt32BW.t = Any.any_l () ] - [ _const_ret (_const: UInt32BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt32BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt32BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt32BW.t = Any.any_l () ] [ _const_ret (_const: UInt32BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt32BW.t = Any.any_l () ] [ _const_ret (_const: UInt32BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt32BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt32BW.t = Any.any_l () | & _1: UInt32BW.t = Any.any_l () ] - [ _const_ret (_const: UInt32BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt32BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt32BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt32BW.t = Any.any_l () ] [ _const_ret (_const: UInt32BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt32BW.t = Any.any_l () ] [ _const_ret (_const: UInt32BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt32BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt32BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u32_ref_u32 = Any.any_l () + | & _5: tup2_ref_u32_ref_u32 = Any.any_l () | & left_val: UInt32BW.t = Any.any_l () | & right_val: UInt32BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt32BW.t = Any.any_l () - | & _21: UInt32BW.t = Any.any_l () - | & _24: tup2_ref_u32_ref_u32 = Any.any_l () + | & _20: UInt32BW.t = Any.any_l () + | & _22: UInt32BW.t = Any.any_l () + | & _25: tup2_ref_u32_ref_u32 = Any.any_l () | & left_val'0: UInt32BW.t = Any.any_l () | & right_val'0: UInt32BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt32BW.t = Any.any_l () - | & _41: UInt32BW.t = Any.any_l () - | & _44: UInt32BW.t = Any.any_l () + | & _40: UInt32BW.t = Any.any_l () + | & _42: UInt32BW.t = Any.any_l () | & _45: UInt32BW.t = Any.any_l () | & _46: UInt32BW.t = Any.any_l () - | & _47: UInt32BW.t = Any.any_l () ]) + | & _47: UInt32BW.t = Any.any_l () + | & _48: UInt32BW.t = Any.any_l () ]) [ return (result: UInt32BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt32BW.of_bool b} (! return {result}) ] end @@ -4354,27 +4354,27 @@ module M_i32__test_div /\ Int.div (Int32.to_int l) (Int32.to_int r) <= Int32.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int32.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int32.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int32.t) ] s1 - | s1 = [ &_10 <- _6 = (-2147483648: Int32.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int32.t) ] s1 + | s1 = [ &_15 <- _11 = (-2147483648: Int32.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int32.div {_6} {_7} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int32.div {_11} {_12} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int32.t = Any.any_l () | & l: Int32.t = l | & r: Int32.t = r - | & _6: Int32.t = Any.any_l () - | & _7: Int32.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int32.t = Any.any_l () + | & _12: Int32.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test_div ensures] Int32.to_int result = Int.div (Int32.to_int l) (Int32.to_int r)} (! return {result}) ] @@ -4399,27 +4399,27 @@ module M_i32__test_div_bw /\ Int.div (Int32BW.to_int l) (Int32BW.to_int r) <= Int32BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int32BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int32BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (4294967295: Int32BW.t) ] s1 - | s1 = [ &_10 <- _6 = (2147483648: Int32BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (4294967295: Int32BW.t) ] s1 + | s1 = [ &_15 <- _11 = (2147483648: Int32BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int32BW.div {_6} {_7} (fun (_ret: Int32BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int32BW.div {_11} {_12} (fun (_ret: Int32BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int32BW.t = Any.any_l () | & l: Int32BW.t = l | & r: Int32BW.t = r - | & _6: Int32BW.t = Any.any_l () - | & _7: Int32BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int32BW.t = Any.any_l () + | & _12: Int32BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int32BW.t) -> {[@expl:test_div_bw ensures] Int32BW.to_int result = Int.div (Int32BW.to_int l) (Int32BW.to_int r)} (! return {result}) ] @@ -4442,57 +4442,57 @@ module M_i32__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int32.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int32.t = Any.any_l () | & _1: Int32.t = Any.any_l () ] - [ _const_ret (_const: Int32.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int32.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int32.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int32.t = Any.any_l () | & _1: Int32.t = Any.any_l () ] - [ _const_ret (_const: Int32.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int32.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int32.t = Any.any_l () ] [ _const_ret (_const: Int32.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int32.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int32.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i32_ref_i32 = Any.any_l () + | & _5: tup2_ref_i32_ref_i32 = Any.any_l () | & left_val: Int32.t = Any.any_l () | & right_val: Int32.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int32.t = Any.any_l () - | & _21: Int32.t = Any.any_l () - | & _24: tup2_ref_i32_ref_i32 = Any.any_l () + | & _20: Int32.t = Any.any_l () + | & _22: Int32.t = Any.any_l () + | & _25: tup2_ref_i32_ref_i32 = Any.any_l () | & left_val'0: Int32.t = Any.any_l () | & right_val'0: Int32.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int32.t = Any.any_l () - | & _41: Int32.t = Any.any_l () - | & _44: Int32.t = Any.any_l () + | & _40: Int32.t = Any.any_l () + | & _42: Int32.t = Any.any_l () | & _45: Int32.t = Any.any_l () | & _46: Int32.t = Any.any_l () - | & _47: Int32.t = Any.any_l () ]) + | & _47: Int32.t = Any.any_l () + | & _48: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> {[@expl:test_from_bool ensures] result = Int32.of_bool b} (! return {result}) ] end module M_i32__test_from_bool_bw @@ -4513,57 +4513,57 @@ module M_i32__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int32BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int32BW.t = Any.any_l () | & _1: Int32BW.t = Any.any_l () ] - [ _const_ret (_const: Int32BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int32BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int32BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32BW.t = Any.any_l () ] [ _const_ret (_const: Int32BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int32BW.t = Any.any_l () ] [ _const_ret (_const: Int32BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int32BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int32BW.t = Any.any_l () | & _1: Int32BW.t = Any.any_l () ] - [ _const_ret (_const: Int32BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int32BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int32BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int32BW.t = Any.any_l () ] [ _const_ret (_const: Int32BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int32BW.t = Any.any_l () ] [ _const_ret (_const: Int32BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int32BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int32BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i32_ref_i32 = Any.any_l () + | & _5: tup2_ref_i32_ref_i32 = Any.any_l () | & left_val: Int32BW.t = Any.any_l () | & right_val: Int32BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int32BW.t = Any.any_l () - | & _21: Int32BW.t = Any.any_l () - | & _24: tup2_ref_i32_ref_i32 = Any.any_l () + | & _20: Int32BW.t = Any.any_l () + | & _22: Int32BW.t = Any.any_l () + | & _25: tup2_ref_i32_ref_i32 = Any.any_l () | & left_val'0: Int32BW.t = Any.any_l () | & right_val'0: Int32BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int32BW.t = Any.any_l () - | & _41: Int32BW.t = Any.any_l () - | & _44: Int32BW.t = Any.any_l () + | & _40: Int32BW.t = Any.any_l () + | & _42: Int32BW.t = Any.any_l () | & _45: Int32BW.t = Any.any_l () | & _46: Int32BW.t = Any.any_l () - | & _47: Int32BW.t = Any.any_l () ]) + | & _47: Int32BW.t = Any.any_l () + | & _48: Int32BW.t = Any.any_l () ]) [ return (result: Int32BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int32BW.of_bool b} (! return {result}) ] end module M_i32__test_shl @@ -4793,16 +4793,16 @@ module M_u64__test_div /\ Int.div (UInt64.t'int l) (UInt64.t'int r) <= UInt64.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt64.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt64.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64.div {l} {_7} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64.div {l} {_12} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & l: UInt64.t = l | & r: UInt64.t = r - | & _7: UInt64.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt64.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:test_div ensures] UInt64.t'int result = Int.div (UInt64.t'int l) (UInt64.t'int r)} (! return {result}) ] @@ -4826,16 +4826,16 @@ module M_u64__test_div_bw /\ Int.div (UInt64BW.t'int l) (UInt64BW.t'int r) <= UInt64BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt64BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt64BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64BW.div {l} {_7} (fun (_ret: UInt64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64BW.div {l} {_12} (fun (_ret: UInt64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64BW.t = Any.any_l () | & l: UInt64BW.t = l | & r: UInt64BW.t = r - | & _7: UInt64BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt64BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt64BW.t) -> {[@expl:test_div_bw ensures] UInt64BW.t'int result = Int.div (UInt64BW.t'int l) (UInt64BW.t'int r)} (! return {result}) ] @@ -4858,57 +4858,57 @@ module M_u64__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64.t = Any.any_l () | & _1: UInt64.t = Any.any_l () ] - [ _const_ret (_const: UInt64.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt64.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64.t = Any.any_l () | & _1: UInt64.t = Any.any_l () ] - [ _const_ret (_const: UInt64.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt64.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt64.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt64.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u64_ref_u64 = Any.any_l () + | & _5: tup2_ref_u64_ref_u64 = Any.any_l () | & left_val: UInt64.t = Any.any_l () | & right_val: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt64.t = Any.any_l () - | & _21: UInt64.t = Any.any_l () - | & _24: tup2_ref_u64_ref_u64 = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _22: UInt64.t = Any.any_l () + | & _25: tup2_ref_u64_ref_u64 = Any.any_l () | & left_val'0: UInt64.t = Any.any_l () | & right_val'0: UInt64.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt64.t = Any.any_l () - | & _41: UInt64.t = Any.any_l () - | & _44: UInt64.t = Any.any_l () + | & _40: UInt64.t = Any.any_l () + | & _42: UInt64.t = Any.any_l () | & _45: UInt64.t = Any.any_l () | & _46: UInt64.t = Any.any_l () - | & _47: UInt64.t = Any.any_l () ]) + | & _47: UInt64.t = Any.any_l () + | & _48: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:test_from_bool ensures] result = UInt64.of_bool b} (! return {result}) ] end module M_u64__test_from_bool_bw @@ -4929,57 +4929,57 @@ module M_u64__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64BW.t = Any.any_l () | & _1: UInt64BW.t = Any.any_l () ] - [ _const_ret (_const: UInt64BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt64BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64BW.t = Any.any_l () | & _1: UInt64BW.t = Any.any_l () ] - [ _const_ret (_const: UInt64BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt64BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt64BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt64BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u64_ref_u64 = Any.any_l () + | & _5: tup2_ref_u64_ref_u64 = Any.any_l () | & left_val: UInt64BW.t = Any.any_l () | & right_val: UInt64BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt64BW.t = Any.any_l () - | & _21: UInt64BW.t = Any.any_l () - | & _24: tup2_ref_u64_ref_u64 = Any.any_l () + | & _20: UInt64BW.t = Any.any_l () + | & _22: UInt64BW.t = Any.any_l () + | & _25: tup2_ref_u64_ref_u64 = Any.any_l () | & left_val'0: UInt64BW.t = Any.any_l () | & right_val'0: UInt64BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt64BW.t = Any.any_l () - | & _41: UInt64BW.t = Any.any_l () - | & _44: UInt64BW.t = Any.any_l () + | & _40: UInt64BW.t = Any.any_l () + | & _42: UInt64BW.t = Any.any_l () | & _45: UInt64BW.t = Any.any_l () | & _46: UInt64BW.t = Any.any_l () - | & _47: UInt64BW.t = Any.any_l () ]) + | & _47: UInt64BW.t = Any.any_l () + | & _48: UInt64BW.t = Any.any_l () ]) [ return (result: UInt64BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt64BW.of_bool b} (! return {result}) ] end @@ -5214,27 +5214,27 @@ module M_i64__test_div /\ Int.div (Int64.to_int l) (Int64.to_int r) <= Int64.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int64.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int64.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int64.t) ] s1 - | s1 = [ &_10 <- _6 = (-9223372036854775808: Int64.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int64.t) ] s1 + | s1 = [ &_15 <- _11 = (-9223372036854775808: Int64.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int64.div {_6} {_7} (fun (_ret: Int64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int64.div {_11} {_12} (fun (_ret: Int64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int64.t = Any.any_l () | & l: Int64.t = l | & r: Int64.t = r - | & _6: Int64.t = Any.any_l () - | & _7: Int64.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int64.t = Any.any_l () + | & _12: Int64.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:test_div ensures] Int64.to_int result = Int.div (Int64.to_int l) (Int64.to_int r)} (! return {result}) ] @@ -5259,27 +5259,27 @@ module M_i64__test_div_bw /\ Int.div (Int64BW.to_int l) (Int64BW.to_int r) <= Int64BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int64BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int64BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (18446744073709551615: Int64BW.t) ] s1 - | s1 = [ &_10 <- _6 = (9223372036854775808: Int64BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (18446744073709551615: Int64BW.t) ] s1 + | s1 = [ &_15 <- _11 = (9223372036854775808: Int64BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int64BW.div {_6} {_7} (fun (_ret: Int64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int64BW.div {_11} {_12} (fun (_ret: Int64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int64BW.t = Any.any_l () | & l: Int64BW.t = l | & r: Int64BW.t = r - | & _6: Int64BW.t = Any.any_l () - | & _7: Int64BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int64BW.t = Any.any_l () + | & _12: Int64BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int64BW.t) -> {[@expl:test_div_bw ensures] Int64BW.to_int result = Int.div (Int64BW.to_int l) (Int64BW.to_int r)} (! return {result}) ] @@ -5302,57 +5302,57 @@ module M_i64__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64.t = Any.any_l () | & _1: Int64.t = Any.any_l () ] - [ _const_ret (_const: Int64.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int64.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64.t = Any.any_l () | & _1: Int64.t = Any.any_l () ] - [ _const_ret (_const: Int64.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int64.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int64.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int64.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i64_ref_i64 = Any.any_l () + | & _5: tup2_ref_i64_ref_i64 = Any.any_l () | & left_val: Int64.t = Any.any_l () | & right_val: Int64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int64.t = Any.any_l () - | & _21: Int64.t = Any.any_l () - | & _24: tup2_ref_i64_ref_i64 = Any.any_l () + | & _20: Int64.t = Any.any_l () + | & _22: Int64.t = Any.any_l () + | & _25: tup2_ref_i64_ref_i64 = Any.any_l () | & left_val'0: Int64.t = Any.any_l () | & right_val'0: Int64.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int64.t = Any.any_l () - | & _41: Int64.t = Any.any_l () - | & _44: Int64.t = Any.any_l () + | & _40: Int64.t = Any.any_l () + | & _42: Int64.t = Any.any_l () | & _45: Int64.t = Any.any_l () | & _46: Int64.t = Any.any_l () - | & _47: Int64.t = Any.any_l () ]) + | & _47: Int64.t = Any.any_l () + | & _48: Int64.t = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:test_from_bool ensures] result = Int64.of_bool b} (! return {result}) ] end module M_i64__test_from_bool_bw @@ -5373,57 +5373,57 @@ module M_i64__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64BW.t = Any.any_l () | & _1: Int64BW.t = Any.any_l () ] - [ _const_ret (_const: Int64BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int64BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64BW.t = Any.any_l () | & _1: Int64BW.t = Any.any_l () ] - [ _const_ret (_const: Int64BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int64BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int64BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int64BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i64_ref_i64 = Any.any_l () + | & _5: tup2_ref_i64_ref_i64 = Any.any_l () | & left_val: Int64BW.t = Any.any_l () | & right_val: Int64BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int64BW.t = Any.any_l () - | & _21: Int64BW.t = Any.any_l () - | & _24: tup2_ref_i64_ref_i64 = Any.any_l () + | & _20: Int64BW.t = Any.any_l () + | & _22: Int64BW.t = Any.any_l () + | & _25: tup2_ref_i64_ref_i64 = Any.any_l () | & left_val'0: Int64BW.t = Any.any_l () | & right_val'0: Int64BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int64BW.t = Any.any_l () - | & _41: Int64BW.t = Any.any_l () - | & _44: Int64BW.t = Any.any_l () + | & _40: Int64BW.t = Any.any_l () + | & _42: Int64BW.t = Any.any_l () | & _45: Int64BW.t = Any.any_l () | & _46: Int64BW.t = Any.any_l () - | & _47: Int64BW.t = Any.any_l () ]) + | & _47: Int64BW.t = Any.any_l () + | & _48: Int64BW.t = Any.any_l () ]) [ return (result: Int64BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int64BW.of_bool b} (! return {result}) ] end module M_i64__test_shl @@ -5657,16 +5657,16 @@ module M_u128__test_div /\ Int.div (UInt128.t'int l) (UInt128.t'int r) <= UInt128.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt128.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt128.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt128.div {l} {_7} (fun (_ret: UInt128.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt128.div {l} {_12} (fun (_ret: UInt128.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt128.t = Any.any_l () | & l: UInt128.t = l | & r: UInt128.t = r - | & _7: UInt128.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt128.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt128.t) -> {[@expl:test_div ensures] UInt128.t'int result = Int.div (UInt128.t'int l) (UInt128.t'int r)} (! return {result}) ] @@ -5690,16 +5690,16 @@ module M_u128__test_div_bw /\ Int.div (UInt128BW.t'int l) (UInt128BW.t'int r) <= UInt128BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt128BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt128BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt128BW.div {l} {_7} (fun (_ret: UInt128BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt128BW.div {l} {_12} (fun (_ret: UInt128BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt128BW.t = Any.any_l () | & l: UInt128BW.t = l | & r: UInt128BW.t = r - | & _7: UInt128BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt128BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt128BW.t) -> {[@expl:test_div_bw ensures] UInt128BW.t'int result = Int.div (UInt128BW.t'int l) (UInt128BW.t'int r)} (! return {result}) ] @@ -5722,57 +5722,57 @@ module M_u128__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt128.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt128.t = Any.any_l () | & _1: UInt128.t = Any.any_l () ] - [ _const_ret (_const: UInt128.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt128.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt128.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt128.t = Any.any_l () ] [ _const_ret (_const: UInt128.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt128.t = Any.any_l () ] [ _const_ret (_const: UInt128.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt128.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt128.t = Any.any_l () | & _1: UInt128.t = Any.any_l () ] - [ _const_ret (_const: UInt128.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt128.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt128.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt128.t = Any.any_l () ] [ _const_ret (_const: UInt128.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt128.t = Any.any_l () ] [ _const_ret (_const: UInt128.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt128.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt128.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u128_ref_u128 = Any.any_l () + | & _5: tup2_ref_u128_ref_u128 = Any.any_l () | & left_val: UInt128.t = Any.any_l () | & right_val: UInt128.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt128.t = Any.any_l () - | & _21: UInt128.t = Any.any_l () - | & _24: tup2_ref_u128_ref_u128 = Any.any_l () + | & _20: UInt128.t = Any.any_l () + | & _22: UInt128.t = Any.any_l () + | & _25: tup2_ref_u128_ref_u128 = Any.any_l () | & left_val'0: UInt128.t = Any.any_l () | & right_val'0: UInt128.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt128.t = Any.any_l () - | & _41: UInt128.t = Any.any_l () - | & _44: UInt128.t = Any.any_l () + | & _40: UInt128.t = Any.any_l () + | & _42: UInt128.t = Any.any_l () | & _45: UInt128.t = Any.any_l () | & _46: UInt128.t = Any.any_l () - | & _47: UInt128.t = Any.any_l () ]) + | & _47: UInt128.t = Any.any_l () + | & _48: UInt128.t = Any.any_l () ]) [ return (result: UInt128.t) -> {[@expl:test_from_bool ensures] result = UInt128.of_bool b} (! return {result}) ] end module M_u128__test_from_bool_bw @@ -5793,57 +5793,57 @@ module M_u128__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt128BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt128BW.t = Any.any_l () | & _1: UInt128BW.t = Any.any_l () ] - [ _const_ret (_const: UInt128BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt128BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt128BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt128BW.t = Any.any_l () ] [ _const_ret (_const: UInt128BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt128BW.t = Any.any_l () ] [ _const_ret (_const: UInt128BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt128BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt128BW.t = Any.any_l () | & _1: UInt128BW.t = Any.any_l () ] - [ _const_ret (_const: UInt128BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt128BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt128BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt128BW.t = Any.any_l () ] [ _const_ret (_const: UInt128BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt128BW.t = Any.any_l () ] [ _const_ret (_const: UInt128BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt128BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt128BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_u128_ref_u128 = Any.any_l () + | & _5: tup2_ref_u128_ref_u128 = Any.any_l () | & left_val: UInt128BW.t = Any.any_l () | & right_val: UInt128BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt128BW.t = Any.any_l () - | & _21: UInt128BW.t = Any.any_l () - | & _24: tup2_ref_u128_ref_u128 = Any.any_l () + | & _20: UInt128BW.t = Any.any_l () + | & _22: UInt128BW.t = Any.any_l () + | & _25: tup2_ref_u128_ref_u128 = Any.any_l () | & left_val'0: UInt128BW.t = Any.any_l () | & right_val'0: UInt128BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt128BW.t = Any.any_l () - | & _41: UInt128BW.t = Any.any_l () - | & _44: UInt128BW.t = Any.any_l () + | & _40: UInt128BW.t = Any.any_l () + | & _42: UInt128BW.t = Any.any_l () | & _45: UInt128BW.t = Any.any_l () | & _46: UInt128BW.t = Any.any_l () - | & _47: UInt128BW.t = Any.any_l () ]) + | & _47: UInt128BW.t = Any.any_l () + | & _48: UInt128BW.t = Any.any_l () ]) [ return (result: UInt128BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt128BW.of_bool b} (! return {result}) ] end @@ -6079,27 +6079,27 @@ module M_i128__test_div /\ Int.div (Int128.to_int l) (Int128.to_int r) <= Int128.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int128.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int128.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int128.t) ] s1 - | s1 = [ &_10 <- _6 = (-170141183460469231731687303715884105728: Int128.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int128.t) ] s1 + | s1 = [ &_15 <- _11 = (-170141183460469231731687303715884105728: Int128.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int128.div {_6} {_7} (fun (_ret: Int128.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int128.div {_11} {_12} (fun (_ret: Int128.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int128.t = Any.any_l () | & l: Int128.t = l | & r: Int128.t = r - | & _6: Int128.t = Any.any_l () - | & _7: Int128.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int128.t = Any.any_l () + | & _12: Int128.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int128.t) -> {[@expl:test_div ensures] Int128.to_int result = Int.div (Int128.to_int l) (Int128.to_int r)} (! return {result}) ] @@ -6124,27 +6124,27 @@ module M_i128__test_div_bw /\ Int.div (Int128BW.to_int l) (Int128BW.to_int r) <= Int128BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int128BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int128BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (340282366920938463463374607431768211455: Int128BW.t) ] s1 - | s1 = [ &_10 <- _6 = (170141183460469231731687303715884105728: Int128BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (340282366920938463463374607431768211455: Int128BW.t) ] s1 + | s1 = [ &_15 <- _11 = (170141183460469231731687303715884105728: Int128BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int128BW.div {_6} {_7} (fun (_ret: Int128BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int128BW.div {_11} {_12} (fun (_ret: Int128BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int128BW.t = Any.any_l () | & l: Int128BW.t = l | & r: Int128BW.t = r - | & _6: Int128BW.t = Any.any_l () - | & _7: Int128BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int128BW.t = Any.any_l () + | & _12: Int128BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int128BW.t) -> {[@expl:test_div_bw ensures] Int128BW.to_int result = Int.div (Int128BW.to_int l) (Int128BW.to_int r)} (! return {result}) ] @@ -6167,57 +6167,57 @@ module M_i128__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int128.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int128.t = Any.any_l () | & _1: Int128.t = Any.any_l () ] - [ _const_ret (_const: Int128.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int128.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int128.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int128.t = Any.any_l () ] [ _const_ret (_const: Int128.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int128.t = Any.any_l () ] [ _const_ret (_const: Int128.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int128.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int128.t = Any.any_l () | & _1: Int128.t = Any.any_l () ] - [ _const_ret (_const: Int128.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int128.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int128.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int128.t = Any.any_l () ] [ _const_ret (_const: Int128.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int128.t = Any.any_l () ] [ _const_ret (_const: Int128.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int128.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int128.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i128_ref_i128 = Any.any_l () + | & _5: tup2_ref_i128_ref_i128 = Any.any_l () | & left_val: Int128.t = Any.any_l () | & right_val: Int128.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int128.t = Any.any_l () - | & _21: Int128.t = Any.any_l () - | & _24: tup2_ref_i128_ref_i128 = Any.any_l () + | & _20: Int128.t = Any.any_l () + | & _22: Int128.t = Any.any_l () + | & _25: tup2_ref_i128_ref_i128 = Any.any_l () | & left_val'0: Int128.t = Any.any_l () | & right_val'0: Int128.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int128.t = Any.any_l () - | & _41: Int128.t = Any.any_l () - | & _44: Int128.t = Any.any_l () + | & _40: Int128.t = Any.any_l () + | & _42: Int128.t = Any.any_l () | & _45: Int128.t = Any.any_l () | & _46: Int128.t = Any.any_l () - | & _47: Int128.t = Any.any_l () ]) + | & _47: Int128.t = Any.any_l () + | & _48: Int128.t = Any.any_l () ]) [ return (result: Int128.t) -> {[@expl:test_from_bool ensures] result = Int128.of_bool b} (! return {result}) ] end module M_i128__test_from_bool_bw @@ -6238,57 +6238,57 @@ module M_i128__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int128BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int128BW.t = Any.any_l () | & _1: Int128BW.t = Any.any_l () ] - [ _const_ret (_const: Int128BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int128BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int128BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int128BW.t = Any.any_l () ] [ _const_ret (_const: Int128BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int128BW.t = Any.any_l () ] [ _const_ret (_const: Int128BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int128BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int128BW.t = Any.any_l () | & _1: Int128BW.t = Any.any_l () ] - [ _const_ret (_const: Int128BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int128BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int128BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int128BW.t = Any.any_l () ] [ _const_ret (_const: Int128BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int128BW.t = Any.any_l () ] [ _const_ret (_const: Int128BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int128BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int128BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_i128_ref_i128 = Any.any_l () + | & _5: tup2_ref_i128_ref_i128 = Any.any_l () | & left_val: Int128BW.t = Any.any_l () | & right_val: Int128BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int128BW.t = Any.any_l () - | & _21: Int128BW.t = Any.any_l () - | & _24: tup2_ref_i128_ref_i128 = Any.any_l () + | & _20: Int128BW.t = Any.any_l () + | & _22: Int128BW.t = Any.any_l () + | & _25: tup2_ref_i128_ref_i128 = Any.any_l () | & left_val'0: Int128BW.t = Any.any_l () | & right_val'0: Int128BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int128BW.t = Any.any_l () - | & _41: Int128BW.t = Any.any_l () - | & _44: Int128BW.t = Any.any_l () + | & _40: Int128BW.t = Any.any_l () + | & _42: Int128BW.t = Any.any_l () | & _45: Int128BW.t = Any.any_l () | & _46: Int128BW.t = Any.any_l () - | & _47: Int128BW.t = Any.any_l () ]) + | & _47: Int128BW.t = Any.any_l () + | & _48: Int128BW.t = Any.any_l () ]) [ return (result: Int128BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int128BW.of_bool b} (! return {result}) ] end @@ -6523,16 +6523,16 @@ module M_usize__test_div /\ Int.div (UInt64.t'int l) (UInt64.t'int r) <= UInt64.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt64.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt64.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64.div {l} {_7} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64.div {l} {_12} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & l: UInt64.t = l | & r: UInt64.t = r - | & _7: UInt64.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt64.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:test_div ensures] UInt64.t'int result = Int.div (UInt64.t'int l) (UInt64.t'int r)} (! return {result}) ] @@ -6556,16 +6556,16 @@ module M_usize__test_div_bw /\ Int.div (UInt64BW.t'int l) (UInt64BW.t'int r) <= UInt64BW.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- r ] s1 - | s1 = [ &_8 <- _7 = (0: UInt64BW.t) ] s2 - | s2 = {[@expl:division by zero] not _8} s3 + [ s0 = [ &_12 <- r ] s1 + | s1 = [ &_13 <- _12 = (0: UInt64BW.t) ] s2 + | s2 = {[@expl:division by zero] not _13} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64BW.div {l} {_7} (fun (_ret: UInt64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64BW.div {l} {_12} (fun (_ret: UInt64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64BW.t = Any.any_l () | & l: UInt64BW.t = l | & r: UInt64BW.t = r - | & _7: UInt64BW.t = Any.any_l () - | & _8: bool = Any.any_l () ]) + | & _12: UInt64BW.t = Any.any_l () + | & _13: bool = Any.any_l () ]) [ return (result: UInt64BW.t) -> {[@expl:test_div_bw ensures] UInt64BW.t'int result = Int.div (UInt64BW.t'int l) (UInt64BW.t'int r)} (! return {result}) ] @@ -6588,57 +6588,57 @@ module M_usize__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64.t = Any.any_l () | & _1: UInt64.t = Any.any_l () ] - [ _const_ret (_const: UInt64.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt64.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64.t = Any.any_l () | & _1: UInt64.t = Any.any_l () ] - [ _const_ret (_const: UInt64.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt64.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt64.t = Any.any_l () ] [ _const_ret (_const: UInt64.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt64.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt64.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_usize_ref_usize = Any.any_l () + | & _5: tup2_ref_usize_ref_usize = Any.any_l () | & left_val: UInt64.t = Any.any_l () | & right_val: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt64.t = Any.any_l () - | & _21: UInt64.t = Any.any_l () - | & _24: tup2_ref_usize_ref_usize = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _22: UInt64.t = Any.any_l () + | & _25: tup2_ref_usize_ref_usize = Any.any_l () | & left_val'0: UInt64.t = Any.any_l () | & right_val'0: UInt64.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt64.t = Any.any_l () - | & _41: UInt64.t = Any.any_l () - | & _44: UInt64.t = Any.any_l () + | & _40: UInt64.t = Any.any_l () + | & _42: UInt64.t = Any.any_l () | & _45: UInt64.t = Any.any_l () | & _46: UInt64.t = Any.any_l () - | & _47: UInt64.t = Any.any_l () ]) + | & _47: UInt64.t = Any.any_l () + | & _48: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:test_from_bool ensures] result = UInt64.of_bool b} (! return {result}) ] end module M_usize__test_from_bool_bw @@ -6659,57 +6659,57 @@ module M_usize__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64BW.t = Any.any_l () | & _1: UInt64BW.t = Any.any_l () ] - [ _const_ret (_const: UInt64BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: UInt64BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: UInt64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- UInt64BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: UInt64BW.t = Any.any_l () | & _1: UInt64BW.t = Any.any_l () ] - [ _const_ret (_const: UInt64BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: UInt64BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: UInt64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: UInt64BW.t = Any.any_l () ] [ _const_ret (_const: UInt64BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- UInt64BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: UInt64BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_usize_ref_usize = Any.any_l () + | & _5: tup2_ref_usize_ref_usize = Any.any_l () | & left_val: UInt64BW.t = Any.any_l () | & right_val: UInt64BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: UInt64BW.t = Any.any_l () - | & _21: UInt64BW.t = Any.any_l () - | & _24: tup2_ref_usize_ref_usize = Any.any_l () + | & _20: UInt64BW.t = Any.any_l () + | & _22: UInt64BW.t = Any.any_l () + | & _25: tup2_ref_usize_ref_usize = Any.any_l () | & left_val'0: UInt64BW.t = Any.any_l () | & right_val'0: UInt64BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: UInt64BW.t = Any.any_l () - | & _41: UInt64BW.t = Any.any_l () - | & _44: UInt64BW.t = Any.any_l () + | & _40: UInt64BW.t = Any.any_l () + | & _42: UInt64BW.t = Any.any_l () | & _45: UInt64BW.t = Any.any_l () | & _46: UInt64BW.t = Any.any_l () - | & _47: UInt64BW.t = Any.any_l () ]) + | & _47: UInt64BW.t = Any.any_l () + | & _48: UInt64BW.t = Any.any_l () ]) [ return (result: UInt64BW.t) -> {[@expl:test_from_bool_bw ensures] result = UInt64BW.of_bool b} (! return {result}) ] end @@ -6944,27 +6944,27 @@ module M_isize__test_div /\ Int.div (Int64.to_int l) (Int64.to_int r) <= Int64.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int64.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int64.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (-1: Int64.t) ] s1 - | s1 = [ &_10 <- _6 = (-9223372036854775808: Int64.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (-1: Int64.t) ] s1 + | s1 = [ &_15 <- _11 = (-9223372036854775808: Int64.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int64.div {_6} {_7} (fun (_ret: Int64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int64.div {_11} {_12} (fun (_ret: Int64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int64.t = Any.any_l () | & l: Int64.t = l | & r: Int64.t = r - | & _6: Int64.t = Any.any_l () - | & _7: Int64.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int64.t = Any.any_l () + | & _12: Int64.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:test_div ensures] Int64.to_int result = Int.div (Int64.to_int l) (Int64.to_int r)} (! return {result}) ] @@ -6989,27 +6989,27 @@ module M_isize__test_div_bw /\ Int.div (Int64BW.to_int l) (Int64BW.to_int r) <= Int64BW.to_int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- l ] s1 - | s1 = [ &_7 <- r ] s2 - | s2 = [ &_8 <- _7 = (0: Int64BW.t) ] s3 - | s3 = {[@expl:division by zero] not _8} s4 + [ s0 = [ &_11 <- l ] s1 + | s1 = [ &_12 <- r ] s2 + | s2 = [ &_13 <- _12 = (0: Int64BW.t) ] s3 + | s3 = {[@expl:division by zero] not _13} s4 | s4 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _7 = (18446744073709551615: Int64BW.t) ] s1 - | s1 = [ &_10 <- _6 = (9223372036854775808: Int64BW.t) ] s2 - | s2 = [ &_11 <- Bool.bw_and _9 _10 ] s3 - | s3 = {[@expl:Div overflow] not _11} s4 + [ s0 = [ &_14 <- _12 = (18446744073709551615: Int64BW.t) ] s1 + | s1 = [ &_15 <- _11 = (9223372036854775808: Int64BW.t) ] s2 + | s2 = [ &_16 <- Bool.bw_and _14 _15 ] s3 + | s3 = {[@expl:Div overflow] not _16} s4 | s4 = bb2 ] - | bb2 = s0 [ s0 = Int64BW.div {_6} {_7} (fun (_ret: Int64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = Int64BW.div {_11} {_12} (fun (_ret: Int64BW.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: Int64BW.t = Any.any_l () | & l: Int64BW.t = l | & r: Int64BW.t = r - | & _6: Int64BW.t = Any.any_l () - | & _7: Int64BW.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: bool = Any.any_l () ]) + | & _11: Int64BW.t = Any.any_l () + | & _12: Int64BW.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: bool = Any.any_l () + | & _16: bool = Any.any_l () ]) [ return (result: Int64BW.t) -> {[@expl:test_div_bw ensures] Int64BW.to_int result = Int.div (Int64BW.to_int l) (Int64BW.to_int r)} (! return {result}) ] @@ -7032,57 +7032,57 @@ module M_isize__test_from_bool [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64.t = Any.any_l () | & _1: Int64.t = Any.any_l () ] - [ _const_ret (_const: Int64.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int64.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64.t = Any.any_l () | & _1: Int64.t = Any.any_l () ] - [ _const_ret (_const: Int64.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int64.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int64.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int64.t = Any.any_l () ] [ _const_ret (_const: Int64.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int64.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int64.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_isize_ref_isize = Any.any_l () + | & _5: tup2_ref_isize_ref_isize = Any.any_l () | & left_val: Int64.t = Any.any_l () | & right_val: Int64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int64.t = Any.any_l () - | & _21: Int64.t = Any.any_l () - | & _24: tup2_ref_isize_ref_isize = Any.any_l () + | & _20: Int64.t = Any.any_l () + | & _22: Int64.t = Any.any_l () + | & _25: tup2_ref_isize_ref_isize = Any.any_l () | & left_val'0: Int64.t = Any.any_l () | & right_val'0: Int64.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int64.t = Any.any_l () - | & _41: Int64.t = Any.any_l () - | & _44: Int64.t = Any.any_l () + | & _40: Int64.t = Any.any_l () + | & _42: Int64.t = Any.any_l () | & _45: Int64.t = Any.any_l () | & _46: Int64.t = Any.any_l () - | & _47: Int64.t = Any.any_l () ]) + | & _47: Int64.t = Any.any_l () + | & _48: Int64.t = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:test_from_bool ensures] result = Int64.of_bool b} (! return {result}) ] end module M_isize__test_from_bool_bw @@ -7103,57 +7103,57 @@ module M_isize__test_from_bool_bw [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64BW.of_bool true ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64BW.t = Any.any_l () | & _1: Int64BW.t = Any.any_l () ] - [ _const_ret (_const: Int64BW.t) -> [ &_47 <- _const ] s1 ] + [ _const_ret (_const: Int64BW.t) -> [ &_48 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (1: Int64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_46 <- _const ] s2 ] - | s2 = [ &_4 <- { f0 = _47; f1 = _46 } ] s3 - | s3 = [ &left_val <- _4.f0 ] s4 - | s4 = [ &right_val <- _4.f1 ] s5 - | s5 = [ &_11 <- left_val = right_val ] s6 - | s6 = any [ br0 -> {_11 = false} (! bb2) | br1 -> {_11} (! bb1) ] ] + [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_47 <- _const ] s2 ] + | s2 = [ &_5 <- { f0 = _48; f1 = _47 } ] s3 + | s3 = [ &left_val <- _5.f0 ] s4 + | s4 = [ &right_val <- _5.f1 ] s5 + | s5 = [ &_12 <- left_val = right_val ] s6 + | s6 = any [ br0 -> {_12 = false} (! bb2) | br1 -> {_12} (! bb1) ] ] | bb1 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_1 <- Int64BW.of_bool false ] s1'0 | s1'0 = [ &_0'0 <- _1 ] s2'0 | s2'0 = _const_ret {_0'0} ] ] [ & _0'0: Int64BW.t = Any.any_l () | & _1: Int64BW.t = Any.any_l () ] - [ _const_ret (_const: Int64BW.t) -> [ &_45 <- _const ] s1 ] + [ _const_ret (_const: Int64BW.t) -> [ &_46 <- _const ] s1 ] | s1 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (0: Int64BW.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_44 <- _const ] s2 ] - | s2 = [ &_24 <- { f0 = _45; f1 = _44 } ] s3 - | s3 = [ &left_val'0 <- _24.f0 ] s4 - | s4 = [ &right_val'0 <- _24.f1 ] s5 - | s5 = [ &_31 <- left_val'0 = right_val'0 ] s6 - | s6 = any [ br0 -> {_31 = false} (! bb4) | br1 -> {_31} (! bb3) ] ] + [ & _0'0: Int64BW.t = Any.any_l () ] [ _const_ret (_const: Int64BW.t) -> [ &_45 <- _const ] s2 ] + | s2 = [ &_25 <- { f0 = _46; f1 = _45 } ] s3 + | s3 = [ &left_val'0 <- _25.f0 ] s4 + | s4 = [ &right_val'0 <- _25.f1 ] s5 + | s5 = [ &_32 <- left_val'0 = right_val'0 ] s6 + | s6 = any [ br0 -> {_32 = false} (! bb4) | br1 -> {_32} (! bb3) ] ] | bb3 = s0 [ s0 = [ &_0 <- Int64BW.of_bool b ] s1 | s1 = return {_0} ] | bb4 = s0 [ s0 = [ &kind'0 <- Eq ] s1 - | s1 = [ &_39 <- left_val'0 ] s2 - | s2 = [ &_41 <- right_val'0 ] s3 + | s1 = [ &_40 <- left_val'0 ] s2 + | s2 = [ &_42 <- right_val'0 ] s3 | s3 = {false} any ] | bb2 = s0 - [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_19 <- left_val ] s2 | s2 = [ &_21 <- right_val ] s3 | s3 = {false} any ] ] + [ s0 = [ &kind <- Eq ] s1 | s1 = [ &_20 <- left_val ] s2 | s2 = [ &_22 <- right_val ] s3 | s3 = {false} any ] ] [ & _0: Int64BW.t = Any.any_l () | & b: bool = b - | & _4: tup2_ref_isize_ref_isize = Any.any_l () + | & _5: tup2_ref_isize_ref_isize = Any.any_l () | & left_val: Int64BW.t = Any.any_l () | & right_val: Int64BW.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _12: bool = Any.any_l () | & kind: t_AssertKind = Any.any_l () - | & _19: Int64BW.t = Any.any_l () - | & _21: Int64BW.t = Any.any_l () - | & _24: tup2_ref_isize_ref_isize = Any.any_l () + | & _20: Int64BW.t = Any.any_l () + | & _22: Int64BW.t = Any.any_l () + | & _25: tup2_ref_isize_ref_isize = Any.any_l () | & left_val'0: Int64BW.t = Any.any_l () | & right_val'0: Int64BW.t = Any.any_l () - | & _31: bool = Any.any_l () + | & _32: bool = Any.any_l () | & kind'0: t_AssertKind = Any.any_l () - | & _39: Int64BW.t = Any.any_l () - | & _41: Int64BW.t = Any.any_l () - | & _44: Int64BW.t = Any.any_l () + | & _40: Int64BW.t = Any.any_l () + | & _42: Int64BW.t = Any.any_l () | & _45: Int64BW.t = Any.any_l () | & _46: Int64BW.t = Any.any_l () - | & _47: Int64BW.t = Any.any_l () ]) + | & _47: Int64BW.t = Any.any_l () + | & _48: Int64BW.t = Any.any_l () ]) [ return (result: Int64BW.t) -> {[@expl:test_from_bool_bw ensures] result = Int64BW.of_bool b} (! return {result}) ] end module M_isize__test_shl diff --git a/tests/should_succeed/invariant_moves.coma b/tests/should_succeed/invariant_moves.coma index 5448198660..191788c2c1 100644 --- a/tests/should_succeed/invariant_moves.coma +++ b/tests/should_succeed/invariant_moves.coma @@ -42,19 +42,19 @@ module M_test_invariant_move [ s0 = bb2 ] [ bb2 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> [ &_7 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> [ &_8 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> - [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s2) - | s2 = pop_u32 {_6} (fun (_ret: t_Option_u32) -> [ &_5 <- _ret ] s3) + [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s2) + | s2 = pop_u32 {_7} (fun (_ret: t_Option_u32) -> [ &_6 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = -{resolve_ref_Vec_u32_Global _7}- s1 - | s1 = any [ br0 -> {_5 = None} (! bb7) | br1 (x0: UInt32.t) -> {_5 = Some x0} (! bb1) ] ] ] ] + [ s0 = -{resolve_ref_Vec_u32_Global _8}- s1 + | s1 = any [ br0 -> {_6 = None} (! bb7) | br1 (x0: UInt32.t) -> {_6 = Some x0} (! bb1) ] ] ] ] | bb7 = return {_0} ] [ & _0: () = Any.any_l () | & x: t_Vec_u32_Global = x - | & _5: t_Option_u32 = Any.any_l () - | & _6: MutBorrow.t t_Vec_u32_Global = Any.any_l () - | & _7: MutBorrow.t t_Vec_u32_Global = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: t_Option_u32 = Any.any_l () + | & _7: MutBorrow.t t_Vec_u32_Global = Any.any_l () + | & _8: MutBorrow.t t_Vec_u32_Global = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/ite_normalize.coma b/tests/should_succeed/ite_normalize.coma index b531789063..2bc934ac59 100644 --- a/tests/should_succeed/ite_normalize.coma +++ b/tests/should_succeed/ite_normalize.coma @@ -31,26 +31,26 @@ module M_impl_Clone_for_Expr__clone (* *) [ s0 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &c <- rc ] s1) | s1 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &t <- rt ] s2) | s2 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &e <- re ] s3) - | s3 = [ &_10 <- c ] s4 - | s4 = clone_Expr {_10} (fun (_ret: t_Expr) -> [ &_8 <- _ret ] s5) + | s3 = [ &_11 <- c ] s4 + | s4 = clone_Expr {_11} (fun (_ret: t_Expr) -> [ &_9 <- _ret ] s5) | s5 = bb10 ] | bb10 = s0 - [ s0 = [ &_14 <- t ] s1 | s1 = clone_Expr {_14} (fun (_ret: t_Expr) -> [ &_12 <- _ret ] s2) | s2 = bb12 ] + [ s0 = [ &_15 <- t ] s1 | s1 = clone_Expr {_15} (fun (_ret: t_Expr) -> [ &_13 <- _ret ] s2) | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &_18 <- e ] s1 | s1 = clone_Expr {_18} (fun (_ret: t_Expr) -> [ &_16 <- _ret ] s2) | s2 = bb14 ] - | bb14 = s0 [ s0 = [ &_0 <- IfThenElse _8 _12 _16 ] s1 | s1 = bb18 ] + [ s0 = [ &_19 <- e ] s1 | s1 = clone_Expr {_19} (fun (_ret: t_Expr) -> [ &_17 <- _ret ] s2) | s2 = bb14 ] + | bb14 = s0 [ s0 = [ &_0 <- IfThenElse _9 _13 _17 ] s1 | s1 = bb18 ] | bb18 = return {_0} ] [ & _0: t_Expr = Any.any_l () | & self: t_Expr = self | & c: t_Expr = Any.any_l () | & t: t_Expr = Any.any_l () | & e: t_Expr = Any.any_l () - | & _8: t_Expr = Any.any_l () - | & _10: t_Expr = Any.any_l () - | & _12: t_Expr = Any.any_l () - | & _14: t_Expr = Any.any_l () - | & _16: t_Expr = Any.any_l () - | & _18: t_Expr = Any.any_l () + | & _9: t_Expr = Any.any_l () + | & _11: t_Expr = Any.any_l () + | & _13: t_Expr = Any.any_l () + | & _15: t_Expr = Any.any_l () + | & _17: t_Expr = Any.any_l () + | & _19: t_Expr = Any.any_l () | & v: UInt64.t = Any.any_l () ]) [ return (result: t_Expr) -> {[@expl:clone ensures] result = self} (! return {result}) ] end @@ -167,12 +167,12 @@ module M_impl_Expr__transpose (* Expr *) [ s0 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &c <- rc ] s1) | s1 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &t <- rt ] s2) | s2 = elim_IfThenElse {self} (fun (rc: t_Expr) (rt: t_Expr) (re: t_Expr) -> [ &e <- re ] s3) - | s3 = clone_Expr {a} (fun (_ret: t_Expr) -> [ &_16 <- _ret ] s4) + | s3 = clone_Expr {a} (fun (_ret: t_Expr) -> [ &_19 <- _ret ] s4) | s4 = bb9 ] - | bb9 = s0 [ s0 = clone_Expr {b} (fun (_ret: t_Expr) -> [ &_18 <- _ret ] s1) | s1 = bb10 ] - | bb10 = s0 [ s0 = transpose {t} {_16} {_18} (fun (_ret: t_Expr) -> [ &_14 <- _ret ] s1) | s1 = bb12 ] - | bb12 = s0 [ s0 = transpose {e} {a} {b} (fun (_ret: t_Expr) -> [ &_21 <- _ret ] s1) | s1 = bb14 ] - | bb14 = s0 [ s0 = [ &_0 <- IfThenElse c _14 _21 ] s1 | s1 = bb30 ] + | bb9 = s0 [ s0 = clone_Expr {b} (fun (_ret: t_Expr) -> [ &_21 <- _ret ] s1) | s1 = bb10 ] + | bb10 = s0 [ s0 = transpose {t} {_19} {_21} (fun (_ret: t_Expr) -> [ &_17 <- _ret ] s1) | s1 = bb12 ] + | bb12 = s0 [ s0 = transpose {e} {a} {b} (fun (_ret: t_Expr) -> [ &_24 <- _ret ] s1) | s1 = bb14 ] + | bb14 = s0 [ s0 = [ &_0 <- IfThenElse c _17 _24 ] s1 | s1 = bb30 ] | bb30 = return {_0} ] [ & _0: t_Expr = Any.any_l () | & self: t_Expr = self @@ -181,10 +181,10 @@ module M_impl_Expr__transpose (* Expr *) | & c: t_Expr = Any.any_l () | & t: t_Expr = Any.any_l () | & e: t_Expr = Any.any_l () - | & _14: t_Expr = Any.any_l () - | & _16: t_Expr = Any.any_l () - | & _18: t_Expr = Any.any_l () - | & _21: t_Expr = Any.any_l () ]) + | & _17: t_Expr = Any.any_l () + | & _19: t_Expr = Any.any_l () + | & _21: t_Expr = Any.any_l () + | & _24: t_Expr = Any.any_l () ]) [ return (result: t_Expr) -> {[@expl:transpose ensures] is_normalized result} (! return {result}) ] end module M_impl_Expr__normalize (* Expr *) @@ -316,10 +316,10 @@ module M_impl_Expr__simplify (* Expr *) let rec simplify (self: t_Expr) (return (x: t_Expr)) = {[@expl:simplify requires] is_normalized self} (! bb0 - [ bb0 = s0 [ s0 = new_usize (fun (_ret: t_BTreeMap_usize_bool) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = simplify_helper {self} {_5} (fun (_ret: t_Expr) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] + [ bb0 = s0 [ s0 = new_usize (fun (_ret: t_BTreeMap_usize_bool) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = simplify_helper {self} {_6} (fun (_ret: t_Expr) -> [ &_0 <- _ret ] s1) | s1 = bb3 ] | bb3 = return {_0} ] - [ & _0: t_Expr = Any.any_l () | & self: t_Expr = self | & _5: t_BTreeMap_usize_bool = Any.any_l () ]) + [ & _0: t_Expr = Any.any_l () | & self: t_Expr = self | & _6: t_BTreeMap_usize_bool = Any.any_l () ]) [ return (result: t_Expr) -> {[@expl:simplify ensures] is_simplified result} (! return {result}) ] end module M_impl_Expr__simplify_helper (* Expr *) @@ -424,13 +424,13 @@ module M_impl_Expr__simplify_helper (* Expr *) | bb4 = s0 [ s0 = elim_Var {self} (fun (rv: UInt64.t) -> [ &v'0 <- rv ] s1) | s1 = -{resolve_BTreeMap_usize_bool state}- s2 - | s2 = [ &_51 <- v'0 ] s3 - | s3 = get_usize {state} {_51} (fun (_ret: t_Option_ref_bool) -> [ &_48 <- _ret ] s4) + | s2 = [ &_53 <- v'0 ] s3 + | s3 = get_usize {state} {_53} (fun (_ret: t_Option_ref_bool) -> [ &_50 <- _ret ] s4) | s4 = bb40 ] - | bb40 = any [ br0 -> {_48 = None} (! bb46) | br1 (x0: bool) -> {_48 = Some x0} (! bb42) ] + | bb40 = any [ br0 -> {_50 = None} (! bb46) | br1 (x0: bool) -> {_50 = Some x0} (! bb42) ] | bb46 = s0 [ s0 = [ &_0 <- Var v'0 ] s1 | s1 = bb51 ] | bb42 = s0 - [ s0 = elim_Some {_48} (fun (r0: bool) -> [ &b'0 <- r0 ] s1) + [ s0 = elim_Some {_50} (fun (r0: bool) -> [ &b'0 <- r0 ] s1) | s1 = any [ br0 -> {b'0 = false} (! bb44) | br1 -> {b'0} (! bb43) ] ] | bb43 = s0 [ s0 = [ &_0 <- True' ] s1 | s1 = bb51 ] | bb44 = s0 [ s0 = [ &_0 <- False' ] s1 | s1 = bb51 ] @@ -449,17 +449,17 @@ module M_impl_Expr__simplify_helper (* Expr *) | s2 = bb51 ] | bb8 = s0 [ s0 = elim_Var {c} (fun (rv: UInt64.t) -> [ &v <- rv ] s1) - | s1 = [ &_15 <- v ] s2 - | s2 = get_usize {state} {_15} (fun (_ret: t_Option_ref_bool) -> [ &_12 <- _ret ] s3) + | s1 = [ &_17 <- v ] s2 + | s2 = get_usize {state} {_17} (fun (_ret: t_Option_ref_bool) -> [ &_14 <- _ret ] s3) | s3 = bb9 ] - | bb9 = any [ br0 -> {_12 = None} (! bb17) | br1 (x0: bool) -> {_12 = Some x0} (! bb11) ] + | bb9 = any [ br0 -> {_14 = None} (! bb17) | br1 (x0: bool) -> {_14 = Some x0} (! bb11) ] | bb17 = s0 [ s0 = clone_BTreeMap_usize_bool {state} (fun (_ret: t_BTreeMap_usize_bool) -> [ &state_t <- _ret ] s1) | s1 = bb18 ] | bb18 = s0 [ s0 = MutBorrow.borrow_mut {state_t} - (fun (_ret: MutBorrow.t t_BTreeMap_usize_bool) -> [ &_26 <- _ret ] [ &state_t <- _ret.final ] s1) - | s1 = insert_usize {_26} {v} {true} (fun (_ret: t_Option_bool) -> [ &_25 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_BTreeMap_usize_bool) -> [ &_28 <- _ret ] [ &state_t <- _ret.final ] s1) + | s1 = insert_usize {_28} {v} {true} (fun (_ret: t_Option_bool) -> [ &_27 <- _ret ] s2) | s2 = bb19 ] | bb19 = s0 [ s0 = simplify_helper {t} {state_t} (fun (_ret: t_Expr) -> [ &tp <- _ret ] s1) | s1 = bb20 ] | bb20 = s0 @@ -468,13 +468,13 @@ module M_impl_Expr__simplify_helper (* Expr *) | s2 = bb21 ] | bb21 = s0 [ s0 = MutBorrow.borrow_mut {state_e} - (fun (_ret: MutBorrow.t t_BTreeMap_usize_bool) -> [ &_34 <- _ret ] [ &state_e <- _ret.final ] s1) - | s1 = insert_usize {_34} {v} {false} (fun (_ret: t_Option_bool) -> [ &_33 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_BTreeMap_usize_bool) -> [ &_36 <- _ret ] [ &state_e <- _ret.final ] s1) + | s1 = insert_usize {_36} {v} {false} (fun (_ret: t_Option_bool) -> [ &_35 <- _ret ] s2) | s2 = bb22 ] | bb22 = s0 [ s0 = simplify_helper {e} {state_e} (fun (_ret: t_Expr) -> [ &ep <- _ret ] s1) | s1 = bb25 ] | bb25 = s0 [ s0 = [ &_0 <- IfThenElse c tp ep ] s1 | s1 = bb51 ] | bb11 = s0 - [ s0 = elim_Some {_12} (fun (r0: bool) -> [ &b <- r0 ] s1) + [ s0 = elim_Some {_14} (fun (r0: bool) -> [ &b <- r0 ] s1) | s1 = any [ br0 -> {b = false} (! bb14) | br1 -> {b} (! bb12) ] ] | bb12 = s0 [ s0 = simplify_helper {t} {state} (fun (_ret: t_Expr) -> [ &_0 <- _ret ] s1) | s1 = bb51 ] | bb14 = s0 [ s0 = simplify_helper {e} {state} (fun (_ret: t_Expr) -> [ &_0 <- _ret ] s1) | s1 = bb51 ] @@ -486,21 +486,21 @@ module M_impl_Expr__simplify_helper (* Expr *) | & t: t_Expr = Any.any_l () | & e: t_Expr = Any.any_l () | & v: UInt64.t = Any.any_l () - | & _12: t_Option_ref_bool = Any.any_l () - | & _15: UInt64.t = Any.any_l () + | & _14: t_Option_ref_bool = Any.any_l () + | & _17: UInt64.t = Any.any_l () | & b: bool = Any.any_l () | & state_t: t_BTreeMap_usize_bool = Any.any_l () - | & _25: t_Option_bool = Any.any_l () - | & _26: MutBorrow.t t_BTreeMap_usize_bool = Any.any_l () + | & _27: t_Option_bool = Any.any_l () + | & _28: MutBorrow.t t_BTreeMap_usize_bool = Any.any_l () | & tp: t_Expr = Any.any_l () | & state_e: t_BTreeMap_usize_bool = Any.any_l () - | & _33: t_Option_bool = Any.any_l () - | & _34: MutBorrow.t t_BTreeMap_usize_bool = Any.any_l () + | & _35: t_Option_bool = Any.any_l () + | & _36: MutBorrow.t t_BTreeMap_usize_bool = Any.any_l () | & ep: t_Expr = Any.any_l () | & c'0: t_Expr = Any.any_l () | & v'0: UInt64.t = Any.any_l () - | & _48: t_Option_ref_bool = Any.any_l () - | & _51: UInt64.t = Any.any_l () + | & _50: t_Option_ref_bool = Any.any_l () + | & _53: UInt64.t = Any.any_l () | & b'0: bool = Any.any_l () | & c'1: t_Expr = Any.any_l () ]) [ return (result: t_Expr) -> diff --git a/tests/should_succeed/iterators/01_range.coma b/tests/should_succeed/iterators/01_range.coma index a31e143162..f56030cdea 100644 --- a/tests/should_succeed/iterators/01_range.coma +++ b/tests/should_succeed/iterators/01_range.coma @@ -224,8 +224,8 @@ module M_impl_Iterator_for_Range__next (* *) let rec next_Range (self: MutBorrow.t t_Range) (return (x: t_Option_isize)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- Int64.ge self.current.start self.current.end' ] s1 - | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb1) ] ] + [ s0 = [ &_4 <- Int64.ge self.current.start self.current.end' ] s1 + | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve_ref_Range self}- s1 | s1 = [ &_0 <- None ] s2 | s2 = bb3 ] | bb2 = s0 [ s0 = [ &r <- self.current.start ] s1 @@ -237,7 +237,7 @@ module M_impl_Iterator_for_Range__next (* *) | bb3 = return {_0} ] [ & _0: t_Option_isize = Any.any_l () | & self: MutBorrow.t t_Range = self - | & _3: bool = Any.any_l () + | & _4: bool = Any.any_l () | & r: Int64.t = Any.any_l () ]) [ return (result: t_Option_isize) -> {[@expl:next ensures] match result with | None -> completed_Range self @@ -368,8 +368,8 @@ module M_sum_range (! bb0 [ bb0 = s0 [ s0 = [ &i <- (0: Int64.t) ] s1 - | s1 = [ &_6 <- { start = (0: Int64.t); end' = n } ] s2 - | s2 = into_iter {_6} (fun (_ret: t_Range) -> [ &it <- _ret ] s3) + | s1 = [ &_8 <- { start = (0: Int64.t); end' = n } ] s2 + | s2 = into_iter {_8} (fun (_ret: t_Range) -> [ &it <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- it ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int64.t ] s1 | s1 = bb4 ] @@ -381,16 +381,16 @@ module M_sum_range [ s0 = bb5 ] [ bb5 = s0 [ s0 = MutBorrow.borrow_mut {it} - (fun (_ret: MutBorrow.t t_Range) -> [ &_19 <- _ret ] [ &it <- _ret.final ] s1) - | s1 = next_Range {_19} (fun (_ret: t_Option_isize) -> [ &_18 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Range) -> [ &_29 <- _ret ] [ &it <- _ret.final ] s1) + | s1 = next_Range {_29} (fun (_ret: t_Option_isize) -> [ &_28 <- _ret ] s2) | s2 = bb6 ] - | bb6 = any [ br0 -> {_18 = None} (! bb9) | br1 (x0: Int64.t) -> {_18 = Some x0} (! bb10) ] + | bb6 = any [ br0 -> {_28 = None} (! bb9) | br1 (x0: Int64.t) -> {_28 = Some x0} (! bb10) ] | bb10 = s0 - [ s0 = elim_Some {_18} (fun (r0: Int64.t) -> [ &x <- r0 ] s1) - | s1 = [ &_22 <- Seq.(++) produced (Seq.singleton x) ] s2 + [ s0 = elim_Some {_28} (fun (r0: Int64.t) -> [ &x <- r0 ] s1) + | s1 = [ &_32 <- Seq.(++) produced (Seq.singleton x) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _22 ] s1 + [ s0 = [ &produced <- _32 ] s1 | s1 = Int64.add {i} {(1: Int64.t)} (fun (_ret: Int64.t) -> [ &i <- _ret ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return {_0} ] ] @@ -398,13 +398,13 @@ module M_sum_range | & n: Int64.t = n | & i: Int64.t = Any.any_l () | & it: t_Range = Any.any_l () - | & _6: t_Range = Any.any_l () + | & _8: t_Range = Any.any_l () | & iter_old: t_Range = Any.any_l () | & produced: Seq.seq Int64.t = Any.any_l () - | & _18: t_Option_isize = Any.any_l () - | & _19: MutBorrow.t t_Range = Any.any_l () + | & _28: t_Option_isize = Any.any_l () + | & _29: MutBorrow.t t_Range = Any.any_l () | & x: Int64.t = Any.any_l () - | & _22: Seq.seq Int64.t = Any.any_l () ]) + | & _32: Seq.seq Int64.t = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:sum_range ensures] result = n} (! return {result}) ] end module M_impl_Iterator_for_Range__produces_trans__refines (* *) diff --git a/tests/should_succeed/iterators/02_iter_mut.coma b/tests/should_succeed/iterators/02_iter_mut.coma index de2cdca4ab..4e596d9d09 100644 --- a/tests/should_succeed/iterators/02_iter_mut.coma +++ b/tests/should_succeed/iterators/02_iter_mut.coma @@ -246,9 +246,9 @@ module M_impl_Iterator_for_IterMut_T__next (* as common::Iterato MutBorrow.borrow_final {self.current.inner} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t (MutBorrow.t (Slice64.slice t_T))) -> - [ &_3 <- _ret ] -{inv_ref_slice_T _ret.final}- + [ &_4 <- _ret ] -{inv_ref_slice_T _ret.final}- [ &self <- { self with current = { inner = _ret.final } } ] s1) - | s1 = split_off_first_mut_T {_3} (fun (_ret: t_Option_ref_T) -> [ &_0 <- _ret ] s2) + | s1 = split_off_first_mut_T {_4} (fun (_ret: t_Option_ref_T) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_IterMut_T self} s1 @@ -256,7 +256,7 @@ module M_impl_Iterator_for_IterMut_T__next (* as common::Iterato | s2 = return {_0} ] ] [ & _0: t_Option_ref_T = Any.any_l () | & self: MutBorrow.t t_IterMut_T = self - | & _3: MutBorrow.t (MutBorrow.t (Slice64.slice t_T)) = Any.any_l () ]) + | & _4: MutBorrow.t (MutBorrow.t (Slice64.slice t_T)) = Any.any_l () ]) [ return (result: t_Option_ref_T) -> {[@expl:next result type invariant] inv_Option_ref_T result} {[@expl:next ensures] match result with | None -> completed_IterMut_T self @@ -441,37 +441,37 @@ module M_iter_mut [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_8 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_11 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = [ &_9 <- () ] s2 - | s2 = index_mut_Vec_T_Global {_8} {_9} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_7 <- _ret ] s3) + | s1 = [ &_12 <- () ] s2 + | s2 = index_mut_Vec_T_Global {_11} {_12} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_10 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = {inv_slice_T _7.current} - MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + [ s0 = {inv_slice_T _10.current} + MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_6 <- _ret ] -{inv_slice_T _ret.final}- - [ &_7 <- { _7 with current = _ret.final } ] s1) - | s1 = {inv_slice_T _6.current} - MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + [ &_9 <- _ret ] -{inv_slice_T _ret.final}- + [ &_10 <- { _10 with current = _ret.final } ] s1) + | s1 = {inv_slice_T _9.current} + MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_5 <- _ret ] -{inv_slice_T _ret.final}- - [ &_6 <- { _6 with current = _ret.final } ] s2) - | s2 = [ &_0 <- { inner = _5 } ] s3 - | s3 = {[@expl:type invariant] inv_ref_slice_T _7} s4 - | s4 = -{resolve_ref_slice_T _7}- s5 - | s5 = {[@expl:type invariant] inv_ref_slice_T _6} s6 - | s6 = -{resolve_ref_slice_T _6}- s7 + [ &_8 <- _ret ] -{inv_slice_T _ret.final}- + [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = [ &_0 <- { inner = _8 } ] s3 + | s3 = {[@expl:type invariant] inv_ref_slice_T _10} s4 + | s4 = -{resolve_ref_slice_T _10}- s5 + | s5 = {[@expl:type invariant] inv_ref_slice_T _9} s6 + | s6 = -{resolve_ref_slice_T _9}- s7 | s7 = {[@expl:type invariant] inv_ref_Vec_T_Global v} s8 | s8 = -{resolve_ref_Vec_T_Global v}- s9 | s9 = return {_0} ] ] [ & _0: t_IterMut_T = Any.any_l () | & v: MutBorrow.t t_Vec_T_Global = v - | & _5: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _6: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _7: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _8: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _9: () = Any.any_l () ]) + | & _8: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _9: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _10: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _11: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _12: () = Any.any_l () ]) [ return (result: t_IterMut_T) -> {[@expl:iter_mut result type invariant] inv_IterMut_T result} {[@expl:iter_mut ensures #0] Slice64.view result.inner.current = view_Vec_T_Global v.current} {[@expl:iter_mut ensures #1] Slice64.view result.inner.final = view_Vec_T_Global v.final} @@ -609,10 +609,10 @@ module M_all_zero let rec all_zero (v: MutBorrow.t t_Vec_usize_Global) (return (x: ())) = (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_6 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) - | s1 = iter_mut_usize {_6} (fun (_ret: t_IterMut_usize) -> [ &_5 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_8 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) + | s1 = iter_mut_usize {_8} (fun (_ret: t_IterMut_usize) -> [ &_7 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = into_iter_usize {_5} (fun (_ret: t_IterMut_usize) -> [ &it <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = into_iter_usize {_7} (fun (_ret: t_IterMut_usize) -> [ &it <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- it ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq (MutBorrow.t UInt64.t) ] s1 | s1 = bb5 ] | bb5 = bb5 @@ -626,17 +626,17 @@ module M_all_zero [ s0 = {inv_IterMut_usize it} MutBorrow.borrow_mut {it} (fun (_ret: MutBorrow.t t_IterMut_usize) -> - [ &_17 <- _ret ] -{inv_IterMut_usize _ret.final}- + [ &_25 <- _ret ] -{inv_IterMut_usize _ret.final}- [ &it <- _ret.final ] s1) - | s1 = next_IterMut_usize {_17} (fun (_ret: t_Option_ref_usize) -> [ &_16 <- _ret ] s2) + | s1 = next_IterMut_usize {_25} (fun (_ret: t_Option_ref_usize) -> [ &_24 <- _ret ] s2) | s2 = bb7 ] - | bb7 = any [ br0 -> {_16 = None} (! bb10) | br1 (x0: MutBorrow.t UInt64.t) -> {_16 = Some x0} (! bb11) ] + | bb7 = any [ br0 -> {_24 = None} (! bb10) | br1 (x0: MutBorrow.t UInt64.t) -> {_24 = Some x0} (! bb11) ] | bb11 = s0 - [ s0 = elim_Some {_16} (fun (r0: MutBorrow.t UInt64.t) -> [ &x <- r0 ] s1) - | s1 = [ &_20 <- Seq.(++) produced (Seq.singleton x) ] s2 + [ s0 = elim_Some {_24} (fun (r0: MutBorrow.t UInt64.t) -> [ &x <- r0 ] s1) + | s1 = [ &_28 <- Seq.(++) produced (Seq.singleton x) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _20 ] s1 + [ s0 = [ &produced <- _28 ] s1 | s1 = [ &x <- { x with current = (0: UInt64.t) } ] s2 | s2 = -{resolve_ref_usize x}- s3 | s3 = bb5 ] ] ] @@ -648,14 +648,14 @@ module M_all_zero [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_usize_Global = v | & it: t_IterMut_usize = Any.any_l () - | & _5: t_IterMut_usize = Any.any_l () - | & _6: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _7: t_IterMut_usize = Any.any_l () + | & _8: MutBorrow.t t_Vec_usize_Global = Any.any_l () | & iter_old: t_IterMut_usize = Any.any_l () | & produced: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () - | & _16: t_Option_ref_usize = Any.any_l () - | & _17: MutBorrow.t t_IterMut_usize = Any.any_l () + | & _24: t_Option_ref_usize = Any.any_l () + | & _25: MutBorrow.t t_IterMut_usize = Any.any_l () | & x: MutBorrow.t UInt64.t = Any.any_l () - | & _20: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () ]) + | & _28: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () ]) [ return (result: ()) -> {[@expl:all_zero ensures #0] Seq.length (view_Vec_usize_Global v.final) = Seq.length (view_Vec_usize_Global v.current)} {[@expl:all_zero ensures #1] forall i: int. 0 <= i /\ i < Seq.length (view_Vec_usize_Global v.current) diff --git a/tests/should_succeed/iterators/03_std_iterators.coma b/tests/should_succeed/iterators/03_std_iterators.coma index 92c8c5673e..90586b5ffe 100644 --- a/tests/should_succeed/iterators/03_std_iterators.coma +++ b/tests/should_succeed/iterators/03_std_iterators.coma @@ -152,8 +152,8 @@ module M_slice_iter {[@expl:slice_iter requires] Seq.length (Slice64.view slice) < 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &i <- (0: UInt64.t) ] s1 | s1 = iter_T {slice} (fun (_ret: t_Iter_T) -> [ &_7 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = into_iter_Iter_T {_7} (fun (_ret: t_Iter_T) -> [ &iter <- _ret ] s1) | s1 = bb2 ] + [ s0 = [ &i <- (0: UInt64.t) ] s1 | s1 = iter_T {slice} (fun (_ret: t_Iter_T) -> [ &_9 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = into_iter_Iter_T {_9} (fun (_ret: t_Iter_T) -> [ &iter <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq t_T ] s1 | s1 = bb5 ] | bb5 = bb5 @@ -167,25 +167,25 @@ module M_slice_iter [ s0 = {inv_Iter_T iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_21 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_31 <- _ret ] -{inv_Iter_T _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Iter_T _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + | s1 = {inv_Iter_T _31.current} + MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_20 <- _ret ] -{inv_Iter_T _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_Iter_T {_20} (fun (_ret: t_Option_ref_T) -> [ &_19 <- _ret ] s3) + [ &_30 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_31 <- { _31 with current = _ret.final } ] s2) + | s2 = next_Iter_T {_30} (fun (_ret: t_Option_ref_T) -> [ &_29 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Iter_T _21} s1 - | s1 = -{resolve_ref_Iter_T _21}- s2 - | s2 = any [ br0 -> {_19 = None} (! bb10) | br1 (x0: t_T) -> {_19 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Iter_T _31} s1 + | s1 = -{resolve_ref_Iter_T _31}- s2 + | s2 = any [ br0 -> {_29 = None} (! bb10) | br1 (x0: t_T) -> {_29 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_19} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_29} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_34 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _34 ] s1 | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s2) | s2 = bb5 ] ] ] | bb10 = s0 @@ -197,14 +197,14 @@ module M_slice_iter | & slice: Slice64.slice t_T = slice | & i: UInt64.t = Any.any_l () | & iter: t_Iter_T = Any.any_l () - | & _7: t_Iter_T = Any.any_l () + | & _9: t_Iter_T = Any.any_l () | & iter_old: t_Iter_T = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _19: t_Option_ref_T = Any.any_l () - | & _20: MutBorrow.t t_Iter_T = Any.any_l () - | & _21: MutBorrow.t t_Iter_T = Any.any_l () + | & _29: t_Option_ref_T = Any.any_l () + | & _30: MutBorrow.t t_Iter_T = Any.any_l () + | & _31: MutBorrow.t t_Iter_T = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _24: Seq.seq t_T = Any.any_l () ]) + | & _34: Seq.seq t_T = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:slice_iter ensures] UInt64.t'int result = Seq.length (Slice64.view slice)} (! return {result}) ] end @@ -386,25 +386,25 @@ module M_vec_iter [ s0 = {inv_Iter_T iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_20 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_30 <- _ret ] -{inv_Iter_T _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Iter_T _20.current} - MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} + | s1 = {inv_Iter_T _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_Iter_T) -> - [ &_19 <- _ret ] -{inv_Iter_T _ret.final}- - [ &_20 <- { _20 with current = _ret.final } ] s2) - | s2 = next_Iter_T {_19} (fun (_ret: t_Option_ref_T) -> [ &_18 <- _ret ] s3) + [ &_29 <- _ret ] -{inv_Iter_T _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = next_Iter_T {_29} (fun (_ret: t_Option_ref_T) -> [ &_28 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Iter_T _20} s1 - | s1 = -{resolve_ref_Iter_T _20}- s2 - | s2 = any [ br0 -> {_18 = None} (! bb9) | br1 (x0: t_T) -> {_18 = Some x0} (! bb10) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Iter_T _30} s1 + | s1 = -{resolve_ref_Iter_T _30}- s2 + | s2 = any [ br0 -> {_28 = None} (! bb9) | br1 (x0: t_T) -> {_28 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_18} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_23 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_28} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_33 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _33 ] s1 | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s2) | s2 = bb4 ] ] ] | bb9 = s0 @@ -418,11 +418,11 @@ module M_vec_iter | & iter: t_Iter_T = Any.any_l () | & iter_old: t_Iter_T = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _18: t_Option_ref_T = Any.any_l () - | & _19: MutBorrow.t t_Iter_T = Any.any_l () - | & _20: MutBorrow.t t_Iter_T = Any.any_l () + | & _28: t_Option_ref_T = Any.any_l () + | & _29: MutBorrow.t t_Iter_T = Any.any_l () + | & _30: MutBorrow.t t_Iter_T = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _23: Seq.seq t_T = Any.any_l () ]) + | & _33: Seq.seq t_T = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:vec_iter ensures] UInt64.t'int result = Seq.length (view_Vec_T_Global vec)} (! return {result}) ] end @@ -569,17 +569,17 @@ module M_all_zero let rec all_zero (v: MutBorrow.t t_Vec_usize_Global) (return (x: ())) = (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_8 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) - | s1 = deref_mut_Vec_usize_Global {_8} (fun (_ret: MutBorrow.t (Slice64.slice UInt64.t)) -> [ &_7 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_10 <- _ret ] [ &v <- { v with current = _ret.final } ] s1) + | s1 = deref_mut_Vec_usize_Global {_10} (fun (_ret: MutBorrow.t (Slice64.slice UInt64.t)) -> [ &_9 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + [ s0 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t (Slice64.slice UInt64.t)) -> - [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s1) - | s1 = iter_mut_usize {_6} (fun (_ret: t_IterMut_usize) -> [ &_5 <- _ret ] s2) + [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s1) + | s1 = iter_mut_usize {_8} (fun (_ret: t_IterMut_usize) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = into_iter_IterMut_usize {_5} (fun (_ret: t_IterMut_usize) -> [ &iter <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = -{resolve_ref_slice_usize _7}- s1 | s1 = [ &iter_old <- iter ] s2 | s2 = bb4 ] + | bb2 = s0 [ s0 = into_iter_IterMut_usize {_7} (fun (_ret: t_IterMut_usize) -> [ &iter <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = -{resolve_ref_slice_usize _9}- s1 | s1 = [ &iter_old <- iter ] s2 | s2 = bb4 ] | bb4 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq (MutBorrow.t UInt64.t) ] s1 | s1 = bb6 ] | bb6 = bb6 [ bb6 = {[@expl:for invariant] inv_Seq_ref_usize produced} @@ -593,25 +593,25 @@ module M_all_zero [ s0 = {inv_IterMut_usize iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_IterMut_usize) -> - [ &_21 <- _ret ] -{inv_IterMut_usize _ret.final}- + [ &_30 <- _ret ] -{inv_IterMut_usize _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_IterMut_usize _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + | s1 = {inv_IterMut_usize _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_IterMut_usize) -> - [ &_20 <- _ret ] -{inv_IterMut_usize _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_IterMut_usize {_20} (fun (_ret: t_Option_ref_usize) -> [ &_19 <- _ret ] s3) + [ &_29 <- _ret ] -{inv_IterMut_usize _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = next_IterMut_usize {_29} (fun (_ret: t_Option_ref_usize) -> [ &_28 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = {[@expl:type invariant] inv_ref_IterMut_usize _21} s1 - | s1 = -{resolve_ref_IterMut_usize _21}- s2 - | s2 = any [ br0 -> {_19 = None} (! bb11) | br1 (x0: MutBorrow.t UInt64.t) -> {_19 = Some x0} (! bb12) ] ] + [ s0 = {[@expl:type invariant] inv_ref_IterMut_usize _30} s1 + | s1 = -{resolve_ref_IterMut_usize _30}- s2 + | s2 = any [ br0 -> {_28 = None} (! bb11) | br1 (x0: MutBorrow.t UInt64.t) -> {_28 = Some x0} (! bb12) ] ] | bb12 = s0 - [ s0 = elim_Some {_19} (fun (r0: MutBorrow.t UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_28} (fun (r0: MutBorrow.t UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_33 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _33 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = [ &x <- { x with current = (0: UInt64.t) } ] s3 | s3 = -{resolve_ref_usize x}- s4 @@ -624,17 +624,17 @@ module M_all_zero [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_usize_Global = v | & iter: t_IterMut_usize = Any.any_l () - | & _5: t_IterMut_usize = Any.any_l () - | & _6: MutBorrow.t (Slice64.slice UInt64.t) = Any.any_l () - | & _7: MutBorrow.t (Slice64.slice UInt64.t) = Any.any_l () - | & _8: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _7: t_IterMut_usize = Any.any_l () + | & _8: MutBorrow.t (Slice64.slice UInt64.t) = Any.any_l () + | & _9: MutBorrow.t (Slice64.slice UInt64.t) = Any.any_l () + | & _10: MutBorrow.t t_Vec_usize_Global = Any.any_l () | & iter_old: t_IterMut_usize = Any.any_l () | & produced: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () - | & _19: t_Option_ref_usize = Any.any_l () - | & _20: MutBorrow.t t_IterMut_usize = Any.any_l () - | & _21: MutBorrow.t t_IterMut_usize = Any.any_l () + | & _28: t_Option_ref_usize = Any.any_l () + | & _29: MutBorrow.t t_IterMut_usize = Any.any_l () + | & _30: MutBorrow.t t_IterMut_usize = Any.any_l () | & __creusot_proc_iter_elem: MutBorrow.t UInt64.t = Any.any_l () - | & _24: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () + | & _33: Seq.seq (MutBorrow.t UInt64.t) = Any.any_l () | & x: MutBorrow.t UInt64.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:all_zero ensures #0] Seq.length (view_Vec_usize_Global v.final) = Seq.length (view_Vec_usize_Global v.current)} @@ -1282,8 +1282,8 @@ module M_sum_range (! bb0 [ bb0 = s0 [ s0 = [ &i <- (0: Int64.t) ] s1 - | s1 = [ &_7 <- { start = (0: Int64.t); end' = n } ] s2 - | s2 = into_iter_Range_isize {_7} (fun (_ret: t_Range_isize) -> [ &iter <- _ret ] s3) + | s1 = [ &_9 <- { start = (0: Int64.t); end' = n } ] s2 + | s2 = into_iter_Range_isize {_9} (fun (_ret: t_Range_isize) -> [ &iter <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq Int64.t ] s1 | s1 = bb4 ] @@ -1296,21 +1296,21 @@ module M_sum_range [ s0 = bb5 ] [ bb5 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_isize) -> [ &_21 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t t_Range_isize) -> [ &_32 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} (fun (_ret: MutBorrow.t t_Range_isize) -> - [ &_20 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_Range_isize {_20} (fun (_ret: t_Option_isize) -> [ &_19 <- _ret ] s3) + [ &_31 <- _ret ] [ &_32 <- { _32 with current = _ret.final } ] s2) + | s2 = next_Range_isize {_31} (fun (_ret: t_Option_isize) -> [ &_30 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Range_isize _21}- s1 - | s1 = any [ br0 -> {_19 = None} (! bb9) | br1 (x0: Int64.t) -> {_19 = Some x0} (! bb10) ] ] + [ s0 = -{resolve_ref_Range_isize _32}- s1 + | s1 = any [ br0 -> {_30 = None} (! bb9) | br1 (x0: Int64.t) -> {_30 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_19} (fun (r0: Int64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_30} (fun (r0: Int64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_35 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _35 ] s1 | s1 = Int64.add {i} {(1: Int64.t)} (fun (_ret: Int64.t) -> [ &i <- _ret ] s2) | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return {_0} ] ] @@ -1318,14 +1318,14 @@ module M_sum_range | & n: Int64.t = n | & i: Int64.t = Any.any_l () | & iter: t_Range_isize = Any.any_l () - | & _7: t_Range_isize = Any.any_l () + | & _9: t_Range_isize = Any.any_l () | & iter_old: t_Range_isize = Any.any_l () | & produced: Seq.seq Int64.t = Any.any_l () - | & _19: t_Option_isize = Any.any_l () - | & _20: MutBorrow.t t_Range_isize = Any.any_l () - | & _21: MutBorrow.t t_Range_isize = Any.any_l () + | & _30: t_Option_isize = Any.any_l () + | & _31: MutBorrow.t t_Range_isize = Any.any_l () + | & _32: MutBorrow.t t_Range_isize = Any.any_l () | & __creusot_proc_iter_elem: Int64.t = Any.any_l () - | & _24: Seq.seq Int64.t = Any.any_l () ]) + | & _35: Seq.seq Int64.t = Any.any_l () ]) [ return (result: Int64.t) -> {[@expl:sum_range ensures] result = n} (! return {result}) ] end module M_enumerate_range @@ -1510,25 +1510,25 @@ module M_enumerate_range [ s0 = {inv_Enumerate_Range_usize iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Enumerate_Range_usize) -> - [ &_16 <- _ret ] -{inv_Enumerate_Range_usize _ret.final}- + [ &_23 <- _ret ] -{inv_Enumerate_Range_usize _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Enumerate_Range_usize _16.current} - MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} + | s1 = {inv_Enumerate_Range_usize _23.current} + MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} (fun (_ret: MutBorrow.t t_Enumerate_Range_usize) -> - [ &_15 <- _ret ] -{inv_Enumerate_Range_usize _ret.final}- - [ &_16 <- { _16 with current = _ret.final } ] s2) - | s2 = next_Enumerate_Range_usize {_15} (fun (_ret: t_Option_tup2_usize_usize) -> [ &_14 <- _ret ] s3) + [ &_22 <- _ret ] -{inv_Enumerate_Range_usize _ret.final}- + [ &_23 <- { _23 with current = _ret.final } ] s2) + | s2 = next_Enumerate_Range_usize {_22} (fun (_ret: t_Option_tup2_usize_usize) -> [ &_21 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Enumerate_Range_usize _16} s1 - | s1 = -{resolve_ref_Enumerate_Range_usize _16}- s2 - | s2 = any [ br0 -> {_14 = None} (! bb10) | br1 (x0: tup2_usize_usize) -> {_14 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Enumerate_Range_usize _23} s1 + | s1 = -{resolve_ref_Enumerate_Range_usize _23}- s2 + | s2 = any [ br0 -> {_21 = None} (! bb10) | br1 (x0: tup2_usize_usize) -> {_21 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_14} (fun (r0: tup2_usize_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_19 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_21} (fun (r0: tup2_usize_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_26 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _19 ] s1 + [ s0 = [ &produced <- _26 ] s1 | s1 = [ &ix <- __creusot_proc_iter_elem.f0 ] s2 | s2 = [ &x <- __creusot_proc_iter_elem.f1 ] s3 | s3 = bb5 ] ] ] @@ -1542,11 +1542,11 @@ module M_enumerate_range | & _3: t_Range_usize = Any.any_l () | & iter_old: t_Enumerate_Range_usize = Any.any_l () | & produced: Seq.seq tup2_usize_usize = Any.any_l () - | & _14: t_Option_tup2_usize_usize = Any.any_l () - | & _15: MutBorrow.t t_Enumerate_Range_usize = Any.any_l () - | & _16: MutBorrow.t t_Enumerate_Range_usize = Any.any_l () + | & _21: t_Option_tup2_usize_usize = Any.any_l () + | & _22: MutBorrow.t t_Enumerate_Range_usize = Any.any_l () + | & _23: MutBorrow.t t_Enumerate_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: tup2_usize_usize = Any.any_l () - | & _19: Seq.seq tup2_usize_usize = Any.any_l () + | & _26: Seq.seq tup2_usize_usize = Any.any_l () | & ix: UInt64.t = Any.any_l () | & x: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end @@ -1850,20 +1850,20 @@ module M_my_reverse [ bb0 = s0 [ s0 = len_T {slice.current} (fun (_ret: UInt64.t) -> [ &n <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = [ &old_v <- Slice64.view slice.current ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_12 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _12} s2 | s2 = bb3 ] + [ s0 = [ &_14 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _14} s2 | s2 = bb3 ] | bb3 = s0 - [ s0 = UInt64.div {n} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) - | s1 = [ &_9 <- { start = (0: UInt64.t); end' = _10 } ] s2 - | s2 = [ &_16 <- (2: UInt64.t) = (0: UInt64.t) ] s3 - | s3 = {[@expl:division by zero] not _16} s4 + [ s0 = UInt64.div {n} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) + | s1 = [ &_11 <- { start = (0: UInt64.t); end' = _12 } ] s2 + | s2 = [ &_18 <- (2: UInt64.t) = (0: UInt64.t) ] s3 + | s3 = {[@expl:division by zero] not _18} s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = UInt64.div {n} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) - | s1 = [ &_13 <- { start = (0: UInt64.t); end' = _14 } ] s2 - | s2 = zip_Range_usize {_9} {_13} (fun (_ret: t_Zip_Range_usize_Range_usize) -> [ &_8 <- _ret ] s3) + [ s0 = UInt64.div {n} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_16 <- _ret ] s1) + | s1 = [ &_15 <- { start = (0: UInt64.t); end' = _16 } ] s2 + | s2 = zip_Range_usize {_11} {_15} (fun (_ret: t_Zip_Range_usize_Range_usize) -> [ &_10 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = into_iter_Zip_Range_usize_Range_usize {_8} + [ s0 = into_iter_Zip_Range_usize_Range_usize {_10} (fun (_ret: t_Zip_Range_usize_Range_usize) -> [ &iter <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb7 ] @@ -1887,35 +1887,35 @@ module M_my_reverse [ s0 = {inv_Zip_Range_usize_Range_usize iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Zip_Range_usize_Range_usize) -> - [ &_32 <- _ret ] -{inv_Zip_Range_usize_Range_usize _ret.final}- + [ &_54 <- _ret ] -{inv_Zip_Range_usize_Range_usize _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Zip_Range_usize_Range_usize _32.current} - MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + | s1 = {inv_Zip_Range_usize_Range_usize _54.current} + MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} (fun (_ret: MutBorrow.t t_Zip_Range_usize_Range_usize) -> - [ &_31 <- _ret ] -{inv_Zip_Range_usize_Range_usize _ret.final}- - [ &_32 <- { _32 with current = _ret.final } ] s2) - | s2 = next_Zip_Range_usize_Range_usize {_31} (fun (_ret: t_Option_tup2_usize_usize) -> [ &_30 <- _ret ] s3) + [ &_53 <- _ret ] -{inv_Zip_Range_usize_Range_usize _ret.final}- + [ &_54 <- { _54 with current = _ret.final } ] s2) + | s2 = next_Zip_Range_usize_Range_usize {_53} (fun (_ret: t_Option_tup2_usize_usize) -> [ &_52 <- _ret ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Zip_Range_usize_Range_usize _32} s1 - | s1 = -{resolve_ref_Zip_Range_usize_Range_usize _32}- s2 - | s2 = any [ br0 -> {_30 = None} (! bb14) | br1 (x0: tup2_usize_usize) -> {_30 = Some x0} (! bb15) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Zip_Range_usize_Range_usize _54} s1 + | s1 = -{resolve_ref_Zip_Range_usize_Range_usize _54}- s2 + | s2 = any [ br0 -> {_52 = None} (! bb14) | br1 (x0: tup2_usize_usize) -> {_52 = Some x0} (! bb15) ] ] | bb15 = s0 - [ s0 = elim_Some {_30} (fun (r0: tup2_usize_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_35 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_52} (fun (r0: tup2_usize_usize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_57 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &produced <- _35 ] s1 + [ s0 = [ &produced <- _57 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem.f0 ] s2 | s2 = [ &j <- __creusot_proc_iter_elem.f1 ] s3 - | s3 = UInt64.sub {n} {j} (fun (_ret: UInt64.t) -> [ &_43 <- _ret ] s4) - | s4 = UInt64.sub {_43} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_42 <- _ret ] s5) + | s3 = UInt64.sub {n} {j} (fun (_ret: UInt64.t) -> [ &_67 <- _ret ] s4) + | s4 = UInt64.sub {_67} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_66 <- _ret ] s5) | s5 = {inv_slice_T slice.current} MutBorrow.borrow_mut {slice.current} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_40 <- _ret ] -{inv_slice_T _ret.final}- + [ &_64 <- _ret ] -{inv_slice_T _ret.final}- [ &slice <- { slice with current = _ret.final } ] s6) - | s6 = swap_T {_40} {i} {_42} (fun (_ret: ()) -> [ &_39 <- _ret ] s7) + | s6 = swap_T {_64} {i} {_66} (fun (_ret: ()) -> [ &_63 <- _ret ] s7) | s7 = bb17 ] | bb17 = s0 [ s0 = {[@expl:assertion] i = j} s1 @@ -1937,26 +1937,26 @@ module M_my_reverse | & n: UInt64.t = Any.any_l () | & old_v: Seq.seq t_T = Any.any_l () | & iter: t_Zip_Range_usize_Range_usize = Any.any_l () - | & _8: t_Zip_Range_usize_Range_usize = Any.any_l () - | & _9: t_Range_usize = Any.any_l () - | & _10: UInt64.t = Any.any_l () - | & _12: bool = Any.any_l () - | & _13: t_Range_usize = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _16: bool = Any.any_l () + | & _10: t_Zip_Range_usize_Range_usize = Any.any_l () + | & _11: t_Range_usize = Any.any_l () + | & _12: UInt64.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: t_Range_usize = Any.any_l () + | & _16: UInt64.t = Any.any_l () + | & _18: bool = Any.any_l () | & iter_old: t_Zip_Range_usize_Range_usize = Any.any_l () | & produced: Seq.seq tup2_usize_usize = Any.any_l () - | & _30: t_Option_tup2_usize_usize = Any.any_l () - | & _31: MutBorrow.t t_Zip_Range_usize_Range_usize = Any.any_l () - | & _32: MutBorrow.t t_Zip_Range_usize_Range_usize = Any.any_l () + | & _52: t_Option_tup2_usize_usize = Any.any_l () + | & _53: MutBorrow.t t_Zip_Range_usize_Range_usize = Any.any_l () + | & _54: MutBorrow.t t_Zip_Range_usize_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: tup2_usize_usize = Any.any_l () - | & _35: Seq.seq tup2_usize_usize = Any.any_l () + | & _57: Seq.seq tup2_usize_usize = Any.any_l () | & i: UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _39: () = Any.any_l () - | & _40: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _42: UInt64.t = Any.any_l () - | & _43: UInt64.t = Any.any_l () + | & _63: () = Any.any_l () + | & _64: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _66: UInt64.t = Any.any_l () + | & _67: UInt64.t = Any.any_l () | & old_9_0: MutBorrow.t (Slice64.slice t_T) = Any.any_l () ]) [ return (result: ()) -> {[@expl:my_reverse ensures] Seq.(==) (Slice64.view slice.final) (Reverse.reverse (Slice64.view slice.current))} diff --git a/tests/should_succeed/iterators/04_skip.coma b/tests/should_succeed/iterators/04_skip.coma index 880f172527..4fbb5d08bc 100644 --- a/tests/should_succeed/iterators/04_skip.coma +++ b/tests/should_succeed/iterators/04_skip.coma @@ -277,12 +277,12 @@ module M_impl_Iterator_for_Skip_I__next (* as common::Iterator> *) | bb1 = s0 [ s0 = MutBorrow.borrow_final {self.current.n} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t UInt64.t) -> - [ &_7 <- _ret ] [ &self <- { self with current = { self.current with n = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s2) - | s2 = take_usize {_6} (fun (_ret: UInt64.t) -> [ &n'0 <- _ret ] s3) + [ &_9 <- _ret ] [ &self <- { self with current = { self.current with n = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) + | s2 = take_usize {_8} (fun (_ret: UInt64.t) -> [ &n'0 <- _ret ] s3) | s3 = bb2 ] - | bb2 = s0 [ s0 = -{resolve_ref_usize _7}- s1 | s1 = [ &skipped <- Seq.empty: Seq.seq t_Item ] s2 | s2 = bb3 ] + | bb2 = s0 [ s0 = -{resolve_ref_usize _9}- s1 | s1 = [ &skipped <- Seq.empty: Seq.seq t_Item ] s2 | s2 = bb3 ] | bb3 = s0 [ s0 = [ &old_4_0 <- self ] s1 | s1 = bb4 ] | bb4 = bb4 [ bb4 = {[@expl:mut invariant] old_4_0.final = self.final} @@ -297,21 +297,21 @@ module M_impl_Iterator_for_Skip_I__next (* as common::Iterator> *) [ s0 = {inv_I self.current.iter} MutBorrow.borrow_mut {self.current.iter} (fun (_ret: MutBorrow.t t_I) -> - [ &_19 <- _ret ] -{inv_I _ret.final}- + [ &_30 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_19} (fun (_ret: t_Option_Item) -> [ &r <- _ret ] s2) + | s1 = next_I {_30} (fun (_ret: t_Option_Item) -> [ &r <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_21 <- n'0 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb7) ] ] + [ s0 = [ &_32 <- n'0 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_32 = false} (! bb8) | br1 -> {_32} (! bb7) ] ] | bb8 = any [ br0 -> {r = None} (! bb9) | br1 (x0: t_Item) -> {r = Some x0} (! bb11) ] | bb11 = s0 [ s0 = elim_Some {r} (fun (r0: t_Item) -> [ &x <- r0 ] s1) | s1 = {[@expl:type invariant] inv_Item x} s2 | s2 = -{resolve_Item x}- s3 - | s3 = [ &_26 <- Seq.(++) skipped (Seq.singleton x) ] s4 + | s3 = [ &_37 <- Seq.(++) skipped (Seq.singleton x) ] s4 | s4 = bb12 ] | bb12 = s0 - [ s0 = [ &skipped <- _26 ] s1 + [ s0 = [ &skipped <- _37 ] s1 | s1 = UInt64.sub {n'0} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &n'0 <- _ret ] s2) | s2 = bb4 ] ] ] | bb7 = s0 @@ -329,14 +329,14 @@ module M_impl_Iterator_for_Skip_I__next (* as common::Iterator> *) | & self: MutBorrow.t t_Skip_I = self | & old_self: MutBorrow.t t_Skip_I = Any.any_l () | & n'0: UInt64.t = Any.any_l () - | & _6: MutBorrow.t UInt64.t = Any.any_l () - | & _7: MutBorrow.t UInt64.t = Any.any_l () + | & _8: MutBorrow.t UInt64.t = Any.any_l () + | & _9: MutBorrow.t UInt64.t = Any.any_l () | & skipped: Seq.seq t_Item = Any.any_l () | & r: t_Option_Item = Any.any_l () - | & _19: MutBorrow.t t_I = Any.any_l () - | & _21: bool = Any.any_l () + | & _30: MutBorrow.t t_I = Any.any_l () + | & _32: bool = Any.any_l () | & x: t_Item = Any.any_l () - | & _26: Seq.seq t_Item = Any.any_l () + | & _37: Seq.seq t_Item = Any.any_l () | & old_4_0: MutBorrow.t t_Skip_I = Any.any_l () ]) [ return (result: t_Option_Item) -> {[@expl:next result type invariant] inv_Option_Item result} {[@expl:next ensures] match result with diff --git a/tests/should_succeed/iterators/05_map.coma b/tests/should_succeed/iterators/05_map.coma index fd18abfefa..e8bdc17a65 100644 --- a/tests/should_succeed/iterators/05_map.coma +++ b/tests/should_succeed/iterators/05_map.coma @@ -402,28 +402,28 @@ module M_impl_Iterator_for_Map_I_F__next (* as common::Iterator> *) [ s0 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_4 <- _ret ] -{inv_I _ret.final}- + [ &_5 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_4} (fun (_ret: t_Option_Item) -> [ &_3 <- _ret ] s2) + | s1 = next_I {_5} (fun (_ret: t_Option_Item) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_3 = None} (! bb4) | br1 (x0: t_Item) -> {_3 = Some x0} (! bb5) ] + | bb1 = any [ br0 -> {_4 = None} (! bb4) | br1 (x0: t_Item) -> {_4 = Some x0} (! bb5) ] | bb5 = s0 - [ s0 = elim_Some {_3} (fun (r0: t_Item) -> [ &v <- r0 ] s1) + [ s0 = elim_Some {_4} (fun (r0: t_Item) -> [ &v <- r0 ] s1) | s1 = {[@expl:assertion] precondition_F self.current.func v} s2 - | s2 = [ &_9 <- () ] s3 + | s2 = [ &_12 <- () ] s3 | s3 = bb6 ] | bb6 = s0 [ s0 = {inv_F self.current.func} MutBorrow.borrow_final {self.current.func} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_F) -> - [ &_12 <- _ret ] -{inv_F _ret.final}- + [ &_15 <- _ret ] -{inv_F _ret.final}- [ &self <- { self with current = { self.current with func = _ret.final } } ] s1) - | s1 = [ &_13 <- v ] s2 - | s2 = call_mut_F {_12} {_13} (fun (_ret: t_B) -> [ &_11 <- _ret ] s3) + | s1 = [ &_16 <- v ] s2 + | s2 = call_mut_F {_15} {_16} (fun (_ret: t_B) -> [ &_14 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 [ s0 = {[@expl:type invariant] inv_ref_Map_I_F self} s1 | s1 = -{resolve_ref_Map_I_F self}- s2 | s2 = bb8 ] - | bb8 = s0 [ s0 = [ &_0 <- Some'0 _11 ] s1 | s1 = bb12 ] + | bb8 = s0 [ s0 = [ &_0 <- Some'0 _14 ] s1 | s1 = bb12 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_ref_Map_I_F self} s1 | s1 = -{resolve_ref_Map_I_F self}- s2 @@ -432,13 +432,13 @@ module M_impl_Iterator_for_Map_I_F__next (* as common::Iterator> *) | bb12 = return {_0} ] [ & _0: t_Option_B = Any.any_l () | & self: MutBorrow.t t_Map_I_F = self - | & _3: t_Option_Item = Any.any_l () - | & _4: MutBorrow.t t_I = Any.any_l () + | & _4: t_Option_Item = Any.any_l () + | & _5: MutBorrow.t t_I = Any.any_l () | & v: t_Item = Any.any_l () - | & _9: () = Any.any_l () - | & _11: t_B = Any.any_l () - | & _12: MutBorrow.t t_F = Any.any_l () - | & _13: t_Item = Any.any_l () ]) + | & _12: () = Any.any_l () + | & _14: t_B = Any.any_l () + | & _15: MutBorrow.t t_F = Any.any_l () + | & _16: t_Item = Any.any_l () ]) [ return (result: t_Option_B) -> {[@expl:next result type invariant] inv_Option_B result} {[@expl:next ensures] match result with | None'0 -> completed_Map_I_F self diff --git a/tests/should_succeed/iterators/06_map_precond.coma b/tests/should_succeed/iterators/06_map_precond.coma index d0d8d0bfde..56f5a0d756 100644 --- a/tests/should_succeed/iterators/06_map_precond.coma +++ b/tests/should_succeed/iterators/06_map_precond.coma @@ -440,13 +440,13 @@ module M_impl_Iterator_for_Map_I_F__next (* as common::Iterator> *) [ s0 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_4 <- _ret ] -{inv_I _ret.final}- + [ &_5 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_4} (fun (_ret: t_Option_Item) -> [ &_3 <- _ret ] s2) + | s1 = next_I {_5} (fun (_ret: t_Option_Item) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_3 = None} (! bb4) | br1 (x0: t_Item) -> {_3 = Some x0} (! bb5) ] + | bb1 = any [ br0 -> {_4 = None} (! bb4) | br1 (x0: t_Item) -> {_4 = Some x0} (! bb5) ] | bb5 = s0 - [ s0 = elim_Some {_3} (fun (r0: t_Item) -> [ &v <- r0 ] s1) + [ s0 = elim_Some {_4} (fun (r0: t_Item) -> [ &v <- r0 ] s1) | s1 = {[@expl:assertion] precondition_F self.current.func { f0 = v; f1 = self.current.produced }} s2 | s2 = [ &produced'0 <- Seq.snoc self.current.produced v ] s3 | s3 = bb6 ] @@ -454,21 +454,21 @@ module M_impl_Iterator_for_Map_I_F__next (* as common::Iterator> *) [ s0 = {inv_F self.current.func} MutBorrow.borrow_final {self.current.func} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_F) -> - [ &_12 <- _ret ] -{inv_F _ret.final}- + [ &_18 <- _ret ] -{inv_F _ret.final}- [ &self <- { self with current = { self.current with func = _ret.final } } ] s1) - | s1 = [ &_13 <- { f0 = v; f1 = self.current.produced } ] s2 - | s2 = call_mut_F {_12} {_13} (fun (_ret: t_B) -> [ &r <- _ret ] s3) + | s1 = [ &_19 <- { f0 = v; f1 = self.current.produced } ] s2 + | s2 = call_mut_F {_18} {_19} (fun (_ret: t_B) -> [ &r <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 [ s0 = [ &self <- { self with current = { self.current with produced = produced'0 } } ] s1 | s1 = {[@expl:type invariant] inv_ref_Map_I_F self} s2 | s2 = -{resolve_ref_Map_I_F self}- s3 - | s3 = [ &_17 <- () ] s4 + | s3 = [ &_23 <- () ] s4 | s4 = bb9 ] | bb9 = s0 [ s0 = [ &_0 <- Some'0 r ] s1 | s1 = bb15 ] - | bb4 = s0 [ s0 = [ &_20 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb13 ] + | bb4 = s0 [ s0 = [ &_26 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb13 ] | bb13 = s0 - [ s0 = [ &self <- { self with current = { self.current with produced = _20 } } ] s1 + [ s0 = [ &self <- { self with current = { self.current with produced = _26 } } ] s1 | s1 = {[@expl:type invariant] inv_ref_Map_I_F self} s2 | s2 = -{resolve_ref_Map_I_F self}- s3 | s3 = [ &_0 <- None'0 ] s4 @@ -476,15 +476,15 @@ module M_impl_Iterator_for_Map_I_F__next (* as common::Iterator> *) | bb15 = return {_0} ] [ & _0: t_Option_B = Any.any_l () | & self: MutBorrow.t t_Map_I_F = self - | & _3: t_Option_Item = Any.any_l () - | & _4: MutBorrow.t t_I = Any.any_l () + | & _4: t_Option_Item = Any.any_l () + | & _5: MutBorrow.t t_I = Any.any_l () | & v: t_Item = Any.any_l () | & produced'0: Seq.seq t_Item = Any.any_l () | & r: t_B = Any.any_l () - | & _12: MutBorrow.t t_F = Any.any_l () - | & _13: tup2_Item_Snapshot_Seq_Item = Any.any_l () - | & _17: () = Any.any_l () - | & _20: Seq.seq t_Item = Any.any_l () ]) + | & _18: MutBorrow.t t_F = Any.any_l () + | & _19: tup2_Item_Snapshot_Seq_Item = Any.any_l () + | & _23: () = Any.any_l () + | & _26: Seq.seq t_Item = Any.any_l () ]) [ return (result: t_Option_B) -> {[@expl:next result type invariant] inv_Option_B result} {[@expl:next ensures] match result with | None'0 -> completed_Map_I_F self @@ -916,13 +916,13 @@ module M_map {[@expl:map requires #2] preservation_I iter'0 func'0} (! bb0 [ bb0 = bb1 - | bb1 = s0 [ s0 = [ &_9 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- { iter = iter'0; func = func'0; produced = _9 } ] s1 | s1 = bb6 ] + | bb1 = s0 [ s0 = [ &_13 <- Seq.empty: Seq.seq t_Item ] s1 | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- { iter = iter'0; func = func'0; produced = _13 } ] s1 | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: t_Map_I_F = Any.any_l () | & iter'0: t_I = iter'0 | & func'0: t_F = func'0 - | & _9: Seq.seq t_Item = Any.any_l () ]) + | & _13: Seq.seq t_Item = Any.any_l () ]) [ return (result: t_Map_I_F) -> {[@expl:map result type invariant] inv_Map_I_F result} {[@expl:map ensures] result = { iter = iter'0; func = func'0; produced = Seq.empty: Seq.seq t_Item }} (! return {result}) ] @@ -1323,8 +1323,8 @@ module M_increment -> (forall x: int. 0 <= x /\ x < Seq.length prod -> UInt32.le (Seq.get prod x) (10: UInt32.t))} (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- () ] s1 - | s1 = map_U {iter'0} {_6} (fun (_ret: t_Map_U_closure0) -> [ &i <- _ret ] s2) + [ s0 = [ &_7 <- () ] s1 + | s1 = map_U {iter'0} {_7} (fun (_ret: t_Map_U_closure0) -> [ &i <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_Map_U_closure0 i} s1 @@ -1337,7 +1337,7 @@ module M_increment [ & _0: () = Any.any_l () | & iter'0: t_U = iter'0 | & i: t_Map_U_closure0 = Any.any_l () - | & _6: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _7: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_counter use creusot.int.UInt64 @@ -1518,19 +1518,19 @@ module M_counter [ bb0 = s0 [ s0 = [ &cnt <- (0: UInt64.t) ] s1 | s1 = MutBorrow.borrow_mut {cnt} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_8 <- _ret ] [ &cnt <- _ret.final ] s2) - | s2 = [ &_7 <- { c0 = _8 } ] s3 - | s3 = map_I {iter'0} {_7} (fun (_ret: t_Map_I_closure0) -> [ &_5 <- _ret ] s4) - | s4 = {[@expl:type invariant] inv_Map_I_closure0 _5} s5 - | s5 = -{resolve_Map_I_closure0 _5}- s6 + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_9 <- _ret ] [ &cnt <- _ret.final ] s2) + | s2 = [ &_8 <- { c0 = _9 } ] s3 + | s3 = map_I {iter'0} {_8} (fun (_ret: t_Map_I_closure0) -> [ &_6 <- _ret ] s4) + | s4 = {[@expl:type invariant] inv_Map_I_closure0 _6} s5 + | s5 = -{resolve_Map_I_closure0 _6}- s6 | s6 = bb3 ] | bb3 = return {_0} ] [ & _0: () = Any.any_l () | & iter'0: t_I = iter'0 | & cnt: UInt64.t = Any.any_l () - | & _5: t_Map_I_closure0 = Any.any_l () - | & _7: closure0 = Any.any_l () - | & _8: MutBorrow.t UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _6: t_Map_I_closure0 = Any.any_l () + | & _8: closure0 = Any.any_l () + | & _9: MutBorrow.t UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_impl_Iterator_for_Map_I_F__next__refines (* as common::Iterator> *) use creusot.prelude.MutBorrow diff --git a/tests/should_succeed/iterators/07_fuse.coma b/tests/should_succeed/iterators/07_fuse.coma index 1a6e256645..9e9c284a78 100644 --- a/tests/should_succeed/iterators/07_fuse.coma +++ b/tests/should_succeed/iterators/07_fuse.coma @@ -155,47 +155,47 @@ module M_impl_Iterator_for_Fuse_I__next (* as common::Iterator> *) [ s0 = {inv_Option_I self.current.iter} MutBorrow.borrow_mut {self.current.iter} (fun (_ret: MutBorrow.t t_Option_I) -> - [ &_3 <- _ret ] -{inv_Option_I _ret.final}- + [ &_4 <- _ret ] -{inv_Option_I _ret.final}- [ &self <- { self with current = { iter = _ret.final } } ] s1) - | s1 = any [ br0 -> {_3.current = None} (! bb2) | br1 (x0: t_I) -> {_3.current = Some x0} (! bb3) ] ] + | s1 = any [ br0 -> {_4.current = None} (! bb2) | br1 (x0: t_I) -> {_4.current = Some x0} (! bb3) ] ] | bb3 = s0 - [ s0 = elim_Some {_3.current} + [ s0 = elim_Some {_4.current} (fun (r0: t_I) -> {inv_I r0} - MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _3) 1} + MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _4) 1} (fun (_ret: MutBorrow.t t_I) -> [ &iter'0 <- _ret ] -{inv_I _ret.final}- - [ &_3 <- { _3 with current = Some _ret.final } ] s1)) + [ &_4 <- { _4 with current = Some _ret.final } ] s1)) | s1 = {inv_I iter'0.current} MutBorrow.borrow_final {iter'0.current} {MutBorrow.get_id iter'0} (fun (_ret: MutBorrow.t t_I) -> - [ &_7 <- _ret ] -{inv_I _ret.final}- + [ &_8 <- _ret ] -{inv_I _ret.final}- [ &iter'0 <- { iter'0 with current = _ret.final } ] s2) - | s2 = next_I {_7} (fun (_ret: t_Option_Item) -> [ &_6 <- _ret ] s3) + | s2 = next_I {_8} (fun (_ret: t_Option_Item) -> [ &_7 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = {[@expl:type invariant] inv_ref_I iter'0} s1 | s1 = -{resolve_ref_I iter'0}- s2 - | s2 = {[@expl:type invariant] inv_ref_Option_I _3} s3 - | s3 = -{resolve_ref_Option_I _3}- s4 - | s4 = any [ br0 -> {_6 = None'0} (! bb7) | br1 (x0: t_Item) -> {_6 = Some'0 x0} (! bb6) ] ] + | s2 = {[@expl:type invariant] inv_ref_Option_I _4} s3 + | s3 = -{resolve_ref_Option_I _4}- s4 + | s4 = any [ br0 -> {_7 = None'0} (! bb7) | br1 (x0: t_Item) -> {_7 = Some'0 x0} (! bb6) ] ] | bb6 = s0 [ s0 = {[@expl:type invariant] inv_ref_Fuse_I self} s1 | s1 = -{resolve_ref_Fuse_I self}- s2 - | s2 = [ &x <- _6 ] s3 + | s2 = [ &x <- _7 ] s3 | s3 = [ &_0 <- x ] s4 | s4 = bb15 ] - | bb7 = s0 [ s0 = {[@expl:type invariant] inv_Option_Item _6} s1 | s1 = -{resolve_Option_Item _6}- s2 | s2 = bb8 ] - | bb8 = s0 [ s0 = [ &_9 <- None ] s1 | s1 = bb9 ] + | bb7 = s0 [ s0 = {[@expl:type invariant] inv_Option_Item _7} s1 | s1 = -{resolve_Option_Item _7}- s2 | s2 = bb8 ] + | bb8 = s0 [ s0 = [ &_10 <- None ] s1 | s1 = bb9 ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_Option_I self.current.iter} s1 | s1 = -{resolve_Option_I self.current.iter}- s2 - | s2 = [ &self <- { self with current = { iter = _9 } } ] s3 + | s2 = [ &self <- { self with current = { iter = _10 } } ] s3 | s3 = {[@expl:type invariant] inv_ref_Fuse_I self} s4 | s4 = -{resolve_ref_Fuse_I self}- s5 | s5 = bb11 ] | bb11 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb15 ] - | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_I _3} s1 | s1 = -{resolve_ref_Option_I _3}- s2 | s2 = bb4 ] + | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Option_I _4} s1 | s1 = -{resolve_ref_Option_I _4}- s2 | s2 = bb4 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_ref_Fuse_I self} s1 | s1 = -{resolve_ref_Fuse_I self}- s2 @@ -204,11 +204,11 @@ module M_impl_Iterator_for_Fuse_I__next (* as common::Iterator> *) | bb15 = return {_0} ] [ & _0: t_Option_Item = Any.any_l () | & self: MutBorrow.t t_Fuse_I = self - | & _3: MutBorrow.t t_Option_I = Any.any_l () + | & _4: MutBorrow.t t_Option_I = Any.any_l () | & iter'0: MutBorrow.t t_I = Any.any_l () - | & _6: t_Option_Item = Any.any_l () - | & _7: MutBorrow.t t_I = Any.any_l () - | & _9: t_Option_I = Any.any_l () + | & _7: t_Option_Item = Any.any_l () + | & _8: MutBorrow.t t_I = Any.any_l () + | & _10: t_Option_I = Any.any_l () | & x: t_Option_Item = Any.any_l () ]) [ return (result: t_Option_Item) -> {[@expl:next result type invariant] inv_Option_Item result} {[@expl:next ensures] match result with diff --git a/tests/should_succeed/iterators/08_collect_extend.coma b/tests/should_succeed/iterators/08_collect_extend.coma index a20e8ca0d5..7bb0ffd0ce 100644 --- a/tests/should_succeed/iterators/08_collect_extend.coma +++ b/tests/should_succeed/iterators/08_collect_extend.coma @@ -151,31 +151,31 @@ module M_extend [ bb6 = s0 [ s0 = {inv_I iter'0} MutBorrow.borrow_mut {iter'0} - (fun (_ret: MutBorrow.t t_I) -> [ &_21 <- _ret ] -{inv_I _ret.final}- [ &iter'0 <- _ret.final ] s1) - | s1 = {inv_I _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t t_I) -> [ &_34 <- _ret ] -{inv_I _ret.final}- [ &iter'0 <- _ret.final ] s1) + | s1 = {inv_I _34.current} + MutBorrow.borrow_final {_34.current} {MutBorrow.get_id _34} (fun (_ret: MutBorrow.t t_I) -> - [ &_20 <- _ret ] -{inv_I _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_I {_20} (fun (_ret: t_Option_T) -> [ &_19 <- _ret ] s3) + [ &_33 <- _ret ] -{inv_I _ret.final}- + [ &_34 <- { _34 with current = _ret.final } ] s2) + | s2 = next_I {_33} (fun (_ret: t_Option_T) -> [ &_32 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_I _21} s1 - | s1 = -{resolve_ref_I _21}- s2 - | s2 = any [ br0 -> {_19 = None} (! bb10) | br1 (x0: t_T) -> {_19 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_I _34} s1 + | s1 = -{resolve_ref_I _34}- s2 + | s2 = any [ br0 -> {_32 = None} (! bb10) | br1 (x0: t_T) -> {_32 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_19} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_32} (fun (r0: t_T) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_37 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _37 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv_Vec_T_Global vec.current} MutBorrow.borrow_mut {vec.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_28 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_43 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &vec <- { vec with current = _ret.final } ] s3) - | s3 = push_T {_28} {x} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + | s3 = push_T {_43} {x} (fun (_ret: ()) -> [ &_42 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_I iter'0} s1 @@ -191,14 +191,14 @@ module M_extend | & iter'0: t_I = Any.any_l () | & iter_old: t_I = Any.any_l () | & produced: Seq.seq t_T = Any.any_l () - | & _19: t_Option_T = Any.any_l () - | & _20: MutBorrow.t t_I = Any.any_l () - | & _21: MutBorrow.t t_I = Any.any_l () + | & _32: t_Option_T = Any.any_l () + | & _33: MutBorrow.t t_I = Any.any_l () + | & _34: MutBorrow.t t_I = Any.any_l () | & __creusot_proc_iter_elem: t_T = Any.any_l () - | & _24: Seq.seq t_T = Any.any_l () + | & _37: Seq.seq t_T = Any.any_l () | & x: t_T = Any.any_l () - | & _27: () = Any.any_l () - | & _28: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _42: () = Any.any_l () + | & _43: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_5_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:extend ensures] exists done': MutBorrow.t t_I, prod: Seq.seq t_T. completed_I done' /\ produces_I iter prod done'.current @@ -358,31 +358,31 @@ module M_collect [ bb6 = s0 [ s0 = {inv_I iter'0} MutBorrow.borrow_mut {iter'0} - (fun (_ret: MutBorrow.t t_I) -> [ &_20 <- _ret ] -{inv_I _ret.final}- [ &iter'0 <- _ret.final ] s1) - | s1 = {inv_I _20.current} - MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} + (fun (_ret: MutBorrow.t t_I) -> [ &_30 <- _ret ] -{inv_I _ret.final}- [ &iter'0 <- _ret.final ] s1) + | s1 = {inv_I _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_I) -> - [ &_19 <- _ret ] -{inv_I _ret.final}- - [ &_20 <- { _20 with current = _ret.final } ] s2) - | s2 = next_I {_19} (fun (_ret: t_Option_Item) -> [ &_18 <- _ret ] s3) + [ &_29 <- _ret ] -{inv_I _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = next_I {_29} (fun (_ret: t_Option_Item) -> [ &_28 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_I _20} s1 - | s1 = -{resolve_ref_I _20}- s2 - | s2 = any [ br0 -> {_18 = None} (! bb10) | br1 (x0: t_Item) -> {_18 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_I _30} s1 + | s1 = -{resolve_ref_I _30}- s2 + | s2 = any [ br0 -> {_28 = None} (! bb10) | br1 (x0: t_Item) -> {_28 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_18} (fun (r0: t_Item) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_23 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_28} (fun (r0: t_Item) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_33 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _23 ] s1 + [ s0 = [ &produced <- _33 ] s1 | s1 = [ &x <- __creusot_proc_iter_elem ] s2 | s2 = {inv_Vec_Item_Global res} MutBorrow.borrow_mut {res} (fun (_ret: MutBorrow.t t_Vec_Item_Global) -> - [ &_27 <- _ret ] -{inv_Vec_Item_Global _ret.final}- + [ &_39 <- _ret ] -{inv_Vec_Item_Global _ret.final}- [ &res <- _ret.final ] s3) - | s3 = push_Item {_27} {x} (fun (_ret: ()) -> [ &_26 <- _ret ] s4) + | s3 = push_Item {_39} {x} (fun (_ret: ()) -> [ &_38 <- _ret ] s4) | s4 = bb5 ] ] ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_I iter'0} s1 | s1 = -{resolve_I iter'0}- s2 | s2 = bb18 ] | bb18 = s0 [ s0 = [ &_0 <- res ] s1 | s1 = bb20 ] @@ -393,14 +393,14 @@ module M_collect | & iter'0: t_I = Any.any_l () | & iter_old: t_I = Any.any_l () | & produced: Seq.seq t_Item = Any.any_l () - | & _18: t_Option_Item = Any.any_l () - | & _19: MutBorrow.t t_I = Any.any_l () - | & _20: MutBorrow.t t_I = Any.any_l () + | & _28: t_Option_Item = Any.any_l () + | & _29: MutBorrow.t t_I = Any.any_l () + | & _30: MutBorrow.t t_I = Any.any_l () | & __creusot_proc_iter_elem: t_Item = Any.any_l () - | & _23: Seq.seq t_Item = Any.any_l () + | & _33: Seq.seq t_Item = Any.any_l () | & x: t_Item = Any.any_l () - | & _26: () = Any.any_l () - | & _27: MutBorrow.t t_Vec_Item_Global = Any.any_l () ]) + | & _38: () = Any.any_l () + | & _39: MutBorrow.t t_Vec_Item_Global = Any.any_l () ]) [ return (result: t_Vec_Item_Global) -> {[@expl:collect result type invariant] inv_Vec_Item_Global result} {[@expl:collect ensures] exists done': MutBorrow.t t_I, prod: Seq.seq t_Item. resolve_I done'.final /\ completed_I done' /\ produces_I iter prod done'.current /\ view_Vec_Item_Global result = prod} @@ -479,16 +479,17 @@ module M_extend_index | bb1 = s0 [ s0 = [ &oldv2 <- v2 ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = MutBorrow.borrow_mut {v1} - (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> [ &_9 <- _ret ] [ &v1 <- _ret.final ] s1) - | s1 = into_iter_Vec_u32_Global {v2} (fun (_ret: t_IntoIter_u32_Global) -> [ &_10 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> [ &_11 <- _ret ] [ &v1 <- _ret.final ] s1) + | s1 = into_iter_Vec_u32_Global {v2} (fun (_ret: t_IntoIter_u32_Global) -> [ &_12 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s1) - | s1 = extend_u32 {_8} {_10} (fun (_ret: ()) -> [ &_7 <- _ret ] s2) + [ s0 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> + [ &_10 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s1) + | s1 = extend_u32 {_10} {_12} (fun (_ret: ()) -> [ &_9 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = -{resolve_ref_Vec_u32_Global _9}- s1 + [ s0 = -{resolve_ref_Vec_u32_Global _11}- s1 | s1 = {[@expl:assertion] Seq.(==) (view_Vec_u32_Global v1) (Seq.(++) (view_Vec_u32_Global oldv1) (view_Vec_u32_Global oldv2))} s2 @@ -499,10 +500,10 @@ module M_extend_index | & v2: t_Vec_u32_Global = v2 | & oldv1: t_Vec_u32_Global = Any.any_l () | & oldv2: t_Vec_u32_Global = Any.any_l () - | & _7: () = Any.any_l () - | & _8: MutBorrow.t t_Vec_u32_Global = Any.any_l () - | & _9: MutBorrow.t t_Vec_u32_Global = Any.any_l () - | & _10: t_IntoIter_u32_Global = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: () = Any.any_l () + | & _10: MutBorrow.t t_Vec_u32_Global = Any.any_l () + | & _11: MutBorrow.t t_Vec_u32_Global = Any.any_l () + | & _12: t_IntoIter_u32_Global = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_collect_example use creusot.prelude.MutBorrow diff --git a/tests/should_succeed/iterators/10_once.coma b/tests/should_succeed/iterators/10_once.coma index cd0b92bd37..f1e8714481 100644 --- a/tests/should_succeed/iterators/10_once.coma +++ b/tests/should_succeed/iterators/10_once.coma @@ -124,9 +124,9 @@ module M_impl_Iterator_for_Once_T__next (* as common::Iterator> *) [ s0 = {inv_Option_T self.current.f0} MutBorrow.borrow_final {self.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Option_T) -> - [ &_3 <- _ret ] -{inv_Option_T _ret.final}- + [ &_4 <- _ret ] -{inv_Option_T _ret.final}- [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = take_T {_3} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) + | s1 = take_T {_4} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Once_T self} s1 @@ -134,7 +134,7 @@ module M_impl_Iterator_for_Once_T__next (* as common::Iterator> *) | s2 = return {_0} ] ] [ & _0: t_Option_T = Any.any_l () | & self: MutBorrow.t t_Once_T = self - | & _3: MutBorrow.t t_Option_T = Any.any_l () ]) + | & _4: MutBorrow.t t_Option_T = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:next result type invariant] inv_Option_T result} {[@expl:next ensures] match result with | None -> completed_Once_T self diff --git a/tests/should_succeed/iterators/11_repeat.coma b/tests/should_succeed/iterators/11_repeat.coma index a3353a8bab..f230665ad9 100644 --- a/tests/should_succeed/iterators/11_repeat.coma +++ b/tests/should_succeed/iterators/11_repeat.coma @@ -309,11 +309,11 @@ module M_impl_Iterator_for_Repeat_A__next (* as common::Iterator> *) [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_ref_Repeat_A self} s1 | s1 = -{resolve_ref_Repeat_A self}- s2 - | s2 = clone_A {self.current.element} (fun (_ret: t_A) -> [ &_3 <- _ret ] s3) + | s2 = clone_A {self.current.element} (fun (_ret: t_A) -> [ &_4 <- _ret ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- Some _3 ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &_0 <- Some _4 ] s1 | s1 = bb2 ] | bb2 = return {_0} ] - [ & _0: t_Option_A = Any.any_l () | & self: MutBorrow.t t_Repeat_A = self | & _3: t_A = Any.any_l () ]) + [ & _0: t_Option_A = Any.any_l () | & self: MutBorrow.t t_Repeat_A = self | & _4: t_A = Any.any_l () ]) [ return (result: t_Option_A) -> {[@expl:next result type invariant] inv_Option_A result} {[@expl:next ensures] match result with | None -> completed_Repeat_A self diff --git a/tests/should_succeed/iterators/12_zip.coma b/tests/should_succeed/iterators/12_zip.coma index 702abf5350..3dd620f79d 100644 --- a/tests/should_succeed/iterators/12_zip.coma +++ b/tests/should_succeed/iterators/12_zip.coma @@ -318,27 +318,27 @@ module M_impl_Iterator_for_Zip_A_B__next (* as common::Iterator> *) [ s0 = {inv_A self.current.a} MutBorrow.borrow_final {self.current.a} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_A) -> - [ &_5 <- _ret ] -{inv_A _ret.final}- + [ &_6 <- _ret ] -{inv_A _ret.final}- [ &self <- { self with current = { self.current with a = _ret.final } } ] s1) - | s1 = next_A {_5} (fun (_ret: t_Option_Item) -> [ &_4 <- _ret ] s2) + | s1 = next_A {_6} (fun (_ret: t_Option_Item) -> [ &_5 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_4 = None} (! bb3) | br1 (x0: t_Item) -> {_4 = Some x0} (! bb4) ] - | bb4 = s0 [ s0 = elim_Some {_4} (fun (r0: t_Item) -> [ &x'0 <- r0 ] s1) | s1 = [ &x <- x'0 ] s2 | s2 = bb7 ] + | bb1 = any [ br0 -> {_5 = None} (! bb3) | br1 (x0: t_Item) -> {_5 = Some x0} (! bb4) ] + | bb4 = s0 [ s0 = elim_Some {_5} (fun (r0: t_Item) -> [ &x'0 <- r0 ] s1) | s1 = [ &x <- x'0 ] s2 | s2 = bb7 ] | bb7 = s0 [ s0 = {inv_B self.current.b} MutBorrow.borrow_final {self.current.b} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_B) -> - [ &_11 <- _ret ] -{inv_B _ret.final}- + [ &_12 <- _ret ] -{inv_B _ret.final}- [ &self <- { self with current = { self.current with b = _ret.final } } ] s1) - | s1 = next_B {_11} (fun (_ret: t_Option_Item'0) -> [ &_10 <- _ret ] s2) + | s1 = next_B {_12} (fun (_ret: t_Option_Item'0) -> [ &_11 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_ref_Zip_A_B self} s1 | s1 = -{resolve_ref_Zip_A_B self}- s2 - | s2 = any [ br0 -> {_10 = None'0} (! bb10) | br1 (x0: t_Item'0) -> {_10 = Some'0 x0} (! bb11) ] ] - | bb11 = s0 [ s0 = elim_Some'0 {_10} (fun (r0: t_Item'0) -> [ &y'0 <- r0 ] s1) | s1 = [ &y <- y'0 ] s2 | s2 = bb14 ] - | bb14 = s0 [ s0 = [ &_15 <- { f0 = x; f1 = y } ] s1 | s1 = bb16 ] - | bb16 = s0 [ s0 = [ &_0 <- Some'1 _15 ] s1 | s1 = bb23 ] + | s2 = any [ br0 -> {_11 = None'0} (! bb10) | br1 (x0: t_Item'0) -> {_11 = Some'0 x0} (! bb11) ] ] + | bb11 = s0 [ s0 = elim_Some'0 {_11} (fun (r0: t_Item'0) -> [ &y'0 <- r0 ] s1) | s1 = [ &y <- y'0 ] s2 | s2 = bb14 ] + | bb14 = s0 [ s0 = [ &_16 <- { f0 = x; f1 = y } ] s1 | s1 = bb16 ] + | bb16 = s0 [ s0 = [ &_0 <- Some'1 _16 ] s1 | s1 = bb23 ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_Item x} s1 | s1 = -{resolve_Item x}- s2 | s2 = bb12 ] | bb12 = s0 [ s0 = [ &_0 <- None'1 ] s1 | s1 = bb23 ] | bb3 = s0 @@ -348,14 +348,14 @@ module M_impl_Iterator_for_Zip_A_B__next (* as common::Iterator> *) [ & _0: t_Option_tup2_Item_Item = Any.any_l () | & self: MutBorrow.t t_Zip_A_B = self | & x: t_Item = Any.any_l () - | & _4: t_Option_Item = Any.any_l () - | & _5: MutBorrow.t t_A = Any.any_l () + | & _5: t_Option_Item = Any.any_l () + | & _6: MutBorrow.t t_A = Any.any_l () | & x'0: t_Item = Any.any_l () | & y: t_Item'0 = Any.any_l () - | & _10: t_Option_Item'0 = Any.any_l () - | & _11: MutBorrow.t t_B = Any.any_l () + | & _11: t_Option_Item'0 = Any.any_l () + | & _12: MutBorrow.t t_B = Any.any_l () | & y'0: t_Item'0 = Any.any_l () - | & _15: tup2_Item_Item = Any.any_l () ]) + | & _16: tup2_Item_Item = Any.any_l () ]) [ return (result: t_Option_tup2_Item_Item) -> {[@expl:next result type invariant] inv_Option_tup2_Item_Item result} {[@expl:next ensures] match result with | None'1 -> completed_Zip_A_B self diff --git a/tests/should_succeed/iterators/13_cloned.coma b/tests/should_succeed/iterators/13_cloned.coma index e2031c7bf0..764045c2cb 100644 --- a/tests/should_succeed/iterators/13_cloned.coma +++ b/tests/should_succeed/iterators/13_cloned.coma @@ -408,20 +408,20 @@ module M_impl_Iterator_for_Cloned_I__next (* as common::Iterator> *) [ s0 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_4 <- _ret ] -{inv_I _ret.final}- + [ &_5 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { iter = _ret.final } } ] s1) - | s1 = next_I {_4} (fun (_ret: t_Option_ref_T) -> [ &_3 <- _ret ] s2) + | s1 = next_I {_5} (fun (_ret: t_Option_ref_T) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Cloned_I self} s1 | s1 = -{resolve_ref_Cloned_I self}- s2 - | s2 = cloned_T {_3} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) + | s2 = cloned_T {_4} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) | s3 = bb2 ] | bb2 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self: MutBorrow.t t_Cloned_I = self - | & _3: t_Option_ref_T = Any.any_l () - | & _4: MutBorrow.t t_I = Any.any_l () ]) + | & _4: t_Option_ref_T = Any.any_l () + | & _5: MutBorrow.t t_I = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:next result type invariant] inv_Option_T result} {[@expl:next ensures] match result with | None'0 -> completed_Cloned_I self diff --git a/tests/should_succeed/iterators/14_copied.coma b/tests/should_succeed/iterators/14_copied.coma index acc8d2b2e9..021b89673d 100644 --- a/tests/should_succeed/iterators/14_copied.coma +++ b/tests/should_succeed/iterators/14_copied.coma @@ -210,20 +210,20 @@ module M_impl_Iterator_for_Copied_I__next (* as common::Iterator> *) [ s0 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_4 <- _ret ] -{inv_I _ret.final}- + [ &_5 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { iter = _ret.final } } ] s1) - | s1 = next_I {_4} (fun (_ret: t_Option_ref_T) -> [ &_3 <- _ret ] s2) + | s1 = next_I {_5} (fun (_ret: t_Option_ref_T) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Copied_I self} s1 | s1 = -{resolve_ref_Copied_I self}- s2 - | s2 = copied_T {_3} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) + | s2 = copied_T {_4} (fun (_ret: t_Option_T) -> [ &_0 <- _ret ] s3) | s3 = bb2 ] | bb2 = return {_0} ] [ & _0: t_Option_T = Any.any_l () | & self: MutBorrow.t t_Copied_I = self - | & _3: t_Option_ref_T = Any.any_l () - | & _4: MutBorrow.t t_I = Any.any_l () ]) + | & _4: t_Option_ref_T = Any.any_l () + | & _5: MutBorrow.t t_I = Any.any_l () ]) [ return (result: t_Option_T) -> {[@expl:next result type invariant] inv_Option_T result} {[@expl:next ensures] match result with | None'0 -> completed_Copied_I self diff --git a/tests/should_succeed/iterators/15_enumerate.coma b/tests/should_succeed/iterators/15_enumerate.coma index a67f327ff5..dced0687cb 100644 --- a/tests/should_succeed/iterators/15_enumerate.coma +++ b/tests/should_succeed/iterators/15_enumerate.coma @@ -229,21 +229,21 @@ module M_impl_Iterator_for_Enumerate_I__next (* as common::Iterato [ s0 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_4 <- _ret ] -{inv_I _ret.final}- + [ &_5 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_4} (fun (_ret: t_Option_Item) -> [ &_3 <- _ret ] s2) + | s1 = next_I {_5} (fun (_ret: t_Option_Item) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] - | bb1 = any [ br0 -> {_3 = None} (! bb3) | br1 (x0: t_Item) -> {_3 = Some x0} (! bb4) ] + | bb1 = any [ br0 -> {_4 = None} (! bb3) | br1 (x0: t_Item) -> {_4 = Some x0} (! bb4) ] | bb4 = s0 - [ s0 = elim_Some {_3} (fun (r0: t_Item) -> [ &x <- r0 ] s1) + [ s0 = elim_Some {_4} (fun (r0: t_Item) -> [ &x <- r0 ] s1) | s1 = [ &n <- self.current.count ] s2 | s2 = UInt64.add {self.current.count} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &self <- { self with current = { self.current with count = _ret } } ] s3) | s3 = {[@expl:type invariant] inv_ref_Enumerate_I self} s4 | s4 = -{resolve_ref_Enumerate_I self}- s5 - | s5 = [ &_8 <- { f0 = n; f1 = x } ] s6 + | s5 = [ &_9 <- { f0 = n; f1 = x } ] s6 | s6 = bb6 ] - | bb6 = s0 [ s0 = [ &_0 <- Some'0 _8 ] s1 | s1 = bb10 ] + | bb6 = s0 [ s0 = [ &_0 <- Some'0 _9 ] s1 | s1 = bb10 ] | bb3 = s0 [ s0 = {[@expl:type invariant] inv_ref_Enumerate_I self} s1 | s1 = -{resolve_ref_Enumerate_I self}- s2 @@ -252,11 +252,11 @@ module M_impl_Iterator_for_Enumerate_I__next (* as common::Iterato | bb10 = return {_0} ] [ & _0: t_Option_tup2_usize_Item = Any.any_l () | & self: MutBorrow.t t_Enumerate_I = self - | & _3: t_Option_Item = Any.any_l () - | & _4: MutBorrow.t t_I = Any.any_l () + | & _4: t_Option_Item = Any.any_l () + | & _5: MutBorrow.t t_I = Any.any_l () | & x: t_Item = Any.any_l () | & n: UInt64.t = Any.any_l () - | & _8: tup2_usize_Item = Any.any_l () ]) + | & _9: tup2_usize_Item = Any.any_l () ]) [ return (result: t_Option_tup2_usize_Item) -> {[@expl:next result type invariant] inv_Option_tup2_usize_Item result} {[@expl:next ensures] match result with diff --git a/tests/should_succeed/iterators/16_take.coma b/tests/should_succeed/iterators/16_take.coma index d07e4bf053..bf11da6235 100644 --- a/tests/should_succeed/iterators/16_take.coma +++ b/tests/should_succeed/iterators/16_take.coma @@ -178,17 +178,17 @@ module M_impl_Iterator_for_Take_I__next (* as common::Iterator> *) {[@expl:next 'self' type invariant] inv_ref_Take_I self} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- self.current.n <> (0: UInt64.t) ] s1 - | s1 = any [ br0 -> {_3 = false} (! bb3) | br1 -> {_3} (! bb1) ] ] + [ s0 = [ &_4 <- self.current.n <> (0: UInt64.t) ] s1 + | s1 = any [ br0 -> {_4 = false} (! bb3) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 [ s0 = UInt64.sub {self.current.n} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &self <- { self with current = { self.current with n = _ret } } ] s1) | s1 = {inv_I self.current.iter} MutBorrow.borrow_final {self.current.iter} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_I) -> - [ &_5 <- _ret ] -{inv_I _ret.final}- + [ &_6 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s2) - | s2 = next_I {_5} (fun (_ret: t_Option_Item) -> [ &_0 <- _ret ] s3) + | s2 = next_I {_6} (fun (_ret: t_Option_Item) -> [ &_0 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_Take_I self} s1 | s1 = -{resolve_ref_Take_I self}- s2 | s2 = bb4 ] | bb3 = s0 @@ -199,8 +199,8 @@ module M_impl_Iterator_for_Take_I__next (* as common::Iterator> *) | bb4 = return {_0} ] [ & _0: t_Option_Item = Any.any_l () | & self: MutBorrow.t t_Take_I = self - | & _3: bool = Any.any_l () - | & _5: MutBorrow.t t_I = Any.any_l () ]) + | & _4: bool = Any.any_l () + | & _6: MutBorrow.t t_I = Any.any_l () ]) [ return (result: t_Option_Item) -> {[@expl:next result type invariant] inv_Option_Item result} {[@expl:next ensures] match result with | None -> completed_Take_I self diff --git a/tests/should_succeed/iterators/17_filter.coma b/tests/should_succeed/iterators/17_filter.coma index e0c09b9265..cae5e9e57f 100644 --- a/tests/should_succeed/iterators/17_filter.coma +++ b/tests/should_succeed/iterators/17_filter.coma @@ -381,36 +381,36 @@ module M_impl_Iterator_for_Filter_I_F__next (* as common::Iterator [ s0 = {inv_I self.current.iter} MutBorrow.borrow_mut {self.current.iter} (fun (_ret: MutBorrow.t t_I) -> - [ &_16 <- _ret ] -{inv_I _ret.final}- + [ &_28 <- _ret ] -{inv_I _ret.final}- [ &self <- { self with current = { self.current with iter = _ret.final } } ] s1) - | s1 = next_I {_16} (fun (_ret: t_Option_Item) -> [ &_15 <- _ret ] s2) + | s1 = next_I {_28} (fun (_ret: t_Option_Item) -> [ &_27 <- _ret ] s2) | s2 = bb5 ] - | bb5 = any [ br0 -> {_15 = None} (! bb13) | br1 (x0: t_Item) -> {_15 = Some x0} (! bb7) ] + | bb5 = any [ br0 -> {_27 = None} (! bb13) | br1 (x0: t_Item) -> {_27 = Some x0} (! bb7) ] | bb7 = s0 - [ s0 = elim_Some {_15} (fun (r0: t_Item) -> [ &n <- r0 ] s1) - | s1 = [ &_19 <- Seq.snoc produced n ] s2 + [ s0 = elim_Some {_27} (fun (r0: t_Item) -> [ &n <- r0 ] s1) + | s1 = [ &_31 <- Seq.snoc produced n ] s2 | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &produced <- _19 ] s1 + [ s0 = [ &produced <- _31 ] s1 | s1 = {[@expl:assertion] produces_I old_self.current.iter produced self.current.iter} s2 | s2 = {inv_F self.current.func} MutBorrow.borrow_mut {self.current.func} (fun (_ret: MutBorrow.t t_F) -> - [ &_24 <- _ret ] -{inv_F _ret.final}- + [ &_41 <- _ret ] -{inv_F _ret.final}- [ &self <- { self with current = { self.current with func = _ret.final } } ] s3) - | s3 = [ &_27 <- n ] s4 - | s4 = [ &_25 <- _27 ] s5 - | s5 = call_mut_F {_24} {_25} (fun (_ret: bool) -> [ &_23 <- _ret ] s6) + | s3 = [ &_44 <- n ] s4 + | s4 = [ &_42 <- _44 ] s5 + | s5 = call_mut_F {_41} {_42} (fun (_ret: bool) -> [ &_40 <- _ret ] s6) | s6 = bb9 ] - | bb9 = any [ br0 -> {_23 = false} (! bb12) | br1 -> {_23} (! bb10) ] + | bb9 = any [ br0 -> {_40 = false} (! bb12) | br1 -> {_40} (! bb10) ] | bb12 = s0 [ s0 = {[@expl:type invariant] inv_Item n} s1 | s1 = -{resolve_Item n}- s2 | s2 = bb3 ] ] ] | bb13 = s0 - [ s0 = {[@expl:type invariant] match _15 with + [ s0 = {[@expl:type invariant] match _27 with | Some x -> inv_Item x | _ -> true end} s1 - | s1 = -{match _15 with + | s1 = -{match _27 with | Some x -> resolve_Item x | _ -> true end}- @@ -429,14 +429,14 @@ module M_impl_Iterator_for_Filter_I_F__next (* as common::Iterator | & self: MutBorrow.t t_Filter_I_F = self | & old_self: MutBorrow.t t_Filter_I_F = Any.any_l () | & produced: Seq.seq t_Item = Any.any_l () - | & _15: t_Option_Item = Any.any_l () - | & _16: MutBorrow.t t_I = Any.any_l () + | & _27: t_Option_Item = Any.any_l () + | & _28: MutBorrow.t t_I = Any.any_l () | & n: t_Item = Any.any_l () - | & _19: Seq.seq t_Item = Any.any_l () - | & _23: bool = Any.any_l () - | & _24: MutBorrow.t t_F = Any.any_l () - | & _25: t_Item = Any.any_l () - | & _27: t_Item = Any.any_l () + | & _31: Seq.seq t_Item = Any.any_l () + | & _40: bool = Any.any_l () + | & _41: MutBorrow.t t_F = Any.any_l () + | & _42: t_Item = Any.any_l () + | & _44: t_Item = Any.any_l () | & old_3_0: MutBorrow.t t_Filter_I_F = Any.any_l () ]) [ return (result: t_Option_Item) -> {[@expl:next result type invariant] inv_Option_Item result} {[@expl:next ensures] match result with @@ -802,22 +802,22 @@ module M_less_than let rec less_than (v: t_Vec_u32_Global) (n: UInt32.t) (return (x: t_Vec_u32_Global)) = (! bb0 [ bb0 = s0 - [ s0 = into_iter_Vec_u32_Global {v} (fun (_ret: t_IntoIter_u32_Global) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + [ s0 = into_iter_Vec_u32_Global {v} (fun (_ret: t_IntoIter_u32_Global) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_8 <- { c0 = n } ] s1 - | s1 = filter_IntoIter_u32_Global {_6} {_8} - (fun (_ret: t_Filter_IntoIter_u32_Global_closure2) -> [ &_5 <- _ret ] s2) + [ s0 = [ &_10 <- { c0 = n } ] s1 + | s1 = filter_IntoIter_u32_Global {_8} {_10} + (fun (_ret: t_Filter_IntoIter_u32_Global_closure2) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = collect_Filter_IntoIter_u32_Global_closure2 {_5} (fun (_ret: t_Vec_u32_Global) -> [ &_0 <- _ret ] s1) + [ s0 = collect_Filter_IntoIter_u32_Global_closure2 {_7} (fun (_ret: t_Vec_u32_Global) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: t_Vec_u32_Global = Any.any_l () | & v: t_Vec_u32_Global = v | & n: UInt32.t = n - | & _5: t_Filter_IntoIter_u32_Global_closure2 = Any.any_l () - | & _6: t_IntoIter_u32_Global = Any.any_l () - | & _8: closure2 = Any.any_l () ]) + | & _7: t_Filter_IntoIter_u32_Global_closure2 = Any.any_l () + | & _8: t_IntoIter_u32_Global = Any.any_l () + | & _10: closure2 = Any.any_l () ]) [ return (result: t_Vec_u32_Global) -> {[@expl:less_than ensures #0] forall i: int. 0 <= i /\ i < Seq.length (view_Vec_u32_Global result) -> UInt32.lt (index_Vec_u32_Global result i) n} {[@expl:less_than ensures #1] forall i: int. 0 <= i /\ i < Seq.length (view_Vec_u32_Global result) diff --git a/tests/should_succeed/knapsack.coma b/tests/should_succeed/knapsack.coma index d5f7ebe55b..ca05419710 100644 --- a/tests/should_succeed/knapsack.coma +++ b/tests/should_succeed/knapsack.coma @@ -9,11 +9,11 @@ module M_max let rec max (a: UInt64.t) (b: UInt64.t) (return (x: UInt64.t)) = {[@expl:max requires] true} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_5 = false} (! bb2) | br1 -> {_5} (! bb1) ] ] + [ bb0 = s0 [ s0 = [ &_7 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_7 = false} (! bb2) | br1 -> {_7} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return {_0} ] - [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _5: bool = Any.any_l () ]) + [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _7: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:max ensures] UInt64.t'int result = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return {result}) ] @@ -365,13 +365,13 @@ module M_knapsack01_dyn -> UInt64.t'int (index_Vec_Item_Name_Global'0 items i).value <= 10000000} (! bb0 [ bb0 = s0 - [ s0 = UInt64.add {max_weight} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) - | s1 = from_elem_usize {(0: UInt64.t)} {_8} (fun (_ret: t_Vec_usize_Global) -> [ &_7 <- _ret ] s2) + [ s0 = UInt64.add {max_weight} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) + | s1 = from_elem_usize {(0: UInt64.t)} {_11} (fun (_ret: t_Vec_usize_Global) -> [ &_10 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt64.add {_11} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) - | s1 = from_elem_Vec_usize_Global {_7} {_10} + [ s0 = UInt64.add {_14} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s1) + | s1 = from_elem_Vec_usize_Global {_10} {_13} (fun (_ret: t_Vec_Vec_usize_Global_Global) -> [ &best_value <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &i <- (0: UInt64.t) ] s1 | s1 = bb4 ] @@ -392,12 +392,12 @@ module M_knapsack01_dyn <= 10000000 * ii} (! s0) [ s0 = bb5 ] - [ bb5 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_23 <- _ret ] s1) | s1 = bb6 ] + [ bb5 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_37 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_21 <- UInt64.lt i _23 ] s1 | s1 = any [ br0 -> {_21 = false} (! bb25) | br1 -> {_21} (! bb7) ] ] + [ s0 = [ &_35 <- UInt64.lt i _37 ] s1 | s1 = any [ br0 -> {_35 = false} (! bb25) | br1 -> {_35} (! bb7) ] ] | bb7 = s0 - [ s0 = index_Vec_Item_Name_Global {items} {i} (fun (_ret: t_Item_Name) -> [ &_26 <- _ret ] s1) | s1 = bb8 ] - | bb8 = s0 [ s0 = [ &it <- _26 ] s1 | s1 = [ &w <- (0: UInt64.t) ] s2 | s2 = bb9 ] + [ s0 = index_Vec_Item_Name_Global {items} {i} (fun (_ret: t_Item_Name) -> [ &_40 <- _ret ] s1) | s1 = bb8 ] + | bb8 = s0 [ s0 = [ &it <- _40 ] s1 | s1 = [ &w <- (0: UInt64.t) ] s2 | s2 = bb9 ] | bb9 = bb9 [ bb9 = {[@expl:loop invariant #0] Seq.length (view_Vec_Item_Name_Global items) + 1 = Seq.length (view_Vec_Vec_usize_Global_Global best_value)} @@ -420,60 +420,60 @@ module M_knapsack01_dyn (! s0) [ s0 = bb10 ] [ bb10 = s0 - [ s0 = [ &_37 <- UInt64.le w max_weight ] s1 - | s1 = any [ br0 -> {_37 = false} (! bb24) | br1 -> {_37} (! bb11) ] ] + [ s0 = [ &_66 <- UInt64.le w max_weight ] s1 + | s1 = any [ br0 -> {_66 = false} (! bb24) | br1 -> {_66} (! bb11) ] ] | bb11 = s0 - [ s0 = [ &_41 <- UInt64.gt it.weight w ] s1 - | s1 = any [ br0 -> {_41 = false} (! bb15) | br1 -> {_41} (! bb12) ] ] + [ s0 = [ &_70 <- UInt64.gt it.weight w ] s1 + | s1 = any [ br0 -> {_70 = false} (! bb15) | br1 -> {_70} (! bb12) ] ] | bb12 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_46 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_75 <- _ret ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = index_Vec_usize_Global'0 {_46} {w} (fun (_ret: UInt64.t) -> [ &_44 <- _ret ] s1) | s1 = bb14 ] - | bb14 = s0 [ s0 = [ &_40 <- _44 ] s1 | s1 = bb21 ] + [ s0 = index_Vec_usize_Global'0 {_75} {w} (fun (_ret: UInt64.t) -> [ &_73 <- _ret ] s1) | s1 = bb14 ] + | bb14 = s0 [ s0 = [ &_69 <- _73 ] s1 | s1 = bb21 ] | bb15 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_53 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_82 <- _ret ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = index_Vec_usize_Global'0 {_53} {w} (fun (_ret: UInt64.t) -> [ &_51 <- _ret ] s1) | s1 = bb17 ] + [ s0 = index_Vec_usize_Global'0 {_82} {w} (fun (_ret: UInt64.t) -> [ &_80 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_61 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_90 <- _ret ] s1) | s1 = bb18 ] | bb18 = s0 - [ s0 = UInt64.sub {w} {it.weight} (fun (_ret: UInt64.t) -> [ &_64 <- _ret ] s1) - | s1 = index_Vec_usize_Global'0 {_61} {_64} (fun (_ret: UInt64.t) -> [ &_59 <- _ret ] s2) + [ s0 = UInt64.sub {w} {it.weight} (fun (_ret: UInt64.t) -> [ &_93 <- _ret ] s1) + | s1 = index_Vec_usize_Global'0 {_90} {_93} (fun (_ret: UInt64.t) -> [ &_88 <- _ret ] s2) | s2 = bb19 ] | bb19 = s0 - [ s0 = UInt64.add {_59} {it.value} (fun (_ret: UInt64.t) -> [ &_57 <- _ret ] s1) - | s1 = max {_51} {_57} (fun (_ret: UInt64.t) -> [ &_40 <- _ret ] s2) + [ s0 = UInt64.add {_88} {it.value} (fun (_ret: UInt64.t) -> [ &_86 <- _ret ] s1) + | s1 = max {_80} {_86} (fun (_ret: UInt64.t) -> [ &_69 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 [ s0 = MutBorrow.borrow_mut {best_value} (fun (_ret: MutBorrow.t t_Vec_Vec_usize_Global_Global) -> - [ &_71 <- _ret ] [ &best_value <- _ret.final ] s1) - | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_72 <- _ret ] s2) - | s2 = index_mut_Vec_Vec_usize_Global_Global {_71} {_72} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_70 <- _ret ] s3) + [ &_100 <- _ret ] [ &best_value <- _ret.final ] s1) + | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_101 <- _ret ] s2) + | s2 = index_mut_Vec_Vec_usize_Global_Global {_100} {_101} + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_99 <- _ret ] s3) | s3 = bb22 ] | bb22 = s0 - [ s0 = MutBorrow.borrow_final {_70.current} {MutBorrow.get_id _70} + [ s0 = MutBorrow.borrow_final {_99.current} {MutBorrow.get_id _99} (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> - [ &_69 <- _ret ] [ &_70 <- { _70 with current = _ret.final } ] s1) - | s1 = index_mut_Vec_usize_Global {_69} {w} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_68 <- _ret ] s2) + [ &_98 <- _ret ] [ &_99 <- { _99 with current = _ret.final } ] s1) + | s1 = index_mut_Vec_usize_Global {_98} {w} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_97 <- _ret ] s2) | s2 = bb23 ] | bb23 = s0 - [ s0 = [ &_68 <- { _68 with current = _40 } ] s1 - | s1 = -{resolve_ref_usize _68}- s2 - | s2 = -{resolve_ref_Vec_usize_Global _70}- s3 + [ s0 = [ &_97 <- { _97 with current = _69 } ] s1 + | s1 = -{resolve_ref_usize _97}- s2 + | s2 = -{resolve_ref_Vec_usize_Global _99}- s3 | s3 = UInt64.add {w} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &w <- _ret ] s4) | s4 = bb9 ] ] ] | bb24 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb4 ] ] ] - | bb25 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_78 <- _ret ] s1) | s1 = bb26 ] + | bb25 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_107 <- _ret ] s1) | s1 = bb26 ] | bb26 = s0 - [ s0 = with_capacity_ref_Item_Name {_78} (fun (_ret: t_Vec_ref_Item_Name_Global) -> [ &result <- _ret ] s1) + [ s0 = with_capacity_ref_Item_Name {_107} (fun (_ret: t_Vec_ref_Item_Name_Global) -> [ &result <- _ret ] s1) | s1 = bb27 ] | bb27 = s0 [ s0 = [ &left_weight <- max_weight ] s1 @@ -486,37 +486,37 @@ module M_knapsack01_dyn (! s0) [ s0 = bb30 ] [ bb30 = s0 - [ s0 = [ &_88 <- UInt64.lt (0: UInt64.t) j ] s1 - | s1 = any [ br0 -> {_88 = false} (! bb41) | br1 -> {_88} (! bb31) ] ] + [ s0 = [ &_122 <- UInt64.lt (0: UInt64.t) j ] s1 + | s1 = any [ br0 -> {_122 = false} (! bb41) | br1 -> {_122} (! bb31) ] ] | bb31 = s0 [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &j <- _ret ] s1) - | s1 = index_Vec_Item_Name_Global {items} {j} (fun (_ret: t_Item_Name) -> [ &_91 <- _ret ] s2) + | s1 = index_Vec_Item_Name_Global {items} {j} (fun (_ret: t_Item_Name) -> [ &_125 <- _ret ] s2) | s2 = bb32 ] | bb32 = s0 - [ s0 = [ &it'0 <- _91 ] s1 - | s1 = UInt64.add {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_100 <- _ret ] s2) - | s2 = index_Vec_Vec_usize_Global_Global'0 {best_value} {_100} - (fun (_ret: t_Vec_usize_Global) -> [ &_98 <- _ret ] s3) + [ s0 = [ &it'0 <- _125 ] s1 + | s1 = UInt64.add {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_134 <- _ret ] s2) + | s2 = index_Vec_Vec_usize_Global_Global'0 {best_value} {_134} + (fun (_ret: t_Vec_usize_Global) -> [ &_132 <- _ret ] s3) | s3 = bb33 ] | bb33 = s0 - [ s0 = index_Vec_usize_Global'0 {_98} {left_weight} (fun (_ret: UInt64.t) -> [ &_96 <- _ret ] s1) + [ s0 = index_Vec_usize_Global'0 {_132} {left_weight} (fun (_ret: UInt64.t) -> [ &_130 <- _ret ] s1) | s1 = bb34 ] | bb34 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {j} - (fun (_ret: t_Vec_usize_Global) -> [ &_106 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_140 <- _ret ] s1) | s1 = bb35 ] | bb35 = s0 - [ s0 = index_Vec_usize_Global'0 {_106} {left_weight} (fun (_ret: UInt64.t) -> [ &_104 <- _ret ] s1) + [ s0 = index_Vec_usize_Global'0 {_140} {left_weight} (fun (_ret: UInt64.t) -> [ &_138 <- _ret ] s1) | s1 = bb36 ] | bb36 = s0 - [ s0 = [ &_94 <- _96 <> _104 ] s1 | s1 = any [ br0 -> {_94 = false} (! bb29) | br1 -> {_94} (! bb37) ] ] + [ s0 = [ &_128 <- _130 <> _138 ] s1 | s1 = any [ br0 -> {_128 = false} (! bb29) | br1 -> {_128} (! bb37) ] ] | bb37 = s0 [ s0 = {inv_Vec_ref_Item_Name_Global result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t t_Vec_ref_Item_Name_Global) -> - [ &_111 <- _ret ] -{inv_Vec_ref_Item_Name_Global _ret.final}- + [ &_145 <- _ret ] -{inv_Vec_ref_Item_Name_Global _ret.final}- [ &result <- _ret.final ] s1) - | s1 = push_ref_Item_Name {_111} {it'0} (fun (_ret: ()) -> [ &_110 <- _ret ] s2) + | s1 = push_ref_Item_Name {_145} {it'0} (fun (_ret: ()) -> [ &_144 <- _ret ] s2) | s2 = bb38 ] | bb38 = s0 [ s0 = UInt64.sub {left_weight} {it'0.weight} (fun (_ret: UInt64.t) -> [ &left_weight <- _ret ] s1) @@ -527,47 +527,47 @@ module M_knapsack01_dyn | & items: t_Vec_Item_Name_Global = items | & max_weight: UInt64.t = max_weight | & best_value: t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _7: t_Vec_usize_Global = Any.any_l () - | & _8: UInt64.t = Any.any_l () - | & _10: UInt64.t = Any.any_l () + | & _10: t_Vec_usize_Global = Any.any_l () | & _11: UInt64.t = Any.any_l () + | & _13: UInt64.t = Any.any_l () + | & _14: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _21: bool = Any.any_l () - | & _23: UInt64.t = Any.any_l () + | & _35: bool = Any.any_l () + | & _37: UInt64.t = Any.any_l () | & it: t_Item_Name = Any.any_l () - | & _26: t_Item_Name = Any.any_l () + | & _40: t_Item_Name = Any.any_l () | & w: UInt64.t = Any.any_l () - | & _37: bool = Any.any_l () - | & _40: UInt64.t = Any.any_l () - | & _41: bool = Any.any_l () - | & _44: UInt64.t = Any.any_l () - | & _46: t_Vec_usize_Global = Any.any_l () - | & _51: UInt64.t = Any.any_l () - | & _53: t_Vec_usize_Global = Any.any_l () - | & _57: UInt64.t = Any.any_l () - | & _59: UInt64.t = Any.any_l () - | & _61: t_Vec_usize_Global = Any.any_l () - | & _64: UInt64.t = Any.any_l () - | & _68: MutBorrow.t UInt64.t = Any.any_l () - | & _69: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _70: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _71: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _72: UInt64.t = Any.any_l () + | & _66: bool = Any.any_l () + | & _69: UInt64.t = Any.any_l () + | & _70: bool = Any.any_l () + | & _73: UInt64.t = Any.any_l () + | & _75: t_Vec_usize_Global = Any.any_l () + | & _80: UInt64.t = Any.any_l () + | & _82: t_Vec_usize_Global = Any.any_l () + | & _86: UInt64.t = Any.any_l () + | & _88: UInt64.t = Any.any_l () + | & _90: t_Vec_usize_Global = Any.any_l () + | & _93: UInt64.t = Any.any_l () + | & _97: MutBorrow.t UInt64.t = Any.any_l () + | & _98: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _99: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _100: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () + | & _101: UInt64.t = Any.any_l () | & result: t_Vec_ref_Item_Name_Global = Any.any_l () - | & _78: UInt64.t = Any.any_l () + | & _107: UInt64.t = Any.any_l () | & left_weight: UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _88: bool = Any.any_l () + | & _122: bool = Any.any_l () | & it'0: t_Item_Name = Any.any_l () - | & _91: t_Item_Name = Any.any_l () - | & _94: bool = Any.any_l () - | & _96: UInt64.t = Any.any_l () - | & _98: t_Vec_usize_Global = Any.any_l () - | & _100: UInt64.t = Any.any_l () - | & _104: UInt64.t = Any.any_l () - | & _106: t_Vec_usize_Global = Any.any_l () - | & _110: () = Any.any_l () - | & _111: MutBorrow.t t_Vec_ref_Item_Name_Global = Any.any_l () ]) + | & _125: t_Item_Name = Any.any_l () + | & _128: bool = Any.any_l () + | & _130: UInt64.t = Any.any_l () + | & _132: t_Vec_usize_Global = Any.any_l () + | & _134: UInt64.t = Any.any_l () + | & _138: UInt64.t = Any.any_l () + | & _140: t_Vec_usize_Global = Any.any_l () + | & _144: () = Any.any_l () + | & _145: MutBorrow.t t_Vec_ref_Item_Name_Global = Any.any_l () ]) [ return (result: t_Vec_ref_Item_Name_Global) -> {[@expl:knapsack01_dyn result type invariant] inv_Vec_ref_Item_Name_Global result} (! return {result}) ] diff --git a/tests/should_succeed/knapsack_full.coma b/tests/should_succeed/knapsack_full.coma index 13ca6dd87c..46e4835fe1 100644 --- a/tests/should_succeed/knapsack_full.coma +++ b/tests/should_succeed/knapsack_full.coma @@ -8,11 +8,11 @@ module M_max meta "select_lsinst" "all" let rec max (a: UInt64.t) (b: UInt64.t) (return (x: UInt64.t)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] + [ bb0 = s0 [ s0 = [ &_6 <- UInt64.lt a b ] s1 | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- b ] s1 | s1 = bb3 ] | bb2 = s0 [ s0 = [ &_0 <- a ] s1 | s1 = bb3 ] | bb3 = return {_0} ] - [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _4: bool = Any.any_l () ]) + [ & _0: UInt64.t = Any.any_l () | & a: UInt64.t = a | & b: UInt64.t = b | & _6: bool = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:max ensures] UInt64.t'int result = MinMax.max (UInt64.t'int a) (UInt64.t'int b)} (! return {result}) ] @@ -708,19 +708,19 @@ module M_knapsack01_dyn -> UInt64.t'int (index_Vec_Item_Name_Global'0 items i).value <= 10000000} (! bb0 [ bb0 = s0 - [ s0 = UInt64.add {max_weight} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) - | s1 = from_elem_usize {(0: UInt64.t)} {_11} (fun (_ret: t_Vec_usize_Global) -> [ &_10 <- _ret ] s2) + [ s0 = UInt64.add {max_weight} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) + | s1 = from_elem_usize {(0: UInt64.t)} {_18} (fun (_ret: t_Vec_usize_Global) -> [ &_17 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_21 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt64.add {_14} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s1) - | s1 = from_elem_Vec_usize_Global {_10} {_13} + [ s0 = UInt64.add {_21} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s1) + | s1 = from_elem_Vec_usize_Global {_17} {_20} (fun (_ret: t_Vec_Vec_usize_Global_Global) -> [ &best_value <- _ret ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_19 <- _ret ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_18 <- { start = (0: UInt64.t); end' = _19 } ] s1 - | s1 = into_iter_Range_usize {_18} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_25 <- { start = (0: UInt64.t); end' = _26 } ] s1 + | s1 = into_iter_Range_usize {_25} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb8 ] @@ -746,30 +746,30 @@ module M_knapsack01_dyn [ s0 = bb9 ] [ bb9 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_36 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_60 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_60.current} {MutBorrow.get_id _60} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_35} (fun (_ret: t_Option_usize) -> [ &_34 <- _ret ] s3) + [ &_59 <- _ret ] [ &_60 <- { _60 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_59} (fun (_ret: t_Option_usize) -> [ &_58 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = -{resolve_ref_Range_usize _36}- s1 - | s1 = any [ br0 -> {_34 = None} (! bb13) | br1 (x0: UInt64.t) -> {_34 = Some x0} (! bb14) ] ] + [ s0 = -{resolve_ref_Range_usize _60}- s1 + | s1 = any [ br0 -> {_58 = None} (! bb13) | br1 (x0: UInt64.t) -> {_58 = Some x0} (! bb14) ] ] | bb14 = s0 - [ s0 = elim_Some {_34} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_39 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_58} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_63 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &produced <- _39 ] s1 + [ s0 = [ &produced <- _63 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = index_Vec_Item_Name_Global {items} {i} (fun (_ret: t_Item_Name) -> [ &_43 <- _ret ] s3) + | s2 = index_Vec_Item_Name_Global {items} {i} (fun (_ret: t_Item_Name) -> [ &_69 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = [ &it <- _43 ] s1 - | s1 = new_usize {(0: UInt64.t)} {max_weight} (fun (_ret: t_RangeInclusive_usize) -> [ &_47 <- _ret ] s2) + [ s0 = [ &it <- _69 ] s1 + | s1 = new_usize {(0: UInt64.t)} {max_weight} (fun (_ret: t_RangeInclusive_usize) -> [ &_73 <- _ret ] s2) | s2 = bb17 ] | bb17 = s0 - [ s0 = into_iter_RangeInclusive_usize {_47} (fun (_ret: t_RangeInclusive_usize) -> [ &iter'0 <- _ret ] s1) + [ s0 = into_iter_RangeInclusive_usize {_73} (fun (_ret: t_RangeInclusive_usize) -> [ &iter'0 <- _ret ] s1) | s1 = bb18 ] | bb18 = s0 [ s0 = [ &iter_old'0 <- iter'0 ] s1 | s1 = bb19 ] | bb19 = s0 [ s0 = [ &produced'0 <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb21 ] @@ -801,79 +801,79 @@ module M_knapsack01_dyn [ s0 = {inv_RangeInclusive_usize iter'0} MutBorrow.borrow_mut {iter'0} (fun (_ret: MutBorrow.t t_RangeInclusive_usize) -> - [ &_64 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- + [ &_111 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- [ &iter'0 <- _ret.final ] s1) - | s1 = {inv_RangeInclusive_usize _64.current} - MutBorrow.borrow_final {_64.current} {MutBorrow.get_id _64} + | s1 = {inv_RangeInclusive_usize _111.current} + MutBorrow.borrow_final {_111.current} {MutBorrow.get_id _111} (fun (_ret: MutBorrow.t t_RangeInclusive_usize) -> - [ &_63 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- - [ &_64 <- { _64 with current = _ret.final } ] s2) - | s2 = next_RangeInclusive_usize {_63} (fun (_ret: t_Option_usize) -> [ &_62 <- _ret ] s3) + [ &_110 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- + [ &_111 <- { _111 with current = _ret.final } ] s2) + | s2 = next_RangeInclusive_usize {_110} (fun (_ret: t_Option_usize) -> [ &_109 <- _ret ] s3) | s3 = bb23 ] | bb23 = s0 - [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_usize _64} s1 - | s1 = -{resolve_ref_RangeInclusive_usize _64}- s2 - | s2 = any [ br0 -> {_62 = None} (! bb26) | br1 (x0: UInt64.t) -> {_62 = Some x0} (! bb27) ] ] + [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_usize _111} s1 + | s1 = -{resolve_ref_RangeInclusive_usize _111}- s2 + | s2 = any [ br0 -> {_109 = None} (! bb26) | br1 (x0: UInt64.t) -> {_109 = Some x0} (! bb27) ] ] | bb27 = s0 - [ s0 = elim_Some {_62} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) - | s1 = [ &_67 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 + [ s0 = elim_Some {_109} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) + | s1 = [ &_114 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 | s2 = bb28 ] | bb28 = s0 - [ s0 = [ &produced'0 <- _67 ] s1 + [ s0 = [ &produced'0 <- _114 ] s1 | s1 = [ &w <- __creusot_proc_iter_elem'0 ] s2 - | s2 = [ &_71 <- UInt64.gt it.weight w ] s3 - | s3 = any [ br0 -> {_71 = false} (! bb32) | br1 -> {_71} (! bb29) ] ] + | s2 = [ &_120 <- UInt64.gt it.weight w ] s3 + | s3 = any [ br0 -> {_120 = false} (! bb32) | br1 -> {_120} (! bb29) ] ] | bb29 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_76 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_125 <- _ret ] s1) | s1 = bb30 ] | bb30 = s0 - [ s0 = index_Vec_usize_Global'0 {_76} {w} (fun (_ret: UInt64.t) -> [ &_74 <- _ret ] s1) | s1 = bb31 ] - | bb31 = s0 [ s0 = [ &_70 <- _74 ] s1 | s1 = bb38 ] + [ s0 = index_Vec_usize_Global'0 {_125} {w} (fun (_ret: UInt64.t) -> [ &_123 <- _ret ] s1) | s1 = bb31 ] + | bb31 = s0 [ s0 = [ &_119 <- _123 ] s1 | s1 = bb38 ] | bb32 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_83 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_132 <- _ret ] s1) | s1 = bb33 ] | bb33 = s0 - [ s0 = index_Vec_usize_Global'0 {_83} {w} (fun (_ret: UInt64.t) -> [ &_81 <- _ret ] s1) | s1 = bb34 ] + [ s0 = index_Vec_usize_Global'0 {_132} {w} (fun (_ret: UInt64.t) -> [ &_130 <- _ret ] s1) | s1 = bb34 ] | bb34 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {i} - (fun (_ret: t_Vec_usize_Global) -> [ &_91 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_140 <- _ret ] s1) | s1 = bb35 ] | bb35 = s0 - [ s0 = UInt64.sub {w} {it.weight} (fun (_ret: UInt64.t) -> [ &_94 <- _ret ] s1) - | s1 = index_Vec_usize_Global'0 {_91} {_94} (fun (_ret: UInt64.t) -> [ &_89 <- _ret ] s2) + [ s0 = UInt64.sub {w} {it.weight} (fun (_ret: UInt64.t) -> [ &_143 <- _ret ] s1) + | s1 = index_Vec_usize_Global'0 {_140} {_143} (fun (_ret: UInt64.t) -> [ &_138 <- _ret ] s2) | s2 = bb36 ] | bb36 = s0 - [ s0 = UInt64.add {_89} {it.value} (fun (_ret: UInt64.t) -> [ &_87 <- _ret ] s1) - | s1 = max {_81} {_87} (fun (_ret: UInt64.t) -> [ &_70 <- _ret ] s2) + [ s0 = UInt64.add {_138} {it.value} (fun (_ret: UInt64.t) -> [ &_136 <- _ret ] s1) + | s1 = max {_130} {_136} (fun (_ret: UInt64.t) -> [ &_119 <- _ret ] s2) | s2 = bb38 ] | bb38 = s0 [ s0 = MutBorrow.borrow_mut {best_value} (fun (_ret: MutBorrow.t t_Vec_Vec_usize_Global_Global) -> - [ &_101 <- _ret ] [ &best_value <- _ret.final ] s1) - | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_102 <- _ret ] s2) - | s2 = index_mut_Vec_Vec_usize_Global_Global {_101} {_102} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_100 <- _ret ] s3) + [ &_150 <- _ret ] [ &best_value <- _ret.final ] s1) + | s1 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_151 <- _ret ] s2) + | s2 = index_mut_Vec_Vec_usize_Global_Global {_150} {_151} + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_149 <- _ret ] s3) | s3 = bb39 ] | bb39 = s0 - [ s0 = MutBorrow.borrow_final {_100.current} {MutBorrow.get_id _100} + [ s0 = MutBorrow.borrow_final {_149.current} {MutBorrow.get_id _149} (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> - [ &_99 <- _ret ] [ &_100 <- { _100 with current = _ret.final } ] s1) - | s1 = index_mut_Vec_usize_Global {_99} {w} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_98 <- _ret ] s2) + [ &_148 <- _ret ] [ &_149 <- { _149 with current = _ret.final } ] s1) + | s1 = index_mut_Vec_usize_Global {_148} {w} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_147 <- _ret ] s2) | s2 = bb40 ] | bb40 = s0 - [ s0 = [ &_98 <- { _98 with current = _70 } ] s1 - | s1 = -{resolve_ref_usize _98}- s2 - | s2 = -{resolve_ref_Vec_usize_Global _100}- s3 + [ s0 = [ &_147 <- { _147 with current = _119 } ] s1 + | s1 = -{resolve_ref_usize _147}- s2 + | s2 = -{resolve_ref_Vec_usize_Global _149}- s3 | s3 = bb21 ] ] ] | bb26 = s0 [ s0 = {[@expl:type invariant] inv_RangeInclusive_usize iter'0} s1 | s1 = -{resolve_RangeInclusive_usize iter'0}- s2 | s2 = bb8 ] ] ] - | bb13 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_108 <- _ret ] s1) | s1 = bb41 ] + | bb13 = s0 [ s0 = len_Item_Name {items} (fun (_ret: UInt64.t) -> [ &_157 <- _ret ] s1) | s1 = bb41 ] | bb41 = s0 - [ s0 = with_capacity_ref_Item_Name {_108} (fun (_ret: t_Vec_ref_Item_Name_Global) -> [ &result <- _ret ] s1) + [ s0 = with_capacity_ref_Item_Name {_157} (fun (_ret: t_Vec_ref_Item_Name_Global) -> [ &result <- _ret ] s1) | s1 = bb42 ] | bb42 = s0 [ s0 = [ &left_weight <- max_weight ] s1 @@ -906,37 +906,37 @@ module M_knapsack01_dyn (! s0) [ s0 = bb45 ] [ bb45 = s0 - [ s0 = [ &_121 <- UInt64.lt (0: UInt64.t) j ] s1 - | s1 = any [ br0 -> {_121 = false} (! bb56) | br1 -> {_121} (! bb46) ] ] + [ s0 = [ &_186 <- UInt64.lt (0: UInt64.t) j ] s1 + | s1 = any [ br0 -> {_186 = false} (! bb56) | br1 -> {_186} (! bb46) ] ] | bb46 = s0 [ s0 = UInt64.sub {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &j <- _ret ] s1) - | s1 = index_Vec_Item_Name_Global {items} {j} (fun (_ret: t_Item_Name) -> [ &_124 <- _ret ] s2) + | s1 = index_Vec_Item_Name_Global {items} {j} (fun (_ret: t_Item_Name) -> [ &_189 <- _ret ] s2) | s2 = bb47 ] | bb47 = s0 - [ s0 = [ &it'0 <- _124 ] s1 - | s1 = UInt64.add {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_133 <- _ret ] s2) - | s2 = index_Vec_Vec_usize_Global_Global'0 {best_value} {_133} - (fun (_ret: t_Vec_usize_Global) -> [ &_131 <- _ret ] s3) + [ s0 = [ &it'0 <- _189 ] s1 + | s1 = UInt64.add {j} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_198 <- _ret ] s2) + | s2 = index_Vec_Vec_usize_Global_Global'0 {best_value} {_198} + (fun (_ret: t_Vec_usize_Global) -> [ &_196 <- _ret ] s3) | s3 = bb48 ] | bb48 = s0 - [ s0 = index_Vec_usize_Global'0 {_131} {left_weight} (fun (_ret: UInt64.t) -> [ &_129 <- _ret ] s1) + [ s0 = index_Vec_usize_Global'0 {_196} {left_weight} (fun (_ret: UInt64.t) -> [ &_194 <- _ret ] s1) | s1 = bb49 ] | bb49 = s0 [ s0 = index_Vec_Vec_usize_Global_Global'0 {best_value} {j} - (fun (_ret: t_Vec_usize_Global) -> [ &_139 <- _ret ] s1) + (fun (_ret: t_Vec_usize_Global) -> [ &_204 <- _ret ] s1) | s1 = bb50 ] | bb50 = s0 - [ s0 = index_Vec_usize_Global'0 {_139} {left_weight} (fun (_ret: UInt64.t) -> [ &_137 <- _ret ] s1) + [ s0 = index_Vec_usize_Global'0 {_204} {left_weight} (fun (_ret: UInt64.t) -> [ &_202 <- _ret ] s1) | s1 = bb51 ] | bb51 = s0 - [ s0 = [ &_127 <- _129 <> _137 ] s1 | s1 = any [ br0 -> {_127 = false} (! bb44) | br1 -> {_127} (! bb52) ] ] + [ s0 = [ &_192 <- _194 <> _202 ] s1 | s1 = any [ br0 -> {_192 = false} (! bb44) | br1 -> {_192} (! bb52) ] ] | bb52 = s0 [ s0 = {inv_Vec_ref_Item_Name_Global result} MutBorrow.borrow_mut {result} (fun (_ret: MutBorrow.t t_Vec_ref_Item_Name_Global) -> - [ &_144 <- _ret ] -{inv_Vec_ref_Item_Name_Global _ret.final}- + [ &_209 <- _ret ] -{inv_Vec_ref_Item_Name_Global _ret.final}- [ &result <- _ret.final ] s1) - | s1 = push_ref_Item_Name {_144} {it'0} (fun (_ret: ()) -> [ &_143 <- _ret ] s2) + | s1 = push_ref_Item_Name {_209} {it'0} (fun (_ret: ()) -> [ &_208 <- _ret ] s2) | s2 = bb53 ] | bb53 = s0 [ s0 = UInt64.sub {left_weight} {it'0.weight} (fun (_ret: UInt64.t) -> [ &left_weight <- _ret ] s1) @@ -947,63 +947,63 @@ module M_knapsack01_dyn | & items: t_Vec_Item_Name_Global = items | & max_weight: UInt64.t = max_weight | & best_value: t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _10: t_Vec_usize_Global = Any.any_l () - | & _11: UInt64.t = Any.any_l () - | & _13: UInt64.t = Any.any_l () - | & _14: UInt64.t = Any.any_l () + | & _17: t_Vec_usize_Global = Any.any_l () + | & _18: UInt64.t = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _21: UInt64.t = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _18: t_Range_usize = Any.any_l () - | & _19: UInt64.t = Any.any_l () + | & _25: t_Range_usize = Any.any_l () + | & _26: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _34: t_Option_usize = Any.any_l () - | & _35: MutBorrow.t t_Range_usize = Any.any_l () - | & _36: MutBorrow.t t_Range_usize = Any.any_l () + | & _58: t_Option_usize = Any.any_l () + | & _59: MutBorrow.t t_Range_usize = Any.any_l () + | & _60: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _39: Seq.seq UInt64.t = Any.any_l () + | & _63: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & it: t_Item_Name = Any.any_l () - | & _43: t_Item_Name = Any.any_l () + | & _69: t_Item_Name = Any.any_l () | & iter'0: t_RangeInclusive_usize = Any.any_l () - | & _47: t_RangeInclusive_usize = Any.any_l () + | & _73: t_RangeInclusive_usize = Any.any_l () | & iter_old'0: t_RangeInclusive_usize = Any.any_l () | & produced'0: Seq.seq UInt64.t = Any.any_l () - | & _62: t_Option_usize = Any.any_l () - | & _63: MutBorrow.t t_RangeInclusive_usize = Any.any_l () - | & _64: MutBorrow.t t_RangeInclusive_usize = Any.any_l () + | & _109: t_Option_usize = Any.any_l () + | & _110: MutBorrow.t t_RangeInclusive_usize = Any.any_l () + | & _111: MutBorrow.t t_RangeInclusive_usize = Any.any_l () | & __creusot_proc_iter_elem'0: UInt64.t = Any.any_l () - | & _67: Seq.seq UInt64.t = Any.any_l () + | & _114: Seq.seq UInt64.t = Any.any_l () | & w: UInt64.t = Any.any_l () - | & _70: UInt64.t = Any.any_l () - | & _71: bool = Any.any_l () - | & _74: UInt64.t = Any.any_l () - | & _76: t_Vec_usize_Global = Any.any_l () - | & _81: UInt64.t = Any.any_l () - | & _83: t_Vec_usize_Global = Any.any_l () - | & _87: UInt64.t = Any.any_l () - | & _89: UInt64.t = Any.any_l () - | & _91: t_Vec_usize_Global = Any.any_l () - | & _94: UInt64.t = Any.any_l () - | & _98: MutBorrow.t UInt64.t = Any.any_l () - | & _99: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _100: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _101: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _102: UInt64.t = Any.any_l () + | & _119: UInt64.t = Any.any_l () + | & _120: bool = Any.any_l () + | & _123: UInt64.t = Any.any_l () + | & _125: t_Vec_usize_Global = Any.any_l () + | & _130: UInt64.t = Any.any_l () + | & _132: t_Vec_usize_Global = Any.any_l () + | & _136: UInt64.t = Any.any_l () + | & _138: UInt64.t = Any.any_l () + | & _140: t_Vec_usize_Global = Any.any_l () + | & _143: UInt64.t = Any.any_l () + | & _147: MutBorrow.t UInt64.t = Any.any_l () + | & _148: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _149: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _150: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () + | & _151: UInt64.t = Any.any_l () | & result: t_Vec_ref_Item_Name_Global = Any.any_l () - | & _108: UInt64.t = Any.any_l () + | & _157: UInt64.t = Any.any_l () | & left_weight: UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _121: bool = Any.any_l () + | & _186: bool = Any.any_l () | & it'0: t_Item_Name = Any.any_l () - | & _124: t_Item_Name = Any.any_l () - | & _127: bool = Any.any_l () - | & _129: UInt64.t = Any.any_l () - | & _131: t_Vec_usize_Global = Any.any_l () - | & _133: UInt64.t = Any.any_l () - | & _137: UInt64.t = Any.any_l () - | & _139: t_Vec_usize_Global = Any.any_l () - | & _143: () = Any.any_l () - | & _144: MutBorrow.t t_Vec_ref_Item_Name_Global = Any.any_l () ]) + | & _189: t_Item_Name = Any.any_l () + | & _192: bool = Any.any_l () + | & _194: UInt64.t = Any.any_l () + | & _196: t_Vec_usize_Global = Any.any_l () + | & _198: UInt64.t = Any.any_l () + | & _202: UInt64.t = Any.any_l () + | & _204: t_Vec_usize_Global = Any.any_l () + | & _208: () = Any.any_l () + | & _209: MutBorrow.t t_Vec_ref_Item_Name_Global = Any.any_l () ]) [ return (result: t_Vec_ref_Item_Name_Global) -> {[@expl:knapsack01_dyn result type invariant] inv_Vec_ref_Item_Name_Global result} {[@expl:knapsack01_dyn ensures #0] sum_weights_Name (view_Vec_ref_Item_Name_Global result) (Seq.length (view_Vec_ref_Item_Name_Global result)) diff --git a/tests/should_succeed/lang/const.coma b/tests/should_succeed/lang/const.coma index 28c37fff53..1f1c135639 100644 --- a/tests/should_succeed/lang/const.coma +++ b/tests/should_succeed/lang/const.coma @@ -547,17 +547,17 @@ module M_impl_Clone_for_Peano__clone (* *) [ bb0 = any [ br0 -> {self = Z} (! bb4) | br1 (x0: t_Peano) -> {self = S x0} (! bb3) ] | bb3 = s0 [ s0 = elim_S {self} (fun (r0: t_Peano) -> [ &v0_1 <- r0 ] s1) - | s1 = [ &_8 <- v0_1 ] s2 - | s2 = clone_ref_Peano {_8} (fun (_ret: t_Peano) -> [ &_6 <- _ret ] s3) + | s1 = [ &_9 <- v0_1 ] s2 + | s2 = clone_ref_Peano {_9} (fun (_ret: t_Peano) -> [ &_7 <- _ret ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- S _6 ] s1 | s1 = bb6 ] + | bb5 = s0 [ s0 = [ &_0 <- S _7 ] s1 | s1 = bb6 ] | bb4 = s0 [ s0 = [ &_0 <- Z ] s1 | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: t_Peano = Any.any_l () | & self: t_Peano = self | & v0_1: t_Peano = Any.any_l () - | & _6: t_Peano = Any.any_l () - | & _8: t_Peano = Any.any_l () ]) + | & _7: t_Peano = Any.any_l () + | & _9: t_Peano = Any.any_l () ]) [ return (result: t_Peano) -> {[@expl:clone ensures] match { f0 = self; f1 = result } with | {f0 = Z; f1 = Z} -> true | {f0 = S v0_1; f1 = S v0_r} -> postcondition_clone () v0_1 v0_r @@ -647,36 +647,33 @@ module M_str end module M_is_zst use creusot.int.UInt64 - use mach.int.Int use creusot.prelude.Any - constant size_of_T : int - - axiom size_of_T_spec: 0 <= size_of_T + constant const_SIZE : UInt64.t - let rec size_of_T'0 (return (x: UInt64.t)) = any - [ return (result: UInt64.t) -> {UInt64.t'int result = size_of_T} (! return {result}) ] + let rec set_SIZE (ret) = bb0 + [ bb0 = {false} any ] [ & _0: UInt64.t = Any.any_l () ] + [ const_ret (_const: UInt64.t) -> -{const_SIZE = _const}- ret ] constant const_IS_ZST : bool let rec set_IS_ZST (ret) = bb0 - [ bb0 = s0 [ s0 = size_of_T'0 (fun (_ret: UInt64.t) -> [ &_1 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _1 = (0: UInt64.t) ] s1 | s1 = const_ret {_0} ] ] - [ & _0: bool = Any.any_l () | & _1: UInt64.t = Any.any_l () ] + [ bb0 = s0 [ s0 = [ &_0 <- const_SIZE = (0: UInt64.t) ] s1 | s1 = const_ret {_0} ] ] [ & _0: bool = Any.any_l () ] [ const_ret (_const: bool) -> -{const_IS_ZST = _const}- ret ] meta "compute_max_steps" 1000000 meta "select_lsinst" "all" - let rec is_zst_T (return (x: bool)) = set_IS_ZST - ((! bb0 - [ bb0 = s0 - [ s0 = bb0'0 - [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- const_IS_ZST ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: bool = Any.any_l () ] [ _const_ret (_const: bool) -> [ &_0 <- _const ] s1 ] - | s1 = return {_0} ] ] [ & _0: bool = Any.any_l () ]) - [ return (result: bool) -> {[@expl:is_zst ensures] result = const_IS_ZST} (! return {result}) ]) + let rec is_zst_T (return (x: bool)) = set_SIZE + (set_IS_ZST + ((! bb0 + [ bb0 = s0 + [ s0 = bb0'0 + [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- const_IS_ZST ] s1'0 | s1'0 = _const_ret {_0'0} ] ] + [ & _0'0: bool = Any.any_l () ] [ _const_ret (_const: bool) -> [ &_0 <- _const ] s1 ] + | s1 = return {_0} ] ] [ & _0: bool = Any.any_l () ]) + [ return (result: bool) -> {[@expl:is_zst ensures] result = const_IS_ZST} (! return {result}) ])) end module M_is_zst_z use creusot.prelude.Any @@ -740,11 +737,11 @@ module M_fn_pointer_test [ bb0 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- () ] s1'0 | s1'0 = _const_ret {_0'0} ] ] [ & _0'0: () = Any.any_l () ] - [ _const_ret (_const: ()) -> [ &_7 <- _const ] s1 ] - | s1 = [ &x <- _7 ] s2 + [ _const_ret (_const: ()) -> [ &_8 <- _const ] s1 ] + | s1 = [ &x <- _8 ] s2 | s2 = some_fn_pointer (fun (_ret: Int32.t) -> [ &y <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = {[@expl:assertion] Int32.to_int y = 2} s1 | s1 = return {_0} ] ] - [ & _0: () = Any.any_l () | & x: () = Any.any_l () | & y: Int32.t = Any.any_l () | & _7: () = Any.any_l () ]) + [ & _0: () = Any.any_l () | & x: () = Any.any_l () | & y: Int32.t = Any.any_l () | & _8: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/lang/const/proof.json b/tests/should_succeed/lang/const/proof.json index 2dd530d582..e6c0c16d49 100644 --- a/tests/should_succeed/lang/const/proof.json +++ b/tests/should_succeed/lang/const/proof.json @@ -32,7 +32,7 @@ "M_is_zst": { "vc_is_zst_T": { "prover": "cvc5@1.3.1", "time": 0.018 }, "vc_set_IS_ZST": { "prover": "cvc5@1.3.1", "time": 0.013 }, - "vc_size_of_T'0": { "prover": "cvc5@1.3.1", "time": 0.018 } + "vc_set_SIZE": { "prover": "cvc5@1.3.1", "time": 0.013 } }, "M_is_zst_z": { "vc_is_zst_Z": { "prover": "cvc5@1.3.1", "time": 0.009 }, diff --git a/tests/should_succeed/linked_list.coma b/tests/should_succeed/linked_list.coma index 03cc26c213..f3ac16c8a3 100644 --- a/tests/should_succeed/linked_list.coma +++ b/tests/should_succeed/linked_list.coma @@ -501,81 +501,81 @@ module M_impl_List_T__push_back (* List *) {[@expl:push_back 'self' type invariant] inv_ref_List_T self} {[@expl:push_back 'x' type invariant] inv_T x} (! bb0 - [ bb0 = s0 [ s0 = null_Cell_T (fun (_ret: Opaque.ptr) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_5 <- { v = x; next = _7 } ] s1 | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &cell <- _5 ] s1 | s1 = bb3 ] + [ bb0 = s0 [ s0 = null_Cell_T (fun (_ret: Opaque.ptr) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_7 <- { v = x; next = _9 } ] s1 | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &cell <- _7 ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = from_box_Cell_T {cell} (fun (_ret: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T) -> [ &_10 <- _ret ] s1) + [ s0 = from_box_Cell_T {cell} (fun (_ret: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T) -> [ &_12 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &cell_ptr <- _10.f0 ] s1 - | s1 = [ &cell_own <- _10.f1 ] s2 - | s2 = is_null_Cell_T {self.current.last} (fun (_ret: bool) -> [ &_13 <- _ret ] s3) + [ s0 = [ &cell_ptr <- _12.f0 ] s1 + | s1 = [ &cell_own <- _12.f1 ] s2 + | s2 = is_null_Cell_T {self.current.last} (fun (_ret: bool) -> [ &_15 <- _ret ] s3) | s3 = bb5 ] - | bb5 = any [ br0 -> {_13 = false} (! bb7) | br1 -> {_13} (! bb6) ] + | bb5 = any [ br0 -> {_15 = false} (! bb7) | br1 -> {_15} (! bb6) ] | bb6 = s0 [ s0 = [ &self <- { self with current = { self.current with first = cell_ptr } } ] s1 | s1 = [ &self <- { self with current = { self.current with last = cell_ptr } } ] s2 | s2 = bb18 ] | bb7 = s0 - [ s0 = [ &_19 <- self.current.last ] s1 + [ s0 = [ &_21 <- self.current.last ] s1 | s1 = deref_Ghost_Seq_PtrOwn_Cell_T {self.current.seq} - (fun (_ret: Seq.seq t_PtrOwn_Cell_T) -> [ &_27 <- _ret ] s2) + (fun (_ret: Seq.seq t_PtrOwn_Cell_T) -> [ &_29 <- _ret ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = len_ghost_PtrOwn_Cell_T {_27} (fun (_ret: int) -> [ &_25 <- _ret ] s1) | s1 = bb9 ] - | bb9 = s0 [ s0 = new {(1: Int128.t)} (fun (_ret: int) -> [ &_30 <- _ret ] s1) | s1 = bb10 ] - | bb10 = s0 [ s0 = into_inner_Int {_30} (fun (_ret: int) -> [ &_29 <- _ret ] s1) | s1 = bb11 ] - | bb11 = s0 [ s0 = sub_Int {_25} {_29} (fun (_ret: int) -> [ &off <- _ret ] s1) | s1 = bb12 ] + | bb8 = s0 [ s0 = len_ghost_PtrOwn_Cell_T {_29} (fun (_ret: int) -> [ &_27 <- _ret ] s1) | s1 = bb9 ] + | bb9 = s0 [ s0 = new {(1: Int128.t)} (fun (_ret: int) -> [ &_32 <- _ret ] s1) | s1 = bb10 ] + | bb10 = s0 [ s0 = into_inner_Int {_32} (fun (_ret: int) -> [ &_31 <- _ret ] s1) | s1 = bb11 ] + | bb11 = s0 [ s0 = sub_Int {_27} {_31} (fun (_ret: int) -> [ &off <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 [ s0 = {inv_Ghost_Seq_PtrOwn_Cell_T self.current.seq} MutBorrow.borrow_mut {self.current.seq} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_35 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- + [ &_37 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- [ &self <- { self with current = { self.current with seq = _ret.final } } ] s1) - | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_35} - (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_34 <- _ret ] s2) + | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_37} + (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_36 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = {inv_Seq_PtrOwn_Cell_T _34.current} - MutBorrow.borrow_final {_34.current} {MutBorrow.get_id _34} + [ s0 = {inv_Seq_PtrOwn_Cell_T _36.current} + MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_33 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- - [ &_34 <- { _34 with current = _ret.final } ] s1) - | s1 = get_mut_ghost_PtrOwn_Cell_T {_33} {off} (fun (_ret: t_Option_ref_PtrOwn_Cell_T) -> [ &_32 <- _ret ] s2) + [ &_35 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- + [ &_36 <- { _36 with current = _ret.final } ] s1) + | s1 = get_mut_ghost_PtrOwn_Cell_T {_35} {off} (fun (_ret: t_Option_ref_PtrOwn_Cell_T) -> [ &_34 <- _ret ] s2) | s2 = bb14 ] | bb14 = s0 - [ s0 = unwrap_ref_PtrOwn_Cell_T {_32} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> [ &_31 <- _ret ] s1) + [ s0 = unwrap_ref_PtrOwn_Cell_T {_34} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> [ &_33 <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = {inv_PtrOwn_Cell_T _31.current} - MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} + [ s0 = {inv_PtrOwn_Cell_T _33.current} + MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> - [ &_23 <- _ret ] -{inv_PtrOwn_Cell_T _ret.final}- - [ &_31 <- { _31 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T'0 _34} s2 - | s2 = -{resolve_ref_Seq_PtrOwn_Cell_T _34}- s3 - | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Cell_T _31} s4 - | s4 = -{resolve_ref_PtrOwn_Cell_T _31}- s5 - | s5 = {inv_PtrOwn_Cell_T _23.current} - MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + [ &_25 <- _ret ] -{inv_PtrOwn_Cell_T _ret.final}- + [ &_33 <- { _33 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T'0 _36} s2 + | s2 = -{resolve_ref_Seq_PtrOwn_Cell_T _36}- s3 + | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Cell_T _33} s4 + | s4 = -{resolve_ref_PtrOwn_Cell_T _33}- s5 + | s5 = {inv_PtrOwn_Cell_T _25.current} + MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> - [ &_22 <- _ret ] -{inv_PtrOwn_Cell_T _ret.final}- - [ &_23 <- { _23 with current = _ret.final } ] s6) - | s6 = new_ref_PtrOwn_Cell_T {_22} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> [ &_21 <- _ret ] s7) + [ &_24 <- _ret ] -{inv_PtrOwn_Cell_T _ret.final}- + [ &_25 <- { _25 with current = _ret.final } ] s6) + | s6 = new_ref_PtrOwn_Cell_T {_24} (fun (_ret: MutBorrow.t t_PtrOwn_Cell_T) -> [ &_23 <- _ret ] s7) | s7 = bb16 ] | bb16 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Cell_T _23} s1 - | s1 = -{resolve_ref_PtrOwn_Cell_T _23}- s2 - | s2 = as_mut_Cell_T {_19} {_21} (fun (_ret: MutBorrow.t t_Cell_T) -> [ &_18 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Cell_T _25} s1 + | s1 = -{resolve_ref_PtrOwn_Cell_T _25}- s2 + | s2 = as_mut_Cell_T {_21} {_23} (fun (_ret: MutBorrow.t t_Cell_T) -> [ &_20 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = {inv_Cell_T _18.current} - MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} + [ s0 = {inv_Cell_T _20.current} + MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} (fun (_ret: MutBorrow.t t_Cell_T) -> [ &cell_last <- _ret ] -{inv_Cell_T _ret.final}- - [ &_18 <- { _18 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Cell_T'0 _18} s2 - | s2 = -{resolve_ref_Cell_T _18}- s3 + [ &_20 <- { _20 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Cell_T'0 _20} s2 + | s2 = -{resolve_ref_Cell_T _20}- s3 | s3 = [ &cell_last <- { cell_last with current = { cell_last.current with next = cell_ptr } } ] s4 | s4 = {[@expl:type invariant] inv_ref_Cell_T'0 cell_last} s5 | s5 = -{resolve_ref_Cell_T cell_last}- s6 @@ -586,61 +586,61 @@ module M_impl_List_T__push_back (* List *) MutBorrow.borrow_final {self.current.seq} {MutBorrow.inherit_id (MutBorrow.get_id self) 3} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_43 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- + [ &_45 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- [ &self <- { self with current = { self.current with seq = _ret.final } } ] s1) - | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_43} - (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_42 <- _ret ] s2) + | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_45} + (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_44 <- _ret ] s2) | s2 = bb19 ] | bb19 = s0 - [ s0 = into_inner_PtrOwn_Cell_T {cell_own} (fun (_ret: t_PtrOwn_Cell_T) -> [ &_44 <- _ret ] s1) | s1 = bb20 ] + [ s0 = into_inner_PtrOwn_Cell_T {cell_own} (fun (_ret: t_PtrOwn_Cell_T) -> [ &_46 <- _ret ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = {inv_Seq_PtrOwn_Cell_T _42.current} - MutBorrow.borrow_final {_42.current} {MutBorrow.get_id _42} + [ s0 = {inv_Seq_PtrOwn_Cell_T _44.current} + MutBorrow.borrow_final {_44.current} {MutBorrow.get_id _44} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_41 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- - [ &_42 <- { _42 with current = _ret.final } ] s1) - | s1 = push_back_ghost_PtrOwn_Cell_T {_41} {_44} (fun (_ret: ()) -> [ &_40 <- _ret ] s2) + [ &_43 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- + [ &_44 <- { _44 with current = _ret.final } ] s1) + | s1 = push_back_ghost_PtrOwn_Cell_T {_43} {_46} (fun (_ret: ()) -> [ &_42 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T'0 _42} s1 - | s1 = -{resolve_ref_Seq_PtrOwn_Cell_T _42}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T'0 _44} s1 + | s1 = -{resolve_ref_Seq_PtrOwn_Cell_T _44}- s2 | s2 = {[@expl:type invariant] inv_ref_List_T self} s3 | s3 = -{resolve_ref_List_T self}- s4 - | s4 = new_unit {_40} (fun (_ret: ()) -> [ &_39 <- _ret ] s5) + | s4 = new_unit {_42} (fun (_ret: ()) -> [ &_41 <- _ret ] s5) | s5 = bb24 ] | bb24 = return {_0} ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_List_T = self | & x: t_T = x | & cell: t_Cell_T = Any.any_l () - | & _5: t_Cell_T = Any.any_l () - | & _7: Opaque.ptr = Any.any_l () + | & _7: t_Cell_T = Any.any_l () + | & _9: Opaque.ptr = Any.any_l () | & cell_ptr: Opaque.ptr = Any.any_l () | & cell_own: t_PtrOwn_Cell_T = Any.any_l () - | & _10: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T = Any.any_l () - | & _13: bool = Any.any_l () + | & _12: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T = Any.any_l () + | & _15: bool = Any.any_l () | & cell_last: MutBorrow.t t_Cell_T = Any.any_l () - | & _18: MutBorrow.t t_Cell_T = Any.any_l () - | & _19: Opaque.ptr = Any.any_l () - | & _21: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () - | & _22: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () + | & _20: MutBorrow.t t_Cell_T = Any.any_l () + | & _21: Opaque.ptr = Any.any_l () | & _23: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () + | & _24: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () + | & _25: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () | & off: int = Any.any_l () - | & _25: int = Any.any_l () - | & _27: Seq.seq t_PtrOwn_Cell_T = Any.any_l () - | & _29: int = Any.any_l () - | & _30: int = Any.any_l () - | & _31: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () - | & _32: t_Option_ref_PtrOwn_Cell_T = Any.any_l () - | & _33: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _34: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _27: int = Any.any_l () + | & _29: Seq.seq t_PtrOwn_Cell_T = Any.any_l () + | & _31: int = Any.any_l () + | & _32: int = Any.any_l () + | & _33: MutBorrow.t t_PtrOwn_Cell_T = Any.any_l () + | & _34: t_Option_ref_PtrOwn_Cell_T = Any.any_l () | & _35: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _39: () = Any.any_l () - | & _40: () = Any.any_l () - | & _41: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _42: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _36: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _37: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _41: () = Any.any_l () + | & _42: () = Any.any_l () | & _43: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _44: t_PtrOwn_Cell_T = Any.any_l () ]) + | & _44: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _45: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _46: t_PtrOwn_Cell_T = Any.any_l () ]) [ return (result: ()) -> {[@expl:push_back ensures] view_List_T self.final = Seq.snoc (view_List_T self.current) x} (! return {result}) ] end @@ -863,43 +863,43 @@ module M_impl_List_T__push_front (* List *) {[@expl:push_front 'self' type invariant] inv_ref_List_T self} {[@expl:push_front 'x' type invariant] inv_T x} (! bb0 - [ bb0 = s0 [ s0 = [ &_7 <- { v = x; next = self.current.first } ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_9 <- { v = x; next = self.current.first } ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = new_Cell_T {_7} (fun (_ret: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T) -> [ &_6 <- _ret ] s1) | s1 = bb2 ] + [ s0 = new_Cell_T {_9} (fun (_ret: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &cell_ptr <- _6.f0 ] s1 - | s1 = [ &cell_own <- _6.f1 ] s2 + [ s0 = [ &cell_ptr <- _8.f0 ] s1 + | s1 = [ &cell_own <- _8.f1 ] s2 | s2 = [ &self <- { self with current = { self.current with first = cell_ptr } } ] s3 - | s3 = is_null_Cell_T {self.current.last} (fun (_ret: bool) -> [ &_12 <- _ret ] s4) + | s3 = is_null_Cell_T {self.current.last} (fun (_ret: bool) -> [ &_14 <- _ret ] s4) | s4 = bb3 ] - | bb3 = any [ br0 -> {_12 = false} (! bb6) | br1 -> {_12} (! bb4) ] + | bb3 = any [ br0 -> {_14 = false} (! bb6) | br1 -> {_14} (! bb4) ] | bb4 = s0 [ s0 = [ &self <- { self with current = { self.current with last = cell_ptr } } ] s1 | s1 = bb6 ] | bb6 = s0 [ s0 = {inv_Ghost_Seq_PtrOwn_Cell_T self.current.seq} MutBorrow.borrow_final {self.current.seq} {MutBorrow.inherit_id (MutBorrow.get_id self) 3} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_19 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- + [ &_21 <- _ret ] -{inv_Ghost_Seq_PtrOwn_Cell_T _ret.final}- [ &self <- { self with current = { self.current with seq = _ret.final } } ] s1) - | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_19} - (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_18 <- _ret ] s2) + | s1 = deref_mut_Ghost_Seq_PtrOwn_Cell_T {_21} + (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> [ &_20 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = into_inner_PtrOwn_Cell_T {cell_own} (fun (_ret: t_PtrOwn_Cell_T) -> [ &_20 <- _ret ] s1) | s1 = bb8 ] + [ s0 = into_inner_PtrOwn_Cell_T {cell_own} (fun (_ret: t_PtrOwn_Cell_T) -> [ &_22 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 - [ s0 = {inv_Seq_PtrOwn_Cell_T _18.current} - MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} + [ s0 = {inv_Seq_PtrOwn_Cell_T _20.current} + MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} (fun (_ret: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T)) -> - [ &_17 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- - [ &_18 <- { _18 with current = _ret.final } ] s1) - | s1 = push_front_ghost_PtrOwn_Cell_T {_17} {_20} (fun (_ret: ()) -> [ &_16 <- _ret ] s2) + [ &_19 <- _ret ] -{inv_Seq_PtrOwn_Cell_T _ret.final}- + [ &_20 <- { _20 with current = _ret.final } ] s1) + | s1 = push_front_ghost_PtrOwn_Cell_T {_19} {_22} (fun (_ret: ()) -> [ &_18 <- _ret ] s2) | s2 = bb9 ] | bb9 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T _18} s1 - | s1 = -{resolve_ref_Seq_PtrOwn_Cell_T _18}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Seq_PtrOwn_Cell_T _20} s1 + | s1 = -{resolve_ref_Seq_PtrOwn_Cell_T _20}- s2 | s2 = {[@expl:type invariant] inv_ref_List_T self} s3 | s3 = -{resolve_ref_List_T self}- s4 - | s4 = new_unit {_16} (fun (_ret: ()) -> [ &_15 <- _ret ] s5) + | s4 = new_unit {_18} (fun (_ret: ()) -> [ &_17 <- _ret ] s5) | s5 = bb11 ] | bb11 = return {_0} ] [ & _0: () = Any.any_l () @@ -907,15 +907,15 @@ module M_impl_List_T__push_front (* List *) | & x: t_T = x | & cell_ptr: Opaque.ptr = Any.any_l () | & cell_own: t_PtrOwn_Cell_T = Any.any_l () - | & _6: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T = Any.any_l () - | & _7: t_Cell_T = Any.any_l () - | & _12: bool = Any.any_l () - | & _15: () = Any.any_l () - | & _16: () = Any.any_l () - | & _17: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _18: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _8: tup2_ptr_Cell_T_Ghost_PtrOwn_Cell_T = Any.any_l () + | & _9: t_Cell_T = Any.any_l () + | & _14: bool = Any.any_l () + | & _17: () = Any.any_l () + | & _18: () = Any.any_l () | & _19: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () - | & _20: t_PtrOwn_Cell_T = Any.any_l () ]) + | & _20: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _21: MutBorrow.t (Seq.seq t_PtrOwn_Cell_T) = Any.any_l () + | & _22: t_PtrOwn_Cell_T = Any.any_l () ]) [ return (result: ()) -> {[@expl:push_front ensures] view_List_T self.final = push_front_T (view_List_T self.current) x} (! return {result}) ] diff --git a/tests/should_succeed/list_index_mut.coma b/tests/should_succeed/list_index_mut.coma index 17e6b6b4ae..1a11555896 100644 --- a/tests/should_succeed/list_index_mut.coma +++ b/tests/should_succeed/list_index_mut.coma @@ -117,32 +117,32 @@ module M_index_mut (! s0) [ s0 = bb4 ] [ bb4 = s0 - [ s0 = [ &_21 <- UInt64.gt ix (0: UInt64.t) ] s1 - | s1 = any [ br0 -> {_21 = false} (! bb8) | br1 -> {_21} (! bb5) ] ] + [ s0 = [ &_48 <- UInt64.gt ix (0: UInt64.t) ] s1 + | s1 = any [ br0 -> {_48 = false} (! bb8) | br1 -> {_48} (! bb5) ] ] | bb5 = s0 [ s0 = MutBorrow.borrow_final {l.current.f1} {MutBorrow.inherit_id (MutBorrow.get_id l) 2} (fun (_ret: MutBorrow.t t_Option_Box_List_Global) -> - [ &_26 <- _ret ] [ &l <- { l with current = { l.current with f1 = _ret.final } } ] s1) - | s1 = as_mut_Box_List_Global {_26} (fun (_ret: t_Option_ref_Box_List_Global) -> [ &_25 <- _ret ] s2) + [ &_53 <- _ret ] [ &l <- { l with current = { l.current with f1 = _ret.final } } ] s1) + | s1 = as_mut_Box_List_Global {_53} (fun (_ret: t_Option_ref_Box_List_Global) -> [ &_52 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = unwrap_ref_Box_List_Global {_25} (fun (_ret: MutBorrow.t t_List) -> [ &_24 <- _ret ] s1) | s1 = bb7 ] + [ s0 = unwrap_ref_Box_List_Global {_52} (fun (_ret: MutBorrow.t t_List) -> [ &_51 <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} - (fun (_ret: MutBorrow.t t_List) -> [ &_23 <- _ret ] [ &_24 <- { _24 with current = _ret.final } ] s1) + [ s0 = MutBorrow.borrow_final {_51.current} {MutBorrow.get_id _51} + (fun (_ret: MutBorrow.t t_List) -> [ &_50 <- _ret ] [ &_51 <- { _51 with current = _ret.final } ] s1) | s1 = -{resolve_ref_List l}- s2 - | s2 = [ &l <- _23 ] s3 - | s3 = -{resolve_ref_Box_List_Global _24}- s4 + | s2 = [ &l <- _50 ] s3 + | s3 = -{resolve_ref_Box_List_Global _51}- s4 | s4 = UInt64.sub {ix} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &ix <- _ret ] s5) | s5 = bb3 ] ] ] | bb8 = s0 [ s0 = MutBorrow.borrow_final {l.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id l) 1} (fun (_ret: MutBorrow.t UInt32.t) -> - [ &_28 <- _ret ] [ &l <- { l with current = { l.current with f0 = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_u32 _28}- s3 + [ &_55 <- _ret ] [ &l <- { l with current = { l.current with f0 = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_55.current} {MutBorrow.get_id _55} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_55 <- { _55 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_u32 _55}- s3 | s3 = MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_3 <- { _3 with current = _ret.final } ] s4) | s4 = -{resolve_ref_u32 _3}- s5 @@ -154,12 +154,12 @@ module M_index_mut | & _3: MutBorrow.t UInt32.t = Any.any_l () | & old_l: MutBorrow.t t_List = Any.any_l () | & old_ix: UInt64.t = Any.any_l () - | & _21: bool = Any.any_l () - | & _23: MutBorrow.t t_List = Any.any_l () - | & _24: MutBorrow.t t_List = Any.any_l () - | & _25: t_Option_ref_Box_List_Global = Any.any_l () - | & _26: MutBorrow.t t_Option_Box_List_Global = Any.any_l () - | & _28: MutBorrow.t UInt32.t = Any.any_l () ]) + | & _48: bool = Any.any_l () + | & _50: MutBorrow.t t_List = Any.any_l () + | & _51: MutBorrow.t t_List = Any.any_l () + | & _52: t_Option_ref_Box_List_Global = Any.any_l () + | & _53: MutBorrow.t t_Option_Box_List_Global = Any.any_l () + | & _55: MutBorrow.t UInt32.t = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:index_mut ensures #0] Some'0 (result.current) = get l.current (UInt64.t'int ix)} {[@expl:index_mut ensures #1] Some'0 (result.final) = get l.final (UInt64.t'int ix)} @@ -221,20 +221,20 @@ module M_write (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_final {l.current} {MutBorrow.get_id l} - (fun (_ret: MutBorrow.t t_List) -> [ &_10 <- _ret ] [ &l <- { l with current = _ret.final } ] s1) - | s1 = index_mut {_10} {ix} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_List) -> [ &_18 <- _ret ] [ &l <- { l with current = _ret.final } ] s1) + | s1 = index_mut {_18} {ix} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- { _9 with current = v } ] s1 - | s1 = -{resolve_ref_u32 _9}- s2 + [ s0 = [ &_17 <- { _17 with current = v } ] s1 + | s1 = -{resolve_ref_u32 _17}- s2 | s2 = -{resolve_ref_List l}- s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & l: MutBorrow.t t_List = l | & ix: UInt64.t = ix | & v: UInt32.t = v - | & _9: MutBorrow.t UInt32.t = Any.any_l () - | & _10: MutBorrow.t t_List = Any.any_l () ]) + | & _17: MutBorrow.t UInt32.t = Any.any_l () + | & _18: MutBorrow.t t_List = Any.any_l () ]) [ return (result: ()) -> {[@expl:write ensures #0] Some'0 v = get l.final (UInt64.t'int ix)} {[@expl:write ensures #1] len l.final = len l.current} {[@expl:write ensures #2] forall i: int. 0 <= i /\ i < len l.current /\ i <> UInt64.t'int ix diff --git a/tests/should_succeed/list_reversal_lasso.coma b/tests/should_succeed/list_reversal_lasso.coma index e23098fd7f..dac96a918f 100644 --- a/tests/should_succeed/list_reversal_lasso.coma +++ b/tests/should_succeed/list_reversal_lasso.coma @@ -47,13 +47,13 @@ module M_impl_Index_for_Memory__index (* > *) let rec index_Memory'0 (self: t_Memory) (i: UInt64.t) (return (x: UInt64.t)) = {[@expl:index requires] nonnull_ptr self i} (! bb0 - [ bb0 = s0 [ s0 = index_Vec_usize_Global {self.f0} {i} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_5 <- _6 ] s1 | s1 = [ &_0 <- _5 ] s2 | s2 = return {_0} ] ] + [ bb0 = s0 [ s0 = index_Vec_usize_Global {self.f0} {i} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_9 <- _10 ] s1 | s1 = [ &_0 <- _9 ] s2 | s2 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & self: t_Memory = self | & i: UInt64.t = i - | & _5: UInt64.t = Any.any_l () - | & _6: UInt64.t = Any.any_l () ]) + | & _9: UInt64.t = Any.any_l () + | & _10: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:index ensures] result = index_Memory self i} (! return {result}) ] end module M_impl_IndexMut_for_Memory__index_mut (* > *) @@ -129,16 +129,16 @@ module M_impl_IndexMut_for_Memory__index_mut (* {self.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> - [ &_11 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = index_mut_Vec_usize_Global {_11} {i} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_10 <- _ret ] s2) + [ &_20 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) + | s1 = index_mut_Vec_usize_Global {_20} {i} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_19 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s1) - | s1 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_3 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s2) - | s2 = -{resolve_ref_usize _10}- s3 - | s3 = -{resolve_ref_usize _9}- s4 + [ s0 = MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_18 <- _ret ] [ &_19 <- { _19 with current = _ret.final } ] s1) + | s1 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_3 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s2) + | s2 = -{resolve_ref_usize _19}- s3 + | s3 = -{resolve_ref_usize _18}- s4 | s4 = MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_0 <- _ret ] [ &_3 <- { _3 with current = _ret.final } ] s5) | s5 = -{resolve_ref_usize _3}- s6 @@ -148,9 +148,9 @@ module M_impl_IndexMut_for_Memory__index_mut (* {[@expl:index_mut ensures #0] result.current = index_Memory self.current i} {[@expl:index_mut ensures #1] result.final = index_Memory self.final i} @@ -233,20 +233,20 @@ module M_impl_Memory_0__list_reversal_safe (* Memory *) (! s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = [ &_13 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_13 = false} (! bb6) | br1 -> {_13} (! bb3) ] ] + [ s0 = [ &_21 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_21 = false} (! bb6) | br1 -> {_21} (! bb3) ] ] | bb3 = s0 [ s0 = [ &tmp <- l ] s1 - | s1 = index_Memory'0 {self.current} {l} (fun (_ret: UInt64.t) -> [ &_17 <- _ret ] s2) + | s1 = index_Memory'0 {self.current} {l} (fun (_ret: UInt64.t) -> [ &_25 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &l <- _17 ] s1 + [ s0 = [ &l <- _25 ] s1 | s1 = MutBorrow.borrow_mut {self.current} - (fun (_ret: MutBorrow.t t_Memory) -> [ &_22 <- _ret ] [ &self <- { self with current = _ret.final } ] s2) - | s2 = index_mut_Memory {_22} {tmp} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_21 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Memory) -> [ &_30 <- _ret ] [ &self <- { self with current = _ret.final } ] s2) + | s2 = index_mut_Memory {_30} {tmp} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_29 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = [ &_21 <- { _21 with current = r } ] s1 - | s1 = -{resolve_ref_usize _21}- s2 + [ s0 = [ &_29 <- { _29 with current = r } ] s1 + | s1 = -{resolve_ref_usize _29}- s2 | s2 = [ &r <- tmp ] s3 | s3 = bb1 ] ] ] | bb6 = s0 [ s0 = -{resolve_ref_Memory self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return {_0} ] ] @@ -254,11 +254,11 @@ module M_impl_Memory_0__list_reversal_safe (* Memory *) | & self: MutBorrow.t t_Memory = self | & l: UInt64.t = l | & r: UInt64.t = Any.any_l () - | & _13: bool = Any.any_l () + | & _21: bool = Any.any_l () | & tmp: UInt64.t = Any.any_l () - | & _17: UInt64.t = Any.any_l () - | & _21: MutBorrow.t UInt64.t = Any.any_l () - | & _22: MutBorrow.t t_Memory = Any.any_l () + | & _25: UInt64.t = Any.any_l () + | & _29: MutBorrow.t UInt64.t = Any.any_l () + | & _30: MutBorrow.t t_Memory = Any.any_l () | & old_1_0: MutBorrow.t t_Memory = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_impl_Memory_0__list_reversal_list (* Memory *) @@ -342,34 +342,34 @@ module M_impl_Memory_0__list_reversal_list (* Memory *) (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_16 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb4) ] ] + [ s0 = [ &_31 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_31 = false} (! bb9) | br1 -> {_31} (! bb4) ] ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {self.current} - (fun (_ret: MutBorrow.t t_Memory) -> [ &_22 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) - | s1 = index_mut_Memory {_22} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_21 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Memory) -> [ &_37 <- _ret ] [ &self <- { self with current = _ret.final } ] s1) + | s1 = index_mut_Memory {_37} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_36 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_20 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s1) + [ s0 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s1) | s1 = MutBorrow.borrow_mut {r} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_26 <- _ret ] [ &r <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_26.current} {MutBorrow.get_id _26} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_25 <- _ret ] [ &_26 <- { _26 with current = _ret.final } ] s3) - | s3 = replace_usize {_25} {l} (fun (_ret: UInt64.t) -> [ &_24 <- _ret ] s4) + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_41 <- _ret ] [ &r <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_40 <- _ret ] [ &_41 <- { _41 with current = _ret.final } ] s3) + | s3 = replace_usize {_40} {l} (fun (_ret: UInt64.t) -> [ &_39 <- _ret ] s4) | s4 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_usize _26}- s1 - | s1 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_19 <- _ret ] [ &_20 <- { _20 with current = _ret.final } ] s2) - | s2 = replace_usize {_19} {_24} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s3) + [ s0 = -{resolve_ref_usize _41}- s1 + | s1 = MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_34 <- _ret ] [ &_35 <- { _35 with current = _ret.final } ] s2) + | s2 = replace_usize {_34} {_39} (fun (_ret: UInt64.t) -> [ &_33 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_usize _21}- s1 - | s1 = -{resolve_ref_usize _20}- s2 - | s2 = [ &l <- _18 ] s3 - | s3 = [ &_28 <- n + 1 ] s4 + [ s0 = -{resolve_ref_usize _36}- s1 + | s1 = -{resolve_ref_usize _35}- s2 + | s2 = [ &l <- _33 ] s3 + | s3 = [ &_43 <- n + 1 ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _28 ] s1 | s1 = bb2 ] ] ] + | bb8 = s0 [ s0 = [ &n <- _43 ] s1 | s1 = bb2 ] ] ] | bb9 = s0 [ s0 = -{resolve_ref_Memory self}- s1 | s1 = [ &_0 <- r ] s2 | s2 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & self: MutBorrow.t t_Memory = self @@ -377,16 +377,16 @@ module M_impl_Memory_0__list_reversal_list (* Memory *) | & s: Seq.seq UInt64.t = s | & r: UInt64.t = Any.any_l () | & n: int = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: UInt64.t = Any.any_l () - | & _19: MutBorrow.t UInt64.t = Any.any_l () - | & _20: MutBorrow.t UInt64.t = Any.any_l () - | & _21: MutBorrow.t UInt64.t = Any.any_l () - | & _22: MutBorrow.t t_Memory = Any.any_l () - | & _24: UInt64.t = Any.any_l () - | & _25: MutBorrow.t UInt64.t = Any.any_l () - | & _26: MutBorrow.t UInt64.t = Any.any_l () - | & _28: int = Any.any_l () + | & _31: bool = Any.any_l () + | & _33: UInt64.t = Any.any_l () + | & _34: MutBorrow.t UInt64.t = Any.any_l () + | & _35: MutBorrow.t UInt64.t = Any.any_l () + | & _36: MutBorrow.t UInt64.t = Any.any_l () + | & _37: MutBorrow.t t_Memory = Any.any_l () + | & _39: UInt64.t = Any.any_l () + | & _40: MutBorrow.t UInt64.t = Any.any_l () + | & _41: MutBorrow.t UInt64.t = Any.any_l () + | & _43: int = Any.any_l () | & old_2_0: MutBorrow.t t_Memory = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:list_reversal_list ensures] list self.final result (Reverse.reverse s)} (! return {result}) ] @@ -484,35 +484,35 @@ module M_impl_Memory_0__list_reversal_loop (* Memory *) (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_18 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb4) ] ] + [ s0 = [ &_39 <- l <> const_NULL ] s1 | s1 = any [ br0 -> {_39 = false} (! bb9) | br1 -> {_39} (! bb4) ] ] | bb4 = s0 [ s0 = {[@expl:assertion] n = Seq.length s -> l = Seq.get (Reverse.reverse s) (Seq.length s - 1)} s1 | s1 = MutBorrow.borrow_mut {self.current} - (fun (_ret: MutBorrow.t t_Memory) -> [ &_26 <- _ret ] [ &self <- { self with current = _ret.final } ] s2) - | s2 = index_mut_Memory {_26} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_25 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Memory) -> [ &_50 <- _ret ] [ &self <- { self with current = _ret.final } ] s2) + | s2 = index_mut_Memory {_50} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_49 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_24 <- _ret ] [ &_25 <- { _25 with current = _ret.final } ] s1) + [ s0 = MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_48 <- _ret ] [ &_49 <- { _49 with current = _ret.final } ] s1) | s1 = MutBorrow.borrow_mut {r} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_30 <- _ret ] [ &r <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_29 <- _ret ] [ &_30 <- { _30 with current = _ret.final } ] s3) - | s3 = replace_usize {_29} {l} (fun (_ret: UInt64.t) -> [ &_28 <- _ret ] s4) + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_54 <- _ret ] [ &r <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_53 <- _ret ] [ &_54 <- { _54 with current = _ret.final } ] s3) + | s3 = replace_usize {_53} {l} (fun (_ret: UInt64.t) -> [ &_52 <- _ret ] s4) | s4 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_usize _30}- s1 - | s1 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_23 <- _ret ] [ &_24 <- { _24 with current = _ret.final } ] s2) - | s2 = replace_usize {_23} {_28} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s3) + [ s0 = -{resolve_ref_usize _54}- s1 + | s1 = MutBorrow.borrow_final {_48.current} {MutBorrow.get_id _48} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_47 <- _ret ] [ &_48 <- { _48 with current = _ret.final } ] s2) + | s2 = replace_usize {_47} {_52} (fun (_ret: UInt64.t) -> [ &_46 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_usize _25}- s1 - | s1 = -{resolve_ref_usize _24}- s2 - | s2 = [ &l <- _22 ] s3 - | s3 = [ &_32 <- n + 1 ] s4 + [ s0 = -{resolve_ref_usize _49}- s1 + | s1 = -{resolve_ref_usize _48}- s2 + | s2 = [ &l <- _46 ] s3 + | s3 = [ &_56 <- n + 1 ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _32 ] s1 | s1 = bb2 ] ] ] + | bb8 = s0 [ s0 = [ &n <- _56 ] s1 | s1 = bb2 ] ] ] | bb9 = s0 [ s0 = -{resolve_ref_Memory self}- s1 | s1 = {[@expl:assertion] forall i: int. 0 <= i /\ i < Seq.length s @@ -527,16 +527,16 @@ module M_impl_Memory_0__list_reversal_loop (* Memory *) | & s: Seq.seq UInt64.t = s | & r: UInt64.t = Any.any_l () | & n: int = Any.any_l () - | & _18: bool = Any.any_l () - | & _22: UInt64.t = Any.any_l () - | & _23: MutBorrow.t UInt64.t = Any.any_l () - | & _24: MutBorrow.t UInt64.t = Any.any_l () - | & _25: MutBorrow.t UInt64.t = Any.any_l () - | & _26: MutBorrow.t t_Memory = Any.any_l () - | & _28: UInt64.t = Any.any_l () - | & _29: MutBorrow.t UInt64.t = Any.any_l () - | & _30: MutBorrow.t UInt64.t = Any.any_l () - | & _32: int = Any.any_l () + | & _39: bool = Any.any_l () + | & _46: UInt64.t = Any.any_l () + | & _47: MutBorrow.t UInt64.t = Any.any_l () + | & _48: MutBorrow.t UInt64.t = Any.any_l () + | & _49: MutBorrow.t UInt64.t = Any.any_l () + | & _50: MutBorrow.t t_Memory = Any.any_l () + | & _52: UInt64.t = Any.any_l () + | & _53: MutBorrow.t UInt64.t = Any.any_l () + | & _54: MutBorrow.t UInt64.t = Any.any_l () + | & _56: int = Any.any_l () | & old_2_0: MutBorrow.t t_Memory = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:list_reversal_loop ensures] loop_ self.final result (push_front_usize (Reverse.reverse (Seq.([..]) s 1 (Seq.length s))) (Seq.get s 0))} @@ -645,35 +645,35 @@ module M_impl_Memory_0__list_reversal_lasso (* Memory *) (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_18 <- l <> const_NULL ] s1'0 | s1'0 = any [ br0 -> {_18 = false} (! bb9) | br1 -> {_18} (! bb4) ] ] + [ s0 = [ &_46 <- l <> const_NULL ] s1'0 | s1'0 = any [ br0 -> {_46 = false} (! bb9) | br1 -> {_46} (! bb4) ] ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Memory) -> - [ &_24 <- _ret ] [ &self <- { self with current = _ret.final } ] s1'0) - | s1'0 = index_mut_Memory {_24} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_23 <- _ret ] s2'0) + [ &_52 <- _ret ] [ &self <- { self with current = _ret.final } ] s1'0) + | s1'0 = index_mut_Memory {_52} {l} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_51 <- _ret ] s2'0) | s2'0 = bb5 ] | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_22 <- _ret ] [ &_23 <- { _23 with current = _ret.final } ] s1'0) + [ s0 = MutBorrow.borrow_final {_51.current} {MutBorrow.get_id _51} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_50 <- _ret ] [ &_51 <- { _51 with current = _ret.final } ] s1'0) | s1'0 = MutBorrow.borrow_mut {r} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_28 <- _ret ] [ &r <- _ret.final ] s2'0) - | s2'0 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s3) - | s3 = replace_usize {_27} {l} (fun (_ret: UInt64.t) -> [ &_26 <- _ret ] s4) + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_56 <- _ret ] [ &r <- _ret.final ] s2'0) + | s2'0 = MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_55 <- _ret ] [ &_56 <- { _56 with current = _ret.final } ] s3) + | s3 = replace_usize {_55} {l} (fun (_ret: UInt64.t) -> [ &_54 <- _ret ] s4) | s4 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_usize _28}- s1'0 - | s1'0 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t UInt64.t) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2'0) - | s2'0 = replace_usize {_21} {_26} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s3) + [ s0 = -{resolve_ref_usize _56}- s1'0 + | s1'0 = MutBorrow.borrow_final {_50.current} {MutBorrow.get_id _50} + (fun (_ret: MutBorrow.t UInt64.t) -> [ &_49 <- _ret ] [ &_50 <- { _50 with current = _ret.final } ] s2'0) + | s2'0 = replace_usize {_49} {_54} (fun (_ret: UInt64.t) -> [ &_48 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = -{resolve_ref_usize _23}- s1'0 - | s1'0 = -{resolve_ref_usize _22}- s2'0 - | s2'0 = [ &l <- _20 ] s3 - | s3 = [ &_30 <- n + 1 ] s4 + [ s0 = -{resolve_ref_usize _51}- s1'0 + | s1'0 = -{resolve_ref_usize _50}- s2'0 + | s2'0 = [ &l <- _48 ] s3 + | s3 = [ &_58 <- n + 1 ] s4 | s4 = bb8 ] - | bb8 = s0 [ s0 = [ &n <- _30 ] s1'0 | s1'0 = bb2 ] ] ] + | bb8 = s0 [ s0 = [ &n <- _58 ] s1'0 | s1'0 = bb2 ] ] ] | bb9 = s0 [ s0 = -{resolve_ref_Memory self}- s1'0 | s1'0 = [ &_0 <- r ] s2'0 | s2'0 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & self: MutBorrow.t t_Memory = self @@ -682,16 +682,16 @@ module M_impl_Memory_0__list_reversal_lasso (* Memory *) | & s2: Seq.seq UInt64.t = s2 | & r: UInt64.t = Any.any_l () | & n: int = Any.any_l () - | & _18: bool = Any.any_l () - | & _20: UInt64.t = Any.any_l () - | & _21: MutBorrow.t UInt64.t = Any.any_l () - | & _22: MutBorrow.t UInt64.t = Any.any_l () - | & _23: MutBorrow.t UInt64.t = Any.any_l () - | & _24: MutBorrow.t t_Memory = Any.any_l () - | & _26: UInt64.t = Any.any_l () - | & _27: MutBorrow.t UInt64.t = Any.any_l () - | & _28: MutBorrow.t UInt64.t = Any.any_l () - | & _30: int = Any.any_l () + | & _46: bool = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _49: MutBorrow.t UInt64.t = Any.any_l () + | & _50: MutBorrow.t UInt64.t = Any.any_l () + | & _51: MutBorrow.t UInt64.t = Any.any_l () + | & _52: MutBorrow.t t_Memory = Any.any_l () + | & _54: UInt64.t = Any.any_l () + | & _55: MutBorrow.t UInt64.t = Any.any_l () + | & _56: MutBorrow.t UInt64.t = Any.any_l () + | & _58: int = Any.any_l () | & old_2_0: MutBorrow.t t_Memory = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:list_reversal_lasso ensures] lasso self.final result s1 (Reverse.reverse s2)} (! return {result}) ] diff --git a/tests/should_succeed/local_invariant_cellinv.coma b/tests/should_succeed/local_invariant_cellinv.coma index 820362b91d..d3294c5243 100644 --- a/tests/should_succeed/local_invariant_cellinv.coma +++ b/tests/should_succeed/local_invariant_cellinv.coma @@ -314,16 +314,16 @@ module M_impl_CellInv_T__read (* CellInv *) {[@expl:read requires] contains tokens (Namespace_PERMCELL 0)} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { c0 = self } ] s1 - | s1 = open_ref_Ghost_LocalInvariant_PermCellLocalInv_T {self.permission} {tokens} {_7} - (fun (_ret: t_T) -> [ &_4 <- _ret ] s2) + [ s0 = [ &_8 <- { c0 = self } ] s1 + | s1 = open_ref_Ghost_LocalInvariant_PermCellLocalInv_T {self.permission} {tokens} {_8} + (fun (_ret: t_T) -> [ &_5 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _4 ] s1 | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = [ &_0 <- _5 ] s1 | s1 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & self: t_CellInv_T = self | & tokens: t_Tokens = tokens - | & _4: t_T = Any.any_l () - | & _7: closure0 = Any.any_l () ]) + | & _5: t_T = Any.any_l () + | & _8: closure0 = Any.any_l () ]) [ return (result: t_T) -> {[@expl:read result type invariant] inv_ref_T result} (! return {result}) ] end module M_impl_CellInv_T__write (* CellInv *) @@ -706,8 +706,8 @@ module M_impl_CellInv_T__write (* CellInv *) {[@expl:write requires] contains tokens (Namespace_PERMCELL 0)} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { c0 = self; c1 = x } ] s1 - | s1 = open_ref_Ghost_LocalInvariant_PermCellLocalInv_T {self.permission} {tokens} {_7} + [ s0 = [ &_8 <- { c0 = self; c1 = x } ] s1 + | s1 = open_ref_Ghost_LocalInvariant_PermCellLocalInv_T {self.permission} {tokens} {_8} (fun (_ret: ()) -> [ &_0 <- _ret ] s2) | s2 = bb2 ] | bb2 = return {_0} ] @@ -715,5 +715,5 @@ module M_impl_CellInv_T__write (* CellInv *) | & self: t_CellInv_T = self | & x: t_T = x | & tokens: t_Tokens = tokens - | & _7: closure0 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: closure0 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/mapping_indexing.coma b/tests/should_succeed/mapping_indexing.coma index a9bb60cbac..0d02ffe0e2 100644 --- a/tests/should_succeed/mapping_indexing.coma +++ b/tests/should_succeed/mapping_indexing.coma @@ -17,22 +17,22 @@ module M_foo [ s0 = [ &mapping <- _3 ] s1 | s1 = {[@expl:assertion] index_Mapping_Int_Int mapping 0 = 10} s2 | s2 = {[@expl:assertion] index_Mapping_Int_Int mapping 1 = 42} s3 - | s3 = [ &_9 <- Map.set mapping 1 11 ] s4 + | s3 = [ &_12 <- Map.set mapping 1 11 ] s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = [ &mapping <- _9 ] s1 + [ s0 = [ &mapping <- _12 ] s1 | s1 = {[@expl:assertion] index_Mapping_Int_Int mapping 0 = 10} s2 | s2 = {[@expl:assertion] index_Mapping_Int_Int mapping 1 = 11} s3 - | s3 = [ &_15 <- Map.set mapping 0 12 ] s4 + | s3 = [ &_21 <- Map.set mapping 0 12 ] s4 | s4 = bb4 ] | bb4 = s0 - [ s0 = [ &mapping <- _15 ] s1 + [ s0 = [ &mapping <- _21 ] s1 | s1 = {[@expl:assertion] index_Mapping_Int_Int mapping 0 = 12} s2 | s2 = {[@expl:assertion] index_Mapping_Int_Int mapping 1 = 11} s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & mapping: Map.map int int = Any.any_l () | & _3: Map.map int int = Any.any_l () - | & _9: Map.map int int = Any.any_l () - | & _15: Map.map int int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _12: Map.map int int = Any.any_l () + | & _21: Map.map int int = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/mapping_test.coma b/tests/should_succeed/mapping_test.coma index e0eae9d899..9b0c7e7f38 100644 --- a/tests/should_succeed/mapping_test.coma +++ b/tests/should_succeed/mapping_test.coma @@ -68,19 +68,19 @@ module M_f [ s0 = [ &x <- { a = (42: Int32.t) } ] s1 | s1 = {[@expl:assertion] Map.get (view_T x) 13 = 1} s2 | s2 = {[@expl:assertion] Map.get (view_T x) 42 = 0} s3 - | s3 = MutBorrow.borrow_mut {x} (fun (_ret: MutBorrow.t t_T) -> [ &_8 <- _ret ] [ &x <- _ret.final ] s4) - | s4 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} - (fun (_ret: MutBorrow.t t_T) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s5) - | s5 = incr {_7} (fun (_ret: ()) -> [ &_6 <- _ret ] s6) + | s3 = MutBorrow.borrow_mut {x} (fun (_ret: MutBorrow.t t_T) -> [ &_10 <- _ret ] [ &x <- _ret.final ] s4) + | s4 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + (fun (_ret: MutBorrow.t t_T) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s5) + | s5 = incr {_9} (fun (_ret: ()) -> [ &_8 <- _ret ] s6) | s6 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_T _8}- s1 + [ s0 = -{resolve_ref_T _10}- s1 | s1 = {[@expl:assertion] Map.get (view_T x) 13 = 1} s2 | s2 = {[@expl:assertion] Map.get (view_T x) 42 = 1} s3 | s3 = return {_0} ] ] [ & _0: () = Any.any_l () | & x: t_T = Any.any_l () - | & _6: () = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: () = Any.any_l () + | & _9: MutBorrow.t t_T = Any.any_l () + | & _10: MutBorrow.t t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/mc91.coma b/tests/should_succeed/mc91.coma index 90ee3fd4d5..eceedae8ad 100644 --- a/tests/should_succeed/mc91.coma +++ b/tests/should_succeed/mc91.coma @@ -54,20 +54,20 @@ module M_mc91 let rec mc91 (x: UInt32.t) (return (x'0: UInt32.t)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- UInt32.gt x (100: UInt32.t) ] s1 - | s1 = any [ br0 -> {_3 = false} (! bb2) | br1 -> {_3} (! bb1) ] ] + [ s0 = [ &_4 <- UInt32.gt x (100: UInt32.t) ] s1 + | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] | bb1 = s0 [ s0 = UInt32.sub {x} {(10: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] | bb2 = s0 - [ s0 = UInt32.add {x} {(11: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_7 <- _ret ] s1) - | s1 = mc91 {_7} (fun (_ret: UInt32.t) -> [ &_6 <- _ret ] s2) + [ s0 = UInt32.add {x} {(11: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_8 <- _ret ] s1) + | s1 = mc91 {_8} (fun (_ret: UInt32.t) -> [ &_7 <- _ret ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = mc91 {_6} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = mc91 {_7} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] | bb5 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & x: UInt32.t = x - | & _3: bool = Any.any_l () - | & _6: UInt32.t = Any.any_l () - | & _7: UInt32.t = Any.any_l () ]) + | & _4: bool = Any.any_l () + | & _7: UInt32.t = Any.any_l () + | & _8: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:mc91 ensures] UInt32.le x (100: UInt32.t) -> UInt32.t'int result = 91 /\ UInt32.gt x (100: UInt32.t) -> UInt32.t'int result = UInt32.t'int x - 10} (! return {result}) ] diff --git a/tests/should_succeed/open_inv.coma b/tests/should_succeed/open_inv.coma index 7986088154..fd9bc54909 100644 --- a/tests/should_succeed/open_inv.coma +++ b/tests/should_succeed/open_inv.coma @@ -87,12 +87,12 @@ module M_impl_Clone_for_IsZero__clone (* *) {[@expl:clone 'self' type invariant] inv_ref_IsZero self} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- self.f0 ] s1 | s1 = clone_i32 {_5} (fun (_ret: Int32.t) -> [ &_3 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = _3 } ] s1 | s1 = return {_0} ] ] + [ s0 = [ &_6 <- self.f0 ] s1 | s1 = clone_i32 {_6} (fun (_ret: Int32.t) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = _4 } ] s1 | s1 = return {_0} ] ] [ & _0: t_IsZero = Any.any_l () | & self: t_IsZero = self - | & _3: Int32.t = Any.any_l () - | & _5: Int32.t = Any.any_l () ]) + | & _4: Int32.t = Any.any_l () + | & _6: Int32.t = Any.any_l () ]) [ return (result: t_IsZero) -> {[@expl:clone result type invariant] inv_IsZero result} {[@expl:clone ensures] postcondition_clone () self.f0 result.f0} (! return {result}) ] diff --git a/tests/should_succeed/option.coma b/tests/should_succeed/option.coma index e801952a93..1ef1b2c131 100644 --- a/tests/should_succeed/option.coma +++ b/tests/should_succeed/option.coma @@ -910,13 +910,13 @@ module M_ok_or | s2 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] ok = Ok (1: Int32.t)} s1 - | s1 = [ &_13 <- () ] s2 - | s2 = ok_or_else_i32 {none} {_13} (fun (_ret: t_Result_i32_bool) -> [ &err'0 <- _ret ] s3) + | s1 = [ &_15 <- () ] s2 + | s2 = ok_or_else_i32 {none} {_15} (fun (_ret: t_Result_i32_bool) -> [ &err'0 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = {[@expl:assertion] err'0 = Err true} s1 - | s1 = [ &_18 <- () ] s2 - | s2 = ok_or_else_i32'0 {some} {_18} (fun (_ret: t_Result_i32_bool) -> [ &ok'0 <- _ret ] s3) + | s1 = [ &_21 <- () ] s2 + | s2 = ok_or_else_i32'0 {some} {_21} (fun (_ret: t_Result_i32_bool) -> [ &ok'0 <- _ret ] s3) | s3 = bb4 ] | bb4 = s0 [ s0 = {[@expl:assertion] ok'0 = Ok (1: Int32.t)} s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () @@ -925,9 +925,9 @@ module M_ok_or | & err: t_Result_i32_bool = Any.any_l () | & ok: t_Result_i32_bool = Any.any_l () | & err'0: t_Result_i32_bool = Any.any_l () - | & _13: () = Any.any_l () + | & _15: () = Any.any_l () | & ok'0: t_Result_i32_bool = Any.any_l () - | & _18: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _21: () = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_as_mut use creusot.int.Int32 diff --git a/tests/should_succeed/pair_bor_mut.coma b/tests/should_succeed/pair_bor_mut.coma index c1ebfc92e1..4b85902366 100644 --- a/tests/should_succeed/pair_bor_mut.coma +++ b/tests/should_succeed/pair_bor_mut.coma @@ -41,31 +41,31 @@ module M_pair_bor_mut [ s0 = {inv_T p.f0.current} MutBorrow.borrow_final {p.f0.current} {MutBorrow.get_id p.f0} (fun (_ret: MutBorrow.t t_T) -> - [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_10 <- _ret ] -{inv_T _ret.final}- [ &p <- { p with f0 = { p.f0 with current = _ret.final } } ] s1) - | s1 = {inv_T _7.current} - MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + | s1 = {inv_T _10.current} + MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- - [ &_7 <- { _7 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_T _7} s3 - | s3 = -{resolve_ref_T _7}- s4 + [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_10 <- { _10 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_T _10} s3 + | s3 = -{resolve_ref_T _10}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = {inv_T p.f1.current} MutBorrow.borrow_final {p.f1.current} {MutBorrow.get_id p.f1} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- + [ &_8 <- _ret ] -{inv_T _ret.final}- [ &p <- { p with f1 = { p.f1 with current = _ret.final } } ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = {inv_T _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + [ s0 = {inv_T _8.current} + MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _5} s2 - | s2 = -{resolve_ref_T _5}- s3 + [ &_8 <- { _8 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _8} s2 + | s2 = -{resolve_ref_T _8}- s3 | s3 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -80,8 +80,8 @@ module M_pair_bor_mut | & p: tup2_ref_T_ref_T = p | & take_first: bool = take_first | & _3: MutBorrow.t t_T = Any.any_l () - | & _5: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) + | & _8: MutBorrow.t t_T = Any.any_l () + | & _10: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:pair_bor_mut result type invariant] inv_ref_T result} {[@expl:pair_bor_mut ensures] if take_first then result = p.f0 /\ p.f1.final = p.f1.current diff --git a/tests/should_succeed/persistent_array.coma b/tests/should_succeed/persistent_array.coma index 3131850f5a..2669219d31 100644 --- a/tests/should_succeed/persistent_array.coma +++ b/tests/should_succeed/persistent_array.coma @@ -203,36 +203,36 @@ module M_implementation__impl_Clone_for_PersistentArray_T__clone (* [ &_3 <- _ret ] s1) + (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = deref_Ghost_Fragment_Id_Seq_T {self.frag} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_8 <- _ret ] s1) + [ s0 = deref_Ghost_Fragment_Id_Seq_T {self.frag} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = clone_Fragment_Id_Seq_T {_8} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_6 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_Fragment_Id_Seq_T {_6} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_5 <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = clone_Fragment_Id_Seq_T {_9} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_Fragment_Id_Seq_T {_7} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_6 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = deref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_13 <- _ret ] s1) + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_14 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = clone_Rc_LocalInvariant_PA_T_Global {_13} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_11 <- _ret ] s1) + [ s0 = clone_Rc_LocalInvariant_PA_T_Global {_14} + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_12 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = new_Rc_LocalInvariant_PA_T_Global {_11} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_10 <- _ret ] s1) + [ s0 = new_Rc_LocalInvariant_PA_T_Global {_12} + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_11 <- _ret ] s1) | s1 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- { permcell = _3; frag = _5; inv = _10 } ] s1 | s1 = bb8 ] + | bb7 = s0 [ s0 = [ &_0 <- { permcell = _4; frag = _6; inv = _11 } ] s1 | s1 = bb8 ] | bb8 = return {_0} ] [ & _0: t_PersistentArray_T = Any.any_l () | & self: t_PersistentArray_T = self - | & _3: t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _5: t_Fragment_Id_Seq_T = Any.any_l () + | & _4: t_Rc_PermCell_Inner_T_Global = Any.any_l () | & _6: t_Fragment_Id_Seq_T = Any.any_l () - | & _8: t_Fragment_Id_Seq_T = Any.any_l () - | & _10: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _7: t_Fragment_Id_Seq_T = Any.any_l () + | & _9: t_Fragment_Id_Seq_T = Any.any_l () | & _11: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () - | & _13: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () ]) + | & _12: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _14: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () ]) [ return (result: t_PersistentArray_T) -> {[@expl:clone result type invariant] inv_PersistentArray_T result} {[@expl:clone ensures] view_PersistentArray_T result = view_PersistentArray_T self} (! return {result}) ] @@ -875,131 +875,131 @@ module M_implementation__impl_PersistentArray_T__new (* implementation::Persiste {[@expl:new 'v' type invariant] inv_Vec_T_Global v} (! bb0 [ bb0 = s0 [ s0 = [ &seq <- view_Vec_T_Global v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_8 <- Direct v ] s1 | s1 = bb2 ] + | bb1 = s0 [ s0 = [ &_10 <- Direct v ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = new_Inner_T {_8} (fun (_ret: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T) -> [ &_7 <- _ret ] s1) + [ s0 = new_Inner_T {_10} (fun (_ret: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T) -> [ &_9 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = [ &permcell'0 <- _7.f0 ] s1 | s1 = [ &permcellown <- _7.f1 ] s2 | s2 = bb4 ] + | bb3 = s0 [ s0 = [ &permcell'0 <- _9.f0 ] s1 | s1 = [ &permcellown <- _9.f1 ] s2 | s2 = bb4 ] | bb4 = s0 [ s0 = new_Id (fun (_ret: t_Authority_Id_Seq_T) -> [ &auth'0 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = {inv_Ghost_Authority_Id_Seq_T auth'0} MutBorrow.borrow_mut {auth'0} (fun (_ret: MutBorrow.t t_Authority_Id_Seq_T) -> - [ &_15 <- _ret ] -{inv_Ghost_Authority_Id_Seq_T _ret.final}- + [ &_17 <- _ret ] -{inv_Ghost_Authority_Id_Seq_T _ret.final}- [ &auth'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_Authority_Id_Seq_T {_15} - (fun (_ret: MutBorrow.t t_Authority_Id_Seq_T) -> [ &_14 <- _ret ] s2) + | s1 = deref_mut_Ghost_Authority_Id_Seq_T {_17} + (fun (_ret: MutBorrow.t t_Authority_Id_Seq_T) -> [ &_16 <- _ret ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = [ &_16 <- id_Inner_T'0 permcellown ] s1 | s1 = bb7 ] + | bb6 = s0 [ s0 = [ &_18 <- id_Inner_T'0 permcellown ] s1 | s1 = bb7 ] | bb7 = s0 - [ s0 = {inv_Authority_Id_Seq_T _14.current} - MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + [ s0 = {inv_Authority_Id_Seq_T _16.current} + MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} (fun (_ret: MutBorrow.t t_Authority_Id_Seq_T) -> - [ &_13 <- _ret ] -{inv_Authority_Id_Seq_T _ret.final}- - [ &_14 <- { _14 with current = _ret.final } ] s1) - | s1 = insert_Id'0 {_13} {_16} {seq} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_12 <- _ret ] s2) + [ &_15 <- _ret ] -{inv_Authority_Id_Seq_T _ret.final}- + [ &_16 <- { _16 with current = _ret.final } ] s1) + | s1 = insert_Id'0 {_15} {_18} {seq} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_14 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Authority_Id_Seq_T _14} s1 - | s1 = -{resolve_ref_Authority_Id_Seq_T _14}- s2 - | s2 = new_Fragment_Id_Seq_T {_12} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &frag'0 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Authority_Id_Seq_T _16} s1 + | s1 = -{resolve_ref_Authority_Id_Seq_T _16}- s2 + | s2 = new_Fragment_Id_Seq_T {_14} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &frag'0 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 [ s0 = new_Id'0 (fun (_ret: t_FMap_Id_PermCellOwn_Inner_T) -> [ &perms'0 <- _ret ] s1) | s1 = bb10 ] | bb10 = s0 [ s0 = {inv_Ghost_FMap_Id_PermCellOwn_Inner_T perms'0} MutBorrow.borrow_mut {perms'0} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_25 <- _ret ] -{inv_Ghost_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_28 <- _ret ] -{inv_Ghost_FMap_Id_PermCellOwn_Inner_T _ret.final}- [ &perms'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_FMap_Id_PermCellOwn_Inner_T {_25} - (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> [ &_24 <- _ret ] s2) + | s1 = deref_mut_Ghost_FMap_Id_PermCellOwn_Inner_T {_28} + (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> [ &_27 <- _ret ] s2) | s2 = bb11 ] | bb11 = s0 - [ s0 = deref_Ghost_PermCellOwn_Inner_T {permcellown} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_31 <- _ret ] s1) + [ s0 = deref_Ghost_PermCellOwn_Inner_T {permcellown} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_34 <- _ret ] s1) | s1 = bb12 ] - | bb12 = s0 [ s0 = id_ghost_Inner_T {_31} (fun (_ret: t_Id) -> [ &_29 <- _ret ] s1) | s1 = bb13 ] - | bb13 = s0 [ s0 = deref_Ghost_Id {_29} (fun (_ret: t_Id) -> [ &_27 <- _ret ] s1) | s1 = bb14 ] + | bb12 = s0 [ s0 = id_ghost_Inner_T {_34} (fun (_ret: t_Id) -> [ &_32 <- _ret ] s1) | s1 = bb13 ] + | bb13 = s0 [ s0 = deref_Ghost_Id {_32} (fun (_ret: t_Id) -> [ &_30 <- _ret ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = into_inner_PermCellOwn_Inner_T {permcellown} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_33 <- _ret ] s1) + [ s0 = into_inner_PermCellOwn_Inner_T {permcellown} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_36 <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _24.current} - MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} + [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _27.current} + MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_23 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- - [ &_24 <- { _24 with current = _ret.final } ] s1) - | s1 = insert_ghost_Id {_23} {_27} {_33} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_22 <- _ret ] s2) - | s2 = {[@expl:type invariant] inv_Option_PermCellOwn_Inner_T _22} s3 - | s3 = -{resolve_Option_PermCellOwn_Inner_T _22}- s4 + [ &_26 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_27 <- { _27 with current = _ret.final } ] s1) + | s1 = insert_ghost_Id {_26} {_30} {_36} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_25 <- _ret ] s2) + | s2 = {[@expl:type invariant] inv_Option_PermCellOwn_Inner_T _25} s3 + | s3 = -{resolve_Option_PermCellOwn_Inner_T _25}- s4 | s4 = bb16 ] | bb16 = s0 - [ s0 = {[@expl:type invariant] inv_ref_FMap_Id_PermCellOwn_Inner_T _24} s1 - | s1 = -{resolve_ref_FMap_Id_PermCellOwn_Inner_T _24}- s2 + [ s0 = {[@expl:type invariant] inv_ref_FMap_Id_PermCellOwn_Inner_T _27} s1 + | s1 = -{resolve_ref_FMap_Id_PermCellOwn_Inner_T _27}- s2 | s2 = into_inner_FMap_Id_PermCellOwn_Inner_T {perms'0} - (fun (_ret: t_FMap_Id_PermCellOwn_Inner_T) -> [ &_38 <- _ret ] s3) + (fun (_ret: t_FMap_Id_PermCellOwn_Inner_T) -> [ &_41 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = into_inner_Authority_Id_Seq_T {auth'0} (fun (_ret: t_Authority_Id_Seq_T) -> [ &_40 <- _ret ] s1) + [ s0 = into_inner_Authority_Id_Seq_T {auth'0} (fun (_ret: t_Authority_Id_Seq_T) -> [ &_43 <- _ret ] s1) | s1 = bb18 ] - | bb18 = s0 [ s0 = [ &_42 <- fun (__0: t_Id) -> 0 ] s1 | s1 = bb19 ] + | bb18 = s0 [ s0 = [ &_45 <- fun (__0: t_Id) -> 0 ] s1 | s1 = bb19 ] | bb19 = s0 - [ s0 = [ &_37 <- { perms = _38; auth = _40; depth = _42 } ] s1 - | s1 = new_PA_T {_37} (fun (_ret: t_PA_T) -> [ &_36 <- _ret ] s2) + [ s0 = [ &_40 <- { perms = _41; auth = _43; depth = _45 } ] s1 + | s1 = new_PA_T {_40} (fun (_ret: t_PA_T) -> [ &_39 <- _ret ] s2) | s2 = bb20 ] - | bb20 = s0 [ s0 = [ &_44 <- id_Id'0 frag'0 ] s1 | s1 = bb21 ] - | bb21 = s0 [ s0 = [ &_46 <- Namespace_PARRAY 0 ] s1 | s1 = bb22 ] + | bb20 = s0 [ s0 = [ &_47 <- id_Id'0 frag'0 ] s1 | s1 = bb21 ] + | bb21 = s0 [ s0 = [ &_50 <- Namespace_PARRAY 0 ] s1 | s1 = bb22 ] | bb22 = s0 - [ s0 = new_PA_T'0 {_36} {_44} {_46} (fun (_ret: t_LocalInvariant_PA_T) -> [ &local_inv <- _ret ] s1) | s1 = bb23 ] + [ s0 = new_PA_T'0 {_39} {_47} {_50} (fun (_ret: t_LocalInvariant_PA_T) -> [ &local_inv <- _ret ] s1) | s1 = bb23 ] | bb23 = s0 - [ s0 = into_inner_LocalInvariant_PA_T {local_inv} (fun (_ret: t_LocalInvariant_PA_T) -> [ &_48 <- _ret ] s1) + [ s0 = into_inner_LocalInvariant_PA_T {local_inv} (fun (_ret: t_LocalInvariant_PA_T) -> [ &_52 <- _ret ] s1) | s1 = bb24 ] | bb24 = s0 - [ s0 = new_LocalInvariant_PA_T {_48} (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_20 <- _ret ] s1) + [ s0 = new_LocalInvariant_PA_T {_52} (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_23 <- _ret ] s1) | s1 = bb25 ] | bb25 = s0 - [ s0 = new_Rc_LocalInvariant_PA_T_Global {_20} + [ s0 = new_Rc_LocalInvariant_PA_T_Global {_23} (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &inv'0 <- _ret ] s1) | s1 = bb26 ] | bb26 = s0 - [ s0 = new_PermCell_Inner_T {permcell'0} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_50 <- _ret ] s1) + [ s0 = new_PermCell_Inner_T {permcell'0} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_54 <- _ret ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = [ &_0 <- { permcell = _50; frag = frag'0; inv = inv'0 } ] s1 | s1 = bb30 ] + | bb27 = s0 [ s0 = [ &_0 <- { permcell = _54; frag = frag'0; inv = inv'0 } ] s1 | s1 = bb30 ] | bb30 = return {_0} ] [ & _0: t_PersistentArray_T = Any.any_l () | & v: t_Vec_T_Global = v | & seq: Seq.seq t_T = Any.any_l () | & permcell'0: t_PermCell_Inner_T = Any.any_l () | & permcellown: t_PermCellOwn_Inner_T = Any.any_l () - | & _7: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T = Any.any_l () - | & _8: t_Inner_T = Any.any_l () + | & _9: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T = Any.any_l () + | & _10: t_Inner_T = Any.any_l () | & auth'0: t_Authority_Id_Seq_T = Any.any_l () | & frag'0: t_Fragment_Id_Seq_T = Any.any_l () - | & _12: t_Fragment_Id_Seq_T = Any.any_l () - | & _13: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () - | & _14: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () + | & _14: t_Fragment_Id_Seq_T = Any.any_l () | & _15: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () - | & _16: t_Id = Any.any_l () + | & _16: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () + | & _17: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () + | & _18: t_Id = Any.any_l () | & inv'0: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () - | & _20: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _23: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () | & perms'0: t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _22: t_Option_PermCellOwn_Inner_T = Any.any_l () - | & _23: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _24: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _25: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _27: t_Id = Any.any_l () - | & _29: t_Id = Any.any_l () - | & _31: t_PermCellOwn_Inner_T = Any.any_l () - | & _33: t_PermCellOwn_Inner_T = Any.any_l () + | & _25: t_Option_PermCellOwn_Inner_T = Any.any_l () + | & _26: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _27: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _28: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _30: t_Id = Any.any_l () + | & _32: t_Id = Any.any_l () + | & _34: t_PermCellOwn_Inner_T = Any.any_l () + | & _36: t_PermCellOwn_Inner_T = Any.any_l () | & local_inv: t_LocalInvariant_PA_T = Any.any_l () - | & _36: t_PA_T = Any.any_l () - | & _37: t_PA_T = Any.any_l () - | & _38: t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _40: t_Authority_Id_Seq_T = Any.any_l () - | & _42: Map.map t_Id int = Any.any_l () - | & _44: t_Id = Any.any_l () - | & _46: t_Namespace = Any.any_l () - | & _48: t_LocalInvariant_PA_T = Any.any_l () - | & _50: t_Rc_PermCell_Inner_T_Global = Any.any_l () ]) + | & _39: t_PA_T = Any.any_l () + | & _40: t_PA_T = Any.any_l () + | & _41: t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _43: t_Authority_Id_Seq_T = Any.any_l () + | & _45: Map.map t_Id int = Any.any_l () + | & _47: t_Id = Any.any_l () + | & _50: t_Namespace = Any.any_l () + | & _52: t_LocalInvariant_PA_T = Any.any_l () + | & _54: t_Rc_PermCell_Inner_T_Global = Any.any_l () ]) [ return (result: t_PersistentArray_T) -> {[@expl:new result type invariant] inv_PersistentArray_T result} {[@expl:new ensures] view_PersistentArray_T result = view_Vec_T_Global v} (! return {result}) ] @@ -1742,35 +1742,35 @@ module M_implementation__impl_PersistentArray_T__set (* implementation::Persiste [ s0 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_40 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_43 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_PA_T {_40} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_39 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_PA_T {_43} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_42 <- _ret ] s2) | s2 = bb18 ] | bb18 = s0 - [ s0 = [ &_39 <- { _39 with current = { _39.current with current = { _39.current.current with depth = _37 } } } ] + [ s0 = [ &_42 <- { _42 with current = { _42.current with current = { _42.current.current with depth = _37 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_PA_T'0 _39} s2 - | s2 = -{resolve_ref_ref_PA_T _39}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_PA_T'0 _42} s2 + | s2 = -{resolve_ref_ref_PA_T _42}- s3 | s3 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_43 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_46 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s4) - | s4 = deref_mut_Ghost_ref_PA_T {_43} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_42 <- _ret ] s5) + | s4 = deref_mut_Ghost_ref_PA_T {_46} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_45 <- _ret ] s5) | s5 = bb19 ] - | bb19 = s0 [ s0 = [ &_44 <- cell_id ] s1 | s1 = bb20 ] + | bb19 = s0 [ s0 = [ &_47 <- cell_id ] s1 | s1 = bb20 ] | bb20 = s0 - [ s0 = {inv_Authority_Id_Seq_T _42.current.current.auth} - MutBorrow.borrow_mut {_42.current.current.auth} + [ s0 = {inv_Authority_Id_Seq_T _45.current.current.auth} + MutBorrow.borrow_mut {_45.current.current.auth} (fun (_ret: MutBorrow.t t_Authority_Id_Seq_T) -> - [ &_41 <- _ret ] -{inv_Authority_Id_Seq_T _ret.final}- - [ &_42 <- { _42 with current = { _42.current with current = { _42.current.current with auth = _ret.final } } } ] + [ &_44 <- _ret ] -{inv_Authority_Id_Seq_T _ret.final}- + [ &_45 <- { _45 with current = { _45.current with current = { _45.current.current with auth = _ret.final } } } ] s1) - | s1 = insert_Id'1 {_41} {_44} {self.c3} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_3 <- _ret ] s2) + | s1 = insert_Id'1 {_44} {_47} {self.c3} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_3 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T'0 _42} s1 - | s1 = -{resolve_ref_ref_PA_T _42}- s2 + [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T'0 _45} s1 + | s1 = -{resolve_ref_ref_PA_T _45}- s2 | s2 = {[@expl:type invariant] inv_Ghost_ref_PA_T pa} s3 | s3 = -{resolve_Ghost_ref_PA_T pa}- s4 | s4 = new_Fragment_Id_Seq_T {_3} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_0 <- _ret ] s5) @@ -1802,12 +1802,12 @@ module M_implementation__impl_PersistentArray_T__set (* implementation::Persiste | & _33: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () | & _35: t_PermCellOwn_Inner_T = Any.any_l () | & _37: Map.map t_Id int = Any.any_l () - | & _39: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _40: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _41: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () | & _42: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () | & _43: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _44: t_Id = Any.any_l () ] + | & _44: MutBorrow.t t_Authority_Id_Seq_T = Any.any_l () + | & _45: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _46: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _47: t_Id = Any.any_l () ] meta "rewrite_def" predicate closure0'pre @@ -2239,34 +2239,34 @@ module M_implementation__impl_PersistentArray_T__set (* implementation::Persiste [ bb0 = s0 [ s0 = [ &new_seq <- Seq.set (view_PersistentArray_T self) (UInt64.t'int index) value ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = clone_Rc_PermCell_Inner_T_Global {self.permcell} - (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_16 <- _ret ] s1) + (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_25 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_13 <- Link index value _16 ] s1 | s1 = bb4 ] + | bb2 = s0 [ s0 = [ &_22 <- Link index value _25 ] s1 | s1 = bb4 ] | bb4 = s0 - [ s0 = new_Inner_T {_13} (fun (_ret: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T) -> [ &_12 <- _ret ] s1) + [ s0 = new_Inner_T {_22} (fun (_ret: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T) -> [ &_21 <- _ret ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = [ &permcell'0 <- _12.f0'0 ] s1 | s1 = [ &permcellown <- _12.f1'0 ] s2 | s2 = bb6 ] + | bb5 = s0 [ s0 = [ &permcell'0 <- _21.f0'0 ] s1 | s1 = [ &permcellown <- _21.f1'0 ] s2 | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_21 <- { c0 = self; c1 = permcell'0; c2 = permcellown; c3 = new_seq } ] s1 - | s1 = open_ref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} {tokens} {_21} + [ s0 = [ &_30 <- { c0 = self; c1 = permcell'0; c2 = permcellown; c3 = new_seq } ] s1 + | s1 = open_ref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} {tokens} {_30} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &frag'0 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = new_PermCell_Inner_T {permcell'0} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_25 <- _ret ] s1) + [ s0 = new_PermCell_Inner_T {permcell'0} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_34 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = deref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_31 <- _ret ] s1) + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_40 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = clone_Rc_LocalInvariant_PA_T_Global {_31} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_29 <- _ret ] s1) + [ s0 = clone_Rc_LocalInvariant_PA_T_Global {_40} + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_38 <- _ret ] s1) | s1 = bb10 ] | bb10 = s0 - [ s0 = new_Rc_LocalInvariant_PA_T_Global {_29} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_28 <- _ret ] s1) + [ s0 = new_Rc_LocalInvariant_PA_T_Global {_38} + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_37 <- _ret ] s1) | s1 = bb11 ] - | bb11 = s0 [ s0 = [ &_0 <- { permcell = _25; frag = frag'0; inv = _28 } ] s1 | s1 = bb14 ] + | bb11 = s0 [ s0 = [ &_0 <- { permcell = _34; frag = frag'0; inv = _37 } ] s1 | s1 = bb14 ] | bb14 = return {_0} ] [ & _0: t_PersistentArray_T = Any.any_l () | & self: t_PersistentArray_T = self @@ -2276,15 +2276,15 @@ module M_implementation__impl_PersistentArray_T__set (* implementation::Persiste | & new_seq: Seq.seq t_T = Any.any_l () | & permcell'0: t_PermCell_Inner_T = Any.any_l () | & permcellown: t_PermCellOwn_Inner_T = Any.any_l () - | & _12: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T = Any.any_l () - | & _13: t_Inner_T = Any.any_l () - | & _16: t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & frag'0: t_Fragment_Id_Seq_T = Any.any_l () - | & _21: closure0 = Any.any_l () + | & _21: tup2_PermCell_Inner_T_Ghost_PermCellOwn_Inner_T = Any.any_l () + | & _22: t_Inner_T = Any.any_l () | & _25: t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _28: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () - | & _29: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () - | & _31: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () ]) + | & frag'0: t_Fragment_Id_Seq_T = Any.any_l () + | & _30: closure0 = Any.any_l () + | & _34: t_Rc_PermCell_Inner_T_Global = Any.any_l () + | & _37: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _38: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _40: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () ]) [ return (result: t_PersistentArray_T) -> {[@expl:set result type invariant] inv_PersistentArray_T result} {[@expl:set ensures] view_PersistentArray_T result = Seq.set (view_PersistentArray_T self) (UInt64.t'int index) value} @@ -2781,42 +2781,42 @@ module M_implementation__impl_PersistentArray_T__get_immut (* implementation::Pe (! bb0 [ bb0 = s0 [ s0 = deref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} - (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_12 <- _ret ] s1) + (fun (_ret: t_Rc_LocalInvariant_PA_T_Global) -> [ &_17 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = deref_Rc_LocalInvariant_PA_T_Global {_12} (fun (_ret: t_LocalInvariant_PA_T) -> [ &_10 <- _ret ] s1) + [ s0 = deref_Rc_LocalInvariant_PA_T_Global {_17} (fun (_ret: t_LocalInvariant_PA_T) -> [ &_15 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = deref_Ghost_ref_Tokens {tokens} (fun (_ret: t_Tokens) -> [ &_15 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = open_const_PA_T {_10} {_15} (fun (_ret: t_PA_T) -> [ &_8 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = new_ref_PA_T {_8} (fun (_ret: t_PA_T) -> [ &pa <- _ret ] s1) | s1 = bb5 ] - | bb5 = s0 [ s0 = deref_Ghost_ref_PA_T {pa} (fun (_ret: t_PA_T) -> [ &_20 <- _ret ] s1) | s1 = bb6 ] + | bb2 = s0 [ s0 = deref_Ghost_ref_Tokens {tokens} (fun (_ret: t_Tokens) -> [ &_20 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = open_const_PA_T {_15} {_20} (fun (_ret: t_PA_T) -> [ &_13 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = new_ref_PA_T {_13} (fun (_ret: t_PA_T) -> [ &pa <- _ret ] s1) | s1 = bb5 ] + | bb5 = s0 [ s0 = deref_Ghost_ref_PA_T {pa} (fun (_ret: t_PA_T) -> [ &_25 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_25 <- self.frag ] s1 - | s1 = deref_Ghost_Fragment_Id_Seq_T {_25} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_23 <- _ret ] s2) + [ s0 = [ &_30 <- self.frag ] s1 + | s1 = deref_Ghost_Fragment_Id_Seq_T {_30} (fun (_ret: t_Fragment_Id_Seq_T) -> [ &_28 <- _ret ] s2) | s2 = bb7 ] - | bb7 = s0 [ s0 = contains_Id'1 {_20.auth} {_23} (fun (_ret: ()) -> [ &_18 <- _ret ] s1) | s1 = bb8 ] - | bb8 = s0 [ s0 = new_unit {_18} (fun (_ret: ()) -> [ &_17 <- _ret ] s1) | s1 = bb9 ] + | bb7 = s0 [ s0 = contains_Id'1 {_25.auth} {_28} (fun (_ret: ()) -> [ &_23 <- _ret ] s1) | s1 = bb8 ] + | bb8 = s0 [ s0 = new_unit {_23} (fun (_ret: ()) -> [ &_22 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = [ &_28 <- self.permcell ] s1 - | s1 = get_inner_immut_T {_28} {index} {pa} (fun (_ret: t_T) -> [ &_26 <- _ret ] s2) + [ s0 = [ &_33 <- self.permcell ] s1 + | s1 = get_inner_immut_T {_33} {index} {pa} (fun (_ret: t_T) -> [ &_31 <- _ret ] s2) | s2 = bb10 ] - | bb10 = s0 [ s0 = [ &_0 <- _26 ] s1 | s1 = return {_0} ] ] + | bb10 = s0 [ s0 = [ &_0 <- _31 ] s1 | s1 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & self: t_PersistentArray_T = self | & index: UInt64.t = index | & tokens: t_Tokens = tokens | & pa: t_PA_T = Any.any_l () - | & _8: t_PA_T = Any.any_l () - | & _10: t_LocalInvariant_PA_T = Any.any_l () - | & _12: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () - | & _15: t_Tokens = Any.any_l () - | & _17: () = Any.any_l () - | & _18: () = Any.any_l () - | & _20: t_PA_T = Any.any_l () - | & _23: t_Fragment_Id_Seq_T = Any.any_l () - | & _25: t_Fragment_Id_Seq_T = Any.any_l () - | & _26: t_T = Any.any_l () - | & _28: t_Rc_PermCell_Inner_T_Global = Any.any_l () ]) + | & _13: t_PA_T = Any.any_l () + | & _15: t_LocalInvariant_PA_T = Any.any_l () + | & _17: t_Rc_LocalInvariant_PA_T_Global = Any.any_l () + | & _20: t_Tokens = Any.any_l () + | & _22: () = Any.any_l () + | & _23: () = Any.any_l () + | & _25: t_PA_T = Any.any_l () + | & _28: t_Fragment_Id_Seq_T = Any.any_l () + | & _30: t_Fragment_Id_Seq_T = Any.any_l () + | & _31: t_T = Any.any_l () + | & _33: t_Rc_PermCell_Inner_T_Global = Any.any_l () ]) [ return (result: t_T) -> {[@expl:get_immut result type invariant] inv_ref_T result} {[@expl:get_immut ensures] result = Seq.get (view_PersistentArray_T self) (UInt64.t'int index)} (! return {result}) ] @@ -3254,75 +3254,75 @@ module M_implementation__impl_PersistentArray_T__get_inner_immut (* implementati < Seq.length (index_FMap_Id_Seq_T (view_Authority_Id_Seq_T pa.auth) (id_Inner_T (view_Rc_PermCell_Inner_T_Global inner)))} (! bb0 [ bb0 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {inner} (fun (_ret: t_PermCell_Inner_T) -> [ &_11 <- _ret ] s1) + [ s0 = deref_Rc_PermCell_Inner_T_Global {inner} (fun (_ret: t_PermCell_Inner_T) -> [ &_20 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = deref_Ghost_ref_PA_T {pa} (fun (_ret: t_PA_T) -> [ &_18 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = deref_Ghost_ref_PA_T {pa} (fun (_ret: t_PA_T) -> [ &_27 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {inner} (fun (_ret: t_PermCell_Inner_T) -> [ &_26 <- _ret ] s1) + [ s0 = deref_Rc_PermCell_Inner_T_Global {inner} (fun (_ret: t_PermCell_Inner_T) -> [ &_35 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = id_ghost_Inner_T {_26} (fun (_ret: t_Id) -> [ &_24 <- _ret ] s1) | s1 = bb4 ] - | bb4 = s0 [ s0 = deref_Ghost_Id {_24} (fun (_ret: t_Id) -> [ &_22 <- _ret ] s1) | s1 = bb5 ] + | bb3 = s0 [ s0 = id_ghost_Inner_T {_35} (fun (_ret: t_Id) -> [ &_33 <- _ret ] s1) | s1 = bb4 ] + | bb4 = s0 [ s0 = deref_Ghost_Id {_33} (fun (_ret: t_Id) -> [ &_31 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 - [ s0 = [ &_21 <- _22 ] s1 - | s1 = get_ghost_Id {_18.perms} {_21} (fun (_ret: t_Option_ref_PermCellOwn_Inner_T) -> [ &_16 <- _ret ] s2) + [ s0 = [ &_30 <- _31 ] s1 + | s1 = get_ghost_Id {_27.perms} {_30} (fun (_ret: t_Option_ref_PermCellOwn_Inner_T) -> [ &_25 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = unwrap_ref_PermCellOwn_Inner_T {_16} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_15 <- _ret ] s1) + [ s0 = unwrap_ref_PermCellOwn_Inner_T {_25} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_24 <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = new_ref_PermCellOwn_Inner_T {_15} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_13 <- _ret ] s1) | s1 = bb8 ] - | bb8 = s0 [ s0 = borrow_Inner_T {_11} {_13} (fun (_ret: t_Inner_T) -> [ &_9 <- _ret ] s1) | s1 = bb9 ] + [ s0 = new_ref_PermCellOwn_Inner_T {_24} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_22 <- _ret ] s1) | s1 = bb8 ] + | bb8 = s0 [ s0 = borrow_Inner_T {_20} {_22} (fun (_ret: t_Inner_T) -> [ &_18 <- _ret ] s1) | s1 = bb9 ] | bb9 = any - [ br0 (x0: t_Vec_T_Global) -> {_9 = Direct x0} (! bb15) - | br1 (x0: UInt64.t) (x1: t_T) (x2: t_Rc_PermCell_Inner_T_Global) -> {_9 = Link x0 x1 x2} (! bb14) ] + [ br0 (x0: t_Vec_T_Global) -> {_18 = Direct x0} (! bb15) + | br1 (x0: UInt64.t) (x1: t_T) (x2: t_Rc_PermCell_Inner_T_Global) -> {_18 = Link x0 x1 x2} (! bb14) ] | bb14 = s0 - [ s0 = elim_Link {_9} + [ s0 = elim_Link {_18} (fun (rindex: UInt64.t) (rvalue: t_T) (rnext: t_Rc_PermCell_Inner_T_Global) -> [ &index <- rindex ] s1) | s1 = [ &index'0 <- index ] s2 - | s2 = elim_Link {_9} + | s2 = elim_Link {_18} (fun (rindex: UInt64.t) (rvalue: t_T) (rnext: t_Rc_PermCell_Inner_T_Global) -> [ &value <- rvalue ] s3) | s3 = [ &value'0 <- value ] s4 - | s4 = [ &_40 <- i = index'0 ] s5 - | s5 = any [ br0 -> {_40 = false} (! bb13) | br1 -> {_40} (! bb17) ] ] - | bb17 = s0 [ s0 = [ &_8 <- value ] s1 | s1 = bb20 ] + | s4 = [ &_49 <- i = index'0 ] s5 + | s5 = any [ br0 -> {_49 = false} (! bb13) | br1 -> {_49} (! bb17) ] ] + | bb17 = s0 [ s0 = [ &_17 <- value ] s1 | s1 = bb20 ] | bb13 = s0 - [ s0 = elim_Link {_9} + [ s0 = elim_Link {_18} (fun (rindex: UInt64.t) (rvalue: t_T) (rnext: t_Rc_PermCell_Inner_T_Global) -> [ &next <- rnext ] s1) - | s1 = get_inner_immut_T {next} {i} {pa} (fun (_ret: t_T) -> [ &_45 <- _ret ] s2) + | s1 = get_inner_immut_T {next} {i} {pa} (fun (_ret: t_T) -> [ &_54 <- _ret ] s2) | s2 = bb19 ] - | bb19 = s0 [ s0 = [ &_44 <- _45 ] s1 | s1 = [ &_8 <- _44 ] s2 | s2 = bb20 ] + | bb19 = s0 [ s0 = [ &_53 <- _54 ] s1 | s1 = [ &_17 <- _53 ] s2 | s2 = bb20 ] | bb15 = s0 - [ s0 = elim_Direct {_9} (fun (r0: t_Vec_T_Global) -> [ &v <- r0 ] s1) - | s1 = index_Vec_T_Global {v} {i} (fun (_ret: t_T) -> [ &_33 <- _ret ] s2) + [ s0 = elim_Direct {_18} (fun (r0: t_Vec_T_Global) -> [ &v <- r0 ] s1) + | s1 = index_Vec_T_Global {v} {i} (fun (_ret: t_T) -> [ &_42 <- _ret ] s2) | s2 = bb16 ] - | bb16 = s0 [ s0 = [ &_32 <- _33 ] s1 | s1 = [ &_8 <- _32 ] s2 | s2 = bb20 ] - | bb20 = s0 [ s0 = [ &_0 <- _8 ] s1 | s1 = return {_0} ] ] + | bb16 = s0 [ s0 = [ &_41 <- _42 ] s1 | s1 = [ &_17 <- _41 ] s2 | s2 = bb20 ] + | bb20 = s0 [ s0 = [ &_0 <- _17 ] s1 | s1 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & inner: t_Rc_PermCell_Inner_T_Global = inner | & i: UInt64.t = i | & pa: t_PA_T = pa - | & _8: t_T = Any.any_l () - | & _9: t_Inner_T = Any.any_l () - | & _11: t_PermCell_Inner_T = Any.any_l () - | & _13: t_PermCellOwn_Inner_T = Any.any_l () - | & _15: t_PermCellOwn_Inner_T = Any.any_l () - | & _16: t_Option_ref_PermCellOwn_Inner_T = Any.any_l () - | & _18: t_PA_T = Any.any_l () - | & _21: t_Id = Any.any_l () - | & _22: t_Id = Any.any_l () - | & _24: t_Id = Any.any_l () - | & _26: t_PermCell_Inner_T = Any.any_l () + | & _17: t_T = Any.any_l () + | & _18: t_Inner_T = Any.any_l () + | & _20: t_PermCell_Inner_T = Any.any_l () + | & _22: t_PermCellOwn_Inner_T = Any.any_l () + | & _24: t_PermCellOwn_Inner_T = Any.any_l () + | & _25: t_Option_ref_PermCellOwn_Inner_T = Any.any_l () + | & _27: t_PA_T = Any.any_l () + | & _30: t_Id = Any.any_l () + | & _31: t_Id = Any.any_l () + | & _33: t_Id = Any.any_l () + | & _35: t_PermCell_Inner_T = Any.any_l () | & v: t_Vec_T_Global = Any.any_l () - | & _32: t_T = Any.any_l () - | & _33: t_T = Any.any_l () + | & _41: t_T = Any.any_l () + | & _42: t_T = Any.any_l () | & index: UInt64.t = Any.any_l () | & index'0: UInt64.t = Any.any_l () | & value: t_T = Any.any_l () | & value'0: t_T = Any.any_l () - | & _40: bool = Any.any_l () + | & _49: bool = Any.any_l () | & next: t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _44: t_T = Any.any_l () - | & _45: t_T = Any.any_l () ]) + | & _53: t_T = Any.any_l () + | & _54: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:get_inner_immut result type invariant] inv_ref_T result} {[@expl:get_inner_immut ensures] result = Seq.get (index_FMap_Id_Seq_T (view_Authority_Id_Seq_T pa.auth) (id_Inner_T (view_Rc_PermCell_Inner_T_Global inner))) (UInt64.t'int i)} @@ -4410,18 +4410,18 @@ module M_implementation__impl_PersistentArray_T__get (* implementation::Persiste (! bb0 [ bb0 = s0 [ s0 = [ &auth_id <- public_PA_T (view_Rc_LocalInvariant_PA_T_Global self.inv) ] s1 | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_12 <- { c0 = self; c1 = auth_id; c2 = index } ] s1 - | s1 = open_ref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} {tokens} {_12} - (fun (_ret: t_T) -> [ &_9 <- _ret ] s2) + [ s0 = [ &_18 <- { c0 = self; c1 = auth_id; c2 = index } ] s1 + | s1 = open_ref_Ghost_Rc_LocalInvariant_PA_T_Global {self.inv} {tokens} {_18} + (fun (_ret: t_T) -> [ &_15 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- _9 ] s1 | s1 = return {_0} ] ] + | bb2 = s0 [ s0 = [ &_0 <- _15 ] s1 | s1 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & self: t_PersistentArray_T = self | & index: UInt64.t = index | & tokens: t_Tokens = tokens | & auth_id: t_Id = Any.any_l () - | & _9: t_T = Any.any_l () - | & _12: closure0 = Any.any_l () ]) + | & _15: t_T = Any.any_l () + | & _18: closure0 = Any.any_l () ]) [ return (result: t_T) -> {[@expl:get result type invariant] inv_ref_T result} {[@expl:get ensures] result = Seq.get (view_PersistentArray_T self) (UInt64.t'int index)} (! return {result}) ] @@ -5138,77 +5138,77 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi [ s0 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_17 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_31 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_PA_T {_17} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_16 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_PA_T {_31} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_30 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_24 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = id_ghost_Inner_T {_24} (fun (_ret: t_Id) -> [ &_22 <- _ret ] s1) | s1 = bb3 ] + [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_38 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = id_ghost_Inner_T {_38} (fun (_ret: t_Id) -> [ &_36 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = [ &_21 <- _22 ] s1 | s1 = deref_Ghost_Id {_21} (fun (_ret: t_Id) -> [ &_19 <- _ret ] s2) | s2 = bb4 ] + [ s0 = [ &_35 <- _36 ] s1 | s1 = deref_Ghost_Id {_35} (fun (_ret: t_Id) -> [ &_33 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _16.current.current.perms} - MutBorrow.borrow_mut {_16.current.current.perms} + [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _30.current.current.perms} + MutBorrow.borrow_mut {_30.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_15 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- - [ &_16 <- { _16 with current = { _16.current with current = { _16.current.current with perms = _ret.final } } } ] + [ &_29 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_30 <- { _30 with current = { _30.current with current = { _30.current.current with perms = _ret.final } } } ] s1) - | s1 = remove_ghost_Id {_15} {_19} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_14 <- _ret ] s2) + | s1 = remove_ghost_Id {_29} {_33} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_28 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _16} s1 - | s1 = -{resolve_ref_ref_PA_T _16}- s2 - | s2 = unwrap_PermCellOwn_Inner_T {_14} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_13 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _30} s1 + | s1 = -{resolve_ref_ref_PA_T _30}- s2 + | s2 = unwrap_PermCellOwn_Inner_T {_28} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_27 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = new_PermCellOwn_Inner_T {_13} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &perm_cur <- _ret ] s1) | s1 = bb7 ] + [ s0 = new_PermCellOwn_Inner_T {_27} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &perm_cur <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_29 <- _ret ] s1) | s1 = bb8 ] + [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_43 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = {inv_Ghost_PermCellOwn_Inner_T perm_cur} MutBorrow.borrow_mut {perm_cur} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> - [ &_36 <- _ret ] -{inv_Ghost_PermCellOwn_Inner_T _ret.final}- + [ &_50 <- _ret ] -{inv_Ghost_PermCellOwn_Inner_T _ret.final}- [ &perm_cur <- _ret.final ] s1) - | s1 = {inv_Ghost_PermCellOwn_Inner_T _36.current} - MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + | s1 = {inv_Ghost_PermCellOwn_Inner_T _50.current} + MutBorrow.borrow_final {_50.current} {MutBorrow.get_id _50} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> - [ &_35 <- _ret ] -{inv_Ghost_PermCellOwn_Inner_T _ret.final}- - [ &_36 <- { _36 with current = _ret.final } ] s2) - | s2 = deref_mut_Ghost_PermCellOwn_Inner_T {_35} - (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_34 <- _ret ] s3) + [ &_49 <- _ret ] -{inv_Ghost_PermCellOwn_Inner_T _ret.final}- + [ &_50 <- { _50 with current = _ret.final } ] s2) + | s2 = deref_mut_Ghost_PermCellOwn_Inner_T {_49} + (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_48 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = {inv_PermCellOwn_Inner_T _34.current} - MutBorrow.borrow_final {_34.current} {MutBorrow.get_id _34} + [ s0 = {inv_PermCellOwn_Inner_T _48.current} + MutBorrow.borrow_final {_48.current} {MutBorrow.get_id _48} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> - [ &_33 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- - [ &_34 <- { _34 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Ghost_PermCellOwn_Inner_T _36} s2 - | s2 = -{resolve_ref_Ghost_PermCellOwn_Inner_T _36}- s3 - | s3 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _34} s4 - | s4 = -{resolve_ref_PermCellOwn_Inner_T _34}- s5 - | s5 = {inv_PermCellOwn_Inner_T _33.current} - MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + [ &_47 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- + [ &_48 <- { _48 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Ghost_PermCellOwn_Inner_T _50} s2 + | s2 = -{resolve_ref_Ghost_PermCellOwn_Inner_T _50}- s3 + | s3 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _48} s4 + | s4 = -{resolve_ref_PermCellOwn_Inner_T _48}- s5 + | s5 = {inv_PermCellOwn_Inner_T _47.current} + MutBorrow.borrow_final {_47.current} {MutBorrow.get_id _47} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> - [ &_32 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- - [ &_33 <- { _33 with current = _ret.final } ] s6) - | s6 = new_ref_PermCellOwn_Inner_T {_32} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_31 <- _ret ] s7) + [ &_46 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- + [ &_47 <- { _47 with current = _ret.final } ] s6) + | s6 = new_ref_PermCellOwn_Inner_T {_46} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_45 <- _ret ] s7) | s7 = bb10 ] | bb10 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _33} s1 - | s1 = -{resolve_ref_PermCellOwn_Inner_T _33}- s2 - | s2 = borrow_mut_Inner_T {_29} {_31} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &_27 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _47} s1 + | s1 = -{resolve_ref_PermCellOwn_Inner_T _47}- s2 + | s2 = borrow_mut_Inner_T {_43} {_45} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &_41 <- _ret ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = {inv_Inner_T _27.current} - MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} + [ s0 = {inv_Inner_T _41.current} + MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &bor_cur <- _ret ] -{inv_Inner_T _ret.final}- - [ &_27 <- { _27 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Inner_T'0 _27} s2 - | s2 = -{resolve_ref_Inner_T _27}- s3 + [ &_41 <- { _41 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Inner_T'0 _41} s2 + | s2 = -{resolve_ref_Inner_T _41}- s3 | s3 = any [ br0 (x0: t_Vec_T_Global) -> {bor_cur.current = Direct x0} (! bb12) | br1 (x0: UInt64.t) (x1: t_T) (x2: t_Rc_PermCell_Inner_T_Global) -> {bor_cur.current = Link x0 x1 x2} @@ -5219,35 +5219,35 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | s2 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_42 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_56 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s3) - | s3 = deref_mut_Ghost_ref_PA_T {_42} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_41 <- _ret ] s4) + | s3 = deref_mut_Ghost_ref_PA_T {_56} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_55 <- _ret ] s4) | s4 = bb13 ] | bb13 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_48 <- _ret ] s1) + [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_62 <- _ret ] s1) | s1 = bb14 ] - | bb14 = s0 [ s0 = id_ghost_Inner_T {_48} (fun (_ret: t_Id) -> [ &_46 <- _ret ] s1) | s1 = bb15 ] - | bb15 = s0 [ s0 = deref_Ghost_Id {_46} (fun (_ret: t_Id) -> [ &_44 <- _ret ] s1) | s1 = bb16 ] + | bb14 = s0 [ s0 = id_ghost_Inner_T {_62} (fun (_ret: t_Id) -> [ &_60 <- _ret ] s1) | s1 = bb15 ] + | bb15 = s0 [ s0 = deref_Ghost_Id {_60} (fun (_ret: t_Id) -> [ &_58 <- _ret ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = into_inner_PermCellOwn_Inner_T {perm_cur} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_50 <- _ret ] s1) + [ s0 = into_inner_PermCellOwn_Inner_T {perm_cur} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_64 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _41.current.current.perms} - MutBorrow.borrow_mut {_41.current.current.perms} + [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _55.current.current.perms} + MutBorrow.borrow_mut {_55.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_40 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- - [ &_41 <- { _41 with current = { _41.current with current = { _41.current.current with perms = _ret.final } } } ] + [ &_54 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_55 <- { _55 with current = { _55.current with current = { _55.current.current with perms = _ret.final } } } ] s1) - | s1 = insert_ghost_Id {_40} {_44} {_50} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_39 <- _ret ] s2) + | s1 = insert_ghost_Id {_54} {_58} {_64} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_53 <- _ret ] s2) | s2 = bb18 ] | bb18 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _41} s1 - | s1 = -{resolve_ref_ref_PA_T _41}- s2 + [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _55} s1 + | s1 = -{resolve_ref_ref_PA_T _55}- s2 | s2 = {[@expl:type invariant] inv_Ghost_ref_PA_T pa} s3 | s3 = -{resolve_Ghost_ref_PA_T pa}- s4 - | s4 = new_Option_PermCellOwn_Inner_T {_39} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_38 <- _ret ] s5) - | s5 = {[@expl:type invariant] inv_Ghost_Option_PermCellOwn_Inner_T _38} s6 - | s6 = -{resolve_Ghost_Option_PermCellOwn_Inner_T _38}- s7 + | s4 = new_Option_PermCellOwn_Inner_T {_53} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_52 <- _ret ] s5) + | s5 = {[@expl:type invariant] inv_Ghost_Option_PermCellOwn_Inner_T _52} s6 + | s6 = -{resolve_Ghost_Option_PermCellOwn_Inner_T _52}- s7 | s7 = bb53 ] | bb21 = s0 [ s0 = elim_Link {bor_cur.current} @@ -5269,51 +5269,51 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi MutBorrow.borrow_mut {rindex} (fun (_ret: MutBorrow.t UInt64.t) -> [ &index <- _ret ] [ &bor_cur <- { bor_cur with current = Link _ret.final rvalue rnext } ] s3)) - | s3 = [ &_58 <- next ] s4 + | s3 = [ &_72 <- next ] s4 | s4 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_65 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_79 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s5) - | s5 = deref_mut_Ghost_ref_PA_T {_65} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_64 <- _ret ] s6) + | s5 = deref_mut_Ghost_ref_PA_T {_79} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_78 <- _ret ] s6) | s6 = bb22 ] | bb22 = s0 - [ s0 = {inv_ref_PA_T _64.current} - MutBorrow.borrow_final {_64.current} {MutBorrow.get_id _64} + [ s0 = {inv_ref_PA_T _78.current} + MutBorrow.borrow_final {_78.current} {MutBorrow.get_id _78} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_63 <- _ret ] -{inv_ref_PA_T _ret.final}- - [ &_64 <- { _64 with current = _ret.final } ] s1) - | s1 = {inv_PA_T _63.current.current} - MutBorrow.borrow_mut {_63.current.current} + [ &_77 <- _ret ] -{inv_ref_PA_T _ret.final}- + [ &_78 <- { _78 with current = _ret.final } ] s1) + | s1 = {inv_PA_T _77.current.current} + MutBorrow.borrow_mut {_77.current.current} (fun (_ret: MutBorrow.t t_PA_T) -> - [ &_62 <- _ret ] -{inv_PA_T _ret.final}- - [ &_63 <- { _63 with current = { _63.current with current = _ret.final } } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_PA_T _64} s3 - | s3 = -{resolve_ref_ref_PA_T _64}- s4 - | s4 = {[@expl:type invariant] inv_ref_ref_PA_T _63} s5 - | s5 = -{resolve_ref_ref_PA_T _63}- s6 - | s6 = {inv_PA_T _62.current} - MutBorrow.borrow_final {_62.current} {MutBorrow.get_id _62} + [ &_76 <- _ret ] -{inv_PA_T _ret.final}- + [ &_77 <- { _77 with current = { _77.current with current = _ret.final } } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_PA_T _78} s3 + | s3 = -{resolve_ref_ref_PA_T _78}- s4 + | s4 = {[@expl:type invariant] inv_ref_ref_PA_T _77} s5 + | s5 = -{resolve_ref_ref_PA_T _77}- s6 + | s6 = {inv_PA_T _76.current} + MutBorrow.borrow_final {_76.current} {MutBorrow.get_id _76} (fun (_ret: MutBorrow.t t_PA_T) -> - [ &_61 <- _ret ] -{inv_PA_T _ret.final}- - [ &_62 <- { _62 with current = _ret.final } ] s7) - | s7 = new_ref_PA_T {_61} (fun (_ret: MutBorrow.t t_PA_T) -> [ &_60 <- _ret ] s8) + [ &_75 <- _ret ] -{inv_PA_T _ret.final}- + [ &_76 <- { _76 with current = _ret.final } ] s7) + | s7 = new_ref_PA_T {_75} (fun (_ret: MutBorrow.t t_PA_T) -> [ &_74 <- _ret ] s8) | s8 = bb23 ] | bb23 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PA_T _62} s1 - | s1 = -{resolve_ref_PA_T _62}- s2 - | s2 = reroot_T {_58.current} {auth_id} {_60} (fun (_ret: ()) -> [ &_56 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_PA_T _76} s1 + | s1 = -{resolve_ref_PA_T _76}- s2 + | s2 = reroot_T {_72.current} {auth_id} {_74} (fun (_ret: ()) -> [ &_70 <- _ret ] s3) | s3 = bb24 ] | bb24 = s0 - [ s0 = clone_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_68 <- _ret ] s1) + [ s0 = clone_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &_82 <- _ret ] s1) | s1 = bb25 ] | bb25 = s0 [ s0 = {inv_Rc_PermCell_Inner_T_Global next.current} MutBorrow.borrow_final {next.current} {MutBorrow.get_id next} (fun (_ret: MutBorrow.t t_Rc_PermCell_Inner_T_Global) -> - [ &_67 <- _ret ] -{inv_Rc_PermCell_Inner_T_Global _ret.final}- + [ &_81 <- _ret ] -{inv_Rc_PermCell_Inner_T_Global _ret.final}- [ &next <- { next with current = _ret.final } ] s1) - | s1 = replace_Rc_PermCell_Inner_T_Global {_67} {_68} + | s1 = replace_Rc_PermCell_Inner_T_Global {_81} {_82} (fun (_ret: t_Rc_PermCell_Inner_T_Global) -> [ &next'0 <- _ret ] s2) | s2 = bb26 ] | bb26 = s0 @@ -5322,57 +5322,57 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | s2 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_76 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_90 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s3) - | s3 = deref_mut_Ghost_ref_PA_T {_76} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_75 <- _ret ] s4) + | s3 = deref_mut_Ghost_ref_PA_T {_90} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_89 <- _ret ] s4) | s4 = bb27 ] | bb27 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {next'0} (fun (_ret: t_PermCell_Inner_T) -> [ &_83 <- _ret ] s1) + [ s0 = deref_Rc_PermCell_Inner_T_Global {next'0} (fun (_ret: t_PermCell_Inner_T) -> [ &_97 <- _ret ] s1) | s1 = bb28 ] - | bb28 = s0 [ s0 = id_ghost_Inner_T {_83} (fun (_ret: t_Id) -> [ &_81 <- _ret ] s1) | s1 = bb29 ] - | bb29 = s0 [ s0 = deref_Ghost_Id {_81} (fun (_ret: t_Id) -> [ &_79 <- _ret ] s1) | s1 = bb30 ] + | bb28 = s0 [ s0 = id_ghost_Inner_T {_97} (fun (_ret: t_Id) -> [ &_95 <- _ret ] s1) | s1 = bb29 ] + | bb29 = s0 [ s0 = deref_Ghost_Id {_95} (fun (_ret: t_Id) -> [ &_93 <- _ret ] s1) | s1 = bb30 ] | bb30 = s0 - [ s0 = [ &_78 <- _79 ] s1 - | s1 = {inv_FMap_Id_PermCellOwn_Inner_T _75.current.current.perms} - MutBorrow.borrow_mut {_75.current.current.perms} + [ s0 = [ &_92 <- _93 ] s1 + | s1 = {inv_FMap_Id_PermCellOwn_Inner_T _89.current.current.perms} + MutBorrow.borrow_mut {_89.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_74 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- - [ &_75 <- { _75 with current = { _75.current with current = { _75.current.current with perms = _ret.final } } } ] + [ &_88 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_89 <- { _89 with current = { _89.current with current = { _89.current.current with perms = _ret.final } } } ] s2) - | s2 = get_mut_ghost_Id {_74} {_78} (fun (_ret: t_Option_ref_PermCellOwn_Inner_T) -> [ &_73 <- _ret ] s3) + | s2 = get_mut_ghost_Id {_88} {_92} (fun (_ret: t_Option_ref_PermCellOwn_Inner_T) -> [ &_87 <- _ret ] s3) | s3 = bb31 ] | bb31 = s0 - [ s0 = unwrap_ref_PermCellOwn_Inner_T {_73} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_72 <- _ret ] s1) + [ s0 = unwrap_ref_PermCellOwn_Inner_T {_87} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &_86 <- _ret ] s1) | s1 = bb32 ] | bb32 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _75} s1 - | s1 = -{resolve_ref_ref_PA_T _75}- s2 - | s2 = {inv_PermCellOwn_Inner_T _72.current} - MutBorrow.borrow_final {_72.current} {MutBorrow.get_id _72} + [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _89} s1 + | s1 = -{resolve_ref_ref_PA_T _89}- s2 + | s2 = {inv_PermCellOwn_Inner_T _86.current} + MutBorrow.borrow_final {_86.current} {MutBorrow.get_id _86} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> - [ &_71 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- - [ &_72 <- { _72 with current = _ret.final } ] s3) - | s3 = new_ref_PermCellOwn_Inner_T {_71} + [ &_85 <- _ret ] -{inv_PermCellOwn_Inner_T _ret.final}- + [ &_86 <- { _86 with current = _ret.final } ] s3) + | s3 = new_ref_PermCellOwn_Inner_T {_85} (fun (_ret: MutBorrow.t t_PermCellOwn_Inner_T) -> [ &perm_next <- _ret ] s4) | s4 = bb33 ] | bb33 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _72} s1 - | s1 = -{resolve_ref_PermCellOwn_Inner_T _72}- s2 + [ s0 = {[@expl:type invariant] inv_ref_PermCellOwn_Inner_T _86} s1 + | s1 = -{resolve_ref_PermCellOwn_Inner_T _86}- s2 | s2 = {[@expl:type invariant] inv_Rc_PermCell_Inner_T_Global next'0} s3 | s3 = -{resolve_Rc_PermCell_Inner_T_Global next'0}- s4 - | s4 = deref_Rc_PermCell_Inner_T_Global {next'0} (fun (_ret: t_PermCell_Inner_T) -> [ &_88 <- _ret ] s5) + | s4 = deref_Rc_PermCell_Inner_T_Global {next'0} (fun (_ret: t_PermCell_Inner_T) -> [ &_102 <- _ret ] s5) | s5 = bb34 ] | bb34 = s0 - [ s0 = borrow_mut_Inner_T {_88} {perm_next} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &_86 <- _ret ] s1) + [ s0 = borrow_mut_Inner_T {_102} {perm_next} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &_100 <- _ret ] s1) | s1 = bb35 ] | bb35 = s0 - [ s0 = {inv_Inner_T _86.current} - MutBorrow.borrow_final {_86.current} {MutBorrow.get_id _86} + [ s0 = {inv_Inner_T _100.current} + MutBorrow.borrow_final {_100.current} {MutBorrow.get_id _100} (fun (_ret: MutBorrow.t t_Inner_T) -> [ &bor_next <- _ret ] -{inv_Inner_T _ret.final}- - [ &_86 <- { _86 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Inner_T'0 _86} s2 - | s2 = -{resolve_ref_Inner_T _86}- s3 + [ &_100 <- { _100 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Inner_T'0 _100} s2 + | s2 = -{resolve_ref_Inner_T _100}- s3 | s3 = any [ br0 (x0: t_Vec_T_Global) -> {bor_next.current = Direct x0} (! bb38) | br1 (x0: UInt64.t) (x1: t_T) (x2: t_Rc_PermCell_Inner_T_Global) -> {bor_next.current = Link x0 x1 x2} @@ -5395,34 +5395,34 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | s1 = {inv_Vec_T_Global arr.current} MutBorrow.borrow_final {arr.current} {MutBorrow.get_id arr} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_98 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_112 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &arr <- { arr with current = _ret.final } ] s2) | s2 = -{resolve_ref_usize index}- s3 - | s3 = index_mut_Vec_T_Global {_98} {index.current} (fun (_ret: MutBorrow.t t_T) -> [ &_97 <- _ret ] s4) + | s3 = index_mut_Vec_T_Global {_112} {index.current} (fun (_ret: MutBorrow.t t_T) -> [ &_111 <- _ret ] s4) | s4 = bb39 ] | bb39 = s0 - [ s0 = {inv_T _97.current} - MutBorrow.borrow_final {_97.current} {MutBorrow.get_id _97} + [ s0 = {inv_T _111.current} + MutBorrow.borrow_final {_111.current} {MutBorrow.get_id _111} (fun (_ret: MutBorrow.t t_T) -> - [ &_96 <- _ret ] -{inv_T _ret.final}- - [ &_97 <- { _97 with current = _ret.final } ] s1) - | s1 = {inv_T _96.current} - MutBorrow.borrow_final {_96.current} {MutBorrow.get_id _96} + [ &_110 <- _ret ] -{inv_T _ret.final}- + [ &_111 <- { _111 with current = _ret.final } ] s1) + | s1 = {inv_T _110.current} + MutBorrow.borrow_final {_110.current} {MutBorrow.get_id _110} (fun (_ret: MutBorrow.t t_T) -> - [ &_95 <- _ret ] -{inv_T _ret.final}- - [ &_96 <- { _96 with current = _ret.final } ] s2) + [ &_109 <- _ret ] -{inv_T _ret.final}- + [ &_110 <- { _110 with current = _ret.final } ] s2) | s2 = {inv_T value.current} MutBorrow.borrow_final {value.current} {MutBorrow.get_id value} (fun (_ret: MutBorrow.t t_T) -> - [ &_100 <- _ret ] -{inv_T _ret.final}- + [ &_114 <- _ret ] -{inv_T _ret.final}- [ &value <- { value with current = _ret.final } ] s3) - | s3 = swap_T {_95} {_100} (fun (_ret: ()) -> [ &_94 <- _ret ] s4) + | s3 = swap_T {_109} {_114} (fun (_ret: ()) -> [ &_108 <- _ret ] s4) | s4 = bb40 ] | bb40 = s0 - [ s0 = {[@expl:type invariant] inv_ref_T _97} s1 - | s1 = -{resolve_ref_T _97}- s2 - | s2 = {[@expl:type invariant] inv_ref_T _96} s3 - | s3 = -{resolve_ref_T _96}- s4 + [ s0 = {[@expl:type invariant] inv_ref_T _111} s1 + | s1 = -{resolve_ref_T _111}- s2 + | s2 = {[@expl:type invariant] inv_ref_T _110} s3 + | s3 = -{resolve_ref_T _110}- s4 | s4 = {[@expl:type invariant] inv_ref_Vec_T_Global arr} s5 | s5 = -{resolve_ref_Vec_T_Global arr}- s6 | s6 = {[@expl:type invariant] inv_ref_T value} s7 @@ -5430,14 +5430,14 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | s8 = {inv_Inner_T bor_next.current} MutBorrow.borrow_final {bor_next.current} {MutBorrow.get_id bor_next} (fun (_ret: MutBorrow.t t_Inner_T) -> - [ &_102 <- _ret ] -{inv_Inner_T _ret.final}- + [ &_116 <- _ret ] -{inv_Inner_T _ret.final}- [ &bor_next <- { bor_next with current = _ret.final } ] s9) | s9 = {inv_Inner_T bor_cur.current} MutBorrow.borrow_final {bor_cur.current} {MutBorrow.get_id bor_cur} (fun (_ret: MutBorrow.t t_Inner_T) -> - [ &_103 <- _ret ] -{inv_Inner_T _ret.final}- + [ &_117 <- _ret ] -{inv_Inner_T _ret.final}- [ &bor_cur <- { bor_cur with current = _ret.final } ] s10) - | s10 = swap_Inner_T {_102} {_103} (fun (_ret: ()) -> [ &_101 <- _ret ] s11) + | s10 = swap_Inner_T {_116} {_117} (fun (_ret: ()) -> [ &_115 <- _ret ] s11) | s11 = bb41 ] | bb41 = s0 [ s0 = {[@expl:type invariant] inv_ref_Inner_T'0 bor_next} s1 @@ -5447,56 +5447,56 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | s4 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_109 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_123 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s5) - | s5 = deref_mut_Ghost_ref_PA_T {_109} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_108 <- _ret ] s6) + | s5 = deref_mut_Ghost_ref_PA_T {_123} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_122 <- _ret ] s6) | s6 = bb42 ] | bb42 = s0 - [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_115 <- _ret ] s1) + [ s0 = deref_Rc_PermCell_Inner_T_Global {cur} (fun (_ret: t_PermCell_Inner_T) -> [ &_129 <- _ret ] s1) | s1 = bb43 ] - | bb43 = s0 [ s0 = id_ghost_Inner_T {_115} (fun (_ret: t_Id) -> [ &_113 <- _ret ] s1) | s1 = bb44 ] - | bb44 = s0 [ s0 = deref_Ghost_Id {_113} (fun (_ret: t_Id) -> [ &_111 <- _ret ] s1) | s1 = bb45 ] + | bb43 = s0 [ s0 = id_ghost_Inner_T {_129} (fun (_ret: t_Id) -> [ &_127 <- _ret ] s1) | s1 = bb44 ] + | bb44 = s0 [ s0 = deref_Ghost_Id {_127} (fun (_ret: t_Id) -> [ &_125 <- _ret ] s1) | s1 = bb45 ] | bb45 = s0 - [ s0 = into_inner_PermCellOwn_Inner_T {perm_cur} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_117 <- _ret ] s1) + [ s0 = into_inner_PermCellOwn_Inner_T {perm_cur} (fun (_ret: t_PermCellOwn_Inner_T) -> [ &_131 <- _ret ] s1) | s1 = bb46 ] | bb46 = s0 - [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _108.current.current.perms} - MutBorrow.borrow_mut {_108.current.current.perms} + [ s0 = {inv_FMap_Id_PermCellOwn_Inner_T _122.current.current.perms} + MutBorrow.borrow_mut {_122.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T) -> - [ &_107 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- - [ &_108 <- { _108 with current = { _108.current with current = { _108.current.current with perms = _ret.final } } } ] + [ &_121 <- _ret ] -{inv_FMap_Id_PermCellOwn_Inner_T _ret.final}- + [ &_122 <- { _122 with current = { _122.current with current = { _122.current.current with perms = _ret.final } } } ] s1) - | s1 = insert_ghost_Id {_107} {_111} {_117} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_106 <- _ret ] s2) - | s2 = {[@expl:type invariant] inv_Option_PermCellOwn_Inner_T _106} s3 - | s3 = -{resolve_Option_PermCellOwn_Inner_T _106}- s4 + | s1 = insert_ghost_Id {_121} {_125} {_131} (fun (_ret: t_Option_PermCellOwn_Inner_T) -> [ &_120 <- _ret ] s2) + | s2 = {[@expl:type invariant] inv_Option_PermCellOwn_Inner_T _120} s3 + | s3 = -{resolve_Option_PermCellOwn_Inner_T _120}- s4 | s4 = bb47 ] | bb47 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _108} s1 - | s1 = -{resolve_ref_ref_PA_T _108}- s2 + [ s0 = {[@expl:type invariant] inv_ref_ref_PA_T _122} s1 + | s1 = -{resolve_ref_ref_PA_T _122}- s2 | s2 = [ &new_d <- MinMax.min (Map.get pa.current.depth (id_Inner_T (view_Rc_PermCell_Inner_T_Global cur))) (Map.get pa.current.depth (id_Inner_T (view_Rc_PermCell_Inner_T_Global next'0)) - 1) ] s3 | s3 = bb48 ] | bb48 = s0 - [ s0 = [ &_121 <- Map.set pa.current.depth (id_Inner_T (view_Rc_PermCell_Inner_T_Global cur)) new_d ] s1 + [ s0 = [ &_138 <- Map.set pa.current.depth (id_Inner_T (view_Rc_PermCell_Inner_T_Global cur)) new_d ] s1 | s1 = bb49 ] | bb49 = s0 [ s0 = {inv_Ghost_ref_PA_T pa} MutBorrow.borrow_mut {pa} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> - [ &_124 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- + [ &_144 <- _ret ] -{inv_Ghost_ref_PA_T _ret.final}- [ &pa <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_PA_T {_124} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_123 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_PA_T {_144} (fun (_ret: MutBorrow.t (MutBorrow.t t_PA_T)) -> [ &_143 <- _ret ] s2) | s2 = bb50 ] | bb50 = s0 [ s0 = - [ &_123 <- { _123 with current = { _123.current with current = { _123.current.current with depth = _121 } } } ] + [ &_143 <- { _143 with current = { _143.current with current = { _143.current.current with depth = _138 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_PA_T _123} s2 - | s2 = -{resolve_ref_ref_PA_T _123}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_PA_T _143} s2 + | s2 = -{resolve_ref_ref_PA_T _143}- s3 | s3 = {[@expl:type invariant] inv_Ghost_ref_PA_T pa} s4 | s4 = -{resolve_Ghost_ref_PA_T pa}- s5 - | s5 = new_unit {_105} (fun (_ret: ()) -> [ &_104 <- _ret ] s6) + | s5 = new_unit {_119} (fun (_ret: ()) -> [ &_118 <- _ret ] s6) | s6 = bb53 ] | bb53 = return {_0} ] [ & _0: () = Any.any_l () @@ -5504,85 +5504,85 @@ module M_implementation__impl_PersistentArray_T__reroot (* implementation::Persi | & auth_id: t_Id = auth_id | & pa: MutBorrow.t t_PA_T = pa | & perm_cur: t_PermCellOwn_Inner_T = Any.any_l () - | & _13: t_PermCellOwn_Inner_T = Any.any_l () - | & _14: t_Option_PermCellOwn_Inner_T = Any.any_l () - | & _15: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _16: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _17: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _19: t_Id = Any.any_l () - | & _21: t_Id = Any.any_l () - | & _22: t_Id = Any.any_l () - | & _24: t_PermCell_Inner_T = Any.any_l () + | & _27: t_PermCellOwn_Inner_T = Any.any_l () + | & _28: t_Option_PermCellOwn_Inner_T = Any.any_l () + | & _29: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _30: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _31: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _33: t_Id = Any.any_l () + | & _35: t_Id = Any.any_l () + | & _36: t_Id = Any.any_l () + | & _38: t_PermCell_Inner_T = Any.any_l () | & bor_cur: MutBorrow.t t_Inner_T = Any.any_l () - | & _27: MutBorrow.t t_Inner_T = Any.any_l () - | & _29: t_PermCell_Inner_T = Any.any_l () - | & _31: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _32: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _33: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _34: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _35: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _36: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _38: t_Option_PermCellOwn_Inner_T = Any.any_l () - | & _39: t_Option_PermCellOwn_Inner_T = Any.any_l () - | & _40: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _41: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _42: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _44: t_Id = Any.any_l () - | & _46: t_Id = Any.any_l () - | & _48: t_PermCell_Inner_T = Any.any_l () - | & _50: t_PermCellOwn_Inner_T = Any.any_l () + | & _41: MutBorrow.t t_Inner_T = Any.any_l () + | & _43: t_PermCell_Inner_T = Any.any_l () + | & _45: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _46: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _47: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _48: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _49: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _50: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _52: t_Option_PermCellOwn_Inner_T = Any.any_l () + | & _53: t_Option_PermCellOwn_Inner_T = Any.any_l () + | & _54: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _55: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _56: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _58: t_Id = Any.any_l () + | & _60: t_Id = Any.any_l () + | & _62: t_PermCell_Inner_T = Any.any_l () + | & _64: t_PermCellOwn_Inner_T = Any.any_l () | & next: MutBorrow.t t_Rc_PermCell_Inner_T_Global = Any.any_l () | & value: MutBorrow.t t_T = Any.any_l () | & index: MutBorrow.t UInt64.t = Any.any_l () - | & _56: () = Any.any_l () - | & _58: MutBorrow.t t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _60: MutBorrow.t t_PA_T = Any.any_l () - | & _61: MutBorrow.t t_PA_T = Any.any_l () - | & _62: MutBorrow.t t_PA_T = Any.any_l () - | & _63: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _64: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _65: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _70: () = Any.any_l () + | & _72: MutBorrow.t t_Rc_PermCell_Inner_T_Global = Any.any_l () + | & _74: MutBorrow.t t_PA_T = Any.any_l () + | & _75: MutBorrow.t t_PA_T = Any.any_l () + | & _76: MutBorrow.t t_PA_T = Any.any_l () + | & _77: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _78: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _79: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () | & next'0: t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _67: MutBorrow.t t_Rc_PermCell_Inner_T_Global = Any.any_l () - | & _68: t_Rc_PermCell_Inner_T_Global = Any.any_l () + | & _81: MutBorrow.t t_Rc_PermCell_Inner_T_Global = Any.any_l () + | & _82: t_Rc_PermCell_Inner_T_Global = Any.any_l () | & perm_next: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _71: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _72: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () - | & _73: t_Option_ref_PermCellOwn_Inner_T = Any.any_l () - | & _74: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _75: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _76: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _78: t_Id = Any.any_l () - | & _79: t_Id = Any.any_l () - | & _81: t_Id = Any.any_l () - | & _83: t_PermCell_Inner_T = Any.any_l () + | & _85: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _86: MutBorrow.t t_PermCellOwn_Inner_T = Any.any_l () + | & _87: t_Option_ref_PermCellOwn_Inner_T = Any.any_l () + | & _88: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _89: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _90: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _92: t_Id = Any.any_l () + | & _93: t_Id = Any.any_l () + | & _95: t_Id = Any.any_l () + | & _97: t_PermCell_Inner_T = Any.any_l () | & bor_next: MutBorrow.t t_Inner_T = Any.any_l () - | & _86: MutBorrow.t t_Inner_T = Any.any_l () - | & _88: t_PermCell_Inner_T = Any.any_l () + | & _100: MutBorrow.t t_Inner_T = Any.any_l () + | & _102: t_PermCell_Inner_T = Any.any_l () | & arr: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _94: () = Any.any_l () - | & _95: MutBorrow.t t_T = Any.any_l () - | & _96: MutBorrow.t t_T = Any.any_l () - | & _97: MutBorrow.t t_T = Any.any_l () - | & _98: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _100: MutBorrow.t t_T = Any.any_l () - | & _101: () = Any.any_l () - | & _102: MutBorrow.t t_Inner_T = Any.any_l () - | & _103: MutBorrow.t t_Inner_T = Any.any_l () - | & _104: () = Any.any_l () - | & _105: () = Any.any_l () - | & _106: t_Option_PermCellOwn_Inner_T = Any.any_l () - | & _107: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () - | & _108: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _109: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _111: t_Id = Any.any_l () - | & _113: t_Id = Any.any_l () - | & _115: t_PermCell_Inner_T = Any.any_l () - | & _117: t_PermCellOwn_Inner_T = Any.any_l () - | & new_d: int = Any.any_l () - | & _121: Map.map t_Id int = Any.any_l () + | & _108: () = Any.any_l () + | & _109: MutBorrow.t t_T = Any.any_l () + | & _110: MutBorrow.t t_T = Any.any_l () + | & _111: MutBorrow.t t_T = Any.any_l () + | & _112: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _114: MutBorrow.t t_T = Any.any_l () + | & _115: () = Any.any_l () + | & _116: MutBorrow.t t_Inner_T = Any.any_l () + | & _117: MutBorrow.t t_Inner_T = Any.any_l () + | & _118: () = Any.any_l () + | & _119: () = Any.any_l () + | & _120: t_Option_PermCellOwn_Inner_T = Any.any_l () + | & _121: MutBorrow.t t_FMap_Id_PermCellOwn_Inner_T = Any.any_l () + | & _122: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () | & _123: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () - | & _124: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () ]) + | & _125: t_Id = Any.any_l () + | & _127: t_Id = Any.any_l () + | & _129: t_PermCell_Inner_T = Any.any_l () + | & _131: t_PermCellOwn_Inner_T = Any.any_l () + | & new_d: int = Any.any_l () + | & _138: Map.map t_Id int = Any.any_l () + | & _143: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () + | & _144: MutBorrow.t (MutBorrow.t t_PA_T) = Any.any_l () ]) [ return (result: ()) -> {[@expl:reroot ensures #0] partial_invariant_T (fin_Ghost_ref_PA_T pa) auth_id} {[@expl:reroot ensures #1] (fin_Ghost_ref_PA_T pa).auth = pa.current.auth} {[@expl:reroot ensures #2] forall id: t_Id. index_Mapping_Id_Int pa.current.depth id @@ -5714,45 +5714,45 @@ module M_testing /\ Seq.get __arr_temp.Slice64.elts 1 = (2: Int32.t) /\ Seq.get __arr_temp.Slice64.elts 2 = (3: Int32.t) /\ Seq.get __arr_temp.Slice64.elts 3 = (4: Int32.t) /\ Seq.length __arr_temp.Slice64.elts = 4}- - [ &_7 <- __arr_temp ] s1) ] + [ &_8 <- __arr_temp ] s1) ] | s1 = bb2 ] - | bb2 = s0 [ s0 = into_vec_i32 {_7} (fun (_ret: t_Vec_i32_Global) -> [ &_4 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_i32 {_4} (fun (_ret: t_PersistentArray_i32) -> [ &a <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = into_vec_i32 {_8} (fun (_ret: t_Vec_i32_Global) -> [ &_5 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_i32 {_5} (fun (_ret: t_PersistentArray_i32) -> [ &a <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = MutBorrow.borrow_mut {tokens} - (fun (_ret: MutBorrow.t t_Tokens) -> [ &_14 <- _ret ] [ &tokens <- _ret.final ] s1) - | s1 = deref_mut_Ghost_Tokens {_14} (fun (_ret: MutBorrow.t t_Tokens) -> [ &_13 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Tokens) -> [ &_15 <- _ret ] [ &tokens <- _ret.final ] s1) + | s1 = deref_mut_Ghost_Tokens {_15} (fun (_ret: MutBorrow.t t_Tokens) -> [ &_14 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 - [ s0 = MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} - (fun (_ret: MutBorrow.t t_Tokens) -> [ &_12 <- _ret ] [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = reborrow {_12} (fun (_ret: t_Tokens) -> [ &_11 <- _ret ] s2) + [ s0 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + (fun (_ret: MutBorrow.t t_Tokens) -> [ &_13 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s1) + | s1 = reborrow {_13} (fun (_ret: t_Tokens) -> [ &_12 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Tokens _13}- s1 - | s1 = new_Tokens {_11} (fun (_ret: t_Tokens) -> [ &_10 <- _ret ] s2) + [ s0 = -{resolve_ref_Tokens _14}- s1 + | s1 = new_Tokens {_12} (fun (_ret: t_Tokens) -> [ &_11 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 - [ s0 = set_i32 {a} {(1: UInt64.t)} {(42: Int32.t)} {_10} (fun (_ret: t_PersistentArray_i32) -> [ &a2 <- _ret ] s1) + [ s0 = set_i32 {a} {(1: UInt64.t)} {(42: Int32.t)} {_11} (fun (_ret: t_PersistentArray_i32) -> [ &a2 <- _ret ] s1) | s1 = bb8 ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_PersistentArray_i32 a2} s1 | s1 = -{resolve_PersistentArray_i32 a2}- s2 | s2 = MutBorrow.borrow_mut {tokens} - (fun (_ret: MutBorrow.t t_Tokens) -> [ &_21 <- _ret ] [ &tokens <- _ret.final ] s3) - | s3 = deref_mut_Ghost_Tokens {_21} (fun (_ret: MutBorrow.t t_Tokens) -> [ &_20 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_Tokens) -> [ &_22 <- _ret ] [ &tokens <- _ret.final ] s3) + | s3 = deref_mut_Ghost_Tokens {_22} (fun (_ret: MutBorrow.t t_Tokens) -> [ &_21 <- _ret ] s4) | s4 = bb9 ] | bb9 = s0 - [ s0 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} - (fun (_ret: MutBorrow.t t_Tokens) -> [ &_19 <- _ret ] [ &_20 <- { _20 with current = _ret.final } ] s1) - | s1 = reborrow {_19} (fun (_ret: t_Tokens) -> [ &_18 <- _ret ] s2) + [ s0 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t t_Tokens) -> [ &_20 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s1) + | s1 = reborrow {_20} (fun (_ret: t_Tokens) -> [ &_19 <- _ret ] s2) | s2 = bb10 ] | bb10 = s0 - [ s0 = -{resolve_ref_Tokens _20}- s1 - | s1 = new_Tokens {_18} (fun (_ret: t_Tokens) -> [ &_17 <- _ret ] s2) + [ s0 = -{resolve_ref_Tokens _21}- s1 + | s1 = new_Tokens {_19} (fun (_ret: t_Tokens) -> [ &_18 <- _ret ] s2) | s2 = bb11 ] | bb11 = s0 - [ s0 = set_i32 {a} {(0: UInt64.t)} {(50: Int32.t)} {_17} (fun (_ret: t_PersistentArray_i32) -> [ &a3 <- _ret ] s1) + [ s0 = set_i32 {a} {(0: UInt64.t)} {(50: Int32.t)} {_18} (fun (_ret: t_PersistentArray_i32) -> [ &a3 <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 [ s0 = -{resolve_Ghost_Tokens tokens}- s1 @@ -5781,20 +5781,20 @@ module M_testing [ & _0: () = Any.any_l () | & tokens: t_Tokens = tokens | & a: t_PersistentArray_i32 = Any.any_l () - | & _4: t_Vec_i32_Global = Any.any_l () - | & _7: Slice64.array Int32.t = Any.any_l () + | & _5: t_Vec_i32_Global = Any.any_l () + | & _8: Slice64.array Int32.t = Any.any_l () | & a2: t_PersistentArray_i32 = Any.any_l () - | & _10: t_Tokens = Any.any_l () | & _11: t_Tokens = Any.any_l () - | & _12: MutBorrow.t t_Tokens = Any.any_l () + | & _12: t_Tokens = Any.any_l () | & _13: MutBorrow.t t_Tokens = Any.any_l () | & _14: MutBorrow.t t_Tokens = Any.any_l () + | & _15: MutBorrow.t t_Tokens = Any.any_l () | & a3: t_PersistentArray_i32 = Any.any_l () - | & _17: t_Tokens = Any.any_l () | & _18: t_Tokens = Any.any_l () - | & _19: MutBorrow.t t_Tokens = Any.any_l () + | & _19: t_Tokens = Any.any_l () | & _20: MutBorrow.t t_Tokens = Any.any_l () | & _21: MutBorrow.t t_Tokens = Any.any_l () + | & _22: MutBorrow.t t_Tokens = Any.any_l () | & a4: t_PersistentArray_i32 = Any.any_l () | & a_model: Seq.seq Int32.t = Any.any_l () | & a2_model: Seq.seq Int32.t = Any.any_l () diff --git a/tests/should_succeed/projection_toggle.coma b/tests/should_succeed/projection_toggle.coma index 40327a1d07..ee4c3d91a7 100644 --- a/tests/should_succeed/projection_toggle.coma +++ b/tests/should_succeed/projection_toggle.coma @@ -33,15 +33,15 @@ module M_proj_toggle | s2 = {inv_T a.current} MutBorrow.borrow_final {a.current} {MutBorrow.get_id a} (fun (_ret: MutBorrow.t t_T) -> - [ &_8 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- _ret ] -{inv_T _ret.final}- [ &a <- { a with current = _ret.final } ] s3) - | s3 = {inv_T _8.current} - MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + | s3 = {inv_T _11.current} + MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- - [ &_8 <- { _8 with current = _ret.final } ] s4) - | s4 = {[@expl:type invariant] inv_ref_T _8} s5 - | s5 = -{resolve_ref_T _8}- s6 + [ &_9 <- _ret ] -{inv_T _ret.final}- + [ &_11 <- { _11 with current = _ret.final } ] s4) + | s4 = {[@expl:type invariant] inv_ref_T _11} s5 + | s5 = -{resolve_ref_T _11}- s6 | s6 = bb3 ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_ref_T a} s1 @@ -49,17 +49,17 @@ module M_proj_toggle | s2 = {inv_T b.current} MutBorrow.borrow_final {b.current} {MutBorrow.get_id b} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- + [ &_9 <- _ret ] -{inv_T _ret.final}- [ &b <- { b with current = _ret.final } ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = {inv_T _6.current} - MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + [ s0 = {inv_T _9.current} + MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} (fun (_ret: MutBorrow.t t_T) -> [ &_4 <- _ret ] -{inv_T _ret.final}- - [ &_6 <- { _6 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T _6} s2 - | s2 = -{resolve_ref_T _6}- s3 + [ &_9 <- { _9 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T _9} s2 + | s2 = -{resolve_ref_T _9}- s3 | s3 = {inv_T _4.current} MutBorrow.borrow_final {_4.current} {MutBorrow.get_id _4} (fun (_ret: MutBorrow.t t_T) -> @@ -77,8 +77,8 @@ module M_proj_toggle | & a: MutBorrow.t t_T = a | & b: MutBorrow.t t_T = b | & _4: MutBorrow.t t_T = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _8: MutBorrow.t t_T = Any.any_l () ]) + | & _9: MutBorrow.t t_T = Any.any_l () + | & _11: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:proj_toggle result type invariant] inv_ref_T result} {[@expl:proj_toggle ensures] if toggle then result = a /\ b.final = b.current diff --git a/tests/should_succeed/red_black_tree.coma b/tests/should_succeed/red_black_tree.coma index ccbb696f0e..0edc18aa45 100644 --- a/tests/should_succeed/red_black_tree.coma +++ b/tests/should_succeed/red_black_tree.coma @@ -1215,91 +1215,91 @@ module M_impl_Node_K_V_4__rotate_right (* Node *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.left.node} MutBorrow.borrow_mut {self.current.left.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_16 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_26 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with left = { node = _ret.final } } } ] s1) - | s1 = {inv_Option_Box_Node_K_V_Global _16.current} - MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} + | s1 = {inv_Option_Box_Node_K_V_Global _26.current} + MutBorrow.borrow_final {_26.current} {MutBorrow.get_id _26} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- - [ &_16 <- { _16 with current = _ret.final } ] s2) - | s2 = take_Option_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s3) + [ &_25 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_26 <- { _26 with current = _ret.final } ] s2) + | s2 = take_Option_Box_Node_K_V_Global {_25} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_24 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _16} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _16}- s2 - | s2 = unwrap_Box_Node_K_V_Global {_14} (fun (_ret: t_Node_K_V) -> [ &x <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _26} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _26}- s2 + | s2 = unwrap_Box_Node_K_V_Global {_24} (fun (_ret: t_Node_K_V) -> [ &x <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = {inv_Tree_K_V self.current.left} MutBorrow.borrow_mut {self.current.left} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_19 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_29 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { self.current with left = _ret.final } } ] s1) | s1 = {inv_Tree_K_V x.right} MutBorrow.borrow_mut {x.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_21 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_31 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &x <- { x with right = _ret.final } ] s2) - | s2 = {inv_Tree_K_V _19.current} - MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + | s2 = {inv_Tree_K_V _29.current} + MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_18 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_19 <- { _19 with current = _ret.final } ] s3) - | s3 = {inv_Tree_K_V _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + [ &_28 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_29 <- { _29 with current = _ret.final } ] s3) + | s3 = {inv_Tree_K_V _31.current} + MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_20 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s4) - | s4 = swap_Tree_K_V {_18} {_20} (fun (_ret: ()) -> [ &_17 <- _ret ] s5) + [ &_30 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_31 <- { _31 with current = _ret.final } ] s4) + | s4 = swap_Tree_K_V {_28} {_30} (fun (_ret: ()) -> [ &_27 <- _ret ] s5) | s5 = bb4 ] | bb4 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Tree_K_V _21} s1 - | s1 = -{resolve_ref_Tree_K_V _21}- s2 - | s2 = {[@expl:type invariant] inv_ref_Tree_K_V _19} s3 - | s3 = -{resolve_ref_Tree_K_V _19}- s4 + [ s0 = {[@expl:type invariant] inv_ref_Tree_K_V _31} s1 + | s1 = -{resolve_ref_Tree_K_V _31}- s2 + | s2 = {[@expl:type invariant] inv_ref_Tree_K_V _29} s3 + | s3 = -{resolve_ref_Tree_K_V _29}- s4 | s4 = {inv_Box_Node_K_V_Global x} MutBorrow.borrow_mut {x} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_25 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- + [ &_35 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- [ &x <- _ret.final ] s5) | s5 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_23 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_33 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s6) - | s6 = {inv_Node_K_V _25.current} - MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + | s6 = {inv_Node_K_V _35.current} + MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_24 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_25 <- { _25 with current = _ret.final } ] s7) - | s7 = swap_Node_K_V {_23} {_24} (fun (_ret: ()) -> [ &_22 <- _ret ] s8) + [ &_34 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_35 <- { _35 with current = _ret.final } ] s7) + | s7 = swap_Node_K_V {_33} {_34} (fun (_ret: ()) -> [ &_32 <- _ret ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _25} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _25}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _35} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _35}- s2 | s2 = MutBorrow.borrow_final {self.current.color} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_Color) -> - [ &_28 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s3) + [ &_38 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s3) | s3 = MutBorrow.borrow_mut {x.color} - (fun (_ret: MutBorrow.t t_Color) -> [ &_30 <- _ret ] [ &x <- { x with color = _ret.final } ] s4) - | s4 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} - (fun (_ret: MutBorrow.t t_Color) -> [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s5) - | s5 = MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} - (fun (_ret: MutBorrow.t t_Color) -> [ &_29 <- _ret ] [ &_30 <- { _30 with current = _ret.final } ] s6) - | s6 = swap_Color {_27} {_29} (fun (_ret: ()) -> [ &_26 <- _ret ] s7) + (fun (_ret: MutBorrow.t t_Color) -> [ &_40 <- _ret ] [ &x <- { x with color = _ret.final } ] s4) + | s4 = MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} + (fun (_ret: MutBorrow.t t_Color) -> [ &_37 <- _ret ] [ &_38 <- { _38 with current = _ret.final } ] s5) + | s5 = MutBorrow.borrow_final {_40.current} {MutBorrow.get_id _40} + (fun (_ret: MutBorrow.t t_Color) -> [ &_39 <- _ret ] [ &_40 <- { _40 with current = _ret.final } ] s6) + | s6 = swap_Color {_37} {_39} (fun (_ret: ()) -> [ &_36 <- _ret ] s7) | s7 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Color _30}- s1 - | s1 = -{resolve_ref_Color _28}- s2 + [ s0 = -{resolve_ref_Color _40}- s1 + | s1 = -{resolve_ref_Color _38}- s2 | s2 = {[@expl:assertion] has_mapping_K old_self.current.left (deep_model_K self.current.key) self.current.val'} s3 - | s3 = [ &_34 <- Some x ] s4 + | s3 = [ &_47 <- Some x ] s4 | s4 = bb7 ] - | bb7 = s0 [ s0 = [ &_33 <- { node = _34 } ] s1 | s1 = bb9 ] + | bb7 = s0 [ s0 = [ &_46 <- { node = _47 } ] s1 | s1 = bb9 ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_Tree_K_V self.current.right} s1 | s1 = -{resolve_Tree_K_V'0 self.current.right}- s2 - | s2 = [ &self <- { self with current = { self.current with right = _33 } } ] s3 + | s2 = [ &self <- { self with current = { self.current with right = _46 } } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_K_V self} s4 | s4 = -{resolve_ref_Node_K_V self}- s5 | s5 = bb12 ] @@ -1308,25 +1308,25 @@ module M_impl_Node_K_V_4__rotate_right (* Node *) | & self: MutBorrow.t t_Node_K_V = self | & old_self: MutBorrow.t t_Node_K_V = Any.any_l () | & x: t_Node_K_V = Any.any_l () - | & _14: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _16: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _17: () = Any.any_l () - | & _18: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _19: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _20: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _21: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _22: () = Any.any_l () - | & _23: MutBorrow.t t_Node_K_V = Any.any_l () - | & _24: MutBorrow.t t_Node_K_V = Any.any_l () - | & _25: MutBorrow.t t_Node_K_V = Any.any_l () - | & _26: () = Any.any_l () - | & _27: MutBorrow.t t_Color = Any.any_l () - | & _28: MutBorrow.t t_Color = Any.any_l () - | & _29: MutBorrow.t t_Color = Any.any_l () - | & _30: MutBorrow.t t_Color = Any.any_l () - | & _33: t_Tree_K_V = Any.any_l () - | & _34: t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _24: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _25: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _26: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _27: () = Any.any_l () + | & _28: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _29: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _30: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _31: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _32: () = Any.any_l () + | & _33: MutBorrow.t t_Node_K_V = Any.any_l () + | & _34: MutBorrow.t t_Node_K_V = Any.any_l () + | & _35: MutBorrow.t t_Node_K_V = Any.any_l () + | & _36: () = Any.any_l () + | & _37: MutBorrow.t t_Color = Any.any_l () + | & _38: MutBorrow.t t_Color = Any.any_l () + | & _39: MutBorrow.t t_Color = Any.any_l () + | & _40: MutBorrow.t t_Color = Any.any_l () + | & _46: t_Tree_K_V = Any.any_l () + | & _47: t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:rotate_right ensures #0] same_mappings_K self.current self.final} {[@expl:rotate_right ensures #1] internal_invariant_K self.final} {[@expl:rotate_right ensures #2] height_K'0 self.current = height_K'0 self.final} @@ -1708,91 +1708,91 @@ module M_impl_Node_K_V_4__rotate_left (* Node *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.right.node} MutBorrow.borrow_mut {self.current.right.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_16 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_26 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with right = { node = _ret.final } } } ] s1) - | s1 = {inv_Option_Box_Node_K_V_Global _16.current} - MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} + | s1 = {inv_Option_Box_Node_K_V_Global _26.current} + MutBorrow.borrow_final {_26.current} {MutBorrow.get_id _26} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- - [ &_16 <- { _16 with current = _ret.final } ] s2) - | s2 = take_Option_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s3) + [ &_25 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_26 <- { _26 with current = _ret.final } ] s2) + | s2 = take_Option_Box_Node_K_V_Global {_25} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_24 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _16} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _16}- s2 - | s2 = unwrap_Box_Node_K_V_Global {_14} (fun (_ret: t_Node_K_V) -> [ &x <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _26} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _26}- s2 + | s2 = unwrap_Box_Node_K_V_Global {_24} (fun (_ret: t_Node_K_V) -> [ &x <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = {inv_Tree_K_V self.current.right} MutBorrow.borrow_mut {self.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_19 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_29 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { self.current with right = _ret.final } } ] s1) | s1 = {inv_Tree_K_V x.left} MutBorrow.borrow_mut {x.left} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_21 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_31 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &x <- { x with left = _ret.final } ] s2) - | s2 = {inv_Tree_K_V _19.current} - MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + | s2 = {inv_Tree_K_V _29.current} + MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_18 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_19 <- { _19 with current = _ret.final } ] s3) - | s3 = {inv_Tree_K_V _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + [ &_28 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_29 <- { _29 with current = _ret.final } ] s3) + | s3 = {inv_Tree_K_V _31.current} + MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_20 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s4) - | s4 = swap_Tree_K_V {_18} {_20} (fun (_ret: ()) -> [ &_17 <- _ret ] s5) + [ &_30 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_31 <- { _31 with current = _ret.final } ] s4) + | s4 = swap_Tree_K_V {_28} {_30} (fun (_ret: ()) -> [ &_27 <- _ret ] s5) | s5 = bb4 ] | bb4 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Tree_K_V _21} s1 - | s1 = -{resolve_ref_Tree_K_V _21}- s2 - | s2 = {[@expl:type invariant] inv_ref_Tree_K_V _19} s3 - | s3 = -{resolve_ref_Tree_K_V _19}- s4 + [ s0 = {[@expl:type invariant] inv_ref_Tree_K_V _31} s1 + | s1 = -{resolve_ref_Tree_K_V _31}- s2 + | s2 = {[@expl:type invariant] inv_ref_Tree_K_V _29} s3 + | s3 = -{resolve_ref_Tree_K_V _29}- s4 | s4 = {inv_Box_Node_K_V_Global x} MutBorrow.borrow_mut {x} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_25 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- + [ &_35 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- [ &x <- _ret.final ] s5) | s5 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_23 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_33 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s6) - | s6 = {inv_Node_K_V _25.current} - MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + | s6 = {inv_Node_K_V _35.current} + MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_24 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_25 <- { _25 with current = _ret.final } ] s7) - | s7 = swap_Node_K_V {_23} {_24} (fun (_ret: ()) -> [ &_22 <- _ret ] s8) + [ &_34 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_35 <- { _35 with current = _ret.final } ] s7) + | s7 = swap_Node_K_V {_33} {_34} (fun (_ret: ()) -> [ &_32 <- _ret ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _25} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _25}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _35} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _35}- s2 | s2 = MutBorrow.borrow_final {self.current.color} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_Color) -> - [ &_28 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s3) + [ &_38 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s3) | s3 = MutBorrow.borrow_mut {x.color} - (fun (_ret: MutBorrow.t t_Color) -> [ &_30 <- _ret ] [ &x <- { x with color = _ret.final } ] s4) - | s4 = MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} - (fun (_ret: MutBorrow.t t_Color) -> [ &_27 <- _ret ] [ &_28 <- { _28 with current = _ret.final } ] s5) - | s5 = MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} - (fun (_ret: MutBorrow.t t_Color) -> [ &_29 <- _ret ] [ &_30 <- { _30 with current = _ret.final } ] s6) - | s6 = swap_Color {_27} {_29} (fun (_ret: ()) -> [ &_26 <- _ret ] s7) + (fun (_ret: MutBorrow.t t_Color) -> [ &_40 <- _ret ] [ &x <- { x with color = _ret.final } ] s4) + | s4 = MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} + (fun (_ret: MutBorrow.t t_Color) -> [ &_37 <- _ret ] [ &_38 <- { _38 with current = _ret.final } ] s5) + | s5 = MutBorrow.borrow_final {_40.current} {MutBorrow.get_id _40} + (fun (_ret: MutBorrow.t t_Color) -> [ &_39 <- _ret ] [ &_40 <- { _40 with current = _ret.final } ] s6) + | s6 = swap_Color {_37} {_39} (fun (_ret: ()) -> [ &_36 <- _ret ] s7) | s7 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Color _30}- s1 - | s1 = -{resolve_ref_Color _28}- s2 + [ s0 = -{resolve_ref_Color _40}- s1 + | s1 = -{resolve_ref_Color _38}- s2 | s2 = {[@expl:assertion] has_mapping_K old_self.current.right (deep_model_K self.current.key) self.current.val'} s3 - | s3 = [ &_34 <- Some x ] s4 + | s3 = [ &_47 <- Some x ] s4 | s4 = bb7 ] - | bb7 = s0 [ s0 = [ &_33 <- { node = _34 } ] s1 | s1 = bb9 ] + | bb7 = s0 [ s0 = [ &_46 <- { node = _47 } ] s1 | s1 = bb9 ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_Tree_K_V self.current.left} s1 | s1 = -{resolve_Tree_K_V'0 self.current.left}- s2 - | s2 = [ &self <- { self with current = { self.current with left = _33 } } ] s3 + | s2 = [ &self <- { self with current = { self.current with left = _46 } } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_K_V self} s4 | s4 = -{resolve_ref_Node_K_V self}- s5 | s5 = bb12 ] @@ -1801,25 +1801,25 @@ module M_impl_Node_K_V_4__rotate_left (* Node *) | & self: MutBorrow.t t_Node_K_V = self | & old_self: MutBorrow.t t_Node_K_V = Any.any_l () | & x: t_Node_K_V = Any.any_l () - | & _14: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _16: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _17: () = Any.any_l () - | & _18: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _19: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _20: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _21: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _22: () = Any.any_l () - | & _23: MutBorrow.t t_Node_K_V = Any.any_l () - | & _24: MutBorrow.t t_Node_K_V = Any.any_l () - | & _25: MutBorrow.t t_Node_K_V = Any.any_l () - | & _26: () = Any.any_l () - | & _27: MutBorrow.t t_Color = Any.any_l () - | & _28: MutBorrow.t t_Color = Any.any_l () - | & _29: MutBorrow.t t_Color = Any.any_l () - | & _30: MutBorrow.t t_Color = Any.any_l () - | & _33: t_Tree_K_V = Any.any_l () - | & _34: t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _24: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _25: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _26: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _27: () = Any.any_l () + | & _28: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _29: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _30: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _31: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _32: () = Any.any_l () + | & _33: MutBorrow.t t_Node_K_V = Any.any_l () + | & _34: MutBorrow.t t_Node_K_V = Any.any_l () + | & _35: MutBorrow.t t_Node_K_V = Any.any_l () + | & _36: () = Any.any_l () + | & _37: MutBorrow.t t_Color = Any.any_l () + | & _38: MutBorrow.t t_Color = Any.any_l () + | & _39: MutBorrow.t t_Color = Any.any_l () + | & _40: MutBorrow.t t_Color = Any.any_l () + | & _46: t_Tree_K_V = Any.any_l () + | & _47: t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:rotate_left ensures #0] same_mappings_K self.current self.final} {[@expl:rotate_left ensures #1] internal_invariant_K self.final} {[@expl:rotate_left ensures #2] height_K'0 self.current = height_K'0 self.final} @@ -2092,62 +2092,62 @@ module M_impl_Node_K_V_4__flip_colors (* Node *) MutBorrow.borrow_final {self.current.left.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_26 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with left = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_26} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_25 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_14} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_13 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_25} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_24 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_13 <- { _13 with current = { _13.current with color = self.current.color } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _13} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _13}- s3 + [ s0 = [ &_24 <- { _24 with current = { _24.current with color = self.current.color } } ] s1 + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _24} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _24}- s3 | s3 = MutBorrow.borrow_final {self.current.color} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_Color) -> - [ &_18 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s4) + [ &_29 <- _ret ] [ &self <- { self with current = { self.current with color = _ret.final } } ] s4) | s4 = {inv_Option_Box_Node_K_V_Global self.current.right.node} MutBorrow.borrow_final {self.current.right.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 5) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_23 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_34 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with right = { node = _ret.final } } } ] s5) - | s5 = as_mut_Box_Node_K_V_Global {_23} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_22 <- _ret ] s6) + | s5 = as_mut_Box_Node_K_V_Global {_34} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_33 <- _ret ] s6) | s6 = bb3 ] | bb3 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_22} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_21 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_33} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_32 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = MutBorrow.borrow_final {_21.current.color} {MutBorrow.inherit_id (MutBorrow.get_id _21) 2} + [ s0 = MutBorrow.borrow_final {_32.current.color} {MutBorrow.inherit_id (MutBorrow.get_id _32) 2} (fun (_ret: MutBorrow.t t_Color) -> - [ &_20 <- _ret ] [ &_21 <- { _21 with current = { _21.current with color = _ret.final } } ] s1) - | s1 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} - (fun (_ret: MutBorrow.t t_Color) -> [ &_17 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} - (fun (_ret: MutBorrow.t t_Color) -> [ &_19 <- _ret ] [ &_20 <- { _20 with current = _ret.final } ] s3) - | s3 = swap_Color {_17} {_19} (fun (_ret: ()) -> [ &_16 <- _ret ] s4) + [ &_31 <- _ret ] [ &_32 <- { _32 with current = { _32.current with color = _ret.final } } ] s1) + | s1 = MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} + (fun (_ret: MutBorrow.t t_Color) -> [ &_28 <- _ret ] [ &_29 <- { _29 with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} + (fun (_ret: MutBorrow.t t_Color) -> [ &_30 <- _ret ] [ &_31 <- { _31 with current = _ret.final } ] s3) + | s3 = swap_Color {_28} {_30} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) | s4 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _21} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _21}- s2 - | s2 = -{resolve_ref_Color _20}- s3 - | s3 = -{resolve_ref_Color _18}- s4 + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _32} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _32}- s2 + | s2 = -{resolve_ref_Color _31}- s3 + | s3 = -{resolve_ref_Color _29}- s4 | s4 = {[@expl:type invariant] inv_ref_Node_K_V self} s5 | s5 = -{resolve_ref_Node_K_V self}- s6 | s6 = return {_0} ] ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_Node_K_V = self - | & _13: MutBorrow.t t_Node_K_V = Any.any_l () - | & _14: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _16: () = Any.any_l () - | & _17: MutBorrow.t t_Color = Any.any_l () - | & _18: MutBorrow.t t_Color = Any.any_l () - | & _19: MutBorrow.t t_Color = Any.any_l () - | & _20: MutBorrow.t t_Color = Any.any_l () - | & _21: MutBorrow.t t_Node_K_V = Any.any_l () - | & _22: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _23: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _24: MutBorrow.t t_Node_K_V = Any.any_l () + | & _25: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _26: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _27: () = Any.any_l () + | & _28: MutBorrow.t t_Color = Any.any_l () + | & _29: MutBorrow.t t_Color = Any.any_l () + | & _30: MutBorrow.t t_Color = Any.any_l () + | & _31: MutBorrow.t t_Color = Any.any_l () + | & _32: MutBorrow.t t_Node_K_V = Any.any_l () + | & _33: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _34: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:flip_colors ensures #0] internal_invariant_K self.final} {[@expl:flip_colors ensures #1] height_K'0 self.current = height_K'0 self.final} {[@expl:flip_colors ensures #2] same_mappings_K self.current self.final} @@ -2506,47 +2506,47 @@ module M_impl_Node_K_V_4__balance (* Node *) {[@expl:balance requires #3] self.current.color = Red /\ color_K self.current.right = Red /\ color_K self.current.left = Red -> false} (! bb0 - [ bb0 = s0 [ s0 = is_red_K {self.current.right} (fun (_ret: bool) -> [ &_15 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb2) ] - | bb2 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_17 <- _ret ] s1) | s1 = bb3 ] - | bb3 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb9) ] + [ bb0 = s0 [ s0 = is_red_K {self.current.right} (fun (_ret: bool) -> [ &_31 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_31 = false} (! bb9) | br1 -> {_31} (! bb2) ] + | bb2 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_33 <- _ret ] s1) | s1 = bb3 ] + | bb3 = any [ br0 -> {_33 = false} (! bb5) | br1 -> {_33} (! bb9) ] | bb5 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_20 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_36 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = rotate_left_K {_20} (fun (_ret: ()) -> [ &_19 <- _ret ] s2) + | s1 = rotate_left_K {_36} (fun (_ret: ()) -> [ &_35 <- _ret ] s2) | s2 = bb9 ] - | bb9 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_22 <- _ret ] s1) | s1 = bb10 ] - | bb10 = any [ br0 -> {_22 = false} (! bb20) | br1 -> {_22} (! bb11) ] + | bb9 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_38 <- _ret ] s1) | s1 = bb10 ] + | bb10 = any [ br0 -> {_38 = false} (! bb20) | br1 -> {_38} (! bb11) ] | bb11 = s0 [ s0 = as_ref_Box_Node_K_V_Global {self.current.left.node} - (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_27 <- _ret ] s1) + (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_43 <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_27} (fun (_ret: t_Node_K_V) -> [ &_26 <- _ret ] s1) | s1 = bb13 ] - | bb13 = s0 [ s0 = is_red_K {_26.left} (fun (_ret: bool) -> [ &_24 <- _ret ] s1) | s1 = bb14 ] - | bb14 = any [ br0 -> {_24 = false} (! bb20) | br1 -> {_24} (! bb15) ] + [ s0 = unwrap_ref_Box_Node_K_V_Global {_43} (fun (_ret: t_Node_K_V) -> [ &_42 <- _ret ] s1) | s1 = bb13 ] + | bb13 = s0 [ s0 = is_red_K {_42.left} (fun (_ret: bool) -> [ &_40 <- _ret ] s1) | s1 = bb14 ] + | bb14 = any [ br0 -> {_40 = false} (! bb20) | br1 -> {_40} (! bb15) ] | bb15 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_30 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_46 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = rotate_right_K {_30} (fun (_ret: ()) -> [ &_29 <- _ret ] s2) + | s1 = rotate_right_K {_46} (fun (_ret: ()) -> [ &_45 <- _ret ] s2) | s2 = bb20 ] - | bb20 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_31 <- _ret ] s1) | s1 = bb21 ] - | bb21 = any [ br0 -> {_31 = false} (! bb27) | br1 -> {_31} (! bb22) ] - | bb22 = s0 [ s0 = is_red_K {self.current.right} (fun (_ret: bool) -> [ &_33 <- _ret ] s1) | s1 = bb23 ] - | bb23 = any [ br0 -> {_33 = false} (! bb26) | br1 -> {_33} (! bb24) ] + | bb20 = s0 [ s0 = is_red_K {self.current.left} (fun (_ret: bool) -> [ &_47 <- _ret ] s1) | s1 = bb21 ] + | bb21 = any [ br0 -> {_47 = false} (! bb27) | br1 -> {_47} (! bb22) ] + | bb22 = s0 [ s0 = is_red_K {self.current.right} (fun (_ret: bool) -> [ &_49 <- _ret ] s1) | s1 = bb23 ] + | bb23 = any [ br0 -> {_49 = false} (! bb26) | br1 -> {_49} (! bb24) ] | bb24 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_final {self.current} {MutBorrow.get_id self} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_36 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_52 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = flip_colors_K {_36} (fun (_ret: ()) -> [ &_35 <- _ret ] s2) + | s1 = flip_colors_K {_52} (fun (_ret: ()) -> [ &_51 <- _ret ] s2) | s2 = bb25 ] | bb25 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V self} s1 | s1 = -{resolve_ref_Node_K_V self}- s2 | s2 = bb29 ] @@ -2557,20 +2557,20 @@ module M_impl_Node_K_V_4__balance (* Node *) | bb29 = return {_0} ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_Node_K_V = self - | & _15: bool = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: () = Any.any_l () - | & _20: MutBorrow.t t_Node_K_V = Any.any_l () - | & _22: bool = Any.any_l () - | & _24: bool = Any.any_l () - | & _26: t_Node_K_V = Any.any_l () - | & _27: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _29: () = Any.any_l () - | & _30: MutBorrow.t t_Node_K_V = Any.any_l () | & _31: bool = Any.any_l () | & _33: bool = Any.any_l () | & _35: () = Any.any_l () - | & _36: MutBorrow.t t_Node_K_V = Any.any_l () ]) + | & _36: MutBorrow.t t_Node_K_V = Any.any_l () + | & _38: bool = Any.any_l () + | & _40: bool = Any.any_l () + | & _42: t_Node_K_V = Any.any_l () + | & _43: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _45: () = Any.any_l () + | & _46: MutBorrow.t t_Node_K_V = Any.any_l () + | & _47: bool = Any.any_l () + | & _49: bool = Any.any_l () + | & _51: () = Any.any_l () + | & _52: MutBorrow.t t_Node_K_V = Any.any_l () ]) [ return (result: ()) -> {[@expl:balance ensures #0] same_mappings_K self.current self.final} {[@expl:balance ensures #1] internal_invariant_K self.final} {[@expl:balance ensures #2] height_K'0 self.current = height_K'0 self.final} @@ -2940,84 +2940,84 @@ module M_impl_Node_K_V_4__move_red_left (* Node *) [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_16 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_26 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = flip_colors_K {_16} (fun (_ret: ()) -> [ &_15 <- _ret ] s2) + | s1 = flip_colors_K {_26} (fun (_ret: ()) -> [ &_25 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.right.node} MutBorrow.borrow_mut {self.current.right.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_22 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_32 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with right = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_22} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_21 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_32} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_31 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_21} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_20 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_31} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_30 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _20} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _20}- s2 - | s2 = is_red_K {_20.current.left} (fun (_ret: bool) -> [ &_18 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _30} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _30}- s2 + | s2 = is_red_K {_30.current.left} (fun (_ret: bool) -> [ &_28 <- _ret ] s3) | s3 = bb4 ] - | bb4 = any [ br0 -> {_18 = false} (! bb13) | br1 -> {_18} (! bb5) ] + | bb4 = any [ br0 -> {_28 = false} (! bb13) | br1 -> {_28} (! bb5) ] | bb5 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.right.node} MutBorrow.borrow_mut {self.current.right.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_28 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_38 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with right = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_28} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_27 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_38} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_37 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_27} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_26 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_37} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_36 <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = {inv_Node_K_V _26.current} - MutBorrow.borrow_final {_26.current} {MutBorrow.get_id _26} + [ s0 = {inv_Node_K_V _36.current} + MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_25 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_26 <- { _26 with current = _ret.final } ] s1) - | s1 = rotate_right_K {_25} (fun (_ret: ()) -> [ &_24 <- _ret ] s2) + [ &_35 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_36 <- { _36 with current = _ret.final } ] s1) + | s1 = rotate_right_K {_35} (fun (_ret: ()) -> [ &_34 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _26} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _26}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _36} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _36}- s2 | s2 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_30 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_40 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s3) - | s3 = rotate_left_K {_30} (fun (_ret: ()) -> [ &_29 <- _ret ] s4) + | s3 = rotate_left_K {_40} (fun (_ret: ()) -> [ &_39 <- _ret ] s4) | s4 = bb9 ] | bb9 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_32 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_42 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = flip_colors_K {_32} (fun (_ret: ()) -> [ &_31 <- _ret ] s2) + | s1 = flip_colors_K {_42} (fun (_ret: ()) -> [ &_41 <- _ret ] s2) | s2 = bb10 ] | bb10 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.left.node} MutBorrow.borrow_final {self.current.left.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_35 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_45 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with left = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_35} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_34 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_45} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_44 <- _ret ] s2) | s2 = bb11 ] | bb11 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_34} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_33 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_44} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_43 <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 - [ s0 = {inv_Node_K_V _33.current} - MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} + [ s0 = {inv_Node_K_V _43.current} + MutBorrow.borrow_final {_43.current} {MutBorrow.get_id _43} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_0 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_33 <- { _33 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _33} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _33}- s3 + [ &_43 <- { _43 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _43} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _43}- s3 | s3 = bb16 ] | bb16 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V self} s1 | s1 = -{resolve_ref_Node_K_V self}- s2 | s2 = bb14 ] @@ -3025,24 +3025,24 @@ module M_impl_Node_K_V_4__move_red_left (* Node *) | bb14 = return {_0} ] [ & _0: MutBorrow.t t_Node_K_V = Any.any_l () | & self: MutBorrow.t t_Node_K_V = self - | & _15: () = Any.any_l () - | & _16: MutBorrow.t t_Node_K_V = Any.any_l () - | & _18: bool = Any.any_l () - | & _20: MutBorrow.t t_Node_K_V = Any.any_l () - | & _21: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _22: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _24: () = Any.any_l () - | & _25: MutBorrow.t t_Node_K_V = Any.any_l () + | & _25: () = Any.any_l () | & _26: MutBorrow.t t_Node_K_V = Any.any_l () - | & _27: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _28: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _29: () = Any.any_l () + | & _28: bool = Any.any_l () | & _30: MutBorrow.t t_Node_K_V = Any.any_l () - | & _31: () = Any.any_l () - | & _32: MutBorrow.t t_Node_K_V = Any.any_l () - | & _33: MutBorrow.t t_Node_K_V = Any.any_l () - | & _34: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _35: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _31: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _32: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _34: () = Any.any_l () + | & _35: MutBorrow.t t_Node_K_V = Any.any_l () + | & _36: MutBorrow.t t_Node_K_V = Any.any_l () + | & _37: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _38: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _39: () = Any.any_l () + | & _40: MutBorrow.t t_Node_K_V = Any.any_l () + | & _41: () = Any.any_l () + | & _42: MutBorrow.t t_Node_K_V = Any.any_l () + | & _43: MutBorrow.t t_Node_K_V = Any.any_l () + | & _44: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _45: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: MutBorrow.t t_Node_K_V) -> {[@expl:move_red_left result type invariant] inv_ref_Node_K_V result} {[@expl:move_red_left ensures #0] internal_invariant_K result.current} {[@expl:move_red_left ensures #1] internal_invariant_K result.final @@ -3402,63 +3402,63 @@ module M_impl_Node_K_V_4__move_red_right (* Node *) [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_16 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_26 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = flip_colors_K {_16} (fun (_ret: ()) -> [ &_15 <- _ret ] s2) + | s1 = flip_colors_K {_26} (fun (_ret: ()) -> [ &_25 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.left.node} MutBorrow.borrow_mut {self.current.left.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_22 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_32 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with left = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_22} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_21 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_32} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_31 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_21} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_20 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_31} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_30 <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _20} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _20}- s2 - | s2 = is_red_K {_20.current.left} (fun (_ret: bool) -> [ &_18 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _30} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _30}- s2 + | s2 = is_red_K {_30.current.left} (fun (_ret: bool) -> [ &_28 <- _ret ] s3) | s3 = bb4 ] - | bb4 = any [ br0 -> {_18 = false} (! bb10) | br1 -> {_18} (! bb5) ] + | bb4 = any [ br0 -> {_28 = false} (! bb10) | br1 -> {_28} (! bb5) ] | bb5 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_25 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_35 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = rotate_right_K {_25} (fun (_ret: ()) -> [ &_24 <- _ret ] s2) + | s1 = rotate_right_K {_35} (fun (_ret: ()) -> [ &_34 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 [ s0 = {inv_Node_K_V self.current} MutBorrow.borrow_mut {self.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_27 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_37 <- _ret ] -{inv_Node_K_V _ret.final}- [ &self <- { self with current = _ret.final } ] s1) - | s1 = flip_colors_K {_27} (fun (_ret: ()) -> [ &_26 <- _ret ] s2) + | s1 = flip_colors_K {_37} (fun (_ret: ()) -> [ &_36 <- _ret ] s2) | s2 = bb7 ] | bb7 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.right.node} MutBorrow.borrow_final {self.current.right.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 5) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_30 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_40 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { self.current with right = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_30} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_29 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_40} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_39 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_29} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_28 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_39} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_38 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = {inv_Node_K_V _28.current} - MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + [ s0 = {inv_Node_K_V _38.current} + MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_0 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_28 <- { _28 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _28} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _28}- s3 + [ &_38 <- { _38 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _38} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _38}- s3 | s3 = bb13 ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V self} s1 | s1 = -{resolve_ref_Node_K_V self}- s2 | s2 = bb11 ] @@ -3466,19 +3466,19 @@ module M_impl_Node_K_V_4__move_red_right (* Node *) | bb11 = return {_0} ] [ & _0: MutBorrow.t t_Node_K_V = Any.any_l () | & self: MutBorrow.t t_Node_K_V = self - | & _15: () = Any.any_l () - | & _16: MutBorrow.t t_Node_K_V = Any.any_l () - | & _18: bool = Any.any_l () - | & _20: MutBorrow.t t_Node_K_V = Any.any_l () - | & _21: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _22: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _24: () = Any.any_l () - | & _25: MutBorrow.t t_Node_K_V = Any.any_l () - | & _26: () = Any.any_l () - | & _27: MutBorrow.t t_Node_K_V = Any.any_l () - | & _28: MutBorrow.t t_Node_K_V = Any.any_l () - | & _29: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _30: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _25: () = Any.any_l () + | & _26: MutBorrow.t t_Node_K_V = Any.any_l () + | & _28: bool = Any.any_l () + | & _30: MutBorrow.t t_Node_K_V = Any.any_l () + | & _31: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _32: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _34: () = Any.any_l () + | & _35: MutBorrow.t t_Node_K_V = Any.any_l () + | & _36: () = Any.any_l () + | & _37: MutBorrow.t t_Node_K_V = Any.any_l () + | & _38: MutBorrow.t t_Node_K_V = Any.any_l () + | & _39: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _40: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: MutBorrow.t t_Node_K_V) -> {[@expl:move_red_right result type invariant] inv_ref_Node_K_V result} {[@expl:move_red_right ensures #0] internal_invariant_K result.current} {[@expl:move_red_right ensures #1] internal_invariant_K result.final @@ -3859,44 +3859,44 @@ module M_impl_Tree_K_V_6__insert_rec (* Tree *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.node} MutBorrow.borrow_mut {self.current.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_11 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_21 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s1) - | s1 = any [ br0 -> {_11.current = None} (! bb17) | br1 (x0: t_Node_K_V) -> {_11.current = Some x0} (! bb2) ] ] + | s1 = any [ br0 -> {_21.current = None} (! bb17) | br1 (x0: t_Node_K_V) -> {_21.current = Some x0} (! bb2) ] ] | bb17 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _11} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _11}- s2 - | s2 = [ &_34 <- None ] s3 - | s3 = [ &_33 <- { node = _34 } ] s4 + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _21} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _21}- s2 + | s2 = [ &_44 <- None ] s3 + | s3 = [ &_43 <- { node = _44 } ] s4 | s4 = bb18 ] - | bb18 = s0 [ s0 = [ &_35 <- Red ] s1 | s1 = [ &_39 <- None ] s2 | s2 = [ &_38 <- { node = _39 } ] s3 | s3 = bb19 ] - | bb19 = s0 [ s0 = [ &_32 <- { left = _33; color = _35; key = key'0; val' = val''0; right = _38 } ] s1 | s1 = bb24 ] - | bb24 = s0 [ s0 = [ &_30 <- Some _32 ] s1 | s1 = bb26 ] + | bb18 = s0 [ s0 = [ &_45 <- Red ] s1 | s1 = [ &_49 <- None ] s2 | s2 = [ &_48 <- { node = _49 } ] s3 | s3 = bb19 ] + | bb19 = s0 [ s0 = [ &_42 <- { left = _43; color = _45; key = key'0; val' = val''0; right = _48 } ] s1 | s1 = bb24 ] + | bb24 = s0 [ s0 = [ &_40 <- Some _42 ] s1 | s1 = bb26 ] | bb26 = s0 [ s0 = {[@expl:type invariant] inv_Option_Box_Node_K_V_Global self.current.node} s1 | s1 = -{resolve_Option_Box_Node_K_V_Global self.current.node}- s2 - | s2 = [ &self <- { self with current = { node = _30 } } ] s3 + | s2 = [ &self <- { self with current = { node = _40 } } ] s3 | s3 = {[@expl:type invariant] inv_ref_Tree_K_V self} s4 | s4 = -{resolve_ref_Tree_K_V self}- s5 | s5 = bb32 ] | bb2 = s0 - [ s0 = elim_Some {_11.current} + [ s0 = elim_Some {_21.current} (fun (r0: t_Node_K_V) -> {inv_Box_Node_K_V_Global r0} - MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _11) 1} + MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _21) 1} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- - [ &_11 <- { _11 with current = Some _ret.final } ] s1)) - | s1 = [ &_18 <- node'0.current.key ] s2 - | s2 = cmp_K {key'0} {_18} (fun (_ret: t_Ordering) -> [ &_15 <- _ret ] s3) + [ &_21 <- { _21 with current = Some _ret.final } ] s1)) + | s1 = [ &_28 <- node'0.current.key ] s2 + | s2 = cmp_K {key'0} {_28} (fun (_ret: t_Ordering) -> [ &_25 <- _ret ] s3) | s3 = bb3 ] - | bb3 = any [ br0 -> {_15 = Less} (! bb9) | br1 -> {_15 = Equal} (! bb6) | br2 -> {_15 = Greater} (! bb7) ] + | bb3 = any [ br0 -> {_25 = Less} (! bb9) | br1 -> {_25 = Equal} (! bb6) | br2 -> {_25 = Greater} (! bb7) ] | bb7 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_mut {node'0.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_25 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_35 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = insert_rec_K {_25} {key'0} {val''0} (fun (_ret: ()) -> [ &_14 <- _ret ] s2) + | s1 = insert_rec_K {_35} {key'0} {val''0} (fun (_ret: ()) -> [ &_24 <- _ret ] s2) | s2 = bb15 ] | bb6 = s0 [ s0 = {[@expl:type invariant] inv_K key'0} s1 | s1 = -{resolve_K key'0}- s2 | s2 = bb11 ] | bb11 = s0 @@ -3905,8 +3905,8 @@ module M_impl_Tree_K_V_6__insert_rec (* Tree *) | s2 = [ &node'0 <- { node'0 with current = { node'0.current with val' = val''0 } } ] s3 | s3 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s4 | s4 = -{resolve_ref_Box_Node_K_V_Global node'0}- s5 - | s5 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _11} s6 - | s6 = -{resolve_ref_Option_Box_Node_K_V_Global _11}- s7 + | s5 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _21} s6 + | s6 = -{resolve_ref_Option_Box_Node_K_V_Global _21}- s7 | s7 = {[@expl:type invariant] inv_ref_Tree_K_V self} s8 | s8 = -{resolve_ref_Tree_K_V self}- s9 | s9 = bb32 ] @@ -3914,23 +3914,23 @@ module M_impl_Tree_K_V_6__insert_rec (* Tree *) [ s0 = {inv_Tree_K_V node'0.current.left} MutBorrow.borrow_mut {node'0.current.left} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_20 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_30 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with left = _ret.final } } ] s1) - | s1 = insert_rec_K {_20} {key'0} {val''0} (fun (_ret: ()) -> [ &_14 <- _ret ] s2) + | s1 = insert_rec_K {_30} {key'0} {val''0} (fun (_ret: ()) -> [ &_24 <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_29 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_39 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = balance_K {_29} (fun (_ret: ()) -> [ &_28 <- _ret ] s2) + | s1 = balance_K {_39} (fun (_ret: ()) -> [ &_38 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s1 | s1 = -{resolve_ref_Box_Node_K_V_Global node'0}- s2 - | s2 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _11} s3 - | s3 = -{resolve_ref_Option_Box_Node_K_V_Global _11}- s4 + | s2 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _21} s3 + | s3 = -{resolve_ref_Option_Box_Node_K_V_Global _21}- s4 | s4 = {[@expl:type invariant] inv_ref_Tree_K_V self} s5 | s5 = -{resolve_ref_Tree_K_V self}- s6 | s6 = bb32 ] @@ -3939,22 +3939,22 @@ module M_impl_Tree_K_V_6__insert_rec (* Tree *) | & self: MutBorrow.t t_Tree_K_V = self | & key'0: t_K = key'0 | & val''0: t_V = val''0 - | & _11: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _21: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _14: () = Any.any_l () - | & _15: t_Ordering = Any.any_l () - | & _18: t_K = Any.any_l () - | & _20: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _25: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _28: () = Any.any_l () - | & _29: MutBorrow.t t_Node_K_V = Any.any_l () - | & _30: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _32: t_Node_K_V = Any.any_l () - | & _33: t_Tree_K_V = Any.any_l () - | & _34: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _35: t_Color = Any.any_l () - | & _38: t_Tree_K_V = Any.any_l () - | & _39: t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _24: () = Any.any_l () + | & _25: t_Ordering = Any.any_l () + | & _28: t_K = Any.any_l () + | & _30: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _35: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _38: () = Any.any_l () + | & _39: MutBorrow.t t_Node_K_V = Any.any_l () + | & _40: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _42: t_Node_K_V = Any.any_l () + | & _43: t_Tree_K_V = Any.any_l () + | & _44: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _45: t_Color = Any.any_l () + | & _48: t_Tree_K_V = Any.any_l () + | & _49: t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:insert_rec ensures #0] internal_invariant_K'0 self.final} {[@expl:insert_rec ensures #1] height_K self.current = height_K self.final} {[@expl:insert_rec ensures #2] match_t_K (cpn (Red) (CPL (Red)) (CPL (Black))) self.final @@ -4479,40 +4479,40 @@ module M_impl_Tree_K_V_6__delete_max_rec (* Tree *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.node} MutBorrow.borrow_mut {self.current.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_24 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_24} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_23 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_14} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_13 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_23} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_22 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {inv_Box_Node_K_V_Global _13.current} - MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + [ s0 = {inv_Box_Node_K_V_Global _22.current} + MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_12 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- - [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = as_mut_Box_Node_K_V_Global'0 {_12} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) + [ &_21 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- + [ &_22 <- { _22 with current = _ret.final } ] s1) + | s1 = as_mut_Box_Node_K_V_Global'0 {_21} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _13} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _13}- s2 - | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_17 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _22} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _22}- s2 + | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_26 <- _ret ] s3) | s3 = bb4 ] - | bb4 = any [ br0 -> {_17 = false} (! bb8) | br1 -> {_17} (! bb5) ] + | bb4 = any [ br0 -> {_26 = false} (! bb8) | br1 -> {_26} (! bb5) ] | bb5 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_mut {node'0.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_19 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_28 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = rotate_right_K {_19} (fun (_ret: ()) -> [ &_16 <- _ret ] s2) + | s1 = rotate_right_K {_28} (fun (_ret: ()) -> [ &_25 <- _ret ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = is_red_K {node'0.current.right} (fun (_ret: bool) -> [ &_21 <- _ret ] s1) | s1 = bb9 ] - | bb9 = any [ br0 -> {_21 = false} (! bb11) | br1 -> {_21} (! bb24) ] + | bb8 = s0 [ s0 = is_red_K {node'0.current.right} (fun (_ret: bool) -> [ &_30 <- _ret ] s1) | s1 = bb9 ] + | bb9 = any [ br0 -> {_30 = false} (! bb11) | br1 -> {_30} (! bb24) ] | bb11 = s0 - [ s0 = [ &_31 <- node'0.current.right.node ] s1 - | s1 = any [ br0 -> {_31 = None} (! bb18) | br1 (x0: t_Node_K_V) -> {_31 = Some x0} (! bb17) ] ] + [ s0 = [ &_40 <- node'0.current.right.node ] s1 + | s1 = any [ br0 -> {_40 = None} (! bb18) | br1 (x0: t_Node_K_V) -> {_40 = Some x0} (! bb17) ] ] | bb18 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 @@ -4520,21 +4520,21 @@ module M_impl_Tree_K_V_6__delete_max_rec (* Tree *) MutBorrow.borrow_final {self.current.node} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_27 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_36 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s3) - | s3 = {inv_Option_Box_Node_K_V_Global _27.current} - MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} + | s3 = {inv_Option_Box_Node_K_V_Global _36.current} + MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_26 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- - [ &_27 <- { _27 with current = _ret.final } ] s4) - | s4 = take_Option_Box_Node_K_V_Global {_26} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_25 <- _ret ] s5) + [ &_35 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_36 <- { _36 with current = _ret.final } ] s4) + | s4 = take_Option_Box_Node_K_V_Global {_35} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_34 <- _ret ] s5) | s5 = bb12 ] | bb12 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _27} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _27}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _36} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _36}- s2 | s2 = {[@expl:type invariant] inv_ref_Tree_K_V'0 self} s3 | s3 = -{resolve_ref_Tree_K_V self}- s4 - | s4 = unwrap_Box_Node_K_V_Global {_25} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) + | s4 = unwrap_Box_Node_K_V_Global {_34} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) | s5 = bb13 ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_Tree_K_V node'1.right} s1 @@ -4544,45 +4544,45 @@ module M_impl_Tree_K_V_6__delete_max_rec (* Tree *) | s4 = [ &_0 <- { f0'0 = node'1.key; f1'0 = node'1.val' } ] s5 | s5 = bb29 ] | bb17 = s0 - [ s0 = elim_Some {_31} (fun (r0: t_Node_K_V) -> [ &right'0 <- r0 ] s1) - | s1 = is_red_K {right'0.left} (fun (_ret: bool) -> [ &_33 <- _ret ] s2) + [ s0 = elim_Some {_40} (fun (r0: t_Node_K_V) -> [ &right'0 <- r0 ] s1) + | s1 = is_red_K {right'0.left} (fun (_ret: bool) -> [ &_42 <- _ret ] s2) | s2 = bb19 ] - | bb19 = any [ br0 -> {_33 = false} (! bb21) | br1 -> {_33} (! bb24) ] + | bb19 = any [ br0 -> {_42 = false} (! bb21) | br1 -> {_42} (! bb24) ] | bb21 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_37 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_46 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = move_red_right_K {_37} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_36 <- _ret ] s2) + | s1 = move_red_right_K {_46} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_45 <- _ret ] s2) | s2 = bb22 ] | bb22 = s0 - [ s0 = {inv_Node_K_V _36.current} - MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + [ s0 = {inv_Node_K_V _45.current} + MutBorrow.borrow_final {_45.current} {MutBorrow.get_id _45} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_35 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_36 <- { _36 with current = _ret.final } ] s1) + [ &_44 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_45 <- { _45 with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s2 | s2 = -{resolve_ref_Node_K_V node'0}- s3 - | s3 = [ &node'0 <- _35 ] s4 - | s4 = {[@expl:type invariant] inv_ref_Node_K_V _36} s5 - | s5 = -{resolve_ref_Node_K_V _36}- s6 + | s3 = [ &node'0 <- _44 ] s4 + | s4 = {[@expl:type invariant] inv_ref_Node_K_V _45} s5 + | s5 = -{resolve_ref_Node_K_V _45}- s6 | s6 = bb24 ] | bb24 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_mut {node'0.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_39 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_48 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = delete_max_rec_K {_39} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_max_rec_K {_48} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb25 ] | bb25 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_41 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_50 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = balance_K {_41} (fun (_ret: ()) -> [ &_40 <- _ret ] s2) + | s1 = balance_K {_50} (fun (_ret: ()) -> [ &_49 <- _ret ] s2) | s2 = bb26 ] | bb26 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 @@ -4595,28 +4595,28 @@ module M_impl_Tree_K_V_6__delete_max_rec (* Tree *) [ & _0: tup2_K_V = Any.any_l () | & self: MutBorrow.t t_Tree_K_V = self | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _12: MutBorrow.t t_Node_K_V = Any.any_l () - | & _13: MutBorrow.t t_Node_K_V = Any.any_l () - | & _14: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _16: () = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: MutBorrow.t t_Node_K_V = Any.any_l () - | & _21: bool = Any.any_l () + | & _21: MutBorrow.t t_Node_K_V = Any.any_l () + | & _22: MutBorrow.t t_Node_K_V = Any.any_l () + | & _23: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _24: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _25: () = Any.any_l () + | & _26: bool = Any.any_l () + | & _28: MutBorrow.t t_Node_K_V = Any.any_l () + | & _30: bool = Any.any_l () | & node'1: t_Node_K_V = Any.any_l () - | & _25: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _26: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _27: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _34: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _35: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _36: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & right'0: t_Node_K_V = Any.any_l () - | & _31: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _33: bool = Any.any_l () - | & _35: MutBorrow.t t_Node_K_V = Any.any_l () - | & _36: MutBorrow.t t_Node_K_V = Any.any_l () - | & _37: MutBorrow.t t_Node_K_V = Any.any_l () + | & _40: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _42: bool = Any.any_l () + | & _44: MutBorrow.t t_Node_K_V = Any.any_l () + | & _45: MutBorrow.t t_Node_K_V = Any.any_l () + | & _46: MutBorrow.t t_Node_K_V = Any.any_l () | & r: tup2_K_V = Any.any_l () - | & _39: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _40: () = Any.any_l () - | & _41: MutBorrow.t t_Node_K_V = Any.any_l () ]) + | & _48: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _49: () = Any.any_l () + | & _50: MutBorrow.t t_Node_K_V = Any.any_l () ]) [ return (result: tup2_K_V) -> {[@expl:delete_max_rec result type invariant] inv_tup2_K_V result} {[@expl:delete_max_rec ensures #0] internal_invariant_K'0 self.final} {[@expl:delete_max_rec ensures #1] height_K self.current = height_K self.final} @@ -5124,30 +5124,30 @@ module M_impl_Tree_K_V_6__delete_min_rec (* Tree *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.node} MutBorrow.borrow_mut {self.current.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_24 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_24} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_23 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_14} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_13 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_23} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_22 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {inv_Box_Node_K_V_Global _13.current} - MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + [ s0 = {inv_Box_Node_K_V_Global _22.current} + MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_12 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- - [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = as_mut_Box_Node_K_V_Global'0 {_12} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) + [ &_21 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- + [ &_22 <- { _22 with current = _ret.final } ] s1) + | s1 = as_mut_Box_Node_K_V_Global'0 {_21} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _13} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _13}- s2 - | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_17 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _22} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _22}- s2 + | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_26 <- _ret ] s3) | s3 = bb4 ] - | bb4 = any [ br0 -> {_17 = false} (! bb6) | br1 -> {_17} (! bb19) ] + | bb4 = any [ br0 -> {_26 = false} (! bb6) | br1 -> {_26} (! bb19) ] | bb6 = s0 - [ s0 = [ &_27 <- node'0.current.left.node ] s1 - | s1 = any [ br0 -> {_27 = None} (! bb13) | br1 (x0: t_Node_K_V) -> {_27 = Some x0} (! bb12) ] ] + [ s0 = [ &_36 <- node'0.current.left.node ] s1 + | s1 = any [ br0 -> {_36 = None} (! bb13) | br1 (x0: t_Node_K_V) -> {_36 = Some x0} (! bb12) ] ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 @@ -5155,21 +5155,21 @@ module M_impl_Tree_K_V_6__delete_min_rec (* Tree *) MutBorrow.borrow_final {self.current.node} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_23 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_32 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s3) - | s3 = {inv_Option_Box_Node_K_V_Global _23.current} - MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + | s3 = {inv_Option_Box_Node_K_V_Global _32.current} + MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_22 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- - [ &_23 <- { _23 with current = _ret.final } ] s4) - | s4 = take_Option_Box_Node_K_V_Global {_22} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_21 <- _ret ] s5) + [ &_31 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_32 <- { _32 with current = _ret.final } ] s4) + | s4 = take_Option_Box_Node_K_V_Global {_31} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_30 <- _ret ] s5) | s5 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _23} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _23}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _32} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _32}- s2 | s2 = {[@expl:type invariant] inv_ref_Tree_K_V'0 self} s3 | s3 = -{resolve_ref_Tree_K_V self}- s4 - | s4 = unwrap_Box_Node_K_V_Global {_21} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) + | s4 = unwrap_Box_Node_K_V_Global {_30} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) | s5 = bb8 ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_Tree_K_V node'1.right} s1 @@ -5179,45 +5179,45 @@ module M_impl_Tree_K_V_6__delete_min_rec (* Tree *) | s4 = [ &_0 <- { f0 = node'1.key; f1 = node'1.val' } ] s5 | s5 = bb24 ] | bb12 = s0 - [ s0 = elim_Some {_27} (fun (r0: t_Node_K_V) -> [ &left'0 <- r0 ] s1) - | s1 = is_red_K {left'0.left} (fun (_ret: bool) -> [ &_29 <- _ret ] s2) + [ s0 = elim_Some {_36} (fun (r0: t_Node_K_V) -> [ &left'0 <- r0 ] s1) + | s1 = is_red_K {left'0.left} (fun (_ret: bool) -> [ &_38 <- _ret ] s2) | s2 = bb14 ] - | bb14 = any [ br0 -> {_29 = false} (! bb16) | br1 -> {_29} (! bb19) ] + | bb14 = any [ br0 -> {_38 = false} (! bb16) | br1 -> {_38} (! bb19) ] | bb16 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_33 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_42 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = move_red_left_K {_33} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_32 <- _ret ] s2) + | s1 = move_red_left_K {_42} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_41 <- _ret ] s2) | s2 = bb17 ] | bb17 = s0 - [ s0 = {inv_Node_K_V _32.current} - MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + [ s0 = {inv_Node_K_V _41.current} + MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_31 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_32 <- { _32 with current = _ret.final } ] s1) + [ &_40 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_41 <- { _41 with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s2 | s2 = -{resolve_ref_Node_K_V node'0}- s3 - | s3 = [ &node'0 <- _31 ] s4 - | s4 = {[@expl:type invariant] inv_ref_Node_K_V _32} s5 - | s5 = -{resolve_ref_Node_K_V _32}- s6 + | s3 = [ &node'0 <- _40 ] s4 + | s4 = {[@expl:type invariant] inv_ref_Node_K_V _41} s5 + | s5 = -{resolve_ref_Node_K_V _41}- s6 | s6 = bb19 ] | bb19 = s0 [ s0 = {inv_Tree_K_V node'0.current.left} MutBorrow.borrow_mut {node'0.current.left} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_35 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_44 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with left = _ret.final } } ] s1) - | s1 = delete_min_rec_K {_35} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_min_rec_K {_44} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb20 ] | bb20 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_37 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_46 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = balance_K {_37} (fun (_ret: ()) -> [ &_36 <- _ret ] s2) + | s1 = balance_K {_46} (fun (_ret: ()) -> [ &_45 <- _ret ] s2) | s2 = bb21 ] | bb21 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 @@ -5230,25 +5230,25 @@ module M_impl_Tree_K_V_6__delete_min_rec (* Tree *) [ & _0: tup2_K_V = Any.any_l () | & self: MutBorrow.t t_Tree_K_V = self | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _12: MutBorrow.t t_Node_K_V = Any.any_l () - | & _13: MutBorrow.t t_Node_K_V = Any.any_l () - | & _14: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _17: bool = Any.any_l () + | & _21: MutBorrow.t t_Node_K_V = Any.any_l () + | & _22: MutBorrow.t t_Node_K_V = Any.any_l () + | & _23: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _24: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _26: bool = Any.any_l () | & node'1: t_Node_K_V = Any.any_l () - | & _21: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _22: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _23: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _30: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _31: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _32: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & left'0: t_Node_K_V = Any.any_l () - | & _27: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _29: bool = Any.any_l () - | & _31: MutBorrow.t t_Node_K_V = Any.any_l () - | & _32: MutBorrow.t t_Node_K_V = Any.any_l () - | & _33: MutBorrow.t t_Node_K_V = Any.any_l () + | & _36: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _38: bool = Any.any_l () + | & _40: MutBorrow.t t_Node_K_V = Any.any_l () + | & _41: MutBorrow.t t_Node_K_V = Any.any_l () + | & _42: MutBorrow.t t_Node_K_V = Any.any_l () | & r: tup2_K_V = Any.any_l () - | & _35: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _36: () = Any.any_l () - | & _37: MutBorrow.t t_Node_K_V = Any.any_l () ]) + | & _44: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _45: () = Any.any_l () + | & _46: MutBorrow.t t_Node_K_V = Any.any_l () ]) [ return (result: tup2_K_V) -> {[@expl:delete_min_rec result type invariant] inv_tup2_K_V result} {[@expl:delete_min_rec ensures #0] internal_invariant_K'0 self.final} {[@expl:delete_min_rec ensures #1] height_K self.current = height_K self.final} @@ -6036,47 +6036,47 @@ module M_impl_Tree_K_V_6__delete_rec (* Tree *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.node} MutBorrow.borrow_mut {self.current.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_15 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_25 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_15} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_14 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_25} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_24 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_14} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_13 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_24} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_23 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = {inv_Box_Node_K_V_Global _13.current} - MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} + [ s0 = {inv_Box_Node_K_V_Global _23.current} + MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_12 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- - [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = as_mut_Box_Node_K_V_Global'0 {_12} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) + [ &_22 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- + [ &_23 <- { _23 with current = _ret.final } ] s1) + | s1 = as_mut_Box_Node_K_V_Global'0 {_22} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _13} s1 - | s1 = -{resolve_ref_Box_Node_K_V_Global _13}- s2 - | s2 = [ &_20 <- node'0.current.key ] s3 - | s3 = cmp_K {key'0} {_20} (fun (_ret: t_Ordering) -> [ &_17 <- _ret ] s4) + [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _23} s1 + | s1 = -{resolve_ref_Box_Node_K_V_Global _23}- s2 + | s2 = [ &_30 <- node'0.current.key ] s3 + | s3 = cmp_K {key'0} {_30} (fun (_ret: t_Ordering) -> [ &_27 <- _ret ] s4) | s4 = bb4 ] - | bb4 = any [ br0 -> {_17 = Less} (! bb13) | br1 -> {_17 = Equal} (! bb12) | br2 -> {_17 = Greater} (! bb12) ] - | bb12 = s0 [ s0 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_43 <- _ret ] s1) | s1 = bb31 ] - | bb31 = any [ br0 -> {_43 = false} (! bb7) | br1 -> {_43} (! bb32) ] + | bb4 = any [ br0 -> {_27 = Less} (! bb13) | br1 -> {_27 = Equal} (! bb12) | br2 -> {_27 = Greater} (! bb12) ] + | bb12 = s0 [ s0 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_53 <- _ret ] s1) | s1 = bb31 ] + | bb31 = any [ br0 -> {_53 = false} (! bb7) | br1 -> {_53} (! bb32) ] | bb32 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_mut {node'0.current} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_46 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_56 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = rotate_right_K {_46} (fun (_ret: ()) -> [ &_45 <- _ret ] s2) + | s1 = rotate_right_K {_56} (fun (_ret: ()) -> [ &_55 <- _ret ] s2) | s2 = bb34 ] | bb34 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_mut {node'0.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_47 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_57 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = delete_rec_K {_47} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_rec_K {_57} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb68 ] - | bb7 = any [ br0 -> {_17 = Less} (! bb8) | br1 -> {_17 = Equal} (! bb11) | br2 -> {_17 = Greater} (! bb10) ] + | bb7 = any [ br0 -> {_27 = Less} (! bb8) | br1 -> {_27 = Equal} (! bb11) | br2 -> {_27 = Greater} (! bb10) ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 @@ -6085,60 +6085,60 @@ module M_impl_Tree_K_V_6__delete_rec (* Tree *) | s4 = {false} any ] | bb10 = s0 [ s0 = as_ref_Box_Node_K_V_Global {node'0.current.right.node} - (fun (_ret: t_Option_ref_Box_Node_K_V_Global'0) -> [ &_86 <- _ret ] s1) + (fun (_ret: t_Option_ref_Box_Node_K_V_Global'0) -> [ &_96 <- _ret ] s1) | s1 = bb55 ] | bb55 = s0 - [ s0 = branch_Option_ref_Box_Node_K_V_Global {_86} - (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_85 <- _ret ] s1) + [ s0 = branch_Option_ref_Box_Node_K_V_Global {_96} + (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_95 <- _ret ] s1) | s1 = bb56 ] | bb56 = any - [ br0 (x0: t_Node_K_V) -> {_85 = Continue x0} (! bb59) - | br1 (x0: t_Option_Infallible) -> {_85 = Break x0} (! bb58) ] + [ br0 (x0: t_Node_K_V) -> {_95 = Continue x0} (! bb59) + | br1 (x0: t_Option_Infallible) -> {_95 = Break x0} (! bb58) ] | bb58 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 | s2 = bb60 ] | bb60 = s0 - [ s0 = elim_Break {_85} (fun (r0: t_Option_Infallible) -> [ &residual'0 <- r0 ] s1) + [ s0 = elim_Break {_95} (fun (r0: t_Option_Infallible) -> [ &residual'0 <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_Tree_K_V'0 self} s2 | s2 = -{resolve_ref_Tree_K_V self}- s3 | s3 = from_residual_Option_tup2_K_V {residual'0} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s4) | s4 = bb73 ] | bb59 = s0 - [ s0 = elim_Continue {_85} (fun (r0: t_Node_K_V) -> [ &val''1 <- r0 ] s1) - | s1 = [ &_84 <- val''1 ] s2 - | s2 = is_red_K {_84.left} (fun (_ret: bool) -> [ &_82 <- _ret ] s3) + [ s0 = elim_Continue {_95} (fun (r0: t_Node_K_V) -> [ &val''1 <- r0 ] s1) + | s1 = [ &_94 <- val''1 ] s2 + | s2 = is_red_K {_94.left} (fun (_ret: bool) -> [ &_92 <- _ret ] s3) | s3 = bb62 ] - | bb62 = any [ br0 -> {_82 = false} (! bb64) | br1 -> {_82} (! bb66) ] + | bb62 = any [ br0 -> {_92 = false} (! bb64) | br1 -> {_92} (! bb66) ] | bb64 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_95 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_105 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = move_red_right_K {_95} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_94 <- _ret ] s2) + | s1 = move_red_right_K {_105} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_104 <- _ret ] s2) | s2 = bb65 ] | bb65 = s0 - [ s0 = {inv_Node_K_V _94.current} - MutBorrow.borrow_final {_94.current} {MutBorrow.get_id _94} + [ s0 = {inv_Node_K_V _104.current} + MutBorrow.borrow_final {_104.current} {MutBorrow.get_id _104} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_93 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_94 <- { _94 with current = _ret.final } ] s1) + [ &_103 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_104 <- { _104 with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s2 | s2 = -{resolve_ref_Node_K_V node'0}- s3 - | s3 = [ &node'0 <- _93 ] s4 - | s4 = {[@expl:type invariant] inv_ref_Node_K_V _94} s5 - | s5 = -{resolve_ref_Node_K_V _94}- s6 + | s3 = [ &node'0 <- _103 ] s4 + | s4 = {[@expl:type invariant] inv_ref_Node_K_V _104} s5 + | s5 = -{resolve_ref_Node_K_V _104}- s6 | s6 = bb66 ] | bb66 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_mut {node'0.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_96 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_106 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = delete_rec_K {_96} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_rec_K {_106} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb68 ] | bb11 = s0 - [ s0 = [ &_58 <- node'0.current.right.node ] s1 - | s1 = any [ br0 -> {_58 = None} (! bb43) | br1 (x0: t_Node_K_V) -> {_58 = Some x0} (! bb42) ] ] + [ s0 = [ &_68 <- node'0.current.right.node ] s1 + | s1 = any [ br0 -> {_68 = None} (! bb43) | br1 (x0: t_Node_K_V) -> {_68 = Some x0} (! bb42) ] ] | bb43 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 @@ -6146,183 +6146,183 @@ module M_impl_Tree_K_V_6__delete_rec (* Tree *) MutBorrow.borrow_final {self.current.node} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_53 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_63 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { node = _ret.final } } ] s3) - | s3 = {inv_Option_Box_Node_K_V_Global _53.current} - MutBorrow.borrow_final {_53.current} {MutBorrow.get_id _53} + | s3 = {inv_Option_Box_Node_K_V_Global _63.current} + MutBorrow.borrow_final {_63.current} {MutBorrow.get_id _63} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_52 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- - [ &_53 <- { _53 with current = _ret.final } ] s4) - | s4 = take_Option_Box_Node_K_V_Global {_52} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_51 <- _ret ] s5) + [ &_62 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_63 <- { _63 with current = _ret.final } ] s4) + | s4 = take_Option_Box_Node_K_V_Global {_62} (fun (_ret: t_Option_Box_Node_K_V_Global) -> [ &_61 <- _ret ] s5) | s5 = bb36 ] | bb36 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _53} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _53}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _63} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _63}- s2 | s2 = {[@expl:type invariant] inv_ref_Tree_K_V'0 self} s3 | s3 = -{resolve_ref_Tree_K_V self}- s4 - | s4 = unwrap_Box_Node_K_V_Global {_51} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) + | s4 = unwrap_Box_Node_K_V_Global {_61} (fun (_ret: t_Node_K_V) -> [ &node'1 <- _ret ] s5) | s5 = bb37 ] | bb37 = s0 [ s0 = {[@expl:type invariant] inv_Tree_K_V node'1.right} s1 | s1 = -{resolve_Tree_K_V'0 node'1.right}- s2 | s2 = {[@expl:type invariant] inv_Tree_K_V node'1.left} s3 | s3 = -{resolve_Tree_K_V'0 node'1.left}- s4 - | s4 = [ &_54 <- { f0'1 = node'1.key; f1'1 = node'1.val' } ] s5 + | s4 = [ &_64 <- { f0'1 = node'1.key; f1'1 = node'1.val' } ] s5 | s5 = bb39 ] - | bb39 = s0 [ s0 = [ &_0 <- Some'1 _54 ] s1 | s1 = bb73 ] + | bb39 = s0 [ s0 = [ &_0 <- Some'1 _64 ] s1 | s1 = bb73 ] | bb42 = s0 - [ s0 = elim_Some {_58} (fun (r0: t_Node_K_V) -> [ &right'0 <- r0 ] s1) - | s1 = is_red_K {right'0.left} (fun (_ret: bool) -> [ &_61 <- _ret ] s2) + [ s0 = elim_Some {_68} (fun (r0: t_Node_K_V) -> [ &right'0 <- r0 ] s1) + | s1 = is_red_K {right'0.left} (fun (_ret: bool) -> [ &_71 <- _ret ] s2) | s2 = bb44 ] - | bb44 = any [ br0 -> {_61 = false} (! bb46) | br1 -> {_61} (! bb48) ] + | bb44 = any [ br0 -> {_71 = false} (! bb46) | br1 -> {_71} (! bb48) ] | bb46 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_65 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_75 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = move_red_right_K {_65} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_64 <- _ret ] s2) + | s1 = move_red_right_K {_75} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_74 <- _ret ] s2) | s2 = bb47 ] | bb47 = s0 - [ s0 = {inv_Node_K_V _64.current} - MutBorrow.borrow_final {_64.current} {MutBorrow.get_id _64} + [ s0 = {inv_Node_K_V _74.current} + MutBorrow.borrow_final {_74.current} {MutBorrow.get_id _74} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_63 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_64 <- { _64 with current = _ret.final } ] s1) + [ &_73 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_74 <- { _74 with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s2 | s2 = -{resolve_ref_Node_K_V node'0}- s3 - | s3 = [ &node'0 <- _63 ] s4 - | s4 = {[@expl:type invariant] inv_ref_Node_K_V _64} s5 - | s5 = -{resolve_ref_Node_K_V _64}- s6 + | s3 = [ &node'0 <- _73 ] s4 + | s4 = {[@expl:type invariant] inv_ref_Node_K_V _74} s5 + | s5 = -{resolve_ref_Node_K_V _74}- s6 | s6 = bb48 ] | bb48 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_mut {node'0.current.right} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_67 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_77 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = delete_min_rec_K {_67} (fun (_ret: tup2_K_V) -> [ &kv <- _ret ] s2) + | s1 = delete_min_rec_K {_77} (fun (_ret: tup2_K_V) -> [ &kv <- _ret ] s2) | s2 = bb49 ] - | bb49 = s0 [ s0 = [ &_68 <- () ] s1 | s1 = bb50 ] + | bb49 = s0 [ s0 = [ &_78 <- () ] s1 | s1 = bb50 ] | bb50 = s0 [ s0 = {inv_K node'0.current.key} MutBorrow.borrow_mut {node'0.current.key} (fun (_ret: MutBorrow.t t_K) -> - [ &_72 <- _ret ] -{inv_K _ret.final}- + [ &_82 <- _ret ] -{inv_K _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with key = _ret.final } } ] s1) | s1 = {inv_K kv.f0'1} MutBorrow.borrow_mut {kv.f0'1} (fun (_ret: MutBorrow.t t_K) -> - [ &_74 <- _ret ] -{inv_K _ret.final}- + [ &_84 <- _ret ] -{inv_K _ret.final}- [ &kv <- { kv with f0'1 = _ret.final } ] s2) - | s2 = {inv_K _72.current} - MutBorrow.borrow_final {_72.current} {MutBorrow.get_id _72} + | s2 = {inv_K _82.current} + MutBorrow.borrow_final {_82.current} {MutBorrow.get_id _82} (fun (_ret: MutBorrow.t t_K) -> - [ &_71 <- _ret ] -{inv_K _ret.final}- - [ &_72 <- { _72 with current = _ret.final } ] s3) - | s3 = {inv_K _74.current} - MutBorrow.borrow_final {_74.current} {MutBorrow.get_id _74} + [ &_81 <- _ret ] -{inv_K _ret.final}- + [ &_82 <- { _82 with current = _ret.final } ] s3) + | s3 = {inv_K _84.current} + MutBorrow.borrow_final {_84.current} {MutBorrow.get_id _84} (fun (_ret: MutBorrow.t t_K) -> - [ &_73 <- _ret ] -{inv_K _ret.final}- - [ &_74 <- { _74 with current = _ret.final } ] s4) - | s4 = swap_K {_71} {_73} (fun (_ret: ()) -> [ &_70 <- _ret ] s5) + [ &_83 <- _ret ] -{inv_K _ret.final}- + [ &_84 <- { _84 with current = _ret.final } ] s4) + | s4 = swap_K {_81} {_83} (fun (_ret: ()) -> [ &_80 <- _ret ] s5) | s5 = bb51 ] | bb51 = s0 - [ s0 = {[@expl:type invariant] inv_ref_K'0 _74} s1 - | s1 = -{resolve_ref_K _74}- s2 - | s2 = {[@expl:type invariant] inv_ref_K'0 _72} s3 - | s3 = -{resolve_ref_K _72}- s4 + [ s0 = {[@expl:type invariant] inv_ref_K'0 _84} s1 + | s1 = -{resolve_ref_K _84}- s2 + | s2 = {[@expl:type invariant] inv_ref_K'0 _82} s3 + | s3 = -{resolve_ref_K _82}- s4 | s4 = {inv_V node'0.current.val'} MutBorrow.borrow_mut {node'0.current.val'} (fun (_ret: MutBorrow.t t_V) -> - [ &_77 <- _ret ] -{inv_V _ret.final}- + [ &_87 <- _ret ] -{inv_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with val' = _ret.final } } ] s5) | s5 = {inv_V kv.f1'1} MutBorrow.borrow_mut {kv.f1'1} (fun (_ret: MutBorrow.t t_V) -> - [ &_79 <- _ret ] -{inv_V _ret.final}- + [ &_89 <- _ret ] -{inv_V _ret.final}- [ &kv <- { kv with f1'1 = _ret.final } ] s6) - | s6 = {inv_V _77.current} - MutBorrow.borrow_final {_77.current} {MutBorrow.get_id _77} + | s6 = {inv_V _87.current} + MutBorrow.borrow_final {_87.current} {MutBorrow.get_id _87} (fun (_ret: MutBorrow.t t_V) -> - [ &_76 <- _ret ] -{inv_V _ret.final}- - [ &_77 <- { _77 with current = _ret.final } ] s7) - | s7 = {inv_V _79.current} - MutBorrow.borrow_final {_79.current} {MutBorrow.get_id _79} + [ &_86 <- _ret ] -{inv_V _ret.final}- + [ &_87 <- { _87 with current = _ret.final } ] s7) + | s7 = {inv_V _89.current} + MutBorrow.borrow_final {_89.current} {MutBorrow.get_id _89} (fun (_ret: MutBorrow.t t_V) -> - [ &_78 <- _ret ] -{inv_V _ret.final}- - [ &_79 <- { _79 with current = _ret.final } ] s8) - | s8 = swap_V {_76} {_78} (fun (_ret: ()) -> [ &_75 <- _ret ] s9) + [ &_88 <- _ret ] -{inv_V _ret.final}- + [ &_89 <- { _89 with current = _ret.final } ] s8) + | s8 = swap_V {_86} {_88} (fun (_ret: ()) -> [ &_85 <- _ret ] s9) | s9 = bb52 ] | bb52 = s0 - [ s0 = {[@expl:type invariant] inv_ref_V _79} s1 - | s1 = -{resolve_ref_V _79}- s2 - | s2 = {[@expl:type invariant] inv_ref_V _77} s3 - | s3 = -{resolve_ref_V _77}- s4 + [ s0 = {[@expl:type invariant] inv_ref_V _89} s1 + | s1 = -{resolve_ref_V _89}- s2 + | s2 = {[@expl:type invariant] inv_ref_V _87} s3 + | s3 = -{resolve_ref_V _87}- s4 | s4 = [ &r <- Some'1 kv ] s5 | s5 = bb68 ] - | bb13 = s0 [ s0 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_25 <- _ret ] s1) | s1 = bb14 ] - | bb14 = any [ br0 -> {_25 = false} (! bb16) | br1 -> {_25} (! bb29) ] + | bb13 = s0 [ s0 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_35 <- _ret ] s1) | s1 = bb14 ] + | bb14 = any [ br0 -> {_35 = false} (! bb16) | br1 -> {_35} (! bb29) ] | bb16 = s0 [ s0 = as_ref_Box_Node_K_V_Global {node'0.current.left.node} - (fun (_ret: t_Option_ref_Box_Node_K_V_Global'0) -> [ &_31 <- _ret ] s1) + (fun (_ret: t_Option_ref_Box_Node_K_V_Global'0) -> [ &_41 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = branch_Option_ref_Box_Node_K_V_Global {_31} - (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_30 <- _ret ] s1) + [ s0 = branch_Option_ref_Box_Node_K_V_Global {_41} + (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_40 <- _ret ] s1) | s1 = bb18 ] | bb18 = any - [ br0 (x0: t_Node_K_V) -> {_30 = Continue x0} (! bb21) - | br1 (x0: t_Option_Infallible) -> {_30 = Break x0} (! bb20) ] + [ br0 (x0: t_Node_K_V) -> {_40 = Continue x0} (! bb21) + | br1 (x0: t_Option_Infallible) -> {_40 = Break x0} (! bb20) ] | bb20 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 | s1 = -{resolve_ref_Node_K_V node'0}- s2 | s2 = bb22 ] | bb22 = s0 - [ s0 = elim_Break {_30} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_40} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_Tree_K_V'0 self} s2 | s2 = -{resolve_ref_Tree_K_V self}- s3 | s3 = from_residual_Option_tup2_K_V {residual} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s4) | s4 = bb73 ] | bb21 = s0 - [ s0 = elim_Continue {_30} (fun (r0: t_Node_K_V) -> [ &val''0 <- r0 ] s1) - | s1 = [ &_29 <- val''0 ] s2 - | s2 = is_red_K {_29.left} (fun (_ret: bool) -> [ &_27 <- _ret ] s3) + [ s0 = elim_Continue {_40} (fun (r0: t_Node_K_V) -> [ &val''0 <- r0 ] s1) + | s1 = [ &_39 <- val''0 ] s2 + | s2 = is_red_K {_39.left} (fun (_ret: bool) -> [ &_37 <- _ret ] s3) | s3 = bb24 ] - | bb24 = any [ br0 -> {_27 = false} (! bb26) | br1 -> {_27} (! bb29) ] + | bb24 = any [ br0 -> {_37 = false} (! bb26) | br1 -> {_37} (! bb29) ] | bb26 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_40 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_50 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = move_red_left_K {_40} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_39 <- _ret ] s2) + | s1 = move_red_left_K {_50} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_49 <- _ret ] s2) | s2 = bb27 ] | bb27 = s0 - [ s0 = {inv_Node_K_V _39.current} - MutBorrow.borrow_final {_39.current} {MutBorrow.get_id _39} + [ s0 = {inv_Node_K_V _49.current} + MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_38 <- _ret ] -{inv_Node_K_V _ret.final}- - [ &_39 <- { _39 with current = _ret.final } ] s1) + [ &_48 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_49 <- { _49 with current = _ret.final } ] s1) | s1 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s2 | s2 = -{resolve_ref_Node_K_V node'0}- s3 - | s3 = [ &node'0 <- _38 ] s4 - | s4 = {[@expl:type invariant] inv_ref_Node_K_V _39} s5 - | s5 = -{resolve_ref_Node_K_V _39}- s6 + | s3 = [ &node'0 <- _48 ] s4 + | s4 = {[@expl:type invariant] inv_ref_Node_K_V _49} s5 + | s5 = -{resolve_ref_Node_K_V _49}- s6 | s6 = bb29 ] | bb29 = s0 [ s0 = {inv_Tree_K_V node'0.current.left} MutBorrow.borrow_mut {node'0.current.left} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_41 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_51 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with left = _ret.final } } ] s1) - | s1 = delete_rec_K {_41} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_rec_K {_51} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb68 ] | bb68 = s0 [ s0 = {inv_Node_K_V node'0.current} MutBorrow.borrow_final {node'0.current} {MutBorrow.get_id node'0} (fun (_ret: MutBorrow.t t_Node_K_V) -> - [ &_99 <- _ret ] -{inv_Node_K_V _ret.final}- + [ &_109 <- _ret ] -{inv_Node_K_V _ret.final}- [ &node'0 <- { node'0 with current = _ret.final } ] s1) - | s1 = balance_K {_99} (fun (_ret: ()) -> [ &_98 <- _ret ] s2) + | s1 = balance_K {_109} (fun (_ret: ()) -> [ &_108 <- _ret ] s2) | s2 = bb69 ] | bb69 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_K_V node'0} s1 @@ -6336,64 +6336,64 @@ module M_impl_Tree_K_V_6__delete_rec (* Tree *) | & self: MutBorrow.t t_Tree_K_V = self | & key'0: t_K = key'0 | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _12: MutBorrow.t t_Node_K_V = Any.any_l () - | & _13: MutBorrow.t t_Node_K_V = Any.any_l () - | & _14: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _15: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _22: MutBorrow.t t_Node_K_V = Any.any_l () + | & _23: MutBorrow.t t_Node_K_V = Any.any_l () + | & _24: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _25: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & r: t_Option_tup2_K_V = Any.any_l () - | & _17: t_Ordering = Any.any_l () - | & _20: t_K = Any.any_l () - | & _25: bool = Any.any_l () - | & _27: bool = Any.any_l () - | & _29: t_Node_K_V = Any.any_l () - | & _30: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () - | & _31: t_Option_ref_Box_Node_K_V_Global'0 = Any.any_l () + | & _27: t_Ordering = Any.any_l () + | & _30: t_K = Any.any_l () + | & _35: bool = Any.any_l () + | & _37: bool = Any.any_l () + | & _39: t_Node_K_V = Any.any_l () + | & _40: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () + | & _41: t_Option_ref_Box_Node_K_V_Global'0 = Any.any_l () | & residual: t_Option_Infallible = Any.any_l () | & val''0: t_Node_K_V = Any.any_l () - | & _38: MutBorrow.t t_Node_K_V = Any.any_l () - | & _39: MutBorrow.t t_Node_K_V = Any.any_l () - | & _40: MutBorrow.t t_Node_K_V = Any.any_l () - | & _41: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _43: bool = Any.any_l () - | & _45: () = Any.any_l () - | & _46: MutBorrow.t t_Node_K_V = Any.any_l () - | & _47: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _48: MutBorrow.t t_Node_K_V = Any.any_l () + | & _49: MutBorrow.t t_Node_K_V = Any.any_l () + | & _50: MutBorrow.t t_Node_K_V = Any.any_l () + | & _51: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _53: bool = Any.any_l () + | & _55: () = Any.any_l () + | & _56: MutBorrow.t t_Node_K_V = Any.any_l () + | & _57: MutBorrow.t t_Tree_K_V = Any.any_l () | & node'1: t_Node_K_V = Any.any_l () - | & _51: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _52: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _53: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _54: tup2_K_V = Any.any_l () + | & _61: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _62: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _63: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _64: tup2_K_V = Any.any_l () | & right'0: t_Node_K_V = Any.any_l () - | & _58: t_Option_Box_Node_K_V_Global = Any.any_l () - | & _61: bool = Any.any_l () - | & _63: MutBorrow.t t_Node_K_V = Any.any_l () - | & _64: MutBorrow.t t_Node_K_V = Any.any_l () - | & _65: MutBorrow.t t_Node_K_V = Any.any_l () + | & _68: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _71: bool = Any.any_l () + | & _73: MutBorrow.t t_Node_K_V = Any.any_l () + | & _74: MutBorrow.t t_Node_K_V = Any.any_l () + | & _75: MutBorrow.t t_Node_K_V = Any.any_l () | & kv: tup2_K_V = Any.any_l () - | & _67: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _68: () = Any.any_l () - | & _70: () = Any.any_l () - | & _71: MutBorrow.t t_K = Any.any_l () - | & _72: MutBorrow.t t_K = Any.any_l () - | & _73: MutBorrow.t t_K = Any.any_l () - | & _74: MutBorrow.t t_K = Any.any_l () - | & _75: () = Any.any_l () - | & _76: MutBorrow.t t_V = Any.any_l () - | & _77: MutBorrow.t t_V = Any.any_l () - | & _78: MutBorrow.t t_V = Any.any_l () - | & _79: MutBorrow.t t_V = Any.any_l () - | & _82: bool = Any.any_l () - | & _84: t_Node_K_V = Any.any_l () - | & _85: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () - | & _86: t_Option_ref_Box_Node_K_V_Global'0 = Any.any_l () + | & _77: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _78: () = Any.any_l () + | & _80: () = Any.any_l () + | & _81: MutBorrow.t t_K = Any.any_l () + | & _82: MutBorrow.t t_K = Any.any_l () + | & _83: MutBorrow.t t_K = Any.any_l () + | & _84: MutBorrow.t t_K = Any.any_l () + | & _85: () = Any.any_l () + | & _86: MutBorrow.t t_V = Any.any_l () + | & _87: MutBorrow.t t_V = Any.any_l () + | & _88: MutBorrow.t t_V = Any.any_l () + | & _89: MutBorrow.t t_V = Any.any_l () + | & _92: bool = Any.any_l () + | & _94: t_Node_K_V = Any.any_l () + | & _95: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () + | & _96: t_Option_ref_Box_Node_K_V_Global'0 = Any.any_l () | & residual'0: t_Option_Infallible = Any.any_l () | & val''1: t_Node_K_V = Any.any_l () - | & _93: MutBorrow.t t_Node_K_V = Any.any_l () - | & _94: MutBorrow.t t_Node_K_V = Any.any_l () - | & _95: MutBorrow.t t_Node_K_V = Any.any_l () - | & _96: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _98: () = Any.any_l () - | & _99: MutBorrow.t t_Node_K_V = Any.any_l () ]) + | & _103: MutBorrow.t t_Node_K_V = Any.any_l () + | & _104: MutBorrow.t t_Node_K_V = Any.any_l () + | & _105: MutBorrow.t t_Node_K_V = Any.any_l () + | & _106: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _108: () = Any.any_l () + | & _109: MutBorrow.t t_Node_K_V = Any.any_l () ]) [ return (result: t_Option_tup2_K_V) -> {[@expl:delete_rec result type invariant] inv_Option_tup2_K_V result} {[@expl:delete_rec ensures #0] internal_invariant_K'0 self.final} {[@expl:delete_rec ensures #1] height_K self.current = height_K self.final} @@ -7122,32 +7122,32 @@ module M_impl_Map_K_V__insert (* Map *) {[@expl:insert 'key' type invariant] inv_K key'0} {[@expl:insert 'val' type invariant] inv_V val''0} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_8 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_Tree_K_V self.current.f0} MutBorrow.borrow_mut {self.current.f0} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_8 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_11 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = insert_rec_K {_8} {key'0} {val''0} (fun (_ret: ()) -> [ &_7 <- _ret ] s2) + | s1 = insert_rec_K {_11} {key'0} {val''0} (fun (_ret: ()) -> [ &_10 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = [ &_11 <- Black ] s1 + [ s0 = [ &_14 <- Black ] s1 | s1 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_final {self.current.f0.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_14 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_17 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s2) - | s2 = as_mut_Box_Node_K_V_Global {_14} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_13 <- _ret ] s3) + | s2 = as_mut_Box_Node_K_V_Global {_17} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_16 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_13} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_12 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_16} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_15 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_12 <- { _12 with current = { _12.current with color = _11 } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _12} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _12}- s3 + [ s0 = [ &_15 <- { _15 with current = { _15.current with color = _14 } } ] s1 + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _15} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _15}- s3 | s3 = {[@expl:type invariant] inv_ref_Map_K_V self} s4 | s4 = -{resolve_ref_Map_K_V self}- s5 | s5 = bb6 ] @@ -7156,13 +7156,13 @@ module M_impl_Map_K_V__insert (* Map *) | & self: MutBorrow.t t_Map_K_V = self | & key'0: t_K = key'0 | & val''0: t_V = val''0 - | & _5: () = Any.any_l () - | & _7: () = Any.any_l () - | & _8: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _11: t_Color = Any.any_l () - | & _12: MutBorrow.t t_Node_K_V = Any.any_l () - | & _13: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _14: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _8: () = Any.any_l () + | & _10: () = Any.any_l () + | & _11: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _14: t_Color = Any.any_l () + | & _15: MutBorrow.t t_Node_K_V = Any.any_l () + | & _16: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _17: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:insert ensures] view_Map_K_V self.final = Map.set (view_Map_K_V self.current) (deep_model_K key'0) (Some'0 val''0)} (! return {result}) ] @@ -7583,36 +7583,36 @@ module M_impl_Map_K_V__delete_max (* Map *) [ s0 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_mut {self.current.f0.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_6 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_7 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_6} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_5 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_7} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = branch_Option_ref_Box_Node_K_V_Global {_5} - (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_4 <- _ret ] s1) + [ s0 = branch_Option_ref_Box_Node_K_V_Global {_6} + (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_5 <- _ret ] s1) | s1 = bb2 ] | bb2 = any - [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_4 = Continue x0} (! bb5) - | br1 (x0: t_Option_Infallible) -> {_4 = Break x0} (! bb6) ] + [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_5 = Continue x0} (! bb5) + | br1 (x0: t_Option_Infallible) -> {_5 = Break x0} (! bb6) ] | bb6 = s0 - [ s0 = elim_Break {_4} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_5} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_Map_K_V self} s2 | s2 = -{resolve_ref_Map_K_V self}- s3 | s3 = from_residual_Option_tup2_K_V {residual} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s4) | s4 = bb22 ] | bb5 = s0 - [ s0 = elim_Continue {_4} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) + [ s0 = elim_Continue {_5} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) | s1 = [ &node'0 <- val''0 ] s2 - | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_13 <- _ret ] s3) + | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_14 <- _ret ] s3) | s3 = bb8 ] - | bb8 = any [ br0 -> {_13 = false} (! bb10) | br1 -> {_13} (! bb9) ] + | bb8 = any [ br0 -> {_14 = false} (! bb10) | br1 -> {_14} (! bb9) ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s1 | s1 = -{resolve_ref_Box_Node_K_V_Global node'0}- s2 | s2 = bb11 ] | bb10 = s0 - [ s0 = [ &_15 <- Red ] s1 - | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _15 } } ] s2 + [ s0 = [ &_16 <- Red ] s1 + | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _16 } } ] s2 | s2 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s3 | s3 = -{resolve_ref_Box_Node_K_V_Global node'0}- s4 | s4 = bb11 ] @@ -7620,55 +7620,55 @@ module M_impl_Map_K_V__delete_max (* Map *) [ s0 = {inv_Tree_K_V self.current.f0} MutBorrow.borrow_mut {self.current.f0} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_17 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_18 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = delete_max_rec_K {_17} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_max_rec_K {_18} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb12 ] - | bb12 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_19 <- _ret ] s1) | s1 = bb13 ] - | bb13 = any [ br0 -> {_19 = false} (! bb17) | br1 -> {_19} (! bb14) ] + | bb12 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_20 <- _ret ] s1) | s1 = bb13 ] + | bb13 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb14) ] | bb14 = s0 - [ s0 = [ &_21 <- Black ] s1 + [ s0 = [ &_22 <- Black ] s1 | s1 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_final {self.current.f0.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_24 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_25 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s2) - | s2 = as_mut_Box_Node_K_V_Global {_24} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_23 <- _ret ] s3) + | s2 = as_mut_Box_Node_K_V_Global {_25} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_24 <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_23} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_22 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_24} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_23 <- _ret ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = [ &_22 <- { _22 with current = { _22.current with color = _21 } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _22} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _22}- s3 + [ s0 = [ &_23 <- { _23 with current = { _23.current with color = _22 } } ] s1 + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _23} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _23}- s3 | s3 = {[@expl:type invariant] inv_ref_Map_K_V self} s4 | s4 = -{resolve_ref_Map_K_V self}- s5 | s5 = bb18 ] | bb17 = s0 [ s0 = {[@expl:type invariant] inv_ref_Map_K_V self} s1 | s1 = -{resolve_ref_Map_K_V self}- s2 | s2 = bb18 ] - | bb18 = s0 [ s0 = [ &_25 <- () ] s1 | s1 = bb19 ] + | bb18 = s0 [ s0 = [ &_26 <- () ] s1 | s1 = bb19 ] | bb19 = s0 [ s0 = [ &_0 <- Some'2 r ] s1 | s1 = bb22 ] | bb22 = return {_0} ] [ & _0: t_Option_tup2_K_V = Any.any_l () | & self: MutBorrow.t t_Map_K_V = self | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _4: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () - | & _5: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _6: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _5: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () + | & _6: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _7: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & residual: t_Option_Infallible = Any.any_l () | & val''0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _13: bool = Any.any_l () - | & _15: t_Color = Any.any_l () + | & _14: bool = Any.any_l () + | & _16: t_Color = Any.any_l () | & r: tup2_K_V = Any.any_l () - | & _17: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _19: bool = Any.any_l () - | & _21: t_Color = Any.any_l () - | & _22: MutBorrow.t t_Node_K_V = Any.any_l () - | & _23: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _24: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () - | & _25: () = Any.any_l () ]) + | & _18: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _20: bool = Any.any_l () + | & _22: t_Color = Any.any_l () + | & _23: MutBorrow.t t_Node_K_V = Any.any_l () + | & _24: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _25: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _26: () = Any.any_l () ]) [ return (result: t_Option_tup2_K_V) -> {[@expl:delete_max result type invariant] inv_Option_tup2_K_V result} {[@expl:delete_max ensures] match result with | Some'2 {f0'0 = k; f1'0 = v} -> Map.get (view_Map_K_V self.current) (deep_model_K k) = Some'3 v @@ -8092,41 +8092,41 @@ module M_impl_Map_K_V__delete_min (* Map *) let rec delete_min_K (self: MutBorrow.t t_Map_K_V) (return (x: t_Option_tup2_K_V)) = {[@expl:delete_min 'self' type invariant] inv_ref_Map_K_V self} (! bb0 - [ bb0 = s0 [ s0 = [ &_3 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_4 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_mut {self.current.f0.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_8 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_9 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_8} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_7 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_9} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_8 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = branch_Option_ref_Box_Node_K_V_Global {_7} - (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_6 <- _ret ] s1) + [ s0 = branch_Option_ref_Box_Node_K_V_Global {_8} + (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] | bb3 = any - [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_6 = Continue x0} (! bb6) - | br1 (x0: t_Option_Infallible) -> {_6 = Break x0} (! bb7) ] + [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_7 = Continue x0} (! bb6) + | br1 (x0: t_Option_Infallible) -> {_7 = Break x0} (! bb7) ] | bb7 = s0 - [ s0 = elim_Break {_6} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_7} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_Map_K_V self} s2 | s2 = -{resolve_ref_Map_K_V self}- s3 | s3 = from_residual_Option_tup2_K_V {residual} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s4) | s4 = bb22 ] | bb6 = s0 - [ s0 = elim_Continue {_6} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) + [ s0 = elim_Continue {_7} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) | s1 = [ &node'0 <- val''0 ] s2 - | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_15 <- _ret ] s3) + | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_16 <- _ret ] s3) | s3 = bb9 ] - | bb9 = any [ br0 -> {_15 = false} (! bb11) | br1 -> {_15} (! bb10) ] + | bb9 = any [ br0 -> {_16 = false} (! bb11) | br1 -> {_16} (! bb10) ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s1 | s1 = -{resolve_ref_Box_Node_K_V_Global node'0}- s2 | s2 = bb12 ] | bb11 = s0 - [ s0 = [ &_17 <- Red ] s1 - | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _17 } } ] s2 + [ s0 = [ &_18 <- Red ] s1 + | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _18 } } ] s2 | s2 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s3 | s3 = -{resolve_ref_Box_Node_K_V_Global node'0}- s4 | s4 = bb12 ] @@ -8134,29 +8134,29 @@ module M_impl_Map_K_V__delete_min (* Map *) [ s0 = {inv_Tree_K_V self.current.f0} MutBorrow.borrow_mut {self.current.f0} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_19 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_20 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = delete_min_rec_K {_19} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_min_rec_K {_20} (fun (_ret: tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_21 <- _ret ] s1) | s1 = bb14 ] - | bb14 = any [ br0 -> {_21 = false} (! bb18) | br1 -> {_21} (! bb15) ] + | bb13 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_22 <- _ret ] s1) | s1 = bb14 ] + | bb14 = any [ br0 -> {_22 = false} (! bb18) | br1 -> {_22} (! bb15) ] | bb15 = s0 - [ s0 = [ &_23 <- Black ] s1 + [ s0 = [ &_24 <- Black ] s1 | s1 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_final {self.current.f0.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_26 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_27 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s2) - | s2 = as_mut_Box_Node_K_V_Global {_26} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_25 <- _ret ] s3) + | s2 = as_mut_Box_Node_K_V_Global {_27} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_26 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_25} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_24 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_26} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_25 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &_24 <- { _24 with current = { _24.current with color = _23 } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _24} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _24}- s3 + [ s0 = [ &_25 <- { _25 with current = { _25.current with color = _24 } } ] s1 + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _25} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _25}- s3 | s3 = {[@expl:type invariant] inv_ref_Map_K_V self} s4 | s4 = -{resolve_ref_Map_K_V self}- s5 | s5 = bb19 ] @@ -8166,22 +8166,22 @@ module M_impl_Map_K_V__delete_min (* Map *) | bb22 = return {_0} ] [ & _0: t_Option_tup2_K_V = Any.any_l () | & self: MutBorrow.t t_Map_K_V = self - | & _3: () = Any.any_l () + | & _4: () = Any.any_l () | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _6: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () - | & _7: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _8: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _7: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () + | & _8: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _9: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & residual: t_Option_Infallible = Any.any_l () | & val''0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _15: bool = Any.any_l () - | & _17: t_Color = Any.any_l () + | & _16: bool = Any.any_l () + | & _18: t_Color = Any.any_l () | & r: tup2_K_V = Any.any_l () - | & _19: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _21: bool = Any.any_l () - | & _23: t_Color = Any.any_l () - | & _24: MutBorrow.t t_Node_K_V = Any.any_l () - | & _25: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _26: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _20: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _22: bool = Any.any_l () + | & _24: t_Color = Any.any_l () + | & _25: MutBorrow.t t_Node_K_V = Any.any_l () + | & _26: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _27: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: t_Option_tup2_K_V) -> {[@expl:delete_min result type invariant] inv_Option_tup2_K_V result} {[@expl:delete_min ensures] match result with | Some'3 {f0'0 = k; f1'0 = v} -> Map.get (view_Map_K_V self.current) (deep_model_K k) = Some'0 v @@ -8621,41 +8621,41 @@ module M_impl_Map_K_V__delete (* Map *) {[@expl:delete 'self' type invariant] inv_ref_Map_K_V self} {[@expl:delete 'key' type invariant] inv_ref_K key'0} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_9 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_mut {self.current.f0.node} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_10 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_14 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s1) - | s1 = as_mut_Box_Node_K_V_Global {_10} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_9 <- _ret ] s2) + | s1 = as_mut_Box_Node_K_V_Global {_14} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_13 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = branch_Option_ref_Box_Node_K_V_Global {_9} - (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_8 <- _ret ] s1) + [ s0 = branch_Option_ref_Box_Node_K_V_Global {_13} + (fun (_ret: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global) -> [ &_12 <- _ret ] s1) | s1 = bb3 ] | bb3 = any - [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_8 = Continue x0} (! bb6) - | br1 (x0: t_Option_Infallible) -> {_8 = Break x0} (! bb7) ] + [ br0 (x0: MutBorrow.t t_Node_K_V) -> {_12 = Continue x0} (! bb6) + | br1 (x0: t_Option_Infallible) -> {_12 = Break x0} (! bb7) ] | bb7 = s0 - [ s0 = elim_Break {_8} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) + [ s0 = elim_Break {_12} (fun (r0: t_Option_Infallible) -> [ &residual <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_Map_K_V self} s2 | s2 = -{resolve_ref_Map_K_V self}- s3 | s3 = from_residual_Option_tup2_K_V {residual} (fun (_ret: t_Option_tup2_K_V) -> [ &_0 <- _ret ] s4) | s4 = bb21 ] | bb6 = s0 - [ s0 = elim_Continue {_8} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) + [ s0 = elim_Continue {_12} (fun (r0: MutBorrow.t t_Node_K_V) -> [ &val''0 <- r0 ] s1) | s1 = [ &node'0 <- val''0 ] s2 - | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_17 <- _ret ] s3) + | s2 = is_red_K {node'0.current.left} (fun (_ret: bool) -> [ &_21 <- _ret ] s3) | s3 = bb9 ] - | bb9 = any [ br0 -> {_17 = false} (! bb11) | br1 -> {_17} (! bb10) ] + | bb9 = any [ br0 -> {_21 = false} (! bb11) | br1 -> {_21} (! bb10) ] | bb10 = s0 [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s1 | s1 = -{resolve_ref_Box_Node_K_V_Global node'0}- s2 | s2 = bb12 ] | bb11 = s0 - [ s0 = [ &_19 <- Red ] s1 - | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _19 } } ] s2 + [ s0 = [ &_23 <- Red ] s1 + | s1 = [ &node'0 <- { node'0 with current = { node'0.current with color = _23 } } ] s2 | s2 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s3 | s3 = -{resolve_ref_Box_Node_K_V_Global node'0}- s4 | s4 = bb12 ] @@ -8663,29 +8663,29 @@ module M_impl_Map_K_V__delete (* Map *) [ s0 = {inv_Tree_K_V self.current.f0} MutBorrow.borrow_mut {self.current.f0} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_21 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_25 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = delete_rec_K {_21} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) + | s1 = delete_rec_K {_25} {key'0} (fun (_ret: t_Option_tup2_K_V) -> [ &r <- _ret ] s2) | s2 = bb13 ] - | bb13 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_24 <- _ret ] s1) | s1 = bb14 ] - | bb14 = any [ br0 -> {_24 = false} (! bb18) | br1 -> {_24} (! bb15) ] + | bb13 = s0 [ s0 = is_red_K {self.current.f0} (fun (_ret: bool) -> [ &_28 <- _ret ] s1) | s1 = bb14 ] + | bb14 = any [ br0 -> {_28 = false} (! bb18) | br1 -> {_28} (! bb15) ] | bb15 = s0 - [ s0 = [ &_26 <- Black ] s1 + [ s0 = [ &_30 <- Black ] s1 | s1 = {inv_Option_Box_Node_K_V_Global self.current.f0.node} MutBorrow.borrow_final {self.current.f0.node} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id self) 1) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_29 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_33 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &self <- { self with current = { f0 = { node = _ret.final } } } ] s2) - | s2 = as_mut_Box_Node_K_V_Global {_29} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_28 <- _ret ] s3) + | s2 = as_mut_Box_Node_K_V_Global {_33} (fun (_ret: t_Option_ref_Box_Node_K_V_Global) -> [ &_32 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = unwrap_ref_Box_Node_K_V_Global {_28} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_27 <- _ret ] s1) + [ s0 = unwrap_ref_Box_Node_K_V_Global {_32} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &_31 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = [ &_27 <- { _27 with current = { _27.current with color = _26 } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _27} s2 - | s2 = -{resolve_ref_Box_Node_K_V_Global _27}- s3 + [ s0 = [ &_31 <- { _31 with current = { _31.current with color = _30 } } ] s1 + | s1 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global _31} s2 + | s2 = -{resolve_ref_Box_Node_K_V_Global _31}- s3 | s3 = {[@expl:type invariant] inv_ref_Map_K_V self} s4 | s4 = -{resolve_ref_Map_K_V self}- s5 | s5 = bb19 ] @@ -8696,22 +8696,22 @@ module M_impl_Map_K_V__delete (* Map *) [ & _0: t_Option_tup2_K_V = Any.any_l () | & self: MutBorrow.t t_Map_K_V = self | & key'0: t_K = key'0 - | & _5: () = Any.any_l () + | & _9: () = Any.any_l () | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _8: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () - | & _9: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _10: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _12: t_ControlFlow_Option_Infallible_ref_Box_Node_K_V_Global = Any.any_l () + | & _13: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _14: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & residual: t_Option_Infallible = Any.any_l () | & val''0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: t_Color = Any.any_l () + | & _21: bool = Any.any_l () + | & _23: t_Color = Any.any_l () | & r: t_Option_tup2_K_V = Any.any_l () - | & _21: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _24: bool = Any.any_l () - | & _26: t_Color = Any.any_l () - | & _27: MutBorrow.t t_Node_K_V = Any.any_l () - | & _28: t_Option_ref_Box_Node_K_V_Global = Any.any_l () - | & _29: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) + | & _25: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _28: bool = Any.any_l () + | & _30: t_Color = Any.any_l () + | & _31: MutBorrow.t t_Node_K_V = Any.any_l () + | & _32: t_Option_ref_Box_Node_K_V_Global = Any.any_l () + | & _33: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () ]) [ return (result: t_Option_tup2_K_V) -> {[@expl:delete result type invariant] inv_Option_tup2_K_V result} {[@expl:delete ensures #0] match result with | Some'3 {f0'0 = k; f1'0 = v} -> deep_model_K k = deep_model_ref_K key'0 @@ -9006,7 +9006,7 @@ module M_impl_Map_K_V__get (* Map *) {[@expl:get 'self' type invariant] inv_ref_Map_K_V self} {[@expl:get 'key' type invariant] inv_ref_K key'0} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_7 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &tree <- self.f0 ] s1 | s1 = bb2 ] | bb2 = bb2 [ bb2 = {[@expl:loop invariant #0] inv_ref_Tree_K_V tree} @@ -9016,31 +9016,31 @@ module M_impl_Map_K_V__get (* Map *) (! s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_14 <- tree.node ] s1 - | s1 = any [ br0 -> {_14 = None} (! bb14) | br1 (x0: t_Node_K_V) -> {_14 = Some x0} (! bb5) ] ] + [ s0 = [ &_21 <- tree.node ] s1 + | s1 = any [ br0 -> {_21 = None} (! bb14) | br1 (x0: t_Node_K_V) -> {_21 = Some x0} (! bb5) ] ] | bb5 = s0 - [ s0 = elim_Some {_14} (fun (r0: t_Node_K_V) -> [ &node'0 <- r0 ] s1) - | s1 = [ &_20 <- node'0.key ] s2 - | s2 = cmp_K {key'0} {_20} (fun (_ret: t_Ordering) -> [ &_17 <- _ret ] s3) + [ s0 = elim_Some {_21} (fun (r0: t_Node_K_V) -> [ &node'0 <- r0 ] s1) + | s1 = [ &_27 <- node'0.key ] s2 + | s2 = cmp_K {key'0} {_27} (fun (_ret: t_Ordering) -> [ &_24 <- _ret ] s3) | s3 = bb6 ] - | bb6 = any [ br0 -> {_17 = Less} (! bb12) | br1 -> {_17 = Equal} (! bb11) | br2 -> {_17 = Greater} (! bb10) ] - | bb10 = s0 [ s0 = [ &_28 <- node'0.right ] s1 | s1 = [ &tree <- _28 ] s2 | s2 = bb2 ] - | bb12 = s0 [ s0 = [ &_23 <- node'0.left ] s1 | s1 = [ &tree <- _23 ] s2 | s2 = bb2 ] ] ] + | bb6 = any [ br0 -> {_24 = Less} (! bb12) | br1 -> {_24 = Equal} (! bb11) | br2 -> {_24 = Greater} (! bb10) ] + | bb10 = s0 [ s0 = [ &_35 <- node'0.right ] s1 | s1 = [ &tree <- _35 ] s2 | s2 = bb2 ] + | bb12 = s0 [ s0 = [ &_30 <- node'0.left ] s1 | s1 = [ &tree <- _30 ] s2 | s2 = bb2 ] ] ] | bb14 = s0 [ s0 = [ &_0 <- None'1 ] s1 | s1 = bb15 ] - | bb11 = s0 [ s0 = [ &_26 <- node'0.val' ] s1 | s1 = [ &_0 <- Some'1 _26 ] s2 | s2 = bb15 ] + | bb11 = s0 [ s0 = [ &_33 <- node'0.val' ] s1 | s1 = [ &_0 <- Some'1 _33 ] s2 | s2 = bb15 ] | bb15 = return {_0} ] [ & _0: t_Option_ref_V = Any.any_l () | & self: t_Map_K_V = self | & key'0: t_K = key'0 - | & _5: () = Any.any_l () + | & _7: () = Any.any_l () | & tree: t_Tree_K_V = Any.any_l () - | & _14: t_Option_Box_Node_K_V_Global = Any.any_l () + | & _21: t_Option_Box_Node_K_V_Global = Any.any_l () | & node'0: t_Node_K_V = Any.any_l () - | & _17: t_Ordering = Any.any_l () - | & _20: t_K = Any.any_l () - | & _23: t_Tree_K_V = Any.any_l () - | & _26: t_V = Any.any_l () - | & _28: t_Tree_K_V = Any.any_l () ]) + | & _24: t_Ordering = Any.any_l () + | & _27: t_K = Any.any_l () + | & _30: t_Tree_K_V = Any.any_l () + | & _33: t_V = Any.any_l () + | & _35: t_Tree_K_V = Any.any_l () ]) [ return (result: t_Option_ref_V) -> {[@expl:get result type invariant] inv_Option_ref_V result} {[@expl:get ensures] match result with | Some'1 v -> Map.get (view_Map_K_V self) (deep_model_ref_K key'0) = Some'0 v @@ -9387,7 +9387,7 @@ module M_impl_Map_K_V__get_mut (* Map *) {[@expl:get_mut 'self' type invariant] inv_ref_Map_K_V self} {[@expl:get_mut 'key' type invariant] inv_ref_K key'0} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- () ] s1 | s1 = bb1 ] + [ bb0 = s0 [ s0 = [ &_7 <- () ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = {inv_Tree_K_V self.current.f0} MutBorrow.borrow_final {self.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} @@ -9421,86 +9421,86 @@ module M_impl_Map_K_V__get_mut (* Map *) MutBorrow.borrow_final {tree.current.node} {MutBorrow.inherit_id (MutBorrow.get_id tree) 1} (fun (_ret: MutBorrow.t t_Option_Box_Node_K_V_Global) -> - [ &_23 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- + [ &_45 <- _ret ] -{inv_Option_Box_Node_K_V_Global _ret.final}- [ &tree <- { tree with current = { node = _ret.final } } ] s1) | s1 = any - [ br0 -> {_23.current = None} (! bb15) | br1 (x0: t_Node_K_V) -> {_23.current = Some x0} (! bb6) ] ] + [ br0 -> {_45.current = None} (! bb15) | br1 (x0: t_Node_K_V) -> {_45.current = Some x0} (! bb6) ] ] | bb6 = s0 - [ s0 = elim_Some {_23.current} + [ s0 = elim_Some {_45.current} (fun (r0: t_Node_K_V) -> {inv_Box_Node_K_V_Global r0} - MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _23) 1} + MutBorrow.borrow_final {r0} {MutBorrow.inherit_id (MutBorrow.get_id _45) 1} (fun (_ret: MutBorrow.t t_Node_K_V) -> [ &node'0 <- _ret ] -{inv_Box_Node_K_V_Global _ret.final}- - [ &_23 <- { _23 with current = Some _ret.final } ] s1)) - | s1 = [ &_29 <- node'0.current.key ] s2 - | s2 = cmp_K {key'0} {_29} (fun (_ret: t_Ordering) -> [ &_26 <- _ret ] s3) + [ &_45 <- { _45 with current = Some _ret.final } ] s1)) + | s1 = [ &_51 <- node'0.current.key ] s2 + | s2 = cmp_K {key'0} {_51} (fun (_ret: t_Ordering) -> [ &_48 <- _ret ] s3) | s3 = bb7 ] - | bb7 = any [ br0 -> {_26 = Less} (! bb13) | br1 -> {_26 = Equal} (! bb12) | br2 -> {_26 = Greater} (! bb11) ] + | bb7 = any [ br0 -> {_48 = Less} (! bb13) | br1 -> {_48 = Equal} (! bb12) | br2 -> {_48 = Greater} (! bb11) ] | bb11 = s0 [ s0 = {inv_Tree_K_V node'0.current.right} MutBorrow.borrow_final {node'0.current.right} {MutBorrow.inherit_id (MutBorrow.get_id node'0) 5} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_37 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_59 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with right = _ret.final } } ] s1) - | s1 = {inv_Tree_K_V _37.current} - MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} + | s1 = {inv_Tree_K_V _59.current} + MutBorrow.borrow_final {_59.current} {MutBorrow.get_id _59} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_36 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_37 <- { _37 with current = _ret.final } ] s2) + [ &_58 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_59 <- { _59 with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_Tree_K_V tree} s3 | s3 = -{resolve_ref_Tree_K_V tree}- s4 - | s4 = [ &tree <- _36 ] s5 - | s5 = {[@expl:type invariant] inv_ref_Tree_K_V _37} s6 - | s6 = -{resolve_ref_Tree_K_V _37}- s7 + | s4 = [ &tree <- _58 ] s5 + | s5 = {[@expl:type invariant] inv_ref_Tree_K_V _59} s6 + | s6 = -{resolve_ref_Tree_K_V _59}- s7 | s7 = bb14 ] | bb13 = s0 [ s0 = {inv_Tree_K_V node'0.current.left} MutBorrow.borrow_final {node'0.current.left} {MutBorrow.inherit_id (MutBorrow.get_id node'0) 1} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_32 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_54 <- _ret ] -{inv_Tree_K_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with left = _ret.final } } ] s1) - | s1 = {inv_Tree_K_V _32.current} - MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + | s1 = {inv_Tree_K_V _54.current} + MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} (fun (_ret: MutBorrow.t t_Tree_K_V) -> - [ &_31 <- _ret ] -{inv_Tree_K_V _ret.final}- - [ &_32 <- { _32 with current = _ret.final } ] s2) + [ &_53 <- _ret ] -{inv_Tree_K_V _ret.final}- + [ &_54 <- { _54 with current = _ret.final } ] s2) | s2 = {[@expl:type invariant] inv_ref_Tree_K_V tree} s3 | s3 = -{resolve_ref_Tree_K_V tree}- s4 - | s4 = [ &tree <- _31 ] s5 - | s5 = {[@expl:type invariant] inv_ref_Tree_K_V _32} s6 - | s6 = -{resolve_ref_Tree_K_V _32}- s7 + | s4 = [ &tree <- _53 ] s5 + | s5 = {[@expl:type invariant] inv_ref_Tree_K_V _54} s6 + | s6 = -{resolve_ref_Tree_K_V _54}- s7 | s7 = bb14 ] | bb14 = s0 [ s0 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s1 | s1 = -{resolve_ref_Box_Node_K_V_Global node'0}- s2 - | s2 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _23} s3 - | s3 = -{resolve_ref_Option_Box_Node_K_V_Global _23}- s4 + | s2 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _45} s3 + | s3 = -{resolve_ref_Option_Box_Node_K_V_Global _45}- s4 | s4 = bb3 ] ] ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _23} s1 - | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _23}- s2 + [ s0 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _45} s1 + | s1 = -{resolve_ref_Option_Box_Node_K_V_Global _45}- s2 | s2 = [ &_0 <- None'1 ] s3 | s3 = bb16 ] | bb12 = s0 [ s0 = {inv_V node'0.current.val'} MutBorrow.borrow_final {node'0.current.val'} {MutBorrow.inherit_id (MutBorrow.get_id node'0) 4} (fun (_ret: MutBorrow.t t_V) -> - [ &_35 <- _ret ] -{inv_V _ret.final}- + [ &_57 <- _ret ] -{inv_V _ret.final}- [ &node'0 <- { node'0 with current = { node'0.current with val' = _ret.final } } ] s1) - | s1 = {inv_V _35.current} - MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} + | s1 = {inv_V _57.current} + MutBorrow.borrow_final {_57.current} {MutBorrow.get_id _57} (fun (_ret: MutBorrow.t t_V) -> - [ &_34 <- _ret ] -{inv_V _ret.final}- - [ &_35 <- { _35 with current = _ret.final } ] s2) - | s2 = [ &_0 <- Some'1 _34 ] s3 - | s3 = {[@expl:type invariant] inv_ref_V _35} s4 - | s4 = -{resolve_ref_V _35}- s5 + [ &_56 <- _ret ] -{inv_V _ret.final}- + [ &_57 <- { _57 with current = _ret.final } ] s2) + | s2 = [ &_0 <- Some'1 _56 ] s3 + | s3 = {[@expl:type invariant] inv_ref_V _57} s4 + | s4 = -{resolve_ref_V _57}- s5 | s5 = {[@expl:type invariant] inv_ref_Box_Node_K_V_Global node'0} s6 | s6 = -{resolve_ref_Box_Node_K_V_Global node'0}- s7 - | s7 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _23} s8 - | s8 = -{resolve_ref_Option_Box_Node_K_V_Global _23}- s9 + | s7 = {[@expl:type invariant] inv_ref_Option_Box_Node_K_V_Global _45} s8 + | s8 = -{resolve_ref_Option_Box_Node_K_V_Global _45}- s9 | s9 = bb16 ] | bb16 = s0 [ s0 = {[@expl:type invariant] inv_ref_Tree_K_V tree} s1 @@ -9511,19 +9511,19 @@ module M_impl_Map_K_V__get_mut (* Map *) [ & _0: t_Option_ref_V = Any.any_l () | & self: MutBorrow.t t_Map_K_V = self | & key'0: t_K = key'0 - | & _5: () = Any.any_l () + | & _7: () = Any.any_l () | & tree: MutBorrow.t t_Tree_K_V = Any.any_l () | & old_tree: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _23: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () + | & _45: MutBorrow.t t_Option_Box_Node_K_V_Global = Any.any_l () | & node'0: MutBorrow.t t_Node_K_V = Any.any_l () - | & _26: t_Ordering = Any.any_l () - | & _29: t_K = Any.any_l () - | & _31: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _32: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _34: MutBorrow.t t_V = Any.any_l () - | & _35: MutBorrow.t t_V = Any.any_l () - | & _36: MutBorrow.t t_Tree_K_V = Any.any_l () - | & _37: MutBorrow.t t_Tree_K_V = Any.any_l () ]) + | & _48: t_Ordering = Any.any_l () + | & _51: t_K = Any.any_l () + | & _53: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _54: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _56: MutBorrow.t t_V = Any.any_l () + | & _57: MutBorrow.t t_V = Any.any_l () + | & _58: MutBorrow.t t_Tree_K_V = Any.any_l () + | & _59: MutBorrow.t t_Tree_K_V = Any.any_l () ]) [ return (result: t_Option_ref_V) -> {[@expl:get_mut result type invariant] inv_Option_ref_V result} {[@expl:get_mut ensures] match result with | Some'1 v -> Map.get (view_Map_K_V self.current) (deep_model_ref_K key'0) = Some'0 (v.current) diff --git a/tests/should_succeed/resource_algebras/agree.coma b/tests/should_succeed/resource_algebras/agree.coma index 1647d08acb..8fc621a658 100644 --- a/tests/should_succeed/resource_algebras/agree.coma +++ b/tests/should_succeed/resource_algebras/agree.coma @@ -77,12 +77,12 @@ module M_agreement let rec agreement (x: t_Resource_Ag_i32) (y: t_Resource_Ag_i32) (return (x'0: ())) = {[@expl:agreement requires] id_Ag_i32 x = id_Ag_i32 y} (! bb0 - [ bb0 = s0 [ s0 = join_shared_Ag_i32 {x} {y} (fun (_ret: t_Resource_Ag_i32) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = join_shared_Ag_i32 {x} {y} (fun (_ret: t_Resource_Ag_i32) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] | bb1 = return {_0} ] [ & _0: () = Any.any_l () | & x: t_Resource_Ag_i32 = x | & y: t_Resource_Ag_i32 = y - | & _5: t_Resource_Ag_i32 = Any.any_l () ]) + | & _9: t_Resource_Ag_i32 = Any.any_l () ]) [ return (result: ()) -> {[@expl:agreement ensures] view_Resource_Ag_i32 x = view_Resource_Ag_i32 y} (! return {result}) ] end diff --git a/tests/should_succeed/resource_algebras/excl.coma b/tests/should_succeed/resource_algebras/excl.coma index df611e9493..371d9887ab 100644 --- a/tests/should_succeed/resource_algebras/excl.coma +++ b/tests/should_succeed/resource_algebras/excl.coma @@ -61,14 +61,14 @@ module M_exclusivity meta "select_lsinst" "all" let rec exclusivity (x: MutBorrow.t t_Resource_Excl_i32) (y: t_Resource_Excl_i32) (return (x'0: ())) = (! bb0 - [ bb0 = s0 [ s0 = id_ghost_Excl_i32 {x.current} (fun (_ret: t_Id) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = id_ghost_Excl_i32 {y} (fun (_ret: t_Id) -> [ &_10 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = eq_Id {_7} {_10} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb3 ] - | bb3 = any [ br0 -> {_5 = false} (! bb8) | br1 -> {_5} (! bb4) ] + [ bb0 = s0 [ s0 = id_ghost_Excl_i32 {x.current} (fun (_ret: t_Id) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = id_ghost_Excl_i32 {y} (fun (_ret: t_Id) -> [ &_13 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = eq_Id {_10} {_13} (fun (_ret: bool) -> [ &_8 <- _ret ] s1) | s1 = bb3 ] + | bb3 = any [ br0 -> {_8 = false} (! bb8) | br1 -> {_8} (! bb4) ] | bb4 = s0 [ s0 = MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} - (fun (_ret: MutBorrow.t t_Resource_Excl_i32) -> [ &_13 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) - | s1 = valid_shared_Excl_i32 {_13} {y} (fun (_ret: ()) -> [ &_12 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Resource_Excl_i32) -> [ &_16 <- _ret ] [ &x <- { x with current = _ret.final } ] s1) + | s1 = valid_shared_Excl_i32 {_16} {y} (fun (_ret: ()) -> [ &_15 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = -{resolve_ref_Resource_Excl_i32 x}- s1 @@ -79,11 +79,11 @@ module M_exclusivity [ & _0: () = Any.any_l () | & x: MutBorrow.t t_Resource_Excl_i32 = x | & y: t_Resource_Excl_i32 = y - | & _5: bool = Any.any_l () - | & _7: t_Id = Any.any_l () + | & _8: bool = Any.any_l () | & _10: t_Id = Any.any_l () - | & _12: () = Any.any_l () - | & _13: MutBorrow.t t_Resource_Excl_i32 = Any.any_l () ]) + | & _13: t_Id = Any.any_l () + | & _15: () = Any.any_l () + | & _16: MutBorrow.t t_Resource_Excl_i32 = Any.any_l () ]) [ return (result: ()) -> {[@expl:exclusivity ensures #0] id_Excl_i32 x.current <> id_Excl_i32 y} {[@expl:exclusivity ensures #1] x.current = x.final} (! return {result}) ] diff --git a/tests/should_succeed/resource_algebras/fmap_view_view.coma b/tests/should_succeed/resource_algebras/fmap_view_view.coma index 85d5cafb36..3e5f24a442 100644 --- a/tests/should_succeed/resource_algebras/fmap_view_view.coma +++ b/tests/should_succeed/resource_algebras/fmap_view_view.coma @@ -1270,44 +1270,44 @@ module M_impl_Authority_K_V__insert (* Authority *) [ bb0 = s0 [ s0 = [ &auth <- insert_K (view_Authority_K_V self.current) k v ] s1 | s1 = bb1 ] | bb1 = s0 [ s0 = [ &frag <- singleton_K k { f0'0 = v } ] s1 | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_15 <- { f0'1 = auth; f1'1 = frag } ] s1 + [ s0 = [ &_29 <- { f0'1 = auth; f1'1 = frag } ] s1 | s1 = MutBorrow.borrow_mut {self.current.f0} (fun (_ret: MutBorrow.t t_Resource_View_MapRelation_K_V) -> - [ &_14 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s2) - | s2 = update_View_MapRelation_K_V {_14} {_15} (fun (_ret: ()) -> [ &_13 <- _ret ] s3) + [ &_28 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s2) + | s2 = update_View_MapRelation_K_V {_28} {_29} (fun (_ret: ()) -> [ &_27 <- _ret ] s3) | s3 = bb3 ] - | bb3 = s0 [ s0 = [ &_20 <- new_frag_MapRelation_K_V frag ] s1 | s1 = bb4 ] - | bb4 = s0 [ s0 = [ &_22 <- new_auth_MapRelation_K_V auth ] s1 | s1 = bb5 ] + | bb3 = s0 [ s0 = [ &_34 <- new_frag_MapRelation_K_V frag ] s1 | s1 = bb4 ] + | bb4 = s0 [ s0 = [ &_37 <- new_auth_MapRelation_K_V auth ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = MutBorrow.borrow_final {self.current.f0} {MutBorrow.inherit_id (MutBorrow.get_id self) 1} (fun (_ret: MutBorrow.t t_Resource_View_MapRelation_K_V) -> - [ &_19 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) - | s1 = split_off_View_MapRelation_K_V {_19} {_20} {_22} - (fun (_ret: t_Resource_View_MapRelation_K_V) -> [ &_18 <- _ret ] s2) + [ &_33 <- _ret ] [ &self <- { self with current = { f0 = _ret.final } } ] s1) + | s1 = split_off_View_MapRelation_K_V {_33} {_34} {_37} + (fun (_ret: t_Resource_View_MapRelation_K_V) -> [ &_32 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 [ s0 = {[@expl:type invariant] inv_ref_Authority_K_V self} s1 | s1 = -{resolve_ref_Authority_K_V self}- s2 - | s2 = [ &_24 <- k ] s3 + | s2 = [ &_40 <- k ] s3 | s3 = bb7 ] - | bb7 = s0 [ s0 = [ &_26 <- v ] s1 | s1 = bb8 ] - | bb8 = s0 [ s0 = [ &_0 <- { f0'5 = _18; f1'5 = _24; f2'5 = _26 } ] s1 | s1 = return {_0} ] ] + | bb7 = s0 [ s0 = [ &_43 <- v ] s1 | s1 = bb8 ] + | bb8 = s0 [ s0 = [ &_0 <- { f0'5 = _32; f1'5 = _40; f2'5 = _43 } ] s1 | s1 = return {_0} ] ] [ & _0: t_Fragment_K_V = Any.any_l () | & self: MutBorrow.t t_Authority_K_V = self | & k: t_K = k | & v: t_V = v | & auth: t_FMap_K_V = Any.any_l () | & frag: t_FMap_K_Ag_V = Any.any_l () - | & _13: () = Any.any_l () - | & _14: MutBorrow.t t_Resource_View_MapRelation_K_V = Any.any_l () - | & _15: t_ViewUpdateInsert_MapRelation_K_V = Any.any_l () - | & _18: t_Resource_View_MapRelation_K_V = Any.any_l () - | & _19: MutBorrow.t t_Resource_View_MapRelation_K_V = Any.any_l () - | & _20: t_View_MapRelation_K_V = Any.any_l () - | & _22: t_View_MapRelation_K_V = Any.any_l () - | & _24: t_K = Any.any_l () - | & _26: t_V = Any.any_l () ]) + | & _27: () = Any.any_l () + | & _28: MutBorrow.t t_Resource_View_MapRelation_K_V = Any.any_l () + | & _29: t_ViewUpdateInsert_MapRelation_K_V = Any.any_l () + | & _32: t_Resource_View_MapRelation_K_V = Any.any_l () + | & _33: MutBorrow.t t_Resource_View_MapRelation_K_V = Any.any_l () + | & _34: t_View_MapRelation_K_V = Any.any_l () + | & _37: t_View_MapRelation_K_V = Any.any_l () + | & _40: t_K = Any.any_l () + | & _43: t_V = Any.any_l () ]) [ return (result: t_Fragment_K_V) -> {[@expl:insert result type invariant] inv_Fragment_K_V result} {[@expl:insert ensures #0] view_Authority_K_V self.final = insert_K (view_Authority_K_V self.current) k v} {[@expl:insert ensures #1] id_K self.final = id_K self.current} @@ -1755,8 +1755,8 @@ module M_impl_Authority_K_V__contains (* Authority *) {[@expl:contains requires] id_K self = id_K'0 frag} (! bb0 [ bb0 = s0 - [ s0 = [ &_8 <- frag.f0 ] s1 - | s1 = join_shared_View_MapRelation_K_V {self.f0'0} {_8} + [ s0 = [ &_12 <- frag.f0 ] s1 + | s1 = join_shared_View_MapRelation_K_V {self.f0'0} {_12} (fun (_ret: t_Resource_View_MapRelation_K_V) -> [ &new_resource <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 @@ -1769,7 +1769,7 @@ module M_impl_Authority_K_V__contains (* Authority *) | & self: t_Authority_K_V = self | & frag: t_Fragment_K_V = frag | & new_resource: t_Resource_View_MapRelation_K_V = Any.any_l () - | & _8: t_Resource_View_MapRelation_K_V = Any.any_l () ]) + | & _12: t_Resource_View_MapRelation_K_V = Any.any_l () ]) [ return (result: ()) -> {[@expl:contains ensures] get_K'0 (view_Authority_K_V self) (view_Fragment_K_V frag).f0'5 = Some'4 ((view_Fragment_K_V frag).f1'5)} (! return {result}) ] @@ -2203,12 +2203,12 @@ module M_impl_Clone_for_Fragment_K_V__clone (* as std::clone::Cl {[@expl:clone 'self' type invariant] inv_ref_Fragment_K_V self} (! bb0 [ bb0 = s0 - [ s0 = core_View_MapRelation_K_V'0 {self.f0} (fun (_ret: t_Resource_View_MapRelation_K_V) -> [ &_3 <- _ret ] s1) + [ s0 = core_View_MapRelation_K_V'0 {self.f0} (fun (_ret: t_Resource_View_MapRelation_K_V) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = _3; f1 = self.f1; f2 = self.f2 } ] s1 | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = _4; f1 = self.f1; f2 = self.f2 } ] s1 | s1 = return {_0} ] ] [ & _0: t_Fragment_K_V = Any.any_l () | & self: t_Fragment_K_V = self - | & _3: t_Resource_View_MapRelation_K_V = Any.any_l () ]) + | & _4: t_Resource_View_MapRelation_K_V = Any.any_l () ]) [ return (result: t_Fragment_K_V) -> {[@expl:clone result type invariant] inv_Fragment_K_V result} {[@expl:clone ensures] view_Fragment_K_V result = view_Fragment_K_V self} (! return {result}) ] diff --git a/tests/should_succeed/result/own.coma b/tests/should_succeed/result/own.coma index 62b1689c51..9ca6f7aacf 100644 --- a/tests/should_succeed/result/own.coma +++ b/tests/should_succeed/result/own.coma @@ -80,9 +80,9 @@ module M_impl_OwnResult_T_E__is_err (* OwnResult *) let rec is_err_T (self: t_OwnResult_T_E) (return (x: bool)) = {[@expl:is_err 'self' type invariant] inv_ref_OwnResult_T_E self} (! bb0 - [ bb0 = s0 [ s0 = is_ok_T {self} (fun (_ret: bool) -> [ &_3 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- not _3 ] s1 | s1 = return {_0} ] ] - [ & _0: bool = Any.any_l () | & self: t_OwnResult_T_E = self | & _3: bool = Any.any_l () ]) + [ bb0 = s0 [ s0 = is_ok_T {self} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- not _4 ] s1 | s1 = return {_0} ] ] + [ & _0: bool = Any.any_l () | & self: t_OwnResult_T_E = self | & _4: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:is_err ensures] result = (exists e: t_E. self = Err e)} (! return {result}) ] end module M_impl_OwnResult_T_E__ok (* OwnResult *) @@ -399,9 +399,9 @@ module M_impl_OwnResult_T_E__as_mut (* OwnResult *) | s1 = {inv_E x'0.current} MutBorrow.borrow_final {x'0.current} {MutBorrow.get_id x'0} (fun (_ret: MutBorrow.t t_E) -> - [ &_7 <- _ret ] -{inv_E _ret.final}- + [ &_8 <- _ret ] -{inv_E _ret.final}- [ &x'0 <- { x'0 with current = _ret.final } ] s2) - | s2 = [ &_0 <- Err'0 _7 ] s3 + | s2 = [ &_0 <- Err'0 _8 ] s3 | s3 = {[@expl:type invariant] inv_ref_E x'0} s4 | s4 = -{resolve_ref_E x'0}- s5 | s5 = bb5 ] @@ -416,9 +416,9 @@ module M_impl_OwnResult_T_E__as_mut (* OwnResult *) | s1 = {inv_T x.current} MutBorrow.borrow_final {x.current} {MutBorrow.get_id x} (fun (_ret: MutBorrow.t t_T) -> - [ &_5 <- _ret ] -{inv_T _ret.final}- + [ &_6 <- _ret ] -{inv_T _ret.final}- [ &x <- { x with current = _ret.final } ] s2) - | s2 = [ &_0 <- Ok'0 _5 ] s3 + | s2 = [ &_0 <- Ok'0 _6 ] s3 | s3 = {[@expl:type invariant] inv_ref_T x} s4 | s4 = -{resolve_ref_T x}- s5 | s5 = bb5 ] @@ -429,9 +429,9 @@ module M_impl_OwnResult_T_E__as_mut (* OwnResult *) [ & _0: t_OwnResult_ref_T_ref_E = Any.any_l () | & self: MutBorrow.t t_OwnResult_T_E = self | & x: MutBorrow.t t_T = Any.any_l () - | & _5: MutBorrow.t t_T = Any.any_l () + | & _6: MutBorrow.t t_T = Any.any_l () | & x'0: MutBorrow.t t_E = Any.any_l () - | & _7: MutBorrow.t t_E = Any.any_l () ]) + | & _8: MutBorrow.t t_E = Any.any_l () ]) [ return (result: t_OwnResult_ref_T_ref_E) -> {[@expl:as_mut result type invariant] inv_OwnResult_ref_T_ref_E result} {[@expl:as_mut ensures] exists t: MutBorrow.t t_T. self.current = Ok (t.current) @@ -1154,14 +1154,14 @@ module M_impl_OwnResult_ref_T_E__cloned (* OwnResult<&T, E> *) | bb3 = s0 [ s0 = elim_Err {self} (fun (r0: t_E) -> [ &e <- r0 ] s1) | s1 = [ &_0 <- Err'0 e ] s2 | s2 = bb10 ] | bb4 = s0 [ s0 = elim_Ok {self} (fun (r0: t_T) -> [ &t <- r0 ] s1) - | s1 = clone_T {t} (fun (_ret: t_T) -> [ &_5 <- _ret ] s2) + | s1 = clone_T {t} (fun (_ret: t_T) -> [ &_6 <- _ret ] s2) | s2 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Ok'0 _5 ] s1 | s1 = bb10 ] + | bb5 = s0 [ s0 = [ &_0 <- Ok'0 _6 ] s1 | s1 = bb10 ] | bb10 = return {_0} ] [ & _0: t_OwnResult_T_E = Any.any_l () | & self: t_OwnResult_ref_T_E = self | & t: t_T = Any.any_l () - | & _5: t_T = Any.any_l () + | & _6: t_T = Any.any_l () | & e: t_E = Any.any_l () ]) [ return (result: t_OwnResult_T_E) -> {[@expl:cloned result type invariant] inv_OwnResult_T_E result} {[@expl:cloned ensures] match { f0 = self; f1 = result } with @@ -1392,14 +1392,14 @@ module M_impl_OwnResult_ref_T_E_0__cloned (* OwnResult<&mut T, E> *) [ s0 = elim_Ok {self} (fun (r0: MutBorrow.t t_T) -> [ &t <- r0 ] s1) | s1 = {[@expl:type invariant] inv_ref_T t} s2 | s2 = -{resolve_ref_T t}- s3 - | s3 = clone_T {t.current} (fun (_ret: t_T) -> [ &_5 <- _ret ] s4) + | s3 = clone_T {t.current} (fun (_ret: t_T) -> [ &_6 <- _ret ] s4) | s4 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- Ok'0 _5 ] s1 | s1 = bb10 ] + | bb5 = s0 [ s0 = [ &_0 <- Ok'0 _6 ] s1 | s1 = bb10 ] | bb10 = return {_0} ] [ & _0: t_OwnResult_T_E = Any.any_l () | & self: t_OwnResult_ref_T_E = self | & t: MutBorrow.t t_T = Any.any_l () - | & _5: t_T = Any.any_l () + | & _6: t_T = Any.any_l () | & e: t_E = Any.any_l () ]) [ return (result: t_OwnResult_T_E) -> {[@expl:cloned result type invariant] inv_OwnResult_T_E result} {[@expl:cloned ensures] match { f0 = self; f1 = result } with @@ -1482,23 +1482,23 @@ module M_impl_OwnResult_Option_T_E__transpose (* OwnResult {self = Ok x0} (! bb2) | br1 (x0: t_E) -> {self = Err x0} (! bb5) ] - | bb5 = s0 [ s0 = elim_Err {self} (fun (r0: t_E) -> [ &e <- r0 ] s1) | s1 = [ &_11 <- Err'0 e ] s2 | s2 = bb11 ] - | bb11 = s0 [ s0 = [ &_0 <- Some'0 _11 ] s1 | s1 = bb15 ] + | bb5 = s0 [ s0 = elim_Err {self} (fun (r0: t_E) -> [ &e <- r0 ] s1) | s1 = [ &_14 <- Err'0 e ] s2 | s2 = bb11 ] + | bb11 = s0 [ s0 = [ &_0 <- Some'0 _14 ] s1 | s1 = bb15 ] | bb2 = elim_Ok {self} (fun (r0: t_Option_T) -> any [ br0 -> {r0 = None} (! bb6) | br1 (x0: t_T) -> {r0 = Some x0} (! bb7) ]) | bb7 = s0 [ s0 = elim_Ok {self} (fun (r0: t_Option_T) -> elim_Some {r0} (fun (r0'0: t_T) -> [ &x <- r0'0 ] s1)) - | s1 = [ &_8 <- Ok'0 x ] s2 + | s1 = [ &_11 <- Ok'0 x ] s2 | s2 = bb8 ] - | bb8 = s0 [ s0 = [ &_0 <- Some'0 _8 ] s1 | s1 = bb15 ] + | bb8 = s0 [ s0 = [ &_0 <- Some'0 _11 ] s1 | s1 = bb15 ] | bb6 = s0 [ s0 = [ &_0 <- None'0 ] s1 | s1 = bb15 ] | bb15 = return {_0} ] [ & _0: t_Option_OwnResult_T_E = Any.any_l () | & self: t_OwnResult_Option_T_E = self | & x: t_T = Any.any_l () - | & _8: t_OwnResult_T_E = Any.any_l () + | & _11: t_OwnResult_T_E = Any.any_l () | & e: t_E = Any.any_l () - | & _11: t_OwnResult_T_E = Any.any_l () ]) + | & _14: t_OwnResult_T_E = Any.any_l () ]) [ return (result: t_Option_OwnResult_T_E) -> {[@expl:transpose result type invariant] inv_Option_OwnResult_T_E result} {[@expl:transpose ensures #0] self = Ok (None) -> result = None'0} diff --git a/tests/should_succeed/rusthorn/inc_max.coma b/tests/should_succeed/rusthorn/inc_max.coma index c18a8f96d6..b65192e04e 100644 --- a/tests/should_succeed/rusthorn/inc_max.coma +++ b/tests/should_succeed/rusthorn/inc_max.coma @@ -58,25 +58,25 @@ module M_take_max let rec take_max (ma: MutBorrow.t UInt32.t) (mb: MutBorrow.t UInt32.t) (return (x: MutBorrow.t UInt32.t)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- UInt32.ge ma.current mb.current ] s1 - | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] + [ s0 = [ &_8 <- UInt32.ge ma.current mb.current ] s1 + | s1 = any [ br0 -> {_8 = false} (! bb2) | br1 -> {_8} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve_ref_u32 mb}- s1 | s1 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _9}- s4 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _11}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = MutBorrow.borrow_final {mb.current} {MutBorrow.get_id mb} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _5}- s2 + [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _7}- s2 | s2 = MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_3 <- { _3 with current = _ret.final } ] s3) | s3 = -{resolve_ref_u32 _3}- s4 @@ -87,9 +87,9 @@ module M_take_max | & ma: MutBorrow.t UInt32.t = ma | & mb: MutBorrow.t UInt32.t = mb | & _3: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () - | & _6: bool = Any.any_l () - | & _9: MutBorrow.t UInt32.t = Any.any_l () ]) + | & _7: MutBorrow.t UInt32.t = Any.any_l () + | & _8: bool = Any.any_l () + | & _11: MutBorrow.t UInt32.t = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:take_max ensures] if UInt32.ge ma.current mb.current then mb.current = mb.final /\ result = ma else @@ -168,31 +168,31 @@ module M_inc_max (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {a} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_6 <- _ret ] [ &a <- _ret.final ] s1) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_8 <- _ret ] [ &a <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {b} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_8 <- _ret ] [ &b <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_6 <- { _6 with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s4) - | s4 = take_max {_5} {_7} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s5) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_10 <- _ret ] [ &b <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_8 <- { _8 with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s4) + | s4 = take_max {_7} {_9} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_u32 _8}- s1 - | s1 = -{resolve_ref_u32 _6}- s2 + [ s0 = -{resolve_ref_u32 _10}- s1 + | s1 = -{resolve_ref_u32 _8}- s2 | s2 = UInt32.add {mc.current} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &mc <- { mc with current = _ret } ] s3) | s3 = -{resolve_ref_u32 mc}- s4 - | s4 = [ &_10 <- a <> b ] s5 - | s5 = any [ br0 -> {_10 = false} (! bb3) | br1 -> {_10} (! bb2) ] ] + | s4 = [ &_12 <- a <> b ] s5 + | s5 = any [ br0 -> {_12 = false} (! bb3) | br1 -> {_12} (! bb2) ] ] | bb2 = return {_0} | bb3 = {false} any ] [ & _0: () = Any.any_l () | & a: UInt32.t = a | & b: UInt32.t = b | & mc: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () - | & _6: MutBorrow.t UInt32.t = Any.any_l () | & _7: MutBorrow.t UInt32.t = Any.any_l () | & _8: MutBorrow.t UInt32.t = Any.any_l () - | & _10: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: MutBorrow.t UInt32.t = Any.any_l () + | & _10: MutBorrow.t UInt32.t = Any.any_l () + | & _12: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_max_3.coma b/tests/should_succeed/rusthorn/inc_max_3.coma index d8171679f7..4ba16ddc66 100644 --- a/tests/should_succeed/rusthorn/inc_max_3.coma +++ b/tests/should_succeed/rusthorn/inc_max_3.coma @@ -68,61 +68,61 @@ module M_inc_max_3 /\ UInt32.le mb.current (1000000: UInt32.t) /\ UInt32.le mc.current (1000000: UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- UInt32.lt ma.current mb.current ] s1 - | s1 = any [ br0 -> {_7 = false} (! bb4) | br1 -> {_7} (! bb1) ] ] + [ s0 = [ &_13 <- UInt32.lt ma.current mb.current ] s1 + | s1 = any [ br0 -> {_13 = false} (! bb4) | br1 -> {_13} (! bb1) ] ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {ma} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_12 <- _ret ] [ &ma <- _ret.final ] s1) + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_18 <- _ret ] [ &ma <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {mb} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_14 <- _ret ] [ &mb <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_20 <- _ret ] [ &mb <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_11 <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + [ &_17 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_13 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s4) - | s4 = swap {_11} {_13} (fun (_ret: ()) -> [ &_10 <- _ret ] s5) + [ &_19 <- _ret ] [ &_20 <- { _20 with current = _ret.final } ] s4) + | s4 = swap {_17} {_19} (fun (_ret: ()) -> [ &_16 <- _ret ] s5) | s5 = bb2 ] - | bb2 = s0 [ s0 = -{resolve_ref_ref_u32 _14}- s1 | s1 = -{resolve_ref_ref_u32 _12}- s2 | s2 = bb4 ] + | bb2 = s0 [ s0 = -{resolve_ref_ref_u32 _20}- s1 | s1 = -{resolve_ref_ref_u32 _18}- s2 | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &_16 <- UInt32.lt mb.current mc.current ] s1 - | s1 = any [ br0 -> {_16 = false} (! bb7) | br1 -> {_16} (! bb5) ] ] + [ s0 = [ &_22 <- UInt32.lt mb.current mc.current ] s1 + | s1 = any [ br0 -> {_22 = false} (! bb7) | br1 -> {_22} (! bb5) ] ] | bb5 = s0 [ s0 = MutBorrow.borrow_mut {mb} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_21 <- _ret ] [ &mb <- _ret.final ] s1) + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_27 <- _ret ] [ &mb <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {mc} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_23 <- _ret ] [ &mc <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_29 <- _ret ] [ &mc <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_20 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + [ &_26 <- _ret ] [ &_27 <- { _27 with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_22 <- _ret ] [ &_23 <- { _23 with current = _ret.final } ] s4) - | s4 = swap {_20} {_22} (fun (_ret: ()) -> [ &_19 <- _ret ] s5) + [ &_28 <- _ret ] [ &_29 <- { _29 with current = _ret.final } ] s4) + | s4 = swap {_26} {_28} (fun (_ret: ()) -> [ &_25 <- _ret ] s5) | s5 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_ref_u32 _23}- s1 - | s1 = -{resolve_ref_ref_u32 _21}- s2 + [ s0 = -{resolve_ref_ref_u32 _29}- s1 + | s1 = -{resolve_ref_ref_u32 _27}- s2 | s2 = -{resolve_ref_u32 mc}- s3 | s3 = bb8 ] | bb7 = s0 [ s0 = -{resolve_ref_u32 mc}- s1 | s1 = bb8 ] | bb8 = s0 - [ s0 = [ &_25 <- UInt32.lt ma.current mb.current ] s1 - | s1 = any [ br0 -> {_25 = false} (! bb12) | br1 -> {_25} (! bb9) ] ] + [ s0 = [ &_31 <- UInt32.lt ma.current mb.current ] s1 + | s1 = any [ br0 -> {_31 = false} (! bb12) | br1 -> {_31} (! bb9) ] ] | bb9 = s0 [ s0 = MutBorrow.borrow_mut {ma} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_30 <- _ret ] [ &ma <- _ret.final ] s1) + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_36 <- _ret ] [ &ma <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {mb} - (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_32 <- _ret ] [ &mb <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} + (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> [ &_38 <- _ret ] [ &mb <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_29 <- _ret ] [ &_30 <- { _30 with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} (fun (_ret: MutBorrow.t (MutBorrow.t UInt32.t)) -> - [ &_31 <- _ret ] [ &_32 <- { _32 with current = _ret.final } ] s4) - | s4 = swap {_29} {_31} (fun (_ret: ()) -> [ &_28 <- _ret ] s5) + [ &_37 <- _ret ] [ &_38 <- { _38 with current = _ret.final } ] s4) + | s4 = swap {_35} {_37} (fun (_ret: ()) -> [ &_34 <- _ret ] s5) | s5 = bb10 ] - | bb10 = s0 [ s0 = -{resolve_ref_ref_u32 _32}- s1 | s1 = -{resolve_ref_ref_u32 _30}- s2 | s2 = bb12 ] + | bb10 = s0 [ s0 = -{resolve_ref_ref_u32 _38}- s1 | s1 = -{resolve_ref_ref_u32 _36}- s2 | s2 = bb12 ] | bb12 = s0 [ s0 = UInt32.add {ma.current} {(2: UInt32.t)} (fun (_ret: UInt32.t) -> [ &ma <- { ma with current = _ret } ] s1) | s1 = -{resolve_ref_u32 ma}- s2 @@ -133,24 +133,24 @@ module M_inc_max_3 | & ma: MutBorrow.t UInt32.t = ma | & mb: MutBorrow.t UInt32.t = mb | & mc: MutBorrow.t UInt32.t = mc - | & _7: bool = Any.any_l () - | & _10: () = Any.any_l () - | & _11: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _12: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _13: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _14: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _16: bool = Any.any_l () - | & _19: () = Any.any_l () + | & _13: bool = Any.any_l () + | & _16: () = Any.any_l () + | & _17: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _18: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _19: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () | & _20: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _21: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _22: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _23: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _25: bool = Any.any_l () - | & _28: () = Any.any_l () + | & _22: bool = Any.any_l () + | & _25: () = Any.any_l () + | & _26: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _27: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _28: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () | & _29: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _30: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _31: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () - | & _32: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () ]) + | & _31: bool = Any.any_l () + | & _34: () = Any.any_l () + | & _35: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _36: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _37: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () + | & _38: MutBorrow.t (MutBorrow.t UInt32.t) = Any.any_l () ]) [ return (result: ()) -> {[@expl:inc_max_3 ensures] ma.final <> mb.final /\ mb.final <> mc.final /\ mc.final <> ma.final} (! return {result}) ] @@ -226,41 +226,41 @@ module M_test_inc_max_3 (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {a} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &a <- _ret.final ] s1) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_10 <- _ret ] [ &a <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {b} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &b <- _ret.final ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &b <- _ret.final ] s2) | s2 = MutBorrow.borrow_mut {c} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &c <- _ret.final ] s3) - | s3 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s4) - | s4 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s5) - | s5 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_10 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s6) - | s6 = inc_max_3 {_6} {_8} {_10} (fun (_ret: ()) -> [ &_5 <- _ret ] s7) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_14 <- _ret ] [ &c <- _ret.final ] s3) + | s3 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s4) + | s4 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s5) + | s5 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_13 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s6) + | s6 = inc_max_3 {_9} {_11} {_13} (fun (_ret: ()) -> [ &_8 <- _ret ] s7) | s7 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_u32 _11}- s1 - | s1 = -{resolve_ref_u32 _9}- s2 - | s2 = -{resolve_ref_u32 _7}- s3 - | s3 = [ &_13 <- a <> b ] s4 - | s4 = any [ br0 -> {_13 = false} (! bb8) | br1 -> {_13} (! bb2) ] ] - | bb2 = s0 [ s0 = [ &_16 <- b <> c ] s1 | s1 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb3) ] ] - | bb3 = s0 [ s0 = [ &_19 <- c <> a ] s1 | s1 = any [ br0 -> {_19 = false} (! bb8) | br1 -> {_19} (! bb4) ] ] + [ s0 = -{resolve_ref_u32 _14}- s1 + | s1 = -{resolve_ref_u32 _12}- s2 + | s2 = -{resolve_ref_u32 _10}- s3 + | s3 = [ &_16 <- a <> b ] s4 + | s4 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb2) ] ] + | bb2 = s0 [ s0 = [ &_19 <- b <> c ] s1 | s1 = any [ br0 -> {_19 = false} (! bb8) | br1 -> {_19} (! bb3) ] ] + | bb3 = s0 [ s0 = [ &_22 <- c <> a ] s1 | s1 = any [ br0 -> {_22 = false} (! bb8) | br1 -> {_22} (! bb4) ] ] | bb4 = return {_0} | bb8 = {false} any ] [ & _0: () = Any.any_l () | & a: UInt32.t = a | & b: UInt32.t = b | & c: UInt32.t = c - | & _5: () = Any.any_l () - | & _6: MutBorrow.t UInt32.t = Any.any_l () - | & _7: MutBorrow.t UInt32.t = Any.any_l () - | & _8: MutBorrow.t UInt32.t = Any.any_l () + | & _8: () = Any.any_l () | & _9: MutBorrow.t UInt32.t = Any.any_l () | & _10: MutBorrow.t UInt32.t = Any.any_l () | & _11: MutBorrow.t UInt32.t = Any.any_l () - | & _13: bool = Any.any_l () + | & _12: MutBorrow.t UInt32.t = Any.any_l () + | & _13: MutBorrow.t UInt32.t = Any.any_l () + | & _14: MutBorrow.t UInt32.t = Any.any_l () | & _16: bool = Any.any_l () - | & _19: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _19: bool = Any.any_l () + | & _22: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_max_many.coma b/tests/should_succeed/rusthorn/inc_max_many.coma index c2cccf4416..dde4a9ad4f 100644 --- a/tests/should_succeed/rusthorn/inc_max_many.coma +++ b/tests/should_succeed/rusthorn/inc_max_many.coma @@ -58,25 +58,25 @@ module M_take_max let rec take_max (ma: MutBorrow.t UInt32.t) (mb: MutBorrow.t UInt32.t) (return (x: MutBorrow.t UInt32.t)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- UInt32.ge ma.current mb.current ] s1 - | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] + [ s0 = [ &_8 <- UInt32.ge ma.current mb.current ] s1 + | s1 = any [ br0 -> {_8 = false} (! bb2) | br1 -> {_8} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve_ref_u32 mb}- s1 | s1 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _9}- s4 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _11}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = MutBorrow.borrow_final {mb.current} {MutBorrow.get_id mb} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _5}- s2 + [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _7}- s2 | s2 = MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_3 <- { _3 with current = _ret.final } ] s3) | s3 = -{resolve_ref_u32 _3}- s4 @@ -87,9 +87,9 @@ module M_take_max | & ma: MutBorrow.t UInt32.t = ma | & mb: MutBorrow.t UInt32.t = mb | & _3: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () - | & _6: bool = Any.any_l () - | & _9: MutBorrow.t UInt32.t = Any.any_l () ]) + | & _7: MutBorrow.t UInt32.t = Any.any_l () + | & _8: bool = Any.any_l () + | & _11: MutBorrow.t UInt32.t = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:take_max ensures] if UInt32.ge ma.current mb.current then mb.current = mb.final /\ result = ma else @@ -169,27 +169,27 @@ module M_inc_max_many (! bb0 [ bb0 = s0 [ s0 = MutBorrow.borrow_mut {a} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &a <- _ret.final ] s1) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_10 <- _ret ] [ &a <- _ret.final ] s1) | s1 = MutBorrow.borrow_mut {b} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &b <- _ret.final ] s2) - | s2 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_6 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_8 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s4) - | s4 = take_max {_6} {_8} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s5) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &b <- _ret.final ] s2) + | s2 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s4) + | s4 = take_max {_9} {_11} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s5) | s5 = bb1 ] | bb1 = s0 - [ s0 = -{resolve_ref_u32 _9}- s1 - | s1 = -{resolve_ref_u32 _7}- s2 + [ s0 = -{resolve_ref_u32 _12}- s1 + | s1 = -{resolve_ref_u32 _10}- s2 | s2 = UInt32.add {mc.current} {k} (fun (_ret: UInt32.t) -> [ &mc <- { mc with current = _ret } ] s3) | s3 = -{resolve_ref_u32 mc}- s4 - | s4 = UInt32.add {b} {k} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s5) - | s5 = [ &_12 <- UInt32.ge a _14 ] s6 - | s6 = any [ br0 -> {_12 = false} (! bb3) | br1 -> {_12} (! bb6) ] ] + | s4 = UInt32.add {b} {k} (fun (_ret: UInt32.t) -> [ &_17 <- _ret ] s5) + | s5 = [ &_15 <- UInt32.ge a _17 ] s6 + | s6 = any [ br0 -> {_15 = false} (! bb3) | br1 -> {_15} (! bb6) ] ] | bb3 = s0 - [ s0 = UInt32.add {a} {k} (fun (_ret: UInt32.t) -> [ &_19 <- _ret ] s1) - | s1 = [ &_17 <- UInt32.ge b _19 ] s2 - | s2 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb6) ] ] + [ s0 = UInt32.add {a} {k} (fun (_ret: UInt32.t) -> [ &_22 <- _ret ] s1) + | s1 = [ &_20 <- UInt32.ge b _22 ] s2 + | s2 = any [ br0 -> {_20 = false} (! bb5) | br1 -> {_20} (! bb6) ] ] | bb6 = return {_0} | bb5 = {false} any ] [ & _0: () = Any.any_l () @@ -197,12 +197,12 @@ module M_inc_max_many | & b: UInt32.t = b | & k: UInt32.t = k | & mc: MutBorrow.t UInt32.t = Any.any_l () - | & _6: MutBorrow.t UInt32.t = Any.any_l () - | & _7: MutBorrow.t UInt32.t = Any.any_l () - | & _8: MutBorrow.t UInt32.t = Any.any_l () | & _9: MutBorrow.t UInt32.t = Any.any_l () - | & _12: bool = Any.any_l () - | & _14: UInt32.t = Any.any_l () - | & _17: bool = Any.any_l () - | & _19: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _10: MutBorrow.t UInt32.t = Any.any_l () + | & _11: MutBorrow.t UInt32.t = Any.any_l () + | & _12: MutBorrow.t UInt32.t = Any.any_l () + | & _15: bool = Any.any_l () + | & _17: UInt32.t = Any.any_l () + | & _20: bool = Any.any_l () + | & _22: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_max_repeat.coma b/tests/should_succeed/rusthorn/inc_max_repeat.coma index 245fc0fdd7..42a7b49457 100644 --- a/tests/should_succeed/rusthorn/inc_max_repeat.coma +++ b/tests/should_succeed/rusthorn/inc_max_repeat.coma @@ -58,25 +58,25 @@ module M_take_max let rec take_max (ma: MutBorrow.t UInt32.t) (mb: MutBorrow.t UInt32.t) (return (x: MutBorrow.t UInt32.t)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_6 <- UInt32.ge ma.current mb.current ] s1 - | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] + [ s0 = [ &_8 <- UInt32.ge ma.current mb.current ] s1 + | s1 = any [ br0 -> {_8 = false} (! bb2) | br1 -> {_8} (! bb1) ] ] | bb1 = s0 [ s0 = -{resolve_ref_u32 mb}- s1 | s1 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _9}- s4 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _11}- s4 | s4 = bb3 ] | bb2 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = MutBorrow.borrow_final {mb.current} {MutBorrow.get_id mb} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &mb <- { mb with current = _ret.final } ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _5}- s2 + [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_3 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _7}- s2 | s2 = MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_3 <- { _3 with current = _ret.final } ] s3) | s3 = -{resolve_ref_u32 _3}- s4 @@ -87,9 +87,9 @@ module M_take_max | & ma: MutBorrow.t UInt32.t = ma | & mb: MutBorrow.t UInt32.t = mb | & _3: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () - | & _6: bool = Any.any_l () - | & _9: MutBorrow.t UInt32.t = Any.any_l () ]) + | & _7: MutBorrow.t UInt32.t = Any.any_l () + | & _8: bool = Any.any_l () + | & _11: MutBorrow.t UInt32.t = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:take_max ensures] if UInt32.ge ma.current mb.current then mb.current = mb.final /\ result = ma else @@ -226,8 +226,8 @@ module M_inc_max_repeat /\ UInt32.le b (1000000: UInt32.t) /\ UInt32.le n (1000000: UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { start = (0: UInt32.t); end' = n } ] s1 - | s1 = into_iter_Range_u32 {_7} (fun (_ret: t_Range_u32) -> [ &iter <- _ret ] s2) + [ s0 = [ &_10 <- { start = (0: UInt32.t); end' = n } ] s1 + | s1 = into_iter_Range_u32 {_10} (fun (_ret: t_Range_u32) -> [ &iter <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt32.t ] s1 | s1 = bb4 ] @@ -243,45 +243,45 @@ module M_inc_max_repeat [ s0 = bb5 ] [ bb5 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_u32 {_21} (fun (_ret: t_Option_u32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_37 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} + (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_36 <- _ret ] [ &_37 <- { _37 with current = _ret.final } ] s2) + | s2 = next_Range_u32 {_36} (fun (_ret: t_Option_u32) -> [ &_35 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Range_u32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb9) | br1 (x0: UInt32.t) -> {_20 = Some x0} (! bb10) ] ] + [ s0 = -{resolve_ref_Range_u32 _37}- s1 + | s1 = any [ br0 -> {_35 = None} (! bb9) | br1 (x0: UInt32.t) -> {_35 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_20} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_35} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_40 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _40 ] s1 | s1 = MutBorrow.borrow_mut {a} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_29 <- _ret ] [ &a <- _ret.final ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_46 <- _ret ] [ &a <- _ret.final ] s2) | s2 = MutBorrow.borrow_mut {b} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_31 <- _ret ] [ &b <- _ret.final ] s3) - | s3 = MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_28 <- _ret ] [ &_29 <- { _29 with current = _ret.final } ] s4) - | s4 = MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_30 <- _ret ] [ &_31 <- { _31 with current = _ret.final } ] s5) - | s5 = take_max {_28} {_30} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s6) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_48 <- _ret ] [ &b <- _ret.final ] s3) + | s3 = MutBorrow.borrow_final {_46.current} {MutBorrow.get_id _46} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_45 <- _ret ] [ &_46 <- { _46 with current = _ret.final } ] s4) + | s4 = MutBorrow.borrow_final {_48.current} {MutBorrow.get_id _48} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_47 <- _ret ] [ &_48 <- { _48 with current = _ret.final } ] s5) + | s5 = take_max {_45} {_47} (fun (_ret: MutBorrow.t UInt32.t) -> [ &mc <- _ret ] s6) | s6 = bb12 ] | bb12 = s0 - [ s0 = -{resolve_ref_u32 _31}- s1 - | s1 = -{resolve_ref_u32 _29}- s2 + [ s0 = -{resolve_ref_u32 _48}- s1 + | s1 = -{resolve_ref_u32 _46}- s2 | s2 = UInt32.add {mc.current} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &mc <- { mc with current = _ret } ] s3) | s3 = -{resolve_ref_u32 mc}- s4 | s4 = bb4 ] ] ] | bb9 = s0 - [ s0 = UInt32.add {b} {n} (fun (_ret: UInt32.t) -> [ &_36 <- _ret ] s1) - | s1 = [ &_34 <- UInt32.ge a _36 ] s2 - | s2 = any [ br0 -> {_34 = false} (! bb14) | br1 -> {_34} (! bb17) ] ] + [ s0 = UInt32.add {b} {n} (fun (_ret: UInt32.t) -> [ &_53 <- _ret ] s1) + | s1 = [ &_51 <- UInt32.ge a _53 ] s2 + | s2 = any [ br0 -> {_51 = false} (! bb14) | br1 -> {_51} (! bb17) ] ] | bb14 = s0 - [ s0 = UInt32.add {a} {n} (fun (_ret: UInt32.t) -> [ &_41 <- _ret ] s1) - | s1 = [ &_39 <- UInt32.ge b _41 ] s2 - | s2 = any [ br0 -> {_39 = false} (! bb16) | br1 -> {_39} (! bb17) ] ] + [ s0 = UInt32.add {a} {n} (fun (_ret: UInt32.t) -> [ &_58 <- _ret ] s1) + | s1 = [ &_56 <- UInt32.ge b _58 ] s2 + | s2 = any [ br0 -> {_56 = false} (! bb16) | br1 -> {_56} (! bb17) ] ] | bb17 = return {_0} | bb16 = {false} any ] [ & _0: () = Any.any_l () @@ -289,21 +289,21 @@ module M_inc_max_repeat | & b: UInt32.t = b | & n: UInt32.t = n | & iter: t_Range_u32 = Any.any_l () - | & _7: t_Range_u32 = Any.any_l () + | & _10: t_Range_u32 = Any.any_l () | & iter_old: t_Range_u32 = Any.any_l () | & produced: Seq.seq UInt32.t = Any.any_l () - | & _20: t_Option_u32 = Any.any_l () - | & _21: MutBorrow.t t_Range_u32 = Any.any_l () - | & _22: MutBorrow.t t_Range_u32 = Any.any_l () + | & _35: t_Option_u32 = Any.any_l () + | & _36: MutBorrow.t t_Range_u32 = Any.any_l () + | & _37: MutBorrow.t t_Range_u32 = Any.any_l () | & __creusot_proc_iter_elem: UInt32.t = Any.any_l () - | & _25: Seq.seq UInt32.t = Any.any_l () + | & _40: Seq.seq UInt32.t = Any.any_l () | & mc: MutBorrow.t UInt32.t = Any.any_l () - | & _28: MutBorrow.t UInt32.t = Any.any_l () - | & _29: MutBorrow.t UInt32.t = Any.any_l () - | & _30: MutBorrow.t UInt32.t = Any.any_l () - | & _31: MutBorrow.t UInt32.t = Any.any_l () - | & _34: bool = Any.any_l () - | & _36: UInt32.t = Any.any_l () - | & _39: bool = Any.any_l () - | & _41: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _45: MutBorrow.t UInt32.t = Any.any_l () + | & _46: MutBorrow.t UInt32.t = Any.any_l () + | & _47: MutBorrow.t UInt32.t = Any.any_l () + | & _48: MutBorrow.t UInt32.t = Any.any_l () + | & _51: bool = Any.any_l () + | & _53: UInt32.t = Any.any_l () + | & _56: bool = Any.any_l () + | & _58: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_some_2_list.coma b/tests/should_succeed/rusthorn/inc_some_2_list.coma index 9b59511bc8..2d8b052d98 100644 --- a/tests/should_succeed/rusthorn/inc_some_2_list.coma +++ b/tests/should_succeed/rusthorn/inc_some_2_list.coma @@ -49,15 +49,15 @@ module M_impl_List__sum_x (* List *) | bb4 = s0 [ s0 = elim_Cons {self} (fun (r0: UInt32.t) (r1: t_List) -> [ &a <- r0 ] s1) | s1 = elim_Cons {self} (fun (r0: UInt32.t) (r1: t_List) -> [ &l <- r1 ] s2) - | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_8 <- _ret ] s3) + | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = UInt32.add {a} {_10} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & self: t_List = self | & a: UInt32.t = Any.any_l () | & l: t_List = Any.any_l () - | & _8: UInt32.t = Any.any_l () ]) + | & _10: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:sum_x ensures] UInt32.t'int result = sum self} (! return {result}) ] end module M_impl_List__take_some_rest (* List *) @@ -120,22 +120,22 @@ module M_impl_List__take_some_rest (* List *) MutBorrow.borrow_final {r1} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_List) -> [ &ml <- _ret ] [ &self <- { self with current = Cons r0 _ret.final } ] s2)) - | s2 = [ &_8 <- lemma_sum_nonneg ml.current ] s3 + | s2 = [ &_11 <- lemma_sum_nonneg ml.current ] s3 | s3 = bb5 ] - | bb5 = s0 [ s0 = random (fun (_ret: bool) -> [ &_10 <- _ret ] s1) | s1 = bb6 ] - | bb6 = any [ br0 -> {_10 = false} (! bb8) | br1 -> {_10} (! bb7) ] + | bb5 = s0 [ s0 = random (fun (_ret: bool) -> [ &_14 <- _ret ] s1) | s1 = bb6 ] + | bb6 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb7) ] | bb7 = s0 [ s0 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s1) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_15 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s1) | s1 = MutBorrow.borrow_final {ml.current} {MutBorrow.get_id ml} - (fun (_ret: MutBorrow.t t_List) -> [ &_12 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) - | s2 = [ &_0 <- { f0 = _11; f1 = _12 } ] s3 + (fun (_ret: MutBorrow.t t_List) -> [ &_16 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) + | s2 = [ &_0 <- { f0 = _15; f1 = _16 } ] s3 | s3 = bb10 ] | bb8 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = MutBorrow.borrow_final {ml.current} {MutBorrow.get_id ml} - (fun (_ret: MutBorrow.t t_List) -> [ &_13 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) - | s2 = take_some_rest {_13} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_0 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_List) -> [ &_17 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) + | s2 = take_some_rest {_17} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_0 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 [ s0 = -{resolve_ref_Box_List_Global ml}- s1 @@ -146,11 +146,11 @@ module M_impl_List__take_some_rest (* List *) | & self: MutBorrow.t t_List = self | & ma: MutBorrow.t UInt32.t = Any.any_l () | & ml: MutBorrow.t t_List = Any.any_l () - | & _8: () = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: MutBorrow.t UInt32.t = Any.any_l () - | & _12: MutBorrow.t t_List = Any.any_l () - | & _13: MutBorrow.t t_List = Any.any_l () ]) + | & _11: () = Any.any_l () + | & _14: bool = Any.any_l () + | & _15: MutBorrow.t UInt32.t = Any.any_l () + | & _16: MutBorrow.t t_List = Any.any_l () + | & _17: MutBorrow.t t_List = Any.any_l () ]) [ return (result: tup2_ref_u32_ref_List) -> {[@expl:take_some_rest ensures #0] sum self.final - sum self.current = UInt32.t'int result.f0.final + sum result.f1.final - UInt32.t'int result.f0.current - sum result.f1.current} {[@expl:take_some_rest ensures #1] UInt32.t'int result.f0.current <= sum self.current} @@ -200,31 +200,31 @@ module M_inc_some_2_list [ bb0 = s0 [ s0 = sum_x {l} (fun (_ret: UInt32.t) -> [ &sum0 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {l} - (fun (_ret: MutBorrow.t t_List) -> [ &_10 <- _ret ] [ &l <- _ret.final ] s1) - | s1 = take_some_rest {_10} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_9 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_List) -> [ &_13 <- _ret ] [ &l <- _ret.final ] s1) + | s1 = take_some_rest {_13} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_12 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = [ &ma <- _9.f0 ] s1 - | s1 = [ &ml <- _9.f1 ] s2 + [ s0 = [ &ma <- _12.f0 ] s1 + | s1 = [ &ml <- _12.f1 ] s2 | s2 = MutBorrow.borrow_final {ml.current} {MutBorrow.get_id ml} - (fun (_ret: MutBorrow.t t_List) -> [ &_13 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s3) - | s3 = take_some_rest {_13} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_12 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_List) -> [ &_16 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s3) + | s3 = take_some_rest {_16} (fun (_ret: tup2_ref_u32_ref_List) -> [ &_15 <- _ret ] s4) | s4 = bb3 ] | bb3 = s0 - [ s0 = -{resolve_ref_List _12.f1}- s1 - | s1 = [ &mb <- _12.f0 ] s2 + [ s0 = -{resolve_ref_List _15.f1}- s1 + | s1 = [ &mb <- _15.f0 ] s2 | s2 = UInt32.add {ma.current} {j} (fun (_ret: UInt32.t) -> [ &ma <- { ma with current = _ret } ] s3) | s3 = -{resolve_ref_u32 ma}- s4 | s4 = UInt32.add {mb.current} {k} (fun (_ret: UInt32.t) -> [ &mb <- { mb with current = _ret } ] s5) | s5 = -{resolve_ref_u32 mb}- s6 | s6 = -{resolve_ref_List ml}- s7 - | s7 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_18 <- _ret ] s8) + | s7 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_21 <- _ret ] s8) | s8 = bb4 ] | bb4 = s0 - [ s0 = UInt32.add {sum0} {j} (fun (_ret: UInt32.t) -> [ &_21 <- _ret ] s1) - | s1 = UInt32.add {_21} {k} (fun (_ret: UInt32.t) -> [ &_20 <- _ret ] s2) - | s2 = [ &_17 <- _18 = _20 ] s3 - | s3 = any [ br0 -> {_17 = false} (! bb6) | br1 -> {_17} (! bb7) ] ] + [ s0 = UInt32.add {sum0} {j} (fun (_ret: UInt32.t) -> [ &_24 <- _ret ] s1) + | s1 = UInt32.add {_24} {k} (fun (_ret: UInt32.t) -> [ &_23 <- _ret ] s2) + | s2 = [ &_20 <- _21 = _23 ] s3 + | s3 = any [ br0 -> {_20 = false} (! bb6) | br1 -> {_20} (! bb7) ] ] | bb7 = return {_0} | bb6 = {false} any ] [ & _0: () = Any.any_l () @@ -234,13 +234,13 @@ module M_inc_some_2_list | & sum0: UInt32.t = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () | & ml: MutBorrow.t t_List = Any.any_l () - | & _9: tup2_ref_u32_ref_List = Any.any_l () - | & _10: MutBorrow.t t_List = Any.any_l () - | & mb: MutBorrow.t UInt32.t = Any.any_l () | & _12: tup2_ref_u32_ref_List = Any.any_l () | & _13: MutBorrow.t t_List = Any.any_l () - | & _17: bool = Any.any_l () - | & _18: UInt32.t = Any.any_l () - | & _20: UInt32.t = Any.any_l () - | & _21: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & mb: MutBorrow.t UInt32.t = Any.any_l () + | & _15: tup2_ref_u32_ref_List = Any.any_l () + | & _16: MutBorrow.t t_List = Any.any_l () + | & _20: bool = Any.any_l () + | & _21: UInt32.t = Any.any_l () + | & _23: UInt32.t = Any.any_l () + | & _24: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_some_2_tree.coma b/tests/should_succeed/rusthorn/inc_some_2_tree.coma index dbbad9b567..0f51403f96 100644 --- a/tests/should_succeed/rusthorn/inc_some_2_tree.coma +++ b/tests/should_succeed/rusthorn/inc_some_2_tree.coma @@ -63,22 +63,22 @@ module M_impl_Tree__sum_x (* Tree *) | s1 = elim_Node {self} (fun (r0: t_Tree) (r1: UInt32.t) (r2: t_Tree) -> [ &a <- r1 ] s2) | s2 = elim_Node {self} (fun (r0: t_Tree) (r1: UInt32.t) (r2: t_Tree) -> [ &tr <- r2 ] s3) | s3 = {[@expl:assertion] let _ = lemma_sum_nonneg tl in let _ = lemma_sum_nonneg tr in true} s4 - | s4 = sum_x {tl} (fun (_ret: UInt32.t) -> [ &_11 <- _ret ] s5) + | s4 = sum_x {tl} (fun (_ret: UInt32.t) -> [ &_15 <- _ret ] s5) | s5 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {_11} {a} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s1) - | s1 = sum_x {tr} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s2) + [ s0 = UInt32.add {_15} {a} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s1) + | s1 = sum_x {tr} (fun (_ret: UInt32.t) -> [ &_18 <- _ret ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = UInt32.add {_14} {_18} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] | bb7 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & self: t_Tree = self | & tl: t_Tree = Any.any_l () | & a: UInt32.t = Any.any_l () | & tr: t_Tree = Any.any_l () - | & _10: UInt32.t = Any.any_l () - | & _11: UInt32.t = Any.any_l () - | & _14: UInt32.t = Any.any_l () ]) + | & _14: UInt32.t = Any.any_l () + | & _15: UInt32.t = Any.any_l () + | & _18: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:sum_x ensures] UInt32.t'int result = sum self} (! return {result}) ] end module M_impl_Tree__take_some_rest (* Tree *) @@ -150,47 +150,47 @@ module M_impl_Tree__take_some_rest (* Tree *) (fun (_ret: MutBorrow.t t_Tree) -> [ &mtr <- _ret ] [ &self <- { self with current = Node r0 r1 _ret.final } ] s3)) | s3 = {[@expl:assertion] let _ = lemma_sum_nonneg mtl.current in let _ = lemma_sum_nonneg mtr.current in true} s4 - | s4 = random (fun (_ret: bool) -> [ &_11 <- _ret ] s5) + | s4 = random (fun (_ret: bool) -> [ &_16 <- _ret ] s5) | s5 = bb5 ] - | bb5 = any [ br0 -> {_11 = false} (! bb11) | br1 -> {_11} (! bb6) ] + | bb5 = any [ br0 -> {_16 = false} (! bb11) | br1 -> {_16} (! bb6) ] | bb6 = s0 [ s0 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s1) - | s1 = random (fun (_ret: bool) -> [ &_15 <- _ret ] s2) + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s1) + | s1 = random (fun (_ret: bool) -> [ &_20 <- _ret ] s2) | s2 = bb7 ] - | bb7 = any [ br0 -> {_15 = false} (! bb9) | br1 -> {_15} (! bb8) ] + | bb7 = any [ br0 -> {_20 = false} (! bb9) | br1 -> {_20} (! bb8) ] | bb8 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtr}- s1 | s1 = MutBorrow.borrow_final {mtl.current} {MutBorrow.get_id mtl} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_16 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_14 <- _ret ] [ &_16 <- { _16 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_Tree _16}- s4 + (fun (_ret: MutBorrow.t t_Tree) -> [ &_21 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t t_Tree) -> [ &_19 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_Tree _21}- s4 | s4 = bb10 ] | bb9 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtl}- s1 | s1 = MutBorrow.borrow_final {mtr.current} {MutBorrow.get_id mtr} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_14 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_19 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) | s2 = bb10 ] | bb10 = s0 - [ s0 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_13 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s1) - | s1 = [ &_0 <- { f0 = _12; f1 = _13 } ] s2 - | s2 = -{resolve_ref_Tree _14}- s3 + [ s0 = MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + (fun (_ret: MutBorrow.t t_Tree) -> [ &_18 <- _ret ] [ &_19 <- { _19 with current = _ret.final } ] s1) + | s1 = [ &_0 <- { f0 = _17; f1 = _18 } ] s2 + | s2 = -{resolve_ref_Tree _19}- s3 | s3 = bb18 ] - | bb11 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = random (fun (_ret: bool) -> [ &_17 <- _ret ] s2) | s2 = bb12 ] - | bb12 = any [ br0 -> {_17 = false} (! bb15) | br1 -> {_17} (! bb13) ] + | bb11 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = random (fun (_ret: bool) -> [ &_22 <- _ret ] s2) | s2 = bb12 ] + | bb12 = any [ br0 -> {_22 = false} (! bb15) | br1 -> {_22} (! bb13) ] | bb13 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtr}- s1 | s1 = MutBorrow.borrow_final {mtl.current} {MutBorrow.get_id mtl} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_18 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) - | s2 = take_some_rest {_18} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_0 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_23 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) + | s2 = take_some_rest {_23} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_0 <- _ret ] s3) | s3 = bb18 ] | bb15 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtl}- s1 | s1 = MutBorrow.borrow_final {mtr.current} {MutBorrow.get_id mtr} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_19 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) - | s2 = take_some_rest {_19} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_0 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_24 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) + | s2 = take_some_rest {_24} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_0 <- _ret ] s3) | s3 = bb18 ] | bb18 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtr}- s1 @@ -203,15 +203,15 @@ module M_impl_Tree__take_some_rest (* Tree *) | & mtl: MutBorrow.t t_Tree = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () | & mtr: MutBorrow.t t_Tree = Any.any_l () - | & _11: bool = Any.any_l () - | & _12: MutBorrow.t UInt32.t = Any.any_l () - | & _13: MutBorrow.t t_Tree = Any.any_l () - | & _14: MutBorrow.t t_Tree = Any.any_l () - | & _15: bool = Any.any_l () - | & _16: MutBorrow.t t_Tree = Any.any_l () - | & _17: bool = Any.any_l () + | & _16: bool = Any.any_l () + | & _17: MutBorrow.t UInt32.t = Any.any_l () | & _18: MutBorrow.t t_Tree = Any.any_l () - | & _19: MutBorrow.t t_Tree = Any.any_l () ]) + | & _19: MutBorrow.t t_Tree = Any.any_l () + | & _20: bool = Any.any_l () + | & _21: MutBorrow.t t_Tree = Any.any_l () + | & _22: bool = Any.any_l () + | & _23: MutBorrow.t t_Tree = Any.any_l () + | & _24: MutBorrow.t t_Tree = Any.any_l () ]) [ return (result: tup2_ref_u32_ref_Tree) -> {[@expl:take_some_rest ensures #0] sum self.final - sum self.current = UInt32.t'int result.f0.final + sum result.f1.final - UInt32.t'int result.f0.current - sum result.f1.current} {[@expl:take_some_rest ensures #1] UInt32.t'int result.f0.current <= sum self.current} @@ -261,31 +261,31 @@ module M_inc_some_2_tree [ bb0 = s0 [ s0 = sum_x {t} (fun (_ret: UInt32.t) -> [ &sum0 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {t} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_10 <- _ret ] [ &t <- _ret.final ] s1) - | s1 = take_some_rest {_10} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_9 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_13 <- _ret ] [ &t <- _ret.final ] s1) + | s1 = take_some_rest {_13} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_12 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 - [ s0 = [ &ma <- _9.f0 ] s1 - | s1 = [ &mt <- _9.f1 ] s2 + [ s0 = [ &ma <- _12.f0 ] s1 + | s1 = [ &mt <- _12.f1 ] s2 | s2 = MutBorrow.borrow_final {mt.current} {MutBorrow.get_id mt} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_13 <- _ret ] [ &mt <- { mt with current = _ret.final } ] s3) - | s3 = take_some_rest {_13} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_12 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_16 <- _ret ] [ &mt <- { mt with current = _ret.final } ] s3) + | s3 = take_some_rest {_16} (fun (_ret: tup2_ref_u32_ref_Tree) -> [ &_15 <- _ret ] s4) | s4 = bb3 ] | bb3 = s0 - [ s0 = -{resolve_ref_Tree _12.f1}- s1 - | s1 = [ &mb <- _12.f0 ] s2 + [ s0 = -{resolve_ref_Tree _15.f1}- s1 + | s1 = [ &mb <- _15.f0 ] s2 | s2 = UInt32.add {ma.current} {j} (fun (_ret: UInt32.t) -> [ &ma <- { ma with current = _ret } ] s3) | s3 = -{resolve_ref_u32 ma}- s4 | s4 = UInt32.add {mb.current} {k} (fun (_ret: UInt32.t) -> [ &mb <- { mb with current = _ret } ] s5) | s5 = -{resolve_ref_u32 mb}- s6 | s6 = -{resolve_ref_Tree mt}- s7 - | s7 = sum_x {t} (fun (_ret: UInt32.t) -> [ &_18 <- _ret ] s8) + | s7 = sum_x {t} (fun (_ret: UInt32.t) -> [ &_21 <- _ret ] s8) | s8 = bb4 ] | bb4 = s0 - [ s0 = UInt32.add {sum0} {j} (fun (_ret: UInt32.t) -> [ &_21 <- _ret ] s1) - | s1 = UInt32.add {_21} {k} (fun (_ret: UInt32.t) -> [ &_20 <- _ret ] s2) - | s2 = [ &_17 <- _18 = _20 ] s3 - | s3 = any [ br0 -> {_17 = false} (! bb6) | br1 -> {_17} (! bb7) ] ] + [ s0 = UInt32.add {sum0} {j} (fun (_ret: UInt32.t) -> [ &_24 <- _ret ] s1) + | s1 = UInt32.add {_24} {k} (fun (_ret: UInt32.t) -> [ &_23 <- _ret ] s2) + | s2 = [ &_20 <- _21 = _23 ] s3 + | s3 = any [ br0 -> {_20 = false} (! bb6) | br1 -> {_20} (! bb7) ] ] | bb7 = return {_0} | bb6 = {false} any ] [ & _0: () = Any.any_l () @@ -295,13 +295,13 @@ module M_inc_some_2_tree | & sum0: UInt32.t = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () | & mt: MutBorrow.t t_Tree = Any.any_l () - | & _9: tup2_ref_u32_ref_Tree = Any.any_l () - | & _10: MutBorrow.t t_Tree = Any.any_l () - | & mb: MutBorrow.t UInt32.t = Any.any_l () | & _12: tup2_ref_u32_ref_Tree = Any.any_l () | & _13: MutBorrow.t t_Tree = Any.any_l () - | & _17: bool = Any.any_l () - | & _18: UInt32.t = Any.any_l () - | & _20: UInt32.t = Any.any_l () - | & _21: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & mb: MutBorrow.t UInt32.t = Any.any_l () + | & _15: tup2_ref_u32_ref_Tree = Any.any_l () + | & _16: MutBorrow.t t_Tree = Any.any_l () + | & _20: bool = Any.any_l () + | & _21: UInt32.t = Any.any_l () + | & _23: UInt32.t = Any.any_l () + | & _24: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_some_list.coma b/tests/should_succeed/rusthorn/inc_some_list.coma index c752cb1f90..ae3073ac39 100644 --- a/tests/should_succeed/rusthorn/inc_some_list.coma +++ b/tests/should_succeed/rusthorn/inc_some_list.coma @@ -49,15 +49,15 @@ module M_impl_List__sum_x (* List *) | bb4 = s0 [ s0 = elim_Cons {self} (fun (r0: UInt32.t) (r1: t_List) -> [ &a <- r0 ] s1) | s1 = elim_Cons {self} (fun (r0: UInt32.t) (r1: t_List) -> [ &l <- r1 ] s2) - | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_8 <- _ret ] s3) + | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = UInt32.add {a} {_8} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = UInt32.add {a} {_10} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb6 ] | bb6 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & self: t_List = self | & a: UInt32.t = Any.any_l () | & l: t_List = Any.any_l () - | & _8: UInt32.t = Any.any_l () ]) + | & _10: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:sum_x ensures] UInt32.t'int result = sum self} (! return {result}) ] end module M_impl_List__take_some (* List *) @@ -118,41 +118,41 @@ module M_impl_List__take_some (* List *) MutBorrow.borrow_final {r1} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_List) -> [ &ml <- _ret ] [ &self <- { self with current = Cons r0 _ret.final } ] s2)) - | s2 = [ &_10 <- lemma_sum_nonneg ml.current ] s3 + | s2 = [ &_12 <- lemma_sum_nonneg ml.current ] s3 | s3 = bb5 ] - | bb5 = s0 [ s0 = random (fun (_ret: bool) -> [ &_13 <- _ret ] s1) | s1 = bb6 ] - | bb6 = any [ br0 -> {_13 = false} (! bb8) | br1 -> {_13} (! bb7) ] + | bb5 = s0 [ s0 = random (fun (_ret: bool) -> [ &_16 <- _ret ] s1) | s1 = bb6 ] + | bb6 = any [ br0 -> {_16 = false} (! bb8) | br1 -> {_16} (! bb7) ] | bb7 = s0 [ s0 = -{resolve_ref_Box_List_Global ml}- s1 | s1 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_14 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) - | s2 = MutBorrow.borrow_final {_14.current} {MutBorrow.get_id _14} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &_14 <- { _14 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _14}- s4 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s2) + | s2 = MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_15 <- _ret ] [ &_17 <- { _17 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _17}- s4 | s4 = bb10 ] | bb8 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = MutBorrow.borrow_final {ml.current} {MutBorrow.get_id ml} - (fun (_ret: MutBorrow.t t_List) -> [ &_16 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) - | s2 = take_some {_16} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_15 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_List) -> [ &_19 <- _ret ] [ &ml <- { ml with current = _ret.final } ] s2) + | s2 = take_some {_19} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_18 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = MutBorrow.borrow_final {_15.current} {MutBorrow.get_id _15} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &_15 <- { _15 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _15}- s2 + [ s0 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_15 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _18}- s2 | s2 = bb10 ] | bb10 = s0 - [ s0 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_9 <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _12}- s2 - | s2 = MutBorrow.borrow_final {_9.current} {MutBorrow.get_id _9} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_9 <- { _9 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _9}- s4 + [ s0 = MutBorrow.borrow_final {_15.current} {MutBorrow.get_id _15} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_11 <- _ret ] [ &_15 <- { _15 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _15}- s2 + | s2 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _11}- s4 | s4 = -{resolve_ref_Box_List_Global ml}- s5 | s5 = -{resolve_ref_u32 ma}- s6 - | s6 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_2 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s7) - | s7 = -{resolve_ref_u32 _5}- s8 + | s6 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_2 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s7) + | s7 = -{resolve_ref_u32 _7}- s8 | s8 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s9) | s9 = -{resolve_ref_u32 _2}- s10 @@ -161,16 +161,16 @@ module M_impl_List__take_some (* List *) [ & _0: MutBorrow.t UInt32.t = Any.any_l () | & self: MutBorrow.t t_List = self | & _2: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _7: MutBorrow.t UInt32.t = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () | & ml: MutBorrow.t t_List = Any.any_l () - | & _9: MutBorrow.t UInt32.t = Any.any_l () - | & _10: () = Any.any_l () - | & _12: MutBorrow.t UInt32.t = Any.any_l () - | & _13: bool = Any.any_l () - | & _14: MutBorrow.t UInt32.t = Any.any_l () + | & _11: MutBorrow.t UInt32.t = Any.any_l () + | & _12: () = Any.any_l () | & _15: MutBorrow.t UInt32.t = Any.any_l () - | & _16: MutBorrow.t t_List = Any.any_l () ]) + | & _16: bool = Any.any_l () + | & _17: MutBorrow.t UInt32.t = Any.any_l () + | & _18: MutBorrow.t UInt32.t = Any.any_l () + | & _19: MutBorrow.t t_List = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:take_some ensures #0] sum self.final - sum self.current = UInt32.t'int result.final - UInt32.t'int result.current} {[@expl:take_some ensures #1] UInt32.t'int result.current <= sum self.current} @@ -213,18 +213,18 @@ module M_inc_some_list [ bb0 = s0 [ s0 = sum_x {l} (fun (_ret: UInt32.t) -> [ &sum0 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {l} - (fun (_ret: MutBorrow.t t_List) -> [ &_7 <- _ret ] [ &l <- _ret.final ] s1) - | s1 = take_some {_7} (fun (_ret: MutBorrow.t UInt32.t) -> [ &ma <- _ret ] s2) + (fun (_ret: MutBorrow.t t_List) -> [ &_9 <- _ret ] [ &l <- _ret.final ] s1) + | s1 = take_some {_9} (fun (_ret: MutBorrow.t UInt32.t) -> [ &ma <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = UInt32.add {ma.current} {k} (fun (_ret: UInt32.t) -> [ &ma <- { ma with current = _ret } ] s1) | s1 = -{resolve_ref_u32 ma}- s2 - | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_11 <- _ret ] s3) + | s2 = sum_x {l} (fun (_ret: UInt32.t) -> [ &_13 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = UInt32.add {sum0} {k} (fun (_ret: UInt32.t) -> [ &_13 <- _ret ] s1) - | s1 = [ &_10 <- _11 = _13 ] s2 - | s2 = any [ br0 -> {_10 = false} (! bb5) | br1 -> {_10} (! bb6) ] ] + [ s0 = UInt32.add {sum0} {k} (fun (_ret: UInt32.t) -> [ &_15 <- _ret ] s1) + | s1 = [ &_12 <- _13 = _15 ] s2 + | s2 = any [ br0 -> {_12 = false} (! bb5) | br1 -> {_12} (! bb6) ] ] | bb6 = return {_0} | bb5 = {false} any ] [ & _0: () = Any.any_l () @@ -232,8 +232,8 @@ module M_inc_some_list | & k: UInt32.t = k | & sum0: UInt32.t = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () - | & _7: MutBorrow.t t_List = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: UInt32.t = Any.any_l () - | & _13: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: MutBorrow.t t_List = Any.any_l () + | & _12: bool = Any.any_l () + | & _13: UInt32.t = Any.any_l () + | & _15: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/rusthorn/inc_some_tree.coma b/tests/should_succeed/rusthorn/inc_some_tree.coma index c99c613300..1a6eb9f7ba 100644 --- a/tests/should_succeed/rusthorn/inc_some_tree.coma +++ b/tests/should_succeed/rusthorn/inc_some_tree.coma @@ -63,22 +63,22 @@ module M_impl_Tree__sum_x (* Tree *) | s1 = elim_Node {self} (fun (r0: t_Tree) (r1: UInt32.t) (r2: t_Tree) -> [ &a <- r1 ] s2) | s2 = elim_Node {self} (fun (r0: t_Tree) (r1: UInt32.t) (r2: t_Tree) -> [ &tr <- r2 ] s3) | s3 = {[@expl:assertion] let _ = lemma_sum_nonneg tl in let _ = lemma_sum_nonneg tr in true} s4 - | s4 = sum_x {tl} (fun (_ret: UInt32.t) -> [ &_11 <- _ret ] s5) + | s4 = sum_x {tl} (fun (_ret: UInt32.t) -> [ &_15 <- _ret ] s5) | s5 = bb5 ] | bb5 = s0 - [ s0 = UInt32.add {_11} {a} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s1) - | s1 = sum_x {tr} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s2) + [ s0 = UInt32.add {_15} {a} (fun (_ret: UInt32.t) -> [ &_14 <- _ret ] s1) + | s1 = sum_x {tr} (fun (_ret: UInt32.t) -> [ &_18 <- _ret ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = UInt32.add {_10} {_14} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = UInt32.add {_14} {_18} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] | bb7 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & self: t_Tree = self | & tl: t_Tree = Any.any_l () | & a: UInt32.t = Any.any_l () | & tr: t_Tree = Any.any_l () - | & _10: UInt32.t = Any.any_l () - | & _11: UInt32.t = Any.any_l () - | & _14: UInt32.t = Any.any_l () ]) + | & _14: UInt32.t = Any.any_l () + | & _15: UInt32.t = Any.any_l () + | & _18: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:sum_x ensures] UInt32.t'int result = sum self} (! return {result}) ] end module M_impl_Tree__take_some (* Tree *) @@ -148,58 +148,58 @@ module M_impl_Tree__take_some (* Tree *) (fun (_ret: MutBorrow.t t_Tree) -> [ &mtr <- _ret ] [ &self <- { self with current = Node r0 r1 _ret.final } ] s3)) | s3 = {[@expl:assertion] let _ = lemma_sum_nonneg mtl.current in let _ = lemma_sum_nonneg mtr.current in true} s4 - | s4 = random (fun (_ret: bool) -> [ &_14 <- _ret ] s5) + | s4 = random (fun (_ret: bool) -> [ &_18 <- _ret ] s5) | s5 = bb5 ] - | bb5 = any [ br0 -> {_14 = false} (! bb7) | br1 -> {_14} (! bb6) ] + | bb5 = any [ br0 -> {_18 = false} (! bb7) | br1 -> {_18} (! bb6) ] | bb6 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtr}- s1 | s1 = -{resolve_ref_Box_Tree_Global mtl}- s2 | s2 = MutBorrow.borrow_final {ma.current} {MutBorrow.get_id ma} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_15 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s3) - | s3 = MutBorrow.borrow_final {_15.current} {MutBorrow.get_id _15} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_13 <- _ret ] [ &_15 <- { _15 with current = _ret.final } ] s4) - | s4 = -{resolve_ref_u32 _15}- s5 + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_19 <- _ret ] [ &ma <- { ma with current = _ret.final } ] s3) + | s3 = MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &_19 <- { _19 with current = _ret.final } ] s4) + | s4 = -{resolve_ref_u32 _19}- s5 | s5 = bb14 ] - | bb7 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = random (fun (_ret: bool) -> [ &_16 <- _ret ] s2) | s2 = bb8 ] - | bb8 = any [ br0 -> {_16 = false} (! bb11) | br1 -> {_16} (! bb9) ] + | bb7 = s0 [ s0 = -{resolve_ref_u32 ma}- s1 | s1 = random (fun (_ret: bool) -> [ &_20 <- _ret ] s2) | s2 = bb8 ] + | bb8 = any [ br0 -> {_20 = false} (! bb11) | br1 -> {_20} (! bb9) ] | bb9 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtr}- s1 | s1 = MutBorrow.borrow_final {mtl.current} {MutBorrow.get_id mtl} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_19 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) - | s2 = take_some {_19} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_18 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_23 <- _ret ] [ &mtl <- { mtl with current = _ret.final } ] s2) + | s2 = take_some {_23} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_22 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = MutBorrow.borrow_final {_18.current} {MutBorrow.get_id _18} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &_18 <- { _18 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _18}- s2 - | s2 = MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_13 <- _ret ] [ &_17 <- { _17 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _17}- s4 + [ s0 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _22}- s2 + | s2 = MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &_21 <- { _21 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _21}- s4 | s4 = bb14 ] | bb11 = s0 [ s0 = -{resolve_ref_Box_Tree_Global mtl}- s1 | s1 = MutBorrow.borrow_final {mtr.current} {MutBorrow.get_id mtr} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_21 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) - | s2 = take_some {_21} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_25 <- _ret ] [ &mtr <- { mtr with current = _ret.final } ] s2) + | s2 = take_some {_25} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_24 <- _ret ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_13 <- _ret ] [ &_20 <- { _20 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _20}- s2 + [ s0 = MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_17 <- _ret ] [ &_24 <- { _24 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _24}- s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = MutBorrow.borrow_final {_13.current} {MutBorrow.get_id _13} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_10 <- _ret ] [ &_13 <- { _13 with current = _ret.final } ] s1) - | s1 = -{resolve_ref_u32 _13}- s2 - | s2 = MutBorrow.borrow_final {_10.current} {MutBorrow.get_id _10} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_5 <- _ret ] [ &_10 <- { _10 with current = _ret.final } ] s3) - | s3 = -{resolve_ref_u32 _10}- s4 + [ s0 = MutBorrow.borrow_final {_17.current} {MutBorrow.get_id _17} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_12 <- _ret ] [ &_17 <- { _17 with current = _ret.final } ] s1) + | s1 = -{resolve_ref_u32 _17}- s2 + | s2 = MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_7 <- _ret ] [ &_12 <- { _12 with current = _ret.final } ] s3) + | s3 = -{resolve_ref_u32 _12}- s4 | s4 = -{resolve_ref_Box_Tree_Global mtr}- s5 | s5 = -{resolve_ref_u32 ma}- s6 | s6 = -{resolve_ref_Box_Tree_Global mtl}- s7 - | s7 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} - (fun (_ret: MutBorrow.t UInt32.t) -> [ &_2 <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s8) - | s8 = -{resolve_ref_u32 _5}- s9 + | s7 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + (fun (_ret: MutBorrow.t UInt32.t) -> [ &_2 <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s8) + | s8 = -{resolve_ref_u32 _7}- s9 | s9 = MutBorrow.borrow_final {_2.current} {MutBorrow.get_id _2} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_0 <- _ret ] [ &_2 <- { _2 with current = _ret.final } ] s10) | s10 = -{resolve_ref_u32 _2}- s11 @@ -208,20 +208,20 @@ module M_impl_Tree__take_some (* Tree *) [ & _0: MutBorrow.t UInt32.t = Any.any_l () | & self: MutBorrow.t t_Tree = self | & _2: MutBorrow.t UInt32.t = Any.any_l () - | & _5: MutBorrow.t UInt32.t = Any.any_l () + | & _7: MutBorrow.t UInt32.t = Any.any_l () | & mtl: MutBorrow.t t_Tree = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () | & mtr: MutBorrow.t t_Tree = Any.any_l () - | & _10: MutBorrow.t UInt32.t = Any.any_l () - | & _13: MutBorrow.t UInt32.t = Any.any_l () - | & _14: bool = Any.any_l () - | & _15: MutBorrow.t UInt32.t = Any.any_l () - | & _16: bool = Any.any_l () + | & _12: MutBorrow.t UInt32.t = Any.any_l () | & _17: MutBorrow.t UInt32.t = Any.any_l () - | & _18: MutBorrow.t UInt32.t = Any.any_l () - | & _19: MutBorrow.t t_Tree = Any.any_l () - | & _20: MutBorrow.t UInt32.t = Any.any_l () - | & _21: MutBorrow.t t_Tree = Any.any_l () ]) + | & _18: bool = Any.any_l () + | & _19: MutBorrow.t UInt32.t = Any.any_l () + | & _20: bool = Any.any_l () + | & _21: MutBorrow.t UInt32.t = Any.any_l () + | & _22: MutBorrow.t UInt32.t = Any.any_l () + | & _23: MutBorrow.t t_Tree = Any.any_l () + | & _24: MutBorrow.t UInt32.t = Any.any_l () + | & _25: MutBorrow.t t_Tree = Any.any_l () ]) [ return (result: MutBorrow.t UInt32.t) -> {[@expl:take_some ensures #0] sum self.final - sum self.current = UInt32.t'int result.final - UInt32.t'int result.current} {[@expl:take_some ensures #1] UInt32.t'int result.current <= sum self.current} @@ -264,18 +264,18 @@ module M_inc_some_tree [ bb0 = s0 [ s0 = sum_x {t} (fun (_ret: UInt32.t) -> [ &sum0 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = MutBorrow.borrow_mut {t} - (fun (_ret: MutBorrow.t t_Tree) -> [ &_7 <- _ret ] [ &t <- _ret.final ] s1) - | s1 = take_some {_7} (fun (_ret: MutBorrow.t UInt32.t) -> [ &ma <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Tree) -> [ &_9 <- _ret ] [ &t <- _ret.final ] s1) + | s1 = take_some {_9} (fun (_ret: MutBorrow.t UInt32.t) -> [ &ma <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = UInt32.add {ma.current} {k} (fun (_ret: UInt32.t) -> [ &ma <- { ma with current = _ret } ] s1) | s1 = -{resolve_ref_u32 ma}- s2 - | s2 = sum_x {t} (fun (_ret: UInt32.t) -> [ &_11 <- _ret ] s3) + | s2 = sum_x {t} (fun (_ret: UInt32.t) -> [ &_13 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 - [ s0 = UInt32.add {sum0} {k} (fun (_ret: UInt32.t) -> [ &_13 <- _ret ] s1) - | s1 = [ &_10 <- _11 = _13 ] s2 - | s2 = any [ br0 -> {_10 = false} (! bb5) | br1 -> {_10} (! bb6) ] ] + [ s0 = UInt32.add {sum0} {k} (fun (_ret: UInt32.t) -> [ &_15 <- _ret ] s1) + | s1 = [ &_12 <- _13 = _15 ] s2 + | s2 = any [ br0 -> {_12 = false} (! bb5) | br1 -> {_12} (! bb6) ] ] | bb6 = return {_0} | bb5 = {false} any ] [ & _0: () = Any.any_l () @@ -283,8 +283,8 @@ module M_inc_some_tree | & k: UInt32.t = k | & sum0: UInt32.t = Any.any_l () | & ma: MutBorrow.t UInt32.t = Any.any_l () - | & _7: MutBorrow.t t_Tree = Any.any_l () - | & _10: bool = Any.any_l () - | & _11: UInt32.t = Any.any_l () - | & _13: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _9: MutBorrow.t t_Tree = Any.any_l () + | & _12: bool = Any.any_l () + | & _13: UInt32.t = Any.any_l () + | & _15: UInt32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/selection_sort_generic.coma b/tests/should_succeed/selection_sort_generic.coma index a7be434a31..215c8bd957 100644 --- a/tests/should_succeed/selection_sort_generic.coma +++ b/tests/should_succeed/selection_sort_generic.coma @@ -305,10 +305,10 @@ module M_selection_sort {[@expl:selection_sort 'v' type invariant] inv_ref_Vec_T_Global'0 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_7 <- { start = (0: UInt64.t); end' = _8 } ] s1 - | s1 = into_iter_Range_usize {_7} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_10 <- { start = (0: UInt64.t); end' = _11 } ] s1 + | s1 = into_iter_Range_usize {_10} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb5 ] @@ -326,29 +326,29 @@ module M_selection_sort [ s0 = bb7 ] [ bb7 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_25 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_41 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_24 <- _ret ] [ &_25 <- { _25 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_24} (fun (_ret: t_Option_usize) -> [ &_23 <- _ret ] s3) + [ &_40 <- _ret ] [ &_41 <- { _41 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_40} (fun (_ret: t_Option_usize) -> [ &_39 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve_ref_Range_usize _25}- s1 - | s1 = any [ br0 -> {_23 = None} (! bb11) | br1 (x0: UInt64.t) -> {_23 = Some x0} (! bb12) ] ] + [ s0 = -{resolve_ref_Range_usize _41}- s1 + | s1 = any [ br0 -> {_39 = None} (! bb11) | br1 (x0: UInt64.t) -> {_39 = Some x0} (! bb12) ] ] | bb12 = s0 - [ s0 = elim_Some {_23} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_28 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_39} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_44 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _28 ] s1 + [ s0 = [ &produced <- _44 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = [ &min <- i ] s3 - | s3 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_35 <- _ret ] s4) - | s4 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_37 <- _ret ] s5) + | s3 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_53 <- _ret ] s4) + | s4 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_55 <- _ret ] s5) | s5 = bb14 ] | bb14 = s0 - [ s0 = [ &_34 <- { start = _35; end' = _37 } ] s1 - | s1 = into_iter_Range_usize {_34} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) + [ s0 = [ &_52 <- { start = _53; end' = _55 } ] s1 + | s1 = into_iter_Range_usize {_52} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = [ &iter_old'0 <- iter'0 ] s1 | s1 = bb16 ] | bb16 = s0 [ s0 = [ &produced'0 <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb18 ] @@ -365,48 +365,48 @@ module M_selection_sort [ s0 = bb19 ] [ bb19 = s0 [ s0 = MutBorrow.borrow_mut {iter'0} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_51 <- _ret ] [ &iter'0 <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_51.current} {MutBorrow.get_id _51} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_82 <- _ret ] [ &iter'0 <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_82.current} {MutBorrow.get_id _82} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_50 <- _ret ] [ &_51 <- { _51 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_50} (fun (_ret: t_Option_usize) -> [ &_49 <- _ret ] s3) + [ &_81 <- _ret ] [ &_82 <- { _82 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_81} (fun (_ret: t_Option_usize) -> [ &_80 <- _ret ] s3) | s3 = bb20 ] | bb20 = s0 - [ s0 = -{resolve_ref_Range_usize _51}- s1 - | s1 = any [ br0 -> {_49 = None} (! bb23) | br1 (x0: UInt64.t) -> {_49 = Some x0} (! bb24) ] ] + [ s0 = -{resolve_ref_Range_usize _82}- s1 + | s1 = any [ br0 -> {_80 = None} (! bb23) | br1 (x0: UInt64.t) -> {_80 = Some x0} (! bb24) ] ] | bb24 = s0 - [ s0 = elim_Some {_49} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) - | s1 = [ &_54 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 + [ s0 = elim_Some {_80} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) + | s1 = [ &_85 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 | s2 = bb25 ] | bb25 = s0 - [ s0 = [ &produced'0 <- _54 ] s1 + [ s0 = [ &produced'0 <- _85 ] s1 | s1 = [ &j <- __creusot_proc_iter_elem'0 ] s2 - | s2 = index_Vec_T_Global'0 {v.current} {j} (fun (_ret: t_T) -> [ &_59 <- _ret ] s3) + | s2 = index_Vec_T_Global'0 {v.current} {j} (fun (_ret: t_T) -> [ &_92 <- _ret ] s3) | s3 = bb26 ] | bb26 = s0 - [ s0 = index_Vec_T_Global'0 {v.current} {min} (fun (_ret: t_T) -> [ &_63 <- _ret ] s1) | s1 = bb27 ] - | bb27 = s0 [ s0 = lt_T {_59} {_63} (fun (_ret: bool) -> [ &_57 <- _ret ] s1) | s1 = bb28 ] - | bb28 = any [ br0 -> {_57 = false} (! bb18) | br1 -> {_57} (! bb29) ] + [ s0 = index_Vec_T_Global'0 {v.current} {min} (fun (_ret: t_T) -> [ &_96 <- _ret ] s1) | s1 = bb27 ] + | bb27 = s0 [ s0 = lt_T {_92} {_96} (fun (_ret: bool) -> [ &_90 <- _ret ] s1) | s1 = bb28 ] + | bb28 = any [ br0 -> {_90 = false} (! bb18) | br1 -> {_90} (! bb29) ] | bb29 = s0 [ s0 = [ &min <- j ] s1 | s1 = bb18 ] ] ] | bb23 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_71 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_104 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = deref_mut_Vec_T_Global {_71} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_70 <- _ret ] s2) + | s1 = deref_mut_Vec_T_Global {_104} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_103 <- _ret ] s2) | s2 = bb32 ] | bb32 = s0 - [ s0 = {inv_slice_T _70.current} - MutBorrow.borrow_final {_70.current} {MutBorrow.get_id _70} + [ s0 = {inv_slice_T _103.current} + MutBorrow.borrow_final {_103.current} {MutBorrow.get_id _103} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_69 <- _ret ] -{inv_slice_T _ret.final}- - [ &_70 <- { _70 with current = _ret.final } ] s1) - | s1 = swap_T {_69} {i} {min} (fun (_ret: ()) -> [ &_68 <- _ret ] s2) + [ &_102 <- _ret ] -{inv_slice_T _ret.final}- + [ &_103 <- { _103 with current = _ret.final } ] s1) + | s1 = swap_T {_102} {i} {min} (fun (_ret: ()) -> [ &_101 <- _ret ] s2) | s2 = bb33 ] | bb33 = s0 - [ s0 = {[@expl:type invariant] inv_ref_slice_T _70} s1 - | s1 = -{resolve_ref_slice_T _70}- s2 + [ s0 = {[@expl:type invariant] inv_ref_slice_T _103} s1 + | s1 = -{resolve_ref_slice_T _103}- s2 | s2 = {[@expl:assertion] let i'0 = Seq.length produced in forall k1: int, k2: int. 0 <= k1 /\ k1 < i'0 /\ i'0 <= k2 /\ k2 < Seq.length (deep_model_ref_Vec_T_Global v) -> le_log_DeepModelTy (Seq.get (deep_model_ref_Vec_T_Global v) k1) (Seq.get (deep_model_ref_Vec_T_Global v) k2)} @@ -420,36 +420,36 @@ module M_selection_sort | & v: MutBorrow.t t_Vec_T_Global = v | & old_v: MutBorrow.t t_Vec_T_Global = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _7: t_Range_usize = Any.any_l () - | & _8: UInt64.t = Any.any_l () + | & _10: t_Range_usize = Any.any_l () + | & _11: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _23: t_Option_usize = Any.any_l () - | & _24: MutBorrow.t t_Range_usize = Any.any_l () - | & _25: MutBorrow.t t_Range_usize = Any.any_l () + | & _39: t_Option_usize = Any.any_l () + | & _40: MutBorrow.t t_Range_usize = Any.any_l () + | & _41: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _28: Seq.seq UInt64.t = Any.any_l () + | & _44: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & min: UInt64.t = Any.any_l () | & iter'0: t_Range_usize = Any.any_l () - | & _34: t_Range_usize = Any.any_l () - | & _35: UInt64.t = Any.any_l () - | & _37: UInt64.t = Any.any_l () + | & _52: t_Range_usize = Any.any_l () + | & _53: UInt64.t = Any.any_l () + | & _55: UInt64.t = Any.any_l () | & iter_old'0: t_Range_usize = Any.any_l () | & produced'0: Seq.seq UInt64.t = Any.any_l () - | & _49: t_Option_usize = Any.any_l () - | & _50: MutBorrow.t t_Range_usize = Any.any_l () - | & _51: MutBorrow.t t_Range_usize = Any.any_l () + | & _80: t_Option_usize = Any.any_l () + | & _81: MutBorrow.t t_Range_usize = Any.any_l () + | & _82: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem'0: UInt64.t = Any.any_l () - | & _54: Seq.seq UInt64.t = Any.any_l () + | & _85: Seq.seq UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _57: bool = Any.any_l () - | & _59: t_T = Any.any_l () - | & _63: t_T = Any.any_l () - | & _68: () = Any.any_l () - | & _69: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _70: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _71: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _90: bool = Any.any_l () + | & _92: t_T = Any.any_l () + | & _96: t_T = Any.any_l () + | & _101: () = Any.any_l () + | & _102: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _103: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _104: MutBorrow.t t_Vec_T_Global = Any.any_l () | & old_6_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:selection_sort ensures #0] sorted_DeepModelTy (deep_model_Vec_T_Global v.final)} {[@expl:selection_sort ensures #1] permutation_of_T (view_Vec_T_Global v.final) (view_Vec_T_Global v.current)} diff --git a/tests/should_succeed/slices/01.coma b/tests/should_succeed/slices/01.coma index 695b3c7337..f257c58066 100644 --- a/tests/should_succeed/slices/01.coma +++ b/tests/should_succeed/slices/01.coma @@ -14,17 +14,17 @@ module M_index_slice < Seq.length (Slice64.view a)} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- (10: UInt64.t) ] s1 - | s1 = [ &_4 <- Slice64.length a ] s2 - | s2 = [ &_5 <- UInt64.lt _3 _4 ] s3 - | s3 = {[@expl:index in bounds] _5} s4 + [ s0 = [ &_4 <- (10: UInt64.t) ] s1 + | s1 = [ &_5 <- Slice64.length a ] s2 + | s2 = [ &_6 <- UInt64.lt _4 _5 ] s3 + | s3 = {[@expl:index in bounds] _6} s4 | s4 = bb1 ] - | bb1 = s0 [ s0 = Slice64.get {a} {_3} (fun (r: UInt32.t) -> [ &_0 <- r ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = Slice64.get {a} {_4} (fun (r: UInt32.t) -> [ &_0 <- r ] s1) | s1 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & a: Slice64.slice UInt32.t = a - | & _3: UInt64.t = Any.any_l () | & _4: UInt64.t = Any.any_l () - | & _5: bool = Any.any_l () ]) [ return (result: UInt32.t) -> (! return {result}) ] + | & _5: UInt64.t = Any.any_l () + | & _6: bool = Any.any_l () ]) [ return (result: UInt32.t) -> (! return {result}) ] end module M_index_mut_slice use creusot.int.UInt64 @@ -52,24 +52,24 @@ module M_index_mut_slice {[@expl:index_mut_slice requires] Seq.length (Slice64.view a.current) = 5} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- (2: UInt64.t) ] s1 + [ s0 = [ &_6 <- (2: UInt64.t) ] s1 | s1 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length a.current}- [ &_5 <- _ptr ] s2) - | s2 = [ &_6 <- Slice64.slice_ptr_len _5 ] s3 - | s3 = [ &_7 <- UInt64.lt _4 _6 ] s4 - | s4 = {[@expl:index in bounds] _7} s5 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length a.current}- [ &_7 <- _ptr ] s2) + | s2 = [ &_8 <- Slice64.slice_ptr_len _7 ] s3 + | s3 = [ &_9 <- UInt64.lt _6 _8 ] s4 + | s4 = {[@expl:index in bounds] _9} s5 | s5 = bb1 ] | bb1 = s0 - [ s0 = Slice64.set {a.current} {_4} {(3: UInt32.t)} + [ s0 = Slice64.set {a.current} {_6} {(3: UInt32.t)} (fun (r: Slice64.slice UInt32.t) -> [ &a <- { a with current = r } ] s1) | s1 = -{resolve_ref_slice_u32 a}- s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & a: MutBorrow.t (Slice64.slice UInt32.t) = a - | & _4: UInt64.t = Any.any_l () - | & _5: Opaque.ptr = Any.any_l () | & _6: UInt64.t = Any.any_l () - | & _7: bool = Any.any_l () ]) + | & _7: Opaque.ptr = Any.any_l () + | & _8: UInt64.t = Any.any_l () + | & _9: bool = Any.any_l () ]) [ return (result: ()) -> {[@expl:index_mut_slice ensures] UInt32.t'int (index_slice_u32 a.final 2) = 3} (! return {result}) ] end @@ -146,27 +146,27 @@ module M_slice_first let rec slice_first_T (a: Slice64.slice t_T) (return (x: t_Option_ref_T)) = {[@expl:slice_first 'a' type invariant] inv_ref_slice_T a} (! bb0 - [ bb0 = s0 [ s0 = len_T {a} (fun (_ret: UInt64.t) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len_T {a} (fun (_ret: UInt64.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_3 <- UInt64.gt _4 (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb2) ] ] + [ s0 = [ &_4 <- UInt64.gt _5 (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &_8 <- (0: UInt64.t) ] s1 - | s1 = [ &_9 <- Slice64.length a ] s2 - | s2 = [ &_10 <- UInt64.lt _8 _9 ] s3 - | s3 = {[@expl:index in bounds] _10} s4 + [ s0 = [ &_9 <- (0: UInt64.t) ] s1 + | s1 = [ &_10 <- Slice64.length a ] s2 + | s2 = [ &_11 <- UInt64.lt _9 _10 ] s3 + | s3 = {[@expl:index in bounds] _11} s4 | s4 = bb3 ] | bb3 = s0 - [ s0 = Slice64.get {a} {_8} (fun (r: t_T) -> [ &_7 <- r ] s1) | s1 = [ &_0 <- Some _7 ] s2 | s2 = bb5 ] + [ s0 = Slice64.get {a} {_9} (fun (r: t_T) -> [ &_8 <- r ] s1) | s1 = [ &_0 <- Some _8 ] s2 | s2 = bb5 ] | bb4 = s0 [ s0 = [ &_0 <- None ] s1 | s1 = bb5 ] | bb5 = return {_0} ] [ & _0: t_Option_ref_T = Any.any_l () | & a: Slice64.slice t_T = a - | & _3: bool = Any.any_l () - | & _4: UInt64.t = Any.any_l () - | & _7: t_T = Any.any_l () - | & _8: UInt64.t = Any.any_l () + | & _4: bool = Any.any_l () + | & _5: UInt64.t = Any.any_l () + | & _8: t_T = Any.any_l () | & _9: UInt64.t = Any.any_l () - | & _10: bool = Any.any_l () ]) + | & _10: UInt64.t = Any.any_l () + | & _11: bool = Any.any_l () ]) [ return (result: t_Option_ref_T) -> {[@expl:slice_first result type invariant] inv_Option_ref_T result} {[@expl:slice_first ensures] match result with | Some v -> v = index_slice_T a 0 diff --git a/tests/should_succeed/slices/02_std.coma b/tests/should_succeed/slices/02_std.coma index 097b21ccfe..6feff9d159 100644 --- a/tests/should_succeed/slices/02_std.coma +++ b/tests/should_succeed/slices/02_std.coma @@ -119,16 +119,16 @@ module M_binary_search [ bb0 = s0 [ s0 = bb0'0 [ bb0'0 = s0'0 [ s0'0 = [ &_0'0 <- (2: UInt32.t) ] s1'0 | s1'0 = _const_ret {_0'0} ] ] - [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_12 <- _const ] s1 ] - | s1 = [ &_8 <- _12 ] s2 - | s2 = binary_search_u32 {s} {_8} (fun (_ret: t_Result_usize_usize) -> [ &_5 <- _ret ] s3) + [ & _0'0: UInt32.t = Any.any_l () ] [ _const_ret (_const: UInt32.t) -> [ &_15 <- _const ] s1 ] + | s1 = [ &_10 <- _15 ] s2 + | s2 = binary_search_u32 {s} {_10} (fun (_ret: t_Result_usize_usize) -> [ &_7 <- _ret ] s3) | s3 = bb1 ] - | bb1 = s0 [ s0 = unwrap_usize {_5} (fun (_ret: UInt64.t) -> [ &ix <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = unwrap_usize {_7} (fun (_ret: UInt64.t) -> [ &ix <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = {[@expl:assertion] UInt64.t'int ix < 5} s1 | s1 = [ &_0 <- ix ] s2 | s2 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & s: Slice64.slice UInt32.t = s | & ix: UInt64.t = Any.any_l () - | & _5: t_Result_usize_usize = Any.any_l () - | & _8: UInt32.t = Any.any_l () - | & _12: UInt32.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _7: t_Result_usize_usize = Any.any_l () + | & _10: UInt32.t = Any.any_l () + | & _15: UInt32.t = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end diff --git a/tests/should_succeed/slices/range.coma b/tests/should_succeed/slices/range.coma index 66ffbbf745..77100c0887 100644 --- a/tests/should_succeed/slices/range.coma +++ b/tests/should_succeed/slices/range.coma @@ -87,54 +87,54 @@ module M_slice_range_inclusive [ bb0 = s0 [ s0 = MutBorrow.borrow_final {a.current} {MutBorrow.get_id a} (fun (_ret: MutBorrow.t (Slice64.slice UInt32.t)) -> - [ &_6 <- _ret ] [ &a <- { a with current = _ret.final } ] s1) - | s1 = new_usize {(1: UInt64.t)} {(2: UInt64.t)} (fun (_ret: t_RangeInclusive_usize) -> [ &_7 <- _ret ] s2) + [ &_8 <- _ret ] [ &a <- { a with current = _ret.final } ] s1) + | s1 = new_usize {(1: UInt64.t)} {(2: UInt64.t)} (fun (_ret: t_RangeInclusive_usize) -> [ &_9 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = index_mut_slice_u32 {_6} {_7} (fun (_ret: MutBorrow.t (Slice64.slice UInt32.t)) -> [ &_5 <- _ret ] s1) + [ s0 = index_mut_slice_u32 {_8} {_9} (fun (_ret: MutBorrow.t (Slice64.slice UInt32.t)) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + [ s0 = MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} (fun (_ret: MutBorrow.t (Slice64.slice UInt32.t)) -> - [ &s <- _ret ] [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = [ &_8 <- (0: UInt64.t) ] s2 + [ &s <- _ret ] [ &_7 <- { _7 with current = _ret.final } ] s1) + | s1 = [ &_10 <- (0: UInt64.t) ] s2 | s2 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length s.current}- [ &_9 <- _ptr ] s3) - | s3 = [ &_10 <- Slice64.slice_ptr_len _9 ] s4 - | s4 = [ &_11 <- UInt64.lt _8 _10 ] s5 - | s5 = {[@expl:index in bounds] _11} s6 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length s.current}- [ &_11 <- _ptr ] s3) + | s3 = [ &_12 <- Slice64.slice_ptr_len _11 ] s4 + | s4 = [ &_13 <- UInt64.lt _10 _12 ] s5 + | s5 = {[@expl:index in bounds] _13} s6 | s6 = bb3 ] | bb3 = s0 - [ s0 = Slice64.set {s.current} {_8} {(1: UInt32.t)} + [ s0 = Slice64.set {s.current} {_10} {(1: UInt32.t)} (fun (r: Slice64.slice UInt32.t) -> [ &s <- { s with current = r } ] s1) - | s1 = [ &_12 <- (1: UInt64.t) ] s2 + | s1 = [ &_14 <- (1: UInt64.t) ] s2 | s2 = Opaque.fresh_ptr - (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length s.current}- [ &_13 <- _ptr ] s3) - | s3 = [ &_14 <- Slice64.slice_ptr_len _13 ] s4 - | s4 = [ &_15 <- UInt64.lt _12 _14 ] s5 - | s5 = {[@expl:index in bounds] _15} s6 + (fun (_ptr: Opaque.ptr) -> -{Slice64.slice_ptr_len _ptr = Slice64.length s.current}- [ &_15 <- _ptr ] s3) + | s3 = [ &_16 <- Slice64.slice_ptr_len _15 ] s4 + | s4 = [ &_17 <- UInt64.lt _14 _16 ] s5 + | s5 = {[@expl:index in bounds] _17} s6 | s6 = bb4 ] | bb4 = s0 - [ s0 = Slice64.set {s.current} {_12} {(1: UInt32.t)} + [ s0 = Slice64.set {s.current} {_14} {(1: UInt32.t)} (fun (r: Slice64.slice UInt32.t) -> [ &s <- { s with current = r } ] s1) | s1 = -{resolve_ref_slice_u32 s}- s2 - | s2 = -{resolve_ref_slice_u32 _5}- s3 + | s2 = -{resolve_ref_slice_u32 _7}- s3 | s3 = -{resolve_ref_slice_u32 a}- s4 | s4 = return {_0} ] ] [ & _0: () = Any.any_l () | & a: MutBorrow.t (Slice64.slice UInt32.t) = a | & s: MutBorrow.t (Slice64.slice UInt32.t) = Any.any_l () - | & _5: MutBorrow.t (Slice64.slice UInt32.t) = Any.any_l () - | & _6: MutBorrow.t (Slice64.slice UInt32.t) = Any.any_l () - | & _7: t_RangeInclusive_usize = Any.any_l () - | & _8: UInt64.t = Any.any_l () - | & _9: Opaque.ptr = Any.any_l () + | & _7: MutBorrow.t (Slice64.slice UInt32.t) = Any.any_l () + | & _8: MutBorrow.t (Slice64.slice UInt32.t) = Any.any_l () + | & _9: t_RangeInclusive_usize = Any.any_l () | & _10: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () + | & _11: Opaque.ptr = Any.any_l () | & _12: UInt64.t = Any.any_l () - | & _13: Opaque.ptr = Any.any_l () + | & _13: bool = Any.any_l () | & _14: UInt64.t = Any.any_l () - | & _15: bool = Any.any_l () ]) + | & _15: Opaque.ptr = Any.any_l () + | & _16: UInt64.t = Any.any_l () + | & _17: bool = Any.any_l () ]) [ return (result: ()) -> {[@expl:slice_range_inclusive ensures] Slice64.view a.final = Seq.create 4 [|(0: UInt32.t);(1: UInt32.t);(1: UInt32.t);(0: UInt32.t)|]} (! return {result}) ] diff --git a/tests/should_succeed/spans.coma b/tests/should_succeed/spans.coma index 64982732c7..35bf64d117 100644 --- a/tests/should_succeed/spans.coma +++ b/tests/should_succeed/spans.coma @@ -45,15 +45,15 @@ module M_bar [#"spans.rs" 24 0 24 33] (! [ &variant_old_bb1 <- [%#sspans] UInt64.t'int i ] s0) [ s0 = bb2 ] [ bb2 = s0 - [ s0 = [ &_8 <- UInt64.lt ([%#sspans'1] (0: UInt64.t)) i ] s1 - | s1 = any [ br0 -> {_8 = false} (! bb4) | br1 -> {_8} (! bb3) ] ] + [ s0 = [ &_11 <- UInt64.lt ([%#sspans'1] (0: UInt64.t)) i ] s1 + | s1 = any [ br0 -> {_11 = false} (! bb4) | br1 -> {_11} (! bb3) ] ] | bb3 = s0 [ s0 = UInt64.sub [%#sspans'3] {i} {[%#sspans'2] (1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb1 ] ] ] | bb4 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & i: UInt64.t = i - | & _8: bool = Any.any_l () + | & _11: bool = Any.any_l () | & variant_old_bb1: int = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_baz [#"spans.rs" 37 0 37 25] @@ -117,10 +117,10 @@ module M_impl_NonNeg__decr [#"spans.rs" 60 4 60 29] (* NonNeg *) (! bb0 [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_NonNeg self} s1 - | s1 = UInt64.sub [%#sspans'0] {self.f0} {[%#sspans] (1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_4 <- _ret ] s2) - | s2 = [ &_0 <- { f0 = _4 } ] s3 + | s1 = UInt64.sub [%#sspans'0] {self.f0} {[%#sspans] (1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_6 <- _ret ] s2) + | s2 = [ &_0 <- { f0 = _6 } ] s3 | s3 = return {_0} ] ] - [ & _0: t_NonNeg = Any.any_l () | & self: t_NonNeg = self | & _4: UInt64.t = Any.any_l () ]) + [ & _0: t_NonNeg = Any.any_l () | & self: t_NonNeg = self | & _6: UInt64.t = Any.any_l () ]) [ return (result: t_NonNeg) -> {[@expl:decr result type invariant] [%#sspans'3] inv_NonNeg result} {[@expl:decr ensures] [%#sspans'4] UInt64.t'int result.f0 = UInt64.t'int self.f0 - 1} (! return {result}) ] @@ -174,13 +174,13 @@ module M_quux [#"spans.rs" 68 0 68 32] {[@expl:quux requires] [%#sspans'4] 0 <= UInt64.t'int i.f0} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- i.f0 = ([%#sspans] (0: UInt64.t)) ] s1 - | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] + [ s0 = [ &_6 <- i.f0 = ([%#sspans] (0: UInt64.t)) ] s1 + | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- i ] s1 | s1 = bb5 ] - | bb2 = s0 [ s0 = decr [%#sspans'0] {i} (fun (_ret: t_NonNeg) -> [ &_6 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = quux [%#sspans'1] {_6} (fun (_ret: t_NonNeg) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] + | bb2 = s0 [ s0 = decr [%#sspans'0] {i} (fun (_ret: t_NonNeg) -> [ &_8 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = quux [%#sspans'1] {_8} (fun (_ret: t_NonNeg) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] | bb5 = return {_0} ] - [ & _0: t_NonNeg = Any.any_l () | & i: t_NonNeg = i | & _4: bool = Any.any_l () | & _6: t_NonNeg = Any.any_l () ] + [ & _0: t_NonNeg = Any.any_l () | & i: t_NonNeg = i | & _6: bool = Any.any_l () | & _8: t_NonNeg = Any.any_l () ] [ quux (i: t_NonNeg) (_ret (_r: t_NonNeg)) -> {[@expl:function variant] well_founded_relation_Int function_variant ([%#sspans'2] UInt64.t'int i.f0)} quux {i} (_ret) ] [ function_variant: int = [%#sspans'2] UInt64.t'int i.f0 ]) diff --git a/tests/should_succeed/sparse_array.coma b/tests/should_succeed/sparse_array.coma index de3932888b..a43cc8eed0 100644 --- a/tests/should_succeed/sparse_array.coma +++ b/tests/should_succeed/sparse_array.coma @@ -288,30 +288,30 @@ module M_impl_Sparse_T__get (* Sparse *) {[@expl:get requires] UInt64.t'int i < UInt64.t'int const_SIZE} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- i ] s1 - | s1 = [ &_8 <- UInt64.lt _7 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _8} s3 + [ s0 = [ &_12 <- i ] s1 + | s1 = [ &_13 <- UInt64.lt _12 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _13} s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Slice64.get {self.idx} {_7} (fun (r: UInt64.t) -> [ &index <- r ] s1) - | s1 = [ &_9 <- UInt64.lt index self.n ] s2 - | s2 = any [ br0 -> {_9 = false} (! bb8) | br1 -> {_9} (! bb2) ] ] + [ s0 = Slice64.get {self.idx} {_12} (fun (r: UInt64.t) -> [ &index <- r ] s1) + | s1 = [ &_14 <- UInt64.lt index self.n ] s2 + | s2 = any [ br0 -> {_14 = false} (! bb8) | br1 -> {_14} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &_14 <- index ] s1 - | s1 = [ &_15 <- UInt64.lt _14 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _15} s3 + [ s0 = [ &_19 <- index ] s1 + | s1 = [ &_20 <- UInt64.lt _19 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _20} s3 | s3 = bb3 ] | bb3 = s0 - [ s0 = Slice64.get {self.back} {_14} (fun (r: UInt64.t) -> [ &_12 <- r = i ] s1) - | s1 = any [ br0 -> {_12 = false} (! bb8) | br1 -> {_12} (! bb4) ] ] + [ s0 = Slice64.get {self.back} {_19} (fun (r: UInt64.t) -> [ &_17 <- r = i ] s1) + | s1 = any [ br0 -> {_17 = false} (! bb8) | br1 -> {_17} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_19 <- i ] s1 - | s1 = [ &_20 <- UInt64.lt _19 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _20} s3 + [ s0 = [ &_24 <- i ] s1 + | s1 = [ &_25 <- UInt64.lt _24 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _25} s3 | s3 = bb5 ] | bb5 = s0 - [ s0 = Slice64.get {self.values} {_19} (fun (r: t_T) -> [ &_18 <- r ] s1) - | s1 = [ &_0 <- Some _18 ] s2 + [ s0 = Slice64.get {self.values} {_24} (fun (r: t_T) -> [ &_23 <- r ] s1) + | s1 = [ &_0 <- Some _23 ] s2 | s2 = bb9 ] | bb8 = s0 [ s0 = [ &_0 <- None ] s1 | s1 = bb9 ] | bb9 = return {_0} ] @@ -319,15 +319,15 @@ module M_impl_Sparse_T__get (* Sparse *) | & self: t_Sparse_T = self | & i: UInt64.t = i | & index: UInt64.t = Any.any_l () - | & _7: UInt64.t = Any.any_l () - | & _8: bool = Any.any_l () - | & _9: bool = Any.any_l () - | & _12: bool = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _15: bool = Any.any_l () - | & _18: t_T = Any.any_l () + | & _12: UInt64.t = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: bool = Any.any_l () + | & _17: bool = Any.any_l () | & _19: UInt64.t = Any.any_l () - | & _20: bool = Any.any_l () ]) + | & _20: bool = Any.any_l () + | & _23: t_T = Any.any_l () + | & _24: UInt64.t = Any.any_l () + | & _25: bool = Any.any_l () ]) [ return (result: t_Option_ref_T) -> {[@expl:get result type invariant] inv_Option_ref_T result} {[@expl:get ensures #0] match result with | None -> Seq.get (view_Sparse_T self) (UInt64.t'int i) = None'0 @@ -882,51 +882,51 @@ module M_impl_Sparse_T__set (* Sparse *) {[@expl:set requires] UInt64.t'int i < UInt64.t'int const_SIZE} (! bb0 [ bb0 = s0 - [ s0 = [ &_8 <- i ] s1 - | s1 = [ &_9 <- UInt64.lt _8 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _9} s3 + [ s0 = [ &_14 <- i ] s1 + | s1 = [ &_15 <- UInt64.lt _14 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _15} s3 | s3 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_T (index_array_T_n self.current.values _8)} s1 - | s1 = -{resolve_T (index_array_T_n self.current.values _8)}- s2 - | s2 = Slice64.set {self.current.values} {_8} {v} + [ s0 = {[@expl:type invariant] inv_T (index_array_T_n self.current.values _14)} s1 + | s1 = -{resolve_T (index_array_T_n self.current.values _14)}- s2 + | s2 = Slice64.set {self.current.values} {_14} {v} (fun (r: Slice64.array t_T) -> [ &self <- { self with current = { self.current with values = r } } ] s3) | s3 = bb4 ] | bb4 = s0 - [ s0 = [ &_11 <- i ] s1 - | s1 = [ &_12 <- UInt64.lt _11 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _12} s3 + [ s0 = [ &_17 <- i ] s1 + | s1 = [ &_18 <- UInt64.lt _17 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _18} s3 | s3 = bb5 ] | bb5 = s0 - [ s0 = Slice64.get {self.current.idx} {_11} (fun (r: UInt64.t) -> [ &index <- r ] s1) - | s1 = [ &_13 <- UInt64.lt index self.current.n ] s2 - | s2 = any [ br0 -> {_13 = false} (! bb11) | br1 -> {_13} (! bb6) ] ] + [ s0 = Slice64.get {self.current.idx} {_17} (fun (r: UInt64.t) -> [ &index <- r ] s1) + | s1 = [ &_19 <- UInt64.lt index self.current.n ] s2 + | s2 = any [ br0 -> {_19 = false} (! bb11) | br1 -> {_19} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_18 <- index ] s1 - | s1 = [ &_19 <- UInt64.lt _18 const_SIZE ] s2 - | s2 = {[@expl:index in bounds] _19} s3 + [ s0 = [ &_24 <- index ] s1 + | s1 = [ &_25 <- UInt64.lt _24 const_SIZE ] s2 + | s2 = {[@expl:index in bounds] _25} s3 | s3 = bb7 ] | bb7 = s0 - [ s0 = Slice64.get {self.current.back} {_18} (fun (r: UInt64.t) -> [ &_16 <- r = i ] s1) - | s1 = any [ br0 -> {_16 = false} (! bb11) | br1 -> {_16} (! bb8) ] ] + [ s0 = Slice64.get {self.current.back} {_24} (fun (r: UInt64.t) -> [ &_22 <- r = i ] s1) + | s1 = any [ br0 -> {_22 = false} (! bb11) | br1 -> {_22} (! bb8) ] ] | bb8 = s0 [ s0 = {[@expl:type invariant] inv_ref_Sparse_T self} s1 | s1 = -{resolve_ref_Sparse_T self}- s2 | s2 = bb16 ] - | bb11 = s0 [ s0 = [ &_21 <- () ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_27 <- () ] s1 | s1 = bb12 ] | bb12 = s0 [ s0 = {[@expl:assertion] UInt64.t'int self.current.n < UInt64.t'int const_SIZE} s1 - | s1 = [ &_26 <- i ] s2 - | s2 = [ &_27 <- UInt64.lt _26 const_SIZE ] s3 - | s3 = {[@expl:index in bounds] _27} s4 + | s1 = [ &_33 <- i ] s2 + | s2 = [ &_34 <- UInt64.lt _33 const_SIZE ] s3 + | s3 = {[@expl:index in bounds] _34} s4 | s4 = bb13 ] | bb13 = s0 - [ s0 = Slice64.set {self.current.idx} {_26} {self.current.n} + [ s0 = Slice64.set {self.current.idx} {_33} {self.current.n} (fun (r: Slice64.array UInt64.t) -> [ &self <- { self with current = { self.current with idx = r } } ] s1) - | s1 = [ &_29 <- self.current.n ] s2 - | s2 = [ &_30 <- UInt64.lt _29 const_SIZE ] s3 - | s3 = {[@expl:index in bounds] _30} s4 + | s1 = [ &_36 <- self.current.n ] s2 + | s2 = [ &_37 <- UInt64.lt _36 const_SIZE ] s3 + | s3 = {[@expl:index in bounds] _37} s4 | s4 = bb14 ] | bb14 = s0 - [ s0 = Slice64.set {self.current.back} {_29} {i} + [ s0 = Slice64.set {self.current.back} {_36} {i} (fun (r: Slice64.array UInt64.t) -> [ &self <- { self with current = { self.current with back = r } } ] s1) | s1 = UInt64.add {self.current.n} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &self <- { self with current = { self.current with n = _ret } } ] s2) @@ -938,20 +938,20 @@ module M_impl_Sparse_T__set (* Sparse *) | & self: MutBorrow.t t_Sparse_T = self | & i: UInt64.t = i | & v: t_T = v - | & _8: UInt64.t = Any.any_l () - | & _9: bool = Any.any_l () + | & _14: UInt64.t = Any.any_l () + | & _15: bool = Any.any_l () | & index: UInt64.t = Any.any_l () - | & _11: UInt64.t = Any.any_l () - | & _12: bool = Any.any_l () - | & _13: bool = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: UInt64.t = Any.any_l () + | & _17: UInt64.t = Any.any_l () + | & _18: bool = Any.any_l () | & _19: bool = Any.any_l () - | & _21: () = Any.any_l () - | & _26: UInt64.t = Any.any_l () - | & _27: bool = Any.any_l () - | & _29: UInt64.t = Any.any_l () - | & _30: bool = Any.any_l () ]) + | & _22: bool = Any.any_l () + | & _24: UInt64.t = Any.any_l () + | & _25: bool = Any.any_l () + | & _27: () = Any.any_l () + | & _33: UInt64.t = Any.any_l () + | & _34: bool = Any.any_l () + | & _36: UInt64.t = Any.any_l () + | & _37: bool = Any.any_l () ]) [ return (result: ()) -> {[@expl:set ensures #0] forall j: int. 0 <= j /\ j < UInt64.t'int const_SIZE /\ j <> UInt64.t'int i -> Seq.get (view_Sparse_T self.final) j = Seq.get (view_Sparse_T self.current) j} @@ -1330,25 +1330,25 @@ module M_f | s1 = {inv_Sparse_i32 a} MutBorrow.borrow_mut {a} (fun (_ret: MutBorrow.t t_Sparse_i32) -> - [ &_13 <- _ret ] -{inv_Sparse_i32 _ret.final}- + [ &_15 <- _ret ] -{inv_Sparse_i32 _ret.final}- [ &a <- _ret.final ] s2) - | s2 = set_i32 {_13} {(5: UInt64.t)} {(1: Int32.t)} (fun (_ret: ()) -> [ &_12 <- _ret ] s3) + | s2 = set_i32 {_15} {(5: UInt64.t)} {(1: Int32.t)} (fun (_ret: ()) -> [ &_14 <- _ret ] s3) | s3 = bb5 ] | bb5 = s0 [ s0 = {inv_Sparse_i32'0 b} MutBorrow.borrow_mut {b} (fun (_ret: MutBorrow.t t_Sparse_i32'0) -> - [ &_15 <- _ret ] -{inv_Sparse_i32'0 _ret.final}- + [ &_17 <- _ret ] -{inv_Sparse_i32'0 _ret.final}- [ &b <- _ret.final ] s1) - | s1 = set_i32'0 {_15} {(7: UInt64.t)} {(2: Int32.t)} (fun (_ret: ()) -> [ &_14 <- _ret ] s2) + | s1 = set_i32'0 {_17} {(7: UInt64.t)} {(2: Int32.t)} (fun (_ret: ()) -> [ &_16 <- _ret ] s2) | s2 = bb6 ] - | bb6 = s0 [ s0 = get_i32 {a} {(5: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_16 <- _ret ] s1) | s1 = bb7 ] + | bb6 = s0 [ s0 = get_i32 {a} {(5: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_18 <- _ret ] s1) | s1 = bb7 ] | bb7 = s0 - [ s0 = [ &x <- _16 ] s1 - | s1 = get_i32'0 {b} {(7: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_18 <- _ret ] s2) + [ s0 = [ &x <- _18 ] s1 + | s1 = get_i32'0 {b} {(7: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_20 <- _ret ] s2) | s2 = bb8 ] | bb8 = s0 - [ s0 = [ &y <- _18 ] s1 + [ s0 = [ &y <- _20 ] s1 | s1 = {[@expl:assertion] match x with | None'0 -> false | Some'0 z -> Int32.to_int z = 1 @@ -1359,53 +1359,53 @@ module M_f | Some'0 z -> Int32.to_int z = 2 end} s3 - | s3 = get_i32 {a} {(7: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_24 <- _ret ] s4) + | s3 = get_i32 {a} {(7: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_28 <- _ret ] s4) | s4 = bb9 ] | bb9 = s0 - [ s0 = [ &x <- _24 ] s1 - | s1 = get_i32'0 {b} {(5: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_26 <- _ret ] s2) + [ s0 = [ &x <- _28 ] s1 + | s1 = get_i32'0 {b} {(5: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_30 <- _ret ] s2) | s2 = bb10 ] | bb10 = s0 - [ s0 = [ &y <- _26 ] s1 + [ s0 = [ &y <- _30 ] s1 | s1 = {[@expl:assertion] x = None'0 /\ y = None'0} s2 - | s2 = get_i32 {a} {(0: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_30 <- _ret ] s3) + | s2 = get_i32 {a} {(0: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_36 <- _ret ] s3) | s3 = bb11 ] | bb11 = s0 - [ s0 = [ &x <- _30 ] s1 - | s1 = get_i32'0 {b} {(0: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_32 <- _ret ] s2) + [ s0 = [ &x <- _36 ] s1 + | s1 = get_i32'0 {b} {(0: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_38 <- _ret ] s2) | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &y <- _32 ] s1 + [ s0 = [ &y <- _38 ] s1 | s1 = {[@expl:assertion] x = None'0 /\ y = None'0} s2 | s2 = {[@expl:type invariant] inv_Sparse_i32 a} s3 | s3 = -{resolve_Sparse_i32'0 a}- s4 - | s4 = get_i32 {a} {(9: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_36 <- _ret ] s5) + | s4 = get_i32 {a} {(9: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_44 <- _ret ] s5) | s5 = bb13 ] | bb13 = s0 - [ s0 = [ &x <- _36 ] s1 + [ s0 = [ &x <- _44 ] s1 | s1 = {[@expl:type invariant] inv_Sparse_i32'0 b} s2 | s2 = -{resolve_Sparse_i32'2 b}- s3 - | s3 = get_i32'0 {b} {(9: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_38 <- _ret ] s4) + | s3 = get_i32'0 {b} {(9: UInt64.t)} (fun (_ret: t_Option_ref_i32) -> [ &_46 <- _ret ] s4) | s4 = bb14 ] - | bb14 = s0 [ s0 = [ &y <- _38 ] s1 | s1 = {[@expl:assertion] x = None'0 /\ y = None'0} s2 | s2 = return {_0} ] ] + | bb14 = s0 [ s0 = [ &y <- _46 ] s1 | s1 = {[@expl:assertion] x = None'0 /\ y = None'0} s2 | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & default: Int32.t = Any.any_l () | & a: t_Sparse_i32 = Any.any_l () | & b: t_Sparse_i32'0 = Any.any_l () | & x: t_Option_ref_i32 = Any.any_l () | & y: t_Option_ref_i32 = Any.any_l () - | & _12: () = Any.any_l () - | & _13: MutBorrow.t t_Sparse_i32 = Any.any_l () | & _14: () = Any.any_l () - | & _15: MutBorrow.t t_Sparse_i32'0 = Any.any_l () - | & _16: t_Option_ref_i32 = Any.any_l () + | & _15: MutBorrow.t t_Sparse_i32 = Any.any_l () + | & _16: () = Any.any_l () + | & _17: MutBorrow.t t_Sparse_i32'0 = Any.any_l () | & _18: t_Option_ref_i32 = Any.any_l () - | & _24: t_Option_ref_i32 = Any.any_l () - | & _26: t_Option_ref_i32 = Any.any_l () + | & _20: t_Option_ref_i32 = Any.any_l () + | & _28: t_Option_ref_i32 = Any.any_l () | & _30: t_Option_ref_i32 = Any.any_l () - | & _32: t_Option_ref_i32 = Any.any_l () | & _36: t_Option_ref_i32 = Any.any_l () - | & _38: t_Option_ref_i32 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _38: t_Option_ref_i32 = Any.any_l () + | & _44: t_Option_ref_i32 = Any.any_l () + | & _46: t_Option_ref_i32 = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_impl_Resolve_for_Sparse_T__resolve_coherence__refines (* as creusot_contracts::resolve::Resolve> *) use creusot.int.UInt64 diff --git a/tests/should_succeed/specification/division.coma b/tests/should_succeed/specification/division.coma index eae5b64193..3c53740ac0 100644 --- a/tests/should_succeed/specification/division.coma +++ b/tests/should_succeed/specification/division.coma @@ -9,14 +9,14 @@ module M_divide let rec divide (y: UInt32.t) (x: UInt32.t) (return (x'0: UInt32.t)) = {[@expl:divide requires] x <> (0: UInt32.t)} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- x ] s1 - | s1 = [ &_6 <- _5 = (0: UInt32.t) ] s2 - | s2 = {[@expl:division by zero] not _6} s3 + [ s0 = [ &_6 <- x ] s1 + | s1 = [ &_7 <- _6 = (0: UInt32.t) ] s2 + | s2 = {[@expl:division by zero] not _7} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt32.div {y} {_5} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt32.div {y} {_6} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & y: UInt32.t = y | & x: UInt32.t = x - | & _5: UInt32.t = Any.any_l () - | & _6: bool = Any.any_l () ]) [ return (result: UInt32.t) -> (! return {result}) ] + | & _6: UInt32.t = Any.any_l () + | & _7: bool = Any.any_l () ]) [ return (result: UInt32.t) -> (! return {result}) ] end diff --git a/tests/should_succeed/specification/erasure.coma b/tests/should_succeed/specification/erasure.coma index a20171186f..7ba3ea0c37 100644 --- a/tests/should_succeed/specification/erasure.coma +++ b/tests/should_succeed/specification/erasure.coma @@ -62,8 +62,8 @@ module M_quux2 meta "select_lsinst" "all" let rec quux2 (x: Int32.t) (y: int) (return (x'0: ())) = (! bb0 - [ bb0 = s0 [ s0 = foo2 {x} {y} (fun (_ret: Int32.t) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] | bb1 = return {_0} ] - [ & _0: () = Any.any_l () | & x: Int32.t = x | & y: int = y | & _4: Int32.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = foo2 {x} {y} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] | bb1 = return {_0} ] + [ & _0: () = Any.any_l () | & x: Int32.t = x | & y: int = y | & _5: Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_test_foo @@ -130,19 +130,19 @@ module M_test_foo2 [ bb0 = s0 [ s0 = foo {x} (fun (_ret: Int32.t) -> [ &a <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 [ s0 = foo2 {a} {y} (fun (_ret: Int32.t) -> [ &b <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = baz (fun (_ret: Int32.t) -> [ &c <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = [ &_12 <- c ] s1 | s1 = quux2 {_12} {y} (fun (_ret: ()) -> [ &_10 <- _ret ] s2) | s2 = bb4 ] + | bb3 = s0 [ s0 = [ &_13 <- c ] s1 | s1 = quux2 {_13} {y} (fun (_ret: ()) -> [ &_11 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = [ &_14 <- Int32.lt (-10: Int32.t) a ] s1 - | s1 = any [ br0 -> {_14 = false} (! bb13) | br1 -> {_14} (! bb5) ] ] + [ s0 = [ &_15 <- Int32.lt (-10: Int32.t) a ] s1 + | s1 = any [ br0 -> {_15 = false} (! bb13) | br1 -> {_15} (! bb5) ] ] | bb5 = s0 - [ s0 = [ &_16 <- Int32.lt a (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_16 = false} (! bb13) | br1 -> {_16} (! bb6) ] ] + [ s0 = [ &_17 <- Int32.lt a (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_17 = false} (! bb13) | br1 -> {_17} (! bb6) ] ] | bb6 = s0 - [ s0 = [ &_18 <- Int32.lt (-10: Int32.t) b ] s1 - | s1 = any [ br0 -> {_18 = false} (! bb13) | br1 -> {_18} (! bb7) ] ] + [ s0 = [ &_19 <- Int32.lt (-10: Int32.t) b ] s1 + | s1 = any [ br0 -> {_19 = false} (! bb13) | br1 -> {_19} (! bb7) ] ] | bb7 = s0 - [ s0 = [ &_20 <- Int32.lt b (10: Int32.t) ] s1 - | s1 = any [ br0 -> {_20 = false} (! bb13) | br1 -> {_20} (! bb8) ] ] + [ s0 = [ &_21 <- Int32.lt b (10: Int32.t) ] s1 + | s1 = any [ br0 -> {_21 = false} (! bb13) | br1 -> {_21} (! bb8) ] ] | bb8 = s0 [ s0 = Int32.add {a} {b} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s1) | s1 = bb14 ] | bb13 = s0 [ s0 = [ &_0 <- c ] s1 | s1 = bb14 ] | bb14 = return {_0} ] @@ -152,12 +152,12 @@ module M_test_foo2 | & a: Int32.t = Any.any_l () | & b: Int32.t = Any.any_l () | & c: Int32.t = Any.any_l () - | & _10: () = Any.any_l () - | & _12: Int32.t = Any.any_l () - | & _14: bool = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: bool = Any.any_l () - | & _20: bool = Any.any_l () ]) [ return (result: Int32.t) -> (! return {result}) ] + | & _11: () = Any.any_l () + | & _13: Int32.t = Any.any_l () + | & _15: bool = Any.any_l () + | & _17: bool = Any.any_l () + | & _19: bool = Any.any_l () + | & _21: bool = Any.any_l () ]) [ return (result: Int32.t) -> (! return {result}) ] end module M_impl_Tr_for_i32__takes_ref (* *) use creusot.int.Int32 @@ -208,8 +208,8 @@ module M_takes_ref_test2 meta "select_lsinst" "all" let rec takes_ref_test2 (x: Int32.t) (return (x'0: Int32.t)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- x ] s1 | s1 = takes_ref {_4} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] - | bb1 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & x: Int32.t = x | & _4: Int32.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = [ &_5 <- x ] s1 | s1 = takes_ref {_5} (fun (_ret: Int32.t) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] + | bb1 = return {_0} ] [ & _0: Int32.t = Any.any_l () | & x: Int32.t = x | & _5: Int32.t = Any.any_l () ]) [ return (result: Int32.t) -> (! return {result}) ] end module M_foog @@ -226,9 +226,9 @@ module M_foog meta "select_lsinst" "all" let rec foog (x: Int32.t) (return (x'0: tup2_i32_Ghost_i32)) = (! bb0 - [ bb0 = s0 [ s0 = new_i32 {x} (fun (_ret: Int32.t) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- { f0 = x; f1 = _4 } ] s1 | s1 = return {_0} ] ] - [ & _0: tup2_i32_Ghost_i32 = Any.any_l () | & x: Int32.t = x | & _4: Int32.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = new_i32 {x} (fun (_ret: Int32.t) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- { f0 = x; f1 = _5 } ] s1 | s1 = return {_0} ] ] + [ & _0: tup2_i32_Ghost_i32 = Any.any_l () | & x: Int32.t = x | & _5: Int32.t = Any.any_l () ]) [ return (result: tup2_i32_Ghost_i32) -> (! return {result}) ] end module M_test_ghost_fields @@ -261,12 +261,12 @@ module M_test_ghost_fields2 meta "select_lsinst" "all" let rec test_ghost_fields2 (x: Int32.t) (return (x'0: Int32.t)) = (! bb0 - [ bb0 = s0 [ s0 = foog {x} (fun (_ret: tup2_i32_Ghost_i32) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &a <- _4.f0 ] s1 | s1 = [ &_0 <- a ] s2 | s2 = return {_0} ] ] + [ bb0 = s0 [ s0 = foog {x} (fun (_ret: tup2_i32_Ghost_i32) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &a <- _5.f0 ] s1 | s1 = [ &_0 <- a ] s2 | s2 = return {_0} ] ] [ & _0: Int32.t = Any.any_l () | & x: Int32.t = x | & a: Int32.t = Any.any_l () - | & _4: tup2_i32_Ghost_i32 = Any.any_l () ]) [ return (result: Int32.t) -> (! return {result}) ] + | & _5: tup2_i32_Ghost_i32 = Any.any_l () ]) [ return (result: Int32.t) -> (! return {result}) ] end module M_test_ptr2 use creusot.prelude.Opaque @@ -359,9 +359,9 @@ module M_test_ptr2 {[@expl:test_ptr2 'own' type invariant] inv_Ghost_ref_PtrOwn_T own} {[@expl:test_ptr2 requires] false} (! bb0 - [ bb0 = s0 [ s0 = as_ref_T {x} {own} (fun (_ret: t_T) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &_0 <- _5 ] s1 | s1 = return {_0} ] ] - [ & _0: t_T = Any.any_l () | & x: Opaque.ptr = x | & own: t_PtrOwn_T = own | & _5: t_T = Any.any_l () ]) + [ bb0 = s0 [ s0 = as_ref_T {x} {own} (fun (_ret: t_T) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &_0 <- _6 ] s1 | s1 = return {_0} ] ] + [ & _0: t_T = Any.any_l () | & x: Opaque.ptr = x | & own: t_PtrOwn_T = own | & _6: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:test_ptr2 result type invariant] inv_ref_T result} (! return {result}) ] end module M_test_ptr_mut2 @@ -478,22 +478,22 @@ module M_test_ptr_mut2 {[@expl:test_ptr_mut2 'own' type invariant] inv_Ghost_ref_PtrOwn_T own} {[@expl:test_ptr_mut2 requires] false} (! bb0 - [ bb0 = s0 [ s0 = as_mut_T {x} {own} (fun (_ret: MutBorrow.t t_T) -> [ &_7 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = as_mut_T {x} {own} (fun (_ret: MutBorrow.t t_T) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = {inv_T _7.current} - MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} + [ s0 = {inv_T _8.current} + MutBorrow.borrow_final {_8.current} {MutBorrow.get_id _8} (fun (_ret: MutBorrow.t t_T) -> - [ &_6 <- _ret ] -{inv_T _ret.final}- - [ &_7 <- { _7 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_T'0 _7} s2 - | s2 = -{resolve_ref_T _7}- s3 - | s3 = {inv_T _6.current} - MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} + [ &_7 <- _ret ] -{inv_T _ret.final}- + [ &_8 <- { _8 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_T'0 _8} s2 + | s2 = -{resolve_ref_T _8}- s3 + | s3 = {inv_T _7.current} + MutBorrow.borrow_final {_7.current} {MutBorrow.get_id _7} (fun (_ret: MutBorrow.t t_T) -> [ &_3 <- _ret ] -{inv_T _ret.final}- - [ &_6 <- { _6 with current = _ret.final } ] s4) - | s4 = {[@expl:type invariant] inv_ref_T'0 _6} s5 - | s5 = -{resolve_ref_T _6}- s6 + [ &_7 <- { _7 with current = _ret.final } ] s4) + | s4 = {[@expl:type invariant] inv_ref_T'0 _7} s5 + | s5 = -{resolve_ref_T _7}- s6 | s6 = {inv_T _3.current} MutBorrow.borrow_final {_3.current} {MutBorrow.get_id _3} (fun (_ret: MutBorrow.t t_T) -> @@ -506,8 +506,8 @@ module M_test_ptr_mut2 | & x: Opaque.ptr = x | & own: MutBorrow.t t_PtrOwn_T = own | & _3: MutBorrow.t t_T = Any.any_l () - | & _6: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_T = Any.any_l () ]) + | & _7: MutBorrow.t t_T = Any.any_l () + | & _8: MutBorrow.t t_T = Any.any_l () ]) [ return (result: MutBorrow.t t_T) -> {[@expl:test_ptr_mut2 result type invariant] inv_ref_T'0 result} (! return {result}) ] end @@ -1083,15 +1083,15 @@ module M_slice_as_mut_ptr_own [ s0 = {inv_slice_T s.current} MutBorrow.borrow_final {s.current} {MutBorrow.get_id s} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_3 <- _ret ] -{inv_slice_T _ret.final}- + [ &_4 <- _ret ] -{inv_slice_T _ret.final}- [ &s <- { s with current = _ret.final } ] s1) - | s1 = as_mut_ptr_own_slice_T {_3} (fun (_ret: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T) -> [ &_0 <- _ret ] s2) + | s1 = as_mut_ptr_own_slice_T {_4} (fun (_ret: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T) -> [ &_0 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_slice_T s} s1 | s1 = -{resolve_ref_slice_T s}- s2 | s2 = return {_0} ] ] [ & _0: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T = Any.any_l () | & s: MutBorrow.t (Slice64.slice t_T) = s - | & _3: MutBorrow.t (Slice64.slice t_T) = Any.any_l () ]) + | & _4: MutBorrow.t (Slice64.slice t_T) = Any.any_l () ]) [ return (result: tup2_ptr_T_Ghost_ref_PtrOwn_slice_T) -> {[@expl:slice_as_mut_ptr_own result type invariant] inv_tup2_ptr_T_Ghost_ref_PtrOwn_slice_T result} (! return {result}) ] diff --git a/tests/should_succeed/sum.coma b/tests/should_succeed/sum.coma index da3d659347..374fd1f3a3 100644 --- a/tests/should_succeed/sum.coma +++ b/tests/should_succeed/sum.coma @@ -110,10 +110,10 @@ module M_sum_first_n (! bb0 [ bb0 = s0 [ s0 = [ &sum <- (0: UInt32.t) ] s1 - | s1 = new_u32 {(1: UInt32.t)} {n} (fun (_ret: t_RangeInclusive_u32) -> [ &_7 <- _ret ] s2) + | s1 = new_u32 {(1: UInt32.t)} {n} (fun (_ret: t_RangeInclusive_u32) -> [ &_9 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = into_iter_RangeInclusive_u32 {_7} (fun (_ret: t_RangeInclusive_u32) -> [ &iter <- _ret ] s1) | s1 = bb2 ] + [ s0 = into_iter_RangeInclusive_u32 {_9} (fun (_ret: t_RangeInclusive_u32) -> [ &iter <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] | bb3 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt32.t ] s1 | s1 = bb5 ] | bb5 = bb5 @@ -127,25 +127,25 @@ module M_sum_first_n [ s0 = {inv_RangeInclusive_u32 iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_RangeInclusive_u32) -> - [ &_21 <- _ret ] -{inv_RangeInclusive_u32 _ret.final}- + [ &_31 <- _ret ] -{inv_RangeInclusive_u32 _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_RangeInclusive_u32 _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + | s1 = {inv_RangeInclusive_u32 _31.current} + MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} (fun (_ret: MutBorrow.t t_RangeInclusive_u32) -> - [ &_20 <- _ret ] -{inv_RangeInclusive_u32 _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_RangeInclusive_u32 {_20} (fun (_ret: t_Option_u32) -> [ &_19 <- _ret ] s3) + [ &_30 <- _ret ] -{inv_RangeInclusive_u32 _ret.final}- + [ &_31 <- { _31 with current = _ret.final } ] s2) + | s2 = next_RangeInclusive_u32 {_30} (fun (_ret: t_Option_u32) -> [ &_29 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_u32 _21} s1 - | s1 = -{resolve_ref_RangeInclusive_u32 _21}- s2 - | s2 = any [ br0 -> {_19 = None} (! bb10) | br1 (x0: UInt32.t) -> {_19 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_u32 _31} s1 + | s1 = -{resolve_ref_RangeInclusive_u32 _31}- s2 + | s2 = any [ br0 -> {_29 = None} (! bb10) | br1 (x0: UInt32.t) -> {_29 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_19} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_29} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_34 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _34 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = UInt32.add {sum} {i} (fun (_ret: UInt32.t) -> [ &sum <- _ret ] s3) | s3 = bb5 ] ] ] @@ -158,14 +158,14 @@ module M_sum_first_n | & n: UInt32.t = n | & sum: UInt32.t = Any.any_l () | & iter: t_RangeInclusive_u32 = Any.any_l () - | & _7: t_RangeInclusive_u32 = Any.any_l () + | & _9: t_RangeInclusive_u32 = Any.any_l () | & iter_old: t_RangeInclusive_u32 = Any.any_l () | & produced: Seq.seq UInt32.t = Any.any_l () - | & _19: t_Option_u32 = Any.any_l () - | & _20: MutBorrow.t t_RangeInclusive_u32 = Any.any_l () - | & _21: MutBorrow.t t_RangeInclusive_u32 = Any.any_l () + | & _29: t_Option_u32 = Any.any_l () + | & _30: MutBorrow.t t_RangeInclusive_u32 = Any.any_l () + | & _31: MutBorrow.t t_RangeInclusive_u32 = Any.any_l () | & __creusot_proc_iter_elem: UInt32.t = Any.any_l () - | & _24: Seq.seq UInt32.t = Any.any_l () + | & _34: Seq.seq UInt32.t = Any.any_l () | & i: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:sum_first_n ensures] UInt32.t'int result = Int.div (UInt32.t'int n * (UInt32.t'int n + 1)) 2} diff --git a/tests/should_succeed/sum_of_odds.coma b/tests/should_succeed/sum_of_odds.coma index 229018e00f..82760360e5 100644 --- a/tests/should_succeed/sum_of_odds.coma +++ b/tests/should_succeed/sum_of_odds.coma @@ -129,8 +129,8 @@ module M_compute_sum_of_odd (! bb0 [ bb0 = s0 [ s0 = [ &s <- (0: UInt32.t) ] s1 - | s1 = [ &_8 <- { start = (0: UInt32.t); end' = x } ] s2 - | s2 = into_iter_Range_u32 {_8} (fun (_ret: t_Range_u32) -> [ &iter <- _ret ] s3) + | s1 = [ &_10 <- { start = (0: UInt32.t); end' = x } ] s2 + | s2 = into_iter_Range_u32 {_10} (fun (_ret: t_Range_u32) -> [ &iter <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt32.t ] s1 | s1 = bb4 ] @@ -143,42 +143,42 @@ module M_compute_sum_of_odd [ s0 = bb5 ] [ bb5 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} - (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_u32 {_21} (fun (_ret: t_Option_u32) -> [ &_20 <- _ret ] s3) + (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_32 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} + (fun (_ret: MutBorrow.t t_Range_u32) -> [ &_31 <- _ret ] [ &_32 <- { _32 with current = _ret.final } ] s2) + | s2 = next_Range_u32 {_31} (fun (_ret: t_Option_u32) -> [ &_30 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = -{resolve_ref_Range_u32 _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb9) | br1 (x0: UInt32.t) -> {_20 = Some x0} (! bb10) ] ] + [ s0 = -{resolve_ref_Range_u32 _32}- s1 + | s1 = any [ br0 -> {_30 = None} (! bb9) | br1 (x0: UInt32.t) -> {_30 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_20} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_30} (fun (r0: UInt32.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_35 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _35 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = {[@expl:assertion] let _ = sum_of_odd_is_sqr (UInt32.t'int i) in true} s3 - | s3 = UInt32.mul {(2: UInt32.t)} {i} (fun (_ret: UInt32.t) -> [ &_31 <- _ret ] s4) - | s4 = UInt32.add {_31} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_30 <- _ret ] s5) - | s5 = UInt32.add {s} {_30} (fun (_ret: UInt32.t) -> [ &s <- _ret ] s6) + | s3 = UInt32.mul {(2: UInt32.t)} {i} (fun (_ret: UInt32.t) -> [ &_44 <- _ret ] s4) + | s4 = UInt32.add {_44} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_43 <- _ret ] s5) + | s5 = UInt32.add {s} {_43} (fun (_ret: UInt32.t) -> [ &s <- _ret ] s6) | s6 = bb4 ] ] ] | bb9 = s0 [ s0 = [ &_0 <- s ] s1 | s1 = return {_0} ] ] [ & _0: UInt32.t = Any.any_l () | & x: UInt32.t = x | & s: UInt32.t = Any.any_l () | & iter: t_Range_u32 = Any.any_l () - | & _8: t_Range_u32 = Any.any_l () + | & _10: t_Range_u32 = Any.any_l () | & iter_old: t_Range_u32 = Any.any_l () | & produced: Seq.seq UInt32.t = Any.any_l () - | & _20: t_Option_u32 = Any.any_l () - | & _21: MutBorrow.t t_Range_u32 = Any.any_l () - | & _22: MutBorrow.t t_Range_u32 = Any.any_l () + | & _30: t_Option_u32 = Any.any_l () + | & _31: MutBorrow.t t_Range_u32 = Any.any_l () + | & _32: MutBorrow.t t_Range_u32 = Any.any_l () | & __creusot_proc_iter_elem: UInt32.t = Any.any_l () - | & _25: Seq.seq UInt32.t = Any.any_l () + | & _35: Seq.seq UInt32.t = Any.any_l () | & i: UInt32.t = Any.any_l () - | & _30: UInt32.t = Any.any_l () - | & _31: UInt32.t = Any.any_l () ]) + | & _43: UInt32.t = Any.any_l () + | & _44: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:compute_sum_of_odd ensures] UInt32.t'int result = sum_of_odd (UInt32.t'int x)} (! return {result}) ] diff --git a/tests/should_succeed/syntax/02_operators.coma b/tests/should_succeed/syntax/02_operators.coma index 7d82e05e48..f15cdbf237 100644 --- a/tests/should_succeed/syntax/02_operators.coma +++ b/tests/should_succeed/syntax/02_operators.coma @@ -10,16 +10,16 @@ module M_division let rec division (x: UInt64.t) (y: UInt64.t) (return (x'0: UInt64.t)) = {[@expl:division requires] UInt64.t'int y > 0} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- y ] s1 - | s1 = [ &_6 <- _5 = (0: UInt64.t) ] s2 - | s2 = {[@expl:division by zero] not _6} s3 + [ s0 = [ &_6 <- y ] s1 + | s1 = [ &_7 <- _6 = (0: UInt64.t) ] s2 + | s2 = {[@expl:division by zero] not _7} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64.div {x} {_5} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64.div {x} {_6} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & x: UInt64.t = x | & y: UInt64.t = y - | & _5: UInt64.t = Any.any_l () - | & _6: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _6: UInt64.t = Any.any_l () + | & _7: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_modulus use creusot.int.UInt64 @@ -33,16 +33,16 @@ module M_modulus let rec modulus (x: UInt64.t) (y: UInt64.t) (return (x'0: UInt64.t)) = {[@expl:modulus requires] UInt64.t'int y > 0} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- y ] s1 - | s1 = [ &_6 <- _5 = (0: UInt64.t) ] s2 - | s2 = {[@expl:remainder by zero] not _6} s3 + [ s0 = [ &_6 <- y ] s1 + | s1 = [ &_7 <- _6 = (0: UInt64.t) ] s2 + | s2 = {[@expl:remainder by zero] not _7} s3 | s3 = bb1 ] - | bb1 = s0 [ s0 = UInt64.rem {x} {_5} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] + | bb1 = s0 [ s0 = UInt64.rem {x} {_6} (fun (_ret: UInt64.t) -> [ &_0 <- _ret ] s1) | s1 = return {_0} ] ] [ & _0: UInt64.t = Any.any_l () | & x: UInt64.t = x | & y: UInt64.t = y - | & _5: UInt64.t = Any.any_l () - | & _6: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _6: UInt64.t = Any.any_l () + | & _7: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_multiply use creusot.int.UInt64 @@ -116,34 +116,34 @@ module M_expression <= UInt64.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_10 <- y ] s1 - | s1 = [ &_11 <- _10 = (0: UInt64.t) ] s2 - | s2 = {[@expl:division by zero] not _11} s3 + [ s0 = [ &_14 <- y ] s1 + | s1 = [ &_15 <- _14 = (0: UInt64.t) ] s2 + | s2 = {[@expl:division by zero] not _15} s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = UInt64.div {x} {_10} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) - | s1 = UInt64.mul {_8} {z} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s2) - | s2 = [ &_16 <- y ] s3 - | s3 = [ &_17 <- _16 = (0: UInt64.t) ] s4 - | s4 = {[@expl:division by zero] not _17} s5 + [ s0 = UInt64.div {x} {_14} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) + | s1 = UInt64.mul {_12} {z} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s2) + | s2 = [ &_20 <- y ] s3 + | s3 = [ &_21 <- _20 = (0: UInt64.t) ] s4 + | s4 = {[@expl:division by zero] not _21} s5 | s5 = bb2 ] | bb2 = s0 - [ s0 = UInt64.div {x} {_16} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) - | s1 = UInt64.mul {_14} {z} (fun (_ret: UInt64.t) -> [ &_13 <- _ret ] s2) - | s2 = [ &_0 <- _7 = _13 ] s3 + [ s0 = UInt64.div {x} {_20} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) + | s1 = UInt64.mul {_18} {z} (fun (_ret: UInt64.t) -> [ &_17 <- _ret ] s2) + | s2 = [ &_0 <- _11 = _17 ] s3 | s3 = return {_0} ] ] [ & _0: bool = Any.any_l () | & x: UInt64.t = x | & y: UInt64.t = y | & z: UInt64.t = z - | & _7: UInt64.t = Any.any_l () - | & _8: UInt64.t = Any.any_l () - | & _10: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () - | & _13: UInt64.t = Any.any_l () + | & _11: UInt64.t = Any.any_l () + | & _12: UInt64.t = Any.any_l () | & _14: UInt64.t = Any.any_l () - | & _16: UInt64.t = Any.any_l () - | & _17: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:expression ensures] result} (! return {result}) ] + | & _15: bool = Any.any_l () + | & _17: UInt64.t = Any.any_l () + | & _18: UInt64.t = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _21: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:expression ensures] result} (! return {result}) ] end module M_primitive_comparison use creusot.prelude.Any diff --git a/tests/should_succeed/syntax/11_array_types.coma b/tests/should_succeed/syntax/11_array_types.coma index d9290fd0ae..f54caa2e37 100644 --- a/tests/should_succeed/syntax/11_array_types.coma +++ b/tests/should_succeed/syntax/11_array_types.coma @@ -38,16 +38,16 @@ module M_omg {[@expl:omg requires] Seq.length (Slice64.view x.f0) > 0 /\ Seq.length (Slice64.view x.f0) < UInt64.t'int const_MAX} (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- (0: UInt64.t) ] s1 - | s1 = [ &_4 <- UInt64.lt _3 (5: UInt64.t) ] s2 - | s2 = {[@expl:index in bounds] _4} s3 + [ s0 = [ &_4 <- (0: UInt64.t) ] s1 + | s1 = [ &_5 <- UInt64.lt _4 (5: UInt64.t) ] s2 + | s2 = {[@expl:index in bounds] _5} s3 | s3 = bb1 ] | bb1 = s0 - [ s0 = Slice64.set {x.f0} {_3} {(5: Int64.t)} + [ s0 = Slice64.set {x.f0} {_4} {(5: Int64.t)} (fun (r: Slice64.array Int64.t) -> [ &x <- { f0 = r } ] s1) | s1 = {[@expl:assertion] Int64.to_int (index_array_i64_5 x.f0 0) = 5} s2 | s2 = return {_0} ] ] - [ & _0: () = Any.any_l () | & x: t_UsesArray = x | & _3: UInt64.t = Any.any_l () | & _4: bool = Any.any_l () ]) + [ & _0: () = Any.any_l () | & x: t_UsesArray = x | & _4: UInt64.t = Any.any_l () | & _5: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_call_omg diff --git a/tests/should_succeed/syntax/12_ghost_code.coma b/tests/should_succeed/syntax/12_ghost_code.coma index eb7fa9a20c..0660df5e49 100644 --- a/tests/should_succeed/syntax/12_ghost_code.coma +++ b/tests/should_succeed/syntax/12_ghost_code.coma @@ -130,21 +130,21 @@ module M_ghost_check | bb1 = s0 [ s0 = [ &_2 <- let _ = logi_drop_Vec_i32_Global x in () ] s1 | s1 = bb2 ] | bb2 = s0 [ s0 = MutBorrow.borrow_mut {x} - (fun (_ret: MutBorrow.t t_Vec_i32_Global) -> [ &_5 <- _ret ] [ &x <- _ret.final ] s1) - | s1 = push_i32 {_5} {(0: Int32.t)} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) + (fun (_ret: MutBorrow.t t_Vec_i32_Global) -> [ &_6 <- _ret ] [ &x <- _ret.final ] s1) + | s1 = push_i32 {_6} {(0: Int32.t)} (fun (_ret: ()) -> [ &_5 <- _ret ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = len_i32 {x} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = len_i32 {x} (fun (_ret: UInt64.t) -> [ &_9 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_7 <- _8 = (1: UInt64.t) ] s1 | s1 = any [ br0 -> {_7 = false} (! bb6) | br1 -> {_7} (! bb7) ] ] + [ s0 = [ &_8 <- _9 = (1: UInt64.t) ] s1 | s1 = any [ br0 -> {_8 = false} (! bb6) | br1 -> {_8} (! bb7) ] ] | bb7 = return {_0} | bb6 = {false} any ] [ & _0: () = Any.any_l () | & x: t_Vec_i32_Global = Any.any_l () | & _2: () = Any.any_l () - | & _4: () = Any.any_l () - | & _5: MutBorrow.t t_Vec_i32_Global = Any.any_l () - | & _7: bool = Any.any_l () - | & _8: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _5: () = Any.any_l () + | & _6: MutBorrow.t t_Vec_i32_Global = Any.any_l () + | & _8: bool = Any.any_l () + | & _9: UInt64.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_takes_struct use creusot.int.UInt32 @@ -156,10 +156,10 @@ module M_takes_struct meta "select_lsinst" "all" - let rec takes_struct (x: t_MyStruct) (return (x'0: ())) = {[@expl:takes_struct requires] UInt32.t'int x.g = 0} + let rec takes_struct (x: t_MyStruct) (return (x'0: t_MyStruct)) = {[@expl:takes_struct requires] UInt32.t'int x.g = 0} (! bb0 - [ bb0 = s0 [ s0 = [ &_3 <- x.f ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = [ &x <- { x with g = _3 } ] s1 | s1 = return {_0} ] ] - [ & _0: () = Any.any_l () | & x: t_MyStruct = x | & _3: UInt32.t = Any.any_l () ]) - [ return (result: ()) -> (! return {result}) ] + [ bb0 = s0 [ s0 = [ &_4 <- x.f ] s1 | s1 = bb1 ] + | bb1 = s0 [ s0 = [ &x <- { x with g = _4 } ] s1 | s1 = [ &_0 <- x ] s2 | s2 = return {_0} ] ] + [ & _0: t_MyStruct = Any.any_l () | & x: t_MyStruct = x | & _4: UInt32.t = Any.any_l () ]) + [ return (result: t_MyStruct) -> (! return {result}) ] end diff --git a/tests/should_succeed/syntax/12_ghost_code.rs b/tests/should_succeed/syntax/12_ghost_code.rs index f11f232bf9..95b996af67 100644 --- a/tests/should_succeed/syntax/12_ghost_code.rs +++ b/tests/should_succeed/syntax/12_ghost_code.rs @@ -48,6 +48,7 @@ pub struct MyStruct { } #[requires(x.g@ == 0)] -pub fn takes_struct(mut x: MyStruct) { +pub fn takes_struct(mut x: MyStruct) -> MyStruct { x.g = snapshot! { x.f }; + x } diff --git a/tests/should_succeed/syntax/13_vec_macro.coma b/tests/should_succeed/syntax/13_vec_macro.coma index e07c46e6d3..644ba8f420 100644 --- a/tests/should_succeed/syntax/13_vec_macro.coma +++ b/tests/should_succeed/syntax/13_vec_macro.coma @@ -61,14 +61,14 @@ module M_x [ any_ (__arr_temp: Slice64.array Int32.t) -> (! -{Seq.get __arr_temp.Slice64.elts 0 = (1: Int32.t) /\ Seq.get __arr_temp.Slice64.elts 1 = (2: Int32.t) /\ Seq.get __arr_temp.Slice64.elts 2 = (3: Int32.t) /\ Seq.length __arr_temp.Slice64.elts = 3}- - [ &_10 <- __arr_temp ] s2) ] + [ &_12 <- __arr_temp ] s2) ] | s2 = bb4 ] - | bb4 = s0 [ s0 = into_vec_i32 {_10} (fun (_ret: t_Vec_i32_Global) -> [ &v2 <- _ret ] s1) | s1 = bb5 ] + | bb4 = s0 [ s0 = into_vec_i32 {_12} (fun (_ret: t_Vec_i32_Global) -> [ &v2 <- _ret ] s1) | s1 = bb5 ] | bb5 = s0 [ s0 = {[@expl:assertion] Seq.length (view_Vec_i32_Global v2) = 3} s1 | s1 = bb8 ] | bb8 = return {_0} ] [ & _0: () = Any.any_l () | & v0: t_Vec_u32_Global = Any.any_l () | & v1: t_Vec_i32_Global = Any.any_l () | & v2: t_Vec_i32_Global = Any.any_l () - | & _10: Slice64.array Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _12: Slice64.array Int32.t = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/syntax/derive_macros/mixed.coma b/tests/should_succeed/syntax/derive_macros/mixed.coma index 43c4f3b5f0..444650f897 100644 --- a/tests/should_succeed/syntax/derive_macros/mixed.coma +++ b/tests/should_succeed/syntax/derive_macros/mixed.coma @@ -184,16 +184,16 @@ module M_impl_Clone_for_Product_A_B__clone (* as std::clone::Clon let rec clone_Product_A_B (self: t_Product_A_B) (return (x: t_Product_A_B)) = {[@expl:clone 'self' type invariant] inv_ref_Product_A_B self} (! bb0 - [ bb0 = s0 [ s0 = [ &_5 <- self.a ] s1 | s1 = clone_A {_5} (fun (_ret: t_A) -> [ &_3 <- _ret ] s2) | s2 = bb1 ] - | bb1 = s0 [ s0 = [ &_8 <- self.b ] s1 | s1 = clone_B {_8} (fun (_ret: t_B) -> [ &_6 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- { a = _3; b = _6 } ] s1 | s1 = bb4 ] + [ bb0 = s0 [ s0 = [ &_6 <- self.a ] s1 | s1 = clone_A {_6} (fun (_ret: t_A) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] + | bb1 = s0 [ s0 = [ &_9 <- self.b ] s1 | s1 = clone_B {_9} (fun (_ret: t_B) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- { a = _4; b = _7 } ] s1 | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: t_Product_A_B = Any.any_l () | & self: t_Product_A_B = self - | & _3: t_A = Any.any_l () - | & _5: t_A = Any.any_l () - | & _6: t_B = Any.any_l () - | & _8: t_B = Any.any_l () ]) + | & _4: t_A = Any.any_l () + | & _6: t_A = Any.any_l () + | & _7: t_B = Any.any_l () + | & _9: t_B = Any.any_l () ]) [ return (result: t_Product_A_B) -> {[@expl:clone result type invariant] inv_Product_A_B result} {[@expl:clone ensures] postcondition_clone () self.a result.a /\ postcondition_clone'0 () self.b result.b} (! return {result}) ] @@ -310,15 +310,15 @@ module M_impl_PartialEq_for_Product_A_B__eq (* as std::cmp::Parti {[@expl:eq 'self' type invariant] inv_ref_Product_A_B self} {[@expl:eq 'rhs' type invariant] inv_ref_Product_A_B rhs} (! bb0 - [ bb0 = s0 [ s0 = eq_A {self.a} {rhs.a} (fun (_ret: bool) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_4 = false} (! bb3) | br1 -> {_4} (! bb2) ] + [ bb0 = s0 [ s0 = eq_A {self.a} {rhs.a} (fun (_ret: bool) -> [ &_6 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_6 = false} (! bb3) | br1 -> {_6} (! bb2) ] | bb2 = s0 [ s0 = eq_B {self.b} {rhs.b} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] | bb3 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb5 ] | bb5 = return {_0} ] [ & _0: bool = Any.any_l () | & self: t_Product_A_B = self | & rhs: t_Product_A_B = rhs - | & _4: bool = Any.any_l () ]) + | & _6: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:eq ensures] result = (deep_model_ref_Product_A_B self = deep_model_ref_Product_A_B rhs)} (! return {result}) ] @@ -526,25 +526,25 @@ module M_impl_Clone_for_Sum_A_B__clone (* as std::clone::Clone> *) [ bb0 = any [ br0 (x0: t_A) -> {self = A x0} (! bb4) | br1 (x0: t_B) -> {self = B x0} (! bb3) ] | bb3 = s0 [ s0 = elim_B {self} (fun (rb: t_B) -> [ &b_1 <- rb ] s1) - | s1 = [ &_11 <- b_1 ] s2 - | s2 = clone_B {_11} (fun (_ret: t_B) -> [ &_9 <- _ret ] s3) + | s1 = [ &_12 <- b_1 ] s2 + | s2 = clone_B {_12} (fun (_ret: t_B) -> [ &_10 <- _ret ] s3) | s3 = bb7 ] - | bb7 = s0 [ s0 = [ &_0 <- B _9 ] s1 | s1 = bb9 ] + | bb7 = s0 [ s0 = [ &_0 <- B _10 ] s1 | s1 = bb9 ] | bb4 = s0 [ s0 = elim_A {self} (fun (r0: t_A) -> [ &v0_1 <- r0 ] s1) - | s1 = [ &_7 <- v0_1 ] s2 - | s2 = clone_A {_7} (fun (_ret: t_A) -> [ &_5 <- _ret ] s3) + | s1 = [ &_8 <- v0_1 ] s2 + | s2 = clone_A {_8} (fun (_ret: t_A) -> [ &_6 <- _ret ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- A _5 ] s1 | s1 = bb9 ] + | bb5 = s0 [ s0 = [ &_0 <- A _6 ] s1 | s1 = bb9 ] | bb9 = return {_0} ] [ & _0: t_Sum_A_B = Any.any_l () | & self: t_Sum_A_B = self | & v0_1: t_A = Any.any_l () - | & _5: t_A = Any.any_l () - | & _7: t_A = Any.any_l () + | & _6: t_A = Any.any_l () + | & _8: t_A = Any.any_l () | & b_1: t_B = Any.any_l () - | & _9: t_B = Any.any_l () - | & _11: t_B = Any.any_l () ]) + | & _10: t_B = Any.any_l () + | & _12: t_B = Any.any_l () ]) [ return (result: t_Sum_A_B) -> {[@expl:clone result type invariant] inv_Sum_A_B result} {[@expl:clone ensures] match { f0 = self; f1 = result } with | {f0 = A v0_1; f1 = A v0_r} -> postcondition_clone () v0_1 v0_r @@ -682,38 +682,38 @@ module M_impl_PartialEq_for_Sum_A_B__eq (* as std::cmp::PartialEq> *) {[@expl:eq 'rhs' type invariant] inv_ref_Sum_A_B rhs} (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- { f0 = self; f1 = rhs } ] s1 - | s1 = any [ br0 (x0: t_A) -> {_4.f0 = A x0} (! bb2) | br1 (x0: t_B) -> {_4.f0 = B x0} (! bb4) ] ] - | bb4 = any [ br0 (x0: t_A) -> {_4.f1 = A x0} (! bb1) | br1 (x0: t_B) -> {_4.f1 = B x0} (! bb6) ] + [ s0 = [ &_6 <- { f0 = self; f1 = rhs } ] s1 + | s1 = any [ br0 (x0: t_A) -> {_6.f0 = A x0} (! bb2) | br1 (x0: t_B) -> {_6.f0 = B x0} (! bb4) ] ] + | bb4 = any [ br0 (x0: t_A) -> {_6.f1 = A x0} (! bb1) | br1 (x0: t_B) -> {_6.f1 = B x0} (! bb6) ] | bb6 = s0 - [ s0 = elim_B {_4.f0} (fun (rb: t_B) -> [ &b_1 <- rb ] s1) - | s1 = elim_B {_4.f1} (fun (rb: t_B) -> [ &b_2 <- rb ] s2) - | s2 = eq_B {b_1} {b_2} (fun (_ret: bool) -> [ &_17 <- _ret ] s3) + [ s0 = elim_B {_6.f0} (fun (rb: t_B) -> [ &b_1 <- rb ] s1) + | s1 = elim_B {_6.f1} (fun (rb: t_B) -> [ &b_2 <- rb ] s2) + | s2 = eq_B {b_1} {b_2} (fun (_ret: bool) -> [ &_19 <- _ret ] s3) | s3 = bb12 ] - | bb12 = any [ br0 -> {_17 = false} (! bb14) | br1 -> {_17} (! bb13) ] + | bb12 = any [ br0 -> {_19 = false} (! bb14) | br1 -> {_19} (! bb13) ] | bb13 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb16 ] | bb14 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb16 ] - | bb2 = any [ br0 (x0: t_A) -> {_4.f1 = A x0} (! bb7) | br1 (x0: t_B) -> {_4.f1 = B x0} (! bb1) ] + | bb2 = any [ br0 (x0: t_A) -> {_6.f1 = A x0} (! bb7) | br1 (x0: t_B) -> {_6.f1 = B x0} (! bb1) ] | bb1 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb16 ] | bb7 = s0 - [ s0 = elim_A {_4.f0} (fun (r0: t_A) -> [ &v0_1 <- r0 ] s1) - | s1 = elim_A {_4.f1} (fun (r0: t_A) -> [ &v0_2 <- r0 ] s2) - | s2 = eq_A {v0_1} {v0_2} (fun (_ret: bool) -> [ &_12 <- _ret ] s3) + [ s0 = elim_A {_6.f0} (fun (r0: t_A) -> [ &v0_1 <- r0 ] s1) + | s1 = elim_A {_6.f1} (fun (r0: t_A) -> [ &v0_2 <- r0 ] s2) + | s2 = eq_A {v0_1} {v0_2} (fun (_ret: bool) -> [ &_14 <- _ret ] s3) | s3 = bb8 ] - | bb8 = any [ br0 -> {_12 = false} (! bb10) | br1 -> {_12} (! bb9) ] + | bb8 = any [ br0 -> {_14 = false} (! bb10) | br1 -> {_14} (! bb9) ] | bb9 = s0 [ s0 = [ &_0 <- true ] s1 | s1 = bb16 ] | bb10 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb16 ] | bb16 = return {_0} ] [ & _0: bool = Any.any_l () | & self: t_Sum_A_B = self | & rhs: t_Sum_A_B = rhs - | & _4: tup2_ref_Sum_A_B_ref_Sum_A_B = Any.any_l () + | & _6: tup2_ref_Sum_A_B_ref_Sum_A_B = Any.any_l () | & v0_1: t_A = Any.any_l () | & v0_2: t_A = Any.any_l () - | & _12: bool = Any.any_l () + | & _14: bool = Any.any_l () | & b_1: t_B = Any.any_l () | & b_2: t_B = Any.any_l () - | & _17: bool = Any.any_l () ]) + | & _19: bool = Any.any_l () ]) [ return (result: bool) -> {[@expl:eq ensures] result = (deep_model_ref_Sum_A_B self = deep_model_ref_Sum_A_B rhs)} (! return {result}) ] end @@ -982,29 +982,29 @@ module M_impl_Clone_for_Sum2_A_B__clone (* as std::clone::Clone> *) | bb3 = s0 [ s0 = elim_Y {self} (fun (ra: bool) (rx: t_B) -> [ &a_1 <- ra ] s1) | s1 = elim_Y {self} (fun (ra: bool) (rx: t_B) -> [ &x_1 <- rx ] s2) - | s2 = [ &_12 <- a_1 ] s3 - | s3 = clone_bool {_12} (fun (_ret: bool) -> [ &_10 <- _ret ] s4) + | s2 = [ &_13 <- a_1 ] s3 + | s3 = clone_bool {_13} (fun (_ret: bool) -> [ &_11 <- _ret ] s4) | s4 = bb7 ] - | bb7 = s0 [ s0 = [ &_15 <- x_1 ] s1 | s1 = clone_B {_15} (fun (_ret: t_B) -> [ &_13 <- _ret ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = [ &_0 <- Y _10 _13 ] s1 | s1 = bb10 ] + | bb7 = s0 [ s0 = [ &_16 <- x_1 ] s1 | s1 = clone_B {_16} (fun (_ret: t_B) -> [ &_14 <- _ret ] s2) | s2 = bb8 ] + | bb8 = s0 [ s0 = [ &_0 <- Y _11 _14 ] s1 | s1 = bb10 ] | bb4 = s0 [ s0 = elim_X {self} (fun (r0: t_A) -> [ &v0_1 <- r0 ] s1) - | s1 = [ &_7 <- v0_1 ] s2 - | s2 = clone_A {_7} (fun (_ret: t_A) -> [ &_5 <- _ret ] s3) + | s1 = [ &_8 <- v0_1 ] s2 + | s2 = clone_A {_8} (fun (_ret: t_A) -> [ &_6 <- _ret ] s3) | s3 = bb5 ] - | bb5 = s0 [ s0 = [ &_0 <- X _5 ] s1 | s1 = bb10 ] + | bb5 = s0 [ s0 = [ &_0 <- X _6 ] s1 | s1 = bb10 ] | bb10 = return {_0} ] [ & _0: t_Sum2_A_B = Any.any_l () | & self: t_Sum2_A_B = self | & v0_1: t_A = Any.any_l () - | & _5: t_A = Any.any_l () - | & _7: t_A = Any.any_l () + | & _6: t_A = Any.any_l () + | & _8: t_A = Any.any_l () | & a_1: bool = Any.any_l () | & x_1: t_B = Any.any_l () - | & _10: bool = Any.any_l () - | & _12: bool = Any.any_l () - | & _13: t_B = Any.any_l () - | & _15: t_B = Any.any_l () ]) + | & _11: bool = Any.any_l () + | & _13: bool = Any.any_l () + | & _14: t_B = Any.any_l () + | & _16: t_B = Any.any_l () ]) [ return (result: t_Sum2_A_B) -> {[@expl:clone result type invariant] inv_Sum2_A_B result} {[@expl:clone ensures] match { f0 = self; f1 = result } with | {f0 = X v0_1; f1 = X v0_r} -> postcondition_clone () v0_1 v0_r diff --git a/tests/should_succeed/take_first_mut.coma b/tests/should_succeed/take_first_mut.coma index b552d80cc9..94fd7c9057 100644 --- a/tests/should_succeed/take_first_mut.coma +++ b/tests/should_succeed/take_first_mut.coma @@ -214,44 +214,44 @@ module M_take_first_mut [ s0 = {inv_ref_slice_T self_.current} MutBorrow.borrow_mut {self_.current} (fun (_ret: MutBorrow.t (MutBorrow.t (Slice64.slice t_T))) -> - [ &_6 <- _ret ] -{inv_ref_slice_T _ret.final}- + [ &_7 <- _ret ] -{inv_ref_slice_T _ret.final}- [ &self_ <- { self_ with current = _ret.final } ] s1) - | s1 = take_ref_slice_T {_6} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_5 <- _ret ] s2) + | s1 = take_ref_slice_T {_7} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = {inv_slice_T _5.current} - MutBorrow.borrow_final {_5.current} {MutBorrow.get_id _5} + [ s0 = {inv_slice_T _6.current} + MutBorrow.borrow_final {_6.current} {MutBorrow.get_id _6} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_4 <- _ret ] -{inv_slice_T _ret.final}- - [ &_5 <- { _5 with current = _ret.final } ] s1) - | s1 = split_first_mut_T {_4} (fun (_ret: t_Option_tup2_ref_T_ref_slice_T) -> [ &_3 <- _ret ] s2) + [ &_5 <- _ret ] -{inv_slice_T _ret.final}- + [ &_6 <- { _6 with current = _ret.final } ] s1) + | s1 = split_first_mut_T {_5} (fun (_ret: t_Option_tup2_ref_T_ref_slice_T) -> [ &_4 <- _ret ] s2) | s2 = bb2 ] - | bb2 = any [ br0 -> {_3 = None} (! bb4) | br1 (x0: tup2_ref_T_ref_slice_T) -> {_3 = Some x0} (! bb5) ] + | bb2 = any [ br0 -> {_4 = None} (! bb4) | br1 (x0: tup2_ref_T_ref_slice_T) -> {_4 = Some x0} (! bb5) ] | bb5 = s0 - [ s0 = elim_Some {_3} (fun (r0: tup2_ref_T_ref_slice_T) -> [ &first <- r0.f0 ] s1) - | s1 = elim_Some {_3} (fun (r0: tup2_ref_T_ref_slice_T) -> [ &rem <- r0.f1 ] s2) + [ s0 = elim_Some {_4} (fun (r0: tup2_ref_T_ref_slice_T) -> [ &first <- r0.f0 ] s1) + | s1 = elim_Some {_4} (fun (r0: tup2_ref_T_ref_slice_T) -> [ &rem <- r0.f1 ] s2) | s2 = {inv_slice_T rem.current} MutBorrow.borrow_final {rem.current} {MutBorrow.get_id rem} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_11 <- _ret ] -{inv_slice_T _ret.final}- + [ &_12 <- _ret ] -{inv_slice_T _ret.final}- [ &rem <- { rem with current = _ret.final } ] s3) | s3 = {[@expl:type invariant] inv_ref_slice_T self_.current} s4 | s4 = -{resolve_ref_slice_T self_.current}- s5 - | s5 = [ &self_ <- { self_ with current = _11 } ] s6 + | s5 = [ &self_ <- { self_ with current = _12 } ] s6 | s6 = {[@expl:type invariant] inv_ref_ref_slice_T self_} s7 | s7 = -{resolve_ref_ref_slice_T self_}- s8 | s8 = {inv_T first.current} MutBorrow.borrow_final {first.current} {MutBorrow.get_id first} (fun (_ret: MutBorrow.t t_T) -> - [ &_12 <- _ret ] -{inv_T _ret.final}- + [ &_13 <- _ret ] -{inv_T _ret.final}- [ &first <- { first with current = _ret.final } ] s9) - | s9 = [ &_0 <- Some'0 _12 ] s10 + | s9 = [ &_0 <- Some'0 _13 ] s10 | s10 = {[@expl:type invariant] inv_ref_slice_T rem} s11 | s11 = -{resolve_ref_slice_T rem}- s12 | s12 = {[@expl:type invariant] inv_ref_T first} s13 | s13 = -{resolve_ref_T first}- s14 - | s14 = {[@expl:type invariant] inv_ref_slice_T _5} s15 - | s15 = -{resolve_ref_slice_T _5}- s16 + | s14 = {[@expl:type invariant] inv_ref_slice_T _6} s15 + | s15 = -{resolve_ref_slice_T _6}- s16 | s16 = bb7 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_ref_ref_slice_T self_} s1 @@ -259,20 +259,20 @@ module M_take_first_mut | s2 = bb6 ] | bb6 = s0 [ s0 = [ &_0 <- None'0 ] s1 - | s1 = {[@expl:type invariant] inv_ref_slice_T _5} s2 - | s2 = -{resolve_ref_slice_T _5}- s3 + | s1 = {[@expl:type invariant] inv_ref_slice_T _6} s2 + | s2 = -{resolve_ref_slice_T _6}- s3 | s3 = bb7 ] | bb7 = return {_0} ] [ & _0: t_Option_ref_T = Any.any_l () | & self_: MutBorrow.t (MutBorrow.t (Slice64.slice t_T)) = self_ - | & _3: t_Option_tup2_ref_T_ref_slice_T = Any.any_l () - | & _4: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _4: t_Option_tup2_ref_T_ref_slice_T = Any.any_l () | & _5: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _6: MutBorrow.t (MutBorrow.t (Slice64.slice t_T)) = Any.any_l () + | & _6: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _7: MutBorrow.t (MutBorrow.t (Slice64.slice t_T)) = Any.any_l () | & first: MutBorrow.t t_T = Any.any_l () | & rem: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _11: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _12: MutBorrow.t t_T = Any.any_l () ]) + | & _12: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _13: MutBorrow.t t_T = Any.any_l () ]) [ return (result: t_Option_ref_T) -> {[@expl:take_first_mut result type invariant] inv_Option_ref_T result} {[@expl:take_first_mut ensures] match result with | Some'0 r -> r.current = index_slice_T self_.current.current 0 diff --git a/tests/should_succeed/termination/loops.coma b/tests/should_succeed/termination/loops.coma index b5ddf26643..76c5364a76 100644 --- a/tests/should_succeed/termination/loops.coma +++ b/tests/should_succeed/termination/loops.coma @@ -158,8 +158,8 @@ module M_variant_int (! [ &variant_old_bb2 <- x ] s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_11 <- UInt32.gt x (0: UInt32.t) ] s1 - | s1 = any [ br0 -> {_11 = false} (! bb5) | br1 -> {_11} (! bb4) ] ] + [ s0 = [ &_17 <- UInt32.gt x (0: UInt32.t) ] s1 + | s1 = any [ br0 -> {_17 = false} (! bb5) | br1 -> {_17} (! bb4) ] ] | bb4 = s0 [ s0 = UInt32.sub {x} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &x <- _ret ] s1) | s1 = UInt32.add {result} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &result <- _ret ] s2) @@ -169,7 +169,7 @@ module M_variant_int | & x: UInt32.t = x | & result: UInt32.t = Any.any_l () | & total: int = Any.any_l () - | & _11: bool = Any.any_l () + | & _17: bool = Any.any_l () | & variant_old_bb2: UInt32.t = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:variant_int ensures] result = x} (! return {result}) ] end @@ -245,11 +245,11 @@ module M_custom_variant_0 (! [ &variant_old_bb2 <- x ] s0) [ s0 = bb3 ] [ bb3 = s0 - [ s0 = [ &_11 <- UInt32.gt x.f0 (0: UInt32.t) ] s1 - | s1 = any [ br0 -> {_11 = false} (! bb8) | br1 -> {_11} (! bb4) ] ] + [ s0 = [ &_20 <- UInt32.gt x.f0 (0: UInt32.t) ] s1 + | s1 = any [ br0 -> {_20 = false} (! bb8) | br1 -> {_20} (! bb4) ] ] | bb4 = s0 - [ s0 = [ &_13 <- UInt32.gt x.f1 (0: UInt32.t) ] s1 - | s1 = any [ br0 -> {_13 = false} (! bb8) | br1 -> {_13} (! bb5) ] ] + [ s0 = [ &_22 <- UInt32.gt x.f1 (0: UInt32.t) ] s1 + | s1 = any [ br0 -> {_22 = false} (! bb8) | br1 -> {_22} (! bb5) ] ] | bb5 = s0 [ s0 = UInt32.sub {x.f0} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &x <- { x with f0 = _ret } ] s1) | s1 = UInt32.sub {x.f1} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &x <- { x with f1 = _ret } ] s2) @@ -260,8 +260,8 @@ module M_custom_variant_0 | & x: t_CustomVariant = x | & result: UInt32.t = Any.any_l () | & res: int = Any.any_l () - | & _11: bool = Any.any_l () - | & _13: bool = Any.any_l () + | & _20: bool = Any.any_l () + | & _22: bool = Any.any_l () | & variant_old_bb2: t_CustomVariant = Any.any_l () ]) [ return (result: UInt32.t) -> {[@expl:custom_variant ensures] UInt32.t'int result = MinMax.min (UInt32.t'int x.f0) (UInt32.t'int x.f1)} diff --git a/tests/should_succeed/termination/simple_recursion.coma b/tests/should_succeed/termination/simple_recursion.coma index a1b653f6b1..c32950b1c7 100644 --- a/tests/should_succeed/termination/simple_recursion.coma +++ b/tests/should_succeed/termination/simple_recursion.coma @@ -150,19 +150,19 @@ module M_variant_int meta "select_lsinst" "all" let rec variant_int (x: UInt32.t) (return (x'0: UInt32.t)) = (! bb0 - [ bb0 = s0 [ s0 = [ &_4 <- x = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb1) ] ] + [ bb0 = s0 [ s0 = [ &_6 <- x = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_6 = false} (! bb2) | br1 -> {_6} (! bb1) ] ] | bb1 = s0 [ s0 = [ &_0 <- (0: UInt32.t) ] s1 | s1 = bb4 ] | bb2 = s0 - [ s0 = UInt32.sub {x} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_7 <- _ret ] s1) - | s1 = variant_int {_7} (fun (_ret: UInt32.t) -> [ &_6 <- _ret ] s2) + [ s0 = UInt32.sub {x} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_9 <- _ret ] s1) + | s1 = variant_int {_9} (fun (_ret: UInt32.t) -> [ &_8 <- _ret ] s2) | s2 = bb3 ] - | bb3 = s0 [ s0 = UInt32.add {(1: UInt32.t)} {_6} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] + | bb3 = s0 [ s0 = UInt32.add {(1: UInt32.t)} {_8} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s1) | s1 = bb4 ] | bb4 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & x: UInt32.t = x - | & _4: bool = Any.any_l () - | & _6: UInt32.t = Any.any_l () - | & _7: UInt32.t = Any.any_l () ] + | & _6: bool = Any.any_l () + | & _8: UInt32.t = Any.any_l () + | & _9: UInt32.t = Any.any_l () ] [ variant_int (x: UInt32.t) (_ret (_r: UInt32.t)) -> {[@expl:function variant] well_founded_relation_u32 function_variant x} variant_int {x} (_ret) ] [ function_variant: UInt32.t = x ]) @@ -228,24 +228,24 @@ module M_custom_variant_0 let rec custom_variant (x: t_CustomVariant) (return (x'0: UInt32.t)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_4 <- x.f0 = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_4 = false} (! bb2) | br1 -> {_4} (! bb4) ] ] + [ s0 = [ &_5 <- x.f0 = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_5 = false} (! bb2) | br1 -> {_5} (! bb4) ] ] | bb2 = s0 - [ s0 = [ &_6 <- x.f1 = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_6 = false} (! bb5) | br1 -> {_6} (! bb4) ] ] + [ s0 = [ &_7 <- x.f1 = (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_7 = false} (! bb5) | br1 -> {_7} (! bb4) ] ] | bb4 = s0 [ s0 = [ &_0 <- (0: UInt32.t) ] s1 | s1 = bb7 ] | bb5 = s0 - [ s0 = UInt32.sub {x.f0} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_9 <- _ret ] s1) - | s1 = UInt32.sub {x.f1} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_11 <- _ret ] s2) - | s2 = [ &_8 <- { f0 = _9; f1 = _11 } ] s3 - | s3 = custom_variant {_8} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s4) + [ s0 = UInt32.sub {x.f0} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_10 <- _ret ] s1) + | s1 = UInt32.sub {x.f1} {(1: UInt32.t)} (fun (_ret: UInt32.t) -> [ &_12 <- _ret ] s2) + | s2 = [ &_9 <- { f0 = _10; f1 = _12 } ] s3 + | s3 = custom_variant {_9} (fun (_ret: UInt32.t) -> [ &_0 <- _ret ] s4) | s4 = bb7 ] | bb7 = return {_0} ] [ & _0: UInt32.t = Any.any_l () | & x: t_CustomVariant = x - | & _4: bool = Any.any_l () - | & _6: bool = Any.any_l () - | & _8: t_CustomVariant = Any.any_l () - | & _9: UInt32.t = Any.any_l () - | & _11: UInt32.t = Any.any_l () ] + | & _5: bool = Any.any_l () + | & _7: bool = Any.any_l () + | & _9: t_CustomVariant = Any.any_l () + | & _10: UInt32.t = Any.any_l () + | & _12: UInt32.t = Any.any_l () ] [ custom_variant (x: t_CustomVariant) (_ret (_r: UInt32.t)) -> {[@expl:function variant] well_founded_relation_CustomVariant function_variant x} custom_variant {x} (_ret) ] [ function_variant: t_CustomVariant = x ]) diff --git a/tests/should_succeed/termination/warn_unneeded_variant.coma b/tests/should_succeed/termination/warn_unneeded_variant.coma index 6c7d2aac28..1cb45e1568 100644 --- a/tests/should_succeed/termination/warn_unneeded_variant.coma +++ b/tests/should_succeed/termination/warn_unneeded_variant.coma @@ -57,9 +57,9 @@ module M_variant_is_not_checked let rec variant_is_not_checked (x: UInt32.t) (return (x'0: ())) = (! bb0 [ bb0 = s0 - [ s0 = [ &_3 <- x <> (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_3 = false} (! bb4) | br1 -> {_3} (! bb1) ] ] - | bb1 = s0 [ s0 = variant_is_not_checked {x} (fun (_ret: ()) -> [ &_5 <- _ret ] s1) | s1 = bb4 ] + [ s0 = [ &_4 <- x <> (0: UInt32.t) ] s1 | s1 = any [ br0 -> {_4 = false} (! bb4) | br1 -> {_4} (! bb1) ] ] + | bb1 = s0 [ s0 = variant_is_not_checked {x} (fun (_ret: ()) -> [ &_6 <- _ret ] s1) | s1 = bb4 ] | bb4 = return {_0} ] - [ & _0: () = Any.any_l () | & x: UInt32.t = x | & _3: bool = Any.any_l () | & _5: () = Any.any_l () ] + [ & _0: () = Any.any_l () | & x: UInt32.t = x | & _4: bool = Any.any_l () | & _6: () = Any.any_l () ] [ function_variant: UInt32.t = x ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/traits/12_default_method.coma b/tests/should_succeed/traits/12_default_method.coma index d744b448bd..c28e229018 100644 --- a/tests/should_succeed/traits/12_default_method.coma +++ b/tests/should_succeed/traits/12_default_method.coma @@ -47,7 +47,7 @@ module M_should_use_impl meta "select_lsinst" "all" let rec should_use_impl (x: UInt32.t) (return (x'0: ())) = (! bb0 - [ bb0 = s0 [ s0 = default_u32 {x} (fun (_ret: UInt32.t) -> [ &_3 <- _ret ] s1) | s1 = bb1 ] | bb1 = return {_0} ] - [ & _0: () = Any.any_l () | & x: UInt32.t = x | & _3: UInt32.t = Any.any_l () ]) + [ bb0 = s0 [ s0 = default_u32 {x} (fun (_ret: UInt32.t) -> [ &_4 <- _ret ] s1) | s1 = bb1 ] | bb1 = return {_0} ] + [ & _0: () = Any.any_l () | & x: UInt32.t = x | & _4: UInt32.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:should_use_impl ensures] logic_default_u32 x} (! return {result}) ] end diff --git a/tests/should_succeed/type_invariants/non_zero.coma b/tests/should_succeed/type_invariants/non_zero.coma index b5170004d7..b638f4c290 100644 --- a/tests/should_succeed/type_invariants/non_zero.coma +++ b/tests/should_succeed/type_invariants/non_zero.coma @@ -48,13 +48,13 @@ module M_impl_NonZeroU32__add (* NonZeroU32 *) [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_NonZeroU32 self} s1 | s1 = {[@expl:type invariant] inv_NonZeroU32 rhs} s2 - | s2 = UInt32.add {self.f0} {rhs.f0} (fun (_ret: UInt32.t) -> [ &_4 <- _ret ] s3) - | s3 = [ &_0 <- { f0 = _4 } ] s4 + | s2 = UInt32.add {self.f0} {rhs.f0} (fun (_ret: UInt32.t) -> [ &_6 <- _ret ] s3) + | s3 = [ &_0 <- { f0 = _6 } ] s4 | s4 = return {_0} ] ] [ & _0: t_NonZeroU32 = Any.any_l () | & self: t_NonZeroU32 = self | & rhs: t_NonZeroU32 = rhs - | & _4: UInt32.t = Any.any_l () ]) + | & _6: UInt32.t = Any.any_l () ]) [ return (result: t_NonZeroU32) -> {[@expl:add result type invariant] inv_NonZeroU32 result} (! return {result}) ] end module M_impl_NonZeroU32__sub_pre_trans (* NonZeroU32 *) @@ -106,12 +106,12 @@ module M_impl_NonZeroU32__sub (* NonZeroU32 *) [ bb0 = s0 [ s0 = {[@expl:type invariant] inv_NonZeroU32 self} s1 | s1 = {[@expl:type invariant] inv_NonZeroU32 rhs} s2 - | s2 = UInt32.sub {self.f0} {rhs.f0} (fun (_ret: UInt32.t) -> [ &_4 <- _ret ] s3) - | s3 = [ &_0 <- { f0 = _4 } ] s4 + | s2 = UInt32.sub {self.f0} {rhs.f0} (fun (_ret: UInt32.t) -> [ &_6 <- _ret ] s3) + | s3 = [ &_0 <- { f0 = _6 } ] s4 | s4 = return {_0} ] ] [ & _0: t_NonZeroU32 = Any.any_l () | & self: t_NonZeroU32 = self | & rhs: t_NonZeroU32 = rhs - | & _4: UInt32.t = Any.any_l () ]) + | & _6: UInt32.t = Any.any_l () ]) [ return (result: t_NonZeroU32) -> {[@expl:sub result type invariant] inv_NonZeroU32 result} (! return {result}) ] end diff --git a/tests/should_succeed/union_find.coma b/tests/should_succeed/union_find.coma index e8262b0722..33839282ec 100644 --- a/tests/should_succeed/union_find.coma +++ b/tests/should_succeed/union_find.coma @@ -1269,83 +1269,83 @@ module M_implementation__make {[@expl:make 'payload' type invariant] inv_T payload} (! bb0 [ bb0 = s0 [ s0 = [ &payload_snap <- payload ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = new (fun (_ret: t_PeanoInt) -> [ &_13 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_12 <- Root _13 payload ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = new (fun (_ret: t_PeanoInt) -> [ &_19 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_18 <- Root _19 payload ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = new_Node_T {_12} (fun (_ret: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T) -> [ &_11 <- _ret ] s1) | s1 = bb4 ] + [ s0 = new_Node_T {_18} (fun (_ret: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T) -> [ &_17 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &ptr <- _11.f0'1 ] s1 - | s1 = [ &perm <- _11.f1'1 ] s2 - | s2 = [ &_16 <- ptr ] s3 - | s3 = [ &elt <- { f0'0 = _16 } ] s4 - | s4 = into_inner_PtrOwn_Node_T {perm} (fun (_ret: t_PtrOwn_Node_T) -> [ &_23 <- _ret ] s5) + [ s0 = [ &ptr <- _17.f0'1 ] s1 + | s1 = [ &perm <- _17.f1'1 ] s2 + | s2 = [ &_22 <- ptr ] s3 + | s3 = [ &elt <- { f0'0 = _22 } ] s4 + | s4 = into_inner_PtrOwn_Node_T {perm} (fun (_ret: t_PtrOwn_Node_T) -> [ &_29 <- _ret ] s5) | s5 = bb5 ] | bb5 = s0 - [ s0 = into_inner_ref_UnionFind_T {uf} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_25 <- _ret ] s1) | s1 = bb6 ] + [ s0 = into_inner_ref_UnionFind_T {uf} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_31 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_22 <- { f0'3 = _23; f1'3 = _25 } ] s1 - | s1 = [ &perm'0 <- _22.f0'3 ] s2 - | s2 = [ &uf'0 <- _22.f1'3 ] s3 + [ s0 = [ &_28 <- { f0'3 = _29; f1'3 = _31 } ] s1 + | s1 = [ &perm'0 <- _28.f0'3 ] s2 + | s2 = [ &uf'0 <- _28.f1'3 ] s3 | s3 = [ &other_elt_ptr_snap <- (such_that_Element (fun (e: t_Element) -> in_domain_T uf'0.current e /\ deep_model_Element e = deep_model_Element elt)).f0'0 ] s4 | s4 = bb7 ] | bb7 = s0 - [ s0 = into_ghost_ptr_unit {other_elt_ptr_snap} (fun (_ret: Opaque.ptr) -> [ &_31 <- _ret ] s1) | s1 = bb8 ] - | bb8 = s0 [ s0 = into_inner_ptr_unit {_31} (fun (_ret: Opaque.ptr) -> [ &_30 <- _ret ] s1) | s1 = bb9 ] + [ s0 = into_ghost_ptr_unit {other_elt_ptr_snap} (fun (_ret: Opaque.ptr) -> [ &_39 <- _ret ] s1) | s1 = bb8 ] + | bb8 = s0 [ s0 = into_inner_ptr_unit {_39} (fun (_ret: Opaque.ptr) -> [ &_38 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = [ &other_elt <- { f0'0 = _30 } ] s1 - | s1 = [ &_37 <- other_elt ] s2 - | s2 = get_ghost_Element {uf'0.current.f0'2.perms} {_37} - (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_34 <- _ret ] s3) + [ s0 = [ &other_elt <- { f0'0 = _38 } ] s1 + | s1 = [ &_45 <- other_elt ] s2 + | s2 = get_ghost_Element {uf'0.current.f0'2.perms} {_45} + (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_42 <- _ret ] s3) | s3 = bb10 ] - | bb10 = any [ br0 -> {_34 = None'0} (! bb16) | br1 (x0: t_PtrOwn_Node_T) -> {_34 = Some'0 x0} (! bb13) ] + | bb10 = any [ br0 -> {_42 = None'0} (! bb16) | br1 (x0: t_PtrOwn_Node_T) -> {_42 = Some'0 x0} (! bb13) ] | bb13 = s0 - [ s0 = elim_Some {_34} (fun (r0: t_PtrOwn_Node_T) -> [ &other_perm <- r0 ] s1) + [ s0 = elim_Some {_42} (fun (r0: t_PtrOwn_Node_T) -> [ &other_perm <- r0 ] s1) | s1 = {inv_PtrOwn_Node_T perm'0} MutBorrow.borrow_mut {perm'0} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_41 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_49 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- [ &perm'0 <- _ret.final ] s2) - | s2 = {inv_PtrOwn_Node_T _41.current} - MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} + | s2 = {inv_PtrOwn_Node_T _49.current} + MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_40 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_41 <- { _41 with current = _ret.final } ] s3) - | s3 = disjoint_lemma_Node_T {_40} {other_perm} (fun (_ret: ()) -> [ &_33 <- _ret ] s4) + [ &_48 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_49 <- { _49 with current = _ret.final } ] s3) + | s3 = disjoint_lemma_Node_T {_48} {other_perm} (fun (_ret: ()) -> [ &_41 <- _ret ] s4) | s4 = bb15 ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _41} s1 - | s1 = -{resolve_ref_PtrOwn_Node_T _41}- s2 + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _49} s1 + | s1 = -{resolve_ref_PtrOwn_Node_T _49}- s2 | s2 = bb16 ] | bb16 = s0 [ s0 = {inv_FMap_Element_PtrOwn_Node_T uf'0.current.f0'2.perms} MutBorrow.borrow_final {uf'0.current.f0'2.perms} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id uf'0) 1) 2} (fun (_ret: MutBorrow.t t_FMap_Element_PtrOwn_Node_T) -> - [ &_44 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- + [ &_52 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with perms = _ret.final } } } ] s1) - | s1 = insert_ghost_Element {_44} {elt} {perm'0} (fun (_ret: t_Option_PtrOwn_Node_T) -> [ &_43 <- _ret ] s2) - | s2 = {[@expl:type invariant] inv_Option_PtrOwn_Node_T _43} s3 - | s3 = -{resolve_Option_PtrOwn_Node_T _43}- s4 + | s1 = insert_ghost_Element {_52} {elt} {perm'0} (fun (_ret: t_Option_PtrOwn_Node_T) -> [ &_51 <- _ret ] s2) + | s2 = {[@expl:type invariant] inv_Option_PtrOwn_Node_T _51} s3 + | s3 = -{resolve_Option_PtrOwn_Node_T _51}- s4 | s4 = bb17 ] - | bb17 = s0 [ s0 = [ &_47 <- insert_Element'0 uf'0.current.f0'2.domain elt ] s1 | s1 = bb18 ] + | bb17 = s0 [ s0 = [ &_55 <- insert_Element'0 uf'0.current.f0'2.domain elt ] s1 | s1 = bb18 ] | bb18 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with domain = _47 } } } ] s1 - | s1 = [ &_49 <- Map.set uf'0.current.f0'2.payloads elt payload_snap ] s2 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with domain = _55 } } } ] s1 + | s1 = [ &_59 <- Map.set uf'0.current.f0'2.payloads elt payload_snap ] s2 | s2 = bb19 ] | bb19 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with payloads = _49 } } } ] s1 - | s1 = [ &_51 <- Map.set uf'0.current.f0'2.depth elt uf'0.current.f0'2.max_depth ] s2 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with payloads = _59 } } } ] s1 + | s1 = [ &_64 <- Map.set uf'0.current.f0'2.depth elt uf'0.current.f0'2.max_depth ] s2 | s2 = bb20 ] | bb20 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with depth = _51 } } } ] s1 - | s1 = [ &_53 <- Map.set uf'0.current.f0'2.roots elt elt ] s2 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with depth = _64 } } } ] s1 + | s1 = [ &_69 <- Map.set uf'0.current.f0'2.roots elt elt ] s2 | s2 = bb21 ] | bb21 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with roots = _53 } } } ] s1 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with roots = _69 } } } ] s1 | s1 = {[@expl:type invariant] inv_ref_UnionFind_T uf'0} s2 | s2 = -{resolve_ref_UnionFind_T uf'0}- s3 - | s3 = new_unit {_19} (fun (_ret: ()) -> [ &_18 <- _ret ] s4) + | s3 = new_unit {_25} (fun (_ret: ()) -> [ &_24 <- _ret ] s4) | s4 = bb22 ] | bb22 = s0 [ s0 = [ &_0 <- elt ] s1 | s1 = bb23 ] | bb23 = return {_0} ] @@ -1355,34 +1355,34 @@ module M_implementation__make | & payload_snap: t_T = Any.any_l () | & ptr: Opaque.ptr = Any.any_l () | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _11: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T = Any.any_l () - | & _12: t_Node_T = Any.any_l () - | & _13: t_PeanoInt = Any.any_l () + | & _17: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T = Any.any_l () + | & _18: t_Node_T = Any.any_l () + | & _19: t_PeanoInt = Any.any_l () | & elt: t_Element = Any.any_l () - | & _16: Opaque.ptr = Any.any_l () - | & _18: () = Any.any_l () - | & _19: () = Any.any_l () + | & _22: Opaque.ptr = Any.any_l () + | & _24: () = Any.any_l () + | & _25: () = Any.any_l () | & perm'0: t_PtrOwn_Node_T = Any.any_l () | & uf'0: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _22: tup2_PtrOwn_Node_T_ref_UnionFind_T = Any.any_l () - | & _23: t_PtrOwn_Node_T = Any.any_l () - | & _25: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _28: tup2_PtrOwn_Node_T_ref_UnionFind_T = Any.any_l () + | & _29: t_PtrOwn_Node_T = Any.any_l () + | & _31: MutBorrow.t t_UnionFind_T = Any.any_l () | & other_elt_ptr_snap: Opaque.ptr = Any.any_l () | & other_elt: t_Element = Any.any_l () - | & _30: Opaque.ptr = Any.any_l () - | & _31: Opaque.ptr = Any.any_l () - | & _33: () = Any.any_l () - | & _34: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _37: t_Element = Any.any_l () + | & _38: Opaque.ptr = Any.any_l () + | & _39: Opaque.ptr = Any.any_l () + | & _41: () = Any.any_l () + | & _42: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _45: t_Element = Any.any_l () | & other_perm: t_PtrOwn_Node_T = Any.any_l () - | & _40: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _41: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _43: t_Option_PtrOwn_Node_T = Any.any_l () - | & _44: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _47: Fset.fset t_Element = Any.any_l () - | & _49: Map.map t_Element t_T = Any.any_l () - | & _51: Map.map t_Element int = Any.any_l () - | & _53: Map.map t_Element t_Element = Any.any_l () ]) + | & _48: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _49: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _51: t_Option_PtrOwn_Node_T = Any.any_l () + | & _52: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _55: Fset.fset t_Element = Any.any_l () + | & _59: Map.map t_Element t_T = Any.any_l () + | & _64: Map.map t_Element int = Any.any_l () + | & _69: Map.map t_Element t_Element = Any.any_l () ]) [ return (result: t_Element) -> {[@expl:make ensures #0] not in_domain_T uf.current result} {[@expl:make ensures #1] domain_T (fin_Ghost_ref_UnionFind_T uf) = insert_Element'0 (domain_T uf.current) result} {[@expl:make ensures #2] roots_map_T (fin_Ghost_ref_UnionFind_T uf) @@ -1985,73 +1985,73 @@ module M_implementation__find_inner {[@expl:find_inner requires] in_domain_T uf.current elem} (! bb0 [ bb0 = s0 - [ s0 = deref_Ghost_ref_UnionFind_T {uf} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_13 <- _ret ] s1) + [ s0 = deref_Ghost_ref_UnionFind_T {uf} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_23 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_16 <- elem ] s1 - | s1 = get_ghost_Element {_13.current.f0'0.perms} {_16} - (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_11 <- _ret ] s2) + [ s0 = [ &_26 <- elem ] s1 + | s1 = get_ghost_Element {_23.current.f0'0.perms} {_26} + (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_21 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_11} (fun (_ret: t_PtrOwn_Node_T) -> [ &_10 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_10} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_21} (fun (_ret: t_PtrOwn_Node_T) -> [ &_20 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_20} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_19 <- elem.f0 ] s1 - | s1 = as_ref_Node_T {_19} {perm} (fun (_ret: t_Node_T) -> [ &_17 <- _ret ] s2) + [ s0 = [ &_29 <- elem.f0 ] s1 + | s1 = as_ref_Node_T {_29} {perm} (fun (_ret: t_Node_T) -> [ &_27 <- _ret ] s2) | s2 = bb5 ] | bb5 = any - [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_17 = Root x0 x1} (! bb7) | br1 (x0: t_Element) -> {_17 = Link x0} (! bb8) ] + [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_27 = Root x0 x1} (! bb7) | br1 (x0: t_Element) -> {_27 = Link x0} (! bb8) ] | bb8 = s0 - [ s0 = elim_Link {_17} (fun (r0: t_Element) -> [ &e <- r0 ] s1) + [ s0 = elim_Link {_27} (fun (r0: t_Element) -> [ &e <- r0 ] s1) | s1 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_30 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_40 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s2) - | s2 = deref_mut_Ghost_ref_UnionFind_T {_30} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_29 <- _ret ] s3) + | s2 = deref_mut_Ghost_ref_UnionFind_T {_40} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_39 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {inv_UnionFind_T _29.current.current} - MutBorrow.borrow_mut {_29.current.current} + [ s0 = {inv_UnionFind_T _39.current.current} + MutBorrow.borrow_mut {_39.current.current} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_28 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_29 <- { _29 with current = { _29.current with current = _ret.final } } ] s1) - | s1 = {inv_UnionFind_T _28.current} - MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + [ &_38 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_39 <- { _39 with current = { _39.current with current = _ret.final } } ] s1) + | s1 = {inv_UnionFind_T _38.current} + MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_27 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_28 <- { _28 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T'0 _29} s3 - | s3 = -{resolve_ref_ref_UnionFind_T _29}- s4 - | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _28} s5 - | s5 = -{resolve_ref_UnionFind_T _28}- s6 - | s6 = {inv_UnionFind_T _27.current} - MutBorrow.borrow_final {_27.current} {MutBorrow.get_id _27} + [ &_37 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_38 <- { _38 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T'0 _39} s3 + | s3 = -{resolve_ref_ref_UnionFind_T _39}- s4 + | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _38} s5 + | s5 = -{resolve_ref_UnionFind_T _38}- s6 + | s6 = {inv_UnionFind_T _37.current} + MutBorrow.borrow_final {_37.current} {MutBorrow.get_id _37} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_26 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_27 <- { _27 with current = _ret.final } ] s7) - | s7 = new_ref_UnionFind_T {_26} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_25 <- _ret ] s8) + [ &_36 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_37 <- { _37 with current = _ret.final } ] s7) + | s7 = new_ref_UnionFind_T {_36} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_35 <- _ret ] s8) | s8 = bb11 ] | bb11 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _27} s1 - | s1 = -{resolve_ref_UnionFind_T _27}- s2 - | s2 = find_inner_T {_25} {e} (fun (_ret: t_Element) -> [ &root <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _37} s1 + | s1 = -{resolve_ref_UnionFind_T _37}- s2 + | s2 = find_inner_T {_35} {e} (fun (_ret: t_Element) -> [ &root <- _ret ] s3) | s3 = bb12 ] | bb12 = s0 [ s0 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_34 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_44 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UnionFind_T {_34} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_33 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UnionFind_T {_44} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_43 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = {inv_UFInner_T _33.current.current.f0'0} - MutBorrow.borrow_mut {_33.current.current.f0'0} + [ s0 = {inv_UFInner_T _43.current.current.f0'0} + MutBorrow.borrow_mut {_43.current.current.f0'0} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &__temp <- _ret ] -{inv_UFInner_T _ret.final}- - [ &_33 <- { _33 with current = { _33.current with current = { f0'0 = _ret.final } } } ] s1) + [ &_43 <- { _43 with current = { _43.current with current = { f0'0 = _ret.final } } } ] s1) | s1 = new_ref_UFInner_T {__temp} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &uf'0 <- _ret ] s2) | s2 = bb14 ] | bb14 = s0 @@ -2061,51 +2061,51 @@ module M_implementation__find_inner | s1 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_45 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_58 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s2) - | s2 = deref_mut_Ghost_ref_UFInner_T {_45} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_44 <- _ret ] s3) + | s2 = deref_mut_Ghost_ref_UFInner_T {_58} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_57 <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = [ &_47 <- elem ] s1 - | s1 = {inv_FMap_Element_PtrOwn_Node_T _44.current.current.perms} - MutBorrow.borrow_mut {_44.current.current.perms} + [ s0 = [ &_60 <- elem ] s1 + | s1 = {inv_FMap_Element_PtrOwn_Node_T _57.current.current.perms} + MutBorrow.borrow_mut {_57.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Element_PtrOwn_Node_T) -> - [ &_43 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- - [ &_44 <- { _44 with current = { _44.current with current = { _44.current.current with perms = _ret.final } } } ] + [ &_56 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- + [ &_57 <- { _57 with current = { _57.current with current = { _57.current.current with perms = _ret.final } } } ] s2) - | s2 = get_mut_ghost_Element {_43} {_47} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_42 <- _ret ] s3) + | s2 = get_mut_ghost_Element {_56} {_60} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_55 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_42} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_41 <- _ret ] s1) + [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_55} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_54 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _44} s1 - | s1 = -{resolve_ref_ref_UFInner_T _44}- s2 - | s2 = {inv_PtrOwn_Node_T _41.current} - MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} + [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _57} s1 + | s1 = -{resolve_ref_ref_UFInner_T _57}- s2 + | s2 = {inv_PtrOwn_Node_T _54.current} + MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_40 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_41 <- { _41 with current = _ret.final } ] s3) - | s3 = new_ref_PtrOwn_Node_T'0 {_40} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &mut_perm <- _ret ] s4) + [ &_53 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_54 <- { _54 with current = _ret.final } ] s3) + | s3 = new_ref_PtrOwn_Node_T'0 {_53} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &mut_perm <- _ret ] s4) | s4 = bb18 ] | bb18 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _41} s1 - | s1 = -{resolve_ref_PtrOwn_Node_T _41}- s2 - | s2 = [ &_49 <- Link root ] s3 - | s3 = [ &_52 <- elem.f0 ] s4 - | s4 = as_mut_Node_T {_52} {mut_perm} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_51 <- _ret ] s5) + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _54} s1 + | s1 = -{resolve_ref_PtrOwn_Node_T _54}- s2 + | s2 = [ &_62 <- Link root ] s3 + | s3 = [ &_65 <- elem.f0 ] s4 + | s4 = as_mut_Node_T {_65} {mut_perm} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_64 <- _ret ] s5) | s5 = bb20 ] | bb20 = s0 - [ s0 = {[@expl:type invariant] inv_Node_T _51.current} s1 - | s1 = -{resolve_Node_T _51.current}- s2 - | s2 = [ &_51 <- { _51 with current = _49 } ] s3 - | s3 = {[@expl:type invariant] inv_ref_Node_T'0 _51} s4 - | s4 = -{resolve_ref_Node_T _51}- s5 + [ s0 = {[@expl:type invariant] inv_Node_T _64.current} s1 + | s1 = -{resolve_Node_T _64.current}- s2 + | s2 = [ &_64 <- { _64 with current = _62 } ] s3 + | s3 = {[@expl:type invariant] inv_ref_Node_T'0 _64} s4 + | s4 = -{resolve_ref_Node_T _64}- s5 | s5 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s6 | s6 = -{resolve_Ghost_ref_UFInner_T uf'0}- s7 - | s7 = {[@expl:type invariant] inv_ref_ref_UnionFind_T'0 _33} s8 - | s8 = -{resolve_ref_ref_UnionFind_T _33}- s9 + | s7 = {[@expl:type invariant] inv_ref_ref_UnionFind_T'0 _43} s8 + | s8 = -{resolve_ref_ref_UnionFind_T _43}- s9 | s9 = {[@expl:type invariant] inv_Ghost_ref_UnionFind_T uf} s10 | s10 = -{resolve_Ghost_ref_UnionFind_T uf}- s11 | s11 = bb22 ] @@ -2120,35 +2120,35 @@ module M_implementation__find_inner | & uf: MutBorrow.t t_UnionFind_T = uf | & elem: t_Element = elem | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _10: t_PtrOwn_Node_T = Any.any_l () - | & _11: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _13: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _16: t_Element = Any.any_l () - | & _17: t_Node_T = Any.any_l () - | & _19: Opaque.ptr = Any.any_l () + | & _20: t_PtrOwn_Node_T = Any.any_l () + | & _21: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _23: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _26: t_Element = Any.any_l () + | & _27: t_Node_T = Any.any_l () + | & _29: Opaque.ptr = Any.any_l () | & e: t_Element = Any.any_l () | & root: t_Element = Any.any_l () - | & _25: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _26: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _27: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _28: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _29: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _30: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _35: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _36: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _37: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _38: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _39: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _40: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () | & __temp: MutBorrow.t t_UFInner_T = Any.any_l () - | & _33: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _34: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _43: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _44: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () | & uf'0: MutBorrow.t t_UFInner_T = Any.any_l () | & mut_perm: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _40: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _41: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _42: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () - | & _43: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _44: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _45: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _47: t_Element = Any.any_l () - | & _49: t_Node_T = Any.any_l () - | & _51: MutBorrow.t t_Node_T = Any.any_l () - | & _52: Opaque.ptr = Any.any_l () ] + | & _53: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _54: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _55: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () + | & _56: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _57: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _58: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _60: t_Element = Any.any_l () + | & _62: t_Node_T = Any.any_l () + | & _64: MutBorrow.t t_Node_T = Any.any_l () + | & _65: Opaque.ptr = Any.any_l () ] [ find_inner_T (uf: MutBorrow.t t_UnionFind_T) (elem: t_Element) (_ret (_r: t_Element)) -> {[@expl:function variant] well_founded_relation_Int function_variant (uf.current.f0'0.max_depth - index_Mapping_Element_Int uf.current.f0'0.depth elem)} @@ -2793,34 +2793,34 @@ module M_implementation__get {[@expl:get requires #0] in_domain_T uf elem} {[@expl:get requires #1] root_T uf elem = elem} (! bb0 - [ bb0 = s0 [ s0 = deref_Ghost_ref_UnionFind_T {uf} (fun (_ret: t_UnionFind_T) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = deref_Ghost_ref_UnionFind_T {uf} (fun (_ret: t_UnionFind_T) -> [ &_16 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_13 <- elem ] s1 - | s1 = get_ghost_Element {_10.f0'0.perms} {_13} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_8 <- _ret ] s2) + [ s0 = [ &_19 <- elem ] s1 + | s1 = get_ghost_Element {_16.f0'0.perms} {_19} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_14 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_8} (fun (_ret: t_PtrOwn_Node_T) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_7} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_14} (fun (_ret: t_PtrOwn_Node_T) -> [ &_13 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_13} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_16 <- elem.f0 ] s1 - | s1 = as_ref_Node_T {_16} {perm} (fun (_ret: t_Node_T) -> [ &_14 <- _ret ] s2) + [ s0 = [ &_22 <- elem.f0 ] s1 + | s1 = as_ref_Node_T {_22} {perm} (fun (_ret: t_Node_T) -> [ &_20 <- _ret ] s2) | s2 = bb5 ] | bb5 = any - [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_14 = Root x0 x1} (! bb8) | br1 (x0: t_Element) -> {_14 = Link x0} (! bb6) ] + [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_20 = Root x0 x1} (! bb8) | br1 (x0: t_Element) -> {_20 = Link x0} (! bb6) ] | bb6 = {false} any | bb8 = s0 - [ s0 = elim_Root {_14} (fun (rrank: t_PeanoInt) (rpayload: t_T) -> [ &payload <- rpayload ] s1) + [ s0 = elim_Root {_20} (fun (rrank: t_PeanoInt) (rpayload: t_T) -> [ &payload <- rpayload ] s1) | s1 = [ &_0 <- payload ] s2 | s2 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & uf: t_UnionFind_T = uf | & elem: t_Element = elem | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _7: t_PtrOwn_Node_T = Any.any_l () - | & _8: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _10: t_UnionFind_T = Any.any_l () - | & _13: t_Element = Any.any_l () - | & _14: t_Node_T = Any.any_l () - | & _16: Opaque.ptr = Any.any_l () + | & _13: t_PtrOwn_Node_T = Any.any_l () + | & _14: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _16: t_UnionFind_T = Any.any_l () + | & _19: t_Element = Any.any_l () + | & _20: t_Node_T = Any.any_l () + | & _22: Opaque.ptr = Any.any_l () | & payload: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:get result type invariant] inv_ref_T result} {[@expl:get ensures] result = payload_T uf elem} @@ -3146,37 +3146,37 @@ module M_implementation__equiv [ s0 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_14 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_22 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UnionFind_T {_14} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_13 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UnionFind_T {_22} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_21 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = {inv_UnionFind_T _13.current.current} - MutBorrow.borrow_mut {_13.current.current} + [ s0 = {inv_UnionFind_T _21.current.current} + MutBorrow.borrow_mut {_21.current.current} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_12 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_13 <- { _13 with current = { _13.current with current = _ret.final } } ] s1) - | s1 = {inv_UnionFind_T _12.current} - MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + [ &_20 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_21 <- { _21 with current = { _21.current with current = _ret.final } } ] s1) + | s1 = {inv_UnionFind_T _20.current} + MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_11 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_12 <- { _12 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _13} s3 - | s3 = -{resolve_ref_ref_UnionFind_T _13}- s4 - | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _12} s5 - | s5 = -{resolve_ref_UnionFind_T _12}- s6 - | s6 = {inv_UnionFind_T _11.current} - MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + [ &_19 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_20 <- { _20 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _21} s3 + | s3 = -{resolve_ref_ref_UnionFind_T _21}- s4 + | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _20} s5 + | s5 = -{resolve_ref_UnionFind_T _20}- s6 + | s6 = {inv_UnionFind_T _19.current} + MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_10 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_11 <- { _11 with current = _ret.final } ] s7) - | s7 = new_ref_UnionFind_T {_10} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_9 <- _ret ] s8) + [ &_18 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_19 <- { _19 with current = _ret.final } ] s7) + | s7 = new_ref_UnionFind_T {_18} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_17 <- _ret ] s8) | s8 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _11} s1 - | s1 = -{resolve_ref_UnionFind_T _11}- s2 - | s2 = find_T {_9} {e1} (fun (_ret: t_Element) -> [ &r1 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _19} s1 + | s1 = -{resolve_ref_UnionFind_T _19}- s2 + | s2 = find_T {_17} {e1} (fun (_ret: t_Element) -> [ &r1 <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = find_T {uf} {e2} (fun (_ret: t_Element) -> [ &r2 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = eq_Element {r1} {r2} (fun (_ret: bool) -> [ &_0 <- _ret ] s1) | s1 = bb5 ] @@ -3186,12 +3186,12 @@ module M_implementation__equiv | & e1: t_Element = e1 | & e2: t_Element = e2 | & r1: t_Element = Any.any_l () - | & _9: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _10: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _11: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _12: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _13: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _14: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _17: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _18: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _19: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _20: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _21: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _22: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () | & r2: t_Element = Any.any_l () ]) [ return (result: bool) -> {[@expl:equiv ensures #0] result = (root_T uf.current e1 = root_T uf.current e2)} {[@expl:equiv ensures #1] unchanged_T uf} @@ -3898,8 +3898,8 @@ module M_implementation__link {[@expl:link requires #0] in_domain_T uf.current x /\ in_domain_T uf.current y} {[@expl:link requires #1] root_T uf.current x = x /\ root_T uf.current y = y} (! bb0 - [ bb0 = s0 [ s0 = eq_Element {x} {y} (fun (_ret: bool) -> [ &_11 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_11 = false} (! bb3) | br1 -> {_11} (! bb2) ] + [ bb0 = s0 [ s0 = eq_Element {x} {y} (fun (_ret: bool) -> [ &_25 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_25 = false} (! bb3) | br1 -> {_25} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_Ghost_ref_UnionFind_T uf} s1 | s1 = -{resolve_Ghost_ref_UnionFind_T uf}- s2 @@ -3909,114 +3909,114 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_17 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_31 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UnionFind_T {_17} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_16 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UnionFind_T {_31} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_30 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = {inv_UFInner_T _16.current.current.f0'0} - MutBorrow.borrow_mut {_16.current.current.f0'0} + [ s0 = {inv_UFInner_T _30.current.current.f0'0} + MutBorrow.borrow_mut {_30.current.current.f0'0} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &__temp <- _ret ] -{inv_UFInner_T _ret.final}- - [ &_16 <- { _16 with current = { _16.current with current = { f0'0 = _ret.final } } } ] s1) + [ &_30 <- { _30 with current = { _30.current with current = { f0'0 = _ret.final } } } ] s1) | s1 = new_ref_UFInner_T {__temp} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &uf'0 <- _ret ] s2) | s2 = bb5 ] | bb5 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_27 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_41 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_27} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_26 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_41} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_40 <- _ret ] s2) | s2 = bb6 ] | bb6 = s0 - [ s0 = [ &_29 <- x ] s1 - | s1 = {inv_FMap_Element_PtrOwn_Node_T _26.current.current.perms} - MutBorrow.borrow_mut {_26.current.current.perms} + [ s0 = [ &_43 <- x ] s1 + | s1 = {inv_FMap_Element_PtrOwn_Node_T _40.current.current.perms} + MutBorrow.borrow_mut {_40.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Element_PtrOwn_Node_T) -> - [ &_25 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- - [ &_26 <- { _26 with current = { _26.current with current = { _26.current.current with perms = _ret.final } } } ] + [ &_39 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- + [ &_40 <- { _40 with current = { _40.current with current = { _40.current.current with perms = _ret.final } } } ] s2) - | s2 = split_mut_ghost_Element {_25} {_29} - (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T) -> [ &_24 <- _ret ] s3) + | s2 = split_mut_ghost_Element {_39} {_43} + (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T) -> [ &_38 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _26} s1 - | s1 = -{resolve_ref_ref_UFInner_T _26}- s2 - | s2 = new_tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T {_24} - (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T) -> [ &_23 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _40} s1 + | s1 = -{resolve_ref_ref_UFInner_T _40}- s2 + | s2 = new_tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T {_38} + (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T) -> [ &_37 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = split_ref_PtrOwn_Node_T {_23} - (fun (_ret: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Element_PtrOwn_Node_T) -> [ &_22 <- _ret ] s1) + [ s0 = split_ref_PtrOwn_Node_T {_37} + (fun (_ret: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Element_PtrOwn_Node_T) -> [ &_36 <- _ret ] s1) | s1 = bb9 ] | bb9 = s0 - [ s0 = [ &perm_x <- _22.f0'3 ] s1 - | s1 = [ &m <- _22.f1'3 ] s2 - | s2 = [ &_32 <- x.f0 ] s3 - | s3 = as_mut_Node_T {_32} {perm_x} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_31 <- _ret ] s4) + [ s0 = [ &perm_x <- _36.f0'3 ] s1 + | s1 = [ &m <- _36.f1'3 ] s2 + | s2 = [ &_46 <- x.f0 ] s3 + | s3 = as_mut_Node_T {_46} {perm_x} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_45 <- _ret ] s4) | s4 = bb10 ] | bb10 = s0 - [ s0 = {inv_Node_T _31.current} - MutBorrow.borrow_final {_31.current} {MutBorrow.get_id _31} + [ s0 = {inv_Node_T _45.current} + MutBorrow.borrow_final {_45.current} {MutBorrow.get_id _45} (fun (_ret: MutBorrow.t t_Node_T) -> [ &bx <- _ret ] -{inv_Node_T _ret.final}- - [ &_31 <- { _31 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _31} s2 - | s2 = -{resolve_ref_Node_T _31}- s3 - | s3 = [ &_37 <- y.f0 ] s4 + [ &_45 <- { _45 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _45} s2 + | s2 = -{resolve_ref_Node_T _45}- s3 + | s3 = [ &_51 <- y.f0 ] s4 | s4 = {inv_Ghost_ref_FMap_Element_PtrOwn_Node_T m} MutBorrow.borrow_mut {m} (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T)) -> - [ &_46 <- _ret ] -{inv_Ghost_ref_FMap_Element_PtrOwn_Node_T _ret.final}- + [ &_60 <- _ret ] -{inv_Ghost_ref_FMap_Element_PtrOwn_Node_T _ret.final}- [ &m <- _ret.final ] s5) - | s5 = deref_mut_Ghost_ref_FMap_Element_PtrOwn_Node_T {_46} - (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T)) -> [ &_45 <- _ret ] s6) + | s5 = deref_mut_Ghost_ref_FMap_Element_PtrOwn_Node_T {_60} + (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T)) -> [ &_59 <- _ret ] s6) | s6 = bb11 ] | bb11 = s0 - [ s0 = [ &_48 <- y ] s1 - | s1 = {inv_FMap_Element_PtrOwn_Node_T _45.current.current} - MutBorrow.borrow_mut {_45.current.current} + [ s0 = [ &_62 <- y ] s1 + | s1 = {inv_FMap_Element_PtrOwn_Node_T _59.current.current} + MutBorrow.borrow_mut {_59.current.current} (fun (_ret: MutBorrow.t t_FMap_Element_PtrOwn_Node_T) -> - [ &_44 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- - [ &_45 <- { _45 with current = { _45.current with current = _ret.final } } ] s2) - | s2 = get_mut_ghost_Element {_44} {_48} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_43 <- _ret ] s3) + [ &_58 <- _ret ] -{inv_FMap_Element_PtrOwn_Node_T _ret.final}- + [ &_59 <- { _59 with current = { _59.current with current = _ret.final } } ] s2) + | s2 = get_mut_ghost_Element {_58} {_62} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_57 <- _ret ] s3) | s3 = bb12 ] | bb12 = s0 - [ s0 = unwrap_ref_PtrOwn_Node_T {_43} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_42 <- _ret ] s1) + [ s0 = unwrap_ref_PtrOwn_Node_T {_57} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_56 <- _ret ] s1) | s1 = bb13 ] | bb13 = s0 - [ s0 = {inv_PtrOwn_Node_T _42.current} - MutBorrow.borrow_final {_42.current} {MutBorrow.get_id _42} + [ s0 = {inv_PtrOwn_Node_T _56.current} + MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_41 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_42 <- { _42 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_ref_FMap_Element_PtrOwn_Node_T _45} s2 - | s2 = -{resolve_ref_ref_FMap_Element_PtrOwn_Node_T _45}- s3 - | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _42} s4 - | s4 = -{resolve_ref_PtrOwn_Node_T _42}- s5 - | s5 = {inv_PtrOwn_Node_T _41.current} - MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} + [ &_55 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_56 <- { _56 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_ref_FMap_Element_PtrOwn_Node_T _59} s2 + | s2 = -{resolve_ref_ref_FMap_Element_PtrOwn_Node_T _59}- s3 + | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _56} s4 + | s4 = -{resolve_ref_PtrOwn_Node_T _56}- s5 + | s5 = {inv_PtrOwn_Node_T _55.current} + MutBorrow.borrow_final {_55.current} {MutBorrow.get_id _55} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_40 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_41 <- { _41 with current = _ret.final } ] s6) - | s6 = new_ref_PtrOwn_Node_T {_40} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_39 <- _ret ] s7) + [ &_54 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_55 <- { _55 with current = _ret.final } ] s6) + | s6 = new_ref_PtrOwn_Node_T {_54} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_53 <- _ret ] s7) | s7 = bb14 ] | bb14 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _41} s1 - | s1 = -{resolve_ref_PtrOwn_Node_T _41}- s2 - | s2 = as_mut_Node_T {_37} {_39} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_36 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _55} s1 + | s1 = -{resolve_ref_PtrOwn_Node_T _55}- s2 + | s2 = as_mut_Node_T {_51} {_53} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_50 <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = {inv_Node_T _36.current} - MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + [ s0 = {inv_Node_T _50.current} + MutBorrow.borrow_final {_50.current} {MutBorrow.get_id _50} (fun (_ret: MutBorrow.t t_Node_T) -> [ &by' <- _ret ] -{inv_Node_T _ret.final}- - [ &_36 <- { _36 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _36} s2 - | s2 = -{resolve_ref_Node_T _36}- s3 + [ &_50 <- { _50 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _50} s2 + | s2 = -{resolve_ref_Node_T _50}- s3 | s3 = any [ br0 (x0: t_PeanoInt) (x1: t_T) -> {bx.current = Root x0 x1} (! bb18) | br1 (x0: t_Element) -> {bx.current = Link x0} (! bb16) ] ] @@ -4046,9 +4046,9 @@ module M_implementation__link MutBorrow.borrow_mut {rrank} (fun (_ret: MutBorrow.t t_PeanoInt) -> [ &ry <- _ret ] [ &by' <- { by' with current = Root _ret.final rpayload } ] s1)) - | s1 = lt_PeanoInt {rx.current} {ry.current} (fun (_ret: bool) -> [ &_55 <- _ret ] s2) + | s1 = lt_PeanoInt {rx.current} {ry.current} (fun (_ret: bool) -> [ &_69 <- _ret ] s2) | s2 = bb22 ] - | bb22 = any [ br0 -> {_55 = false} (! bb34) | br1 -> {_55} (! bb23) ] + | bb22 = any [ br0 -> {_69 = false} (! bb34) | br1 -> {_69} (! bb23) ] | bb23 = s0 [ s0 = -{resolve_ref_PeanoInt ry}- s1 | s1 = -{resolve_ref_PeanoInt rx}- s2 @@ -4056,17 +4056,17 @@ module M_implementation__link | s3 = -{resolve_ref_Node_T by'}- s4 | s4 = {[@expl:type invariant] inv_Ghost_ref_FMap_Element_PtrOwn_Node_T m} s5 | s5 = -{resolve_Ghost_ref_FMap_Element_PtrOwn_Node_T m}- s6 - | s6 = [ &_58 <- Link y ] s7 + | s6 = [ &_72 <- Link y ] s7 | s7 = bb24 ] | bb24 = s0 [ s0 = {[@expl:type invariant] inv_Node_T bx.current} s1 | s1 = -{resolve_Node_T bx.current}- s2 - | s2 = [ &bx <- { bx with current = _58 } ] s3 + | s2 = [ &bx <- { bx with current = _72 } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s4 | s4 = -{resolve_ref_Node_T bx}- s5 | s5 = bb26 ] | bb26 = s0 - [ s0 = [ &_62 <- fun (z: t_Element) -> if index_Mapping_Element_Element uf'0.current.roots z = x then + [ s0 = [ &_76 <- fun (z: t_Element) -> if index_Mapping_Element_Element uf'0.current.roots z = x then y else index_Mapping_Element_Element uf'0.current.roots z @@ -4076,34 +4076,34 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_65 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_82 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_65} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_64 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_82} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_81 <- _ret ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = [ &_64 <- { _64 with current = { _64.current with current = { _64.current.current with roots = _62 } } } ] + [ s0 = [ &_81 <- { _81 with current = { _81.current with current = { _81.current.current with roots = _76 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _64} s2 - | s2 = -{resolve_ref_ref_UFInner_T _64}- s3 - | s3 = [ &_66 <- uf'0.current.max_depth + 1 ] s4 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _81} s2 + | s2 = -{resolve_ref_ref_UFInner_T _81}- s3 + | s3 = [ &_83 <- uf'0.current.max_depth + 1 ] s4 | s4 = bb29 ] | bb29 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_69 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_87 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_69} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_68 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_87} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_86 <- _ret ] s2) | s2 = bb30 ] | bb30 = s0 [ s0 = - [ &_68 <- { _68 with current = { _68.current with current = { _68.current.current with max_depth = _66 } } } ] + [ &_86 <- { _86 with current = { _86.current with current = { _86.current.current with max_depth = _83 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _68} s2 - | s2 = -{resolve_ref_ref_UFInner_T _68}- s3 - | s3 = [ &_70 <- Map.set uf'0.current.depth y (1 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _86} s2 + | s2 = -{resolve_ref_ref_UFInner_T _86}- s3 + | s3 = [ &_88 <- Map.set uf'0.current.depth y (1 + MinMax.max (index_Mapping_Element_Int uf'0.current.depth x) (index_Mapping_Element_Int uf'0.current.depth y)) ] s4 | s4 = bb31 ] @@ -4111,33 +4111,33 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_73 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_94 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_73} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_72 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_94} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_93 <- _ret ] s2) | s2 = bb32 ] | bb32 = s0 - [ s0 = [ &_72 <- { _72 with current = { _72.current with current = { _72.current.current with depth = _70 } } } ] + [ s0 = [ &_93 <- { _93 with current = { _93.current with current = { _93.current.current with depth = _88 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _72} s2 - | s2 = -{resolve_ref_ref_UFInner_T _72}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _93} s2 + | s2 = -{resolve_ref_ref_UFInner_T _93}- s3 | s3 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s4 | s4 = -{resolve_Ghost_ref_UFInner_T uf'0}- s5 - | s5 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _16} s6 - | s6 = -{resolve_ref_ref_UnionFind_T _16}- s7 + | s5 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _30} s6 + | s6 = -{resolve_ref_ref_UnionFind_T _30}- s7 | s7 = {[@expl:type invariant] inv_Ghost_ref_UnionFind_T uf} s8 | s8 = -{resolve_Ghost_ref_UnionFind_T uf}- s9 - | s9 = new_unit {_61} (fun (_ret: ()) -> [ &_60 <- _ret ] s10) + | s9 = new_unit {_75} (fun (_ret: ()) -> [ &_74 <- _ret ] s10) | s10 = bb33 ] | bb33 = s0 [ s0 = [ &_0 <- y ] s1 | s1 = bb51 ] | bb34 = s0 [ s0 = -{resolve_ref_PeanoInt ry}- s1 - | s1 = eq_PeanoInt {rx.current} {ry.current} (fun (_ret: bool) -> [ &_75 <- _ret ] s2) + | s1 = eq_PeanoInt {rx.current} {ry.current} (fun (_ret: bool) -> [ &_96 <- _ret ] s2) | s2 = bb35 ] - | bb35 = any [ br0 -> {_75 = false} (! bb38) | br1 -> {_75} (! bb36) ] + | bb35 = any [ br0 -> {_96 = false} (! bb38) | br1 -> {_96} (! bb36) ] | bb36 = s0 [ s0 = -{resolve_ref_PeanoInt rx}- s1 - | s1 = incr {rx.current} (fun (_ret: t_PeanoInt) -> [ &_78 <- _ret ] s2) + | s1 = incr {rx.current} (fun (_ret: t_PeanoInt) -> [ &_99 <- _ret ] s2) | s2 = bb37 ] | bb37 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s1 | s1 = -{resolve_ref_Node_T bx}- s2 | s2 = bb39 ] | bb38 = s0 @@ -4145,18 +4145,18 @@ module M_implementation__link | s1 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s2 | s2 = -{resolve_ref_Node_T bx}- s3 | s3 = bb39 ] - | bb39 = s0 [ s0 = [ &_80 <- Link x ] s1 | s1 = bb40 ] + | bb39 = s0 [ s0 = [ &_101 <- Link x ] s1 | s1 = bb40 ] | bb40 = s0 [ s0 = {[@expl:type invariant] inv_Node_T by'.current} s1 | s1 = -{resolve_Node_T by'.current}- s2 - | s2 = [ &by' <- { by' with current = _80 } ] s3 + | s2 = [ &by' <- { by' with current = _101 } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_T'0 by'} s4 | s4 = -{resolve_ref_Node_T by'}- s5 | s5 = {[@expl:type invariant] inv_Ghost_ref_FMap_Element_PtrOwn_Node_T m} s6 | s6 = -{resolve_Ghost_ref_FMap_Element_PtrOwn_Node_T m}- s7 | s7 = bb42 ] | bb42 = s0 - [ s0 = [ &_84 <- fun (z: t_Element) -> if index_Mapping_Element_Element uf'0.current.roots z = y then + [ s0 = [ &_105 <- fun (z: t_Element) -> if index_Mapping_Element_Element uf'0.current.roots z = y then x else index_Mapping_Element_Element uf'0.current.roots z @@ -4166,34 +4166,35 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_87 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_111 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_87} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_86 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_111} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_110 <- _ret ] s2) | s2 = bb44 ] | bb44 = s0 - [ s0 = [ &_86 <- { _86 with current = { _86.current with current = { _86.current.current with roots = _84 } } } ] + [ s0 = + [ &_110 <- { _110 with current = { _110.current with current = { _110.current.current with roots = _105 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _86} s2 - | s2 = -{resolve_ref_ref_UFInner_T _86}- s3 - | s3 = [ &_88 <- uf'0.current.max_depth + 1 ] s4 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _110} s2 + | s2 = -{resolve_ref_ref_UFInner_T _110}- s3 + | s3 = [ &_112 <- uf'0.current.max_depth + 1 ] s4 | s4 = bb45 ] | bb45 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_91 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_116 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_91} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_90 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_116} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_115 <- _ret ] s2) | s2 = bb46 ] | bb46 = s0 [ s0 = - [ &_90 <- { _90 with current = { _90.current with current = { _90.current.current with max_depth = _88 } } } ] + [ &_115 <- { _115 with current = { _115.current with current = { _115.current.current with max_depth = _112 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _90} s2 - | s2 = -{resolve_ref_ref_UFInner_T _90}- s3 - | s3 = [ &_92 <- Map.set uf'0.current.depth x (1 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _115} s2 + | s2 = -{resolve_ref_ref_UFInner_T _115}- s3 + | s3 = [ &_117 <- Map.set uf'0.current.depth x (1 + MinMax.max (index_Mapping_Element_Int uf'0.current.depth x) (index_Mapping_Element_Int uf'0.current.depth y)) ] s4 | s4 = bb47 ] @@ -4201,23 +4202,24 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_95 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_123 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_95} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_94 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_123} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_122 <- _ret ] s2) | s2 = bb48 ] | bb48 = s0 - [ s0 = [ &_94 <- { _94 with current = { _94.current with current = { _94.current.current with depth = _92 } } } ] + [ s0 = + [ &_122 <- { _122 with current = { _122.current with current = { _122.current.current with depth = _117 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _94} s2 - | s2 = -{resolve_ref_ref_UFInner_T _94}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _122} s2 + | s2 = -{resolve_ref_ref_UFInner_T _122}- s3 | s3 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s4 | s4 = -{resolve_Ghost_ref_UFInner_T uf'0}- s5 - | s5 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _16} s6 - | s6 = -{resolve_ref_ref_UnionFind_T _16}- s7 + | s5 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _30} s6 + | s6 = -{resolve_ref_ref_UnionFind_T _30}- s7 | s7 = {[@expl:type invariant] inv_Ghost_ref_UnionFind_T uf} s8 | s8 = -{resolve_Ghost_ref_UnionFind_T uf}- s9 - | s9 = new_unit {_83} (fun (_ret: ()) -> [ &_82 <- _ret ] s10) + | s9 = new_unit {_104} (fun (_ret: ()) -> [ &_103 <- _ret ] s10) | s10 = bb49 ] | bb49 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = bb51 ] | bb51 = return {_0} ] @@ -4225,64 +4227,64 @@ module M_implementation__link | & uf: MutBorrow.t t_UnionFind_T = uf | & x: t_Element = x | & y: t_Element = y - | & _11: bool = Any.any_l () + | & _25: bool = Any.any_l () | & __temp: MutBorrow.t t_UFInner_T = Any.any_l () - | & _16: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _17: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _30: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _31: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () | & uf'0: MutBorrow.t t_UFInner_T = Any.any_l () | & perm_x: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () | & m: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _22: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _23: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _24: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _25: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _26: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _27: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _29: t_Element = Any.any_l () + | & _36: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _37: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _38: tup2_ref_PtrOwn_Node_T_ref_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _39: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _40: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _41: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _43: t_Element = Any.any_l () | & bx: MutBorrow.t t_Node_T = Any.any_l () - | & _31: MutBorrow.t t_Node_T = Any.any_l () - | & _32: Opaque.ptr = Any.any_l () + | & _45: MutBorrow.t t_Node_T = Any.any_l () + | & _46: Opaque.ptr = Any.any_l () | & by': MutBorrow.t t_Node_T = Any.any_l () - | & _36: MutBorrow.t t_Node_T = Any.any_l () - | & _37: Opaque.ptr = Any.any_l () - | & _39: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _40: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _41: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _42: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _43: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _44: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () - | & _45: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T) = Any.any_l () - | & _46: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T) = Any.any_l () - | & _48: t_Element = Any.any_l () + | & _50: MutBorrow.t t_Node_T = Any.any_l () + | & _51: Opaque.ptr = Any.any_l () + | & _53: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _54: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _55: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _56: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _57: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _58: MutBorrow.t t_FMap_Element_PtrOwn_Node_T = Any.any_l () + | & _59: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T) = Any.any_l () + | & _60: MutBorrow.t (MutBorrow.t t_FMap_Element_PtrOwn_Node_T) = Any.any_l () + | & _62: t_Element = Any.any_l () | & rx: MutBorrow.t t_PeanoInt = Any.any_l () | & ry: MutBorrow.t t_PeanoInt = Any.any_l () - | & _55: bool = Any.any_l () - | & _58: t_Node_T = Any.any_l () - | & _60: () = Any.any_l () - | & _61: () = Any.any_l () - | & _62: Map.map t_Element t_Element = Any.any_l () - | & _64: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _65: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _66: int = Any.any_l () - | & _68: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _69: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _70: Map.map t_Element int = Any.any_l () - | & _72: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _73: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _75: bool = Any.any_l () - | & _78: t_PeanoInt = Any.any_l () - | & _80: t_Node_T = Any.any_l () - | & _82: () = Any.any_l () - | & _83: () = Any.any_l () - | & _84: Map.map t_Element t_Element = Any.any_l () + | & _69: bool = Any.any_l () + | & _72: t_Node_T = Any.any_l () + | & _74: () = Any.any_l () + | & _75: () = Any.any_l () + | & _76: Map.map t_Element t_Element = Any.any_l () + | & _81: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _82: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _83: int = Any.any_l () | & _86: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () | & _87: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _88: int = Any.any_l () - | & _90: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _91: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _92: Map.map t_Element int = Any.any_l () + | & _88: Map.map t_Element int = Any.any_l () + | & _93: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () | & _94: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _95: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () ]) + | & _96: bool = Any.any_l () + | & _99: t_PeanoInt = Any.any_l () + | & _101: t_Node_T = Any.any_l () + | & _103: () = Any.any_l () + | & _104: () = Any.any_l () + | & _105: Map.map t_Element t_Element = Any.any_l () + | & _110: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _111: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _112: int = Any.any_l () + | & _115: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _116: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _117: Map.map t_Element int = Any.any_l () + | & _122: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _123: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () ]) [ return (result: t_Element) -> {[@expl:link ensures #0] domain_unchanged_T uf /\ payloads_unchanged_T uf} {[@expl:link ensures #1] result = root_T uf.current x \/ result = root_T uf.current y} {[@expl:link ensures #2] result = root_T (fin_Ghost_ref_UnionFind_T uf) result} @@ -4632,73 +4634,73 @@ module M_implementation__union [ s0 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_14 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_24 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UnionFind_T {_14} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_13 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UnionFind_T {_24} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_23 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = {inv_UnionFind_T _13.current.current} - MutBorrow.borrow_mut {_13.current.current} + [ s0 = {inv_UnionFind_T _23.current.current} + MutBorrow.borrow_mut {_23.current.current} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_12 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_13 <- { _13 with current = { _13.current with current = _ret.final } } ] s1) - | s1 = {inv_UnionFind_T _12.current} - MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + [ &_22 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_23 <- { _23 with current = { _23.current with current = _ret.final } } ] s1) + | s1 = {inv_UnionFind_T _22.current} + MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_11 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_12 <- { _12 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _13} s3 - | s3 = -{resolve_ref_ref_UnionFind_T _13}- s4 - | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _12} s5 - | s5 = -{resolve_ref_UnionFind_T _12}- s6 - | s6 = {inv_UnionFind_T _11.current} - MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + [ &_21 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_22 <- { _22 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _23} s3 + | s3 = -{resolve_ref_ref_UnionFind_T _23}- s4 + | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _22} s5 + | s5 = -{resolve_ref_UnionFind_T _22}- s6 + | s6 = {inv_UnionFind_T _21.current} + MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_10 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_11 <- { _11 with current = _ret.final } ] s7) - | s7 = new_ref_UnionFind_T {_10} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_9 <- _ret ] s8) + [ &_20 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_21 <- { _21 with current = _ret.final } ] s7) + | s7 = new_ref_UnionFind_T {_20} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_19 <- _ret ] s8) | s8 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _11} s1 - | s1 = -{resolve_ref_UnionFind_T _11}- s2 - | s2 = find_T {_9} {x} (fun (_ret: t_Element) -> [ &rx <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _21} s1 + | s1 = -{resolve_ref_UnionFind_T _21}- s2 + | s2 = find_T {_19} {x} (fun (_ret: t_Element) -> [ &rx <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = {inv_Ghost_ref_UnionFind_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> - [ &_22 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- + [ &_32 <- _ret ] -{inv_Ghost_ref_UnionFind_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UnionFind_T {_22} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_21 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UnionFind_T {_32} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UnionFind_T)) -> [ &_31 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = {inv_UnionFind_T _21.current.current} - MutBorrow.borrow_mut {_21.current.current} + [ s0 = {inv_UnionFind_T _31.current.current} + MutBorrow.borrow_mut {_31.current.current} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_20 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_21 <- { _21 with current = { _21.current with current = _ret.final } } ] s1) - | s1 = {inv_UnionFind_T _20.current} - MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} + [ &_30 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_31 <- { _31 with current = { _31.current with current = _ret.final } } ] s1) + | s1 = {inv_UnionFind_T _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_19 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_20 <- { _20 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _21} s3 - | s3 = -{resolve_ref_ref_UnionFind_T _21}- s4 - | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _20} s5 - | s5 = -{resolve_ref_UnionFind_T _20}- s6 - | s6 = {inv_UnionFind_T _19.current} - MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + [ &_29 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UnionFind_T _31} s3 + | s3 = -{resolve_ref_ref_UnionFind_T _31}- s4 + | s4 = {[@expl:type invariant] inv_ref_UnionFind_T _30} s5 + | s5 = -{resolve_ref_UnionFind_T _30}- s6 + | s6 = {inv_UnionFind_T _29.current} + MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t t_UnionFind_T) -> - [ &_18 <- _ret ] -{inv_UnionFind_T _ret.final}- - [ &_19 <- { _19 with current = _ret.final } ] s7) - | s7 = new_ref_UnionFind_T {_18} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_17 <- _ret ] s8) + [ &_28 <- _ret ] -{inv_UnionFind_T _ret.final}- + [ &_29 <- { _29 with current = _ret.final } ] s7) + | s7 = new_ref_UnionFind_T {_28} (fun (_ret: MutBorrow.t t_UnionFind_T) -> [ &_27 <- _ret ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _19} s1 - | s1 = -{resolve_ref_UnionFind_T _19}- s2 - | s2 = find_T {_17} {y} (fun (_ret: t_Element) -> [ &ry <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UnionFind_T _29} s1 + | s1 = -{resolve_ref_UnionFind_T _29}- s2 + | s2 = find_T {_27} {y} (fun (_ret: t_Element) -> [ &ry <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 [ s0 = link_T {uf} {rx} {ry} (fun (_ret: t_Element) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] | bb7 = return {_0} ] @@ -4707,19 +4709,19 @@ module M_implementation__union | & x: t_Element = x | & y: t_Element = y | & rx: t_Element = Any.any_l () - | & _9: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _10: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _11: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _12: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _13: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _14: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & ry: t_Element = Any.any_l () - | & _17: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _18: MutBorrow.t t_UnionFind_T = Any.any_l () | & _19: MutBorrow.t t_UnionFind_T = Any.any_l () | & _20: MutBorrow.t t_UnionFind_T = Any.any_l () - | & _21: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () - | & _22: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () ]) + | & _21: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _22: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _23: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _24: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & ry: t_Element = Any.any_l () + | & _27: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _28: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _29: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _30: MutBorrow.t t_UnionFind_T = Any.any_l () + | & _31: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () + | & _32: MutBorrow.t (MutBorrow.t t_UnionFind_T) = Any.any_l () ]) [ return (result: t_Element) -> {[@expl:union ensures #0] domain_unchanged_T uf /\ payloads_unchanged_T uf} {[@expl:union ensures #1] result = root_T uf.current x \/ result = root_T uf.current y} {[@expl:union ensures #2] forall z: t_Element. in_domain_T uf.current z @@ -5179,11 +5181,11 @@ module M_example_addrs_eq {[@expl:example_addrs_eq 'e2' type invariant] inv_Element e2} {[@expl:example_addrs_eq requires] in_domain_T uf e1 /\ in_domain_T uf e2} (! bb0 - [ bb0 = s0 [ s0 = eq_Element {e1} {e2} (fun (_ret: bool) -> [ &_5 <- _ret ] s1) | s1 = bb1 ] - | bb1 = any [ br0 -> {_5 = false} (! bb4) | br1 -> {_5} (! bb2) ] + [ bb0 = s0 [ s0 = eq_Element {e1} {e2} (fun (_ret: bool) -> [ &_8 <- _ret ] s1) | s1 = bb1 ] + | bb1 = any [ br0 -> {_8 = false} (! bb4) | br1 -> {_8} (! bb2) ] | bb2 = s0 [ s0 = {[@expl:assertion] e1 = e2} s1 | s1 = bb4 ] | bb4 = return {_0} ] - [ & _0: () = Any.any_l () | & e1: t_Element = e1 | & e2: t_Element = e2 | & _5: bool = Any.any_l () ]) + [ & _0: () = Any.any_l () | & e1: t_Element = e1 | & e2: t_Element = e2 | & _8: bool = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end module M_implementation__impl_PartialEq_for_Element__eq__refines (* *) diff --git a/tests/should_succeed/union_find_cpp.coma b/tests/should_succeed/union_find_cpp.coma index 4cff2f7b46..9274819c89 100644 --- a/tests/should_succeed/union_find_cpp.coma +++ b/tests/should_succeed/union_find_cpp.coma @@ -931,70 +931,70 @@ module M_implementation__make {[@expl:make 'payload' type invariant] inv_T payload} (! bb0 [ bb0 = s0 [ s0 = [ &payload_snap <- payload ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = new (fun (_ret: t_PeanoInt) -> [ &_13 <- _ret ] s1) | s1 = bb2 ] - | bb2 = s0 [ s0 = [ &_12 <- Root _13 payload ] s1 | s1 = bb3 ] + | bb1 = s0 [ s0 = new (fun (_ret: t_PeanoInt) -> [ &_19 <- _ret ] s1) | s1 = bb2 ] + | bb2 = s0 [ s0 = [ &_18 <- Root _19 payload ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = new_Node_T {_12} (fun (_ret: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T) -> [ &_11 <- _ret ] s1) | s1 = bb4 ] + [ s0 = new_Node_T {_18} (fun (_ret: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T) -> [ &_17 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &ptr <- _11.f0'1 ] s1 - | s1 = [ &perm <- _11.f1'1 ] s2 - | s2 = [ &_16 <- ptr ] s3 - | s3 = [ &elt <- { f0'0 = _16 } ] s4 - | s4 = into_inner_PtrOwn_Node_T {perm} (fun (_ret: t_PtrOwn_Node_T) -> [ &_23 <- _ret ] s5) + [ s0 = [ &ptr <- _17.f0'1 ] s1 + | s1 = [ &perm <- _17.f1'1 ] s2 + | s2 = [ &_22 <- ptr ] s3 + | s3 = [ &elt <- { f0'0 = _22 } ] s4 + | s4 = into_inner_PtrOwn_Node_T {perm} (fun (_ret: t_PtrOwn_Node_T) -> [ &_29 <- _ret ] s5) | s5 = bb5 ] - | bb5 = s0 [ s0 = into_inner_ref_UF_T {uf} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_25 <- _ret ] s1) | s1 = bb6 ] + | bb5 = s0 [ s0 = into_inner_ref_UF_T {uf} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_31 <- _ret ] s1) | s1 = bb6 ] | bb6 = s0 - [ s0 = [ &_22 <- { f0'3 = _23; f1'3 = _25 } ] s1 - | s1 = [ &perm'0 <- _22.f0'3 ] s2 - | s2 = [ &uf'0 <- _22.f1'3 ] s3 - | s3 = [ &_31 <- elt ] s4 - | s4 = get_ghost_Elem {uf'0.current.f0'2.perms} {_31} - (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_28 <- _ret ] s5) + [ s0 = [ &_28 <- { f0'3 = _29; f1'3 = _31 } ] s1 + | s1 = [ &perm'0 <- _28.f0'3 ] s2 + | s2 = [ &uf'0 <- _28.f1'3 ] s3 + | s3 = [ &_37 <- elt ] s4 + | s4 = get_ghost_Elem {uf'0.current.f0'2.perms} {_37} + (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_34 <- _ret ] s5) | s5 = bb7 ] - | bb7 = any [ br0 -> {_28 = None'0} (! bb13) | br1 (x0: t_PtrOwn_Node_T) -> {_28 = Some'0 x0} (! bb10) ] + | bb7 = any [ br0 -> {_34 = None'0} (! bb13) | br1 (x0: t_PtrOwn_Node_T) -> {_34 = Some'0 x0} (! bb10) ] | bb10 = s0 - [ s0 = elim_Some {_28} (fun (r0: t_PtrOwn_Node_T) -> [ &other_perm <- r0 ] s1) + [ s0 = elim_Some {_34} (fun (r0: t_PtrOwn_Node_T) -> [ &other_perm <- r0 ] s1) | s1 = {inv_PtrOwn_Node_T perm'0} MutBorrow.borrow_mut {perm'0} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_35 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_41 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- [ &perm'0 <- _ret.final ] s2) - | s2 = {inv_PtrOwn_Node_T _35.current} - MutBorrow.borrow_final {_35.current} {MutBorrow.get_id _35} + | s2 = {inv_PtrOwn_Node_T _41.current} + MutBorrow.borrow_final {_41.current} {MutBorrow.get_id _41} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_34 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_35 <- { _35 with current = _ret.final } ] s3) - | s3 = disjoint_lemma_Node_T {_34} {other_perm} (fun (_ret: ()) -> [ &_27 <- _ret ] s4) + [ &_40 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_41 <- { _41 with current = _ret.final } ] s3) + | s3 = disjoint_lemma_Node_T {_40} {other_perm} (fun (_ret: ()) -> [ &_33 <- _ret ] s4) | s4 = bb12 ] | bb12 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _35} s1 - | s1 = -{resolve_ref_PtrOwn_Node_T _35}- s2 + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T'0 _41} s1 + | s1 = -{resolve_ref_PtrOwn_Node_T _41}- s2 | s2 = bb13 ] | bb13 = s0 [ s0 = {inv_FMap_Elem_PtrOwn_Node_T uf'0.current.f0'2.perms} MutBorrow.borrow_final {uf'0.current.f0'2.perms} {MutBorrow.inherit_id (MutBorrow.inherit_id (MutBorrow.get_id uf'0) 1) 2} (fun (_ret: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) -> - [ &_38 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_44 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with perms = _ret.final } } } ] s1) - | s1 = insert_ghost_Elem {_38} {elt} {perm'0} (fun (_ret: t_Option_PtrOwn_Node_T) -> [ &_37 <- _ret ] s2) - | s2 = {[@expl:type invariant] inv_Option_PtrOwn_Node_T _37} s3 - | s3 = -{resolve_Option_PtrOwn_Node_T _37}- s4 + | s1 = insert_ghost_Elem {_44} {elt} {perm'0} (fun (_ret: t_Option_PtrOwn_Node_T) -> [ &_43 <- _ret ] s2) + | s2 = {[@expl:type invariant] inv_Option_PtrOwn_Node_T _43} s3 + | s3 = -{resolve_Option_PtrOwn_Node_T _43}- s4 | s4 = bb14 ] - | bb14 = s0 [ s0 = [ &_41 <- insert_Elem'0 uf'0.current.f0'2.domain elt ] s1 | s1 = bb15 ] + | bb14 = s0 [ s0 = [ &_47 <- insert_Elem'0 uf'0.current.f0'2.domain elt ] s1 | s1 = bb15 ] | bb15 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with domain = _41 } } } ] s1 - | s1 = [ &_43 <- Map.set uf'0.current.f0'2.payloads elt payload_snap ] s2 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with domain = _47 } } } ] s1 + | s1 = [ &_51 <- Map.set uf'0.current.f0'2.payloads elt payload_snap ] s2 | s2 = bb16 ] | bb16 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with payloads = _43 } } } ] s1 - | s1 = [ &_45 <- Map.set uf'0.current.f0'2.roots elt elt ] s2 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with payloads = _51 } } } ] s1 + | s1 = [ &_56 <- Map.set uf'0.current.f0'2.roots elt elt ] s2 | s2 = bb17 ] | bb17 = s0 - [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with roots = _45 } } } ] s1 + [ s0 = [ &uf'0 <- { uf'0 with current = { f0'2 = { uf'0.current.f0'2 with roots = _56 } } } ] s1 | s1 = {[@expl:type invariant] inv_ref_UF_T uf'0} s2 | s2 = -{resolve_ref_UF_T uf'0}- s3 - | s3 = new_unit {_19} (fun (_ret: ()) -> [ &_18 <- _ret ] s4) + | s3 = new_unit {_25} (fun (_ret: ()) -> [ &_24 <- _ret ] s4) | s4 = bb18 ] | bb18 = s0 [ s0 = [ &_0 <- elt ] s1 | s1 = bb19 ] | bb19 = return {_0} ] @@ -1004,29 +1004,29 @@ module M_implementation__make | & payload_snap: t_T = Any.any_l () | & ptr: Opaque.ptr = Any.any_l () | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _11: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T = Any.any_l () - | & _12: t_Node_T = Any.any_l () - | & _13: t_PeanoInt = Any.any_l () + | & _17: tup2_ptr_Node_T_Ghost_PtrOwn_Node_T = Any.any_l () + | & _18: t_Node_T = Any.any_l () + | & _19: t_PeanoInt = Any.any_l () | & elt: t_Elem = Any.any_l () - | & _16: Opaque.ptr = Any.any_l () - | & _18: () = Any.any_l () - | & _19: () = Any.any_l () + | & _22: Opaque.ptr = Any.any_l () + | & _24: () = Any.any_l () + | & _25: () = Any.any_l () | & perm'0: t_PtrOwn_Node_T = Any.any_l () | & uf'0: MutBorrow.t t_UF_T = Any.any_l () - | & _22: tup2_PtrOwn_Node_T_ref_UF_T = Any.any_l () - | & _23: t_PtrOwn_Node_T = Any.any_l () - | & _25: MutBorrow.t t_UF_T = Any.any_l () - | & _27: () = Any.any_l () - | & _28: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _31: t_Elem = Any.any_l () + | & _28: tup2_PtrOwn_Node_T_ref_UF_T = Any.any_l () + | & _29: t_PtrOwn_Node_T = Any.any_l () + | & _31: MutBorrow.t t_UF_T = Any.any_l () + | & _33: () = Any.any_l () + | & _34: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _37: t_Elem = Any.any_l () | & other_perm: t_PtrOwn_Node_T = Any.any_l () - | & _34: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _35: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _37: t_Option_PtrOwn_Node_T = Any.any_l () - | & _38: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _41: Fset.fset t_Elem = Any.any_l () - | & _43: Map.map t_Elem t_T = Any.any_l () - | & _45: Map.map t_Elem t_Elem = Any.any_l () ]) + | & _40: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _41: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _43: t_Option_PtrOwn_Node_T = Any.any_l () + | & _44: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _47: Fset.fset t_Elem = Any.any_l () + | & _51: Map.map t_Elem t_T = Any.any_l () + | & _56: Map.map t_Elem t_Elem = Any.any_l () ]) [ return (result: t_Elem) -> {[@expl:make ensures #0] not in_domain_T uf.current result} {[@expl:make ensures #1] domain_T (fin_Ghost_ref_UF_T uf) = insert_Elem'0 (domain_T uf.current) result} {[@expl:make ensures #2] roots_map_T (fin_Ghost_ref_UF_T uf) = Map.set (roots_map_T uf.current) result result} @@ -1576,113 +1576,115 @@ module M_implementation__find {[@expl:find 'uf' type invariant] inv_Ghost_ref_UF_T uf} {[@expl:find requires] in_domain_T uf.current elem} (! bb0 - [ bb0 = s0 [ s0 = deref_Ghost_ref_UF_T {uf} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_9 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = deref_Ghost_ref_UF_T {uf} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_14 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_12 <- elem ] s1 - | s1 = get_ghost_Elem {_9.current.f0'0.perms} {_12} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_7 <- _ret ] s2) + [ s0 = [ &_17 <- elem ] s1 + | s1 = get_ghost_Elem {_14.current.f0'0.perms} {_17} + (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_12 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_7} (fun (_ret: t_PtrOwn_Node_T) -> [ &__temp <- _ret ] s1) | s1 = bb3 ] + | bb2 = s0 + [ s0 = unwrap_ref_PtrOwn_Node_T {_12} (fun (_ret: t_PtrOwn_Node_T) -> [ &__temp <- _ret ] s1) | s1 = bb3 ] | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {__temp} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_16 <- elem.f0 ] s1 - | s1 = as_ref_Node_T {_16} {perm} (fun (_ret: t_Node_T) -> [ &_15 <- _ret ] s2) + [ s0 = [ &_21 <- elem.f0 ] s1 + | s1 = as_ref_Node_T {_21} {perm} (fun (_ret: t_Node_T) -> [ &_20 <- _ret ] s2) | s2 = bb5 ] | bb5 = any - [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_15 = Root x0 x1} (! bb7) | br1 (x0: t_Elem) -> {_15 = Link x0} (! bb8) ] + [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_20 = Root x0 x1} (! bb7) | br1 (x0: t_Elem) -> {_20 = Link x0} (! bb8) ] | bb8 = s0 - [ s0 = elim_Link {_15} (fun (r0: t_Elem) -> [ &e <- r0 ] s1) + [ s0 = elim_Link {_20} (fun (r0: t_Elem) -> [ &e <- r0 ] s1) | s1 = {inv_Ghost_ref_UF_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> - [ &_27 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- + [ &_32 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- [ &uf <- _ret.final ] s2) - | s2 = deref_mut_Ghost_ref_UF_T {_27} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_26 <- _ret ] s3) + | s2 = deref_mut_Ghost_ref_UF_T {_32} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_31 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = {inv_UF_T _26.current.current} - MutBorrow.borrow_mut {_26.current.current} + [ s0 = {inv_UF_T _31.current.current} + MutBorrow.borrow_mut {_31.current.current} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_25 <- _ret ] -{inv_UF_T _ret.final}- - [ &_26 <- { _26 with current = { _26.current with current = _ret.final } } ] s1) - | s1 = {inv_UF_T _25.current} - MutBorrow.borrow_final {_25.current} {MutBorrow.get_id _25} + [ &_30 <- _ret ] -{inv_UF_T _ret.final}- + [ &_31 <- { _31 with current = { _31.current with current = _ret.final } } ] s1) + | s1 = {inv_UF_T _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_24 <- _ret ] -{inv_UF_T _ret.final}- - [ &_25 <- { _25 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UF_T'0 _26} s3 - | s3 = -{resolve_ref_ref_UF_T _26}- s4 - | s4 = {[@expl:type invariant] inv_ref_UF_T _25} s5 - | s5 = -{resolve_ref_UF_T _25}- s6 - | s6 = {inv_UF_T _24.current} - MutBorrow.borrow_final {_24.current} {MutBorrow.get_id _24} + [ &_29 <- _ret ] -{inv_UF_T _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UF_T'0 _31} s3 + | s3 = -{resolve_ref_ref_UF_T _31}- s4 + | s4 = {[@expl:type invariant] inv_ref_UF_T _30} s5 + | s5 = -{resolve_ref_UF_T _30}- s6 + | s6 = {inv_UF_T _29.current} + MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_23 <- _ret ] -{inv_UF_T _ret.final}- - [ &_24 <- { _24 with current = _ret.final } ] s7) - | s7 = new_ref_UF_T {_23} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_22 <- _ret ] s8) + [ &_28 <- _ret ] -{inv_UF_T _ret.final}- + [ &_29 <- { _29 with current = _ret.final } ] s7) + | s7 = new_ref_UF_T {_28} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_27 <- _ret ] s8) | s8 = bb11 ] | bb11 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UF_T _24} s1 - | s1 = -{resolve_ref_UF_T _24}- s2 - | s2 = find_T {_22} {e} (fun (_ret: t_Elem) -> [ &root <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UF_T _29} s1 + | s1 = -{resolve_ref_UF_T _29}- s2 + | s2 = find_T {_27} {e} (fun (_ret: t_Elem) -> [ &root <- _ret ] s3) | s3 = bb12 ] | bb12 = s0 [ s0 = {inv_Ghost_ref_UF_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> - [ &_31 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- + [ &_36 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UF_T {_31} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_30 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UF_T {_36} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_35 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 - [ s0 = {inv_UFInner_T _30.current.current.f0'0} - MutBorrow.borrow_mut {_30.current.current.f0'0} + [ s0 = {inv_UFInner_T _35.current.current.f0'0} + MutBorrow.borrow_mut {_35.current.current.f0'0} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &__temp'0 <- _ret ] -{inv_UFInner_T _ret.final}- - [ &_30 <- { _30 with current = { _30.current with current = { f0'0 = _ret.final } } } ] s1) + [ &_35 <- { _35 with current = { _35.current with current = { f0'0 = _ret.final } } } ] s1) | s1 = new_ref_UFInner_T {__temp'0} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &uf'0 <- _ret ] s2) | s2 = bb14 ] | bb14 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_38 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_43 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_38} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_37 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_43} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_42 <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 - [ s0 = [ &_40 <- elem ] s1 - | s1 = {inv_FMap_Elem_PtrOwn_Node_T _37.current.current.perms} - MutBorrow.borrow_mut {_37.current.current.perms} + [ s0 = [ &_45 <- elem ] s1 + | s1 = {inv_FMap_Elem_PtrOwn_Node_T _42.current.current.perms} + MutBorrow.borrow_mut {_42.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) -> - [ &_36 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- - [ &_37 <- { _37 with current = { _37.current with current = { _37.current.current with perms = _ret.final } } } ] + [ &_41 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_42 <- { _42 with current = { _42.current with current = { _42.current.current with perms = _ret.final } } } ] s2) - | s2 = get_mut_ghost_Elem {_36} {_40} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_35 <- _ret ] s3) + | s2 = get_mut_ghost_Elem {_41} {_45} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_40 <- _ret ] s3) | s3 = bb16 ] | bb16 = s0 - [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_35} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &__temp'1 <- _ret ] s1) + [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_40} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &__temp'1 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _37} s1 - | s1 = -{resolve_ref_ref_UFInner_T _37}- s2 + [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _42} s1 + | s1 = -{resolve_ref_ref_UFInner_T _42}- s2 | s2 = new_ref_PtrOwn_Node_T'0 {__temp'1} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &mut_perm <- _ret ] s3) | s3 = bb18 ] | bb18 = s0 - [ s0 = [ &_44 <- Link root ] s1 - | s1 = [ &_47 <- elem.f0 ] s2 - | s2 = as_mut_Node_T {_47} {mut_perm} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_46 <- _ret ] s3) + [ s0 = [ &_49 <- Link root ] s1 + | s1 = [ &_52 <- elem.f0 ] s2 + | s2 = as_mut_Node_T {_52} {mut_perm} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_51 <- _ret ] s3) | s3 = bb20 ] | bb20 = s0 - [ s0 = {[@expl:type invariant] inv_Node_T _46.current} s1 - | s1 = -{resolve_Node_T _46.current}- s2 - | s2 = [ &_46 <- { _46 with current = _44 } ] s3 - | s3 = {[@expl:type invariant] inv_ref_Node_T'0 _46} s4 - | s4 = -{resolve_ref_Node_T _46}- s5 + [ s0 = {[@expl:type invariant] inv_Node_T _51.current} s1 + | s1 = -{resolve_Node_T _51.current}- s2 + | s2 = [ &_51 <- { _51 with current = _49 } ] s3 + | s3 = {[@expl:type invariant] inv_ref_Node_T'0 _51} s4 + | s4 = -{resolve_ref_Node_T _51}- s5 | s5 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s6 | s6 = -{resolve_Ghost_ref_UFInner_T uf'0}- s7 - | s7 = {[@expl:type invariant] inv_ref_ref_UF_T'0 _30} s8 - | s8 = -{resolve_ref_ref_UF_T _30}- s9 + | s7 = {[@expl:type invariant] inv_ref_ref_UF_T'0 _35} s8 + | s8 = -{resolve_ref_ref_UF_T _35}- s9 | s9 = {[@expl:type invariant] inv_Ghost_ref_UF_T uf} s10 | s10 = -{resolve_Ghost_ref_UF_T uf}- s11 | s11 = bb22 ] @@ -1695,34 +1697,34 @@ module M_implementation__find | & uf: MutBorrow.t t_UF_T = uf | & elem: t_Elem = elem | & __temp: t_PtrOwn_Node_T = Any.any_l () - | & _7: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _9: MutBorrow.t t_UF_T = Any.any_l () - | & _12: t_Elem = Any.any_l () + | & _12: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _14: MutBorrow.t t_UF_T = Any.any_l () + | & _17: t_Elem = Any.any_l () | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _15: t_Node_T = Any.any_l () - | & _16: Opaque.ptr = Any.any_l () + | & _20: t_Node_T = Any.any_l () + | & _21: Opaque.ptr = Any.any_l () | & e: t_Elem = Any.any_l () | & root: t_Elem = Any.any_l () - | & _22: MutBorrow.t t_UF_T = Any.any_l () - | & _23: MutBorrow.t t_UF_T = Any.any_l () - | & _24: MutBorrow.t t_UF_T = Any.any_l () - | & _25: MutBorrow.t t_UF_T = Any.any_l () - | & _26: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & _27: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & __temp'0: MutBorrow.t t_UFInner_T = Any.any_l () - | & _30: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _27: MutBorrow.t t_UF_T = Any.any_l () + | & _28: MutBorrow.t t_UF_T = Any.any_l () + | & _29: MutBorrow.t t_UF_T = Any.any_l () + | & _30: MutBorrow.t t_UF_T = Any.any_l () | & _31: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _32: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & __temp'0: MutBorrow.t t_UFInner_T = Any.any_l () + | & _35: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _36: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () | & uf'0: MutBorrow.t t_UFInner_T = Any.any_l () | & __temp'1: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _35: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () - | & _36: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _37: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _38: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _40: t_Elem = Any.any_l () + | & _40: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () + | & _41: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _42: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _43: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _45: t_Elem = Any.any_l () | & mut_perm: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _44: t_Node_T = Any.any_l () - | & _46: MutBorrow.t t_Node_T = Any.any_l () - | & _47: Opaque.ptr = Any.any_l () ]) + | & _49: t_Node_T = Any.any_l () + | & _51: MutBorrow.t t_Node_T = Any.any_l () + | & _52: Opaque.ptr = Any.any_l () ]) [ return (result: t_Elem) -> {[@expl:find ensures #0] result = root_T uf.current elem} {[@expl:find ensures #1] unchanged_T uf} (! return {result}) ] @@ -2052,34 +2054,34 @@ module M_implementation__get {[@expl:get requires #0] in_domain_T uf elem} {[@expl:get requires #1] root_T uf elem = elem} (! bb0 - [ bb0 = s0 [ s0 = deref_Ghost_ref_UF_T {uf} (fun (_ret: t_UF_T) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = deref_Ghost_ref_UF_T {uf} (fun (_ret: t_UF_T) -> [ &_16 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_13 <- elem ] s1 - | s1 = get_ghost_Elem {_10.f0'0.perms} {_13} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_8 <- _ret ] s2) + [ s0 = [ &_19 <- elem ] s1 + | s1 = get_ghost_Elem {_16.f0'0.perms} {_19} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_14 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_8} (fun (_ret: t_PtrOwn_Node_T) -> [ &_7 <- _ret ] s1) | s1 = bb3 ] - | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_7} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] + | bb2 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_14} (fun (_ret: t_PtrOwn_Node_T) -> [ &_13 <- _ret ] s1) | s1 = bb3 ] + | bb3 = s0 [ s0 = new_ref_PtrOwn_Node_T {_13} (fun (_ret: t_PtrOwn_Node_T) -> [ &perm <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_15 <- elem.f0 ] s1 - | s1 = as_ref_Node_T {_15} {perm} (fun (_ret: t_Node_T) -> [ &_14 <- _ret ] s2) + [ s0 = [ &_21 <- elem.f0 ] s1 + | s1 = as_ref_Node_T {_21} {perm} (fun (_ret: t_Node_T) -> [ &_20 <- _ret ] s2) | s2 = bb5 ] | bb5 = any - [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_14 = Root x0 x1} (! bb8) | br1 (x0: t_Elem) -> {_14 = Link x0} (! bb6) ] + [ br0 (x0: t_PeanoInt) (x1: t_T) -> {_20 = Root x0 x1} (! bb8) | br1 (x0: t_Elem) -> {_20 = Link x0} (! bb6) ] | bb6 = {false} any | bb8 = s0 - [ s0 = elim_Root {_14} (fun (rrank: t_PeanoInt) (rpayload: t_T) -> [ &payload <- rpayload ] s1) + [ s0 = elim_Root {_20} (fun (rrank: t_PeanoInt) (rpayload: t_T) -> [ &payload <- rpayload ] s1) | s1 = [ &_0 <- payload ] s2 | s2 = return {_0} ] ] [ & _0: t_T = Any.any_l () | & uf: t_UF_T = uf | & elem: t_Elem = elem | & perm: t_PtrOwn_Node_T = Any.any_l () - | & _7: t_PtrOwn_Node_T = Any.any_l () - | & _8: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _10: t_UF_T = Any.any_l () - | & _13: t_Elem = Any.any_l () - | & _14: t_Node_T = Any.any_l () - | & _15: Opaque.ptr = Any.any_l () + | & _13: t_PtrOwn_Node_T = Any.any_l () + | & _14: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _16: t_UF_T = Any.any_l () + | & _19: t_Elem = Any.any_l () + | & _20: t_Node_T = Any.any_l () + | & _21: Opaque.ptr = Any.any_l () | & payload: t_T = Any.any_l () ]) [ return (result: t_T) -> {[@expl:get result type invariant] inv_ref_T result} {[@expl:get ensures] result = payload_T uf elem} @@ -2835,178 +2837,178 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UF_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> - [ &_12 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- + [ &_26 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UF_T {_12} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_11 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UF_T {_26} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_25 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = {inv_UFInner_T _11.current.current.f0'0} - MutBorrow.borrow_mut {_11.current.current.f0'0} + [ s0 = {inv_UFInner_T _25.current.current.f0'0} + MutBorrow.borrow_mut {_25.current.current.f0'0} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &__temp <- _ret ] -{inv_UFInner_T _ret.final}- - [ &_11 <- { _11 with current = { _11.current with current = { f0'0 = _ret.final } } } ] s1) + [ &_25 <- { _25 with current = { _25.current with current = { f0'0 = _ret.final } } } ] s1) | s1 = new_ref_UFInner_T {__temp} (fun (_ret: MutBorrow.t t_UFInner_T) -> [ &uf'0 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = eq_Elem {x} {y} (fun (_ret: bool) -> [ &_16 <- _ret ] s1) | s1 = bb3 ] - | bb3 = any [ br0 -> {_16 = false} (! bb16) | br1 -> {_16} (! bb4) ] - | bb4 = s0 [ s0 = [ &_24 <- x <> y ] s1 | s1 = bb5 ] - | bb5 = s0 [ s0 = into_ghost_bool {_24} (fun (_ret: bool) -> [ &_23 <- _ret ] s1) | s1 = bb6 ] - | bb6 = s0 [ s0 = into_inner_bool {_23} (fun (_ret: bool) -> [ &_22 <- _ret ] s1) | s1 = bb7 ] - | bb7 = any [ br0 -> {_22 = false} (! bb14) | br1 -> {_22} (! bb8) ] + | bb2 = s0 [ s0 = eq_Elem {x} {y} (fun (_ret: bool) -> [ &_30 <- _ret ] s1) | s1 = bb3 ] + | bb3 = any [ br0 -> {_30 = false} (! bb16) | br1 -> {_30} (! bb4) ] + | bb4 = s0 [ s0 = [ &_38 <- x <> y ] s1 | s1 = bb5 ] + | bb5 = s0 [ s0 = into_ghost_bool {_38} (fun (_ret: bool) -> [ &_37 <- _ret ] s1) | s1 = bb6 ] + | bb6 = s0 [ s0 = into_inner_bool {_37} (fun (_ret: bool) -> [ &_36 <- _ret ] s1) | s1 = bb7 ] + | bb7 = any [ br0 -> {_36 = false} (! bb14) | br1 -> {_36} (! bb8) ] | bb8 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_31 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_47 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_31} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_30 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_47} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_46 <- _ret ] s2) | s2 = bb9 ] | bb9 = s0 - [ s0 = [ &_33 <- x ] s1 - | s1 = {inv_FMap_Elem_PtrOwn_Node_T _30.current.current.perms} - MutBorrow.borrow_mut {_30.current.current.perms} + [ s0 = [ &_49 <- x ] s1 + | s1 = {inv_FMap_Elem_PtrOwn_Node_T _46.current.current.perms} + MutBorrow.borrow_mut {_46.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) -> - [ &_29 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- - [ &_30 <- { _30 with current = { _30.current with current = { _30.current.current with perms = _ret.final } } } ] + [ &_45 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_46 <- { _46 with current = { _46.current with current = { _46.current.current with perms = _ret.final } } } ] s2) - | s2 = split_mut_ghost_Elem {_29} {_33} - (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_28 <- _ret ] s3) + | s2 = split_mut_ghost_Elem {_45} {_49} + (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_44 <- _ret ] s3) | s3 = bb10 ] | bb10 = s0 - [ s0 = [ &perm_x <- _28.f0'2 ] s1 - | s1 = [ &m <- _28.f1'2 ] s2 - | s2 = {[@expl:type invariant] inv_ref_ref_UFInner_T _30} s3 - | s3 = -{resolve_ref_ref_UFInner_T _30}- s4 + [ s0 = [ &perm_x <- _44.f0'2 ] s1 + | s1 = [ &m <- _44.f1'2 ] s2 + | s2 = {[@expl:type invariant] inv_ref_ref_UFInner_T _46} s3 + | s3 = -{resolve_ref_ref_UFInner_T _46}- s4 | s4 = {[@expl:type invariant] inv_ref_FMap_Elem_PtrOwn_Node_T m} s5 | s5 = -{resolve_ref_FMap_Elem_PtrOwn_Node_T m}- s6 - | s6 = [ &_41 <- y ] s7 - | s7 = get_ghost_Elem {m.current} {_41} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_38 <- _ret ] s8) + | s6 = [ &_57 <- y ] s7 + | s7 = get_ghost_Elem {m.current} {_57} (fun (_ret: t_Option_ref_PtrOwn_Node_T) -> [ &_54 <- _ret ] s8) | s8 = bb11 ] - | bb11 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_38} (fun (_ret: t_PtrOwn_Node_T) -> [ &_37 <- _ret ] s1) | s1 = bb12 ] + | bb11 = s0 [ s0 = unwrap_ref_PtrOwn_Node_T {_54} (fun (_ret: t_PtrOwn_Node_T) -> [ &_53 <- _ret ] s1) | s1 = bb12 ] | bb12 = s0 [ s0 = {inv_PtrOwn_Node_T perm_x.current} MutBorrow.borrow_final {perm_x.current} {MutBorrow.get_id perm_x} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_35 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_51 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- [ &perm_x <- { perm_x with current = _ret.final } ] s1) - | s1 = disjoint_lemma_Node_T {_35} {_37} (fun (_ret: ()) -> [ &_34 <- _ret ] s2) + | s1 = disjoint_lemma_Node_T {_51} {_53} (fun (_ret: ()) -> [ &_50 <- _ret ] s2) | s2 = bb13 ] | bb13 = s0 [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T perm_x} s1 | s1 = -{resolve_ref_PtrOwn_Node_T perm_x}- s2 | s2 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s3 | s3 = -{resolve_Ghost_ref_UFInner_T uf'0}- s4 - | s4 = {[@expl:type invariant] inv_ref_ref_UF_T _11} s5 - | s5 = -{resolve_ref_ref_UF_T _11}- s6 + | s4 = {[@expl:type invariant] inv_ref_ref_UF_T _25} s5 + | s5 = -{resolve_ref_ref_UF_T _25}- s6 | s6 = {[@expl:type invariant] inv_Ghost_ref_UF_T uf} s7 | s7 = -{resolve_Ghost_ref_UF_T uf}- s8 | s8 = {false} any ] | bb14 = s0 [ s0 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s1 | s1 = -{resolve_Ghost_ref_UFInner_T uf'0}- s2 - | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _11} s3 - | s3 = -{resolve_ref_ref_UF_T _11}- s4 + | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _25} s3 + | s3 = -{resolve_ref_ref_UF_T _25}- s4 | s4 = {[@expl:type invariant] inv_Ghost_ref_UF_T uf} s5 | s5 = -{resolve_Ghost_ref_UF_T uf}- s6 - | s6 = new_unit {_21} (fun (_ret: ()) -> [ &_20 <- _ret ] s7) + | s6 = new_unit {_35} (fun (_ret: ()) -> [ &_34 <- _ret ] s7) | s7 = bb15 ] | bb15 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = bb54 ] | bb16 = s0 [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_50 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_66 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_50} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_49 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_66} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_65 <- _ret ] s2) | s2 = bb17 ] | bb17 = s0 - [ s0 = [ &_52 <- x ] s1 - | s1 = {inv_FMap_Elem_PtrOwn_Node_T _49.current.current.perms} - MutBorrow.borrow_mut {_49.current.current.perms} + [ s0 = [ &_68 <- x ] s1 + | s1 = {inv_FMap_Elem_PtrOwn_Node_T _65.current.current.perms} + MutBorrow.borrow_mut {_65.current.current.perms} (fun (_ret: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) -> - [ &_48 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- - [ &_49 <- { _49 with current = { _49.current with current = { _49.current.current with perms = _ret.final } } } ] + [ &_64 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_65 <- { _65 with current = { _65.current with current = { _65.current.current with perms = _ret.final } } } ] s2) - | s2 = split_mut_ghost_Elem {_48} {_52} - (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_47 <- _ret ] s3) + | s2 = split_mut_ghost_Elem {_64} {_68} + (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_63 <- _ret ] s3) | s3 = bb18 ] | bb18 = s0 - [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _49} s1 - | s1 = -{resolve_ref_ref_UFInner_T _49}- s2 - | s2 = new_tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T {_47} - (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_46 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_ref_UFInner_T _65} s1 + | s1 = -{resolve_ref_ref_UFInner_T _65}- s2 + | s2 = new_tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T {_63} + (fun (_ret: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_62 <- _ret ] s3) | s3 = bb19 ] | bb19 = s0 - [ s0 = split_ref_PtrOwn_Node_T {_46} - (fun (_ret: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_45 <- _ret ] s1) + [ s0 = split_ref_PtrOwn_Node_T {_62} + (fun (_ret: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Elem_PtrOwn_Node_T) -> [ &_61 <- _ret ] s1) | s1 = bb20 ] | bb20 = s0 - [ s0 = [ &perm_x'0 <- _45.f0'3 ] s1 - | s1 = [ &m'0 <- _45.f1'3 ] s2 - | s2 = [ &_55 <- x.f0 ] s3 - | s3 = as_mut_Node_T {_55} {perm_x'0} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_54 <- _ret ] s4) + [ s0 = [ &perm_x'0 <- _61.f0'3 ] s1 + | s1 = [ &m'0 <- _61.f1'3 ] s2 + | s2 = [ &_71 <- x.f0 ] s3 + | s3 = as_mut_Node_T {_71} {perm_x'0} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_70 <- _ret ] s4) | s4 = bb21 ] | bb21 = s0 - [ s0 = {inv_Node_T _54.current} - MutBorrow.borrow_final {_54.current} {MutBorrow.get_id _54} + [ s0 = {inv_Node_T _70.current} + MutBorrow.borrow_final {_70.current} {MutBorrow.get_id _70} (fun (_ret: MutBorrow.t t_Node_T) -> [ &bx <- _ret ] -{inv_Node_T _ret.final}- - [ &_54 <- { _54 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _54} s2 - | s2 = -{resolve_ref_Node_T _54}- s3 - | s3 = [ &_60 <- y.f0 ] s4 + [ &_70 <- { _70 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _70} s2 + | s2 = -{resolve_ref_Node_T _70}- s3 + | s3 = [ &_76 <- y.f0 ] s4 | s4 = {inv_Ghost_ref_FMap_Elem_PtrOwn_Node_T m'0} MutBorrow.borrow_mut {m'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T)) -> - [ &_69 <- _ret ] -{inv_Ghost_ref_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_85 <- _ret ] -{inv_Ghost_ref_FMap_Elem_PtrOwn_Node_T _ret.final}- [ &m'0 <- _ret.final ] s5) - | s5 = deref_mut_Ghost_ref_FMap_Elem_PtrOwn_Node_T {_69} - (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T)) -> [ &_68 <- _ret ] s6) + | s5 = deref_mut_Ghost_ref_FMap_Elem_PtrOwn_Node_T {_85} + (fun (_ret: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T)) -> [ &_84 <- _ret ] s6) | s6 = bb22 ] | bb22 = s0 - [ s0 = [ &_71 <- y ] s1 - | s1 = {inv_FMap_Elem_PtrOwn_Node_T _68.current.current} - MutBorrow.borrow_mut {_68.current.current} + [ s0 = [ &_87 <- y ] s1 + | s1 = {inv_FMap_Elem_PtrOwn_Node_T _84.current.current} + MutBorrow.borrow_mut {_84.current.current} (fun (_ret: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) -> - [ &_67 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- - [ &_68 <- { _68 with current = { _68.current with current = _ret.final } } ] s2) - | s2 = get_mut_ghost_Elem {_67} {_71} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_66 <- _ret ] s3) + [ &_83 <- _ret ] -{inv_FMap_Elem_PtrOwn_Node_T _ret.final}- + [ &_84 <- { _84 with current = { _84.current with current = _ret.final } } ] s2) + | s2 = get_mut_ghost_Elem {_83} {_87} (fun (_ret: t_Option_ref_PtrOwn_Node_T'0) -> [ &_82 <- _ret ] s3) | s3 = bb23 ] | bb23 = s0 - [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_66} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_65 <- _ret ] s1) + [ s0 = unwrap_ref_PtrOwn_Node_T'0 {_82} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_81 <- _ret ] s1) | s1 = bb24 ] | bb24 = s0 - [ s0 = {inv_PtrOwn_Node_T _65.current} - MutBorrow.borrow_final {_65.current} {MutBorrow.get_id _65} + [ s0 = {inv_PtrOwn_Node_T _81.current} + MutBorrow.borrow_final {_81.current} {MutBorrow.get_id _81} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_64 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_65 <- { _65 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_ref_FMap_Elem_PtrOwn_Node_T _68} s2 - | s2 = -{resolve_ref_ref_FMap_Elem_PtrOwn_Node_T _68}- s3 - | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _65} s4 - | s4 = -{resolve_ref_PtrOwn_Node_T _65}- s5 - | s5 = {inv_PtrOwn_Node_T _64.current} - MutBorrow.borrow_final {_64.current} {MutBorrow.get_id _64} + [ &_80 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_81 <- { _81 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_ref_FMap_Elem_PtrOwn_Node_T _84} s2 + | s2 = -{resolve_ref_ref_FMap_Elem_PtrOwn_Node_T _84}- s3 + | s3 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _81} s4 + | s4 = -{resolve_ref_PtrOwn_Node_T _81}- s5 + | s5 = {inv_PtrOwn_Node_T _80.current} + MutBorrow.borrow_final {_80.current} {MutBorrow.get_id _80} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> - [ &_63 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- - [ &_64 <- { _64 with current = _ret.final } ] s6) - | s6 = new_ref_PtrOwn_Node_T {_63} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_62 <- _ret ] s7) + [ &_79 <- _ret ] -{inv_PtrOwn_Node_T _ret.final}- + [ &_80 <- { _80 with current = _ret.final } ] s6) + | s6 = new_ref_PtrOwn_Node_T {_79} (fun (_ret: MutBorrow.t t_PtrOwn_Node_T) -> [ &_78 <- _ret ] s7) | s7 = bb25 ] | bb25 = s0 - [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _64} s1 - | s1 = -{resolve_ref_PtrOwn_Node_T _64}- s2 - | s2 = as_mut_Node_T {_60} {_62} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_59 <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_PtrOwn_Node_T _80} s1 + | s1 = -{resolve_ref_PtrOwn_Node_T _80}- s2 + | s2 = as_mut_Node_T {_76} {_78} (fun (_ret: MutBorrow.t t_Node_T) -> [ &_75 <- _ret ] s3) | s3 = bb26 ] | bb26 = s0 - [ s0 = {inv_Node_T _59.current} - MutBorrow.borrow_final {_59.current} {MutBorrow.get_id _59} + [ s0 = {inv_Node_T _75.current} + MutBorrow.borrow_final {_75.current} {MutBorrow.get_id _75} (fun (_ret: MutBorrow.t t_Node_T) -> [ &by' <- _ret ] -{inv_Node_T _ret.final}- - [ &_59 <- { _59 with current = _ret.final } ] s1) - | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _59} s2 - | s2 = -{resolve_ref_Node_T _59}- s3 + [ &_75 <- { _75 with current = _ret.final } ] s1) + | s1 = {[@expl:type invariant] inv_ref_Node_T'0 _75} s2 + | s2 = -{resolve_ref_Node_T _75}- s3 | s3 = any [ br0 (x0: t_PeanoInt) (x1: t_T) -> {bx.current = Root x0 x1} (! bb29) | br1 (x0: t_Elem) -> {bx.current = Link x0} (! bb27) ] ] @@ -3037,11 +3039,11 @@ module M_implementation__link (fun (_ret: MutBorrow.t t_PeanoInt) -> [ &ry <- _ret ] [ &by' <- { by' with current = Root _ret.final rpayload } ] s1)) | s1 = MutBorrow.borrow_final {ry.current} {MutBorrow.get_id ry} - (fun (_ret: MutBorrow.t t_PeanoInt) -> [ &_81 <- _ret ] [ &ry <- { ry with current = _ret.final } ] s2) - | s2 = -{resolve_ref_PeanoInt _81}- s3 - | s3 = lt_ref_PeanoInt {rx} {_81} (fun (_ret: bool) -> [ &_78 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_PeanoInt) -> [ &_97 <- _ret ] [ &ry <- { ry with current = _ret.final } ] s2) + | s2 = -{resolve_ref_PeanoInt _97}- s3 + | s3 = lt_ref_PeanoInt {rx} {_97} (fun (_ret: bool) -> [ &_94 <- _ret ] s4) | s4 = bb33 ] - | bb33 = any [ br0 -> {_78 = false} (! bb41) | br1 -> {_78} (! bb34) ] + | bb33 = any [ br0 -> {_94 = false} (! bb41) | br1 -> {_94} (! bb34) ] | bb34 = s0 [ s0 = -{resolve_ref_PeanoInt ry}- s1 | s1 = -{resolve_ref_PeanoInt rx}- s2 @@ -3049,17 +3051,17 @@ module M_implementation__link | s3 = -{resolve_ref_Node_T by'}- s4 | s4 = {[@expl:type invariant] inv_Ghost_ref_FMap_Elem_PtrOwn_Node_T m'0} s5 | s5 = -{resolve_Ghost_ref_FMap_Elem_PtrOwn_Node_T m'0}- s6 - | s6 = [ &_82 <- Link y ] s7 + | s6 = [ &_98 <- Link y ] s7 | s7 = bb35 ] | bb35 = s0 [ s0 = {[@expl:type invariant] inv_Node_T bx.current} s1 | s1 = -{resolve_Node_T bx.current}- s2 - | s2 = [ &bx <- { bx with current = _82 } ] s3 + | s2 = [ &bx <- { bx with current = _98 } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s4 | s4 = -{resolve_ref_Node_T bx}- s5 | s5 = bb37 ] | bb37 = s0 - [ s0 = [ &_86 <- fun (z: t_Elem) -> if index_Mapping_Elem_Elem uf'0.current.roots z = x then + [ s0 = [ &_102 <- fun (z: t_Elem) -> if index_Mapping_Elem_Elem uf'0.current.roots z = x then y else index_Mapping_Elem_Elem uf'0.current.roots z @@ -3069,33 +3071,34 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_89 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_108 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_89} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_88 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_108} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_107 <- _ret ] s2) | s2 = bb39 ] | bb39 = s0 - [ s0 = [ &_88 <- { _88 with current = { _88.current with current = { _88.current.current with roots = _86 } } } ] + [ s0 = + [ &_107 <- { _107 with current = { _107.current with current = { _107.current.current with roots = _102 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _88} s2 - | s2 = -{resolve_ref_ref_UFInner_T _88}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _107} s2 + | s2 = -{resolve_ref_ref_UFInner_T _107}- s3 | s3 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s4 | s4 = -{resolve_Ghost_ref_UFInner_T uf'0}- s5 - | s5 = {[@expl:type invariant] inv_ref_ref_UF_T _11} s6 - | s6 = -{resolve_ref_ref_UF_T _11}- s7 + | s5 = {[@expl:type invariant] inv_ref_ref_UF_T _25} s6 + | s6 = -{resolve_ref_ref_UF_T _25}- s7 | s7 = {[@expl:type invariant] inv_Ghost_ref_UF_T uf} s8 | s8 = -{resolve_Ghost_ref_UF_T uf}- s9 - | s9 = new_unit {_85} (fun (_ret: ()) -> [ &_84 <- _ret ] s10) + | s9 = new_unit {_101} (fun (_ret: ()) -> [ &_100 <- _ret ] s10) | s10 = bb40 ] | bb40 = s0 [ s0 = [ &_0 <- y ] s1 | s1 = bb54 ] | bb41 = s0 [ s0 = -{resolve_ref_PeanoInt ry}- s1 - | s1 = eq_ref_PeanoInt {rx} {ry} (fun (_ret: bool) -> [ &_91 <- _ret ] s2) + | s1 = eq_ref_PeanoInt {rx} {ry} (fun (_ret: bool) -> [ &_110 <- _ret ] s2) | s2 = bb42 ] - | bb42 = any [ br0 -> {_91 = false} (! bb45) | br1 -> {_91} (! bb43) ] + | bb42 = any [ br0 -> {_110 = false} (! bb45) | br1 -> {_110} (! bb43) ] | bb43 = s0 [ s0 = -{resolve_ref_PeanoInt rx}- s1 - | s1 = incr {rx.current} (fun (_ret: t_PeanoInt) -> [ &_94 <- _ret ] s2) + | s1 = incr {rx.current} (fun (_ret: t_PeanoInt) -> [ &_113 <- _ret ] s2) | s2 = bb44 ] | bb44 = s0 [ s0 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s1 | s1 = -{resolve_ref_Node_T bx}- s2 | s2 = bb46 ] | bb45 = s0 @@ -3103,18 +3106,18 @@ module M_implementation__link | s1 = {[@expl:type invariant] inv_ref_Node_T'0 bx} s2 | s2 = -{resolve_ref_Node_T bx}- s3 | s3 = bb46 ] - | bb46 = s0 [ s0 = [ &_96 <- Link x ] s1 | s1 = bb47 ] + | bb46 = s0 [ s0 = [ &_115 <- Link x ] s1 | s1 = bb47 ] | bb47 = s0 [ s0 = {[@expl:type invariant] inv_Node_T by'.current} s1 | s1 = -{resolve_Node_T by'.current}- s2 - | s2 = [ &by' <- { by' with current = _96 } ] s3 + | s2 = [ &by' <- { by' with current = _115 } ] s3 | s3 = {[@expl:type invariant] inv_ref_Node_T'0 by'} s4 | s4 = -{resolve_ref_Node_T by'}- s5 | s5 = {[@expl:type invariant] inv_Ghost_ref_FMap_Elem_PtrOwn_Node_T m'0} s6 | s6 = -{resolve_Ghost_ref_FMap_Elem_PtrOwn_Node_T m'0}- s7 | s7 = bb49 ] | bb49 = s0 - [ s0 = [ &_100 <- fun (z: t_Elem) -> if index_Mapping_Elem_Elem uf'0.current.roots z = y then + [ s0 = [ &_119 <- fun (z: t_Elem) -> if index_Mapping_Elem_Elem uf'0.current.roots z = y then x else index_Mapping_Elem_Elem uf'0.current.roots z @@ -3124,24 +3127,24 @@ module M_implementation__link [ s0 = {inv_Ghost_ref_UFInner_T uf'0} MutBorrow.borrow_mut {uf'0} (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> - [ &_103 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- + [ &_125 <- _ret ] -{inv_Ghost_ref_UFInner_T _ret.final}- [ &uf'0 <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UFInner_T {_103} - (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_102 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UFInner_T {_125} + (fun (_ret: MutBorrow.t (MutBorrow.t t_UFInner_T)) -> [ &_124 <- _ret ] s2) | s2 = bb51 ] | bb51 = s0 [ s0 = - [ &_102 <- { _102 with current = { _102.current with current = { _102.current.current with roots = _100 } } } ] + [ &_124 <- { _124 with current = { _124.current with current = { _124.current.current with roots = _119 } } } ] s1 - | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _102} s2 - | s2 = -{resolve_ref_ref_UFInner_T _102}- s3 + | s1 = {[@expl:type invariant] inv_ref_ref_UFInner_T _124} s2 + | s2 = -{resolve_ref_ref_UFInner_T _124}- s3 | s3 = {[@expl:type invariant] inv_Ghost_ref_UFInner_T uf'0} s4 | s4 = -{resolve_Ghost_ref_UFInner_T uf'0}- s5 - | s5 = {[@expl:type invariant] inv_ref_ref_UF_T _11} s6 - | s6 = -{resolve_ref_ref_UF_T _11}- s7 + | s5 = {[@expl:type invariant] inv_ref_ref_UF_T _25} s6 + | s6 = -{resolve_ref_ref_UF_T _25}- s7 | s7 = {[@expl:type invariant] inv_Ghost_ref_UF_T uf} s8 | s8 = -{resolve_Ghost_ref_UF_T uf}- s9 - | s9 = new_unit {_99} (fun (_ret: ()) -> [ &_98 <- _ret ] s10) + | s9 = new_unit {_118} (fun (_ret: ()) -> [ &_117 <- _ret ] s10) | s10 = bb52 ] | bb52 = s0 [ s0 = [ &_0 <- x ] s1 | s1 = bb54 ] | bb54 = return {_0} ] @@ -3150,69 +3153,69 @@ module M_implementation__link | & x: t_Elem = x | & y: t_Elem = y | & __temp: MutBorrow.t t_UFInner_T = Any.any_l () - | & _11: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & _12: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _25: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _26: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () | & uf'0: MutBorrow.t t_UFInner_T = Any.any_l () - | & _16: bool = Any.any_l () - | & _20: () = Any.any_l () - | & _21: () = Any.any_l () - | & _22: bool = Any.any_l () - | & _23: bool = Any.any_l () - | & _24: bool = Any.any_l () + | & _30: bool = Any.any_l () + | & _34: () = Any.any_l () + | & _35: () = Any.any_l () + | & _36: bool = Any.any_l () + | & _37: bool = Any.any_l () + | & _38: bool = Any.any_l () | & perm_x: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () | & m: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _28: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _29: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _30: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _31: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _33: t_Elem = Any.any_l () - | & _34: () = Any.any_l () - | & _35: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _37: t_PtrOwn_Node_T = Any.any_l () - | & _38: t_Option_ref_PtrOwn_Node_T = Any.any_l () - | & _41: t_Elem = Any.any_l () + | & _44: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _45: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _46: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _47: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _49: t_Elem = Any.any_l () + | & _50: () = Any.any_l () + | & _51: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _53: t_PtrOwn_Node_T = Any.any_l () + | & _54: t_Option_ref_PtrOwn_Node_T = Any.any_l () + | & _57: t_Elem = Any.any_l () | & perm_x'0: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () | & m'0: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _45: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _46: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _47: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _48: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _49: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _50: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _52: t_Elem = Any.any_l () + | & _61: tup2_Ghost_ref_PtrOwn_Node_T_Ghost_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _62: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _63: tup2_ref_PtrOwn_Node_T_ref_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _64: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _65: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _66: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _68: t_Elem = Any.any_l () | & bx: MutBorrow.t t_Node_T = Any.any_l () - | & _54: MutBorrow.t t_Node_T = Any.any_l () - | & _55: Opaque.ptr = Any.any_l () + | & _70: MutBorrow.t t_Node_T = Any.any_l () + | & _71: Opaque.ptr = Any.any_l () | & by': MutBorrow.t t_Node_T = Any.any_l () - | & _59: MutBorrow.t t_Node_T = Any.any_l () - | & _60: Opaque.ptr = Any.any_l () - | & _62: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _63: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _64: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _65: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () - | & _66: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () - | & _67: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () - | & _68: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) = Any.any_l () - | & _69: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) = Any.any_l () - | & _71: t_Elem = Any.any_l () + | & _75: MutBorrow.t t_Node_T = Any.any_l () + | & _76: Opaque.ptr = Any.any_l () + | & _78: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _79: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _80: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _81: MutBorrow.t t_PtrOwn_Node_T = Any.any_l () + | & _82: t_Option_ref_PtrOwn_Node_T'0 = Any.any_l () + | & _83: MutBorrow.t t_FMap_Elem_PtrOwn_Node_T = Any.any_l () + | & _84: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) = Any.any_l () + | & _85: MutBorrow.t (MutBorrow.t t_FMap_Elem_PtrOwn_Node_T) = Any.any_l () + | & _87: t_Elem = Any.any_l () | & rx: MutBorrow.t t_PeanoInt = Any.any_l () | & ry: MutBorrow.t t_PeanoInt = Any.any_l () - | & _78: bool = Any.any_l () - | & _81: MutBorrow.t t_PeanoInt = Any.any_l () - | & _82: t_Node_T = Any.any_l () - | & _84: () = Any.any_l () - | & _85: () = Any.any_l () - | & _86: Map.map t_Elem t_Elem = Any.any_l () - | & _88: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _89: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _91: bool = Any.any_l () - | & _94: t_PeanoInt = Any.any_l () - | & _96: t_Node_T = Any.any_l () - | & _98: () = Any.any_l () - | & _99: () = Any.any_l () - | & _100: Map.map t_Elem t_Elem = Any.any_l () - | & _102: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () - | & _103: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () ]) + | & _94: bool = Any.any_l () + | & _97: MutBorrow.t t_PeanoInt = Any.any_l () + | & _98: t_Node_T = Any.any_l () + | & _100: () = Any.any_l () + | & _101: () = Any.any_l () + | & _102: Map.map t_Elem t_Elem = Any.any_l () + | & _107: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _108: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _110: bool = Any.any_l () + | & _113: t_PeanoInt = Any.any_l () + | & _115: t_Node_T = Any.any_l () + | & _117: () = Any.any_l () + | & _118: () = Any.any_l () + | & _119: Map.map t_Elem t_Elem = Any.any_l () + | & _124: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () + | & _125: MutBorrow.t (MutBorrow.t t_UFInner_T) = Any.any_l () ]) [ return (result: t_Elem) -> {[@expl:link ensures #0] domain_unchanged_T uf /\ payloads_unchanged_T uf} {[@expl:link ensures #1] result = root_T uf.current x \/ result = root_T uf.current y} {[@expl:link ensures #2] result = root_T (fin_Ghost_ref_UF_T uf) result} @@ -3528,71 +3531,71 @@ module M_implementation__union [ s0 = {inv_Ghost_ref_UF_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> - [ &_14 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- + [ &_24 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UF_T {_14} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_13 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UF_T {_24} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_23 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = {inv_UF_T _13.current.current} - MutBorrow.borrow_mut {_13.current.current} + [ s0 = {inv_UF_T _23.current.current} + MutBorrow.borrow_mut {_23.current.current} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_12 <- _ret ] -{inv_UF_T _ret.final}- - [ &_13 <- { _13 with current = { _13.current with current = _ret.final } } ] s1) - | s1 = {inv_UF_T _12.current} - MutBorrow.borrow_final {_12.current} {MutBorrow.get_id _12} + [ &_22 <- _ret ] -{inv_UF_T _ret.final}- + [ &_23 <- { _23 with current = { _23.current with current = _ret.final } } ] s1) + | s1 = {inv_UF_T _22.current} + MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_11 <- _ret ] -{inv_UF_T _ret.final}- - [ &_12 <- { _12 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _13} s3 - | s3 = -{resolve_ref_ref_UF_T _13}- s4 - | s4 = {[@expl:type invariant] inv_ref_UF_T _12} s5 - | s5 = -{resolve_ref_UF_T _12}- s6 - | s6 = {inv_UF_T _11.current} - MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + [ &_21 <- _ret ] -{inv_UF_T _ret.final}- + [ &_22 <- { _22 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _23} s3 + | s3 = -{resolve_ref_ref_UF_T _23}- s4 + | s4 = {[@expl:type invariant] inv_ref_UF_T _22} s5 + | s5 = -{resolve_ref_UF_T _22}- s6 + | s6 = {inv_UF_T _21.current} + MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_10 <- _ret ] -{inv_UF_T _ret.final}- - [ &_11 <- { _11 with current = _ret.final } ] s7) - | s7 = new_ref_UF_T {_10} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_9 <- _ret ] s8) + [ &_20 <- _ret ] -{inv_UF_T _ret.final}- + [ &_21 <- { _21 with current = _ret.final } ] s7) + | s7 = new_ref_UF_T {_20} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_19 <- _ret ] s8) | s8 = bb2 ] | bb2 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UF_T _11} s1 - | s1 = -{resolve_ref_UF_T _11}- s2 - | s2 = find_T {_9} {x} (fun (_ret: t_Elem) -> [ &rx <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UF_T _21} s1 + | s1 = -{resolve_ref_UF_T _21}- s2 + | s2 = find_T {_19} {x} (fun (_ret: t_Elem) -> [ &rx <- _ret ] s3) | s3 = bb3 ] | bb3 = s0 [ s0 = {inv_Ghost_ref_UF_T uf} MutBorrow.borrow_mut {uf} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> - [ &_22 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- + [ &_32 <- _ret ] -{inv_Ghost_ref_UF_T _ret.final}- [ &uf <- _ret.final ] s1) - | s1 = deref_mut_Ghost_ref_UF_T {_22} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_21 <- _ret ] s2) + | s1 = deref_mut_Ghost_ref_UF_T {_32} (fun (_ret: MutBorrow.t (MutBorrow.t t_UF_T)) -> [ &_31 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 - [ s0 = {inv_UF_T _21.current.current} - MutBorrow.borrow_mut {_21.current.current} + [ s0 = {inv_UF_T _31.current.current} + MutBorrow.borrow_mut {_31.current.current} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_20 <- _ret ] -{inv_UF_T _ret.final}- - [ &_21 <- { _21 with current = { _21.current with current = _ret.final } } ] s1) - | s1 = {inv_UF_T _20.current} - MutBorrow.borrow_final {_20.current} {MutBorrow.get_id _20} + [ &_30 <- _ret ] -{inv_UF_T _ret.final}- + [ &_31 <- { _31 with current = { _31.current with current = _ret.final } } ] s1) + | s1 = {inv_UF_T _30.current} + MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_19 <- _ret ] -{inv_UF_T _ret.final}- - [ &_20 <- { _20 with current = _ret.final } ] s2) - | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _21} s3 - | s3 = -{resolve_ref_ref_UF_T _21}- s4 - | s4 = {[@expl:type invariant] inv_ref_UF_T _20} s5 - | s5 = -{resolve_ref_UF_T _20}- s6 - | s6 = {inv_UF_T _19.current} - MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + [ &_29 <- _ret ] -{inv_UF_T _ret.final}- + [ &_30 <- { _30 with current = _ret.final } ] s2) + | s2 = {[@expl:type invariant] inv_ref_ref_UF_T _31} s3 + | s3 = -{resolve_ref_ref_UF_T _31}- s4 + | s4 = {[@expl:type invariant] inv_ref_UF_T _30} s5 + | s5 = -{resolve_ref_UF_T _30}- s6 + | s6 = {inv_UF_T _29.current} + MutBorrow.borrow_final {_29.current} {MutBorrow.get_id _29} (fun (_ret: MutBorrow.t t_UF_T) -> - [ &_18 <- _ret ] -{inv_UF_T _ret.final}- - [ &_19 <- { _19 with current = _ret.final } ] s7) - | s7 = new_ref_UF_T {_18} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_17 <- _ret ] s8) + [ &_28 <- _ret ] -{inv_UF_T _ret.final}- + [ &_29 <- { _29 with current = _ret.final } ] s7) + | s7 = new_ref_UF_T {_28} (fun (_ret: MutBorrow.t t_UF_T) -> [ &_27 <- _ret ] s8) | s8 = bb5 ] | bb5 = s0 - [ s0 = {[@expl:type invariant] inv_ref_UF_T _19} s1 - | s1 = -{resolve_ref_UF_T _19}- s2 - | s2 = find_T {_17} {y} (fun (_ret: t_Elem) -> [ &ry <- _ret ] s3) + [ s0 = {[@expl:type invariant] inv_ref_UF_T _29} s1 + | s1 = -{resolve_ref_UF_T _29}- s2 + | s2 = find_T {_27} {y} (fun (_ret: t_Elem) -> [ &ry <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 [ s0 = link_T {uf} {rx} {ry} (fun (_ret: t_Elem) -> [ &_0 <- _ret ] s1) | s1 = bb7 ] | bb7 = return {_0} ] @@ -3601,19 +3604,19 @@ module M_implementation__union | & x: t_Elem = x | & y: t_Elem = y | & rx: t_Elem = Any.any_l () - | & _9: MutBorrow.t t_UF_T = Any.any_l () - | & _10: MutBorrow.t t_UF_T = Any.any_l () - | & _11: MutBorrow.t t_UF_T = Any.any_l () - | & _12: MutBorrow.t t_UF_T = Any.any_l () - | & _13: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & _14: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & ry: t_Elem = Any.any_l () - | & _17: MutBorrow.t t_UF_T = Any.any_l () - | & _18: MutBorrow.t t_UF_T = Any.any_l () | & _19: MutBorrow.t t_UF_T = Any.any_l () | & _20: MutBorrow.t t_UF_T = Any.any_l () - | & _21: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () - | & _22: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () ]) + | & _21: MutBorrow.t t_UF_T = Any.any_l () + | & _22: MutBorrow.t t_UF_T = Any.any_l () + | & _23: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _24: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & ry: t_Elem = Any.any_l () + | & _27: MutBorrow.t t_UF_T = Any.any_l () + | & _28: MutBorrow.t t_UF_T = Any.any_l () + | & _29: MutBorrow.t t_UF_T = Any.any_l () + | & _30: MutBorrow.t t_UF_T = Any.any_l () + | & _31: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () + | & _32: MutBorrow.t (MutBorrow.t t_UF_T) = Any.any_l () ]) [ return (result: t_Elem) -> {[@expl:union ensures #0] domain_unchanged_T uf /\ payloads_unchanged_T uf} {[@expl:union ensures #1] result = root_T uf.current x \/ result = root_T uf.current y} {[@expl:union ensures #2] forall z: t_Elem. in_domain_T uf.current z diff --git a/tests/should_succeed/vector/01.coma b/tests/should_succeed/vector/01.coma index d9b9ebfb3b..e77549a559 100644 --- a/tests/should_succeed/vector/01.coma +++ b/tests/should_succeed/vector/01.coma @@ -118,10 +118,10 @@ module M_all_zero let rec all_zero (v: MutBorrow.t t_Vec_u32_Global) (return (x: ())) = (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len_u32 {v.current} (fun (_ret: UInt64.t) -> [ &_8 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_u32 {v.current} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_7 <- { start = (0: UInt64.t); end' = _8 } ] s1 - | s1 = into_iter_Range_usize {_7} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_10 <- { start = (0: UInt64.t); end' = _11 } ] s1 + | s1 = into_iter_Range_usize {_10} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb5 ] @@ -139,46 +139,46 @@ module M_all_zero [ s0 = bb7 ] [ bb7 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_23 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_23.current} {MutBorrow.get_id _23} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_36 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_22 <- _ret ] [ &_23 <- { _23 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_22} (fun (_ret: t_Option_usize) -> [ &_21 <- _ret ] s3) + [ &_35 <- _ret ] [ &_36 <- { _36 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_35} (fun (_ret: t_Option_usize) -> [ &_34 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve_ref_Range_usize _23}- s1 - | s1 = any [ br0 -> {_21 = None} (! bb11) | br1 (x0: UInt64.t) -> {_21 = Some x0} (! bb12) ] ] + [ s0 = -{resolve_ref_Range_usize _36}- s1 + | s1 = any [ br0 -> {_34 = None} (! bb11) | br1 (x0: UInt64.t) -> {_34 = Some x0} (! bb12) ] ] | bb12 = s0 - [ s0 = elim_Some {_21} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_26 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_34} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_39 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _26 ] s1 + [ s0 = [ &produced <- _39 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 | s2 = MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_u32_Global) -> - [ &_30 <- _ret ] [ &v <- { v with current = _ret.final } ] s3) - | s3 = index_mut_Vec_u32_Global {_30} {i} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_29 <- _ret ] s4) + [ &_45 <- _ret ] [ &v <- { v with current = _ret.final } ] s3) + | s3 = index_mut_Vec_u32_Global {_45} {i} (fun (_ret: MutBorrow.t UInt32.t) -> [ &_44 <- _ret ] s4) | s4 = bb14 ] | bb14 = s0 - [ s0 = [ &_29 <- { _29 with current = (0: UInt32.t) } ] s1 | s1 = -{resolve_ref_u32 _29}- s2 | s2 = bb6 ] ] ] + [ s0 = [ &_44 <- { _44 with current = (0: UInt32.t) } ] s1 | s1 = -{resolve_ref_u32 _44}- s2 | s2 = bb6 ] ] ] | bb11 = s0 [ s0 = -{resolve_ref_Vec_u32_Global v}- s1 | s1 = return {_0} ] ] [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_u32_Global = v | & old_v: MutBorrow.t t_Vec_u32_Global = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _7: t_Range_usize = Any.any_l () - | & _8: UInt64.t = Any.any_l () + | & _10: t_Range_usize = Any.any_l () + | & _11: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _21: t_Option_usize = Any.any_l () - | & _22: MutBorrow.t t_Range_usize = Any.any_l () - | & _23: MutBorrow.t t_Range_usize = Any.any_l () + | & _34: t_Option_usize = Any.any_l () + | & _35: MutBorrow.t t_Range_usize = Any.any_l () + | & _36: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _26: Seq.seq UInt64.t = Any.any_l () + | & _39: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _29: MutBorrow.t UInt32.t = Any.any_l () - | & _30: MutBorrow.t t_Vec_u32_Global = Any.any_l () + | & _44: MutBorrow.t UInt32.t = Any.any_l () + | & _45: MutBorrow.t t_Vec_u32_Global = Any.any_l () | & old_6_0: MutBorrow.t t_Vec_u32_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:all_zero ensures #0] forall i: int. 0 <= i /\ i < Seq.length (view_Vec_u32_Global v.final) -> index_Vec_u32_Global v.final i = (0: UInt32.t)} diff --git a/tests/should_succeed/vector/02_gnome.coma b/tests/should_succeed/vector/02_gnome.coma index ceaaed5a30..b6fb6ec9be 100644 --- a/tests/should_succeed/vector/02_gnome.coma +++ b/tests/should_succeed/vector/02_gnome.coma @@ -253,39 +253,39 @@ module M_gnome_sort {[@expl:loop invariant #2] inv_ref_Vec_T_Global v} (! s0) [ s0 = bb3 ] - [ bb3 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) | s1 = bb4 ] + [ bb3 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 - [ s0 = [ &_12 <- UInt64.lt i _14 ] s1 | s1 = any [ br0 -> {_12 = false} (! bb17) | br1 -> {_12} (! bb5) ] ] + [ s0 = [ &_20 <- UInt64.lt i _22 ] s1 | s1 = any [ br0 -> {_20 = false} (! bb17) | br1 -> {_20} (! bb5) ] ] | bb5 = s0 - [ s0 = [ &_16 <- i = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_16 = false} (! bb7) | br1 -> {_16} (! bb12) ] ] + [ s0 = [ &_24 <- i = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_24 = false} (! bb7) | br1 -> {_24} (! bb12) ] ] | bb7 = s0 - [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) - | s1 = index_Vec_T_Global'0 {v.current} {_22} (fun (_ret: t_T) -> [ &_20 <- _ret ] s2) + [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_30 <- _ret ] s1) + | s1 = index_Vec_T_Global'0 {v.current} {_30} (fun (_ret: t_T) -> [ &_28 <- _ret ] s2) | s2 = bb8 ] - | bb8 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {i} (fun (_ret: t_T) -> [ &_25 <- _ret ] s1) | s1 = bb9 ] - | bb9 = s0 [ s0 = le_T {_20} {_25} (fun (_ret: bool) -> [ &_18 <- _ret ] s1) | s1 = bb10 ] - | bb10 = any [ br0 -> {_18 = false} (! bb13) | br1 -> {_18} (! bb12) ] + | bb8 = s0 [ s0 = index_Vec_T_Global'0 {v.current} {i} (fun (_ret: t_T) -> [ &_33 <- _ret ] s1) | s1 = bb9 ] + | bb9 = s0 [ s0 = le_T {_28} {_33} (fun (_ret: bool) -> [ &_26 <- _ret ] s1) | s1 = bb10 ] + | bb10 = any [ br0 -> {_26 = false} (! bb13) | br1 -> {_26} (! bb12) ] | bb12 = s0 [ s0 = UInt64.add {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s1) | s1 = bb2 ] | bb13 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_31 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_39 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = deref_mut_Vec_T_Global {_31} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_30 <- _ret ] s2) + | s1 = deref_mut_Vec_T_Global {_39} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_38 <- _ret ] s2) | s2 = bb14 ] | bb14 = s0 - [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_32 <- _ret ] s1) - | s1 = {inv_slice_T _30.current} - MutBorrow.borrow_final {_30.current} {MutBorrow.get_id _30} + [ s0 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_40 <- _ret ] s1) + | s1 = {inv_slice_T _38.current} + MutBorrow.borrow_final {_38.current} {MutBorrow.get_id _38} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_29 <- _ret ] -{inv_slice_T _ret.final}- - [ &_30 <- { _30 with current = _ret.final } ] s2) - | s2 = swap_T {_29} {_32} {i} (fun (_ret: ()) -> [ &_28 <- _ret ] s3) + [ &_37 <- _ret ] -{inv_slice_T _ret.final}- + [ &_38 <- { _38 with current = _ret.final } ] s2) + | s2 = swap_T {_37} {_40} {i} (fun (_ret: ()) -> [ &_36 <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = {[@expl:type invariant] inv_ref_slice_T _30} s1 - | s1 = -{resolve_ref_slice_T _30}- s2 + [ s0 = {[@expl:type invariant] inv_ref_slice_T _38} s1 + | s1 = -{resolve_ref_slice_T _38}- s2 | s2 = UInt64.sub {i} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s3) | s3 = bb2 ] ] ] | bb17 = s0 @@ -296,18 +296,18 @@ module M_gnome_sort | & v: MutBorrow.t t_Vec_T_Global = v | & old_v: MutBorrow.t t_Vec_T_Global = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _12: bool = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _16: bool = Any.any_l () - | & _18: bool = Any.any_l () - | & _20: t_T = Any.any_l () + | & _20: bool = Any.any_l () | & _22: UInt64.t = Any.any_l () - | & _25: t_T = Any.any_l () - | & _28: () = Any.any_l () - | & _29: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _30: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _31: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _32: UInt64.t = Any.any_l () + | & _24: bool = Any.any_l () + | & _26: bool = Any.any_l () + | & _28: t_T = Any.any_l () + | & _30: UInt64.t = Any.any_l () + | & _33: t_T = Any.any_l () + | & _36: () = Any.any_l () + | & _37: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _38: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _39: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _40: UInt64.t = Any.any_l () | & old_2_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:gnome_sort ensures #0] sorted_DeepModelTy (deep_model_Vec_T_Global v.final)} {[@expl:gnome_sort ensures #1] permutation_of_T (view_Vec_T_Global v.final) (view_Vec_T_Global v.current)} diff --git a/tests/should_succeed/vector/03_knuth_shuffle.coma b/tests/should_succeed/vector/03_knuth_shuffle.coma index a42afe2f05..5f1c4e897a 100644 --- a/tests/should_succeed/vector/03_knuth_shuffle.coma +++ b/tests/should_succeed/vector/03_knuth_shuffle.coma @@ -175,10 +175,10 @@ module M_knuth_shuffle {[@expl:knuth_shuffle 'v' type invariant] inv_ref_Vec_T_Global'0 v} (! bb0 [ bb0 = s0 [ s0 = [ &old_v <- v ] s1 | s1 = bb1 ] - | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_7 <- _ret ] s1) | s1 = bb2 ] + | bb1 = s0 [ s0 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_9 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = [ &_6 <- { start = (0: UInt64.t); end' = _7 } ] s1 - | s1 = into_iter_Range_usize {_6} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) + [ s0 = [ &_8 <- { start = (0: UInt64.t); end' = _9 } ] s1 + | s1 = into_iter_Range_usize {_8} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb4 ] | bb4 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb5 ] @@ -194,47 +194,47 @@ module M_knuth_shuffle [ s0 = bb7 ] [ bb7 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_22 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_22.current} {MutBorrow.get_id _22} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_33 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_33.current} {MutBorrow.get_id _33} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_21 <- _ret ] [ &_22 <- { _22 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_21} (fun (_ret: t_Option_usize) -> [ &_20 <- _ret ] s3) + [ &_32 <- _ret ] [ &_33 <- { _33 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_32} (fun (_ret: t_Option_usize) -> [ &_31 <- _ret ] s3) | s3 = bb8 ] | bb8 = s0 - [ s0 = -{resolve_ref_Range_usize _22}- s1 - | s1 = any [ br0 -> {_20 = None} (! bb11) | br1 (x0: UInt64.t) -> {_20 = Some x0} (! bb12) ] ] + [ s0 = -{resolve_ref_Range_usize _33}- s1 + | s1 = any [ br0 -> {_31 = None} (! bb11) | br1 (x0: UInt64.t) -> {_31 = Some x0} (! bb12) ] ] | bb12 = s0 - [ s0 = elim_Some {_20} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_25 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_31} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_36 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb13 ] | bb13 = s0 - [ s0 = [ &produced <- _25 ] s1 + [ s0 = [ &produced <- _36 ] s1 | s1 = [ &n <- __creusot_proc_iter_elem ] s2 - | s2 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_29 <- _ret ] s3) + | s2 = len_T {v.current} (fun (_ret: UInt64.t) -> [ &_42 <- _ret ] s3) | s3 = bb14 ] | bb14 = s0 - [ s0 = UInt64.sub {_29} {n} (fun (_ret: UInt64.t) -> [ &upper <- _ret ] s1) + [ s0 = UInt64.sub {_42} {n} (fun (_ret: UInt64.t) -> [ &upper <- _ret ] s1) | s1 = rand_in_range {(0: UInt64.t)} {upper} (fun (_ret: UInt64.t) -> [ &i <- _ret ] s2) | s2 = bb15 ] | bb15 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_37 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_50 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = deref_mut_Vec_T_Global {_37} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_36 <- _ret ] s2) + | s1 = deref_mut_Vec_T_Global {_50} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> [ &_49 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 - [ s0 = UInt64.sub {upper} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_39 <- _ret ] s1) - | s1 = {inv_slice_T _36.current} - MutBorrow.borrow_final {_36.current} {MutBorrow.get_id _36} + [ s0 = UInt64.sub {upper} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_52 <- _ret ] s1) + | s1 = {inv_slice_T _49.current} + MutBorrow.borrow_final {_49.current} {MutBorrow.get_id _49} (fun (_ret: MutBorrow.t (Slice64.slice t_T)) -> - [ &_35 <- _ret ] -{inv_slice_T _ret.final}- - [ &_36 <- { _36 with current = _ret.final } ] s2) - | s2 = swap_T {_35} {i} {_39} (fun (_ret: ()) -> [ &_34 <- _ret ] s3) + [ &_48 <- _ret ] -{inv_slice_T _ret.final}- + [ &_49 <- { _49 with current = _ret.final } ] s2) + | s2 = swap_T {_48} {i} {_52} (fun (_ret: ()) -> [ &_47 <- _ret ] s3) | s3 = bb17 ] | bb17 = s0 - [ s0 = {[@expl:type invariant] inv_ref_slice_T _36} s1 | s1 = -{resolve_ref_slice_T _36}- s2 | s2 = bb6 ] ] ] + [ s0 = {[@expl:type invariant] inv_ref_slice_T _49} s1 | s1 = -{resolve_ref_slice_T _49}- s2 | s2 = bb6 ] ] ] | bb11 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global'0 v} s1 | s1 = -{resolve_ref_Vec_T_Global v}- s2 @@ -243,24 +243,24 @@ module M_knuth_shuffle | & v: MutBorrow.t t_Vec_T_Global = v | & old_v: MutBorrow.t t_Vec_T_Global = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _6: t_Range_usize = Any.any_l () - | & _7: UInt64.t = Any.any_l () + | & _8: t_Range_usize = Any.any_l () + | & _9: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _20: t_Option_usize = Any.any_l () - | & _21: MutBorrow.t t_Range_usize = Any.any_l () - | & _22: MutBorrow.t t_Range_usize = Any.any_l () + | & _31: t_Option_usize = Any.any_l () + | & _32: MutBorrow.t t_Range_usize = Any.any_l () + | & _33: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _25: Seq.seq UInt64.t = Any.any_l () + | & _36: Seq.seq UInt64.t = Any.any_l () | & n: UInt64.t = Any.any_l () | & upper: UInt64.t = Any.any_l () - | & _29: UInt64.t = Any.any_l () + | & _42: UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () - | & _34: () = Any.any_l () - | & _35: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _36: MutBorrow.t (Slice64.slice t_T) = Any.any_l () - | & _37: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _39: UInt64.t = Any.any_l () + | & _47: () = Any.any_l () + | & _48: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _49: MutBorrow.t (Slice64.slice t_T) = Any.any_l () + | & _50: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _52: UInt64.t = Any.any_l () | & old_6_0: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:knuth_shuffle ensures] permutation_of_T (view_Vec_T_Global v.final) (view_Vec_T_Global v.current)} diff --git a/tests/should_succeed/vector/04_binary_search.coma b/tests/should_succeed/vector/04_binary_search.coma index db67c938b8..35e6012583 100644 --- a/tests/should_succeed/vector/04_binary_search.coma +++ b/tests/should_succeed/vector/04_binary_search.coma @@ -139,9 +139,9 @@ module M_binary_search {[@expl:binary_search requires #0] Seq.length (view_Vec_u32_Global arr) <= UInt64.t'int const_MAX} {[@expl:binary_search requires #1] sorted (view_Vec_u32_Global arr)} (! bb0 - [ bb0 = s0 [ s0 = len_u32 {arr} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len_u32 {arr} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _10 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] + [ s0 = [ &_17 <- _18 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_17 = false} (! bb3) | br1 -> {_17} (! bb2) ] ] | bb2 = s0 [ s0 = [ &_0 <- Err (0: UInt64.t) ] s1 | s1 = bb21 ] | bb3 = s0 [ s0 = len_u32 {arr} (fun (_ret: UInt64.t) -> [ &size <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &base <- (0: UInt64.t) ] s1 | s1 = bb5 ] @@ -156,57 +156,57 @@ module M_binary_search (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = [ &_22 <- UInt64.gt size (1: UInt64.t) ] s1 - | s1 = any [ br0 -> {_22 = false} (! bb13) | br1 -> {_22} (! bb7) ] ] + [ s0 = [ &_40 <- UInt64.gt size (1: UInt64.t) ] s1 + | s1 = any [ br0 -> {_40 = false} (! bb13) | br1 -> {_40} (! bb7) ] ] | bb7 = s0 - [ s0 = [ &_26 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _26} s2 | s2 = bb8 ] + [ s0 = [ &_44 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _44} s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UInt64.div {size} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &half <- _ret ] s1) | s1 = UInt64.add {base} {half} (fun (_ret: UInt64.t) -> [ &mid <- _ret ] s2) - | s2 = index_Vec_u32_Global'0 {arr} {mid} (fun (_ret: UInt32.t) -> [ &_33 <- _ret ] s3) + | s2 = index_Vec_u32_Global'0 {arr} {mid} (fun (_ret: UInt32.t) -> [ &_51 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = [ &_31 <- UInt32.gt _33 elem ] s1 - | s1 = any [ br0 -> {_31 = false} (! bb11) | br1 -> {_31} (! bb10) ] ] - | bb10 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb12 ] - | bb11 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb12 ] + [ s0 = [ &_49 <- UInt32.gt _51 elem ] s1 + | s1 = any [ br0 -> {_49 = false} (! bb11) | br1 -> {_49} (! bb10) ] ] + | bb10 = s0 [ s0 = [ &_48 <- base ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_48 <- mid ] s1 | s1 = bb12 ] | bb12 = s0 - [ s0 = [ &base <- _30 ] s1 + [ s0 = [ &base <- _48 ] s1 | s1 = UInt64.sub {size} {half} (fun (_ret: UInt64.t) -> [ &size <- _ret ] s2) | s2 = bb5 ] ] ] - | bb13 = s0 [ s0 = index_Vec_u32_Global'0 {arr} {base} (fun (_ret: UInt32.t) -> [ &_40 <- _ret ] s1) | s1 = bb14 ] + | bb13 = s0 [ s0 = index_Vec_u32_Global'0 {arr} {base} (fun (_ret: UInt32.t) -> [ &_58 <- _ret ] s1) | s1 = bb14 ] | bb14 = s0 - [ s0 = [ &cmp <- _40 ] s1 - | s1 = [ &_43 <- cmp = elem ] s2 - | s2 = any [ br0 -> {_43 = false} (! bb16) | br1 -> {_43} (! bb15) ] ] + [ s0 = [ &cmp <- _58 ] s1 + | s1 = [ &_61 <- cmp = elem ] s2 + | s2 = any [ br0 -> {_61 = false} (! bb16) | br1 -> {_61} (! bb15) ] ] | bb15 = s0 [ s0 = [ &_0 <- Ok base ] s1 | s1 = bb21 ] | bb16 = s0 - [ s0 = [ &_47 <- UInt32.lt cmp elem ] s1 | s1 = any [ br0 -> {_47 = false} (! bb18) | br1 -> {_47} (! bb17) ] ] + [ s0 = [ &_65 <- UInt32.lt cmp elem ] s1 | s1 = any [ br0 -> {_65 = false} (! bb18) | br1 -> {_65} (! bb17) ] ] | bb17 = s0 - [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_50 <- _ret ] s1) - | s1 = [ &_0 <- Err _50 ] s2 + [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_68 <- _ret ] s1) + | s1 = [ &_0 <- Err _68 ] s2 | s2 = bb21 ] | bb18 = s0 [ s0 = [ &_0 <- Err base ] s1 | s1 = bb21 ] | bb21 = return {_0} ] [ & _0: t_Result_usize_usize = Any.any_l () | & arr: t_Vec_u32_Global = arr | & elem: UInt32.t = elem - | & _9: bool = Any.any_l () - | & _10: UInt64.t = Any.any_l () + | & _17: bool = Any.any_l () + | & _18: UInt64.t = Any.any_l () | & size: UInt64.t = Any.any_l () | & base: UInt64.t = Any.any_l () - | & _22: bool = Any.any_l () + | & _40: bool = Any.any_l () | & half: UInt64.t = Any.any_l () - | & _26: bool = Any.any_l () + | & _44: bool = Any.any_l () | & mid: UInt64.t = Any.any_l () - | & _30: UInt64.t = Any.any_l () - | & _31: bool = Any.any_l () - | & _33: UInt32.t = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _49: bool = Any.any_l () + | & _51: UInt32.t = Any.any_l () | & cmp: UInt32.t = Any.any_l () - | & _40: UInt32.t = Any.any_l () - | & _43: bool = Any.any_l () - | & _47: bool = Any.any_l () - | & _50: UInt64.t = Any.any_l () ]) + | & _58: UInt32.t = Any.any_l () + | & _61: bool = Any.any_l () + | & _65: bool = Any.any_l () + | & _68: UInt64.t = Any.any_l () ]) [ return (result: t_Result_usize_usize) -> {[@expl:binary_search ensures #0] forall x: UInt64.t. result = Ok x -> index_Vec_u32_Global arr (UInt64.t'int x) = elem} {[@expl:binary_search ensures #1] forall x: UInt64.t. result = Err x diff --git a/tests/should_succeed/vector/05_binary_search_generic.coma b/tests/should_succeed/vector/05_binary_search_generic.coma index 3169a2a608..00fefadd10 100644 --- a/tests/should_succeed/vector/05_binary_search_generic.coma +++ b/tests/should_succeed/vector/05_binary_search_generic.coma @@ -257,9 +257,9 @@ module M_binary_search {[@expl:binary_search requires #0] Seq.length (view_Vec_T_Global arr) <= UInt64.t'int const_MAX} {[@expl:binary_search requires #1] sorted_DeepModelTy (deep_model_ref_Vec_T_Global arr)} (! bb0 - [ bb0 = s0 [ s0 = len_T {arr} (fun (_ret: UInt64.t) -> [ &_10 <- _ret ] s1) | s1 = bb1 ] + [ bb0 = s0 [ s0 = len_T {arr} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = [ &_9 <- _10 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_9 = false} (! bb3) | br1 -> {_9} (! bb2) ] ] + [ s0 = [ &_17 <- _18 = (0: UInt64.t) ] s1 | s1 = any [ br0 -> {_17 = false} (! bb3) | br1 -> {_17} (! bb2) ] ] | bb2 = s0 [ s0 = {[@expl:type invariant] inv_T elem} s1 | s1 = -{resolve_T elem}- s2 @@ -278,58 +278,58 @@ module M_binary_search (! s0) [ s0 = bb6 ] [ bb6 = s0 - [ s0 = [ &_22 <- UInt64.gt size (1: UInt64.t) ] s1 - | s1 = any [ br0 -> {_22 = false} (! bb14) | br1 -> {_22} (! bb7) ] ] + [ s0 = [ &_40 <- UInt64.gt size (1: UInt64.t) ] s1 + | s1 = any [ br0 -> {_40 = false} (! bb14) | br1 -> {_40} (! bb7) ] ] | bb7 = s0 - [ s0 = [ &_26 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _26} s2 | s2 = bb8 ] + [ s0 = [ &_44 <- (2: UInt64.t) = (0: UInt64.t) ] s1 | s1 = {[@expl:division by zero] not _44} s2 | s2 = bb8 ] | bb8 = s0 [ s0 = UInt64.div {size} {(2: UInt64.t)} (fun (_ret: UInt64.t) -> [ &half <- _ret ] s1) | s1 = UInt64.add {base} {half} (fun (_ret: UInt64.t) -> [ &mid <- _ret ] s2) - | s2 = index_Vec_T_Global'0 {arr} {mid} (fun (_ret: t_T) -> [ &_33 <- _ret ] s3) + | s2 = index_Vec_T_Global'0 {arr} {mid} (fun (_ret: t_T) -> [ &_51 <- _ret ] s3) | s3 = bb9 ] - | bb9 = s0 [ s0 = gt_T {_33} {elem} (fun (_ret: bool) -> [ &_31 <- _ret ] s1) | s1 = bb10 ] - | bb10 = any [ br0 -> {_31 = false} (! bb12) | br1 -> {_31} (! bb11) ] - | bb11 = s0 [ s0 = [ &_30 <- base ] s1 | s1 = bb13 ] - | bb12 = s0 [ s0 = [ &_30 <- mid ] s1 | s1 = bb13 ] + | bb9 = s0 [ s0 = gt_T {_51} {elem} (fun (_ret: bool) -> [ &_49 <- _ret ] s1) | s1 = bb10 ] + | bb10 = any [ br0 -> {_49 = false} (! bb12) | br1 -> {_49} (! bb11) ] + | bb11 = s0 [ s0 = [ &_48 <- base ] s1 | s1 = bb13 ] + | bb12 = s0 [ s0 = [ &_48 <- mid ] s1 | s1 = bb13 ] | bb13 = s0 - [ s0 = [ &base <- _30 ] s1 + [ s0 = [ &base <- _48 ] s1 | s1 = UInt64.sub {size} {half} (fun (_ret: UInt64.t) -> [ &size <- _ret ] s2) | s2 = bb5 ] ] ] - | bb14 = s0 [ s0 = index_Vec_T_Global'0 {arr} {base} (fun (_ret: t_T) -> [ &_40 <- _ret ] s1) | s1 = bb15 ] + | bb14 = s0 [ s0 = index_Vec_T_Global'0 {arr} {base} (fun (_ret: t_T) -> [ &_58 <- _ret ] s1) | s1 = bb15 ] | bb15 = s0 - [ s0 = [ &cmp <- _40 ] s1 + [ s0 = [ &cmp <- _58 ] s1 | s1 = {[@expl:type invariant] inv_T elem} s2 | s2 = -{resolve_T elem}- s3 - | s3 = [ &_46 <- elem ] s4 - | s4 = cmp_T {cmp} {_46} (fun (_ret: t_Ordering) -> [ &_43 <- _ret ] s5) + | s3 = [ &_64 <- elem ] s4 + | s4 = cmp_T {cmp} {_64} (fun (_ret: t_Ordering) -> [ &_61 <- _ret ] s5) | s5 = bb16 ] - | bb16 = any [ br0 -> {_43 = Less} (! bb21) | br1 -> {_43 = Equal} (! bb22) | br2 -> {_43 = Greater} (! bb20) ] + | bb16 = any [ br0 -> {_61 = Less} (! bb21) | br1 -> {_61 = Equal} (! bb22) | br2 -> {_61 = Greater} (! bb20) ] | bb20 = s0 [ s0 = [ &_0 <- Err base ] s1 | s1 = bb24 ] | bb22 = s0 [ s0 = [ &_0 <- Ok base ] s1 | s1 = bb24 ] | bb21 = s0 - [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_49 <- _ret ] s1) - | s1 = [ &_0 <- Err _49 ] s2 + [ s0 = UInt64.add {base} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &_67 <- _ret ] s1) + | s1 = [ &_0 <- Err _67 ] s2 | s2 = bb24 ] | bb24 = return {_0} ] [ & _0: t_Result_usize_usize = Any.any_l () | & arr: t_Vec_T_Global = arr | & elem: t_T = elem - | & _9: bool = Any.any_l () - | & _10: UInt64.t = Any.any_l () + | & _17: bool = Any.any_l () + | & _18: UInt64.t = Any.any_l () | & size: UInt64.t = Any.any_l () | & base: UInt64.t = Any.any_l () - | & _22: bool = Any.any_l () + | & _40: bool = Any.any_l () | & half: UInt64.t = Any.any_l () - | & _26: bool = Any.any_l () + | & _44: bool = Any.any_l () | & mid: UInt64.t = Any.any_l () - | & _30: UInt64.t = Any.any_l () - | & _31: bool = Any.any_l () - | & _33: t_T = Any.any_l () + | & _48: UInt64.t = Any.any_l () + | & _49: bool = Any.any_l () + | & _51: t_T = Any.any_l () | & cmp: t_T = Any.any_l () - | & _40: t_T = Any.any_l () - | & _43: t_Ordering = Any.any_l () - | & _46: t_T = Any.any_l () - | & _49: UInt64.t = Any.any_l () ]) + | & _58: t_T = Any.any_l () + | & _61: t_Ordering = Any.any_l () + | & _64: t_T = Any.any_l () + | & _67: UInt64.t = Any.any_l () ]) [ return (result: t_Result_usize_usize) -> {[@expl:binary_search ensures #0] forall x: UInt64.t. result = Ok x -> Seq.get (deep_model_ref_Vec_T_Global arr) (UInt64.t'int x) = deep_model_T elem} {[@expl:binary_search ensures #1] forall x: UInt64.t. result = Err x diff --git a/tests/should_succeed/vector/06_knights_tour.coma b/tests/should_succeed/vector/06_knights_tour.coma index 7a7fcb27de..c1e719698f 100644 --- a/tests/should_succeed/vector/06_knights_tour.coma +++ b/tests/should_succeed/vector/06_knights_tour.coma @@ -71,16 +71,16 @@ module M_impl_Clone_for_Point__clone (* *) let rec clone_Point (self: t_Point) (return (x'0: t_Point)) = (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- self.x ] s1 | s1 = clone_isize {_5} (fun (_ret: Int64.t) -> [ &_3 <- _ret ] s2) | s2 = bb1 ] + [ s0 = [ &_6 <- self.x ] s1 | s1 = clone_isize {_6} (fun (_ret: Int64.t) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &_8 <- self.y ] s1 | s1 = clone_isize {_8} (fun (_ret: Int64.t) -> [ &_6 <- _ret ] s2) | s2 = bb2 ] - | bb2 = s0 [ s0 = [ &_0 <- { x = _3; y = _6 } ] s1 | s1 = return {_0} ] ] + [ s0 = [ &_9 <- self.y ] s1 | s1 = clone_isize {_9} (fun (_ret: Int64.t) -> [ &_7 <- _ret ] s2) | s2 = bb2 ] + | bb2 = s0 [ s0 = [ &_0 <- { x = _4; y = _7 } ] s1 | s1 = return {_0} ] ] [ & _0: t_Point = Any.any_l () | & self: t_Point = self - | & _3: Int64.t = Any.any_l () - | & _5: Int64.t = Any.any_l () + | & _4: Int64.t = Any.any_l () | & _6: Int64.t = Any.any_l () - | & _8: Int64.t = Any.any_l () ]) + | & _7: Int64.t = Any.any_l () + | & _9: Int64.t = Any.any_l () ]) [ return (result: t_Point) -> {[@expl:clone ensures] postcondition_clone () self.x result.x /\ postcondition_clone () self.y result.y} (! return {result}) ] @@ -106,15 +106,15 @@ module M_impl_Point__mov (* Point *) {[@expl:mov requires #3] - 10000 <= Int64.to_int p.f1 /\ Int64.to_int p.f1 <= 10000} (! bb0 [ bb0 = s0 - [ s0 = Int64.add {self.x} {p.f0} (fun (_ret: Int64.t) -> [ &_9 <- _ret ] s1) - | s1 = Int64.add {self.y} {p.f1} (fun (_ret: Int64.t) -> [ &_12 <- _ret ] s2) - | s2 = [ &_0 <- { x = _9; y = _12 } ] s3 + [ s0 = Int64.add {self.x} {p.f0} (fun (_ret: Int64.t) -> [ &_17 <- _ret ] s1) + | s1 = Int64.add {self.y} {p.f1} (fun (_ret: Int64.t) -> [ &_20 <- _ret ] s2) + | s2 = [ &_0 <- { x = _17; y = _20 } ] s3 | s3 = return {_0} ] ] [ & _0: t_Point = Any.any_l () | & self: t_Point = self | & p: tup2_isize_isize = p - | & _9: Int64.t = Any.any_l () - | & _12: Int64.t = Any.any_l () ]) + | & _17: Int64.t = Any.any_l () + | & _20: Int64.t = Any.any_l () ]) [ return (result: t_Point) -> {[@expl:mov ensures #0] Int64.to_int result.x = Int64.to_int self.x + Int64.to_int p.f0} {[@expl:mov ensures #1] Int64.to_int result.y = Int64.to_int self.y + Int64.to_int p.f1} @@ -387,12 +387,12 @@ module M_impl_Board__new (* Board *) let rec new (size'0: UInt64.t) (return (x: t_Board)) = {[@expl:new requires] UInt64.t'int size'0 <= 1000} (! bb0 [ bb0 = s0 - [ s0 = [ &_7 <- { start = (0: UInt64.t); end' = size'0 } ] s1 - | s1 = [ &_9 <- { c0 = size'0 } ] s2 - | s2 = map_inv_Range_usize {_7} {_9} (fun (_ret: t_MapInv_Range_usize_closure3) -> [ &_6 <- _ret ] s3) + [ s0 = [ &_9 <- { start = (0: UInt64.t); end' = size'0 } ] s1 + | s1 = [ &_11 <- { c0 = size'0 } ] s2 + | s2 = map_inv_Range_usize {_9} {_11} (fun (_ret: t_MapInv_Range_usize_closure3) -> [ &_8 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = collect_MapInv_Range_usize_closure3 {_6} + [ s0 = collect_MapInv_Range_usize_closure3 {_8} (fun (_ret: t_Vec_Vec_usize_Global_Global) -> [ &rows <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &_0 <- { size = size'0; field = rows } ] s1 | s1 = bb4 ] @@ -400,9 +400,9 @@ module M_impl_Board__new (* Board *) [ & _0: t_Board = Any.any_l () | & size'0: UInt64.t = size'0 | & rows: t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _6: t_MapInv_Range_usize_closure3 = Any.any_l () - | & _7: t_Range_usize = Any.any_l () - | & _9: closure3 = Any.any_l () ]) + | & _8: t_MapInv_Range_usize_closure3 = Any.any_l () + | & _9: t_Range_usize = Any.any_l () + | & _11: closure3 = Any.any_l () ]) [ return (result: t_Board) -> {[@expl:new ensures #0] result.size = size'0} {[@expl:new ensures #1] wf result} (! return {result}) ] @@ -488,43 +488,43 @@ module M_impl_Board__available (* Board *) let rec available (self: t_Board) (p: t_Point) (return (x'0: bool)) = {[@expl:available requires] wf self} (! bb0 [ bb0 = s0 - [ s0 = [ &_5 <- Int64.le (0: Int64.t) p.x ] s1 | s1 = any [ br0 -> {_5 = false} (! bb9) | br1 -> {_5} (! bb1) ] ] + [ s0 = [ &_8 <- Int64.le (0: Int64.t) p.x ] s1 | s1 = any [ br0 -> {_8 = false} (! bb9) | br1 -> {_8} (! bb1) ] ] | bb1 = s0 - [ s0 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_8 <- _ret_from ] s1) - | s1 = [ &_7 <- UInt64.lt _8 self.size ] s2 - | s2 = any [ br0 -> {_7 = false} (! bb9) | br1 -> {_7} (! bb2) ] ] + [ s0 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_11 <- _ret_from ] s1) + | s1 = [ &_10 <- UInt64.lt _11 self.size ] s2 + | s2 = any [ br0 -> {_10 = false} (! bb9) | br1 -> {_10} (! bb2) ] ] | bb2 = s0 - [ s0 = [ &_11 <- Int64.le (0: Int64.t) p.y ] s1 - | s1 = any [ br0 -> {_11 = false} (! bb9) | br1 -> {_11} (! bb3) ] ] + [ s0 = [ &_14 <- Int64.le (0: Int64.t) p.y ] s1 + | s1 = any [ br0 -> {_14 = false} (! bb9) | br1 -> {_14} (! bb3) ] ] | bb3 = s0 - [ s0 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_14 <- _ret_from ] s1) - | s1 = [ &_13 <- UInt64.lt _14 self.size ] s2 - | s2 = any [ br0 -> {_13 = false} (! bb9) | br1 -> {_13} (! bb4) ] ] + [ s0 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_17 <- _ret_from ] s1) + | s1 = [ &_16 <- UInt64.lt _17 self.size ] s2 + | s2 = any [ br0 -> {_16 = false} (! bb9) | br1 -> {_16} (! bb4) ] ] | bb4 = s0 - [ s0 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_22 <- _ret_from ] s1) - | s1 = index_Vec_Vec_usize_Global_Global {self.field} {_22} - (fun (_ret: t_Vec_usize_Global) -> [ &_20 <- _ret ] s2) + [ s0 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_25 <- _ret_from ] s1) + | s1 = index_Vec_Vec_usize_Global_Global {self.field} {_25} + (fun (_ret: t_Vec_usize_Global) -> [ &_23 <- _ret ] s2) | s2 = bb10 ] | bb10 = s0 - [ s0 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_24 <- _ret_from ] s1) - | s1 = index_Vec_usize_Global {_20} {_24} (fun (_ret: UInt64.t) -> [ &_18 <- _ret ] s2) + [ s0 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_27 <- _ret_from ] s1) + | s1 = index_Vec_usize_Global {_23} {_27} (fun (_ret: UInt64.t) -> [ &_21 <- _ret ] s2) | s2 = bb11 ] - | bb11 = s0 [ s0 = [ &_0 <- _18 = (0: UInt64.t) ] s1 | s1 = bb12 ] + | bb11 = s0 [ s0 = [ &_0 <- _21 = (0: UInt64.t) ] s1 | s1 = bb12 ] | bb9 = s0 [ s0 = [ &_0 <- false ] s1 | s1 = bb12 ] | bb12 = return {_0} ] [ & _0: bool = Any.any_l () | & self: t_Board = self | & p: t_Point = p - | & _5: bool = Any.any_l () - | & _7: bool = Any.any_l () - | & _8: UInt64.t = Any.any_l () - | & _11: bool = Any.any_l () - | & _13: bool = Any.any_l () - | & _14: UInt64.t = Any.any_l () - | & _18: UInt64.t = Any.any_l () - | & _20: t_Vec_usize_Global = Any.any_l () - | & _22: UInt64.t = Any.any_l () - | & _24: UInt64.t = Any.any_l () ]) + | & _8: bool = Any.any_l () + | & _10: bool = Any.any_l () + | & _11: UInt64.t = Any.any_l () + | & _14: bool = Any.any_l () + | & _16: bool = Any.any_l () + | & _17: UInt64.t = Any.any_l () + | & _21: UInt64.t = Any.any_l () + | & _23: t_Vec_usize_Global = Any.any_l () + | & _25: UInt64.t = Any.any_l () + | & _27: UInt64.t = Any.any_l () ]) [ return (result: bool) -> {[@expl:available ensures] result -> in_bounds self p} (! return {result}) ] end module M_impl_Board__count_degree (* Board *) @@ -704,10 +704,10 @@ module M_impl_Board__count_degree (* Board *) (! bb0 [ bb0 = s0 [ s0 = [ &count <- (0: UInt64.t) ] s1 - | s1 = moves (fun (_ret: t_Vec_tup2_isize_isize_Global) -> [ &_8 <- _ret ] s2) + | s1 = moves (fun (_ret: t_Vec_tup2_isize_isize_Global) -> [ &_11 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = into_iter_Vec_tup2_isize_isize_Global {_8} + [ s0 = into_iter_Vec_tup2_isize_isize_Global {_11} (fun (_ret: t_IntoIter_tup2_isize_isize_Global) -> [ &iter <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb3 ] @@ -723,32 +723,32 @@ module M_impl_Board__count_degree (* Board *) [ s0 = {inv_IntoIter_tup2_isize_isize_Global iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_IntoIter_tup2_isize_isize_Global) -> - [ &_21 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- + [ &_32 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_IntoIter_tup2_isize_isize_Global _21.current} - MutBorrow.borrow_final {_21.current} {MutBorrow.get_id _21} + | s1 = {inv_IntoIter_tup2_isize_isize_Global _32.current} + MutBorrow.borrow_final {_32.current} {MutBorrow.get_id _32} (fun (_ret: MutBorrow.t t_IntoIter_tup2_isize_isize_Global) -> - [ &_20 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- - [ &_21 <- { _21 with current = _ret.final } ] s2) - | s2 = next_IntoIter_tup2_isize_isize_Global {_20} - (fun (_ret: t_Option_tup2_isize_isize) -> [ &_19 <- _ret ] s3) + [ &_31 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- + [ &_32 <- { _32 with current = _ret.final } ] s2) + | s2 = next_IntoIter_tup2_isize_isize_Global {_31} + (fun (_ret: t_Option_tup2_isize_isize) -> [ &_30 <- _ret ] s3) | s3 = bb7 ] | bb7 = s0 - [ s0 = {[@expl:type invariant] inv_ref_IntoIter_tup2_isize_isize_Global _21} s1 - | s1 = -{resolve_ref_IntoIter_tup2_isize_isize_Global _21}- s2 - | s2 = any [ br0 -> {_19 = None} (! bb10) | br1 (x0: tup2_isize_isize) -> {_19 = Some x0} (! bb11) ] ] + [ s0 = {[@expl:type invariant] inv_ref_IntoIter_tup2_isize_isize_Global _32} s1 + | s1 = -{resolve_ref_IntoIter_tup2_isize_isize_Global _32}- s2 + | s2 = any [ br0 -> {_30 = None} (! bb10) | br1 (x0: tup2_isize_isize) -> {_30 = Some x0} (! bb11) ] ] | bb11 = s0 - [ s0 = elim_Some {_19} (fun (r0: tup2_isize_isize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_24 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_30} (fun (r0: tup2_isize_isize) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_35 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb12 ] | bb12 = s0 - [ s0 = [ &produced <- _24 ] s1 + [ s0 = [ &produced <- _35 ] s1 | s1 = [ &m <- __creusot_proc_iter_elem ] s2 - | s2 = [ &_30 <- m ] s3 - | s3 = mov {p} {_30} (fun (_ret: t_Point) -> [ &next <- _ret ] s4) + | s2 = [ &_43 <- m ] s3 + | s3 = mov {p} {_43} (fun (_ret: t_Point) -> [ &next <- _ret ] s4) | s4 = bb13 ] - | bb13 = s0 [ s0 = available {self} {next} (fun (_ret: bool) -> [ &_31 <- _ret ] s1) | s1 = bb14 ] - | bb14 = any [ br0 -> {_31 = false} (! bb5) | br1 -> {_31} (! bb15) ] + | bb13 = s0 [ s0 = available {self} {next} (fun (_ret: bool) -> [ &_44 <- _ret ] s1) | s1 = bb14 ] + | bb14 = any [ br0 -> {_44 = false} (! bb5) | br1 -> {_44} (! bb15) ] | bb15 = s0 [ s0 = UInt64.add {count} {(1: UInt64.t)} (fun (_ret: UInt64.t) -> [ &count <- _ret ] s1) | s1 = bb5 ] ] ] | bb10 = s0 @@ -761,18 +761,18 @@ module M_impl_Board__count_degree (* Board *) | & p: t_Point = p | & count: UInt64.t = Any.any_l () | & iter: t_IntoIter_tup2_isize_isize_Global = Any.any_l () - | & _8: t_Vec_tup2_isize_isize_Global = Any.any_l () + | & _11: t_Vec_tup2_isize_isize_Global = Any.any_l () | & iter_old: t_IntoIter_tup2_isize_isize_Global = Any.any_l () | & produced: Seq.seq tup2_isize_isize = Any.any_l () - | & _19: t_Option_tup2_isize_isize = Any.any_l () - | & _20: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () - | & _21: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () + | & _30: t_Option_tup2_isize_isize = Any.any_l () + | & _31: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () + | & _32: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () | & __creusot_proc_iter_elem: tup2_isize_isize = Any.any_l () - | & _24: Seq.seq tup2_isize_isize = Any.any_l () + | & _35: Seq.seq tup2_isize_isize = Any.any_l () | & m: tup2_isize_isize = Any.any_l () | & next: t_Point = Any.any_l () - | & _30: tup2_isize_isize = Any.any_l () - | & _31: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] + | & _43: tup2_isize_isize = Any.any_l () + | & _44: bool = Any.any_l () ]) [ return (result: UInt64.t) -> (! return {result}) ] end module M_impl_Board__set (* Board *) use creusot.int.UInt64 @@ -895,34 +895,34 @@ module M_impl_Board__set (* Board *) [ s0 = MutBorrow.borrow_final {self.current.field} {MutBorrow.inherit_id (MutBorrow.get_id self) 2} (fun (_ret: MutBorrow.t t_Vec_Vec_usize_Global_Global) -> - [ &_12 <- _ret ] [ &self <- { self with current = { self.current with field = _ret.final } } ] s1) - | s1 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_13 <- _ret_from ] s2) - | s2 = index_mut_Vec_Vec_usize_Global_Global {_12} {_13} - (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_11 <- _ret ] s3) + [ &_17 <- _ret ] [ &self <- { self with current = { self.current with field = _ret.final } } ] s1) + | s1 = UInt64.of_int {Int64.to_int p.x} (fun (_ret_from: UInt64.t) -> [ &_18 <- _ret_from ] s2) + | s2 = index_mut_Vec_Vec_usize_Global_Global {_17} {_18} + (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> [ &_16 <- _ret ] s3) | s3 = bb1 ] | bb1 = s0 - [ s0 = MutBorrow.borrow_final {_11.current} {MutBorrow.get_id _11} + [ s0 = MutBorrow.borrow_final {_16.current} {MutBorrow.get_id _16} (fun (_ret: MutBorrow.t t_Vec_usize_Global) -> - [ &_10 <- _ret ] [ &_11 <- { _11 with current = _ret.final } ] s1) - | s1 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_15 <- _ret_from ] s2) - | s2 = index_mut_Vec_usize_Global {_10} {_15} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_9 <- _ret ] s3) + [ &_15 <- _ret ] [ &_16 <- { _16 with current = _ret.final } ] s1) + | s1 = UInt64.of_int {Int64.to_int p.y} (fun (_ret_from: UInt64.t) -> [ &_20 <- _ret_from ] s2) + | s2 = index_mut_Vec_usize_Global {_15} {_20} (fun (_ret: MutBorrow.t UInt64.t) -> [ &_14 <- _ret ] s3) | s3 = bb2 ] | bb2 = s0 - [ s0 = [ &_9 <- { _9 with current = v } ] s1 - | s1 = -{resolve_ref_usize _9}- s2 - | s2 = -{resolve_ref_Vec_usize_Global _11}- s3 + [ s0 = [ &_14 <- { _14 with current = v } ] s1 + | s1 = -{resolve_ref_usize _14}- s2 + | s2 = -{resolve_ref_Vec_usize_Global _16}- s3 | s3 = -{resolve_ref_Board self}- s4 | s4 = return {_0} ] ] [ & _0: () = Any.any_l () | & self: MutBorrow.t t_Board = self | & p: t_Point = p | & v: UInt64.t = v - | & _9: MutBorrow.t UInt64.t = Any.any_l () - | & _10: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _11: MutBorrow.t t_Vec_usize_Global = Any.any_l () - | & _12: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () - | & _13: UInt64.t = Any.any_l () - | & _15: UInt64.t = Any.any_l () ]) + | & _14: MutBorrow.t UInt64.t = Any.any_l () + | & _15: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _16: MutBorrow.t t_Vec_usize_Global = Any.any_l () + | & _17: MutBorrow.t t_Vec_Vec_usize_Global_Global = Any.any_l () + | & _18: UInt64.t = Any.any_l () + | & _20: UInt64.t = Any.any_l () ]) [ return (result: ()) -> {[@expl:set ensures #0] wf self.final} {[@expl:set ensures #1] self.final.size = self.current.size} (! return {result}) ] @@ -1065,33 +1065,33 @@ module M_min [ s0 = {inv_Iter_tup2_usize_Point iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_Iter_tup2_usize_Point) -> - [ &_19 <- _ret ] -{inv_Iter_tup2_usize_Point _ret.final}- + [ &_28 <- _ret ] -{inv_Iter_tup2_usize_Point _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_Iter_tup2_usize_Point _19.current} - MutBorrow.borrow_final {_19.current} {MutBorrow.get_id _19} + | s1 = {inv_Iter_tup2_usize_Point _28.current} + MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} (fun (_ret: MutBorrow.t t_Iter_tup2_usize_Point) -> - [ &_18 <- _ret ] -{inv_Iter_tup2_usize_Point _ret.final}- - [ &_19 <- { _19 with current = _ret.final } ] s2) - | s2 = next_Iter_tup2_usize_Point {_18} (fun (_ret: t_Option_ref_tup2_usize_Point) -> [ &_17 <- _ret ] s3) + [ &_27 <- _ret ] -{inv_Iter_tup2_usize_Point _ret.final}- + [ &_28 <- { _28 with current = _ret.final } ] s2) + | s2 = next_Iter_tup2_usize_Point {_27} (fun (_ret: t_Option_ref_tup2_usize_Point) -> [ &_26 <- _ret ] s3) | s3 = bb6 ] | bb6 = s0 - [ s0 = {[@expl:type invariant] inv_ref_Iter_tup2_usize_Point _19} s1 - | s1 = -{resolve_ref_Iter_tup2_usize_Point _19}- s2 - | s2 = any [ br0 -> {_17 = None} (! bb9) | br1 (x0: tup2_usize_Point) -> {_17 = Some x0} (! bb10) ] ] + [ s0 = {[@expl:type invariant] inv_ref_Iter_tup2_usize_Point _28} s1 + | s1 = -{resolve_ref_Iter_tup2_usize_Point _28}- s2 + | s2 = any [ br0 -> {_26 = None} (! bb9) | br1 (x0: tup2_usize_Point) -> {_26 = Some x0} (! bb10) ] ] | bb10 = s0 - [ s0 = elim_Some {_17} (fun (r0: tup2_usize_Point) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_22 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_26} (fun (r0: tup2_usize_Point) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_31 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb11 ] | bb11 = s0 - [ s0 = [ &produced <- _22 ] s1 + [ s0 = [ &produced <- _31 ] s1 | s1 = [ &x'0 <- __creusot_proc_iter_elem ] s2 | s2 = any [ br0 -> {min'0 = None} (! bb15) | br1 (x0: tup2_usize_Point) -> {min'0 = Some x0} (! bb14) ] ] | bb14 = s0 [ s0 = elim_Some {min'0} (fun (r0: tup2_usize_Point) -> [ &m <- r0 ] s1) - | s1 = [ &_30 <- UInt64.lt x'0.f0 m.f0 ] s2 - | s2 = any [ br0 -> {_30 = false} (! bb4) | br1 -> {_30} (! bb16) ] ] - | bb16 = s0 [ s0 = [ &_33 <- Some x'0 ] s1 | s1 = [ &min'0 <- _33 ] s2 | s2 = bb4 ] - | bb15 = s0 [ s0 = [ &_27 <- Some x'0 ] s1 | s1 = [ &min'0 <- _27 ] s2 | s2 = bb4 ] ] ] + | s1 = [ &_41 <- UInt64.lt x'0.f0 m.f0 ] s2 + | s2 = any [ br0 -> {_41 = false} (! bb4) | br1 -> {_41} (! bb16) ] ] + | bb16 = s0 [ s0 = [ &_44 <- Some x'0 ] s1 | s1 = [ &min'0 <- _44 ] s2 | s2 = bb4 ] + | bb15 = s0 [ s0 = [ &_38 <- Some x'0 ] s1 | s1 = [ &min'0 <- _38 ] s2 | s2 = bb4 ] ] ] | bb9 = s0 [ s0 = {[@expl:type invariant] inv_Iter_tup2_usize_Point iter} s1 | s1 = -{resolve_Iter_tup2_usize_Point iter}- s2 @@ -1103,16 +1103,16 @@ module M_min | & iter: t_Iter_tup2_usize_Point = Any.any_l () | & iter_old: t_Iter_tup2_usize_Point = Any.any_l () | & produced: Seq.seq tup2_usize_Point = Any.any_l () - | & _17: t_Option_ref_tup2_usize_Point = Any.any_l () - | & _18: MutBorrow.t t_Iter_tup2_usize_Point = Any.any_l () - | & _19: MutBorrow.t t_Iter_tup2_usize_Point = Any.any_l () + | & _26: t_Option_ref_tup2_usize_Point = Any.any_l () + | & _27: MutBorrow.t t_Iter_tup2_usize_Point = Any.any_l () + | & _28: MutBorrow.t t_Iter_tup2_usize_Point = Any.any_l () | & __creusot_proc_iter_elem: tup2_usize_Point = Any.any_l () - | & _22: Seq.seq tup2_usize_Point = Any.any_l () + | & _31: Seq.seq tup2_usize_Point = Any.any_l () | & x'0: tup2_usize_Point = Any.any_l () - | & _27: t_Option_ref_tup2_usize_Point = Any.any_l () + | & _38: t_Option_ref_tup2_usize_Point = Any.any_l () | & m: tup2_usize_Point = Any.any_l () - | & _30: bool = Any.any_l () - | & _33: t_Option_ref_tup2_usize_Point = Any.any_l () ]) + | & _41: bool = Any.any_l () + | & _44: t_Option_ref_tup2_usize_Point = Any.any_l () ]) [ return (result: t_Option_ref_tup2_usize_Point) -> {[@expl:min ensures] forall r: tup2_usize_Point. result = Some r -> (exists i: int. 0 <= i /\ i < Seq.length (view_Vec_tup2_usize_Point_Global v) /\ index_Vec_tup2_usize_Point_Global v i = r)} @@ -1475,18 +1475,18 @@ module M_knights_tour (! bb0 [ bb0 = s0 [ s0 = new {size'0} (fun (_ret: t_Board) -> [ &board <- _ret ] s1) | s1 = bb1 ] | bb1 = s0 - [ s0 = Int64.of_int {UInt64.t'int x'0} (fun (_ret_from: Int64.t) -> [ &_10 <- _ret_from ] s1) - | s1 = Int64.of_int {UInt64.t'int y'0} (fun (_ret_from: Int64.t) -> [ &_12 <- _ret_from ] s2) - | s2 = [ &p <- { x = _10; y = _12 } ] s3 + [ s0 = Int64.of_int {UInt64.t'int x'0} (fun (_ret_from: Int64.t) -> [ &_15 <- _ret_from ] s1) + | s1 = Int64.of_int {UInt64.t'int y'0} (fun (_ret_from: Int64.t) -> [ &_17 <- _ret_from ] s2) + | s2 = [ &p <- { x = _15; y = _17 } ] s3 | s3 = MutBorrow.borrow_mut {board} - (fun (_ret: MutBorrow.t t_Board) -> [ &_15 <- _ret ] [ &board <- _ret.final ] s4) - | s4 = set {_15} {p} {(1: UInt64.t)} (fun (_ret: ()) -> [ &_14 <- _ret ] s5) + (fun (_ret: MutBorrow.t t_Board) -> [ &_20 <- _ret ] [ &board <- _ret.final ] s4) + | s4 = set {_20} {p} {(1: UInt64.t)} (fun (_ret: ()) -> [ &_19 <- _ret ] s5) | s5 = bb2 ] - | bb2 = s0 [ s0 = [ &_17 <- dumb_nonlinear_arith size'0 ] s1 | s1 = bb3 ] + | bb2 = s0 [ s0 = [ &_22 <- dumb_nonlinear_arith size'0 ] s1 | s1 = bb3 ] | bb3 = s0 - [ s0 = UInt64.mul {size'0} {size'0} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) - | s1 = [ &_21 <- { start = (2: UInt64.t); end' = _22 } ] s2 - | s2 = into_iter_Range_usize {_21} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s3) + [ s0 = UInt64.mul {size'0} {size'0} (fun (_ret: UInt64.t) -> [ &_28 <- _ret ] s1) + | s1 = [ &_27 <- { start = (2: UInt64.t); end' = _28 } ] s2 + | s2 = into_iter_Range_usize {_27} (fun (_ret: t_Range_usize) -> [ &iter <- _ret ] s3) | s3 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb7 ] @@ -1501,27 +1501,27 @@ module M_knights_tour [ s0 = bb8 ] [ bb8 = s0 [ s0 = MutBorrow.borrow_mut {iter} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_39 <- _ret ] [ &iter <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_39.current} {MutBorrow.get_id _39} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_56 <- _ret ] [ &iter <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_56.current} {MutBorrow.get_id _56} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_38 <- _ret ] [ &_39 <- { _39 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_38} (fun (_ret: t_Option_usize) -> [ &_37 <- _ret ] s3) + [ &_55 <- _ret ] [ &_56 <- { _56 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_55} (fun (_ret: t_Option_usize) -> [ &_54 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = -{resolve_ref_Range_usize _39}- s1 - | s1 = any [ br0 -> {_37 = None} (! bb12) | br1 (x0: UInt64.t) -> {_37 = Some x0} (! bb13) ] ] + [ s0 = -{resolve_ref_Range_usize _56}- s1 + | s1 = any [ br0 -> {_54 = None} (! bb12) | br1 (x0: UInt64.t) -> {_54 = Some x0} (! bb13) ] ] | bb13 = s0 - [ s0 = elim_Some {_37} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_42 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_54} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_59 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = [ &produced <- _42 ] s1 + [ s0 = [ &produced <- _59 ] s1 | s1 = [ &step <- __creusot_proc_iter_elem ] s2 | s2 = new_tup2_usize_Point (fun (_ret: t_Vec_tup2_usize_Point_Global) -> [ &candidates <- _ret ] s3) | s3 = bb15 ] - | bb15 = s0 [ s0 = moves (fun (_ret: t_Vec_tup2_isize_isize_Global) -> [ &_48 <- _ret ] s1) | s1 = bb16 ] + | bb15 = s0 [ s0 = moves (fun (_ret: t_Vec_tup2_isize_isize_Global) -> [ &_67 <- _ret ] s1) | s1 = bb16 ] | bb16 = s0 - [ s0 = into_iter_Vec_tup2_isize_isize_Global {_48} + [ s0 = into_iter_Vec_tup2_isize_isize_Global {_67} (fun (_ret: t_IntoIter_tup2_isize_isize_Global) -> [ &iter'0 <- _ret ] s1) | s1 = bb17 ] | bb17 = s0 [ s0 = [ &iter_old'0 <- iter'0 ] s1 | s1 = bb18 ] @@ -1539,59 +1539,59 @@ module M_knights_tour [ s0 = {inv_IntoIter_tup2_isize_isize_Global iter'0} MutBorrow.borrow_mut {iter'0} (fun (_ret: MutBorrow.t t_IntoIter_tup2_isize_isize_Global) -> - [ &_60 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- + [ &_87 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- [ &iter'0 <- _ret.final ] s1) - | s1 = {inv_IntoIter_tup2_isize_isize_Global _60.current} - MutBorrow.borrow_final {_60.current} {MutBorrow.get_id _60} + | s1 = {inv_IntoIter_tup2_isize_isize_Global _87.current} + MutBorrow.borrow_final {_87.current} {MutBorrow.get_id _87} (fun (_ret: MutBorrow.t t_IntoIter_tup2_isize_isize_Global) -> - [ &_59 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- - [ &_60 <- { _60 with current = _ret.final } ] s2) - | s2 = next_IntoIter_tup2_isize_isize_Global {_59} - (fun (_ret: t_Option_tup2_isize_isize) -> [ &_58 <- _ret ] s3) + [ &_86 <- _ret ] -{inv_IntoIter_tup2_isize_isize_Global _ret.final}- + [ &_87 <- { _87 with current = _ret.final } ] s2) + | s2 = next_IntoIter_tup2_isize_isize_Global {_86} + (fun (_ret: t_Option_tup2_isize_isize) -> [ &_85 <- _ret ] s3) | s3 = bb22 ] | bb22 = s0 - [ s0 = {[@expl:type invariant] inv_ref_IntoIter_tup2_isize_isize_Global _60} s1 - | s1 = -{resolve_ref_IntoIter_tup2_isize_isize_Global _60}- s2 - | s2 = any [ br0 -> {_58 = None'0} (! bb25) | br1 (x0: tup2_isize_isize) -> {_58 = Some'0 x0} (! bb26) ] ] + [ s0 = {[@expl:type invariant] inv_ref_IntoIter_tup2_isize_isize_Global _87} s1 + | s1 = -{resolve_ref_IntoIter_tup2_isize_isize_Global _87}- s2 + | s2 = any [ br0 -> {_85 = None'0} (! bb25) | br1 (x0: tup2_isize_isize) -> {_85 = Some'0 x0} (! bb26) ] ] | bb26 = s0 - [ s0 = elim_Some'0 {_58} (fun (r0: tup2_isize_isize) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) - | s1 = [ &_63 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 + [ s0 = elim_Some'0 {_85} (fun (r0: tup2_isize_isize) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) + | s1 = [ &_90 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 | s2 = bb27 ] | bb27 = s0 - [ s0 = [ &produced'0 <- _63 ] s1 + [ s0 = [ &produced'0 <- _90 ] s1 | s1 = [ &m <- __creusot_proc_iter_elem'0 ] s2 | s2 = {[@expl:assertion] forall r: Seq.seq tup2_isize_isize, a: Seq.seq tup2_isize_isize, b: Seq.seq tup2_isize_isize. r = Seq.(++) a (Seq.(++) (Seq.singleton m) b) -> m = Seq.get r (Seq.length a)} s3 - | s3 = [ &_71 <- m ] s4 - | s4 = mov {p} {_71} (fun (_ret: t_Point) -> [ &adj <- _ret ] s5) + | s3 = [ &_101 <- m ] s4 + | s4 = mov {p} {_101} (fun (_ret: t_Point) -> [ &adj <- _ret ] s5) | s5 = bb28 ] - | bb28 = s0 [ s0 = available {board} {adj} (fun (_ret: bool) -> [ &_72 <- _ret ] s1) | s1 = bb29 ] - | bb29 = any [ br0 -> {_72 = false} (! bb20) | br1 -> {_72} (! bb30) ] + | bb28 = s0 [ s0 = available {board} {adj} (fun (_ret: bool) -> [ &_102 <- _ret ] s1) | s1 = bb29 ] + | bb29 = any [ br0 -> {_102 = false} (! bb20) | br1 -> {_102} (! bb30) ] | bb30 = s0 [ s0 = count_degree {board} {adj} (fun (_ret: UInt64.t) -> [ °ree <- _ret ] s1) | s1 = bb31 ] | bb31 = s0 - [ s0 = [ &_80 <- { f0 = degree; f1 = adj } ] s1 + [ s0 = [ &_110 <- { f0 = degree; f1 = adj } ] s1 | s1 = MutBorrow.borrow_mut {candidates} (fun (_ret: MutBorrow.t t_Vec_tup2_usize_Point_Global) -> - [ &_79 <- _ret ] [ &candidates <- _ret.final ] s2) - | s2 = push_tup2_usize_Point {_79} {_80} (fun (_ret: ()) -> [ &_78 <- _ret ] s3) + [ &_109 <- _ret ] [ &candidates <- _ret.final ] s2) + | s2 = push_tup2_usize_Point {_109} {_110} (fun (_ret: ()) -> [ &_108 <- _ret ] s3) | s3 = bb20 ] ] ] | bb25 = s0 [ s0 = {[@expl:type invariant] inv_IntoIter_tup2_isize_isize_Global iter'0} s1 | s1 = -{resolve_IntoIter_tup2_isize_isize_Global'0 iter'0}- s2 | s2 = bb35 ] | bb35 = s0 - [ s0 = [ &_87 <- candidates ] s1 - | s1 = min {_87} (fun (_ret: t_Option_ref_tup2_usize_Point) -> [ &_85 <- _ret ] s2) + [ s0 = [ &_117 <- candidates ] s1 + | s1 = min {_117} (fun (_ret: t_Option_ref_tup2_usize_Point) -> [ &_115 <- _ret ] s2) | s2 = bb36 ] - | bb36 = any [ br0 -> {_85 = None'1} (! bb39) | br1 (x0: tup2_usize_Point) -> {_85 = Some'1 x0} (! bb40) ] + | bb36 = any [ br0 -> {_115 = None'1} (! bb39) | br1 (x0: tup2_usize_Point) -> {_115 = Some'1 x0} (! bb40) ] | bb40 = s0 - [ s0 = elim_Some'1 {_85} (fun (r0: tup2_usize_Point) -> [ &adj'0 <- r0.f1 ] s1) + [ s0 = elim_Some'1 {_115} (fun (r0: tup2_usize_Point) -> [ &adj'0 <- r0.f1 ] s1) | s1 = [ &p <- adj'0 ] s2 | s2 = MutBorrow.borrow_mut {board} - (fun (_ret: MutBorrow.t t_Board) -> [ &_93 <- _ret ] [ &board <- _ret.final ] s3) - | s3 = set {_93} {p} {step} (fun (_ret: ()) -> [ &_92 <- _ret ] s4) + (fun (_ret: MutBorrow.t t_Board) -> [ &_123 <- _ret ] [ &board <- _ret.final ] s3) + | s3 = set {_123} {p} {step} (fun (_ret: ()) -> [ &_122 <- _ret ] s4) | s4 = bb7 ] ] ] | bb39 = s0 [ s0 = [ &_0 <- None'2 ] s1 | s1 = bb47 ] | bb12 = s0 [ s0 = [ &_0 <- Some'2 board ] s1 | s1 = bb47 ] @@ -1602,43 +1602,43 @@ module M_knights_tour | & y'0: UInt64.t = y'0 | & board: t_Board = Any.any_l () | & p: t_Point = Any.any_l () - | & _10: Int64.t = Any.any_l () - | & _12: Int64.t = Any.any_l () - | & _14: () = Any.any_l () - | & _15: MutBorrow.t t_Board = Any.any_l () - | & _17: () = Any.any_l () + | & _15: Int64.t = Any.any_l () + | & _17: Int64.t = Any.any_l () + | & _19: () = Any.any_l () + | & _20: MutBorrow.t t_Board = Any.any_l () + | & _22: () = Any.any_l () | & iter: t_Range_usize = Any.any_l () - | & _21: t_Range_usize = Any.any_l () - | & _22: UInt64.t = Any.any_l () + | & _27: t_Range_usize = Any.any_l () + | & _28: UInt64.t = Any.any_l () | & iter_old: t_Range_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _37: t_Option_usize = Any.any_l () - | & _38: MutBorrow.t t_Range_usize = Any.any_l () - | & _39: MutBorrow.t t_Range_usize = Any.any_l () + | & _54: t_Option_usize = Any.any_l () + | & _55: MutBorrow.t t_Range_usize = Any.any_l () + | & _56: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _42: Seq.seq UInt64.t = Any.any_l () + | & _59: Seq.seq UInt64.t = Any.any_l () | & step: UInt64.t = Any.any_l () | & candidates: t_Vec_tup2_usize_Point_Global = Any.any_l () | & iter'0: t_IntoIter_tup2_isize_isize_Global = Any.any_l () - | & _48: t_Vec_tup2_isize_isize_Global = Any.any_l () + | & _67: t_Vec_tup2_isize_isize_Global = Any.any_l () | & iter_old'0: t_IntoIter_tup2_isize_isize_Global = Any.any_l () | & produced'0: Seq.seq tup2_isize_isize = Any.any_l () - | & _58: t_Option_tup2_isize_isize = Any.any_l () - | & _59: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () - | & _60: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () + | & _85: t_Option_tup2_isize_isize = Any.any_l () + | & _86: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () + | & _87: MutBorrow.t t_IntoIter_tup2_isize_isize_Global = Any.any_l () | & __creusot_proc_iter_elem'0: tup2_isize_isize = Any.any_l () - | & _63: Seq.seq tup2_isize_isize = Any.any_l () + | & _90: Seq.seq tup2_isize_isize = Any.any_l () | & m: tup2_isize_isize = Any.any_l () | & adj: t_Point = Any.any_l () - | & _71: tup2_isize_isize = Any.any_l () - | & _72: bool = Any.any_l () + | & _101: tup2_isize_isize = Any.any_l () + | & _102: bool = Any.any_l () | & degree: UInt64.t = Any.any_l () - | & _78: () = Any.any_l () - | & _79: MutBorrow.t t_Vec_tup2_usize_Point_Global = Any.any_l () - | & _80: tup2_usize_Point = Any.any_l () - | & _85: t_Option_ref_tup2_usize_Point = Any.any_l () - | & _87: t_Vec_tup2_usize_Point_Global = Any.any_l () + | & _108: () = Any.any_l () + | & _109: MutBorrow.t t_Vec_tup2_usize_Point_Global = Any.any_l () + | & _110: tup2_usize_Point = Any.any_l () + | & _115: t_Option_ref_tup2_usize_Point = Any.any_l () + | & _117: t_Vec_tup2_usize_Point_Global = Any.any_l () | & adj'0: t_Point = Any.any_l () - | & _92: () = Any.any_l () - | & _93: MutBorrow.t t_Board = Any.any_l () ]) [ return (result: t_Option_Board) -> (! return {result}) ] + | & _122: () = Any.any_l () + | & _123: MutBorrow.t t_Board = Any.any_l () ]) [ return (result: t_Option_Board) -> (! return {result}) ] end diff --git a/tests/should_succeed/vector/07_read_write.coma b/tests/should_succeed/vector/07_read_write.coma index d5c7f02c61..a6ec4df4b8 100644 --- a/tests/should_succeed/vector/07_read_write.coma +++ b/tests/should_succeed/vector/07_read_write.coma @@ -152,28 +152,28 @@ module M_read_write [ s0 = {inv_Vec_T_Global a.current} MutBorrow.borrow_final {a.current} {MutBorrow.get_id a} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_7 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_9 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &a <- { a with current = _ret.final } ] s1) - | s1 = index_mut_Vec_T_Global {_7} {i} (fun (_ret: MutBorrow.t t_T) -> [ &_6 <- _ret ] s2) + | s1 = index_mut_Vec_T_Global {_9} {i} (fun (_ret: MutBorrow.t t_T) -> [ &_8 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 - [ s0 = [ &_6 <- { _6 with current = x } ] s1 - | s1 = {[@expl:type invariant] inv_ref_T _6} s2 - | s2 = -{resolve_ref_T _6}- s3 + [ s0 = [ &_8 <- { _8 with current = x } ] s1 + | s1 = {[@expl:type invariant] inv_ref_T _8} s2 + | s2 = -{resolve_ref_T _8}- s3 | s3 = {[@expl:type invariant] inv_ref_Vec_T_Global a} s4 | s4 = -{resolve_ref_Vec_T_Global a}- s5 - | s5 = index_Vec_T_Global {a.current} {i} (fun (_ret: t_T) -> [ &_12 <- _ret ] s6) + | s5 = index_Vec_T_Global {a.current} {i} (fun (_ret: t_T) -> [ &_14 <- _ret ] s6) | s6 = bb2 ] - | bb2 = s0 [ s0 = eq_T {_12} {x} (fun (_ret: bool) -> [ &_10 <- _ret ] s1) | s1 = bb3 ] - | bb3 = any [ br0 -> {_10 = false} (! bb5) | br1 -> {_10} (! bb4) ] + | bb2 = s0 [ s0 = eq_T {_14} {x} (fun (_ret: bool) -> [ &_12 <- _ret ] s1) | s1 = bb3 ] + | bb3 = any [ br0 -> {_12 = false} (! bb5) | br1 -> {_12} (! bb4) ] | bb4 = return {_0} | bb5 = {false} any ] [ & _0: () = Any.any_l () | & a: MutBorrow.t t_Vec_T_Global = a | & i: UInt64.t = i | & x: t_T = x - | & _6: MutBorrow.t t_T = Any.any_l () - | & _7: MutBorrow.t t_Vec_T_Global = Any.any_l () - | & _10: bool = Any.any_l () - | & _12: t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] + | & _8: MutBorrow.t t_T = Any.any_l () + | & _9: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _12: bool = Any.any_l () + | & _14: t_T = Any.any_l () ]) [ return (result: ()) -> (! return {result}) ] end diff --git a/tests/should_succeed/vector/08_haystack.coma b/tests/should_succeed/vector/08_haystack.coma index f5fcf02e87..cb185fec57 100644 --- a/tests/should_succeed/vector/08_haystack.coma +++ b/tests/should_succeed/vector/08_haystack.coma @@ -191,14 +191,14 @@ module M_search {[@expl:search requires] Seq.length (view_Vec_u8_Global needle) >= 1 /\ Seq.length (view_Vec_u8_Global needle) <= Seq.length (view_Vec_u8_Global haystack)} (! bb0 - [ bb0 = s0 [ s0 = len_u8 {haystack} (fun (_ret: UInt64.t) -> [ &_12 <- _ret ] s1) | s1 = bb1 ] - | bb1 = s0 [ s0 = len_u8 {needle} (fun (_ret: UInt64.t) -> [ &_14 <- _ret ] s1) | s1 = bb2 ] + [ bb0 = s0 [ s0 = len_u8 {haystack} (fun (_ret: UInt64.t) -> [ &_20 <- _ret ] s1) | s1 = bb1 ] + | bb1 = s0 [ s0 = len_u8 {needle} (fun (_ret: UInt64.t) -> [ &_22 <- _ret ] s1) | s1 = bb2 ] | bb2 = s0 - [ s0 = UInt64.sub {_12} {_14} (fun (_ret: UInt64.t) -> [ &_11 <- _ret ] s1) - | s1 = new_usize {(0: UInt64.t)} {_11} (fun (_ret: t_RangeInclusive_usize) -> [ &_10 <- _ret ] s2) + [ s0 = UInt64.sub {_20} {_22} (fun (_ret: UInt64.t) -> [ &_19 <- _ret ] s1) + | s1 = new_usize {(0: UInt64.t)} {_19} (fun (_ret: t_RangeInclusive_usize) -> [ &_18 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 - [ s0 = into_iter_RangeInclusive_usize {_10} (fun (_ret: t_RangeInclusive_usize) -> [ &iter <- _ret ] s1) + [ s0 = into_iter_RangeInclusive_usize {_18} (fun (_ret: t_RangeInclusive_usize) -> [ &iter <- _ret ] s1) | s1 = bb4 ] | bb4 = s0 [ s0 = [ &iter_old <- iter ] s1 | s1 = bb5 ] | bb5 = s0 [ s0 = [ &produced <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb7 ] @@ -214,31 +214,31 @@ module M_search [ s0 = {inv_RangeInclusive_usize iter} MutBorrow.borrow_mut {iter} (fun (_ret: MutBorrow.t t_RangeInclusive_usize) -> - [ &_28 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- + [ &_45 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- [ &iter <- _ret.final ] s1) - | s1 = {inv_RangeInclusive_usize _28.current} - MutBorrow.borrow_final {_28.current} {MutBorrow.get_id _28} + | s1 = {inv_RangeInclusive_usize _45.current} + MutBorrow.borrow_final {_45.current} {MutBorrow.get_id _45} (fun (_ret: MutBorrow.t t_RangeInclusive_usize) -> - [ &_27 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- - [ &_28 <- { _28 with current = _ret.final } ] s2) - | s2 = next_RangeInclusive_usize {_27} (fun (_ret: t_Option_usize) -> [ &_26 <- _ret ] s3) + [ &_44 <- _ret ] -{inv_RangeInclusive_usize _ret.final}- + [ &_45 <- { _45 with current = _ret.final } ] s2) + | s2 = next_RangeInclusive_usize {_44} (fun (_ret: t_Option_usize) -> [ &_43 <- _ret ] s3) | s3 = bb9 ] | bb9 = s0 - [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_usize _28} s1 - | s1 = -{resolve_ref_RangeInclusive_usize _28}- s2 - | s2 = any [ br0 -> {_26 = None} (! bb12) | br1 (x0: UInt64.t) -> {_26 = Some x0} (! bb13) ] ] + [ s0 = {[@expl:type invariant] inv_ref_RangeInclusive_usize _45} s1 + | s1 = -{resolve_ref_RangeInclusive_usize _45}- s2 + | s2 = any [ br0 -> {_43 = None} (! bb12) | br1 (x0: UInt64.t) -> {_43 = Some x0} (! bb13) ] ] | bb13 = s0 - [ s0 = elim_Some {_26} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) - | s1 = [ &_31 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 + [ s0 = elim_Some {_43} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem <- r0 ] s1) + | s1 = [ &_48 <- Seq.(++) produced (Seq.singleton __creusot_proc_iter_elem) ] s2 | s2 = bb14 ] | bb14 = s0 - [ s0 = [ &produced <- _31 ] s1 + [ s0 = [ &produced <- _48 ] s1 | s1 = [ &i <- __creusot_proc_iter_elem ] s2 - | s2 = len_u8 {needle} (fun (_ret: UInt64.t) -> [ &_38 <- _ret ] s3) + | s2 = len_u8 {needle} (fun (_ret: UInt64.t) -> [ &_57 <- _ret ] s3) | s3 = bb15 ] | bb15 = s0 - [ s0 = [ &_37 <- { start = (0: UInt64.t); end' = _38 } ] s1 - | s1 = into_iter_Range_usize {_37} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) + [ s0 = [ &_56 <- { start = (0: UInt64.t); end' = _57 } ] s1 + | s1 = into_iter_Range_usize {_56} (fun (_ret: t_Range_usize) -> [ &iter'0 <- _ret ] s2) | s2 = bb16 ] | bb16 = s0 [ s0 = [ &iter_old'0 <- iter'0 ] s1 | s1 = bb17 ] | bb17 = s0 [ s0 = [ &produced'0 <- Seq.empty: Seq.seq UInt64.t ] s1 | s1 = bb19 ] @@ -251,31 +251,31 @@ module M_search [ s0 = bb20 ] [ bb20 = s0 [ s0 = MutBorrow.borrow_mut {iter'0} - (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_51 <- _ret ] [ &iter'0 <- _ret.final ] s1) - | s1 = MutBorrow.borrow_final {_51.current} {MutBorrow.get_id _51} + (fun (_ret: MutBorrow.t t_Range_usize) -> [ &_80 <- _ret ] [ &iter'0 <- _ret.final ] s1) + | s1 = MutBorrow.borrow_final {_80.current} {MutBorrow.get_id _80} (fun (_ret: MutBorrow.t t_Range_usize) -> - [ &_50 <- _ret ] [ &_51 <- { _51 with current = _ret.final } ] s2) - | s2 = next_Range_usize {_50} (fun (_ret: t_Option_usize) -> [ &_49 <- _ret ] s3) + [ &_79 <- _ret ] [ &_80 <- { _80 with current = _ret.final } ] s2) + | s2 = next_Range_usize {_79} (fun (_ret: t_Option_usize) -> [ &_78 <- _ret ] s3) | s3 = bb21 ] | bb21 = s0 - [ s0 = -{resolve_ref_Range_usize _51}- s1 - | s1 = any [ br0 -> {_49 = None} (! bb24) | br1 (x0: UInt64.t) -> {_49 = Some x0} (! bb25) ] ] + [ s0 = -{resolve_ref_Range_usize _80}- s1 + | s1 = any [ br0 -> {_78 = None} (! bb24) | br1 (x0: UInt64.t) -> {_78 = Some x0} (! bb25) ] ] | bb25 = s0 - [ s0 = elim_Some {_49} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) - | s1 = [ &_54 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 + [ s0 = elim_Some {_78} (fun (r0: UInt64.t) -> [ &__creusot_proc_iter_elem'0 <- r0 ] s1) + | s1 = [ &_83 <- Seq.(++) produced'0 (Seq.singleton __creusot_proc_iter_elem'0) ] s2 | s2 = bb26 ] | bb26 = s0 - [ s0 = [ &produced'0 <- _54 ] s1 + [ s0 = [ &produced'0 <- _83 ] s1 | s1 = [ &j <- __creusot_proc_iter_elem'0 ] s2 - | s2 = index_Vec_u8_Global'0 {needle} {j} (fun (_ret: UInt8.t) -> [ &_59 <- _ret ] s3) + | s2 = index_Vec_u8_Global'0 {needle} {j} (fun (_ret: UInt8.t) -> [ &_90 <- _ret ] s3) | s3 = bb27 ] | bb27 = s0 - [ s0 = UInt64.add {i} {j} (fun (_ret: UInt64.t) -> [ &_65 <- _ret ] s1) - | s1 = index_Vec_u8_Global'0 {haystack} {_65} (fun (_ret: UInt8.t) -> [ &_63 <- _ret ] s2) + [ s0 = UInt64.add {i} {j} (fun (_ret: UInt64.t) -> [ &_96 <- _ret ] s1) + | s1 = index_Vec_u8_Global'0 {haystack} {_96} (fun (_ret: UInt8.t) -> [ &_94 <- _ret ] s2) | s2 = bb28 ] | bb28 = s0 - [ s0 = [ &_57 <- _59 <> _63 ] s1 - | s1 = any [ br0 -> {_57 = false} (! bb19) | br1 -> {_57} (! bb7) ] ] ] ] ] ] + [ s0 = [ &_88 <- _90 <> _94 ] s1 + | s1 = any [ br0 -> {_88 = false} (! bb19) | br1 -> {_88} (! bb7) ] ] ] ] ] ] | bb24 = s0 [ s0 = {[@expl:type invariant] inv_RangeInclusive_usize iter} s1 | s1 = -{resolve_RangeInclusive_usize iter}- s2 @@ -291,33 +291,33 @@ module M_search | & needle: t_Vec_u8_Global = needle | & haystack: t_Vec_u8_Global = haystack | & iter: t_RangeInclusive_usize = Any.any_l () - | & _10: t_RangeInclusive_usize = Any.any_l () - | & _11: UInt64.t = Any.any_l () - | & _12: UInt64.t = Any.any_l () - | & _14: UInt64.t = Any.any_l () + | & _18: t_RangeInclusive_usize = Any.any_l () + | & _19: UInt64.t = Any.any_l () + | & _20: UInt64.t = Any.any_l () + | & _22: UInt64.t = Any.any_l () | & iter_old: t_RangeInclusive_usize = Any.any_l () | & produced: Seq.seq UInt64.t = Any.any_l () - | & _26: t_Option_usize = Any.any_l () - | & _27: MutBorrow.t t_RangeInclusive_usize = Any.any_l () - | & _28: MutBorrow.t t_RangeInclusive_usize = Any.any_l () + | & _43: t_Option_usize = Any.any_l () + | & _44: MutBorrow.t t_RangeInclusive_usize = Any.any_l () + | & _45: MutBorrow.t t_RangeInclusive_usize = Any.any_l () | & __creusot_proc_iter_elem: UInt64.t = Any.any_l () - | & _31: Seq.seq UInt64.t = Any.any_l () + | & _48: Seq.seq UInt64.t = Any.any_l () | & i: UInt64.t = Any.any_l () | & iter'0: t_Range_usize = Any.any_l () - | & _37: t_Range_usize = Any.any_l () - | & _38: UInt64.t = Any.any_l () + | & _56: t_Range_usize = Any.any_l () + | & _57: UInt64.t = Any.any_l () | & iter_old'0: t_Range_usize = Any.any_l () | & produced'0: Seq.seq UInt64.t = Any.any_l () - | & _49: t_Option_usize = Any.any_l () - | & _50: MutBorrow.t t_Range_usize = Any.any_l () - | & _51: MutBorrow.t t_Range_usize = Any.any_l () + | & _78: t_Option_usize = Any.any_l () + | & _79: MutBorrow.t t_Range_usize = Any.any_l () + | & _80: MutBorrow.t t_Range_usize = Any.any_l () | & __creusot_proc_iter_elem'0: UInt64.t = Any.any_l () - | & _54: Seq.seq UInt64.t = Any.any_l () + | & _83: Seq.seq UInt64.t = Any.any_l () | & j: UInt64.t = Any.any_l () - | & _57: bool = Any.any_l () - | & _59: UInt8.t = Any.any_l () - | & _63: UInt8.t = Any.any_l () - | & _65: UInt64.t = Any.any_l () ]) + | & _88: bool = Any.any_l () + | & _90: UInt8.t = Any.any_l () + | & _94: UInt8.t = Any.any_l () + | & _96: UInt64.t = Any.any_l () ]) [ return (result: UInt64.t) -> {[@expl:search ensures #0] UInt64.t'int result = Seq.length (view_Vec_u8_Global haystack) \/ UInt64.t'int result < Seq.length (view_Vec_u8_Global haystack) - Seq.length (view_Vec_u8_Global needle) + 1} diff --git a/tests/should_succeed/vector/09_capacity.coma b/tests/should_succeed/vector/09_capacity.coma index b8ad961adf..6341b50f32 100644 --- a/tests/should_succeed/vector/09_capacity.coma +++ b/tests/should_succeed/vector/09_capacity.coma @@ -84,33 +84,33 @@ module M_change_capacity [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_5 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_7 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = reserve_T {_5} {(100: UInt64.t)} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) + | s1 = reserve_T {_7} {(100: UInt64.t)} (fun (_ret: ()) -> [ &_6 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_7 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_9 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = reserve_exact_T {_7} {(200: UInt64.t)} (fun (_ret: ()) -> [ &_6 <- _ret ] s2) + | s1 = reserve_exact_T {_9} {(200: UInt64.t)} (fun (_ret: ()) -> [ &_8 <- _ret ] s2) | s2 = bb2 ] | bb2 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_mut {v.current} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_9 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_11 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = shrink_to_fit_T {_9} (fun (_ret: ()) -> [ &_8 <- _ret ] s2) + | s1 = shrink_to_fit_T {_11} (fun (_ret: ()) -> [ &_10 <- _ret ] s2) | s2 = bb3 ] | bb3 = s0 [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_11 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_13 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = shrink_to_T {_11} {(1: UInt64.t)} (fun (_ret: ()) -> [ &_10 <- _ret ] s2) + | s1 = shrink_to_T {_13} {(1: UInt64.t)} (fun (_ret: ()) -> [ &_12 <- _ret ] s2) | s2 = bb4 ] | bb4 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global v} s1 @@ -118,14 +118,14 @@ module M_change_capacity | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_T_Global = v - | & _4: () = Any.any_l () - | & _5: MutBorrow.t t_Vec_T_Global = Any.any_l () | & _6: () = Any.any_l () | & _7: MutBorrow.t t_Vec_T_Global = Any.any_l () | & _8: () = Any.any_l () | & _9: MutBorrow.t t_Vec_T_Global = Any.any_l () | & _10: () = Any.any_l () - | & _11: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) + | & _11: MutBorrow.t t_Vec_T_Global = Any.any_l () + | & _12: () = Any.any_l () + | & _13: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:change_capacity ensures #0] Seq.length (view_Vec_T_Global v.final) = Seq.length (view_Vec_T_Global v.current)} {[@expl:change_capacity ensures #1] forall i: int. 0 <= i /\ i < Seq.length (view_Vec_T_Global v.current) @@ -201,9 +201,9 @@ module M_clear_vec [ s0 = {inv_Vec_T_Global v.current} MutBorrow.borrow_final {v.current} {MutBorrow.get_id v} (fun (_ret: MutBorrow.t t_Vec_T_Global) -> - [ &_4 <- _ret ] -{inv_Vec_T_Global _ret.final}- + [ &_5 <- _ret ] -{inv_Vec_T_Global _ret.final}- [ &v <- { v with current = _ret.final } ] s1) - | s1 = clear_T {_4} (fun (_ret: ()) -> [ &_3 <- _ret ] s2) + | s1 = clear_T {_5} (fun (_ret: ()) -> [ &_4 <- _ret ] s2) | s2 = bb1 ] | bb1 = s0 [ s0 = {[@expl:type invariant] inv_ref_Vec_T_Global v} s1 @@ -211,8 +211,8 @@ module M_clear_vec | s2 = return {_0} ] ] [ & _0: () = Any.any_l () | & v: MutBorrow.t t_Vec_T_Global = v - | & _3: () = Any.any_l () - | & _4: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) + | & _4: () = Any.any_l () + | & _5: MutBorrow.t t_Vec_T_Global = Any.any_l () ]) [ return (result: ()) -> {[@expl:clear_vec ensures] Seq.length (view_Vec_T_Global v.final) = 0} (! return {result}) ] end diff --git a/why3/src/lib.rs b/why3/src/lib.rs index 75a4501e35..e0395344c6 100644 --- a/why3/src/lib.rs +++ b/why3/src/lib.rs @@ -1,4 +1,4 @@ -#![feature(slice_as_array)] +#![feature(alloc_slice_into_array)] pub mod ce_models; pub mod coma;