summaryrefslogtreecommitdiff
path: root/tests/betree
diff options
context:
space:
mode:
Diffstat (limited to 'tests/betree')
-rw-r--r--tests/betree/BetreeMain.Clauses.Template.fst95
-rw-r--r--tests/betree/BetreeMain.Clauses.fst94
-rw-r--r--tests/betree/BetreeMain.Funs.fst1672
-rw-r--r--tests/betree/BetreeMain.Opaque.fsti30
-rw-r--r--tests/betree/BetreeMain.Types.fsti60
-rw-r--r--tests/betree/Primitives.fst279
6 files changed, 2230 insertions, 0 deletions
diff --git a/tests/betree/BetreeMain.Clauses.Template.fst b/tests/betree/BetreeMain.Clauses.Template.fst
new file mode 100644
index 00000000..19b5574f
--- /dev/null
+++ b/tests/betree/BetreeMain.Clauses.Template.fst
@@ -0,0 +1,95 @@
+(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *)
+(** [betree_main]: templates for the decreases clauses *)
+module BetreeMain.Clauses.Template
+open Primitives
+open BetreeMain.Types
+
+#set-options "--z3rlimit 50 --fuel 0 --ifuel 1"
+
+(** [betree_main::betree::List::{1}::len]: decreases clause *)
+unfold
+let betree_list_1_len_decreases (t : Type0) (self : betree_list_t t) : nat =
+ admit ()
+
+(** [betree_main::betree::List::{1}::split_at]: decreases clause *)
+unfold
+let betree_list_1_split_at_decreases (t : Type0) (self : betree_list_t t)
+ (n : u64) : nat =
+ admit ()
+
+(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *)
+unfold
+let betree_list_2_partition_at_pivot_decreases (t : Type0)
+ (self : betree_list_t (u64 & t)) (pivot : u64) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *)
+unfold
+let betree_node_5_lookup_in_bindings_decreases (key : u64)
+ (bindings : betree_list_t (u64 & u64)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *)
+unfold
+let betree_node_5_lookup_first_message_for_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *)
+unfold
+let betree_node_5_apply_upserts_decreases
+ (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64)
+ (key : u64) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *)
+unfold
+let betree_internal_4_lookup_in_children_decreases (self : betree_internal_t)
+ (key : u64) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup]: decreases clause *)
+unfold
+let betree_node_5_lookup_decreases (self : betree_node_t) (key : u64)
+ (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *)
+unfold
+let betree_node_5_lookup_mut_in_bindings_decreases (key : u64)
+ (bindings : betree_list_t (u64 & u64)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *)
+unfold
+let betree_node_5_filter_messages_for_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *)
+unfold
+let betree_node_5_lookup_first_message_after_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Internal::{4}::flush]: decreases clause *)
+unfold
+let betree_internal_4_flush_decreases (self : betree_internal_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *)
+unfold
+let betree_node_5_apply_messages_decreases (self : betree_node_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply]: decreases clause *)
+unfold
+let betree_node_5_apply_decreases (self : betree_node_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (key : u64) (new_msg : betree_message_t) (st : state) : nat =
+ admit ()
+
diff --git a/tests/betree/BetreeMain.Clauses.fst b/tests/betree/BetreeMain.Clauses.fst
new file mode 100644
index 00000000..b241e756
--- /dev/null
+++ b/tests/betree/BetreeMain.Clauses.fst
@@ -0,0 +1,94 @@
+(** [betree_main]: templates for the decreases clauses *)
+module BetreeMain.Clauses
+open Primitives
+open BetreeMain.Types
+
+#set-options "--z3rlimit 50 --fuel 0 --ifuel 1"
+
+(** [betree_main::betree::List::{1}::len]: decreases clause *)
+unfold
+let betree_list_1_len_decreases (t : Type0) (self : betree_list_t t) : nat =
+ admit ()
+
+(** [betree_main::betree::List::{1}::split_at]: decreases clause *)
+unfold
+let betree_list_1_split_at_decreases (t : Type0) (self : betree_list_t t)
+ (n : u64) : nat =
+ admit ()
+
+(** [betree_main::betree::List::{2}::partition_at_pivot]: decreases clause *)
+unfold
+let betree_list_2_partition_at_pivot_decreases (t : Type0)
+ (self : betree_list_t (u64 & t)) (pivot : u64) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_in_bindings]: decreases clause *)
+unfold
+let betree_node_5_lookup_in_bindings_decreases (key : u64)
+ (bindings : betree_list_t (u64 & u64)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_for_key]: decreases clause *)
+unfold
+let betree_node_5_lookup_first_message_for_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply_upserts]: decreases clause *)
+unfold
+let betree_node_5_apply_upserts_decreases
+ (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64)
+ (key : u64) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Internal::{4}::lookup_in_children]: decreases clause *)
+unfold
+let betree_internal_4_lookup_in_children_decreases (self : betree_internal_t)
+ (key : u64) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup]: decreases clause *)
+unfold
+let betree_node_5_lookup_decreases (self : betree_node_t) (key : u64)
+ (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings]: decreases clause *)
+unfold
+let betree_node_5_lookup_mut_in_bindings_decreases (key : u64)
+ (bindings : betree_list_t (u64 & u64)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::filter_messages_for_key]: decreases clause *)
+unfold
+let betree_node_5_filter_messages_for_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_after_key]: decreases clause *)
+unfold
+let betree_node_5_lookup_first_message_after_key_decreases (key : u64)
+ (msgs : betree_list_t (u64 & betree_message_t)) : nat =
+ admit ()
+
+(** [betree_main::betree::Internal::{4}::flush]: decreases clause *)
+unfold
+let betree_internal_4_flush_decreases (self : betree_internal_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (content : betree_list_t (u64 & betree_message_t)) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply_messages]: decreases clause *)
+unfold
+let betree_node_5_apply_messages_decreases (self : betree_node_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (msgs : betree_list_t (u64 & betree_message_t)) (st : state) : nat =
+ admit ()
+
+(** [betree_main::betree::Node::{5}::apply]: decreases clause *)
+unfold
+let betree_node_5_apply_decreases (self : betree_node_t)
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (key : u64) (new_msg : betree_message_t) (st : state) : nat =
+ admit ()
+
diff --git a/tests/betree/BetreeMain.Funs.fst b/tests/betree/BetreeMain.Funs.fst
new file mode 100644
index 00000000..b218c622
--- /dev/null
+++ b/tests/betree/BetreeMain.Funs.fst
@@ -0,0 +1,1672 @@
+(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *)
+(** [betree_main]: function definitions *)
+module BetreeMain.Funs
+open Primitives
+include BetreeMain.Types
+include BetreeMain.Opaque
+include BetreeMain.Clauses
+
+#set-options "--z3rlimit 50 --fuel 0 --ifuel 1"
+
+(** [betree_main::betree::load_internal_node] *)
+let betree_load_internal_node_fwd
+ (id : u64) (st : state) :
+ result (state & (betree_list_t (u64 & betree_message_t)))
+ =
+ begin match betree_utils_load_internal_node_fwd id st with
+ | Fail -> Fail
+ | Return (st0, l) -> Return (st0, l)
+ end
+
+(** [betree_main::betree::store_internal_node] *)
+let betree_store_internal_node_fwd
+ (id : u64) (content : betree_list_t (u64 & betree_message_t)) (st : state) :
+ result (state & unit)
+ =
+ begin match betree_utils_store_internal_node_fwd id content st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::load_leaf_node] *)
+let betree_load_leaf_node_fwd
+ (id : u64) (st : state) : result (state & (betree_list_t (u64 & u64))) =
+ begin match betree_utils_load_leaf_node_fwd id st with
+ | Fail -> Fail
+ | Return (st0, l) -> Return (st0, l)
+ end
+
+(** [betree_main::betree::store_leaf_node] *)
+let betree_store_leaf_node_fwd
+ (id : u64) (content : betree_list_t (u64 & u64)) (st : state) :
+ result (state & unit)
+ =
+ begin match betree_utils_store_leaf_node_fwd id content st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::fresh_node_id] *)
+let betree_fresh_node_id_fwd (counter : u64) : result u64 =
+ begin match u64_add counter 1 with
+ | Fail -> Fail
+ | Return _ -> Return counter
+ end
+
+(** [betree_main::betree::fresh_node_id] *)
+let betree_fresh_node_id_back (counter : u64) : result u64 =
+ begin match u64_add counter 1 with
+ | Fail -> Fail
+ | Return counter0 -> Return counter0
+ end
+
+(** [betree_main::betree::NodeIdCounter::{0}::new] *)
+let betree_node_id_counter_new_fwd : result betree_node_id_counter_t =
+ Return (Mkbetree_node_id_counter_t 0)
+
+(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *)
+let betree_node_id_counter_fresh_id_fwd
+ (self : betree_node_id_counter_t) : result u64 =
+ begin match u64_add self.betree_node_id_counter_next_node_id 1 with
+ | Fail -> Fail
+ | Return _ -> Return self.betree_node_id_counter_next_node_id
+ end
+
+(** [betree_main::betree::NodeIdCounter::{0}::fresh_id] *)
+let betree_node_id_counter_fresh_id_back
+ (self : betree_node_id_counter_t) : result betree_node_id_counter_t =
+ begin match u64_add self.betree_node_id_counter_next_node_id 1 with
+ | Fail -> Fail
+ | Return i -> Return (Mkbetree_node_id_counter_t i)
+ end
+
+(** [betree_main::betree::upsert_update] *)
+let betree_upsert_update_fwd
+ (prev : option u64) (st : betree_upsert_fun_state_t) : result u64 =
+ begin match prev with
+ | None ->
+ begin match st with
+ | BetreeUpsertFunStateAdd v -> Return v
+ | BetreeUpsertFunStateSub i -> Return 0
+ end
+ | Some prev0 ->
+ begin match st with
+ | BetreeUpsertFunStateAdd v ->
+ begin match u64_sub 18446744073709551615 prev0 with
+ | Fail -> Fail
+ | Return margin ->
+ if margin >= v
+ then
+ begin match u64_add prev0 v with
+ | Fail -> Fail
+ | Return i -> Return i
+ end
+ else Return 18446744073709551615
+ end
+ | BetreeUpsertFunStateSub v ->
+ if prev0 >= v
+ then
+ begin match u64_sub prev0 v with
+ | Fail -> Fail
+ | Return i -> Return i
+ end
+ else Return 0
+ end
+ end
+
+(** [betree_main::betree::List::{1}::len] *)
+let rec betree_list_1_len_fwd
+ (t : Type0) (self : betree_list_t t) :
+ Tot (result u64) (decreases (betree_list_1_len_decreases t self))
+ =
+ begin match self with
+ | BetreeListCons x tl ->
+ begin match betree_list_1_len_fwd t tl with
+ | Fail -> Fail
+ | Return i ->
+ begin match u64_add 1 i with | Fail -> Fail | Return i0 -> Return i0 end
+ end
+ | BetreeListNil -> Return 0
+ end
+
+(** [betree_main::betree::List::{1}::split_at] *)
+let rec betree_list_1_split_at_fwd
+ (t : Type0) (self : betree_list_t t) (n : u64) :
+ Tot (result ((betree_list_t t) & (betree_list_t t)))
+ (decreases (betree_list_1_split_at_decreases t self n))
+ =
+ begin match n with
+ | 0 -> Return (BetreeListNil, self)
+ | _ ->
+ begin match self with
+ | BetreeListCons hd tl ->
+ begin match u64_sub n 1 with
+ | Fail -> Fail
+ | Return i ->
+ begin match betree_list_1_split_at_fwd t tl i with
+ | Fail -> Fail
+ | Return p ->
+ let (ls0, ls1) = p in
+ let l = ls0 in Return (BetreeListCons hd l, ls1)
+ end
+ end
+ | BetreeListNil -> Fail
+ end
+ end
+
+(** [betree_main::betree::List::{1}::push_front] *)
+let betree_list_1_push_front_fwd_back
+ (t : Type0) (self : betree_list_t t) (x : t) : result (betree_list_t t) =
+ let tl = mem_replace_fwd (betree_list_t t) self BetreeListNil in
+ let l = tl in Return (BetreeListCons x l)
+
+(** [betree_main::betree::List::{1}::pop_front] *)
+let betree_list_1_pop_front_fwd
+ (t : Type0) (self : betree_list_t t) : result t =
+ let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in
+ begin match ls with
+ | BetreeListCons x tl -> Return x
+ | BetreeListNil -> Fail
+ end
+
+(** [betree_main::betree::List::{1}::pop_front] *)
+let betree_list_1_pop_front_back
+ (t : Type0) (self : betree_list_t t) : result (betree_list_t t) =
+ let ls = mem_replace_fwd (betree_list_t t) self BetreeListNil in
+ begin match ls with
+ | BetreeListCons x tl -> Return tl
+ | BetreeListNil -> Fail
+ end
+
+(** [betree_main::betree::List::{1}::hd] *)
+let betree_list_1_hd_fwd (t : Type0) (self : betree_list_t t) : result t =
+ begin match self with
+ | BetreeListCons hd l -> Return hd
+ | BetreeListNil -> Fail
+ end
+
+(** [betree_main::betree::List::{2}::head_has_key] *)
+let betree_list_2_head_has_key_fwd
+ (t : Type0) (self : betree_list_t (u64 & t)) (key : u64) : result bool =
+ begin match self with
+ | BetreeListCons hd l -> let (i, _) = hd in Return (i = key)
+ | BetreeListNil -> Return false
+ end
+
+(** [betree_main::betree::List::{2}::partition_at_pivot] *)
+let rec betree_list_2_partition_at_pivot_fwd
+ (t : Type0) (self : betree_list_t (u64 & t)) (pivot : u64) :
+ Tot (result ((betree_list_t (u64 & t)) & (betree_list_t (u64 & t))))
+ (decreases (betree_list_2_partition_at_pivot_decreases t self pivot))
+ =
+ begin match self with
+ | BetreeListCons hd tl ->
+ let (i, x) = hd in
+ if i >= pivot
+ then Return (BetreeListNil, BetreeListCons (i, x) tl)
+ else
+ begin match betree_list_2_partition_at_pivot_fwd t tl pivot with
+ | Fail -> Fail
+ | Return p ->
+ let (ls0, ls1) = p in
+ let l = ls0 in Return (BetreeListCons (i, x) l, ls1)
+ end
+ | BetreeListNil -> Return (BetreeListNil, BetreeListNil)
+ end
+
+(** [betree_main::betree::Leaf::{3}::split] *)
+let betree_leaf_3_split_fwd
+ (self : betree_leaf_t) (content : betree_list_t (u64 & u64))
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (st : state) :
+ result (state & betree_internal_t)
+ =
+ begin match
+ betree_list_1_split_at_fwd (u64 & u64) content
+ params.betree_params_split_size with
+ | Fail -> Fail
+ | Return p ->
+ let (content0, content1) = p in
+ begin match betree_list_1_hd_fwd (u64 & u64) content1 with
+ | Fail -> Fail
+ | Return p0 ->
+ let (pivot, _) = p0 in
+ begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with
+ | Fail -> Fail
+ | Return id0 ->
+ begin match betree_node_id_counter_fresh_id_back node_id_cnt with
+ | Fail -> Fail
+ | Return node_id_cnt0 ->
+ begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with
+ | Fail -> Fail
+ | Return id1 ->
+ begin match betree_store_leaf_node_fwd id0 content0 st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_store_leaf_node_fwd id1 content1 st0 with
+ | Fail -> Fail
+ | Return (st1, _) ->
+ let n = BetreeNodeLeaf (Mkbetree_leaf_t id0
+ params.betree_params_split_size) in
+ let n0 = BetreeNodeLeaf (Mkbetree_leaf_t id1
+ params.betree_params_split_size) in
+ Return
+ (st1,
+ Mkbetree_internal_t
+ self.betree_leaf_id
+ pivot
+ n
+ n0)
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::Leaf::{3}::split] *)
+let betree_leaf_3_split_back
+ (self : betree_leaf_t) (content : betree_list_t (u64 & u64))
+ (params : betree_params_t) (node_id_cnt : betree_node_id_counter_t)
+ (st : state) :
+ result betree_node_id_counter_t
+ =
+ begin match
+ betree_list_1_split_at_fwd (u64 & u64) content
+ params.betree_params_split_size with
+ | Fail -> Fail
+ | Return p ->
+ let (content0, content1) = p in
+ begin match betree_list_1_hd_fwd (u64 & u64) content1 with
+ | Fail -> Fail
+ | Return _ ->
+ begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with
+ | Fail -> Fail
+ | Return id0 ->
+ begin match betree_node_id_counter_fresh_id_back node_id_cnt with
+ | Fail -> Fail
+ | Return node_id_cnt0 ->
+ begin match betree_node_id_counter_fresh_id_fwd node_id_cnt0 with
+ | Fail -> Fail
+ | Return id1 ->
+ begin match betree_store_leaf_node_fwd id0 content0 st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_store_leaf_node_fwd id1 content1 st0 with
+ | Fail -> Fail
+ | Return (_, _) ->
+ begin match betree_node_id_counter_fresh_id_back node_id_cnt0
+ with
+ | Fail -> Fail
+ | Return node_id_cnt1 -> Return node_id_cnt1
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_in_bindings] *)
+let rec betree_node_5_lookup_in_bindings_fwd
+ (key : u64) (bindings : betree_list_t (u64 & u64)) :
+ Tot (result (option u64))
+ (decreases (betree_node_5_lookup_in_bindings_decreases key bindings))
+ =
+ begin match bindings with
+ | BetreeListCons hd tl ->
+ let (i, i0) = hd in
+ if i = key
+ then Return (Some i0)
+ else
+ if i > key
+ then Return None
+ else
+ begin match betree_node_5_lookup_in_bindings_fwd key tl with
+ | Fail -> Fail
+ | Return opt -> Return opt
+ end
+ | BetreeListNil -> Return None
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *)
+let rec betree_node_5_lookup_first_message_for_key_fwd
+ (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_lookup_first_message_for_key_decreases key msgs))
+ =
+ begin match msgs with
+ | BetreeListCons x next_msgs ->
+ let (i, m) = x in
+ if i >= key
+ then Return (BetreeListCons (i, m) next_msgs)
+ else
+ begin match betree_node_5_lookup_first_message_for_key_fwd key next_msgs
+ with
+ | Fail -> Fail
+ | Return l -> Return l
+ end
+ | BetreeListNil -> Return BetreeListNil
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_for_key] *)
+let rec betree_node_5_lookup_first_message_for_key_back
+ (key : u64) (msgs : betree_list_t (u64 & betree_message_t))
+ (ret : betree_list_t (u64 & betree_message_t)) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_lookup_first_message_for_key_decreases key msgs))
+ =
+ begin match msgs with
+ | BetreeListCons x next_msgs ->
+ let (i, m) = x in
+ if i >= key
+ then Return ret
+ else
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key next_msgs ret with
+ | Fail -> Fail
+ | Return next_msgs0 -> Return (BetreeListCons (i, m) next_msgs0)
+ end
+ | BetreeListNil -> Return ret
+ end
+
+(** [betree_main::betree::Node::{5}::apply_upserts] *)
+let rec betree_node_5_apply_upserts_fwd
+ (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64)
+ (key : u64) (st : state) :
+ Tot (result (state & u64))
+ (decreases (betree_node_5_apply_upserts_decreases msgs prev key st))
+ =
+ begin match betree_list_2_head_has_key_fwd betree_message_t msgs key with
+ | Fail -> Fail
+ | Return b ->
+ if b
+ then
+ begin match betree_list_1_pop_front_fwd (u64 & betree_message_t) msgs
+ with
+ | Fail -> Fail
+ | Return msg ->
+ let (_, m) = msg in
+ begin match m with
+ | BetreeMessageInsert i -> Fail
+ | BetreeMessageDelete -> Fail
+ | BetreeMessageUpsert s ->
+ begin match betree_upsert_update_fwd prev s with
+ | Fail -> Fail
+ | Return v ->
+ begin match
+ betree_list_1_pop_front_back (u64 & betree_message_t) msgs with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match betree_node_5_apply_upserts_fwd msgs0 (Some v) key st
+ with
+ | Fail -> Fail
+ | Return (st0, i) -> Return (st0, i)
+ end
+ end
+ end
+ end
+ end
+ else
+ begin match core_option_option_unwrap_fwd u64 prev st with
+ | Fail -> Fail
+ | Return (st0, v) ->
+ begin match
+ betree_list_1_push_front_fwd (u64 & betree_message_t) msgs (key,
+ BetreeMessageInsert v) with
+ | Fail -> Fail
+ | Return _ -> Return (st0, v)
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::apply_upserts] *)
+let rec betree_node_5_apply_upserts_back
+ (msgs : betree_list_t (u64 & betree_message_t)) (prev : option u64)
+ (key : u64) (st : state) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_apply_upserts_decreases msgs prev key st))
+ =
+ begin match betree_list_2_head_has_key_fwd betree_message_t msgs key with
+ | Fail -> Fail
+ | Return b ->
+ if b
+ then
+ begin match betree_list_1_pop_front_fwd (u64 & betree_message_t) msgs
+ with
+ | Fail -> Fail
+ | Return msg ->
+ let (_, m) = msg in
+ begin match m with
+ | BetreeMessageInsert i -> Fail
+ | BetreeMessageDelete -> Fail
+ | BetreeMessageUpsert s ->
+ begin match betree_upsert_update_fwd prev s with
+ | Fail -> Fail
+ | Return v ->
+ begin match
+ betree_list_1_pop_front_back (u64 & betree_message_t) msgs with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match
+ betree_node_5_apply_upserts_back msgs0 (Some v) key st with
+ | Fail -> Fail
+ | Return msgs1 -> Return msgs1
+ end
+ end
+ end
+ end
+ end
+ else
+ begin match core_option_option_unwrap_fwd u64 prev st with
+ | Fail -> Fail
+ | Return (_, v) ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs (key,
+ BetreeMessageInsert v) with
+ | Fail -> Fail
+ | Return msgs0 -> Return msgs0
+ end
+ end
+ end
+
+(** [betree_main::betree::Internal::{4}::lookup_in_children] *)
+let rec betree_internal_4_lookup_in_children_fwd
+ (self : betree_internal_t) (key : u64) (st : state) :
+ Tot (result (state & (option u64)))
+ (decreases (betree_internal_4_lookup_in_children_decreases self key st))
+ =
+ if key < self.betree_internal_pivot
+ then
+ begin match betree_node_5_lookup_fwd self.betree_internal_left key st with
+ | Fail -> Fail
+ | Return (st0, opt) -> Return (st0, opt)
+ end
+ else
+ begin match betree_node_5_lookup_fwd self.betree_internal_right key st with
+ | Fail -> Fail
+ | Return (st0, opt) -> Return (st0, opt)
+ end
+
+(** [betree_main::betree::Internal::{4}::lookup_in_children] *)
+and betree_internal_4_lookup_in_children_back
+ (self : betree_internal_t) (key : u64) (st : state) :
+ Tot (result betree_internal_t)
+ (decreases (betree_internal_4_lookup_in_children_decreases self key st))
+ =
+ if key < self.betree_internal_pivot
+ then
+ begin match betree_node_5_lookup_back self.betree_internal_left key st with
+ | Fail -> Fail
+ | Return n ->
+ Return (Mkbetree_internal_t self.betree_internal_id
+ self.betree_internal_pivot n self.betree_internal_right)
+ end
+ else
+ begin match betree_node_5_lookup_back self.betree_internal_right key st
+ with
+ | Fail -> Fail
+ | Return n ->
+ Return (Mkbetree_internal_t self.betree_internal_id
+ self.betree_internal_pivot self.betree_internal_left n)
+ end
+
+(** [betree_main::betree::Node::{5}::lookup] *)
+and betree_node_5_lookup_fwd
+ (self : betree_node_t) (key : u64) (st : state) :
+ Tot (result (state & (option u64)))
+ (decreases (betree_node_5_lookup_decreases self key st))
+ =
+ begin match self with
+ | BetreeNodeInternal node ->
+ begin match betree_load_internal_node_fwd node.betree_internal_id st with
+ | Fail -> Fail
+ | Return (st0, msgs) ->
+ begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with
+ | Fail -> Fail
+ | Return pending ->
+ begin match pending with
+ | BetreeListCons p l ->
+ let (k, msg) = p in
+ if k <> key
+ then
+ begin match
+ betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return (st1, opt) ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, msg) l) with
+ | Fail -> Fail
+ | Return _ -> Return (st1, opt)
+ end
+ end
+ else
+ begin match msg with
+ | BetreeMessageInsert v ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, BetreeMessageInsert v) l) with
+ | Fail -> Fail
+ | Return _ -> Return (st0, Some v)
+ end
+ | BetreeMessageDelete ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, BetreeMessageDelete) l) with
+ | Fail -> Fail
+ | Return _ -> Return (st0, None)
+ end
+ | BetreeMessageUpsert ufs ->
+ begin match
+ betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return (st1, v) ->
+ begin match
+ betree_node_5_apply_upserts_fwd (BetreeListCons (k,
+ BetreeMessageUpsert ufs) l) v key st1 with
+ | Fail -> Fail
+ | Return (st2, v0) ->
+ begin match
+ betree_internal_4_lookup_in_children_back
+ (Mkbetree_internal_t node.betree_internal_id
+ node.betree_internal_pivot node.betree_internal_left
+ node.betree_internal_right) key st0 with
+ | Fail -> Fail
+ | Return node0 ->
+ begin match
+ betree_node_5_apply_upserts_back (BetreeListCons (k,
+ BetreeMessageUpsert ufs) l) v key st1 with
+ | Fail -> Fail
+ | Return pending0 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key
+ msgs pending0 with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match
+ betree_store_internal_node_fwd
+ node0.betree_internal_id msgs0 st2 with
+ | Fail -> Fail
+ | Return (st3, _) -> Return (st3, Some v0)
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+ | BetreeListNil ->
+ begin match
+ betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return (st1, opt) ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ BetreeListNil with
+ | Fail -> Fail
+ | Return _ -> Return (st1, opt)
+ end
+ end
+ end
+ end
+ end
+ | BetreeNodeLeaf node ->
+ begin match betree_load_leaf_node_fwd node.betree_leaf_id st with
+ | Fail -> Fail
+ | Return (st0, bindings) ->
+ begin match betree_node_5_lookup_in_bindings_fwd key bindings with
+ | Fail -> Fail
+ | Return opt -> Return (st0, opt)
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::lookup] *)
+and betree_node_5_lookup_back
+ (self : betree_node_t) (key : u64) (st : state) :
+ Tot (result betree_node_t)
+ (decreases (betree_node_5_lookup_decreases self key st))
+ =
+ begin match self with
+ | BetreeNodeInternal node ->
+ begin match betree_load_internal_node_fwd node.betree_internal_id st with
+ | Fail -> Fail
+ | Return (st0, msgs) ->
+ begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with
+ | Fail -> Fail
+ | Return pending ->
+ begin match pending with
+ | BetreeListCons p l ->
+ let (k, msg) = p in
+ if k <> key
+ then
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, msg) l) with
+ | Fail -> Fail
+ | Return _ ->
+ begin match
+ betree_internal_4_lookup_in_children_back (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return node0 -> Return (BetreeNodeInternal node0)
+ end
+ end
+ else
+ begin match msg with
+ | BetreeMessageInsert v ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, BetreeMessageInsert v) l) with
+ | Fail -> Fail
+ | Return _ ->
+ Return (BetreeNodeInternal (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right))
+ end
+ | BetreeMessageDelete ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ (BetreeListCons (k, BetreeMessageDelete) l) with
+ | Fail -> Fail
+ | Return _ ->
+ Return (BetreeNodeInternal (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right))
+ end
+ | BetreeMessageUpsert ufs ->
+ begin match
+ betree_internal_4_lookup_in_children_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return (st1, v) ->
+ begin match
+ betree_node_5_apply_upserts_fwd (BetreeListCons (k,
+ BetreeMessageUpsert ufs) l) v key st1 with
+ | Fail -> Fail
+ | Return (st2, _) ->
+ begin match
+ betree_internal_4_lookup_in_children_back
+ (Mkbetree_internal_t node.betree_internal_id
+ node.betree_internal_pivot node.betree_internal_left
+ node.betree_internal_right) key st0 with
+ | Fail -> Fail
+ | Return node0 ->
+ begin match
+ betree_node_5_apply_upserts_back (BetreeListCons (k,
+ BetreeMessageUpsert ufs) l) v key st1 with
+ | Fail -> Fail
+ | Return pending0 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key
+ msgs pending0 with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match
+ betree_store_internal_node_fwd
+ node0.betree_internal_id msgs0 st2 with
+ | Fail -> Fail
+ | Return (_, _) ->
+ Return (BetreeNodeInternal (Mkbetree_internal_t
+ node0.betree_internal_id
+ node0.betree_internal_pivot
+ node0.betree_internal_left
+ node0.betree_internal_right))
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+ | BetreeListNil ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ BetreeListNil with
+ | Fail -> Fail
+ | Return _ ->
+ begin match
+ betree_internal_4_lookup_in_children_back (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) key st0
+ with
+ | Fail -> Fail
+ | Return node0 -> Return (BetreeNodeInternal node0)
+ end
+ end
+ end
+ end
+ end
+ | BetreeNodeLeaf node ->
+ begin match betree_load_leaf_node_fwd node.betree_leaf_id st with
+ | Fail -> Fail
+ | Return (_, bindings) ->
+ begin match betree_node_5_lookup_in_bindings_fwd key bindings with
+ | Fail -> Fail
+ | Return _ ->
+ Return (BetreeNodeLeaf (Mkbetree_leaf_t node.betree_leaf_id
+ node.betree_leaf_size))
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *)
+let rec betree_node_5_lookup_mut_in_bindings_fwd
+ (key : u64) (bindings : betree_list_t (u64 & u64)) :
+ Tot (result (betree_list_t (u64 & u64)))
+ (decreases (betree_node_5_lookup_mut_in_bindings_decreases key bindings))
+ =
+ begin match bindings with
+ | BetreeListCons hd tl ->
+ let (i, i0) = hd in
+ if i >= key
+ then Return (BetreeListCons (i, i0) tl)
+ else
+ begin match betree_node_5_lookup_mut_in_bindings_fwd key tl with
+ | Fail -> Fail
+ | Return l -> Return l
+ end
+ | BetreeListNil -> Return BetreeListNil
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_mut_in_bindings] *)
+let rec betree_node_5_lookup_mut_in_bindings_back
+ (key : u64) (bindings : betree_list_t (u64 & u64))
+ (ret : betree_list_t (u64 & u64)) :
+ Tot (result (betree_list_t (u64 & u64)))
+ (decreases (betree_node_5_lookup_mut_in_bindings_decreases key bindings))
+ =
+ begin match bindings with
+ | BetreeListCons hd tl ->
+ let (i, i0) = hd in
+ if i >= key
+ then Return ret
+ else
+ begin match betree_node_5_lookup_mut_in_bindings_back key tl ret with
+ | Fail -> Fail
+ | Return tl0 -> Return (BetreeListCons (i, i0) tl0)
+ end
+ | BetreeListNil -> Return ret
+ end
+
+(** [betree_main::betree::Node::{5}::apply_to_leaf] *)
+let betree_node_5_apply_to_leaf_fwd_back
+ (bindings : betree_list_t (u64 & u64)) (key : u64)
+ (new_msg : betree_message_t) :
+ result (betree_list_t (u64 & u64))
+ =
+ begin match betree_node_5_lookup_mut_in_bindings_fwd key bindings with
+ | Fail -> Fail
+ | Return bindings0 ->
+ begin match betree_list_2_head_has_key_fwd u64 bindings0 key with
+ | Fail -> Fail
+ | Return b ->
+ if b
+ then
+ begin match betree_list_1_pop_front_fwd (u64 & u64) bindings0 with
+ | Fail -> Fail
+ | Return hd ->
+ begin match new_msg with
+ | BetreeMessageInsert v ->
+ begin match betree_list_1_pop_front_back (u64 & u64) bindings0 with
+ | Fail -> Fail
+ | Return bindings1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & u64) bindings1 (key,
+ v) with
+ | Fail -> Fail
+ | Return bindings2 ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings
+ bindings2 with
+ | Fail -> Fail
+ | Return bindings3 -> Return bindings3
+ end
+ end
+ end
+ | BetreeMessageDelete ->
+ begin match betree_list_1_pop_front_back (u64 & u64) bindings0 with
+ | Fail -> Fail
+ | Return bindings1 ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings
+ bindings1 with
+ | Fail -> Fail
+ | Return bindings2 -> Return bindings2
+ end
+ end
+ | BetreeMessageUpsert s ->
+ let (_, i) = hd in
+ begin match betree_upsert_update_fwd (Some i) s with
+ | Fail -> Fail
+ | Return v ->
+ begin match betree_list_1_pop_front_back (u64 & u64) bindings0
+ with
+ | Fail -> Fail
+ | Return bindings1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & u64) bindings1 (key,
+ v) with
+ | Fail -> Fail
+ | Return bindings2 ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings
+ bindings2 with
+ | Fail -> Fail
+ | Return bindings3 -> Return bindings3
+ end
+ end
+ end
+ end
+ end
+ end
+ else
+ begin match new_msg with
+ | BetreeMessageInsert v ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & u64) bindings0 (key, v)
+ with
+ | Fail -> Fail
+ | Return bindings1 ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings bindings1
+ with
+ | Fail -> Fail
+ | Return bindings2 -> Return bindings2
+ end
+ end
+ | BetreeMessageDelete ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings bindings0
+ with
+ | Fail -> Fail
+ | Return bindings1 -> Return bindings1
+ end
+ | BetreeMessageUpsert s ->
+ begin match betree_upsert_update_fwd None s with
+ | Fail -> Fail
+ | Return v ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & u64) bindings0 (key, v)
+ with
+ | Fail -> Fail
+ | Return bindings1 ->
+ begin match
+ betree_node_5_lookup_mut_in_bindings_back key bindings
+ bindings1 with
+ | Fail -> Fail
+ | Return bindings2 -> Return bindings2
+ end
+ end
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::filter_messages_for_key] *)
+let rec betree_node_5_filter_messages_for_key_fwd_back
+ (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_filter_messages_for_key_decreases key msgs))
+ =
+ begin match msgs with
+ | BetreeListCons p l ->
+ let (k, m) = p in
+ if k = key
+ then
+ begin match
+ betree_list_1_pop_front_back (u64 & betree_message_t) (BetreeListCons
+ (k, m) l) with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0
+ with
+ | Fail -> Fail
+ | Return msgs1 -> Return msgs1
+ end
+ end
+ else Return (BetreeListCons (k, m) l)
+ | BetreeListNil -> Return BetreeListNil
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *)
+let rec betree_node_5_lookup_first_message_after_key_fwd
+ (key : u64) (msgs : betree_list_t (u64 & betree_message_t)) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_lookup_first_message_after_key_decreases key msgs))
+ =
+ begin match msgs with
+ | BetreeListCons p next_msgs ->
+ let (k, m) = p in
+ if k = key
+ then
+ begin match
+ betree_node_5_lookup_first_message_after_key_fwd key next_msgs with
+ | Fail -> Fail
+ | Return l -> Return l
+ end
+ else Return (BetreeListCons (k, m) next_msgs)
+ | BetreeListNil -> Return BetreeListNil
+ end
+
+(** [betree_main::betree::Node::{5}::lookup_first_message_after_key] *)
+let rec betree_node_5_lookup_first_message_after_key_back
+ (key : u64) (msgs : betree_list_t (u64 & betree_message_t))
+ (ret : betree_list_t (u64 & betree_message_t)) :
+ Tot (result (betree_list_t (u64 & betree_message_t)))
+ (decreases (betree_node_5_lookup_first_message_after_key_decreases key msgs))
+ =
+ begin match msgs with
+ | BetreeListCons p next_msgs ->
+ let (k, m) = p in
+ if k = key
+ then
+ begin match
+ betree_node_5_lookup_first_message_after_key_back key next_msgs ret
+ with
+ | Fail -> Fail
+ | Return next_msgs0 -> Return (BetreeListCons (k, m) next_msgs0)
+ end
+ else Return ret
+ | BetreeListNil -> Return ret
+ end
+
+(** [betree_main::betree::Node::{5}::apply_to_internal] *)
+let betree_node_5_apply_to_internal_fwd_back
+ (msgs : betree_list_t (u64 & betree_message_t)) (key : u64)
+ (new_msg : betree_message_t) :
+ result (betree_list_t (u64 & betree_message_t))
+ =
+ begin match betree_node_5_lookup_first_message_for_key_fwd key msgs with
+ | Fail -> Fail
+ | Return msgs0 ->
+ begin match betree_list_2_head_has_key_fwd betree_message_t msgs0 key with
+ | Fail -> Fail
+ | Return b ->
+ if b
+ then
+ begin match new_msg with
+ | BetreeMessageInsert i ->
+ begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0
+ with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs1
+ (key, BetreeMessageInsert i) with
+ | Fail -> Fail
+ | Return msgs2 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs msgs2
+ with
+ | Fail -> Fail
+ | Return msgs3 -> Return msgs3
+ end
+ end
+ end
+ | BetreeMessageDelete ->
+ begin match betree_node_5_filter_messages_for_key_fwd_back key msgs0
+ with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs1
+ (key, BetreeMessageDelete) with
+ | Fail -> Fail
+ | Return msgs2 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs msgs2
+ with
+ | Fail -> Fail
+ | Return msgs3 -> Return msgs3
+ end
+ end
+ end
+ | BetreeMessageUpsert s ->
+ begin match betree_list_1_hd_fwd (u64 & betree_message_t) msgs0 with
+ | Fail -> Fail
+ | Return p ->
+ let (_, m) = p in
+ begin match m with
+ | BetreeMessageInsert prev ->
+ begin match betree_upsert_update_fwd (Some prev) s with
+ | Fail -> Fail
+ | Return v ->
+ begin match
+ betree_list_1_pop_front_back (u64 & betree_message_t) msgs0
+ with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t)
+ msgs1 (key, BetreeMessageInsert v) with
+ | Fail -> Fail
+ | Return msgs2 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ msgs2 with
+ | Fail -> Fail
+ | Return msgs3 -> Return msgs3
+ end
+ end
+ end
+ end
+ | BetreeMessageDelete ->
+ begin match betree_upsert_update_fwd None s with
+ | Fail -> Fail
+ | Return v ->
+ begin match
+ betree_list_1_pop_front_back (u64 & betree_message_t) msgs0
+ with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t)
+ msgs1 (key, BetreeMessageInsert v) with
+ | Fail -> Fail
+ | Return msgs2 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ msgs2 with
+ | Fail -> Fail
+ | Return msgs3 -> Return msgs3
+ end
+ end
+ end
+ end
+ | BetreeMessageUpsert ufs ->
+ begin match
+ betree_node_5_lookup_first_message_after_key_fwd key msgs0 with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t)
+ msgs1 (key, BetreeMessageUpsert s) with
+ | Fail -> Fail
+ | Return msgs2 ->
+ begin match
+ betree_node_5_lookup_first_message_after_key_back key msgs0
+ msgs2 with
+ | Fail -> Fail
+ | Return msgs3 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs
+ msgs3 with
+ | Fail -> Fail
+ | Return msgs4 -> Return msgs4
+ end
+ end
+ end
+ end
+ end
+ end
+ end
+ else
+ begin match
+ betree_list_1_push_front_fwd_back (u64 & betree_message_t) msgs0
+ (key, new_msg) with
+ | Fail -> Fail
+ | Return msgs1 ->
+ begin match
+ betree_node_5_lookup_first_message_for_key_back key msgs msgs1 with
+ | Fail -> Fail
+ | Return msgs2 -> Return msgs2
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::Internal::{4}::flush] *)
+let rec betree_internal_4_flush_fwd
+ (self : betree_internal_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t)
+ (content : betree_list_t (u64 & betree_message_t)) (st : state) :
+ Tot (result (state & (betree_list_t (u64 & betree_message_t))))
+ (decreases (betree_internal_4_flush_decreases self params node_id_cnt content
+ st))
+ =
+ begin match
+ betree_list_2_partition_at_pivot_fwd betree_message_t content
+ self.betree_internal_pivot with
+ | Fail -> Fail
+ | Return p ->
+ let (msgs_left, msgs_right) = p in
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_left with
+ | Fail -> Fail
+ | Return len_left ->
+ if len_left >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_node_5_apply_messages_fwd self.betree_internal_left params
+ node_id_cnt msgs_left st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_right
+ with
+ | Fail -> Fail
+ | Return len_right ->
+ if len_right >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_node_5_apply_messages_back self.betree_internal_left
+ params node_id_cnt msgs_left st with
+ | Fail -> Fail
+ | Return (_, node_id_cnt0) ->
+ begin match
+ betree_node_5_apply_messages_fwd self.betree_internal_right
+ params node_id_cnt0 msgs_right st0 with
+ | Fail -> Fail
+ | Return (st1, _) -> Return (st1, BetreeListNil)
+ end
+ end
+ else Return (st0, msgs_right)
+ end
+ end
+ else
+ begin match
+ betree_node_5_apply_messages_fwd self.betree_internal_right params
+ node_id_cnt msgs_right st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, msgs_left)
+ end
+ end
+ end
+
+(** [betree_main::betree::Internal::{4}::flush] *)
+and betree_internal_4_flush_back
+ (self : betree_internal_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t)
+ (content : betree_list_t (u64 & betree_message_t)) (st : state) :
+ Tot (result (betree_internal_t & betree_node_id_counter_t))
+ (decreases (betree_internal_4_flush_decreases self params node_id_cnt content
+ st))
+ =
+ begin match
+ betree_list_2_partition_at_pivot_fwd betree_message_t content
+ self.betree_internal_pivot with
+ | Fail -> Fail
+ | Return p ->
+ let (msgs_left, msgs_right) = p in
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_left with
+ | Fail -> Fail
+ | Return len_left ->
+ if len_left >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_node_5_apply_messages_fwd self.betree_internal_left params
+ node_id_cnt msgs_left st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) msgs_right
+ with
+ | Fail -> Fail
+ | Return len_right ->
+ if len_right >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_node_5_apply_messages_back self.betree_internal_left
+ params node_id_cnt msgs_left st with
+ | Fail -> Fail
+ | Return (n, node_id_cnt0) ->
+ begin match
+ betree_node_5_apply_messages_back self.betree_internal_right
+ params node_id_cnt0 msgs_right st0 with
+ | Fail -> Fail
+ | Return (n0, node_id_cnt1) ->
+ Return (Mkbetree_internal_t self.betree_internal_id
+ self.betree_internal_pivot n n0, node_id_cnt1)
+ end
+ end
+ else
+ begin match
+ betree_node_5_apply_messages_back self.betree_internal_left
+ params node_id_cnt msgs_left st with
+ | Fail -> Fail
+ | Return (n, node_id_cnt0) ->
+ Return (Mkbetree_internal_t self.betree_internal_id
+ self.betree_internal_pivot n self.betree_internal_right,
+ node_id_cnt0)
+ end
+ end
+ end
+ else
+ begin match
+ betree_node_5_apply_messages_back self.betree_internal_right params
+ node_id_cnt msgs_right st with
+ | Fail -> Fail
+ | Return (n, node_id_cnt0) ->
+ Return (Mkbetree_internal_t self.betree_internal_id
+ self.betree_internal_pivot self.betree_internal_left n,
+ node_id_cnt0)
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::apply_messages] *)
+and betree_node_5_apply_messages_fwd
+ (self : betree_node_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t)
+ (msgs : betree_list_t (u64 & betree_message_t)) (st : state) :
+ Tot (result (state & unit))
+ (decreases (betree_node_5_apply_messages_decreases self params node_id_cnt
+ msgs st))
+ =
+ begin match msgs with
+ | BetreeListCons p msgs0 ->
+ let (key, msg) = p in
+ begin match betree_node_5_apply_fwd self params node_id_cnt key msg st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_node_5_apply_back self params node_id_cnt key msg st
+ with
+ | Fail -> Fail
+ | Return (self0, node_id_cnt0) ->
+ begin match
+ betree_node_5_apply_messages_fwd self0 params node_id_cnt0 msgs0 st0
+ with
+ | Fail -> Fail
+ | Return (st1, _) -> Return (st1, ())
+ end
+ end
+ end
+ | BetreeListNil -> Return (st, ())
+ end
+
+(** [betree_main::betree::Node::{5}::apply_messages] *)
+and betree_node_5_apply_messages_back
+ (self : betree_node_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t)
+ (msgs : betree_list_t (u64 & betree_message_t)) (st : state) :
+ Tot (result (betree_node_t & betree_node_id_counter_t))
+ (decreases (betree_node_5_apply_messages_decreases self params node_id_cnt
+ msgs st))
+ =
+ begin match msgs with
+ | BetreeListCons p msgs0 ->
+ let (key, msg) = p in
+ begin match betree_node_5_apply_fwd self params node_id_cnt key msg st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_node_5_apply_back self params node_id_cnt key msg st
+ with
+ | Fail -> Fail
+ | Return (self0, node_id_cnt0) ->
+ begin match
+ betree_node_5_apply_messages_back self0 params node_id_cnt0 msgs0 st0
+ with
+ | Fail -> Fail
+ | Return (self1, node_id_cnt1) -> Return (self1, node_id_cnt1)
+ end
+ end
+ end
+ | BetreeListNil -> Return (self, node_id_cnt)
+ end
+
+(** [betree_main::betree::Node::{5}::apply] *)
+and betree_node_5_apply_fwd
+ (self : betree_node_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t) (key : u64)
+ (new_msg : betree_message_t) (st : state) :
+ Tot (result (state & unit))
+ (decreases (betree_node_5_apply_decreases self params node_id_cnt key new_msg
+ st))
+ =
+ begin match self with
+ | BetreeNodeInternal node ->
+ begin match betree_load_internal_node_fwd node.betree_internal_id st with
+ | Fail -> Fail
+ | Return (st0, content) ->
+ begin match betree_node_5_apply_to_internal_fwd_back content key new_msg
+ with
+ | Fail -> Fail
+ | Return content0 ->
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) content0
+ with
+ | Fail -> Fail
+ | Return num_msgs ->
+ if num_msgs >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_internal_4_flush_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) params
+ node_id_cnt content0 st0 with
+ | Fail -> Fail
+ | Return (st1, content1) ->
+ begin match
+ betree_internal_4_flush_back (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) params
+ node_id_cnt content0 st0 with
+ | Fail -> Fail
+ | Return (node0, _) ->
+ begin match
+ betree_store_internal_node_fwd node0.betree_internal_id
+ content1 st1 with
+ | Fail -> Fail
+ | Return (st2, _) -> Return (st2, ())
+ end
+ end
+ end
+ else
+ begin match
+ betree_store_internal_node_fwd node.betree_internal_id content0
+ st0 with
+ | Fail -> Fail
+ | Return (st1, _) -> Return (st1, ())
+ end
+ end
+ end
+ end
+ | BetreeNodeLeaf node ->
+ begin match betree_load_leaf_node_fwd node.betree_leaf_id st with
+ | Fail -> Fail
+ | Return (st0, content) ->
+ begin match betree_node_5_apply_to_leaf_fwd_back content key new_msg with
+ | Fail -> Fail
+ | Return content0 ->
+ begin match betree_list_1_len_fwd (u64 & u64) content0 with
+ | Fail -> Fail
+ | Return len ->
+ begin match u64_mul 2 params.betree_params_split_size with
+ | Fail -> Fail
+ | Return i ->
+ if len >= i
+ then
+ begin match
+ betree_leaf_3_split_fwd (Mkbetree_leaf_t node.betree_leaf_id
+ node.betree_leaf_size) content0 params node_id_cnt st0 with
+ | Fail -> Fail
+ | Return (st1, _) ->
+ begin match
+ betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil
+ st1 with
+ | Fail -> Fail
+ | Return (st2, _) -> Return (st2, ())
+ end
+ end
+ else
+ begin match
+ betree_store_leaf_node_fwd node.betree_leaf_id content0 st0
+ with
+ | Fail -> Fail
+ | Return (st1, _) -> Return (st1, ())
+ end
+ end
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::Node::{5}::apply] *)
+and betree_node_5_apply_back
+ (self : betree_node_t) (params : betree_params_t)
+ (node_id_cnt : betree_node_id_counter_t) (key : u64)
+ (new_msg : betree_message_t) (st : state) :
+ Tot (result (betree_node_t & betree_node_id_counter_t))
+ (decreases (betree_node_5_apply_decreases self params node_id_cnt key new_msg
+ st))
+ =
+ begin match self with
+ | BetreeNodeInternal node ->
+ begin match betree_load_internal_node_fwd node.betree_internal_id st with
+ | Fail -> Fail
+ | Return (st0, content) ->
+ begin match betree_node_5_apply_to_internal_fwd_back content key new_msg
+ with
+ | Fail -> Fail
+ | Return content0 ->
+ begin match betree_list_1_len_fwd (u64 & betree_message_t) content0
+ with
+ | Fail -> Fail
+ | Return num_msgs ->
+ if num_msgs >= params.betree_params_min_flush_size
+ then
+ begin match
+ betree_internal_4_flush_fwd (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) params
+ node_id_cnt content0 st0 with
+ | Fail -> Fail
+ | Return (st1, content1) ->
+ begin match
+ betree_internal_4_flush_back (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right) params
+ node_id_cnt content0 st0 with
+ | Fail -> Fail
+ | Return (node0, node_id_cnt0) ->
+ begin match
+ betree_store_internal_node_fwd node0.betree_internal_id
+ content1 st1 with
+ | Fail -> Fail
+ | Return (_, _) ->
+ Return (BetreeNodeInternal (Mkbetree_internal_t
+ node0.betree_internal_id node0.betree_internal_pivot
+ node0.betree_internal_left node0.betree_internal_right),
+ node_id_cnt0)
+ end
+ end
+ end
+ else
+ begin match
+ betree_store_internal_node_fwd node.betree_internal_id content0
+ st0 with
+ | Fail -> Fail
+ | Return (_, _) ->
+ Return (BetreeNodeInternal (Mkbetree_internal_t
+ node.betree_internal_id node.betree_internal_pivot
+ node.betree_internal_left node.betree_internal_right),
+ node_id_cnt)
+ end
+ end
+ end
+ end
+ | BetreeNodeLeaf node ->
+ begin match betree_load_leaf_node_fwd node.betree_leaf_id st with
+ | Fail -> Fail
+ | Return (st0, content) ->
+ begin match betree_node_5_apply_to_leaf_fwd_back content key new_msg with
+ | Fail -> Fail
+ | Return content0 ->
+ begin match betree_list_1_len_fwd (u64 & u64) content0 with
+ | Fail -> Fail
+ | Return len ->
+ begin match u64_mul 2 params.betree_params_split_size with
+ | Fail -> Fail
+ | Return i ->
+ if len >= i
+ then
+ begin match
+ betree_leaf_3_split_fwd (Mkbetree_leaf_t node.betree_leaf_id
+ node.betree_leaf_size) content0 params node_id_cnt st0 with
+ | Fail -> Fail
+ | Return (st1, new_node) ->
+ begin match
+ betree_store_leaf_node_fwd node.betree_leaf_id BetreeListNil
+ st1 with
+ | Fail -> Fail
+ | Return (_, _) ->
+ begin match
+ betree_leaf_3_split_back (Mkbetree_leaf_t
+ node.betree_leaf_id node.betree_leaf_size) content0
+ params node_id_cnt st0 with
+ | Fail -> Fail
+ | Return node_id_cnt0 ->
+ Return (BetreeNodeInternal new_node, node_id_cnt0)
+ end
+ end
+ end
+ else
+ begin match
+ betree_store_leaf_node_fwd node.betree_leaf_id content0 st0
+ with
+ | Fail -> Fail
+ | Return (_, _) ->
+ Return (BetreeNodeLeaf (Mkbetree_leaf_t node.betree_leaf_id
+ len), node_id_cnt)
+ end
+ end
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::BeTree::{6}::new] *)
+let betree_be_tree_6_new_fwd
+ (min_flush_size : u64) (split_size : u64) (st : state) :
+ result (state & betree_be_tree_t)
+ =
+ begin match betree_node_id_counter_new_fwd with
+ | Fail -> Fail
+ | Return node_id_cnt ->
+ begin match betree_node_id_counter_fresh_id_fwd node_id_cnt with
+ | Fail -> Fail
+ | Return id ->
+ begin match betree_store_leaf_node_fwd id BetreeListNil st with
+ | Fail -> Fail
+ | Return (st0, _) ->
+ begin match betree_node_id_counter_fresh_id_back node_id_cnt with
+ | Fail -> Fail
+ | Return node_id_cnt0 ->
+ Return (st0, Mkbetree_be_tree_t (Mkbetree_params_t min_flush_size
+ split_size) node_id_cnt0 (BetreeNodeLeaf (Mkbetree_leaf_t id 0)))
+ end
+ end
+ end
+ end
+
+(** [betree_main::betree::BeTree::{6}::apply] *)
+let betree_be_tree_6_apply_fwd
+ (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) :
+ result (state & unit)
+ =
+ begin match
+ betree_node_5_apply_fwd self.betree_be_tree_root self.betree_be_tree_params
+ self.betree_be_tree_node_id_cnt key msg st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::BeTree::{6}::apply] *)
+let betree_be_tree_6_apply_back
+ (self : betree_be_tree_t) (key : u64) (msg : betree_message_t) (st : state) :
+ result betree_be_tree_t
+ =
+ begin match
+ betree_node_5_apply_back self.betree_be_tree_root
+ self.betree_be_tree_params self.betree_be_tree_node_id_cnt key msg st
+ with
+ | Fail -> Fail
+ | Return (n, nic) ->
+ Return (Mkbetree_be_tree_t self.betree_be_tree_params nic n)
+ end
+
+(** [betree_main::betree::BeTree::{6}::insert] *)
+let betree_be_tree_6_insert_fwd
+ (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) :
+ result (state & unit)
+ =
+ begin match
+ betree_be_tree_6_apply_fwd self key (BetreeMessageInsert value) st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::BeTree::{6}::insert] *)
+let betree_be_tree_6_insert_back
+ (self : betree_be_tree_t) (key : u64) (value : u64) (st : state) :
+ result betree_be_tree_t
+ =
+ begin match
+ betree_be_tree_6_apply_back self key (BetreeMessageInsert value) st with
+ | Fail -> Fail
+ | Return self0 -> Return self0
+ end
+
+(** [betree_main::betree::BeTree::{6}::delete] *)
+let betree_be_tree_6_delete_fwd
+ (self : betree_be_tree_t) (key : u64) (st : state) : result (state & unit) =
+ begin match betree_be_tree_6_apply_fwd self key BetreeMessageDelete st with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::BeTree::{6}::delete] *)
+let betree_be_tree_6_delete_back
+ (self : betree_be_tree_t) (key : u64) (st : state) :
+ result betree_be_tree_t
+ =
+ begin match betree_be_tree_6_apply_back self key BetreeMessageDelete st with
+ | Fail -> Fail
+ | Return self0 -> Return self0
+ end
+
+(** [betree_main::betree::BeTree::{6}::upsert] *)
+let betree_be_tree_6_upsert_fwd
+ (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t)
+ (st : state) :
+ result (state & unit)
+ =
+ begin match betree_be_tree_6_apply_fwd self key (BetreeMessageUpsert upd) st
+ with
+ | Fail -> Fail
+ | Return (st0, _) -> Return (st0, ())
+ end
+
+(** [betree_main::betree::BeTree::{6}::upsert] *)
+let betree_be_tree_6_upsert_back
+ (self : betree_be_tree_t) (key : u64) (upd : betree_upsert_fun_state_t)
+ (st : state) :
+ result betree_be_tree_t
+ =
+ begin match betree_be_tree_6_apply_back self key (BetreeMessageUpsert upd) st
+ with
+ | Fail -> Fail
+ | Return self0 -> Return self0
+ end
+
+(** [betree_main::betree::BeTree::{6}::lookup] *)
+let betree_be_tree_6_lookup_fwd
+ (self : betree_be_tree_t) (key : u64) (st : state) :
+ result (state & (option u64))
+ =
+ begin match betree_node_5_lookup_fwd self.betree_be_tree_root key st with
+ | Fail -> Fail
+ | Return (st0, opt) -> Return (st0, opt)
+ end
+
+(** [betree_main::betree::BeTree::{6}::lookup] *)
+let betree_be_tree_6_lookup_back
+ (self : betree_be_tree_t) (key : u64) (st : state) :
+ result betree_be_tree_t
+ =
+ begin match betree_node_5_lookup_back self.betree_be_tree_root key st with
+ | Fail -> Fail
+ | Return n ->
+ Return (Mkbetree_be_tree_t self.betree_be_tree_params
+ self.betree_be_tree_node_id_cnt n)
+ end
+
+(** [betree_main::main] *)
+let main_fwd : result unit = Return ()
+
+(** Unit test for [betree_main::main] *)
+let _ = assert_norm (main_fwd = Return ())
+
diff --git a/tests/betree/BetreeMain.Opaque.fsti b/tests/betree/BetreeMain.Opaque.fsti
new file mode 100644
index 00000000..7f0c04de
--- /dev/null
+++ b/tests/betree/BetreeMain.Opaque.fsti
@@ -0,0 +1,30 @@
+(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *)
+(** [betree_main]: opaque function definitions *)
+module BetreeMain.Opaque
+open Primitives
+include BetreeMain.Types
+
+#set-options "--z3rlimit 50 --fuel 0 --ifuel 1"
+
+(** [betree_main::betree_utils::load_internal_node] *)
+val betree_utils_load_internal_node_fwd
+ : u64 -> state -> result (state & (betree_list_t (u64 & betree_message_t)))
+
+(** [betree_main::betree_utils::store_internal_node] *)
+val betree_utils_store_internal_node_fwd
+ :
+ u64 -> betree_list_t (u64 & betree_message_t) -> state -> result (state &
+ unit)
+
+(** [betree_main::betree_utils::load_leaf_node] *)
+val betree_utils_load_leaf_node_fwd
+ : u64 -> state -> result (state & (betree_list_t (u64 & u64)))
+
+(** [betree_main::betree_utils::store_leaf_node] *)
+val betree_utils_store_leaf_node_fwd
+ : u64 -> betree_list_t (u64 & u64) -> state -> result (state & unit)
+
+(** [core::option::Option::{0}::unwrap] *)
+val core_option_option_unwrap_fwd
+ (t : Type0) : option t -> state -> result (state & t)
+
diff --git a/tests/betree/BetreeMain.Types.fsti b/tests/betree/BetreeMain.Types.fsti
new file mode 100644
index 00000000..5edb4526
--- /dev/null
+++ b/tests/betree/BetreeMain.Types.fsti
@@ -0,0 +1,60 @@
+(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *)
+(** [betree_main]: type definitions *)
+module BetreeMain.Types
+open Primitives
+
+#set-options "--z3rlimit 50 --fuel 0 --ifuel 1"
+
+(** [betree_main::betree::List] *)
+type betree_list_t (t : Type0) =
+| BetreeListCons : t -> betree_list_t t -> betree_list_t t
+| BetreeListNil : betree_list_t t
+
+(** [betree_main::betree::UpsertFunState] *)
+type betree_upsert_fun_state_t =
+| BetreeUpsertFunStateAdd : u64 -> betree_upsert_fun_state_t
+| BetreeUpsertFunStateSub : u64 -> betree_upsert_fun_state_t
+
+(** [betree_main::betree::Message] *)
+type betree_message_t =
+| BetreeMessageInsert : u64 -> betree_message_t
+| BetreeMessageDelete : betree_message_t
+| BetreeMessageUpsert : betree_upsert_fun_state_t -> betree_message_t
+
+(** [betree_main::betree::Leaf] *)
+type betree_leaf_t = { betree_leaf_id : u64; betree_leaf_size : u64; }
+
+(** [betree_main::betree::Internal] *)
+type betree_internal_t =
+{
+ betree_internal_id : u64;
+ betree_internal_pivot : u64;
+ betree_internal_left : betree_node_t;
+ betree_internal_right : betree_node_t;
+}
+
+(** [betree_main::betree::Node] *)
+and betree_node_t =
+| BetreeNodeInternal : betree_internal_t -> betree_node_t
+| BetreeNodeLeaf : betree_leaf_t -> betree_node_t
+
+(** [betree_main::betree::Params] *)
+type betree_params_t =
+{
+ betree_params_min_flush_size : u64; betree_params_split_size : u64;
+}
+
+(** [betree_main::betree::NodeIdCounter] *)
+type betree_node_id_counter_t = { betree_node_id_counter_next_node_id : u64; }
+
+(** [betree_main::betree::BeTree] *)
+type betree_be_tree_t =
+{
+ betree_be_tree_params : betree_params_t;
+ betree_be_tree_node_id_cnt : betree_node_id_counter_t;
+ betree_be_tree_root : betree_node_t;
+}
+
+(** The state type used in the state-error monad *)
+val state : Type0
+
diff --git a/tests/betree/Primitives.fst b/tests/betree/Primitives.fst
new file mode 100644
index 00000000..77cf59aa
--- /dev/null
+++ b/tests/betree/Primitives.fst
@@ -0,0 +1,279 @@
+/// This file lists primitive and assumed functions and types
+module Primitives
+open FStar.Mul
+open FStar.List.Tot
+
+#set-options "--z3rlimit 15 --fuel 0 --ifuel 1"
+
+(*** Utilities *)
+val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) :
+ ls':list a{
+ length ls' = length ls /\
+ index ls' i == x
+ }
+#push-options "--fuel 1"
+let rec list_update #a ls i x =
+ match ls with
+ | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x
+#pop-options
+
+(*** Result *)
+type result (a : Type0) : Type0 =
+| Return : v:a -> result a
+| Fail : result a
+
+// Monadic bind and return.
+// Re-definining those allows us to customize the result of the monadic notations
+// like: `y <-- f x;`
+let return (#a : Type0) (x:a) : result a = Return x
+let bind (#a #b : Type0) (m : result a) (f : a -> result b) : result b =
+ match m with
+ | Return x -> f x
+ | Fail -> Fail
+
+// Monadic assert(...)
+let massert (b:bool) : result unit = if b then Return () else Fail
+
+(*** Misc *)
+type char = FStar.Char.char
+type string = string
+
+let mem_replace_fwd (a : Type0) (x : a) (y : a) : a = x
+let mem_replace_back (a : Type0) (x : a) (y : a) : a = y
+
+(*** Scalars *)
+/// Rk.: most of the following code was at least partially generated
+
+let isize_min : int = -9223372036854775808
+let isize_max : int = 9223372036854775807
+let i8_min : int = -128
+let i8_max : int = 127
+let i16_min : int = -32768
+let i16_max : int = 32767
+let i32_min : int = -2147483648
+let i32_max : int = 2147483647
+let i64_min : int = -9223372036854775808
+let i64_max : int = 9223372036854775807
+let i128_min : int = -170141183460469231731687303715884105728
+let i128_max : int = 170141183460469231731687303715884105727
+let usize_min : int = 0
+let usize_max : int = 4294967295 // being conservative here: [u32_max] instead of [u64_max]
+let u8_min : int = 0
+let u8_max : int = 255
+let u16_min : int = 0
+let u16_max : int = 65535
+let u32_min : int = 0
+let u32_max : int = 4294967295
+let u64_min : int = 0
+let u64_max : int = 18446744073709551615
+let u128_min : int = 0
+let u128_max : int = 340282366920938463463374607431768211455
+
+type scalar_ty =
+| Isize
+| I8
+| I16
+| I32
+| I64
+| I128
+| Usize
+| U8
+| U16
+| U32
+| U64
+| U128
+
+let scalar_min (ty : scalar_ty) : int =
+ match ty with
+ | Isize -> isize_min
+ | I8 -> i8_min
+ | I16 -> i16_min
+ | I32 -> i32_min
+ | I64 -> i64_min
+ | I128 -> i128_min
+ | Usize -> usize_min
+ | U8 -> u8_min
+ | U16 -> u16_min
+ | U32 -> u32_min
+ | U64 -> u64_min
+ | U128 -> u128_min
+
+let scalar_max (ty : scalar_ty) : int =
+ match ty with
+ | Isize -> isize_max
+ | I8 -> i8_max
+ | I16 -> i16_max
+ | I32 -> i32_max
+ | I64 -> i64_max
+ | I128 -> i128_max
+ | Usize -> usize_max
+ | U8 -> u8_max
+ | U16 -> u16_max
+ | U32 -> u32_max
+ | U64 -> u64_max
+ | U128 -> u128_max
+
+type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty}
+
+let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) =
+ if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail
+
+let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x)
+
+let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) =
+ if y <> 0 then mk_scalar ty (x / y) else Fail
+
+/// The remainder operation
+let int_rem (x : int) (y : int{y <> 0}) : int =
+ if x >= 0 then (x % y) else -(x % y)
+
+(* Checking consistency with Rust *)
+let _ = assert_norm(int_rem 1 2 = 1)
+let _ = assert_norm(int_rem (-1) 2 = -1)
+let _ = assert_norm(int_rem 1 (-2) = 1)
+let _ = assert_norm(int_rem (-1) (-2) = -1)
+
+let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) =
+ if y <> 0 then mk_scalar ty (int_rem x y) else Fail
+
+let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) =
+ mk_scalar ty (x + y)
+
+let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) =
+ mk_scalar ty (x - y)
+
+let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) =
+ mk_scalar ty (x * y)
+
+/// The scalar types
+type isize : eqtype = scalar Isize
+type i8 : eqtype = scalar I8
+type i16 : eqtype = scalar I16
+type i32 : eqtype = scalar I32
+type i64 : eqtype = scalar I64
+type i128 : eqtype = scalar I128
+type usize : eqtype = scalar Usize
+type u8 : eqtype = scalar U8
+type u16 : eqtype = scalar U16
+type u32 : eqtype = scalar U32
+type u64 : eqtype = scalar U64
+type u128 : eqtype = scalar U128
+
+/// Negation
+let isize_neg = scalar_neg #Isize
+let i8_neg = scalar_neg #I8
+let i16_neg = scalar_neg #I16
+let i32_neg = scalar_neg #I32
+let i64_neg = scalar_neg #I64
+let i128_neg = scalar_neg #I128
+
+/// Division
+let isize_div = scalar_div #Isize
+let i8_div = scalar_div #I8
+let i16_div = scalar_div #I16
+let i32_div = scalar_div #I32
+let i64_div = scalar_div #I64
+let i128_div = scalar_div #I128
+let usize_div = scalar_div #Usize
+let u8_div = scalar_div #U8
+let u16_div = scalar_div #U16
+let u32_div = scalar_div #U32
+let u64_div = scalar_div #U64
+let u128_div = scalar_div #U128
+
+/// Remainder
+let isize_rem = scalar_rem #Isize
+let i8_rem = scalar_rem #I8
+let i16_rem = scalar_rem #I16
+let i32_rem = scalar_rem #I32
+let i64_rem = scalar_rem #I64
+let i128_rem = scalar_rem #I128
+let usize_rem = scalar_rem #Usize
+let u8_rem = scalar_rem #U8
+let u16_rem = scalar_rem #U16
+let u32_rem = scalar_rem #U32
+let u64_rem = scalar_rem #U64
+let u128_rem = scalar_rem #U128
+
+/// Addition
+let isize_add = scalar_add #Isize
+let i8_add = scalar_add #I8
+let i16_add = scalar_add #I16
+let i32_add = scalar_add #I32
+let i64_add = scalar_add #I64
+let i128_add = scalar_add #I128
+let usize_add = scalar_add #Usize
+let u8_add = scalar_add #U8
+let u16_add = scalar_add #U16
+let u32_add = scalar_add #U32
+let u64_add = scalar_add #U64
+let u128_add = scalar_add #U128
+
+/// Substraction
+let isize_sub = scalar_sub #Isize
+let i8_sub = scalar_sub #I8
+let i16_sub = scalar_sub #I16
+let i32_sub = scalar_sub #I32
+let i64_sub = scalar_sub #I64
+let i128_sub = scalar_sub #I128
+let usize_sub = scalar_sub #Usize
+let u8_sub = scalar_sub #U8
+let u16_sub = scalar_sub #U16
+let u32_sub = scalar_sub #U32
+let u64_sub = scalar_sub #U64
+let u128_sub = scalar_sub #U128
+
+/// Multiplication
+let isize_mul = scalar_mul #Isize
+let i8_mul = scalar_mul #I8
+let i16_mul = scalar_mul #I16
+let i32_mul = scalar_mul #I32
+let i64_mul = scalar_mul #I64
+let i128_mul = scalar_mul #I128
+let usize_mul = scalar_mul #Usize
+let u8_mul = scalar_mul #U8
+let u16_mul = scalar_mul #U16
+let u32_mul = scalar_mul #U32
+let u64_mul = scalar_mul #U64
+let u128_mul = scalar_mul #U128
+
+(*** Vector *)
+type vec (a : Type0) = v:list a{length v <= usize_max}
+
+let vec_new (a : Type0) : vec a = assert_norm(length #a [] == 0); []
+let vec_len (a : Type0) (v : vec a) : usize = length v
+
+// The **forward** function shouldn't be used
+let vec_push_fwd (a : Type0) (v : vec a) (x : a) : unit = ()
+let vec_push_back (a : Type0) (v : vec a) (x : a) :
+ Pure (result (vec a))
+ (requires True)
+ (ensures (fun res ->
+ match res with
+ | Fail -> True
+ | Return v' -> length v' = length v + 1)) =
+ if length v < usize_max then begin
+ (**) assert_norm(length [x] == 1);
+ (**) append_length v [x];
+ (**) assert(length (append v [x]) = length v + 1);
+ Return (append v [x])
+ end
+ else Fail
+
+// The **forward** function shouldn't be used
+let vec_insert_fwd (a : Type0) (v : vec a) (i : usize) (x : a) : result unit =
+ if i < length v then Return () else Fail
+let vec_insert_back (a : Type0) (v : vec a) (i : usize) (x : a) : result (vec a) =
+ if i < length v then Return (list_update v i x) else Fail
+
+// The **backward** function shouldn't be used
+let vec_index_fwd (a : Type0) (v : vec a) (i : usize) : result a =
+ if i < length v then Return (index v i) else Fail
+let vec_index_back (a : Type0) (v : vec a) (i : usize) (x : a) : result unit =
+ if i < length v then Return () else Fail
+
+let vec_index_mut_fwd (a : Type0) (v : vec a) (i : usize) : result a =
+ if i < length v then Return (index v i) else Fail
+let vec_index_mut_back (a : Type0) (v : vec a) (i : usize) (nx : a) : result (vec a) =
+ if i < length v then Return (list_update v i nx) else Fail
+