summaryrefslogtreecommitdiff
path: root/tests/fstar/hashmap_on_disk
diff options
context:
space:
mode:
authorSon HO2024-04-11 20:32:15 +0200
committerGitHub2024-04-11 20:32:15 +0200
commit77d74452489f85f558efe07d72d0200c80b16444 (patch)
tree810c6504b8e5b2fcde58841e25079d5e8c8e92ae /tests/fstar/hashmap_on_disk
parent4fb9c9f655a9ffc3b4a1a717988311c057c9c599 (diff)
parent2f8aa9b47acb5c98aed91c29b04f71099452e781 (diff)
Merge pull request #123 from AeneasVerif/son/clean
Cleanup the code in preparation of the nested loops
Diffstat (limited to 'tests/fstar/hashmap_on_disk')
-rw-r--r--tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst70
-rw-r--r--tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst8
-rw-r--r--tests/fstar/hashmap_on_disk/Primitives.fst56
3 files changed, 64 insertions, 70 deletions
diff --git a/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst b/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst
index e0005c81..ff86e087 100644
--- a/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst
+++ b/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst
@@ -11,7 +11,7 @@ include HashmapMain.Clauses
(** [hashmap_main::hashmap::hash_key]:
Source: 'src/hashmap.rs', lines 27:0-27:32 *)
let hashmap_hash_key (k : usize) : result usize =
- Return k
+ Ok k
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::allocate_slots]: loop 0:
Source: 'src/hashmap.rs', lines 50:4-56:5 *)
@@ -26,7 +26,7 @@ let rec hashmap_HashMap_allocate_slots_loop
in
let* n1 = usize_sub n 1 in
hashmap_HashMap_allocate_slots_loop t slots1 n1
- else Return slots
+ else Ok slots
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::allocate_slots]:
Source: 'src/hashmap.rs', lines 50:4-50:76 *)
@@ -48,7 +48,7 @@ let hashmap_HashMap_new_with_capacity
capacity in
let* i = usize_mul capacity max_load_dividend in
let* i1 = usize_div i max_load_divisor in
- Return
+ Ok
{
num_entries = 0;
max_load_factor = (max_load_dividend, max_load_divisor);
@@ -78,20 +78,20 @@ let rec hashmap_HashMap_clear_loop
let* i2 = usize_add i 1 in
let* slots1 = index_mut_back Hashmap_List_Nil in
hashmap_HashMap_clear_loop t slots1 i2
- else Return slots
+ else Ok slots
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::clear]:
Source: 'src/hashmap.rs', lines 80:4-80:27 *)
let hashmap_HashMap_clear
(t : Type0) (self : hashmap_HashMap_t t) : result (hashmap_HashMap_t t) =
let* hm = hashmap_HashMap_clear_loop t self.slots 0 in
- Return { self with num_entries = 0; slots = hm }
+ Ok { self with num_entries = 0; slots = hm }
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::len]:
Source: 'src/hashmap.rs', lines 90:4-90:30 *)
let hashmap_HashMap_len
(t : Type0) (self : hashmap_HashMap_t t) : result usize =
- Return self.num_entries
+ Ok self.num_entries
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert_in_list]: loop 0:
Source: 'src/hashmap.rs', lines 97:4-114:5 *)
@@ -103,12 +103,11 @@ let rec hashmap_HashMap_insert_in_list_loop
begin match ls with
| Hashmap_List_Cons ckey cvalue tl ->
if ckey = key
- then Return (false, Hashmap_List_Cons ckey value tl)
+ then Ok (false, Hashmap_List_Cons ckey value tl)
else
let* (b, tl1) = hashmap_HashMap_insert_in_list_loop t key value tl in
- Return (b, Hashmap_List_Cons ckey cvalue tl1)
- | Hashmap_List_Nil ->
- Return (true, Hashmap_List_Cons key value Hashmap_List_Nil)
+ Ok (b, Hashmap_List_Cons ckey cvalue tl1)
+ | Hashmap_List_Nil -> Ok (true, Hashmap_List_Cons key value Hashmap_List_Nil)
end
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert_in_list]:
@@ -137,8 +136,8 @@ let hashmap_HashMap_insert_no_resize
then
let* i1 = usize_add self.num_entries 1 in
let* v = index_mut_back l1 in
- Return { self with num_entries = i1; slots = v }
- else let* v = index_mut_back l1 in Return { self with slots = v }
+ Ok { self with num_entries = i1; slots = v }
+ else let* v = index_mut_back l1 in Ok { self with slots = v }
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements_from_list]: loop 0:
Source: 'src/hashmap.rs', lines 183:4-196:5 *)
@@ -152,7 +151,7 @@ let rec hashmap_HashMap_move_elements_from_list_loop
| Hashmap_List_Cons k v tl ->
let* ntable1 = hashmap_HashMap_insert_no_resize t ntable k v in
hashmap_HashMap_move_elements_from_list_loop t ntable1 tl
- | Hashmap_List_Nil -> Return ntable
+ | Hashmap_List_Nil -> Ok ntable
end
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements_from_list]:
@@ -183,7 +182,7 @@ let rec hashmap_HashMap_move_elements_loop
let* i2 = usize_add i 1 in
let* slots1 = index_mut_back l1 in
hashmap_HashMap_move_elements_loop t ntable1 slots1 i2
- else Return (ntable, slots)
+ else Ok (ntable, slots)
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements]:
Source: 'src/hashmap.rs', lines 171:4-171:95 *)
@@ -209,10 +208,10 @@ let hashmap_HashMap_try_resize
let* ntable = hashmap_HashMap_new_with_capacity t i3 i i1 in
let* p = hashmap_HashMap_move_elements t ntable self.slots 0 in
let (ntable1, _) = p in
- Return
+ Ok
{ ntable1 with num_entries = self.num_entries; max_load_factor = (i, i1)
}
- else Return { self with max_load_factor = (i, i1) }
+ else Ok { self with max_load_factor = (i, i1) }
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert]:
Source: 'src/hashmap.rs', lines 129:4-129:48 *)
@@ -222,9 +221,7 @@ let hashmap_HashMap_insert
=
let* self1 = hashmap_HashMap_insert_no_resize t self key value in
let* i = hashmap_HashMap_len t self1 in
- if i > self1.max_load
- then hashmap_HashMap_try_resize t self1
- else Return self1
+ if i > self1.max_load then hashmap_HashMap_try_resize t self1 else Ok self1
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::contains_key_in_list]: loop 0:
Source: 'src/hashmap.rs', lines 206:4-219:5 *)
@@ -236,9 +233,9 @@ let rec hashmap_HashMap_contains_key_in_list_loop
begin match ls with
| Hashmap_List_Cons ckey _ tl ->
if ckey = key
- then Return true
+ then Ok true
else hashmap_HashMap_contains_key_in_list_loop t key tl
- | Hashmap_List_Nil -> Return false
+ | Hashmap_List_Nil -> Ok false
end
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::contains_key_in_list]:
@@ -269,9 +266,7 @@ let rec hashmap_HashMap_get_in_list_loop
=
begin match ls with
| Hashmap_List_Cons ckey cvalue tl ->
- if ckey = key
- then Return cvalue
- else hashmap_HashMap_get_in_list_loop t key tl
+ if ckey = key then Ok cvalue else hashmap_HashMap_get_in_list_loop t key tl
| Hashmap_List_Nil -> Fail Failure
end
@@ -305,14 +300,14 @@ let rec hashmap_HashMap_get_mut_in_list_loop
| Hashmap_List_Cons ckey cvalue tl ->
if ckey = key
then
- let back = fun ret -> Return (Hashmap_List_Cons ckey ret tl) in
- Return (cvalue, back)
+ let back = fun ret -> Ok (Hashmap_List_Cons ckey ret tl) in
+ Ok (cvalue, back)
else
let* (x, back) = hashmap_HashMap_get_mut_in_list_loop t tl key in
let back1 =
fun ret ->
- let* tl1 = back ret in Return (Hashmap_List_Cons ckey cvalue tl1) in
- Return (x, back1)
+ let* tl1 = back ret in Ok (Hashmap_List_Cons ckey cvalue tl1) in
+ Ok (x, back1)
| Hashmap_List_Nil -> Fail Failure
end
@@ -342,8 +337,8 @@ let hashmap_HashMap_get_mut
fun ret ->
let* l1 = get_mut_in_list_back ret in
let* v = index_mut_back l1 in
- Return { self with slots = v } in
- Return (x, back)
+ Ok { self with slots = v } in
+ Ok (x, back)
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::remove_from_list]: loop 0:
Source: 'src/hashmap.rs', lines 265:4-291:5 *)
@@ -360,13 +355,13 @@ let rec hashmap_HashMap_remove_from_list_loop
core_mem_replace (hashmap_List_t t) (Hashmap_List_Cons ckey x tl)
Hashmap_List_Nil in
begin match mv_ls with
- | Hashmap_List_Cons _ cvalue tl1 -> Return (Some cvalue, tl1)
+ | Hashmap_List_Cons _ cvalue tl1 -> Ok (Some cvalue, tl1)
| Hashmap_List_Nil -> Fail Failure
end
else
let* (o, tl1) = hashmap_HashMap_remove_from_list_loop t key tl in
- Return (o, Hashmap_List_Cons ckey x tl1)
- | Hashmap_List_Nil -> Return (None, Hashmap_List_Nil)
+ Ok (o, Hashmap_List_Cons ckey x tl1)
+ | Hashmap_List_Nil -> Ok (None, Hashmap_List_Nil)
end
(** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::remove_from_list]:
@@ -392,12 +387,11 @@ let hashmap_HashMap_remove
self.slots hash_mod in
let* (x, l1) = hashmap_HashMap_remove_from_list t key l in
begin match x with
- | None ->
- let* v = index_mut_back l1 in Return (None, { self with slots = v })
+ | None -> let* v = index_mut_back l1 in Ok (None, { self with slots = v })
| Some x1 ->
let* i1 = usize_sub self.num_entries 1 in
let* v = index_mut_back l1 in
- Return (Some x1, { self with num_entries = i1; slots = v })
+ Ok (Some x1, { self with num_entries = i1; slots = v })
end
(** [hashmap_main::hashmap::test1]:
@@ -434,7 +428,7 @@ let hashmap_test1 : result unit =
then Fail Failure
else
let* i4 = hashmap_HashMap_get u64 hm6 1056 in
- if not (i4 = 256) then Fail Failure else Return ()
+ if not (i4 = 256) then Fail Failure else Ok ()
end
(** [hashmap_main::insert_on_disk]:
@@ -448,5 +442,5 @@ let insert_on_disk
(** [hashmap_main::main]:
Source: 'src/hashmap_main.rs', lines 16:0-16:13 *)
let main : result unit =
- Return ()
+ Ok ()
diff --git a/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst b/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst
index 358df29e..beb3dc2c 100644
--- a/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst
+++ b/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst
@@ -20,7 +20,7 @@ assume
val serialize_lem (hm : hashmap_HashMap_t u64) (st : state) : Lemma (
match hashmap_utils_serialize hm st with
| Fail _ -> True
- | Return (st', ()) -> state_v st' == hm)
+ | Ok (st', ()) -> state_v st' == hm)
[SMTPat (hashmap_utils_serialize hm st)]
/// [deserialize] gives us the hash map stored on disk, without updating it
@@ -28,7 +28,7 @@ assume
val deserialize_lem (st : state) : Lemma (
match hashmap_utils_deserialize st with
| Fail _ -> True
- | Return (st', hm) -> hm == state_v st /\ st' == st)
+ | Ok (st', hm) -> hm == state_v st /\ st' == st)
[SMTPat (hashmap_utils_deserialize st)]
(*** Lemmas *)
@@ -39,10 +39,10 @@ val deserialize_lem (st : state) : Lemma (
val insert_on_disk_lem (key : usize) (value : u64) (st : state) : Lemma (
match insert_on_disk key value st with
| Fail _ -> True
- | Return (st', ()) ->
+ | Ok (st', ()) ->
let hm = state_v st in
match hashmap_HashMap_insert u64 hm key value with
| Fail _ -> False
- | Return hm' -> hm' == state_v st')
+ | Ok hm' -> hm' == state_v st')
let insert_on_disk_lem key value st = ()
diff --git a/tests/fstar/hashmap_on_disk/Primitives.fst b/tests/fstar/hashmap_on_disk/Primitives.fst
index fca80829..acdb09dc 100644
--- a/tests/fstar/hashmap_on_disk/Primitives.fst
+++ b/tests/fstar/hashmap_on_disk/Primitives.fst
@@ -23,11 +23,11 @@ type error : Type0 =
| OutOfFuel
type result (a : Type0) : Type0 =
-| Return : v:a -> result a
+| Ok : v:a -> result a
| Fail : e:error -> result a
// Monadic return operator
-unfold let return (#a : Type0) (x : a) : result a = Return x
+unfold let return (#a : Type0) (x : a) : result a = Ok x
// Monadic bind operator.
// Allows to use the notation:
@@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x
// ...
// ```
unfold let (let*) (#a #b : Type0) (m: result a)
- (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) :
+ (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) :
result b =
match m with
- | Return x -> f x
+ | Ok x -> f x
| Fail e -> Fail e
// Monadic assert(...)
-let massert (b:bool) : result unit = if b then Return () else Fail Failure
+let massert (b:bool) : result unit = if b then Ok () else Fail Failure
// Normalize and unwrap a successful result (used for globals).
-let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x
+let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x
(*** Misc *)
type char = FStar.Char.char
@@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int =
type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty}
let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) =
- if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure
+ if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure
let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x)
@@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = {
(*** [alloc] *)
-let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x
+let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x
let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) =
- Return (x, (fun x -> Return x))
+ Ok (x, (fun x -> Ok x))
// Trait instance
let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = {
@@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize)
l
let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a =
- if i < length x then Return (index x i)
+ if i < length x then Ok (index x i)
else Fail Failure
let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) :
result (array a n) =
- if i < length x then Return (list_update x i nx)
+ if i < length x then Ok (list_update x i nx)
else Fail Failure
let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) :
result (a & (a -> result (array a n))) =
match array_index_usize a n x i with
| Fail e -> Fail e
- | Return v ->
- Return (v, array_update_usize a n x i)
+ | Ok v ->
+ Ok (v, array_update_usize a n x i)
(*** Slice *)
type slice (a : Type0) = s:list a{length s <= usize_max}
@@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max}
let slice_len (a : Type0) (s : slice a) : usize = length s
let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a =
- if i < length x then Return (index x i)
+ if i < length x then Ok (index x i)
else Fail Failure
let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) =
- if i < length x then Return (list_update x i nx)
+ if i < length x then Ok (list_update x i nx)
else Fail Failure
let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) :
result (a & (a -> result (slice a))) =
match slice_index_usize a s i with
| Fail e -> Fail e
- | Return x ->
- Return (x, slice_update_usize a s i)
+ | Ok x ->
+ Ok (x, slice_update_usize a s i)
(*** Subslices *)
-let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x
+let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x
let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) =
- if length s = n then Return s
+ if length s = n then Ok s
else Fail Failure
let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) :
result (slice a & (slice a -> result (array a n))) =
- Return (x, array_from_slice a n x)
+ Ok (x, array_from_slice a n x)
// TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *)
let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) =
@@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v
// Helper
let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a =
- if i < length v then Return (index v i) else Fail Failure
+ if i < length v then Ok (index v i) else Fail Failure
// Helper
let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) =
- if i < length v then Return (list_update v i x) else Fail Failure
+ if i < length v then Ok (list_update v i x) else Fail Failure
let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) :
result (a & (a → result (alloc_vec_Vec a))) =
match alloc_vec_Vec_index_usize v i with
- | Return x ->
- Return (x, alloc_vec_Vec_update_usize v i)
+ | Ok x ->
+ Ok (x, alloc_vec_Vec_update_usize v i)
| Fail e -> Fail e
let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) :
@@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) :
(ensures (fun res ->
match res with
| Fail e -> e == Failure
- | Return v' -> length v' = length v + 1)) =
+ | Ok v' -> length v' = length v + 1)) =
if length v < usize_max then begin
(**) assert_norm(length [x] == 1);
(**) append_length v [x];
(**) assert(length (append v [x]) = length v + 1);
- Return (append v [x])
+ Ok (append v [x])
end
else Fail Failure
let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) =
- if i < length v then Return (list_update v i x) else Fail Failure
+ if i < length v then Ok (list_update v i x) else Fail Failure
// Trait declaration: [core::slice::index::private_slice_index::Sealed]
type core_slice_index_private_slice_index_Sealed (self : Type0) = unit
@@ -650,7 +650,7 @@ let core_slice_index_Slice_index
let* x = inst.get i s in
match x with
| None -> Fail Failure
- | Some x -> Return x
+ | Some x -> Ok x
// [core::slice::index::Range:::get]: forward function
let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) :