summaryrefslogtreecommitdiff
path: root/tests/coq/misc
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--tests/coq/misc/Constants.v124
-rw-r--r--tests/coq/misc/External__Funs.v39
-rw-r--r--tests/coq/misc/External__Opaque.v24
-rw-r--r--tests/coq/misc/External__Types.v4
-rw-r--r--tests/coq/misc/NoNestedBorrows.v307
-rw-r--r--tests/coq/misc/Paper.v69
-rw-r--r--tests/coq/misc/PoloniusList.v10
7 files changed, 304 insertions, 273 deletions
diff --git a/tests/coq/misc/Constants.v b/tests/coq/misc/Constants.v
index 677aae8c..c9ec0daf 100644
--- a/tests/coq/misc/Constants.v
+++ b/tests/coq/misc/Constants.v
@@ -4,135 +4,141 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Module Constants .
+Module Constants.
(** [constants::X0] *)
-Definition x0_body : result u32 := Return (0 %u32) .
-Definition x0_c : u32 := x0_body%global .
+Definition x0_body : result u32 := Return (0%u32).
+Definition x0_c : u32 := x0_body%global.
(** [core::num::u32::{9}::MAX] *)
-Definition core_num_u32_max_body : result u32 := Return (4294967295 %u32) .
-Definition core_num_u32_max_c : u32 := core_num_u32_max_body%global .
+Definition core_num_u32_max_body : result u32 := Return (4294967295%u32).
+Definition core_num_u32_max_c : u32 := core_num_u32_max_body%global.
(** [constants::X1] *)
-Definition x1_body : result u32 := Return core_num_u32_max_c .
-Definition x1_c : u32 := x1_body%global .
+Definition x1_body : result u32 := Return core_num_u32_max_c.
+Definition x1_c : u32 := x1_body%global.
(** [constants::X2] *)
-Definition x2_body : result u32 := Return (3 %u32) .
-Definition x2_c : u32 := x2_body%global .
+Definition x2_body : result u32 := Return (3%u32).
+Definition x2_c : u32 := x2_body%global.
(** [constants::incr] *)
-Definition incr_fwd (n : u32) : result u32 := i <- u32_add n 1 %u32; Return i .
+Definition incr_fwd (n : u32) : result u32 := i <- u32_add n 1%u32; Return i.
(** [constants::X3] *)
-Definition x3_body : result u32 := i <- incr_fwd (32 %u32); Return i .
-Definition x3_c : u32 := x3_body%global .
+Definition x3_body : result u32 := i <- incr_fwd (32%u32); Return i.
+Definition x3_c : u32 := x3_body%global.
(** [constants::mk_pair0] *)
Definition mk_pair0_fwd (x : u32) (y : u32) : result (u32 * u32) :=
- Return (x, y) .
+ Return (x, y)
+.
(** [constants::Pair] *)
-Record Pair_t (T1 T2 : Type) := mkPair_t { Pair_x : T1; Pair_y : T2; } .
+Record Pair_t (T1 T2 : Type) := mkPair_t { Pair_x : T1; Pair_y : T2; }.
-Arguments mkPair_t {T1} {T2} _ _ .
-Arguments Pair_x {T1} {T2} .
-Arguments Pair_y {T1} {T2} .
+Arguments mkPair_t {T1} {T2} _ _.
+Arguments Pair_x {T1} {T2}.
+Arguments Pair_y {T1} {T2}.
(** [constants::mk_pair1] *)
Definition mk_pair1_fwd (x : u32) (y : u32) : result (Pair_t u32 u32) :=
- Return (mkPair_t x y) .
+ Return (mkPair_t x y)
+.
(** [constants::P0] *)
Definition p0_body : result (u32 * u32) :=
- p <- mk_pair0_fwd (0 %u32) (1 %u32); Return p
- .
-Definition p0_c : (u32 * u32) := p0_body%global .
+ p <- mk_pair0_fwd (0%u32) (1%u32); Return p
+.
+Definition p0_c : (u32 * u32) := p0_body%global.
(** [constants::P1] *)
Definition p1_body : result (Pair_t u32 u32) :=
- p <- mk_pair1_fwd (0 %u32) (1 %u32); Return p
- .
-Definition p1_c : Pair_t u32 u32 := p1_body%global .
+ p <- mk_pair1_fwd (0%u32) (1%u32); Return p
+.
+Definition p1_c : Pair_t u32 u32 := p1_body%global.
(** [constants::P2] *)
-Definition p2_body : result (u32 * u32) := Return (0 %u32, 1 %u32) .
-Definition p2_c : (u32 * u32) := p2_body%global .
+Definition p2_body : result (u32 * u32) := Return (0%u32, 1%u32).
+Definition p2_c : (u32 * u32) := p2_body%global.
(** [constants::P3] *)
Definition p3_body : result (Pair_t u32 u32) :=
- Return (mkPair_t (0 %u32) (1 %u32))
- .
-Definition p3_c : Pair_t u32 u32 := p3_body%global .
+ Return (mkPair_t (0%u32) (1%u32))
+.
+Definition p3_c : Pair_t u32 u32 := p3_body%global.
(** [constants::Wrap] *)
-Record Wrap_t (T : Type) := mkWrap_t { Wrap_val : T; } .
+Record Wrap_t (T : Type) := mkWrap_t { Wrap_val : T; }.
-Arguments mkWrap_t {T} _ .
-Arguments Wrap_val {T} .
+Arguments mkWrap_t {T} _.
+Arguments Wrap_val {T}.
(** [constants::Wrap::{0}::new] *)
Definition wrap_new_fwd (T : Type) (val : T) : result (Wrap_t T) :=
- Return (mkWrap_t val) .
+ Return (mkWrap_t val)
+.
(** [constants::Y] *)
Definition y_body : result (Wrap_t i32) :=
- w <- wrap_new_fwd i32 (2 %i32); Return w
- .
-Definition y_c : Wrap_t i32 := y_body%global .
+ w <- wrap_new_fwd i32 (2%i32); Return w
+.
+Definition y_c : Wrap_t i32 := y_body%global.
(** [constants::unwrap_y] *)
Definition unwrap_y_fwd : result i32 :=
- match y_c with | mkWrap_t i => Return i end .
+ match y_c with | mkWrap_t i => Return i end
+.
(** [constants::YVAL] *)
-Definition yval_body : result i32 := i <- unwrap_y_fwd; Return i .
-Definition yval_c : i32 := yval_body%global .
+Definition yval_body : result i32 := i <- unwrap_y_fwd; Return i.
+Definition yval_c : i32 := yval_body%global.
(** [constants::get_z1::Z1] *)
-Definition get_z1_z1_body : result i32 := Return (3 %i32) .
-Definition get_z1_z1_c : i32 := get_z1_z1_body%global .
+Definition get_z1_z1_body : result i32 := Return (3%i32).
+Definition get_z1_z1_c : i32 := get_z1_z1_body%global.
(** [constants::get_z1] *)
-Definition get_z1_fwd : result i32 := Return get_z1_z1_c .
+Definition get_z1_fwd : result i32 := Return get_z1_z1_c.
(** [constants::add] *)
Definition add_fwd (a : i32) (b : i32) : result i32 :=
- i <- i32_add a b; Return i .
+ i <- i32_add a b; Return i
+.
(** [constants::Q1] *)
-Definition q1_body : result i32 := Return (5 %i32) .
-Definition q1_c : i32 := q1_body%global .
+Definition q1_body : result i32 := Return (5%i32).
+Definition q1_c : i32 := q1_body%global.
(** [constants::Q2] *)
-Definition q2_body : result i32 := Return q1_c .
-Definition q2_c : i32 := q2_body%global .
+Definition q2_body : result i32 := Return q1_c.
+Definition q2_c : i32 := q2_body%global.
(** [constants::Q3] *)
-Definition q3_body : result i32 := i <- add_fwd q2_c (3 %i32); Return i .
-Definition q3_c : i32 := q3_body%global .
+Definition q3_body : result i32 := i <- add_fwd q2_c (3%i32); Return i.
+Definition q3_c : i32 := q3_body%global.
(** [constants::get_z2] *)
Definition get_z2_fwd : result i32 :=
- i <- get_z1_fwd; i0 <- add_fwd i q3_c; i1 <- add_fwd q1_c i0; Return i1 .
+ i <- get_z1_fwd; i0 <- add_fwd i q3_c; i1 <- add_fwd q1_c i0; Return i1
+.
(** [constants::S1] *)
-Definition s1_body : result u32 := Return (6 %u32) .
-Definition s1_c : u32 := s1_body%global .
+Definition s1_body : result u32 := Return (6%u32).
+Definition s1_c : u32 := s1_body%global.
(** [constants::S2] *)
-Definition s2_body : result u32 := i <- incr_fwd s1_c; Return i .
-Definition s2_c : u32 := s2_body%global .
+Definition s2_body : result u32 := i <- incr_fwd s1_c; Return i.
+Definition s2_c : u32 := s2_body%global.
(** [constants::S3] *)
-Definition s3_body : result (Pair_t u32 u32) := Return p3_c .
-Definition s3_c : Pair_t u32 u32 := s3_body%global .
+Definition s3_body : result (Pair_t u32 u32) := Return p3_c.
+Definition s3_c : Pair_t u32 u32 := s3_body%global.
(** [constants::S4] *)
Definition s4_body : result (Pair_t u32 u32) :=
- p <- mk_pair1_fwd (7 %u32) (8 %u32); Return p
- .
-Definition s4_c : Pair_t u32 u32 := s4_body%global .
+ p <- mk_pair1_fwd (7%u32) (8%u32); Return p
+.
+Definition s4_c : Pair_t u32 u32 := s4_body%global.
End Constants .
diff --git a/tests/coq/misc/External__Funs.v b/tests/coq/misc/External__Funs.v
index cc9e9461..e7020040 100644
--- a/tests/coq/misc/External__Funs.v
+++ b/tests/coq/misc/External__Funs.v
@@ -4,11 +4,11 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Require Export External__Types .
-Import External__Types .
-Require Export External__Opaque .
-Import External__Opaque .
-Module External__Funs .
+Require Export External__Types.
+Import External__Types.
+Require Export External__Opaque.
+Import External__Opaque.
+Module External__Funs.
(** [external::swap] *)
Definition swap_fwd
@@ -20,7 +20,7 @@ Definition swap_fwd
p1 <- core_mem_swap_back1 T x y st st1;
let (st2, _) := p1 in
Return (st2, tt)
- .
+.
(** [external::swap] *)
Definition swap_back
@@ -34,7 +34,7 @@ Definition swap_back
p1 <- core_mem_swap_back1 T x y st st2;
let (_, y0) := p1 in
Return (st0, (x0, y0))
- .
+.
(** [external::test_new_non_zero_u32] *)
Definition test_new_non_zero_u32_fwd
@@ -44,15 +44,15 @@ Definition test_new_non_zero_u32_fwd
p0 <- core_option_option_unwrap_fwd Core_num_nonzero_non_zero_u32_t opt st0;
let (st1, nzu) := p0 in
Return (st1, nzu)
- .
+.
(** [external::test_vec] *)
Definition test_vec_fwd : result unit :=
let v := vec_new u32 in
- v0 <- vec_push_back u32 v (0 %u32);
+ v0 <- vec_push_back u32 v (0%u32);
let _ := v0 in
Return tt
- .
+.
(** Unit test for [external::test_vec] *)
Check (test_vec_fwd )%return.
@@ -67,7 +67,7 @@ Definition custom_swap_fwd
p1 <- core_mem_swap_back1 T x y st st1;
let (st2, _) := p1 in
Return (st2, x0)
- .
+.
(** [external::custom_swap] *)
Definition custom_swap_back
@@ -81,33 +81,34 @@ Definition custom_swap_back
p1 <- core_mem_swap_back1 T x y st st2;
let (_, y0) := p1 in
Return (st0, (ret, y0))
- .
+.
(** [external::test_custom_swap] *)
Definition test_custom_swap_fwd
(x : u32) (y : u32) (st : state) : result (state * unit) :=
- p <- custom_swap_fwd u32 x y st; let (st0, _) := p in Return (st0, tt) .
+ p <- custom_swap_fwd u32 x y st; let (st0, _) := p in Return (st0, tt)
+.
(** [external::test_custom_swap] *)
Definition test_custom_swap_back
(x : u32) (y : u32) (st : state) (st0 : state) :
result (state * (u32 * u32))
:=
- p <- custom_swap_back u32 x y st (1 %u32) st0;
+ p <- custom_swap_back u32 x y st (1%u32) st0;
let (st1, p0) := p in
let (x0, y0) := p0 in
Return (st1, (x0, y0))
- .
+.
(** [external::test_swap_non_zero] *)
Definition test_swap_non_zero_fwd
(x : u32) (st : state) : result (state * u32) :=
- p <- swap_fwd u32 x (0 %u32) st;
+ p <- swap_fwd u32 x (0%u32) st;
let (st0, _) := p in
- p0 <- swap_back u32 x (0 %u32) st st0;
+ p0 <- swap_back u32 x (0%u32) st st0;
let (st1, p1) := p0 in
let (x0, _) := p1 in
- if x0 s= 0 %u32 then Fail_ Failure else Return (st1, x0)
- .
+ if x0 s= 0%u32 then Fail_ Failure else Return (st1, x0)
+.
End External__Funs .
diff --git a/tests/coq/misc/External__Opaque.v b/tests/coq/misc/External__Opaque.v
index 19111a37..93652450 100644
--- a/tests/coq/misc/External__Opaque.v
+++ b/tests/coq/misc/External__Opaque.v
@@ -4,33 +4,33 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Require Export External__Types .
-Import External__Types .
-Module External__Opaque .
+Require Export External__Types.
+Import External__Types.
+Module External__Opaque.
(** [core::mem::swap] *)
Axiom core_mem_swap_fwd :
- forall(T : Type) , T -> T -> state -> result (state * unit)
- .
+ forall(T : Type), T -> T -> state -> result (state * unit)
+.
(** [core::mem::swap] *)
Axiom core_mem_swap_back0 :
- forall(T : Type) , T -> T -> state -> state -> result (state * T)
- .
+ forall(T : Type), T -> T -> state -> state -> result (state * T)
+.
(** [core::mem::swap] *)
Axiom core_mem_swap_back1 :
- forall(T : Type) , T -> T -> state -> state -> result (state * T)
- .
+ forall(T : Type), T -> T -> state -> state -> result (state * T)
+.
(** [core::num::nonzero::NonZeroU32::{14}::new] *)
Axiom core_num_nonzero_non_zero_u32_new_fwd
: u32 -> state -> result (state * (option Core_num_nonzero_non_zero_u32_t))
- .
+.
(** [core::option::Option::{0}::unwrap] *)
Axiom core_option_option_unwrap_fwd :
- forall(T : Type) , option T -> state -> result (state * T)
- .
+ forall(T : Type), option T -> state -> result (state * T)
+.
End External__Opaque .
diff --git a/tests/coq/misc/External__Types.v b/tests/coq/misc/External__Types.v
index 1513ec4a..f4f74272 100644
--- a/tests/coq/misc/External__Types.v
+++ b/tests/coq/misc/External__Types.v
@@ -4,10 +4,10 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Module External__Types .
+Module External__Types.
(** [core::num::nonzero::NonZeroU32] *)
-Axiom Core_num_nonzero_non_zero_u32_t : Type .
+Axiom Core_num_nonzero_non_zero_u32_t : Type.
(** The state type used in the state-error monad *)
Axiom state : Type.
diff --git a/tests/coq/misc/NoNestedBorrows.v b/tests/coq/misc/NoNestedBorrows.v
index 6d7f7987..7c5212b2 100644
--- a/tests/coq/misc/NoNestedBorrows.v
+++ b/tests/coq/misc/NoNestedBorrows.v
@@ -4,14 +4,14 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Module NoNestedBorrows .
+Module NoNestedBorrows.
(** [no_nested_borrows::Pair] *)
-Record Pair_t (T1 T2 : Type) := mkPair_t { Pair_x : T1; Pair_y : T2; } .
+Record Pair_t (T1 T2 : Type) := mkPair_t { Pair_x : T1; Pair_y : T2; }.
-Arguments mkPair_t {T1} {T2} _ _ .
-Arguments Pair_x {T1} {T2} .
-Arguments Pair_y {T1} {T2} .
+Arguments mkPair_t {T1} {T2} _ _.
+Arguments Pair_x {T1} {T2}.
+Arguments Pair_y {T1} {T2}.
(** [no_nested_borrows::List] *)
Inductive List_t (T : Type) :=
@@ -19,29 +19,22 @@ Inductive List_t (T : Type) :=
| ListNil : List_t T
.
-Arguments ListCons {T} _ _ .
-Arguments ListNil {T} .
+Arguments ListCons {T} _ _.
+Arguments ListNil {T}.
(** [no_nested_borrows::One] *)
-Inductive One_t (T1 : Type) := | OneOne : T1 -> One_t T1 .
+Inductive One_t (T1 : Type) := | OneOne : T1 -> One_t T1.
-Arguments OneOne {T1} _ .
+Arguments OneOne {T1} _.
(** [no_nested_borrows::EmptyEnum] *)
-Inductive Empty_enum_t := | EmptyEnumEmpty : Empty_enum_t .
-
-Arguments EmptyEnumEmpty .
+Inductive Empty_enum_t := | EmptyEnumEmpty : Empty_enum_t.
(** [no_nested_borrows::Enum] *)
-Inductive Enum_t := | EnumVariant1 : Enum_t | EnumVariant2 : Enum_t .
-
-Arguments EnumVariant1 .
-Arguments EnumVariant2 .
+Inductive Enum_t := | EnumVariant1 : Enum_t | EnumVariant2 : Enum_t.
(** [no_nested_borrows::EmptyStruct] *)
-Record Empty_struct_t := mkEmpty_struct_t { } .
-
-Arguments mkEmpty_struct_t .
+Record Empty_struct_t := mkEmpty_struct_t { }.
(** [no_nested_borrows::Sum] *)
Inductive Sum_t (T1 T2 : Type) :=
@@ -49,136 +42,148 @@ Inductive Sum_t (T1 T2 : Type) :=
| SumRight : T2 -> Sum_t T1 T2
.
-Arguments SumLeft {T1} {T2} _ .
-Arguments SumRight {T1} {T2} _ .
+Arguments SumLeft {T1} {T2} _.
+Arguments SumRight {T1} {T2} _.
(** [no_nested_borrows::neg_test] *)
-Definition neg_test_fwd (x : i32) : result i32 := i <- i32_neg x; Return i .
+Definition neg_test_fwd (x : i32) : result i32 := i <- i32_neg x; Return i.
(** [no_nested_borrows::add_test] *)
Definition add_test_fwd (x : u32) (y : u32) : result u32 :=
- i <- u32_add x y; Return i .
+ i <- u32_add x y; Return i
+.
(** [no_nested_borrows::subs_test] *)
Definition subs_test_fwd (x : u32) (y : u32) : result u32 :=
- i <- u32_sub x y; Return i .
+ i <- u32_sub x y; Return i
+.
(** [no_nested_borrows::div_test] *)
Definition div_test_fwd (x : u32) (y : u32) : result u32 :=
- i <- u32_div x y; Return i .
+ i <- u32_div x y; Return i
+.
(** [no_nested_borrows::div_test1] *)
Definition div_test1_fwd (x : u32) : result u32 :=
- i <- u32_div x 2 %u32; Return i .
+ i <- u32_div x 2%u32; Return i
+.
(** [no_nested_borrows::rem_test] *)
Definition rem_test_fwd (x : u32) (y : u32) : result u32 :=
- i <- u32_rem x y; Return i .
+ i <- u32_rem x y; Return i
+.
(** [no_nested_borrows::cast_test] *)
Definition cast_test_fwd (x : u32) : result i32 :=
- i <- scalar_cast U32 I32 x; Return i .
+ i <- scalar_cast U32 I32 x; Return i
+.
(** [no_nested_borrows::test2] *)
Definition test2_fwd : result unit :=
- i <- u32_add 23 %u32 44 %u32; let _ := i in Return tt .
+ i <- u32_add 23%u32 44%u32; let _ := i in Return tt
+.
(** Unit test for [no_nested_borrows::test2] *)
Check (test2_fwd )%return.
(** [no_nested_borrows::get_max] *)
Definition get_max_fwd (x : u32) (y : u32) : result u32 :=
- if x s>= y then Return x else Return y .
+ if x s>= y then Return x else Return y
+.
(** [no_nested_borrows::test3] *)
Definition test3_fwd : result unit :=
- x <- get_max_fwd (4 %u32) (3 %u32);
- y <- get_max_fwd (10 %u32) (11 %u32);
+ x <- get_max_fwd (4%u32) (3%u32);
+ y <- get_max_fwd (10%u32) (11%u32);
z <- u32_add x y;
- if negb (z s= 15 %u32) then Fail_ Failure else Return tt
- .
+ if negb (z s= 15%u32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::test3] *)
Check (test3_fwd )%return.
(** [no_nested_borrows::test_neg1] *)
Definition test_neg1_fwd : result unit :=
- y <- i32_neg (3 %i32);
- if negb (y s= (-3) %i32) then Fail_ Failure else Return tt
- .
+ y <- i32_neg (3%i32);
+ if negb (y s= (-3)%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::test_neg1] *)
Check (test_neg1_fwd )%return.
(** [no_nested_borrows::refs_test1] *)
Definition refs_test1_fwd : result unit :=
- if negb (1 %i32 s= 1 %i32) then Fail_ Failure else Return tt .
+ if negb (1%i32 s= 1%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::refs_test1] *)
Check (refs_test1_fwd )%return.
(** [no_nested_borrows::refs_test2] *)
Definition refs_test2_fwd : result unit :=
- if negb (2 %i32 s= 2 %i32)
+ if negb (2%i32 s= 2%i32)
then Fail_ Failure
else
- if negb (0 %i32 s= 0 %i32)
+ if negb (0%i32 s= 0%i32)
then Fail_ Failure
else
- if negb (2 %i32 s= 2 %i32)
+ if negb (2%i32 s= 2%i32)
then Fail_ Failure
- else if negb (2 %i32 s= 2 %i32) then Fail_ Failure else Return tt
- .
+ else if negb (2%i32 s= 2%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::refs_test2] *)
Check (refs_test2_fwd )%return.
(** [no_nested_borrows::test_list1] *)
-Definition test_list1_fwd : result unit := Return tt .
+Definition test_list1_fwd : result unit := Return tt.
(** Unit test for [no_nested_borrows::test_list1] *)
Check (test_list1_fwd )%return.
(** [no_nested_borrows::test_box1] *)
Definition test_box1_fwd : result unit :=
- let b := 1 %i32 in
+ let b := 1%i32 in
let x := b in
- if negb (x s= 1 %i32) then Fail_ Failure else Return tt
- .
+ if negb (x s= 1%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::test_box1] *)
Check (test_box1_fwd )%return.
(** [no_nested_borrows::copy_int] *)
-Definition copy_int_fwd (x : i32) : result i32 := Return x .
+Definition copy_int_fwd (x : i32) : result i32 := Return x.
(** [no_nested_borrows::test_unreachable] *)
Definition test_unreachable_fwd (b : bool) : result unit :=
- if b then Fail_ Failure else Return tt .
+ if b then Fail_ Failure else Return tt
+.
(** [no_nested_borrows::test_panic] *)
Definition test_panic_fwd (b : bool) : result unit :=
- if b then Fail_ Failure else Return tt .
+ if b then Fail_ Failure else Return tt
+.
(** [no_nested_borrows::test_copy_int] *)
Definition test_copy_int_fwd : result unit :=
- y <- copy_int_fwd (0 %i32);
- if negb (0 %i32 s= y) then Fail_ Failure else Return tt
- .
+ y <- copy_int_fwd (0%i32);
+ if negb (0%i32 s= y) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::test_copy_int] *)
Check (test_copy_int_fwd )%return.
(** [no_nested_borrows::is_cons] *)
Definition is_cons_fwd (T : Type) (l : List_t T) : result bool :=
- match l with | ListCons t l0 => Return true | ListNil => Return false end .
+ match l with | ListCons t l0 => Return true | ListNil => Return false end
+.
(** [no_nested_borrows::test_is_cons] *)
Definition test_is_cons_fwd : result unit :=
let l := ListNil in
- b <- is_cons_fwd i32 (ListCons (0 %i32) l);
+ b <- is_cons_fwd i32 (ListCons (0%i32) l);
if negb b then Fail_ Failure else Return tt
- .
+.
(** Unit test for [no_nested_borrows::test_is_cons] *)
Check (test_is_cons_fwd )%return.
@@ -190,48 +195,51 @@ Definition split_list_fwd
| ListCons hd tl => Return (hd, tl)
| ListNil => Fail_ Failure
end
- .
+.
(** [no_nested_borrows::test_split_list] *)
Definition test_split_list_fwd : result unit :=
let l := ListNil in
- p <- split_list_fwd i32 (ListCons (0 %i32) l);
+ p <- split_list_fwd i32 (ListCons (0%i32) l);
let (hd, _) := p in
- if negb (hd s= 0 %i32) then Fail_ Failure else Return tt
- .
+ if negb (hd s= 0%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [no_nested_borrows::test_split_list] *)
Check (test_split_list_fwd )%return.
(** [no_nested_borrows::choose] *)
Definition choose_fwd (T : Type) (b : bool) (x : T) (y : T) : result T :=
- if b then Return x else Return y .
+ if b then Return x else Return y
+.
(** [no_nested_borrows::choose] *)
Definition choose_back
(T : Type) (b : bool) (x : T) (y : T) (ret : T) : result (T * T) :=
- if b then Return (ret, y) else Return (x, ret) .
+ if b then Return (ret, y) else Return (x, ret)
+.
(** [no_nested_borrows::choose_test] *)
Definition choose_test_fwd : result unit :=
- z <- choose_fwd i32 true (0 %i32) (0 %i32);
- z0 <- i32_add z 1 %i32;
- if negb (z0 s= 1 %i32)
+ z <- choose_fwd i32 true (0%i32) (0%i32);
+ z0 <- i32_add z 1%i32;
+ if negb (z0 s= 1%i32)
then Fail_ Failure
else (
- p <- choose_back i32 true (0 %i32) (0 %i32) z0;
+ p <- choose_back i32 true (0%i32) (0%i32) z0;
let (x, y) := p in
- if negb (x s= 1 %i32)
+ if negb (x s= 1%i32)
then Fail_ Failure
- else if negb (y s= 0 %i32) then Fail_ Failure else Return tt)
- .
+ else if negb (y s= 0%i32) then Fail_ Failure else Return tt)
+.
(** Unit test for [no_nested_borrows::choose_test] *)
Check (choose_test_fwd )%return.
(** [no_nested_borrows::test_char] *)
Definition test_char_fwd : result char :=
- Return (char_of_byte Coq.Init.Byte.x61) .
+ Return (char_of_byte Coq.Init.Byte.x61)
+.
(** [no_nested_borrows::NodeElem] *)
Inductive Node_elem_t (T : Type) :=
@@ -244,57 +252,57 @@ with Tree_t (T : Type) :=
| TreeNode : T -> Node_elem_t T -> Tree_t T -> Tree_t T
.
-Arguments NodeElemCons {T} _ _ .
-Arguments NodeElemNil {T} .
+Arguments NodeElemCons {T} _ _.
+Arguments NodeElemNil {T}.
-Arguments TreeLeaf {T} _ .
-Arguments TreeNode {T} _ _ _ .
+Arguments TreeLeaf {T} _.
+Arguments TreeNode {T} _ _ _.
(** [no_nested_borrows::list_length] *)
Fixpoint list_length_fwd (T : Type) (l : List_t T) : result u32 :=
match l with
| ListCons t l1 =>
- i <- list_length_fwd T l1; i0 <- u32_add 1 %u32 i; Return i0
- | ListNil => Return (0 %u32)
+ i <- list_length_fwd T l1; i0 <- u32_add 1%u32 i; Return i0
+ | ListNil => Return (0%u32)
end
- .
+.
(** [no_nested_borrows::list_nth_shared] *)
Fixpoint list_nth_shared_fwd (T : Type) (l : List_t T) (i : u32) : result T :=
match l with
| ListCons x tl =>
- if i s= 0 %u32
+ if i s= 0%u32
then Return x
- else (i0 <- u32_sub i 1 %u32; t <- list_nth_shared_fwd T tl i0; Return t)
+ else (i0 <- u32_sub i 1%u32; t <- list_nth_shared_fwd T tl i0; Return t)
| ListNil => Fail_ Failure
end
- .
+.
(** [no_nested_borrows::list_nth_mut] *)
Fixpoint list_nth_mut_fwd (T : Type) (l : List_t T) (i : u32) : result T :=
match l with
| ListCons x tl =>
- if i s= 0 %u32
+ if i s= 0%u32
then Return x
- else (i0 <- u32_sub i 1 %u32; t <- list_nth_mut_fwd T tl i0; Return t)
+ else (i0 <- u32_sub i 1%u32; t <- list_nth_mut_fwd T tl i0; Return t)
| ListNil => Fail_ Failure
end
- .
+.
(** [no_nested_borrows::list_nth_mut] *)
Fixpoint list_nth_mut_back
(T : Type) (l : List_t T) (i : u32) (ret : T) : result (List_t T) :=
match l with
| ListCons x tl =>
- if i s= 0 %u32
+ if i s= 0%u32
then Return (ListCons ret tl)
else (
- i0 <- u32_sub i 1 %u32;
+ i0 <- u32_sub i 1%u32;
tl0 <- list_nth_mut_back T tl i0 ret;
Return (ListCons x tl0))
| ListNil => Fail_ Failure
end
- .
+.
(** [no_nested_borrows::list_rev_aux] *)
Fixpoint list_rev_aux_fwd
@@ -303,48 +311,48 @@ Fixpoint list_rev_aux_fwd
| ListCons hd tl => l <- list_rev_aux_fwd T tl (ListCons hd lo); Return l
| ListNil => Return lo
end
- .
+.
(** [no_nested_borrows::list_rev] *)
Definition list_rev_fwd_back (T : Type) (l : List_t T) : result (List_t T) :=
let li := mem_replace_fwd (List_t T) l ListNil in
l0 <- list_rev_aux_fwd T li ListNil;
Return l0
- .
+.
(** [no_nested_borrows::test_list_functions] *)
Definition test_list_functions_fwd : result unit :=
let l := ListNil in
- let l0 := ListCons (2 %i32) l in
- let l1 := ListCons (1 %i32) l0 in
- i <- list_length_fwd i32 (ListCons (0 %i32) l1);
- if negb (i s= 3 %u32)
+ let l0 := ListCons (2%i32) l in
+ let l1 := ListCons (1%i32) l0 in
+ i <- list_length_fwd i32 (ListCons (0%i32) l1);
+ if negb (i s= 3%u32)
then Fail_ Failure
else (
- i0 <- list_nth_shared_fwd i32 (ListCons (0 %i32) l1) (0 %u32);
- if negb (i0 s= 0 %i32)
+ i0 <- list_nth_shared_fwd i32 (ListCons (0%i32) l1) (0%u32);
+ if negb (i0 s= 0%i32)
then Fail_ Failure
else (
- i1 <- list_nth_shared_fwd i32 (ListCons (0 %i32) l1) (1 %u32);
- if negb (i1 s= 1 %i32)
+ i1 <- list_nth_shared_fwd i32 (ListCons (0%i32) l1) (1%u32);
+ if negb (i1 s= 1%i32)
then Fail_ Failure
else (
- i2 <- list_nth_shared_fwd i32 (ListCons (0 %i32) l1) (2 %u32);
- if negb (i2 s= 2 %i32)
+ i2 <- list_nth_shared_fwd i32 (ListCons (0%i32) l1) (2%u32);
+ if negb (i2 s= 2%i32)
then Fail_ Failure
else (
- ls <- list_nth_mut_back i32 (ListCons (0 %i32) l1) (1 %u32) (3 %i32);
- i3 <- list_nth_shared_fwd i32 ls (0 %u32);
- if negb (i3 s= 0 %i32)
+ ls <- list_nth_mut_back i32 (ListCons (0%i32) l1) (1%u32) (3%i32);
+ i3 <- list_nth_shared_fwd i32 ls (0%u32);
+ if negb (i3 s= 0%i32)
then Fail_ Failure
else (
- i4 <- list_nth_shared_fwd i32 ls (1 %u32);
- if negb (i4 s= 3 %i32)
+ i4 <- list_nth_shared_fwd i32 ls (1%u32);
+ if negb (i4 s= 3%i32)
then Fail_ Failure
else (
- i5 <- list_nth_shared_fwd i32 ls (2 %u32);
- if negb (i5 s= 2 %i32) then Fail_ Failure else Return tt))))))
- .
+ i5 <- list_nth_shared_fwd i32 ls (2%u32);
+ if negb (i5 s= 2%i32) then Fail_ Failure else Return tt))))))
+.
(** Unit test for [no_nested_borrows::test_list_functions] *)
Check (test_list_functions_fwd )%return.
@@ -352,90 +360,102 @@ Check (test_list_functions_fwd )%return.
(** [no_nested_borrows::id_mut_pair1] *)
Definition id_mut_pair1_fwd
(T1 T2 : Type) (x : T1) (y : T2) : result (T1 * T2) :=
- Return (x, y) .
+ Return (x, y)
+.
(** [no_nested_borrows::id_mut_pair1] *)
Definition id_mut_pair1_back
(T1 T2 : Type) (x : T1) (y : T2) (ret : (T1 * T2)) : result (T1 * T2) :=
- let (t, t0) := ret in Return (t, t0) .
+ let (t, t0) := ret in Return (t, t0)
+.
(** [no_nested_borrows::id_mut_pair2] *)
Definition id_mut_pair2_fwd
(T1 T2 : Type) (p : (T1 * T2)) : result (T1 * T2) :=
- let (t, t0) := p in Return (t, t0) .
+ let (t, t0) := p in Return (t, t0)
+.
(** [no_nested_borrows::id_mut_pair2] *)
Definition id_mut_pair2_back
(T1 T2 : Type) (p : (T1 * T2)) (ret : (T1 * T2)) : result (T1 * T2) :=
- let (t, t0) := ret in Return (t, t0) .
+ let (t, t0) := ret in Return (t, t0)
+.
(** [no_nested_borrows::id_mut_pair3] *)
Definition id_mut_pair3_fwd
(T1 T2 : Type) (x : T1) (y : T2) : result (T1 * T2) :=
- Return (x, y) .
+ Return (x, y)
+.
(** [no_nested_borrows::id_mut_pair3] *)
Definition id_mut_pair3_back'a
(T1 T2 : Type) (x : T1) (y : T2) (ret : T1) : result T1 :=
- Return ret .
+ Return ret
+.
(** [no_nested_borrows::id_mut_pair3] *)
Definition id_mut_pair3_back'b
(T1 T2 : Type) (x : T1) (y : T2) (ret : T2) : result T2 :=
- Return ret .
+ Return ret
+.
(** [no_nested_borrows::id_mut_pair4] *)
Definition id_mut_pair4_fwd
(T1 T2 : Type) (p : (T1 * T2)) : result (T1 * T2) :=
- let (t, t0) := p in Return (t, t0) .
+ let (t, t0) := p in Return (t, t0)
+.
(** [no_nested_borrows::id_mut_pair4] *)
Definition id_mut_pair4_back'a
(T1 T2 : Type) (p : (T1 * T2)) (ret : T1) : result T1 :=
- Return ret .
+ Return ret
+.
(** [no_nested_borrows::id_mut_pair4] *)
Definition id_mut_pair4_back'b
(T1 T2 : Type) (p : (T1 * T2)) (ret : T2) : result T2 :=
- Return ret .
+ Return ret
+.
(** [no_nested_borrows::StructWithTuple] *)
Record Struct_with_tuple_t (T1 T2 : Type) :=
-mkStruct_with_tuple_t
-{
+mkStruct_with_tuple_t {
Struct_with_tuple_p : (T1 * T2);
}
.
-Arguments mkStruct_with_tuple_t {T1} {T2} _ .
-Arguments Struct_with_tuple_p {T1} {T2} .
+Arguments mkStruct_with_tuple_t {T1} {T2} _.
+Arguments Struct_with_tuple_p {T1} {T2}.
(** [no_nested_borrows::new_tuple1] *)
Definition new_tuple1_fwd : result (Struct_with_tuple_t u32 u32) :=
- Return (mkStruct_with_tuple_t (1 %u32, 2 %u32)) .
+ Return (mkStruct_with_tuple_t (1%u32, 2%u32))
+.
(** [no_nested_borrows::new_tuple2] *)
Definition new_tuple2_fwd : result (Struct_with_tuple_t i16 i16) :=
- Return (mkStruct_with_tuple_t (1 %i16, 2 %i16)) .
+ Return (mkStruct_with_tuple_t (1%i16, 2%i16))
+.
(** [no_nested_borrows::new_tuple3] *)
Definition new_tuple3_fwd : result (Struct_with_tuple_t u64 i64) :=
- Return (mkStruct_with_tuple_t (1 %u64, 2 %i64)) .
+ Return (mkStruct_with_tuple_t (1%u64, 2%i64))
+.
(** [no_nested_borrows::StructWithPair] *)
Record Struct_with_pair_t (T1 T2 : Type) :=
-mkStruct_with_pair_t
-{
+mkStruct_with_pair_t {
Struct_with_pair_p : Pair_t T1 T2;
}
.
-Arguments mkStruct_with_pair_t {T1} {T2} _ .
-Arguments Struct_with_pair_p {T1} {T2} .
+Arguments mkStruct_with_pair_t {T1} {T2} _.
+Arguments Struct_with_pair_p {T1} {T2}.
(** [no_nested_borrows::new_pair1] *)
Definition new_pair1_fwd : result (Struct_with_pair_t u32 u32) :=
- Return (mkStruct_with_pair_t (mkPair_t (1 %u32) (2 %u32))) .
+ Return (mkStruct_with_pair_t (mkPair_t (1%u32) (2%u32)))
+.
(** [no_nested_borrows::test_constants] *)
Definition test_constants_fwd : result unit :=
@@ -443,21 +463,21 @@ Definition test_constants_fwd : result unit :=
match swt with
| mkStruct_with_tuple_t p =>
let (i, _) := p in
- if negb (i s= 1 %u32)
+ if negb (i s= 1%u32)
then Fail_ Failure
else (
swt0 <- new_tuple2_fwd;
match swt0 with
| mkStruct_with_tuple_t p0 =>
let (i0, _) := p0 in
- if negb (i0 s= 1 %i16)
+ if negb (i0 s= 1%i16)
then Fail_ Failure
else (
swt1 <- new_tuple3_fwd;
match swt1 with
| mkStruct_with_tuple_t p1 =>
let (i1, _) := p1 in
- if negb (i1 s= 1 %u64)
+ if negb (i1 s= 1%u64)
then Fail_ Failure
else (
swp <- new_pair1_fwd;
@@ -465,45 +485,46 @@ Definition test_constants_fwd : result unit :=
| mkStruct_with_pair_t p2 =>
match p2 with
| mkPair_t i2 i3 =>
- if negb (i2 s= 1 %u32) then Fail_ Failure else Return tt
+ if negb (i2 s= 1%u32) then Fail_ Failure else Return tt
end
end)
end)
end)
end
- .
+.
(** Unit test for [no_nested_borrows::test_constants] *)
Check (test_constants_fwd )%return.
(** [no_nested_borrows::test_weird_borrows1] *)
-Definition test_weird_borrows1_fwd : result unit := Return tt .
+Definition test_weird_borrows1_fwd : result unit := Return tt.
(** Unit test for [no_nested_borrows::test_weird_borrows1] *)
Check (test_weird_borrows1_fwd )%return.
(** [no_nested_borrows::test_mem_replace] *)
Definition test_mem_replace_fwd_back (px : u32) : result u32 :=
- let y := mem_replace_fwd u32 px (1 %u32) in
- if negb (y s= 0 %u32) then Fail_ Failure else Return (2 %u32)
- .
+ let y := mem_replace_fwd u32 px (1%u32) in
+ if negb (y s= 0%u32) then Fail_ Failure else Return (2%u32)
+.
(** [no_nested_borrows::test_shared_borrow_bool1] *)
Definition test_shared_borrow_bool1_fwd (b : bool) : result u32 :=
- if b then Return (0 %u32) else Return (1 %u32) .
+ if b then Return (0%u32) else Return (1%u32)
+.
(** [no_nested_borrows::test_shared_borrow_bool2] *)
-Definition test_shared_borrow_bool2_fwd : result u32 := Return (0 %u32) .
+Definition test_shared_borrow_bool2_fwd : result u32 := Return (0%u32).
(** [no_nested_borrows::test_shared_borrow_enum1] *)
Definition test_shared_borrow_enum1_fwd (l : List_t u32) : result u32 :=
match l with
- | ListCons i l0 => Return (1 %u32)
- | ListNil => Return (0 %u32)
+ | ListCons i l0 => Return (1%u32)
+ | ListNil => Return (0%u32)
end
- .
+.
(** [no_nested_borrows::test_shared_borrow_enum2] *)
-Definition test_shared_borrow_enum2_fwd : result u32 := Return (0 %u32) .
+Definition test_shared_borrow_enum2_fwd : result u32 := Return (0%u32).
End NoNestedBorrows .
diff --git a/tests/coq/misc/Paper.v b/tests/coq/misc/Paper.v
index d0c99883..616eed37 100644
--- a/tests/coq/misc/Paper.v
+++ b/tests/coq/misc/Paper.v
@@ -4,43 +4,46 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Module Paper .
+Module Paper.
(** [paper::ref_incr] *)
Definition ref_incr_fwd_back (x : i32) : result i32 :=
- x0 <- i32_add x 1 %i32; Return x0 .
+ x0 <- i32_add x 1%i32; Return x0
+.
(** [paper::test_incr] *)
Definition test_incr_fwd : result unit :=
- x <- ref_incr_fwd_back (0 %i32);
- if negb (x s= 1 %i32) then Fail_ Failure else Return tt
- .
+ x <- ref_incr_fwd_back (0%i32);
+ if negb (x s= 1%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [paper::test_incr] *)
Check (test_incr_fwd )%return.
(** [paper::choose] *)
Definition choose_fwd (T : Type) (b : bool) (x : T) (y : T) : result T :=
- if b then Return x else Return y .
+ if b then Return x else Return y
+.
(** [paper::choose] *)
Definition choose_back
(T : Type) (b : bool) (x : T) (y : T) (ret : T) : result (T * T) :=
- if b then Return (ret, y) else Return (x, ret) .
+ if b then Return (ret, y) else Return (x, ret)
+.
(** [paper::test_choose] *)
Definition test_choose_fwd : result unit :=
- z <- choose_fwd i32 true (0 %i32) (0 %i32);
- z0 <- i32_add z 1 %i32;
- if negb (z0 s= 1 %i32)
+ z <- choose_fwd i32 true (0%i32) (0%i32);
+ z0 <- i32_add z 1%i32;
+ if negb (z0 s= 1%i32)
then Fail_ Failure
else (
- p <- choose_back i32 true (0 %i32) (0 %i32) z0;
+ p <- choose_back i32 true (0%i32) (0%i32) z0;
let (x, y) := p in
- if negb (x s= 1 %i32)
+ if negb (x s= 1%i32)
then Fail_ Failure
- else if negb (y s= 0 %i32) then Fail_ Failure else Return tt)
- .
+ else if negb (y s= 0%i32) then Fail_ Failure else Return tt)
+.
(** Unit test for [paper::test_choose] *)
Check (test_choose_fwd )%return.
@@ -51,54 +54,54 @@ Inductive List_t (T : Type) :=
| ListNil : List_t T
.
-Arguments ListCons {T} _ _ .
-Arguments ListNil {T} .
+Arguments ListCons {T} _ _.
+Arguments ListNil {T}.
(** [paper::list_nth_mut] *)
Fixpoint list_nth_mut_fwd (T : Type) (l : List_t T) (i : u32) : result T :=
match l with
| ListCons x tl =>
- if i s= 0 %u32
+ if i s= 0%u32
then Return x
- else (i0 <- u32_sub i 1 %u32; t <- list_nth_mut_fwd T tl i0; Return t)
+ else (i0 <- u32_sub i 1%u32; t <- list_nth_mut_fwd T tl i0; Return t)
| ListNil => Fail_ Failure
end
- .
+.
(** [paper::list_nth_mut] *)
Fixpoint list_nth_mut_back
(T : Type) (l : List_t T) (i : u32) (ret : T) : result (List_t T) :=
match l with
| ListCons x tl =>
- if i s= 0 %u32
+ if i s= 0%u32
then Return (ListCons ret tl)
else (
- i0 <- u32_sub i 1 %u32;
+ i0 <- u32_sub i 1%u32;
tl0 <- list_nth_mut_back T tl i0 ret;
Return (ListCons x tl0))
| ListNil => Fail_ Failure
end
- .
+.
(** [paper::sum] *)
Fixpoint sum_fwd (l : List_t i32) : result i32 :=
match l with
| ListCons x tl => i <- sum_fwd tl; i0 <- i32_add x i; Return i0
- | ListNil => Return (0 %i32)
+ | ListNil => Return (0%i32)
end
- .
+.
(** [paper::test_nth] *)
Definition test_nth_fwd : result unit :=
let l := ListNil in
- let l0 := ListCons (3 %i32) l in
- let l1 := ListCons (2 %i32) l0 in
- x <- list_nth_mut_fwd i32 (ListCons (1 %i32) l1) (2 %u32);
- x0 <- i32_add x 1 %i32;
- l2 <- list_nth_mut_back i32 (ListCons (1 %i32) l1) (2 %u32) x0;
+ let l0 := ListCons (3%i32) l in
+ let l1 := ListCons (2%i32) l0 in
+ x <- list_nth_mut_fwd i32 (ListCons (1%i32) l1) (2%u32);
+ x0 <- i32_add x 1%i32;
+ l2 <- list_nth_mut_back i32 (ListCons (1%i32) l1) (2%u32) x0;
i <- sum_fwd l2;
- if negb (i s= 7 %i32) then Fail_ Failure else Return tt
- .
+ if negb (i s= 7%i32) then Fail_ Failure else Return tt
+.
(** Unit test for [paper::test_nth] *)
Check (test_nth_fwd )%return.
@@ -107,10 +110,10 @@ Check (test_nth_fwd )%return.
Definition call_choose_fwd (p : (u32 * u32)) : result u32 :=
let (px, py) := p in
pz <- choose_fwd u32 true px py;
- pz0 <- u32_add pz 1 %u32;
+ pz0 <- u32_add pz 1%u32;
p0 <- choose_back u32 true px py pz0;
let (px0, _) := p0 in
Return px0
- .
+.
End Paper .
diff --git a/tests/coq/misc/PoloniusList.v b/tests/coq/misc/PoloniusList.v
index 6d6ea537..a45c77c5 100644
--- a/tests/coq/misc/PoloniusList.v
+++ b/tests/coq/misc/PoloniusList.v
@@ -4,7 +4,7 @@ Require Import Primitives.
Import Primitives.
Require Import Coq.ZArith.ZArith.
Local Open Scope Primitives_scope.
-Module PoloniusList .
+Module PoloniusList.
(** [polonius_list::List] *)
Inductive List_t (T : Type) :=
@@ -12,8 +12,8 @@ Inductive List_t (T : Type) :=
| ListNil : List_t T
.
-Arguments ListCons {T} _ _ .
-Arguments ListNil {T} .
+Arguments ListCons {T} _ _.
+Arguments ListNil {T}.
(** [polonius_list::get_list_at_x] *)
Fixpoint get_list_at_x_fwd (ls : List_t u32) (x : u32) : result (List_t u32) :=
@@ -24,7 +24,7 @@ Fixpoint get_list_at_x_fwd (ls : List_t u32) (x : u32) : result (List_t u32) :=
else (l <- get_list_at_x_fwd tl x; Return l)
| ListNil => Return ListNil
end
- .
+.
(** [polonius_list::get_list_at_x] *)
Fixpoint get_list_at_x_back
@@ -36,6 +36,6 @@ Fixpoint get_list_at_x_back
else (tl0 <- get_list_at_x_back tl x ret; Return (ListCons hd tl0))
| ListNil => Return ret
end
- .
+.
End PoloniusList .