From a68c231db4edf97c4f007724969aec7dd60941a1 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 20:48:26 +0100 Subject: Update lean to v4.6.0-rc1 and start fixing the proofs --- backends/lean/Base/Diverge/Base.lean | 37 ++++++---- backends/lean/Base/Diverge/Elab.lean | 11 ++- backends/lean/Base/Diverge/ElabBase.lean | 16 +++-- backends/lean/Base/Extensions.lean | 10 +-- backends/lean/Base/Progress/Base.lean | 14 ++-- backends/lean/Base/Utils.lean | 6 +- backends/lean/lake-manifest.json | 117 ++++++++++++++++++------------- backends/lean/lean-toolchain | 2 +- 8 files changed, 120 insertions(+), 93 deletions(-) diff --git a/backends/lean/Base/Diverge/Base.lean b/backends/lean/Base/Diverge/Base.lean index 9458c926..e40432bd 100644 --- a/backends/lean/Base/Diverge/Base.lean +++ b/backends/lean/Base/Diverge/Base.lean @@ -21,7 +21,7 @@ namespace Lemmas else f ⟨ m, by simp_all [Nat.lt_iff_le_and_ne] ⟩ ∧ for_all_fin_aux f (m + 1) (by simp_all [Arith.add_one_le_iff_le_ne]) - termination_by for_all_fin_aux n _ m h => n - m + termination_by n - m decreasing_by simp_wf apply Nat.sub_add_lt_sub <;> try simp @@ -240,8 +240,8 @@ namespace Fix simp [fix] -- By property of the least upper bound revert Hd Hl - -- TODO: there is no conversion to select the head of a function! - conv => lhs; apply congr_fun; apply congr_fun; apply congr_fun; simp [fix_fuel_P, div?] + conv => lhs; rw [fix_fuel_P] + simp [div?] cases fix_fuel (least (fix_fuel_P f x)) f x <;> simp have Hmono := fix_fuel_mono Hmono Hineq x simp [result_rel] at Hmono @@ -255,7 +255,7 @@ namespace Fix intros x n Hf have Hfmono := fix_fuel_fix_mono Hmono n x -- TODO: there is no conversion to select the head of a function! - conv => apply congr_fun; simp [fix_fuel_P] + rw [fix_fuel_P] simp [fix_fuel_P] at Hf revert Hf Hfmono simp [div?, result_rel, fix] @@ -268,9 +268,7 @@ namespace Fix fix f x = f (fix f) x := by have Hl := fix_fuel_P_least Hmono He -- TODO: better control of simplification - conv at Hl => - apply congr_fun - simp [fix_fuel_P] + rw [fix_fuel_P] at Hl; simp at Hl -- The least upper bound is > 0 have ⟨ n, Hsucc ⟩ : ∃ n, least (fix_fuel_P f x) = Nat.succ n := by revert Hl @@ -618,12 +616,16 @@ namespace FixI @[simp] theorem is_valid_p_same (k : ((i:id) → (x:a i) → Result (b i x)) → (i:id) → (x:a i) → Result (b i x)) (x : Result c) : is_valid_p k (λ _ => x) := by - simp [is_valid_p, k_to_gen, e_to_gen] + simp [is_valid_p] + unfold k_to_gen e_to_gen + simp @[simp] theorem is_valid_p_rec (k : ((i:id) → (x:a i) → Result (b i x)) → (i:id) → (x:a i) → Result (b i x)) (i : id) (x : a i) : is_valid_p k (λ k => k i x) := by - simp [is_valid_p, k_to_gen, e_to_gen, kk_to_gen, kk_of_gen] + simp [is_valid_p] + unfold k_to_gen e_to_gen kk_to_gen kk_of_gen + simp theorem is_valid_p_ite (k : ((i:id) → (x:a i) → Result (b i x)) → (i:id) → (x:a i) → Result (b i x)) @@ -826,12 +828,16 @@ namespace FixII @[simp] theorem is_valid_p_same (k : ((i:id) → (t:ty i) → a i t → Result (b i t)) → (i:id) → (t:ty i) → a i t → Result (b i t)) (x : Result c) : is_valid_p k (λ _ => x) := by - simp [is_valid_p, k_to_gen, e_to_gen] + simp [is_valid_p] + unfold k_to_gen e_to_gen + simp @[simp] theorem is_valid_p_rec (k : ((i:id) → (t:ty i) → a i t → Result (b i t)) → (i:id) → (t:ty i) → a i t → Result (b i t)) (i : id) (t : ty i) (x : a i t) : is_valid_p k (λ k => k i t x) := by - simp [is_valid_p, k_to_gen, e_to_gen, kk_to_gen, kk_of_gen] + simp [is_valid_p] + unfold k_to_gen e_to_gen kk_to_gen kk_of_gen + simp theorem is_valid_p_ite (k : ((i:id) → (t:ty i) → a i t → Result (b i t)) → (i:id) → (t:ty i) → a i t → Result (b i t)) @@ -1531,10 +1537,11 @@ namespace Ex9 intro k a x simp only [id_body] split <;> try simp - apply is_valid_p_bind <;> try simp [*] - -- We have to show that `map k tl` is valid - -- Remark: `map_is_valid` doesn't work here, we need the specialized version - apply map_is_valid_simple + . apply is_valid_p_same + . apply is_valid_p_bind <;> try simp [*] + -- We have to show that `map k tl` is valid + -- Remark: `map_is_valid` doesn't work here, we need the specialized version + apply map_is_valid_simple def body (k : (i : Fin 1) → (t : ty i) → (x : input_ty i t) → Result (output_ty i t)) (i: Fin 1) : (t : ty i) → (x : input_ty i t) → Result (output_ty i t) := get_fun bodies i k diff --git a/backends/lean/Base/Diverge/Elab.lean b/backends/lean/Base/Diverge/Elab.lean index 6115b13b..3c2ea877 100644 --- a/backends/lean/Base/Diverge/Elab.lean +++ b/backends/lean/Base/Diverge/Elab.lean @@ -383,10 +383,7 @@ def mkFin (n : Nat) : Expr := def mkFinVal (n i : Nat) : MetaM Expr := do let n_lit : Expr := .lit (.natVal (n - 1)) let i_lit : Expr := .lit (.natVal i) - -- We could use `trySynthInstance`, but as we know the instance that we are - -- going to use, we can save the lookup - let ofNat ← mkAppOptM ``Fin.instOfNatFinHAddNatInstHAddInstAddNatOfNat #[n_lit, i_lit] - mkAppOptM ``OfNat.ofNat #[none, none, ofNat] + mkAppOptM ``Fin.ofNat #[.some n_lit, .some i_lit] /- Information about the type of a function in a declaration group. @@ -654,8 +651,8 @@ partial def proveExprIsValid (k_var kk_var : Expr) (e : Expr) : MetaM Expr := do -- Normalize to eliminate the lambdas - TODO: this is slightly dangerous. let e ← do if e.isLet ∧ normalize_let_bindings then do - let updt_config config := - { config with transparency := .reducible, zetaNonDep := false } + let updt_config (config : Lean.Meta.Config) := + { config with transparency := .reducible } let e ← withConfig updt_config (whnf e) trace[Diverge.def.valid] "e (after normalization): {e}" pure e @@ -929,7 +926,7 @@ partial def proveAppIsValidApplyThms (k_var kk_var : Expr) (e : Expr) -- We sometimes need to reduce the term - TODO: this is really dangerous let e ← do let updt_config config := - { config with transparency := .reducible, zetaNonDep := false } + { config with transparency := .reducible } withConfig updt_config (whnf e) trace[Diverge.def.valid] "e (after normalization): {e}" let e_valid ← proveExprIsValid k_var kk_var e diff --git a/backends/lean/Base/Diverge/ElabBase.lean b/backends/lean/Base/Diverge/ElabBase.lean index 0d33e9d2..08ef96f7 100644 --- a/backends/lean/Base/Diverge/ElabBase.lean +++ b/backends/lean/Base/Diverge/ElabBase.lean @@ -27,12 +27,12 @@ initialize registerTraceClass `Diverge.attr -- divspec attribute structure DivSpecAttr where attr : AttributeImpl - ext : DiscrTreeExtension Name true + ext : DiscrTreeExtension Name deriving Inhabited /- The persistent map from expressions to divspec theorems. -/ initialize divspecAttr : DivSpecAttr ← do - let ext ← mkDiscrTreeExtention `divspecMap true + let ext ← mkDiscrTreeExtention `divspecMap let attrImpl : AttributeImpl := { name := `divspec descr := "Marks theorems to use with the `divergent` encoding" @@ -44,7 +44,7 @@ initialize divspecAttr : DivSpecAttr ← do -- Lookup the theorem let env ← getEnv let thDecl := env.constants.find! thName - let fKey : Array (DiscrTree.Key true) ← MetaM.run' (do + let fKey : Array (DiscrTree.Key) ← MetaM.run' (do /- The theorem should have the shape: `∀ ..., is_valid_p k (λ k => ...)` @@ -59,7 +59,9 @@ initialize divspecAttr : DivSpecAttr ← do let (_, _, fExpr) ← lambdaMetaTelescope fExpr.consumeMData trace[Diverge] "Registering divspec theorem for {fExpr}" -- Convert the function expression to a discrimination tree key - DiscrTree.mkPath fExpr) + -- We use the default configuration + let config : WhnfCoreConfig := {} + DiscrTree.mkPath fExpr config) let env := ext.addEntry env (fKey, thName) setEnv env trace[Diverge] "Saved the environment" @@ -69,9 +71,11 @@ initialize divspecAttr : DivSpecAttr ← do pure { attr := attrImpl, ext := ext } def DivSpecAttr.find? (s : DivSpecAttr) (e : Expr) : MetaM (Array Name) := do - (s.ext.getState (← getEnv)).getMatch e + -- We use the default configuration + let config : WhnfCoreConfig := {} + (s.ext.getState (← getEnv)).getMatch e config -def DivSpecAttr.getState (s : DivSpecAttr) : MetaM (DiscrTree Name true) := do +def DivSpecAttr.getState (s : DivSpecAttr) : MetaM (DiscrTree Name) := do pure (s.ext.getState (← getEnv)) def showStoredDivSpec : MetaM Unit := do diff --git a/backends/lean/Base/Extensions.lean b/backends/lean/Base/Extensions.lean index b34f41dc..c0e80861 100644 --- a/backends/lean/Base/Extensions.lean +++ b/backends/lean/Base/Extensions.lean @@ -31,13 +31,13 @@ def mkMapDeclarationExtension [Inhabited α] (name : Name := by exact decl_name% store the keys from *after* the transformation (i.e., the `DiscrTreeKey` below). The transformation itself can be done elsewhere. -/ -abbrev DiscrTreeKey (simpleReduce : Bool) := Array (DiscrTree.Key simpleReduce) +abbrev DiscrTreeKey := Array DiscrTree.Key -abbrev DiscrTreeExtension (α : Type) (simpleReduce : Bool) := - SimplePersistentEnvExtension (DiscrTreeKey simpleReduce × α) (DiscrTree α simpleReduce) +abbrev DiscrTreeExtension (α : Type) := + SimplePersistentEnvExtension (DiscrTreeKey × α) (DiscrTree α) -def mkDiscrTreeExtention [Inhabited α] [BEq α] (name : Name := by exact decl_name%) (simpleReduce : Bool) : - IO (DiscrTreeExtension α simpleReduce) := +def mkDiscrTreeExtention [Inhabited α] [BEq α] (name : Name := by exact decl_name%) : + IO (DiscrTreeExtension α) := registerSimplePersistentEnvExtension { name := name, addImportedFn := fun a => a.foldl (fun s a => a.foldl (fun s (k, v) => s.insertCore k v) s) DiscrTree.empty, diff --git a/backends/lean/Base/Progress/Base.lean b/backends/lean/Base/Progress/Base.lean index a64212a5..03c80a42 100644 --- a/backends/lean/Base/Progress/Base.lean +++ b/backends/lean/Base/Progress/Base.lean @@ -139,12 +139,12 @@ def getPSpecFunArgsExpr (isGoal : Bool) (th : Expr) : MetaM Expr := -- pspec attribute structure PSpecAttr where attr : AttributeImpl - ext : DiscrTreeExtension Name true + ext : DiscrTreeExtension Name deriving Inhabited /- The persistent map from expressions to pspec theorems. -/ initialize pspecAttr : PSpecAttr ← do - let ext ← mkDiscrTreeExtention `pspecMap true + let ext ← mkDiscrTreeExtention `pspecMap let attrImpl : AttributeImpl := { name := `pspec descr := "Marks theorems to use with the `progress` tactic" @@ -160,7 +160,9 @@ initialize pspecAttr : PSpecAttr ← do let fExpr ← getPSpecFunArgsExpr false thDecl.type trace[Progress] "Registering spec theorem for {fExpr}" -- Convert the function expression to a discrimination tree key - DiscrTree.mkPath fExpr) + -- We use the default configuration + let config : WhnfCoreConfig := {} + DiscrTree.mkPath fExpr config) let env := ext.addEntry env (fKey, thName) setEnv env trace[Progress] "Saved the environment" @@ -170,9 +172,11 @@ initialize pspecAttr : PSpecAttr ← do pure { attr := attrImpl, ext := ext } def PSpecAttr.find? (s : PSpecAttr) (e : Expr) : MetaM (Array Name) := do - (s.ext.getState (← getEnv)).getMatch e + -- We use the default configuration + let config : WhnfCoreConfig := {} + (s.ext.getState (← getEnv)).getMatch e config -def PSpecAttr.getState (s : PSpecAttr) : MetaM (DiscrTree Name true) := do +def PSpecAttr.getState (s : PSpecAttr) : MetaM (DiscrTree Name) := do pure (s.ext.getState (← getEnv)) def showStoredPSpec : MetaM Unit := do diff --git a/backends/lean/Base/Utils.lean b/backends/lean/Base/Utils.lean index b0032281..eacfe72b 100644 --- a/backends/lean/Base/Utils.lean +++ b/backends/lean/Base/Utils.lean @@ -1,6 +1,5 @@ import Lean import Mathlib.Tactic.Core -import Mathlib.Tactic.LeftRight import Base.UtilsBase /- @@ -503,9 +502,8 @@ elab "split_disj " n:ident : tactic => do example (x y : Int) (h0 : x ≤ y ∨ x ≥ y) : x ≤ y ∨ x ≥ y := by split_disj h0 - . left; assumption - . right; assumption - + . apply Or.inl; assumption + . apply Or.inr; assumption -- Tactic to split on an exists. -- `h` must be an FVar diff --git a/backends/lean/lake-manifest.json b/backends/lean/lake-manifest.json index 934ee2d9..3a18466f 100644 --- a/backends/lean/lake-manifest.json +++ b/backends/lean/lake-manifest.json @@ -1,51 +1,68 @@ -{"version": 5, - "packagesDir": "lake-packages", +{"version": 7, + "packagesDir": ".lake/packages", "packages": - [{"git": - {"url": "https://github.com/EdAyers/ProofWidgets4", - "subDir?": null, - "rev": "a0c2cd0ac3245a0dade4f925bcfa97e06dd84229", - "opts": {}, - "name": "proofwidgets", - "inputRev?": "v0.0.13", - "inherited": true}}, - {"git": - {"url": "https://github.com/mhuisi/lean4-cli.git", - "subDir?": null, - "rev": "21dac2e9cc7e3cf7da5800814787b833e680b2fd", - "opts": {}, - "name": "Cli", - "inputRev?": "nightly", - "inherited": true}}, - {"git": - {"url": "https://github.com/leanprover-community/mathlib4.git", - "subDir?": null, - "rev": "226948a52f8e19ad95ff6025a96784d7e7ed6ed0", - "opts": {}, - "name": "mathlib", - "inputRev?": null, - "inherited": false}}, - {"git": - {"url": "https://github.com/gebner/quote4", - "subDir?": null, - "rev": "e75daed95ad1c92af4e577fea95e234d7a8401c1", - "opts": {}, - "name": "Qq", - "inputRev?": "master", - "inherited": true}}, - {"git": - {"url": "https://github.com/JLimperg/aesop", - "subDir?": null, - "rev": "1a0cded2be292b5496e659b730d2accc742de098", - "opts": {}, - "name": "aesop", - "inputRev?": "master", - "inherited": true}}, - {"git": - {"url": "https://github.com/leanprover/std4", - "subDir?": null, - "rev": "ba5e5e3af519b4fc5221ad0fa4b2c87276f1d323", - "opts": {}, - "name": "std", - "inputRev?": "main", - "inherited": true}}]} + [{"url": "https://github.com/leanprover/std4", + "type": "git", + "subDir": null, + "rev": "276953b13323ca151939eafaaec9129bf7970306", + "name": "std", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/quote4", + "type": "git", + "subDir": null, + "rev": "1c88406514a636d241903e2e288d21dc6d861e01", + "name": "Qq", + "manifestFile": "lake-manifest.json", + "inputRev": "master", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/aesop", + "type": "git", + "subDir": null, + "rev": "6beed82dcfbb7731d173cd517675df27d62ad0f4", + "name": "aesop", + "manifestFile": "lake-manifest.json", + "inputRev": "master", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/ProofWidgets4", + "type": "git", + "subDir": null, + "rev": "af1e86cf7a37389632a02f4a111e6b501b2b818f", + "name": "proofwidgets", + "manifestFile": "lake-manifest.json", + "inputRev": "v0.0.27", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover/lean4-cli", + "type": "git", + "subDir": null, + "rev": "a751d21d4b68c999accb6fc5d960538af26ad5ec", + "name": "Cli", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/import-graph.git", + "type": "git", + "subDir": null, + "rev": "8079d2d1d0e073bde42eab159c24f4c2d0d3a871", + "name": "importGraph", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/mathlib4.git", + "type": "git", + "subDir": null, + "rev": "056cc4b21e25e8d1daaeef3a6e3416872c9fc12c", + "name": "mathlib", + "manifestFile": "lake-manifest.json", + "inputRev": null, + "inherited": false, + "configFile": "lakefile.lean"}], + "name": "base", + "lakeDir": ".lake"} diff --git a/backends/lean/lean-toolchain b/backends/lean/lean-toolchain index fbca4d37..cfcdd327 100644 --- a/backends/lean/lean-toolchain +++ b/backends/lean/lean-toolchain @@ -1 +1 @@ -leanprover/lean4:v4.0.0 \ No newline at end of file +leanprover/lean4:v4.6.0-rc1 -- cgit v1.2.3 From dd262ccc9ea7a8528959659881060ddbb3bffcd5 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 22:29:54 +0100 Subject: Fix more proofs --- backends/lean/Base/Primitives/Scalar.lean | 111 +++++++++++++++--------------- 1 file changed, 55 insertions(+), 56 deletions(-) diff --git a/backends/lean/Base/Primitives/Scalar.lean b/backends/lean/Base/Primitives/Scalar.lean index fe8dc8ec..b11bd2a1 100644 --- a/backends/lean/Base/Primitives/Scalar.lean +++ b/backends/lean/Base/Primitives/Scalar.lean @@ -98,19 +98,19 @@ def Isize.refined_min : { n:Int // n = I32.min ∨ n = I64.min } := ⟨ Isize.smin, by simp [Isize.smin] cases System.Platform.numBits_eq <;> - unfold System.Platform.numBits at * <;> simp [*] ⟩ + unfold System.Platform.numBits at * <;> simp [*] <;> decide ⟩ def Isize.refined_max : { n:Int // n = I32.max ∨ n = I64.max } := ⟨ Isize.smax, by simp [Isize.smax] cases System.Platform.numBits_eq <;> - unfold System.Platform.numBits at * <;> simp [*] ⟩ + unfold System.Platform.numBits at * <;> simp [*] <;> decide ⟩ def Usize.refined_max : { n:Int // n = U32.max ∨ n = U64.max } := ⟨ Usize.smax, by simp [Usize.smax] cases System.Platform.numBits_eq <;> - unfold System.Platform.numBits at * <;> simp [*] ⟩ + unfold System.Platform.numBits at * <;> simp [*] <;> decide ⟩ def Isize.min := Isize.refined_min.val def Isize.max := Isize.refined_max.val @@ -231,30 +231,31 @@ def Scalar.cMax (ty : ScalarTy) : Int := | _ => Scalar.max ty theorem Scalar.min_lt_max (ty : ScalarTy) : Scalar.min ty < Scalar.max ty := by - cases ty <;> simp [Scalar.min, Scalar.max] + cases ty <;> simp [Scalar.min, Scalar.max] <;> try decide . simp [Isize.min, Isize.max] have h1 := Isize.refined_min.property have h2 := Isize.refined_max.property - cases h1 <;> cases h2 <;> simp [*] + cases h1 <;> cases h2 <;> simp [*] <;> decide . simp [Usize.max] have h := Usize.refined_max.property - cases h <;> simp [*] + cases h <;> simp [*] <;> decide theorem Scalar.min_le_max (ty : ScalarTy) : Scalar.min ty ≤ Scalar.max ty := by have := Scalar.min_lt_max ty int_tac theorem Scalar.cMin_bound ty : Scalar.min ty ≤ Scalar.cMin ty := by - cases ty <;> simp [Scalar.min, Scalar.max, Scalar.cMin, Scalar.cMax] at * + cases ty <;> (simp [Scalar.min, Scalar.max, Scalar.cMin, Scalar.cMax] at *; try decide) have h := Isize.refined_min.property cases h <;> simp [*, Isize.min] + decide theorem Scalar.cMax_bound ty : Scalar.cMax ty ≤ Scalar.max ty := by - cases ty <;> simp [Scalar.min, Scalar.max, Scalar.cMin, Scalar.cMax] at * + cases ty <;> (simp [Scalar.min, Scalar.max, Scalar.cMin, Scalar.cMax] at *; try decide) . have h := Isize.refined_max.property - cases h <;> simp [*, Isize.max] + cases h <;> simp [*, Isize.max]; decide . have h := Usize.refined_max.property - cases h <;> simp [*, Usize.max] + cases h <;> simp [*, Usize.max]; decide theorem Scalar.cMin_suffices ty (h : Scalar.cMin ty ≤ x) : Scalar.min ty ≤ x := by have := Scalar.cMin_bound ty @@ -536,12 +537,11 @@ instance {ty} : HAnd (Scalar ty) (Scalar ty) (Scalar ty) where theorem Scalar.add_spec {ty} {x y : Scalar ty} (hmin : Scalar.min ty ≤ x.val + y.val) (hmax : x.val + y.val ≤ Scalar.max ty) : - ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - simp [HAdd.hAdd, add, Add.add] - simp [tryMk] + (∃ z, x + y = ret z ∧ z.val = x.val + y.val) := by + -- Applying the unfoldings only on the left + conv => congr; ext; lhs; unfold HAdd.hAdd instHAddScalarResult; simp [add, tryMk] split - . simp [pure] - rfl + . simp [pure]; rfl . tauto theorem Scalar.add_unsigned_spec {ty} (s: ¬ ty.isSigned) {x y : Scalar ty} @@ -550,33 +550,33 @@ theorem Scalar.add_unsigned_spec {ty} (s: ¬ ty.isSigned) {x y : Scalar ty} have hmin : Scalar.min ty ≤ x.val + y.val := by have hx := x.hmin have hy := y.hmin - cases ty <;> simp [min] at * <;> linarith + cases ty <;> simp [min, ScalarTy.isSigned] at * <;> linarith apply add_spec <;> assumption /- Fine-grained theorems -/ @[pspec] theorem Usize.add_spec {x y : Usize} (hmax : x.val + y.val ≤ Usize.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem U8.add_spec {x y : U8} (hmax : x.val + y.val ≤ U8.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem U16.add_spec {x y : U16} (hmax : x.val + y.val ≤ U16.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem U32.add_spec {x y : U32} (hmax : x.val + y.val ≤ U32.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem U64.add_spec {x y : U64} (hmax : x.val + y.val ≤ U64.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem U128.add_spec {x y : U128} (hmax : x.val + y.val ≤ U128.max) : ∃ z, x + y = ret z ∧ z.val = x.val + y.val := by - apply Scalar.add_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.add_unsigned_spec <;> simp [ScalarTy.isSigned, Scalar.max, *] @[pspec] theorem Isize.add_spec {x y : Isize} (hmin : Isize.min ≤ x.val + y.val) (hmax : x.val + y.val ≤ Isize.max) : @@ -614,48 +614,47 @@ theorem Scalar.sub_spec {ty} {x y : Scalar ty} (hmin : Scalar.min ty ≤ x.val - y.val) (hmax : x.val - y.val ≤ Scalar.max ty) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - simp [HSub.hSub, sub, Sub.sub] - simp [tryMk] + conv => congr; ext; lhs; simp [HSub.hSub, sub, tryMk, Sub.sub] split . simp [pure] rfl . tauto -theorem Scalar.sub_unsigned_spec {ty} (s: ¬ ty.isSigned) {x y : Scalar ty} - (hmin : Scalar.min ty ≤ x.val - y.val) : +theorem Scalar.sub_unsigned_spec {ty : ScalarTy} (s : ¬ ty.isSigned) + {x y : Scalar ty} (hmin : Scalar.min ty ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by have : x.val - y.val ≤ Scalar.max ty := by have hx := x.hmin have hxm := x.hmax have hy := y.hmin - cases ty <;> simp [min, max] at * <;> linarith + cases ty <;> simp [min, max, ScalarTy.isSigned] at * <;> linarith intros apply sub_spec <;> assumption /- Fine-grained theorems -/ @[pspec] theorem Usize.sub_spec {x y : Usize} (hmin : Usize.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem U8.sub_spec {x y : U8} (hmin : U8.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem U16.sub_spec {x y : U16} (hmin : U16.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem U32.sub_spec {x y : U32} (hmin : U32.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem U64.sub_spec {x y : U64} (hmin : U64.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem U128.sub_spec {x y : U128} (hmin : U128.min ≤ x.val - y.val) : ∃ z, x - y = ret z ∧ z.val = x.val - y.val := by - apply Scalar.sub_unsigned_spec <;> simp only [Scalar.min, *] + apply Scalar.sub_unsigned_spec <;> simp_all [Scalar.min, ScalarTy.isSigned] @[pspec] theorem Isize.sub_spec {x y : Isize} (hmin : Isize.min ≤ x.val - y.val) (hmax : x.val - y.val ≤ Isize.max) : @@ -692,8 +691,8 @@ theorem Scalar.mul_spec {ty} {x y : Scalar ty} (hmin : Scalar.min ty ≤ x.val * y.val) (hmax : x.val * y.val ≤ Scalar.max ty) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - simp [HMul.hMul, mul, Mul.mul] - simp [tryMk] + conv => congr; ext; lhs; simp [HMul.hMul] + simp [mul, tryMk] split . simp [pure] rfl @@ -705,33 +704,33 @@ theorem Scalar.mul_unsigned_spec {ty} (s: ¬ ty.isSigned) {x y : Scalar ty} have : Scalar.min ty ≤ x.val * y.val := by have hx := x.hmin have hy := y.hmin - cases ty <;> simp at * <;> apply mul_nonneg hx hy + cases ty <;> simp [ScalarTy.isSigned] at * <;> apply mul_nonneg hx hy apply mul_spec <;> assumption /- Fine-grained theorems -/ @[pspec] theorem Usize.mul_spec {x y : Usize} (hmax : x.val * y.val ≤ Usize.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem U8.mul_spec {x y : U8} (hmax : x.val * y.val ≤ U8.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem U16.mul_spec {x y : U16} (hmax : x.val * y.val ≤ U16.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem U32.mul_spec {x y : U32} (hmax : x.val * y.val ≤ U32.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem U64.mul_spec {x y : U64} (hmax : x.val * y.val ≤ U64.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem U128.mul_spec {x y : U128} (hmax : x.val * y.val ≤ U128.max) : ∃ z, x * y = ret z ∧ z.val = x.val * y.val := by - apply Scalar.mul_unsigned_spec <;> simp only [Scalar.max, *] + apply Scalar.mul_unsigned_spec <;> simp_all [Scalar.max, ScalarTy.isSigned] @[pspec] theorem Isize.mul_spec {x y : Isize} (hmin : Isize.min ≤ x.val * y.val) (hmax : x.val * y.val ≤ Isize.max) : @@ -778,7 +777,7 @@ theorem Scalar.div_spec {ty} {x y : Scalar ty} theorem Scalar.div_unsigned_spec {ty} (s: ¬ ty.isSigned) (x : Scalar ty) {y : Scalar ty} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - have h : Scalar.min ty = 0 := by cases ty <;> simp at * + have h : Scalar.min ty = 0 := by cases ty <;> simp [ScalarTy.isSigned, min] at * have hx := x.hmin have hy := y.hmin simp [h] at hx hy @@ -794,27 +793,27 @@ theorem Scalar.div_unsigned_spec {ty} (s: ¬ ty.isSigned) (x : Scalar ty) {y : S /- Fine-grained theorems -/ @[pspec] theorem Usize.div_spec (x : Usize) {y : Usize} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [*] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U8.div_spec (x : U8) {y : U8} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U16.div_spec (x : U16) {y : U16} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U32.div_spec (x : U32) {y : U32} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U64.div_spec (x : U64) {y : U64} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U128.div_spec (x : U128) {y : U128} (hnz : y.val ≠ 0) : ∃ z, x / y = ret z ∧ z.val = x.val / y.val := by - apply Scalar.div_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.div_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem Isize.div_spec (x : Isize) {y : Isize} (hnz : y.val ≠ 0) @@ -873,7 +872,7 @@ theorem Scalar.rem_spec {ty} {x y : Scalar ty} theorem Scalar.rem_unsigned_spec {ty} (s: ¬ ty.isSigned) (x : Scalar ty) {y : Scalar ty} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - have h : Scalar.min ty = 0 := by cases ty <;> simp at * + have h : Scalar.min ty = 0 := by cases ty <;> simp [ScalarTy.isSigned, min] at * have hx := x.hmin have hy := y.hmin simp [h] at hx hy @@ -889,27 +888,27 @@ theorem Scalar.rem_unsigned_spec {ty} (s: ¬ ty.isSigned) (x : Scalar ty) {y : S @[pspec] theorem Usize.rem_spec (x : Usize) {y : Usize} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [*] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U8.rem_spec (x : U8) {y : U8} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U16.rem_spec (x : U16) {y : U16} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U32.rem_spec (x : U32) {y : U32} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U64.rem_spec (x : U64) {y : U64} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem U128.rem_spec (x : U128) {y : U128} (hnz : y.val ≠ 0) : ∃ z, x % y = ret z ∧ z.val = x.val % y.val := by - apply Scalar.rem_unsigned_spec <;> simp [Scalar.max, *] + apply Scalar.rem_unsigned_spec <;> simp [ScalarTy.isSigned, *] @[pspec] theorem I8.rem_spec (x : I8) {y : I8} (hnz : y.val ≠ 0) -- cgit v1.2.3 From 1259db13a154b0d5f101d2f874ae017b81ed4e72 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 22:54:52 +0100 Subject: Fix more proofs --- backends/lean/Base/IList/IList.lean | 25 ++++++++++++++----------- backends/lean/Base/Primitives/ArraySlice.lean | 2 +- backends/lean/Base/Primitives/Vec.lean | 2 +- 3 files changed, 16 insertions(+), 13 deletions(-) diff --git a/backends/lean/Base/IList/IList.lean b/backends/lean/Base/IList/IList.lean index e90d1e0d..51457c20 100644 --- a/backends/lean/Base/IList/IList.lean +++ b/backends/lean/Base/IList/IList.lean @@ -66,13 +66,15 @@ theorem indexOpt_eq_index [Inhabited α] (ls : List α) (i : Int) : i < ls.len → ls.indexOpt i = some (ls.index i) := match ls with - | [] => by simp; intros; linarith + | [] => by simp | hd :: tl => if h: i = 0 then by simp [*] - else + else by have hi := indexOpt_eq_index tl (i - 1) - by simp [*]; intros; apply hi <;> int_tac + simp [*]; intros + -- TODO: there seems to be syntax errors if we don't put the parentheses below?? + apply hi <;> (int_tac) -- Remark: the list is unchanged if the index is not in bounds (in particular -- if it is < 0) @@ -83,7 +85,7 @@ def update (ls : List α) (i : Int) (y : α) : List α := -- Remark: the whole list is dropped if the index is not in bounds (in particular -- if it is < 0) -def idrop (i : Int) (ls : List α) : List α := +def idrop {α : Type u} (i : Int) (ls : List α) : List α := match ls with | [] => [] | x :: tl => if i = 0 then x :: tl else idrop (i - 1) tl @@ -117,7 +119,7 @@ variable {α : Type u} def ireplicate {α : Type u} (i : ℤ) (x : α) : List α := if i ≤ 0 then [] else x :: ireplicate (i - 1) x -termination_by ireplicate i x => i.toNat +termination_by i.toNat decreasing_by int_decr_tac @[simp] theorem update_nil : update ([] : List α) i y = [] := by simp [update] @@ -137,7 +139,7 @@ decreasing_by int_decr_tac @[simp] theorem ireplicate_zero : ireplicate 0 x = [] := by rw [ireplicate]; simp @[simp] theorem ireplicate_nzero_cons (hne : 0 < i) : ireplicate i x = x :: ireplicate (i - 1) x := by - rw [ireplicate]; simp [*]; intro; linarith + rw [ireplicate]; simp [*] @[simp] theorem slice_nzero_cons (i j : Int) (x : α) (tl : List α) (hne : i ≠ 0) : slice i j ((x :: tl) : List α) = slice (i - 1) (j - 1) tl := @@ -148,11 +150,12 @@ theorem slice_nzero_cons (i j : Int) (x : α) (tl : List α) (hne : i ≠ 0) : s have : i = 1 := by int_tac simp [*, slice] else - have := slice_nzero_cons (i - 1) (j - 1) hd tl h + have hi := slice_nzero_cons (i - 1) (j - 1) hd tl h by conv => lhs; simp [slice, *] - conv at this => lhs; simp [slice, *] - simp [*, slice] + conv at hi => lhs; simp [slice, *] + simp [slice] + simp [*] @[simp] theorem ireplicate_replicate {α : Type u} (l : ℤ) (x : α) (h : 0 ≤ l) : @@ -166,7 +169,7 @@ theorem ireplicate_replicate {α : Type u} (l : ℤ) (x : α) (h : 0 ≤ l) : have hl : l.toNat = .succ (l.toNat - 1) := by cases hl: l.toNat <;> simp_all conv => rhs; rw[hl] -termination_by ireplicate_replicate l x h => l.toNat +termination_by l.toNat decreasing_by int_decr_tac @[simp] @@ -178,7 +181,7 @@ theorem ireplicate_len {α : Type u} (l : ℤ) (x : α) (h : 0 ≤ l) : have : 0 < l := by int_tac have hr := ireplicate_len (l - 1) x (by int_tac) simp [*] -termination_by ireplicate_len l x h => l.toNat +termination_by l.toNat decreasing_by int_decr_tac theorem len_eq_length (ls : List α) : ls.len = ls.length := by diff --git a/backends/lean/Base/Primitives/ArraySlice.lean b/backends/lean/Base/Primitives/ArraySlice.lean index 5057fb01..c90a85b8 100644 --- a/backends/lean/Base/Primitives/ArraySlice.lean +++ b/backends/lean/Base/Primitives/ArraySlice.lean @@ -127,7 +127,7 @@ abbrev Slice.v {α : Type u} (v : Slice α) : List α := v.val example {a: Type u} (v : Slice a) : v.length ≤ Scalar.max ScalarTy.Usize := by scalar_tac -def Slice.new (α : Type u): Slice α := ⟨ [], by apply Scalar.cMax_suffices .Usize; simp ⟩ +def Slice.new (α : Type u): Slice α := ⟨ [], by apply Scalar.cMax_suffices .Usize; simp; decide ⟩ -- TODO: very annoying that the α is an explicit parameter def Slice.len (α : Type u) (v : Slice α) : Usize := diff --git a/backends/lean/Base/Primitives/Vec.lean b/backends/lean/Base/Primitives/Vec.lean index 12733a34..b03de15b 100644 --- a/backends/lean/Base/Primitives/Vec.lean +++ b/backends/lean/Base/Primitives/Vec.lean @@ -35,7 +35,7 @@ abbrev Vec.v {α : Type u} (v : Vec α) : List α := v.val example {a: Type u} (v : Vec a) : v.length ≤ Scalar.max ScalarTy.Usize := by scalar_tac -def Vec.new (α : Type u): Vec α := ⟨ [], by apply Scalar.cMax_suffices .Usize; simp ⟩ +def Vec.new (α : Type u): Vec α := ⟨ [], by apply Scalar.cMax_suffices .Usize; simp; decide ⟩ instance (α : Type u) : Inhabited (Vec α) := by constructor -- cgit v1.2.3 From 63ee3b1bc65b67aeed843f052d7f67c9f3c0ab89 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 23:16:57 +0100 Subject: Start fixing the tests --- README.md | 4 +- compiler/Extract.ml | 2 +- tests/lean/Array.lean | 2 +- tests/lean/Constants.lean | 36 +++++------ tests/lean/NoNestedBorrows.lean | 4 +- tests/lean/Traits.lean | 4 +- tests/lean/Tutorial.lean | 2 +- tests/lean/lake-manifest.json | 128 +++++++++++++++++++++++----------------- tests/lean/lean-toolchain | 2 +- 9 files changed, 101 insertions(+), 83 deletions(-) diff --git a/README.md b/README.md index 0530a0da..82ff3944 100644 --- a/README.md +++ b/README.md @@ -83,9 +83,9 @@ to display a detailed documentation. Files generated by the Lean backend import the `Base` package from Aeneas. To use those files in Lean, create a new Lean package using `lake new`, overwrite the `lean-toolchain` with the one inside `./backends/lean`, -and add `Base` as a dependency in the `lakefile.lean`: +and add `base` as a dependency in the `lakefile.lean`: ``` -require Base from "PATH_TO_AENEAS_REPO/backends/lean" +require base from "PATH_TO_AENEAS_REPO/backends/lean" ``` ## Targeted Subset And Current Limitations diff --git a/compiler/Extract.ml b/compiler/Extract.ml index 87dcb1fd..6c523549 100644 --- a/compiler/Extract.ml +++ b/compiler/Extract.ml @@ -1864,7 +1864,7 @@ let extract_global_decl (ctx : extraction_ctx) (fmt : F.formatter) let body = match !backend with | FStar -> "eval_global " ^ body_name - | Lean -> "eval_global " ^ body_name ^ " (by simp)" + | Lean -> "eval_global " ^ body_name ^ " (by decide)" | Coq -> body_name ^ "%global" | HOL4 -> "get_return_value " ^ body_name in diff --git a/tests/lean/Array.lean b/tests/lean/Array.lean index 7785a208..b49e30fb 100644 --- a/tests/lean/Array.lean +++ b/tests/lean/Array.lean @@ -452,7 +452,7 @@ def f3 : Result U32 := /- [array::SZ] Source: 'src/array.rs', lines 286:0-286:19 -/ def sz_body : Result Usize := Result.ret 32#usize -def sz_c : Usize := eval_global sz_body (by simp) +def sz_c : Usize := eval_global sz_body (by decide) /- [array::f5]: Source: 'src/array.rs', lines 289:0-289:31 -/ diff --git a/tests/lean/Constants.lean b/tests/lean/Constants.lean index 2912805f..4c626ab3 100644 --- a/tests/lean/Constants.lean +++ b/tests/lean/Constants.lean @@ -8,17 +8,17 @@ namespace constants /- [constants::X0] Source: 'src/constants.rs', lines 5:0-5:17 -/ def x0_body : Result U32 := Result.ret 0#u32 -def x0_c : U32 := eval_global x0_body (by simp) +def x0_c : U32 := eval_global x0_body (by decide) /- [constants::X1] Source: 'src/constants.rs', lines 7:0-7:17 -/ def x1_body : Result U32 := Result.ret core_u32_max -def x1_c : U32 := eval_global x1_body (by simp) +def x1_c : U32 := eval_global x1_body (by decide) /- [constants::X2] Source: 'src/constants.rs', lines 10:0-10:17 -/ def x2_body : Result U32 := Result.ret 3#u32 -def x2_c : U32 := eval_global x2_body (by simp) +def x2_c : U32 := eval_global x2_body (by decide) /- [constants::incr]: Source: 'src/constants.rs', lines 17:0-17:32 -/ @@ -28,7 +28,7 @@ def incr (n : U32) : Result U32 := /- [constants::X3] Source: 'src/constants.rs', lines 15:0-15:17 -/ def x3_body : Result U32 := incr 32#u32 -def x3_c : U32 := eval_global x3_body (by simp) +def x3_c : U32 := eval_global x3_body (by decide) /- [constants::mk_pair0]: Source: 'src/constants.rs', lines 23:0-23:51 -/ @@ -49,22 +49,22 @@ def mk_pair1 (x : U32) (y : U32) : Result (Pair U32 U32) := /- [constants::P0] Source: 'src/constants.rs', lines 31:0-31:24 -/ def p0_body : Result (U32 × U32) := mk_pair0 0#u32 1#u32 -def p0_c : (U32 × U32) := eval_global p0_body (by simp) +def p0_c : (U32 × U32) := eval_global p0_body (by decide) /- [constants::P1] Source: 'src/constants.rs', lines 32:0-32:28 -/ def p1_body : Result (Pair U32 U32) := mk_pair1 0#u32 1#u32 -def p1_c : Pair U32 U32 := eval_global p1_body (by simp) +def p1_c : Pair U32 U32 := eval_global p1_body (by decide) /- [constants::P2] Source: 'src/constants.rs', lines 33:0-33:24 -/ def p2_body : Result (U32 × U32) := Result.ret (0#u32, 1#u32) -def p2_c : (U32 × U32) := eval_global p2_body (by simp) +def p2_c : (U32 × U32) := eval_global p2_body (by decide) /- [constants::P3] Source: 'src/constants.rs', lines 34:0-34:28 -/ def p3_body : Result (Pair U32 U32) := Result.ret { x := 0#u32, y := 1#u32 } -def p3_c : Pair U32 U32 := eval_global p3_body (by simp) +def p3_c : Pair U32 U32 := eval_global p3_body (by decide) /- [constants::Wrap] Source: 'src/constants.rs', lines 49:0-49:18 -/ @@ -79,7 +79,7 @@ def Wrap.new (T : Type) (value : T) : Result (Wrap T) := /- [constants::Y] Source: 'src/constants.rs', lines 41:0-41:22 -/ def y_body : Result (Wrap I32) := Wrap.new I32 2#i32 -def y_c : Wrap I32 := eval_global y_body (by simp) +def y_c : Wrap I32 := eval_global y_body (by decide) /- [constants::unwrap_y]: Source: 'src/constants.rs', lines 43:0-43:30 -/ @@ -89,12 +89,12 @@ def unwrap_y : Result I32 := /- [constants::YVAL] Source: 'src/constants.rs', lines 47:0-47:19 -/ def yval_body : Result I32 := unwrap_y -def yval_c : I32 := eval_global yval_body (by simp) +def yval_c : I32 := eval_global yval_body (by decide) /- [constants::get_z1::Z1] Source: 'src/constants.rs', lines 62:4-62:17 -/ def get_z1_z1_body : Result I32 := Result.ret 3#i32 -def get_z1_z1_c : I32 := eval_global get_z1_z1_body (by simp) +def get_z1_z1_c : I32 := eval_global get_z1_z1_body (by decide) /- [constants::get_z1]: Source: 'src/constants.rs', lines 61:0-61:28 -/ @@ -109,17 +109,17 @@ def add (a : I32) (b : I32) : Result I32 := /- [constants::Q1] Source: 'src/constants.rs', lines 74:0-74:17 -/ def q1_body : Result I32 := Result.ret 5#i32 -def q1_c : I32 := eval_global q1_body (by simp) +def q1_c : I32 := eval_global q1_body (by decide) /- [constants::Q2] Source: 'src/constants.rs', lines 75:0-75:17 -/ def q2_body : Result I32 := Result.ret q1_c -def q2_c : I32 := eval_global q2_body (by simp) +def q2_c : I32 := eval_global q2_body (by decide) /- [constants::Q3] Source: 'src/constants.rs', lines 76:0-76:17 -/ def q3_body : Result I32 := add q2_c 3#i32 -def q3_c : I32 := eval_global q3_body (by simp) +def q3_c : I32 := eval_global q3_body (by decide) /- [constants::get_z2]: Source: 'src/constants.rs', lines 70:0-70:28 -/ @@ -132,21 +132,21 @@ def get_z2 : Result I32 := /- [constants::S1] Source: 'src/constants.rs', lines 80:0-80:18 -/ def s1_body : Result U32 := Result.ret 6#u32 -def s1_c : U32 := eval_global s1_body (by simp) +def s1_c : U32 := eval_global s1_body (by decide) /- [constants::S2] Source: 'src/constants.rs', lines 81:0-81:18 -/ def s2_body : Result U32 := incr s1_c -def s2_c : U32 := eval_global s2_body (by simp) +def s2_c : U32 := eval_global s2_body (by decide) /- [constants::S3] Source: 'src/constants.rs', lines 82:0-82:29 -/ def s3_body : Result (Pair U32 U32) := Result.ret p3_c -def s3_c : Pair U32 U32 := eval_global s3_body (by simp) +def s3_c : Pair U32 U32 := eval_global s3_body (by decide) /- [constants::S4] Source: 'src/constants.rs', lines 83:0-83:29 -/ def s4_body : Result (Pair U32 U32) := mk_pair1 7#u32 8#u32 -def s4_c : Pair U32 U32 := eval_global s4_body (by simp) +def s4_c : Pair U32 U32 := eval_global s4_body (by decide) end constants diff --git a/tests/lean/NoNestedBorrows.lean b/tests/lean/NoNestedBorrows.lean index 0dd29429..bed71d94 100644 --- a/tests/lean/NoNestedBorrows.lean +++ b/tests/lean/NoNestedBorrows.lean @@ -139,12 +139,12 @@ def mix_arith_i32 (x : I32) (y : I32) (z : I32) : Result I32 := /- [no_nested_borrows::CONST0] Source: 'src/no_nested_borrows.rs', lines 125:0-125:23 -/ def const0_body : Result Usize := 1#usize + 1#usize -def const0_c : Usize := eval_global const0_body (by simp) +def const0_c : Usize := eval_global const0_body (by decide) /- [no_nested_borrows::CONST1] Source: 'src/no_nested_borrows.rs', lines 126:0-126:23 -/ def const1_body : Result Usize := 2#usize * 2#usize -def const1_c : Usize := eval_global const1_body (by simp) +def const1_c : Usize := eval_global const1_body (by decide) /- [no_nested_borrows::cast_u32_to_i32]: Source: 'src/no_nested_borrows.rs', lines 128:0-128:37 -/ diff --git a/tests/lean/Traits.lean b/tests/lean/Traits.lean index d32aba86..3ef4febc 100644 --- a/tests/lean/Traits.lean +++ b/tests/lean/Traits.lean @@ -249,7 +249,7 @@ def traits.ToTypetraitsBoolWrapperTInst (T : Type) (ToTypeBoolTInst : ToType Source: 'src/traits.rs', lines 164:4-164:21 -/ def with_const_ty_len2_body : Result Usize := Result.ret 32#usize def with_const_ty_len2_c : Usize := - eval_global with_const_ty_len2_body (by simp) + eval_global with_const_ty_len2_body (by decide) /- Trait declaration: [traits::WithConstTy] Source: 'src/traits.rs', lines 161:0-161:39 -/ @@ -264,7 +264,7 @@ structure WithConstTy (Self : Type) (LEN : Usize) where /- [traits::{bool#8}::LEN1] Source: 'src/traits.rs', lines 175:4-175:21 -/ def bool_len1_body : Result Usize := Result.ret 12#usize -def bool_len1_c : Usize := eval_global bool_len1_body (by simp) +def bool_len1_c : Usize := eval_global bool_len1_body (by decide) /- [traits::{bool#8}::f]: Source: 'src/traits.rs', lines 180:4-180:39 -/ diff --git a/tests/lean/Tutorial.lean b/tests/lean/Tutorial.lean index 840a606e..d92b2dd7 100644 --- a/tests/lean/Tutorial.lean +++ b/tests/lean/Tutorial.lean @@ -376,7 +376,7 @@ theorem i32_id_spec (x : I32) (h : 0 ≤ x.val) : -- -- We first specify a decreasing value. Here, we state that [x], seen as a natural number, -- decreases at every recursive call. -termination_by i32_id_spec x _ => x.val.toNat +termination_by x.val.toNat -- And we now have to prove that it indeed decreases - you can skip this for now. decreasing_by -- We first need to "massage" the goal (in practice, all the proofs of [decreasing_by] diff --git a/tests/lean/lake-manifest.json b/tests/lean/lake-manifest.json index 5c20ec3b..e167e841 100644 --- a/tests/lean/lake-manifest.json +++ b/tests/lean/lake-manifest.json @@ -1,56 +1,74 @@ -{"version": 5, - "packagesDir": "lake-packages", +{"version": 7, + "packagesDir": ".lake/packages", "packages": - [{"git": - {"url": "https://github.com/EdAyers/ProofWidgets4", - "subDir?": null, - "rev": "a0c2cd0ac3245a0dade4f925bcfa97e06dd84229", - "opts": {}, - "name": "proofwidgets", - "inputRev?": "v0.0.13", - "inherited": true}}, - {"path": - {"opts": {}, - "name": "Base", - "inherited": false, - "dir": "./../../backends/lean"}}, - {"git": - {"url": "https://github.com/mhuisi/lean4-cli.git", - "subDir?": null, - "rev": "21dac2e9cc7e3cf7da5800814787b833e680b2fd", - "opts": {}, - "name": "Cli", - "inputRev?": "nightly", - "inherited": true}}, - {"git": - {"url": "https://github.com/leanprover-community/mathlib4.git", - "subDir?": null, - "rev": "b639e46a19a0328adfb9b1fdf8cbe39dfc1de76b", - "opts": {}, - "name": "mathlib", - "inputRev?": null, - "inherited": false}}, - {"git": - {"url": "https://github.com/gebner/quote4", - "subDir?": null, - "rev": "e75daed95ad1c92af4e577fea95e234d7a8401c1", - "opts": {}, - "name": "Qq", - "inputRev?": "master", - "inherited": true}}, - {"git": - {"url": "https://github.com/JLimperg/aesop", - "subDir?": null, - "rev": "1a0cded2be292b5496e659b730d2accc742de098", - "opts": {}, - "name": "aesop", - "inputRev?": "master", - "inherited": true}}, - {"git": - {"url": "https://github.com/leanprover/std4", - "subDir?": null, - "rev": "ba5e5e3af519b4fc5221ad0fa4b2c87276f1d323", - "opts": {}, - "name": "std", - "inputRev?": "main", - "inherited": true}}]} + [{"url": "https://github.com/leanprover/std4", + "type": "git", + "subDir": null, + "rev": "276953b13323ca151939eafaaec9129bf7970306", + "name": "std", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/quote4", + "type": "git", + "subDir": null, + "rev": "1c88406514a636d241903e2e288d21dc6d861e01", + "name": "Qq", + "manifestFile": "lake-manifest.json", + "inputRev": "master", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/aesop", + "type": "git", + "subDir": null, + "rev": "6beed82dcfbb7731d173cd517675df27d62ad0f4", + "name": "aesop", + "manifestFile": "lake-manifest.json", + "inputRev": "master", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/ProofWidgets4", + "type": "git", + "subDir": null, + "rev": "af1e86cf7a37389632a02f4a111e6b501b2b818f", + "name": "proofwidgets", + "manifestFile": "lake-manifest.json", + "inputRev": "v0.0.27", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover/lean4-cli", + "type": "git", + "subDir": null, + "rev": "a751d21d4b68c999accb6fc5d960538af26ad5ec", + "name": "Cli", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/import-graph.git", + "type": "git", + "subDir": null, + "rev": "8079d2d1d0e073bde42eab159c24f4c2d0d3a871", + "name": "importGraph", + "manifestFile": "lake-manifest.json", + "inputRev": "main", + "inherited": true, + "configFile": "lakefile.lean"}, + {"url": "https://github.com/leanprover-community/mathlib4.git", + "type": "git", + "subDir": null, + "rev": "d04f8d39c0e47a0d73450b49f6c0665897cdcaf7", + "name": "mathlib", + "manifestFile": "lake-manifest.json", + "inputRev": null, + "inherited": false, + "configFile": "lakefile.lean"}, + {"type": "path", + "name": "base", + "manifestFile": "lake-manifest.json", + "inherited": false, + "dir": "./../../backends/lean", + "configFile": "lakefile.lean"}], + "name": "Tests", + "lakeDir": ".lake"} diff --git a/tests/lean/lean-toolchain b/tests/lean/lean-toolchain index fbca4d37..cfcdd327 100644 --- a/tests/lean/lean-toolchain +++ b/tests/lean/lean-toolchain @@ -1 +1 @@ -leanprover/lean4:v4.0.0 \ No newline at end of file +leanprover/lean4:v4.6.0-rc1 -- cgit v1.2.3 From 5cf7d9c0d6b0bc77f2219e7b8b29badce26d51e8 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 23:17:30 +0100 Subject: Make progress on fixing the tests --- tests/lean/lakefile.lean | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/tests/lean/lakefile.lean b/tests/lean/lakefile.lean index fef94971..502d8098 100644 --- a/tests/lean/lakefile.lean +++ b/tests/lean/lakefile.lean @@ -4,19 +4,19 @@ open Lake DSL require mathlib from git "https://github.com/leanprover-community/mathlib4.git" -require Base from "../../backends/lean" +require base from "../../backends/lean" -package «tests» {} +package «Tests» {} -@[default_target] lean_lib tutorial -@[default_target] lean_lib betreeMain -@[default_target] lean_lib constants -@[default_target] lean_lib external -@[default_target] lean_lib hashmap -@[default_target] lean_lib hashmapMain -@[default_target] lean_lib loops -@[default_target] lean_lib noNestedBorrows -@[default_target] lean_lib paper -@[default_target] lean_lib poloniusList @[default_target] lean_lib array -@[default_target] lean_lib traits +@[default_target] lean_lib Tutorial +@[default_target] lean_lib BetreeMain +@[default_target] lean_lib Constants +@[default_target] lean_lib External +@[default_target] lean_lib Hashmap +@[default_target] lean_lib HashmapMain +@[default_target] lean_lib Loops +@[default_target] lean_lib NoNestedBorrows +@[default_target] lean_lib Paper +@[default_target] lean_lib PoloniusList +@[default_target] lean_lib Traits -- cgit v1.2.3 From 7ecf28dc36f724a4ab4b3b4976421e4e4c397f3b Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 23:33:20 +0100 Subject: Rename and regenerate some files --- Makefile | 16 +- tests/coq/array/Array.v | 519 ------------ tests/coq/array/Makefile | 23 - tests/coq/array/Primitives.v | 899 --------------------- tests/coq/array/_CoqProject | 7 - tests/coq/arrays/Arrays.v | 519 ++++++++++++ tests/coq/arrays/Makefile | 23 + tests/coq/arrays/Primitives.v | 899 +++++++++++++++++++++ tests/coq/arrays/_CoqProject | 7 + tests/coq/misc/_CoqProject | 2 +- tests/fstar-split/array/Array.Clauses.Template.fst | 21 - tests/fstar-split/array/Array.Clauses.fst | 19 - tests/fstar-split/array/Array.Funs.fst | 445 ---------- tests/fstar-split/array/Array.Types.fst | 11 - tests/fstar-split/array/Makefile | 49 -- tests/fstar-split/array/Primitives.fst | 884 -------------------- .../fstar-split/arrays/Arrays.Clauses.Template.fst | 21 + tests/fstar-split/arrays/Arrays.Clauses.fst | 19 + tests/fstar-split/arrays/Arrays.Funs.fst | 445 ++++++++++ tests/fstar-split/arrays/Arrays.Types.fst | 11 + tests/fstar-split/arrays/Makefile | 49 ++ tests/fstar-split/arrays/Primitives.fst | 884 ++++++++++++++++++++ tests/fstar/array/Array.Clauses.Template.fst | 21 - tests/fstar/array/Array.Clauses.fst | 19 - tests/fstar/array/Array.Funs.fst | 420 ---------- tests/fstar/array/Array.Types.fst | 11 - tests/fstar/array/Makefile | 49 -- tests/fstar/array/Primitives.fst | 848 ------------------- tests/fstar/arrays/Arrays.Clauses.Template.fst | 21 + tests/fstar/arrays/Arrays.Clauses.fst | 19 + tests/fstar/arrays/Arrays.Funs.fst | 420 ++++++++++ tests/fstar/arrays/Arrays.Types.fst | 11 + tests/fstar/arrays/Makefile | 49 ++ tests/fstar/arrays/Primitives.fst | 848 +++++++++++++++++++ tests/lean/Array.lean | 476 ----------- tests/lean/Array/Funs.lean | 431 ---------- tests/lean/Array/Types.lean | 13 - tests/lean/Arrays.lean | 476 +++++++++++ tests/lean/lakefile.lean | 4 +- 39 files changed, 4732 insertions(+), 5176 deletions(-) delete mode 100644 tests/coq/array/Array.v delete mode 100644 tests/coq/array/Makefile delete mode 100644 tests/coq/array/Primitives.v delete mode 100644 tests/coq/array/_CoqProject create mode 100644 tests/coq/arrays/Arrays.v create mode 100644 tests/coq/arrays/Makefile create mode 100644 tests/coq/arrays/Primitives.v create mode 100644 tests/coq/arrays/_CoqProject delete mode 100644 tests/fstar-split/array/Array.Clauses.Template.fst delete mode 100644 tests/fstar-split/array/Array.Clauses.fst delete mode 100644 tests/fstar-split/array/Array.Funs.fst delete mode 100644 tests/fstar-split/array/Array.Types.fst delete mode 100644 tests/fstar-split/array/Makefile delete mode 100644 tests/fstar-split/array/Primitives.fst create mode 100644 tests/fstar-split/arrays/Arrays.Clauses.Template.fst create mode 100644 tests/fstar-split/arrays/Arrays.Clauses.fst create mode 100644 tests/fstar-split/arrays/Arrays.Funs.fst create mode 100644 tests/fstar-split/arrays/Arrays.Types.fst create mode 100644 tests/fstar-split/arrays/Makefile create mode 100644 tests/fstar-split/arrays/Primitives.fst delete mode 100644 tests/fstar/array/Array.Clauses.Template.fst delete mode 100644 tests/fstar/array/Array.Clauses.fst delete mode 100644 tests/fstar/array/Array.Funs.fst delete mode 100644 tests/fstar/array/Array.Types.fst delete mode 100644 tests/fstar/array/Makefile delete mode 100644 tests/fstar/array/Primitives.fst create mode 100644 tests/fstar/arrays/Arrays.Clauses.Template.fst create mode 100644 tests/fstar/arrays/Arrays.Clauses.fst create mode 100644 tests/fstar/arrays/Arrays.Funs.fst create mode 100644 tests/fstar/arrays/Arrays.Types.fst create mode 100644 tests/fstar/arrays/Makefile create mode 100644 tests/fstar/arrays/Primitives.fst delete mode 100644 tests/lean/Array.lean delete mode 100644 tests/lean/Array/Funs.lean delete mode 100644 tests/lean/Array/Types.lean create mode 100644 tests/lean/Arrays.lean diff --git a/Makefile b/Makefile index 8d49a200..45f191cc 100644 --- a/Makefile +++ b/Makefile @@ -93,7 +93,7 @@ tests: test-no_nested_borrows test-paper \ testp-polonius_list testp-betree_main \ ctest-testp-betree_main \ test-loops \ - test-array test-traits test-bitwise + test-arrays test-traits test-bitwise # Verify the F* files generated by the translation .PHONY: verify @@ -125,13 +125,13 @@ tlean-paper: SUBDIR := thol4-no_nested_borrows: SUBDIR := misc-no_nested_borrows thol4-paper: SUBDIR := misc-paper -test-array: OPTIONS += -test-array: SUBDIR := array -tfstar-array: OPTIONS += -decreases-clauses -template-clauses -split-files -tcoq-array: OPTIONS += -use-fuel -tlean-array: SUBDIR := -tlean-array: OPTIONS += -thol4-array: OPTIONS += +test-arrays: OPTIONS += +test-arrays: SUBDIR := arrays +tfstar-arrays: OPTIONS += -decreases-clauses -template-clauses -split-files +tcoq-arrays: OPTIONS += -use-fuel +tlean-arrays: SUBDIR := +tlean-arrays: OPTIONS += +thol4-arrays: OPTIONS += test-traits: OPTIONS += test-traits: SUBDIR := traits diff --git a/tests/coq/array/Array.v b/tests/coq/array/Array.v deleted file mode 100644 index 3a30413a..00000000 --- a/tests/coq/array/Array.v +++ /dev/null @@ -1,519 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array] *) -Require Import Primitives. -Import Primitives. -Require Import Coq.ZArith.ZArith. -Require Import List. -Import ListNotations. -Local Open Scope Primitives_scope. -Module Array. - -(** [array::AB] - Source: 'src/array.rs', lines 3:0-3:11 *) -Inductive AB_t := | AB_A : AB_t | AB_B : AB_t. - -(** [array::incr]: - Source: 'src/array.rs', lines 8:0-8:24 *) -Definition incr (x : u32) : result u32 := - u32_add x 1%u32. - -(** [array::array_to_shared_slice_]: - Source: 'src/array.rs', lines 16:0-16:53 *) -Definition array_to_shared_slice_ - (T : Type) (s : array T 32%usize) : result (slice T) := - array_to_slice T 32%usize s -. - -(** [array::array_to_mut_slice_]: - Source: 'src/array.rs', lines 21:0-21:58 *) -Definition array_to_mut_slice_ - (T : Type) (s : array T 32%usize) : - result ((slice T) * (slice T -> result (array T 32%usize))) - := - p <- array_to_slice_mut T 32%usize s; - let (s1, to_slice_mut_back) := p in - Return (s1, to_slice_mut_back) -. - -(** [array::array_len]: - Source: 'src/array.rs', lines 25:0-25:40 *) -Definition array_len (T : Type) (s : array T 32%usize) : result usize := - s1 <- array_to_slice T 32%usize s; let i := slice_len T s1 in Return i -. - -(** [array::shared_array_len]: - Source: 'src/array.rs', lines 29:0-29:48 *) -Definition shared_array_len (T : Type) (s : array T 32%usize) : result usize := - s1 <- array_to_slice T 32%usize s; let i := slice_len T s1 in Return i -. - -(** [array::shared_slice_len]: - Source: 'src/array.rs', lines 33:0-33:44 *) -Definition shared_slice_len (T : Type) (s : slice T) : result usize := - let i := slice_len T s in Return i -. - -(** [array::index_array_shared]: - Source: 'src/array.rs', lines 37:0-37:57 *) -Definition index_array_shared - (T : Type) (s : array T 32%usize) (i : usize) : result T := - array_index_usize T 32%usize s i -. - -(** [array::index_array_u32]: - Source: 'src/array.rs', lines 44:0-44:53 *) -Definition index_array_u32 (s : array u32 32%usize) (i : usize) : result u32 := - array_index_usize u32 32%usize s i -. - -(** [array::index_array_copy]: - Source: 'src/array.rs', lines 48:0-48:45 *) -Definition index_array_copy (x : array u32 32%usize) : result u32 := - array_index_usize u32 32%usize x 0%usize -. - -(** [array::index_mut_array]: - Source: 'src/array.rs', lines 52:0-52:62 *) -Definition index_mut_array - (T : Type) (s : array T 32%usize) (i : usize) : - result (T * (T -> result (array T 32%usize))) - := - p <- array_index_mut_usize T 32%usize s i; - let (t, index_mut_back) := p in - Return (t, index_mut_back) -. - -(** [array::index_slice]: - Source: 'src/array.rs', lines 56:0-56:46 *) -Definition index_slice (T : Type) (s : slice T) (i : usize) : result T := - slice_index_usize T s i -. - -(** [array::index_mut_slice]: - Source: 'src/array.rs', lines 60:0-60:58 *) -Definition index_mut_slice - (T : Type) (s : slice T) (i : usize) : - result (T * (T -> result (slice T))) - := - p <- slice_index_mut_usize T s i; - let (t, index_mut_back) := p in - Return (t, index_mut_back) -. - -(** [array::slice_subslice_shared_]: - Source: 'src/array.rs', lines 64:0-64:70 *) -Definition slice_subslice_shared_ - (x : slice u32) (y : usize) (z : usize) : result (slice u32) := - core_slice_index_Slice_index u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} -. - -(** [array::slice_subslice_mut_]: - Source: 'src/array.rs', lines 68:0-68:75 *) -Definition slice_subslice_mut_ - (x : slice u32) (y : usize) (z : usize) : - result ((slice u32) * (slice u32 -> result (slice u32))) - := - p <- - core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |}; - let (s, index_mut_back) := p in - Return (s, index_mut_back) -. - -(** [array::array_to_slice_shared_]: - Source: 'src/array.rs', lines 72:0-72:54 *) -Definition array_to_slice_shared_ - (x : array u32 32%usize) : result (slice u32) := - array_to_slice u32 32%usize x -. - -(** [array::array_to_slice_mut_]: - Source: 'src/array.rs', lines 76:0-76:59 *) -Definition array_to_slice_mut_ - (x : array u32 32%usize) : - result ((slice u32) * (slice u32 -> result (array u32 32%usize))) - := - p <- array_to_slice_mut u32 32%usize x; - let (s, to_slice_mut_back) := p in - Return (s, to_slice_mut_back) -. - -(** [array::array_subslice_shared_]: - Source: 'src/array.rs', lines 80:0-80:74 *) -Definition array_subslice_shared_ - (x : array u32 32%usize) (y : usize) (z : usize) : result (slice u32) := - core_array_Array_index u32 (core_ops_range_Range usize) 32%usize - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} -. - -(** [array::array_subslice_mut_]: - Source: 'src/array.rs', lines 84:0-84:79 *) -Definition array_subslice_mut_ - (x : array u32 32%usize) (y : usize) (z : usize) : - result ((slice u32) * (slice u32 -> result (array u32 32%usize))) - := - p <- - core_array_Array_index_mut u32 (core_ops_range_Range usize) 32%usize - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |}; - let (s, index_mut_back) := p in - Return (s, index_mut_back) -. - -(** [array::index_slice_0]: - Source: 'src/array.rs', lines 88:0-88:38 *) -Definition index_slice_0 (T : Type) (s : slice T) : result T := - slice_index_usize T s 0%usize -. - -(** [array::index_array_0]: - Source: 'src/array.rs', lines 92:0-92:42 *) -Definition index_array_0 (T : Type) (s : array T 32%usize) : result T := - array_index_usize T 32%usize s 0%usize -. - -(** [array::index_index_array]: - Source: 'src/array.rs', lines 103:0-103:71 *) -Definition index_index_array - (s : array (array u32 32%usize) 32%usize) (i : usize) (j : usize) : - result u32 - := - a <- array_index_usize (array u32 32%usize) 32%usize s i; - array_index_usize u32 32%usize a j -. - -(** [array::update_update_array]: - Source: 'src/array.rs', lines 114:0-114:70 *) -Definition update_update_array - (s : array (array u32 32%usize) 32%usize) (i : usize) (j : usize) : - result unit - := - p <- array_index_mut_usize (array u32 32%usize) 32%usize s i; - let (a, index_mut_back) := p in - p1 <- array_index_mut_usize u32 32%usize a j; - let (_, index_mut_back1) := p1 in - a1 <- index_mut_back1 0%u32; - _ <- index_mut_back a1; - Return tt -. - -(** [array::array_local_deep_copy]: - Source: 'src/array.rs', lines 118:0-118:43 *) -Definition array_local_deep_copy (x : array u32 32%usize) : result unit := - Return tt -. - -(** [array::take_array]: - Source: 'src/array.rs', lines 122:0-122:30 *) -Definition take_array (a : array u32 2%usize) : result unit := - Return tt. - -(** [array::take_array_borrow]: - Source: 'src/array.rs', lines 123:0-123:38 *) -Definition take_array_borrow (a : array u32 2%usize) : result unit := - Return tt -. - -(** [array::take_slice]: - Source: 'src/array.rs', lines 124:0-124:28 *) -Definition take_slice (s : slice u32) : result unit := - Return tt. - -(** [array::take_mut_slice]: - Source: 'src/array.rs', lines 125:0-125:36 *) -Definition take_mut_slice (s : slice u32) : result (slice u32) := - Return s. - -(** [array::const_array]: - Source: 'src/array.rs', lines 127:0-127:32 *) -Definition const_array : result (array u32 2%usize) := - Return (mk_array u32 2%usize [ 0%u32; 0%u32 ]) -. - -(** [array::const_slice]: - Source: 'src/array.rs', lines 131:0-131:20 *) -Definition const_slice : result unit := - _ <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - Return tt -. - -(** [array::take_all]: - Source: 'src/array.rs', lines 141:0-141:17 *) -Definition take_all : result unit := - _ <- take_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - _ <- take_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - _ <- take_array_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - _ <- take_slice s; - p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - let (s1, to_slice_mut_back) := p in - s2 <- take_mut_slice s1; - _ <- to_slice_mut_back s2; - Return tt -. - -(** [array::index_array]: - Source: 'src/array.rs', lines 155:0-155:38 *) -Definition index_array (x : array u32 2%usize) : result u32 := - array_index_usize u32 2%usize x 0%usize -. - -(** [array::index_array_borrow]: - Source: 'src/array.rs', lines 158:0-158:46 *) -Definition index_array_borrow (x : array u32 2%usize) : result u32 := - array_index_usize u32 2%usize x 0%usize -. - -(** [array::index_slice_u32_0]: - Source: 'src/array.rs', lines 162:0-162:42 *) -Definition index_slice_u32_0 (x : slice u32) : result u32 := - slice_index_usize u32 x 0%usize -. - -(** [array::index_mut_slice_u32_0]: - Source: 'src/array.rs', lines 166:0-166:50 *) -Definition index_mut_slice_u32_0 - (x : slice u32) : result (u32 * (slice u32)) := - i <- slice_index_usize u32 x 0%usize; Return (i, x) -. - -(** [array::index_all]: - Source: 'src/array.rs', lines 170:0-170:25 *) -Definition index_all : result u32 := - i <- index_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - i1 <- index_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - i2 <- u32_add i i1; - i3 <- index_array_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - i4 <- u32_add i2 i3; - s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - i5 <- index_slice_u32_0 s; - i6 <- u32_add i4 i5; - p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - let (s1, to_slice_mut_back) := p in - p1 <- index_mut_slice_u32_0 s1; - let (i7, s2) := p1 in - i8 <- u32_add i6 i7; - _ <- to_slice_mut_back s2; - Return i8 -. - -(** [array::update_array]: - Source: 'src/array.rs', lines 184:0-184:36 *) -Definition update_array (x : array u32 2%usize) : result unit := - p <- array_index_mut_usize u32 2%usize x 0%usize; - let (_, index_mut_back) := p in - _ <- index_mut_back 1%u32; - Return tt -. - -(** [array::update_array_mut_borrow]: - Source: 'src/array.rs', lines 187:0-187:48 *) -Definition update_array_mut_borrow - (x : array u32 2%usize) : result (array u32 2%usize) := - p <- array_index_mut_usize u32 2%usize x 0%usize; - let (_, index_mut_back) := p in - index_mut_back 1%u32 -. - -(** [array::update_mut_slice]: - Source: 'src/array.rs', lines 190:0-190:38 *) -Definition update_mut_slice (x : slice u32) : result (slice u32) := - p <- slice_index_mut_usize u32 x 0%usize; - let (_, index_mut_back) := p in - index_mut_back 1%u32 -. - -(** [array::update_all]: - Source: 'src/array.rs', lines 194:0-194:19 *) -Definition update_all : result unit := - _ <- update_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - _ <- update_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - a <- update_array_mut_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - p <- array_to_slice_mut u32 2%usize a; - let (s, to_slice_mut_back) := p in - s1 <- update_mut_slice s; - _ <- to_slice_mut_back s1; - Return tt -. - -(** [array::range_all]: - Source: 'src/array.rs', lines 205:0-205:18 *) -Definition range_all : result unit := - p <- - core_array_Array_index_mut u32 (core_ops_range_Range usize) 4%usize - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) - (mk_array u32 4%usize [ 0%u32; 0%u32; 0%u32; 0%u32 ]) - {| - core_ops_range_Range_start := 1%usize; - core_ops_range_Range_end_ := 3%usize - |}; - let (s, index_mut_back) := p in - s1 <- update_mut_slice s; - _ <- index_mut_back s1; - Return tt -. - -(** [array::deref_array_borrow]: - Source: 'src/array.rs', lines 214:0-214:46 *) -Definition deref_array_borrow (x : array u32 2%usize) : result u32 := - array_index_usize u32 2%usize x 0%usize -. - -(** [array::deref_array_mut_borrow]: - Source: 'src/array.rs', lines 219:0-219:54 *) -Definition deref_array_mut_borrow - (x : array u32 2%usize) : result (u32 * (array u32 2%usize)) := - i <- array_index_usize u32 2%usize x 0%usize; Return (i, x) -. - -(** [array::take_array_t]: - Source: 'src/array.rs', lines 227:0-227:31 *) -Definition take_array_t (a : array AB_t 2%usize) : result unit := - Return tt. - -(** [array::non_copyable_array]: - Source: 'src/array.rs', lines 229:0-229:27 *) -Definition non_copyable_array : result unit := - _ <- take_array_t (mk_array AB_t 2%usize [ AB_A; AB_B ]); Return tt -. - -(** [array::sum]: loop 0: - Source: 'src/array.rs', lines 242:0-250:1 *) -Fixpoint sum_loop - (n : nat) (s : slice u32) (sum1 : u32) (i : usize) : result u32 := - match n with - | O => Fail_ OutOfFuel - | S n1 => - let i1 := slice_len u32 s in - if i s< i1 - then ( - i2 <- slice_index_usize u32 s i; - sum3 <- u32_add sum1 i2; - i3 <- usize_add i 1%usize; - sum_loop n1 s sum3 i3) - else Return sum1 - end -. - -(** [array::sum]: - Source: 'src/array.rs', lines 242:0-242:28 *) -Definition sum (n : nat) (s : slice u32) : result u32 := - sum_loop n s 0%u32 0%usize -. - -(** [array::sum2]: loop 0: - Source: 'src/array.rs', lines 252:0-261:1 *) -Fixpoint sum2_loop - (n : nat) (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : - result u32 - := - match n with - | O => Fail_ OutOfFuel - | S n1 => - let i1 := slice_len u32 s in - if i s< i1 - then ( - i2 <- slice_index_usize u32 s i; - i3 <- slice_index_usize u32 s2 i; - i4 <- u32_add i2 i3; - sum3 <- u32_add sum1 i4; - i5 <- usize_add i 1%usize; - sum2_loop n1 s s2 sum3 i5) - else Return sum1 - end -. - -(** [array::sum2]: - Source: 'src/array.rs', lines 252:0-252:41 *) -Definition sum2 (n : nat) (s : slice u32) (s2 : slice u32) : result u32 := - let i := slice_len u32 s in - let i1 := slice_len u32 s2 in - if negb (i s= i1) then Fail_ Failure else sum2_loop n s s2 0%u32 0%usize -. - -(** [array::f0]: - Source: 'src/array.rs', lines 263:0-263:11 *) -Definition f0 : result unit := - p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]); - let (s, to_slice_mut_back) := p in - p1 <- slice_index_mut_usize u32 s 0%usize; - let (_, index_mut_back) := p1 in - s1 <- index_mut_back 1%u32; - _ <- to_slice_mut_back s1; - Return tt -. - -(** [array::f1]: - Source: 'src/array.rs', lines 268:0-268:11 *) -Definition f1 : result unit := - p <- - array_index_mut_usize u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]) - 0%usize; - let (_, index_mut_back) := p in - _ <- index_mut_back 1%u32; - Return tt -. - -(** [array::f2]: - Source: 'src/array.rs', lines 273:0-273:17 *) -Definition f2 (i : u32) : result unit := - Return tt. - -(** [array::f4]: - Source: 'src/array.rs', lines 282:0-282:54 *) -Definition f4 - (x : array u32 32%usize) (y : usize) (z : usize) : result (slice u32) := - core_array_Array_index u32 (core_ops_range_Range usize) 32%usize - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} -. - -(** [array::f3]: - Source: 'src/array.rs', lines 275:0-275:18 *) -Definition f3 (n : nat) : result u32 := - i <- - array_index_usize u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]) - 0%usize; - _ <- f2 i; - let b := array_repeat u32 32%usize 0%u32 in - s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]); - s1 <- f4 b 16%usize 18%usize; - sum2 n s s1 -. - -(** [array::SZ] - Source: 'src/array.rs', lines 286:0-286:19 *) -Definition sz_body : result usize := Return 32%usize. -Definition sz_c : usize := sz_body%global. - -(** [array::f5]: - Source: 'src/array.rs', lines 289:0-289:31 *) -Definition f5 (x : array u32 32%usize) : result u32 := - array_index_usize u32 32%usize x 0%usize -. - -(** [array::ite]: - Source: 'src/array.rs', lines 294:0-294:12 *) -Definition ite : result unit := - p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - let (s, to_slice_mut_back) := p in - p1 <- index_mut_slice_u32_0 s; - let (_, s1) := p1 in - p2 <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); - let (s2, to_slice_mut_back1) := p2 in - p3 <- index_mut_slice_u32_0 s2; - let (_, s3) := p3 in - _ <- to_slice_mut_back1 s3; - _ <- to_slice_mut_back s1; - Return tt -. - -End Array. diff --git a/tests/coq/array/Makefile b/tests/coq/array/Makefile deleted file mode 100644 index 1a5aee4a..00000000 --- a/tests/coq/array/Makefile +++ /dev/null @@ -1,23 +0,0 @@ -# This file was automatically generated - modify ../Makefile.template instead -# Makefile originally taken from coq-club - -%: Makefile.coq phony - +make -f Makefile.coq $@ - -all: Makefile.coq - +make -f Makefile.coq all - -clean: Makefile.coq - +make -f Makefile.coq clean - rm -f Makefile.coq - -Makefile.coq: _CoqProject Makefile - coq_makefile -f _CoqProject | sed 's/$$(COQCHK) $$(COQCHKFLAGS) $$(COQLIBS)/$$(COQCHK) $$(COQCHKFLAGS) $$(subst -Q,-R,$$(COQLIBS))/' > Makefile.coq - -_CoqProject: ; - -Makefile: ; - -phony: ; - -.PHONY: all clean phony diff --git a/tests/coq/array/Primitives.v b/tests/coq/array/Primitives.v deleted file mode 100644 index 990e27e4..00000000 --- a/tests/coq/array/Primitives.v +++ /dev/null @@ -1,899 +0,0 @@ -Require Import Lia. -Require Coq.Strings.Ascii. -Require Coq.Strings.String. -Require Import Coq.Program.Equality. -Require Import Coq.ZArith.ZArith. -Require Import Coq.ZArith.Znat. -Require Import List. -Import ListNotations. - -Module Primitives. - - (* TODO: use more *) -Declare Scope Primitives_scope. - -(*** Result *) - -Inductive error := - | Failure - | OutOfFuel. - -Inductive result A := - | Return : A -> result A - | Fail_ : error -> result A. - -Arguments Return {_} a. -Arguments Fail_ {_}. - -Definition bind {A B} (m: result A) (f: A -> result B) : result B := - match m with - | Fail_ e => Fail_ e - | Return x => f x - end. - -Definition return_ {A: Type} (x: A) : result A := Return x. -Definition fail_ {A: Type} (e: error) : result A := Fail_ e. - -Notation "x <- c1 ; c2" := (bind c1 (fun x => c2)) - (at level 61, c1 at next level, right associativity). - -(** Monadic assert *) -Definition massert (b: bool) : result unit := - if b then Return tt else Fail_ Failure. - -(** Normalize and unwrap a successful result (used for globals) *) -Definition eval_result_refl {A} {x} (a: result A) (p: a = Return x) : A := - match a as r return (r = Return x -> A) with - | Return a' => fun _ => a' - | Fail_ e => fun p' => - False_rect _ (eq_ind (Fail_ e) - (fun e : result A => - match e with - | Return _ => False - | Fail_ e => True - end) - I (Return x) p') - end p. - -Notation "x %global" := (eval_result_refl x eq_refl) (at level 40). -Notation "x %return" := (eval_result_refl x eq_refl) (at level 40). - -(* Sanity check *) -Check (if true then Return (1 + 2) else Fail_ Failure)%global = 3. - -(*** Misc *) - -Definition string := Coq.Strings.String.string. -Definition char := Coq.Strings.Ascii.ascii. -Definition char_of_byte := Coq.Strings.Ascii.ascii_of_byte. - -Definition core_mem_replace (a : Type) (x : a) (y : a) : a * a := (x, x) . - -Record mut_raw_ptr (T : Type) := { mut_raw_ptr_v : T }. -Record const_raw_ptr (T : Type) := { const_raw_ptr_v : T }. - -(*** Scalars *) - -Definition i8_min : Z := -128%Z. -Definition i8_max : Z := 127%Z. -Definition i16_min : Z := -32768%Z. -Definition i16_max : Z := 32767%Z. -Definition i32_min : Z := -2147483648%Z. -Definition i32_max : Z := 2147483647%Z. -Definition i64_min : Z := -9223372036854775808%Z. -Definition i64_max : Z := 9223372036854775807%Z. -Definition i128_min : Z := -170141183460469231731687303715884105728%Z. -Definition i128_max : Z := 170141183460469231731687303715884105727%Z. -Definition u8_min : Z := 0%Z. -Definition u8_max : Z := 255%Z. -Definition u16_min : Z := 0%Z. -Definition u16_max : Z := 65535%Z. -Definition u32_min : Z := 0%Z. -Definition u32_max : Z := 4294967295%Z. -Definition u64_min : Z := 0%Z. -Definition u64_max : Z := 18446744073709551615%Z. -Definition u128_min : Z := 0%Z. -Definition u128_max : Z := 340282366920938463463374607431768211455%Z. - -(** The bounds of [isize] and [usize] vary with the architecture. *) -Axiom isize_min : Z. -Axiom isize_max : Z. -Definition usize_min : Z := 0%Z. -Axiom usize_max : Z. - -Open Scope Z_scope. - -(** We provide those lemmas to reason about the bounds of [isize] and [usize] *) -Axiom isize_min_bound : isize_min <= i32_min. -Axiom isize_max_bound : i32_max <= isize_max. -Axiom usize_max_bound : u32_max <= usize_max. - -Inductive scalar_ty := - | Isize - | I8 - | I16 - | I32 - | I64 - | I128 - | Usize - | U8 - | U16 - | U32 - | U64 - | U128 -. - -Definition scalar_min (ty: scalar_ty) : Z := - match ty with - | Isize => isize_min - | I8 => i8_min - | I16 => i16_min - | I32 => i32_min - | I64 => i64_min - | I128 => i128_min - | Usize => usize_min - | U8 => u8_min - | U16 => u16_min - | U32 => u32_min - | U64 => u64_min - | U128 => u128_min -end. - -Definition scalar_max (ty: scalar_ty) : Z := - match ty with - | Isize => isize_max - | I8 => i8_max - | I16 => i16_max - | I32 => i32_max - | I64 => i64_max - | I128 => i128_max - | Usize => usize_max - | U8 => u8_max - | U16 => u16_max - | U32 => u32_max - | U64 => u64_max - | U128 => u128_max -end. - -(** We use the following conservative bounds to make sure we can compute bound - checks in most situations *) -Definition scalar_min_cons (ty: scalar_ty) : Z := - match ty with - | Isize => i32_min - | Usize => u32_min - | _ => scalar_min ty -end. - -Definition scalar_max_cons (ty: scalar_ty) : Z := - match ty with - | Isize => i32_max - | Usize => u32_max - | _ => scalar_max ty -end. - -Lemma scalar_min_cons_valid : forall ty, scalar_min ty <= scalar_min_cons ty . -Proof. - destruct ty; unfold scalar_min_cons, scalar_min; try lia. - - pose isize_min_bound; lia. - - apply Z.le_refl. -Qed. - -Lemma scalar_max_cons_valid : forall ty, scalar_max ty >= scalar_max_cons ty . -Proof. - destruct ty; unfold scalar_max_cons, scalar_max; try lia. - - pose isize_max_bound; lia. - - pose usize_max_bound. lia. -Qed. - -Definition scalar (ty: scalar_ty) : Type := - { x: Z | scalar_min ty <= x <= scalar_max ty }. - -Definition to_Z {ty} (x: scalar ty) : Z := proj1_sig x. - -(** Bounds checks: we start by using the conservative bounds, to make sure we - can compute in most situations, then we use the real bounds (for [isize] - and [usize]). *) -Definition scalar_ge_min (ty: scalar_ty) (x: Z) : bool := - Z.leb (scalar_min_cons ty) x || Z.leb (scalar_min ty) x. - -Definition scalar_le_max (ty: scalar_ty) (x: Z) : bool := - Z.leb x (scalar_max_cons ty) || Z.leb x (scalar_max ty). - -Lemma scalar_ge_min_valid (ty: scalar_ty) (x: Z) : - scalar_ge_min ty x = true -> scalar_min ty <= x . -Proof. - unfold scalar_ge_min. - pose (scalar_min_cons_valid ty). - lia. -Qed. - -Lemma scalar_le_max_valid (ty: scalar_ty) (x: Z) : - scalar_le_max ty x = true -> x <= scalar_max ty . -Proof. - unfold scalar_le_max. - pose (scalar_max_cons_valid ty). - lia. -Qed. - -Definition scalar_in_bounds (ty: scalar_ty) (x: Z) : bool := - scalar_ge_min ty x && scalar_le_max ty x . - -Lemma scalar_in_bounds_valid (ty: scalar_ty) (x: Z) : - scalar_in_bounds ty x = true -> scalar_min ty <= x <= scalar_max ty . -Proof. - unfold scalar_in_bounds. - intros H. - destruct (scalar_ge_min ty x) eqn:Hmin. - - destruct (scalar_le_max ty x) eqn:Hmax. - + pose (scalar_ge_min_valid ty x Hmin). - pose (scalar_le_max_valid ty x Hmax). - lia. - + inversion H. - - inversion H. -Qed. - -Import Sumbool. - -Definition mk_scalar (ty: scalar_ty) (x: Z) : result (scalar ty) := - match sumbool_of_bool (scalar_in_bounds ty x) with - | left H => Return (exist _ x (scalar_in_bounds_valid _ _ H)) - | right _ => Fail_ Failure - end. - -Definition scalar_add {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x + to_Z y). - -Definition scalar_sub {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x - to_Z y). - -Definition scalar_mul {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x * to_Z y). - -Definition scalar_div {ty} (x y: scalar ty) : result (scalar ty) := - if to_Z y =? 0 then Fail_ Failure else - mk_scalar ty (to_Z x / to_Z y). - -Definition scalar_rem {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (Z.rem (to_Z x) (to_Z y)). - -Definition scalar_neg {ty} (x: scalar ty) : result (scalar ty) := mk_scalar ty (-(to_Z x)). - -Axiom scalar_xor : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) -Axiom scalar_or : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) -Axiom scalar_and : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) -Axiom scalar_shl : forall ty0 ty1, scalar ty0 -> scalar ty1 -> result (scalar ty0). (* TODO *) -Axiom scalar_shr : forall ty0 ty1, scalar ty0 -> scalar ty1 -> result (scalar ty0). (* TODO *) - -(** Cast an integer from a [src_ty] to a [tgt_ty] *) -(* TODO: check the semantics of casts in Rust *) -Definition scalar_cast (src_ty tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) := - mk_scalar tgt_ty (to_Z x). - -(* This can't fail, but for now we make all casts faillible (easier for the translation) *) -Definition scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) := - mk_scalar tgt_ty (if x then 1 else 0). - -(** Comparisons *) -Definition scalar_leb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - Z.leb (to_Z x) (to_Z y) . - -Definition scalar_ltb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - Z.ltb (to_Z x) (to_Z y) . - -Definition scalar_geb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - Z.geb (to_Z x) (to_Z y) . - -Definition scalar_gtb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - Z.gtb (to_Z x) (to_Z y) . - -Definition scalar_eqb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - Z.eqb (to_Z x) (to_Z y) . - -Definition scalar_neqb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := - negb (Z.eqb (to_Z x) (to_Z y)) . - - -(** The scalar types *) -Definition isize := scalar Isize. -Definition i8 := scalar I8. -Definition i16 := scalar I16. -Definition i32 := scalar I32. -Definition i64 := scalar I64. -Definition i128 := scalar I128. -Definition usize := scalar Usize. -Definition u8 := scalar U8. -Definition u16 := scalar U16. -Definition u32 := scalar U32. -Definition u64 := scalar U64. -Definition u128 := scalar U128. - -(** Negaion *) -Definition isize_neg := @scalar_neg Isize. -Definition i8_neg := @scalar_neg I8. -Definition i16_neg := @scalar_neg I16. -Definition i32_neg := @scalar_neg I32. -Definition i64_neg := @scalar_neg I64. -Definition i128_neg := @scalar_neg I128. - -(** Division *) -Definition isize_div := @scalar_div Isize. -Definition i8_div := @scalar_div I8. -Definition i16_div := @scalar_div I16. -Definition i32_div := @scalar_div I32. -Definition i64_div := @scalar_div I64. -Definition i128_div := @scalar_div I128. -Definition usize_div := @scalar_div Usize. -Definition u8_div := @scalar_div U8. -Definition u16_div := @scalar_div U16. -Definition u32_div := @scalar_div U32. -Definition u64_div := @scalar_div U64. -Definition u128_div := @scalar_div U128. - -(** Remainder *) -Definition isize_rem := @scalar_rem Isize. -Definition i8_rem := @scalar_rem I8. -Definition i16_rem := @scalar_rem I16. -Definition i32_rem := @scalar_rem I32. -Definition i64_rem := @scalar_rem I64. -Definition i128_rem := @scalar_rem I128. -Definition usize_rem := @scalar_rem Usize. -Definition u8_rem := @scalar_rem U8. -Definition u16_rem := @scalar_rem U16. -Definition u32_rem := @scalar_rem U32. -Definition u64_rem := @scalar_rem U64. -Definition u128_rem := @scalar_rem U128. - -(** Addition *) -Definition isize_add := @scalar_add Isize. -Definition i8_add := @scalar_add I8. -Definition i16_add := @scalar_add I16. -Definition i32_add := @scalar_add I32. -Definition i64_add := @scalar_add I64. -Definition i128_add := @scalar_add I128. -Definition usize_add := @scalar_add Usize. -Definition u8_add := @scalar_add U8. -Definition u16_add := @scalar_add U16. -Definition u32_add := @scalar_add U32. -Definition u64_add := @scalar_add U64. -Definition u128_add := @scalar_add U128. - -(** Substraction *) -Definition isize_sub := @scalar_sub Isize. -Definition i8_sub := @scalar_sub I8. -Definition i16_sub := @scalar_sub I16. -Definition i32_sub := @scalar_sub I32. -Definition i64_sub := @scalar_sub I64. -Definition i128_sub := @scalar_sub I128. -Definition usize_sub := @scalar_sub Usize. -Definition u8_sub := @scalar_sub U8. -Definition u16_sub := @scalar_sub U16. -Definition u32_sub := @scalar_sub U32. -Definition u64_sub := @scalar_sub U64. -Definition u128_sub := @scalar_sub U128. - -(** Multiplication *) -Definition isize_mul := @scalar_mul Isize. -Definition i8_mul := @scalar_mul I8. -Definition i16_mul := @scalar_mul I16. -Definition i32_mul := @scalar_mul I32. -Definition i64_mul := @scalar_mul I64. -Definition i128_mul := @scalar_mul I128. -Definition usize_mul := @scalar_mul Usize. -Definition u8_mul := @scalar_mul U8. -Definition u16_mul := @scalar_mul U16. -Definition u32_mul := @scalar_mul U32. -Definition u64_mul := @scalar_mul U64. -Definition u128_mul := @scalar_mul U128. - -(** Xor *) -Definition u8_xor := @scalar_xor U8. -Definition u16_xor := @scalar_xor U16. -Definition u32_xor := @scalar_xor U32. -Definition u64_xor := @scalar_xor U64. -Definition u128_xor := @scalar_xor U128. -Definition usize_xor := @scalar_xor Usize. -Definition i8_xor := @scalar_xor I8. -Definition i16_xor := @scalar_xor I16. -Definition i32_xor := @scalar_xor I32. -Definition i64_xor := @scalar_xor I64. -Definition i128_xor := @scalar_xor I128. -Definition isize_xor := @scalar_xor Isize. - -(** Or *) -Definition u8_or := @scalar_or U8. -Definition u16_or := @scalar_or U16. -Definition u32_or := @scalar_or U32. -Definition u64_or := @scalar_or U64. -Definition u128_or := @scalar_or U128. -Definition usize_or := @scalar_or Usize. -Definition i8_or := @scalar_or I8. -Definition i16_or := @scalar_or I16. -Definition i32_or := @scalar_or I32. -Definition i64_or := @scalar_or I64. -Definition i128_or := @scalar_or I128. -Definition isize_or := @scalar_or Isize. - -(** And *) -Definition u8_and := @scalar_and U8. -Definition u16_and := @scalar_and U16. -Definition u32_and := @scalar_and U32. -Definition u64_and := @scalar_and U64. -Definition u128_and := @scalar_and U128. -Definition usize_and := @scalar_and Usize. -Definition i8_and := @scalar_and I8. -Definition i16_and := @scalar_and I16. -Definition i32_and := @scalar_and I32. -Definition i64_and := @scalar_and I64. -Definition i128_and := @scalar_and I128. -Definition isize_and := @scalar_and Isize. - -(** Shift left *) -Definition u8_shl {ty} := @scalar_shl U8 ty. -Definition u16_shl {ty} := @scalar_shl U16 ty. -Definition u32_shl {ty} := @scalar_shl U32 ty. -Definition u64_shl {ty} := @scalar_shl U64 ty. -Definition u128_shl {ty} := @scalar_shl U128 ty. -Definition usize_shl {ty} := @scalar_shl Usize ty. -Definition i8_shl {ty} := @scalar_shl I8 ty. -Definition i16_shl {ty} := @scalar_shl I16 ty. -Definition i32_shl {ty} := @scalar_shl I32 ty. -Definition i64_shl {ty} := @scalar_shl I64 ty. -Definition i128_shl {ty} := @scalar_shl I128 ty. -Definition isize_shl {ty} := @scalar_shl Isize ty. - -(** Shift right *) -Definition u8_shr {ty} := @scalar_shr U8 ty. -Definition u16_shr {ty} := @scalar_shr U16 ty. -Definition u32_shr {ty} := @scalar_shr U32 ty. -Definition u64_shr {ty} := @scalar_shr U64 ty. -Definition u128_shr {ty} := @scalar_shr U128 ty. -Definition usize_shr {ty} := @scalar_shr Usize ty. -Definition i8_shr {ty} := @scalar_shr I8 ty. -Definition i16_shr {ty} := @scalar_shr I16 ty. -Definition i32_shr {ty} := @scalar_shr I32 ty. -Definition i64_shr {ty} := @scalar_shr I64 ty. -Definition i128_shr {ty} := @scalar_shr I128 ty. -Definition isize_shr {ty} := @scalar_shr Isize ty. - -(** Small utility *) -Definition usize_to_nat (x: usize) : nat := Z.to_nat (to_Z x). - -(** Notations *) -Notation "x %isize" := ((mk_scalar Isize x)%return) (at level 9). -Notation "x %i8" := ((mk_scalar I8 x)%return) (at level 9). -Notation "x %i16" := ((mk_scalar I16 x)%return) (at level 9). -Notation "x %i32" := ((mk_scalar I32 x)%return) (at level 9). -Notation "x %i64" := ((mk_scalar I64 x)%return) (at level 9). -Notation "x %i128" := ((mk_scalar I128 x)%return) (at level 9). -Notation "x %usize" := ((mk_scalar Usize x)%return) (at level 9). -Notation "x %u8" := ((mk_scalar U8 x)%return) (at level 9). -Notation "x %u16" := ((mk_scalar U16 x)%return) (at level 9). -Notation "x %u32" := ((mk_scalar U32 x)%return) (at level 9). -Notation "x %u64" := ((mk_scalar U64 x)%return) (at level 9). -Notation "x %u128" := ((mk_scalar U128 x)%return) (at level 9). - -Notation "x s= y" := (scalar_eqb x y) (at level 80) : Primitives_scope. -Notation "x s<> y" := (scalar_neqb x y) (at level 80) : Primitives_scope. -Notation "x s<= y" := (scalar_leb x y) (at level 80) : Primitives_scope. -Notation "x s< y" := (scalar_ltb x y) (at level 80) : Primitives_scope. -Notation "x s>= y" := (scalar_geb x y) (at level 80) : Primitives_scope. -Notation "x s> y" := (scalar_gtb x y) (at level 80) : Primitives_scope. - -(** Constants *) -Definition core_u8_max := u8_max %u32. -Definition core_u16_max := u16_max %u32. -Definition core_u32_max := u32_max %u32. -Definition core_u64_max := u64_max %u64. -Definition core_u128_max := u64_max %u128. -Axiom core_usize_max : usize. (** TODO *) -Definition core_i8_max := i8_max %i32. -Definition core_i16_max := i16_max %i32. -Definition core_i32_max := i32_max %i32. -Definition core_i64_max := i64_max %i64. -Definition core_i128_max := i64_max %i128. -Axiom core_isize_max : isize. (** TODO *) - -(*** core::ops *) - -(* Trait declaration: [core::ops::index::Index] *) -Record core_ops_index_Index (Self Idx : Type) := mk_core_ops_index_Index { - core_ops_index_Index_Output : Type; - core_ops_index_Index_index : Self -> Idx -> result core_ops_index_Index_Output; -}. -Arguments mk_core_ops_index_Index {_ _}. -Arguments core_ops_index_Index_Output {_ _}. -Arguments core_ops_index_Index_index {_ _}. - -(* Trait declaration: [core::ops::index::IndexMut] *) -Record core_ops_index_IndexMut (Self Idx : Type) := mk_core_ops_index_IndexMut { - core_ops_index_IndexMut_indexInst : core_ops_index_Index Self Idx; - core_ops_index_IndexMut_index_mut : - Self -> - Idx -> - result (core_ops_index_IndexMut_indexInst.(core_ops_index_Index_Output) * - (core_ops_index_IndexMut_indexInst.(core_ops_index_Index_Output) -> result Self)); -}. -Arguments mk_core_ops_index_IndexMut {_ _}. -Arguments core_ops_index_IndexMut_indexInst {_ _}. -Arguments core_ops_index_IndexMut_index_mut {_ _}. - -(* Trait declaration [core::ops::deref::Deref] *) -Record core_ops_deref_Deref (Self : Type) := mk_core_ops_deref_Deref { - core_ops_deref_Deref_target : Type; - core_ops_deref_Deref_deref : Self -> result core_ops_deref_Deref_target; -}. -Arguments mk_core_ops_deref_Deref {_}. -Arguments core_ops_deref_Deref_target {_}. -Arguments core_ops_deref_Deref_deref {_}. - -(* Trait declaration [core::ops::deref::DerefMut] *) -Record core_ops_deref_DerefMut (Self : Type) := mk_core_ops_deref_DerefMut { - core_ops_deref_DerefMut_derefInst : core_ops_deref_Deref Self; - core_ops_deref_DerefMut_deref_mut : - Self -> - result (core_ops_deref_DerefMut_derefInst.(core_ops_deref_Deref_target) * - (core_ops_deref_DerefMut_derefInst.(core_ops_deref_Deref_target) -> result Self)); -}. -Arguments mk_core_ops_deref_DerefMut {_}. -Arguments core_ops_deref_DerefMut_derefInst {_}. -Arguments core_ops_deref_DerefMut_deref_mut {_}. - -Record core_ops_range_Range (T : Type) := mk_core_ops_range_Range { - core_ops_range_Range_start : T; - core_ops_range_Range_end_ : T; -}. -Arguments mk_core_ops_range_Range {_}. -Arguments core_ops_range_Range_start {_}. -Arguments core_ops_range_Range_end_ {_}. - -(*** [alloc] *) - -Definition alloc_boxed_Box_deref (T : Type) (x : T) : result T := Return x. -Definition alloc_boxed_Box_deref_mut (T : Type) (x : T) : result (T * (T -> result T)) := - Return (x, fun x => Return x). - -(* Trait instance *) -Definition alloc_boxed_Box_coreopsDerefInst (Self : Type) : core_ops_deref_Deref Self := {| - core_ops_deref_Deref_target := Self; - core_ops_deref_Deref_deref := alloc_boxed_Box_deref Self; -|}. - -(* Trait instance *) -Definition alloc_boxed_Box_coreopsDerefMutInst (Self : Type) : core_ops_deref_DerefMut Self := {| - core_ops_deref_DerefMut_derefInst := alloc_boxed_Box_coreopsDerefInst Self; - core_ops_deref_DerefMut_deref_mut := alloc_boxed_Box_deref_mut Self; -|}. - - -(*** Arrays *) -Definition array T (n : usize) := { l: list T | Z.of_nat (length l) = to_Z n}. - -Lemma le_0_usize_max : 0 <= usize_max. -Proof. - pose (H := usize_max_bound). - unfold u32_max in H. - lia. -Qed. - -Lemma eqb_imp_eq (x y : Z) : Z.eqb x y = true -> x = y. -Proof. - lia. -Qed. - -(* TODO: finish the definitions *) -Axiom mk_array : forall (T : Type) (n : usize) (l : list T), array T n. - -(* For initialization *) -Axiom array_repeat : forall (T : Type) (n : usize) (x : T), array T n. - -Axiom array_index_usize : forall (T : Type) (n : usize) (x : array T n) (i : usize), result T. -Axiom array_update_usize : forall (T : Type) (n : usize) (x : array T n) (i : usize) (nx : T), result (array T n). - -Definition array_index_mut_usize (T : Type) (n : usize) (a : array T n) (i : usize) : - result (T * (T -> result (array T n))) := - match array_index_usize T n a i with - | Fail_ e => Fail_ e - | Return x => Return (x, array_update_usize T n a i) - end. - -(*** Slice *) -Definition slice T := { l: list T | Z.of_nat (length l) <= usize_max}. - -Axiom slice_len : forall (T : Type) (s : slice T), usize. -Axiom slice_index_usize : forall (T : Type) (x : slice T) (i : usize), result T. -Axiom slice_update_usize : forall (T : Type) (x : slice T) (i : usize) (nx : T), result (slice T). - -Definition slice_index_mut_usize (T : Type) (s : slice T) (i : usize) : - result (T * (T -> result (slice T))) := - match slice_index_usize T s i with - | Fail_ e => Fail_ e - | Return x => Return (x, slice_update_usize T s i) - end. - -(*** Subslices *) - -Axiom array_to_slice : forall (T : Type) (n : usize) (x : array T n), result (slice T). -Axiom array_from_slice : forall (T : Type) (n : usize) (x : array T n) (s : slice T), result (array T n). - -Definition array_to_slice_mut (T : Type) (n : usize) (a : array T n) : - result (slice T * (slice T -> result (array T n))) := - match array_to_slice T n a with - | Fail_ e => Fail_ e - | Return x => Return (x, array_from_slice T n a) - end. - -Axiom array_subslice: forall (T : Type) (n : usize) (x : array T n) (r : core_ops_range_Range usize), result (slice T). -Axiom array_update_subslice: forall (T : Type) (n : usize) (x : array T n) (r : core_ops_range_Range usize) (ns : slice T), result (array T n). - -Axiom slice_subslice: forall (T : Type) (x : slice T) (r : core_ops_range_Range usize), result (slice T). -Axiom slice_update_subslice: forall (T : Type) (x : slice T) (r : core_ops_range_Range usize) (ns : slice T), result (slice T). - -(*** Vectors *) - -Definition alloc_vec_Vec T := { l: list T | Z.of_nat (length l) <= usize_max }. - -Definition alloc_vec_Vec_to_list {T: Type} (v: alloc_vec_Vec T) : list T := proj1_sig v. - -Definition alloc_vec_Vec_length {T: Type} (v: alloc_vec_Vec T) : Z := Z.of_nat (length (alloc_vec_Vec_to_list v)). - -Definition alloc_vec_Vec_new (T: Type) : alloc_vec_Vec T := (exist _ [] le_0_usize_max). - -Lemma alloc_vec_Vec_len_in_usize {T} (v: alloc_vec_Vec T) : usize_min <= alloc_vec_Vec_length v <= usize_max. -Proof. - unfold alloc_vec_Vec_length, usize_min. - split. - - lia. - - apply (proj2_sig v). -Qed. - -Definition alloc_vec_Vec_len (T: Type) (v: alloc_vec_Vec T) : usize := - exist _ (alloc_vec_Vec_length v) (alloc_vec_Vec_len_in_usize v). - -Fixpoint list_update {A} (l: list A) (n: nat) (a: A) - : list A := - match l with - | [] => [] - | x :: t => match n with - | 0%nat => a :: t - | S m => x :: (list_update t m a) -end end. - -Definition alloc_vec_Vec_bind {A B} (v: alloc_vec_Vec A) (f: list A -> result (list B)) : result (alloc_vec_Vec B) := - l <- f (alloc_vec_Vec_to_list v) ; - match sumbool_of_bool (scalar_le_max Usize (Z.of_nat (length l))) with - | left H => Return (exist _ l (scalar_le_max_valid _ _ H)) - | right _ => Fail_ Failure - end. - -Definition alloc_vec_Vec_push (T: Type) (v: alloc_vec_Vec T) (x: T) : result (alloc_vec_Vec T) := - alloc_vec_Vec_bind v (fun l => Return (l ++ [x])). - -Definition alloc_vec_Vec_insert (T: Type) (v: alloc_vec_Vec T) (i: usize) (x: T) : result (alloc_vec_Vec T) := - alloc_vec_Vec_bind v (fun l => - if to_Z i result (alloc_vec_Vec T))) := - match alloc_vec_Vec_index_usize v i with - | Return x => - Return (x, alloc_vec_Vec_update_usize v i) - | Fail_ e => Fail_ e - end. - -(* Trait declaration: [core::slice::index::private_slice_index::Sealed] *) -Definition core_slice_index_private_slice_index_Sealed (self : Type) := unit. - -(* Trait declaration: [core::slice::index::SliceIndex] *) -Record core_slice_index_SliceIndex (Self T : Type) := mk_core_slice_index_SliceIndex { - core_slice_index_SliceIndex_sealedInst : core_slice_index_private_slice_index_Sealed Self; - core_slice_index_SliceIndex_Output : Type; - core_slice_index_SliceIndex_get : Self -> T -> result (option core_slice_index_SliceIndex_Output); - core_slice_index_SliceIndex_get_mut : - Self -> T -> result (option core_slice_index_SliceIndex_Output * (option core_slice_index_SliceIndex_Output -> result T)); - core_slice_index_SliceIndex_get_unchecked : Self -> const_raw_ptr T -> result (const_raw_ptr core_slice_index_SliceIndex_Output); - core_slice_index_SliceIndex_get_unchecked_mut : Self -> mut_raw_ptr T -> result (mut_raw_ptr core_slice_index_SliceIndex_Output); - core_slice_index_SliceIndex_index : Self -> T -> result core_slice_index_SliceIndex_Output; - core_slice_index_SliceIndex_index_mut : - Self -> T -> result (core_slice_index_SliceIndex_Output * (core_slice_index_SliceIndex_Output -> result T)); -}. -Arguments mk_core_slice_index_SliceIndex {_ _}. -Arguments core_slice_index_SliceIndex_sealedInst {_ _}. -Arguments core_slice_index_SliceIndex_Output {_ _}. -Arguments core_slice_index_SliceIndex_get {_ _}. -Arguments core_slice_index_SliceIndex_get_mut {_ _}. -Arguments core_slice_index_SliceIndex_get_unchecked {_ _}. -Arguments core_slice_index_SliceIndex_get_unchecked_mut {_ _}. -Arguments core_slice_index_SliceIndex_index {_ _}. -Arguments core_slice_index_SliceIndex_index_mut {_ _}. - -(* [core::slice::index::[T]::index]: forward function *) -Definition core_slice_index_Slice_index - (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) - (s : slice T) (i : Idx) : result inst.(core_slice_index_SliceIndex_Output) := - x <- inst.(core_slice_index_SliceIndex_get) i s; - match x with - | None => Fail_ Failure - | Some x => Return x - end. - -(* [core::slice::index::Range:::get]: forward function *) -Axiom core_slice_index_RangeUsize_get : forall (T : Type) (i : core_ops_range_Range usize) (s : slice T), result (option (slice T)). - -(* [core::slice::index::Range::get_mut]: forward function *) -Axiom core_slice_index_RangeUsize_get_mut : - forall (T : Type), - core_ops_range_Range usize -> slice T -> - result (option (slice T) * (option (slice T) -> result (slice T))). - -(* [core::slice::index::Range::get_unchecked]: forward function *) -Definition core_slice_index_RangeUsize_get_unchecked - (T : Type) : - core_ops_range_Range usize -> const_raw_ptr (slice T) -> result (const_raw_ptr (slice T)) := - (* Don't know what the model should be - for now we always fail to make - sure code which uses it fails *) - fun _ _ => Fail_ Failure. - -(* [core::slice::index::Range::get_unchecked_mut]: forward function *) -Definition core_slice_index_RangeUsize_get_unchecked_mut - (T : Type) : - core_ops_range_Range usize -> mut_raw_ptr (slice T) -> result (mut_raw_ptr (slice T)) := - (* Don't know what the model should be - for now we always fail to make - sure code which uses it fails *) - fun _ _ => Fail_ Failure. - -(* [core::slice::index::Range::index]: forward function *) -Axiom core_slice_index_RangeUsize_index : - forall (T : Type), core_ops_range_Range usize -> slice T -> result (slice T). - -(* [core::slice::index::Range::index_mut]: forward function *) -Axiom core_slice_index_RangeUsize_index_mut : - forall (T : Type), core_ops_range_Range usize -> slice T -> result (slice T * (slice T -> result (slice T))). - -(* [core::slice::index::[T]::index_mut]: forward function *) -Axiom core_slice_index_Slice_index_mut : - forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)), - slice T -> Idx -> - result (inst.(core_slice_index_SliceIndex_Output) * - (inst.(core_slice_index_SliceIndex_Output) -> result (slice T))). - -(* [core::array::[T; N]::index]: forward function *) -Axiom core_array_Array_index : - forall (T Idx : Type) (N : usize) (inst : core_ops_index_Index (slice T) Idx) - (a : array T N) (i : Idx), result inst.(core_ops_index_Index_Output). - -(* [core::array::[T; N]::index_mut]: forward function *) -Axiom core_array_Array_index_mut : - forall (T Idx : Type) (N : usize) (inst : core_ops_index_IndexMut (slice T) Idx) - (a : array T N) (i : Idx), - result (inst.(core_ops_index_IndexMut_indexInst).(core_ops_index_Index_Output) * - (inst.(core_ops_index_IndexMut_indexInst).(core_ops_index_Index_Output) -> result (array T N))). - -(* Trait implementation: [core::slice::index::private_slice_index::Range] *) -Definition core_slice_index_private_slice_index_SealedRangeUsizeInst - : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) := tt. - -(* Trait implementation: [core::slice::index::Range] *) -Definition core_slice_index_SliceIndexRangeUsizeSliceTInst (T : Type) : - core_slice_index_SliceIndex (core_ops_range_Range usize) (slice T) := {| - core_slice_index_SliceIndex_sealedInst := core_slice_index_private_slice_index_SealedRangeUsizeInst; - core_slice_index_SliceIndex_Output := slice T; - core_slice_index_SliceIndex_get := core_slice_index_RangeUsize_get T; - core_slice_index_SliceIndex_get_mut := core_slice_index_RangeUsize_get_mut T; - core_slice_index_SliceIndex_get_unchecked := core_slice_index_RangeUsize_get_unchecked T; - core_slice_index_SliceIndex_get_unchecked_mut := core_slice_index_RangeUsize_get_unchecked_mut T; - core_slice_index_SliceIndex_index := core_slice_index_RangeUsize_index T; - core_slice_index_SliceIndex_index_mut := core_slice_index_RangeUsize_index_mut T; -|}. - -(* Trait implementation: [core::slice::index::[T]] *) -Definition core_ops_index_IndexSliceTIInst (T Idx : Type) - (inst : core_slice_index_SliceIndex Idx (slice T)) : - core_ops_index_Index (slice T) Idx := {| - core_ops_index_Index_Output := inst.(core_slice_index_SliceIndex_Output); - core_ops_index_Index_index := core_slice_index_Slice_index T Idx inst; -|}. - -(* Trait implementation: [core::slice::index::[T]] *) -Definition core_ops_index_IndexMutSliceTIInst (T Idx : Type) - (inst : core_slice_index_SliceIndex Idx (slice T)) : - core_ops_index_IndexMut (slice T) Idx := {| - core_ops_index_IndexMut_indexInst := core_ops_index_IndexSliceTIInst T Idx inst; - core_ops_index_IndexMut_index_mut := core_slice_index_Slice_index_mut T Idx inst; -|}. - -(* Trait implementation: [core::array::[T; N]] *) -Definition core_ops_index_IndexArrayInst (T Idx : Type) (N : usize) - (inst : core_ops_index_Index (slice T) Idx) : - core_ops_index_Index (array T N) Idx := {| - core_ops_index_Index_Output := inst.(core_ops_index_Index_Output); - core_ops_index_Index_index := core_array_Array_index T Idx N inst; -|}. - -(* Trait implementation: [core::array::[T; N]] *) -Definition core_ops_index_IndexMutArrayInst (T Idx : Type) (N : usize) - (inst : core_ops_index_IndexMut (slice T) Idx) : - core_ops_index_IndexMut (array T N) Idx := {| - core_ops_index_IndexMut_indexInst := core_ops_index_IndexArrayInst T Idx N inst.(core_ops_index_IndexMut_indexInst); - core_ops_index_IndexMut_index_mut := core_array_Array_index_mut T Idx N inst; -|}. - -(* [core::slice::index::usize::get]: forward function *) -Axiom core_slice_index_usize_get : forall (T : Type), usize -> slice T -> result (option T). - -(* [core::slice::index::usize::get_mut]: forward function *) -Axiom core_slice_index_usize_get_mut : - forall (T : Type), usize -> slice T -> result (option T * (option T -> result (slice T))). - -(* [core::slice::index::usize::get_unchecked]: forward function *) -Axiom core_slice_index_usize_get_unchecked : - forall (T : Type), usize -> const_raw_ptr (slice T) -> result (const_raw_ptr T). - -(* [core::slice::index::usize::get_unchecked_mut]: forward function *) -Axiom core_slice_index_usize_get_unchecked_mut : - forall (T : Type), usize -> mut_raw_ptr (slice T) -> result (mut_raw_ptr T). - -(* [core::slice::index::usize::index]: forward function *) -Axiom core_slice_index_usize_index : forall (T : Type), usize -> slice T -> result T. - -(* [core::slice::index::usize::index_mut]: forward function *) -Axiom core_slice_index_usize_index_mut : - forall (T : Type), usize -> slice T -> result (T * (T -> result (slice T))). - -(* Trait implementation: [core::slice::index::private_slice_index::usize] *) -Definition core_slice_index_private_slice_index_SealedUsizeInst - : core_slice_index_private_slice_index_Sealed usize := tt. - -(* Trait implementation: [core::slice::index::usize] *) -Definition core_slice_index_SliceIndexUsizeSliceTInst (T : Type) : - core_slice_index_SliceIndex usize (slice T) := {| - core_slice_index_SliceIndex_sealedInst := core_slice_index_private_slice_index_SealedUsizeInst; - core_slice_index_SliceIndex_Output := T; - core_slice_index_SliceIndex_get := core_slice_index_usize_get T; - core_slice_index_SliceIndex_get_mut := core_slice_index_usize_get_mut T; - core_slice_index_SliceIndex_get_unchecked := core_slice_index_usize_get_unchecked T; - core_slice_index_SliceIndex_get_unchecked_mut := core_slice_index_usize_get_unchecked_mut T; - core_slice_index_SliceIndex_index := core_slice_index_usize_index T; - core_slice_index_SliceIndex_index_mut := core_slice_index_usize_index_mut T; -|}. - -(* [alloc::vec::Vec::index]: forward function *) -Axiom alloc_vec_Vec_index : forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) - (Self : alloc_vec_Vec T) (i : Idx), result inst.(core_slice_index_SliceIndex_Output). - -(* [alloc::vec::Vec::index_mut]: forward function *) -Axiom alloc_vec_Vec_index_mut : forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) - (Self : alloc_vec_Vec T) (i : Idx), - result (inst.(core_slice_index_SliceIndex_Output) * - (inst.(core_slice_index_SliceIndex_Output) -> result (alloc_vec_Vec T))). - -(* Trait implementation: [alloc::vec::Vec] *) -Definition alloc_vec_Vec_coreopsindexIndexInst (T Idx : Type) - (inst : core_slice_index_SliceIndex Idx (slice T)) : - core_ops_index_Index (alloc_vec_Vec T) Idx := {| - core_ops_index_Index_Output := inst.(core_slice_index_SliceIndex_Output); - core_ops_index_Index_index := alloc_vec_Vec_index T Idx inst; -|}. - -(* Trait implementation: [alloc::vec::Vec] *) -Definition alloc_vec_Vec_coreopsindexIndexMutInst (T Idx : Type) - (inst : core_slice_index_SliceIndex Idx (slice T)) : - core_ops_index_IndexMut (alloc_vec_Vec T) Idx := {| - core_ops_index_IndexMut_indexInst := alloc_vec_Vec_coreopsindexIndexInst T Idx inst; - core_ops_index_IndexMut_index_mut := alloc_vec_Vec_index_mut T Idx inst; -|}. - -(*** Theorems *) - -Axiom alloc_vec_Vec_index_eq : forall {a : Type} (v : alloc_vec_Vec a) (i : usize) (x : a), - alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i = - alloc_vec_Vec_index_usize v i. - -Axiom alloc_vec_Vec_index_mut_eq : forall {a : Type} (v : alloc_vec_Vec a) (i : usize) (x : a), - alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i = - alloc_vec_Vec_index_mut_usize v i. - -End Primitives. diff --git a/tests/coq/array/_CoqProject b/tests/coq/array/_CoqProject deleted file mode 100644 index 87d8fc3d..00000000 --- a/tests/coq/array/_CoqProject +++ /dev/null @@ -1,7 +0,0 @@ -# This file was automatically generated - see ../Makefile --R . Lib --arg -w --arg all - -Primitives.v -Array.v diff --git a/tests/coq/arrays/Arrays.v b/tests/coq/arrays/Arrays.v new file mode 100644 index 00000000..3a6fb02f --- /dev/null +++ b/tests/coq/arrays/Arrays.v @@ -0,0 +1,519 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays] *) +Require Import Primitives. +Import Primitives. +Require Import Coq.ZArith.ZArith. +Require Import List. +Import ListNotations. +Local Open Scope Primitives_scope. +Module Arrays. + +(** [arrays::AB] + Source: 'src/arrays.rs', lines 3:0-3:11 *) +Inductive AB_t := | AB_A : AB_t | AB_B : AB_t. + +(** [arrays::incr]: + Source: 'src/arrays.rs', lines 8:0-8:24 *) +Definition incr (x : u32) : result u32 := + u32_add x 1%u32. + +(** [arrays::array_to_shared_slice_]: + Source: 'src/arrays.rs', lines 16:0-16:53 *) +Definition array_to_shared_slice_ + (T : Type) (s : array T 32%usize) : result (slice T) := + array_to_slice T 32%usize s +. + +(** [arrays::array_to_mut_slice_]: + Source: 'src/arrays.rs', lines 21:0-21:58 *) +Definition array_to_mut_slice_ + (T : Type) (s : array T 32%usize) : + result ((slice T) * (slice T -> result (array T 32%usize))) + := + p <- array_to_slice_mut T 32%usize s; + let (s1, to_slice_mut_back) := p in + Return (s1, to_slice_mut_back) +. + +(** [arrays::array_len]: + Source: 'src/arrays.rs', lines 25:0-25:40 *) +Definition array_len (T : Type) (s : array T 32%usize) : result usize := + s1 <- array_to_slice T 32%usize s; let i := slice_len T s1 in Return i +. + +(** [arrays::shared_array_len]: + Source: 'src/arrays.rs', lines 29:0-29:48 *) +Definition shared_array_len (T : Type) (s : array T 32%usize) : result usize := + s1 <- array_to_slice T 32%usize s; let i := slice_len T s1 in Return i +. + +(** [arrays::shared_slice_len]: + Source: 'src/arrays.rs', lines 33:0-33:44 *) +Definition shared_slice_len (T : Type) (s : slice T) : result usize := + let i := slice_len T s in Return i +. + +(** [arrays::index_array_shared]: + Source: 'src/arrays.rs', lines 37:0-37:57 *) +Definition index_array_shared + (T : Type) (s : array T 32%usize) (i : usize) : result T := + array_index_usize T 32%usize s i +. + +(** [arrays::index_array_u32]: + Source: 'src/arrays.rs', lines 44:0-44:53 *) +Definition index_array_u32 (s : array u32 32%usize) (i : usize) : result u32 := + array_index_usize u32 32%usize s i +. + +(** [arrays::index_array_copy]: + Source: 'src/arrays.rs', lines 48:0-48:45 *) +Definition index_array_copy (x : array u32 32%usize) : result u32 := + array_index_usize u32 32%usize x 0%usize +. + +(** [arrays::index_mut_array]: + Source: 'src/arrays.rs', lines 52:0-52:62 *) +Definition index_mut_array + (T : Type) (s : array T 32%usize) (i : usize) : + result (T * (T -> result (array T 32%usize))) + := + p <- array_index_mut_usize T 32%usize s i; + let (t, index_mut_back) := p in + Return (t, index_mut_back) +. + +(** [arrays::index_slice]: + Source: 'src/arrays.rs', lines 56:0-56:46 *) +Definition index_slice (T : Type) (s : slice T) (i : usize) : result T := + slice_index_usize T s i +. + +(** [arrays::index_mut_slice]: + Source: 'src/arrays.rs', lines 60:0-60:58 *) +Definition index_mut_slice + (T : Type) (s : slice T) (i : usize) : + result (T * (T -> result (slice T))) + := + p <- slice_index_mut_usize T s i; + let (t, index_mut_back) := p in + Return (t, index_mut_back) +. + +(** [arrays::slice_subslice_shared_]: + Source: 'src/arrays.rs', lines 64:0-64:70 *) +Definition slice_subslice_shared_ + (x : slice u32) (y : usize) (z : usize) : result (slice u32) := + core_slice_index_Slice_index u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} +. + +(** [arrays::slice_subslice_mut_]: + Source: 'src/arrays.rs', lines 68:0-68:75 *) +Definition slice_subslice_mut_ + (x : slice u32) (y : usize) (z : usize) : + result ((slice u32) * (slice u32 -> result (slice u32))) + := + p <- + core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |}; + let (s, index_mut_back) := p in + Return (s, index_mut_back) +. + +(** [arrays::array_to_slice_shared_]: + Source: 'src/arrays.rs', lines 72:0-72:54 *) +Definition array_to_slice_shared_ + (x : array u32 32%usize) : result (slice u32) := + array_to_slice u32 32%usize x +. + +(** [arrays::array_to_slice_mut_]: + Source: 'src/arrays.rs', lines 76:0-76:59 *) +Definition array_to_slice_mut_ + (x : array u32 32%usize) : + result ((slice u32) * (slice u32 -> result (array u32 32%usize))) + := + p <- array_to_slice_mut u32 32%usize x; + let (s, to_slice_mut_back) := p in + Return (s, to_slice_mut_back) +. + +(** [arrays::array_subslice_shared_]: + Source: 'src/arrays.rs', lines 80:0-80:74 *) +Definition array_subslice_shared_ + (x : array u32 32%usize) (y : usize) (z : usize) : result (slice u32) := + core_array_Array_index u32 (core_ops_range_Range usize) 32%usize + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} +. + +(** [arrays::array_subslice_mut_]: + Source: 'src/arrays.rs', lines 84:0-84:79 *) +Definition array_subslice_mut_ + (x : array u32 32%usize) (y : usize) (z : usize) : + result ((slice u32) * (slice u32 -> result (array u32 32%usize))) + := + p <- + core_array_Array_index_mut u32 (core_ops_range_Range usize) 32%usize + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |}; + let (s, index_mut_back) := p in + Return (s, index_mut_back) +. + +(** [arrays::index_slice_0]: + Source: 'src/arrays.rs', lines 88:0-88:38 *) +Definition index_slice_0 (T : Type) (s : slice T) : result T := + slice_index_usize T s 0%usize +. + +(** [arrays::index_array_0]: + Source: 'src/arrays.rs', lines 92:0-92:42 *) +Definition index_array_0 (T : Type) (s : array T 32%usize) : result T := + array_index_usize T 32%usize s 0%usize +. + +(** [arrays::index_index_array]: + Source: 'src/arrays.rs', lines 103:0-103:71 *) +Definition index_index_array + (s : array (array u32 32%usize) 32%usize) (i : usize) (j : usize) : + result u32 + := + a <- array_index_usize (array u32 32%usize) 32%usize s i; + array_index_usize u32 32%usize a j +. + +(** [arrays::update_update_array]: + Source: 'src/arrays.rs', lines 114:0-114:70 *) +Definition update_update_array + (s : array (array u32 32%usize) 32%usize) (i : usize) (j : usize) : + result unit + := + p <- array_index_mut_usize (array u32 32%usize) 32%usize s i; + let (a, index_mut_back) := p in + p1 <- array_index_mut_usize u32 32%usize a j; + let (_, index_mut_back1) := p1 in + a1 <- index_mut_back1 0%u32; + _ <- index_mut_back a1; + Return tt +. + +(** [arrays::array_local_deep_copy]: + Source: 'src/arrays.rs', lines 118:0-118:43 *) +Definition array_local_deep_copy (x : array u32 32%usize) : result unit := + Return tt +. + +(** [arrays::take_array]: + Source: 'src/arrays.rs', lines 122:0-122:30 *) +Definition take_array (a : array u32 2%usize) : result unit := + Return tt. + +(** [arrays::take_array_borrow]: + Source: 'src/arrays.rs', lines 123:0-123:38 *) +Definition take_array_borrow (a : array u32 2%usize) : result unit := + Return tt +. + +(** [arrays::take_slice]: + Source: 'src/arrays.rs', lines 124:0-124:28 *) +Definition take_slice (s : slice u32) : result unit := + Return tt. + +(** [arrays::take_mut_slice]: + Source: 'src/arrays.rs', lines 125:0-125:36 *) +Definition take_mut_slice (s : slice u32) : result (slice u32) := + Return s. + +(** [arrays::const_array]: + Source: 'src/arrays.rs', lines 127:0-127:32 *) +Definition const_array : result (array u32 2%usize) := + Return (mk_array u32 2%usize [ 0%u32; 0%u32 ]) +. + +(** [arrays::const_slice]: + Source: 'src/arrays.rs', lines 131:0-131:20 *) +Definition const_slice : result unit := + _ <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + Return tt +. + +(** [arrays::take_all]: + Source: 'src/arrays.rs', lines 141:0-141:17 *) +Definition take_all : result unit := + _ <- take_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + _ <- take_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + _ <- take_array_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + _ <- take_slice s; + p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + let (s1, to_slice_mut_back) := p in + s2 <- take_mut_slice s1; + _ <- to_slice_mut_back s2; + Return tt +. + +(** [arrays::index_array]: + Source: 'src/arrays.rs', lines 155:0-155:38 *) +Definition index_array (x : array u32 2%usize) : result u32 := + array_index_usize u32 2%usize x 0%usize +. + +(** [arrays::index_array_borrow]: + Source: 'src/arrays.rs', lines 158:0-158:46 *) +Definition index_array_borrow (x : array u32 2%usize) : result u32 := + array_index_usize u32 2%usize x 0%usize +. + +(** [arrays::index_slice_u32_0]: + Source: 'src/arrays.rs', lines 162:0-162:42 *) +Definition index_slice_u32_0 (x : slice u32) : result u32 := + slice_index_usize u32 x 0%usize +. + +(** [arrays::index_mut_slice_u32_0]: + Source: 'src/arrays.rs', lines 166:0-166:50 *) +Definition index_mut_slice_u32_0 + (x : slice u32) : result (u32 * (slice u32)) := + i <- slice_index_usize u32 x 0%usize; Return (i, x) +. + +(** [arrays::index_all]: + Source: 'src/arrays.rs', lines 170:0-170:25 *) +Definition index_all : result u32 := + i <- index_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + i1 <- index_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + i2 <- u32_add i i1; + i3 <- index_array_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + i4 <- u32_add i2 i3; + s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + i5 <- index_slice_u32_0 s; + i6 <- u32_add i4 i5; + p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + let (s1, to_slice_mut_back) := p in + p1 <- index_mut_slice_u32_0 s1; + let (i7, s2) := p1 in + i8 <- u32_add i6 i7; + _ <- to_slice_mut_back s2; + Return i8 +. + +(** [arrays::update_array]: + Source: 'src/arrays.rs', lines 184:0-184:36 *) +Definition update_array (x : array u32 2%usize) : result unit := + p <- array_index_mut_usize u32 2%usize x 0%usize; + let (_, index_mut_back) := p in + _ <- index_mut_back 1%u32; + Return tt +. + +(** [arrays::update_array_mut_borrow]: + Source: 'src/arrays.rs', lines 187:0-187:48 *) +Definition update_array_mut_borrow + (x : array u32 2%usize) : result (array u32 2%usize) := + p <- array_index_mut_usize u32 2%usize x 0%usize; + let (_, index_mut_back) := p in + index_mut_back 1%u32 +. + +(** [arrays::update_mut_slice]: + Source: 'src/arrays.rs', lines 190:0-190:38 *) +Definition update_mut_slice (x : slice u32) : result (slice u32) := + p <- slice_index_mut_usize u32 x 0%usize; + let (_, index_mut_back) := p in + index_mut_back 1%u32 +. + +(** [arrays::update_all]: + Source: 'src/arrays.rs', lines 194:0-194:19 *) +Definition update_all : result unit := + _ <- update_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + _ <- update_array (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + a <- update_array_mut_borrow (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + p <- array_to_slice_mut u32 2%usize a; + let (s, to_slice_mut_back) := p in + s1 <- update_mut_slice s; + _ <- to_slice_mut_back s1; + Return tt +. + +(** [arrays::range_all]: + Source: 'src/arrays.rs', lines 205:0-205:18 *) +Definition range_all : result unit := + p <- + core_array_Array_index_mut u32 (core_ops_range_Range usize) 4%usize + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) + (mk_array u32 4%usize [ 0%u32; 0%u32; 0%u32; 0%u32 ]) + {| + core_ops_range_Range_start := 1%usize; + core_ops_range_Range_end_ := 3%usize + |}; + let (s, index_mut_back) := p in + s1 <- update_mut_slice s; + _ <- index_mut_back s1; + Return tt +. + +(** [arrays::deref_array_borrow]: + Source: 'src/arrays.rs', lines 214:0-214:46 *) +Definition deref_array_borrow (x : array u32 2%usize) : result u32 := + array_index_usize u32 2%usize x 0%usize +. + +(** [arrays::deref_array_mut_borrow]: + Source: 'src/arrays.rs', lines 219:0-219:54 *) +Definition deref_array_mut_borrow + (x : array u32 2%usize) : result (u32 * (array u32 2%usize)) := + i <- array_index_usize u32 2%usize x 0%usize; Return (i, x) +. + +(** [arrays::take_array_t]: + Source: 'src/arrays.rs', lines 227:0-227:31 *) +Definition take_array_t (a : array AB_t 2%usize) : result unit := + Return tt. + +(** [arrays::non_copyable_array]: + Source: 'src/arrays.rs', lines 229:0-229:27 *) +Definition non_copyable_array : result unit := + _ <- take_array_t (mk_array AB_t 2%usize [ AB_A; AB_B ]); Return tt +. + +(** [arrays::sum]: loop 0: + Source: 'src/arrays.rs', lines 242:0-250:1 *) +Fixpoint sum_loop + (n : nat) (s : slice u32) (sum1 : u32) (i : usize) : result u32 := + match n with + | O => Fail_ OutOfFuel + | S n1 => + let i1 := slice_len u32 s in + if i s< i1 + then ( + i2 <- slice_index_usize u32 s i; + sum3 <- u32_add sum1 i2; + i3 <- usize_add i 1%usize; + sum_loop n1 s sum3 i3) + else Return sum1 + end +. + +(** [arrays::sum]: + Source: 'src/arrays.rs', lines 242:0-242:28 *) +Definition sum (n : nat) (s : slice u32) : result u32 := + sum_loop n s 0%u32 0%usize +. + +(** [arrays::sum2]: loop 0: + Source: 'src/arrays.rs', lines 252:0-261:1 *) +Fixpoint sum2_loop + (n : nat) (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : + result u32 + := + match n with + | O => Fail_ OutOfFuel + | S n1 => + let i1 := slice_len u32 s in + if i s< i1 + then ( + i2 <- slice_index_usize u32 s i; + i3 <- slice_index_usize u32 s2 i; + i4 <- u32_add i2 i3; + sum3 <- u32_add sum1 i4; + i5 <- usize_add i 1%usize; + sum2_loop n1 s s2 sum3 i5) + else Return sum1 + end +. + +(** [arrays::sum2]: + Source: 'src/arrays.rs', lines 252:0-252:41 *) +Definition sum2 (n : nat) (s : slice u32) (s2 : slice u32) : result u32 := + let i := slice_len u32 s in + let i1 := slice_len u32 s2 in + if negb (i s= i1) then Fail_ Failure else sum2_loop n s s2 0%u32 0%usize +. + +(** [arrays::f0]: + Source: 'src/arrays.rs', lines 263:0-263:11 *) +Definition f0 : result unit := + p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]); + let (s, to_slice_mut_back) := p in + p1 <- slice_index_mut_usize u32 s 0%usize; + let (_, index_mut_back) := p1 in + s1 <- index_mut_back 1%u32; + _ <- to_slice_mut_back s1; + Return tt +. + +(** [arrays::f1]: + Source: 'src/arrays.rs', lines 268:0-268:11 *) +Definition f1 : result unit := + p <- + array_index_mut_usize u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]) + 0%usize; + let (_, index_mut_back) := p in + _ <- index_mut_back 1%u32; + Return tt +. + +(** [arrays::f2]: + Source: 'src/arrays.rs', lines 273:0-273:17 *) +Definition f2 (i : u32) : result unit := + Return tt. + +(** [arrays::f4]: + Source: 'src/arrays.rs', lines 282:0-282:54 *) +Definition f4 + (x : array u32 32%usize) (y : usize) (z : usize) : result (slice u32) := + core_array_Array_index u32 (core_ops_range_Range usize) 32%usize + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + {| core_ops_range_Range_start := y; core_ops_range_Range_end_ := z |} +. + +(** [arrays::f3]: + Source: 'src/arrays.rs', lines 275:0-275:18 *) +Definition f3 (n : nat) : result u32 := + i <- + array_index_usize u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]) + 0%usize; + _ <- f2 i; + let b := array_repeat u32 32%usize 0%u32 in + s <- array_to_slice u32 2%usize (mk_array u32 2%usize [ 1%u32; 2%u32 ]); + s1 <- f4 b 16%usize 18%usize; + sum2 n s s1 +. + +(** [arrays::SZ] + Source: 'src/arrays.rs', lines 286:0-286:19 *) +Definition sz_body : result usize := Return 32%usize. +Definition sz_c : usize := sz_body%global. + +(** [arrays::f5]: + Source: 'src/arrays.rs', lines 289:0-289:31 *) +Definition f5 (x : array u32 32%usize) : result u32 := + array_index_usize u32 32%usize x 0%usize +. + +(** [arrays::ite]: + Source: 'src/arrays.rs', lines 294:0-294:12 *) +Definition ite : result unit := + p <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + let (s, to_slice_mut_back) := p in + p1 <- index_mut_slice_u32_0 s; + let (_, s1) := p1 in + p2 <- array_to_slice_mut u32 2%usize (mk_array u32 2%usize [ 0%u32; 0%u32 ]); + let (s2, to_slice_mut_back1) := p2 in + p3 <- index_mut_slice_u32_0 s2; + let (_, s3) := p3 in + _ <- to_slice_mut_back1 s3; + _ <- to_slice_mut_back s1; + Return tt +. + +End Arrays. diff --git a/tests/coq/arrays/Makefile b/tests/coq/arrays/Makefile new file mode 100644 index 00000000..1a5aee4a --- /dev/null +++ b/tests/coq/arrays/Makefile @@ -0,0 +1,23 @@ +# This file was automatically generated - modify ../Makefile.template instead +# Makefile originally taken from coq-club + +%: Makefile.coq phony + +make -f Makefile.coq $@ + +all: Makefile.coq + +make -f Makefile.coq all + +clean: Makefile.coq + +make -f Makefile.coq clean + rm -f Makefile.coq + +Makefile.coq: _CoqProject Makefile + coq_makefile -f _CoqProject | sed 's/$$(COQCHK) $$(COQCHKFLAGS) $$(COQLIBS)/$$(COQCHK) $$(COQCHKFLAGS) $$(subst -Q,-R,$$(COQLIBS))/' > Makefile.coq + +_CoqProject: ; + +Makefile: ; + +phony: ; + +.PHONY: all clean phony diff --git a/tests/coq/arrays/Primitives.v b/tests/coq/arrays/Primitives.v new file mode 100644 index 00000000..990e27e4 --- /dev/null +++ b/tests/coq/arrays/Primitives.v @@ -0,0 +1,899 @@ +Require Import Lia. +Require Coq.Strings.Ascii. +Require Coq.Strings.String. +Require Import Coq.Program.Equality. +Require Import Coq.ZArith.ZArith. +Require Import Coq.ZArith.Znat. +Require Import List. +Import ListNotations. + +Module Primitives. + + (* TODO: use more *) +Declare Scope Primitives_scope. + +(*** Result *) + +Inductive error := + | Failure + | OutOfFuel. + +Inductive result A := + | Return : A -> result A + | Fail_ : error -> result A. + +Arguments Return {_} a. +Arguments Fail_ {_}. + +Definition bind {A B} (m: result A) (f: A -> result B) : result B := + match m with + | Fail_ e => Fail_ e + | Return x => f x + end. + +Definition return_ {A: Type} (x: A) : result A := Return x. +Definition fail_ {A: Type} (e: error) : result A := Fail_ e. + +Notation "x <- c1 ; c2" := (bind c1 (fun x => c2)) + (at level 61, c1 at next level, right associativity). + +(** Monadic assert *) +Definition massert (b: bool) : result unit := + if b then Return tt else Fail_ Failure. + +(** Normalize and unwrap a successful result (used for globals) *) +Definition eval_result_refl {A} {x} (a: result A) (p: a = Return x) : A := + match a as r return (r = Return x -> A) with + | Return a' => fun _ => a' + | Fail_ e => fun p' => + False_rect _ (eq_ind (Fail_ e) + (fun e : result A => + match e with + | Return _ => False + | Fail_ e => True + end) + I (Return x) p') + end p. + +Notation "x %global" := (eval_result_refl x eq_refl) (at level 40). +Notation "x %return" := (eval_result_refl x eq_refl) (at level 40). + +(* Sanity check *) +Check (if true then Return (1 + 2) else Fail_ Failure)%global = 3. + +(*** Misc *) + +Definition string := Coq.Strings.String.string. +Definition char := Coq.Strings.Ascii.ascii. +Definition char_of_byte := Coq.Strings.Ascii.ascii_of_byte. + +Definition core_mem_replace (a : Type) (x : a) (y : a) : a * a := (x, x) . + +Record mut_raw_ptr (T : Type) := { mut_raw_ptr_v : T }. +Record const_raw_ptr (T : Type) := { const_raw_ptr_v : T }. + +(*** Scalars *) + +Definition i8_min : Z := -128%Z. +Definition i8_max : Z := 127%Z. +Definition i16_min : Z := -32768%Z. +Definition i16_max : Z := 32767%Z. +Definition i32_min : Z := -2147483648%Z. +Definition i32_max : Z := 2147483647%Z. +Definition i64_min : Z := -9223372036854775808%Z. +Definition i64_max : Z := 9223372036854775807%Z. +Definition i128_min : Z := -170141183460469231731687303715884105728%Z. +Definition i128_max : Z := 170141183460469231731687303715884105727%Z. +Definition u8_min : Z := 0%Z. +Definition u8_max : Z := 255%Z. +Definition u16_min : Z := 0%Z. +Definition u16_max : Z := 65535%Z. +Definition u32_min : Z := 0%Z. +Definition u32_max : Z := 4294967295%Z. +Definition u64_min : Z := 0%Z. +Definition u64_max : Z := 18446744073709551615%Z. +Definition u128_min : Z := 0%Z. +Definition u128_max : Z := 340282366920938463463374607431768211455%Z. + +(** The bounds of [isize] and [usize] vary with the architecture. *) +Axiom isize_min : Z. +Axiom isize_max : Z. +Definition usize_min : Z := 0%Z. +Axiom usize_max : Z. + +Open Scope Z_scope. + +(** We provide those lemmas to reason about the bounds of [isize] and [usize] *) +Axiom isize_min_bound : isize_min <= i32_min. +Axiom isize_max_bound : i32_max <= isize_max. +Axiom usize_max_bound : u32_max <= usize_max. + +Inductive scalar_ty := + | Isize + | I8 + | I16 + | I32 + | I64 + | I128 + | Usize + | U8 + | U16 + | U32 + | U64 + | U128 +. + +Definition scalar_min (ty: scalar_ty) : Z := + match ty with + | Isize => isize_min + | I8 => i8_min + | I16 => i16_min + | I32 => i32_min + | I64 => i64_min + | I128 => i128_min + | Usize => usize_min + | U8 => u8_min + | U16 => u16_min + | U32 => u32_min + | U64 => u64_min + | U128 => u128_min +end. + +Definition scalar_max (ty: scalar_ty) : Z := + match ty with + | Isize => isize_max + | I8 => i8_max + | I16 => i16_max + | I32 => i32_max + | I64 => i64_max + | I128 => i128_max + | Usize => usize_max + | U8 => u8_max + | U16 => u16_max + | U32 => u32_max + | U64 => u64_max + | U128 => u128_max +end. + +(** We use the following conservative bounds to make sure we can compute bound + checks in most situations *) +Definition scalar_min_cons (ty: scalar_ty) : Z := + match ty with + | Isize => i32_min + | Usize => u32_min + | _ => scalar_min ty +end. + +Definition scalar_max_cons (ty: scalar_ty) : Z := + match ty with + | Isize => i32_max + | Usize => u32_max + | _ => scalar_max ty +end. + +Lemma scalar_min_cons_valid : forall ty, scalar_min ty <= scalar_min_cons ty . +Proof. + destruct ty; unfold scalar_min_cons, scalar_min; try lia. + - pose isize_min_bound; lia. + - apply Z.le_refl. +Qed. + +Lemma scalar_max_cons_valid : forall ty, scalar_max ty >= scalar_max_cons ty . +Proof. + destruct ty; unfold scalar_max_cons, scalar_max; try lia. + - pose isize_max_bound; lia. + - pose usize_max_bound. lia. +Qed. + +Definition scalar (ty: scalar_ty) : Type := + { x: Z | scalar_min ty <= x <= scalar_max ty }. + +Definition to_Z {ty} (x: scalar ty) : Z := proj1_sig x. + +(** Bounds checks: we start by using the conservative bounds, to make sure we + can compute in most situations, then we use the real bounds (for [isize] + and [usize]). *) +Definition scalar_ge_min (ty: scalar_ty) (x: Z) : bool := + Z.leb (scalar_min_cons ty) x || Z.leb (scalar_min ty) x. + +Definition scalar_le_max (ty: scalar_ty) (x: Z) : bool := + Z.leb x (scalar_max_cons ty) || Z.leb x (scalar_max ty). + +Lemma scalar_ge_min_valid (ty: scalar_ty) (x: Z) : + scalar_ge_min ty x = true -> scalar_min ty <= x . +Proof. + unfold scalar_ge_min. + pose (scalar_min_cons_valid ty). + lia. +Qed. + +Lemma scalar_le_max_valid (ty: scalar_ty) (x: Z) : + scalar_le_max ty x = true -> x <= scalar_max ty . +Proof. + unfold scalar_le_max. + pose (scalar_max_cons_valid ty). + lia. +Qed. + +Definition scalar_in_bounds (ty: scalar_ty) (x: Z) : bool := + scalar_ge_min ty x && scalar_le_max ty x . + +Lemma scalar_in_bounds_valid (ty: scalar_ty) (x: Z) : + scalar_in_bounds ty x = true -> scalar_min ty <= x <= scalar_max ty . +Proof. + unfold scalar_in_bounds. + intros H. + destruct (scalar_ge_min ty x) eqn:Hmin. + - destruct (scalar_le_max ty x) eqn:Hmax. + + pose (scalar_ge_min_valid ty x Hmin). + pose (scalar_le_max_valid ty x Hmax). + lia. + + inversion H. + - inversion H. +Qed. + +Import Sumbool. + +Definition mk_scalar (ty: scalar_ty) (x: Z) : result (scalar ty) := + match sumbool_of_bool (scalar_in_bounds ty x) with + | left H => Return (exist _ x (scalar_in_bounds_valid _ _ H)) + | right _ => Fail_ Failure + end. + +Definition scalar_add {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x + to_Z y). + +Definition scalar_sub {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x - to_Z y). + +Definition scalar_mul {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (to_Z x * to_Z y). + +Definition scalar_div {ty} (x y: scalar ty) : result (scalar ty) := + if to_Z y =? 0 then Fail_ Failure else + mk_scalar ty (to_Z x / to_Z y). + +Definition scalar_rem {ty} (x y: scalar ty) : result (scalar ty) := mk_scalar ty (Z.rem (to_Z x) (to_Z y)). + +Definition scalar_neg {ty} (x: scalar ty) : result (scalar ty) := mk_scalar ty (-(to_Z x)). + +Axiom scalar_xor : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) +Axiom scalar_or : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) +Axiom scalar_and : forall ty, scalar ty -> scalar ty -> scalar ty. (* TODO *) +Axiom scalar_shl : forall ty0 ty1, scalar ty0 -> scalar ty1 -> result (scalar ty0). (* TODO *) +Axiom scalar_shr : forall ty0 ty1, scalar ty0 -> scalar ty1 -> result (scalar ty0). (* TODO *) + +(** Cast an integer from a [src_ty] to a [tgt_ty] *) +(* TODO: check the semantics of casts in Rust *) +Definition scalar_cast (src_ty tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) := + mk_scalar tgt_ty (to_Z x). + +(* This can't fail, but for now we make all casts faillible (easier for the translation) *) +Definition scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) := + mk_scalar tgt_ty (if x then 1 else 0). + +(** Comparisons *) +Definition scalar_leb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + Z.leb (to_Z x) (to_Z y) . + +Definition scalar_ltb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + Z.ltb (to_Z x) (to_Z y) . + +Definition scalar_geb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + Z.geb (to_Z x) (to_Z y) . + +Definition scalar_gtb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + Z.gtb (to_Z x) (to_Z y) . + +Definition scalar_eqb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + Z.eqb (to_Z x) (to_Z y) . + +Definition scalar_neqb {ty : scalar_ty} (x : scalar ty) (y : scalar ty) : bool := + negb (Z.eqb (to_Z x) (to_Z y)) . + + +(** The scalar types *) +Definition isize := scalar Isize. +Definition i8 := scalar I8. +Definition i16 := scalar I16. +Definition i32 := scalar I32. +Definition i64 := scalar I64. +Definition i128 := scalar I128. +Definition usize := scalar Usize. +Definition u8 := scalar U8. +Definition u16 := scalar U16. +Definition u32 := scalar U32. +Definition u64 := scalar U64. +Definition u128 := scalar U128. + +(** Negaion *) +Definition isize_neg := @scalar_neg Isize. +Definition i8_neg := @scalar_neg I8. +Definition i16_neg := @scalar_neg I16. +Definition i32_neg := @scalar_neg I32. +Definition i64_neg := @scalar_neg I64. +Definition i128_neg := @scalar_neg I128. + +(** Division *) +Definition isize_div := @scalar_div Isize. +Definition i8_div := @scalar_div I8. +Definition i16_div := @scalar_div I16. +Definition i32_div := @scalar_div I32. +Definition i64_div := @scalar_div I64. +Definition i128_div := @scalar_div I128. +Definition usize_div := @scalar_div Usize. +Definition u8_div := @scalar_div U8. +Definition u16_div := @scalar_div U16. +Definition u32_div := @scalar_div U32. +Definition u64_div := @scalar_div U64. +Definition u128_div := @scalar_div U128. + +(** Remainder *) +Definition isize_rem := @scalar_rem Isize. +Definition i8_rem := @scalar_rem I8. +Definition i16_rem := @scalar_rem I16. +Definition i32_rem := @scalar_rem I32. +Definition i64_rem := @scalar_rem I64. +Definition i128_rem := @scalar_rem I128. +Definition usize_rem := @scalar_rem Usize. +Definition u8_rem := @scalar_rem U8. +Definition u16_rem := @scalar_rem U16. +Definition u32_rem := @scalar_rem U32. +Definition u64_rem := @scalar_rem U64. +Definition u128_rem := @scalar_rem U128. + +(** Addition *) +Definition isize_add := @scalar_add Isize. +Definition i8_add := @scalar_add I8. +Definition i16_add := @scalar_add I16. +Definition i32_add := @scalar_add I32. +Definition i64_add := @scalar_add I64. +Definition i128_add := @scalar_add I128. +Definition usize_add := @scalar_add Usize. +Definition u8_add := @scalar_add U8. +Definition u16_add := @scalar_add U16. +Definition u32_add := @scalar_add U32. +Definition u64_add := @scalar_add U64. +Definition u128_add := @scalar_add U128. + +(** Substraction *) +Definition isize_sub := @scalar_sub Isize. +Definition i8_sub := @scalar_sub I8. +Definition i16_sub := @scalar_sub I16. +Definition i32_sub := @scalar_sub I32. +Definition i64_sub := @scalar_sub I64. +Definition i128_sub := @scalar_sub I128. +Definition usize_sub := @scalar_sub Usize. +Definition u8_sub := @scalar_sub U8. +Definition u16_sub := @scalar_sub U16. +Definition u32_sub := @scalar_sub U32. +Definition u64_sub := @scalar_sub U64. +Definition u128_sub := @scalar_sub U128. + +(** Multiplication *) +Definition isize_mul := @scalar_mul Isize. +Definition i8_mul := @scalar_mul I8. +Definition i16_mul := @scalar_mul I16. +Definition i32_mul := @scalar_mul I32. +Definition i64_mul := @scalar_mul I64. +Definition i128_mul := @scalar_mul I128. +Definition usize_mul := @scalar_mul Usize. +Definition u8_mul := @scalar_mul U8. +Definition u16_mul := @scalar_mul U16. +Definition u32_mul := @scalar_mul U32. +Definition u64_mul := @scalar_mul U64. +Definition u128_mul := @scalar_mul U128. + +(** Xor *) +Definition u8_xor := @scalar_xor U8. +Definition u16_xor := @scalar_xor U16. +Definition u32_xor := @scalar_xor U32. +Definition u64_xor := @scalar_xor U64. +Definition u128_xor := @scalar_xor U128. +Definition usize_xor := @scalar_xor Usize. +Definition i8_xor := @scalar_xor I8. +Definition i16_xor := @scalar_xor I16. +Definition i32_xor := @scalar_xor I32. +Definition i64_xor := @scalar_xor I64. +Definition i128_xor := @scalar_xor I128. +Definition isize_xor := @scalar_xor Isize. + +(** Or *) +Definition u8_or := @scalar_or U8. +Definition u16_or := @scalar_or U16. +Definition u32_or := @scalar_or U32. +Definition u64_or := @scalar_or U64. +Definition u128_or := @scalar_or U128. +Definition usize_or := @scalar_or Usize. +Definition i8_or := @scalar_or I8. +Definition i16_or := @scalar_or I16. +Definition i32_or := @scalar_or I32. +Definition i64_or := @scalar_or I64. +Definition i128_or := @scalar_or I128. +Definition isize_or := @scalar_or Isize. + +(** And *) +Definition u8_and := @scalar_and U8. +Definition u16_and := @scalar_and U16. +Definition u32_and := @scalar_and U32. +Definition u64_and := @scalar_and U64. +Definition u128_and := @scalar_and U128. +Definition usize_and := @scalar_and Usize. +Definition i8_and := @scalar_and I8. +Definition i16_and := @scalar_and I16. +Definition i32_and := @scalar_and I32. +Definition i64_and := @scalar_and I64. +Definition i128_and := @scalar_and I128. +Definition isize_and := @scalar_and Isize. + +(** Shift left *) +Definition u8_shl {ty} := @scalar_shl U8 ty. +Definition u16_shl {ty} := @scalar_shl U16 ty. +Definition u32_shl {ty} := @scalar_shl U32 ty. +Definition u64_shl {ty} := @scalar_shl U64 ty. +Definition u128_shl {ty} := @scalar_shl U128 ty. +Definition usize_shl {ty} := @scalar_shl Usize ty. +Definition i8_shl {ty} := @scalar_shl I8 ty. +Definition i16_shl {ty} := @scalar_shl I16 ty. +Definition i32_shl {ty} := @scalar_shl I32 ty. +Definition i64_shl {ty} := @scalar_shl I64 ty. +Definition i128_shl {ty} := @scalar_shl I128 ty. +Definition isize_shl {ty} := @scalar_shl Isize ty. + +(** Shift right *) +Definition u8_shr {ty} := @scalar_shr U8 ty. +Definition u16_shr {ty} := @scalar_shr U16 ty. +Definition u32_shr {ty} := @scalar_shr U32 ty. +Definition u64_shr {ty} := @scalar_shr U64 ty. +Definition u128_shr {ty} := @scalar_shr U128 ty. +Definition usize_shr {ty} := @scalar_shr Usize ty. +Definition i8_shr {ty} := @scalar_shr I8 ty. +Definition i16_shr {ty} := @scalar_shr I16 ty. +Definition i32_shr {ty} := @scalar_shr I32 ty. +Definition i64_shr {ty} := @scalar_shr I64 ty. +Definition i128_shr {ty} := @scalar_shr I128 ty. +Definition isize_shr {ty} := @scalar_shr Isize ty. + +(** Small utility *) +Definition usize_to_nat (x: usize) : nat := Z.to_nat (to_Z x). + +(** Notations *) +Notation "x %isize" := ((mk_scalar Isize x)%return) (at level 9). +Notation "x %i8" := ((mk_scalar I8 x)%return) (at level 9). +Notation "x %i16" := ((mk_scalar I16 x)%return) (at level 9). +Notation "x %i32" := ((mk_scalar I32 x)%return) (at level 9). +Notation "x %i64" := ((mk_scalar I64 x)%return) (at level 9). +Notation "x %i128" := ((mk_scalar I128 x)%return) (at level 9). +Notation "x %usize" := ((mk_scalar Usize x)%return) (at level 9). +Notation "x %u8" := ((mk_scalar U8 x)%return) (at level 9). +Notation "x %u16" := ((mk_scalar U16 x)%return) (at level 9). +Notation "x %u32" := ((mk_scalar U32 x)%return) (at level 9). +Notation "x %u64" := ((mk_scalar U64 x)%return) (at level 9). +Notation "x %u128" := ((mk_scalar U128 x)%return) (at level 9). + +Notation "x s= y" := (scalar_eqb x y) (at level 80) : Primitives_scope. +Notation "x s<> y" := (scalar_neqb x y) (at level 80) : Primitives_scope. +Notation "x s<= y" := (scalar_leb x y) (at level 80) : Primitives_scope. +Notation "x s< y" := (scalar_ltb x y) (at level 80) : Primitives_scope. +Notation "x s>= y" := (scalar_geb x y) (at level 80) : Primitives_scope. +Notation "x s> y" := (scalar_gtb x y) (at level 80) : Primitives_scope. + +(** Constants *) +Definition core_u8_max := u8_max %u32. +Definition core_u16_max := u16_max %u32. +Definition core_u32_max := u32_max %u32. +Definition core_u64_max := u64_max %u64. +Definition core_u128_max := u64_max %u128. +Axiom core_usize_max : usize. (** TODO *) +Definition core_i8_max := i8_max %i32. +Definition core_i16_max := i16_max %i32. +Definition core_i32_max := i32_max %i32. +Definition core_i64_max := i64_max %i64. +Definition core_i128_max := i64_max %i128. +Axiom core_isize_max : isize. (** TODO *) + +(*** core::ops *) + +(* Trait declaration: [core::ops::index::Index] *) +Record core_ops_index_Index (Self Idx : Type) := mk_core_ops_index_Index { + core_ops_index_Index_Output : Type; + core_ops_index_Index_index : Self -> Idx -> result core_ops_index_Index_Output; +}. +Arguments mk_core_ops_index_Index {_ _}. +Arguments core_ops_index_Index_Output {_ _}. +Arguments core_ops_index_Index_index {_ _}. + +(* Trait declaration: [core::ops::index::IndexMut] *) +Record core_ops_index_IndexMut (Self Idx : Type) := mk_core_ops_index_IndexMut { + core_ops_index_IndexMut_indexInst : core_ops_index_Index Self Idx; + core_ops_index_IndexMut_index_mut : + Self -> + Idx -> + result (core_ops_index_IndexMut_indexInst.(core_ops_index_Index_Output) * + (core_ops_index_IndexMut_indexInst.(core_ops_index_Index_Output) -> result Self)); +}. +Arguments mk_core_ops_index_IndexMut {_ _}. +Arguments core_ops_index_IndexMut_indexInst {_ _}. +Arguments core_ops_index_IndexMut_index_mut {_ _}. + +(* Trait declaration [core::ops::deref::Deref] *) +Record core_ops_deref_Deref (Self : Type) := mk_core_ops_deref_Deref { + core_ops_deref_Deref_target : Type; + core_ops_deref_Deref_deref : Self -> result core_ops_deref_Deref_target; +}. +Arguments mk_core_ops_deref_Deref {_}. +Arguments core_ops_deref_Deref_target {_}. +Arguments core_ops_deref_Deref_deref {_}. + +(* Trait declaration [core::ops::deref::DerefMut] *) +Record core_ops_deref_DerefMut (Self : Type) := mk_core_ops_deref_DerefMut { + core_ops_deref_DerefMut_derefInst : core_ops_deref_Deref Self; + core_ops_deref_DerefMut_deref_mut : + Self -> + result (core_ops_deref_DerefMut_derefInst.(core_ops_deref_Deref_target) * + (core_ops_deref_DerefMut_derefInst.(core_ops_deref_Deref_target) -> result Self)); +}. +Arguments mk_core_ops_deref_DerefMut {_}. +Arguments core_ops_deref_DerefMut_derefInst {_}. +Arguments core_ops_deref_DerefMut_deref_mut {_}. + +Record core_ops_range_Range (T : Type) := mk_core_ops_range_Range { + core_ops_range_Range_start : T; + core_ops_range_Range_end_ : T; +}. +Arguments mk_core_ops_range_Range {_}. +Arguments core_ops_range_Range_start {_}. +Arguments core_ops_range_Range_end_ {_}. + +(*** [alloc] *) + +Definition alloc_boxed_Box_deref (T : Type) (x : T) : result T := Return x. +Definition alloc_boxed_Box_deref_mut (T : Type) (x : T) : result (T * (T -> result T)) := + Return (x, fun x => Return x). + +(* Trait instance *) +Definition alloc_boxed_Box_coreopsDerefInst (Self : Type) : core_ops_deref_Deref Self := {| + core_ops_deref_Deref_target := Self; + core_ops_deref_Deref_deref := alloc_boxed_Box_deref Self; +|}. + +(* Trait instance *) +Definition alloc_boxed_Box_coreopsDerefMutInst (Self : Type) : core_ops_deref_DerefMut Self := {| + core_ops_deref_DerefMut_derefInst := alloc_boxed_Box_coreopsDerefInst Self; + core_ops_deref_DerefMut_deref_mut := alloc_boxed_Box_deref_mut Self; +|}. + + +(*** Arrays *) +Definition array T (n : usize) := { l: list T | Z.of_nat (length l) = to_Z n}. + +Lemma le_0_usize_max : 0 <= usize_max. +Proof. + pose (H := usize_max_bound). + unfold u32_max in H. + lia. +Qed. + +Lemma eqb_imp_eq (x y : Z) : Z.eqb x y = true -> x = y. +Proof. + lia. +Qed. + +(* TODO: finish the definitions *) +Axiom mk_array : forall (T : Type) (n : usize) (l : list T), array T n. + +(* For initialization *) +Axiom array_repeat : forall (T : Type) (n : usize) (x : T), array T n. + +Axiom array_index_usize : forall (T : Type) (n : usize) (x : array T n) (i : usize), result T. +Axiom array_update_usize : forall (T : Type) (n : usize) (x : array T n) (i : usize) (nx : T), result (array T n). + +Definition array_index_mut_usize (T : Type) (n : usize) (a : array T n) (i : usize) : + result (T * (T -> result (array T n))) := + match array_index_usize T n a i with + | Fail_ e => Fail_ e + | Return x => Return (x, array_update_usize T n a i) + end. + +(*** Slice *) +Definition slice T := { l: list T | Z.of_nat (length l) <= usize_max}. + +Axiom slice_len : forall (T : Type) (s : slice T), usize. +Axiom slice_index_usize : forall (T : Type) (x : slice T) (i : usize), result T. +Axiom slice_update_usize : forall (T : Type) (x : slice T) (i : usize) (nx : T), result (slice T). + +Definition slice_index_mut_usize (T : Type) (s : slice T) (i : usize) : + result (T * (T -> result (slice T))) := + match slice_index_usize T s i with + | Fail_ e => Fail_ e + | Return x => Return (x, slice_update_usize T s i) + end. + +(*** Subslices *) + +Axiom array_to_slice : forall (T : Type) (n : usize) (x : array T n), result (slice T). +Axiom array_from_slice : forall (T : Type) (n : usize) (x : array T n) (s : slice T), result (array T n). + +Definition array_to_slice_mut (T : Type) (n : usize) (a : array T n) : + result (slice T * (slice T -> result (array T n))) := + match array_to_slice T n a with + | Fail_ e => Fail_ e + | Return x => Return (x, array_from_slice T n a) + end. + +Axiom array_subslice: forall (T : Type) (n : usize) (x : array T n) (r : core_ops_range_Range usize), result (slice T). +Axiom array_update_subslice: forall (T : Type) (n : usize) (x : array T n) (r : core_ops_range_Range usize) (ns : slice T), result (array T n). + +Axiom slice_subslice: forall (T : Type) (x : slice T) (r : core_ops_range_Range usize), result (slice T). +Axiom slice_update_subslice: forall (T : Type) (x : slice T) (r : core_ops_range_Range usize) (ns : slice T), result (slice T). + +(*** Vectors *) + +Definition alloc_vec_Vec T := { l: list T | Z.of_nat (length l) <= usize_max }. + +Definition alloc_vec_Vec_to_list {T: Type} (v: alloc_vec_Vec T) : list T := proj1_sig v. + +Definition alloc_vec_Vec_length {T: Type} (v: alloc_vec_Vec T) : Z := Z.of_nat (length (alloc_vec_Vec_to_list v)). + +Definition alloc_vec_Vec_new (T: Type) : alloc_vec_Vec T := (exist _ [] le_0_usize_max). + +Lemma alloc_vec_Vec_len_in_usize {T} (v: alloc_vec_Vec T) : usize_min <= alloc_vec_Vec_length v <= usize_max. +Proof. + unfold alloc_vec_Vec_length, usize_min. + split. + - lia. + - apply (proj2_sig v). +Qed. + +Definition alloc_vec_Vec_len (T: Type) (v: alloc_vec_Vec T) : usize := + exist _ (alloc_vec_Vec_length v) (alloc_vec_Vec_len_in_usize v). + +Fixpoint list_update {A} (l: list A) (n: nat) (a: A) + : list A := + match l with + | [] => [] + | x :: t => match n with + | 0%nat => a :: t + | S m => x :: (list_update t m a) +end end. + +Definition alloc_vec_Vec_bind {A B} (v: alloc_vec_Vec A) (f: list A -> result (list B)) : result (alloc_vec_Vec B) := + l <- f (alloc_vec_Vec_to_list v) ; + match sumbool_of_bool (scalar_le_max Usize (Z.of_nat (length l))) with + | left H => Return (exist _ l (scalar_le_max_valid _ _ H)) + | right _ => Fail_ Failure + end. + +Definition alloc_vec_Vec_push (T: Type) (v: alloc_vec_Vec T) (x: T) : result (alloc_vec_Vec T) := + alloc_vec_Vec_bind v (fun l => Return (l ++ [x])). + +Definition alloc_vec_Vec_insert (T: Type) (v: alloc_vec_Vec T) (i: usize) (x: T) : result (alloc_vec_Vec T) := + alloc_vec_Vec_bind v (fun l => + if to_Z i result (alloc_vec_Vec T))) := + match alloc_vec_Vec_index_usize v i with + | Return x => + Return (x, alloc_vec_Vec_update_usize v i) + | Fail_ e => Fail_ e + end. + +(* Trait declaration: [core::slice::index::private_slice_index::Sealed] *) +Definition core_slice_index_private_slice_index_Sealed (self : Type) := unit. + +(* Trait declaration: [core::slice::index::SliceIndex] *) +Record core_slice_index_SliceIndex (Self T : Type) := mk_core_slice_index_SliceIndex { + core_slice_index_SliceIndex_sealedInst : core_slice_index_private_slice_index_Sealed Self; + core_slice_index_SliceIndex_Output : Type; + core_slice_index_SliceIndex_get : Self -> T -> result (option core_slice_index_SliceIndex_Output); + core_slice_index_SliceIndex_get_mut : + Self -> T -> result (option core_slice_index_SliceIndex_Output * (option core_slice_index_SliceIndex_Output -> result T)); + core_slice_index_SliceIndex_get_unchecked : Self -> const_raw_ptr T -> result (const_raw_ptr core_slice_index_SliceIndex_Output); + core_slice_index_SliceIndex_get_unchecked_mut : Self -> mut_raw_ptr T -> result (mut_raw_ptr core_slice_index_SliceIndex_Output); + core_slice_index_SliceIndex_index : Self -> T -> result core_slice_index_SliceIndex_Output; + core_slice_index_SliceIndex_index_mut : + Self -> T -> result (core_slice_index_SliceIndex_Output * (core_slice_index_SliceIndex_Output -> result T)); +}. +Arguments mk_core_slice_index_SliceIndex {_ _}. +Arguments core_slice_index_SliceIndex_sealedInst {_ _}. +Arguments core_slice_index_SliceIndex_Output {_ _}. +Arguments core_slice_index_SliceIndex_get {_ _}. +Arguments core_slice_index_SliceIndex_get_mut {_ _}. +Arguments core_slice_index_SliceIndex_get_unchecked {_ _}. +Arguments core_slice_index_SliceIndex_get_unchecked_mut {_ _}. +Arguments core_slice_index_SliceIndex_index {_ _}. +Arguments core_slice_index_SliceIndex_index_mut {_ _}. + +(* [core::slice::index::[T]::index]: forward function *) +Definition core_slice_index_Slice_index + (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) + (s : slice T) (i : Idx) : result inst.(core_slice_index_SliceIndex_Output) := + x <- inst.(core_slice_index_SliceIndex_get) i s; + match x with + | None => Fail_ Failure + | Some x => Return x + end. + +(* [core::slice::index::Range:::get]: forward function *) +Axiom core_slice_index_RangeUsize_get : forall (T : Type) (i : core_ops_range_Range usize) (s : slice T), result (option (slice T)). + +(* [core::slice::index::Range::get_mut]: forward function *) +Axiom core_slice_index_RangeUsize_get_mut : + forall (T : Type), + core_ops_range_Range usize -> slice T -> + result (option (slice T) * (option (slice T) -> result (slice T))). + +(* [core::slice::index::Range::get_unchecked]: forward function *) +Definition core_slice_index_RangeUsize_get_unchecked + (T : Type) : + core_ops_range_Range usize -> const_raw_ptr (slice T) -> result (const_raw_ptr (slice T)) := + (* Don't know what the model should be - for now we always fail to make + sure code which uses it fails *) + fun _ _ => Fail_ Failure. + +(* [core::slice::index::Range::get_unchecked_mut]: forward function *) +Definition core_slice_index_RangeUsize_get_unchecked_mut + (T : Type) : + core_ops_range_Range usize -> mut_raw_ptr (slice T) -> result (mut_raw_ptr (slice T)) := + (* Don't know what the model should be - for now we always fail to make + sure code which uses it fails *) + fun _ _ => Fail_ Failure. + +(* [core::slice::index::Range::index]: forward function *) +Axiom core_slice_index_RangeUsize_index : + forall (T : Type), core_ops_range_Range usize -> slice T -> result (slice T). + +(* [core::slice::index::Range::index_mut]: forward function *) +Axiom core_slice_index_RangeUsize_index_mut : + forall (T : Type), core_ops_range_Range usize -> slice T -> result (slice T * (slice T -> result (slice T))). + +(* [core::slice::index::[T]::index_mut]: forward function *) +Axiom core_slice_index_Slice_index_mut : + forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)), + slice T -> Idx -> + result (inst.(core_slice_index_SliceIndex_Output) * + (inst.(core_slice_index_SliceIndex_Output) -> result (slice T))). + +(* [core::array::[T; N]::index]: forward function *) +Axiom core_array_Array_index : + forall (T Idx : Type) (N : usize) (inst : core_ops_index_Index (slice T) Idx) + (a : array T N) (i : Idx), result inst.(core_ops_index_Index_Output). + +(* [core::array::[T; N]::index_mut]: forward function *) +Axiom core_array_Array_index_mut : + forall (T Idx : Type) (N : usize) (inst : core_ops_index_IndexMut (slice T) Idx) + (a : array T N) (i : Idx), + result (inst.(core_ops_index_IndexMut_indexInst).(core_ops_index_Index_Output) * + (inst.(core_ops_index_IndexMut_indexInst).(core_ops_index_Index_Output) -> result (array T N))). + +(* Trait implementation: [core::slice::index::private_slice_index::Range] *) +Definition core_slice_index_private_slice_index_SealedRangeUsizeInst + : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) := tt. + +(* Trait implementation: [core::slice::index::Range] *) +Definition core_slice_index_SliceIndexRangeUsizeSliceTInst (T : Type) : + core_slice_index_SliceIndex (core_ops_range_Range usize) (slice T) := {| + core_slice_index_SliceIndex_sealedInst := core_slice_index_private_slice_index_SealedRangeUsizeInst; + core_slice_index_SliceIndex_Output := slice T; + core_slice_index_SliceIndex_get := core_slice_index_RangeUsize_get T; + core_slice_index_SliceIndex_get_mut := core_slice_index_RangeUsize_get_mut T; + core_slice_index_SliceIndex_get_unchecked := core_slice_index_RangeUsize_get_unchecked T; + core_slice_index_SliceIndex_get_unchecked_mut := core_slice_index_RangeUsize_get_unchecked_mut T; + core_slice_index_SliceIndex_index := core_slice_index_RangeUsize_index T; + core_slice_index_SliceIndex_index_mut := core_slice_index_RangeUsize_index_mut T; +|}. + +(* Trait implementation: [core::slice::index::[T]] *) +Definition core_ops_index_IndexSliceTIInst (T Idx : Type) + (inst : core_slice_index_SliceIndex Idx (slice T)) : + core_ops_index_Index (slice T) Idx := {| + core_ops_index_Index_Output := inst.(core_slice_index_SliceIndex_Output); + core_ops_index_Index_index := core_slice_index_Slice_index T Idx inst; +|}. + +(* Trait implementation: [core::slice::index::[T]] *) +Definition core_ops_index_IndexMutSliceTIInst (T Idx : Type) + (inst : core_slice_index_SliceIndex Idx (slice T)) : + core_ops_index_IndexMut (slice T) Idx := {| + core_ops_index_IndexMut_indexInst := core_ops_index_IndexSliceTIInst T Idx inst; + core_ops_index_IndexMut_index_mut := core_slice_index_Slice_index_mut T Idx inst; +|}. + +(* Trait implementation: [core::array::[T; N]] *) +Definition core_ops_index_IndexArrayInst (T Idx : Type) (N : usize) + (inst : core_ops_index_Index (slice T) Idx) : + core_ops_index_Index (array T N) Idx := {| + core_ops_index_Index_Output := inst.(core_ops_index_Index_Output); + core_ops_index_Index_index := core_array_Array_index T Idx N inst; +|}. + +(* Trait implementation: [core::array::[T; N]] *) +Definition core_ops_index_IndexMutArrayInst (T Idx : Type) (N : usize) + (inst : core_ops_index_IndexMut (slice T) Idx) : + core_ops_index_IndexMut (array T N) Idx := {| + core_ops_index_IndexMut_indexInst := core_ops_index_IndexArrayInst T Idx N inst.(core_ops_index_IndexMut_indexInst); + core_ops_index_IndexMut_index_mut := core_array_Array_index_mut T Idx N inst; +|}. + +(* [core::slice::index::usize::get]: forward function *) +Axiom core_slice_index_usize_get : forall (T : Type), usize -> slice T -> result (option T). + +(* [core::slice::index::usize::get_mut]: forward function *) +Axiom core_slice_index_usize_get_mut : + forall (T : Type), usize -> slice T -> result (option T * (option T -> result (slice T))). + +(* [core::slice::index::usize::get_unchecked]: forward function *) +Axiom core_slice_index_usize_get_unchecked : + forall (T : Type), usize -> const_raw_ptr (slice T) -> result (const_raw_ptr T). + +(* [core::slice::index::usize::get_unchecked_mut]: forward function *) +Axiom core_slice_index_usize_get_unchecked_mut : + forall (T : Type), usize -> mut_raw_ptr (slice T) -> result (mut_raw_ptr T). + +(* [core::slice::index::usize::index]: forward function *) +Axiom core_slice_index_usize_index : forall (T : Type), usize -> slice T -> result T. + +(* [core::slice::index::usize::index_mut]: forward function *) +Axiom core_slice_index_usize_index_mut : + forall (T : Type), usize -> slice T -> result (T * (T -> result (slice T))). + +(* Trait implementation: [core::slice::index::private_slice_index::usize] *) +Definition core_slice_index_private_slice_index_SealedUsizeInst + : core_slice_index_private_slice_index_Sealed usize := tt. + +(* Trait implementation: [core::slice::index::usize] *) +Definition core_slice_index_SliceIndexUsizeSliceTInst (T : Type) : + core_slice_index_SliceIndex usize (slice T) := {| + core_slice_index_SliceIndex_sealedInst := core_slice_index_private_slice_index_SealedUsizeInst; + core_slice_index_SliceIndex_Output := T; + core_slice_index_SliceIndex_get := core_slice_index_usize_get T; + core_slice_index_SliceIndex_get_mut := core_slice_index_usize_get_mut T; + core_slice_index_SliceIndex_get_unchecked := core_slice_index_usize_get_unchecked T; + core_slice_index_SliceIndex_get_unchecked_mut := core_slice_index_usize_get_unchecked_mut T; + core_slice_index_SliceIndex_index := core_slice_index_usize_index T; + core_slice_index_SliceIndex_index_mut := core_slice_index_usize_index_mut T; +|}. + +(* [alloc::vec::Vec::index]: forward function *) +Axiom alloc_vec_Vec_index : forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) + (Self : alloc_vec_Vec T) (i : Idx), result inst.(core_slice_index_SliceIndex_Output). + +(* [alloc::vec::Vec::index_mut]: forward function *) +Axiom alloc_vec_Vec_index_mut : forall (T Idx : Type) (inst : core_slice_index_SliceIndex Idx (slice T)) + (Self : alloc_vec_Vec T) (i : Idx), + result (inst.(core_slice_index_SliceIndex_Output) * + (inst.(core_slice_index_SliceIndex_Output) -> result (alloc_vec_Vec T))). + +(* Trait implementation: [alloc::vec::Vec] *) +Definition alloc_vec_Vec_coreopsindexIndexInst (T Idx : Type) + (inst : core_slice_index_SliceIndex Idx (slice T)) : + core_ops_index_Index (alloc_vec_Vec T) Idx := {| + core_ops_index_Index_Output := inst.(core_slice_index_SliceIndex_Output); + core_ops_index_Index_index := alloc_vec_Vec_index T Idx inst; +|}. + +(* Trait implementation: [alloc::vec::Vec] *) +Definition alloc_vec_Vec_coreopsindexIndexMutInst (T Idx : Type) + (inst : core_slice_index_SliceIndex Idx (slice T)) : + core_ops_index_IndexMut (alloc_vec_Vec T) Idx := {| + core_ops_index_IndexMut_indexInst := alloc_vec_Vec_coreopsindexIndexInst T Idx inst; + core_ops_index_IndexMut_index_mut := alloc_vec_Vec_index_mut T Idx inst; +|}. + +(*** Theorems *) + +Axiom alloc_vec_Vec_index_eq : forall {a : Type} (v : alloc_vec_Vec a) (i : usize) (x : a), + alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i = + alloc_vec_Vec_index_usize v i. + +Axiom alloc_vec_Vec_index_mut_eq : forall {a : Type} (v : alloc_vec_Vec a) (i : usize) (x : a), + alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i = + alloc_vec_Vec_index_mut_usize v i. + +End Primitives. diff --git a/tests/coq/arrays/_CoqProject b/tests/coq/arrays/_CoqProject new file mode 100644 index 00000000..a4e82408 --- /dev/null +++ b/tests/coq/arrays/_CoqProject @@ -0,0 +1,7 @@ +# This file was automatically generated - see ../Makefile +-R . Lib +-arg -w +-arg all + +Arrays.v +Primitives.v diff --git a/tests/coq/misc/_CoqProject b/tests/coq/misc/_CoqProject index 64cddedd..869cdb4d 100644 --- a/tests/coq/misc/_CoqProject +++ b/tests/coq/misc/_CoqProject @@ -8,9 +8,9 @@ External_Types.v Primitives.v External_Funs.v External_TypesExternal.v -Paper.v Constants.v PoloniusList.v +Paper.v NoNestedBorrows.v External_FunsExternal.v Bitwise.v diff --git a/tests/fstar-split/array/Array.Clauses.Template.fst b/tests/fstar-split/array/Array.Clauses.Template.fst deleted file mode 100644 index b2f2649c..00000000 --- a/tests/fstar-split/array/Array.Clauses.Template.fst +++ /dev/null @@ -1,21 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: templates for the decreases clauses *) -module Array.Clauses.Template -open Primitives -open Array.Types - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::sum]: decreases clause - Source: 'src/array.rs', lines 242:0-250:1 *) -unfold -let sum_loop_decreases (s : slice u32) (sum1 : u32) (i : usize) : nat = - admit () - -(** [array::sum2]: decreases clause - Source: 'src/array.rs', lines 252:0-261:1 *) -unfold -let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum1 : u32) - (i : usize) : nat = - admit () - diff --git a/tests/fstar-split/array/Array.Clauses.fst b/tests/fstar-split/array/Array.Clauses.fst deleted file mode 100644 index 68cbf216..00000000 --- a/tests/fstar-split/array/Array.Clauses.fst +++ /dev/null @@ -1,19 +0,0 @@ -(** [array]: decreases clauses *) -module Array.Clauses -open Primitives -open Array.Types -open FStar.List.Tot - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::sum]: decreases clause *) -unfold -let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = - if i < length s then length s - i else 0 - -(** [array::sum2]: decreases clause *) -unfold -let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) - (i : usize) : nat = - if i < length s then length s - i else 0 - diff --git a/tests/fstar-split/array/Array.Funs.fst b/tests/fstar-split/array/Array.Funs.fst deleted file mode 100644 index 30b19702..00000000 --- a/tests/fstar-split/array/Array.Funs.fst +++ /dev/null @@ -1,445 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: function definitions *) -module Array.Funs -open Primitives -include Array.Types -include Array.Clauses - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::incr]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) - Source: 'src/array.rs', lines 8:0-8:24 *) -let incr (x : u32) : result u32 = - u32_add x 1 - -(** [array::array_to_shared_slice_]: forward function - Source: 'src/array.rs', lines 16:0-16:53 *) -let array_to_shared_slice_ (t : Type0) (s : array t 32) : result (slice t) = - array_to_slice t 32 s - -(** [array::array_to_mut_slice_]: forward function - Source: 'src/array.rs', lines 21:0-21:58 *) -let array_to_mut_slice_ (t : Type0) (s : array t 32) : result (slice t) = - array_to_slice t 32 s - -(** [array::array_to_mut_slice_]: backward function 0 - Source: 'src/array.rs', lines 21:0-21:58 *) -let array_to_mut_slice__back - (t : Type0) (s : array t 32) (ret : slice t) : result (array t 32) = - array_from_slice t 32 s ret - -(** [array::array_len]: forward function - Source: 'src/array.rs', lines 25:0-25:40 *) -let array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i - -(** [array::shared_array_len]: forward function - Source: 'src/array.rs', lines 29:0-29:48 *) -let shared_array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i - -(** [array::shared_slice_len]: forward function - Source: 'src/array.rs', lines 33:0-33:44 *) -let shared_slice_len (t : Type0) (s : slice t) : result usize = - let i = slice_len t s in Return i - -(** [array::index_array_shared]: forward function - Source: 'src/array.rs', lines 37:0-37:57 *) -let index_array_shared (t : Type0) (s : array t 32) (i : usize) : result t = - array_index_usize t 32 s i - -(** [array::index_array_u32]: forward function - Source: 'src/array.rs', lines 44:0-44:53 *) -let index_array_u32 (s : array u32 32) (i : usize) : result u32 = - array_index_usize u32 32 s i - -(** [array::index_array_copy]: forward function - Source: 'src/array.rs', lines 48:0-48:45 *) -let index_array_copy (x : array u32 32) : result u32 = - array_index_usize u32 32 x 0 - -(** [array::index_mut_array]: forward function - Source: 'src/array.rs', lines 52:0-52:62 *) -let index_mut_array (t : Type0) (s : array t 32) (i : usize) : result t = - array_index_usize t 32 s i - -(** [array::index_mut_array]: backward function 0 - Source: 'src/array.rs', lines 52:0-52:62 *) -let index_mut_array_back - (t : Type0) (s : array t 32) (i : usize) (ret : t) : result (array t 32) = - array_update_usize t 32 s i ret - -(** [array::index_slice]: forward function - Source: 'src/array.rs', lines 56:0-56:46 *) -let index_slice (t : Type0) (s : slice t) (i : usize) : result t = - slice_index_usize t s i - -(** [array::index_mut_slice]: forward function - Source: 'src/array.rs', lines 60:0-60:58 *) -let index_mut_slice (t : Type0) (s : slice t) (i : usize) : result t = - slice_index_usize t s i - -(** [array::index_mut_slice]: backward function 0 - Source: 'src/array.rs', lines 60:0-60:58 *) -let index_mut_slice_back - (t : Type0) (s : slice t) (i : usize) (ret : t) : result (slice t) = - slice_update_usize t s i ret - -(** [array::slice_subslice_shared_]: forward function - Source: 'src/array.rs', lines 64:0-64:70 *) -let slice_subslice_shared_ - (x : slice u32) (y : usize) (z : usize) : result (slice u32) = - core_slice_index_Slice_index u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - { start = y; end_ = z } - -(** [array::slice_subslice_mut_]: forward function - Source: 'src/array.rs', lines 68:0-68:75 *) -let slice_subslice_mut_ - (x : slice u32) (y : usize) (z : usize) : result (slice u32) = - core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - { start = y; end_ = z } - -(** [array::slice_subslice_mut_]: backward function 0 - Source: 'src/array.rs', lines 68:0-68:75 *) -let slice_subslice_mut__back - (x : slice u32) (y : usize) (z : usize) (ret : slice u32) : - result (slice u32) - = - core_slice_index_Slice_index_mut_back u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - { start = y; end_ = z } ret - -(** [array::array_to_slice_shared_]: forward function - Source: 'src/array.rs', lines 72:0-72:54 *) -let array_to_slice_shared_ (x : array u32 32) : result (slice u32) = - array_to_slice u32 32 x - -(** [array::array_to_slice_mut_]: forward function - Source: 'src/array.rs', lines 76:0-76:59 *) -let array_to_slice_mut_ (x : array u32 32) : result (slice u32) = - array_to_slice u32 32 x - -(** [array::array_to_slice_mut_]: backward function 0 - Source: 'src/array.rs', lines 76:0-76:59 *) -let array_to_slice_mut__back - (x : array u32 32) (ret : slice u32) : result (array u32 32) = - array_from_slice u32 32 x ret - -(** [array::array_subslice_shared_]: forward function - Source: 'src/array.rs', lines 80:0-80:74 *) -let array_subslice_shared_ - (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = - core_array_Array_index u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } - -(** [array::array_subslice_mut_]: forward function - Source: 'src/array.rs', lines 84:0-84:79 *) -let array_subslice_mut_ - (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = - core_array_Array_index_mut u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } - -(** [array::array_subslice_mut_]: backward function 0 - Source: 'src/array.rs', lines 84:0-84:79 *) -let array_subslice_mut__back - (x : array u32 32) (y : usize) (z : usize) (ret : slice u32) : - result (array u32 32) - = - core_array_Array_index_mut_back u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } ret - -(** [array::index_slice_0]: forward function - Source: 'src/array.rs', lines 88:0-88:38 *) -let index_slice_0 (t : Type0) (s : slice t) : result t = - slice_index_usize t s 0 - -(** [array::index_array_0]: forward function - Source: 'src/array.rs', lines 92:0-92:42 *) -let index_array_0 (t : Type0) (s : array t 32) : result t = - array_index_usize t 32 s 0 - -(** [array::index_index_array]: forward function - Source: 'src/array.rs', lines 103:0-103:71 *) -let index_index_array - (s : array (array u32 32) 32) (i : usize) (j : usize) : result u32 = - let* a = array_index_usize (array u32 32) 32 s i in - array_index_usize u32 32 a j - -(** [array::update_update_array]: forward function - Source: 'src/array.rs', lines 114:0-114:70 *) -let update_update_array - (s : array (array u32 32) 32) (i : usize) (j : usize) : result unit = - let* a = array_index_usize (array u32 32) 32 s i in - let* a1 = array_update_usize u32 32 a j 0 in - let* _ = array_update_usize (array u32 32) 32 s i a1 in - Return () - -(** [array::array_local_deep_copy]: forward function - Source: 'src/array.rs', lines 118:0-118:43 *) -let array_local_deep_copy (x : array u32 32) : result unit = - Return () - -(** [array::take_array]: forward function - Source: 'src/array.rs', lines 122:0-122:30 *) -let take_array (a : array u32 2) : result unit = - Return () - -(** [array::take_array_borrow]: forward function - Source: 'src/array.rs', lines 123:0-123:38 *) -let take_array_borrow (a : array u32 2) : result unit = - Return () - -(** [array::take_slice]: forward function - Source: 'src/array.rs', lines 124:0-124:28 *) -let take_slice (s : slice u32) : result unit = - Return () - -(** [array::take_mut_slice]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) - Source: 'src/array.rs', lines 125:0-125:36 *) -let take_mut_slice (s : slice u32) : result (slice u32) = - Return s - -(** [array::const_array]: forward function - Source: 'src/array.rs', lines 127:0-127:32 *) -let const_array : result (array u32 2) = - Return (mk_array u32 2 [ 0; 0 ]) - -(** [array::const_slice]: forward function - Source: 'src/array.rs', lines 131:0-131:20 *) -let const_slice : result unit = - let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Return () - -(** [array::take_all]: forward function - Source: 'src/array.rs', lines 141:0-141:17 *) -let take_all : result unit = - let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in - let* _ = take_array_borrow (mk_array u32 2 [ 0; 0 ]) in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* _ = take_slice s in - let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* s2 = take_mut_slice s1 in - let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in - Return () - -(** [array::index_array]: forward function - Source: 'src/array.rs', lines 155:0-155:38 *) -let index_array (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::index_array_borrow]: forward function - Source: 'src/array.rs', lines 158:0-158:46 *) -let index_array_borrow (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::index_slice_u32_0]: forward function - Source: 'src/array.rs', lines 162:0-162:42 *) -let index_slice_u32_0 (x : slice u32) : result u32 = - slice_index_usize u32 x 0 - -(** [array::index_mut_slice_u32_0]: forward function - Source: 'src/array.rs', lines 166:0-166:50 *) -let index_mut_slice_u32_0 (x : slice u32) : result u32 = - slice_index_usize u32 x 0 - -(** [array::index_mut_slice_u32_0]: backward function 0 - Source: 'src/array.rs', lines 166:0-166:50 *) -let index_mut_slice_u32_0_back (x : slice u32) : result (slice u32) = - let* _ = slice_index_usize u32 x 0 in Return x - -(** [array::index_all]: forward function - Source: 'src/array.rs', lines 170:0-170:25 *) -let index_all : result u32 = - let* i = index_array (mk_array u32 2 [ 0; 0 ]) in - let* i1 = index_array (mk_array u32 2 [ 0; 0 ]) in - let* i2 = u32_add i i1 in - let* i3 = index_array_borrow (mk_array u32 2 [ 0; 0 ]) in - let* i4 = u32_add i2 i3 in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* i5 = index_slice_u32_0 s in - let* i6 = u32_add i4 i5 in - let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* i7 = index_mut_slice_u32_0 s1 in - let* i8 = u32_add i6 i7 in - let* s2 = index_mut_slice_u32_0_back s1 in - let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in - Return i8 - -(** [array::update_array]: forward function - Source: 'src/array.rs', lines 184:0-184:36 *) -let update_array (x : array u32 2) : result unit = - let* _ = array_update_usize u32 2 x 0 1 in Return () - -(** [array::update_array_mut_borrow]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) - Source: 'src/array.rs', lines 187:0-187:48 *) -let update_array_mut_borrow (x : array u32 2) : result (array u32 2) = - array_update_usize u32 2 x 0 1 - -(** [array::update_mut_slice]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) - Source: 'src/array.rs', lines 190:0-190:38 *) -let update_mut_slice (x : slice u32) : result (slice u32) = - slice_update_usize u32 x 0 1 - -(** [array::update_all]: forward function - Source: 'src/array.rs', lines 194:0-194:19 *) -let update_all : result unit = - let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in - let* x = update_array_mut_borrow (mk_array u32 2 [ 0; 0 ]) in - let* s = array_to_slice u32 2 x in - let* s1 = update_mut_slice s in - let* _ = array_from_slice u32 2 x s1 in - Return () - -(** [array::range_all]: forward function - Source: 'src/array.rs', lines 205:0-205:18 *) -let range_all : result unit = - let* s = - core_array_Array_index_mut u32 (core_ops_range_Range usize) 4 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) - (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } in - let* s1 = update_mut_slice s in - let* _ = - core_array_Array_index_mut_back u32 (core_ops_range_Range usize) 4 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) - (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } s1 in - Return () - -(** [array::deref_array_borrow]: forward function - Source: 'src/array.rs', lines 214:0-214:46 *) -let deref_array_borrow (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::deref_array_mut_borrow]: forward function - Source: 'src/array.rs', lines 219:0-219:54 *) -let deref_array_mut_borrow (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::deref_array_mut_borrow]: backward function 0 - Source: 'src/array.rs', lines 219:0-219:54 *) -let deref_array_mut_borrow_back (x : array u32 2) : result (array u32 2) = - let* _ = array_index_usize u32 2 x 0 in Return x - -(** [array::take_array_t]: forward function - Source: 'src/array.rs', lines 227:0-227:31 *) -let take_array_t (a : array aB_t 2) : result unit = - Return () - -(** [array::non_copyable_array]: forward function - Source: 'src/array.rs', lines 229:0-229:27 *) -let non_copyable_array : result unit = - let* _ = take_array_t (mk_array aB_t 2 [ AB_A; AB_B ]) in Return () - -(** [array::sum]: loop 0: forward function - Source: 'src/array.rs', lines 242:0-250:1 *) -let rec sum_loop - (s : slice u32) (sum1 : u32) (i : usize) : - Tot (result u32) (decreases (sum_loop_decreases s sum1 i)) - = - let i1 = slice_len u32 s in - if i < i1 - then - let* i2 = slice_index_usize u32 s i in - let* sum3 = u32_add sum1 i2 in - let* i3 = usize_add i 1 in - sum_loop s sum3 i3 - else Return sum1 - -(** [array::sum]: forward function - Source: 'src/array.rs', lines 242:0-242:28 *) -let sum (s : slice u32) : result u32 = - sum_loop s 0 0 - -(** [array::sum2]: loop 0: forward function - Source: 'src/array.rs', lines 252:0-261:1 *) -let rec sum2_loop - (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : - Tot (result u32) (decreases (sum2_loop_decreases s s2 sum1 i)) - = - let i1 = slice_len u32 s in - if i < i1 - then - let* i2 = slice_index_usize u32 s i in - let* i3 = slice_index_usize u32 s2 i in - let* i4 = u32_add i2 i3 in - let* sum3 = u32_add sum1 i4 in - let* i5 = usize_add i 1 in - sum2_loop s s2 sum3 i5 - else Return sum1 - -(** [array::sum2]: forward function - Source: 'src/array.rs', lines 252:0-252:41 *) -let sum2 (s : slice u32) (s2 : slice u32) : result u32 = - let i = slice_len u32 s in - let i1 = slice_len u32 s2 in - if not (i = i1) then Fail Failure else sum2_loop s s2 0 0 - -(** [array::f0]: forward function - Source: 'src/array.rs', lines 263:0-263:11 *) -let f0 : result unit = - let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in - let* s1 = slice_update_usize u32 s 0 1 in - let* _ = array_from_slice u32 2 (mk_array u32 2 [ 1; 2 ]) s1 in - Return () - -(** [array::f1]: forward function - Source: 'src/array.rs', lines 268:0-268:11 *) -let f1 : result unit = - let* _ = array_update_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 1 in Return () - -(** [array::f2]: forward function - Source: 'src/array.rs', lines 273:0-273:17 *) -let f2 (i : u32) : result unit = - Return () - -(** [array::f4]: forward function - Source: 'src/array.rs', lines 282:0-282:54 *) -let f4 (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = - core_array_Array_index u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } - -(** [array::f3]: forward function - Source: 'src/array.rs', lines 275:0-275:18 *) -let f3 : result u32 = - let* i = array_index_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in - let* _ = f2 i in - let b = array_repeat u32 32 0 in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in - let* s1 = f4 b 16 18 in - sum2 s s1 - -(** [array::SZ] - Source: 'src/array.rs', lines 286:0-286:19 *) -let sz_body : result usize = Return 32 -let sz_c : usize = eval_global sz_body - -(** [array::f5]: forward function - Source: 'src/array.rs', lines 289:0-289:31 *) -let f5 (x : array u32 32) : result u32 = - array_index_usize u32 32 x 0 - -(** [array::ite]: forward function - Source: 'src/array.rs', lines 294:0-294:12 *) -let ite : result unit = - let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* s2 = index_mut_slice_u32_0_back s1 in - let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in - let* s3 = index_mut_slice_u32_0_back s in - let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s3 in - Return () - diff --git a/tests/fstar-split/array/Array.Types.fst b/tests/fstar-split/array/Array.Types.fst deleted file mode 100644 index 312f6018..00000000 --- a/tests/fstar-split/array/Array.Types.fst +++ /dev/null @@ -1,11 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: type definitions *) -module Array.Types -open Primitives - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::AB] - Source: 'src/array.rs', lines 3:0-3:11 *) -type aB_t = | AB_A : aB_t | AB_B : aB_t - diff --git a/tests/fstar-split/array/Makefile b/tests/fstar-split/array/Makefile deleted file mode 100644 index fa7d1f36..00000000 --- a/tests/fstar-split/array/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -# This file was automatically generated - modify ../Makefile.template instead -INCLUDE_DIRS = . - -FSTAR_INCLUDES = $(addprefix --include ,$(INCLUDE_DIRS)) - -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints - -FSTAR_OPTIONS = $(FSTAR_HINTS) \ - --cache_checked_modules $(FSTAR_INCLUDES) --cmi \ - --warn_error '+241@247+285-274' \ - -FSTAR_EXE ?= fstar.exe -FSTAR_NO_FLAGS = $(FSTAR_EXE) --already_cached 'Prims FStar LowStar Steel' --odir obj --cache_dir obj - -FSTAR = $(FSTAR_NO_FLAGS) $(FSTAR_OPTIONS) - -# The F* roots are used to compute the dependency graph, and generate the .depend file -FSTAR_ROOTS ?= $(wildcard *.fst *.fsti) - -# Build all the files -all: $(addprefix obj/,$(addsuffix .checked,$(FSTAR_ROOTS))) - -# This is the right way to ensure the .depend file always gets re-built. -ifeq (,$(filter %-in,$(MAKECMDGOALS))) -ifndef NODEPEND -ifndef MAKE_RESTARTS -.depend: .FORCE - $(FSTAR_NO_FLAGS) --dep full $(notdir $(FSTAR_ROOTS)) > $@ - -.PHONY: .FORCE -.FORCE: -endif -endif - -include .depend -endif - -# For the interactive mode -%.fst-in %.fsti-in: - @echo $(FSTAR_OPTIONS) - -# Generete the .checked files in batch mode -%.checked: - $(FSTAR) $(FSTAR_OPTIONS) $< && \ - touch -c $@ - -.PHONY: clean -clean: - rm -f obj/* diff --git a/tests/fstar-split/array/Primitives.fst b/tests/fstar-split/array/Primitives.fst deleted file mode 100644 index a3ffbde4..00000000 --- a/tests/fstar-split/array/Primitives.fst +++ /dev/null @@ -1,884 +0,0 @@ -/// This file lists primitive and assumed functions and types -module Primitives -open FStar.Mul -open FStar.List.Tot - -#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" - -(*** Utilities *) -val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : - ls':list a{ - length ls' = length ls /\ - index ls' i == x - } -#push-options "--fuel 1" -let rec list_update #a ls i x = - match ls with - | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x -#pop-options - -(*** Result *) -type error : Type0 = -| Failure -| OutOfFuel - -type result (a : Type0) : Type0 = -| Return : v:a -> result a -| Fail : e:error -> result a - -// Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x - -// Monadic bind operator. -// Allows to use the notation: -// ``` -// let* x = y in -// ... -// ``` -unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : - result b = - match m with - | Return x -> f x - | Fail e -> Fail e - -// Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure - -// Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x - -(*** Misc *) -type char = FStar.Char.char -type string = string - -let is_zero (n: nat) : bool = n = 0 -let decrease (n: nat{n > 0}) : nat = n - 1 - -let core_mem_replace (a : Type0) (x : a) (y : a) : a = x -let core_mem_replace_back (a : Type0) (x : a) (y : a) : a = y - -// We don't really use raw pointers for now -type mut_raw_ptr (t : Type0) = { v : t } -type const_raw_ptr (t : Type0) = { v : t } - -(*** Scalars *) -/// Rem.: most of the following code was partially generated - -assume val size_numbits : pos - -// TODO: we could use FStar.Int.int_t and FStar.UInt.int_t - -let isize_min : int = -9223372036854775808 // TODO: should be opaque -let isize_max : int = 9223372036854775807 // TODO: should be opaque -let i8_min : int = -128 -let i8_max : int = 127 -let i16_min : int = -32768 -let i16_max : int = 32767 -let i32_min : int = -2147483648 -let i32_max : int = 2147483647 -let i64_min : int = -9223372036854775808 -let i64_max : int = 9223372036854775807 -let i128_min : int = -170141183460469231731687303715884105728 -let i128_max : int = 170141183460469231731687303715884105727 -let usize_min : int = 0 -let usize_max : int = 4294967295 // TODO: should be opaque -let u8_min : int = 0 -let u8_max : int = 255 -let u16_min : int = 0 -let u16_max : int = 65535 -let u32_min : int = 0 -let u32_max : int = 4294967295 -let u64_min : int = 0 -let u64_max : int = 18446744073709551615 -let u128_min : int = 0 -let u128_max : int = 340282366920938463463374607431768211455 - -type scalar_ty = -| Isize -| I8 -| I16 -| I32 -| I64 -| I128 -| Usize -| U8 -| U16 -| U32 -| U64 -| U128 - -let is_unsigned = function - | Isize | I8 | I16 | I32 | I64 | I128 -> false - | Usize | U8 | U16 | U32 | U64 | U128 -> true - -let scalar_min (ty : scalar_ty) : int = - match ty with - | Isize -> isize_min - | I8 -> i8_min - | I16 -> i16_min - | I32 -> i32_min - | I64 -> i64_min - | I128 -> i128_min - | Usize -> usize_min - | U8 -> u8_min - | U16 -> u16_min - | U32 -> u32_min - | U64 -> u64_min - | U128 -> u128_min - -let scalar_max (ty : scalar_ty) : int = - match ty with - | Isize -> isize_max - | I8 -> i8_max - | I16 -> i16_max - | I32 -> i32_max - | I64 -> i64_max - | I128 -> i128_max - | Usize -> usize_max - | U8 -> u8_max - | U16 -> u16_max - | U32 -> u32_max - | U64 -> u64_max - | U128 -> u128_max - -type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} - -let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure - -let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) - -let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - if y <> 0 then mk_scalar ty (x / y) else Fail Failure - -/// The remainder operation -let int_rem (x : int) (y : int{y <> 0}) : int = - if x >= 0 then (x % y) else -(x % y) - -(* Checking consistency with Rust *) -let _ = assert_norm(int_rem 1 2 = 1) -let _ = assert_norm(int_rem (-1) 2 = -1) -let _ = assert_norm(int_rem 1 (-2) = 1) -let _ = assert_norm(int_rem (-1) (-2) = -1) - -let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - if y <> 0 then mk_scalar ty (int_rem x y) else Fail Failure - -let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x + y) - -let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x - y) - -let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x * y) - -let scalar_xor (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logxor #8 x y - | U16 -> FStar.UInt.logxor #16 x y - | U32 -> FStar.UInt.logxor #32 x y - | U64 -> FStar.UInt.logxor #64 x y - | U128 -> FStar.UInt.logxor #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logxor #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logxor #16 x y - | I32 -> FStar.Int.logxor #32 x y - | I64 -> FStar.Int.logxor #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logxor #128 x y - | Isize -> admit() // TODO - -let scalar_or (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logor #8 x y - | U16 -> FStar.UInt.logor #16 x y - | U32 -> FStar.UInt.logor #32 x y - | U64 -> FStar.UInt.logor #64 x y - | U128 -> FStar.UInt.logor #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logor #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logor #16 x y - | I32 -> FStar.Int.logor #32 x y - | I64 -> FStar.Int.logor #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logor #128 x y - | Isize -> admit() // TODO - -let scalar_and (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logand #8 x y - | U16 -> FStar.UInt.logand #16 x y - | U32 -> FStar.UInt.logand #32 x y - | U64 -> FStar.UInt.logand #64 x y - | U128 -> FStar.UInt.logand #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logand #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logand #16 x y - | I32 -> FStar.Int.logand #32 x y - | I64 -> FStar.Int.logand #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logand #128 x y - | Isize -> admit() // TODO - -// Shift left -let scalar_shl (#ty0 #ty1 : scalar_ty) - (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = - admit() - -// Shift right -let scalar_shr (#ty0 #ty1 : scalar_ty) - (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = - admit() - -(** Cast an integer from a [src_ty] to a [tgt_ty] *) -// TODO: check the semantics of casts in Rust -let scalar_cast (src_ty : scalar_ty) (tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) = - mk_scalar tgt_ty x - -// This can't fail, but for now we make all casts faillible (easier for the translation) -let scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) = - mk_scalar tgt_ty (if x then 1 else 0) - -/// The scalar types -type isize : eqtype = scalar Isize -type i8 : eqtype = scalar I8 -type i16 : eqtype = scalar I16 -type i32 : eqtype = scalar I32 -type i64 : eqtype = scalar I64 -type i128 : eqtype = scalar I128 -type usize : eqtype = scalar Usize -type u8 : eqtype = scalar U8 -type u16 : eqtype = scalar U16 -type u32 : eqtype = scalar U32 -type u64 : eqtype = scalar U64 -type u128 : eqtype = scalar U128 - - -let core_isize_min : isize = isize_min -let core_isize_max : isize = isize_max -let core_i8_min : i8 = i8_min -let core_i8_max : i8 = i8_max -let core_i16_min : i16 = i16_min -let core_i16_max : i16 = i16_max -let core_i32_min : i32 = i32_min -let core_i32_max : i32 = i32_max -let core_i64_min : i64 = i64_min -let core_i64_max : i64 = i64_max -let core_i128_min : i128 = i128_min -let core_i128_max : i128 = i128_max - -let core_usize_min : usize = usize_min -let core_usize_max : usize = usize_max -let core_u8_min : u8 = u8_min -let core_u8_max : u8 = u8_max -let core_u16_min : u16 = u16_min -let core_u16_max : u16 = u16_max -let core_u32_min : u32 = u32_min -let core_u32_max : u32 = u32_max -let core_u64_min : u64 = u64_min -let core_u64_max : u64 = u64_max -let core_u128_min : u128 = u128_min -let core_u128_max : u128 = u128_max - -/// Negation -let isize_neg = scalar_neg #Isize -let i8_neg = scalar_neg #I8 -let i16_neg = scalar_neg #I16 -let i32_neg = scalar_neg #I32 -let i64_neg = scalar_neg #I64 -let i128_neg = scalar_neg #I128 - -/// Division -let isize_div = scalar_div #Isize -let i8_div = scalar_div #I8 -let i16_div = scalar_div #I16 -let i32_div = scalar_div #I32 -let i64_div = scalar_div #I64 -let i128_div = scalar_div #I128 -let usize_div = scalar_div #Usize -let u8_div = scalar_div #U8 -let u16_div = scalar_div #U16 -let u32_div = scalar_div #U32 -let u64_div = scalar_div #U64 -let u128_div = scalar_div #U128 - -/// Remainder -let isize_rem = scalar_rem #Isize -let i8_rem = scalar_rem #I8 -let i16_rem = scalar_rem #I16 -let i32_rem = scalar_rem #I32 -let i64_rem = scalar_rem #I64 -let i128_rem = scalar_rem #I128 -let usize_rem = scalar_rem #Usize -let u8_rem = scalar_rem #U8 -let u16_rem = scalar_rem #U16 -let u32_rem = scalar_rem #U32 -let u64_rem = scalar_rem #U64 -let u128_rem = scalar_rem #U128 - -/// Addition -let isize_add = scalar_add #Isize -let i8_add = scalar_add #I8 -let i16_add = scalar_add #I16 -let i32_add = scalar_add #I32 -let i64_add = scalar_add #I64 -let i128_add = scalar_add #I128 -let usize_add = scalar_add #Usize -let u8_add = scalar_add #U8 -let u16_add = scalar_add #U16 -let u32_add = scalar_add #U32 -let u64_add = scalar_add #U64 -let u128_add = scalar_add #U128 - -/// Subtraction -let isize_sub = scalar_sub #Isize -let i8_sub = scalar_sub #I8 -let i16_sub = scalar_sub #I16 -let i32_sub = scalar_sub #I32 -let i64_sub = scalar_sub #I64 -let i128_sub = scalar_sub #I128 -let usize_sub = scalar_sub #Usize -let u8_sub = scalar_sub #U8 -let u16_sub = scalar_sub #U16 -let u32_sub = scalar_sub #U32 -let u64_sub = scalar_sub #U64 -let u128_sub = scalar_sub #U128 - -/// Multiplication -let isize_mul = scalar_mul #Isize -let i8_mul = scalar_mul #I8 -let i16_mul = scalar_mul #I16 -let i32_mul = scalar_mul #I32 -let i64_mul = scalar_mul #I64 -let i128_mul = scalar_mul #I128 -let usize_mul = scalar_mul #Usize -let u8_mul = scalar_mul #U8 -let u16_mul = scalar_mul #U16 -let u32_mul = scalar_mul #U32 -let u64_mul = scalar_mul #U64 -let u128_mul = scalar_mul #U128 - -/// Xor -let u8_xor = scalar_xor #U8 -let u16_xor = scalar_xor #U16 -let u32_xor = scalar_xor #U32 -let u64_xor = scalar_xor #U64 -let u128_xor = scalar_xor #U128 -let usize_xor = scalar_xor #Usize -let i8_xor = scalar_xor #I8 -let i16_xor = scalar_xor #I16 -let i32_xor = scalar_xor #I32 -let i64_xor = scalar_xor #I64 -let i128_xor = scalar_xor #I128 -let isize_xor = scalar_xor #Isize - -/// Or -let u8_or = scalar_or #U8 -let u16_or = scalar_or #U16 -let u32_or = scalar_or #U32 -let u64_or = scalar_or #U64 -let u128_or = scalar_or #U128 -let usize_or = scalar_or #Usize -let i8_or = scalar_or #I8 -let i16_or = scalar_or #I16 -let i32_or = scalar_or #I32 -let i64_or = scalar_or #I64 -let i128_or = scalar_or #I128 -let isize_or = scalar_or #Isize - -/// And -let u8_and = scalar_and #U8 -let u16_and = scalar_and #U16 -let u32_and = scalar_and #U32 -let u64_and = scalar_and #U64 -let u128_and = scalar_and #U128 -let usize_and = scalar_and #Usize -let i8_and = scalar_and #I8 -let i16_and = scalar_and #I16 -let i32_and = scalar_and #I32 -let i64_and = scalar_and #I64 -let i128_and = scalar_and #I128 -let isize_and = scalar_and #Isize - -/// Shift left -let u8_shl #ty = scalar_shl #U8 #ty -let u16_shl #ty = scalar_shl #U16 #ty -let u32_shl #ty = scalar_shl #U32 #ty -let u64_shl #ty = scalar_shl #U64 #ty -let u128_shl #ty = scalar_shl #U128 #ty -let usize_shl #ty = scalar_shl #Usize #ty -let i8_shl #ty = scalar_shl #I8 #ty -let i16_shl #ty = scalar_shl #I16 #ty -let i32_shl #ty = scalar_shl #I32 #ty -let i64_shl #ty = scalar_shl #I64 #ty -let i128_shl #ty = scalar_shl #I128 #ty -let isize_shl #ty = scalar_shl #Isize #ty - -/// Shift right -let u8_shr #ty = scalar_shr #U8 #ty -let u16_shr #ty = scalar_shr #U16 #ty -let u32_shr #ty = scalar_shr #U32 #ty -let u64_shr #ty = scalar_shr #U64 #ty -let u128_shr #ty = scalar_shr #U128 #ty -let usize_shr #ty = scalar_shr #Usize #ty -let i8_shr #ty = scalar_shr #I8 #ty -let i16_shr #ty = scalar_shr #I16 #ty -let i32_shr #ty = scalar_shr #I32 #ty -let i64_shr #ty = scalar_shr #I64 #ty -let i128_shr #ty = scalar_shr #I128 #ty -let isize_shr #ty = scalar_shr #Isize #ty - -(*** core::ops *) - -// Trait declaration: [core::ops::index::Index] -noeq type core_ops_index_Index (self idx : Type0) = { - output : Type0; - index : self → idx → result output -} - -// Trait declaration: [core::ops::index::IndexMut] -noeq type core_ops_index_IndexMut (self idx : Type0) = { - indexInst : core_ops_index_Index self idx; - index_mut : self → idx → result indexInst.output; - index_mut_back : self → idx → indexInst.output → result self; -} - -// Trait declaration [core::ops::deref::Deref] -noeq type core_ops_deref_Deref (self : Type0) = { - target : Type0; - deref : self → result target; -} - -// Trait declaration [core::ops::deref::DerefMut] -noeq type core_ops_deref_DerefMut (self : Type0) = { - derefInst : core_ops_deref_Deref self; - deref_mut : self → result derefInst.target; - deref_mut_back : self → derefInst.target → result self; -} - -type core_ops_range_Range (a : Type0) = { - start : a; - end_ : a; -} - -(*** [alloc] *) - -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x -let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result t = Return x -let alloc_boxed_Box_deref_mut_back (t : Type) (_ : t) (x : t) : result t = Return x - -// Trait instance -let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { - target = self; - deref = alloc_boxed_Box_deref self; -} - -// Trait instance -let alloc_boxed_Box_coreopsDerefMutInst (self : Type0) : core_ops_deref_DerefMut self = { - derefInst = alloc_boxed_Box_coreopsDerefInst self; - deref_mut = alloc_boxed_Box_deref_mut self; - deref_mut_back = alloc_boxed_Box_deref_mut_back self; -} - -(*** Array *) -type array (a : Type0) (n : usize) = s:list a{length s = n} - -// We tried putting the normalize_term condition as a refinement on the list -// but it didn't work. It works with the requires clause. -let mk_array (a : Type0) (n : usize) - (l : list a) : - Pure (array a n) - (requires (normalize_term(FStar.List.Tot.length l) = n)) - (ensures (fun _ -> True)) = - normalize_term_spec (FStar.List.Tot.length l); - l - -let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) - else Fail Failure - -let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = - if i < length x then Return (list_update x i nx) - else Fail Failure - -(*** Slice *) -type slice (a : Type0) = s:list a{length s <= usize_max} - -let slice_len (a : Type0) (s : slice a) : usize = length s - -let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) - else Fail Failure - -let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) - else Fail Failure - -(*** Subslices *) - -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x -let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s - else Fail Failure - -// TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) -let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = - admit() - -let array_update_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) (ns : slice a) : result (array a n) = - admit() - -let array_repeat (a : Type0) (n : usize) (x : a) : array a n = - admit() - -let slice_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) : result (slice a) = - admit() - -let slice_update_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) (ns : slice a) : result (slice a) = - admit() - -(*** Vector *) -type alloc_vec_Vec (a : Type0) = v:list a{length v <= usize_max} - -let alloc_vec_Vec_new (a : Type0) : alloc_vec_Vec a = assert_norm(length #a [] == 0); [] -let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v - -// Helper -let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure -// Helper -let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure - -// The **forward** function shouldn't be used -let alloc_vec_Vec_push_fwd (a : Type0) (v : alloc_vec_Vec a) (x : a) : unit = () -let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : - Pure (result (alloc_vec_Vec a)) - (requires True) - (ensures (fun res -> - match res with - | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = - if length v < usize_max then begin - (**) assert_norm(length [x] == 1); - (**) append_length v [x]; - (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) - end - else Fail Failure - -// The **forward** function shouldn't be used -let alloc_vec_Vec_insert_fwd (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result unit = - if i < length v then Return () else Fail Failure -let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure - -// Trait declaration: [core::slice::index::private_slice_index::Sealed] -type core_slice_index_private_slice_index_Sealed (self : Type0) = unit - -// Trait declaration: [core::slice::index::SliceIndex] -noeq type core_slice_index_SliceIndex (self t : Type0) = { - sealedInst : core_slice_index_private_slice_index_Sealed self; - output : Type0; - get : self → t → result (option output); - get_mut : self → t → result (option output); - get_mut_back : self → t → option output → result t; - get_unchecked : self → const_raw_ptr t → result (const_raw_ptr output); - get_unchecked_mut : self → mut_raw_ptr t → result (mut_raw_ptr output); - index : self → t → result output; - index_mut : self → t → result output; - index_mut_back : self → t → output → result t; -} - -// [core::slice::index::[T]::index]: forward function -let core_slice_index_Slice_index - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (s : slice t) (i : idx) : result inst.output = - let* x = inst.get i s in - match x with - | None -> Fail Failure - | Some x -> Return x - -// [core::slice::index::Range:::get]: forward function -let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : - result (option (slice t)) = - admit () // TODO - -// [core::slice::index::Range::get_mut]: forward function -let core_slice_index_RangeUsize_get_mut - (t : Type0) : core_ops_range_Range usize → slice t → result (option (slice t)) = - admit () // TODO - -// [core::slice::index::Range::get_mut]: backward function 0 -let core_slice_index_RangeUsize_get_mut_back - (t : Type0) : - core_ops_range_Range usize → slice t → option (slice t) → result (slice t) = - admit () // TODO - -// [core::slice::index::Range::get_unchecked]: forward function -let core_slice_index_RangeUsize_get_unchecked - (t : Type0) : - core_ops_range_Range usize → const_raw_ptr (slice t) → result (const_raw_ptr (slice t)) = - // Don't know what the model should be - for now we always fail to make - // sure code which uses it fails - fun _ _ -> Fail Failure - -// [core::slice::index::Range::get_unchecked_mut]: forward function -let core_slice_index_RangeUsize_get_unchecked_mut - (t : Type0) : - core_ops_range_Range usize → mut_raw_ptr (slice t) → result (mut_raw_ptr (slice t)) = - // Don't know what the model should be - for now we always fail to make - // sure code which uses it fails - fun _ _ -> Fail Failure - -// [core::slice::index::Range::index]: forward function -let core_slice_index_RangeUsize_index - (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = - admit () // TODO - -// [core::slice::index::Range::index_mut]: forward function -let core_slice_index_RangeUsize_index_mut - (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = - admit () // TODO - -// [core::slice::index::Range::index_mut]: backward function 0 -let core_slice_index_RangeUsize_index_mut_back - (t : Type0) : core_ops_range_Range usize → slice t → slice t → result (slice t) = - admit () // TODO - -// [core::slice::index::[T]::index_mut]: forward function -let core_slice_index_Slice_index_mut - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : - slice t → idx → result inst.output = - admit () // - -// [core::slice::index::[T]::index_mut]: backward function 0 -let core_slice_index_Slice_index_mut_back - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : - slice t → idx → inst.output → result (slice t) = - admit () // TODO - -// [core::array::[T; N]::index]: forward function -let core_array_Array_index - (t idx : Type0) (n : usize) (inst : core_ops_index_Index (slice t) idx) - (a : array t n) (i : idx) : result inst.output = - admit () // TODO - -// [core::array::[T; N]::index_mut]: forward function -let core_array_Array_index_mut - (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) - (a : array t n) (i : idx) : result inst.indexInst.output = - admit () // TODO - -// [core::array::[T; N]::index_mut]: backward function 0 -let core_array_Array_index_mut_back - (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) - (a : array t n) (i : idx) (x : inst.indexInst.output) : result (array t n) = - admit () // TODO - -// Trait implementation: [core::slice::index::private_slice_index::Range] -let core_slice_index_private_slice_index_SealedRangeUsizeInst - : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) = () - -// Trait implementation: [core::slice::index::Range] -let core_slice_index_SliceIndexRangeUsizeSliceTInst (t : Type0) : - core_slice_index_SliceIndex (core_ops_range_Range usize) (slice t) = { - sealedInst = core_slice_index_private_slice_index_SealedRangeUsizeInst; - output = slice t; - get = core_slice_index_RangeUsize_get t; - get_mut = core_slice_index_RangeUsize_get_mut t; - get_mut_back = core_slice_index_RangeUsize_get_mut_back t; - get_unchecked = core_slice_index_RangeUsize_get_unchecked t; - get_unchecked_mut = core_slice_index_RangeUsize_get_unchecked_mut t; - index = core_slice_index_RangeUsize_index t; - index_mut = core_slice_index_RangeUsize_index_mut t; - index_mut_back = core_slice_index_RangeUsize_index_mut_back t; -} - -// Trait implementation: [core::slice::index::[T]] -let core_ops_index_IndexSliceTIInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_Index (slice t) idx = { - output = inst.output; - index = core_slice_index_Slice_index t idx inst; -} - -// Trait implementation: [core::slice::index::[T]] -let core_ops_index_IndexMutSliceTIInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_IndexMut (slice t) idx = { - indexInst = core_ops_index_IndexSliceTIInst t idx inst; - index_mut = core_slice_index_Slice_index_mut t idx inst; - index_mut_back = core_slice_index_Slice_index_mut_back t idx inst; -} - -// Trait implementation: [core::array::[T; N]] -let core_ops_index_IndexArrayInst (t idx : Type0) (n : usize) - (inst : core_ops_index_Index (slice t) idx) : - core_ops_index_Index (array t n) idx = { - output = inst.output; - index = core_array_Array_index t idx n inst; -} - -// Trait implementation: [core::array::[T; N]] -let core_ops_index_IndexMutArrayIInst (t idx : Type0) (n : usize) - (inst : core_ops_index_IndexMut (slice t) idx) : - core_ops_index_IndexMut (array t n) idx = { - indexInst = core_ops_index_IndexArrayInst t idx n inst.indexInst; - index_mut = core_array_Array_index_mut t idx n inst; - index_mut_back = core_array_Array_index_mut_back t idx n inst; -} - -// [core::slice::index::usize::get]: forward function -let core_slice_index_usize_get - (t : Type0) : usize → slice t → result (option t) = - admit () // TODO - -// [core::slice::index::usize::get_mut]: forward function -let core_slice_index_usize_get_mut - (t : Type0) : usize → slice t → result (option t) = - admit () // TODO - -// [core::slice::index::usize::get_mut]: backward function 0 -let core_slice_index_usize_get_mut_back - (t : Type0) : usize → slice t → option t → result (slice t) = - admit () // TODO - -// [core::slice::index::usize::get_unchecked]: forward function -let core_slice_index_usize_get_unchecked - (t : Type0) : usize → const_raw_ptr (slice t) → result (const_raw_ptr t) = - admit () // TODO - -// [core::slice::index::usize::get_unchecked_mut]: forward function -let core_slice_index_usize_get_unchecked_mut - (t : Type0) : usize → mut_raw_ptr (slice t) → result (mut_raw_ptr t) = - admit () // TODO - -// [core::slice::index::usize::index]: forward function -let core_slice_index_usize_index (t : Type0) : usize → slice t → result t = - admit () // TODO - -// [core::slice::index::usize::index_mut]: forward function -let core_slice_index_usize_index_mut (t : Type0) : usize → slice t → result t = - admit () // TODO - -// [core::slice::index::usize::index_mut]: backward function 0 -let core_slice_index_usize_index_mut_back - (t : Type0) : usize → slice t → t → result (slice t) = - admit () // TODO - -// Trait implementation: [core::slice::index::private_slice_index::usize] -let core_slice_index_private_slice_index_SealedUsizeInst - : core_slice_index_private_slice_index_Sealed usize = () - -// Trait implementation: [core::slice::index::usize] -let core_slice_index_SliceIndexUsizeSliceTInst (t : Type0) : - core_slice_index_SliceIndex usize (slice t) = { - sealedInst = core_slice_index_private_slice_index_SealedUsizeInst; - output = t; - get = core_slice_index_usize_get t; - get_mut = core_slice_index_usize_get_mut t; - get_mut_back = core_slice_index_usize_get_mut_back t; - get_unchecked = core_slice_index_usize_get_unchecked t; - get_unchecked_mut = core_slice_index_usize_get_unchecked_mut t; - index = core_slice_index_usize_index t; - index_mut = core_slice_index_usize_index_mut t; - index_mut_back = core_slice_index_usize_index_mut_back t; -} - -// [alloc::vec::Vec::index]: forward function -let alloc_vec_Vec_index (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (self : alloc_vec_Vec t) (i : idx) : result inst.output = - admit () // TODO - -// [alloc::vec::Vec::index_mut]: forward function -let alloc_vec_Vec_index_mut (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (self : alloc_vec_Vec t) (i : idx) : result inst.output = - admit () // TODO - -// [alloc::vec::Vec::index_mut]: backward function 0 -let alloc_vec_Vec_index_mut_back - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (self : alloc_vec_Vec t) (i : idx) (x : inst.output) : result (alloc_vec_Vec t) = - admit () // TODO - -// Trait implementation: [alloc::vec::Vec] -let alloc_vec_Vec_coreopsindexIndexInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_Index (alloc_vec_Vec t) idx = { - output = inst.output; - index = alloc_vec_Vec_index t idx inst; -} - -// Trait implementation: [alloc::vec::Vec] -let alloc_vec_Vec_coreopsindexIndexMutInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_IndexMut (alloc_vec_Vec t) idx = { - indexInst = alloc_vec_Vec_coreopsindexIndexInst t idx inst; - index_mut = alloc_vec_Vec_index_mut t idx inst; - index_mut_back = alloc_vec_Vec_index_mut_back t idx inst; -} - -(*** Theorems *) - -let alloc_vec_Vec_index_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : - Lemma ( - alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == - alloc_vec_Vec_index_usize v i) - [SMTPat (alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] - = - admit() - -let alloc_vec_Vec_index_mut_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : - Lemma ( - alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == - alloc_vec_Vec_index_usize v i) - [SMTPat (alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] - = - admit() - -let alloc_vec_Vec_index_mut_back_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : - Lemma ( - alloc_vec_Vec_index_mut_back a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i x == - alloc_vec_Vec_update_usize v i x) - [SMTPat (alloc_vec_Vec_index_mut_back a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i x)] - = - admit() diff --git a/tests/fstar-split/arrays/Arrays.Clauses.Template.fst b/tests/fstar-split/arrays/Arrays.Clauses.Template.fst new file mode 100644 index 00000000..8cc32583 --- /dev/null +++ b/tests/fstar-split/arrays/Arrays.Clauses.Template.fst @@ -0,0 +1,21 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: templates for the decreases clauses *) +module Arrays.Clauses.Template +open Primitives +open Arrays.Types + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::sum]: decreases clause + Source: 'src/arrays.rs', lines 242:0-250:1 *) +unfold +let sum_loop_decreases (s : slice u32) (sum1 : u32) (i : usize) : nat = + admit () + +(** [arrays::sum2]: decreases clause + Source: 'src/arrays.rs', lines 252:0-261:1 *) +unfold +let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum1 : u32) + (i : usize) : nat = + admit () + diff --git a/tests/fstar-split/arrays/Arrays.Clauses.fst b/tests/fstar-split/arrays/Arrays.Clauses.fst new file mode 100644 index 00000000..68cbf216 --- /dev/null +++ b/tests/fstar-split/arrays/Arrays.Clauses.fst @@ -0,0 +1,19 @@ +(** [array]: decreases clauses *) +module Array.Clauses +open Primitives +open Array.Types +open FStar.List.Tot + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [array::sum]: decreases clause *) +unfold +let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = + if i < length s then length s - i else 0 + +(** [array::sum2]: decreases clause *) +unfold +let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) + (i : usize) : nat = + if i < length s then length s - i else 0 + diff --git a/tests/fstar-split/arrays/Arrays.Funs.fst b/tests/fstar-split/arrays/Arrays.Funs.fst new file mode 100644 index 00000000..3efe7789 --- /dev/null +++ b/tests/fstar-split/arrays/Arrays.Funs.fst @@ -0,0 +1,445 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: function definitions *) +module Arrays.Funs +open Primitives +include Arrays.Types +include Arrays.Clauses + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::incr]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) + Source: 'src/arrays.rs', lines 8:0-8:24 *) +let incr (x : u32) : result u32 = + u32_add x 1 + +(** [arrays::array_to_shared_slice_]: forward function + Source: 'src/arrays.rs', lines 16:0-16:53 *) +let array_to_shared_slice_ (t : Type0) (s : array t 32) : result (slice t) = + array_to_slice t 32 s + +(** [arrays::array_to_mut_slice_]: forward function + Source: 'src/arrays.rs', lines 21:0-21:58 *) +let array_to_mut_slice_ (t : Type0) (s : array t 32) : result (slice t) = + array_to_slice t 32 s + +(** [arrays::array_to_mut_slice_]: backward function 0 + Source: 'src/arrays.rs', lines 21:0-21:58 *) +let array_to_mut_slice__back + (t : Type0) (s : array t 32) (ret : slice t) : result (array t 32) = + array_from_slice t 32 s ret + +(** [arrays::array_len]: forward function + Source: 'src/arrays.rs', lines 25:0-25:40 *) +let array_len (t : Type0) (s : array t 32) : result usize = + let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i + +(** [arrays::shared_array_len]: forward function + Source: 'src/arrays.rs', lines 29:0-29:48 *) +let shared_array_len (t : Type0) (s : array t 32) : result usize = + let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i + +(** [arrays::shared_slice_len]: forward function + Source: 'src/arrays.rs', lines 33:0-33:44 *) +let shared_slice_len (t : Type0) (s : slice t) : result usize = + let i = slice_len t s in Return i + +(** [arrays::index_array_shared]: forward function + Source: 'src/arrays.rs', lines 37:0-37:57 *) +let index_array_shared (t : Type0) (s : array t 32) (i : usize) : result t = + array_index_usize t 32 s i + +(** [arrays::index_array_u32]: forward function + Source: 'src/arrays.rs', lines 44:0-44:53 *) +let index_array_u32 (s : array u32 32) (i : usize) : result u32 = + array_index_usize u32 32 s i + +(** [arrays::index_array_copy]: forward function + Source: 'src/arrays.rs', lines 48:0-48:45 *) +let index_array_copy (x : array u32 32) : result u32 = + array_index_usize u32 32 x 0 + +(** [arrays::index_mut_array]: forward function + Source: 'src/arrays.rs', lines 52:0-52:62 *) +let index_mut_array (t : Type0) (s : array t 32) (i : usize) : result t = + array_index_usize t 32 s i + +(** [arrays::index_mut_array]: backward function 0 + Source: 'src/arrays.rs', lines 52:0-52:62 *) +let index_mut_array_back + (t : Type0) (s : array t 32) (i : usize) (ret : t) : result (array t 32) = + array_update_usize t 32 s i ret + +(** [arrays::index_slice]: forward function + Source: 'src/arrays.rs', lines 56:0-56:46 *) +let index_slice (t : Type0) (s : slice t) (i : usize) : result t = + slice_index_usize t s i + +(** [arrays::index_mut_slice]: forward function + Source: 'src/arrays.rs', lines 60:0-60:58 *) +let index_mut_slice (t : Type0) (s : slice t) (i : usize) : result t = + slice_index_usize t s i + +(** [arrays::index_mut_slice]: backward function 0 + Source: 'src/arrays.rs', lines 60:0-60:58 *) +let index_mut_slice_back + (t : Type0) (s : slice t) (i : usize) (ret : t) : result (slice t) = + slice_update_usize t s i ret + +(** [arrays::slice_subslice_shared_]: forward function + Source: 'src/arrays.rs', lines 64:0-64:70 *) +let slice_subslice_shared_ + (x : slice u32) (y : usize) (z : usize) : result (slice u32) = + core_slice_index_Slice_index u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + { start = y; end_ = z } + +(** [arrays::slice_subslice_mut_]: forward function + Source: 'src/arrays.rs', lines 68:0-68:75 *) +let slice_subslice_mut_ + (x : slice u32) (y : usize) (z : usize) : result (slice u32) = + core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + { start = y; end_ = z } + +(** [arrays::slice_subslice_mut_]: backward function 0 + Source: 'src/arrays.rs', lines 68:0-68:75 *) +let slice_subslice_mut__back + (x : slice u32) (y : usize) (z : usize) (ret : slice u32) : + result (slice u32) + = + core_slice_index_Slice_index_mut_back u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + { start = y; end_ = z } ret + +(** [arrays::array_to_slice_shared_]: forward function + Source: 'src/arrays.rs', lines 72:0-72:54 *) +let array_to_slice_shared_ (x : array u32 32) : result (slice u32) = + array_to_slice u32 32 x + +(** [arrays::array_to_slice_mut_]: forward function + Source: 'src/arrays.rs', lines 76:0-76:59 *) +let array_to_slice_mut_ (x : array u32 32) : result (slice u32) = + array_to_slice u32 32 x + +(** [arrays::array_to_slice_mut_]: backward function 0 + Source: 'src/arrays.rs', lines 76:0-76:59 *) +let array_to_slice_mut__back + (x : array u32 32) (ret : slice u32) : result (array u32 32) = + array_from_slice u32 32 x ret + +(** [arrays::array_subslice_shared_]: forward function + Source: 'src/arrays.rs', lines 80:0-80:74 *) +let array_subslice_shared_ + (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = + core_array_Array_index u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } + +(** [arrays::array_subslice_mut_]: forward function + Source: 'src/arrays.rs', lines 84:0-84:79 *) +let array_subslice_mut_ + (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = + core_array_Array_index_mut u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } + +(** [arrays::array_subslice_mut_]: backward function 0 + Source: 'src/arrays.rs', lines 84:0-84:79 *) +let array_subslice_mut__back + (x : array u32 32) (y : usize) (z : usize) (ret : slice u32) : + result (array u32 32) + = + core_array_Array_index_mut_back u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } ret + +(** [arrays::index_slice_0]: forward function + Source: 'src/arrays.rs', lines 88:0-88:38 *) +let index_slice_0 (t : Type0) (s : slice t) : result t = + slice_index_usize t s 0 + +(** [arrays::index_array_0]: forward function + Source: 'src/arrays.rs', lines 92:0-92:42 *) +let index_array_0 (t : Type0) (s : array t 32) : result t = + array_index_usize t 32 s 0 + +(** [arrays::index_index_array]: forward function + Source: 'src/arrays.rs', lines 103:0-103:71 *) +let index_index_array + (s : array (array u32 32) 32) (i : usize) (j : usize) : result u32 = + let* a = array_index_usize (array u32 32) 32 s i in + array_index_usize u32 32 a j + +(** [arrays::update_update_array]: forward function + Source: 'src/arrays.rs', lines 114:0-114:70 *) +let update_update_array + (s : array (array u32 32) 32) (i : usize) (j : usize) : result unit = + let* a = array_index_usize (array u32 32) 32 s i in + let* a1 = array_update_usize u32 32 a j 0 in + let* _ = array_update_usize (array u32 32) 32 s i a1 in + Return () + +(** [arrays::array_local_deep_copy]: forward function + Source: 'src/arrays.rs', lines 118:0-118:43 *) +let array_local_deep_copy (x : array u32 32) : result unit = + Return () + +(** [arrays::take_array]: forward function + Source: 'src/arrays.rs', lines 122:0-122:30 *) +let take_array (a : array u32 2) : result unit = + Return () + +(** [arrays::take_array_borrow]: forward function + Source: 'src/arrays.rs', lines 123:0-123:38 *) +let take_array_borrow (a : array u32 2) : result unit = + Return () + +(** [arrays::take_slice]: forward function + Source: 'src/arrays.rs', lines 124:0-124:28 *) +let take_slice (s : slice u32) : result unit = + Return () + +(** [arrays::take_mut_slice]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) + Source: 'src/arrays.rs', lines 125:0-125:36 *) +let take_mut_slice (s : slice u32) : result (slice u32) = + Return s + +(** [arrays::const_array]: forward function + Source: 'src/arrays.rs', lines 127:0-127:32 *) +let const_array : result (array u32 2) = + Return (mk_array u32 2 [ 0; 0 ]) + +(** [arrays::const_slice]: forward function + Source: 'src/arrays.rs', lines 131:0-131:20 *) +let const_slice : result unit = + let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Return () + +(** [arrays::take_all]: forward function + Source: 'src/arrays.rs', lines 141:0-141:17 *) +let take_all : result unit = + let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in + let* _ = take_array_borrow (mk_array u32 2 [ 0; 0 ]) in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* _ = take_slice s in + let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* s2 = take_mut_slice s1 in + let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in + Return () + +(** [arrays::index_array]: forward function + Source: 'src/arrays.rs', lines 155:0-155:38 *) +let index_array (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::index_array_borrow]: forward function + Source: 'src/arrays.rs', lines 158:0-158:46 *) +let index_array_borrow (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::index_slice_u32_0]: forward function + Source: 'src/arrays.rs', lines 162:0-162:42 *) +let index_slice_u32_0 (x : slice u32) : result u32 = + slice_index_usize u32 x 0 + +(** [arrays::index_mut_slice_u32_0]: forward function + Source: 'src/arrays.rs', lines 166:0-166:50 *) +let index_mut_slice_u32_0 (x : slice u32) : result u32 = + slice_index_usize u32 x 0 + +(** [arrays::index_mut_slice_u32_0]: backward function 0 + Source: 'src/arrays.rs', lines 166:0-166:50 *) +let index_mut_slice_u32_0_back (x : slice u32) : result (slice u32) = + let* _ = slice_index_usize u32 x 0 in Return x + +(** [arrays::index_all]: forward function + Source: 'src/arrays.rs', lines 170:0-170:25 *) +let index_all : result u32 = + let* i = index_array (mk_array u32 2 [ 0; 0 ]) in + let* i1 = index_array (mk_array u32 2 [ 0; 0 ]) in + let* i2 = u32_add i i1 in + let* i3 = index_array_borrow (mk_array u32 2 [ 0; 0 ]) in + let* i4 = u32_add i2 i3 in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* i5 = index_slice_u32_0 s in + let* i6 = u32_add i4 i5 in + let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* i7 = index_mut_slice_u32_0 s1 in + let* i8 = u32_add i6 i7 in + let* s2 = index_mut_slice_u32_0_back s1 in + let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in + Return i8 + +(** [arrays::update_array]: forward function + Source: 'src/arrays.rs', lines 184:0-184:36 *) +let update_array (x : array u32 2) : result unit = + let* _ = array_update_usize u32 2 x 0 1 in Return () + +(** [arrays::update_array_mut_borrow]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) + Source: 'src/arrays.rs', lines 187:0-187:48 *) +let update_array_mut_borrow (x : array u32 2) : result (array u32 2) = + array_update_usize u32 2 x 0 1 + +(** [arrays::update_mut_slice]: merged forward/backward function + (there is a single backward function, and the forward function returns ()) + Source: 'src/arrays.rs', lines 190:0-190:38 *) +let update_mut_slice (x : slice u32) : result (slice u32) = + slice_update_usize u32 x 0 1 + +(** [arrays::update_all]: forward function + Source: 'src/arrays.rs', lines 194:0-194:19 *) +let update_all : result unit = + let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in + let* x = update_array_mut_borrow (mk_array u32 2 [ 0; 0 ]) in + let* s = array_to_slice u32 2 x in + let* s1 = update_mut_slice s in + let* _ = array_from_slice u32 2 x s1 in + Return () + +(** [arrays::range_all]: forward function + Source: 'src/arrays.rs', lines 205:0-205:18 *) +let range_all : result unit = + let* s = + core_array_Array_index_mut u32 (core_ops_range_Range usize) 4 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) + (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } in + let* s1 = update_mut_slice s in + let* _ = + core_array_Array_index_mut_back u32 (core_ops_range_Range usize) 4 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) + (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } s1 in + Return () + +(** [arrays::deref_array_borrow]: forward function + Source: 'src/arrays.rs', lines 214:0-214:46 *) +let deref_array_borrow (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::deref_array_mut_borrow]: forward function + Source: 'src/arrays.rs', lines 219:0-219:54 *) +let deref_array_mut_borrow (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::deref_array_mut_borrow]: backward function 0 + Source: 'src/arrays.rs', lines 219:0-219:54 *) +let deref_array_mut_borrow_back (x : array u32 2) : result (array u32 2) = + let* _ = array_index_usize u32 2 x 0 in Return x + +(** [arrays::take_array_t]: forward function + Source: 'src/arrays.rs', lines 227:0-227:31 *) +let take_array_t (a : array aB_t 2) : result unit = + Return () + +(** [arrays::non_copyable_array]: forward function + Source: 'src/arrays.rs', lines 229:0-229:27 *) +let non_copyable_array : result unit = + let* _ = take_array_t (mk_array aB_t 2 [ AB_A; AB_B ]) in Return () + +(** [arrays::sum]: loop 0: forward function + Source: 'src/arrays.rs', lines 242:0-250:1 *) +let rec sum_loop + (s : slice u32) (sum1 : u32) (i : usize) : + Tot (result u32) (decreases (sum_loop_decreases s sum1 i)) + = + let i1 = slice_len u32 s in + if i < i1 + then + let* i2 = slice_index_usize u32 s i in + let* sum3 = u32_add sum1 i2 in + let* i3 = usize_add i 1 in + sum_loop s sum3 i3 + else Return sum1 + +(** [arrays::sum]: forward function + Source: 'src/arrays.rs', lines 242:0-242:28 *) +let sum (s : slice u32) : result u32 = + sum_loop s 0 0 + +(** [arrays::sum2]: loop 0: forward function + Source: 'src/arrays.rs', lines 252:0-261:1 *) +let rec sum2_loop + (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : + Tot (result u32) (decreases (sum2_loop_decreases s s2 sum1 i)) + = + let i1 = slice_len u32 s in + if i < i1 + then + let* i2 = slice_index_usize u32 s i in + let* i3 = slice_index_usize u32 s2 i in + let* i4 = u32_add i2 i3 in + let* sum3 = u32_add sum1 i4 in + let* i5 = usize_add i 1 in + sum2_loop s s2 sum3 i5 + else Return sum1 + +(** [arrays::sum2]: forward function + Source: 'src/arrays.rs', lines 252:0-252:41 *) +let sum2 (s : slice u32) (s2 : slice u32) : result u32 = + let i = slice_len u32 s in + let i1 = slice_len u32 s2 in + if not (i = i1) then Fail Failure else sum2_loop s s2 0 0 + +(** [arrays::f0]: forward function + Source: 'src/arrays.rs', lines 263:0-263:11 *) +let f0 : result unit = + let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in + let* s1 = slice_update_usize u32 s 0 1 in + let* _ = array_from_slice u32 2 (mk_array u32 2 [ 1; 2 ]) s1 in + Return () + +(** [arrays::f1]: forward function + Source: 'src/arrays.rs', lines 268:0-268:11 *) +let f1 : result unit = + let* _ = array_update_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 1 in Return () + +(** [arrays::f2]: forward function + Source: 'src/arrays.rs', lines 273:0-273:17 *) +let f2 (i : u32) : result unit = + Return () + +(** [arrays::f4]: forward function + Source: 'src/arrays.rs', lines 282:0-282:54 *) +let f4 (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = + core_array_Array_index u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } + +(** [arrays::f3]: forward function + Source: 'src/arrays.rs', lines 275:0-275:18 *) +let f3 : result u32 = + let* i = array_index_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in + let* _ = f2 i in + let b = array_repeat u32 32 0 in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in + let* s1 = f4 b 16 18 in + sum2 s s1 + +(** [arrays::SZ] + Source: 'src/arrays.rs', lines 286:0-286:19 *) +let sz_body : result usize = Return 32 +let sz_c : usize = eval_global sz_body + +(** [arrays::f5]: forward function + Source: 'src/arrays.rs', lines 289:0-289:31 *) +let f5 (x : array u32 32) : result u32 = + array_index_usize u32 32 x 0 + +(** [arrays::ite]: forward function + Source: 'src/arrays.rs', lines 294:0-294:12 *) +let ite : result unit = + let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* s1 = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* s2 = index_mut_slice_u32_0_back s1 in + let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s2 in + let* s3 = index_mut_slice_u32_0_back s in + let* _ = array_from_slice u32 2 (mk_array u32 2 [ 0; 0 ]) s3 in + Return () + diff --git a/tests/fstar-split/arrays/Arrays.Types.fst b/tests/fstar-split/arrays/Arrays.Types.fst new file mode 100644 index 00000000..d3596e92 --- /dev/null +++ b/tests/fstar-split/arrays/Arrays.Types.fst @@ -0,0 +1,11 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: type definitions *) +module Arrays.Types +open Primitives + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::AB] + Source: 'src/arrays.rs', lines 3:0-3:11 *) +type aB_t = | AB_A : aB_t | AB_B : aB_t + diff --git a/tests/fstar-split/arrays/Makefile b/tests/fstar-split/arrays/Makefile new file mode 100644 index 00000000..fa7d1f36 --- /dev/null +++ b/tests/fstar-split/arrays/Makefile @@ -0,0 +1,49 @@ +# This file was automatically generated - modify ../Makefile.template instead +INCLUDE_DIRS = . + +FSTAR_INCLUDES = $(addprefix --include ,$(INCLUDE_DIRS)) + +FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints + +FSTAR_OPTIONS = $(FSTAR_HINTS) \ + --cache_checked_modules $(FSTAR_INCLUDES) --cmi \ + --warn_error '+241@247+285-274' \ + +FSTAR_EXE ?= fstar.exe +FSTAR_NO_FLAGS = $(FSTAR_EXE) --already_cached 'Prims FStar LowStar Steel' --odir obj --cache_dir obj + +FSTAR = $(FSTAR_NO_FLAGS) $(FSTAR_OPTIONS) + +# The F* roots are used to compute the dependency graph, and generate the .depend file +FSTAR_ROOTS ?= $(wildcard *.fst *.fsti) + +# Build all the files +all: $(addprefix obj/,$(addsuffix .checked,$(FSTAR_ROOTS))) + +# This is the right way to ensure the .depend file always gets re-built. +ifeq (,$(filter %-in,$(MAKECMDGOALS))) +ifndef NODEPEND +ifndef MAKE_RESTARTS +.depend: .FORCE + $(FSTAR_NO_FLAGS) --dep full $(notdir $(FSTAR_ROOTS)) > $@ + +.PHONY: .FORCE +.FORCE: +endif +endif + +include .depend +endif + +# For the interactive mode +%.fst-in %.fsti-in: + @echo $(FSTAR_OPTIONS) + +# Generete the .checked files in batch mode +%.checked: + $(FSTAR) $(FSTAR_OPTIONS) $< && \ + touch -c $@ + +.PHONY: clean +clean: + rm -f obj/* diff --git a/tests/fstar-split/arrays/Primitives.fst b/tests/fstar-split/arrays/Primitives.fst new file mode 100644 index 00000000..a3ffbde4 --- /dev/null +++ b/tests/fstar-split/arrays/Primitives.fst @@ -0,0 +1,884 @@ +/// This file lists primitive and assumed functions and types +module Primitives +open FStar.Mul +open FStar.List.Tot + +#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" + +(*** Utilities *) +val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : + ls':list a{ + length ls' = length ls /\ + index ls' i == x + } +#push-options "--fuel 1" +let rec list_update #a ls i x = + match ls with + | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x +#pop-options + +(*** Result *) +type error : Type0 = +| Failure +| OutOfFuel + +type result (a : Type0) : Type0 = +| Return : v:a -> result a +| Fail : e:error -> result a + +// Monadic return operator +unfold let return (#a : Type0) (x : a) : result a = Return x + +// Monadic bind operator. +// Allows to use the notation: +// ``` +// let* x = y in +// ... +// ``` +unfold let (let*) (#a #b : Type0) (m: result a) + (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + result b = + match m with + | Return x -> f x + | Fail e -> Fail e + +// Monadic assert(...) +let massert (b:bool) : result unit = if b then Return () else Fail Failure + +// Normalize and unwrap a successful result (used for globals). +let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x + +(*** Misc *) +type char = FStar.Char.char +type string = string + +let is_zero (n: nat) : bool = n = 0 +let decrease (n: nat{n > 0}) : nat = n - 1 + +let core_mem_replace (a : Type0) (x : a) (y : a) : a = x +let core_mem_replace_back (a : Type0) (x : a) (y : a) : a = y + +// We don't really use raw pointers for now +type mut_raw_ptr (t : Type0) = { v : t } +type const_raw_ptr (t : Type0) = { v : t } + +(*** Scalars *) +/// Rem.: most of the following code was partially generated + +assume val size_numbits : pos + +// TODO: we could use FStar.Int.int_t and FStar.UInt.int_t + +let isize_min : int = -9223372036854775808 // TODO: should be opaque +let isize_max : int = 9223372036854775807 // TODO: should be opaque +let i8_min : int = -128 +let i8_max : int = 127 +let i16_min : int = -32768 +let i16_max : int = 32767 +let i32_min : int = -2147483648 +let i32_max : int = 2147483647 +let i64_min : int = -9223372036854775808 +let i64_max : int = 9223372036854775807 +let i128_min : int = -170141183460469231731687303715884105728 +let i128_max : int = 170141183460469231731687303715884105727 +let usize_min : int = 0 +let usize_max : int = 4294967295 // TODO: should be opaque +let u8_min : int = 0 +let u8_max : int = 255 +let u16_min : int = 0 +let u16_max : int = 65535 +let u32_min : int = 0 +let u32_max : int = 4294967295 +let u64_min : int = 0 +let u64_max : int = 18446744073709551615 +let u128_min : int = 0 +let u128_max : int = 340282366920938463463374607431768211455 + +type scalar_ty = +| Isize +| I8 +| I16 +| I32 +| I64 +| I128 +| Usize +| U8 +| U16 +| U32 +| U64 +| U128 + +let is_unsigned = function + | Isize | I8 | I16 | I32 | I64 | I128 -> false + | Usize | U8 | U16 | U32 | U64 | U128 -> true + +let scalar_min (ty : scalar_ty) : int = + match ty with + | Isize -> isize_min + | I8 -> i8_min + | I16 -> i16_min + | I32 -> i32_min + | I64 -> i64_min + | I128 -> i128_min + | Usize -> usize_min + | U8 -> u8_min + | U16 -> u16_min + | U32 -> u32_min + | U64 -> u64_min + | U128 -> u128_min + +let scalar_max (ty : scalar_ty) : int = + match ty with + | Isize -> isize_max + | I8 -> i8_max + | I16 -> i16_max + | I32 -> i32_max + | I64 -> i64_max + | I128 -> i128_max + | Usize -> usize_max + | U8 -> u8_max + | U16 -> u16_max + | U32 -> u32_max + | U64 -> u64_max + | U128 -> u128_max + +type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} + +let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = + if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + +let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) + +let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (x / y) else Fail Failure + +/// The remainder operation +let int_rem (x : int) (y : int{y <> 0}) : int = + if x >= 0 then (x % y) else -(x % y) + +(* Checking consistency with Rust *) +let _ = assert_norm(int_rem 1 2 = 1) +let _ = assert_norm(int_rem (-1) 2 = -1) +let _ = assert_norm(int_rem 1 (-2) = 1) +let _ = assert_norm(int_rem (-1) (-2) = -1) + +let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (int_rem x y) else Fail Failure + +let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x + y) + +let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x - y) + +let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x * y) + +let scalar_xor (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logxor #8 x y + | U16 -> FStar.UInt.logxor #16 x y + | U32 -> FStar.UInt.logxor #32 x y + | U64 -> FStar.UInt.logxor #64 x y + | U128 -> FStar.UInt.logxor #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logxor #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logxor #16 x y + | I32 -> FStar.Int.logxor #32 x y + | I64 -> FStar.Int.logxor #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logxor #128 x y + | Isize -> admit() // TODO + +let scalar_or (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logor #8 x y + | U16 -> FStar.UInt.logor #16 x y + | U32 -> FStar.UInt.logor #32 x y + | U64 -> FStar.UInt.logor #64 x y + | U128 -> FStar.UInt.logor #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logor #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logor #16 x y + | I32 -> FStar.Int.logor #32 x y + | I64 -> FStar.Int.logor #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logor #128 x y + | Isize -> admit() // TODO + +let scalar_and (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logand #8 x y + | U16 -> FStar.UInt.logand #16 x y + | U32 -> FStar.UInt.logand #32 x y + | U64 -> FStar.UInt.logand #64 x y + | U128 -> FStar.UInt.logand #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logand #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logand #16 x y + | I32 -> FStar.Int.logand #32 x y + | I64 -> FStar.Int.logand #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logand #128 x y + | Isize -> admit() // TODO + +// Shift left +let scalar_shl (#ty0 #ty1 : scalar_ty) + (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = + admit() + +// Shift right +let scalar_shr (#ty0 #ty1 : scalar_ty) + (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = + admit() + +(** Cast an integer from a [src_ty] to a [tgt_ty] *) +// TODO: check the semantics of casts in Rust +let scalar_cast (src_ty : scalar_ty) (tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) = + mk_scalar tgt_ty x + +// This can't fail, but for now we make all casts faillible (easier for the translation) +let scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) = + mk_scalar tgt_ty (if x then 1 else 0) + +/// The scalar types +type isize : eqtype = scalar Isize +type i8 : eqtype = scalar I8 +type i16 : eqtype = scalar I16 +type i32 : eqtype = scalar I32 +type i64 : eqtype = scalar I64 +type i128 : eqtype = scalar I128 +type usize : eqtype = scalar Usize +type u8 : eqtype = scalar U8 +type u16 : eqtype = scalar U16 +type u32 : eqtype = scalar U32 +type u64 : eqtype = scalar U64 +type u128 : eqtype = scalar U128 + + +let core_isize_min : isize = isize_min +let core_isize_max : isize = isize_max +let core_i8_min : i8 = i8_min +let core_i8_max : i8 = i8_max +let core_i16_min : i16 = i16_min +let core_i16_max : i16 = i16_max +let core_i32_min : i32 = i32_min +let core_i32_max : i32 = i32_max +let core_i64_min : i64 = i64_min +let core_i64_max : i64 = i64_max +let core_i128_min : i128 = i128_min +let core_i128_max : i128 = i128_max + +let core_usize_min : usize = usize_min +let core_usize_max : usize = usize_max +let core_u8_min : u8 = u8_min +let core_u8_max : u8 = u8_max +let core_u16_min : u16 = u16_min +let core_u16_max : u16 = u16_max +let core_u32_min : u32 = u32_min +let core_u32_max : u32 = u32_max +let core_u64_min : u64 = u64_min +let core_u64_max : u64 = u64_max +let core_u128_min : u128 = u128_min +let core_u128_max : u128 = u128_max + +/// Negation +let isize_neg = scalar_neg #Isize +let i8_neg = scalar_neg #I8 +let i16_neg = scalar_neg #I16 +let i32_neg = scalar_neg #I32 +let i64_neg = scalar_neg #I64 +let i128_neg = scalar_neg #I128 + +/// Division +let isize_div = scalar_div #Isize +let i8_div = scalar_div #I8 +let i16_div = scalar_div #I16 +let i32_div = scalar_div #I32 +let i64_div = scalar_div #I64 +let i128_div = scalar_div #I128 +let usize_div = scalar_div #Usize +let u8_div = scalar_div #U8 +let u16_div = scalar_div #U16 +let u32_div = scalar_div #U32 +let u64_div = scalar_div #U64 +let u128_div = scalar_div #U128 + +/// Remainder +let isize_rem = scalar_rem #Isize +let i8_rem = scalar_rem #I8 +let i16_rem = scalar_rem #I16 +let i32_rem = scalar_rem #I32 +let i64_rem = scalar_rem #I64 +let i128_rem = scalar_rem #I128 +let usize_rem = scalar_rem #Usize +let u8_rem = scalar_rem #U8 +let u16_rem = scalar_rem #U16 +let u32_rem = scalar_rem #U32 +let u64_rem = scalar_rem #U64 +let u128_rem = scalar_rem #U128 + +/// Addition +let isize_add = scalar_add #Isize +let i8_add = scalar_add #I8 +let i16_add = scalar_add #I16 +let i32_add = scalar_add #I32 +let i64_add = scalar_add #I64 +let i128_add = scalar_add #I128 +let usize_add = scalar_add #Usize +let u8_add = scalar_add #U8 +let u16_add = scalar_add #U16 +let u32_add = scalar_add #U32 +let u64_add = scalar_add #U64 +let u128_add = scalar_add #U128 + +/// Subtraction +let isize_sub = scalar_sub #Isize +let i8_sub = scalar_sub #I8 +let i16_sub = scalar_sub #I16 +let i32_sub = scalar_sub #I32 +let i64_sub = scalar_sub #I64 +let i128_sub = scalar_sub #I128 +let usize_sub = scalar_sub #Usize +let u8_sub = scalar_sub #U8 +let u16_sub = scalar_sub #U16 +let u32_sub = scalar_sub #U32 +let u64_sub = scalar_sub #U64 +let u128_sub = scalar_sub #U128 + +/// Multiplication +let isize_mul = scalar_mul #Isize +let i8_mul = scalar_mul #I8 +let i16_mul = scalar_mul #I16 +let i32_mul = scalar_mul #I32 +let i64_mul = scalar_mul #I64 +let i128_mul = scalar_mul #I128 +let usize_mul = scalar_mul #Usize +let u8_mul = scalar_mul #U8 +let u16_mul = scalar_mul #U16 +let u32_mul = scalar_mul #U32 +let u64_mul = scalar_mul #U64 +let u128_mul = scalar_mul #U128 + +/// Xor +let u8_xor = scalar_xor #U8 +let u16_xor = scalar_xor #U16 +let u32_xor = scalar_xor #U32 +let u64_xor = scalar_xor #U64 +let u128_xor = scalar_xor #U128 +let usize_xor = scalar_xor #Usize +let i8_xor = scalar_xor #I8 +let i16_xor = scalar_xor #I16 +let i32_xor = scalar_xor #I32 +let i64_xor = scalar_xor #I64 +let i128_xor = scalar_xor #I128 +let isize_xor = scalar_xor #Isize + +/// Or +let u8_or = scalar_or #U8 +let u16_or = scalar_or #U16 +let u32_or = scalar_or #U32 +let u64_or = scalar_or #U64 +let u128_or = scalar_or #U128 +let usize_or = scalar_or #Usize +let i8_or = scalar_or #I8 +let i16_or = scalar_or #I16 +let i32_or = scalar_or #I32 +let i64_or = scalar_or #I64 +let i128_or = scalar_or #I128 +let isize_or = scalar_or #Isize + +/// And +let u8_and = scalar_and #U8 +let u16_and = scalar_and #U16 +let u32_and = scalar_and #U32 +let u64_and = scalar_and #U64 +let u128_and = scalar_and #U128 +let usize_and = scalar_and #Usize +let i8_and = scalar_and #I8 +let i16_and = scalar_and #I16 +let i32_and = scalar_and #I32 +let i64_and = scalar_and #I64 +let i128_and = scalar_and #I128 +let isize_and = scalar_and #Isize + +/// Shift left +let u8_shl #ty = scalar_shl #U8 #ty +let u16_shl #ty = scalar_shl #U16 #ty +let u32_shl #ty = scalar_shl #U32 #ty +let u64_shl #ty = scalar_shl #U64 #ty +let u128_shl #ty = scalar_shl #U128 #ty +let usize_shl #ty = scalar_shl #Usize #ty +let i8_shl #ty = scalar_shl #I8 #ty +let i16_shl #ty = scalar_shl #I16 #ty +let i32_shl #ty = scalar_shl #I32 #ty +let i64_shl #ty = scalar_shl #I64 #ty +let i128_shl #ty = scalar_shl #I128 #ty +let isize_shl #ty = scalar_shl #Isize #ty + +/// Shift right +let u8_shr #ty = scalar_shr #U8 #ty +let u16_shr #ty = scalar_shr #U16 #ty +let u32_shr #ty = scalar_shr #U32 #ty +let u64_shr #ty = scalar_shr #U64 #ty +let u128_shr #ty = scalar_shr #U128 #ty +let usize_shr #ty = scalar_shr #Usize #ty +let i8_shr #ty = scalar_shr #I8 #ty +let i16_shr #ty = scalar_shr #I16 #ty +let i32_shr #ty = scalar_shr #I32 #ty +let i64_shr #ty = scalar_shr #I64 #ty +let i128_shr #ty = scalar_shr #I128 #ty +let isize_shr #ty = scalar_shr #Isize #ty + +(*** core::ops *) + +// Trait declaration: [core::ops::index::Index] +noeq type core_ops_index_Index (self idx : Type0) = { + output : Type0; + index : self → idx → result output +} + +// Trait declaration: [core::ops::index::IndexMut] +noeq type core_ops_index_IndexMut (self idx : Type0) = { + indexInst : core_ops_index_Index self idx; + index_mut : self → idx → result indexInst.output; + index_mut_back : self → idx → indexInst.output → result self; +} + +// Trait declaration [core::ops::deref::Deref] +noeq type core_ops_deref_Deref (self : Type0) = { + target : Type0; + deref : self → result target; +} + +// Trait declaration [core::ops::deref::DerefMut] +noeq type core_ops_deref_DerefMut (self : Type0) = { + derefInst : core_ops_deref_Deref self; + deref_mut : self → result derefInst.target; + deref_mut_back : self → derefInst.target → result self; +} + +type core_ops_range_Range (a : Type0) = { + start : a; + end_ : a; +} + +(*** [alloc] *) + +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref_mut_back (t : Type) (_ : t) (x : t) : result t = Return x + +// Trait instance +let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { + target = self; + deref = alloc_boxed_Box_deref self; +} + +// Trait instance +let alloc_boxed_Box_coreopsDerefMutInst (self : Type0) : core_ops_deref_DerefMut self = { + derefInst = alloc_boxed_Box_coreopsDerefInst self; + deref_mut = alloc_boxed_Box_deref_mut self; + deref_mut_back = alloc_boxed_Box_deref_mut_back self; +} + +(*** Array *) +type array (a : Type0) (n : usize) = s:list a{length s = n} + +// We tried putting the normalize_term condition as a refinement on the list +// but it didn't work. It works with the requires clause. +let mk_array (a : Type0) (n : usize) + (l : list a) : + Pure (array a n) + (requires (normalize_term(FStar.List.Tot.length l) = n)) + (ensures (fun _ -> True)) = + normalize_term_spec (FStar.List.Tot.length l); + l + +let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = + if i < length x then Return (index x i) + else Fail Failure + +let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : result (array a n) = + if i < length x then Return (list_update x i nx) + else Fail Failure + +(*** Slice *) +type slice (a : Type0) = s:list a{length s <= usize_max} + +let slice_len (a : Type0) (s : slice a) : usize = length s + +let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = + if i < length x then Return (index x i) + else Fail Failure + +let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = + if i < length x then Return (list_update x i nx) + else Fail Failure + +(*** Subslices *) + +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = + if length s = n then Return s + else Fail Failure + +// TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) +let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = + admit() + +let array_update_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) (ns : slice a) : result (array a n) = + admit() + +let array_repeat (a : Type0) (n : usize) (x : a) : array a n = + admit() + +let slice_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) : result (slice a) = + admit() + +let slice_update_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) (ns : slice a) : result (slice a) = + admit() + +(*** Vector *) +type alloc_vec_Vec (a : Type0) = v:list a{length v <= usize_max} + +let alloc_vec_Vec_new (a : Type0) : alloc_vec_Vec a = assert_norm(length #a [] == 0); [] +let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v + +// Helper +let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail Failure +// Helper +let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = + if i < length v then Return (list_update v i x) else Fail Failure + +// The **forward** function shouldn't be used +let alloc_vec_Vec_push_fwd (a : Type0) (v : alloc_vec_Vec a) (x : a) : unit = () +let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : + Pure (result (alloc_vec_Vec a)) + (requires True) + (ensures (fun res -> + match res with + | Fail e -> e == Failure + | Return v' -> length v' = length v + 1)) = + if length v < usize_max then begin + (**) assert_norm(length [x] == 1); + (**) append_length v [x]; + (**) assert(length (append v [x]) = length v + 1); + Return (append v [x]) + end + else Fail Failure + +// The **forward** function shouldn't be used +let alloc_vec_Vec_insert_fwd (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result unit = + if i < length v then Return () else Fail Failure +let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = + if i < length v then Return (list_update v i x) else Fail Failure + +// Trait declaration: [core::slice::index::private_slice_index::Sealed] +type core_slice_index_private_slice_index_Sealed (self : Type0) = unit + +// Trait declaration: [core::slice::index::SliceIndex] +noeq type core_slice_index_SliceIndex (self t : Type0) = { + sealedInst : core_slice_index_private_slice_index_Sealed self; + output : Type0; + get : self → t → result (option output); + get_mut : self → t → result (option output); + get_mut_back : self → t → option output → result t; + get_unchecked : self → const_raw_ptr t → result (const_raw_ptr output); + get_unchecked_mut : self → mut_raw_ptr t → result (mut_raw_ptr output); + index : self → t → result output; + index_mut : self → t → result output; + index_mut_back : self → t → output → result t; +} + +// [core::slice::index::[T]::index]: forward function +let core_slice_index_Slice_index + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (s : slice t) (i : idx) : result inst.output = + let* x = inst.get i s in + match x with + | None -> Fail Failure + | Some x -> Return x + +// [core::slice::index::Range:::get]: forward function +let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : + result (option (slice t)) = + admit () // TODO + +// [core::slice::index::Range::get_mut]: forward function +let core_slice_index_RangeUsize_get_mut + (t : Type0) : core_ops_range_Range usize → slice t → result (option (slice t)) = + admit () // TODO + +// [core::slice::index::Range::get_mut]: backward function 0 +let core_slice_index_RangeUsize_get_mut_back + (t : Type0) : + core_ops_range_Range usize → slice t → option (slice t) → result (slice t) = + admit () // TODO + +// [core::slice::index::Range::get_unchecked]: forward function +let core_slice_index_RangeUsize_get_unchecked + (t : Type0) : + core_ops_range_Range usize → const_raw_ptr (slice t) → result (const_raw_ptr (slice t)) = + // Don't know what the model should be - for now we always fail to make + // sure code which uses it fails + fun _ _ -> Fail Failure + +// [core::slice::index::Range::get_unchecked_mut]: forward function +let core_slice_index_RangeUsize_get_unchecked_mut + (t : Type0) : + core_ops_range_Range usize → mut_raw_ptr (slice t) → result (mut_raw_ptr (slice t)) = + // Don't know what the model should be - for now we always fail to make + // sure code which uses it fails + fun _ _ -> Fail Failure + +// [core::slice::index::Range::index]: forward function +let core_slice_index_RangeUsize_index + (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = + admit () // TODO + +// [core::slice::index::Range::index_mut]: forward function +let core_slice_index_RangeUsize_index_mut + (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = + admit () // TODO + +// [core::slice::index::Range::index_mut]: backward function 0 +let core_slice_index_RangeUsize_index_mut_back + (t : Type0) : core_ops_range_Range usize → slice t → slice t → result (slice t) = + admit () // TODO + +// [core::slice::index::[T]::index_mut]: forward function +let core_slice_index_Slice_index_mut + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : + slice t → idx → result inst.output = + admit () // + +// [core::slice::index::[T]::index_mut]: backward function 0 +let core_slice_index_Slice_index_mut_back + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : + slice t → idx → inst.output → result (slice t) = + admit () // TODO + +// [core::array::[T; N]::index]: forward function +let core_array_Array_index + (t idx : Type0) (n : usize) (inst : core_ops_index_Index (slice t) idx) + (a : array t n) (i : idx) : result inst.output = + admit () // TODO + +// [core::array::[T; N]::index_mut]: forward function +let core_array_Array_index_mut + (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) + (a : array t n) (i : idx) : result inst.indexInst.output = + admit () // TODO + +// [core::array::[T; N]::index_mut]: backward function 0 +let core_array_Array_index_mut_back + (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) + (a : array t n) (i : idx) (x : inst.indexInst.output) : result (array t n) = + admit () // TODO + +// Trait implementation: [core::slice::index::private_slice_index::Range] +let core_slice_index_private_slice_index_SealedRangeUsizeInst + : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) = () + +// Trait implementation: [core::slice::index::Range] +let core_slice_index_SliceIndexRangeUsizeSliceTInst (t : Type0) : + core_slice_index_SliceIndex (core_ops_range_Range usize) (slice t) = { + sealedInst = core_slice_index_private_slice_index_SealedRangeUsizeInst; + output = slice t; + get = core_slice_index_RangeUsize_get t; + get_mut = core_slice_index_RangeUsize_get_mut t; + get_mut_back = core_slice_index_RangeUsize_get_mut_back t; + get_unchecked = core_slice_index_RangeUsize_get_unchecked t; + get_unchecked_mut = core_slice_index_RangeUsize_get_unchecked_mut t; + index = core_slice_index_RangeUsize_index t; + index_mut = core_slice_index_RangeUsize_index_mut t; + index_mut_back = core_slice_index_RangeUsize_index_mut_back t; +} + +// Trait implementation: [core::slice::index::[T]] +let core_ops_index_IndexSliceTIInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_Index (slice t) idx = { + output = inst.output; + index = core_slice_index_Slice_index t idx inst; +} + +// Trait implementation: [core::slice::index::[T]] +let core_ops_index_IndexMutSliceTIInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_IndexMut (slice t) idx = { + indexInst = core_ops_index_IndexSliceTIInst t idx inst; + index_mut = core_slice_index_Slice_index_mut t idx inst; + index_mut_back = core_slice_index_Slice_index_mut_back t idx inst; +} + +// Trait implementation: [core::array::[T; N]] +let core_ops_index_IndexArrayInst (t idx : Type0) (n : usize) + (inst : core_ops_index_Index (slice t) idx) : + core_ops_index_Index (array t n) idx = { + output = inst.output; + index = core_array_Array_index t idx n inst; +} + +// Trait implementation: [core::array::[T; N]] +let core_ops_index_IndexMutArrayIInst (t idx : Type0) (n : usize) + (inst : core_ops_index_IndexMut (slice t) idx) : + core_ops_index_IndexMut (array t n) idx = { + indexInst = core_ops_index_IndexArrayInst t idx n inst.indexInst; + index_mut = core_array_Array_index_mut t idx n inst; + index_mut_back = core_array_Array_index_mut_back t idx n inst; +} + +// [core::slice::index::usize::get]: forward function +let core_slice_index_usize_get + (t : Type0) : usize → slice t → result (option t) = + admit () // TODO + +// [core::slice::index::usize::get_mut]: forward function +let core_slice_index_usize_get_mut + (t : Type0) : usize → slice t → result (option t) = + admit () // TODO + +// [core::slice::index::usize::get_mut]: backward function 0 +let core_slice_index_usize_get_mut_back + (t : Type0) : usize → slice t → option t → result (slice t) = + admit () // TODO + +// [core::slice::index::usize::get_unchecked]: forward function +let core_slice_index_usize_get_unchecked + (t : Type0) : usize → const_raw_ptr (slice t) → result (const_raw_ptr t) = + admit () // TODO + +// [core::slice::index::usize::get_unchecked_mut]: forward function +let core_slice_index_usize_get_unchecked_mut + (t : Type0) : usize → mut_raw_ptr (slice t) → result (mut_raw_ptr t) = + admit () // TODO + +// [core::slice::index::usize::index]: forward function +let core_slice_index_usize_index (t : Type0) : usize → slice t → result t = + admit () // TODO + +// [core::slice::index::usize::index_mut]: forward function +let core_slice_index_usize_index_mut (t : Type0) : usize → slice t → result t = + admit () // TODO + +// [core::slice::index::usize::index_mut]: backward function 0 +let core_slice_index_usize_index_mut_back + (t : Type0) : usize → slice t → t → result (slice t) = + admit () // TODO + +// Trait implementation: [core::slice::index::private_slice_index::usize] +let core_slice_index_private_slice_index_SealedUsizeInst + : core_slice_index_private_slice_index_Sealed usize = () + +// Trait implementation: [core::slice::index::usize] +let core_slice_index_SliceIndexUsizeSliceTInst (t : Type0) : + core_slice_index_SliceIndex usize (slice t) = { + sealedInst = core_slice_index_private_slice_index_SealedUsizeInst; + output = t; + get = core_slice_index_usize_get t; + get_mut = core_slice_index_usize_get_mut t; + get_mut_back = core_slice_index_usize_get_mut_back t; + get_unchecked = core_slice_index_usize_get_unchecked t; + get_unchecked_mut = core_slice_index_usize_get_unchecked_mut t; + index = core_slice_index_usize_index t; + index_mut = core_slice_index_usize_index_mut t; + index_mut_back = core_slice_index_usize_index_mut_back t; +} + +// [alloc::vec::Vec::index]: forward function +let alloc_vec_Vec_index (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (self : alloc_vec_Vec t) (i : idx) : result inst.output = + admit () // TODO + +// [alloc::vec::Vec::index_mut]: forward function +let alloc_vec_Vec_index_mut (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (self : alloc_vec_Vec t) (i : idx) : result inst.output = + admit () // TODO + +// [alloc::vec::Vec::index_mut]: backward function 0 +let alloc_vec_Vec_index_mut_back + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (self : alloc_vec_Vec t) (i : idx) (x : inst.output) : result (alloc_vec_Vec t) = + admit () // TODO + +// Trait implementation: [alloc::vec::Vec] +let alloc_vec_Vec_coreopsindexIndexInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_Index (alloc_vec_Vec t) idx = { + output = inst.output; + index = alloc_vec_Vec_index t idx inst; +} + +// Trait implementation: [alloc::vec::Vec] +let alloc_vec_Vec_coreopsindexIndexMutInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_IndexMut (alloc_vec_Vec t) idx = { + indexInst = alloc_vec_Vec_coreopsindexIndexInst t idx inst; + index_mut = alloc_vec_Vec_index_mut t idx inst; + index_mut_back = alloc_vec_Vec_index_mut_back t idx inst; +} + +(*** Theorems *) + +let alloc_vec_Vec_index_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : + Lemma ( + alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == + alloc_vec_Vec_index_usize v i) + [SMTPat (alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] + = + admit() + +let alloc_vec_Vec_index_mut_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : + Lemma ( + alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == + alloc_vec_Vec_index_usize v i) + [SMTPat (alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] + = + admit() + +let alloc_vec_Vec_index_mut_back_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : + Lemma ( + alloc_vec_Vec_index_mut_back a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i x == + alloc_vec_Vec_update_usize v i x) + [SMTPat (alloc_vec_Vec_index_mut_back a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i x)] + = + admit() diff --git a/tests/fstar/array/Array.Clauses.Template.fst b/tests/fstar/array/Array.Clauses.Template.fst deleted file mode 100644 index b2f2649c..00000000 --- a/tests/fstar/array/Array.Clauses.Template.fst +++ /dev/null @@ -1,21 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: templates for the decreases clauses *) -module Array.Clauses.Template -open Primitives -open Array.Types - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::sum]: decreases clause - Source: 'src/array.rs', lines 242:0-250:1 *) -unfold -let sum_loop_decreases (s : slice u32) (sum1 : u32) (i : usize) : nat = - admit () - -(** [array::sum2]: decreases clause - Source: 'src/array.rs', lines 252:0-261:1 *) -unfold -let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum1 : u32) - (i : usize) : nat = - admit () - diff --git a/tests/fstar/array/Array.Clauses.fst b/tests/fstar/array/Array.Clauses.fst deleted file mode 100644 index 68cbf216..00000000 --- a/tests/fstar/array/Array.Clauses.fst +++ /dev/null @@ -1,19 +0,0 @@ -(** [array]: decreases clauses *) -module Array.Clauses -open Primitives -open Array.Types -open FStar.List.Tot - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::sum]: decreases clause *) -unfold -let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = - if i < length s then length s - i else 0 - -(** [array::sum2]: decreases clause *) -unfold -let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) - (i : usize) : nat = - if i < length s then length s - i else 0 - diff --git a/tests/fstar/array/Array.Funs.fst b/tests/fstar/array/Array.Funs.fst deleted file mode 100644 index 4193ba7d..00000000 --- a/tests/fstar/array/Array.Funs.fst +++ /dev/null @@ -1,420 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: function definitions *) -module Array.Funs -open Primitives -include Array.Types -include Array.Clauses - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::incr]: - Source: 'src/array.rs', lines 8:0-8:24 *) -let incr (x : u32) : result u32 = - u32_add x 1 - -(** [array::array_to_shared_slice_]: - Source: 'src/array.rs', lines 16:0-16:53 *) -let array_to_shared_slice_ (t : Type0) (s : array t 32) : result (slice t) = - array_to_slice t 32 s - -(** [array::array_to_mut_slice_]: - Source: 'src/array.rs', lines 21:0-21:58 *) -let array_to_mut_slice_ - (t : Type0) (s : array t 32) : - result ((slice t) & (slice t -> result (array t 32))) - = - let* (s1, to_slice_mut_back) = array_to_slice_mut t 32 s in - Return (s1, to_slice_mut_back) - -(** [array::array_len]: - Source: 'src/array.rs', lines 25:0-25:40 *) -let array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i - -(** [array::shared_array_len]: - Source: 'src/array.rs', lines 29:0-29:48 *) -let shared_array_len (t : Type0) (s : array t 32) : result usize = - let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i - -(** [array::shared_slice_len]: - Source: 'src/array.rs', lines 33:0-33:44 *) -let shared_slice_len (t : Type0) (s : slice t) : result usize = - let i = slice_len t s in Return i - -(** [array::index_array_shared]: - Source: 'src/array.rs', lines 37:0-37:57 *) -let index_array_shared (t : Type0) (s : array t 32) (i : usize) : result t = - array_index_usize t 32 s i - -(** [array::index_array_u32]: - Source: 'src/array.rs', lines 44:0-44:53 *) -let index_array_u32 (s : array u32 32) (i : usize) : result u32 = - array_index_usize u32 32 s i - -(** [array::index_array_copy]: - Source: 'src/array.rs', lines 48:0-48:45 *) -let index_array_copy (x : array u32 32) : result u32 = - array_index_usize u32 32 x 0 - -(** [array::index_mut_array]: - Source: 'src/array.rs', lines 52:0-52:62 *) -let index_mut_array - (t : Type0) (s : array t 32) (i : usize) : - result (t & (t -> result (array t 32))) - = - let* (x, index_mut_back) = array_index_mut_usize t 32 s i in - Return (x, index_mut_back) - -(** [array::index_slice]: - Source: 'src/array.rs', lines 56:0-56:46 *) -let index_slice (t : Type0) (s : slice t) (i : usize) : result t = - slice_index_usize t s i - -(** [array::index_mut_slice]: - Source: 'src/array.rs', lines 60:0-60:58 *) -let index_mut_slice - (t : Type0) (s : slice t) (i : usize) : - result (t & (t -> result (slice t))) - = - let* (x, index_mut_back) = slice_index_mut_usize t s i in - Return (x, index_mut_back) - -(** [array::slice_subslice_shared_]: - Source: 'src/array.rs', lines 64:0-64:70 *) -let slice_subslice_shared_ - (x : slice u32) (y : usize) (z : usize) : result (slice u32) = - core_slice_index_Slice_index u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - { start = y; end_ = z } - -(** [array::slice_subslice_mut_]: - Source: 'src/array.rs', lines 68:0-68:75 *) -let slice_subslice_mut_ - (x : slice u32) (y : usize) (z : usize) : - result ((slice u32) & (slice u32 -> result (slice u32))) - = - let* (s, index_mut_back) = - core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x - { start = y; end_ = z } in - Return (s, index_mut_back) - -(** [array::array_to_slice_shared_]: - Source: 'src/array.rs', lines 72:0-72:54 *) -let array_to_slice_shared_ (x : array u32 32) : result (slice u32) = - array_to_slice u32 32 x - -(** [array::array_to_slice_mut_]: - Source: 'src/array.rs', lines 76:0-76:59 *) -let array_to_slice_mut_ - (x : array u32 32) : - result ((slice u32) & (slice u32 -> result (array u32 32))) - = - let* (s, to_slice_mut_back) = array_to_slice_mut u32 32 x in - Return (s, to_slice_mut_back) - -(** [array::array_subslice_shared_]: - Source: 'src/array.rs', lines 80:0-80:74 *) -let array_subslice_shared_ - (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = - core_array_Array_index u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } - -(** [array::array_subslice_mut_]: - Source: 'src/array.rs', lines 84:0-84:79 *) -let array_subslice_mut_ - (x : array u32 32) (y : usize) (z : usize) : - result ((slice u32) & (slice u32 -> result (array u32 32))) - = - let* (s, index_mut_back) = - core_array_Array_index_mut u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } in - Return (s, index_mut_back) - -(** [array::index_slice_0]: - Source: 'src/array.rs', lines 88:0-88:38 *) -let index_slice_0 (t : Type0) (s : slice t) : result t = - slice_index_usize t s 0 - -(** [array::index_array_0]: - Source: 'src/array.rs', lines 92:0-92:42 *) -let index_array_0 (t : Type0) (s : array t 32) : result t = - array_index_usize t 32 s 0 - -(** [array::index_index_array]: - Source: 'src/array.rs', lines 103:0-103:71 *) -let index_index_array - (s : array (array u32 32) 32) (i : usize) (j : usize) : result u32 = - let* a = array_index_usize (array u32 32) 32 s i in - array_index_usize u32 32 a j - -(** [array::update_update_array]: - Source: 'src/array.rs', lines 114:0-114:70 *) -let update_update_array - (s : array (array u32 32) 32) (i : usize) (j : usize) : result unit = - let* (a, index_mut_back) = array_index_mut_usize (array u32 32) 32 s i in - let* (_, index_mut_back1) = array_index_mut_usize u32 32 a j in - let* a1 = index_mut_back1 0 in - let* _ = index_mut_back a1 in - Return () - -(** [array::array_local_deep_copy]: - Source: 'src/array.rs', lines 118:0-118:43 *) -let array_local_deep_copy (x : array u32 32) : result unit = - Return () - -(** [array::take_array]: - Source: 'src/array.rs', lines 122:0-122:30 *) -let take_array (a : array u32 2) : result unit = - Return () - -(** [array::take_array_borrow]: - Source: 'src/array.rs', lines 123:0-123:38 *) -let take_array_borrow (a : array u32 2) : result unit = - Return () - -(** [array::take_slice]: - Source: 'src/array.rs', lines 124:0-124:28 *) -let take_slice (s : slice u32) : result unit = - Return () - -(** [array::take_mut_slice]: - Source: 'src/array.rs', lines 125:0-125:36 *) -let take_mut_slice (s : slice u32) : result (slice u32) = - Return s - -(** [array::const_array]: - Source: 'src/array.rs', lines 127:0-127:32 *) -let const_array : result (array u32 2) = - Return (mk_array u32 2 [ 0; 0 ]) - -(** [array::const_slice]: - Source: 'src/array.rs', lines 131:0-131:20 *) -let const_slice : result unit = - let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Return () - -(** [array::take_all]: - Source: 'src/array.rs', lines 141:0-141:17 *) -let take_all : result unit = - let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in - let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in - let* _ = take_array_borrow (mk_array u32 2 [ 0; 0 ]) in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* _ = take_slice s in - let* (s1, to_slice_mut_back) = - array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* s2 = take_mut_slice s1 in - let* _ = to_slice_mut_back s2 in - Return () - -(** [array::index_array]: - Source: 'src/array.rs', lines 155:0-155:38 *) -let index_array (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::index_array_borrow]: - Source: 'src/array.rs', lines 158:0-158:46 *) -let index_array_borrow (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::index_slice_u32_0]: - Source: 'src/array.rs', lines 162:0-162:42 *) -let index_slice_u32_0 (x : slice u32) : result u32 = - slice_index_usize u32 x 0 - -(** [array::index_mut_slice_u32_0]: - Source: 'src/array.rs', lines 166:0-166:50 *) -let index_mut_slice_u32_0 (x : slice u32) : result (u32 & (slice u32)) = - let* i = slice_index_usize u32 x 0 in Return (i, x) - -(** [array::index_all]: - Source: 'src/array.rs', lines 170:0-170:25 *) -let index_all : result u32 = - let* i = index_array (mk_array u32 2 [ 0; 0 ]) in - let* i1 = index_array (mk_array u32 2 [ 0; 0 ]) in - let* i2 = u32_add i i1 in - let* i3 = index_array_borrow (mk_array u32 2 [ 0; 0 ]) in - let* i4 = u32_add i2 i3 in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* i5 = index_slice_u32_0 s in - let* i6 = u32_add i4 i5 in - let* (s1, to_slice_mut_back) = - array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* (i7, s2) = index_mut_slice_u32_0 s1 in - let* i8 = u32_add i6 i7 in - let* _ = to_slice_mut_back s2 in - Return i8 - -(** [array::update_array]: - Source: 'src/array.rs', lines 184:0-184:36 *) -let update_array (x : array u32 2) : result unit = - let* (_, index_mut_back) = array_index_mut_usize u32 2 x 0 in - let* _ = index_mut_back 1 in - Return () - -(** [array::update_array_mut_borrow]: - Source: 'src/array.rs', lines 187:0-187:48 *) -let update_array_mut_borrow (x : array u32 2) : result (array u32 2) = - let* (_, index_mut_back) = array_index_mut_usize u32 2 x 0 in - index_mut_back 1 - -(** [array::update_mut_slice]: - Source: 'src/array.rs', lines 190:0-190:38 *) -let update_mut_slice (x : slice u32) : result (slice u32) = - let* (_, index_mut_back) = slice_index_mut_usize u32 x 0 in index_mut_back 1 - -(** [array::update_all]: - Source: 'src/array.rs', lines 194:0-194:19 *) -let update_all : result unit = - let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in - let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in - let* a = update_array_mut_borrow (mk_array u32 2 [ 0; 0 ]) in - let* (s, to_slice_mut_back) = array_to_slice_mut u32 2 a in - let* s1 = update_mut_slice s in - let* _ = to_slice_mut_back s1 in - Return () - -(** [array::range_all]: - Source: 'src/array.rs', lines 205:0-205:18 *) -let range_all : result unit = - let* (s, index_mut_back) = - core_array_Array_index_mut u32 (core_ops_range_Range usize) 4 - (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) - (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } in - let* s1 = update_mut_slice s in - let* _ = index_mut_back s1 in - Return () - -(** [array::deref_array_borrow]: - Source: 'src/array.rs', lines 214:0-214:46 *) -let deref_array_borrow (x : array u32 2) : result u32 = - array_index_usize u32 2 x 0 - -(** [array::deref_array_mut_borrow]: - Source: 'src/array.rs', lines 219:0-219:54 *) -let deref_array_mut_borrow (x : array u32 2) : result (u32 & (array u32 2)) = - let* i = array_index_usize u32 2 x 0 in Return (i, x) - -(** [array::take_array_t]: - Source: 'src/array.rs', lines 227:0-227:31 *) -let take_array_t (a : array aB_t 2) : result unit = - Return () - -(** [array::non_copyable_array]: - Source: 'src/array.rs', lines 229:0-229:27 *) -let non_copyable_array : result unit = - let* _ = take_array_t (mk_array aB_t 2 [ AB_A; AB_B ]) in Return () - -(** [array::sum]: loop 0: - Source: 'src/array.rs', lines 242:0-250:1 *) -let rec sum_loop - (s : slice u32) (sum1 : u32) (i : usize) : - Tot (result u32) (decreases (sum_loop_decreases s sum1 i)) - = - let i1 = slice_len u32 s in - if i < i1 - then - let* i2 = slice_index_usize u32 s i in - let* sum3 = u32_add sum1 i2 in - let* i3 = usize_add i 1 in - sum_loop s sum3 i3 - else Return sum1 - -(** [array::sum]: - Source: 'src/array.rs', lines 242:0-242:28 *) -let sum (s : slice u32) : result u32 = - sum_loop s 0 0 - -(** [array::sum2]: loop 0: - Source: 'src/array.rs', lines 252:0-261:1 *) -let rec sum2_loop - (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : - Tot (result u32) (decreases (sum2_loop_decreases s s2 sum1 i)) - = - let i1 = slice_len u32 s in - if i < i1 - then - let* i2 = slice_index_usize u32 s i in - let* i3 = slice_index_usize u32 s2 i in - let* i4 = u32_add i2 i3 in - let* sum3 = u32_add sum1 i4 in - let* i5 = usize_add i 1 in - sum2_loop s s2 sum3 i5 - else Return sum1 - -(** [array::sum2]: - Source: 'src/array.rs', lines 252:0-252:41 *) -let sum2 (s : slice u32) (s2 : slice u32) : result u32 = - let i = slice_len u32 s in - let i1 = slice_len u32 s2 in - if not (i = i1) then Fail Failure else sum2_loop s s2 0 0 - -(** [array::f0]: - Source: 'src/array.rs', lines 263:0-263:11 *) -let f0 : result unit = - let* (s, to_slice_mut_back) = - array_to_slice_mut u32 2 (mk_array u32 2 [ 1; 2 ]) in - let* (_, index_mut_back) = slice_index_mut_usize u32 s 0 in - let* s1 = index_mut_back 1 in - let* _ = to_slice_mut_back s1 in - Return () - -(** [array::f1]: - Source: 'src/array.rs', lines 268:0-268:11 *) -let f1 : result unit = - let* (_, index_mut_back) = - array_index_mut_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in - let* _ = index_mut_back 1 in - Return () - -(** [array::f2]: - Source: 'src/array.rs', lines 273:0-273:17 *) -let f2 (i : u32) : result unit = - Return () - -(** [array::f4]: - Source: 'src/array.rs', lines 282:0-282:54 *) -let f4 (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = - core_array_Array_index u32 (core_ops_range_Range usize) 32 - (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) - (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x - { start = y; end_ = z } - -(** [array::f3]: - Source: 'src/array.rs', lines 275:0-275:18 *) -let f3 : result u32 = - let* i = array_index_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in - let* _ = f2 i in - let b = array_repeat u32 32 0 in - let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in - let* s1 = f4 b 16 18 in - sum2 s s1 - -(** [array::SZ] - Source: 'src/array.rs', lines 286:0-286:19 *) -let sz_body : result usize = Return 32 -let sz_c : usize = eval_global sz_body - -(** [array::f5]: - Source: 'src/array.rs', lines 289:0-289:31 *) -let f5 (x : array u32 32) : result u32 = - array_index_usize u32 32 x 0 - -(** [array::ite]: - Source: 'src/array.rs', lines 294:0-294:12 *) -let ite : result unit = - let* (s, to_slice_mut_back) = - array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* (_, s1) = index_mut_slice_u32_0 s in - let* (s2, to_slice_mut_back1) = - array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in - let* (_, s3) = index_mut_slice_u32_0 s2 in - let* _ = to_slice_mut_back1 s3 in - let* _ = to_slice_mut_back s1 in - Return () - diff --git a/tests/fstar/array/Array.Types.fst b/tests/fstar/array/Array.Types.fst deleted file mode 100644 index 312f6018..00000000 --- a/tests/fstar/array/Array.Types.fst +++ /dev/null @@ -1,11 +0,0 @@ -(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) -(** [array]: type definitions *) -module Array.Types -open Primitives - -#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" - -(** [array::AB] - Source: 'src/array.rs', lines 3:0-3:11 *) -type aB_t = | AB_A : aB_t | AB_B : aB_t - diff --git a/tests/fstar/array/Makefile b/tests/fstar/array/Makefile deleted file mode 100644 index fa7d1f36..00000000 --- a/tests/fstar/array/Makefile +++ /dev/null @@ -1,49 +0,0 @@ -# This file was automatically generated - modify ../Makefile.template instead -INCLUDE_DIRS = . - -FSTAR_INCLUDES = $(addprefix --include ,$(INCLUDE_DIRS)) - -FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints - -FSTAR_OPTIONS = $(FSTAR_HINTS) \ - --cache_checked_modules $(FSTAR_INCLUDES) --cmi \ - --warn_error '+241@247+285-274' \ - -FSTAR_EXE ?= fstar.exe -FSTAR_NO_FLAGS = $(FSTAR_EXE) --already_cached 'Prims FStar LowStar Steel' --odir obj --cache_dir obj - -FSTAR = $(FSTAR_NO_FLAGS) $(FSTAR_OPTIONS) - -# The F* roots are used to compute the dependency graph, and generate the .depend file -FSTAR_ROOTS ?= $(wildcard *.fst *.fsti) - -# Build all the files -all: $(addprefix obj/,$(addsuffix .checked,$(FSTAR_ROOTS))) - -# This is the right way to ensure the .depend file always gets re-built. -ifeq (,$(filter %-in,$(MAKECMDGOALS))) -ifndef NODEPEND -ifndef MAKE_RESTARTS -.depend: .FORCE - $(FSTAR_NO_FLAGS) --dep full $(notdir $(FSTAR_ROOTS)) > $@ - -.PHONY: .FORCE -.FORCE: -endif -endif - -include .depend -endif - -# For the interactive mode -%.fst-in %.fsti-in: - @echo $(FSTAR_OPTIONS) - -# Generete the .checked files in batch mode -%.checked: - $(FSTAR) $(FSTAR_OPTIONS) $< && \ - touch -c $@ - -.PHONY: clean -clean: - rm -f obj/* diff --git a/tests/fstar/array/Primitives.fst b/tests/fstar/array/Primitives.fst deleted file mode 100644 index fca80829..00000000 --- a/tests/fstar/array/Primitives.fst +++ /dev/null @@ -1,848 +0,0 @@ -/// This file lists primitive and assumed functions and types -module Primitives -open FStar.Mul -open FStar.List.Tot - -#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" - -(*** Utilities *) -val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : - ls':list a{ - length ls' = length ls /\ - index ls' i == x - } -#push-options "--fuel 1" -let rec list_update #a ls i x = - match ls with - | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x -#pop-options - -(*** Result *) -type error : Type0 = -| Failure -| OutOfFuel - -type result (a : Type0) : Type0 = -| Return : v:a -> result a -| Fail : e:error -> result a - -// Monadic return operator -unfold let return (#a : Type0) (x : a) : result a = Return x - -// Monadic bind operator. -// Allows to use the notation: -// ``` -// let* x = y in -// ... -// ``` -unfold let (let*) (#a #b : Type0) (m: result a) - (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : - result b = - match m with - | Return x -> f x - | Fail e -> Fail e - -// Monadic assert(...) -let massert (b:bool) : result unit = if b then Return () else Fail Failure - -// Normalize and unwrap a successful result (used for globals). -let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x - -(*** Misc *) -type char = FStar.Char.char -type string = string - -let is_zero (n: nat) : bool = n = 0 -let decrease (n: nat{n > 0}) : nat = n - 1 - -let core_mem_replace (a : Type0) (x : a) (y : a) : a & a = (x, x) - -// We don't really use raw pointers for now -type mut_raw_ptr (t : Type0) = { v : t } -type const_raw_ptr (t : Type0) = { v : t } - -(*** Scalars *) -/// Rem.: most of the following code was partially generated - -assume val size_numbits : pos - -// TODO: we could use FStar.Int.int_t and FStar.UInt.int_t - -let isize_min : int = -9223372036854775808 // TODO: should be opaque -let isize_max : int = 9223372036854775807 // TODO: should be opaque -let i8_min : int = -128 -let i8_max : int = 127 -let i16_min : int = -32768 -let i16_max : int = 32767 -let i32_min : int = -2147483648 -let i32_max : int = 2147483647 -let i64_min : int = -9223372036854775808 -let i64_max : int = 9223372036854775807 -let i128_min : int = -170141183460469231731687303715884105728 -let i128_max : int = 170141183460469231731687303715884105727 -let usize_min : int = 0 -let usize_max : int = 4294967295 // TODO: should be opaque -let u8_min : int = 0 -let u8_max : int = 255 -let u16_min : int = 0 -let u16_max : int = 65535 -let u32_min : int = 0 -let u32_max : int = 4294967295 -let u64_min : int = 0 -let u64_max : int = 18446744073709551615 -let u128_min : int = 0 -let u128_max : int = 340282366920938463463374607431768211455 - -type scalar_ty = -| Isize -| I8 -| I16 -| I32 -| I64 -| I128 -| Usize -| U8 -| U16 -| U32 -| U64 -| U128 - -let is_unsigned = function - | Isize | I8 | I16 | I32 | I64 | I128 -> false - | Usize | U8 | U16 | U32 | U64 | U128 -> true - -let scalar_min (ty : scalar_ty) : int = - match ty with - | Isize -> isize_min - | I8 -> i8_min - | I16 -> i16_min - | I32 -> i32_min - | I64 -> i64_min - | I128 -> i128_min - | Usize -> usize_min - | U8 -> u8_min - | U16 -> u16_min - | U32 -> u32_min - | U64 -> u64_min - | U128 -> u128_min - -let scalar_max (ty : scalar_ty) : int = - match ty with - | Isize -> isize_max - | I8 -> i8_max - | I16 -> i16_max - | I32 -> i32_max - | I64 -> i64_max - | I128 -> i128_max - | Usize -> usize_max - | U8 -> u8_max - | U16 -> u16_max - | U32 -> u32_max - | U64 -> u64_max - | U128 -> u128_max - -type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} - -let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = - if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure - -let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) - -let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - if y <> 0 then mk_scalar ty (x / y) else Fail Failure - -/// The remainder operation -let int_rem (x : int) (y : int{y <> 0}) : int = - if x >= 0 then (x % y) else -(x % y) - -(* Checking consistency with Rust *) -let _ = assert_norm(int_rem 1 2 = 1) -let _ = assert_norm(int_rem (-1) 2 = -1) -let _ = assert_norm(int_rem 1 (-2) = 1) -let _ = assert_norm(int_rem (-1) (-2) = -1) - -let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - if y <> 0 then mk_scalar ty (int_rem x y) else Fail Failure - -let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x + y) - -let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x - y) - -let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = - mk_scalar ty (x * y) - -let scalar_xor (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logxor #8 x y - | U16 -> FStar.UInt.logxor #16 x y - | U32 -> FStar.UInt.logxor #32 x y - | U64 -> FStar.UInt.logxor #64 x y - | U128 -> FStar.UInt.logxor #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logxor #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logxor #16 x y - | I32 -> FStar.Int.logxor #32 x y - | I64 -> FStar.Int.logxor #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logxor #128 x y - | Isize -> admit() // TODO - -let scalar_or (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logor #8 x y - | U16 -> FStar.UInt.logor #16 x y - | U32 -> FStar.UInt.logor #32 x y - | U64 -> FStar.UInt.logor #64 x y - | U128 -> FStar.UInt.logor #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logor #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logor #16 x y - | I32 -> FStar.Int.logor #32 x y - | I64 -> FStar.Int.logor #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logor #128 x y - | Isize -> admit() // TODO - -let scalar_and (#ty : scalar_ty) - (x : scalar ty) (y : scalar ty) : scalar ty = - match ty with - | U8 -> FStar.UInt.logand #8 x y - | U16 -> FStar.UInt.logand #16 x y - | U32 -> FStar.UInt.logand #32 x y - | U64 -> FStar.UInt.logand #64 x y - | U128 -> FStar.UInt.logand #128 x y - | Usize -> admit() // TODO - | I8 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 8); - normalize_spec (scalar I8); - FStar.Int.logand #8 x y - | I16 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 16); - normalize_spec (scalar I16); - FStar.Int.logand #16 x y - | I32 -> FStar.Int.logand #32 x y - | I64 -> FStar.Int.logand #64 x y - | I128 -> - // Encoding issues... - normalize_spec (FStar.Int.int_t 128); - normalize_spec (scalar I128); - FStar.Int.logand #128 x y - | Isize -> admit() // TODO - -// Shift left -let scalar_shl (#ty0 #ty1 : scalar_ty) - (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = - admit() - -// Shift right -let scalar_shr (#ty0 #ty1 : scalar_ty) - (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = - admit() - -(** Cast an integer from a [src_ty] to a [tgt_ty] *) -// TODO: check the semantics of casts in Rust -let scalar_cast (src_ty : scalar_ty) (tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) = - mk_scalar tgt_ty x - -// This can't fail, but for now we make all casts faillible (easier for the translation) -let scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) = - mk_scalar tgt_ty (if x then 1 else 0) - -/// The scalar types -type isize : eqtype = scalar Isize -type i8 : eqtype = scalar I8 -type i16 : eqtype = scalar I16 -type i32 : eqtype = scalar I32 -type i64 : eqtype = scalar I64 -type i128 : eqtype = scalar I128 -type usize : eqtype = scalar Usize -type u8 : eqtype = scalar U8 -type u16 : eqtype = scalar U16 -type u32 : eqtype = scalar U32 -type u64 : eqtype = scalar U64 -type u128 : eqtype = scalar U128 - - -let core_isize_min : isize = isize_min -let core_isize_max : isize = isize_max -let core_i8_min : i8 = i8_min -let core_i8_max : i8 = i8_max -let core_i16_min : i16 = i16_min -let core_i16_max : i16 = i16_max -let core_i32_min : i32 = i32_min -let core_i32_max : i32 = i32_max -let core_i64_min : i64 = i64_min -let core_i64_max : i64 = i64_max -let core_i128_min : i128 = i128_min -let core_i128_max : i128 = i128_max - -let core_usize_min : usize = usize_min -let core_usize_max : usize = usize_max -let core_u8_min : u8 = u8_min -let core_u8_max : u8 = u8_max -let core_u16_min : u16 = u16_min -let core_u16_max : u16 = u16_max -let core_u32_min : u32 = u32_min -let core_u32_max : u32 = u32_max -let core_u64_min : u64 = u64_min -let core_u64_max : u64 = u64_max -let core_u128_min : u128 = u128_min -let core_u128_max : u128 = u128_max - -/// Negation -let isize_neg = scalar_neg #Isize -let i8_neg = scalar_neg #I8 -let i16_neg = scalar_neg #I16 -let i32_neg = scalar_neg #I32 -let i64_neg = scalar_neg #I64 -let i128_neg = scalar_neg #I128 - -/// Division -let isize_div = scalar_div #Isize -let i8_div = scalar_div #I8 -let i16_div = scalar_div #I16 -let i32_div = scalar_div #I32 -let i64_div = scalar_div #I64 -let i128_div = scalar_div #I128 -let usize_div = scalar_div #Usize -let u8_div = scalar_div #U8 -let u16_div = scalar_div #U16 -let u32_div = scalar_div #U32 -let u64_div = scalar_div #U64 -let u128_div = scalar_div #U128 - -/// Remainder -let isize_rem = scalar_rem #Isize -let i8_rem = scalar_rem #I8 -let i16_rem = scalar_rem #I16 -let i32_rem = scalar_rem #I32 -let i64_rem = scalar_rem #I64 -let i128_rem = scalar_rem #I128 -let usize_rem = scalar_rem #Usize -let u8_rem = scalar_rem #U8 -let u16_rem = scalar_rem #U16 -let u32_rem = scalar_rem #U32 -let u64_rem = scalar_rem #U64 -let u128_rem = scalar_rem #U128 - -/// Addition -let isize_add = scalar_add #Isize -let i8_add = scalar_add #I8 -let i16_add = scalar_add #I16 -let i32_add = scalar_add #I32 -let i64_add = scalar_add #I64 -let i128_add = scalar_add #I128 -let usize_add = scalar_add #Usize -let u8_add = scalar_add #U8 -let u16_add = scalar_add #U16 -let u32_add = scalar_add #U32 -let u64_add = scalar_add #U64 -let u128_add = scalar_add #U128 - -/// Subtraction -let isize_sub = scalar_sub #Isize -let i8_sub = scalar_sub #I8 -let i16_sub = scalar_sub #I16 -let i32_sub = scalar_sub #I32 -let i64_sub = scalar_sub #I64 -let i128_sub = scalar_sub #I128 -let usize_sub = scalar_sub #Usize -let u8_sub = scalar_sub #U8 -let u16_sub = scalar_sub #U16 -let u32_sub = scalar_sub #U32 -let u64_sub = scalar_sub #U64 -let u128_sub = scalar_sub #U128 - -/// Multiplication -let isize_mul = scalar_mul #Isize -let i8_mul = scalar_mul #I8 -let i16_mul = scalar_mul #I16 -let i32_mul = scalar_mul #I32 -let i64_mul = scalar_mul #I64 -let i128_mul = scalar_mul #I128 -let usize_mul = scalar_mul #Usize -let u8_mul = scalar_mul #U8 -let u16_mul = scalar_mul #U16 -let u32_mul = scalar_mul #U32 -let u64_mul = scalar_mul #U64 -let u128_mul = scalar_mul #U128 - -/// Xor -let u8_xor = scalar_xor #U8 -let u16_xor = scalar_xor #U16 -let u32_xor = scalar_xor #U32 -let u64_xor = scalar_xor #U64 -let u128_xor = scalar_xor #U128 -let usize_xor = scalar_xor #Usize -let i8_xor = scalar_xor #I8 -let i16_xor = scalar_xor #I16 -let i32_xor = scalar_xor #I32 -let i64_xor = scalar_xor #I64 -let i128_xor = scalar_xor #I128 -let isize_xor = scalar_xor #Isize - -/// Or -let u8_or = scalar_or #U8 -let u16_or = scalar_or #U16 -let u32_or = scalar_or #U32 -let u64_or = scalar_or #U64 -let u128_or = scalar_or #U128 -let usize_or = scalar_or #Usize -let i8_or = scalar_or #I8 -let i16_or = scalar_or #I16 -let i32_or = scalar_or #I32 -let i64_or = scalar_or #I64 -let i128_or = scalar_or #I128 -let isize_or = scalar_or #Isize - -/// And -let u8_and = scalar_and #U8 -let u16_and = scalar_and #U16 -let u32_and = scalar_and #U32 -let u64_and = scalar_and #U64 -let u128_and = scalar_and #U128 -let usize_and = scalar_and #Usize -let i8_and = scalar_and #I8 -let i16_and = scalar_and #I16 -let i32_and = scalar_and #I32 -let i64_and = scalar_and #I64 -let i128_and = scalar_and #I128 -let isize_and = scalar_and #Isize - -/// Shift left -let u8_shl #ty = scalar_shl #U8 #ty -let u16_shl #ty = scalar_shl #U16 #ty -let u32_shl #ty = scalar_shl #U32 #ty -let u64_shl #ty = scalar_shl #U64 #ty -let u128_shl #ty = scalar_shl #U128 #ty -let usize_shl #ty = scalar_shl #Usize #ty -let i8_shl #ty = scalar_shl #I8 #ty -let i16_shl #ty = scalar_shl #I16 #ty -let i32_shl #ty = scalar_shl #I32 #ty -let i64_shl #ty = scalar_shl #I64 #ty -let i128_shl #ty = scalar_shl #I128 #ty -let isize_shl #ty = scalar_shl #Isize #ty - -/// Shift right -let u8_shr #ty = scalar_shr #U8 #ty -let u16_shr #ty = scalar_shr #U16 #ty -let u32_shr #ty = scalar_shr #U32 #ty -let u64_shr #ty = scalar_shr #U64 #ty -let u128_shr #ty = scalar_shr #U128 #ty -let usize_shr #ty = scalar_shr #Usize #ty -let i8_shr #ty = scalar_shr #I8 #ty -let i16_shr #ty = scalar_shr #I16 #ty -let i32_shr #ty = scalar_shr #I32 #ty -let i64_shr #ty = scalar_shr #I64 #ty -let i128_shr #ty = scalar_shr #I128 #ty -let isize_shr #ty = scalar_shr #Isize #ty - -(*** core::ops *) - -// Trait declaration: [core::ops::index::Index] -noeq type core_ops_index_Index (self idx : Type0) = { - output : Type0; - index : self → idx → result output -} - -// Trait declaration: [core::ops::index::IndexMut] -noeq type core_ops_index_IndexMut (self idx : Type0) = { - indexInst : core_ops_index_Index self idx; - index_mut : self → idx → result (indexInst.output & (indexInst.output → result self)); -} - -// Trait declaration [core::ops::deref::Deref] -noeq type core_ops_deref_Deref (self : Type0) = { - target : Type0; - deref : self → result target; -} - -// Trait declaration [core::ops::deref::DerefMut] -noeq type core_ops_deref_DerefMut (self : Type0) = { - derefInst : core_ops_deref_Deref self; - deref_mut : self → result (derefInst.target & (derefInst.target → result self)); -} - -type core_ops_range_Range (a : Type0) = { - start : a; - end_ : a; -} - -(*** [alloc] *) - -let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x -let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = - Return (x, (fun x -> Return x)) - -// Trait instance -let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { - target = self; - deref = alloc_boxed_Box_deref self; -} - -// Trait instance -let alloc_boxed_Box_coreopsDerefMutInst (self : Type0) : core_ops_deref_DerefMut self = { - derefInst = alloc_boxed_Box_coreopsDerefInst self; - deref_mut = alloc_boxed_Box_deref_mut self; -} - -(*** Array *) -type array (a : Type0) (n : usize) = s:list a{length s = n} - -// We tried putting the normalize_term condition as a refinement on the list -// but it didn't work. It works with the requires clause. -let mk_array (a : Type0) (n : usize) - (l : list a) : - Pure (array a n) - (requires (normalize_term(FStar.List.Tot.length l) = n)) - (ensures (fun _ -> True)) = - normalize_term_spec (FStar.List.Tot.length l); - l - -let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = - if i < length x then Return (index x i) - else Fail Failure - -let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : - result (array a n) = - if i < length x then Return (list_update x i nx) - else Fail Failure - -let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : - result (a & (a -> result (array a n))) = - match array_index_usize a n x i with - | Fail e -> Fail e - | Return v -> - Return (v, array_update_usize a n x i) - -(*** Slice *) -type slice (a : Type0) = s:list a{length s <= usize_max} - -let slice_len (a : Type0) (s : slice a) : usize = length s - -let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = - if i < length x then Return (index x i) - else Fail Failure - -let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = - if i < length x then Return (list_update x i nx) - else Fail Failure - -let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : - result (a & (a -> result (slice a))) = - match slice_index_usize a s i with - | Fail e -> Fail e - | Return x -> - Return (x, slice_update_usize a s i) - -(*** Subslices *) - -let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x -let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = - if length s = n then Return s - else Fail Failure - -let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : - result (slice a & (slice a -> result (array a n))) = - Return (x, array_from_slice a n x) - -// TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) -let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = - admit() - -let array_update_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) (ns : slice a) : result (array a n) = - admit() - -let array_repeat (a : Type0) (n : usize) (x : a) : array a n = - admit() - -let slice_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) : result (slice a) = - admit() - -let slice_update_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) (ns : slice a) : result (slice a) = - admit() - -(*** Vector *) -type alloc_vec_Vec (a : Type0) = v:list a{length v <= usize_max} - -let alloc_vec_Vec_new (a : Type0) : alloc_vec_Vec a = assert_norm(length #a [] == 0); [] -let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v - -// Helper -let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = - if i < length v then Return (index v i) else Fail Failure -// Helper -let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure - -let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : - result (a & (a → result (alloc_vec_Vec a))) = - match alloc_vec_Vec_index_usize v i with - | Return x -> - Return (x, alloc_vec_Vec_update_usize v i) - | Fail e -> Fail e - -let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : - Pure (result (alloc_vec_Vec a)) - (requires True) - (ensures (fun res -> - match res with - | Fail e -> e == Failure - | Return v' -> length v' = length v + 1)) = - if length v < usize_max then begin - (**) assert_norm(length [x] == 1); - (**) append_length v [x]; - (**) assert(length (append v [x]) = length v + 1); - Return (append v [x]) - end - else Fail Failure - -let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = - if i < length v then Return (list_update v i x) else Fail Failure - -// Trait declaration: [core::slice::index::private_slice_index::Sealed] -type core_slice_index_private_slice_index_Sealed (self : Type0) = unit - -// Trait declaration: [core::slice::index::SliceIndex] -noeq type core_slice_index_SliceIndex (self t : Type0) = { - sealedInst : core_slice_index_private_slice_index_Sealed self; - output : Type0; - get : self → t → result (option output); - get_mut : self → t → result (option output & (option output -> result t)); - get_unchecked : self → const_raw_ptr t → result (const_raw_ptr output); - get_unchecked_mut : self → mut_raw_ptr t → result (mut_raw_ptr output); - index : self → t → result output; - index_mut : self → t → result (output & (output -> result t)); -} - -// [core::slice::index::[T]::index]: forward function -let core_slice_index_Slice_index - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (s : slice t) (i : idx) : result inst.output = - let* x = inst.get i s in - match x with - | None -> Fail Failure - | Some x -> Return x - -// [core::slice::index::Range:::get]: forward function -let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : - result (option (slice t)) = - admit () // TODO - -// [core::slice::index::Range::get_mut]: forward function -let core_slice_index_RangeUsize_get_mut (t : Type0) : - core_ops_range_Range usize → slice t → result (option (slice t) & (option (slice t) -> result (slice t))) = - admit () // TODO - -// [core::slice::index::Range::get_unchecked]: forward function -let core_slice_index_RangeUsize_get_unchecked - (t : Type0) : - core_ops_range_Range usize → const_raw_ptr (slice t) → result (const_raw_ptr (slice t)) = - // Don't know what the model should be - for now we always fail to make - // sure code which uses it fails - fun _ _ -> Fail Failure - -// [core::slice::index::Range::get_unchecked_mut]: forward function -let core_slice_index_RangeUsize_get_unchecked_mut - (t : Type0) : - core_ops_range_Range usize → mut_raw_ptr (slice t) → result (mut_raw_ptr (slice t)) = - // Don't know what the model should be - for now we always fail to make - // sure code which uses it fails - fun _ _ -> Fail Failure - -// [core::slice::index::Range::index]: forward function -let core_slice_index_RangeUsize_index - (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = - admit () // TODO - -// [core::slice::index::Range::index_mut]: forward function -let core_slice_index_RangeUsize_index_mut (t : Type0) : - core_ops_range_Range usize → slice t → result (slice t & (slice t -> result (slice t))) = - admit () // TODO - -// [core::slice::index::[T]::index_mut]: forward function -let core_slice_index_Slice_index_mut - (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : - slice t → idx → result (inst.output & (inst.output -> result (slice t))) = - admit () // - -// [core::array::[T; N]::index]: forward function -let core_array_Array_index - (t idx : Type0) (n : usize) (inst : core_ops_index_Index (slice t) idx) - (a : array t n) (i : idx) : result inst.output = - admit () // TODO - -// [core::array::[T; N]::index_mut]: forward function -let core_array_Array_index_mut - (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) - (a : array t n) (i : idx) : - result (inst.indexInst.output & (inst.indexInst.output -> result (array t n))) = - admit () // TODO - -// Trait implementation: [core::slice::index::private_slice_index::Range] -let core_slice_index_private_slice_index_SealedRangeUsizeInst - : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) = () - -// Trait implementation: [core::slice::index::Range] -let core_slice_index_SliceIndexRangeUsizeSliceTInst (t : Type0) : - core_slice_index_SliceIndex (core_ops_range_Range usize) (slice t) = { - sealedInst = core_slice_index_private_slice_index_SealedRangeUsizeInst; - output = slice t; - get = core_slice_index_RangeUsize_get t; - get_mut = core_slice_index_RangeUsize_get_mut t; - get_unchecked = core_slice_index_RangeUsize_get_unchecked t; - get_unchecked_mut = core_slice_index_RangeUsize_get_unchecked_mut t; - index = core_slice_index_RangeUsize_index t; - index_mut = core_slice_index_RangeUsize_index_mut t; -} - -// Trait implementation: [core::slice::index::[T]] -let core_ops_index_IndexSliceTIInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_Index (slice t) idx = { - output = inst.output; - index = core_slice_index_Slice_index t idx inst; -} - -// Trait implementation: [core::slice::index::[T]] -let core_ops_index_IndexMutSliceTIInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_IndexMut (slice t) idx = { - indexInst = core_ops_index_IndexSliceTIInst t idx inst; - index_mut = core_slice_index_Slice_index_mut t idx inst; -} - -// Trait implementation: [core::array::[T; N]] -let core_ops_index_IndexArrayInst (t idx : Type0) (n : usize) - (inst : core_ops_index_Index (slice t) idx) : - core_ops_index_Index (array t n) idx = { - output = inst.output; - index = core_array_Array_index t idx n inst; -} - -// Trait implementation: [core::array::[T; N]] -let core_ops_index_IndexMutArrayIInst (t idx : Type0) (n : usize) - (inst : core_ops_index_IndexMut (slice t) idx) : - core_ops_index_IndexMut (array t n) idx = { - indexInst = core_ops_index_IndexArrayInst t idx n inst.indexInst; - index_mut = core_array_Array_index_mut t idx n inst; -} - -// [core::slice::index::usize::get]: forward function -let core_slice_index_usize_get - (t : Type0) : usize → slice t → result (option t) = - admit () // TODO - -// [core::slice::index::usize::get_mut]: forward function -let core_slice_index_usize_get_mut (t : Type0) : - usize → slice t → result (option t & (option t -> result (slice t))) = - admit () // TODO - -// [core::slice::index::usize::get_unchecked]: forward function -let core_slice_index_usize_get_unchecked - (t : Type0) : usize → const_raw_ptr (slice t) → result (const_raw_ptr t) = - admit () // TODO - -// [core::slice::index::usize::get_unchecked_mut]: forward function -let core_slice_index_usize_get_unchecked_mut - (t : Type0) : usize → mut_raw_ptr (slice t) → result (mut_raw_ptr t) = - admit () // TODO - -// [core::slice::index::usize::index]: forward function -let core_slice_index_usize_index (t : Type0) : usize → slice t → result t = - admit () // TODO - -// [core::slice::index::usize::index_mut]: forward function -let core_slice_index_usize_index_mut (t : Type0) : - usize → slice t → result (t & (t -> result (slice t))) = - admit () // TODO - -// Trait implementation: [core::slice::index::private_slice_index::usize] -let core_slice_index_private_slice_index_SealedUsizeInst - : core_slice_index_private_slice_index_Sealed usize = () - -// Trait implementation: [core::slice::index::usize] -let core_slice_index_SliceIndexUsizeSliceTInst (t : Type0) : - core_slice_index_SliceIndex usize (slice t) = { - sealedInst = core_slice_index_private_slice_index_SealedUsizeInst; - output = t; - get = core_slice_index_usize_get t; - get_mut = core_slice_index_usize_get_mut t; - get_unchecked = core_slice_index_usize_get_unchecked t; - get_unchecked_mut = core_slice_index_usize_get_unchecked_mut t; - index = core_slice_index_usize_index t; - index_mut = core_slice_index_usize_index_mut t; -} - -// [alloc::vec::Vec::index]: forward function -let alloc_vec_Vec_index (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (self : alloc_vec_Vec t) (i : idx) : result inst.output = - admit () // TODO - -// [alloc::vec::Vec::index_mut]: forward function -let alloc_vec_Vec_index_mut (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) - (self : alloc_vec_Vec t) (i : idx) : - result (inst.output & (inst.output -> result (alloc_vec_Vec t))) = - admit () // TODO - -// Trait implementation: [alloc::vec::Vec] -let alloc_vec_Vec_coreopsindexIndexInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_Index (alloc_vec_Vec t) idx = { - output = inst.output; - index = alloc_vec_Vec_index t idx inst; -} - -// Trait implementation: [alloc::vec::Vec] -let alloc_vec_Vec_coreopsindexIndexMutInst (t idx : Type0) - (inst : core_slice_index_SliceIndex idx (slice t)) : - core_ops_index_IndexMut (alloc_vec_Vec t) idx = { - indexInst = alloc_vec_Vec_coreopsindexIndexInst t idx inst; - index_mut = alloc_vec_Vec_index_mut t idx inst; -} - -(*** Theorems *) - -let alloc_vec_Vec_index_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : - Lemma ( - alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == - alloc_vec_Vec_index_usize v i) - [SMTPat (alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] - = - admit() - -let alloc_vec_Vec_index_mut_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : - Lemma ( - alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == - alloc_vec_Vec_index_mut_usize v i) - [SMTPat (alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] - = - admit() diff --git a/tests/fstar/arrays/Arrays.Clauses.Template.fst b/tests/fstar/arrays/Arrays.Clauses.Template.fst new file mode 100644 index 00000000..8cc32583 --- /dev/null +++ b/tests/fstar/arrays/Arrays.Clauses.Template.fst @@ -0,0 +1,21 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: templates for the decreases clauses *) +module Arrays.Clauses.Template +open Primitives +open Arrays.Types + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::sum]: decreases clause + Source: 'src/arrays.rs', lines 242:0-250:1 *) +unfold +let sum_loop_decreases (s : slice u32) (sum1 : u32) (i : usize) : nat = + admit () + +(** [arrays::sum2]: decreases clause + Source: 'src/arrays.rs', lines 252:0-261:1 *) +unfold +let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum1 : u32) + (i : usize) : nat = + admit () + diff --git a/tests/fstar/arrays/Arrays.Clauses.fst b/tests/fstar/arrays/Arrays.Clauses.fst new file mode 100644 index 00000000..68cbf216 --- /dev/null +++ b/tests/fstar/arrays/Arrays.Clauses.fst @@ -0,0 +1,19 @@ +(** [array]: decreases clauses *) +module Array.Clauses +open Primitives +open Array.Types +open FStar.List.Tot + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [array::sum]: decreases clause *) +unfold +let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = + if i < length s then length s - i else 0 + +(** [array::sum2]: decreases clause *) +unfold +let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) + (i : usize) : nat = + if i < length s then length s - i else 0 + diff --git a/tests/fstar/arrays/Arrays.Funs.fst b/tests/fstar/arrays/Arrays.Funs.fst new file mode 100644 index 00000000..b0df7fc2 --- /dev/null +++ b/tests/fstar/arrays/Arrays.Funs.fst @@ -0,0 +1,420 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: function definitions *) +module Arrays.Funs +open Primitives +include Arrays.Types +include Arrays.Clauses + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::incr]: + Source: 'src/arrays.rs', lines 8:0-8:24 *) +let incr (x : u32) : result u32 = + u32_add x 1 + +(** [arrays::array_to_shared_slice_]: + Source: 'src/arrays.rs', lines 16:0-16:53 *) +let array_to_shared_slice_ (t : Type0) (s : array t 32) : result (slice t) = + array_to_slice t 32 s + +(** [arrays::array_to_mut_slice_]: + Source: 'src/arrays.rs', lines 21:0-21:58 *) +let array_to_mut_slice_ + (t : Type0) (s : array t 32) : + result ((slice t) & (slice t -> result (array t 32))) + = + let* (s1, to_slice_mut_back) = array_to_slice_mut t 32 s in + Return (s1, to_slice_mut_back) + +(** [arrays::array_len]: + Source: 'src/arrays.rs', lines 25:0-25:40 *) +let array_len (t : Type0) (s : array t 32) : result usize = + let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i + +(** [arrays::shared_array_len]: + Source: 'src/arrays.rs', lines 29:0-29:48 *) +let shared_array_len (t : Type0) (s : array t 32) : result usize = + let* s1 = array_to_slice t 32 s in let i = slice_len t s1 in Return i + +(** [arrays::shared_slice_len]: + Source: 'src/arrays.rs', lines 33:0-33:44 *) +let shared_slice_len (t : Type0) (s : slice t) : result usize = + let i = slice_len t s in Return i + +(** [arrays::index_array_shared]: + Source: 'src/arrays.rs', lines 37:0-37:57 *) +let index_array_shared (t : Type0) (s : array t 32) (i : usize) : result t = + array_index_usize t 32 s i + +(** [arrays::index_array_u32]: + Source: 'src/arrays.rs', lines 44:0-44:53 *) +let index_array_u32 (s : array u32 32) (i : usize) : result u32 = + array_index_usize u32 32 s i + +(** [arrays::index_array_copy]: + Source: 'src/arrays.rs', lines 48:0-48:45 *) +let index_array_copy (x : array u32 32) : result u32 = + array_index_usize u32 32 x 0 + +(** [arrays::index_mut_array]: + Source: 'src/arrays.rs', lines 52:0-52:62 *) +let index_mut_array + (t : Type0) (s : array t 32) (i : usize) : + result (t & (t -> result (array t 32))) + = + let* (x, index_mut_back) = array_index_mut_usize t 32 s i in + Return (x, index_mut_back) + +(** [arrays::index_slice]: + Source: 'src/arrays.rs', lines 56:0-56:46 *) +let index_slice (t : Type0) (s : slice t) (i : usize) : result t = + slice_index_usize t s i + +(** [arrays::index_mut_slice]: + Source: 'src/arrays.rs', lines 60:0-60:58 *) +let index_mut_slice + (t : Type0) (s : slice t) (i : usize) : + result (t & (t -> result (slice t))) + = + let* (x, index_mut_back) = slice_index_mut_usize t s i in + Return (x, index_mut_back) + +(** [arrays::slice_subslice_shared_]: + Source: 'src/arrays.rs', lines 64:0-64:70 *) +let slice_subslice_shared_ + (x : slice u32) (y : usize) (z : usize) : result (slice u32) = + core_slice_index_Slice_index u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + { start = y; end_ = z } + +(** [arrays::slice_subslice_mut_]: + Source: 'src/arrays.rs', lines 68:0-68:75 *) +let slice_subslice_mut_ + (x : slice u32) (y : usize) (z : usize) : + result ((slice u32) & (slice u32 -> result (slice u32))) + = + let* (s, index_mut_back) = + core_slice_index_Slice_index_mut u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32) x + { start = y; end_ = z } in + Return (s, index_mut_back) + +(** [arrays::array_to_slice_shared_]: + Source: 'src/arrays.rs', lines 72:0-72:54 *) +let array_to_slice_shared_ (x : array u32 32) : result (slice u32) = + array_to_slice u32 32 x + +(** [arrays::array_to_slice_mut_]: + Source: 'src/arrays.rs', lines 76:0-76:59 *) +let array_to_slice_mut_ + (x : array u32 32) : + result ((slice u32) & (slice u32 -> result (array u32 32))) + = + let* (s, to_slice_mut_back) = array_to_slice_mut u32 32 x in + Return (s, to_slice_mut_back) + +(** [arrays::array_subslice_shared_]: + Source: 'src/arrays.rs', lines 80:0-80:74 *) +let array_subslice_shared_ + (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = + core_array_Array_index u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } + +(** [arrays::array_subslice_mut_]: + Source: 'src/arrays.rs', lines 84:0-84:79 *) +let array_subslice_mut_ + (x : array u32 32) (y : usize) (z : usize) : + result ((slice u32) & (slice u32 -> result (array u32 32))) + = + let* (s, index_mut_back) = + core_array_Array_index_mut u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } in + Return (s, index_mut_back) + +(** [arrays::index_slice_0]: + Source: 'src/arrays.rs', lines 88:0-88:38 *) +let index_slice_0 (t : Type0) (s : slice t) : result t = + slice_index_usize t s 0 + +(** [arrays::index_array_0]: + Source: 'src/arrays.rs', lines 92:0-92:42 *) +let index_array_0 (t : Type0) (s : array t 32) : result t = + array_index_usize t 32 s 0 + +(** [arrays::index_index_array]: + Source: 'src/arrays.rs', lines 103:0-103:71 *) +let index_index_array + (s : array (array u32 32) 32) (i : usize) (j : usize) : result u32 = + let* a = array_index_usize (array u32 32) 32 s i in + array_index_usize u32 32 a j + +(** [arrays::update_update_array]: + Source: 'src/arrays.rs', lines 114:0-114:70 *) +let update_update_array + (s : array (array u32 32) 32) (i : usize) (j : usize) : result unit = + let* (a, index_mut_back) = array_index_mut_usize (array u32 32) 32 s i in + let* (_, index_mut_back1) = array_index_mut_usize u32 32 a j in + let* a1 = index_mut_back1 0 in + let* _ = index_mut_back a1 in + Return () + +(** [arrays::array_local_deep_copy]: + Source: 'src/arrays.rs', lines 118:0-118:43 *) +let array_local_deep_copy (x : array u32 32) : result unit = + Return () + +(** [arrays::take_array]: + Source: 'src/arrays.rs', lines 122:0-122:30 *) +let take_array (a : array u32 2) : result unit = + Return () + +(** [arrays::take_array_borrow]: + Source: 'src/arrays.rs', lines 123:0-123:38 *) +let take_array_borrow (a : array u32 2) : result unit = + Return () + +(** [arrays::take_slice]: + Source: 'src/arrays.rs', lines 124:0-124:28 *) +let take_slice (s : slice u32) : result unit = + Return () + +(** [arrays::take_mut_slice]: + Source: 'src/arrays.rs', lines 125:0-125:36 *) +let take_mut_slice (s : slice u32) : result (slice u32) = + Return s + +(** [arrays::const_array]: + Source: 'src/arrays.rs', lines 127:0-127:32 *) +let const_array : result (array u32 2) = + Return (mk_array u32 2 [ 0; 0 ]) + +(** [arrays::const_slice]: + Source: 'src/arrays.rs', lines 131:0-131:20 *) +let const_slice : result unit = + let* _ = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in Return () + +(** [arrays::take_all]: + Source: 'src/arrays.rs', lines 141:0-141:17 *) +let take_all : result unit = + let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in + let* _ = take_array (mk_array u32 2 [ 0; 0 ]) in + let* _ = take_array_borrow (mk_array u32 2 [ 0; 0 ]) in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* _ = take_slice s in + let* (s1, to_slice_mut_back) = + array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* s2 = take_mut_slice s1 in + let* _ = to_slice_mut_back s2 in + Return () + +(** [arrays::index_array]: + Source: 'src/arrays.rs', lines 155:0-155:38 *) +let index_array (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::index_array_borrow]: + Source: 'src/arrays.rs', lines 158:0-158:46 *) +let index_array_borrow (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::index_slice_u32_0]: + Source: 'src/arrays.rs', lines 162:0-162:42 *) +let index_slice_u32_0 (x : slice u32) : result u32 = + slice_index_usize u32 x 0 + +(** [arrays::index_mut_slice_u32_0]: + Source: 'src/arrays.rs', lines 166:0-166:50 *) +let index_mut_slice_u32_0 (x : slice u32) : result (u32 & (slice u32)) = + let* i = slice_index_usize u32 x 0 in Return (i, x) + +(** [arrays::index_all]: + Source: 'src/arrays.rs', lines 170:0-170:25 *) +let index_all : result u32 = + let* i = index_array (mk_array u32 2 [ 0; 0 ]) in + let* i1 = index_array (mk_array u32 2 [ 0; 0 ]) in + let* i2 = u32_add i i1 in + let* i3 = index_array_borrow (mk_array u32 2 [ 0; 0 ]) in + let* i4 = u32_add i2 i3 in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* i5 = index_slice_u32_0 s in + let* i6 = u32_add i4 i5 in + let* (s1, to_slice_mut_back) = + array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* (i7, s2) = index_mut_slice_u32_0 s1 in + let* i8 = u32_add i6 i7 in + let* _ = to_slice_mut_back s2 in + Return i8 + +(** [arrays::update_array]: + Source: 'src/arrays.rs', lines 184:0-184:36 *) +let update_array (x : array u32 2) : result unit = + let* (_, index_mut_back) = array_index_mut_usize u32 2 x 0 in + let* _ = index_mut_back 1 in + Return () + +(** [arrays::update_array_mut_borrow]: + Source: 'src/arrays.rs', lines 187:0-187:48 *) +let update_array_mut_borrow (x : array u32 2) : result (array u32 2) = + let* (_, index_mut_back) = array_index_mut_usize u32 2 x 0 in + index_mut_back 1 + +(** [arrays::update_mut_slice]: + Source: 'src/arrays.rs', lines 190:0-190:38 *) +let update_mut_slice (x : slice u32) : result (slice u32) = + let* (_, index_mut_back) = slice_index_mut_usize u32 x 0 in index_mut_back 1 + +(** [arrays::update_all]: + Source: 'src/arrays.rs', lines 194:0-194:19 *) +let update_all : result unit = + let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in + let* _ = update_array (mk_array u32 2 [ 0; 0 ]) in + let* a = update_array_mut_borrow (mk_array u32 2 [ 0; 0 ]) in + let* (s, to_slice_mut_back) = array_to_slice_mut u32 2 a in + let* s1 = update_mut_slice s in + let* _ = to_slice_mut_back s1 in + Return () + +(** [arrays::range_all]: + Source: 'src/arrays.rs', lines 205:0-205:18 *) +let range_all : result unit = + let* (s, index_mut_back) = + core_array_Array_index_mut u32 (core_ops_range_Range usize) 4 + (core_ops_index_IndexMutSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) + (mk_array u32 4 [ 0; 0; 0; 0 ]) { start = 1; end_ = 3 } in + let* s1 = update_mut_slice s in + let* _ = index_mut_back s1 in + Return () + +(** [arrays::deref_array_borrow]: + Source: 'src/arrays.rs', lines 214:0-214:46 *) +let deref_array_borrow (x : array u32 2) : result u32 = + array_index_usize u32 2 x 0 + +(** [arrays::deref_array_mut_borrow]: + Source: 'src/arrays.rs', lines 219:0-219:54 *) +let deref_array_mut_borrow (x : array u32 2) : result (u32 & (array u32 2)) = + let* i = array_index_usize u32 2 x 0 in Return (i, x) + +(** [arrays::take_array_t]: + Source: 'src/arrays.rs', lines 227:0-227:31 *) +let take_array_t (a : array aB_t 2) : result unit = + Return () + +(** [arrays::non_copyable_array]: + Source: 'src/arrays.rs', lines 229:0-229:27 *) +let non_copyable_array : result unit = + let* _ = take_array_t (mk_array aB_t 2 [ AB_A; AB_B ]) in Return () + +(** [arrays::sum]: loop 0: + Source: 'src/arrays.rs', lines 242:0-250:1 *) +let rec sum_loop + (s : slice u32) (sum1 : u32) (i : usize) : + Tot (result u32) (decreases (sum_loop_decreases s sum1 i)) + = + let i1 = slice_len u32 s in + if i < i1 + then + let* i2 = slice_index_usize u32 s i in + let* sum3 = u32_add sum1 i2 in + let* i3 = usize_add i 1 in + sum_loop s sum3 i3 + else Return sum1 + +(** [arrays::sum]: + Source: 'src/arrays.rs', lines 242:0-242:28 *) +let sum (s : slice u32) : result u32 = + sum_loop s 0 0 + +(** [arrays::sum2]: loop 0: + Source: 'src/arrays.rs', lines 252:0-261:1 *) +let rec sum2_loop + (s : slice u32) (s2 : slice u32) (sum1 : u32) (i : usize) : + Tot (result u32) (decreases (sum2_loop_decreases s s2 sum1 i)) + = + let i1 = slice_len u32 s in + if i < i1 + then + let* i2 = slice_index_usize u32 s i in + let* i3 = slice_index_usize u32 s2 i in + let* i4 = u32_add i2 i3 in + let* sum3 = u32_add sum1 i4 in + let* i5 = usize_add i 1 in + sum2_loop s s2 sum3 i5 + else Return sum1 + +(** [arrays::sum2]: + Source: 'src/arrays.rs', lines 252:0-252:41 *) +let sum2 (s : slice u32) (s2 : slice u32) : result u32 = + let i = slice_len u32 s in + let i1 = slice_len u32 s2 in + if not (i = i1) then Fail Failure else sum2_loop s s2 0 0 + +(** [arrays::f0]: + Source: 'src/arrays.rs', lines 263:0-263:11 *) +let f0 : result unit = + let* (s, to_slice_mut_back) = + array_to_slice_mut u32 2 (mk_array u32 2 [ 1; 2 ]) in + let* (_, index_mut_back) = slice_index_mut_usize u32 s 0 in + let* s1 = index_mut_back 1 in + let* _ = to_slice_mut_back s1 in + Return () + +(** [arrays::f1]: + Source: 'src/arrays.rs', lines 268:0-268:11 *) +let f1 : result unit = + let* (_, index_mut_back) = + array_index_mut_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in + let* _ = index_mut_back 1 in + Return () + +(** [arrays::f2]: + Source: 'src/arrays.rs', lines 273:0-273:17 *) +let f2 (i : u32) : result unit = + Return () + +(** [arrays::f4]: + Source: 'src/arrays.rs', lines 282:0-282:54 *) +let f4 (x : array u32 32) (y : usize) (z : usize) : result (slice u32) = + core_array_Array_index u32 (core_ops_range_Range usize) 32 + (core_ops_index_IndexSliceTIInst u32 (core_ops_range_Range usize) + (core_slice_index_SliceIndexRangeUsizeSliceTInst u32)) x + { start = y; end_ = z } + +(** [arrays::f3]: + Source: 'src/arrays.rs', lines 275:0-275:18 *) +let f3 : result u32 = + let* i = array_index_usize u32 2 (mk_array u32 2 [ 1; 2 ]) 0 in + let* _ = f2 i in + let b = array_repeat u32 32 0 in + let* s = array_to_slice u32 2 (mk_array u32 2 [ 1; 2 ]) in + let* s1 = f4 b 16 18 in + sum2 s s1 + +(** [arrays::SZ] + Source: 'src/arrays.rs', lines 286:0-286:19 *) +let sz_body : result usize = Return 32 +let sz_c : usize = eval_global sz_body + +(** [arrays::f5]: + Source: 'src/arrays.rs', lines 289:0-289:31 *) +let f5 (x : array u32 32) : result u32 = + array_index_usize u32 32 x 0 + +(** [arrays::ite]: + Source: 'src/arrays.rs', lines 294:0-294:12 *) +let ite : result unit = + let* (s, to_slice_mut_back) = + array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* (_, s1) = index_mut_slice_u32_0 s in + let* (s2, to_slice_mut_back1) = + array_to_slice_mut u32 2 (mk_array u32 2 [ 0; 0 ]) in + let* (_, s3) = index_mut_slice_u32_0 s2 in + let* _ = to_slice_mut_back1 s3 in + let* _ = to_slice_mut_back s1 in + Return () + diff --git a/tests/fstar/arrays/Arrays.Types.fst b/tests/fstar/arrays/Arrays.Types.fst new file mode 100644 index 00000000..d3596e92 --- /dev/null +++ b/tests/fstar/arrays/Arrays.Types.fst @@ -0,0 +1,11 @@ +(** THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS *) +(** [arrays]: type definitions *) +module Arrays.Types +open Primitives + +#set-options "--z3rlimit 50 --fuel 1 --ifuel 1" + +(** [arrays::AB] + Source: 'src/arrays.rs', lines 3:0-3:11 *) +type aB_t = | AB_A : aB_t | AB_B : aB_t + diff --git a/tests/fstar/arrays/Makefile b/tests/fstar/arrays/Makefile new file mode 100644 index 00000000..fa7d1f36 --- /dev/null +++ b/tests/fstar/arrays/Makefile @@ -0,0 +1,49 @@ +# This file was automatically generated - modify ../Makefile.template instead +INCLUDE_DIRS = . + +FSTAR_INCLUDES = $(addprefix --include ,$(INCLUDE_DIRS)) + +FSTAR_HINTS ?= --use_hints --use_hint_hashes --record_hints + +FSTAR_OPTIONS = $(FSTAR_HINTS) \ + --cache_checked_modules $(FSTAR_INCLUDES) --cmi \ + --warn_error '+241@247+285-274' \ + +FSTAR_EXE ?= fstar.exe +FSTAR_NO_FLAGS = $(FSTAR_EXE) --already_cached 'Prims FStar LowStar Steel' --odir obj --cache_dir obj + +FSTAR = $(FSTAR_NO_FLAGS) $(FSTAR_OPTIONS) + +# The F* roots are used to compute the dependency graph, and generate the .depend file +FSTAR_ROOTS ?= $(wildcard *.fst *.fsti) + +# Build all the files +all: $(addprefix obj/,$(addsuffix .checked,$(FSTAR_ROOTS))) + +# This is the right way to ensure the .depend file always gets re-built. +ifeq (,$(filter %-in,$(MAKECMDGOALS))) +ifndef NODEPEND +ifndef MAKE_RESTARTS +.depend: .FORCE + $(FSTAR_NO_FLAGS) --dep full $(notdir $(FSTAR_ROOTS)) > $@ + +.PHONY: .FORCE +.FORCE: +endif +endif + +include .depend +endif + +# For the interactive mode +%.fst-in %.fsti-in: + @echo $(FSTAR_OPTIONS) + +# Generete the .checked files in batch mode +%.checked: + $(FSTAR) $(FSTAR_OPTIONS) $< && \ + touch -c $@ + +.PHONY: clean +clean: + rm -f obj/* diff --git a/tests/fstar/arrays/Primitives.fst b/tests/fstar/arrays/Primitives.fst new file mode 100644 index 00000000..fca80829 --- /dev/null +++ b/tests/fstar/arrays/Primitives.fst @@ -0,0 +1,848 @@ +/// This file lists primitive and assumed functions and types +module Primitives +open FStar.Mul +open FStar.List.Tot + +#set-options "--z3rlimit 15 --fuel 0 --ifuel 1" + +(*** Utilities *) +val list_update (#a : Type0) (ls : list a) (i : nat{i < length ls}) (x : a) : + ls':list a{ + length ls' = length ls /\ + index ls' i == x + } +#push-options "--fuel 1" +let rec list_update #a ls i x = + match ls with + | x' :: ls -> if i = 0 then x :: ls else x' :: list_update ls (i-1) x +#pop-options + +(*** Result *) +type error : Type0 = +| Failure +| OutOfFuel + +type result (a : Type0) : Type0 = +| Return : v:a -> result a +| Fail : e:error -> result a + +// Monadic return operator +unfold let return (#a : Type0) (x : a) : result a = Return x + +// Monadic bind operator. +// Allows to use the notation: +// ``` +// let* x = y in +// ... +// ``` +unfold let (let*) (#a #b : Type0) (m: result a) + (f: (x:a) -> Pure (result b) (requires (m == Return x)) (ensures fun _ -> True)) : + result b = + match m with + | Return x -> f x + | Fail e -> Fail e + +// Monadic assert(...) +let massert (b:bool) : result unit = if b then Return () else Fail Failure + +// Normalize and unwrap a successful result (used for globals). +let eval_global (#a : Type0) (x : result a{Return? (normalize_term x)}) : a = Return?.v x + +(*** Misc *) +type char = FStar.Char.char +type string = string + +let is_zero (n: nat) : bool = n = 0 +let decrease (n: nat{n > 0}) : nat = n - 1 + +let core_mem_replace (a : Type0) (x : a) (y : a) : a & a = (x, x) + +// We don't really use raw pointers for now +type mut_raw_ptr (t : Type0) = { v : t } +type const_raw_ptr (t : Type0) = { v : t } + +(*** Scalars *) +/// Rem.: most of the following code was partially generated + +assume val size_numbits : pos + +// TODO: we could use FStar.Int.int_t and FStar.UInt.int_t + +let isize_min : int = -9223372036854775808 // TODO: should be opaque +let isize_max : int = 9223372036854775807 // TODO: should be opaque +let i8_min : int = -128 +let i8_max : int = 127 +let i16_min : int = -32768 +let i16_max : int = 32767 +let i32_min : int = -2147483648 +let i32_max : int = 2147483647 +let i64_min : int = -9223372036854775808 +let i64_max : int = 9223372036854775807 +let i128_min : int = -170141183460469231731687303715884105728 +let i128_max : int = 170141183460469231731687303715884105727 +let usize_min : int = 0 +let usize_max : int = 4294967295 // TODO: should be opaque +let u8_min : int = 0 +let u8_max : int = 255 +let u16_min : int = 0 +let u16_max : int = 65535 +let u32_min : int = 0 +let u32_max : int = 4294967295 +let u64_min : int = 0 +let u64_max : int = 18446744073709551615 +let u128_min : int = 0 +let u128_max : int = 340282366920938463463374607431768211455 + +type scalar_ty = +| Isize +| I8 +| I16 +| I32 +| I64 +| I128 +| Usize +| U8 +| U16 +| U32 +| U64 +| U128 + +let is_unsigned = function + | Isize | I8 | I16 | I32 | I64 | I128 -> false + | Usize | U8 | U16 | U32 | U64 | U128 -> true + +let scalar_min (ty : scalar_ty) : int = + match ty with + | Isize -> isize_min + | I8 -> i8_min + | I16 -> i16_min + | I32 -> i32_min + | I64 -> i64_min + | I128 -> i128_min + | Usize -> usize_min + | U8 -> u8_min + | U16 -> u16_min + | U32 -> u32_min + | U64 -> u64_min + | U128 -> u128_min + +let scalar_max (ty : scalar_ty) : int = + match ty with + | Isize -> isize_max + | I8 -> i8_max + | I16 -> i16_max + | I32 -> i32_max + | I64 -> i64_max + | I128 -> i128_max + | Usize -> usize_max + | U8 -> u8_max + | U16 -> u16_max + | U32 -> u32_max + | U64 -> u64_max + | U128 -> u128_max + +type scalar (ty : scalar_ty) : eqtype = x:int{scalar_min ty <= x && x <= scalar_max ty} + +let mk_scalar (ty : scalar_ty) (x : int) : result (scalar ty) = + if scalar_min ty <= x && scalar_max ty >= x then Return x else Fail Failure + +let scalar_neg (#ty : scalar_ty) (x : scalar ty) : result (scalar ty) = mk_scalar ty (-x) + +let scalar_div (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (x / y) else Fail Failure + +/// The remainder operation +let int_rem (x : int) (y : int{y <> 0}) : int = + if x >= 0 then (x % y) else -(x % y) + +(* Checking consistency with Rust *) +let _ = assert_norm(int_rem 1 2 = 1) +let _ = assert_norm(int_rem (-1) 2 = -1) +let _ = assert_norm(int_rem 1 (-2) = 1) +let _ = assert_norm(int_rem (-1) (-2) = -1) + +let scalar_rem (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + if y <> 0 then mk_scalar ty (int_rem x y) else Fail Failure + +let scalar_add (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x + y) + +let scalar_sub (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x - y) + +let scalar_mul (#ty : scalar_ty) (x : scalar ty) (y : scalar ty) : result (scalar ty) = + mk_scalar ty (x * y) + +let scalar_xor (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logxor #8 x y + | U16 -> FStar.UInt.logxor #16 x y + | U32 -> FStar.UInt.logxor #32 x y + | U64 -> FStar.UInt.logxor #64 x y + | U128 -> FStar.UInt.logxor #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logxor #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logxor #16 x y + | I32 -> FStar.Int.logxor #32 x y + | I64 -> FStar.Int.logxor #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logxor #128 x y + | Isize -> admit() // TODO + +let scalar_or (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logor #8 x y + | U16 -> FStar.UInt.logor #16 x y + | U32 -> FStar.UInt.logor #32 x y + | U64 -> FStar.UInt.logor #64 x y + | U128 -> FStar.UInt.logor #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logor #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logor #16 x y + | I32 -> FStar.Int.logor #32 x y + | I64 -> FStar.Int.logor #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logor #128 x y + | Isize -> admit() // TODO + +let scalar_and (#ty : scalar_ty) + (x : scalar ty) (y : scalar ty) : scalar ty = + match ty with + | U8 -> FStar.UInt.logand #8 x y + | U16 -> FStar.UInt.logand #16 x y + | U32 -> FStar.UInt.logand #32 x y + | U64 -> FStar.UInt.logand #64 x y + | U128 -> FStar.UInt.logand #128 x y + | Usize -> admit() // TODO + | I8 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 8); + normalize_spec (scalar I8); + FStar.Int.logand #8 x y + | I16 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 16); + normalize_spec (scalar I16); + FStar.Int.logand #16 x y + | I32 -> FStar.Int.logand #32 x y + | I64 -> FStar.Int.logand #64 x y + | I128 -> + // Encoding issues... + normalize_spec (FStar.Int.int_t 128); + normalize_spec (scalar I128); + FStar.Int.logand #128 x y + | Isize -> admit() // TODO + +// Shift left +let scalar_shl (#ty0 #ty1 : scalar_ty) + (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = + admit() + +// Shift right +let scalar_shr (#ty0 #ty1 : scalar_ty) + (x : scalar ty0) (y : scalar ty1) : result (scalar ty0) = + admit() + +(** Cast an integer from a [src_ty] to a [tgt_ty] *) +// TODO: check the semantics of casts in Rust +let scalar_cast (src_ty : scalar_ty) (tgt_ty : scalar_ty) (x : scalar src_ty) : result (scalar tgt_ty) = + mk_scalar tgt_ty x + +// This can't fail, but for now we make all casts faillible (easier for the translation) +let scalar_cast_bool (tgt_ty : scalar_ty) (x : bool) : result (scalar tgt_ty) = + mk_scalar tgt_ty (if x then 1 else 0) + +/// The scalar types +type isize : eqtype = scalar Isize +type i8 : eqtype = scalar I8 +type i16 : eqtype = scalar I16 +type i32 : eqtype = scalar I32 +type i64 : eqtype = scalar I64 +type i128 : eqtype = scalar I128 +type usize : eqtype = scalar Usize +type u8 : eqtype = scalar U8 +type u16 : eqtype = scalar U16 +type u32 : eqtype = scalar U32 +type u64 : eqtype = scalar U64 +type u128 : eqtype = scalar U128 + + +let core_isize_min : isize = isize_min +let core_isize_max : isize = isize_max +let core_i8_min : i8 = i8_min +let core_i8_max : i8 = i8_max +let core_i16_min : i16 = i16_min +let core_i16_max : i16 = i16_max +let core_i32_min : i32 = i32_min +let core_i32_max : i32 = i32_max +let core_i64_min : i64 = i64_min +let core_i64_max : i64 = i64_max +let core_i128_min : i128 = i128_min +let core_i128_max : i128 = i128_max + +let core_usize_min : usize = usize_min +let core_usize_max : usize = usize_max +let core_u8_min : u8 = u8_min +let core_u8_max : u8 = u8_max +let core_u16_min : u16 = u16_min +let core_u16_max : u16 = u16_max +let core_u32_min : u32 = u32_min +let core_u32_max : u32 = u32_max +let core_u64_min : u64 = u64_min +let core_u64_max : u64 = u64_max +let core_u128_min : u128 = u128_min +let core_u128_max : u128 = u128_max + +/// Negation +let isize_neg = scalar_neg #Isize +let i8_neg = scalar_neg #I8 +let i16_neg = scalar_neg #I16 +let i32_neg = scalar_neg #I32 +let i64_neg = scalar_neg #I64 +let i128_neg = scalar_neg #I128 + +/// Division +let isize_div = scalar_div #Isize +let i8_div = scalar_div #I8 +let i16_div = scalar_div #I16 +let i32_div = scalar_div #I32 +let i64_div = scalar_div #I64 +let i128_div = scalar_div #I128 +let usize_div = scalar_div #Usize +let u8_div = scalar_div #U8 +let u16_div = scalar_div #U16 +let u32_div = scalar_div #U32 +let u64_div = scalar_div #U64 +let u128_div = scalar_div #U128 + +/// Remainder +let isize_rem = scalar_rem #Isize +let i8_rem = scalar_rem #I8 +let i16_rem = scalar_rem #I16 +let i32_rem = scalar_rem #I32 +let i64_rem = scalar_rem #I64 +let i128_rem = scalar_rem #I128 +let usize_rem = scalar_rem #Usize +let u8_rem = scalar_rem #U8 +let u16_rem = scalar_rem #U16 +let u32_rem = scalar_rem #U32 +let u64_rem = scalar_rem #U64 +let u128_rem = scalar_rem #U128 + +/// Addition +let isize_add = scalar_add #Isize +let i8_add = scalar_add #I8 +let i16_add = scalar_add #I16 +let i32_add = scalar_add #I32 +let i64_add = scalar_add #I64 +let i128_add = scalar_add #I128 +let usize_add = scalar_add #Usize +let u8_add = scalar_add #U8 +let u16_add = scalar_add #U16 +let u32_add = scalar_add #U32 +let u64_add = scalar_add #U64 +let u128_add = scalar_add #U128 + +/// Subtraction +let isize_sub = scalar_sub #Isize +let i8_sub = scalar_sub #I8 +let i16_sub = scalar_sub #I16 +let i32_sub = scalar_sub #I32 +let i64_sub = scalar_sub #I64 +let i128_sub = scalar_sub #I128 +let usize_sub = scalar_sub #Usize +let u8_sub = scalar_sub #U8 +let u16_sub = scalar_sub #U16 +let u32_sub = scalar_sub #U32 +let u64_sub = scalar_sub #U64 +let u128_sub = scalar_sub #U128 + +/// Multiplication +let isize_mul = scalar_mul #Isize +let i8_mul = scalar_mul #I8 +let i16_mul = scalar_mul #I16 +let i32_mul = scalar_mul #I32 +let i64_mul = scalar_mul #I64 +let i128_mul = scalar_mul #I128 +let usize_mul = scalar_mul #Usize +let u8_mul = scalar_mul #U8 +let u16_mul = scalar_mul #U16 +let u32_mul = scalar_mul #U32 +let u64_mul = scalar_mul #U64 +let u128_mul = scalar_mul #U128 + +/// Xor +let u8_xor = scalar_xor #U8 +let u16_xor = scalar_xor #U16 +let u32_xor = scalar_xor #U32 +let u64_xor = scalar_xor #U64 +let u128_xor = scalar_xor #U128 +let usize_xor = scalar_xor #Usize +let i8_xor = scalar_xor #I8 +let i16_xor = scalar_xor #I16 +let i32_xor = scalar_xor #I32 +let i64_xor = scalar_xor #I64 +let i128_xor = scalar_xor #I128 +let isize_xor = scalar_xor #Isize + +/// Or +let u8_or = scalar_or #U8 +let u16_or = scalar_or #U16 +let u32_or = scalar_or #U32 +let u64_or = scalar_or #U64 +let u128_or = scalar_or #U128 +let usize_or = scalar_or #Usize +let i8_or = scalar_or #I8 +let i16_or = scalar_or #I16 +let i32_or = scalar_or #I32 +let i64_or = scalar_or #I64 +let i128_or = scalar_or #I128 +let isize_or = scalar_or #Isize + +/// And +let u8_and = scalar_and #U8 +let u16_and = scalar_and #U16 +let u32_and = scalar_and #U32 +let u64_and = scalar_and #U64 +let u128_and = scalar_and #U128 +let usize_and = scalar_and #Usize +let i8_and = scalar_and #I8 +let i16_and = scalar_and #I16 +let i32_and = scalar_and #I32 +let i64_and = scalar_and #I64 +let i128_and = scalar_and #I128 +let isize_and = scalar_and #Isize + +/// Shift left +let u8_shl #ty = scalar_shl #U8 #ty +let u16_shl #ty = scalar_shl #U16 #ty +let u32_shl #ty = scalar_shl #U32 #ty +let u64_shl #ty = scalar_shl #U64 #ty +let u128_shl #ty = scalar_shl #U128 #ty +let usize_shl #ty = scalar_shl #Usize #ty +let i8_shl #ty = scalar_shl #I8 #ty +let i16_shl #ty = scalar_shl #I16 #ty +let i32_shl #ty = scalar_shl #I32 #ty +let i64_shl #ty = scalar_shl #I64 #ty +let i128_shl #ty = scalar_shl #I128 #ty +let isize_shl #ty = scalar_shl #Isize #ty + +/// Shift right +let u8_shr #ty = scalar_shr #U8 #ty +let u16_shr #ty = scalar_shr #U16 #ty +let u32_shr #ty = scalar_shr #U32 #ty +let u64_shr #ty = scalar_shr #U64 #ty +let u128_shr #ty = scalar_shr #U128 #ty +let usize_shr #ty = scalar_shr #Usize #ty +let i8_shr #ty = scalar_shr #I8 #ty +let i16_shr #ty = scalar_shr #I16 #ty +let i32_shr #ty = scalar_shr #I32 #ty +let i64_shr #ty = scalar_shr #I64 #ty +let i128_shr #ty = scalar_shr #I128 #ty +let isize_shr #ty = scalar_shr #Isize #ty + +(*** core::ops *) + +// Trait declaration: [core::ops::index::Index] +noeq type core_ops_index_Index (self idx : Type0) = { + output : Type0; + index : self → idx → result output +} + +// Trait declaration: [core::ops::index::IndexMut] +noeq type core_ops_index_IndexMut (self idx : Type0) = { + indexInst : core_ops_index_Index self idx; + index_mut : self → idx → result (indexInst.output & (indexInst.output → result self)); +} + +// Trait declaration [core::ops::deref::Deref] +noeq type core_ops_deref_Deref (self : Type0) = { + target : Type0; + deref : self → result target; +} + +// Trait declaration [core::ops::deref::DerefMut] +noeq type core_ops_deref_DerefMut (self : Type0) = { + derefInst : core_ops_deref_Deref self; + deref_mut : self → result (derefInst.target & (derefInst.target → result self)); +} + +type core_ops_range_Range (a : Type0) = { + start : a; + end_ : a; +} + +(*** [alloc] *) + +let alloc_boxed_Box_deref (t : Type0) (x : t) : result t = Return x +let alloc_boxed_Box_deref_mut (t : Type0) (x : t) : result (t & (t -> result t)) = + Return (x, (fun x -> Return x)) + +// Trait instance +let alloc_boxed_Box_coreopsDerefInst (self : Type0) : core_ops_deref_Deref self = { + target = self; + deref = alloc_boxed_Box_deref self; +} + +// Trait instance +let alloc_boxed_Box_coreopsDerefMutInst (self : Type0) : core_ops_deref_DerefMut self = { + derefInst = alloc_boxed_Box_coreopsDerefInst self; + deref_mut = alloc_boxed_Box_deref_mut self; +} + +(*** Array *) +type array (a : Type0) (n : usize) = s:list a{length s = n} + +// We tried putting the normalize_term condition as a refinement on the list +// but it didn't work. It works with the requires clause. +let mk_array (a : Type0) (n : usize) + (l : list a) : + Pure (array a n) + (requires (normalize_term(FStar.List.Tot.length l) = n)) + (ensures (fun _ -> True)) = + normalize_term_spec (FStar.List.Tot.length l); + l + +let array_index_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : result a = + if i < length x then Return (index x i) + else Fail Failure + +let array_update_usize (a : Type0) (n : usize) (x : array a n) (i : usize) (nx : a) : + result (array a n) = + if i < length x then Return (list_update x i nx) + else Fail Failure + +let array_index_mut_usize (a : Type0) (n : usize) (x : array a n) (i : usize) : + result (a & (a -> result (array a n))) = + match array_index_usize a n x i with + | Fail e -> Fail e + | Return v -> + Return (v, array_update_usize a n x i) + +(*** Slice *) +type slice (a : Type0) = s:list a{length s <= usize_max} + +let slice_len (a : Type0) (s : slice a) : usize = length s + +let slice_index_usize (a : Type0) (x : slice a) (i : usize) : result a = + if i < length x then Return (index x i) + else Fail Failure + +let slice_update_usize (a : Type0) (x : slice a) (i : usize) (nx : a) : result (slice a) = + if i < length x then Return (list_update x i nx) + else Fail Failure + +let slice_index_mut_usize (a : Type0) (s : slice a) (i : usize) : + result (a & (a -> result (slice a))) = + match slice_index_usize a s i with + | Fail e -> Fail e + | Return x -> + Return (x, slice_update_usize a s i) + +(*** Subslices *) + +let array_to_slice (a : Type0) (n : usize) (x : array a n) : result (slice a) = Return x +let array_from_slice (a : Type0) (n : usize) (x : array a n) (s : slice a) : result (array a n) = + if length s = n then Return s + else Fail Failure + +let array_to_slice_mut (a : Type0) (n : usize) (x : array a n) : + result (slice a & (slice a -> result (array a n))) = + Return (x, array_from_slice a n x) + +// TODO: finish the definitions below (there lacks [List.drop] and [List.take] in the standard library *) +let array_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) : result (slice a) = + admit() + +let array_update_subslice (a : Type0) (n : usize) (x : array a n) (r : core_ops_range_Range usize) (ns : slice a) : result (array a n) = + admit() + +let array_repeat (a : Type0) (n : usize) (x : a) : array a n = + admit() + +let slice_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) : result (slice a) = + admit() + +let slice_update_subslice (a : Type0) (x : slice a) (r : core_ops_range_Range usize) (ns : slice a) : result (slice a) = + admit() + +(*** Vector *) +type alloc_vec_Vec (a : Type0) = v:list a{length v <= usize_max} + +let alloc_vec_Vec_new (a : Type0) : alloc_vec_Vec a = assert_norm(length #a [] == 0); [] +let alloc_vec_Vec_len (a : Type0) (v : alloc_vec_Vec a) : usize = length v + +// Helper +let alloc_vec_Vec_index_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : result a = + if i < length v then Return (index v i) else Fail Failure +// Helper +let alloc_vec_Vec_update_usize (#a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = + if i < length v then Return (list_update v i x) else Fail Failure + +let alloc_vec_Vec_index_mut_usize (#a : Type0) (v: alloc_vec_Vec a) (i: usize) : + result (a & (a → result (alloc_vec_Vec a))) = + match alloc_vec_Vec_index_usize v i with + | Return x -> + Return (x, alloc_vec_Vec_update_usize v i) + | Fail e -> Fail e + +let alloc_vec_Vec_push (a : Type0) (v : alloc_vec_Vec a) (x : a) : + Pure (result (alloc_vec_Vec a)) + (requires True) + (ensures (fun res -> + match res with + | Fail e -> e == Failure + | Return v' -> length v' = length v + 1)) = + if length v < usize_max then begin + (**) assert_norm(length [x] == 1); + (**) append_length v [x]; + (**) assert(length (append v [x]) = length v + 1); + Return (append v [x]) + end + else Fail Failure + +let alloc_vec_Vec_insert (a : Type0) (v : alloc_vec_Vec a) (i : usize) (x : a) : result (alloc_vec_Vec a) = + if i < length v then Return (list_update v i x) else Fail Failure + +// Trait declaration: [core::slice::index::private_slice_index::Sealed] +type core_slice_index_private_slice_index_Sealed (self : Type0) = unit + +// Trait declaration: [core::slice::index::SliceIndex] +noeq type core_slice_index_SliceIndex (self t : Type0) = { + sealedInst : core_slice_index_private_slice_index_Sealed self; + output : Type0; + get : self → t → result (option output); + get_mut : self → t → result (option output & (option output -> result t)); + get_unchecked : self → const_raw_ptr t → result (const_raw_ptr output); + get_unchecked_mut : self → mut_raw_ptr t → result (mut_raw_ptr output); + index : self → t → result output; + index_mut : self → t → result (output & (output -> result t)); +} + +// [core::slice::index::[T]::index]: forward function +let core_slice_index_Slice_index + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (s : slice t) (i : idx) : result inst.output = + let* x = inst.get i s in + match x with + | None -> Fail Failure + | Some x -> Return x + +// [core::slice::index::Range:::get]: forward function +let core_slice_index_RangeUsize_get (t : Type0) (i : core_ops_range_Range usize) (s : slice t) : + result (option (slice t)) = + admit () // TODO + +// [core::slice::index::Range::get_mut]: forward function +let core_slice_index_RangeUsize_get_mut (t : Type0) : + core_ops_range_Range usize → slice t → result (option (slice t) & (option (slice t) -> result (slice t))) = + admit () // TODO + +// [core::slice::index::Range::get_unchecked]: forward function +let core_slice_index_RangeUsize_get_unchecked + (t : Type0) : + core_ops_range_Range usize → const_raw_ptr (slice t) → result (const_raw_ptr (slice t)) = + // Don't know what the model should be - for now we always fail to make + // sure code which uses it fails + fun _ _ -> Fail Failure + +// [core::slice::index::Range::get_unchecked_mut]: forward function +let core_slice_index_RangeUsize_get_unchecked_mut + (t : Type0) : + core_ops_range_Range usize → mut_raw_ptr (slice t) → result (mut_raw_ptr (slice t)) = + // Don't know what the model should be - for now we always fail to make + // sure code which uses it fails + fun _ _ -> Fail Failure + +// [core::slice::index::Range::index]: forward function +let core_slice_index_RangeUsize_index + (t : Type0) : core_ops_range_Range usize → slice t → result (slice t) = + admit () // TODO + +// [core::slice::index::Range::index_mut]: forward function +let core_slice_index_RangeUsize_index_mut (t : Type0) : + core_ops_range_Range usize → slice t → result (slice t & (slice t -> result (slice t))) = + admit () // TODO + +// [core::slice::index::[T]::index_mut]: forward function +let core_slice_index_Slice_index_mut + (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) : + slice t → idx → result (inst.output & (inst.output -> result (slice t))) = + admit () // + +// [core::array::[T; N]::index]: forward function +let core_array_Array_index + (t idx : Type0) (n : usize) (inst : core_ops_index_Index (slice t) idx) + (a : array t n) (i : idx) : result inst.output = + admit () // TODO + +// [core::array::[T; N]::index_mut]: forward function +let core_array_Array_index_mut + (t idx : Type0) (n : usize) (inst : core_ops_index_IndexMut (slice t) idx) + (a : array t n) (i : idx) : + result (inst.indexInst.output & (inst.indexInst.output -> result (array t n))) = + admit () // TODO + +// Trait implementation: [core::slice::index::private_slice_index::Range] +let core_slice_index_private_slice_index_SealedRangeUsizeInst + : core_slice_index_private_slice_index_Sealed (core_ops_range_Range usize) = () + +// Trait implementation: [core::slice::index::Range] +let core_slice_index_SliceIndexRangeUsizeSliceTInst (t : Type0) : + core_slice_index_SliceIndex (core_ops_range_Range usize) (slice t) = { + sealedInst = core_slice_index_private_slice_index_SealedRangeUsizeInst; + output = slice t; + get = core_slice_index_RangeUsize_get t; + get_mut = core_slice_index_RangeUsize_get_mut t; + get_unchecked = core_slice_index_RangeUsize_get_unchecked t; + get_unchecked_mut = core_slice_index_RangeUsize_get_unchecked_mut t; + index = core_slice_index_RangeUsize_index t; + index_mut = core_slice_index_RangeUsize_index_mut t; +} + +// Trait implementation: [core::slice::index::[T]] +let core_ops_index_IndexSliceTIInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_Index (slice t) idx = { + output = inst.output; + index = core_slice_index_Slice_index t idx inst; +} + +// Trait implementation: [core::slice::index::[T]] +let core_ops_index_IndexMutSliceTIInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_IndexMut (slice t) idx = { + indexInst = core_ops_index_IndexSliceTIInst t idx inst; + index_mut = core_slice_index_Slice_index_mut t idx inst; +} + +// Trait implementation: [core::array::[T; N]] +let core_ops_index_IndexArrayInst (t idx : Type0) (n : usize) + (inst : core_ops_index_Index (slice t) idx) : + core_ops_index_Index (array t n) idx = { + output = inst.output; + index = core_array_Array_index t idx n inst; +} + +// Trait implementation: [core::array::[T; N]] +let core_ops_index_IndexMutArrayIInst (t idx : Type0) (n : usize) + (inst : core_ops_index_IndexMut (slice t) idx) : + core_ops_index_IndexMut (array t n) idx = { + indexInst = core_ops_index_IndexArrayInst t idx n inst.indexInst; + index_mut = core_array_Array_index_mut t idx n inst; +} + +// [core::slice::index::usize::get]: forward function +let core_slice_index_usize_get + (t : Type0) : usize → slice t → result (option t) = + admit () // TODO + +// [core::slice::index::usize::get_mut]: forward function +let core_slice_index_usize_get_mut (t : Type0) : + usize → slice t → result (option t & (option t -> result (slice t))) = + admit () // TODO + +// [core::slice::index::usize::get_unchecked]: forward function +let core_slice_index_usize_get_unchecked + (t : Type0) : usize → const_raw_ptr (slice t) → result (const_raw_ptr t) = + admit () // TODO + +// [core::slice::index::usize::get_unchecked_mut]: forward function +let core_slice_index_usize_get_unchecked_mut + (t : Type0) : usize → mut_raw_ptr (slice t) → result (mut_raw_ptr t) = + admit () // TODO + +// [core::slice::index::usize::index]: forward function +let core_slice_index_usize_index (t : Type0) : usize → slice t → result t = + admit () // TODO + +// [core::slice::index::usize::index_mut]: forward function +let core_slice_index_usize_index_mut (t : Type0) : + usize → slice t → result (t & (t -> result (slice t))) = + admit () // TODO + +// Trait implementation: [core::slice::index::private_slice_index::usize] +let core_slice_index_private_slice_index_SealedUsizeInst + : core_slice_index_private_slice_index_Sealed usize = () + +// Trait implementation: [core::slice::index::usize] +let core_slice_index_SliceIndexUsizeSliceTInst (t : Type0) : + core_slice_index_SliceIndex usize (slice t) = { + sealedInst = core_slice_index_private_slice_index_SealedUsizeInst; + output = t; + get = core_slice_index_usize_get t; + get_mut = core_slice_index_usize_get_mut t; + get_unchecked = core_slice_index_usize_get_unchecked t; + get_unchecked_mut = core_slice_index_usize_get_unchecked_mut t; + index = core_slice_index_usize_index t; + index_mut = core_slice_index_usize_index_mut t; +} + +// [alloc::vec::Vec::index]: forward function +let alloc_vec_Vec_index (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (self : alloc_vec_Vec t) (i : idx) : result inst.output = + admit () // TODO + +// [alloc::vec::Vec::index_mut]: forward function +let alloc_vec_Vec_index_mut (t idx : Type0) (inst : core_slice_index_SliceIndex idx (slice t)) + (self : alloc_vec_Vec t) (i : idx) : + result (inst.output & (inst.output -> result (alloc_vec_Vec t))) = + admit () // TODO + +// Trait implementation: [alloc::vec::Vec] +let alloc_vec_Vec_coreopsindexIndexInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_Index (alloc_vec_Vec t) idx = { + output = inst.output; + index = alloc_vec_Vec_index t idx inst; +} + +// Trait implementation: [alloc::vec::Vec] +let alloc_vec_Vec_coreopsindexIndexMutInst (t idx : Type0) + (inst : core_slice_index_SliceIndex idx (slice t)) : + core_ops_index_IndexMut (alloc_vec_Vec t) idx = { + indexInst = alloc_vec_Vec_coreopsindexIndexInst t idx inst; + index_mut = alloc_vec_Vec_index_mut t idx inst; +} + +(*** Theorems *) + +let alloc_vec_Vec_index_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : + Lemma ( + alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == + alloc_vec_Vec_index_usize v i) + [SMTPat (alloc_vec_Vec_index a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] + = + admit() + +let alloc_vec_Vec_index_mut_eq (#a : Type0) (v : alloc_vec_Vec a) (i : usize) : + Lemma ( + alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i == + alloc_vec_Vec_index_mut_usize v i) + [SMTPat (alloc_vec_Vec_index_mut a usize (core_slice_index_SliceIndexUsizeSliceTInst a) v i)] + = + admit() diff --git a/tests/lean/Array.lean b/tests/lean/Array.lean deleted file mode 100644 index b49e30fb..00000000 --- a/tests/lean/Array.lean +++ /dev/null @@ -1,476 +0,0 @@ --- THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS --- [array] -import Base -open Primitives - -namespace array - -/- [array::AB] - Source: 'src/array.rs', lines 3:0-3:11 -/ -inductive AB := -| A : AB -| B : AB - -/- [array::incr]: - Source: 'src/array.rs', lines 8:0-8:24 -/ -def incr (x : U32) : Result U32 := - x + 1#u32 - -/- [array::array_to_shared_slice_]: - Source: 'src/array.rs', lines 16:0-16:53 -/ -def array_to_shared_slice_ - (T : Type) (s : Array T 32#usize) : Result (Slice T) := - Array.to_slice T 32#usize s - -/- [array::array_to_mut_slice_]: - Source: 'src/array.rs', lines 21:0-21:58 -/ -def array_to_mut_slice_ - (T : Type) (s : Array T 32#usize) : - Result ((Slice T) × (Slice T → Result (Array T 32#usize))) - := - do - let (s1, to_slice_mut_back) ← Array.to_slice_mut T 32#usize s - Result.ret (s1, to_slice_mut_back) - -/- [array::array_len]: - Source: 'src/array.rs', lines 25:0-25:40 -/ -def array_len (T : Type) (s : Array T 32#usize) : Result Usize := - do - let s1 ← Array.to_slice T 32#usize s - let i := Slice.len T s1 - Result.ret i - -/- [array::shared_array_len]: - Source: 'src/array.rs', lines 29:0-29:48 -/ -def shared_array_len (T : Type) (s : Array T 32#usize) : Result Usize := - do - let s1 ← Array.to_slice T 32#usize s - let i := Slice.len T s1 - Result.ret i - -/- [array::shared_slice_len]: - Source: 'src/array.rs', lines 33:0-33:44 -/ -def shared_slice_len (T : Type) (s : Slice T) : Result Usize := - let i := Slice.len T s - Result.ret i - -/- [array::index_array_shared]: - Source: 'src/array.rs', lines 37:0-37:57 -/ -def index_array_shared - (T : Type) (s : Array T 32#usize) (i : Usize) : Result T := - Array.index_usize T 32#usize s i - -/- [array::index_array_u32]: - Source: 'src/array.rs', lines 44:0-44:53 -/ -def index_array_u32 (s : Array U32 32#usize) (i : Usize) : Result U32 := - Array.index_usize U32 32#usize s i - -/- [array::index_array_copy]: - Source: 'src/array.rs', lines 48:0-48:45 -/ -def index_array_copy (x : Array U32 32#usize) : Result U32 := - Array.index_usize U32 32#usize x 0#usize - -/- [array::index_mut_array]: - Source: 'src/array.rs', lines 52:0-52:62 -/ -def index_mut_array - (T : Type) (s : Array T 32#usize) (i : Usize) : - Result (T × (T → Result (Array T 32#usize))) - := - do - let (t, index_mut_back) ← Array.index_mut_usize T 32#usize s i - Result.ret (t, index_mut_back) - -/- [array::index_slice]: - Source: 'src/array.rs', lines 56:0-56:46 -/ -def index_slice (T : Type) (s : Slice T) (i : Usize) : Result T := - Slice.index_usize T s i - -/- [array::index_mut_slice]: - Source: 'src/array.rs', lines 60:0-60:58 -/ -def index_mut_slice - (T : Type) (s : Slice T) (i : Usize) : - Result (T × (T → Result (Slice T))) - := - do - let (t, index_mut_back) ← Slice.index_mut_usize T s i - Result.ret (t, index_mut_back) - -/- [array::slice_subslice_shared_]: - Source: 'src/array.rs', lines 64:0-64:70 -/ -def slice_subslice_shared_ - (x : Slice U32) (y : Usize) (z : Usize) : Result (Slice U32) := - core.slice.index.Slice.index U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32) x - { start := y, end_ := z } - -/- [array::slice_subslice_mut_]: - Source: 'src/array.rs', lines 68:0-68:75 -/ -def slice_subslice_mut_ - (x : Slice U32) (y : Usize) (z : Usize) : - Result ((Slice U32) × (Slice U32 → Result (Slice U32))) - := - do - let (s, index_mut_back) ← - core.slice.index.Slice.index_mut U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32) x - { start := y, end_ := z } - Result.ret (s, index_mut_back) - -/- [array::array_to_slice_shared_]: - Source: 'src/array.rs', lines 72:0-72:54 -/ -def array_to_slice_shared_ (x : Array U32 32#usize) : Result (Slice U32) := - Array.to_slice U32 32#usize x - -/- [array::array_to_slice_mut_]: - Source: 'src/array.rs', lines 76:0-76:59 -/ -def array_to_slice_mut_ - (x : Array U32 32#usize) : - Result ((Slice U32) × (Slice U32 → Result (Array U32 32#usize))) - := - do - let (s, to_slice_mut_back) ← Array.to_slice_mut U32 32#usize x - Result.ret (s, to_slice_mut_back) - -/- [array::array_subslice_shared_]: - Source: 'src/array.rs', lines 80:0-80:74 -/ -def array_subslice_shared_ - (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := - core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize - (core.ops.index.IndexSliceTIInst U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x - { start := y, end_ := z } - -/- [array::array_subslice_mut_]: - Source: 'src/array.rs', lines 84:0-84:79 -/ -def array_subslice_mut_ - (x : Array U32 32#usize) (y : Usize) (z : Usize) : - Result ((Slice U32) × (Slice U32 → Result (Array U32 32#usize))) - := - do - let (s, index_mut_back) ← - core.array.Array.index_mut U32 (core.ops.range.Range Usize) 32#usize - (core.ops.index.IndexMutSliceTIInst U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x - { start := y, end_ := z } - Result.ret (s, index_mut_back) - -/- [array::index_slice_0]: - Source: 'src/array.rs', lines 88:0-88:38 -/ -def index_slice_0 (T : Type) (s : Slice T) : Result T := - Slice.index_usize T s 0#usize - -/- [array::index_array_0]: - Source: 'src/array.rs', lines 92:0-92:42 -/ -def index_array_0 (T : Type) (s : Array T 32#usize) : Result T := - Array.index_usize T 32#usize s 0#usize - -/- [array::index_index_array]: - Source: 'src/array.rs', lines 103:0-103:71 -/ -def index_index_array - (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : - Result U32 - := - do - let a ← Array.index_usize (Array U32 32#usize) 32#usize s i - Array.index_usize U32 32#usize a j - -/- [array::update_update_array]: - Source: 'src/array.rs', lines 114:0-114:70 -/ -def update_update_array - (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : - Result Unit - := - do - let (a, index_mut_back) ← - Array.index_mut_usize (Array U32 32#usize) 32#usize s i - let (_, index_mut_back1) ← Array.index_mut_usize U32 32#usize a j - let a1 ← index_mut_back1 0#u32 - let _ ← index_mut_back a1 - Result.ret () - -/- [array::array_local_deep_copy]: - Source: 'src/array.rs', lines 118:0-118:43 -/ -def array_local_deep_copy (x : Array U32 32#usize) : Result Unit := - Result.ret () - -/- [array::take_array]: - Source: 'src/array.rs', lines 122:0-122:30 -/ -def take_array (a : Array U32 2#usize) : Result Unit := - Result.ret () - -/- [array::take_array_borrow]: - Source: 'src/array.rs', lines 123:0-123:38 -/ -def take_array_borrow (a : Array U32 2#usize) : Result Unit := - Result.ret () - -/- [array::take_slice]: - Source: 'src/array.rs', lines 124:0-124:28 -/ -def take_slice (s : Slice U32) : Result Unit := - Result.ret () - -/- [array::take_mut_slice]: - Source: 'src/array.rs', lines 125:0-125:36 -/ -def take_mut_slice (s : Slice U32) : Result (Slice U32) := - Result.ret s - -/- [array::const_array]: - Source: 'src/array.rs', lines 127:0-127:32 -/ -def const_array : Result (Array U32 2#usize) := - Result.ret (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - -/- [array::const_slice]: - Source: 'src/array.rs', lines 131:0-131:20 -/ -def const_slice : Result Unit := - do - let _ ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - Result.ret () - -/- [array::take_all]: - Source: 'src/array.rs', lines 141:0-141:17 -/ -def take_all : Result Unit := - do - let _ ← take_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← take_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← take_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← take_slice s - let (s1, to_slice_mut_back) ← - Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s2 ← take_mut_slice s1 - let _ ← to_slice_mut_back s2 - Result.ret () - -/- [array::index_array]: - Source: 'src/array.rs', lines 155:0-155:38 -/ -def index_array (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::index_array_borrow]: - Source: 'src/array.rs', lines 158:0-158:46 -/ -def index_array_borrow (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::index_slice_u32_0]: - Source: 'src/array.rs', lines 162:0-162:42 -/ -def index_slice_u32_0 (x : Slice U32) : Result U32 := - Slice.index_usize U32 x 0#usize - -/- [array::index_mut_slice_u32_0]: - Source: 'src/array.rs', lines 166:0-166:50 -/ -def index_mut_slice_u32_0 (x : Slice U32) : Result (U32 × (Slice U32)) := - do - let i ← Slice.index_usize U32 x 0#usize - Result.ret (i, x) - -/- [array::index_all]: - Source: 'src/array.rs', lines 170:0-170:25 -/ -def index_all : Result U32 := - do - let i ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i1 ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i2 ← i + i1 - let i3 ← index_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i4 ← i2 + i3 - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i5 ← index_slice_u32_0 s - let i6 ← i4 + i5 - let (s1, to_slice_mut_back) ← - Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let (i7, s2) ← index_mut_slice_u32_0 s1 - let i8 ← i6 + i7 - let _ ← to_slice_mut_back s2 - Result.ret i8 - -/- [array::update_array]: - Source: 'src/array.rs', lines 184:0-184:36 -/ -def update_array (x : Array U32 2#usize) : Result Unit := - do - let (_, index_mut_back) ← Array.index_mut_usize U32 2#usize x 0#usize - let _ ← index_mut_back 1#u32 - Result.ret () - -/- [array::update_array_mut_borrow]: - Source: 'src/array.rs', lines 187:0-187:48 -/ -def update_array_mut_borrow - (x : Array U32 2#usize) : Result (Array U32 2#usize) := - do - let (_, index_mut_back) ← Array.index_mut_usize U32 2#usize x 0#usize - index_mut_back 1#u32 - -/- [array::update_mut_slice]: - Source: 'src/array.rs', lines 190:0-190:38 -/ -def update_mut_slice (x : Slice U32) : Result (Slice U32) := - do - let (_, index_mut_back) ← Slice.index_mut_usize U32 x 0#usize - index_mut_back 1#u32 - -/- [array::update_all]: - Source: 'src/array.rs', lines 194:0-194:19 -/ -def update_all : Result Unit := - do - let _ ← update_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← update_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let a ← update_array_mut_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let (s, to_slice_mut_back) ← Array.to_slice_mut U32 2#usize a - let s1 ← update_mut_slice s - let _ ← to_slice_mut_back s1 - Result.ret () - -/- [array::range_all]: - Source: 'src/array.rs', lines 205:0-205:18 -/ -def range_all : Result Unit := - do - let (s, index_mut_back) ← - core.array.Array.index_mut U32 (core.ops.range.Range Usize) 4#usize - (core.ops.index.IndexMutSliceTIInst U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) - (Array.make U32 4#usize [ 0#u32, 0#u32, 0#u32, 0#u32 ]) - { start := 1#usize, end_ := 3#usize } - let s1 ← update_mut_slice s - let _ ← index_mut_back s1 - Result.ret () - -/- [array::deref_array_borrow]: - Source: 'src/array.rs', lines 214:0-214:46 -/ -def deref_array_borrow (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::deref_array_mut_borrow]: - Source: 'src/array.rs', lines 219:0-219:54 -/ -def deref_array_mut_borrow - (x : Array U32 2#usize) : Result (U32 × (Array U32 2#usize)) := - do - let i ← Array.index_usize U32 2#usize x 0#usize - Result.ret (i, x) - -/- [array::take_array_t]: - Source: 'src/array.rs', lines 227:0-227:31 -/ -def take_array_t (a : Array AB 2#usize) : Result Unit := - Result.ret () - -/- [array::non_copyable_array]: - Source: 'src/array.rs', lines 229:0-229:27 -/ -def non_copyable_array : Result Unit := - do - let _ ← take_array_t (Array.make AB 2#usize [ AB.A, AB.B ]) - Result.ret () - -/- [array::sum]: loop 0: - Source: 'src/array.rs', lines 242:0-250:1 -/ -divergent def sum_loop (s : Slice U32) (sum1 : U32) (i : Usize) : Result U32 := - let i1 := Slice.len U32 s - if i < i1 - then - do - let i2 ← Slice.index_usize U32 s i - let sum3 ← sum1 + i2 - let i3 ← i + 1#usize - sum_loop s sum3 i3 - else Result.ret sum1 - -/- [array::sum]: - Source: 'src/array.rs', lines 242:0-242:28 -/ -def sum (s : Slice U32) : Result U32 := - sum_loop s 0#u32 0#usize - -/- [array::sum2]: loop 0: - Source: 'src/array.rs', lines 252:0-261:1 -/ -divergent def sum2_loop - (s : Slice U32) (s2 : Slice U32) (sum1 : U32) (i : Usize) : Result U32 := - let i1 := Slice.len U32 s - if i < i1 - then - do - let i2 ← Slice.index_usize U32 s i - let i3 ← Slice.index_usize U32 s2 i - let i4 ← i2 + i3 - let sum3 ← sum1 + i4 - let i5 ← i + 1#usize - sum2_loop s s2 sum3 i5 - else Result.ret sum1 - -/- [array::sum2]: - Source: 'src/array.rs', lines 252:0-252:41 -/ -def sum2 (s : Slice U32) (s2 : Slice U32) : Result U32 := - let i := Slice.len U32 s - let i1 := Slice.len U32 s2 - if not (i = i1) - then Result.fail .panic - else sum2_loop s s2 0#u32 0#usize - -/- [array::f0]: - Source: 'src/array.rs', lines 263:0-263:11 -/ -def f0 : Result Unit := - do - let (s, to_slice_mut_back) ← - Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - let (_, index_mut_back) ← Slice.index_mut_usize U32 s 0#usize - let s1 ← index_mut_back 1#u32 - let _ ← to_slice_mut_back s1 - Result.ret () - -/- [array::f1]: - Source: 'src/array.rs', lines 268:0-268:11 -/ -def f1 : Result Unit := - do - let (_, index_mut_back) ← - Array.index_mut_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - 0#usize - let _ ← index_mut_back 1#u32 - Result.ret () - -/- [array::f2]: - Source: 'src/array.rs', lines 273:0-273:17 -/ -def f2 (i : U32) : Result Unit := - Result.ret () - -/- [array::f4]: - Source: 'src/array.rs', lines 282:0-282:54 -/ -def f4 (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := - core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize - (core.ops.index.IndexSliceTIInst U32 (core.ops.range.Range Usize) - (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x - { start := y, end_ := z } - -/- [array::f3]: - Source: 'src/array.rs', lines 275:0-275:18 -/ -def f3 : Result U32 := - do - let i ← - Array.index_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - 0#usize - let _ ← f2 i - let b := Array.repeat U32 32#usize 0#u32 - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - let s1 ← f4 b 16#usize 18#usize - sum2 s s1 - -/- [array::SZ] - Source: 'src/array.rs', lines 286:0-286:19 -/ -def sz_body : Result Usize := Result.ret 32#usize -def sz_c : Usize := eval_global sz_body (by decide) - -/- [array::f5]: - Source: 'src/array.rs', lines 289:0-289:31 -/ -def f5 (x : Array U32 32#usize) : Result U32 := - Array.index_usize U32 32#usize x 0#usize - -/- [array::ite]: - Source: 'src/array.rs', lines 294:0-294:12 -/ -def ite : Result Unit := - do - let (s, to_slice_mut_back) ← - Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let (_, s1) ← index_mut_slice_u32_0 s - let (s2, to_slice_mut_back1) ← - Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let (_, s3) ← index_mut_slice_u32_0 s2 - let _ ← to_slice_mut_back1 s3 - let _ ← to_slice_mut_back s1 - Result.ret () - -end array diff --git a/tests/lean/Array/Funs.lean b/tests/lean/Array/Funs.lean deleted file mode 100644 index 32ae6248..00000000 --- a/tests/lean/Array/Funs.lean +++ /dev/null @@ -1,431 +0,0 @@ --- THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS --- [array]: function definitions -import Base -import Array.Types -open Primitives - -namespace array - -/- [array::incr]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) -/ -def incr (x : U32) : Result U32 := - x + 1#u32 - -/- [array::array_to_shared_slice_]: forward function -/ -def array_to_shared_slice_ - (T : Type) (s : Array T 32#usize) : Result (Slice T) := - Array.to_slice T 32#usize s - -/- [array::array_to_mut_slice_]: forward function -/ -def array_to_mut_slice_ (T : Type) (s : Array T 32#usize) : Result (Slice T) := - Array.to_slice T 32#usize s - -/- [array::array_to_mut_slice_]: backward function 0 -/ -def array_to_mut_slice__back - (T : Type) (s : Array T 32#usize) (ret0 : Slice T) : - Result (Array T 32#usize) - := - Array.from_slice T 32#usize s ret0 - -/- [array::array_len]: forward function -/ -def array_len (T : Type) (s : Array T 32#usize) : Result Usize := - do - let s0 ← Array.to_slice T 32#usize s - let i := Slice.len T s0 - Result.ret i - -/- [array::shared_array_len]: forward function -/ -def shared_array_len (T : Type) (s : Array T 32#usize) : Result Usize := - do - let s0 ← Array.to_slice T 32#usize s - let i := Slice.len T s0 - Result.ret i - -/- [array::shared_slice_len]: forward function -/ -def shared_slice_len (T : Type) (s : Slice T) : Result Usize := - let i := Slice.len T s - Result.ret i - -/- [array::index_array_shared]: forward function -/ -def index_array_shared - (T : Type) (s : Array T 32#usize) (i : Usize) : Result T := - Array.index_usize T 32#usize s i - -/- [array::index_array_u32]: forward function -/ -def index_array_u32 (s : Array U32 32#usize) (i : Usize) : Result U32 := - Array.index_usize U32 32#usize s i - -/- [array::index_array_copy]: forward function -/ -def index_array_copy (x : Array U32 32#usize) : Result U32 := - Array.index_usize U32 32#usize x 0#usize - -/- [array::index_mut_array]: forward function -/ -def index_mut_array (T : Type) (s : Array T 32#usize) (i : Usize) : Result T := - Array.index_usize T 32#usize s i - -/- [array::index_mut_array]: backward function 0 -/ -def index_mut_array_back - (T : Type) (s : Array T 32#usize) (i : Usize) (ret0 : T) : - Result (Array T 32#usize) - := - Array.update_usize T 32#usize s i ret0 - -/- [array::index_slice]: forward function -/ -def index_slice (T : Type) (s : Slice T) (i : Usize) : Result T := - Slice.index_usize T s i - -/- [array::index_mut_slice]: forward function -/ -def index_mut_slice (T : Type) (s : Slice T) (i : Usize) : Result T := - Slice.index_usize T s i - -/- [array::index_mut_slice]: backward function 0 -/ -def index_mut_slice_back - (T : Type) (s : Slice T) (i : Usize) (ret0 : T) : Result (Slice T) := - Slice.update_usize T s i ret0 - -/- [array::slice_subslice_shared_]: forward function -/ -def slice_subslice_shared_ - (x : Slice U32) (y : Usize) (z : Usize) : Result (Slice U32) := - core.slice.index.Slice.index U32 (core.ops.range.Range Usize) - (core.slice.index.Range.coresliceindexSliceIndexInst U32) x - { start := y, end_ := z } - -/- [array::slice_subslice_mut_]: forward function -/ -def slice_subslice_mut_ - (x : Slice U32) (y : Usize) (z : Usize) : Result (Slice U32) := - core.slice.index.Slice.index_mut U32 (core.ops.range.Range Usize) - (core.slice.index.Range.coresliceindexSliceIndexInst U32) x - { start := y, end_ := z } - -/- [array::slice_subslice_mut_]: backward function 0 -/ -def slice_subslice_mut__back - (x : Slice U32) (y : Usize) (z : Usize) (ret0 : Slice U32) : - Result (Slice U32) - := - core.slice.index.Slice.index_mut_back U32 (core.ops.range.Range Usize) - (core.slice.index.Range.coresliceindexSliceIndexInst U32) x - { start := y, end_ := z } ret0 - -/- [array::array_to_slice_shared_]: forward function -/ -def array_to_slice_shared_ (x : Array U32 32#usize) : Result (Slice U32) := - Array.to_slice U32 32#usize x - -/- [array::array_to_slice_mut_]: forward function -/ -def array_to_slice_mut_ (x : Array U32 32#usize) : Result (Slice U32) := - Array.to_slice U32 32#usize x - -/- [array::array_to_slice_mut_]: backward function 0 -/ -def array_to_slice_mut__back - (x : Array U32 32#usize) (ret0 : Slice U32) : Result (Array U32 32#usize) := - Array.from_slice U32 32#usize x ret0 - -/- [array::array_subslice_shared_]: forward function -/ -def array_subslice_shared_ - (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := - core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize - (core.slice.index.Slice.coreopsindexIndexInst U32 (core.ops.range.Range - Usize) (core.slice.index.Range.coresliceindexSliceIndexInst U32)) x - { start := y, end_ := z } - -/- [array::array_subslice_mut_]: forward function -/ -def array_subslice_mut_ - (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := - core.array.Array.index_mut U32 (core.ops.range.Range Usize) 32#usize - (core.slice.index.Slice.coreopsindexIndexMutInst U32 (core.ops.range.Range - Usize) (core.slice.index.Range.coresliceindexSliceIndexInst U32)) x - { start := y, end_ := z } - -/- [array::array_subslice_mut_]: backward function 0 -/ -def array_subslice_mut__back - (x : Array U32 32#usize) (y : Usize) (z : Usize) (ret0 : Slice U32) : - Result (Array U32 32#usize) - := - core.array.Array.index_mut_back U32 (core.ops.range.Range Usize) 32#usize - (core.slice.index.Slice.coreopsindexIndexMutInst U32 (core.ops.range.Range - Usize) (core.slice.index.Range.coresliceindexSliceIndexInst U32)) x - { start := y, end_ := z } ret0 - -/- [array::index_slice_0]: forward function -/ -def index_slice_0 (T : Type) (s : Slice T) : Result T := - Slice.index_usize T s 0#usize - -/- [array::index_array_0]: forward function -/ -def index_array_0 (T : Type) (s : Array T 32#usize) : Result T := - Array.index_usize T 32#usize s 0#usize - -/- [array::index_index_array]: forward function -/ -def index_index_array - (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : - Result U32 - := - do - let a ← Array.index_usize (Array U32 32#usize) 32#usize s i - Array.index_usize U32 32#usize a j - -/- [array::update_update_array]: forward function -/ -def update_update_array - (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : - Result Unit - := - do - let a ← Array.index_usize (Array U32 32#usize) 32#usize s i - let a0 ← Array.update_usize U32 32#usize a j 0#u32 - let _ ← Array.update_usize (Array U32 32#usize) 32#usize s i a0 - Result.ret () - -/- [array::array_local_deep_copy]: forward function -/ -def array_local_deep_copy (x : Array U32 32#usize) : Result Unit := - Result.ret () - -/- [array::take_array]: forward function -/ -def take_array (a : Array U32 2#usize) : Result Unit := - Result.ret () - -/- [array::take_array_borrow]: forward function -/ -def take_array_borrow (a : Array U32 2#usize) : Result Unit := - Result.ret () - -/- [array::take_slice]: forward function -/ -def take_slice (s : Slice U32) : Result Unit := - Result.ret () - -/- [array::take_mut_slice]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) -/ -def take_mut_slice (s : Slice U32) : Result (Slice U32) := - Result.ret s - -/- [array::take_all]: forward function -/ -def take_all : Result Unit := - do - let _ ← take_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← take_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let _ ← take_slice s - let s0 ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s1 ← take_mut_slice s0 - let _ ← - Array.from_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) s1 - Result.ret () - -/- [array::index_array]: forward function -/ -def index_array (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::index_array_borrow]: forward function -/ -def index_array_borrow (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::index_slice_u32_0]: forward function -/ -def index_slice_u32_0 (x : Slice U32) : Result U32 := - Slice.index_usize U32 x 0#usize - -/- [array::index_mut_slice_u32_0]: forward function -/ -def index_mut_slice_u32_0 (x : Slice U32) : Result U32 := - Slice.index_usize U32 x 0#usize - -/- [array::index_mut_slice_u32_0]: backward function 0 -/ -def index_mut_slice_u32_0_back (x : Slice U32) : Result (Slice U32) := - do - let _ ← Slice.index_usize U32 x 0#usize - Result.ret x - -/- [array::index_all]: forward function -/ -def index_all : Result U32 := - do - let i ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i0 ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i1 ← i + i0 - let i2 ← index_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i3 ← i1 + i2 - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i4 ← index_slice_u32_0 s - let i5 ← i3 + i4 - let s0 ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let i6 ← index_mut_slice_u32_0 s0 - let i7 ← i5 + i6 - let s1 ← index_mut_slice_u32_0_back s0 - let _ ← - Array.from_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) s1 - Result.ret i7 - -/- [array::update_array]: forward function -/ -def update_array (x : Array U32 2#usize) : Result Unit := - do - let _ ← Array.update_usize U32 2#usize x 0#usize 1#u32 - Result.ret () - -/- [array::update_array_mut_borrow]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) -/ -def update_array_mut_borrow - (x : Array U32 2#usize) : Result (Array U32 2#usize) := - Array.update_usize U32 2#usize x 0#usize 1#u32 - -/- [array::update_mut_slice]: merged forward/backward function - (there is a single backward function, and the forward function returns ()) -/ -def update_mut_slice (x : Slice U32) : Result (Slice U32) := - Slice.update_usize U32 x 0#usize 1#u32 - -/- [array::update_all]: forward function -/ -def update_all : Result Unit := - do - let _ ← update_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let x ← update_array_mut_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s ← Array.to_slice U32 2#usize x - let s0 ← update_mut_slice s - let _ ← Array.from_slice U32 2#usize x s0 - Result.ret () - -/- [array::range_all]: forward function -/ -def range_all : Result Unit := - do - let s ← - core.array.Array.index_mut U32 (core.ops.range.Range Usize) 4#usize - (core.slice.index.Slice.coreopsindexIndexMutInst U32 - (core.ops.range.Range Usize) - (core.slice.index.Range.coresliceindexSliceIndexInst U32)) - (Array.make U32 4#usize [ 0#u32, 0#u32, 0#u32, 0#u32 ]) - { start := 1#usize, end_ := 3#usize } - let s0 ← update_mut_slice s - let _ ← - core.array.Array.index_mut_back U32 (core.ops.range.Range Usize) 4#usize - (core.slice.index.Slice.coreopsindexIndexMutInst U32 - (core.ops.range.Range Usize) - (core.slice.index.Range.coresliceindexSliceIndexInst U32)) - (Array.make U32 4#usize [ 0#u32, 0#u32, 0#u32, 0#u32 ]) - { start := 1#usize, end_ := 3#usize } s0 - Result.ret () - -/- [array::deref_array_borrow]: forward function -/ -def deref_array_borrow (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::deref_array_mut_borrow]: forward function -/ -def deref_array_mut_borrow (x : Array U32 2#usize) : Result U32 := - Array.index_usize U32 2#usize x 0#usize - -/- [array::deref_array_mut_borrow]: backward function 0 -/ -def deref_array_mut_borrow_back - (x : Array U32 2#usize) : Result (Array U32 2#usize) := - do - let _ ← Array.index_usize U32 2#usize x 0#usize - Result.ret x - -/- [array::take_array_t]: forward function -/ -def take_array_t (a : Array AB 2#usize) : Result Unit := - Result.ret () - -/- [array::non_copyable_array]: forward function -/ -def non_copyable_array : Result Unit := - do - let _ ← take_array_t (Array.make AB 2#usize [ AB.A, AB.B ]) - Result.ret () - -/- [array::sum]: loop 0: forward function -/ -divergent def sum_loop (s : Slice U32) (sum0 : U32) (i : Usize) : Result U32 := - let i0 := Slice.len U32 s - if i < i0 - then - do - let i1 ← Slice.index_usize U32 s i - let sum1 ← sum0 + i1 - let i2 ← i + 1#usize - sum_loop s sum1 i2 - else Result.ret sum0 - -/- [array::sum]: forward function -/ -def sum (s : Slice U32) : Result U32 := - sum_loop s 0#u32 0#usize - -/- [array::sum2]: loop 0: forward function -/ -divergent def sum2_loop - (s : Slice U32) (s2 : Slice U32) (sum0 : U32) (i : Usize) : Result U32 := - let i0 := Slice.len U32 s - if i < i0 - then - do - let i1 ← Slice.index_usize U32 s i - let i2 ← Slice.index_usize U32 s2 i - let i3 ← i1 + i2 - let sum1 ← sum0 + i3 - let i4 ← i + 1#usize - sum2_loop s s2 sum1 i4 - else Result.ret sum0 - -/- [array::sum2]: forward function -/ -def sum2 (s : Slice U32) (s2 : Slice U32) : Result U32 := - let i := Slice.len U32 s - let i0 := Slice.len U32 s2 - if not (i = i0) - then Result.fail Error.panic - else sum2_loop s s2 0#u32 0#usize - -/- [array::f0]: forward function -/ -def f0 : Result Unit := - do - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - let s0 ← Slice.update_usize U32 s 0#usize 1#u32 - let _ ← - Array.from_slice U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) s0 - Result.ret () - -/- [array::f1]: forward function -/ -def f1 : Result Unit := - do - let _ ← - Array.update_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - 0#usize 1#u32 - Result.ret () - -/- [array::f2]: forward function -/ -def f2 (i : U32) : Result Unit := - Result.ret () - -/- [array::f4]: forward function -/ -def f4 (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := - core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize - (core.slice.index.Slice.coreopsindexIndexInst U32 (core.ops.range.Range - Usize) (core.slice.index.Range.coresliceindexSliceIndexInst U32)) x - { start := y, end_ := z } - -/- [array::f3]: forward function -/ -def f3 : Result U32 := - do - let i ← - Array.index_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - 0#usize - let _ ← f2 i - let b := Array.repeat U32 32#usize 0#u32 - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) - let s0 ← f4 b 16#usize 18#usize - sum2 s s0 - -/- [array::SZ] -/ -def sz_body : Result Usize := Result.ret 32#usize -def sz_c : Usize := eval_global sz_body (by simp) - -/- [array::f5]: forward function -/ -def f5 (x : Array U32 32#usize) : Result U32 := - Array.index_usize U32 32#usize x 0#usize - -/- [array::ite]: forward function -/ -def ite : Result Unit := - do - let s ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s0 ← - Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) - let s1 ← index_mut_slice_u32_0_back s0 - let _ ← - Array.from_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) s1 - let s2 ← index_mut_slice_u32_0_back s - let _ ← - Array.from_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) s2 - Result.ret () - -end array diff --git a/tests/lean/Array/Types.lean b/tests/lean/Array/Types.lean deleted file mode 100644 index 60fa81ab..00000000 --- a/tests/lean/Array/Types.lean +++ /dev/null @@ -1,13 +0,0 @@ --- THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS --- [array]: type definitions -import Base -open Primitives - -namespace array - -/- [array::AB] -/ -inductive AB := -| A : AB -| B : AB - -end array diff --git a/tests/lean/Arrays.lean b/tests/lean/Arrays.lean new file mode 100644 index 00000000..5158ca28 --- /dev/null +++ b/tests/lean/Arrays.lean @@ -0,0 +1,476 @@ +-- THIS FILE WAS AUTOMATICALLY GENERATED BY AENEAS +-- [arrays] +import Base +open Primitives + +namespace arrays + +/- [arrays::AB] + Source: 'src/arrays.rs', lines 3:0-3:11 -/ +inductive AB := +| A : AB +| B : AB + +/- [arrays::incr]: + Source: 'src/arrays.rs', lines 8:0-8:24 -/ +def incr (x : U32) : Result U32 := + x + 1#u32 + +/- [arrays::array_to_shared_slice_]: + Source: 'src/arrays.rs', lines 16:0-16:53 -/ +def array_to_shared_slice_ + (T : Type) (s : Array T 32#usize) : Result (Slice T) := + Array.to_slice T 32#usize s + +/- [arrays::array_to_mut_slice_]: + Source: 'src/arrays.rs', lines 21:0-21:58 -/ +def array_to_mut_slice_ + (T : Type) (s : Array T 32#usize) : + Result ((Slice T) × (Slice T → Result (Array T 32#usize))) + := + do + let (s1, to_slice_mut_back) ← Array.to_slice_mut T 32#usize s + Result.ret (s1, to_slice_mut_back) + +/- [arrays::array_len]: + Source: 'src/arrays.rs', lines 25:0-25:40 -/ +def array_len (T : Type) (s : Array T 32#usize) : Result Usize := + do + let s1 ← Array.to_slice T 32#usize s + let i := Slice.len T s1 + Result.ret i + +/- [arrays::shared_array_len]: + Source: 'src/arrays.rs', lines 29:0-29:48 -/ +def shared_array_len (T : Type) (s : Array T 32#usize) : Result Usize := + do + let s1 ← Array.to_slice T 32#usize s + let i := Slice.len T s1 + Result.ret i + +/- [arrays::shared_slice_len]: + Source: 'src/arrays.rs', lines 33:0-33:44 -/ +def shared_slice_len (T : Type) (s : Slice T) : Result Usize := + let i := Slice.len T s + Result.ret i + +/- [arrays::index_array_shared]: + Source: 'src/arrays.rs', lines 37:0-37:57 -/ +def index_array_shared + (T : Type) (s : Array T 32#usize) (i : Usize) : Result T := + Array.index_usize T 32#usize s i + +/- [arrays::index_array_u32]: + Source: 'src/arrays.rs', lines 44:0-44:53 -/ +def index_array_u32 (s : Array U32 32#usize) (i : Usize) : Result U32 := + Array.index_usize U32 32#usize s i + +/- [arrays::index_array_copy]: + Source: 'src/arrays.rs', lines 48:0-48:45 -/ +def index_array_copy (x : Array U32 32#usize) : Result U32 := + Array.index_usize U32 32#usize x 0#usize + +/- [arrays::index_mut_array]: + Source: 'src/arrays.rs', lines 52:0-52:62 -/ +def index_mut_array + (T : Type) (s : Array T 32#usize) (i : Usize) : + Result (T × (T → Result (Array T 32#usize))) + := + do + let (t, index_mut_back) ← Array.index_mut_usize T 32#usize s i + Result.ret (t, index_mut_back) + +/- [arrays::index_slice]: + Source: 'src/arrays.rs', lines 56:0-56:46 -/ +def index_slice (T : Type) (s : Slice T) (i : Usize) : Result T := + Slice.index_usize T s i + +/- [arrays::index_mut_slice]: + Source: 'src/arrays.rs', lines 60:0-60:58 -/ +def index_mut_slice + (T : Type) (s : Slice T) (i : Usize) : + Result (T × (T → Result (Slice T))) + := + do + let (t, index_mut_back) ← Slice.index_mut_usize T s i + Result.ret (t, index_mut_back) + +/- [arrays::slice_subslice_shared_]: + Source: 'src/arrays.rs', lines 64:0-64:70 -/ +def slice_subslice_shared_ + (x : Slice U32) (y : Usize) (z : Usize) : Result (Slice U32) := + core.slice.index.Slice.index U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32) x + { start := y, end_ := z } + +/- [arrays::slice_subslice_mut_]: + Source: 'src/arrays.rs', lines 68:0-68:75 -/ +def slice_subslice_mut_ + (x : Slice U32) (y : Usize) (z : Usize) : + Result ((Slice U32) × (Slice U32 → Result (Slice U32))) + := + do + let (s, index_mut_back) ← + core.slice.index.Slice.index_mut U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32) x + { start := y, end_ := z } + Result.ret (s, index_mut_back) + +/- [arrays::array_to_slice_shared_]: + Source: 'src/arrays.rs', lines 72:0-72:54 -/ +def array_to_slice_shared_ (x : Array U32 32#usize) : Result (Slice U32) := + Array.to_slice U32 32#usize x + +/- [arrays::array_to_slice_mut_]: + Source: 'src/arrays.rs', lines 76:0-76:59 -/ +def array_to_slice_mut_ + (x : Array U32 32#usize) : + Result ((Slice U32) × (Slice U32 → Result (Array U32 32#usize))) + := + do + let (s, to_slice_mut_back) ← Array.to_slice_mut U32 32#usize x + Result.ret (s, to_slice_mut_back) + +/- [arrays::array_subslice_shared_]: + Source: 'src/arrays.rs', lines 80:0-80:74 -/ +def array_subslice_shared_ + (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := + core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize + (core.ops.index.IndexSliceTIInst U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x + { start := y, end_ := z } + +/- [arrays::array_subslice_mut_]: + Source: 'src/arrays.rs', lines 84:0-84:79 -/ +def array_subslice_mut_ + (x : Array U32 32#usize) (y : Usize) (z : Usize) : + Result ((Slice U32) × (Slice U32 → Result (Array U32 32#usize))) + := + do + let (s, index_mut_back) ← + core.array.Array.index_mut U32 (core.ops.range.Range Usize) 32#usize + (core.ops.index.IndexMutSliceTIInst U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x + { start := y, end_ := z } + Result.ret (s, index_mut_back) + +/- [arrays::index_slice_0]: + Source: 'src/arrays.rs', lines 88:0-88:38 -/ +def index_slice_0 (T : Type) (s : Slice T) : Result T := + Slice.index_usize T s 0#usize + +/- [arrays::index_array_0]: + Source: 'src/arrays.rs', lines 92:0-92:42 -/ +def index_array_0 (T : Type) (s : Array T 32#usize) : Result T := + Array.index_usize T 32#usize s 0#usize + +/- [arrays::index_index_array]: + Source: 'src/arrays.rs', lines 103:0-103:71 -/ +def index_index_array + (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : + Result U32 + := + do + let a ← Array.index_usize (Array U32 32#usize) 32#usize s i + Array.index_usize U32 32#usize a j + +/- [arrays::update_update_array]: + Source: 'src/arrays.rs', lines 114:0-114:70 -/ +def update_update_array + (s : Array (Array U32 32#usize) 32#usize) (i : Usize) (j : Usize) : + Result Unit + := + do + let (a, index_mut_back) ← + Array.index_mut_usize (Array U32 32#usize) 32#usize s i + let (_, index_mut_back1) ← Array.index_mut_usize U32 32#usize a j + let a1 ← index_mut_back1 0#u32 + let _ ← index_mut_back a1 + Result.ret () + +/- [arrays::array_local_deep_copy]: + Source: 'src/arrays.rs', lines 118:0-118:43 -/ +def array_local_deep_copy (x : Array U32 32#usize) : Result Unit := + Result.ret () + +/- [arrays::take_array]: + Source: 'src/arrays.rs', lines 122:0-122:30 -/ +def take_array (a : Array U32 2#usize) : Result Unit := + Result.ret () + +/- [arrays::take_array_borrow]: + Source: 'src/arrays.rs', lines 123:0-123:38 -/ +def take_array_borrow (a : Array U32 2#usize) : Result Unit := + Result.ret () + +/- [arrays::take_slice]: + Source: 'src/arrays.rs', lines 124:0-124:28 -/ +def take_slice (s : Slice U32) : Result Unit := + Result.ret () + +/- [arrays::take_mut_slice]: + Source: 'src/arrays.rs', lines 125:0-125:36 -/ +def take_mut_slice (s : Slice U32) : Result (Slice U32) := + Result.ret s + +/- [arrays::const_array]: + Source: 'src/arrays.rs', lines 127:0-127:32 -/ +def const_array : Result (Array U32 2#usize) := + Result.ret (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + +/- [arrays::const_slice]: + Source: 'src/arrays.rs', lines 131:0-131:20 -/ +def const_slice : Result Unit := + do + let _ ← + Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + Result.ret () + +/- [arrays::take_all]: + Source: 'src/arrays.rs', lines 141:0-141:17 -/ +def take_all : Result Unit := + do + let _ ← take_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let _ ← take_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let _ ← take_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let s ← + Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let _ ← take_slice s + let (s1, to_slice_mut_back) ← + Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let s2 ← take_mut_slice s1 + let _ ← to_slice_mut_back s2 + Result.ret () + +/- [arrays::index_array]: + Source: 'src/arrays.rs', lines 155:0-155:38 -/ +def index_array (x : Array U32 2#usize) : Result U32 := + Array.index_usize U32 2#usize x 0#usize + +/- [arrays::index_array_borrow]: + Source: 'src/arrays.rs', lines 158:0-158:46 -/ +def index_array_borrow (x : Array U32 2#usize) : Result U32 := + Array.index_usize U32 2#usize x 0#usize + +/- [arrays::index_slice_u32_0]: + Source: 'src/arrays.rs', lines 162:0-162:42 -/ +def index_slice_u32_0 (x : Slice U32) : Result U32 := + Slice.index_usize U32 x 0#usize + +/- [arrays::index_mut_slice_u32_0]: + Source: 'src/arrays.rs', lines 166:0-166:50 -/ +def index_mut_slice_u32_0 (x : Slice U32) : Result (U32 × (Slice U32)) := + do + let i ← Slice.index_usize U32 x 0#usize + Result.ret (i, x) + +/- [arrays::index_all]: + Source: 'src/arrays.rs', lines 170:0-170:25 -/ +def index_all : Result U32 := + do + let i ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let i1 ← index_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let i2 ← i + i1 + let i3 ← index_array_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let i4 ← i2 + i3 + let s ← + Array.to_slice U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let i5 ← index_slice_u32_0 s + let i6 ← i4 + i5 + let (s1, to_slice_mut_back) ← + Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let (i7, s2) ← index_mut_slice_u32_0 s1 + let i8 ← i6 + i7 + let _ ← to_slice_mut_back s2 + Result.ret i8 + +/- [arrays::update_array]: + Source: 'src/arrays.rs', lines 184:0-184:36 -/ +def update_array (x : Array U32 2#usize) : Result Unit := + do + let (_, index_mut_back) ← Array.index_mut_usize U32 2#usize x 0#usize + let _ ← index_mut_back 1#u32 + Result.ret () + +/- [arrays::update_array_mut_borrow]: + Source: 'src/arrays.rs', lines 187:0-187:48 -/ +def update_array_mut_borrow + (x : Array U32 2#usize) : Result (Array U32 2#usize) := + do + let (_, index_mut_back) ← Array.index_mut_usize U32 2#usize x 0#usize + index_mut_back 1#u32 + +/- [arrays::update_mut_slice]: + Source: 'src/arrays.rs', lines 190:0-190:38 -/ +def update_mut_slice (x : Slice U32) : Result (Slice U32) := + do + let (_, index_mut_back) ← Slice.index_mut_usize U32 x 0#usize + index_mut_back 1#u32 + +/- [arrays::update_all]: + Source: 'src/arrays.rs', lines 194:0-194:19 -/ +def update_all : Result Unit := + do + let _ ← update_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let _ ← update_array (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let a ← update_array_mut_borrow (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let (s, to_slice_mut_back) ← Array.to_slice_mut U32 2#usize a + let s1 ← update_mut_slice s + let _ ← to_slice_mut_back s1 + Result.ret () + +/- [arrays::range_all]: + Source: 'src/arrays.rs', lines 205:0-205:18 -/ +def range_all : Result Unit := + do + let (s, index_mut_back) ← + core.array.Array.index_mut U32 (core.ops.range.Range Usize) 4#usize + (core.ops.index.IndexMutSliceTIInst U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) + (Array.make U32 4#usize [ 0#u32, 0#u32, 0#u32, 0#u32 ]) + { start := 1#usize, end_ := 3#usize } + let s1 ← update_mut_slice s + let _ ← index_mut_back s1 + Result.ret () + +/- [arrays::deref_array_borrow]: + Source: 'src/arrays.rs', lines 214:0-214:46 -/ +def deref_array_borrow (x : Array U32 2#usize) : Result U32 := + Array.index_usize U32 2#usize x 0#usize + +/- [arrays::deref_array_mut_borrow]: + Source: 'src/arrays.rs', lines 219:0-219:54 -/ +def deref_array_mut_borrow + (x : Array U32 2#usize) : Result (U32 × (Array U32 2#usize)) := + do + let i ← Array.index_usize U32 2#usize x 0#usize + Result.ret (i, x) + +/- [arrays::take_array_t]: + Source: 'src/arrays.rs', lines 227:0-227:31 -/ +def take_array_t (a : Array AB 2#usize) : Result Unit := + Result.ret () + +/- [arrays::non_copyable_array]: + Source: 'src/arrays.rs', lines 229:0-229:27 -/ +def non_copyable_array : Result Unit := + do + let _ ← take_array_t (Array.make AB 2#usize [ AB.A, AB.B ]) + Result.ret () + +/- [arrays::sum]: loop 0: + Source: 'src/arrays.rs', lines 242:0-250:1 -/ +divergent def sum_loop (s : Slice U32) (sum1 : U32) (i : Usize) : Result U32 := + let i1 := Slice.len U32 s + if i < i1 + then + do + let i2 ← Slice.index_usize U32 s i + let sum3 ← sum1 + i2 + let i3 ← i + 1#usize + sum_loop s sum3 i3 + else Result.ret sum1 + +/- [arrays::sum]: + Source: 'src/arrays.rs', lines 242:0-242:28 -/ +def sum (s : Slice U32) : Result U32 := + sum_loop s 0#u32 0#usize + +/- [arrays::sum2]: loop 0: + Source: 'src/arrays.rs', lines 252:0-261:1 -/ +divergent def sum2_loop + (s : Slice U32) (s2 : Slice U32) (sum1 : U32) (i : Usize) : Result U32 := + let i1 := Slice.len U32 s + if i < i1 + then + do + let i2 ← Slice.index_usize U32 s i + let i3 ← Slice.index_usize U32 s2 i + let i4 ← i2 + i3 + let sum3 ← sum1 + i4 + let i5 ← i + 1#usize + sum2_loop s s2 sum3 i5 + else Result.ret sum1 + +/- [arrays::sum2]: + Source: 'src/arrays.rs', lines 252:0-252:41 -/ +def sum2 (s : Slice U32) (s2 : Slice U32) : Result U32 := + let i := Slice.len U32 s + let i1 := Slice.len U32 s2 + if not (i = i1) + then Result.fail .panic + else sum2_loop s s2 0#u32 0#usize + +/- [arrays::f0]: + Source: 'src/arrays.rs', lines 263:0-263:11 -/ +def f0 : Result Unit := + do + let (s, to_slice_mut_back) ← + Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) + let (_, index_mut_back) ← Slice.index_mut_usize U32 s 0#usize + let s1 ← index_mut_back 1#u32 + let _ ← to_slice_mut_back s1 + Result.ret () + +/- [arrays::f1]: + Source: 'src/arrays.rs', lines 268:0-268:11 -/ +def f1 : Result Unit := + do + let (_, index_mut_back) ← + Array.index_mut_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) + 0#usize + let _ ← index_mut_back 1#u32 + Result.ret () + +/- [arrays::f2]: + Source: 'src/arrays.rs', lines 273:0-273:17 -/ +def f2 (i : U32) : Result Unit := + Result.ret () + +/- [arrays::f4]: + Source: 'src/arrays.rs', lines 282:0-282:54 -/ +def f4 (x : Array U32 32#usize) (y : Usize) (z : Usize) : Result (Slice U32) := + core.array.Array.index U32 (core.ops.range.Range Usize) 32#usize + (core.ops.index.IndexSliceTIInst U32 (core.ops.range.Range Usize) + (core.slice.index.SliceIndexRangeUsizeSliceTInst U32)) x + { start := y, end_ := z } + +/- [arrays::f3]: + Source: 'src/arrays.rs', lines 275:0-275:18 -/ +def f3 : Result U32 := + do + let i ← + Array.index_usize U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) + 0#usize + let _ ← f2 i + let b := Array.repeat U32 32#usize 0#u32 + let s ← + Array.to_slice U32 2#usize (Array.make U32 2#usize [ 1#u32, 2#u32 ]) + let s1 ← f4 b 16#usize 18#usize + sum2 s s1 + +/- [arrays::SZ] + Source: 'src/arrays.rs', lines 286:0-286:19 -/ +def sz_body : Result Usize := Result.ret 32#usize +def sz_c : Usize := eval_global sz_body (by decide) + +/- [arrays::f5]: + Source: 'src/arrays.rs', lines 289:0-289:31 -/ +def f5 (x : Array U32 32#usize) : Result U32 := + Array.index_usize U32 32#usize x 0#usize + +/- [arrays::ite]: + Source: 'src/arrays.rs', lines 294:0-294:12 -/ +def ite : Result Unit := + do + let (s, to_slice_mut_back) ← + Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let (_, s1) ← index_mut_slice_u32_0 s + let (s2, to_slice_mut_back1) ← + Array.to_slice_mut U32 2#usize (Array.make U32 2#usize [ 0#u32, 0#u32 ]) + let (_, s3) ← index_mut_slice_u32_0 s2 + let _ ← to_slice_mut_back1 s3 + let _ ← to_slice_mut_back s1 + Result.ret () + +end arrays diff --git a/tests/lean/lakefile.lean b/tests/lean/lakefile.lean index 502d8098..781fc8b8 100644 --- a/tests/lean/lakefile.lean +++ b/tests/lean/lakefile.lean @@ -6,9 +6,8 @@ require mathlib from git require base from "../../backends/lean" -package «Tests» {} +package «tests» {} -@[default_target] lean_lib array @[default_target] lean_lib Tutorial @[default_target] lean_lib BetreeMain @[default_target] lean_lib Constants @@ -19,4 +18,5 @@ package «Tests» {} @[default_target] lean_lib NoNestedBorrows @[default_target] lean_lib Paper @[default_target] lean_lib PoloniusList +@[default_target] lean_lib Arrays @[default_target] lean_lib Traits -- cgit v1.2.3 From 53aad0bc77a5c3aac5482030f6b5e3dcff1f9f65 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 23:34:10 +0100 Subject: Update the .gitignore files --- backends/lean/.gitignore | 3 ++- tests/lean/.gitignore | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/backends/lean/.gitignore b/backends/lean/.gitignore index 6aef0860..50d5c125 100644 --- a/backends/lean/.gitignore +++ b/backends/lean/.gitignore @@ -1,2 +1,3 @@ lake-packages/ -build/ \ No newline at end of file +build/ +.lake \ No newline at end of file diff --git a/tests/lean/.gitignore b/tests/lean/.gitignore index 4d1c5853..071df2d0 100644 --- a/tests/lean/.gitignore +++ b/tests/lean/.gitignore @@ -1,2 +1,3 @@ lake-packages -build \ No newline at end of file +build +.lake \ No newline at end of file -- cgit v1.2.3 From 3157013edd4d0e70a5c6fb8a5b236043865adbe0 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Fri, 2 Feb 2024 23:36:34 +0100 Subject: Update the flake.lock --- flake.lock | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/flake.lock b/flake.lock index 2442f6ae..f600cf10 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1706179002, - "narHash": "sha256-sVAG73/MMnGOFdjUvEyEt3BD2gC6H1VhIQBX3VB7H6A=", + "lastModified": 1706913319, + "narHash": "sha256-ardrxwhlhzWKpc96Pz2UoJTDOFnk3IpjFxoSRyd/cew=", "owner": "aeneasverif", "repo": "charon", - "rev": "9a4ac0c8c88c6778da31177f69b0f93bac66a88b", + "rev": "9aedfc390e7418346afdbb66e1d3c14134be6ddb", "type": "github" }, "original": { @@ -131,11 +131,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1706129113, - "narHash": "sha256-7YW9RkxDfVQFej2Lw4equuAFb5lEWwsNxW/G+fft768=", + "lastModified": 1706647851, + "narHash": "sha256-tJgVMcCOEqdrgNUHjHgdc3+Spf3vri5Y3Y6noG1mZgo=", "owner": "fstarlang", "repo": "fstar", - "rev": "1be61a27b7413c4e35c1f9affcc6979e8c9a43d6", + "rev": "a48e0aa9935c2a22ea540f9f2734c5f847d96361", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1705864452, - "narHash": "sha256-vjW9bxQ8gm5c0b316NOfjqXaWDLGDCGCnXd6HcvIV+k=", + "lastModified": 1706637944, + "narHash": "sha256-Cf3kGqFEsOy5Y+2shxN7BC6ADcmWdqs6XZhPdT8sCZI=", "owner": "hacl-star", "repo": "hacl-star", - "rev": "73e719274a8372122994919ae2722a3b1be2bb32", + "rev": "513e026e7096639ee99f0c546c99e2f72f86fd6a", "type": "github" }, "original": { @@ -194,11 +194,11 @@ ] }, "locked": { - "lastModified": 1706145524, - "narHash": "sha256-gVS1+zqmQa2ghxbPgHG98QmpTqvTB9JM7G9pbe2rLbM=", + "lastModified": 1706663512, + "narHash": "sha256-37cicQ3mF8PsZe6Lh48o8n+n6vH53Dn7Vap0HOrIBqc=", "owner": "hacl-star", "repo": "hacl-nix", - "rev": "757aa30e65f111714797d8ba37b38cc0f03aa6b2", + "rev": "94fafa6c4fdc4769abbf5f24f170e429e11484bd", "type": "github" }, "original": { @@ -265,11 +265,11 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1706176580, - "narHash": "sha256-GPvacgrLp/LGt1YU8P40dNnJBCMs376kB7SZAo6MV88=", + "lastModified": 1706830172, + "narHash": "sha256-QpLi87ZpYxjvyiCaOpE9bTvLEbOShYtpcSa72s/VO4M=", "owner": "leanprover", "repo": "lean4", - "rev": "1f4359cc80d9942d6ee651017cc17dcd62da6595", + "rev": "43bbedca46f890e2d2b29d92f71b1e7b76aa0e93", "type": "github" }, "original": { @@ -318,11 +318,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1706176580, - "narHash": "sha256-GPvacgrLp/LGt1YU8P40dNnJBCMs376kB7SZAo6MV88=", + "lastModified": 1706830172, + "narHash": "sha256-QpLi87ZpYxjvyiCaOpE9bTvLEbOShYtpcSa72s/VO4M=", "owner": "leanprover", "repo": "lean4", - "rev": "1f4359cc80d9942d6ee651017cc17dcd62da6595", + "rev": "43bbedca46f890e2d2b29d92f71b1e7b76aa0e93", "type": "github" }, "original": { -- cgit v1.2.3 From 9cc912e2414870df85ffc4dd346ade5dba2b5c37 Mon Sep 17 00:00:00 2001 From: Son Ho Date: Sat, 3 Feb 2024 00:00:36 +0100 Subject: Fix minor issues --- tests/fstar-split/arrays/Arrays.Clauses.fst | 10 +++++----- tests/fstar/arrays/Arrays.Clauses.fst | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/fstar-split/arrays/Arrays.Clauses.fst b/tests/fstar-split/arrays/Arrays.Clauses.fst index 68cbf216..aca328c2 100644 --- a/tests/fstar-split/arrays/Arrays.Clauses.fst +++ b/tests/fstar-split/arrays/Arrays.Clauses.fst @@ -1,17 +1,17 @@ -(** [array]: decreases clauses *) -module Array.Clauses +(** [arrays]: decreases clauses *) +module Arrays.Clauses open Primitives -open Array.Types +open Arrays.Types open FStar.List.Tot #set-options "--z3rlimit 50 --fuel 1 --ifuel 1" -(** [array::sum]: decreases clause *) +(** [arrays::sum]: decreases clause *) unfold let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = if i < length s then length s - i else 0 -(** [array::sum2]: decreases clause *) +(** [arrays::sum2]: decreases clause *) unfold let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) (i : usize) : nat = diff --git a/tests/fstar/arrays/Arrays.Clauses.fst b/tests/fstar/arrays/Arrays.Clauses.fst index 68cbf216..aca328c2 100644 --- a/tests/fstar/arrays/Arrays.Clauses.fst +++ b/tests/fstar/arrays/Arrays.Clauses.fst @@ -1,17 +1,17 @@ -(** [array]: decreases clauses *) -module Array.Clauses +(** [arrays]: decreases clauses *) +module Arrays.Clauses open Primitives -open Array.Types +open Arrays.Types open FStar.List.Tot #set-options "--z3rlimit 50 --fuel 1 --ifuel 1" -(** [array::sum]: decreases clause *) +(** [arrays::sum]: decreases clause *) unfold let sum_loop_decreases (s : slice u32) (sum : u32) (i : usize) : nat = if i < length s then length s - i else 0 -(** [array::sum2]: decreases clause *) +(** [arrays::sum2]: decreases clause *) unfold let sum2_loop_decreases (s : slice u32) (s2 : slice u32) (sum : u32) (i : usize) : nat = -- cgit v1.2.3