diff options
Diffstat (limited to '')
| -rw-r--r-- | .gitignore | 1 | ||||
| -rw-r--r-- | Makefile | 34 | ||||
| -rw-r--r-- | compiler/Driver.ml | 12 | ||||
| -rw-r--r-- | compiler/ExtractToFStar.ml | 8 | ||||
| -rw-r--r-- | compiler/FunsAnalysis.ml | 2 | ||||
| -rw-r--r-- | compiler/Interpreter.ml | 11 | ||||
| -rw-r--r-- | compiler/Pure.ml | 35 | ||||
| -rw-r--r-- | compiler/PureUtils.ml | 6 | ||||
| -rw-r--r-- | compiler/SymbolicAst.ml | 8 | ||||
| -rw-r--r-- | compiler/SymbolicToPure.ml | 383 | ||||
| -rw-r--r-- | compiler/SynthesizeSymbolic.ml | 66 | ||||
| -rw-r--r-- | compiler/Translate.ml | 63 | ||||
| -rw-r--r-- | tests/betree_back_stateful/BetreeMain.Clauses.Template.fst | 106 | ||||
| -rw-r--r-- | tests/betree_back_stateful/BetreeMain.Clauses.fst | 210 | ||||
| -rw-r--r-- | tests/betree_back_stateful/BetreeMain.Funs.fst | 2085 | ||||
| -rw-r--r-- | tests/betree_back_stateful/BetreeMain.Opaque.fsti | 30 | ||||
| -rw-r--r-- | tests/betree_back_stateful/BetreeMain.Types.fsti | 64 | ||||
| -rw-r--r-- | tests/betree_back_stateful/Makefile | 47 | ||||
| -rw-r--r-- | tests/betree_back_stateful/Primitives.fst | 286 | ||||
| -rw-r--r-- | tests/misc/External.Funs.fst | 61 | ||||
| -rw-r--r-- | tests/misc/External.Opaque.fsti | 6 |
21 files changed, 3285 insertions, 239 deletions
@@ -35,6 +35,7 @@ rust-scripts/target/ .depend *.hints tests/betree/obj/ +tests/betree_back_stateful/obj/ tests/hashmap/obj/ tests/hashmap_on_disk/obj/ tests/misc/obj/ @@ -54,7 +54,8 @@ clean: tests: build trans-no_nested_borrows trans-paper \ trans-hashmap trans-hashmap_main \ trans-external trans-constants \ - trans-polonius-betree_polonius trans-polonius-betree_main + trans-polonius-betree_polonius trans-polonius-betree_main \ + test-trans-polonius-betree_main # Verify the F* files generated by the translation .PHONY: verify @@ -66,6 +67,12 @@ verify: build tests format: cd compiler && dune promote +# The commands to run Charon to generate the .llbc files +CHARON_CMD = cd $(CHARON_HOME)/$(CHARON_TEST_SUBFOLDER) && NOT_ALL_TESTS=1 $(MAKE) test-$* + +# The command to run Aeneas on the proper llbc file +AENEAS_CMD = cd compiler && dune exec -- ./$(AENEAS_DRIVER) ../$(CHARON_TESTS_DIR)/$(FILE).llbc -dest ../$(DEST_DIR)/$(SUBDIR) $(TRANS_OPTIONS) + # Add specific options to some tests trans-no_nested_borrows trans-paper: \ TRANS_OPTIONS += -test-units -no-split-files -no-state -no-decreases-clauses @@ -86,19 +93,32 @@ trans-constants: SUBDIR:=misc trans-external: TRANS_OPTIONS += trans-external: SUBDIR:=misc -trans-polonius-betree_main: TRANS_OPTIONS += -template-clauses +BETREE_OPTIONS = -template-clauses +trans-polonius-betree_main: TRANS_OPTIONS += $(BETREE_OPTIONS) -backward-no-state-update trans-polonius-betree_main: SUBDIR:=betree +# Additional test on the betree: translate it without `-backward-no-state-update`. +# This generates very ugly code, but is good to test the translation. +test-trans-polonius-betree_main: trans-polonius-betree_main +test-trans-polonius-betree_main: TRANS_OPTIONS += $(BETREE_OPTIONS) +test-trans-polonius-betree_main: SUBDIR:=betree_back_stateful +test-trans-polonius-betree_main: CHARON_TESTS_DIR = $(CHARON_HOME)/tests-polonius/llbc +test-trans-polonius-betree_main: FILE = betree_main +test-trans-polonius-betree_main: + $(AENEAS_CMD) + # Generic rules to extract the LLBC from a rust file # We use the rules in Charon's Makefile to generate the .llbc files: the options # vary with the test files. .PHONY: gen-llbc-polonius-% +gen-llbc-polonius-%: CHARON_TEST_SUBFOLDER = tests-polonius gen-llbc-polonius-%: build - cd $(CHARON_HOME)/tests-polonius && NOT_ALL_TESTS=1 $(MAKE) test-$* + $(CHARON_CMD) .PHONY: gen-llbc-% +gen-llbc-%: CHARON_TEST_SUBFOLDER = tests gen-llbc-%: build - cd $(CHARON_HOME)/tests && NOT_ALL_TESTS=1 $(MAKE) test-$* + $(CHARON_CMD) # Generic rule to test the translation of an LLBC file. # Note that the files requiring the Polonius borrow-checker are generated @@ -107,8 +127,10 @@ gen-llbc-%: build trans-%: CHARON_TESTS_DIR = $(CHARON_HOME)/tests/llbc trans-polonius-%: CHARON_TESTS_DIR = $(CHARON_HOME)/tests-polonius/llbc +trans-polonius-%: FILE = $* trans-polonius-%: gen-llbc-polonius-% - cd compiler && dune exec -- ./$(AENEAS_DRIVER) ../$(CHARON_TESTS_DIR)/$*.llbc -dest ../$(DEST_DIR)/$(SUBDIR) $(TRANS_OPTIONS) + $(AENEAS_CMD) +trans-%: FILE = $* trans-%: gen-llbc-% - cd compiler && dune exec -- ./$(AENEAS_DRIVER) ../$(CHARON_TESTS_DIR)/$*.llbc -dest ../$(DEST_DIR)/$(SUBDIR) $(TRANS_OPTIONS) + $(AENEAS_CMD) diff --git a/compiler/Driver.ml b/compiler/Driver.ml index d19aca93..6f0e8074 100644 --- a/compiler/Driver.ml +++ b/compiler/Driver.ml @@ -38,6 +38,8 @@ let () = let test_trans_units = ref false in let no_decreases_clauses = ref false in let no_state = ref false in + (* [backward_no_state_update]: see the comment for {!Translate.config.backward_no_state_update} *) + let backward_no_state_update = ref false in let template_decreases_clauses = ref false in let no_split_files = ref false in let no_check_inv = ref false in @@ -78,6 +80,9 @@ let () = ( "-no-state", Arg.Set no_state, " Do not use state-error monads, simply use error monads" ); + ( "-backward-no-state-update", + Arg.Set backward_no_state_update, + " Forbid backward functions from updating the state" ); ( "-template-clauses", Arg.Set template_decreases_clauses, " Generate templates for the required decreases clauses, in a\n\ @@ -95,6 +100,8 @@ let () = in (* Sanity check: -template-clauses ==> not -no-decrease-clauses *) assert ((not !no_decreases_clauses) || not !template_decreases_clauses); + (* Sanity check: -backward-no-state-update ==> not -no-state *) + assert ((not !backward_no_state_update) || not !no_state); let spec = Arg.align spec in let filenames = ref [] in @@ -110,10 +117,10 @@ let () = | [ f ] -> (* TODO: update the extension *) if not (Filename.check_suffix f ".llbc") then ( - print_string "Unrecognized file extension"; + print_string ("Unrecognized file extension: " ^ f ^ "\n"); fail ()) else if not (Sys.file_exists f) then ( - print_string "File not found"; + print_string ("File not found: " ^ f ^ "\n"); fail ()) else f | _ -> @@ -198,6 +205,7 @@ let () = extract_decreases_clauses = not !no_decreases_clauses; extract_template_decreases_clauses = !template_decreases_clauses; use_state = not !no_state; + backward_no_state_update = !backward_no_state_update; } in Translate.translate_module filename dest_dir trans_config m; diff --git a/compiler/ExtractToFStar.ml b/compiler/ExtractToFStar.ml index 2a7d6a6c..a995d4a6 100644 --- a/compiler/ExtractToFStar.ml +++ b/compiler/ExtractToFStar.ml @@ -1451,17 +1451,19 @@ let extract_fun_decl (ctx : extraction_ctx) (fmt : F.formatter) * function (the additional input values "given back" to the * backward functions have no influence on termination: we thus * share the decrease clauses between the forward and the backward - * functions). + * functions - we also ignore the additional state received by the + * backward function, if there is one). *) let inputs_lvs = let all_inputs = (Option.get def.body).inputs_lvs in (* We have to count: * - the forward inputs - * - the state + * - the state (if there is one) *) let num_fwd_inputs = def.signature.info.num_fwd_inputs in let num_fwd_inputs = - if def.signature.info.effect_info.input_state then 1 + num_fwd_inputs + if def.signature.info.effect_info.stateful_group then + 1 + num_fwd_inputs else num_fwd_inputs in Collections.List.prefix num_fwd_inputs all_inputs diff --git a/compiler/FunsAnalysis.ml b/compiler/FunsAnalysis.ml index 9413bd6a..4d33056b 100644 --- a/compiler/FunsAnalysis.ml +++ b/compiler/FunsAnalysis.ml @@ -16,7 +16,7 @@ module EU = ExpressionsUtils *) type fun_info = { can_fail : bool; - (* Not used yet: all the extracted functions use an error monad *) + (* Not used yet: all the extracted functions use an error monad *) stateful : bool; divergent : bool; (* Not used yet *) } diff --git a/compiler/Interpreter.ml b/compiler/Interpreter.ml index d3b3c7e6..e752594e 100644 --- a/compiler/Interpreter.ml +++ b/compiler/Interpreter.ml @@ -253,8 +253,15 @@ let evaluate_function_symbolic (config : C.partial_config) (synthesize : bool) cf_pop cf_return ctx | Some back_id -> (* Backward translation *) - evaluate_function_symbolic_synthesize_backward_from_return config - fdef inst_sg back_id ctx + let e = + evaluate_function_symbolic_synthesize_backward_from_return + config fdef inst_sg back_id ctx + in + (* We insert a delimiter to indicate the point where we switch + * from the part which is common to all the functions (forwards + * and backwards) and the part specific to this backward function. + *) + S.synthesize_forward_end e else None | Panic -> (* Note that as we explore all the execution branches, one of diff --git a/compiler/Pure.ml b/compiler/Pure.ml index a50dd5f9..cc29469a 100644 --- a/compiler/Pure.ml +++ b/compiler/Pure.ml @@ -496,19 +496,26 @@ and meta = (** Information about the "effect" of a function *) type fun_effect_info = { - input_state : bool; (** [true] if the function takes a state as input *) - output_state : bool; - (** [true] if the function outputs a state (it then lives - in a state monad) *) + stateful_group : bool; + (** [true] if the function group is stateful. By *function group*, we mean + the set { forward function } U { backward functions }. + + We need this because the option {!Translate.eval_config.backward_no_state_update}: + if it is [true], then in case of a backward function {!stateful} is [false], + but we might need to know whether the corresponding forward function + is stateful or not. + *) + stateful : bool; (** [true] if the function is stateful (updates a state) *) can_fail : bool; (** [true] if the return type is a [result] *) } (** Meta information about a function signature *) type fun_sig_info = { num_fwd_inputs : int; - (** The number of input types for forward computation *) + (** The number of input types for forward computation, ignoring the state *) num_back_inputs : int option; - (** The number of additional inputs for the backward computation (if pertinent) *) + (** The number of additional inputs for the backward computation (if pertinent), + ignoring the state *) effect_info : fun_effect_info; } @@ -523,12 +530,18 @@ type fun_sig_info = { `in_ty0 -> ... -> in_tyn -> back_in0 -> ... back_inm -> (back_out0 & ... & back_outp)` (* pure function *) `in_ty0 -> ... -> in_tyn -> back_in0 -> ... back_inm -> result (back_out0 & ... & back_outp)` (* error-monad *) - `in_ty0 -> ... -> in_tyn -> state -> back_in0 -> ... back_inm -> - result (back_out0 & ... & back_outp)` (* state-error *) + `in_ty0 -> ... -> in_tyn -> state -> back_in0 -> ... back_inm -> state -> + result (state & (back_out0 & ... & back_outp))` (* state-error *) - Note that a backward function never returns (i.e., updates) a state: only - forward functions do so. Also, the state input parameter is *betwee* - the forward inputs and the backward inputs. + Note that a stateful backward function takes two states as inputs: the + state received by the associated forward function, and the state at which + the backward is called. This leads to code of the following shape: + + {[ + (st1, y) <-- f_fwd x st0; // st0 is the state upon calling f_fwd + ... // the state may be updated + (st3, x') <-- f_back x st0 y' st2; // st2 is the state upon calling f_back + ]} The function's type should be given by `mk_arrows sig.inputs sig.output`. We provide additional meta-information: diff --git a/compiler/PureUtils.ml b/compiler/PureUtils.ml index ff379bf5..1ab3439c 100644 --- a/compiler/PureUtils.ml +++ b/compiler/PureUtils.ml @@ -456,3 +456,9 @@ let mk_result_return_pattern (v : typed_pattern) : typed_pattern = let opt_unmeta_mplace (e : texpression) : mplace option * texpression = match e.e with Meta (MPlace mp, e) -> (Some mp, e) | _ -> (None, e) + +let mk_state_var (vid : VarId.id) : var = + { id = vid; basename = Some ConstStrings.state_basename; ty = mk_state_ty } + +let mk_state_texpression (vid : VarId.id) : texpression = + { e = Var vid; ty = mk_state_ty } diff --git a/compiler/SymbolicAst.ml b/compiler/SymbolicAst.ml index 528d8255..9d9adf4f 100644 --- a/compiler/SymbolicAst.ml +++ b/compiler/SymbolicAst.ml @@ -77,6 +77,14 @@ type expression = We use it to compute meaningful names for the variables we introduce, to prettify the generated code. *) + | ForwardEnd of expression + (** We use this delimiter to indicate at which point we switch to the + generation of code specific to the backward function(s). + + TODO: use this to factorize the generation of the forward and backward + functions (today we replay the *whole* symbolic execution once per + generated function). + *) | Meta of meta * expression (** Meta information *) and expansion = diff --git a/compiler/SymbolicToPure.ml b/compiler/SymbolicToPure.ml index 6d01614d..9d249cfb 100644 --- a/compiler/SymbolicToPure.ml +++ b/compiler/SymbolicToPure.ml @@ -12,6 +12,10 @@ module FA = FunsAnalysis (** The local logger *) let log = L.symbolic_to_pure_log +(* TODO: carrying configurations everywhere is super annoying. + Group everything in references in a [Config.ml] file (put aside the execution + mode, maybe). +*) type config = { filter_useless_back_calls : bool; (** If [true], filter the useless calls to backward functions. @@ -39,6 +43,12 @@ type config = { Note that we later filter the useless *forward* calls in the micro-passes, where it is more natural to do. *) + backward_no_state_update : bool; + (** Controls whether backward functions update the state, in case we use + a state ({!use_state}). + + See {!Translate.config.backward_no_state_update}. + *) } type type_context = { @@ -110,7 +120,23 @@ type bs_ctx = { *) var_counter : VarId.generator; state_var : VarId.id; - (** The current state variable, in case we use a state *) + (** The current state variable, in case the function is stateful *) + back_state_var : VarId.id; + (** The additional input state variable received by a stateful backward function. + When generating stateful functions, we generate code of the following + form: + + {[ + (st1, y) <-- f_fwd x st0; // st0 is the state upon calling f_fwd + ... // the state may be updated + (st3, x') <-- f_back x st0 y' st2; // st2 is the state upon calling f_back + ]} + + When translating a backward function, we need at some point to update + [state_var] with [back_state_var], to account for the fact that the + state may have been updated by the caller between the call to the + forward function and the call to the backward function. + *) forward_inputs : var list; (** The input parameters for the forward function *) backward_inputs : var list T.RegionGroupId.Map.t; @@ -498,20 +524,26 @@ let list_ancestor_abstractions (ctx : bs_ctx) (abs : V.abs) : let abs_ids = list_ancestor_abstractions_ids ctx abs in List.map (fun id -> V.AbstractionId.Map.find id ctx.abstractions) abs_ids -(** Small utility. *) -let get_fun_effect_info (fun_infos : FA.fun_info A.FunDeclId.Map.t) - (fun_id : A.fun_id) (gid : T.RegionGroupId.id option) : fun_effect_info = +(** Small utility. + + [backward_no_state_update]: see {!config} + *) +let get_fun_effect_info (backward_no_state_update : bool) + (fun_infos : FA.fun_info A.FunDeclId.Map.t) (fun_id : A.fun_id) + (gid : T.RegionGroupId.id option) : fun_effect_info = match fun_id with | A.Regular fid -> let info = A.FunDeclId.Map.find fid fun_infos in - let input_state = info.stateful in - let output_state = input_state && gid = None in - { can_fail = info.can_fail; input_state; output_state } + let stateful_group = info.stateful in + let stateful = + stateful_group && ((not backward_no_state_update) || gid = None) + in + { can_fail = info.can_fail; stateful_group; stateful } | A.Assumed aid -> { can_fail = Assumed.assumed_can_fail aid; - input_state = false; - output_state = false; + stateful_group = false; + stateful = false; } (** Translate a function signature. @@ -519,10 +551,11 @@ let get_fun_effect_info (fun_infos : FA.fun_info A.FunDeclId.Map.t) Note that the function also takes a list of names for the inputs, and computes, for every output for the backward functions, a corresponding name (outputs for backward functions come from borrows in the inputs - of the forward function). + of the forward function) which we use as hints to generate pretty names. *) -let translate_fun_sig (fun_infos : FA.fun_info A.FunDeclId.Map.t) - (fun_id : A.fun_id) (types_infos : TA.type_infos) (sg : A.fun_sig) +let translate_fun_sig (backward_no_state_update : bool) + (fun_infos : FA.fun_info A.FunDeclId.Map.t) (fun_id : A.fun_id) + (types_infos : TA.type_infos) (sg : A.fun_sig) (input_names : string option list) (bid : T.RegionGroupId.id option) : fun_sig_named_outputs = (* Retrieve the list of parent backward functions *) @@ -572,17 +605,42 @@ let translate_fun_sig (fun_infos : FA.fun_info A.FunDeclId.Map.t) *) List.filter_map (translate_back_ty_for_gid gid) [ sg.output ] in - (* Does the function take a state as input, does it return a state and can - * it fail? *) - let effect_info = get_fun_effect_info fun_infos fun_id bid in - (* *) - let state_ty = if effect_info.input_state then [ mk_state_ty ] else [] in + (* Is the function stateful, and can it fail? *) + let effect_info = + get_fun_effect_info backward_no_state_update fun_infos fun_id bid + in + (* If the function is stateful, the inputs are: + - forward: [fwd_ty0, ..., fwd_tyn, state] + - backward: + - if config.no_backward_state: [fwd_ty0, ..., fwd_tyn, state, back_ty, state] + - otherwise: [fwd_ty0, ..., fwd_tyn, state, back_ty] + + The backward takes the same state as input as the forward function, + together with the state at the point where it gets called, if it is + stateful. + + See the comments for {!Translate.config.backward_no_state_update} + *) + let fwd_state_ty = + (* For the forward state, we check if the *whole group* is stateful. + See {!effect_info}. *) + if effect_info.stateful_group then [ mk_state_ty ] else [] + in + let back_state_ty = + (* For the backward state, we check if the function is a backward function, + and it is stateful *) + if effect_info.stateful && Option.is_some gid then [ mk_state_ty ] else [] + in + (* Concatenate the inputs, in the following order: * - forward inputs - * - state input + * - forward state input * - backward inputs + * - backward state input *) - let inputs = List.concat [ fwd_inputs; state_ty; back_inputs ] in + let inputs = + List.concat [ fwd_inputs; fwd_state_ty; back_inputs; back_state_ty ] + in (* Outputs *) let output_names, doutputs = match gid with @@ -620,7 +678,7 @@ let translate_fun_sig (fun_infos : FA.fun_info A.FunDeclId.Map.t) let output = mk_simpl_tuple_ty doutputs in (* Add the output state *) let output = - if effect_info.output_state then mk_simpl_tuple_ty [ mk_state_ty; output ] + if effect_info.stateful then mk_simpl_tuple_ty [ mk_state_ty; output ] else output in (* Wrap in a result type *) @@ -1087,6 +1145,15 @@ let rec translate_expression (config : config) (e : S.expression) (ctx : bs_ctx) | Assertion (v, e) -> translate_assertion config v e ctx | Expansion (p, sv, exp) -> translate_expansion config p sv exp ctx | Meta (meta, e) -> translate_meta config meta e ctx + | ForwardEnd e -> + (* Update the current state with the additional state received by the backward + function, if needs be *) + let ctx = + match ctx.bid with + | None -> ctx + | Some _ -> { ctx with state_var = ctx.back_state_var } + in + translate_expression config e ctx and translate_panic (ctx : bs_ctx) : texpression = (* Here we use the function return type - note that it is ok because @@ -1095,13 +1162,15 @@ and translate_panic (ctx : bs_ctx) : texpression = (* If we use a state monad, we need to add a lambda for the state variable *) (* Note that only forward functions return a state *) let output_ty = mk_simpl_tuple_ty ctx.sg.doutputs in - if ctx.sg.info.effect_info.output_state then + (* TODO: we should use a [Fail] function *) + if ctx.sg.info.effect_info.stateful then (* Create the [Fail] value *) let ret_ty = mk_simpl_tuple_ty [ mk_state_ty; output_ty ] in let ret_v = mk_result_fail_texpression ret_ty in ret_v else mk_result_fail_texpression output_ty +(** [opt_v]: the value to return, in case we translate a forward function *) and translate_return (opt_v : V.typed_value option) (ctx : bs_ctx) : texpression = (* There are two cases: @@ -1109,44 +1178,40 @@ and translate_return (opt_v : V.typed_value option) (ctx : bs_ctx) : texpression value should be [Some] (it is the returned value) - or we are translating a backward function, in which case it should be [None] *) - match ctx.bid with - | None -> - (* Forward function *) - let v = Option.get opt_v in - let v = typed_value_to_texpression ctx v in - (* We may need to return a state - * - error-monad: Return x - * - state-error: Return (state, x) - * *) - if ctx.sg.info.effect_info.output_state then - let state_var = - { - id = ctx.state_var; - basename = Some ConstStrings.state_basename; - ty = mk_state_ty; - } + (* Compute the values that we should return *without the state and the result + * wrapper* *) + let output = + match ctx.bid with + | None -> + (* Forward function *) + let v = Option.get opt_v in + typed_value_to_texpression ctx v + | Some bid -> + (* Backward function *) + (* Sanity check *) + assert (opt_v = None); + (* Group the variables in which we stored the values we need to give back. + * See the explanations for the [SynthInput] case in [translate_end_abstraction] *) + let backward_outputs = + T.RegionGroupId.Map.find bid ctx.backward_outputs in - let state_rvalue = mk_texpression_from_var state_var in - mk_result_return_texpression - (mk_simpl_tuple_texpression [ state_rvalue; v ]) - else mk_result_return_texpression v - | Some bid -> - (* Backward function *) - (* Sanity check *) - assert (opt_v = None); - assert (not ctx.sg.info.effect_info.output_state); - (* We simply need to return the variables in which we stored the values - * we need to give back. - * See the explanations for the [SynthInput] case in [translate_end_abstraction] *) - let backward_outputs = - T.RegionGroupId.Map.find bid ctx.backward_outputs - in - let field_values = List.map mk_texpression_from_var backward_outputs in - (* Backward functions never return a state *) - (* TODO: we should use a [fail] function, it would be cleaner *) - let ret_value = mk_simpl_tuple_texpression field_values in - let ret_value = mk_result_return_texpression ret_value in - ret_value + let field_values = List.map mk_texpression_from_var backward_outputs in + mk_simpl_tuple_texpression field_values + in + (* We may need to return a state + * - error-monad: Return x + * - state-error: Return (state, x) + * *) + let effect_info = ctx.sg.info.effect_info in + let output = + if effect_info.stateful then + let state_rvalue = mk_state_texpression ctx.state_var in + mk_simpl_tuple_texpression [ state_rvalue; output ] + else output + in + (* Wrap in a result - TODO: check effect_info.can_fail to not always wrap *) + (* TODO: we should use a [Return] function *) + mk_result_return_texpression output and translate_function_call (config : config) (call : S.call) (e : S.expression) (ctx : bs_ctx) : texpression = @@ -1171,29 +1236,26 @@ and translate_function_call (config : config) (call : S.call) (e : S.expression) (* Retrieve the effect information about this function (can fail, * takes a state as input, etc.) *) let effect_info = - get_fun_effect_info ctx.fun_context.fun_infos fid None - in - (* Add the state input argument *) - let args = - if effect_info.input_state then - let state_var = { e = Var ctx.state_var; ty = mk_state_ty } in - List.append args [ state_var ] - else args + get_fun_effect_info config.backward_no_state_update + ctx.fun_context.fun_infos fid None in - (* Generate a fresh state variable if the function call introduces - * a new variable *) - let ctx, out_state = - if effect_info.input_state then - let ctx, var = bs_ctx_fresh_state_var ctx in - (ctx, Some var) - else (ctx, None) + (* If the function is stateful: + * - add the state input argument + * - generate a fresh state variable for the returned state + *) + let args, ctx, out_state = + if effect_info.stateful then + let state_var = mk_state_texpression ctx.state_var in + let ctx, nstate_var = bs_ctx_fresh_state_var ctx in + (List.append args [ state_var ], ctx, Some nstate_var) + else (args, ctx, None) in (* Register the function call *) let ctx = bs_ctx_register_forward_call call_id call args ctx in (ctx, func, effect_info, args, out_state) | S.Unop E.Not -> let effect_info = - { can_fail = false; input_state = false; output_state = false } + { can_fail = false; stateful_group = false; stateful = false } in (ctx, Unop Not, effect_info, args, None) | S.Unop E.Neg -> ( @@ -1203,14 +1265,14 @@ and translate_function_call (config : config) (call : S.call) (e : S.expression) (* Note that negation can lead to an overflow and thus fail (it * is thus monadic) *) let effect_info = - { can_fail = true; input_state = false; output_state = false } + { can_fail = true; stateful_group = false; stateful = false } in (ctx, Unop (Neg int_ty), effect_info, args, None) | _ -> raise (Failure "Unreachable")) | S.Unop (E.Cast (src_ty, tgt_ty)) -> (* Note that cast can fail *) let effect_info = - { can_fail = true; input_state = false; output_state = false } + { can_fail = true; stateful_group = false; stateful = false } in (ctx, Unop (Cast (src_ty, tgt_ty)), effect_info, args, None) | S.Binop binop -> ( @@ -1222,8 +1284,8 @@ and translate_function_call (config : config) (call : S.call) (e : S.expression) let effect_info = { can_fail = ExpressionsUtils.binop_can_fail binop; - input_state = false; - output_state = false; + stateful_group = false; + stateful = false; } in (ctx, Binop (binop, int_ty0), effect_info, args, None) @@ -1307,6 +1369,17 @@ and translate_end_abstraction (config : config) (abs : V.abs) (e : S.expression) | V.FunCall -> let call_info = V.FunCallId.Map.find abs.call_id ctx.calls in let call = call_info.forward in + let fun_id = + match call.call_id with + | S.Fun (fun_id, _) -> fun_id + | Unop _ | Binop _ -> + (* Those don't have backward functions *) + raise (Failure "Unreachable") + in + let effect_info = + get_fun_effect_info config.backward_no_state_update + ctx.fun_context.fun_infos fun_id (Some abs.back_id) + in let type_args = List.map (ctx_translate_fwd_ty ctx) call.type_params in (* Retrieve the original call and the parent abstractions *) let _forward, backwards = get_abs_ancestors ctx abs in @@ -1322,8 +1395,21 @@ and translate_end_abstraction (config : config) (abs : V.abs) (e : S.expression) (* Retrieve the values consumed upon ending the loans inside this * abstraction: those give us the remaining input values *) let back_inputs = abs_to_consumed ctx abs in + (* If the function is stateful: + * - add the state input argument + * - generate a fresh state variable for the returned state + *) + let back_state, ctx, nstate = + if effect_info.stateful then + let back_state = mk_state_texpression ctx.state_var in + let ctx, nstate = bs_ctx_fresh_state_var ctx in + ([ back_state ], ctx, Some nstate) + else ([], ctx, None) + in + (* Concatenate all the inpus *) let inputs = - List.concat [ fwd_inputs; back_ancestors_inputs; back_inputs ] + List.concat + [ fwd_inputs; back_ancestors_inputs; back_inputs; back_state ] in (* Retrieve the values given back by this function: those are the output * values. We rely on the fact that there are no nested borrows to use the @@ -1333,43 +1419,42 @@ and translate_end_abstraction (config : config) (abs : V.abs) (e : S.expression) List.append (List.map translate_opt_mplace call.args_places) [ None ] in let ctx, outputs = abs_to_given_back output_mpl abs ctx in - (* Group the output values together (note that for now, backward functions - * never return an output state) *) + (* Group the output values together: first the updated inputs *) let output = mk_simpl_tuple_pattern outputs in - (* Sanity check: the inputs and outputs have the proper number and the proper type *) - let fun_id = - match call.call_id with - | S.Fun (fun_id, _) -> fun_id - | Unop _ | Binop _ -> - (* Those don't have backward functions *) - raise (Failure "Unreachable") + (* Add the returned state if the function is stateful *) + let output = + match nstate with + | None -> output + | Some nstate -> mk_simpl_tuple_pattern [ nstate; output ] in - - let inst_sg = - get_instantiated_fun_sig fun_id (Some abs.back_id) type_args ctx + (* Sanity check: the inputs and outputs have the proper number and the proper type *) + let _ = + let inst_sg = + get_instantiated_fun_sig fun_id (Some abs.back_id) type_args ctx + in + log#ldebug + (lazy + ("\n- fun_id: " ^ A.show_fun_id fun_id ^ "\n- inputs (" + ^ string_of_int (List.length inputs) + ^ "): " + ^ String.concat ", " (List.map show_texpression inputs) + ^ "\n- inst_sg.inputs (" + ^ string_of_int (List.length inst_sg.inputs) + ^ "): " + ^ String.concat ", " (List.map show_ty inst_sg.inputs))); + List.iter + (fun (x, ty) -> assert ((x : texpression).ty = ty)) + (List.combine inputs inst_sg.inputs); + log#ldebug + (lazy + ("\n- outputs: " + ^ string_of_int (List.length outputs) + ^ "\n- expected outputs: " + ^ string_of_int (List.length inst_sg.doutputs))); + List.iter + (fun (x, ty) -> assert ((x : typed_pattern).ty = ty)) + (List.combine outputs inst_sg.doutputs) in - log#ldebug - (lazy - ("\n- fun_id: " ^ A.show_fun_id fun_id ^ "\n- inputs (" - ^ string_of_int (List.length inputs) - ^ "): " - ^ String.concat ", " (List.map show_texpression inputs) - ^ "\n- inst_sg.inputs (" - ^ string_of_int (List.length inst_sg.inputs) - ^ "): " - ^ String.concat ", " (List.map show_ty inst_sg.inputs))); - List.iter - (fun (x, ty) -> assert ((x : texpression).ty = ty)) - (List.combine inputs inst_sg.inputs); - log#ldebug - (lazy - ("\n- outputs: " - ^ string_of_int (List.length outputs) - ^ "\n- expected outputs: " - ^ string_of_int (List.length inst_sg.doutputs))); - List.iter - (fun (x, ty) -> assert ((x : typed_pattern).ty = ty)) - (List.combine outputs inst_sg.doutputs); (* Retrieve the function id, and register the function call in the context * if necessary *) let ctx, func = bs_ctx_register_backward_call abs back_inputs ctx in @@ -1382,9 +1467,6 @@ and translate_end_abstraction (config : config) (abs : V.abs) (e : S.expression) (fun (arg, mp) -> mk_opt_mplace_texpression mp arg) (List.combine inputs args_mplaces) in - let effect_info = - get_fun_effect_info ctx.fun_context.fun_infos fun_id (Some abs.back_id) - in let input_tys = (List.map (fun (x : texpression) -> x.ty)) args in let ret_ty = if effect_info.can_fail then mk_result_ty output.ty else output.ty @@ -1398,8 +1480,13 @@ and translate_end_abstraction (config : config) (abs : V.abs) (e : S.expression) * We do a small optimization here: if the backward function doesn't * have any output, we don't introduce any function call. * See the comment in [config]. + * + * TODO: use an option to disallow backward functions from updating the state. + * TODO: a backward function which only gives back shared borrows shouldn't + * update the state (state updates should only be used for mutable borrows, + * with objects like Rc for instance. *) - if config.filter_useless_back_calls && outputs = [] then ( + if config.filter_useless_back_calls && outputs = [] && nstate = None then ( (* No outputs - we do a small sanity check: the backward function * should have exactly the same number of inputs as the forward: * this number can be different only if the forward function returned @@ -1708,32 +1795,28 @@ let translate_fun_decl (config : config) (ctx : bs_ctx) (* Translate the declaration *) let def_id = def.A.def_id in let basename = def.name in - (* Lookup the signature *) - let signature = bs_ctx_lookup_local_function_sig def_id bid ctx in + (* Retrieve the signature *) + let signature = ctx.sg in (* Translate the body, if there is *) let body = match body with | None -> None | Some body -> let body = translate_expression config body ctx in - (* Sanity check *) - type_check_texpression ctx body; - (* Introduce the input state, if necessary *) let effect_info = - get_fun_effect_info ctx.fun_context.fun_infos (Regular def_id) bid + get_fun_effect_info config.backward_no_state_update + ctx.fun_context.fun_infos (Regular def_id) bid in - let input_state = - if effect_info.input_state then - [ - { - id = ctx.state_var; - basename = Some ConstStrings.state_basename; - ty = mk_state_ty; - }; - ] + (* Sanity check *) + type_check_texpression ctx body; + (* Introduce the forward input state (the state at call site of the + * *forward* function), if necessary. *) + let fwd_state = + (* We check if the *whole group* is stateful. See {!effect_info} *) + if effect_info.stateful_group then [ mk_state_var ctx.state_var ] else [] in - (* Compute the list of (properly ordered) input variables *) + (* Compute the list of (properly ordered) backward input variables *) let backward_inputs : var list = match bid with | None -> [] @@ -1747,8 +1830,17 @@ let translate_fun_decl (config : config) (ctx : bs_ctx) (fun id -> T.RegionGroupId.Map.find id ctx.backward_inputs) backward_ids) in + (* Introduce the backward input state (the state at call site of the + * *backward* function), if necessary *) + let back_state = + if effect_info.stateful && Option.is_some bid then + [ mk_state_var ctx.back_state_var ] + else [] + in + (* Group the inputs together *) let inputs = - List.concat [ ctx.forward_inputs; input_state; backward_inputs ] + List.concat + [ ctx.forward_inputs; fwd_state; backward_inputs; back_state ] in let inputs_lvs = List.map (fun v -> mk_typed_pattern_from_var v None) inputs @@ -1756,12 +1848,18 @@ let translate_fun_decl (config : config) (ctx : bs_ctx) (* Sanity check *) log#ldebug (lazy - ("SymbolicToPure.translate_fun_decl:" ^ "\n- forward_inputs: " + ("SymbolicToPure.translate_fun_decl: " + ^ Print.fun_name_to_string def.A.name + ^ " (" + ^ Print.option_to_string T.RegionGroupId.to_string bid + ^ ")" ^ "\n- forward_inputs: " ^ String.concat ", " (List.map show_var ctx.forward_inputs) - ^ "\n- input_state: " - ^ String.concat ", " (List.map show_var input_state) + ^ "\n- fwd_state: " + ^ String.concat ", " (List.map show_var fwd_state) ^ "\n- backward_inputs: " ^ String.concat ", " (List.map show_var backward_inputs) + ^ "\n- back_state: " + ^ String.concat ", " (List.map show_var back_state) ^ "\n- signature.inputs: " ^ String.concat ", " (List.map show_ty signature.inputs))); assert ( @@ -1804,8 +1902,8 @@ let translate_type_decls (type_decls : T.type_decl list) : type_decl list = - optional names for the outputs values (we derive them for the backward functions) *) -let translate_fun_signatures (fun_infos : FA.fun_info A.FunDeclId.Map.t) - (types_infos : TA.type_infos) +let translate_fun_signatures (backward_no_state_update : bool) + (fun_infos : FA.fun_info A.FunDeclId.Map.t) (types_infos : TA.type_infos) (functions : (A.fun_id * string option list * A.fun_sig) list) : fun_sig_named_outputs RegularFunIdMap.t = (* For every function, translate the signatures of: @@ -1816,7 +1914,8 @@ let translate_fun_signatures (fun_infos : FA.fun_info A.FunDeclId.Map.t) (sg : A.fun_sig) : (regular_fun_id * fun_sig_named_outputs) list = (* The forward function *) let fwd_sg = - translate_fun_sig fun_infos fun_id types_infos sg input_names None + translate_fun_sig backward_no_state_update fun_infos fun_id types_infos sg + input_names None in let fwd_id = (fun_id, None) in (* The backward functions *) @@ -1824,8 +1923,8 @@ let translate_fun_signatures (fun_infos : FA.fun_info A.FunDeclId.Map.t) List.map (fun (rg : T.region_var_group) -> let tsg = - translate_fun_sig fun_infos fun_id types_infos sg input_names - (Some rg.id) + translate_fun_sig backward_no_state_update fun_infos fun_id + types_infos sg input_names (Some rg.id) in let id = (fun_id, Some rg.id) in (id, tsg)) diff --git a/compiler/SynthesizeSymbolic.ml b/compiler/SynthesizeSymbolic.ml index c74a831e..8d4dac82 100644 --- a/compiler/SynthesizeSymbolic.ml +++ b/compiler/SynthesizeSymbolic.ml @@ -12,7 +12,7 @@ let mk_mplace (p : E.place) (ctx : Contexts.eval_ctx) : mplace = let mk_opt_mplace (p : E.place option) (ctx : Contexts.eval_ctx) : mplace option = - match p with None -> None | Some p -> Some (mk_mplace p ctx) + Option.map (fun p -> mk_mplace p ctx) p let mk_opt_place_from_op (op : E.operand) (ctx : Contexts.eval_ctx) : mplace option = @@ -22,11 +22,11 @@ let mk_opt_place_from_op (op : E.operand) (ctx : Contexts.eval_ctx) : let synthesize_symbolic_expansion (sv : V.symbolic_value) (place : mplace option) (seel : V.symbolic_expansion option list) - (exprl : expression list option) : expression option = - match exprl with + (el : expression list option) : expression option = + match el with | None -> None - | Some exprl -> - let ls = List.combine seel exprl in + | Some el -> + let ls = List.combine seel el in (* Match on the symbolic value type to know which can of expansion happened *) let expansion = match sv.V.sv_ty with @@ -89,19 +89,18 @@ let synthesize_symbolic_expansion (sv : V.symbolic_value) Some (Expansion (place, sv, expansion)) let synthesize_symbolic_expansion_no_branching (sv : V.symbolic_value) - (place : mplace option) (see : V.symbolic_expansion) - (expr : expression option) : expression option = - let exprl = match expr with None -> None | Some expr -> Some [ expr ] in - synthesize_symbolic_expansion sv place [ Some see ] exprl + (place : mplace option) (see : V.symbolic_expansion) (e : expression option) + : expression option = + let el = Option.map (fun e -> [ e ]) e in + synthesize_symbolic_expansion sv place [ Some see ] el let synthesize_function_call (call_id : call_id) (abstractions : V.AbstractionId.id list) (type_params : T.ety list) (args : V.typed_value list) (args_places : mplace option list) (dest : V.symbolic_value) (dest_place : mplace option) - (expr : expression option) : expression option = - match expr with - | None -> None - | Some expr -> + (e : expression option) : expression option = + Option.map + (fun e -> let call = { call_id; @@ -113,48 +112,45 @@ let synthesize_function_call (call_id : call_id) dest_place; } in - Some (FunCall (call, expr)) + FunCall (call, e)) + e let synthesize_global_eval (gid : A.GlobalDeclId.id) (dest : V.symbolic_value) - (expr : expression option) : expression option = - match expr with None -> None | Some e -> Some (EvalGlobal (gid, dest, e)) + (e : expression option) : expression option = + Option.map (fun e -> EvalGlobal (gid, dest, e)) e let synthesize_regular_function_call (fun_id : A.fun_id) (call_id : V.FunCallId.id) (abstractions : V.AbstractionId.id list) (type_params : T.ety list) (args : V.typed_value list) (args_places : mplace option list) (dest : V.symbolic_value) - (dest_place : mplace option) (expr : expression option) : expression option - = + (dest_place : mplace option) (e : expression option) : expression option = synthesize_function_call (Fun (fun_id, call_id)) - abstractions type_params args args_places dest dest_place expr + abstractions type_params args args_places dest dest_place e let synthesize_unary_op (unop : E.unop) (arg : V.typed_value) (arg_place : mplace option) (dest : V.symbolic_value) - (dest_place : mplace option) (expr : expression option) : expression option - = + (dest_place : mplace option) (e : expression option) : expression option = synthesize_function_call (Unop unop) [] [] [ arg ] [ arg_place ] dest - dest_place expr + dest_place e let synthesize_binary_op (binop : E.binop) (arg0 : V.typed_value) (arg0_place : mplace option) (arg1 : V.typed_value) (arg1_place : mplace option) (dest : V.symbolic_value) - (dest_place : mplace option) (expr : expression option) : expression option - = + (dest_place : mplace option) (e : expression option) : expression option = synthesize_function_call (Binop binop) [] [] [ arg0; arg1 ] - [ arg0_place; arg1_place ] dest dest_place expr + [ arg0_place; arg1_place ] dest dest_place e -let synthesize_end_abstraction (abs : V.abs) (expr : expression option) : +let synthesize_end_abstraction (abs : V.abs) (e : expression option) : expression option = - match expr with - | None -> None - | Some expr -> Some (EndAbstraction (abs, expr)) + Option.map (fun e -> EndAbstraction (abs, e)) e let synthesize_assignment (lplace : mplace) (rvalue : V.typed_value) - (rplace : mplace option) (expr : expression option) : expression option = - match expr with - | None -> None - | Some expr -> Some (Meta (Assignment (lplace, rvalue, rplace), expr)) + (rplace : mplace option) (e : expression option) : expression option = + Option.map (fun e -> Meta (Assignment (lplace, rvalue, rplace), e)) e + +let synthesize_assertion (v : V.typed_value) (e : expression option) = + Option.map (fun e -> Assertion (v, e)) e -let synthesize_assertion (v : V.typed_value) (expr : expression option) = - match expr with None -> None | Some expr -> Some (Assertion (v, expr)) +let synthesize_forward_end (e : expression option) = + Option.map (fun e -> ForwardEnd e) e diff --git a/compiler/Translate.ml b/compiler/Translate.ml index d7cc9155..72322c73 100644 --- a/compiler/Translate.ml +++ b/compiler/Translate.ml @@ -18,6 +18,30 @@ type config = { (** Controls whether we need to use a state to model the external world (I/O, for instance). *) + backward_no_state_update : bool; + (** Controls whether backward functions update the state, in case we use + a state ({!use_state}). + + If they update the state, we generate code of the following style: + {[ + (st1, y) <-- f_fwd x st0; // st0 is the state upon calling f_fwd + ... + (st3, x') <-- f_back x st0 y' st2; // st2 is the state upon calling f_back + }] + + Otherwise, we generate code of the following shape: + {[ + (st1, y) <-- f_fwd x st0; + ... + x' <-- f_back x st0 y'; + }] + + The second format is easier to reason about, but the first one is + necessary to properly handle some Rust functions which use internal + mutability such as {{:https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow_mut} [RefCell::try_mut_borrow]}: + in order to model this behaviour we would need a state, and calling the backward + function would update the state by reinserting the updated value in it. + *) split_files : bool; (** Controls whether we split the generated definitions between different files for the types, clauses and functions, or if we group them in @@ -96,7 +120,8 @@ let translate_function_to_symbolics (config : C.partial_config) TODO: maybe we should introduce a record for this. *) let translate_function_to_pure (config : C.partial_config) - (mp_config : Micro.config) (trans_ctx : trans_ctx) + (mp_config : Micro.config) (backward_no_state_update : bool) + (trans_ctx : trans_ctx) (fun_sigs : SymbolicToPure.fun_sig_named_outputs RegularFunIdMap.t) (pure_type_decls : Pure.type_decl Pure.TypeDeclId.Map.t) (fdef : A.fun_decl) : pure_fun_translation = @@ -123,6 +148,7 @@ let translate_function_to_pure (config : C.partial_config) let sv_to_var = V.SymbolicValueId.Map.empty in let var_counter = Pure.VarId.generator_zero in let state_var, var_counter = Pure.VarId.fresh var_counter in + let back_state_var, var_counter = Pure.VarId.fresh var_counter in let calls = V.FunCallId.Map.empty in let abstractions = V.AbstractionId.Map.empty in let type_context = @@ -151,6 +177,7 @@ let translate_function_to_pure (config : C.partial_config) sv_to_var; var_counter; state_var; + back_state_var; type_context; fun_context; global_context; @@ -188,6 +215,7 @@ let translate_function_to_pure (config : C.partial_config) { SymbolicToPure.filter_useless_back_calls = mp_config.filter_useless_monadic_calls; + backward_no_state_update; } in @@ -231,12 +259,22 @@ let translate_function_to_pure (config : C.partial_config) in (* We need to ignore the forward inputs, and the state input (if there is) *) let fun_info = - SymbolicToPure.get_fun_effect_info fun_context.fun_infos - (A.Regular def_id) (Some back_id) + SymbolicToPure.get_fun_effect_info backward_no_state_update + fun_context.fun_infos (A.Regular def_id) (Some back_id) in - let _, backward_inputs = - Collections.List.split_at backward_sg.sg.inputs - (num_forward_inputs + if fun_info.input_state then 1 else 0) + let backward_inputs = + (* We need to ignore the forward state and the backward state *) + (* TODO: this is ad-hoc and error-prone. We should group all this + * information in the signature information. *) + let fwd_state_n = if fun_info.stateful_group then 1 else 0 in + let num_forward_inputs = num_forward_inputs + fwd_state_n in + let back_state_n = if fun_info.stateful then 1 else 0 in + let num_back_inputs = + List.length backward_sg.sg.inputs + - num_forward_inputs - back_state_n + in + Collections.List.subslice backward_sg.sg.inputs num_forward_inputs + num_back_inputs in (* As we forbid nested borrows, the additional inputs for the backward * functions come from the borrows in the return value of the rust function: @@ -285,7 +323,8 @@ let translate_function_to_pure (config : C.partial_config) (pure_forward, pure_backwards) let translate_module_to_pure (config : C.partial_config) - (mp_config : Micro.config) (use_state : bool) (crate : A.crate) : + (mp_config : Micro.config) (use_state : bool) + (backward_no_state_update : bool) (crate : A.crate) : trans_ctx * Pure.type_decl list * (bool * pure_fun_translation) list = (* Debug *) log#ldebug (lazy "translate_module_to_pure"); @@ -333,15 +372,15 @@ let translate_module_to_pure (config : C.partial_config) in let sigs = List.append assumed_sigs local_sigs in let fun_sigs = - SymbolicToPure.translate_fun_signatures fun_context.fun_infos - type_context.type_infos sigs + SymbolicToPure.translate_fun_signatures backward_no_state_update + fun_context.fun_infos type_context.type_infos sigs in (* Translate all the *transparent* functions *) let pure_translations = List.map - (translate_function_to_pure config mp_config trans_ctx fun_sigs - type_decls_map) + (translate_function_to_pure config mp_config backward_no_state_update + trans_ctx fun_sigs type_decls_map) crate.functions in @@ -631,7 +670,7 @@ let translate_module (filename : string) (dest_dir : string) (config : config) (* Translate the module to the pure AST *) let trans_ctx, trans_types, trans_funs = translate_module_to_pure config.eval_config config.mp_config - config.use_state crate + config.use_state config.backward_no_state_update crate in (* Initialize the extraction context - for now we extract only to F*. diff --git a/tests/betree_back_stateful/BetreeMain.Clauses.Template.fst b/tests/betree_back_stateful/BetreeMain.Clauses.Template.fst new file mode 100644 index 00000000..d48213d3 --- /dev/null +++ b/tests/betree_back_stateful/BetreeMain.Clauses.Template.fst @@ -0,0 +1,106 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: templates for the decreases clauses *) +module BetreeMain.Clauses.Template +open Primitives +open BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [core::num::u64::{10}::MAX] *) +let core_num_u64_max_body : result u64 = Return 18446744073709551615 +let core_num_u64_max_c : u64 = eval_global core_num_u64_max_body + +(** [betree_main::betree::List::{1}::len]: decreases clause *) +unfold +let betree_list_len_decreases (t : Type0) (self : betree_list_t t) : nat = + admit () + +(** [betree_main::betree::List::{1}::split_at]: decreases clause *) +unfold +let betree_list_split_at_decreases (t : Type0) (self : betree_list_t t) + (n : u64) : nat = + admit () + +(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *) +unfold +let betree_list_partition_at_pivot_decreases (t : Type0) + (self : betree_list_t (u64 & t)) (pivot : u64) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *) +unfold +let betree_node_lookup_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *) +unfold +let betree_node_lookup_first_message_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *) +unfold +let betree_node_apply_upserts_decreases + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup]: decreases clause *) +unfold +let betree_node_lookup_decreases (self : betree_node_t) (key : u64) + (st : state) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *) +unfold +let betree_internal_lookup_in_children_decreases (self : betree_internal_t) + (key : u64) (st : state) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *) +unfold +let betree_node_lookup_mut_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_messages_to_leaf]: decreases clause *) +unfold +let betree_node_apply_messages_to_leaf_decreases + (bindings : betree_list_t (u64 & u64)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *) +unfold +let betree_node_filter_messages_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *) +unfold +let betree_node_lookup_first_message_after_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_messages_to_internal]: decreases clause *) +unfold +let betree_node_apply_messages_to_internal_decreases + (msgs : betree_list_t (u64 & betree_message_t)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : nat = + admit () + +(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *) +unfold +let betree_node_apply_messages_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + +(** [betree_main::betree::Internal::{4}::flush]: decreases clause *) +unfold +let betree_internal_flush_decreases (self : betree_internal_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat = + admit () + diff --git a/tests/betree_back_stateful/BetreeMain.Clauses.fst b/tests/betree_back_stateful/BetreeMain.Clauses.fst new file mode 100644 index 00000000..07484711 --- /dev/null +++ b/tests/betree_back_stateful/BetreeMain.Clauses.fst @@ -0,0 +1,210 @@ +(** [betree_main]: templates for the decreases clauses *) +module BetreeMain.Clauses +open Primitives +open BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 1" + +(*** Well-founded relations *) + +(* We had a few issues when proving termination of the mutually recursive functions: + * - betree_internal_flush + * - betree_node_apply_messages + * + * The quantity which effectively decreases is: + * (betree_size, messages_length) + * where messages_length is 0 when there are no messages + * (and where we use the lexicographic ordering, of course) + * + * However, the `%[...]` and `{:well-founded ...} notations are not available outside + * of `decrease` clauses. + * + * We thus resorted to writing and proving correct a well-founded relation over + * pairs of natural numbers. The trick is that `<<` can be used outside of decrease + * clauses, and can be used to trigger SMT patterns. + * + * What follows is adapted from: + * https://www.fstar-lang.org/tutorial/book/part2/part2_well_founded.html + * + * Also, the following PR might make things easier: + * https://github.com/FStarLang/FStar/pull/2561 + *) + +module P = FStar.Preorder +module W = FStar.WellFounded +module L = FStar.LexicographicOrdering + +let lt_nat (x y:nat) : Type = x < y == true +let rec wf_lt_nat (x:nat) + : W.acc lt_nat x + = W.AccIntro (fun y _ -> wf_lt_nat y) + +// A type abbreviation for a pair of nats +let nat_pair = (x:nat & nat) + +// Making a lexicographic ordering from a pair of nat ordering +let lex_order_nat_pair : P.relation nat_pair = + L.lex_t lt_nat (fun _ -> lt_nat) + +// The lex order on nat pairs is well-founded, using our general proof +// of lexicographic composition of well-founded orders +let lex_order_nat_pair_wf : W.well_founded lex_order_nat_pair = + L.lex_t_wf wf_lt_nat (fun _ -> wf_lt_nat) + +// A utility to introduce lt_nat +let mk_lt_nat (x:nat) (y:nat { x < y }) : lt_nat x y = + let _ : equals (x < y) true = Refl in + () + +// A utility to make a lex ordering of nat pairs +let mk_lex_order_nat_pair (xy0:nat_pair) + (xy1:nat_pair { + let (|x0, y0|) = xy0 in + let (|x1, y1|) = xy1 in + x0 < x1 \/ (x0 == x1 /\ y0 < y1) + }) : lex_order_nat_pair xy0 xy1 = + let (|x0, y0|) = xy0 in + let (|x1, y1|) = xy1 in + if x0 < x1 then L.Left_lex x0 x1 y0 y1 (mk_lt_nat x0 x1) + else L.Right_lex x0 y0 y1 (mk_lt_nat y0 y1) + +let rec coerce #a #r #x (p:W.acc #a r x) : Tot (W.acc r x) (decreases p) = + W.AccIntro (fun y r -> coerce (p.access_smaller y r)) + +let coerce_wf #a #r (p: (x:a -> W.acc r x)) : x:a -> W.acc r x = + fun x -> coerce (p x) + +(* We need this axiom, which comes from the following discussion: + * https://github.com/FStarLang/FStar/issues/1916 + * An issue here is that the `{well-founded ... }` notation + *) +assume +val axiom_well_founded (a : Type) (rel : a -> a -> Type0) + (rwf : W.well_founded #a rel) (x y : a) : + Lemma (requires (rel x y)) (ensures (x << y)) + +(* This lemma has a pattern (which makes it work) *) +let wf_nat_pair_lem (p0 p1 : nat_pair) : + Lemma + (requires ( + let (|x0, y0|) = p0 in + let (|x1, y1|) = p1 in + x0 < x1 || (x0 = x1 && y0 < y1))) + (ensures (p0 << p1)) + [SMTPat (p0 << p1)] = + let rel = lex_order_nat_pair in + let rel_wf = lex_order_nat_pair_wf in + let _ = mk_lex_order_nat_pair p0 p1 in + assert(rel p0 p1); + axiom_well_founded nat_pair rel rel_wf p0 p1 + +(*** Decrease clauses *) +/// "Standard" decrease clauses + +(** [betree_main::betree::List::{1}::len]: decreases clause *) +unfold +let betree_list_len_decreases (t : Type0) (self : betree_list_t t) : betree_list_t t = + self + +(** [betree_main::betree::List::{1}::split_at]: decreases clause *) +unfold +let betree_list_split_at_decreases (t : Type0) (self : betree_list_t t) + (n : u64) : nat = + n + +(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *) +unfold +let betree_list_partition_at_pivot_decreases (t : Type0) + (self : betree_list_t (u64 & t)) (pivot : u64) : betree_list_t (u64 & t) = + self + +(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *) +unfold +let betree_node_lookup_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : betree_list_t (u64 & u64) = + bindings + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *) +unfold +let betree_node_lookup_first_message_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : betree_list_t (u64 & betree_message_t) = + msgs + +(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *) +unfold +let betree_node_apply_upserts_decreases + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : betree_list_t (u64 & betree_message_t) = + msgs + +(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *) +unfold +let betree_internal_lookup_in_children_decreases (self : betree_internal_t) + (key : u64) (st : state) : betree_internal_t = + self + +(** [betree_main::betree::Node::{5}::lookup]: decreases clause *) +unfold +let betree_node_lookup_decreases (self : betree_node_t) (key : u64) + (st : state) : betree_node_t = + self + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *) +unfold +let betree_node_lookup_mut_in_bindings_decreases (key : u64) + (bindings : betree_list_t (u64 & u64)) : betree_list_t (u64 & u64) = + bindings + +unfold +let betree_node_apply_messages_to_leaf_decreases + (bindings : betree_list_t (u64 & u64)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : betree_list_t (u64 & betree_message_t) = + new_msgs + +(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *) +unfold +let betree_node_filter_messages_for_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : betree_list_t (u64 & betree_message_t) = + msgs + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *) +unfold +let betree_node_lookup_first_message_after_key_decreases (key : u64) + (msgs : betree_list_t (u64 & betree_message_t)) : betree_list_t (u64 & betree_message_t) = + msgs + +let betree_node_apply_messages_to_internal_decreases + (msgs : betree_list_t (u64 & betree_message_t)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : betree_list_t (u64 & betree_message_t) = + new_msgs + +(*** Decrease clauses - nat_pair *) +/// The following decrease clauses use the [nat_pair] definition and the well-founded +/// relation proven above. + +let rec betree_size (bt : betree_node_t) : nat = + match bt with + | BetreeNodeInternal node -> 1 + betree_internal_size node + | BetreeNodeLeaf _ -> 1 + +and betree_internal_size (node : betree_internal_t) : nat = + 1 + betree_size node.betree_internal_left + betree_size node.betree_internal_right + +let rec betree_list_len (#a : Type0) (ls : betree_list_t a) : nat = + match ls with + | BetreeListCons _ tl -> 1 + betree_list_len tl + | BetreeListNil -> 0 + +(** [betree_main::betree::Internal::{4}::flush]: decreases clause *) +unfold +let betree_internal_flush_decreases (self : betree_internal_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat_pair = + (|betree_internal_size self, 0|) + +(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *) +unfold +let betree_node_apply_messages_decreases (self : betree_node_t) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat_pair = + (|betree_size self, betree_list_len msgs|) diff --git a/tests/betree_back_stateful/BetreeMain.Funs.fst b/tests/betree_back_stateful/BetreeMain.Funs.fst new file mode 100644 index 00000000..ea8344fa --- /dev/null +++ b/tests/betree_back_stateful/BetreeMain.Funs.fst @@ -0,0 +1,2085 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: function definitions *) +module BetreeMain.Funs +open Primitives +include BetreeMain.Types +include BetreeMain.Opaque +include BetreeMain.Clauses + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [betree_main::betree::load_internal_node] *) +let betree_load_internal_node_fwd + (id : u64) (st : state) : + result (state & (betree_list_t (u64 & betree_message_t))) + = + begin match betree_utils_load_internal_node_fwd id st with + | Fail -> Fail + | Return (st0, l) -> Return (st0, l) + end + +(** [betree_main::betree::store_internal_node] *) +let betree_store_internal_node_fwd + (id : u64) (content : betree_list_t (u64 & betree_message_t)) (st : state) : + result (state & unit) + = + begin match betree_utils_store_internal_node_fwd id content st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::load_leaf_node] *) +let betree_load_leaf_node_fwd + (id : u64) (st : state) : result (state & (betree_list_t (u64 & u64))) = + begin match betree_utils_load_leaf_node_fwd id st with + | Fail -> Fail + | Return (st0, l) -> Return (st0, l) + end + +(** [betree_main::betree::store_leaf_node] *) +let betree_store_leaf_node_fwd + (id : u64) (content : betree_list_t (u64 & u64)) (st : state) : + result (state & unit) + = + begin match betree_utils_store_leaf_node_fwd id content st with + | Fail -> Fail + | Return (st0, _) -> Return (st0, ()) + end + +(** [betree_main::betree::fresh_node_id] *) +let betree_fresh_node_id_fwd (counter : u64) : result u64 = + begin match u64_add counter 1 with + | Fail -> Fail + | Return _ -> Return counter + end + +(** [betree_main::betree::fresh_node_id] *) +let betree_fresh_node_id_back (counter : u64) : result u64 = + begin match u64_add counter 1 with + | Fail -> Fail + | Return counter0 -> Return counter0 + end + +(** [betree_main::betree::NodeIdCounter::{0}::new] *) +let betree_node_id_counter_new_fwd : result betree_node_id_counter_t = + Return (Mkbetree_node_id_counter_t 0) + +(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *) +let betree_node_id_counter_fresh_id_fwd + (self : betree_node_id_counter_t) : result u64 = + begin match u64_add self.betree_node_id_counter_next_node_id 1 with + | Fail -> Fail + | Return _ -> Return self.betree_node_id_counter_next_node_id + end + +(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *) +let betree_node_id_counter_fresh_id_back + (self : betree_node_id_counter_t) : result betree_node_id_counter_t = + begin match u64_add self.betree_node_id_counter_next_node_id 1 with + | Fail -> Fail + | Return i -> Return (Mkbetree_node_id_counter_t i) + end + +(** [core::num::u64::{10}::MAX] *) +let core_num_u64_max_body : result u64 = Return 18446744073709551615 +let core_num_u64_max_c : u64 = eval_global core_num_u64_max_body + +(** [betree_main::betree::upsert_update] *) +let betree_upsert_update_fwd + (prev : option u64) (st : betree_upsert_fun_state_t) : result u64 = + begin match prev with + | None -> + begin match st with + | BetreeUpsertFunStateAdd v -> Return v + | BetreeUpsertFunStateSub i -> Return 0 + end + | Some prev0 -> + begin match st with + | BetreeUpsertFunStateAdd v -> + begin match u64_sub core_num_u64_max_c prev0 with + | Fail -> Fail + | Return margin -> + if margin >= v + then + begin match u64_add prev0 v with + | Fail -> Fail + | Return i -> Return i + end + else Return core_num_u64_max_c + end + | BetreeUpsertFunStateSub v -> + if prev0 >= v + then + begin match u64_sub prev0 v with + | Fail -> Fail + | Return i -> Return i + end + else Return 0 + end + end + +(** [betree_main::betree::List::{1}::len] *) +let rec betree_list_len_fwd + (t : Type0) (self : betree_list_t t) : + Tot (result u64) (decreases (betree_list_len_decreases t self)) + = + begin match self with + | BetreeListCons x tl -> + begin match betree_list_len_fwd t tl with + | Fail -> Fail + | Return i -> + begin match u64_add 1 i with | Fail -> Fail | Return i0 -> Return i0 end + end + | BetreeListNil -> Return 0 + end + +(** [betree_main::betree::List::{1}::split_at] *) +let rec betree_list_split_at_fwd + (t : Type0) (self : betree_list_t t) (n : u64) : + Tot (result ((betree_list_t t) & (betree_list_t t))) + (decreases (betree_list_split_at_decreases t self n)) + = + if n = 0 + then Return (BetreeListNil, self) + else + begin match self with + | BetreeListCons hd tl -> + begin match u64_sub n 1 with + | Fail -> Fail + | Return i -> + begin match betree_list_split_at_fwd t tl i with + | Fail -> Fail + | Return p -> + let (ls0, ls1) = p in + let l = ls0 in Return (BetreeListCons hd l, ls1) + end + end + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{1}::push_front] *) +let betree_list_push_front_fwd_back + (t : Type0) (self : betree_list_t t) (x : t) : result (betree_list_t t) = + let tl = mem_replace_fwd (betree_list_t t) self BetreeListNil in + let l = tl in Return (BetreeListCons x l) + +(** [betree_main::betree::List::{1}::pop_front] *) +let betree_list_pop_front_fwd (t : Type0) (self : betree_list_t t) : result t = + let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in + begin match ls with + | BetreeListCons x tl -> Return x + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{1}::pop_front] *) +let betree_list_pop_front_back + (t : Type0) (self : betree_list_t t) : result (betree_list_t t) = + let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in + begin match ls with + | BetreeListCons x tl -> Return tl + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{1}::hd] *) +let betree_list_hd_fwd (t : Type0) (self : betree_list_t t) : result t = + begin match self with + | BetreeListCons hd l -> Return hd + | BetreeListNil -> Fail + end + +(** [betree_main::betree::List::{2}::head_has_key] *) +let betree_list_head_has_key_fwd + (t : Type0) (self : betree_list_t (u64 & t)) (key : u64) : result bool = + begin match self with + | BetreeListCons hd l -> let (i, _) = hd in Return (i = key) + | BetreeListNil -> Return false + end + +(** [betree_main::betree::List::{2}::partition_at_pivot] *) +let rec betree_list_partition_at_pivot_fwd + (t : Type0) (self : betree_list_t (u64 & t)) (pivot : u64) : + Tot (result ((betree_list_t (u64 & t)) & (betree_list_t (u64 & t)))) + (decreases (betree_list_partition_at_pivot_decreases t self pivot)) + = + begin match self with + | BetreeListCons hd tl -> + let (i, x) = hd in + if i >= pivot + then Return (BetreeListNil, BetreeListCons (i, x) tl) + else + begin match betree_list_partition_at_pivot_fwd t tl pivot with + | Fail -> Fail + | Return p -> + let (ls0, ls1) = p in + let l = ls0 in Return (BetreeListCons (i, x) l, ls1) + end + | BetreeListNil -> Return (BetreeListNil, BetreeListNil) + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_split_fwd + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) : + result (state & betree_internal_t) + = + begin match + betree_list_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return p0 -> + let (pivot, _) = p0 in + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st0 with + | Fail -> Fail + | Return (st1, _) -> + let n = BetreeNodeLeaf (Mkbetree_leaf_t id0 + params.betree_params_split_size) in + let n0 = BetreeNodeLeaf (Mkbetree_leaf_t id1 + params.betree_params_split_size) in + Return + (st1, + Mkbetree_internal_t + self.betree_leaf_id + pivot + n + n0) + end + end + end + end + end + end + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_split_back0 + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) (st0 : state) : + result (state & unit) + = + begin match + betree_list_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return _ -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st1, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st1 with + | Fail -> Fail + | Return (_, _) -> Return (st0, ()) + end + end + end + end + end + end + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_split_back1 + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) (st0 : state) : + result (state & unit) + = + begin match + betree_list_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return _ -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st1, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st1 with + | Fail -> Fail + | Return (_, _) -> Return (st0, ()) + end + end + end + end + end + end + end + +(** [betree_main::betree::Leaf::{3}::split] *) +let betree_leaf_split_back2 + (self : betree_leaf_t) (content : betree_list_t (u64 & u64)) + (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t) + (st : state) (st0 : state) : + result (state & betree_node_id_counter_t) + = + begin match + betree_list_split_at_fwd (u64 & u64) content + params.betree_params_split_size with + | Fail -> Fail + | Return p -> + let (content0, content1) = p in + begin match betree_list_hd_fwd (u64 & u64) content1 with + | Fail -> Fail + | Return _ -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id0 -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with + | Fail -> Fail + | Return id1 -> + begin match betree_store_leaf_node_fwd id0 content0 st with + | Fail -> Fail + | Return (st1, _) -> + begin match betree_store_leaf_node_fwd id1 content1 st1 with + | Fail -> Fail + | Return (_, _) -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt0 + with + | Fail -> Fail + | Return node_id_cnt1 -> Return (st0, node_id_cnt1) + end + end + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::lookup_in_bindings] *) +let rec betree_node_lookup_in_bindings_fwd + (key : u64) (bindings : betree_list_t (u64 & u64)) : + Tot (result (option u64)) + (decreases (betree_node_lookup_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i = key + then Return (Some i0) + else + if i > key + then Return None + else + begin match betree_node_lookup_in_bindings_fwd key tl with + | Fail -> Fail + | Return opt -> Return opt + end + | BetreeListNil -> Return None + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *) +let rec betree_node_lookup_first_message_for_key_fwd + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_lookup_first_message_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons x next_msgs -> + let (i, m) = x in + if i >= key + then Return (BetreeListCons (i, m) next_msgs) + else + begin match betree_node_lookup_first_message_for_key_fwd key next_msgs + with + | Fail -> Fail + | Return l -> Return l + end + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *) +let rec betree_node_lookup_first_message_for_key_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) + (ret : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_lookup_first_message_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons x next_msgs -> + let (i, m) = x in + if i >= key + then Return ret + else + begin match + betree_node_lookup_first_message_for_key_back key next_msgs ret with + | Fail -> Fail + | Return next_msgs0 -> Return (BetreeListCons (i, m) next_msgs0) + end + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_upserts] *) +let rec betree_node_apply_upserts_fwd + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) : + Tot (result (state & u64)) + (decreases (betree_node_apply_upserts_decreases msgs prev key st)) + = + begin match betree_list_head_has_key_fwd betree_message_t msgs key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_pop_front_fwd (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msg -> + let (_, m) = msg in + begin match m with + | BetreeMessageInsert i -> Fail + | BetreeMessageDelete -> Fail + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd prev s with + | Fail -> Fail + | Return v -> + begin match + betree_list_pop_front_back (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msgs0 -> + begin match betree_node_apply_upserts_fwd msgs0 (Some v) key st + with + | Fail -> Fail + | Return (st0, i) -> Return (st0, i) + end + end + end + end + end + else + begin match core_option_option_unwrap_fwd u64 prev st with + | Fail -> Fail + | Return (st0, v) -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) msgs (key, + BetreeMessageInsert v) with + | Fail -> Fail + | Return _ -> Return (st0, v) + end + end + end + +(** [betree_main::betree::Node::{5}::apply_upserts] *) +let rec betree_node_apply_upserts_back + (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64) + (key : u64) (st : state) (st0 : state) : + Tot (result (state & (betree_list_t (u64 & betree_message_t)))) + (decreases (betree_node_apply_upserts_decreases msgs prev key st)) + = + begin match betree_list_head_has_key_fwd betree_message_t msgs key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_pop_front_fwd (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msg -> + let (_, m) = msg in + begin match m with + | BetreeMessageInsert i -> Fail + | BetreeMessageDelete -> Fail + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd prev s with + | Fail -> Fail + | Return v -> + begin match + betree_list_pop_front_back (u64 & betree_message_t) msgs with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_node_apply_upserts_back msgs0 (Some v) key st st0 with + | Fail -> Fail + | Return (st1, msgs1) -> Return (st1, msgs1) + end + end + end + end + end + else + begin match core_option_option_unwrap_fwd u64 prev st with + | Fail -> Fail + | Return (_, v) -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) msgs (key, + BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs0 -> Return (st0, msgs0) + end + end + end + +(** [betree_main::betree::Node::{5}::lookup] *) +let rec betree_node_lookup_fwd + (self : betree_node_t) (key : u64) (st : state) : + Tot (result (state & (option u64))) + (decreases (betree_node_lookup_decreases self key st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, msgs) -> + begin match betree_node_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return pending -> + begin match pending with + | BetreeListCons p l -> + let (k, msg) = p in + if k <> key + then + begin match betree_internal_lookup_in_children_fwd node key st0 + with + | Fail -> Fail + | Return (st1, opt) -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l) with + | Fail -> Fail + | Return _ -> Return (st1, opt) + end + end + else + begin match msg with + | BetreeMessageInsert v -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l) with + | Fail -> Fail + | Return _ -> Return (st0, Some v) + end + | BetreeMessageDelete -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l) with + | Fail -> Fail + | Return _ -> Return (st0, None) + end + | BetreeMessageUpsert ufs -> + begin match betree_internal_lookup_in_children_fwd node key st0 + with + | Fail -> Fail + | Return (st1, v) -> + begin match + betree_node_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 with + | Fail -> Fail + | Return (st2, v0) -> + begin match + betree_internal_lookup_in_children_back node key st0 st2 + with + | Fail -> Fail + | Return (st3, node0) -> + begin match + betree_node_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st1 st3 with + | Fail -> Fail + | Return (st4, pending0) -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + pending0 with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st4 with + | Fail -> Fail + | Return (st5, _) -> Return (st5, Some v0) + end + end + end + end + end + end + end + | BetreeListNil -> + begin match betree_internal_lookup_in_children_fwd node key st0 with + | Fail -> Fail + | Return (st1, opt) -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + BetreeListNil with + | Fail -> Fail + | Return _ -> Return (st1, opt) + end + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st0, bindings) -> + begin match betree_node_lookup_in_bindings_fwd key bindings with + | Fail -> Fail + | Return opt -> Return (st0, opt) + end + end + end + +(** [betree_main::betree::Node::{5}::lookup] *) +and betree_node_lookup_back + (self : betree_node_t) (key : u64) (st : state) (st0 : state) : + Tot (result (state & betree_node_t)) + (decreases (betree_node_lookup_decreases self key st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st1, msgs) -> + begin match betree_node_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return pending -> + begin match pending with + | BetreeListCons p l -> + let (k, msg) = p in + if k <> key + then + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, msg) l) with + | Fail -> Fail + | Return _ -> + begin match + betree_internal_lookup_in_children_back node key st1 st0 with + | Fail -> Fail + | Return (st2, node0) -> Return (st2, BetreeNodeInternal node0) + end + end + else + begin match msg with + | BetreeMessageInsert v -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageInsert v) l) with + | Fail -> Fail + | Return _ -> Return (st0, BetreeNodeInternal node) + end + | BetreeMessageDelete -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + (BetreeListCons (k, BetreeMessageDelete) l) with + | Fail -> Fail + | Return _ -> Return (st0, BetreeNodeInternal node) + end + | BetreeMessageUpsert ufs -> + begin match betree_internal_lookup_in_children_fwd node key st1 + with + | Fail -> Fail + | Return (st2, v) -> + begin match + betree_node_apply_upserts_fwd (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st2 with + | Fail -> Fail + | Return (st3, _) -> + begin match + betree_internal_lookup_in_children_back node key st1 st3 + with + | Fail -> Fail + | Return (st4, node0) -> + begin match + betree_node_apply_upserts_back (BetreeListCons (k, + BetreeMessageUpsert ufs) l) v key st2 st4 with + | Fail -> Fail + | Return (st5, pending0) -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + pending0 with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_store_internal_node_fwd + node0.betree_internal_id msgs0 st5 with + | Fail -> Fail + | Return (_, _) -> + Return (st0, BetreeNodeInternal node0) + end + end + end + end + end + end + end + | BetreeListNil -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + BetreeListNil with + | Fail -> Fail + | Return _ -> + begin match + betree_internal_lookup_in_children_back node key st1 st0 with + | Fail -> Fail + | Return (st2, node0) -> Return (st2, BetreeNodeInternal node0) + end + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (_, bindings) -> + begin match betree_node_lookup_in_bindings_fwd key bindings with + | Fail -> Fail + | Return _ -> Return (st0, BetreeNodeLeaf node) + end + end + end + +(** [betree_main::betree::Internal::{4}::lookup_in_children] *) +and betree_internal_lookup_in_children_fwd + (self : betree_internal_t) (key : u64) (st : state) : + Tot (result (state & (option u64))) + (decreases (betree_internal_lookup_in_children_decreases self key st)) + = + if key < self.betree_internal_pivot + then + begin match betree_node_lookup_fwd self.betree_internal_left key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + else + begin match betree_node_lookup_fwd self.betree_internal_right key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + +(** [betree_main::betree::Internal::{4}::lookup_in_children] *) +and betree_internal_lookup_in_children_back + (self : betree_internal_t) (key : u64) (st : state) (st0 : state) : + Tot (result (state & betree_internal_t)) + (decreases (betree_internal_lookup_in_children_decreases self key st)) + = + if key < self.betree_internal_pivot + then + begin match betree_node_lookup_back self.betree_internal_left key st st0 + with + | Fail -> Fail + | Return (st1, n) -> + Return (st1, Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot n self.betree_internal_right) + end + else + begin match betree_node_lookup_back self.betree_internal_right key st st0 + with + | Fail -> Fail + | Return (st1, n) -> + Return (st1, Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot self.betree_internal_left n) + end + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *) +let rec betree_node_lookup_mut_in_bindings_fwd + (key : u64) (bindings : betree_list_t (u64 & u64)) : + Tot (result (betree_list_t (u64 & u64))) + (decreases (betree_node_lookup_mut_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i >= key + then Return (BetreeListCons (i, i0) tl) + else + begin match betree_node_lookup_mut_in_bindings_fwd key tl with + | Fail -> Fail + | Return l -> Return l + end + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *) +let rec betree_node_lookup_mut_in_bindings_back + (key : u64) (bindings : betree_list_t (u64 & u64)) + (ret : betree_list_t (u64 & u64)) : + Tot (result (betree_list_t (u64 & u64))) + (decreases (betree_node_lookup_mut_in_bindings_decreases key bindings)) + = + begin match bindings with + | BetreeListCons hd tl -> + let (i, i0) = hd in + if i >= key + then Return ret + else + begin match betree_node_lookup_mut_in_bindings_back key tl ret with + | Fail -> Fail + | Return tl0 -> Return (BetreeListCons (i, i0) tl0) + end + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_to_leaf] *) +let betree_node_apply_to_leaf_fwd_back + (bindings : betree_list_t (u64 & u64)) (key : u64) + (new_msg : betree_message_t) : + result (betree_list_t (u64 & u64)) + = + begin match betree_node_lookup_mut_in_bindings_fwd key bindings with + | Fail -> Fail + | Return bindings0 -> + begin match betree_list_head_has_key_fwd u64 bindings0 key with + | Fail -> Fail + | Return b -> + if b + then + begin match betree_list_pop_front_fwd (u64 & u64) bindings0 with + | Fail -> Fail + | Return hd -> + begin match new_msg with + | BetreeMessageInsert v -> + begin match betree_list_pop_front_back (u64 & u64) bindings0 with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_list_push_front_fwd_back (u64 & u64) bindings1 (key, v) + with + | Fail -> Fail + | Return bindings2 -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings + bindings2 with + | Fail -> Fail + | Return bindings3 -> Return bindings3 + end + end + end + | BetreeMessageDelete -> + begin match betree_list_pop_front_back (u64 & u64) bindings0 with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + | BetreeMessageUpsert s -> + let (_, i) = hd in + begin match betree_upsert_update_fwd (Some i) s with + | Fail -> Fail + | Return v -> + begin match betree_list_pop_front_back (u64 & u64) bindings0 with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_list_push_front_fwd_back (u64 & u64) bindings1 (key, + v) with + | Fail -> Fail + | Return bindings2 -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings + bindings2 with + | Fail -> Fail + | Return bindings3 -> Return bindings3 + end + end + end + end + end + end + else + begin match new_msg with + | BetreeMessageInsert v -> + begin match + betree_list_push_front_fwd_back (u64 & u64) bindings0 (key, v) with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + | BetreeMessageDelete -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings bindings0 with + | Fail -> Fail + | Return bindings1 -> Return bindings1 + end + | BetreeMessageUpsert s -> + begin match betree_upsert_update_fwd None s with + | Fail -> Fail + | Return v -> + begin match + betree_list_push_front_fwd_back (u64 & u64) bindings0 (key, v) + with + | Fail -> Fail + | Return bindings1 -> + begin match + betree_node_lookup_mut_in_bindings_back key bindings bindings1 + with + | Fail -> Fail + | Return bindings2 -> Return bindings2 + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply_messages_to_leaf] *) +let rec betree_node_apply_messages_to_leaf_fwd_back + (bindings : betree_list_t (u64 & u64)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & u64))) + (decreases (betree_node_apply_messages_to_leaf_decreases bindings new_msgs)) + = + begin match new_msgs with + | BetreeListCons new_msg new_msgs_tl -> + let (i, m) = new_msg in + begin match betree_node_apply_to_leaf_fwd_back bindings i m with + | Fail -> Fail + | Return bindings0 -> + begin match + betree_node_apply_messages_to_leaf_fwd_back bindings0 new_msgs_tl with + | Fail -> Fail + | Return bindings1 -> Return bindings1 + end + end + | BetreeListNil -> Return bindings + end + +(** [betree_main::betree::Node::{5}::filter_messages_for_key] *) +let rec betree_node_filter_messages_for_key_fwd_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_filter_messages_for_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p l -> + let (k, m) = p in + if k = key + then + begin match + betree_list_pop_front_back (u64 & betree_message_t) (BetreeListCons (k, + m) l) with + | Fail -> Fail + | Return msgs0 -> + begin match betree_node_filter_messages_for_key_fwd_back key msgs0 with + | Fail -> Fail + | Return msgs1 -> Return msgs1 + end + end + else Return (BetreeListCons (k, m) l) + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *) +let rec betree_node_lookup_first_message_after_key_fwd + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_lookup_first_message_after_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p next_msgs -> + let (k, m) = p in + if k = key + then + begin match betree_node_lookup_first_message_after_key_fwd key next_msgs + with + | Fail -> Fail + | Return l -> Return l + end + else Return (BetreeListCons (k, m) next_msgs) + | BetreeListNil -> Return BetreeListNil + end + +(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *) +let rec betree_node_lookup_first_message_after_key_back + (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) + (ret : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_lookup_first_message_after_key_decreases key msgs)) + = + begin match msgs with + | BetreeListCons p next_msgs -> + let (k, m) = p in + if k = key + then + begin match + betree_node_lookup_first_message_after_key_back key next_msgs ret with + | Fail -> Fail + | Return next_msgs0 -> Return (BetreeListCons (k, m) next_msgs0) + end + else Return ret + | BetreeListNil -> Return ret + end + +(** [betree_main::betree::Node::{5}::apply_to_internal] *) +let betree_node_apply_to_internal_fwd_back + (msgs : betree_list_t (u64 & betree_message_t)) (key : u64) + (new_msg : betree_message_t) : + result (betree_list_t (u64 & betree_message_t)) + = + begin match betree_node_lookup_first_message_for_key_fwd key msgs with + | Fail -> Fail + | Return msgs0 -> + begin match betree_list_head_has_key_fwd betree_message_t msgs0 key with + | Fail -> Fail + | Return b -> + if b + then + begin match new_msg with + | BetreeMessageInsert i -> + begin match betree_node_filter_messages_for_key_fwd_back key msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) msgs1 + (key, BetreeMessageInsert i) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs msgs2 + with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + | BetreeMessageDelete -> + begin match betree_node_filter_messages_for_key_fwd_back key msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) msgs1 + (key, BetreeMessageDelete) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs msgs2 + with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + | BetreeMessageUpsert s -> + begin match betree_list_hd_fwd (u64 & betree_message_t) msgs0 with + | Fail -> Fail + | Return p -> + let (_, m) = p in + begin match m with + | BetreeMessageInsert prev -> + begin match betree_upsert_update_fwd (Some prev) s with + | Fail -> Fail + | Return v -> + begin match + betree_list_pop_front_back (u64 & betree_message_t) msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + msgs2 with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + end + | BetreeMessageDelete -> + begin match betree_upsert_update_fwd None s with + | Fail -> Fail + | Return v -> + begin match + betree_list_pop_front_back (u64 & betree_message_t) msgs0 + with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageInsert v) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + msgs2 with + | Fail -> Fail + | Return msgs3 -> Return msgs3 + end + end + end + end + | BetreeMessageUpsert ufs -> + begin match + betree_node_lookup_first_message_after_key_fwd key msgs0 with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) + msgs1 (key, BetreeMessageUpsert s) with + | Fail -> Fail + | Return msgs2 -> + begin match + betree_node_lookup_first_message_after_key_back key msgs0 + msgs2 with + | Fail -> Fail + | Return msgs3 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs + msgs3 with + | Fail -> Fail + | Return msgs4 -> Return msgs4 + end + end + end + end + end + end + end + else + begin match + betree_list_push_front_fwd_back (u64 & betree_message_t) msgs0 (key, + new_msg) with + | Fail -> Fail + | Return msgs1 -> + begin match + betree_node_lookup_first_message_for_key_back key msgs msgs1 with + | Fail -> Fail + | Return msgs2 -> Return msgs2 + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply_messages_to_internal] *) +let rec betree_node_apply_messages_to_internal_fwd_back + (msgs : betree_list_t (u64 & betree_message_t)) + (new_msgs : betree_list_t (u64 & betree_message_t)) : + Tot (result (betree_list_t (u64 & betree_message_t))) + (decreases (betree_node_apply_messages_to_internal_decreases msgs new_msgs)) + = + begin match new_msgs with + | BetreeListCons new_msg new_msgs_tl -> + let (i, m) = new_msg in + begin match betree_node_apply_to_internal_fwd_back msgs i m with + | Fail -> Fail + | Return msgs0 -> + begin match + betree_node_apply_messages_to_internal_fwd_back msgs0 new_msgs_tl with + | Fail -> Fail + | Return msgs1 -> Return msgs1 + end + end + | BetreeListNil -> Return msgs + end + +(** [betree_main::betree::Node::{5}::apply_messages] *) +let rec betree_node_apply_messages_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (state & unit)) + (decreases (betree_node_apply_messages_decreases self params node_id_cnt msgs + st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_apply_messages_to_internal_fwd_back content msgs + with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & betree_message_t) content0 with + | Fail -> Fail + | Return num_msgs -> + if num_msgs >= params.betree_params_min_flush_size + then + begin match + betree_internal_flush_fwd node params node_id_cnt content0 st0 + with + | Fail -> Fail + | Return (st1, content1) -> + begin match + betree_internal_flush_back'a node params node_id_cnt content0 + st0 st1 with + | Fail -> Fail + | Return (st2, (node0, _)) -> + begin match + betree_store_internal_node_fwd node0.betree_internal_id + content1 st2 with + | Fail -> Fail + | Return (st3, _) -> Return (st3, ()) + end + end + end + else + begin match + betree_store_internal_node_fwd node.betree_internal_id content0 + st0 with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st0, content) -> + begin match betree_node_apply_messages_to_leaf_fwd_back content msgs with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & u64) content0 with + | Fail -> Fail + | Return len -> + begin match u64_mul 2 params.betree_params_split_size with + | Fail -> Fail + | Return i -> + if len >= i + then + begin match + betree_leaf_split_fwd node content0 params node_id_cnt st0 with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil + st1 with + | Fail -> Fail + | Return (st2, _) -> + begin match + betree_leaf_split_back0 node content0 params node_id_cnt + st0 st2 with + | Fail -> Fail + | Return (st3, ()) -> Return (st3, ()) + end + end + end + else + begin match + betree_store_leaf_node_fwd node.betree_leaf_id content0 st0 + with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply_messages] *) +and betree_node_apply_messages_back'a + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) (st0 : state) : + Tot (result (state & (betree_node_t & betree_node_id_counter_t))) + (decreases (betree_node_apply_messages_decreases self params node_id_cnt msgs + st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st1, content) -> + begin match betree_node_apply_messages_to_internal_fwd_back content msgs + with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & betree_message_t) content0 with + | Fail -> Fail + | Return num_msgs -> + if num_msgs >= params.betree_params_min_flush_size + then + begin match + betree_internal_flush_fwd node params node_id_cnt content0 st1 + with + | Fail -> Fail + | Return (st2, content1) -> + begin match + betree_internal_flush_back'a node params node_id_cnt content0 + st1 st2 with + | Fail -> Fail + | Return (st3, (node0, node_id_cnt0)) -> + begin match + betree_store_internal_node_fwd node0.betree_internal_id + content1 st3 with + | Fail -> Fail + | Return (_, _) -> + Return (st0, (BetreeNodeInternal node0, node_id_cnt0)) + end + end + end + else + begin match + betree_store_internal_node_fwd node.betree_internal_id content0 + st1 with + | Fail -> Fail + | Return (_, _) -> + Return (st0, (BetreeNodeInternal node, node_id_cnt)) + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st1, content) -> + begin match betree_node_apply_messages_to_leaf_fwd_back content msgs with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & u64) content0 with + | Fail -> Fail + | Return len -> + begin match u64_mul 2 params.betree_params_split_size with + | Fail -> Fail + | Return i -> + if len >= i + then + begin match + betree_leaf_split_fwd node content0 params node_id_cnt st1 with + | Fail -> Fail + | Return (st2, new_node) -> + begin match + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil + st2 with + | Fail -> Fail + | Return (st3, _) -> + begin match + betree_leaf_split_back0 node content0 params node_id_cnt + st1 st3 with + | Fail -> Fail + | Return (_, ()) -> + begin match + betree_leaf_split_back2 node content0 params node_id_cnt + st1 st0 with + | Fail -> Fail + | Return (st4, node_id_cnt0) -> + Return (st4, (BetreeNodeInternal new_node, node_id_cnt0)) + end + end + end + end + else + begin match + betree_store_leaf_node_fwd node.betree_leaf_id content0 st1 + with + | Fail -> Fail + | Return (_, _) -> + Return (st0, (BetreeNodeLeaf (Mkbetree_leaf_t + node.betree_leaf_id len), node_id_cnt)) + end + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply_messages] *) +and betree_node_apply_messages_back1 + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (msgs : betree_list_t (u64 & betree_message_t)) (st : state) (st0 : state) : + Tot (result (state & unit)) + (decreases (betree_node_apply_messages_decreases self params node_id_cnt msgs + st)) + = + begin match self with + | BetreeNodeInternal node -> + begin match betree_load_internal_node_fwd node.betree_internal_id st with + | Fail -> Fail + | Return (st1, content) -> + begin match betree_node_apply_messages_to_internal_fwd_back content msgs + with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & betree_message_t) content0 with + | Fail -> Fail + | Return num_msgs -> + if num_msgs >= params.betree_params_min_flush_size + then + begin match + betree_internal_flush_fwd node params node_id_cnt content0 st1 + with + | Fail -> Fail + | Return (st2, content1) -> + begin match + betree_internal_flush_back'a node params node_id_cnt content0 + st1 st2 with + | Fail -> Fail + | Return (st3, (node0, _)) -> + begin match + betree_store_internal_node_fwd node0.betree_internal_id + content1 st3 with + | Fail -> Fail + | Return (_, _) -> + begin match + betree_internal_flush_back1 node params node_id_cnt + content0 st1 st0 with + | Fail -> Fail + | Return (st4, ()) -> Return (st4, ()) + end + end + end + end + else + begin match + betree_store_internal_node_fwd node.betree_internal_id content0 + st1 with + | Fail -> Fail + | Return (_, _) -> Return (st0, ()) + end + end + end + end + | BetreeNodeLeaf node -> + begin match betree_load_leaf_node_fwd node.betree_leaf_id st with + | Fail -> Fail + | Return (st1, content) -> + begin match betree_node_apply_messages_to_leaf_fwd_back content msgs with + | Fail -> Fail + | Return content0 -> + begin match betree_list_len_fwd (u64 & u64) content0 with + | Fail -> Fail + | Return len -> + begin match u64_mul 2 params.betree_params_split_size with + | Fail -> Fail + | Return i -> + if len >= i + then + begin match + betree_leaf_split_fwd node content0 params node_id_cnt st1 with + | Fail -> Fail + | Return (st2, _) -> + begin match + betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil + st2 with + | Fail -> Fail + | Return (st3, _) -> + begin match + betree_leaf_split_back0 node content0 params node_id_cnt + st1 st3 with + | Fail -> Fail + | Return (_, ()) -> + begin match + betree_leaf_split_back1 node content0 params node_id_cnt + st1 st0 with + | Fail -> Fail + | Return (st4, ()) -> Return (st4, ()) + end + end + end + end + else + begin match + betree_store_leaf_node_fwd node.betree_leaf_id content0 st1 + with + | Fail -> Fail + | Return (_, _) -> Return (st0, ()) + end + end + end + end + end + end + +(** [betree_main::betree::Internal::{4}::flush] *) +and betree_internal_flush_fwd + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) : + Tot (result (state & (betree_list_t (u64 & betree_message_t)))) + (decreases (betree_internal_flush_decreases self params node_id_cnt content + st)) + = + begin match + betree_list_partition_at_pivot_fwd betree_message_t content + self.betree_internal_pivot with + | Fail -> Fail + | Return p -> + let (msgs_left, msgs_right) = p in + begin match betree_list_len_fwd (u64 & betree_message_t) msgs_left with + | Fail -> Fail + | Return len_left -> + if len_left >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_left params + node_id_cnt msgs_left st st0 with + | Fail -> Fail + | Return (st1, (_, node_id_cnt0)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_left params + node_id_cnt msgs_left st st1 with + | Fail -> Fail + | Return (st2, ()) -> + begin match + betree_list_len_fwd (u64 & betree_message_t) msgs_right with + | Fail -> Fail + | Return len_right -> + if len_right >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_right + params node_id_cnt0 msgs_right st2 with + | Fail -> Fail + | Return (st3, _) -> + begin match + betree_node_apply_messages_back'a + self.betree_internal_right params node_id_cnt0 + msgs_right st2 st3 with + | Fail -> Fail + | Return (st4, (_, _)) -> + begin match + betree_node_apply_messages_back1 + self.betree_internal_right params node_id_cnt0 + msgs_right st2 st4 with + | Fail -> Fail + | Return (st5, ()) -> Return (st5, BetreeListNil) + end + end + end + else Return (st2, msgs_right) + end + end + end + end + else + begin match + betree_node_apply_messages_fwd self.betree_internal_right params + node_id_cnt msgs_right st with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_right params + node_id_cnt msgs_right st st0 with + | Fail -> Fail + | Return (st1, (_, _)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_right + params node_id_cnt msgs_right st st1 with + | Fail -> Fail + | Return (st2, ()) -> Return (st2, msgs_left) + end + end + end + end + end + +(** [betree_main::betree::Internal::{4}::flush] *) +and betree_internal_flush_back'a + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) (st0 : state) : + Tot (result (state & (betree_internal_t & betree_node_id_counter_t))) + (decreases (betree_internal_flush_decreases self params node_id_cnt content + st)) + = + begin match + betree_list_partition_at_pivot_fwd betree_message_t content + self.betree_internal_pivot with + | Fail -> Fail + | Return p -> + let (msgs_left, msgs_right) = p in + begin match betree_list_len_fwd (u64 & betree_message_t) msgs_left with + | Fail -> Fail + | Return len_left -> + if len_left >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_left params + node_id_cnt msgs_left st st1 with + | Fail -> Fail + | Return (st2, (n, node_id_cnt0)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_left params + node_id_cnt msgs_left st st2 with + | Fail -> Fail + | Return (st3, ()) -> + begin match + betree_list_len_fwd (u64 & betree_message_t) msgs_right with + | Fail -> Fail + | Return len_right -> + if len_right >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_right + params node_id_cnt0 msgs_right st3 with + | Fail -> Fail + | Return (st4, _) -> + begin match + betree_node_apply_messages_back'a + self.betree_internal_right params node_id_cnt0 + msgs_right st3 st4 with + | Fail -> Fail + | Return (st5, (n0, node_id_cnt1)) -> + begin match + betree_node_apply_messages_back1 + self.betree_internal_right params node_id_cnt0 + msgs_right st3 st5 with + | Fail -> Fail + | Return (_, ()) -> + Return (st0, (Mkbetree_internal_t + self.betree_internal_id self.betree_internal_pivot n + n0, node_id_cnt1)) + end + end + end + else + Return (st0, (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot n self.betree_internal_right, + node_id_cnt0)) + end + end + end + end + else + begin match + betree_node_apply_messages_fwd self.betree_internal_right params + node_id_cnt msgs_right st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_right params + node_id_cnt msgs_right st st1 with + | Fail -> Fail + | Return (st2, (n, node_id_cnt0)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_right + params node_id_cnt msgs_right st st2 with + | Fail -> Fail + | Return (_, ()) -> + Return (st0, (Mkbetree_internal_t self.betree_internal_id + self.betree_internal_pivot self.betree_internal_left n, + node_id_cnt0)) + end + end + end + end + end + +(** [betree_main::betree::Internal::{4}::flush] *) +and betree_internal_flush_back1 + (self : betree_internal_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) + (content : betree_list_t (u64 & betree_message_t)) (st : state) (st0 : state) : + Tot (result (state & unit)) + (decreases (betree_internal_flush_decreases self params node_id_cnt content + st)) + = + begin match + betree_list_partition_at_pivot_fwd betree_message_t content + self.betree_internal_pivot with + | Fail -> Fail + | Return p -> + let (msgs_left, msgs_right) = p in + begin match betree_list_len_fwd (u64 & betree_message_t) msgs_left with + | Fail -> Fail + | Return len_left -> + if len_left >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_left params + node_id_cnt msgs_left st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_left params + node_id_cnt msgs_left st st1 with + | Fail -> Fail + | Return (st2, (_, node_id_cnt0)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_left params + node_id_cnt msgs_left st st2 with + | Fail -> Fail + | Return (st3, ()) -> + begin match + betree_list_len_fwd (u64 & betree_message_t) msgs_right with + | Fail -> Fail + | Return len_right -> + if len_right >= params.betree_params_min_flush_size + then + begin match + betree_node_apply_messages_fwd self.betree_internal_right + params node_id_cnt0 msgs_right st3 with + | Fail -> Fail + | Return (st4, _) -> + begin match + betree_node_apply_messages_back'a + self.betree_internal_right params node_id_cnt0 + msgs_right st3 st4 with + | Fail -> Fail + | Return (st5, (_, _)) -> + begin match + betree_node_apply_messages_back1 + self.betree_internal_right params node_id_cnt0 + msgs_right st3 st5 with + | Fail -> Fail + | Return (_, ()) -> Return (st0, ()) + end + end + end + else Return (st0, ()) + end + end + end + end + else + begin match + betree_node_apply_messages_fwd self.betree_internal_right params + node_id_cnt msgs_right st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self.betree_internal_right params + node_id_cnt msgs_right st st1 with + | Fail -> Fail + | Return (st2, (_, _)) -> + begin match + betree_node_apply_messages_back1 self.betree_internal_right + params node_id_cnt msgs_right st st2 with + | Fail -> Fail + | Return (_, ()) -> Return (st0, ()) + end + end + end + end + end + +(** [betree_main::betree::Node::{5}::apply] *) +let betree_node_apply_fwd + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) : + result (state & unit) + = + let l = BetreeListNil in + begin match + betree_node_apply_messages_fwd self params node_id_cnt (BetreeListCons + (key, new_msg) l) st with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_node_apply_messages_back'a self params node_id_cnt (BetreeListCons + (key, new_msg) l) st st0 with + | Fail -> Fail + | Return (st1, (_, _)) -> + begin match + betree_node_apply_messages_back1 self params node_id_cnt + (BetreeListCons (key, new_msg) l) st st1 with + | Fail -> Fail + | Return (st2, ()) -> Return (st2, ()) + end + end + end + +(** [betree_main::betree::Node::{5}::apply] *) +let betree_node_apply_back'a + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) (st0 : state) : + result (state & (betree_node_t & betree_node_id_counter_t)) + = + let l = BetreeListNil in + begin match + betree_node_apply_messages_fwd self params node_id_cnt (BetreeListCons + (key, new_msg) l) st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self params node_id_cnt (BetreeListCons + (key, new_msg) l) st st1 with + | Fail -> Fail + | Return (st2, (self0, node_id_cnt0)) -> + begin match + betree_node_apply_messages_back1 self params node_id_cnt + (BetreeListCons (key, new_msg) l) st st2 with + | Fail -> Fail + | Return (_, ()) -> Return (st0, (self0, node_id_cnt0)) + end + end + end + +(** [betree_main::betree::Node::{5}::apply] *) +let betree_node_apply_back1 + (self : betree_node_t) (params : betree_params_t) + (node_id_cnt : betree_node_id_counter_t) (key : u64) + (new_msg : betree_message_t) (st : state) (st0 : state) : + result (state & unit) + = + let l = BetreeListNil in + begin match + betree_node_apply_messages_fwd self params node_id_cnt (BetreeListCons + (key, new_msg) l) st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_messages_back'a self params node_id_cnt (BetreeListCons + (key, new_msg) l) st st1 with + | Fail -> Fail + | Return (st2, (_, _)) -> + begin match + betree_node_apply_messages_back1 self params node_id_cnt + (BetreeListCons (key, new_msg) l) st st2 with + | Fail -> Fail + | Return (_, ()) -> Return (st0, ()) + end + end + end + +(** [betree_main::betree::BeTree::{6}::new] *) +let betree_be_tree_new_fwd + (min_flush_size : u64) (split_size : u64) (st : state) : + result (state & betree_be_tree_t) + = + begin match betree_node_id_counter_new_fwd with + | Fail -> Fail + | Return node_id_cnt -> + begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with + | Fail -> Fail + | Return id -> + begin match betree_store_leaf_node_fwd id BetreeListNil st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_node_id_counter_fresh_id_back node_id_cnt with + | Fail -> Fail + | Return node_id_cnt0 -> + Return (st0, Mkbetree_be_tree_t (Mkbetree_params_t min_flush_size + split_size) node_id_cnt0 (BetreeNodeLeaf (Mkbetree_leaf_t id 0))) + end + end + end + end + +(** [betree_main::betree::BeTree::{6}::apply] *) +let betree_be_tree_apply_fwd + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) : + result (state & unit) + = + begin match + betree_node_apply_fwd self.betree_be_tree_root self.betree_be_tree_params + self.betree_be_tree_node_id_cnt key msg st with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_node_apply_back'a self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st + st0 with + | Fail -> Fail + | Return (st1, (_, _)) -> + begin match + betree_node_apply_back1 self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st + st1 with + | Fail -> Fail + | Return (st2, ()) -> Return (st2, ()) + end + end + end + +(** [betree_main::betree::BeTree::{6}::apply] *) +let betree_be_tree_apply_back + (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) + (st0 : state) : + result (state & betree_be_tree_t) + = + begin match + betree_node_apply_fwd self.betree_be_tree_root self.betree_be_tree_params + self.betree_be_tree_node_id_cnt key msg st with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_node_apply_back'a self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st + st1 with + | Fail -> Fail + | Return (st2, (n, nic)) -> + begin match + betree_node_apply_back1 self.betree_be_tree_root + self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st + st2 with + | Fail -> Fail + | Return (_, ()) -> + Return (st0, Mkbetree_be_tree_t self.betree_be_tree_params nic n) + end + end + end + +(** [betree_main::betree::BeTree::{6}::insert] *) +let betree_be_tree_insert_fwd + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) : + result (state & unit) + = + begin match betree_be_tree_apply_fwd self key (BetreeMessageInsert value) st + with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_be_tree_apply_back self key (BetreeMessageInsert value) st st0 + with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + +(** [betree_main::betree::BeTree::{6}::insert] *) +let betree_be_tree_insert_back + (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) + (st0 : state) : + result (state & betree_be_tree_t) + = + begin match betree_be_tree_apply_fwd self key (BetreeMessageInsert value) st + with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_be_tree_apply_back self key (BetreeMessageInsert value) st st1 + with + | Fail -> Fail + | Return (_, self0) -> Return (st0, self0) + end + end + +(** [betree_main::betree::BeTree::{6}::delete] *) +let betree_be_tree_delete_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : result (state & unit) = + begin match betree_be_tree_apply_fwd self key BetreeMessageDelete st with + | Fail -> Fail + | Return (st0, _) -> + begin match betree_be_tree_apply_back self key BetreeMessageDelete st st0 + with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + +(** [betree_main::betree::BeTree::{6}::delete] *) +let betree_be_tree_delete_back + (self : betree_be_tree_t) (key : u64) (st : state) (st0 : state) : + result (state & betree_be_tree_t) + = + begin match betree_be_tree_apply_fwd self key BetreeMessageDelete st with + | Fail -> Fail + | Return (st1, _) -> + begin match betree_be_tree_apply_back self key BetreeMessageDelete st st1 + with + | Fail -> Fail + | Return (_, self0) -> Return (st0, self0) + end + end + +(** [betree_main::betree::BeTree::{6}::upsert] *) +let betree_be_tree_upsert_fwd + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) : + result (state & unit) + = + begin match betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) st + with + | Fail -> Fail + | Return (st0, _) -> + begin match + betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st st0 with + | Fail -> Fail + | Return (st1, _) -> Return (st1, ()) + end + end + +(** [betree_main::betree::BeTree::{6}::upsert] *) +let betree_be_tree_upsert_back + (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t) + (st : state) (st0 : state) : + result (state & betree_be_tree_t) + = + begin match betree_be_tree_apply_fwd self key (BetreeMessageUpsert upd) st + with + | Fail -> Fail + | Return (st1, _) -> + begin match + betree_be_tree_apply_back self key (BetreeMessageUpsert upd) st st1 with + | Fail -> Fail + | Return (_, self0) -> Return (st0, self0) + end + end + +(** [betree_main::betree::BeTree::{6}::lookup] *) +let betree_be_tree_lookup_fwd + (self : betree_be_tree_t) (key : u64) (st : state) : + result (state & (option u64)) + = + begin match betree_node_lookup_fwd self.betree_be_tree_root key st with + | Fail -> Fail + | Return (st0, opt) -> Return (st0, opt) + end + +(** [betree_main::betree::BeTree::{6}::lookup] *) +let betree_be_tree_lookup_back + (self : betree_be_tree_t) (key : u64) (st : state) (st0 : state) : + result (state & betree_be_tree_t) + = + begin match betree_node_lookup_back self.betree_be_tree_root key st st0 with + | Fail -> Fail + | Return (st1, n) -> + Return (st1, Mkbetree_be_tree_t self.betree_be_tree_params + self.betree_be_tree_node_id_cnt n) + end + +(** [betree_main::main] *) +let main_fwd : result unit = Return () + +(** Unit test for [betree_main::main] *) +let _ = assert_norm (main_fwd = Return ()) + diff --git a/tests/betree_back_stateful/BetreeMain.Opaque.fsti b/tests/betree_back_stateful/BetreeMain.Opaque.fsti new file mode 100644 index 00000000..dc49601a --- /dev/null +++ b/tests/betree_back_stateful/BetreeMain.Opaque.fsti @@ -0,0 +1,30 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: opaque function definitions *) +module BetreeMain.Opaque +open Primitives +include BetreeMain.Types + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [betree_main::betree_utils::load_internal_node] *) +val betree_utils_load_internal_node_fwd + : u64 -> state -> result (state & (betree_list_t (u64 & betree_message_t))) + +(** [betree_main::betree_utils::store_internal_node] *) +val betree_utils_store_internal_node_fwd + : + u64 -> betree_list_t (u64 & betree_message_t) -> state -> result (state & + unit) + +(** [betree_main::betree_utils::load_leaf_node] *) +val betree_utils_load_leaf_node_fwd + : u64 -> state -> result (state & (betree_list_t (u64 & u64))) + +(** [betree_main::betree_utils::store_leaf_node] *) +val betree_utils_store_leaf_node_fwd + : u64 -> betree_list_t (u64 & u64) -> state -> result (state & unit) + +(** [core::option::Option::{0}::unwrap] *) +val core_option_option_unwrap_fwd + (t : Type0) : option t -> state -> result (state & t) + diff --git a/tests/betree_back_stateful/BetreeMain.Types.fsti b/tests/betree_back_stateful/BetreeMain.Types.fsti new file mode 100644 index 00000000..c81e3302 --- /dev/null +++ b/tests/betree_back_stateful/BetreeMain.Types.fsti @@ -0,0 +1,64 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [betree_main]: type definitions *) +module BetreeMain.Types +open Primitives + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [betree_main::betree::List] *) +type betree_list_t (t : Type0) = +| BetreeListCons : t -> betree_list_t t -> betree_list_t t +| BetreeListNil : betree_list_t t + +(** [betree_main::betree::UpsertFunState] *) +type betree_upsert_fun_state_t = +| BetreeUpsertFunStateAdd : u64 -> betree_upsert_fun_state_t +| BetreeUpsertFunStateSub : u64 -> betree_upsert_fun_state_t + +(** [betree_main::betree::Message] *) +type betree_message_t = +| BetreeMessageInsert : u64 -> betree_message_t +| BetreeMessageDelete : betree_message_t +| BetreeMessageUpsert : betree_upsert_fun_state_t -> betree_message_t + +(** [betree_main::betree::Leaf] *) +type betree_leaf_t = { betree_leaf_id : u64; betree_leaf_size : u64; } + +(** [betree_main::betree::Node] *) +type betree_node_t = +| BetreeNodeInternal : betree_internal_t -> betree_node_t +| BetreeNodeLeaf : betree_leaf_t -> betree_node_t + +(** [betree_main::betree::Internal] *) +and betree_internal_t = +{ + betree_internal_id : u64; + betree_internal_pivot : u64; + betree_internal_left : betree_node_t; + betree_internal_right : betree_node_t; +} + +(** [betree_main::betree::Params] *) +type betree_params_t = +{ + betree_params_min_flush_size : u64; betree_params_split_size : u64; +} + +(** [betree_main::betree::NodeIdCounter] *) +type betree_node_id_counter_t = { betree_node_id_counter_next_node_id : u64; } + +(** [betree_main::betree::BeTree] *) +type betree_be_tree_t = +{ + betree_be_tree_params : betree_params_t; + betree_be_tree_node_id_cnt : betree_node_id_counter_t; + betree_be_tree_root : betree_node_t; +} + +(** [core::num::u64::{10}::MAX] *) +let core_num_u64_max_body : result u64 = Return 18446744073709551615 +let core_num_u64_max_c : u64 = eval_global core_num_u64_max_body + +(** The state type used in the state-error monad *) +val state : Type0 + diff --git a/tests/betree_back_stateful/Makefile b/tests/betree_back_stateful/Makefile new file mode 100644 index 00000000..a16b0edb --- /dev/null +++ b/tests/betree_back_stateful/Makefile @@ -0,0 +1,47 @@ +INCLUDE_DIRS = . + +FSTAR_INCLUDES = $(addprefix --include ,$(INCLUDE_DIRS)) + +FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints + +FSTAR_OPTIONS = $(FSTAR_HINTS) \ + --cache_checked_modules $(FSTAR_INCLUDES) --cmi \ + --warn_error '+241@247+285-274' \ + +FSTAR_NO_FLAGS = fstar.exe --already_cached 'Prims FStar LowStar Steel' --odir obj --cache_dir obj + +FSTAR = $(FSTAR_NO_FLAGS) $(FSTAR_OPTIONS) + +# The F* roots are used to compute the dependency graph, and generate the .depend file +FSTAR_ROOTS ?= $(wildcard *.fst *.fsti) + +# Build all the files +all: $(addprefix obj/,$(addsuffix .checked,$(FSTAR_ROOTS))) + +# This is the right way to ensure the .depend file always gets re-built. +ifeq (,$(filter %-in,$(MAKECMDGOALS))) +ifndef NODEPEND +ifndef MAKE_RESTARTS +.depend: .FORCE + $(FSTAR_NO_FLAGS) --dep full $(notdir $(FSTAR_ROOTS)) > $@ + +.PHONY: .FORCE +.FORCE: +endif +endif + +include .depend +endif + +# For the interactive mode +%.fst-in %.fsti-in: + @echo $(FSTAR_OPTIONS) + +# Generete the .checked files in batch mode +%.checked: + $(FSTAR) $(FSTAR_OPTIONS) $< && \ + touch -c $@ + +.PHONY: clean +clean: + rm -f obj/* diff --git a/tests/betree_back_stateful/Primitives.fst b/tests/betree_back_stateful/Primitives.fst new file mode 100644 index 00000000..b44fe9d1 --- /dev/null +++ b/tests/betree_back_stateful/Primitives.fst @@ -0,0 +1,286 @@ +/// This file lists primitive and assumed functions and types +module Primitives +open FStar.Mul +open FStar.List.Tot + +#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" + +(*** Utilities *) +val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : + ls':list a{ + length ls' = length ls /\ + index ls' i == x + } +#push-options "--fuel 1" +let rec list_update #a ls i x = + match ls with + | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x +#pop-options + +(*** Result *) +type result (a : Type0) : Type0 = +| Return : v:a -> result a +| Fail : result a + +// Monadic bind and return. +// Re-definining those allows us to customize the result of the monadic notations +// like: `y <-- f x;` +let return (#a : Type0) (x:a) : result a = Return x +let bind (#a #b : Type0) (m : result a) (f : a -> result b) : result b = + match m with + | Return x -> f x + | Fail -> Fail + +// Monadic assert(...) +let massert (b:bool) : result unit = if b then Return () else Fail + +// Normalize and unwrap a successful result (used for globals). +let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x + +(*** Misc *) +type char = FStar.Char.char +type string = string + +let mem_replace_fwd (a : Type0) (x : a) (y : a) : a = x +let mem_replace_back (a : Type0) (x : a) (y : a) : a = y + +(*** Scalars *) +/// Rk.: most of the following code was at least partially generated + +let isize_min : int = -9223372036854775808 +let isize_max : int = 9223372036854775807 +let i8_min : int = -128 +let i8_max : int = 127 +let i16_min : int = -32768 +let i16_max : int = 32767 +let i32_min : int = -2147483648 +let i32_max : int = 2147483647 +let i64_min : int = -9223372036854775808 +let i64_max : int = 9223372036854775807 +let i128_min : int = -170141183460469231731687303715884105728 +let i128_max : int = 170141183460469231731687303715884105727 +let usize_min : int = 0 +let usize_max : int = 4294967295 // being conservative here: [u32_max] instead of [u64_max] +let u8_min : int = 0 +let u8_max : int = 255 +let u16_min : int = 0 +let u16_max : int = 65535 +let u32_min : int = 0 +let u32_max : int = 4294967295 +let u64_min : int = 0 +let u64_max : int = 18446744073709551615 +let u128_min : int = 0 +let u128_max : int = 340282366920938463463374607431768211455 + +type scalar_ty = +| Isize +| I8 +| I16 +| I32 +| I64 +| I128 +| Usize +| U8 +| U16 +| U32 +| U64 +| U128 + +let scalar_min (ty : scalar_ty) : int = + match ty with + | Isize -> isize_min + | I8 -> i8_min + | I16 -> i16_min + | I32 -> i32_min + | I64 -> i64_min + | I128 -> i128_min + | Usize -> usize_min + | U8 -> u8_min + | U16 -> u16_min + | U32 -> u32_min + | U64 -> u64_min + | U128 -> u128_min + +let scalar_max (ty : scalar_ty) : int = + match ty with + | Isize -> isize_max + | I8 -> i8_max + | I16 -> i16_max + | I32 -> i32_max + | I64 -> i64_max + | I128 -> i128_max + | Usize -> usize_max + | U8 -> u8_max + | U16 -> u16_max + | U32 -> u32_max + | U64 -> u64_max + | U128 -> u128_max + +type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} + +let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = + if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail + +let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) + +let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (x / y) else Fail + +/// The remainder operation +let int_rem (x : int) (y : int{y <> 0}) : int = + if x >= 0 then (x % y) else -(x % y) + +(* Checking consistency with Rust *) +let _ = assert_norm(int_rem 1 2 = 1) +let _ = assert_norm(int_rem (-1) 2 = -1) +let _ = assert_norm(int_rem 1 (-2) = 1) +let _ = assert_norm(int_rem (-1) (-2) = -1) + +let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (int_rem x y) else Fail + +let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x + y) + +let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x - y) + +let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x * y) + +(** Cast an integer from a [src_ty] to a [tgt_ty] *) +let scalar_cast (src_ty : scalar_ty) (tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) = + mk_scalar tgt_ty x + +/// The scalar types +type isize : eqtype = scalar Isize +type i8 : eqtype = scalar I8 +type i16 : eqtype = scalar I16 +type i32 : eqtype = scalar I32 +type i64 : eqtype = scalar I64 +type i128 : eqtype = scalar I128 +type usize : eqtype = scalar Usize +type u8 : eqtype = scalar U8 +type u16 : eqtype = scalar U16 +type u32 : eqtype = scalar U32 +type u64 : eqtype = scalar U64 +type u128 : eqtype = scalar U128 + +/// Negation +let isize_neg = scalar_neg #Isize +let i8_neg = scalar_neg #I8 +let i16_neg = scalar_neg #I16 +let i32_neg = scalar_neg #I32 +let i64_neg = scalar_neg #I64 +let i128_neg = scalar_neg #I128 + +/// Division +let isize_div = scalar_div #Isize +let i8_div = scalar_div #I8 +let i16_div = scalar_div #I16 +let i32_div = scalar_div #I32 +let i64_div = scalar_div #I64 +let i128_div = scalar_div #I128 +let usize_div = scalar_div #Usize +let u8_div = scalar_div #U8 +let u16_div = scalar_div #U16 +let u32_div = scalar_div #U32 +let u64_div = scalar_div #U64 +let u128_div = scalar_div #U128 + +/// Remainder +let isize_rem = scalar_rem #Isize +let i8_rem = scalar_rem #I8 +let i16_rem = scalar_rem #I16 +let i32_rem = scalar_rem #I32 +let i64_rem = scalar_rem #I64 +let i128_rem = scalar_rem #I128 +let usize_rem = scalar_rem #Usize +let u8_rem = scalar_rem #U8 +let u16_rem = scalar_rem #U16 +let u32_rem = scalar_rem #U32 +let u64_rem = scalar_rem #U64 +let u128_rem = scalar_rem #U128 + +/// Addition +let isize_add = scalar_add #Isize +let i8_add = scalar_add #I8 +let i16_add = scalar_add #I16 +let i32_add = scalar_add #I32 +let i64_add = scalar_add #I64 +let i128_add = scalar_add #I128 +let usize_add = scalar_add #Usize +let u8_add = scalar_add #U8 +let u16_add = scalar_add #U16 +let u32_add = scalar_add #U32 +let u64_add = scalar_add #U64 +let u128_add = scalar_add #U128 + +/// Substraction +let isize_sub = scalar_sub #Isize +let i8_sub = scalar_sub #I8 +let i16_sub = scalar_sub #I16 +let i32_sub = scalar_sub #I32 +let i64_sub = scalar_sub #I64 +let i128_sub = scalar_sub #I128 +let usize_sub = scalar_sub #Usize +let u8_sub = scalar_sub #U8 +let u16_sub = scalar_sub #U16 +let u32_sub = scalar_sub #U32 +let u64_sub = scalar_sub #U64 +let u128_sub = scalar_sub #U128 + +/// Multiplication +let isize_mul = scalar_mul #Isize +let i8_mul = scalar_mul #I8 +let i16_mul = scalar_mul #I16 +let i32_mul = scalar_mul #I32 +let i64_mul = scalar_mul #I64 +let i128_mul = scalar_mul #I128 +let usize_mul = scalar_mul #Usize +let u8_mul = scalar_mul #U8 +let u16_mul = scalar_mul #U16 +let u32_mul = scalar_mul #U32 +let u64_mul = scalar_mul #U64 +let u128_mul = scalar_mul #U128 + +(*** Vector *) +type vec (a : Type0) = v:list a{length v <= usize_max} + +let vec_new (a : Type0) : vec a = assert_norm(length #a [] == 0); [] +let vec_len (a : Type0) (v : vec a) : usize = length v + +// The **forward** function shouldn't be used +let vec_push_fwd (a : Type0) (v : vec a) (x : a) : unit = () +let vec_push_back (a : Type0) (v : vec a) (x : a) : + Pure (result (vec a)) + (requires True) + (ensures (fun res -> + match res with + | Fail -> True + | Return v' -> length v' = length v + 1)) = + if length v < usize_max then begin + (**) assert_norm(length [x] == 1); + (**) append_length v [x]; + (**) assert(length (append v [x]) = length v + 1); + Return (append v [x]) + end + else Fail + +// The **forward** function shouldn't be used +let vec_insert_fwd (a : Type0) (v : vec a) (i : usize) (x : a) : result unit = + if i < length v then Return () else Fail +let vec_insert_back (a : Type0) (v : vec a) (i : usize) (x : a) : result (vec a) = + if i < length v then Return (list_update v i x) else Fail + +// The **backward** function shouldn't be used +let vec_index_fwd (a : Type0) (v : vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail +let vec_index_back (a : Type0) (v : vec a) (i : usize) (x : a) : result unit = + if i < length v then Return () else Fail + +let vec_index_mut_fwd (a : Type0) (v : vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail +let vec_index_mut_back (a : Type0) (v : vec a) (i : usize) (nx : a) : result (vec a) = + if i < length v then Return (list_update v i nx) else Fail + diff --git a/tests/misc/External.Funs.fst b/tests/misc/External.Funs.fst index 874b739c..68a0061e 100644 --- a/tests/misc/External.Funs.fst +++ b/tests/misc/External.Funs.fst @@ -12,24 +12,31 @@ let swap_fwd (t : Type0) (x : t) (y : t) (st : state) : result (state & unit) = begin match core_mem_swap_fwd t x y st with | Fail -> Fail | Return (st0, _) -> - begin match core_mem_swap_back0 t x y st with + begin match core_mem_swap_back0 t x y st st0 with | Fail -> Fail - | Return _ -> - begin match core_mem_swap_back1 t x y st with + | Return (st1, _) -> + begin match core_mem_swap_back1 t x y st st1 with | Fail -> Fail - | Return _ -> Return (st0, ()) + | Return (st2, _) -> Return (st2, ()) end end end (** [external::swap] *) -let swap_back (t : Type0) (x : t) (y : t) (st : state) : result (t & t) = - begin match core_mem_swap_back0 t x y st with +let swap_back + (t : Type0) (x : t) (y : t) (st : state) (st0 : state) : + result (state & (t & t)) + = + begin match core_mem_swap_fwd t x y st with | Fail -> Fail - | Return x0 -> - begin match core_mem_swap_back1 t x y st with + | Return (st1, _) -> + begin match core_mem_swap_back0 t x y st st1 with | Fail -> Fail - | Return y0 -> Return (x0, y0) + | Return (st2, x0) -> + begin match core_mem_swap_back1 t x y st st2 with + | Fail -> Fail + | Return (_, y0) -> Return (st0, (x0, y0)) + end end end @@ -64,25 +71,31 @@ let custom_swap_fwd begin match core_mem_swap_fwd t x y st with | Fail -> Fail | Return (st0, _) -> - begin match core_mem_swap_back0 t x y st with + begin match core_mem_swap_back0 t x y st st0 with | Fail -> Fail - | Return x0 -> - begin match core_mem_swap_back1 t x y st with + | Return (st1, x0) -> + begin match core_mem_swap_back1 t x y st st1 with | Fail -> Fail - | Return _ -> Return (st0, x0) + | Return (st2, _) -> Return (st2, x0) end end end (** [external::custom_swap] *) let custom_swap_back - (t : Type0) (x : t) (y : t) (st : state) (ret : t) : result (t & t) = - begin match core_mem_swap_back0 t x y st with + (t : Type0) (x : t) (y : t) (st : state) (ret : t) (st0 : state) : + result (state & (t & t)) + = + begin match core_mem_swap_fwd t x y st with | Fail -> Fail - | Return _ -> - begin match core_mem_swap_back1 t x y st with + | Return (st1, _) -> + begin match core_mem_swap_back0 t x y st st1 with | Fail -> Fail - | Return y0 -> Return (ret, y0) + | Return (st2, _) -> + begin match core_mem_swap_back1 t x y st st2 with + | Fail -> Fail + | Return (_, y0) -> Return (st0, (ret, y0)) + end end end @@ -96,10 +109,12 @@ let test_custom_swap_fwd (** [external::test_custom_swap] *) let test_custom_swap_back - (x : u32) (y : u32) (st : state) : result (u32 & u32) = - begin match custom_swap_back u32 x y st 1 with + (x : u32) (y : u32) (st : state) (st0 : state) : + result (state & (u32 & u32)) + = + begin match custom_swap_back u32 x y st 1 st0 with | Fail -> Fail - | Return (x0, y0) -> Return (x0, y0) + | Return (st1, (x0, y0)) -> Return (st1, (x0, y0)) end (** [external::test_swap_non_zero] *) @@ -107,9 +122,9 @@ let test_swap_non_zero_fwd (x : u32) (st : state) : result (state & u32) = begin match swap_fwd u32 x 0 st with | Fail -> Fail | Return (st0, _) -> - begin match swap_back u32 x 0 st with + begin match swap_back u32 x 0 st st0 with | Fail -> Fail - | Return (x0, _) -> if x0 = 0 then Fail else Return (st0, x0) + | Return (st1, (x0, _)) -> if x0 = 0 then Fail else Return (st1, x0) end end diff --git a/tests/misc/External.Opaque.fsti b/tests/misc/External.Opaque.fsti index 7c241c7c..7d86405a 100644 --- a/tests/misc/External.Opaque.fsti +++ b/tests/misc/External.Opaque.fsti @@ -10,10 +10,12 @@ include External.Types val core_mem_swap_fwd (t : Type0) : t -> t -> state -> result (state & unit) (** [core::mem::swap] *) -val core_mem_swap_back0 (t : Type0) : t -> t -> state -> result t +val core_mem_swap_back0 + (t : Type0) : t -> t -> state -> state -> result (state & t) (** [core::mem::swap] *) -val core_mem_swap_back1 (t : Type0) : t -> t -> state -> result t +val core_mem_swap_back1 + (t : Type0) : t -> t -> state -> state -> result (state & t) (** [core::num::nonzero::NonZeroU32::{14}::new] *) val core_num_nonzero_non_zero_u32_new_fwd |