diff options
author | Son HO | 2024-04-11 20:32:15 +0200 |
---|---|---|
committer | GitHub | 2024-04-11 20:32:15 +0200 |
commit | 77d74452489f85f558efe07d72d0200c80b16444 (patch) | |
tree | 810c6504b8e5b2fcde58841e25079d5e8c8e92ae /tests/fstar | |
parent | 4fb9c9f655a9ffc3b4a1a717988311c057c9c599 (diff) | |
parent | 2f8aa9b47acb5c98aed91c29b04f71099452e781 (diff) |
Merge pull request #123 from AeneasVerif/son/clean
Cleanup the code in preparation of the nested loops
Diffstat (limited to 'tests/fstar')
23 files changed, 643 insertions, 673 deletions
diff --git a/tests/fstar/arrays/Arrays.Funs.fst b/tests/fstar/arrays/Arrays.Funs.fst index 731c7290..983b3761 100644 --- a/tests/fstar/arrays/Arrays.Funs.fst +++ b/tests/fstar/arrays/Arrays.Funs.fst @@ -28,17 +28,17 @@ let array_to_mut_slice_ (** [arrays::array_len]: Source: 'src/arrays.rs', lines 25:0-25:40 *) let array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in Return (slice_len t s1) + let* s1 = array_to_slice t 32 s in Ok (slice_len t s1) (** [arrays::shared_array_len]: Source: 'src/arrays.rs', lines 29:0-29:48 *) let shared_array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in Return (slice_len t s1) + let* s1 = array_to_slice t 32 s in Ok (slice_len t s1) (** [arrays::shared_slice_len]: Source: 'src/arrays.rs', lines 33:0-33:44 *) let shared_slice_len (t : Type0) (s : slice t) : result usize = - Return (slice_len t s) + Ok (slice_len t s) (** [arrays::index_array_shared]: Source: 'src/arrays.rs', lines 37:0-37:57 *) @@ -94,7 +94,7 @@ let slice_subslice_mut_ core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x { start = y; end_ = z } in - Return (s, index_mut_back) + Ok (s, index_mut_back) (** [arrays::array_to_slice_shared_]: Source: 'src/arrays.rs', lines 72:0-72:54 *) @@ -129,7 +129,7 @@ let array_subslice_mut_ (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x { start = y; end_ = z } in - Return (s, index_mut_back) + Ok (s, index_mut_back) (** [arrays::index_slice_0]: Source: 'src/arrays.rs', lines 88:0-88:38 *) @@ -156,42 +156,42 @@ let update_update_array let* (_, index_mut_back1) = array_index_mut_usize u32 32 a j in let* a1 = index_mut_back1 0 in let* _ = index_mut_back a1 in - Return () + Ok () (** [arrays::array_local_deep_copy]: Source: 'src/arrays.rs', lines 118:0-118:43 *) let array_local_deep_copy (x : array u32 32) : result unit = - Return () + Ok () (** [arrays::take_array]: Source: 'src/arrays.rs', lines 122:0-122:30 *) let take_array (a : array u32 2) : result unit = - Return () + Ok () (** [arrays::take_array_borrow]: Source: 'src/arrays.rs', lines 123:0-123:38 *) let take_array_borrow (a : array u32 2) : result unit = - Return () + Ok () (** [arrays::take_slice]: Source: 'src/arrays.rs', lines 124:0-124:28 *) let take_slice (s : slice u32) : result unit = - Return () + Ok () (** [arrays::take_mut_slice]: Source: 'src/arrays.rs', lines 125:0-125:36 *) let take_mut_slice (s : slice u32) : result (slice u32) = - Return s + Ok s (** [arrays::const_array]: Source: 'src/arrays.rs', lines 127:0-127:32 *) let const_array : result (array u32 2) = - Return (mk_array u32 2 [ 0; 0 ]) + Ok (mk_array u32 2 [ 0; 0 ]) (** [arrays::const_slice]: Source: 'src/arrays.rs', lines 131:0-131:20 *) let const_slice : result unit = - let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Return () + let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Ok () (** [arrays::take_all]: Source: 'src/arrays.rs', lines 141:0-141:17 *) @@ -205,7 +205,7 @@ let take_all : result unit = array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in let* s2 = take_mut_slice s1 in let* _ = to_slice_mut_back s2 in - Return () + Ok () (** [arrays::index_array]: Source: 'src/arrays.rs', lines 155:0-155:38 *) @@ -225,7 +225,7 @@ let index_slice_u32_0 (x : slice u32) : result u32 = (** [arrays::index_mut_slice_u32_0]: Source: 'src/arrays.rs', lines 166:0-166:50 *) let index_mut_slice_u32_0 (x : slice u32) : result (u32 & (slice u32)) = - let* i = slice_index_usize u32 x 0 in Return (i, x) + let* i = slice_index_usize u32 x 0 in Ok (i, x) (** [arrays::index_all]: Source: 'src/arrays.rs', lines 170:0-170:25 *) @@ -243,14 +243,14 @@ let index_all : result u32 = let* (i7, s2) = index_mut_slice_u32_0 s1 in let* i8 = u32_add i6 i7 in let* _ = to_slice_mut_back s2 in - Return i8 + Ok i8 (** [arrays::update_array]: Source: 'src/arrays.rs', lines 184:0-184:36 *) let update_array (x : array u32 2) : result unit = let* (_, index_mut_back) = array_index_mut_usize u32 2 x 0 in let* _ = index_mut_back 1 in - Return () + Ok () (** [arrays::update_array_mut_borrow]: Source: 'src/arrays.rs', lines 187:0-187:48 *) @@ -272,7 +272,7 @@ let update_all : result unit = let* (s, to_slice_mut_back) = array_to_slice_mut u32 2 x in let* s1 = update_mut_slice s in let* _ = to_slice_mut_back s1 in - Return () + Ok () (** [arrays::range_all]: Source: 'src/arrays.rs', lines 205:0-205:18 *) @@ -284,7 +284,7 @@ let range_all : result unit = (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } in let* s1 = update_mut_slice s in let* _ = index_mut_back s1 in - Return () + Ok () (** [arrays::deref_array_borrow]: Source: 'src/arrays.rs', lines 214:0-214:46 *) @@ -294,12 +294,12 @@ let deref_array_borrow (x : array u32 2) : result u32 = (** [arrays::deref_array_mut_borrow]: Source: 'src/arrays.rs', lines 219:0-219:54 *) let deref_array_mut_borrow (x : array u32 2) : result (u32 & (array u32 2)) = - let* i = array_index_usize u32 2 x 0 in Return (i, x) + let* i = array_index_usize u32 2 x 0 in Ok (i, x) (** [arrays::take_array_t]: Source: 'src/arrays.rs', lines 227:0-227:31 *) let take_array_t (a : array aB_t 2) : result unit = - Return () + Ok () (** [arrays::non_copyable_array]: Source: 'src/arrays.rs', lines 229:0-229:27 *) @@ -319,7 +319,7 @@ let rec sum_loop let* sum3 = u32_add sum1 i2 in let* i3 = usize_add i 1 in sum_loop s sum3 i3 - else Return sum1 + else Ok sum1 (** [arrays::sum]: Source: 'src/arrays.rs', lines 242:0-242:28 *) @@ -341,7 +341,7 @@ let rec sum2_loop let* sum3 = u32_add sum1 i4 in let* i5 = usize_add i 1 in sum2_loop s s2 sum3 i5 - else Return sum1 + else Ok sum1 (** [arrays::sum2]: Source: 'src/arrays.rs', lines 252:0-252:41 *) @@ -358,7 +358,7 @@ let f0 : result unit = let* (_, index_mut_back) = slice_index_mut_usize u32 s 0 in let* s1 = index_mut_back 1 in let* _ = to_slice_mut_back s1 in - Return () + Ok () (** [arrays::f1]: Source: 'src/arrays.rs', lines 268:0-268:11 *) @@ -366,12 +366,12 @@ let f1 : result unit = let* (_, index_mut_back) = array_index_mut_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in let* _ = index_mut_back 1 in - Return () + Ok () (** [arrays::f2]: Source: 'src/arrays.rs', lines 273:0-273:17 *) let f2 (i : u32) : result unit = - Return () + Ok () (** [arrays::f4]: Source: 'src/arrays.rs', lines 282:0-282:54 *) @@ -393,7 +393,7 @@ let f3 : result u32 = (** [arrays::SZ] Source: 'src/arrays.rs', lines 286:0-286:19 *) -let sz_body : result usize = Return 32 +let sz_body : result usize = Ok 32 let sz : usize = eval_global sz_body (** [arrays::f5]: @@ -412,7 +412,7 @@ let ite : result unit = let* (_, s3) = index_mut_slice_u32_0 s2 in let* _ = to_slice_mut_back1 s3 in let* _ = to_slice_mut_back s1 in - Return () + Ok () (** [arrays::zero_slice]: loop 0: Source: 'src/arrays.rs', lines 303:0-310:1 *) @@ -426,7 +426,7 @@ let rec zero_slice_loop let* i1 = usize_add i 1 in let* a1 = index_mut_back 0 in zero_slice_loop a1 i1 len - else Return a + else Ok a (** [arrays::zero_slice]: Source: 'src/arrays.rs', lines 303:0-303:31 *) @@ -441,12 +441,12 @@ let rec iter_mut_slice_loop = if i < len then let* i1 = usize_add i 1 in iter_mut_slice_loop len i1 - else Return () + else Ok () (** [arrays::iter_mut_slice]: Source: 'src/arrays.rs', lines 312:0-312:35 *) let iter_mut_slice (a : slice u8) : result (slice u8) = - let len = slice_len u8 a in let* _ = iter_mut_slice_loop len 0 in Return a + let len = slice_len u8 a in let* _ = iter_mut_slice_loop len 0 in Ok a (** [arrays::sum_mut_slice]: loop 0: Source: 'src/arrays.rs', lines 320:0-328:1 *) @@ -461,10 +461,10 @@ let rec sum_mut_slice_loop let* s1 = u32_add s i2 in let* i3 = usize_add i 1 in sum_mut_slice_loop a i3 s1 - else Return s + else Ok s (** [arrays::sum_mut_slice]: Source: 'src/arrays.rs', lines 320:0-320:42 *) let sum_mut_slice (a : slice u32) : result (u32 & (slice u32)) = - let* i = sum_mut_slice_loop a 0 0 in Return (i, a) + let* i = sum_mut_slice_loop a 0 0 in Ok (i, a) diff --git a/tests/fstar/arrays/Primitives.fst b/tests/fstar/arrays/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/arrays/Primitives.fst +++ b/tests/fstar/arrays/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/betree/BetreeMain.Funs.fst b/tests/fstar/betree/BetreeMain.Funs.fst index 129e6f7e..8e64f43f 100644 --- a/tests/fstar/betree/BetreeMain.Funs.fst +++ b/tests/fstar/betree/BetreeMain.Funs.fst @@ -41,19 +41,19 @@ let betree_store_leaf_node (** [betree_main::betree::fresh_node_id]: Source: 'src/betree.rs', lines 55:0-55:48 *) let betree_fresh_node_id (counter : u64) : result (u64 & u64) = - let* counter1 = u64_add counter 1 in Return (counter, counter1) + let* counter1 = u64_add counter 1 in Ok (counter, counter1) (** [betree_main::betree::{betree_main::betree::NodeIdCounter}::new]: Source: 'src/betree.rs', lines 206:4-206:20 *) let betree_NodeIdCounter_new : result betree_NodeIdCounter_t = - Return { next_node_id = 0 } + Ok { next_node_id = 0 } (** [betree_main::betree::{betree_main::betree::NodeIdCounter}::fresh_id]: Source: 'src/betree.rs', lines 210:4-210:36 *) let betree_NodeIdCounter_fresh_id (self : betree_NodeIdCounter_t) : result (u64 & betree_NodeIdCounter_t) = let* i = u64_add self.next_node_id 1 in - Return (self.next_node_id, { next_node_id = i }) + Ok (self.next_node_id, { next_node_id = i }) (** [betree_main::betree::upsert_update]: Source: 'src/betree.rs', lines 234:0-234:70 *) @@ -62,16 +62,16 @@ let betree_upsert_update begin match prev with | None -> begin match st with - | Betree_UpsertFunState_Add v -> Return v - | Betree_UpsertFunState_Sub _ -> Return 0 + | Betree_UpsertFunState_Add v -> Ok v + | Betree_UpsertFunState_Sub _ -> Ok 0 end | Some prev1 -> begin match st with | Betree_UpsertFunState_Add v -> let* margin = u64_sub core_u64_max prev1 in - if margin >= v then u64_add prev1 v else Return core_u64_max + if margin >= v then u64_add prev1 v else Ok core_u64_max | Betree_UpsertFunState_Sub v -> - if prev1 >= v then u64_sub prev1 v else Return 0 + if prev1 >= v then u64_sub prev1 v else Ok 0 end end @@ -83,7 +83,7 @@ let rec betree_List_len = begin match self with | Betree_List_Cons _ tl -> let* i = betree_List_len t tl in u64_add 1 i - | Betree_List_Nil -> Return 0 + | Betree_List_Nil -> Ok 0 end (** [betree_main::betree::{betree_main::betree::List<T>#1}::split_at]: @@ -94,14 +94,14 @@ let rec betree_List_split_at (decreases (betree_List_split_at_decreases t self n)) = if n = 0 - then Return (Betree_List_Nil, self) + then Ok (Betree_List_Nil, self) else begin match self with | Betree_List_Cons hd tl -> let* i = u64_sub n 1 in let* p = betree_List_split_at t tl i in let (ls0, ls1) = p in - Return (Betree_List_Cons hd ls0, ls1) + Ok (Betree_List_Cons hd ls0, ls1) | Betree_List_Nil -> Fail Failure end @@ -110,7 +110,7 @@ let rec betree_List_split_at let betree_List_push_front (t : Type0) (self : betree_List_t t) (x : t) : result (betree_List_t t) = let (tl, _) = core_mem_replace (betree_List_t t) self Betree_List_Nil in - Return (Betree_List_Cons x tl) + Ok (Betree_List_Cons x tl) (** [betree_main::betree::{betree_main::betree::List<T>#1}::pop_front]: Source: 'src/betree.rs', lines 306:4-306:32 *) @@ -118,7 +118,7 @@ let betree_List_pop_front (t : Type0) (self : betree_List_t t) : result (t & (betree_List_t t)) = let (ls, _) = core_mem_replace (betree_List_t t) self Betree_List_Nil in begin match ls with - | Betree_List_Cons x tl -> Return (x, tl) + | Betree_List_Cons x tl -> Ok (x, tl) | Betree_List_Nil -> Fail Failure end @@ -126,7 +126,7 @@ let betree_List_pop_front Source: 'src/betree.rs', lines 318:4-318:22 *) let betree_List_hd (t : Type0) (self : betree_List_t t) : result t = begin match self with - | Betree_List_Cons hd _ -> Return hd + | Betree_List_Cons hd _ -> Ok hd | Betree_List_Nil -> Fail Failure end @@ -135,8 +135,8 @@ let betree_List_hd (t : Type0) (self : betree_List_t t) : result t = let betree_ListPairU64T_head_has_key (t : Type0) (self : betree_List_t (u64 & t)) (key : u64) : result bool = begin match self with - | Betree_List_Cons hd _ -> let (i, _) = hd in Return (i = key) - | Betree_List_Nil -> Return false + | Betree_List_Cons hd _ -> let (i, _) = hd in Ok (i = key) + | Betree_List_Nil -> Ok false end (** [betree_main::betree::{betree_main::betree::List<(u64, T)>#2}::partition_at_pivot]: @@ -150,12 +150,12 @@ let rec betree_ListPairU64T_partition_at_pivot | Betree_List_Cons hd tl -> let (i, x) = hd in if i >= pivot - then Return (Betree_List_Nil, Betree_List_Cons (i, x) tl) + then Ok (Betree_List_Nil, Betree_List_Cons (i, x) tl) else let* p = betree_ListPairU64T_partition_at_pivot t tl pivot in let (ls0, ls1) = p in - Return (Betree_List_Cons (i, x) ls0, ls1) - | Betree_List_Nil -> Return (Betree_List_Nil, Betree_List_Nil) + Ok (Betree_List_Cons (i, x) ls0, ls1) + | Betree_List_Nil -> Ok (Betree_List_Nil, Betree_List_Nil) end (** [betree_main::betree::{betree_main::betree::Leaf#3}::split]: @@ -176,7 +176,7 @@ let betree_Leaf_split let* (st2, _) = betree_store_leaf_node id1 content1 st1 in let n = Betree_Node_Leaf { id = id0; size = params.split_size } in let n1 = Betree_Node_Leaf { id = id1; size = params.split_size } in - Return (st2, ({ id = self.id; pivot = pivot; left = n; right = n1 }, + Ok (st2, ({ id = self.id; pivot = pivot; left = n; right = n1 }, node_id_cnt2)) (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_first_message_for_key]: @@ -191,16 +191,16 @@ let rec betree_Node_lookup_first_message_for_key | Betree_List_Cons x next_msgs -> let (i, m) = x in if i >= key - then Return (Betree_List_Cons (i, m) next_msgs, Return) + then Ok (Betree_List_Cons (i, m) next_msgs, Ok) else let* (l, lookup_first_message_for_key_back) = betree_Node_lookup_first_message_for_key key next_msgs in let back = fun ret -> let* next_msgs1 = lookup_first_message_for_key_back ret in - Return (Betree_List_Cons (i, m) next_msgs1) in - Return (l, back) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (i, m) next_msgs1) in + Ok (l, back) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_in_bindings]: @@ -214,9 +214,9 @@ let rec betree_Node_lookup_in_bindings | Betree_List_Cons hd tl -> let (i, i1) = hd in if i = key - then Return (Some i1) - else if i > key then Return None else betree_Node_lookup_in_bindings key tl - | Betree_List_Nil -> Return None + then Ok (Some i1) + else if i > key then Ok None else betree_Node_lookup_in_bindings key tl + | Betree_List_Nil -> Ok None end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_upserts]: @@ -244,7 +244,7 @@ let rec betree_Node_apply_upserts let* msgs1 = betree_List_push_front (u64 & betree_Message_t) msgs (key, Betree_Message_Insert v) in - Return (st1, (v, msgs1)) + Ok (st1, (v, msgs1)) (** [betree_main::betree::{betree_main::betree::Internal#4}::lookup_in_children]: Source: 'src/betree.rs', lines 395:4-395:63 *) @@ -256,10 +256,10 @@ let rec betree_Internal_lookup_in_children if key < self.pivot then let* (st1, (o, n)) = betree_Node_lookup self.left key st in - Return (st1, (o, { self with left = n })) + Ok (st1, (o, { self with left = n })) else let* (st1, (o, n)) = betree_Node_lookup self.right key st in - Return (st1, (o, { self with right = n })) + Ok (st1, (o, { self with right = n })) (** [betree_main::betree::{betree_main::betree::Node#5}::lookup]: Source: 'src/betree.rs', lines 709:4-709:58 *) @@ -282,19 +282,19 @@ and betree_Node_lookup betree_Internal_lookup_in_children node key st1 in let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, msg) l) in - Return (st2, (o, Betree_Node_Internal node1)) + Ok (st2, (o, Betree_Node_Internal node1)) else begin match msg with | Betree_Message_Insert v -> let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, Betree_Message_Insert v) l) in - Return (st1, (Some v, Betree_Node_Internal node)) + Ok (st1, (Some v, Betree_Node_Internal node)) | Betree_Message_Delete -> let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, Betree_Message_Delete) l) in - Return (st1, (None, Betree_Node_Internal node)) + Ok (st1, (None, Betree_Node_Internal node)) | Betree_Message_Upsert ufs -> let* (st2, (v, node1)) = betree_Internal_lookup_in_children node key st1 in @@ -303,18 +303,18 @@ and betree_Node_lookup Betree_Message_Upsert ufs) l) v key st2 in let* msgs1 = lookup_first_message_for_key_back pending1 in let* (st4, _) = betree_store_internal_node node1.id msgs1 st3 in - Return (st4, (Some v1, Betree_Node_Internal node1)) + Ok (st4, (Some v1, Betree_Node_Internal node1)) end | Betree_List_Nil -> let* (st2, (o, node1)) = betree_Internal_lookup_in_children node key st1 in let* _ = lookup_first_message_for_key_back Betree_List_Nil in - Return (st2, (o, Betree_Node_Internal node1)) + Ok (st2, (o, Betree_Node_Internal node1)) end | Betree_Node_Leaf node -> let* (st1, bindings) = betree_load_leaf_node node.id st in let* o = betree_Node_lookup_in_bindings key bindings in - Return (st1, (o, Betree_Node_Leaf node)) + Ok (st1, (o, Betree_Node_Leaf node)) end (** [betree_main::betree::{betree_main::betree::Node#5}::filter_messages_for_key]: @@ -333,8 +333,8 @@ let rec betree_Node_filter_messages_for_key betree_List_pop_front (u64 & betree_Message_t) (Betree_List_Cons (k, m) l) in betree_Node_filter_messages_for_key key msgs1 - else Return (Betree_List_Cons (k, m) l) - | Betree_List_Nil -> Return Betree_List_Nil + else Ok (Betree_List_Cons (k, m) l) + | Betree_List_Nil -> Ok Betree_List_Nil end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_first_message_after_key]: @@ -355,10 +355,10 @@ let rec betree_Node_lookup_first_message_after_key let back = fun ret -> let* next_msgs1 = lookup_first_message_after_key_back ret in - Return (Betree_List_Cons (k, m) next_msgs1) in - Return (l, back) - else Return (Betree_List_Cons (k, m) next_msgs, Return) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (k, m) next_msgs1) in + Ok (l, back) + else Ok (Betree_List_Cons (k, m) next_msgs, Ok) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_to_internal]: @@ -434,7 +434,7 @@ let rec betree_Node_apply_messages_to_internal let (i, m) = new_msg in let* msgs1 = betree_Node_apply_to_internal msgs i m in betree_Node_apply_messages_to_internal msgs1 new_msgs_tl - | Betree_List_Nil -> Return msgs + | Betree_List_Nil -> Ok msgs end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_mut_in_bindings]: @@ -449,16 +449,16 @@ let rec betree_Node_lookup_mut_in_bindings | Betree_List_Cons hd tl -> let (i, i1) = hd in if i >= key - then Return (Betree_List_Cons (i, i1) tl, Return) + then Ok (Betree_List_Cons (i, i1) tl, Ok) else let* (l, lookup_mut_in_bindings_back) = betree_Node_lookup_mut_in_bindings key tl in let back = fun ret -> let* tl1 = lookup_mut_in_bindings_back ret in - Return (Betree_List_Cons (i, i1) tl1) in - Return (l, back) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (i, i1) tl1) in + Ok (l, back) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_to_leaf]: @@ -510,7 +510,7 @@ let rec betree_Node_apply_messages_to_leaf let (i, m) = new_msg in let* bindings1 = betree_Node_apply_to_leaf bindings i m in betree_Node_apply_messages_to_leaf bindings1 new_msgs_tl - | Betree_List_Nil -> Return bindings + | Betree_List_Nil -> Ok bindings end (** [betree_main::betree::{betree_main::betree::Internal#4}::flush]: @@ -541,14 +541,14 @@ let rec betree_Internal_flush betree_Node_apply_messages self.right params node_id_cnt1 msgs_right st1 in let (n1, node_id_cnt2) = p2 in - Return (st2, (Betree_List_Nil, ({ self with left = n; right = n1 }, + Ok (st2, (Betree_List_Nil, ({ self with left = n; right = n1 }, node_id_cnt2))) - else Return (st1, (msgs_right, ({ self with left = n }, node_id_cnt1))) + else Ok (st1, (msgs_right, ({ self with left = n }, node_id_cnt1))) else let* (st1, p1) = betree_Node_apply_messages self.right params node_id_cnt msgs_right st in let (n, node_id_cnt1) = p1 in - Return (st1, (msgs_left, ({ self with right = n }, node_id_cnt1))) + Ok (st1, (msgs_left, ({ self with right = n }, node_id_cnt1))) (** [betree_main::betree::{betree_main::betree::Node#5}::apply_messages]: Source: 'src/betree.rs', lines 588:4-593:5 *) @@ -571,10 +571,10 @@ and betree_Node_apply_messages betree_Internal_flush node params node_id_cnt content1 st1 in let (node1, node_id_cnt1) = p in let* (st3, _) = betree_store_internal_node node1.id content2 st2 in - Return (st3, (Betree_Node_Internal node1, node_id_cnt1)) + Ok (st3, (Betree_Node_Internal node1, node_id_cnt1)) else let* (st2, _) = betree_store_internal_node node.id content1 st1 in - Return (st2, (Betree_Node_Internal node, node_id_cnt)) + Ok (st2, (Betree_Node_Internal node, node_id_cnt)) | Betree_Node_Leaf node -> let* (st1, content) = betree_load_leaf_node node.id st in let* content1 = betree_Node_apply_messages_to_leaf content msgs in @@ -585,10 +585,10 @@ and betree_Node_apply_messages let* (st2, (new_node, node_id_cnt1)) = betree_Leaf_split node content1 params node_id_cnt st1 in let* (st3, _) = betree_store_leaf_node node.id Betree_List_Nil st2 in - Return (st3, (Betree_Node_Internal new_node, node_id_cnt1)) + Ok (st3, (Betree_Node_Internal new_node, node_id_cnt1)) else let* (st2, _) = betree_store_leaf_node node.id content1 st1 in - Return (st2, (Betree_Node_Leaf { node with size = len }, node_id_cnt)) + Ok (st2, (Betree_Node_Leaf { node with size = len }, node_id_cnt)) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply]: @@ -603,7 +603,7 @@ let betree_Node_apply betree_Node_apply_messages self params node_id_cnt (Betree_List_Cons (key, new_msg) Betree_List_Nil) st in let (self1, node_id_cnt1) = p in - Return (st1, (self1, node_id_cnt1)) + Ok (st1, (self1, node_id_cnt1)) (** [betree_main::betree::{betree_main::betree::BeTree#6}::new]: Source: 'src/betree.rs', lines 849:4-849:60 *) @@ -614,7 +614,7 @@ let betree_BeTree_new let* node_id_cnt = betree_NodeIdCounter_new in let* (id, node_id_cnt1) = betree_NodeIdCounter_fresh_id node_id_cnt in let* (st1, _) = betree_store_leaf_node id Betree_List_Nil st in - Return (st1, + Ok (st1, { params = { min_flush_size = min_flush_size; split_size = split_size }; node_id_cnt = node_id_cnt1; @@ -630,7 +630,7 @@ let betree_BeTree_apply let* (st1, p) = betree_Node_apply self.root self.params self.node_id_cnt key msg st in let (n, nic) = p in - Return (st1, { self with node_id_cnt = nic; root = n }) + Ok (st1, { self with node_id_cnt = nic; root = n }) (** [betree_main::betree::{betree_main::betree::BeTree#6}::insert]: Source: 'src/betree.rs', lines 874:4-874:52 *) @@ -664,13 +664,13 @@ let betree_BeTree_lookup result (state & ((option u64) & betree_BeTree_t)) = let* (st1, (o, n)) = betree_Node_lookup self.root key st in - Return (st1, (o, { self with root = n })) + Ok (st1, (o, { self with root = n })) (** [betree_main::main]: Source: 'src/betree_main.rs', lines 5:0-5:9 *) let main : result unit = - Return () + Ok () (** Unit test for [betree_main::main] *) -let _ = assert_norm (main = Return ()) +let _ = assert_norm (main = Ok ()) diff --git a/tests/fstar/betree/Primitives.fst b/tests/fstar/betree/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/betree/Primitives.fst +++ b/tests/fstar/betree/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/betree_back_stateful/BetreeMain.Funs.fst b/tests/fstar/betree_back_stateful/BetreeMain.Funs.fst index 129e6f7e..8e64f43f 100644 --- a/tests/fstar/betree_back_stateful/BetreeMain.Funs.fst +++ b/tests/fstar/betree_back_stateful/BetreeMain.Funs.fst @@ -41,19 +41,19 @@ let betree_store_leaf_node (** [betree_main::betree::fresh_node_id]: Source: 'src/betree.rs', lines 55:0-55:48 *) let betree_fresh_node_id (counter : u64) : result (u64 & u64) = - let* counter1 = u64_add counter 1 in Return (counter, counter1) + let* counter1 = u64_add counter 1 in Ok (counter, counter1) (** [betree_main::betree::{betree_main::betree::NodeIdCounter}::new]: Source: 'src/betree.rs', lines 206:4-206:20 *) let betree_NodeIdCounter_new : result betree_NodeIdCounter_t = - Return { next_node_id = 0 } + Ok { next_node_id = 0 } (** [betree_main::betree::{betree_main::betree::NodeIdCounter}::fresh_id]: Source: 'src/betree.rs', lines 210:4-210:36 *) let betree_NodeIdCounter_fresh_id (self : betree_NodeIdCounter_t) : result (u64 & betree_NodeIdCounter_t) = let* i = u64_add self.next_node_id 1 in - Return (self.next_node_id, { next_node_id = i }) + Ok (self.next_node_id, { next_node_id = i }) (** [betree_main::betree::upsert_update]: Source: 'src/betree.rs', lines 234:0-234:70 *) @@ -62,16 +62,16 @@ let betree_upsert_update begin match prev with | None -> begin match st with - | Betree_UpsertFunState_Add v -> Return v - | Betree_UpsertFunState_Sub _ -> Return 0 + | Betree_UpsertFunState_Add v -> Ok v + | Betree_UpsertFunState_Sub _ -> Ok 0 end | Some prev1 -> begin match st with | Betree_UpsertFunState_Add v -> let* margin = u64_sub core_u64_max prev1 in - if margin >= v then u64_add prev1 v else Return core_u64_max + if margin >= v then u64_add prev1 v else Ok core_u64_max | Betree_UpsertFunState_Sub v -> - if prev1 >= v then u64_sub prev1 v else Return 0 + if prev1 >= v then u64_sub prev1 v else Ok 0 end end @@ -83,7 +83,7 @@ let rec betree_List_len = begin match self with | Betree_List_Cons _ tl -> let* i = betree_List_len t tl in u64_add 1 i - | Betree_List_Nil -> Return 0 + | Betree_List_Nil -> Ok 0 end (** [betree_main::betree::{betree_main::betree::List<T>#1}::split_at]: @@ -94,14 +94,14 @@ let rec betree_List_split_at (decreases (betree_List_split_at_decreases t self n)) = if n = 0 - then Return (Betree_List_Nil, self) + then Ok (Betree_List_Nil, self) else begin match self with | Betree_List_Cons hd tl -> let* i = u64_sub n 1 in let* p = betree_List_split_at t tl i in let (ls0, ls1) = p in - Return (Betree_List_Cons hd ls0, ls1) + Ok (Betree_List_Cons hd ls0, ls1) | Betree_List_Nil -> Fail Failure end @@ -110,7 +110,7 @@ let rec betree_List_split_at let betree_List_push_front (t : Type0) (self : betree_List_t t) (x : t) : result (betree_List_t t) = let (tl, _) = core_mem_replace (betree_List_t t) self Betree_List_Nil in - Return (Betree_List_Cons x tl) + Ok (Betree_List_Cons x tl) (** [betree_main::betree::{betree_main::betree::List<T>#1}::pop_front]: Source: 'src/betree.rs', lines 306:4-306:32 *) @@ -118,7 +118,7 @@ let betree_List_pop_front (t : Type0) (self : betree_List_t t) : result (t & (betree_List_t t)) = let (ls, _) = core_mem_replace (betree_List_t t) self Betree_List_Nil in begin match ls with - | Betree_List_Cons x tl -> Return (x, tl) + | Betree_List_Cons x tl -> Ok (x, tl) | Betree_List_Nil -> Fail Failure end @@ -126,7 +126,7 @@ let betree_List_pop_front Source: 'src/betree.rs', lines 318:4-318:22 *) let betree_List_hd (t : Type0) (self : betree_List_t t) : result t = begin match self with - | Betree_List_Cons hd _ -> Return hd + | Betree_List_Cons hd _ -> Ok hd | Betree_List_Nil -> Fail Failure end @@ -135,8 +135,8 @@ let betree_List_hd (t : Type0) (self : betree_List_t t) : result t = let betree_ListPairU64T_head_has_key (t : Type0) (self : betree_List_t (u64 & t)) (key : u64) : result bool = begin match self with - | Betree_List_Cons hd _ -> let (i, _) = hd in Return (i = key) - | Betree_List_Nil -> Return false + | Betree_List_Cons hd _ -> let (i, _) = hd in Ok (i = key) + | Betree_List_Nil -> Ok false end (** [betree_main::betree::{betree_main::betree::List<(u64, T)>#2}::partition_at_pivot]: @@ -150,12 +150,12 @@ let rec betree_ListPairU64T_partition_at_pivot | Betree_List_Cons hd tl -> let (i, x) = hd in if i >= pivot - then Return (Betree_List_Nil, Betree_List_Cons (i, x) tl) + then Ok (Betree_List_Nil, Betree_List_Cons (i, x) tl) else let* p = betree_ListPairU64T_partition_at_pivot t tl pivot in let (ls0, ls1) = p in - Return (Betree_List_Cons (i, x) ls0, ls1) - | Betree_List_Nil -> Return (Betree_List_Nil, Betree_List_Nil) + Ok (Betree_List_Cons (i, x) ls0, ls1) + | Betree_List_Nil -> Ok (Betree_List_Nil, Betree_List_Nil) end (** [betree_main::betree::{betree_main::betree::Leaf#3}::split]: @@ -176,7 +176,7 @@ let betree_Leaf_split let* (st2, _) = betree_store_leaf_node id1 content1 st1 in let n = Betree_Node_Leaf { id = id0; size = params.split_size } in let n1 = Betree_Node_Leaf { id = id1; size = params.split_size } in - Return (st2, ({ id = self.id; pivot = pivot; left = n; right = n1 }, + Ok (st2, ({ id = self.id; pivot = pivot; left = n; right = n1 }, node_id_cnt2)) (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_first_message_for_key]: @@ -191,16 +191,16 @@ let rec betree_Node_lookup_first_message_for_key | Betree_List_Cons x next_msgs -> let (i, m) = x in if i >= key - then Return (Betree_List_Cons (i, m) next_msgs, Return) + then Ok (Betree_List_Cons (i, m) next_msgs, Ok) else let* (l, lookup_first_message_for_key_back) = betree_Node_lookup_first_message_for_key key next_msgs in let back = fun ret -> let* next_msgs1 = lookup_first_message_for_key_back ret in - Return (Betree_List_Cons (i, m) next_msgs1) in - Return (l, back) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (i, m) next_msgs1) in + Ok (l, back) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_in_bindings]: @@ -214,9 +214,9 @@ let rec betree_Node_lookup_in_bindings | Betree_List_Cons hd tl -> let (i, i1) = hd in if i = key - then Return (Some i1) - else if i > key then Return None else betree_Node_lookup_in_bindings key tl - | Betree_List_Nil -> Return None + then Ok (Some i1) + else if i > key then Ok None else betree_Node_lookup_in_bindings key tl + | Betree_List_Nil -> Ok None end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_upserts]: @@ -244,7 +244,7 @@ let rec betree_Node_apply_upserts let* msgs1 = betree_List_push_front (u64 & betree_Message_t) msgs (key, Betree_Message_Insert v) in - Return (st1, (v, msgs1)) + Ok (st1, (v, msgs1)) (** [betree_main::betree::{betree_main::betree::Internal#4}::lookup_in_children]: Source: 'src/betree.rs', lines 395:4-395:63 *) @@ -256,10 +256,10 @@ let rec betree_Internal_lookup_in_children if key < self.pivot then let* (st1, (o, n)) = betree_Node_lookup self.left key st in - Return (st1, (o, { self with left = n })) + Ok (st1, (o, { self with left = n })) else let* (st1, (o, n)) = betree_Node_lookup self.right key st in - Return (st1, (o, { self with right = n })) + Ok (st1, (o, { self with right = n })) (** [betree_main::betree::{betree_main::betree::Node#5}::lookup]: Source: 'src/betree.rs', lines 709:4-709:58 *) @@ -282,19 +282,19 @@ and betree_Node_lookup betree_Internal_lookup_in_children node key st1 in let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, msg) l) in - Return (st2, (o, Betree_Node_Internal node1)) + Ok (st2, (o, Betree_Node_Internal node1)) else begin match msg with | Betree_Message_Insert v -> let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, Betree_Message_Insert v) l) in - Return (st1, (Some v, Betree_Node_Internal node)) + Ok (st1, (Some v, Betree_Node_Internal node)) | Betree_Message_Delete -> let* _ = lookup_first_message_for_key_back (Betree_List_Cons (k, Betree_Message_Delete) l) in - Return (st1, (None, Betree_Node_Internal node)) + Ok (st1, (None, Betree_Node_Internal node)) | Betree_Message_Upsert ufs -> let* (st2, (v, node1)) = betree_Internal_lookup_in_children node key st1 in @@ -303,18 +303,18 @@ and betree_Node_lookup Betree_Message_Upsert ufs) l) v key st2 in let* msgs1 = lookup_first_message_for_key_back pending1 in let* (st4, _) = betree_store_internal_node node1.id msgs1 st3 in - Return (st4, (Some v1, Betree_Node_Internal node1)) + Ok (st4, (Some v1, Betree_Node_Internal node1)) end | Betree_List_Nil -> let* (st2, (o, node1)) = betree_Internal_lookup_in_children node key st1 in let* _ = lookup_first_message_for_key_back Betree_List_Nil in - Return (st2, (o, Betree_Node_Internal node1)) + Ok (st2, (o, Betree_Node_Internal node1)) end | Betree_Node_Leaf node -> let* (st1, bindings) = betree_load_leaf_node node.id st in let* o = betree_Node_lookup_in_bindings key bindings in - Return (st1, (o, Betree_Node_Leaf node)) + Ok (st1, (o, Betree_Node_Leaf node)) end (** [betree_main::betree::{betree_main::betree::Node#5}::filter_messages_for_key]: @@ -333,8 +333,8 @@ let rec betree_Node_filter_messages_for_key betree_List_pop_front (u64 & betree_Message_t) (Betree_List_Cons (k, m) l) in betree_Node_filter_messages_for_key key msgs1 - else Return (Betree_List_Cons (k, m) l) - | Betree_List_Nil -> Return Betree_List_Nil + else Ok (Betree_List_Cons (k, m) l) + | Betree_List_Nil -> Ok Betree_List_Nil end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_first_message_after_key]: @@ -355,10 +355,10 @@ let rec betree_Node_lookup_first_message_after_key let back = fun ret -> let* next_msgs1 = lookup_first_message_after_key_back ret in - Return (Betree_List_Cons (k, m) next_msgs1) in - Return (l, back) - else Return (Betree_List_Cons (k, m) next_msgs, Return) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (k, m) next_msgs1) in + Ok (l, back) + else Ok (Betree_List_Cons (k, m) next_msgs, Ok) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_to_internal]: @@ -434,7 +434,7 @@ let rec betree_Node_apply_messages_to_internal let (i, m) = new_msg in let* msgs1 = betree_Node_apply_to_internal msgs i m in betree_Node_apply_messages_to_internal msgs1 new_msgs_tl - | Betree_List_Nil -> Return msgs + | Betree_List_Nil -> Ok msgs end (** [betree_main::betree::{betree_main::betree::Node#5}::lookup_mut_in_bindings]: @@ -449,16 +449,16 @@ let rec betree_Node_lookup_mut_in_bindings | Betree_List_Cons hd tl -> let (i, i1) = hd in if i >= key - then Return (Betree_List_Cons (i, i1) tl, Return) + then Ok (Betree_List_Cons (i, i1) tl, Ok) else let* (l, lookup_mut_in_bindings_back) = betree_Node_lookup_mut_in_bindings key tl in let back = fun ret -> let* tl1 = lookup_mut_in_bindings_back ret in - Return (Betree_List_Cons (i, i1) tl1) in - Return (l, back) - | Betree_List_Nil -> Return (Betree_List_Nil, Return) + Ok (Betree_List_Cons (i, i1) tl1) in + Ok (l, back) + | Betree_List_Nil -> Ok (Betree_List_Nil, Ok) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply_to_leaf]: @@ -510,7 +510,7 @@ let rec betree_Node_apply_messages_to_leaf let (i, m) = new_msg in let* bindings1 = betree_Node_apply_to_leaf bindings i m in betree_Node_apply_messages_to_leaf bindings1 new_msgs_tl - | Betree_List_Nil -> Return bindings + | Betree_List_Nil -> Ok bindings end (** [betree_main::betree::{betree_main::betree::Internal#4}::flush]: @@ -541,14 +541,14 @@ let rec betree_Internal_flush betree_Node_apply_messages self.right params node_id_cnt1 msgs_right st1 in let (n1, node_id_cnt2) = p2 in - Return (st2, (Betree_List_Nil, ({ self with left = n; right = n1 }, + Ok (st2, (Betree_List_Nil, ({ self with left = n; right = n1 }, node_id_cnt2))) - else Return (st1, (msgs_right, ({ self with left = n }, node_id_cnt1))) + else Ok (st1, (msgs_right, ({ self with left = n }, node_id_cnt1))) else let* (st1, p1) = betree_Node_apply_messages self.right params node_id_cnt msgs_right st in let (n, node_id_cnt1) = p1 in - Return (st1, (msgs_left, ({ self with right = n }, node_id_cnt1))) + Ok (st1, (msgs_left, ({ self with right = n }, node_id_cnt1))) (** [betree_main::betree::{betree_main::betree::Node#5}::apply_messages]: Source: 'src/betree.rs', lines 588:4-593:5 *) @@ -571,10 +571,10 @@ and betree_Node_apply_messages betree_Internal_flush node params node_id_cnt content1 st1 in let (node1, node_id_cnt1) = p in let* (st3, _) = betree_store_internal_node node1.id content2 st2 in - Return (st3, (Betree_Node_Internal node1, node_id_cnt1)) + Ok (st3, (Betree_Node_Internal node1, node_id_cnt1)) else let* (st2, _) = betree_store_internal_node node.id content1 st1 in - Return (st2, (Betree_Node_Internal node, node_id_cnt)) + Ok (st2, (Betree_Node_Internal node, node_id_cnt)) | Betree_Node_Leaf node -> let* (st1, content) = betree_load_leaf_node node.id st in let* content1 = betree_Node_apply_messages_to_leaf content msgs in @@ -585,10 +585,10 @@ and betree_Node_apply_messages let* (st2, (new_node, node_id_cnt1)) = betree_Leaf_split node content1 params node_id_cnt st1 in let* (st3, _) = betree_store_leaf_node node.id Betree_List_Nil st2 in - Return (st3, (Betree_Node_Internal new_node, node_id_cnt1)) + Ok (st3, (Betree_Node_Internal new_node, node_id_cnt1)) else let* (st2, _) = betree_store_leaf_node node.id content1 st1 in - Return (st2, (Betree_Node_Leaf { node with size = len }, node_id_cnt)) + Ok (st2, (Betree_Node_Leaf { node with size = len }, node_id_cnt)) end (** [betree_main::betree::{betree_main::betree::Node#5}::apply]: @@ -603,7 +603,7 @@ let betree_Node_apply betree_Node_apply_messages self params node_id_cnt (Betree_List_Cons (key, new_msg) Betree_List_Nil) st in let (self1, node_id_cnt1) = p in - Return (st1, (self1, node_id_cnt1)) + Ok (st1, (self1, node_id_cnt1)) (** [betree_main::betree::{betree_main::betree::BeTree#6}::new]: Source: 'src/betree.rs', lines 849:4-849:60 *) @@ -614,7 +614,7 @@ let betree_BeTree_new let* node_id_cnt = betree_NodeIdCounter_new in let* (id, node_id_cnt1) = betree_NodeIdCounter_fresh_id node_id_cnt in let* (st1, _) = betree_store_leaf_node id Betree_List_Nil st in - Return (st1, + Ok (st1, { params = { min_flush_size = min_flush_size; split_size = split_size }; node_id_cnt = node_id_cnt1; @@ -630,7 +630,7 @@ let betree_BeTree_apply let* (st1, p) = betree_Node_apply self.root self.params self.node_id_cnt key msg st in let (n, nic) = p in - Return (st1, { self with node_id_cnt = nic; root = n }) + Ok (st1, { self with node_id_cnt = nic; root = n }) (** [betree_main::betree::{betree_main::betree::BeTree#6}::insert]: Source: 'src/betree.rs', lines 874:4-874:52 *) @@ -664,13 +664,13 @@ let betree_BeTree_lookup result (state & ((option u64) & betree_BeTree_t)) = let* (st1, (o, n)) = betree_Node_lookup self.root key st in - Return (st1, (o, { self with root = n })) + Ok (st1, (o, { self with root = n })) (** [betree_main::main]: Source: 'src/betree_main.rs', lines 5:0-5:9 *) let main : result unit = - Return () + Ok () (** Unit test for [betree_main::main] *) -let _ = assert_norm (main = Return ()) +let _ = assert_norm (main = Ok ()) diff --git a/tests/fstar/betree_back_stateful/Primitives.fst b/tests/fstar/betree_back_stateful/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/betree_back_stateful/Primitives.fst +++ b/tests/fstar/betree_back_stateful/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/demo/Demo.fst b/tests/fstar/demo/Demo.fst index 9c59ab9b..b210662f 100644 --- a/tests/fstar/demo/Demo.fst +++ b/tests/fstar/demo/Demo.fst @@ -10,8 +10,8 @@ open Primitives let choose (t : Type0) (b : bool) (x : t) (y : t) : result (t & (t -> result (t & t))) = if b - then let back = fun ret -> Return (ret, y) in Return (x, back) - else let back = fun ret -> Return (x, ret) in Return (y, back) + then let back = fun ret -> Ok (ret, y) in Ok (x, back) + else let back = fun ret -> Ok (x, ret) in Ok (y, back) (** [demo::mul2_add1]: Source: 'src/demo.rs', lines 13:0-13:31 *) @@ -31,7 +31,7 @@ let incr (x : u32) : result u32 = (** [demo::use_incr]: Source: 'src/demo.rs', lines 25:0-25:17 *) let use_incr : result unit = - let* x = incr 0 in let* x1 = incr x in let* _ = incr x1 in Return () + let* x = incr 0 in let* x1 = incr x in let* _ = incr x1 in Ok () (** [demo::CList] Source: 'src/demo.rs', lines 34:0-34:17 *) @@ -48,7 +48,7 @@ let rec list_nth (t : Type0) (n : nat) (l : cList_t t) (i : u32) : result t = let n1 = decrease n in begin match l with | CList_CCons x tl -> - if i = 0 then Return x else let* i1 = u32_sub i 1 in list_nth t n1 tl i1 + if i = 0 then Ok x else let* i1 = u32_sub i 1 in list_nth t n1 tl i1 | CList_CNil -> Fail Failure end @@ -65,15 +65,14 @@ let rec list_nth_mut begin match l with | CList_CCons x tl -> if i = 0 - then - let back = fun ret -> Return (CList_CCons ret tl) in Return (x, back) + then let back = fun ret -> Ok (CList_CCons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, list_nth_mut_back) = list_nth_mut t n1 tl i1 in let back = - fun ret -> - let* tl1 = list_nth_mut_back ret in Return (CList_CCons x tl1) in - Return (x1, back) + fun ret -> let* tl1 = list_nth_mut_back ret in Ok (CList_CCons x tl1) + in + Ok (x1, back) | CList_CNil -> Fail Failure end @@ -90,14 +89,12 @@ let rec list_nth_mut1_loop begin match l with | CList_CCons x tl -> if i = 0 - then - let back = fun ret -> Return (CList_CCons ret tl) in Return (x, back) + then let back = fun ret -> Ok (CList_CCons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, back) = list_nth_mut1_loop t n1 tl i1 in - let back1 = - fun ret -> let* tl1 = back ret in Return (CList_CCons x tl1) in - Return (x1, back1) + let back1 = fun ret -> let* tl1 = back ret in Ok (CList_CCons x tl1) in + Ok (x1, back1) | CList_CNil -> Fail Failure end @@ -117,7 +114,7 @@ let rec i32_id (n : nat) (i : i32) : result i32 = else let n1 = decrease n in if i = 0 - then Return 0 + then Ok 0 else let* i1 = i32_sub i 1 in let* i2 = i32_id n1 i1 in i32_add i2 1 (** [demo::list_tail]: @@ -134,10 +131,9 @@ let rec list_tail | CList_CCons x tl -> let* (c, list_tail_back) = list_tail t n1 tl in let back = - fun ret -> let* tl1 = list_tail_back ret in Return (CList_CCons x tl1) - in - Return (c, back) - | CList_CNil -> Return (CList_CNil, Return) + fun ret -> let* tl1 = list_tail_back ret in Ok (CList_CCons x tl1) in + Ok (c, back) + | CList_CNil -> Ok (CList_CNil, Ok) end (** Trait declaration: [demo::Counter] @@ -147,7 +143,7 @@ noeq type counter_t (self : Type0) = { incr : self -> result (usize & self); } (** [demo::{(demo::Counter for usize)}::incr]: Source: 'src/demo.rs', lines 102:4-102:31 *) let counterUsize_incr (self : usize) : result (usize & usize) = - let* self1 = usize_add self 1 in Return (self, self1) + let* self1 = usize_add self 1 in Ok (self, self1) (** Trait implementation: [demo::{(demo::Counter for usize)}] Source: 'src/demo.rs', lines 101:0-101:22 *) diff --git a/tests/fstar/demo/Primitives.fst b/tests/fstar/demo/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/demo/Primitives.fst +++ b/tests/fstar/demo/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/hashmap/Hashmap.Funs.fst b/tests/fstar/hashmap/Hashmap.Funs.fst index d897933a..2be587af 100644 --- a/tests/fstar/hashmap/Hashmap.Funs.fst +++ b/tests/fstar/hashmap/Hashmap.Funs.fst @@ -10,7 +10,7 @@ include Hashmap.Clauses (** [hashmap::hash_key]: Source: 'src/hashmap.rs', lines 27:0-27:32 *) let hash_key (k : usize) : result usize = - Return k + Ok k (** [hashmap::{hashmap::HashMap<T>}::allocate_slots]: loop 0: Source: 'src/hashmap.rs', lines 50:4-56:5 *) @@ -24,7 +24,7 @@ let rec hashMap_allocate_slots_loop let* slots1 = alloc_vec_Vec_push (list_t t) slots List_Nil in let* n1 = usize_sub n 1 in hashMap_allocate_slots_loop t slots1 n1 - else Return slots + else Ok slots (** [hashmap::{hashmap::HashMap<T>}::allocate_slots]: Source: 'src/hashmap.rs', lines 50:4-50:76 *) @@ -45,7 +45,7 @@ let hashMap_new_with_capacity in let* i = usize_mul capacity max_load_dividend in let* i1 = usize_div i max_load_divisor in - Return + Ok { num_entries = 0; max_load_factor = (max_load_dividend, max_load_divisor); @@ -74,18 +74,18 @@ let rec hashMap_clear_loop let* i2 = usize_add i 1 in let* slots1 = index_mut_back List_Nil in hashMap_clear_loop t slots1 i2 - else Return slots + else Ok slots (** [hashmap::{hashmap::HashMap<T>}::clear]: Source: 'src/hashmap.rs', lines 80:4-80:27 *) let hashMap_clear (t : Type0) (self : hashMap_t t) : result (hashMap_t t) = let* hm = hashMap_clear_loop t self.slots 0 in - Return { self with num_entries = 0; slots = hm } + Ok { self with num_entries = 0; slots = hm } (** [hashmap::{hashmap::HashMap<T>}::len]: Source: 'src/hashmap.rs', lines 90:4-90:30 *) let hashMap_len (t : Type0) (self : hashMap_t t) : result usize = - Return self.num_entries + Ok self.num_entries (** [hashmap::{hashmap::HashMap<T>}::insert_in_list]: loop 0: Source: 'src/hashmap.rs', lines 97:4-114:5 *) @@ -97,11 +97,11 @@ let rec hashMap_insert_in_list_loop begin match ls with | List_Cons ckey cvalue tl -> if ckey = key - then Return (false, List_Cons ckey value tl) + then Ok (false, List_Cons ckey value tl) else let* (b, tl1) = hashMap_insert_in_list_loop t key value tl in - Return (b, List_Cons ckey cvalue tl1) - | List_Nil -> Return (true, List_Cons key value List_Nil) + Ok (b, List_Cons ckey cvalue tl1) + | List_Nil -> Ok (true, List_Cons key value List_Nil) end (** [hashmap::{hashmap::HashMap<T>}::insert_in_list]: @@ -130,8 +130,8 @@ let hashMap_insert_no_resize then let* i1 = usize_add self.num_entries 1 in let* v = index_mut_back l1 in - Return { self with num_entries = i1; slots = v } - else let* v = index_mut_back l1 in Return { self with slots = v } + Ok { self with num_entries = i1; slots = v } + else let* v = index_mut_back l1 in Ok { self with slots = v } (** [hashmap::{hashmap::HashMap<T>}::move_elements_from_list]: loop 0: Source: 'src/hashmap.rs', lines 183:4-196:5 *) @@ -144,7 +144,7 @@ let rec hashMap_move_elements_from_list_loop | List_Cons k v tl -> let* ntable1 = hashMap_insert_no_resize t ntable k v in hashMap_move_elements_from_list_loop t ntable1 tl - | List_Nil -> Return ntable + | List_Nil -> Ok ntable end (** [hashmap::{hashmap::HashMap<T>}::move_elements_from_list]: @@ -172,7 +172,7 @@ let rec hashMap_move_elements_loop let* i2 = usize_add i 1 in let* slots1 = index_mut_back l1 in hashMap_move_elements_loop t ntable1 slots1 i2 - else Return (ntable, slots) + else Ok (ntable, slots) (** [hashmap::{hashmap::HashMap<T>}::move_elements]: Source: 'src/hashmap.rs', lines 171:4-171:95 *) @@ -198,10 +198,10 @@ let hashMap_try_resize let* ntable = hashMap_new_with_capacity t i3 i i1 in let* p = hashMap_move_elements t ntable self.slots 0 in let (ntable1, _) = p in - Return + Ok { ntable1 with num_entries = self.num_entries; max_load_factor = (i, i1) } - else Return { self with max_load_factor = (i, i1) } + else Ok { self with max_load_factor = (i, i1) } (** [hashmap::{hashmap::HashMap<T>}::insert]: Source: 'src/hashmap.rs', lines 129:4-129:48 *) @@ -211,7 +211,7 @@ let hashMap_insert = let* self1 = hashMap_insert_no_resize t self key value in let* i = hashMap_len t self1 in - if i > self1.max_load then hashMap_try_resize t self1 else Return self1 + if i > self1.max_load then hashMap_try_resize t self1 else Ok self1 (** [hashmap::{hashmap::HashMap<T>}::contains_key_in_list]: loop 0: Source: 'src/hashmap.rs', lines 206:4-219:5 *) @@ -222,10 +222,8 @@ let rec hashMap_contains_key_in_list_loop = begin match ls with | List_Cons ckey _ tl -> - if ckey = key - then Return true - else hashMap_contains_key_in_list_loop t key tl - | List_Nil -> Return false + if ckey = key then Ok true else hashMap_contains_key_in_list_loop t key tl + | List_Nil -> Ok false end (** [hashmap::{hashmap::HashMap<T>}::contains_key_in_list]: @@ -255,7 +253,7 @@ let rec hashMap_get_in_list_loop = begin match ls with | List_Cons ckey cvalue tl -> - if ckey = key then Return cvalue else hashMap_get_in_list_loop t key tl + if ckey = key then Ok cvalue else hashMap_get_in_list_loop t key tl | List_Nil -> Fail Failure end @@ -286,14 +284,12 @@ let rec hashMap_get_mut_in_list_loop begin match ls with | List_Cons ckey cvalue tl -> if ckey = key - then - let back = fun ret -> Return (List_Cons ckey ret tl) in - Return (cvalue, back) + then let back = fun ret -> Ok (List_Cons ckey ret tl) in Ok (cvalue, back) else let* (x, back) = hashMap_get_mut_in_list_loop t tl key in let back1 = - fun ret -> let* tl1 = back ret in Return (List_Cons ckey cvalue tl1) in - Return (x, back1) + fun ret -> let* tl1 = back ret in Ok (List_Cons ckey cvalue tl1) in + Ok (x, back1) | List_Nil -> Fail Failure end @@ -323,8 +319,8 @@ let hashMap_get_mut fun ret -> let* l1 = get_mut_in_list_back ret in let* v = index_mut_back l1 in - Return { self with slots = v } in - Return (x, back) + Ok { self with slots = v } in + Ok (x, back) (** [hashmap::{hashmap::HashMap<T>}::remove_from_list]: loop 0: Source: 'src/hashmap.rs', lines 265:4-291:5 *) @@ -340,13 +336,13 @@ let rec hashMap_remove_from_list_loop let (mv_ls, _) = core_mem_replace (list_t t) (List_Cons ckey x tl) List_Nil in begin match mv_ls with - | List_Cons _ cvalue tl1 -> Return (Some cvalue, tl1) + | List_Cons _ cvalue tl1 -> Ok (Some cvalue, tl1) | List_Nil -> Fail Failure end else let* (o, tl1) = hashMap_remove_from_list_loop t key tl in - Return (o, List_Cons ckey x tl1) - | List_Nil -> Return (None, List_Nil) + Ok (o, List_Cons ckey x tl1) + | List_Nil -> Ok (None, List_Nil) end (** [hashmap::{hashmap::HashMap<T>}::remove_from_list]: @@ -372,12 +368,11 @@ let hashMap_remove hash_mod in let* (x, l1) = hashMap_remove_from_list t key l in begin match x with - | None -> - let* v = index_mut_back l1 in Return (None, { self with slots = v }) + | None -> let* v = index_mut_back l1 in Ok (None, { self with slots = v }) | Some x1 -> let* i1 = usize_sub self.num_entries 1 in let* v = index_mut_back l1 in - Return (Some x1, { self with num_entries = i1; slots = v }) + Ok (Some x1, { self with num_entries = i1; slots = v }) end (** [hashmap::test1]: @@ -414,6 +409,6 @@ let test1 : result unit = then Fail Failure else let* i4 = hashMap_get u64 hm6 1056 in - if not (i4 = 256) then Fail Failure else Return () + if not (i4 = 256) then Fail Failure else Ok () end diff --git a/tests/fstar/hashmap/Primitives.fst b/tests/fstar/hashmap/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/hashmap/Primitives.fst +++ b/tests/fstar/hashmap/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst b/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst index e0005c81..ff86e087 100644 --- a/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst +++ b/tests/fstar/hashmap_on_disk/HashmapMain.Funs.fst @@ -11,7 +11,7 @@ include HashmapMain.Clauses (** [hashmap_main::hashmap::hash_key]: Source: 'src/hashmap.rs', lines 27:0-27:32 *) let hashmap_hash_key (k : usize) : result usize = - Return k + Ok k (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::allocate_slots]: loop 0: Source: 'src/hashmap.rs', lines 50:4-56:5 *) @@ -26,7 +26,7 @@ let rec hashmap_HashMap_allocate_slots_loop in let* n1 = usize_sub n 1 in hashmap_HashMap_allocate_slots_loop t slots1 n1 - else Return slots + else Ok slots (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::allocate_slots]: Source: 'src/hashmap.rs', lines 50:4-50:76 *) @@ -48,7 +48,7 @@ let hashmap_HashMap_new_with_capacity capacity in let* i = usize_mul capacity max_load_dividend in let* i1 = usize_div i max_load_divisor in - Return + Ok { num_entries = 0; max_load_factor = (max_load_dividend, max_load_divisor); @@ -78,20 +78,20 @@ let rec hashmap_HashMap_clear_loop let* i2 = usize_add i 1 in let* slots1 = index_mut_back Hashmap_List_Nil in hashmap_HashMap_clear_loop t slots1 i2 - else Return slots + else Ok slots (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::clear]: Source: 'src/hashmap.rs', lines 80:4-80:27 *) let hashmap_HashMap_clear (t : Type0) (self : hashmap_HashMap_t t) : result (hashmap_HashMap_t t) = let* hm = hashmap_HashMap_clear_loop t self.slots 0 in - Return { self with num_entries = 0; slots = hm } + Ok { self with num_entries = 0; slots = hm } (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::len]: Source: 'src/hashmap.rs', lines 90:4-90:30 *) let hashmap_HashMap_len (t : Type0) (self : hashmap_HashMap_t t) : result usize = - Return self.num_entries + Ok self.num_entries (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert_in_list]: loop 0: Source: 'src/hashmap.rs', lines 97:4-114:5 *) @@ -103,12 +103,11 @@ let rec hashmap_HashMap_insert_in_list_loop begin match ls with | Hashmap_List_Cons ckey cvalue tl -> if ckey = key - then Return (false, Hashmap_List_Cons ckey value tl) + then Ok (false, Hashmap_List_Cons ckey value tl) else let* (b, tl1) = hashmap_HashMap_insert_in_list_loop t key value tl in - Return (b, Hashmap_List_Cons ckey cvalue tl1) - | Hashmap_List_Nil -> - Return (true, Hashmap_List_Cons key value Hashmap_List_Nil) + Ok (b, Hashmap_List_Cons ckey cvalue tl1) + | Hashmap_List_Nil -> Ok (true, Hashmap_List_Cons key value Hashmap_List_Nil) end (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert_in_list]: @@ -137,8 +136,8 @@ let hashmap_HashMap_insert_no_resize then let* i1 = usize_add self.num_entries 1 in let* v = index_mut_back l1 in - Return { self with num_entries = i1; slots = v } - else let* v = index_mut_back l1 in Return { self with slots = v } + Ok { self with num_entries = i1; slots = v } + else let* v = index_mut_back l1 in Ok { self with slots = v } (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements_from_list]: loop 0: Source: 'src/hashmap.rs', lines 183:4-196:5 *) @@ -152,7 +151,7 @@ let rec hashmap_HashMap_move_elements_from_list_loop | Hashmap_List_Cons k v tl -> let* ntable1 = hashmap_HashMap_insert_no_resize t ntable k v in hashmap_HashMap_move_elements_from_list_loop t ntable1 tl - | Hashmap_List_Nil -> Return ntable + | Hashmap_List_Nil -> Ok ntable end (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements_from_list]: @@ -183,7 +182,7 @@ let rec hashmap_HashMap_move_elements_loop let* i2 = usize_add i 1 in let* slots1 = index_mut_back l1 in hashmap_HashMap_move_elements_loop t ntable1 slots1 i2 - else Return (ntable, slots) + else Ok (ntable, slots) (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::move_elements]: Source: 'src/hashmap.rs', lines 171:4-171:95 *) @@ -209,10 +208,10 @@ let hashmap_HashMap_try_resize let* ntable = hashmap_HashMap_new_with_capacity t i3 i i1 in let* p = hashmap_HashMap_move_elements t ntable self.slots 0 in let (ntable1, _) = p in - Return + Ok { ntable1 with num_entries = self.num_entries; max_load_factor = (i, i1) } - else Return { self with max_load_factor = (i, i1) } + else Ok { self with max_load_factor = (i, i1) } (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::insert]: Source: 'src/hashmap.rs', lines 129:4-129:48 *) @@ -222,9 +221,7 @@ let hashmap_HashMap_insert = let* self1 = hashmap_HashMap_insert_no_resize t self key value in let* i = hashmap_HashMap_len t self1 in - if i > self1.max_load - then hashmap_HashMap_try_resize t self1 - else Return self1 + if i > self1.max_load then hashmap_HashMap_try_resize t self1 else Ok self1 (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::contains_key_in_list]: loop 0: Source: 'src/hashmap.rs', lines 206:4-219:5 *) @@ -236,9 +233,9 @@ let rec hashmap_HashMap_contains_key_in_list_loop begin match ls with | Hashmap_List_Cons ckey _ tl -> if ckey = key - then Return true + then Ok true else hashmap_HashMap_contains_key_in_list_loop t key tl - | Hashmap_List_Nil -> Return false + | Hashmap_List_Nil -> Ok false end (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::contains_key_in_list]: @@ -269,9 +266,7 @@ let rec hashmap_HashMap_get_in_list_loop = begin match ls with | Hashmap_List_Cons ckey cvalue tl -> - if ckey = key - then Return cvalue - else hashmap_HashMap_get_in_list_loop t key tl + if ckey = key then Ok cvalue else hashmap_HashMap_get_in_list_loop t key tl | Hashmap_List_Nil -> Fail Failure end @@ -305,14 +300,14 @@ let rec hashmap_HashMap_get_mut_in_list_loop | Hashmap_List_Cons ckey cvalue tl -> if ckey = key then - let back = fun ret -> Return (Hashmap_List_Cons ckey ret tl) in - Return (cvalue, back) + let back = fun ret -> Ok (Hashmap_List_Cons ckey ret tl) in + Ok (cvalue, back) else let* (x, back) = hashmap_HashMap_get_mut_in_list_loop t tl key in let back1 = fun ret -> - let* tl1 = back ret in Return (Hashmap_List_Cons ckey cvalue tl1) in - Return (x, back1) + let* tl1 = back ret in Ok (Hashmap_List_Cons ckey cvalue tl1) in + Ok (x, back1) | Hashmap_List_Nil -> Fail Failure end @@ -342,8 +337,8 @@ let hashmap_HashMap_get_mut fun ret -> let* l1 = get_mut_in_list_back ret in let* v = index_mut_back l1 in - Return { self with slots = v } in - Return (x, back) + Ok { self with slots = v } in + Ok (x, back) (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::remove_from_list]: loop 0: Source: 'src/hashmap.rs', lines 265:4-291:5 *) @@ -360,13 +355,13 @@ let rec hashmap_HashMap_remove_from_list_loop core_mem_replace (hashmap_List_t t) (Hashmap_List_Cons ckey x tl) Hashmap_List_Nil in begin match mv_ls with - | Hashmap_List_Cons _ cvalue tl1 -> Return (Some cvalue, tl1) + | Hashmap_List_Cons _ cvalue tl1 -> Ok (Some cvalue, tl1) | Hashmap_List_Nil -> Fail Failure end else let* (o, tl1) = hashmap_HashMap_remove_from_list_loop t key tl in - Return (o, Hashmap_List_Cons ckey x tl1) - | Hashmap_List_Nil -> Return (None, Hashmap_List_Nil) + Ok (o, Hashmap_List_Cons ckey x tl1) + | Hashmap_List_Nil -> Ok (None, Hashmap_List_Nil) end (** [hashmap_main::hashmap::{hashmap_main::hashmap::HashMap<T>}::remove_from_list]: @@ -392,12 +387,11 @@ let hashmap_HashMap_remove self.slots hash_mod in let* (x, l1) = hashmap_HashMap_remove_from_list t key l in begin match x with - | None -> - let* v = index_mut_back l1 in Return (None, { self with slots = v }) + | None -> let* v = index_mut_back l1 in Ok (None, { self with slots = v }) | Some x1 -> let* i1 = usize_sub self.num_entries 1 in let* v = index_mut_back l1 in - Return (Some x1, { self with num_entries = i1; slots = v }) + Ok (Some x1, { self with num_entries = i1; slots = v }) end (** [hashmap_main::hashmap::test1]: @@ -434,7 +428,7 @@ let hashmap_test1 : result unit = then Fail Failure else let* i4 = hashmap_HashMap_get u64 hm6 1056 in - if not (i4 = 256) then Fail Failure else Return () + if not (i4 = 256) then Fail Failure else Ok () end (** [hashmap_main::insert_on_disk]: @@ -448,5 +442,5 @@ let insert_on_disk (** [hashmap_main::main]: Source: 'src/hashmap_main.rs', lines 16:0-16:13 *) let main : result unit = - Return () + Ok () diff --git a/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst b/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst index 358df29e..beb3dc2c 100644 --- a/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst +++ b/tests/fstar/hashmap_on_disk/HashmapMain.Properties.fst @@ -20,7 +20,7 @@ assume val serialize_lem (hm : hashmap_HashMap_t u64) (st : state) : Lemma ( match hashmap_utils_serialize hm st with | Fail _ -> True - | Return (st', ()) -> state_v st' == hm) + | Ok (st', ()) -> state_v st' == hm) [SMTPat (hashmap_utils_serialize hm st)] /// [deserialize] gives us the hash map stored on disk, without updating it @@ -28,7 +28,7 @@ assume val deserialize_lem (st : state) : Lemma ( match hashmap_utils_deserialize st with | Fail _ -> True - | Return (st', hm) -> hm == state_v st /\ st' == st) + | Ok (st', hm) -> hm == state_v st /\ st' == st) [SMTPat (hashmap_utils_deserialize st)] (*** Lemmas *) @@ -39,10 +39,10 @@ val deserialize_lem (st : state) : Lemma ( val insert_on_disk_lem (key : usize) (value : u64) (st : state) : Lemma ( match insert_on_disk key value st with | Fail _ -> True - | Return (st', ()) -> + | Ok (st', ()) -> let hm = state_v st in match hashmap_HashMap_insert u64 hm key value with | Fail _ -> False - | Return hm' -> hm' == state_v st') + | Ok hm' -> hm' == state_v st') let insert_on_disk_lem key value st = () diff --git a/tests/fstar/hashmap_on_disk/Primitives.fst b/tests/fstar/hashmap_on_disk/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/hashmap_on_disk/Primitives.fst +++ b/tests/fstar/hashmap_on_disk/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/misc/Bitwise.fst b/tests/fstar/misc/Bitwise.fst index 7330f07a..11ef6861 100644 --- a/tests/fstar/misc/Bitwise.fst +++ b/tests/fstar/misc/Bitwise.fst @@ -18,15 +18,15 @@ let shift_i32 (a : i32) : result i32 = (** [bitwise::xor_u32]: Source: 'src/bitwise.rs', lines 17:0-17:37 *) let xor_u32 (a : u32) (b : u32) : result u32 = - Return (u32_xor a b) + Ok (u32_xor a b) (** [bitwise::or_u32]: Source: 'src/bitwise.rs', lines 21:0-21:36 *) let or_u32 (a : u32) (b : u32) : result u32 = - Return (u32_or a b) + Ok (u32_or a b) (** [bitwise::and_u32]: Source: 'src/bitwise.rs', lines 25:0-25:37 *) let and_u32 (a : u32) (b : u32) : result u32 = - Return (u32_and a b) + Ok (u32_and a b) diff --git a/tests/fstar/misc/Constants.fst b/tests/fstar/misc/Constants.fst index 8d1cf3ce..4fbafb83 100644 --- a/tests/fstar/misc/Constants.fst +++ b/tests/fstar/misc/Constants.fst @@ -7,17 +7,17 @@ open Primitives (** [constants::X0] Source: 'src/constants.rs', lines 5:0-5:17 *) -let x0_body : result u32 = Return 0 +let x0_body : result u32 = Ok 0 let x0 : u32 = eval_global x0_body (** [constants::X1] Source: 'src/constants.rs', lines 7:0-7:17 *) -let x1_body : result u32 = Return core_u32_max +let x1_body : result u32 = Ok core_u32_max let x1 : u32 = eval_global x1_body (** [constants::X2] Source: 'src/constants.rs', lines 10:0-10:17 *) -let x2_body : result u32 = Return 3 +let x2_body : result u32 = Ok 3 let x2 : u32 = eval_global x2_body (** [constants::incr]: @@ -33,7 +33,7 @@ let x3 : u32 = eval_global x3_body (** [constants::mk_pair0]: Source: 'src/constants.rs', lines 23:0-23:51 *) let mk_pair0 (x : u32) (y1 : u32) : result (u32 & u32) = - Return (x, y1) + Ok (x, y1) (** [constants::Pair] Source: 'src/constants.rs', lines 36:0-36:23 *) @@ -42,7 +42,7 @@ type pair_t (t1 t2 : Type0) = { x : t1; y : t2; } (** [constants::mk_pair1]: Source: 'src/constants.rs', lines 27:0-27:55 *) let mk_pair1 (x : u32) (y1 : u32) : result (pair_t u32 u32) = - Return { x = x; y = y1 } + Ok { x = x; y = y1 } (** [constants::P0] Source: 'src/constants.rs', lines 31:0-31:24 *) @@ -56,12 +56,12 @@ let p1 : pair_t u32 u32 = eval_global p1_body (** [constants::P2] Source: 'src/constants.rs', lines 33:0-33:24 *) -let p2_body : result (u32 & u32) = Return (0, 1) +let p2_body : result (u32 & u32) = Ok (0, 1) let p2 : (u32 & u32) = eval_global p2_body (** [constants::P3] Source: 'src/constants.rs', lines 34:0-34:28 *) -let p3_body : result (pair_t u32 u32) = Return { x = 0; y = 1 } +let p3_body : result (pair_t u32 u32) = Ok { x = 0; y = 1 } let p3 : pair_t u32 u32 = eval_global p3_body (** [constants::Wrap] @@ -71,7 +71,7 @@ type wrap_t (t : Type0) = { value : t; } (** [constants::{constants::Wrap<T>}::new]: Source: 'src/constants.rs', lines 54:4-54:41 *) let wrap_new (t : Type0) (value : t) : result (wrap_t t) = - Return { value = value } + Ok { value = value } (** [constants::Y] Source: 'src/constants.rs', lines 41:0-41:22 *) @@ -81,7 +81,7 @@ let y : wrap_t i32 = eval_global y_body (** [constants::unwrap_y]: Source: 'src/constants.rs', lines 43:0-43:30 *) let unwrap_y : result i32 = - Return y.value + Ok y.value (** [constants::YVAL] Source: 'src/constants.rs', lines 47:0-47:19 *) @@ -90,13 +90,13 @@ let yval : i32 = eval_global yval_body (** [constants::get_z1::Z1] Source: 'src/constants.rs', lines 62:4-62:17 *) -let get_z1_z1_body : result i32 = Return 3 +let get_z1_z1_body : result i32 = Ok 3 let get_z1_z1 : i32 = eval_global get_z1_z1_body (** [constants::get_z1]: Source: 'src/constants.rs', lines 61:0-61:28 *) let get_z1 : result i32 = - Return get_z1_z1 + Ok get_z1_z1 (** [constants::add]: Source: 'src/constants.rs', lines 66:0-66:39 *) @@ -105,12 +105,12 @@ let add (a : i32) (b : i32) : result i32 = (** [constants::Q1] Source: 'src/constants.rs', lines 74:0-74:17 *) -let q1_body : result i32 = Return 5 +let q1_body : result i32 = Ok 5 let q1 : i32 = eval_global q1_body (** [constants::Q2] Source: 'src/constants.rs', lines 75:0-75:17 *) -let q2_body : result i32 = Return q1 +let q2_body : result i32 = Ok q1 let q2 : i32 = eval_global q2_body (** [constants::Q3] @@ -125,7 +125,7 @@ let get_z2 : result i32 = (** [constants::S1] Source: 'src/constants.rs', lines 80:0-80:18 *) -let s1_body : result u32 = Return 6 +let s1_body : result u32 = Ok 6 let s1 : u32 = eval_global s1_body (** [constants::S2] @@ -135,7 +135,7 @@ let s2 : u32 = eval_global s2_body (** [constants::S3] Source: 'src/constants.rs', lines 82:0-82:29 *) -let s3_body : result (pair_t u32 u32) = Return p3 +let s3_body : result (pair_t u32 u32) = Ok p3 let s3 : pair_t u32 u32 = eval_global s3_body (** [constants::S4] @@ -149,11 +149,11 @@ type v_t (t : Type0) (n : usize) = { x : array t n; } (** [constants::{constants::V<T, N>#1}::LEN] Source: 'src/constants.rs', lines 91:4-91:24 *) -let v_len_body (t : Type0) (n : usize) : result usize = Return n +let v_len_body (t : Type0) (n : usize) : result usize = Ok n let v_len (t : Type0) (n : usize) : usize = eval_global (v_len_body t n) (** [constants::use_v]: Source: 'src/constants.rs', lines 94:0-94:42 *) let use_v (t : Type0) (n : usize) : result usize = - Return (v_len t n) + Ok (v_len t n) diff --git a/tests/fstar/misc/External.Funs.fst b/tests/fstar/misc/External.Funs.fst index 78960404..d4247b8f 100644 --- a/tests/fstar/misc/External.Funs.fst +++ b/tests/fstar/misc/External.Funs.fst @@ -22,10 +22,10 @@ let test_new_non_zero_u32 (** [external::test_vec]: Source: 'src/external.rs', lines 17:0-17:17 *) let test_vec : result unit = - let* _ = alloc_vec_Vec_push u32 (alloc_vec_Vec_new u32) 0 in Return () + let* _ = alloc_vec_Vec_push u32 (alloc_vec_Vec_new u32) 0 in Ok () (** Unit test for [external::test_vec] *) -let _ = assert_norm (test_vec = Return ()) +let _ = assert_norm (test_vec = Ok ()) (** [external::custom_swap]: Source: 'src/external.rs', lines 24:0-24:66 *) @@ -34,8 +34,8 @@ let custom_swap result (state & (t & (t -> state -> result (state & (t & t))))) = let* (st1, (x1, y1)) = core_mem_swap t x y st in - let back = fun ret st2 -> Return (st2, (ret, y1)) in - Return (st1, (x1, back)) + let back = fun ret st2 -> Ok (st2, (ret, y1)) in + Ok (st1, (x1, back)) (** [external::test_custom_swap]: Source: 'src/external.rs', lines 29:0-29:59 *) @@ -43,12 +43,12 @@ let test_custom_swap (x : u32) (y : u32) (st : state) : result (state & (u32 & u32)) = let* (st1, (_, custom_swap_back)) = custom_swap u32 x y st in let* (_, (x1, y1)) = custom_swap_back 1 st1 in - Return (st1, (x1, y1)) + Ok (st1, (x1, y1)) (** [external::test_swap_non_zero]: Source: 'src/external.rs', lines 35:0-35:44 *) let test_swap_non_zero (x : u32) (st : state) : result (state & u32) = let* (st1, p) = swap u32 x 0 st in let (x1, _) = p in - if x1 = 0 then Fail Failure else Return (st1, x1) + if x1 = 0 then Fail Failure else Ok (st1, x1) diff --git a/tests/fstar/misc/Loops.Funs.fst b/tests/fstar/misc/Loops.Funs.fst index 93683deb..26cb91d2 100644 --- a/tests/fstar/misc/Loops.Funs.fst +++ b/tests/fstar/misc/Loops.Funs.fst @@ -70,7 +70,7 @@ let rec sum_array_loop let* s1 = u32_add s i1 in let* i2 = usize_add i 1 in sum_array_loop n a i2 s1 - else Return s + else Ok s (** [loops::sum_array]: Source: 'src/loops.rs', lines 50:0-50:52 *) @@ -92,7 +92,7 @@ let rec clear_loop let* i2 = usize_add i 1 in let* v1 = index_mut_back 0 in clear_loop v1 i2 - else Return v + else Ok v (** [loops::clear]: Source: 'src/loops.rs', lines 62:0-62:30 *) @@ -106,8 +106,8 @@ let rec list_mem_loop Tot (result bool) (decreases (list_mem_loop_decreases x ls)) = begin match ls with - | List_Cons y tl -> if y = x then Return true else list_mem_loop x tl - | List_Nil -> Return false + | List_Cons y tl -> if y = x then Ok true else list_mem_loop x tl + | List_Nil -> Ok false end (** [loops::list_mem]: @@ -125,12 +125,12 @@ let rec list_nth_mut_loop_loop begin match ls with | List_Cons x tl -> if i = 0 - then let back = fun ret -> Return (List_Cons ret tl) in Return (x, back) + then let back = fun ret -> Ok (List_Cons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, back) = list_nth_mut_loop_loop t tl i1 in - let back1 = fun ret -> let* tl1 = back ret in Return (List_Cons x tl1) in - Return (x1, back1) + let back1 = fun ret -> let* tl1 = back ret in Ok (List_Cons x tl1) in + Ok (x1, back1) | List_Nil -> Fail Failure end @@ -151,7 +151,7 @@ let rec list_nth_shared_loop_loop begin match ls with | List_Cons x tl -> if i = 0 - then Return x + then Ok x else let* i1 = u32_sub i 1 in list_nth_shared_loop_loop t tl i1 | List_Nil -> Fail Failure end @@ -171,11 +171,11 @@ let rec get_elem_mut_loop begin match ls with | List_Cons y tl -> if y = x - then let back = fun ret -> Return (List_Cons ret tl) in Return (y, back) + then let back = fun ret -> Ok (List_Cons ret tl) in Ok (y, back) else let* (i, back) = get_elem_mut_loop x tl in - let back1 = fun ret -> let* tl1 = back ret in Return (List_Cons y tl1) in - Return (i, back1) + let back1 = fun ret -> let* tl1 = back ret in Ok (List_Cons y tl1) in + Ok (i, back1) | List_Nil -> Fail Failure end @@ -190,7 +190,7 @@ let get_elem_mut (core_slice_index_SliceIndexUsizeSliceTInst (list_t usize)) slots 0 in let* (i, back) = get_elem_mut_loop x ls in let back1 = fun ret -> let* l = back ret in index_mut_back l in - Return (i, back1) + Ok (i, back1) (** [loops::get_elem_shared]: loop 0: Source: 'src/loops.rs', lines 129:0-143:1 *) @@ -199,7 +199,7 @@ let rec get_elem_shared_loop Tot (result usize) (decreases (get_elem_shared_loop_decreases x ls)) = begin match ls with - | List_Cons y tl -> if y = x then Return y else get_elem_shared_loop x tl + | List_Cons y tl -> if y = x then Ok y else get_elem_shared_loop x tl | List_Nil -> Fail Failure end @@ -218,12 +218,12 @@ let id_mut (t : Type0) (ls : list_t t) : result ((list_t t) & (list_t t -> result (list_t t))) = - Return (ls, Return) + Ok (ls, Ok) (** [loops::id_shared]: Source: 'src/loops.rs', lines 149:0-149:45 *) let id_shared (t : Type0) (ls : list_t t) : result (list_t t) = - Return ls + Ok ls (** [loops::list_nth_mut_loop_with_id]: loop 0: Source: 'src/loops.rs', lines 154:0-165:1 *) @@ -235,12 +235,12 @@ let rec list_nth_mut_loop_with_id_loop begin match ls with | List_Cons x tl -> if i = 0 - then let back = fun ret -> Return (List_Cons ret tl) in Return (x, back) + then let back = fun ret -> Ok (List_Cons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, back) = list_nth_mut_loop_with_id_loop t i1 tl in - let back1 = fun ret -> let* tl1 = back ret in Return (List_Cons x tl1) in - Return (x1, back1) + let back1 = fun ret -> let* tl1 = back ret in Ok (List_Cons x tl1) in + Ok (x1, back1) | List_Nil -> Fail Failure end @@ -253,7 +253,7 @@ let list_nth_mut_loop_with_id let* (ls1, id_mut_back) = id_mut t ls in let* (x, back) = list_nth_mut_loop_with_id_loop t i ls1 in let back1 = fun ret -> let* l = back ret in id_mut_back l in - Return (x, back1) + Ok (x, back1) (** [loops::list_nth_shared_loop_with_id]: loop 0: Source: 'src/loops.rs', lines 168:0-179:1 *) @@ -265,7 +265,7 @@ let rec list_nth_shared_loop_with_id_loop begin match ls with | List_Cons x tl -> if i = 0 - then Return x + then Ok x else let* i1 = u32_sub i 1 in list_nth_shared_loop_with_id_loop t i1 tl | List_Nil -> Fail Failure end @@ -289,17 +289,17 @@ let rec list_nth_mut_loop_pair_loop | List_Cons x1 tl1 -> if i = 0 then - let back'a = fun ret -> Return (List_Cons ret tl0) in - let back'b = fun ret -> Return (List_Cons ret tl1) in - Return ((x0, x1), back'a, back'b) + let back'a = fun ret -> Ok (List_Cons ret tl0) in + let back'b = fun ret -> Ok (List_Cons ret tl1) in + Ok ((x0, x1), back'a, back'b) else let* i1 = u32_sub i 1 in let* (p, back'a, back'b) = list_nth_mut_loop_pair_loop t tl0 tl1 i1 in let back'a1 = - fun ret -> let* tl01 = back'a ret in Return (List_Cons x0 tl01) in + fun ret -> let* tl01 = back'a ret in Ok (List_Cons x0 tl01) in let back'b1 = - fun ret -> let* tl11 = back'b ret in Return (List_Cons x1 tl11) in - Return (p, back'a1, back'b1) + fun ret -> let* tl11 = back'b ret in Ok (List_Cons x1 tl11) in + Ok (p, back'a1, back'b1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -325,7 +325,7 @@ let rec list_nth_shared_loop_pair_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then Return (x0, x1) + then Ok (x0, x1) else let* i1 = u32_sub i 1 in list_nth_shared_loop_pair_loop t tl0 tl1 i1 | List_Nil -> Fail Failure end @@ -353,16 +353,16 @@ let rec list_nth_mut_loop_pair_merge_loop then let back = fun ret -> - let (x, x2) = ret in Return (List_Cons x tl0, List_Cons x2 tl1) in - Return ((x0, x1), back) + let (x, x2) = ret in Ok (List_Cons x tl0, List_Cons x2 tl1) in + Ok ((x0, x1), back) else let* i1 = u32_sub i 1 in let* (p, back) = list_nth_mut_loop_pair_merge_loop t tl0 tl1 i1 in let back1 = fun ret -> let* (tl01, tl11) = back ret in - Return (List_Cons x0 tl01, List_Cons x1 tl11) in - Return (p, back1) + Ok (List_Cons x0 tl01, List_Cons x1 tl11) in + Ok (p, back1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -388,7 +388,7 @@ let rec list_nth_shared_loop_pair_merge_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then Return (x0, x1) + then Ok (x0, x1) else let* i1 = u32_sub i 1 in list_nth_shared_loop_pair_merge_loop t tl0 tl1 i1 @@ -415,15 +415,13 @@ let rec list_nth_mut_shared_loop_pair_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then - let back = fun ret -> Return (List_Cons ret tl0) in - Return ((x0, x1), back) + then let back = fun ret -> Ok (List_Cons ret tl0) in Ok ((x0, x1), back) else let* i1 = u32_sub i 1 in let* (p, back) = list_nth_mut_shared_loop_pair_loop t tl0 tl1 i1 in - let back1 = - fun ret -> let* tl01 = back ret in Return (List_Cons x0 tl01) in - Return (p, back1) + let back1 = fun ret -> let* tl01 = back ret in Ok (List_Cons x0 tl01) + in + Ok (p, back1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -449,16 +447,14 @@ let rec list_nth_mut_shared_loop_pair_merge_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then - let back = fun ret -> Return (List_Cons ret tl0) in - Return ((x0, x1), back) + then let back = fun ret -> Ok (List_Cons ret tl0) in Ok ((x0, x1), back) else let* i1 = u32_sub i 1 in let* (p, back) = list_nth_mut_shared_loop_pair_merge_loop t tl0 tl1 i1 in - let back1 = - fun ret -> let* tl01 = back ret in Return (List_Cons x0 tl01) in - Return (p, back1) + let back1 = fun ret -> let* tl01 = back ret in Ok (List_Cons x0 tl01) + in + Ok (p, back1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -484,15 +480,13 @@ let rec list_nth_shared_mut_loop_pair_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then - let back = fun ret -> Return (List_Cons ret tl1) in - Return ((x0, x1), back) + then let back = fun ret -> Ok (List_Cons ret tl1) in Ok ((x0, x1), back) else let* i1 = u32_sub i 1 in let* (p, back) = list_nth_shared_mut_loop_pair_loop t tl0 tl1 i1 in - let back1 = - fun ret -> let* tl11 = back ret in Return (List_Cons x1 tl11) in - Return (p, back1) + let back1 = fun ret -> let* tl11 = back ret in Ok (List_Cons x1 tl11) + in + Ok (p, back1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -518,16 +512,14 @@ let rec list_nth_shared_mut_loop_pair_merge_loop begin match ls1 with | List_Cons x1 tl1 -> if i = 0 - then - let back = fun ret -> Return (List_Cons ret tl1) in - Return ((x0, x1), back) + then let back = fun ret -> Ok (List_Cons ret tl1) in Ok ((x0, x1), back) else let* i1 = u32_sub i 1 in let* (p, back) = list_nth_shared_mut_loop_pair_merge_loop t tl0 tl1 i1 in - let back1 = - fun ret -> let* tl11 = back ret in Return (List_Cons x1 tl11) in - Return (p, back1) + let back1 = fun ret -> let* tl11 = back ret in Ok (List_Cons x1 tl11) + in + Ok (p, back1) | List_Nil -> Fail Failure end | List_Nil -> Fail Failure @@ -549,12 +541,12 @@ let rec ignore_input_mut_borrow_loop = if i > 0 then let* i1 = u32_sub i 1 in ignore_input_mut_borrow_loop i1 - else Return () + else Ok () (** [loops::ignore_input_mut_borrow]: Source: 'src/loops.rs', lines 345:0-345:56 *) let ignore_input_mut_borrow (_a : u32) (i : u32) : result u32 = - let* _ = ignore_input_mut_borrow_loop i in Return _a + let* _ = ignore_input_mut_borrow_loop i in Ok _a (** [loops::incr_ignore_input_mut_borrow]: loop 0: Source: 'src/loops.rs', lines 353:0-358:1 *) @@ -564,14 +556,14 @@ let rec incr_ignore_input_mut_borrow_loop = if i > 0 then let* i1 = u32_sub i 1 in incr_ignore_input_mut_borrow_loop i1 - else Return () + else Ok () (** [loops::incr_ignore_input_mut_borrow]: Source: 'src/loops.rs', lines 353:0-353:60 *) let incr_ignore_input_mut_borrow (a : u32) (i : u32) : result u32 = let* a1 = u32_add a 1 in let* _ = incr_ignore_input_mut_borrow_loop i in - Return a1 + Ok a1 (** [loops::ignore_input_shared_borrow]: loop 0: Source: 'src/loops.rs', lines 362:0-366:1 *) @@ -581,10 +573,10 @@ let rec ignore_input_shared_borrow_loop = if i > 0 then let* i1 = u32_sub i 1 in ignore_input_shared_borrow_loop i1 - else Return () + else Ok () (** [loops::ignore_input_shared_borrow]: Source: 'src/loops.rs', lines 362:0-362:59 *) let ignore_input_shared_borrow (_a : u32) (i : u32) : result u32 = - let* _ = ignore_input_shared_borrow_loop i in Return _a + let* _ = ignore_input_shared_borrow_loop i in Ok _a diff --git a/tests/fstar/misc/NoNestedBorrows.fst b/tests/fstar/misc/NoNestedBorrows.fst index 1a93beaa..ac443a99 100644 --- a/tests/fstar/misc/NoNestedBorrows.fst +++ b/tests/fstar/misc/NoNestedBorrows.fst @@ -151,20 +151,20 @@ let cast_bool_to_i32 (x : bool) : result i32 = (** [no_nested_borrows::cast_bool_to_bool]: Source: 'src/no_nested_borrows.rs', lines 137:0-137:41 *) let cast_bool_to_bool (x : bool) : result bool = - Return x + Ok x (** [no_nested_borrows::test2]: Source: 'src/no_nested_borrows.rs', lines 142:0-142:14 *) let test2 : result unit = - let* _ = u32_add 23 44 in Return () + let* _ = u32_add 23 44 in Ok () (** Unit test for [no_nested_borrows::test2] *) -let _ = assert_norm (test2 = Return ()) +let _ = assert_norm (test2 = Ok ()) (** [no_nested_borrows::get_max]: Source: 'src/no_nested_borrows.rs', lines 154:0-154:37 *) let get_max (x : u32) (y : u32) : result u32 = - if x >= y then Return x else Return y + if x >= y then Ok x else Ok y (** [no_nested_borrows::test3]: Source: 'src/no_nested_borrows.rs', lines 162:0-162:14 *) @@ -172,26 +172,26 @@ let test3 : result unit = let* x = get_max 4 3 in let* y = get_max 10 11 in let* z = u32_add x y in - if not (z = 15) then Fail Failure else Return () + if not (z = 15) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test3] *) -let _ = assert_norm (test3 = Return ()) +let _ = assert_norm (test3 = Ok ()) (** [no_nested_borrows::test_neg1]: Source: 'src/no_nested_borrows.rs', lines 169:0-169:18 *) let test_neg1 : result unit = - let* y = i32_neg 3 in if not (y = -3) then Fail Failure else Return () + let* y = i32_neg 3 in if not (y = -3) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_neg1] *) -let _ = assert_norm (test_neg1 = Return ()) +let _ = assert_norm (test_neg1 = Ok ()) (** [no_nested_borrows::refs_test1]: Source: 'src/no_nested_borrows.rs', lines 176:0-176:19 *) let refs_test1 : result unit = - if not (1 = 1) then Fail Failure else Return () + if not (1 = 1) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::refs_test1] *) -let _ = assert_norm (refs_test1 = Return ()) +let _ = assert_norm (refs_test1 = Ok ()) (** [no_nested_borrows::refs_test2]: Source: 'src/no_nested_borrows.rs', lines 187:0-187:19 *) @@ -204,18 +204,18 @@ let refs_test2 : result unit = else if not (2 = 2) then Fail Failure - else if not (2 = 2) then Fail Failure else Return () + else if not (2 = 2) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::refs_test2] *) -let _ = assert_norm (refs_test2 = Return ()) +let _ = assert_norm (refs_test2 = Ok ()) (** [no_nested_borrows::test_list1]: Source: 'src/no_nested_borrows.rs', lines 203:0-203:19 *) let test_list1 : result unit = - Return () + Ok () (** Unit test for [no_nested_borrows::test_list1] *) -let _ = assert_norm (test_list1 = Return ()) +let _ = assert_norm (test_list1 = Ok ()) (** [no_nested_borrows::test_box1]: Source: 'src/no_nested_borrows.rs', lines 208:0-208:18 *) @@ -223,56 +223,53 @@ let test_box1 : result unit = let* (_, deref_mut_back) = alloc_boxed_Box_deref_mut i32 0 in let* b = deref_mut_back 1 in let* x = alloc_boxed_Box_deref i32 b in - if not (x = 1) then Fail Failure else Return () + if not (x = 1) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_box1] *) -let _ = assert_norm (test_box1 = Return ()) +let _ = assert_norm (test_box1 = Ok ()) (** [no_nested_borrows::copy_int]: Source: 'src/no_nested_borrows.rs', lines 218:0-218:30 *) let copy_int (x : i32) : result i32 = - Return x + Ok x (** [no_nested_borrows::test_unreachable]: Source: 'src/no_nested_borrows.rs', lines 224:0-224:32 *) let test_unreachable (b : bool) : result unit = - if b then Fail Failure else Return () + if b then Fail Failure else Ok () (** [no_nested_borrows::test_panic]: Source: 'src/no_nested_borrows.rs', lines 232:0-232:26 *) let test_panic (b : bool) : result unit = - if b then Fail Failure else Return () + if b then Fail Failure else Ok () (** [no_nested_borrows::test_copy_int]: Source: 'src/no_nested_borrows.rs', lines 239:0-239:22 *) let test_copy_int : result unit = - let* y = copy_int 0 in if not (0 = y) then Fail Failure else Return () + let* y = copy_int 0 in if not (0 = y) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_copy_int] *) -let _ = assert_norm (test_copy_int = Return ()) +let _ = assert_norm (test_copy_int = Ok ()) (** [no_nested_borrows::is_cons]: Source: 'src/no_nested_borrows.rs', lines 246:0-246:38 *) let is_cons (t : Type0) (l : list_t t) : result bool = - begin match l with - | List_Cons _ _ -> Return true - | List_Nil -> Return false - end + begin match l with | List_Cons _ _ -> Ok true | List_Nil -> Ok false end (** [no_nested_borrows::test_is_cons]: Source: 'src/no_nested_borrows.rs', lines 253:0-253:21 *) let test_is_cons : result unit = let* b = is_cons i32 (List_Cons 0 List_Nil) in - if not b then Fail Failure else Return () + if not b then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_is_cons] *) -let _ = assert_norm (test_is_cons = Return ()) +let _ = assert_norm (test_is_cons = Ok ()) (** [no_nested_borrows::split_list]: Source: 'src/no_nested_borrows.rs', lines 259:0-259:48 *) let split_list (t : Type0) (l : list_t t) : result (t & (list_t t)) = begin match l with - | List_Cons hd tl -> Return (hd, tl) + | List_Cons hd tl -> Ok (hd, tl) | List_Nil -> Fail Failure end @@ -281,18 +278,18 @@ let split_list (t : Type0) (l : list_t t) : result (t & (list_t t)) = let test_split_list : result unit = let* p = split_list i32 (List_Cons 0 List_Nil) in let (hd, _) = p in - if not (hd = 0) then Fail Failure else Return () + if not (hd = 0) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_split_list] *) -let _ = assert_norm (test_split_list = Return ()) +let _ = assert_norm (test_split_list = Ok ()) (** [no_nested_borrows::choose]: Source: 'src/no_nested_borrows.rs', lines 274:0-274:70 *) let choose (t : Type0) (b : bool) (x : t) (y : t) : result (t & (t -> result (t & t))) = if b - then let back = fun ret -> Return (ret, y) in Return (x, back) - else let back = fun ret -> Return (x, ret) in Return (y, back) + then let back = fun ret -> Ok (ret, y) in Ok (x, back) + else let back = fun ret -> Ok (x, ret) in Ok (y, back) (** [no_nested_borrows::choose_test]: Source: 'src/no_nested_borrows.rs', lines 282:0-282:20 *) @@ -305,15 +302,15 @@ let choose_test : result unit = let* (x, y) = choose_back z1 in if not (x = 1) then Fail Failure - else if not (y = 0) then Fail Failure else Return () + else if not (y = 0) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::choose_test] *) -let _ = assert_norm (choose_test = Return ()) +let _ = assert_norm (choose_test = Ok ()) (** [no_nested_borrows::test_char]: Source: 'src/no_nested_borrows.rs', lines 294:0-294:26 *) let test_char : result char = - Return 'a' + Ok 'a' (** [no_nested_borrows::Tree] Source: 'src/no_nested_borrows.rs', lines 299:0-299:16 *) @@ -332,7 +329,7 @@ and nodeElem_t (t : Type0) = let rec list_length (t : Type0) (l : list_t t) : result u32 = begin match l with | List_Cons _ l1 -> let* i = list_length t l1 in u32_add 1 i - | List_Nil -> Return 0 + | List_Nil -> Ok 0 end (** [no_nested_borrows::list_nth_shared]: @@ -340,9 +337,7 @@ let rec list_length (t : Type0) (l : list_t t) : result u32 = let rec list_nth_shared (t : Type0) (l : list_t t) (i : u32) : result t = begin match l with | List_Cons x tl -> - if i = 0 - then Return x - else let* i1 = u32_sub i 1 in list_nth_shared t tl i1 + if i = 0 then Ok x else let* i1 = u32_sub i 1 in list_nth_shared t tl i1 | List_Nil -> Fail Failure end @@ -355,14 +350,13 @@ let rec list_nth_mut begin match l with | List_Cons x tl -> if i = 0 - then let back = fun ret -> Return (List_Cons ret tl) in Return (x, back) + then let back = fun ret -> Ok (List_Cons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, list_nth_mut_back) = list_nth_mut t tl i1 in let back = - fun ret -> let* tl1 = list_nth_mut_back ret in Return (List_Cons x tl1) - in - Return (x1, back) + fun ret -> let* tl1 = list_nth_mut_back ret in Ok (List_Cons x tl1) in + Ok (x1, back) | List_Nil -> Fail Failure end @@ -372,7 +366,7 @@ let rec list_rev_aux (t : Type0) (li : list_t t) (lo : list_t t) : result (list_t t) = begin match li with | List_Cons hd tl -> list_rev_aux t tl (List_Cons hd lo) - | List_Nil -> Return lo + | List_Nil -> Ok lo end (** [no_nested_borrows::list_rev]: @@ -413,10 +407,10 @@ let test_list_functions : result unit = then Fail Failure else let* i6 = list_nth_shared i32 ls 2 in - if not (i6 = 2) then Fail Failure else Return () + if not (i6 = 2) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_list_functions] *) -let _ = assert_norm (test_list_functions = Return ()) +let _ = assert_norm (test_list_functions = Ok ()) (** [no_nested_borrows::id_mut_pair1]: Source: 'src/no_nested_borrows.rs', lines 414:0-414:89 *) @@ -424,7 +418,7 @@ let id_mut_pair1 (t1 t2 : Type0) (x : t1) (y : t2) : result ((t1 & t2) & ((t1 & t2) -> result (t1 & t2))) = - Return ((x, y), Return) + Ok ((x, y), Ok) (** [no_nested_borrows::id_mut_pair2]: Source: 'src/no_nested_borrows.rs', lines 418:0-418:88 *) @@ -432,7 +426,7 @@ let id_mut_pair2 (t1 t2 : Type0) (p : (t1 & t2)) : result ((t1 & t2) & ((t1 & t2) -> result (t1 & t2))) = - let (x, x1) = p in Return ((x, x1), Return) + let (x, x1) = p in Ok ((x, x1), Ok) (** [no_nested_borrows::id_mut_pair3]: Source: 'src/no_nested_borrows.rs', lines 422:0-422:93 *) @@ -440,7 +434,7 @@ let id_mut_pair3 (t1 t2 : Type0) (x : t1) (y : t2) : result ((t1 & t2) & (t1 -> result t1) & (t2 -> result t2)) = - Return ((x, y), Return, Return) + Ok ((x, y), Ok, Ok) (** [no_nested_borrows::id_mut_pair4]: Source: 'src/no_nested_borrows.rs', lines 426:0-426:92 *) @@ -448,7 +442,7 @@ let id_mut_pair4 (t1 t2 : Type0) (p : (t1 & t2)) : result ((t1 & t2) & (t1 -> result t1) & (t2 -> result t2)) = - let (x, x1) = p in Return ((x, x1), Return, Return) + let (x, x1) = p in Ok ((x, x1), Ok, Ok) (** [no_nested_borrows::StructWithTuple] Source: 'src/no_nested_borrows.rs', lines 433:0-433:34 *) @@ -457,17 +451,17 @@ type structWithTuple_t (t1 t2 : Type0) = { p : (t1 & t2); } (** [no_nested_borrows::new_tuple1]: Source: 'src/no_nested_borrows.rs', lines 437:0-437:48 *) let new_tuple1 : result (structWithTuple_t u32 u32) = - Return { p = (1, 2) } + Ok { p = (1, 2) } (** [no_nested_borrows::new_tuple2]: Source: 'src/no_nested_borrows.rs', lines 441:0-441:48 *) let new_tuple2 : result (structWithTuple_t i16 i16) = - Return { p = (1, 2) } + Ok { p = (1, 2) } (** [no_nested_borrows::new_tuple3]: Source: 'src/no_nested_borrows.rs', lines 445:0-445:48 *) let new_tuple3 : result (structWithTuple_t u64 i64) = - Return { p = (1, 2) } + Ok { p = (1, 2) } (** [no_nested_borrows::StructWithPair] Source: 'src/no_nested_borrows.rs', lines 450:0-450:33 *) @@ -476,7 +470,7 @@ type structWithPair_t (t1 t2 : Type0) = { p : pair_t t1 t2; } (** [no_nested_borrows::new_pair1]: Source: 'src/no_nested_borrows.rs', lines 454:0-454:46 *) let new_pair1 : result (structWithPair_t u32 u32) = - Return { p = { x = 1; y = 2 } } + Ok { p = { x = 1; y = 2 } } (** [no_nested_borrows::test_constants]: Source: 'src/no_nested_borrows.rs', lines 462:0-462:23 *) @@ -497,44 +491,44 @@ let test_constants : result unit = then Fail Failure else let* swp = new_pair1 in - if not (swp.p.x = 1) then Fail Failure else Return () + if not (swp.p.x = 1) then Fail Failure else Ok () (** Unit test for [no_nested_borrows::test_constants] *) -let _ = assert_norm (test_constants = Return ()) +let _ = assert_norm (test_constants = Ok ()) (** [no_nested_borrows::test_weird_borrows1]: Source: 'src/no_nested_borrows.rs', lines 471:0-471:28 *) let test_weird_borrows1 : result unit = - Return () + Ok () (** Unit test for [no_nested_borrows::test_weird_borrows1] *) -let _ = assert_norm (test_weird_borrows1 = Return ()) +let _ = assert_norm (test_weird_borrows1 = Ok ()) (** [no_nested_borrows::test_mem_replace]: Source: 'src/no_nested_borrows.rs', lines 481:0-481:37 *) let test_mem_replace (px : u32) : result u32 = let (y, _) = core_mem_replace u32 px 1 in - if not (y = 0) then Fail Failure else Return 2 + if not (y = 0) then Fail Failure else Ok 2 (** [no_nested_borrows::test_shared_borrow_bool1]: Source: 'src/no_nested_borrows.rs', lines 488:0-488:47 *) let test_shared_borrow_bool1 (b : bool) : result u32 = - if b then Return 0 else Return 1 + if b then Ok 0 else Ok 1 (** [no_nested_borrows::test_shared_borrow_bool2]: Source: 'src/no_nested_borrows.rs', lines 501:0-501:40 *) let test_shared_borrow_bool2 : result u32 = - Return 0 + Ok 0 (** [no_nested_borrows::test_shared_borrow_enum1]: Source: 'src/no_nested_borrows.rs', lines 516:0-516:52 *) let test_shared_borrow_enum1 (l : list_t u32) : result u32 = - begin match l with | List_Cons _ _ -> Return 1 | List_Nil -> Return 0 end + begin match l with | List_Cons _ _ -> Ok 1 | List_Nil -> Ok 0 end (** [no_nested_borrows::test_shared_borrow_enum2]: Source: 'src/no_nested_borrows.rs', lines 528:0-528:40 *) let test_shared_borrow_enum2 : result u32 = - Return 0 + Ok 0 (** [no_nested_borrows::incr]: Source: 'src/no_nested_borrows.rs', lines 539:0-539:24 *) @@ -549,7 +543,7 @@ let call_incr (x : u32) : result u32 = (** [no_nested_borrows::read_then_incr]: Source: 'src/no_nested_borrows.rs', lines 548:0-548:41 *) let read_then_incr (x : u32) : result (u32 & u32) = - let* x1 = u32_add x 1 in Return (x, x1) + let* x1 = u32_add x 1 in Ok (x, x1) (** [no_nested_borrows::Tuple] Source: 'src/no_nested_borrows.rs', lines 554:0-554:24 *) @@ -558,12 +552,12 @@ type tuple_t (t1 t2 : Type0) = t1 * t2 (** [no_nested_borrows::use_tuple_struct]: Source: 'src/no_nested_borrows.rs', lines 556:0-556:48 *) let use_tuple_struct (x : tuple_t u32 u32) : result (tuple_t u32 u32) = - let (_, i) = x in Return (1, i) + let (_, i) = x in Ok (1, i) (** [no_nested_borrows::create_tuple_struct]: Source: 'src/no_nested_borrows.rs', lines 560:0-560:61 *) let create_tuple_struct (x : u32) (y : u64) : result (tuple_t u32 u64) = - Return (x, y) + Ok (x, y) (** [no_nested_borrows::IdType] Source: 'src/no_nested_borrows.rs', lines 565:0-565:20 *) @@ -572,10 +566,10 @@ type idType_t (t : Type0) = t (** [no_nested_borrows::use_id_type]: Source: 'src/no_nested_borrows.rs', lines 567:0-567:40 *) let use_id_type (t : Type0) (x : idType_t t) : result t = - Return x + Ok x (** [no_nested_borrows::create_id_type]: Source: 'src/no_nested_borrows.rs', lines 571:0-571:43 *) let create_id_type (t : Type0) (x : t) : result (idType_t t) = - Return x + Ok x diff --git a/tests/fstar/misc/Paper.fst b/tests/fstar/misc/Paper.fst index c2f47ad1..e6b4eb25 100644 --- a/tests/fstar/misc/Paper.fst +++ b/tests/fstar/misc/Paper.fst @@ -13,18 +13,18 @@ let ref_incr (x : i32) : result i32 = (** [paper::test_incr]: Source: 'src/paper.rs', lines 8:0-8:18 *) let test_incr : result unit = - let* x = ref_incr 0 in if not (x = 1) then Fail Failure else Return () + let* x = ref_incr 0 in if not (x = 1) then Fail Failure else Ok () (** Unit test for [paper::test_incr] *) -let _ = assert_norm (test_incr = Return ()) +let _ = assert_norm (test_incr = Ok ()) (** [paper::choose]: Source: 'src/paper.rs', lines 15:0-15:70 *) let choose (t : Type0) (b : bool) (x : t) (y : t) : result (t & (t -> result (t & t))) = if b - then let back = fun ret -> Return (ret, y) in Return (x, back) - else let back = fun ret -> Return (x, ret) in Return (y, back) + then let back = fun ret -> Ok (ret, y) in Ok (x, back) + else let back = fun ret -> Ok (x, ret) in Ok (y, back) (** [paper::test_choose]: Source: 'src/paper.rs', lines 23:0-23:20 *) @@ -37,10 +37,10 @@ let test_choose : result unit = let* (x, y) = choose_back z1 in if not (x = 1) then Fail Failure - else if not (y = 0) then Fail Failure else Return () + else if not (y = 0) then Fail Failure else Ok () (** Unit test for [paper::test_choose] *) -let _ = assert_norm (test_choose = Return ()) +let _ = assert_norm (test_choose = Ok ()) (** [paper::List] Source: 'src/paper.rs', lines 35:0-35:16 *) @@ -57,14 +57,13 @@ let rec list_nth_mut begin match l with | List_Cons x tl -> if i = 0 - then let back = fun ret -> Return (List_Cons ret tl) in Return (x, back) + then let back = fun ret -> Ok (List_Cons ret tl) in Ok (x, back) else let* i1 = u32_sub i 1 in let* (x1, list_nth_mut_back) = list_nth_mut t tl i1 in let back = - fun ret -> let* tl1 = list_nth_mut_back ret in Return (List_Cons x tl1) - in - Return (x1, back) + fun ret -> let* tl1 = list_nth_mut_back ret in Ok (List_Cons x tl1) in + Ok (x1, back) | List_Nil -> Fail Failure end @@ -73,7 +72,7 @@ let rec list_nth_mut let rec sum (l : list_t i32) : result i32 = begin match l with | List_Cons x tl -> let* i = sum tl in i32_add x i - | List_Nil -> Return 0 + | List_Nil -> Ok 0 end (** [paper::test_nth]: @@ -85,10 +84,10 @@ let test_nth : result unit = let* x1 = i32_add x 1 in let* l2 = list_nth_mut_back x1 in let* i = sum l2 in - if not (i = 7) then Fail Failure else Return () + if not (i = 7) then Fail Failure else Ok () (** Unit test for [paper::test_nth] *) -let _ = assert_norm (test_nth = Return ()) +let _ = assert_norm (test_nth = Ok ()) (** [paper::call_choose]: Source: 'src/paper.rs', lines 76:0-76:44 *) @@ -97,5 +96,5 @@ let call_choose (p : (u32 & u32)) : result u32 = let* (pz, choose_back) = choose u32 true px py in let* pz1 = u32_add pz 1 in let* (px1, _) = choose_back pz1 in - Return px1 + Ok px1 diff --git a/tests/fstar/misc/PoloniusList.fst b/tests/fstar/misc/PoloniusList.fst index 4203247e..c0bc592e 100644 --- a/tests/fstar/misc/PoloniusList.fst +++ b/tests/fstar/misc/PoloniusList.fst @@ -20,13 +20,13 @@ let rec get_list_at_x begin match ls with | List_Cons hd tl -> if hd = x - then Return (List_Cons hd tl, Return) + then Ok (List_Cons hd tl, Ok) else let* (l, get_list_at_x_back) = get_list_at_x tl x in let back = - fun ret -> - let* tl1 = get_list_at_x_back ret in Return (List_Cons hd tl1) in - Return (l, back) - | List_Nil -> Return (List_Nil, Return) + fun ret -> let* tl1 = get_list_at_x_back ret in Ok (List_Cons hd tl1) + in + Ok (l, back) + | List_Nil -> Ok (List_Nil, Ok) end diff --git a/tests/fstar/misc/Primitives.fst b/tests/fstar/misc/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/misc/Primitives.fst +++ b/tests/fstar/misc/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/traits/Primitives.fst b/tests/fstar/traits/Primitives.fst index fca80829..acdb09dc 100644 --- a/tests/fstar/traits/Primitives.fst +++ b/tests/fstar/traits/Primitives.fst @@ -23,11 +23,11 @@ type error : Type0 = | OutOfFuel type result (a : Type0) : Type0 = -| Return : v:a -> result a +| Ok : v:a -> result a | Fail : e:error -> result a // Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x +unfold let return (#a : Type0) (x : a) : result a = Ok x // Monadic bind operator. // Allows to use the notation: @@ -36,17 +36,17 @@ unfold let return (#a : Type0) (x : a) : result a = Return x // ... // ``` unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + (f: (x:a) -> Pure (result b) (requires (m == Ok x)) (ensures fun _ -> True)) : result b = match m with - | Return x -> f x + | Ok x -> f x | Fail e -> Fail e // Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure +let massert (b:bool) : result unit = if b then Ok () else Fail Failure // Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x +let eval_global (#a : Type0) (x : result a{Ok? (normalize_term x)}) : a = Ok?.v x (*** Misc *) type char = FStar.Char.char @@ -144,7 +144,7 @@ let scalar_max (ty : scalar_ty) : int = type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + if scalar_min ty <= x && scalar_max ty >= x then Ok x else Fail Failure let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) @@ -498,9 +498,9 @@ type core_ops_range_Range (a : Type0) = { (*** [alloc] *) -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Ok x let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) + Ok (x, (fun x -> Ok x)) // Trait instance let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { @@ -528,20 +528,20 @@ let mk_array (a : Type0) (n : usize) l let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result (a & (a -> result (array a n))) = match array_index_usize a n x i with | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) + | Ok v -> + Ok (v, array_update_usize a n x i) (*** Slice *) type slice (a : Type0) = s:list a{length s <= usize_max} @@ -549,30 +549,30 @@ type slice (a : Type0) = s:list a{length s <= usize_max} let slice_len (a : Type0) (s : slice a) : usize = length s let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) + if i < length x then Ok (index x i) else Fail Failure let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) + if i < length x then Ok (list_update x i nx) else Fail Failure let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : result (a & (a -> result (slice a))) = match slice_index_usize a s i with | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) + | Ok x -> + Ok (x, slice_update_usize a s i) (*** Subslices *) -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Ok x let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s + if length s = n then Ok s else Fail Failure let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) + Ok (x, array_from_slice a n x) // TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = @@ -598,16 +598,16 @@ let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v // Helper let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure + if i < length v then Ok (index v i) else Fail Failure // Helper let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : result (a & (a → result (alloc_vec_Vec a))) = match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) + | Ok x -> + Ok (x, alloc_vec_Vec_update_usize v i) | Fail e -> Fail e let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : @@ -616,17 +616,17 @@ let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : (ensures (fun res -> match res with | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = + | Ok v' -> length v' = length v + 1)) = if length v < usize_max then begin (**) assert_norm(length [x] == 1); (**) append_length v [x]; (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) + Ok (append v [x]) end else Fail Failure let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure + if i < length v then Ok (list_update v i x) else Fail Failure // Trait declaration: [core::slice::index::private_slice_index::Sealed] type core_slice_index_private_slice_index_Sealed (self : Type0) = unit @@ -650,7 +650,7 @@ let core_slice_index_Slice_index let* x = inst.get i s in match x with | None -> Fail Failure - | Some x -> Return x + | Some x -> Ok x // [core::slice::index::Range:::get]: forward function let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : diff --git a/tests/fstar/traits/Traits.fst b/tests/fstar/traits/Traits.fst index 199d49bf..1f0293a0 100644 --- a/tests/fstar/traits/Traits.fst +++ b/tests/fstar/traits/Traits.fst @@ -12,7 +12,7 @@ noeq type boolTrait_t (self : Type0) = { get_bool : self -> result bool; } (** [traits::{(traits::BoolTrait for bool)}::get_bool]: Source: 'src/traits.rs', lines 12:4-12:30 *) let boolTraitBool_get_bool (self : bool) : result bool = - Return self + Ok self (** Trait implementation: [traits::{(traits::BoolTrait for bool)}] Source: 'src/traits.rs', lines 11:0-11:23 *) @@ -24,18 +24,18 @@ let boolTrait_ret_true (#self : Type0) (self_clause : boolTrait_t self) (self1 : self) : result bool = - Return true + Ok true (** [traits::test_bool_trait_bool]: Source: 'src/traits.rs', lines 17:0-17:44 *) let test_bool_trait_bool (x : bool) : result bool = let* b = boolTraitBool_get_bool x in - if b then boolTrait_ret_true boolTraitBool x else Return false + if b then boolTrait_ret_true boolTraitBool x else Ok false (** [traits::{(traits::BoolTrait for core::option::Option<T>)#1}::get_bool]: Source: 'src/traits.rs', lines 23:4-23:30 *) let boolTraitOption_get_bool (t : Type0) (self : option t) : result bool = - begin match self with | None -> Return false | Some _ -> Return true end + begin match self with | None -> Ok false | Some _ -> Ok true end (** Trait implementation: [traits::{(traits::BoolTrait for core::option::Option<T>)#1}] Source: 'src/traits.rs', lines 22:0-22:31 *) @@ -47,7 +47,7 @@ let boolTraitOption (t : Type0) : boolTrait_t (option t) = { Source: 'src/traits.rs', lines 31:0-31:54 *) let test_bool_trait_option (t : Type0) (x : option t) : result bool = let* b = boolTraitOption_get_bool t x in - if b then boolTrait_ret_true (boolTraitOption t) x else Return false + if b then boolTrait_ret_true (boolTraitOption t) x else Ok false (** [traits::test_bool_trait]: Source: 'src/traits.rs', lines 35:0-35:50 *) @@ -62,7 +62,7 @@ noeq type toU64_t (self : Type0) = { to_u64 : self -> result u64; } (** [traits::{(traits::ToU64 for u64)#2}::to_u64]: Source: 'src/traits.rs', lines 44:4-44:26 *) let toU64U64_to_u64 (self : u64) : result u64 = - Return self + Ok self (** Trait implementation: [traits::{(traits::ToU64 for u64)#2}] Source: 'src/traits.rs', lines 43:0-43:18 *) @@ -133,7 +133,7 @@ noeq type toType_t (self t : Type0) = { to_type : self -> result t; } (** [traits::{(traits::ToType<bool> for u64)#5}::to_type]: Source: 'src/traits.rs', lines 93:4-93:28 *) let toTypeU64Bool_to_type (self : u64) : result bool = - Return (self > 0) + Ok (self > 0) (** Trait implementation: [traits::{(traits::ToType<bool> for u64)#5}] Source: 'src/traits.rs', lines 92:0-92:25 *) @@ -188,7 +188,7 @@ noeq type testType_test_TestTrait_t (self : Type0) = { Source: 'src/traits.rs', lines 139:12-139:34 *) let testType_test_TestTraittraitsTestTypetestTestType1_test (self : testType_test_TestType1_t) : result bool = - Return (self > 1) + Ok (self > 1) (** Trait implementation: [traits::{traits::TestType<T>#6}::test::{(traits::{traits::TestType<T>#6}::test::TestTrait for traits::{traits::TestType<T>#6}::test::TestType1)}] Source: 'src/traits.rs', lines 138:8-138:36 *) @@ -206,7 +206,7 @@ let testType_test let* x1 = toU64Inst.to_u64 x in if x1 > 0 then testType_test_TestTraittraitsTestTypetestTestType1_test 0 - else Return false + else Ok false (** [traits::BoolWrapper] Source: 'src/traits.rs', lines 150:0-150:22 *) @@ -231,7 +231,7 @@ let toTypetraitsBoolWrapperT (t : Type0) (toTypeBoolTInst : toType_t bool t) : Source: 'src/traits.rs', lines 164:4-164:21 *) let with_const_ty_len2_default_body (self : Type0) (len : usize) : result usize = - Return 32 + Ok 32 let with_const_ty_len2_default (self : Type0) (len : usize) : usize = eval_global (with_const_ty_len2_default_body self len) @@ -248,14 +248,14 @@ noeq type withConstTy_t (self : Type0) (len : usize) = { (** [traits::{(traits::WithConstTy<32: usize> for bool)#8}::LEN1] Source: 'src/traits.rs', lines 175:4-175:21 *) -let with_const_ty_bool32_len1_body : result usize = Return 12 +let with_const_ty_bool32_len1_body : result usize = Ok 12 let with_const_ty_bool32_len1 : usize = eval_global with_const_ty_bool32_len1_body (** [traits::{(traits::WithConstTy<32: usize> for bool)#8}::f]: Source: 'src/traits.rs', lines 180:4-180:39 *) let withConstTyBool32_f (i : u64) (a : array u8 32) : result u64 = - Return i + Ok i (** Trait implementation: [traits::{(traits::WithConstTy<32: usize> for bool)#8}] Source: 'src/traits.rs', lines 174:0-174:29 *) @@ -274,7 +274,7 @@ let use_with_const_ty1 (h : Type0) (len : usize) (withConstTyInst : withConstTy_t h len) : result usize = - Return withConstTyInst.cLEN1 + Ok withConstTyInst.cLEN1 (** [traits::use_with_const_ty2]: Source: 'src/traits.rs', lines 187:0-187:73 *) @@ -283,7 +283,7 @@ let use_with_const_ty2 (w : withConstTyInst.tW) : result unit = - Return () + Ok () (** [traits::use_with_const_ty3]: Source: 'src/traits.rs', lines 189:0-189:80 *) @@ -297,7 +297,7 @@ let use_with_const_ty3 (** [traits::test_where1]: Source: 'src/traits.rs', lines 193:0-193:40 *) let test_where1 (t : Type0) (_x : t) : result unit = - Return () + Ok () (** [traits::test_where2]: Source: 'src/traits.rs', lines 194:0-194:57 *) @@ -305,7 +305,7 @@ let test_where2 (t : Type0) (withConstTyT32Inst : withConstTy_t t 32) (_x : u32) : result unit = - Return () + Ok () (** Trait declaration: [traits::ParentTrait0] Source: 'src/traits.rs', lines 200:0-200:22 *) @@ -347,7 +347,7 @@ let order1 parentTrait0_t u) : result unit = - Return () + Ok () (** Trait declaration: [traits::ChildTrait1] Source: 'src/traits.rs', lines 222:0-222:35 *) @@ -421,7 +421,7 @@ let parentTrait2U32 : parentTrait2_t u32 = { (** [traits::{(traits::ChildTrait2 for u32)#13}::convert]: Source: 'src/traits.rs', lines 273:4-273:29 *) let childTrait2U32_convert (x : u32) : result u32 = - Return x + Ok x (** Trait implementation: [traits::{(traits::ChildTrait2 for u32)#13}] Source: 'src/traits.rs', lines 272:0-272:24 *) @@ -468,7 +468,7 @@ noeq type trait_t (self : Type0) = { cLEN : usize; } (** [traits::{(traits::Trait for @Array<T, N>)#14}::LEN] Source: 'src/traits.rs', lines 315:4-315:20 *) -let trait_array_len_body (t : Type0) (n : usize) : result usize = Return n +let trait_array_len_body (t : Type0) (n : usize) : result usize = Ok n let trait_array_len (t : Type0) (n : usize) : usize = eval_global (trait_array_len_body t n) @@ -482,7 +482,7 @@ let traitArray (t : Type0) (n : usize) : trait_t (array t n) = { Source: 'src/traits.rs', lines 319:4-319:20 *) let traittraits_wrapper_len_body (t : Type0) (traitInst : trait_t t) : result usize = - Return 0 + Ok 0 let traittraits_wrapper_len (t : Type0) (traitInst : trait_t t) : usize = eval_global (traittraits_wrapper_len_body t traitInst) @@ -496,7 +496,7 @@ let traittraitsWrapper (t : Type0) (traitInst : trait_t t) : trait_t (wrapper_t (** [traits::use_wrapper_len]: Source: 'src/traits.rs', lines 322:0-322:43 *) let use_wrapper_len (t : Type0) (traitInst : trait_t t) : result usize = - Return (traittraitsWrapper t traitInst).cLEN + Ok (traittraitsWrapper t traitInst).cLEN (** [traits::Foo] Source: 'src/traits.rs', lines 326:0-326:20 *) @@ -513,7 +513,7 @@ type core_result_Result_t (t e : Type0) = Source: 'src/traits.rs', lines 332:4-332:33 *) let foo_foo_body (t u : Type0) (traitInst : trait_t t) : result (core_result_Result_t t i32) = - Return (Core_result_Result_Err 0) + Ok (Core_result_Result_Err 0) let foo_foo (t u : Type0) (traitInst : trait_t t) : core_result_Result_t t i32 = eval_global (foo_foo_body t u traitInst) @@ -522,11 +522,11 @@ let foo_foo (t u : Type0) (traitInst : trait_t t) Source: 'src/traits.rs', lines 335:0-335:48 *) let use_foo1 (t u : Type0) (traitInst : trait_t t) : result (core_result_Result_t t i32) = - Return (foo_foo t u traitInst) + Ok (foo_foo t u traitInst) (** [traits::use_foo2]: Source: 'src/traits.rs', lines 339:0-339:48 *) let use_foo2 (t u : Type0) (traitInst : trait_t u) : result (core_result_Result_t u i32) = - Return (foo_foo u t traitInst) + Ok (foo_foo u t traitInst) |