diff options
Diffstat (limited to '')
-rw-r--r-- | tests/betree/BetreeMain.Clauses.Template.fst | 95 | ||||
-rw-r--r-- | tests/betree/BetreeMain.Clauses.fst | 94 | ||||
-rw-r--r-- | tests/betree/BetreeMain.Funs.fst | 1672 | ||||
-rw-r--r-- | tests/betree/BetreeMain.Opaque.fsti | 30 | ||||
-rw-r--r-- | tests/betree/BetreeMain.Types.fsti | 60 | ||||
-rw-r--r-- | tests/betree/Primitives.fst | 279 |
6 files changed, 2230 insertions, 0 deletions
diff --git a/tests/betree/BetreeMain.Clauses.Template.fst b/tests/betree/BetreeMain.Clauses.Template.fst new file mode 100644 index 00000000..19b5574f --- /dev/null +++ b/tests/betree/BetreeMain.Clauses.Template.fst @@ -0,0 +1,95 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: templates for the decreases clauses *) +module BetreeMain.Clauses.Template +open Primitives +open BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(** [betree_main::betree::List::{1}::len]: decreases clause *) +unfold +let betree_list_1_len_decreases (t : Type0) (self : betree_list_t t) : nat = + admit () + +(** [betree_main::betree::List::{1}::split_at]: decreases clause *) +unfold +let betree_list_1_split_at_decreases (t : Type0) (self : betree_list_t t) + (n : u64) : nat = + admit () + +(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *) +unfold +let betree_list_2_partition_at_pivot_decreases (t : Type0) + (self : betree_list_t (u64 & t)) (pivot : u64) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *) +unfold +let betree_node_5_lookup_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *) +unfold +let betree_node_5_lookup_first_message_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *) +unfold +let betree_node_5_apply_upserts_decreases + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *) +unfold +let betree_internal_4_lookup_in_children_decreases (self : betree_internal_t) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup]: decreases clause *) +unfold +let betree_node_5_lookup_decreases (self : betree_node_t) (key : u64) + (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *) +unfold +let betree_node_5_lookup_mut_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *) +unfold +let betree_node_5_filter_messages_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *) +unfold +let betree_node_5_lookup_first_message_after_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::flush]: decreases clause *) +unfold +let betree_internal_4_flush_decreases (self : betree_internal_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *) +unfold +let betree_node_5_apply_messages_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply]: decreases clause *) +unfold +let betree_node_5_apply_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (key : u64) (new_msg : betree_message_t) (st : state) : nat = + admit () + diff --git a/tests/betree/BetreeMain.Clauses.fst b/tests/betree/BetreeMain.Clauses.fst new file mode 100644 index 00000000..b241e756 --- /dev/null +++ b/tests/betree/BetreeMain.Clauses.fst @@ -0,0 +1,94 @@ +(** [betree_main]: templates for the decreases clauses *) +module BetreeMain.Clauses +open Primitives +open BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(** [betree_main::betree::List::{1}::len]: decreases clause *) +unfold +let betree_list_1_len_decreases (t : Type0) (self : betree_list_t t) : nat = + admit () + +(** [betree_main::betree::List::{1}::split_at]: decreases clause *) +unfold +let betree_list_1_split_at_decreases (t : Type0) (self : betree_list_t t) + (n : u64) : nat = + admit () + +(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *) +unfold +let betree_list_2_partition_at_pivot_decreases (t : Type0) + (self : betree_list_t (u64 & t)) (pivot : u64) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *) +unfold +let betree_node_5_lookup_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *) +unfold +let betree_node_5_lookup_first_message_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *) +unfold +let betree_node_5_apply_upserts_decreases + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *) +unfold +let betree_internal_4_lookup_in_children_decreases (self : betree_internal_t) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup]: decreases clause *) +unfold +let betree_node_5_lookup_decreases (self : betree_node_t) (key : u64) + (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *) +unfold +let betree_node_5_lookup_mut_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *) +unfold +let betree_node_5_filter_messages_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *) +unfold +let betree_node_5_lookup_first_message_after_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::flush]: decreases clause *) +unfold +let betree_internal_4_flush_decreases (self : betree_internal_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *) +unfold +let betree_node_5_apply_messages_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply]: decreases clause *) +unfold +let betree_node_5_apply_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (key : u64) (new_msg : betree_message_t) (st : state) : nat = + admit () + diff --git a/tests/betree/BetreeMain.Funs.fst b/tests/betree/BetreeMain.Funs.fst new file mode 100644 index 00000000..b218c622 --- /dev/null +++ b/tests/betree/BetreeMain.Funs.fst @@ -0,0 +1,1672 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: function definitions *) +module BetreeMain.Funs +open Primitives +include BetreeMain.Types +include BetreeMain.Opaque +include BetreeMain.Clauses + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(** [betree_main::betree::load_internal_node] *) +let betree_load_internal_node_fwd + (id : u64) (st : state) : + result (state & (betree_list_t (u64 & betree_message_t))) + = + begin match betree_utils_load_internal_node_fwd id st with + | Fail -> Fail + | Return (st0, l) -> Return (st0, l) + end + +(** [betree_main::betree::store_internal_node] *) +let betree_store_internal_node_fwd + (id : u64) (content : betree_list_t (u64 & betree_message_t)) (st : state) : + result (state & unit) + = + begin match betree_utils_store_internal_node_fwd id content st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::load_leaf_node] *) +let betree_load_leaf_node_fwd + (id : u64) (st : state) : result (state & (betree_list_t (u64 & u64))) = + begin match betree_utils_load_leaf_node_fwd id st with + | Fail -> Fail + | Return (st0, l) -> Return (st0, l) + end + +(** [betree_main::betree::store_leaf_node] *) +let betree_store_leaf_node_fwd + (id : u64) (content : betree_list_t (u64 & u64)) (st : state) : + result (state & unit) + = + begin match betree_utils_store_leaf_node_fwd id content st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::fresh_node_id] *) +let betree_fresh_node_id_fwd (counter : u64) : result u64 = + begin match u64_add counter 1 with + | Fail -> Fail + | Return _ -> Return counter + end + +(** [betree_main::betree::fresh_node_id] *) +let betree_fresh_node_id_back (counter : u64) : result u64 = + begin match u64_add counter 1 with + | Fail -> Fail + | Return counter0 -> Return counter0 + end + +(** [betree_main::betree::NodeIdCounter::{0}::new] *) +let betree_node_id_counter_new_fwd : result betree_node_id_counter_t = + Return (Mkbetree_node_id_counter_t 0) + +(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *) +let betree_node_id_counter_fresh_id_fwd + (self : betree_node_id_counter_t) : result u64 = + begin match u64_add self.betree_node_id_counter_next_node_id 1 with + | Fail -> Fail + | Return _ -> Return self.betree_node_id_counter_next_node_id + end + +(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *) +let betree_node_id_counter_fresh_id_back + (self : betree_node_id_counter_t) : result betree_node_id_counter_t = + begin match u64_add self.betree_node_id_counter_next_node_id 1 with + | Fail -> Fail + | Return i -> Return (Mkbetree_node_id_counter_t i) + end + +(** [betree_main::betree::upsert_update] *) +let betree_upsert_update_fwd + (prev : option u64) (st : betree_upsert_fun_state_t) : result u64 = + begin match prev with + | None -> + begin match st with + | BetreeUpsertFunStateAdd v -> Return v + | BetreeUpsertFunStateSub i -> Return 0 + end + | Some prev0 -> + begin match st with + | BetreeUpsertFunStateAdd v -> + begin match u64_sub 18446744073709551615 prev0 with + | Fail -> Fail + | Return margin -> + if margin >= v + then + begin match u64_add prev0 v with + | Fail -> Fail + | Return i -> Return i + end + else Return 18446744073709551615 + end + | BetreeUpsertFunStateSub v -> + if prev0 >= v + then + begin match u64_sub prev0 v with + | Fail -> Fail + | Return i -> Return i + end + else Return 0 + end + end + +(** [betree_main::betree::List::{1}::len] *) +let rec betree_list_1_len_fwd + (t : Type0) (self : betree_list_t t) : + Tot (result u64) (decreases (betree_list_1_len_decreases t self)) + = + begin match self with + | BetreeListCons x tl -> + begin match betree_list_1_len_fwd t tl with + | Fail -> Fail + | Return i -> + begin match u64_add 1 i with | Fail -> Fail | Return i0 -> Return i0 end + end + | BetreeListNil -> Return 0 + end + +(** [betree_main::betree::List::{1}::split_at] *) +let rec betree_list_1_split_at_fwd + (t : Type0) (self : betree_list_t t) (n : u64) : + Tot (result ((betree_list_t t) & (betree_list_t t))) + (decreases (betree_list_1_split_at_decreases t self n)) + = + begin match n with + | 0 -> Return (BetreeListNil, self) + | _ -> + begin match self with + | BetreeListCons hd tl -> + begin match u64_sub n 1 with + | Fail -> Fail + | Return i -> + begin match betree_list_1_split_at_fwd t tl i with + | Fail -> Fail + | Return p -> + let (ls0, ls1) = p in + let l = ls0 in Return (BetreeListCons hd l, ls1) + end + end + | BetreeListNil -> Fail + end + end + +(** [betree_main::betree::List::{1}::push_front] *) +let betree_list_1_push_front_fwd_back + (t : Type0) (self : betree_list_t t) (x : t) : result (betree_list_t t) = + let tl = mem_replace_fwd (betree_list_t t) self BetreeListNil in + let l = tl in Return (BetreeListCons x l) + +(** [betree_main::betree::List::{1}::pop_front] *) +let betree_list_1_pop_front_fwd + (t : Type0) (self : betree_list_t t) : result t = + let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in + begin match ls with + | BetreeListCons x tl -> Return x + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{1}::pop_front] *) +let betree_list_1_pop_front_back + (t : Type0) (self : betree_list_t t) : result (betree_list_t t) = + let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in + begin match ls with + | BetreeListCons x tl -> Return tl + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{1}::hd] *) +let betree_list_1_hd_fwd (t : Type0) (self : betree_list_t t) : result t = + begin match self with + | BetreeListCons hd l -> Return hd + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{2}::head_has_key] *) +let betree_list_2_head_has_key_fwd + (t : Type0) (self : betree_list_t (u64 & t)) (key : u64) : result bool = + begin match self with + | BetreeListCons hd l -> let (i, _) = hd in Return (i = key) + | BetreeListNil -> Return false + end + +(** [betree_main::betree::List::{2}::partition_at_pivot] *) +let rec betree_list_2_partition_at_pivot_fwd + (t : Type0) (self : betree_list_t (u64 & t)) (pivot : u64) : + Tot (result ((betree_list_t (u64 & t)) & (betree_list_t (u64 & t)))) + (decreases (betree_list_2_partition_at_pivot_decreases t self pivot)) + = + begin match self with + | BetreeListCons hd tl -> + let (i, x) = hd in + if i >= pivot + then Return (BetreeListNil, BetreeListCons (i, x) tl) + else + begin match betree_list_2_partition_at_pivot_fwd t tl pivot with + | Fail -> Fail + | Return p -> + let (ls0, ls1) = p in + let l = ls0 in Return (BetreeListCons (i, x) l, ls1) + end + | BetreeListNil -> Return (BetreeListNil, BetreeListNil) + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_3_split_fwd + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) : + result (state & betree_internal_t) + = + begin match + betree_list_1_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_1_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return p0 -> + let (pivot, _) = p0 in + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st0 with + | Fail -> Fail + | Return (st1, _) -> + let n = BetreeNodeLeaf (Mkbetree_leaf_t id0 + params.betree_params_split_size) in + let n0 = BetreeNodeLeaf (Mkbetree_leaf_t id1 + params.betree_params_split_size) in + Return + (st1, + Mkbetree_internal_t + self.betree_leaf_id + pivot + n + n0) + end + end + end + end + end + end + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_3_split_back + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) : + result betree_node_id_counter_t + = + begin match + betree_list_1_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_1_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return _ -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st0 with + | Fail -> Fail + | Return (_, _) -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt0 + with + | Fail -> Fail + | Return node_id_cnt1 -> Return node_id_cnt1 + end + end + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::lookup_in_bindings] *) +let rec betree_node_5_lookup_in_bindings_fwd + (key : u64) (bindings : betree_list_t (u64 & u64)) : + Tot (result (option u64)) + (decreases (betree_node_5_lookup_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i = key + then Return (Some i0) + else + if i > key + then Return None + else + begin match betree_node_5_lookup_in_bindings_fwd key tl with + | Fail -> Fail + | Return opt -> Return opt + end + | BetreeListNil -> Return None + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *) +let rec betree_node_5_lookup_first_message_for_key_fwd + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_lookup_first_message_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons x next_msgs -> + let (i, m) = x in + if i >= key + then Return (BetreeListCons (i, m) next_msgs) + else + begin match betree_node_5_lookup_first_message_for_key_fwd key next_msgs + with + | Fail -> Fail + | Return l -> Return l + end + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *) +let rec betree_node_5_lookup_first_message_for_key_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) + (ret : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_lookup_first_message_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons x next_msgs -> + let (i, m) = x in + if i >= key + then Return ret + else + begin match + betree_node_5_lookup_first_message_for_key_back key next_msgs ret with + | Fail -> Fail + | Return next_msgs0 -> Return (BetreeListCons (i, m) next_msgs0) + end + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_upserts] *) +let rec betree_node_5_apply_upserts_fwd + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : + Tot (result (state & u64)) + (decreases (betree_node_5_apply_upserts_decreases msgs prev key st)) + = + begin match betree_list_2_head_has_key_fwd betree_message_t msgs key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_1_pop_front_fwd (u64 & betree_message_t) msgs + with + | Fail -> Fail + | Return msg -> + let (_, m) = msg in + begin match m with + | BetreeMessageInsert i -> Fail + | BetreeMessageDelete -> Fail + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd prev s with + | Fail -> Fail + | Return v -> + begin match + betree_list_1_pop_front_back (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msgs0 -> + begin match betree_node_5_apply_upserts_fwd msgs0 (Some v) key st + with + | Fail -> Fail + | Return (st0, i) -> Return (st0, i) + end + end + end + end + end + else + begin match core_option_option_unwrap_fwd u64 prev st with + | Fail -> Fail + | Return (st0, v) -> + begin match + betree_list_1_push_front_fwd (u64 & betree_message_t) msgs (key, + BetreeMessageInsert v) with + | Fail -> Fail + | Return _ -> Return (st0, v) + end + end + end + +(** [betree_main::betree::Node::{5}::apply_upserts] *) +let rec betree_node_5_apply_upserts_back + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_apply_upserts_decreases msgs prev key st)) + = + begin match betree_list_2_head_has_key_fwd betree_message_t msgs key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_1_pop_front_fwd (u64 & betree_message_t) msgs + with + | Fail -> Fail + | Return msg -> + let (_, m) = msg in + begin match m with + | BetreeMessageInsert i -> Fail + | BetreeMessageDelete -> Fail + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd prev s with + | Fail -> Fail + | Return v -> + begin match + betree_list_1_pop_front_back (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_node_5_apply_upserts_back msgs0 (Some v) key st with + | Fail -> Fail + | Return msgs1 -> Return msgs1 + end + end + end + end + end + else + begin match core_option_option_unwrap_fwd u64 prev st with + | Fail -> Fail + | Return (_, v) -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs (key, + BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs0 -> Return msgs0 + end + end + end + +(** [betree_main::betree::Internal::{4}::lookup_in_children] *) +let rec betree_internal_4_lookup_in_children_fwd + (self : betree_internal_t) (key : u64) (st : state) : + Tot (result (state & (option u64))) + (decreases (betree_internal_4_lookup_in_children_decreases self key st)) + = + if key < self.betree_internal_pivot + then + begin match betree_node_5_lookup_fwd self.betree_internal_left key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + else + begin match betree_node_5_lookup_fwd self.betree_internal_right key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + +(** [betree_main::betree::Internal::{4}::lookup_in_children] *) +and betree_internal_4_lookup_in_children_back + (self : betree_internal_t) (key : u64) (st : state) : + Tot (result betree_internal_t) + (decreases (betree_internal_4_lookup_in_children_decreases self key st)) + = + if key < self.betree_internal_pivot + then + begin match betree_node_5_lookup_back self.betree_internal_left key st with + | Fail -> Fail + | Return n -> + Return (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot n self.betree_internal_right) + end + else + begin match betree_node_5_lookup_back self.betree_internal_right key st + with + | Fail -> Fail + | Return n -> + Return (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot self.betree_internal_left n) + end + +(** [betree_main::betree::Node::{5}::lookup] *) +and betree_node_5_lookup_fwd + (self : betree_node_t) (key : u64) (st : state) : + Tot (result (state & (option u64))) + (decreases (betree_node_5_lookup_decreases self key st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, msgs) -> + begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return pending -> + begin match pending with + | BetreeListCons p l -> + let (k, msg) = p in + if k <> key + then + begin match + betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return (st1, opt) -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l) with + | Fail -> Fail + | Return _ -> Return (st1, opt) + end + end + else + begin match msg with + | BetreeMessageInsert v -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l) with + | Fail -> Fail + | Return _ -> Return (st0, Some v) + end + | BetreeMessageDelete -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l) with + | Fail -> Fail + | Return _ -> Return (st0, None) + end + | BetreeMessageUpsert ufs -> + begin match + betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return (st1, v) -> + begin match + betree_node_5_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 with + | Fail -> Fail + | Return (st2, v0) -> + begin match + betree_internal_4_lookup_in_children_back + (Mkbetree_internal_t node.betree_internal_id + node.betree_internal_pivot node.betree_internal_left + node.betree_internal_right) key st0 with + | Fail -> Fail + | Return node0 -> + begin match + betree_node_5_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 with + | Fail -> Fail + | Return pending0 -> + begin match + betree_node_5_lookup_first_message_for_key_back key + msgs pending0 with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st2 with + | Fail -> Fail + | Return (st3, _) -> Return (st3, Some v0) + end + end + end + end + end + end + end + | BetreeListNil -> + begin match + betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return (st1, opt) -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + BetreeListNil with + | Fail -> Fail + | Return _ -> Return (st1, opt) + end + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st0, bindings) -> + begin match betree_node_5_lookup_in_bindings_fwd key bindings with + | Fail -> Fail + | Return opt -> Return (st0, opt) + end + end + end + +(** [betree_main::betree::Node::{5}::lookup] *) +and betree_node_5_lookup_back + (self : betree_node_t) (key : u64) (st : state) : + Tot (result betree_node_t) + (decreases (betree_node_5_lookup_decreases self key st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, msgs) -> + begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return pending -> + begin match pending with + | BetreeListCons p l -> + let (k, msg) = p in + if k <> key + then + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l) with + | Fail -> Fail + | Return _ -> + begin match + betree_internal_4_lookup_in_children_back (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return node0 -> Return (BetreeNodeInternal node0) + end + end + else + begin match msg with + | BetreeMessageInsert v -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l) with + | Fail -> Fail + | Return _ -> + Return (BetreeNodeInternal (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right)) + end + | BetreeMessageDelete -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l) with + | Fail -> Fail + | Return _ -> + Return (BetreeNodeInternal (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right)) + end + | BetreeMessageUpsert ufs -> + begin match + betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return (st1, v) -> + begin match + betree_node_5_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 with + | Fail -> Fail + | Return (st2, _) -> + begin match + betree_internal_4_lookup_in_children_back + (Mkbetree_internal_t node.betree_internal_id + node.betree_internal_pivot node.betree_internal_left + node.betree_internal_right) key st0 with + | Fail -> Fail + | Return node0 -> + begin match + betree_node_5_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 with + | Fail -> Fail + | Return pending0 -> + begin match + betree_node_5_lookup_first_message_for_key_back key + msgs pending0 with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st2 with + | Fail -> Fail + | Return (_, _) -> + Return (BetreeNodeInternal (Mkbetree_internal_t + node0.betree_internal_id + node0.betree_internal_pivot + node0.betree_internal_left + node0.betree_internal_right)) + end + end + end + end + end + end + end + | BetreeListNil -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + BetreeListNil with + | Fail -> Fail + | Return _ -> + begin match + betree_internal_4_lookup_in_children_back (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) key st0 + with + | Fail -> Fail + | Return node0 -> Return (BetreeNodeInternal node0) + end + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (_, bindings) -> + begin match betree_node_5_lookup_in_bindings_fwd key bindings with + | Fail -> Fail + | Return _ -> + Return (BetreeNodeLeaf (Mkbetree_leaf_t node.betree_leaf_id + node.betree_leaf_size)) + end + end + end + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *) +let rec betree_node_5_lookup_mut_in_bindings_fwd + (key : u64) (bindings : betree_list_t (u64 & u64)) : + Tot (result (betree_list_t (u64 & u64))) + (decreases (betree_node_5_lookup_mut_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i >= key + then Return (BetreeListCons (i, i0) tl) + else + begin match betree_node_5_lookup_mut_in_bindings_fwd key tl with + | Fail -> Fail + | Return l -> Return l + end + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *) +let rec betree_node_5_lookup_mut_in_bindings_back + (key : u64) (bindings : betree_list_t (u64 & u64)) + (ret : betree_list_t (u64 & u64)) : + Tot (result (betree_list_t (u64 & u64))) + (decreases (betree_node_5_lookup_mut_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i >= key + then Return ret + else + begin match betree_node_5_lookup_mut_in_bindings_back key tl ret with + | Fail -> Fail + | Return tl0 -> Return (BetreeListCons (i, i0) tl0) + end + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_to_leaf] *) +let betree_node_5_apply_to_leaf_fwd_back + (bindings : betree_list_t (u64 & u64)) (key : u64) + (new_msg : betree_message_t) : + result (betree_list_t (u64 & u64)) + = + begin match betree_node_5_lookup_mut_in_bindings_fwd key bindings with + | Fail -> Fail + | Return bindings0 -> + begin match betree_list_2_head_has_key_fwd u64 bindings0 key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_1_pop_front_fwd (u64 & u64) bindings0 with + | Fail -> Fail + | Return hd -> + begin match new_msg with + | BetreeMessageInsert v -> + begin match betree_list_1_pop_front_back (u64 & u64) bindings0 with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & u64) bindings1 (key, + v) with + | Fail -> Fail + | Return bindings2 -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings + bindings2 with + | Fail -> Fail + | Return bindings3 -> Return bindings3 + end + end + end + | BetreeMessageDelete -> + begin match betree_list_1_pop_front_back (u64 & u64) bindings0 with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings + bindings1 with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + | BetreeMessageUpsert s -> + let (_, i) = hd in + begin match betree_upsert_update_fwd (Some i) s with + | Fail -> Fail + | Return v -> + begin match betree_list_1_pop_front_back (u64 & u64) bindings0 + with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & u64) bindings1 (key, + v) with + | Fail -> Fail + | Return bindings2 -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings + bindings2 with + | Fail -> Fail + | Return bindings3 -> Return bindings3 + end + end + end + end + end + end + else + begin match new_msg with + | BetreeMessageInsert v -> + begin match + betree_list_1_push_front_fwd_back (u64 & u64) bindings0 (key, v) + with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings bindings1 + with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + | BetreeMessageDelete -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings bindings0 + with + | Fail -> Fail + | Return bindings1 -> Return bindings1 + end + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd None s with + | Fail -> Fail + | Return v -> + begin match + betree_list_1_push_front_fwd_back (u64 & u64) bindings0 (key, v) + with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_5_lookup_mut_in_bindings_back key bindings + bindings1 with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::filter_messages_for_key] *) +let rec betree_node_5_filter_messages_for_key_fwd_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_filter_messages_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p l -> + let (k, m) = p in + if k = key + then + begin match + betree_list_1_pop_front_back (u64 & betree_message_t) (BetreeListCons + (k, m) l) with + | Fail -> Fail + | Return msgs0 -> + begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0 + with + | Fail -> Fail + | Return msgs1 -> Return msgs1 + end + end + else Return (BetreeListCons (k, m) l) + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *) +let rec betree_node_5_lookup_first_message_after_key_fwd + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_lookup_first_message_after_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p next_msgs -> + let (k, m) = p in + if k = key + then + begin match + betree_node_5_lookup_first_message_after_key_fwd key next_msgs with + | Fail -> Fail + | Return l -> Return l + end + else Return (BetreeListCons (k, m) next_msgs) + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *) +let rec betree_node_5_lookup_first_message_after_key_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) + (ret : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_5_lookup_first_message_after_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p next_msgs -> + let (k, m) = p in + if k = key + then + begin match + betree_node_5_lookup_first_message_after_key_back key next_msgs ret + with + | Fail -> Fail + | Return next_msgs0 -> Return (BetreeListCons (k, m) next_msgs0) + end + else Return ret + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_to_internal] *) +let betree_node_5_apply_to_internal_fwd_back + (msgs : betree_list_t (u64 & betree_message_t)) (key : u64) + (new_msg : betree_message_t) : + result (betree_list_t (u64 & betree_message_t)) + = + begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return msgs0 -> + begin match betree_list_2_head_has_key_fwd betree_message_t msgs0 key with + | Fail -> Fail + | Return b -> + if b + then + begin match new_msg with + | BetreeMessageInsert i -> + begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs1 + (key, BetreeMessageInsert i) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs msgs2 + with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + | BetreeMessageDelete -> + begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs1 + (key, BetreeMessageDelete) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs msgs2 + with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + | BetreeMessageUpsert s -> + begin match betree_list_1_hd_fwd (u64 & betree_message_t) msgs0 with + | Fail -> Fail + | Return p -> + let (_, m) = p in + begin match m with + | BetreeMessageInsert prev -> + begin match betree_upsert_update_fwd (Some prev) s with + | Fail -> Fail + | Return v -> + begin match + betree_list_1_pop_front_back (u64 & betree_message_t) msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + msgs2 with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + end + | BetreeMessageDelete -> + begin match betree_upsert_update_fwd None s with + | Fail -> Fail + | Return v -> + begin match + betree_list_1_pop_front_back (u64 & betree_message_t) msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + msgs2 with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + end + | BetreeMessageUpsert ufs -> + begin match + betree_node_5_lookup_first_message_after_key_fwd key msgs0 with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageUpsert s) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_5_lookup_first_message_after_key_back key msgs0 + msgs2 with + | Fail -> Fail + | Return msgs3 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs + msgs3 with + | Fail -> Fail + | Return msgs4 -> Return msgs4 + end + end + end + end + end + end + end + else + begin match + betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs0 + (key, new_msg) with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_node_5_lookup_first_message_for_key_back key msgs msgs1 with + | Fail -> Fail + | Return msgs2 -> Return msgs2 + end + end + end + end + +(** [betree_main::betree::Internal::{4}::flush] *) +let rec betree_internal_4_flush_fwd + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (state & (betree_list_t (u64 & betree_message_t)))) + (decreases (betree_internal_4_flush_decreases self params node_id_cnt content + st)) + = + begin match + betree_list_2_partition_at_pivot_fwd betree_message_t content + self.betree_internal_pivot with + | Fail -> Fail + | Return p -> + let (msgs_left, msgs_right) = p in + begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_left with + | Fail -> Fail + | Return len_left -> + if len_left >= params.betree_params_min_flush_size + then + begin match + betree_node_5_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_right + with + | Fail -> Fail + | Return len_right -> + if len_right >= params.betree_params_min_flush_size + then + begin match + betree_node_5_apply_messages_back self.betree_internal_left + params node_id_cnt msgs_left st with + | Fail -> Fail + | Return (_, node_id_cnt0) -> + begin match + betree_node_5_apply_messages_fwd self.betree_internal_right + params node_id_cnt0 msgs_right st0 with + | Fail -> Fail + | Return (st1, _) -> Return (st1, BetreeListNil) + end + end + else Return (st0, msgs_right) + end + end + else + begin match + betree_node_5_apply_messages_fwd self.betree_internal_right params + node_id_cnt msgs_right st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, msgs_left) + end + end + end + +(** [betree_main::betree::Internal::{4}::flush] *) +and betree_internal_4_flush_back + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (betree_internal_t & betree_node_id_counter_t)) + (decreases (betree_internal_4_flush_decreases self params node_id_cnt content + st)) + = + begin match + betree_list_2_partition_at_pivot_fwd betree_message_t content + self.betree_internal_pivot with + | Fail -> Fail + | Return p -> + let (msgs_left, msgs_right) = p in + begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_left with + | Fail -> Fail + | Return len_left -> + if len_left >= params.betree_params_min_flush_size + then + begin match + betree_node_5_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_right + with + | Fail -> Fail + | Return len_right -> + if len_right >= params.betree_params_min_flush_size + then + begin match + betree_node_5_apply_messages_back self.betree_internal_left + params node_id_cnt msgs_left st with + | Fail -> Fail + | Return (n, node_id_cnt0) -> + begin match + betree_node_5_apply_messages_back self.betree_internal_right + params node_id_cnt0 msgs_right st0 with + | Fail -> Fail + | Return (n0, node_id_cnt1) -> + Return (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot n n0, node_id_cnt1) + end + end + else + begin match + betree_node_5_apply_messages_back self.betree_internal_left + params node_id_cnt msgs_left st with + | Fail -> Fail + | Return (n, node_id_cnt0) -> + Return (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot n self.betree_internal_right, + node_id_cnt0) + end + end + end + else + begin match + betree_node_5_apply_messages_back self.betree_internal_right params + node_id_cnt msgs_right st with + | Fail -> Fail + | Return (n, node_id_cnt0) -> + Return (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot self.betree_internal_left n, + node_id_cnt0) + end + end + end + +(** [betree_main::betree::Node::{5}::apply_messages] *) +and betree_node_5_apply_messages_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (state & unit)) + (decreases (betree_node_5_apply_messages_decreases self params node_id_cnt + msgs st)) + = + begin match msgs with + | BetreeListCons p msgs0 -> + let (key, msg) = p in + begin match betree_node_5_apply_fwd self params node_id_cnt key msg st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_node_5_apply_back self params node_id_cnt key msg st + with + | Fail -> Fail + | Return (self0, node_id_cnt0) -> + begin match + betree_node_5_apply_messages_fwd self0 params node_id_cnt0 msgs0 st0 + with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + end + | BetreeListNil -> Return (st, ()) + end + +(** [betree_main::betree::Node::{5}::apply_messages] *) +and betree_node_5_apply_messages_back + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (betree_node_t & betree_node_id_counter_t)) + (decreases (betree_node_5_apply_messages_decreases self params node_id_cnt + msgs st)) + = + begin match msgs with + | BetreeListCons p msgs0 -> + let (key, msg) = p in + begin match betree_node_5_apply_fwd self params node_id_cnt key msg st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_node_5_apply_back self params node_id_cnt key msg st + with + | Fail -> Fail + | Return (self0, node_id_cnt0) -> + begin match + betree_node_5_apply_messages_back self0 params node_id_cnt0 msgs0 st0 + with + | Fail -> Fail + | Return (self1, node_id_cnt1) -> Return (self1, node_id_cnt1) + end + end + end + | BetreeListNil -> Return (self, node_id_cnt) + end + +(** [betree_main::betree::Node::{5}::apply] *) +and betree_node_5_apply_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) : + Tot (result (state & unit)) + (decreases (betree_node_5_apply_decreases self params node_id_cnt key new_msg + st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_5_apply_to_internal_fwd_back content key new_msg + with + | Fail -> Fail + | Return content0 -> + begin match betree_list_1_len_fwd (u64 & betree_message_t) content0 + with + | Fail -> Fail + | Return num_msgs -> + if num_msgs >= params.betree_params_min_flush_size + then + begin match + betree_internal_4_flush_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) params + node_id_cnt content0 st0 with + | Fail -> Fail + | Return (st1, content1) -> + begin match + betree_internal_4_flush_back (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) params + node_id_cnt content0 st0 with + | Fail -> Fail + | Return (node0, _) -> + begin match + betree_store_internal_node_fwd node0.betree_internal_id + content1 st1 with + | Fail -> Fail + | Return (st2, _) -> Return (st2, ()) + end + end + end + else + begin match + betree_store_internal_node_fwd node.betree_internal_id content0 + st0 with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_5_apply_to_leaf_fwd_back content key new_msg with + | Fail -> Fail + | Return content0 -> + begin match betree_list_1_len_fwd (u64 & u64) content0 with + | Fail -> Fail + | Return len -> + begin match u64_mul 2 params.betree_params_split_size with + | Fail -> Fail + | Return i -> + if len >= i + then + begin match + betree_leaf_3_split_fwd (Mkbetree_leaf_t node.betree_leaf_id + node.betree_leaf_size) content0 params node_id_cnt st0 with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil + st1 with + | Fail -> Fail + | Return (st2, _) -> Return (st2, ()) + end + end + else + begin match + betree_store_leaf_node_fwd node.betree_leaf_id content0 st0 + with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply] *) +and betree_node_5_apply_back + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) : + Tot (result (betree_node_t & betree_node_id_counter_t)) + (decreases (betree_node_5_apply_decreases self params node_id_cnt key new_msg + st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_5_apply_to_internal_fwd_back content key new_msg + with + | Fail -> Fail + | Return content0 -> + begin match betree_list_1_len_fwd (u64 & betree_message_t) content0 + with + | Fail -> Fail + | Return num_msgs -> + if num_msgs >= params.betree_params_min_flush_size + then + begin match + betree_internal_4_flush_fwd (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) params + node_id_cnt content0 st0 with + | Fail -> Fail + | Return (st1, content1) -> + begin match + betree_internal_4_flush_back (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right) params + node_id_cnt content0 st0 with + | Fail -> Fail + | Return (node0, node_id_cnt0) -> + begin match + betree_store_internal_node_fwd node0.betree_internal_id + content1 st1 with + | Fail -> Fail + | Return (_, _) -> + Return (BetreeNodeInternal (Mkbetree_internal_t + node0.betree_internal_id node0.betree_internal_pivot + node0.betree_internal_left node0.betree_internal_right), + node_id_cnt0) + end + end + end + else + begin match + betree_store_internal_node_fwd node.betree_internal_id content0 + st0 with + | Fail -> Fail + | Return (_, _) -> + Return (BetreeNodeInternal (Mkbetree_internal_t + node.betree_internal_id node.betree_internal_pivot + node.betree_internal_left node.betree_internal_right), + node_id_cnt) + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_5_apply_to_leaf_fwd_back content key new_msg with + | Fail -> Fail + | Return content0 -> + begin match betree_list_1_len_fwd (u64 & u64) content0 with + | Fail -> Fail + | Return len -> + begin match u64_mul 2 params.betree_params_split_size with + | Fail -> Fail + | Return i -> + if len >= i + then + begin match + betree_leaf_3_split_fwd (Mkbetree_leaf_t node.betree_leaf_id + node.betree_leaf_size) content0 params node_id_cnt st0 with + | Fail -> Fail + | Return (st1, new_node) -> + begin match + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil + st1 with + | Fail -> Fail + | Return (_, _) -> + begin match + betree_leaf_3_split_back (Mkbetree_leaf_t + node.betree_leaf_id node.betree_leaf_size) content0 + params node_id_cnt st0 with + | Fail -> Fail + | Return node_id_cnt0 -> + Return (BetreeNodeInternal new_node, node_id_cnt0) + end + end + end + else + begin match + betree_store_leaf_node_fwd node.betree_leaf_id content0 st0 + with + | Fail -> Fail + | Return (_, _) -> + Return (BetreeNodeLeaf (Mkbetree_leaf_t node.betree_leaf_id + len), node_id_cnt) + end + end + end + end + end + end + +(** [betree_main::betree::BeTree::{6}::new] *) +let betree_be_tree_6_new_fwd + (min_flush_size : u64) (split_size : u64) (st : state) : + result (state & betree_be_tree_t) + = + begin match betree_node_id_counter_new_fwd with + | Fail -> Fail + | Return node_id_cnt -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id -> + begin match betree_store_leaf_node_fwd id BetreeListNil st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + Return (st0, Mkbetree_be_tree_t (Mkbetree_params_t min_flush_size + split_size) node_id_cnt0 (BetreeNodeLeaf (Mkbetree_leaf_t id 0))) + end + end + end + end + +(** [betree_main::betree::BeTree::{6}::apply] *) +let betree_be_tree_6_apply_fwd + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) : + result (state & unit) + = + begin match + betree_node_5_apply_fwd self.betree_be_tree_root self.betree_be_tree_params + self.betree_be_tree_node_id_cnt key msg st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::BeTree::{6}::apply] *) +let betree_be_tree_6_apply_back + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) : + result betree_be_tree_t + = + begin match + betree_node_5_apply_back self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st + with + | Fail -> Fail + | Return (n, nic) -> + Return (Mkbetree_be_tree_t self.betree_be_tree_params nic n) + end + +(** [betree_main::betree::BeTree::{6}::insert] *) +let betree_be_tree_6_insert_fwd + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : + result (state & unit) + = + begin match + betree_be_tree_6_apply_fwd self key (BetreeMessageInsert value) st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::BeTree::{6}::insert] *) +let betree_be_tree_6_insert_back + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : + result betree_be_tree_t + = + begin match + betree_be_tree_6_apply_back self key (BetreeMessageInsert value) st with + | Fail -> Fail + | Return self0 -> Return self0 + end + +(** [betree_main::betree::BeTree::{6}::delete] *) +let betree_be_tree_6_delete_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : result (state & unit) = + begin match betree_be_tree_6_apply_fwd self key BetreeMessageDelete st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::BeTree::{6}::delete] *) +let betree_be_tree_6_delete_back + (self : betree_be_tree_t) (key : u64) (st : state) : + result betree_be_tree_t + = + begin match betree_be_tree_6_apply_back self key BetreeMessageDelete st with + | Fail -> Fail + | Return self0 -> Return self0 + end + +(** [betree_main::betree::BeTree::{6}::upsert] *) +let betree_be_tree_6_upsert_fwd + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) : + result (state & unit) + = + begin match betree_be_tree_6_apply_fwd self key (BetreeMessageUpsert upd) st + with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::BeTree::{6}::upsert] *) +let betree_be_tree_6_upsert_back + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) : + result betree_be_tree_t + = + begin match betree_be_tree_6_apply_back self key (BetreeMessageUpsert upd) st + with + | Fail -> Fail + | Return self0 -> Return self0 + end + +(** [betree_main::betree::BeTree::{6}::lookup] *) +let betree_be_tree_6_lookup_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : + result (state & (option u64)) + = + begin match betree_node_5_lookup_fwd self.betree_be_tree_root key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + +(** [betree_main::betree::BeTree::{6}::lookup] *) +let betree_be_tree_6_lookup_back + (self : betree_be_tree_t) (key : u64) (st : state) : + result betree_be_tree_t + = + begin match betree_node_5_lookup_back self.betree_be_tree_root key st with + | Fail -> Fail + | Return n -> + Return (Mkbetree_be_tree_t self.betree_be_tree_params + self.betree_be_tree_node_id_cnt n) + end + +(** [betree_main::main] *) +let main_fwd : result unit = Return () + +(** Unit test for [betree_main::main] *) +let _ = assert_norm (main_fwd = Return ()) + diff --git a/tests/betree/BetreeMain.Opaque.fsti b/tests/betree/BetreeMain.Opaque.fsti new file mode 100644 index 00000000..7f0c04de --- /dev/null +++ b/tests/betree/BetreeMain.Opaque.fsti @@ -0,0 +1,30 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: opaque function definitions *) +module BetreeMain.Opaque +open Primitives +include BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(** [betree_main::betree_utils::load_internal_node] *) +val betree_utils_load_internal_node_fwd + : u64 -> state -> result (state & (betree_list_t (u64 & betree_message_t))) + +(** [betree_main::betree_utils::store_internal_node] *) +val betree_utils_store_internal_node_fwd + : + u64 -> betree_list_t (u64 & betree_message_t) -> state -> result (state & + unit) + +(** [betree_main::betree_utils::load_leaf_node] *) +val betree_utils_load_leaf_node_fwd + : u64 -> state -> result (state & (betree_list_t (u64 & u64))) + +(** [betree_main::betree_utils::store_leaf_node] *) +val betree_utils_store_leaf_node_fwd + : u64 -> betree_list_t (u64 & u64) -> state -> result (state & unit) + +(** [core::option::Option::{0}::unwrap] *) +val core_option_option_unwrap_fwd + (t : Type0) : option t -> state -> result (state & t) + diff --git a/tests/betree/BetreeMain.Types.fsti b/tests/betree/BetreeMain.Types.fsti new file mode 100644 index 00000000..5edb4526 --- /dev/null +++ b/tests/betree/BetreeMain.Types.fsti @@ -0,0 +1,60 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: type definitions *) +module BetreeMain.Types +open Primitives + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(** [betree_main::betree::List] *) +type betree_list_t (t : Type0) = +| BetreeListCons : t -> betree_list_t t -> betree_list_t t +| BetreeListNil : betree_list_t t + +(** [betree_main::betree::UpsertFunState] *) +type betree_upsert_fun_state_t = +| BetreeUpsertFunStateAdd : u64 -> betree_upsert_fun_state_t +| BetreeUpsertFunStateSub : u64 -> betree_upsert_fun_state_t + +(** [betree_main::betree::Message] *) +type betree_message_t = +| BetreeMessageInsert : u64 -> betree_message_t +| BetreeMessageDelete : betree_message_t +| BetreeMessageUpsert : betree_upsert_fun_state_t -> betree_message_t + +(** [betree_main::betree::Leaf] *) +type betree_leaf_t = { betree_leaf_id : u64; betree_leaf_size : u64; } + +(** [betree_main::betree::Internal] *) +type betree_internal_t = +{ + betree_internal_id : u64; + betree_internal_pivot : u64; + betree_internal_left : betree_node_t; + betree_internal_right : betree_node_t; +} + +(** [betree_main::betree::Node] *) +and betree_node_t = +| BetreeNodeInternal : betree_internal_t -> betree_node_t +| BetreeNodeLeaf : betree_leaf_t -> betree_node_t + +(** [betree_main::betree::Params] *) +type betree_params_t = +{ + betree_params_min_flush_size : u64; betree_params_split_size : u64; +} + +(** [betree_main::betree::NodeIdCounter] *) +type betree_node_id_counter_t = { betree_node_id_counter_next_node_id : u64; } + +(** [betree_main::betree::BeTree] *) +type betree_be_tree_t = +{ + betree_be_tree_params : betree_params_t; + betree_be_tree_node_id_cnt : betree_node_id_counter_t; + betree_be_tree_root : betree_node_t; +} + +(** The state type used in the state-error monad *) +val state : Type0 + diff --git a/tests/betree/Primitives.fst b/tests/betree/Primitives.fst new file mode 100644 index 00000000..77cf59aa --- /dev/null +++ b/tests/betree/Primitives.fst @@ -0,0 +1,279 @@ +/// This file lists primitive and assumed functions and types +module Primitives +open FStar.Mul +open FStar.List.Tot + +#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" + +(*** Utilities *) +val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : + ls':list a{ + length ls' = length ls /\ + index ls' i == x + } +#push-options "--fuel 1" +let rec list_update #a ls i x = + match ls with + | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x +#pop-options + +(*** Result *) +type result (a : Type0) : Type0 = +| Return : v:a -> result a +| Fail : result a + +// Monadic bind and return. +// Re-definining those allows us to customize the result of the monadic notations +// like: `y <-- f x;` +let return (#a : Type0) (x:a) : result a = Return x +let bind (#a #b : Type0) (m : result a) (f : a -> result b) : result b = + match m with + | Return x -> f x + | Fail -> Fail + +// Monadic assert(...) +let massert (b:bool) : result unit = if b then Return () else Fail + +(*** Misc *) +type char = FStar.Char.char +type string = string + +let mem_replace_fwd (a : Type0) (x : a) (y : a) : a = x +let mem_replace_back (a : Type0) (x : a) (y : a) : a = y + +(*** Scalars *) +/// Rk.: most of the following code was at least partially generated + +let isize_min : int = -9223372036854775808 +let isize_max : int = 9223372036854775807 +let i8_min : int = -128 +let i8_max : int = 127 +let i16_min : int = -32768 +let i16_max : int = 32767 +let i32_min : int = -2147483648 +let i32_max : int = 2147483647 +let i64_min : int = -9223372036854775808 +let i64_max : int = 9223372036854775807 +let i128_min : int = -170141183460469231731687303715884105728 +let i128_max : int = 170141183460469231731687303715884105727 +let usize_min : int = 0 +let usize_max : int = 4294967295 // being conservative here: [u32_max] instead of [u64_max] +let u8_min : int = 0 +let u8_max : int = 255 +let u16_min : int = 0 +let u16_max : int = 65535 +let u32_min : int = 0 +let u32_max : int = 4294967295 +let u64_min : int = 0 +let u64_max : int = 18446744073709551615 +let u128_min : int = 0 +let u128_max : int = 340282366920938463463374607431768211455 + +type scalar_ty = +| Isize +| I8 +| I16 +| I32 +| I64 +| I128 +| Usize +| U8 +| U16 +| U32 +| U64 +| U128 + +let scalar_min (ty : scalar_ty) : int = + match ty with + | Isize -> isize_min + | I8 -> i8_min + | I16 -> i16_min + | I32 -> i32_min + | I64 -> i64_min + | I128 -> i128_min + | Usize -> usize_min + | U8 -> u8_min + | U16 -> u16_min + | U32 -> u32_min + | U64 -> u64_min + | U128 -> u128_min + +let scalar_max (ty : scalar_ty) : int = + match ty with + | Isize -> isize_max + | I8 -> i8_max + | I16 -> i16_max + | I32 -> i32_max + | I64 -> i64_max + | I128 -> i128_max + | Usize -> usize_max + | U8 -> u8_max + | U16 -> u16_max + | U32 -> u32_max + | U64 -> u64_max + | U128 -> u128_max + +type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} + +let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = + if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail + +let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) + +let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (x / y) else Fail + +/// The remainder operation +let int_rem (x : int) (y : int{y <> 0}) : int = + if x >= 0 then (x % y) else -(x % y) + +(* Checking consistency with Rust *) +let _ = assert_norm(int_rem 1 2 = 1) +let _ = assert_norm(int_rem (-1) 2 = -1) +let _ = assert_norm(int_rem 1 (-2) = 1) +let _ = assert_norm(int_rem (-1) (-2) = -1) + +let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (int_rem x y) else Fail + +let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x + y) + +let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x - y) + +let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x * y) + +/// The scalar types +type isize : eqtype = scalar Isize +type i8 : eqtype = scalar I8 +type i16 : eqtype = scalar I16 +type i32 : eqtype = scalar I32 +type i64 : eqtype = scalar I64 +type i128 : eqtype = scalar I128 +type usize : eqtype = scalar Usize +type u8 : eqtype = scalar U8 +type u16 : eqtype = scalar U16 +type u32 : eqtype = scalar U32 +type u64 : eqtype = scalar U64 +type u128 : eqtype = scalar U128 + +/// Negation +let isize_neg = scalar_neg #Isize +let i8_neg = scalar_neg #I8 +let i16_neg = scalar_neg #I16 +let i32_neg = scalar_neg #I32 +let i64_neg = scalar_neg #I64 +let i128_neg = scalar_neg #I128 + +/// Division +let isize_div = scalar_div #Isize +let i8_div = scalar_div #I8 +let i16_div = scalar_div #I16 +let i32_div = scalar_div #I32 +let i64_div = scalar_div #I64 +let i128_div = scalar_div #I128 +let usize_div = scalar_div #Usize +let u8_div = scalar_div #U8 +let u16_div = scalar_div #U16 +let u32_div = scalar_div #U32 +let u64_div = scalar_div #U64 +let u128_div = scalar_div #U128 + +/// Remainder +let isize_rem = scalar_rem #Isize +let i8_rem = scalar_rem #I8 +let i16_rem = scalar_rem #I16 +let i32_rem = scalar_rem #I32 +let i64_rem = scalar_rem #I64 +let i128_rem = scalar_rem #I128 +let usize_rem = scalar_rem #Usize +let u8_rem = scalar_rem #U8 +let u16_rem = scalar_rem #U16 +let u32_rem = scalar_rem #U32 +let u64_rem = scalar_rem #U64 +let u128_rem = scalar_rem #U128 + +/// Addition +let isize_add = scalar_add #Isize +let i8_add = scalar_add #I8 +let i16_add = scalar_add #I16 +let i32_add = scalar_add #I32 +let i64_add = scalar_add #I64 +let i128_add = scalar_add #I128 +let usize_add = scalar_add #Usize +let u8_add = scalar_add #U8 +let u16_add = scalar_add #U16 +let u32_add = scalar_add #U32 +let u64_add = scalar_add #U64 +let u128_add = scalar_add #U128 + +/// Substraction +let isize_sub = scalar_sub #Isize +let i8_sub = scalar_sub #I8 +let i16_sub = scalar_sub #I16 +let i32_sub = scalar_sub #I32 +let i64_sub = scalar_sub #I64 +let i128_sub = scalar_sub #I128 +let usize_sub = scalar_sub #Usize +let u8_sub = scalar_sub #U8 +let u16_sub = scalar_sub #U16 +let u32_sub = scalar_sub #U32 +let u64_sub = scalar_sub #U64 +let u128_sub = scalar_sub #U128 + +/// Multiplication +let isize_mul = scalar_mul #Isize +let i8_mul = scalar_mul #I8 +let i16_mul = scalar_mul #I16 +let i32_mul = scalar_mul #I32 +let i64_mul = scalar_mul #I64 +let i128_mul = scalar_mul #I128 +let usize_mul = scalar_mul #Usize +let u8_mul = scalar_mul #U8 +let u16_mul = scalar_mul #U16 +let u32_mul = scalar_mul #U32 +let u64_mul = scalar_mul #U64 +let u128_mul = scalar_mul #U128 + +(*** Vector *) +type vec (a : Type0) = v:list a{length v <= usize_max} + +let vec_new (a : Type0) : vec a = assert_norm(length #a [] == 0); [] +let vec_len (a : Type0) (v : vec a) : usize = length v + +// The **forward** function shouldn't be used +let vec_push_fwd (a : Type0) (v : vec a) (x : a) : unit = () +let vec_push_back (a : Type0) (v : vec a) (x : a) : + Pure (result (vec a)) + (requires True) + (ensures (fun res -> + match res with + | Fail -> True + | Return v' -> length v' = length v + 1)) = + if length v < usize_max then begin + (**) assert_norm(length [x] == 1); + (**) append_length v [x]; + (**) assert(length (append v [x]) = length v + 1); + Return (append v [x]) + end + else Fail + +// The **forward** function shouldn't be used +let vec_insert_fwd (a : Type0) (v : vec a) (i : usize) (x : a) : result unit = + if i < length v then Return () else Fail +let vec_insert_back (a : Type0) (v : vec a) (i : usize) (x : a) : result (vec a) = + if i < length v then Return (list_update v i x) else Fail + +// The **backward** function shouldn't be used +let vec_index_fwd (a : Type0) (v : vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail +let vec_index_back (a : Type0) (v : vec a) (i : usize) (x : a) : result unit = + if i < length v then Return () else Fail + +let vec_index_mut_fwd (a : Type0) (v : vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail +let vec_index_mut_back (a : Type0) (v : vec a) (i : usize) (nx : a) : result (vec a) = + if i < length v then Return (list_update v i nx) else Fail + |