From 6872bc7373cdd16a561ae5a4efe5c439c0b37f73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 11:56:18 +0200 Subject: [PATCH 1/9] Add mir_dump to .gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b8143f57..c57575f1 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ tests/2018/ *.bak /playground tests/probs +/mir_dump/ From 3281efe6d1a3cf60d28cff8f4d43d8d924303981 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 11:59:28 +0200 Subject: [PATCH 2/9] Update ide to account for Creusot/Why3 breakage --- ide | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ide b/ide index 8f7e2218..3b8cc6a8 100755 --- a/ide +++ b/ide @@ -1,4 +1,5 @@ +# TODO: Update this to work with the custom strategies again #!/bin/bash SCRIPTPATH=$(dirname "$BASH_SOURCE") -why3 --warn-off=unused_variable --warn-off=clone_not_abstract --warn-off=axiom_abstract ide --extra-config="$SCRIPTPATH/why3.conf" -L $SCRIPTPATH/prelude $@ +why3 ide -L $SCRIPTPATH/prelude $@ From e24eb8ce0240a9c0c9da723127ddb945e35f0475 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 12:01:50 +0200 Subject: [PATCH 3/9] Update rust-toolchain --- rust-toolchain | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rust-toolchain b/rust-toolchain index 82b664af..8ec00e1c 100644 --- a/rust-toolchain +++ b/rust-toolchain @@ -1,3 +1,3 @@ [toolchain] -channel = "nightly-2023-03-15" -components = [ "rustfmt", "rustc-dev", "llvm-tools-preview" ] +channel = "nightly-2024-01-31" +components = [ "rustfmt", "rustc-dev", "llvm-tools" ] From 662a5634ba6cf13b41137e5ee51a76878a86fab0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 12:02:20 +0200 Subject: [PATCH 4/9] Update prelude.mlw to most recent one from Creusot --- prelude/prelude.mlw | 43 +++++++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 16 deletions(-) diff --git a/prelude/prelude.mlw b/prelude/prelude.mlw index 5eb32878..d548b67b 100644 --- a/prelude/prelude.mlw +++ b/prelude/prelude.mlw @@ -1,12 +1,12 @@ (* Why3 Logical Types *) module Mapping - function from_fn (f : 'a -> 'b) : ('a -> 'b) = f - val from_fn (f : 'a -> 'b) : ('a -> 'b) - ensures { result = from_fn f } + let function from_fn (f : 'a -> 'b) : ('a -> 'b) = f end module Seq use export seq.Seq + + function to_owned (a : 'a) : 'a = a end module Int @@ -43,15 +43,25 @@ module Bool i = 1 end module Borrow - type borrowed 'a = { current : 'a ; final : 'a; } + type borrowed 'a = { current : 'a; final : 'a; id : int } let function ( *_ ) x = x.current let function ( ^_ ) x = x.final + let function get_id (x : borrowed 'a) = x.id + let function borrow_logic (cur fin : 'a) (id : int) = { current = cur; final = fin; id = id; } val borrow_mut (a : 'a) : borrowed 'a - ensures { *result = a } + ensures { *result = a } + val function inherit_id (old_id inherit_path: int) : int + val borrow_final (a: 'a) (id: int) : borrowed 'a + ensures { *result = a } + ensures { result.id = id } end -(* Signed Integer *) +module Real + + +end +(* Signed Integer *) module IntSize use export mach.int.Int64 type isize = int64 @@ -115,7 +125,6 @@ module Int128 end (* Unsigned Integers *) - module UIntSize use export mach.int.UInt64 type usize = uint64 @@ -179,11 +188,9 @@ module UInt128 end (* Floats *) - module Float32 use export ieee_float.Float32 end - module Float64 use export ieee_float.Float64 end @@ -206,11 +213,13 @@ module Char axiom chr_code: forall c. chr (code c) = c end -module Ghost - type ghost_ty 't = 't - val function new (ghost x : 't) : ghost_ty 't - ensures { result = x } - let function inner (x : ghost_ty 't) : 't = x + +module Snapshot + type snap_ty 't + val function new (Snapshot x : 't) : snap_ty 't + val function inner (x : snap_ty 't) : 't + axiom new_spec: forall x: 't [new x]. inner (new x) = x + axiom inner_spec: forall x: snap_ty 't [inner x]. new (inner x) = x end module Slice @@ -221,15 +230,17 @@ module Slice type slice 'a = { elts : seq 'a } invariant { Seq.length elts <= max_uint64 } + axiom slice_ext : + forall x y: slice 'a. x.elts = y.elts -> x = y type array 'a = slice 'a let create (len : uint64) (f : int -> 'a) : slice 'a = { elts = Seq.create (to_int len) f} - let length (s : slice 'a) : uint64 = of_int (Seq.length s.elts) + let function length (s : slice 'a) : uint64 = of_int (Seq.length s.elts) - let get (s : slice 'a) (ix : uint64) : 'a = + let function get (s : slice 'a) (ix : uint64) : 'a = requires { ix < Seq.length s.elts } Seq.get s.elts (to_int ix) From bb1958e6ed6e158e4600e81ceac97482dc7c0ab6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 12:05:25 +0200 Subject: [PATCH 5/9] Update Friday --- Cargo.lock | 99 +- Friday/Cargo.toml | 2 +- Friday/src/lib.rs | 12 +- mlcfgs/Friday.mlcfg | 2482 ++++++++++++++++++++----------------------- 4 files changed, 1208 insertions(+), 1387 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index 82a3beb7..fcad812a 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -81,6 +81,12 @@ dependencies = [ "winapi", ] +[[package]] +name = "autocfg" +version = "1.2.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f1fdabc7756949593fe60f30ec81974b613357de856987752631dea1e3394c80" + [[package]] name = "bitflags" version = "1.3.2" @@ -111,16 +117,17 @@ dependencies = [ [[package]] name = "creusot-contracts" version = "0.2.0" -source = "git+https://github.com/xldenis/creusot?rev=5cc6cdd6#5cc6cdd6a746fe40c06904e64bed8d54f3ad02fe" +source = "git+https://github.com/xldenis/creusot?rev=1357cc97#1357cc975fae2e4fd1e85b97ac7628d69abdc3e1" dependencies = [ "creusot-contracts-dummy", "creusot-contracts-proc", + "num-rational", ] [[package]] name = "creusot-contracts-dummy" version = "0.2.0" -source = "git+https://github.com/xldenis/creusot?rev=5cc6cdd6#5cc6cdd6a746fe40c06904e64bed8d54f3ad02fe" +source = "git+https://github.com/xldenis/creusot?rev=1357cc97#1357cc975fae2e4fd1e85b97ac7628d69abdc3e1" dependencies = [ "quote", ] @@ -128,7 +135,7 @@ dependencies = [ [[package]] name = "creusot-contracts-proc" version = "0.2.0" -source = "git+https://github.com/xldenis/creusot?rev=5cc6cdd6#5cc6cdd6a746fe40c06904e64bed8d54f3ad02fe" +source = "git+https://github.com/xldenis/creusot?rev=1357cc97#1357cc975fae2e4fd1e85b97ac7628d69abdc3e1" dependencies = [ "pearlite-syn", "proc-macro2", @@ -139,9 +146,9 @@ dependencies = [ [[package]] name = "getrandom" -version = "0.2.9" +version = "0.2.13" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c85e1d9ab2eadba7e5040d4e09cbd6d072b76a557ad64e797c2cb9d4da21d7e4" +checksum = "a06fddc2749e0528d2813f95e050e87e52c8cbbae56223b9babf73b3e53b0cc6" dependencies = [ "cfg-if", "libc", @@ -159,23 +166,61 @@ dependencies = [ [[package]] name = "libc" -version = "0.2.142" +version = "0.2.153" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a987beff54b60ffa6d51982e1aa1146bc42f19bd26be28b0586f252fccf5317" +checksum = "9c198f91728a82281a64e1f4f9eeb25d82cb32a5de251c6bd1b5154d63a8e7bd" [[package]] name = "log" -version = "0.4.17" +version = "0.4.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "90ed8c1e510134f979dbc4f070f87d4313098b704861a105fe34231c70a3901c" + +[[package]] +name = "num-bigint" +version = "0.3.3" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e" +checksum = "5f6f7833f2cbf2360a6cfd58cd41a53aa7a90bd4c202f5b1c7dd2ed73c57b2c3" dependencies = [ - "cfg-if", + "autocfg", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-rational" +version = "0.3.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "12ac428b1cb17fce6f731001d307d351ec70a6d202fc2e60f7d4c5e42d8f4f07" +dependencies = [ + "autocfg", + "num-bigint", + "num-integer", + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "da0df0e5185db44f69b44f26786fe401b6c293d1907744beaa7fa62b2e5a517a" +dependencies = [ + "autocfg", ] [[package]] name = "pearlite-syn" version = "0.2.0" -source = "git+https://github.com/xldenis/creusot?rev=5cc6cdd6#5cc6cdd6a746fe40c06904e64bed8d54f3ad02fe" +source = "git+https://github.com/xldenis/creusot?rev=1357cc97#1357cc975fae2e4fd1e85b97ac7628d69abdc3e1" dependencies = [ "proc-macro2", "quote", @@ -190,18 +235,18 @@ checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de" [[package]] name = "proc-macro2" -version = "1.0.56" +version = "1.0.79" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2b63bdb0cd06f1f4dedf69b254734f9b45af66e4a031e42a7480257d9898b435" +checksum = "e835ff2298f5721608eb1a980ecaee1aef2c132bf95ecc026a11b7bf3c01c02e" dependencies = [ "unicode-ident", ] [[package]] name = "quote" -version = "1.0.26" +version = "1.0.35" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4424af4bf778aae2051a77b60283332f386554255d722233d09fbfc7e30da2fc" +checksum = "291ec9ab5efd934aaf503a6466c5d5251535d108ee747472c3977cc5acc868ef" dependencies = [ "proc-macro2", ] @@ -244,9 +289,9 @@ checksum = "8ea5119cdb4c55b55d432abb513a0429384878c15dde60cc77b1c99de1a95a6a" [[package]] name = "syn" -version = "2.0.15" +version = "2.0.58" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a34fcf3e8b60f57e6a14301a2e916d323af98b0ea63c599441eec8558660c822" +checksum = "44cfb93f38070beee36b3fef7d4f5a16f27751d94b187b666a5cc5e9b0d30687" dependencies = [ "proc-macro2", "quote", @@ -255,9 +300,9 @@ dependencies = [ [[package]] name = "termcolor" -version = "1.2.0" +version = "1.4.1" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "be55cf8942feac5c765c2c993422806843c9a9a45d4d5c407ad6dd2ea95eb9b6" +checksum = "06794f8f6c5c898b3275aebefa6b8a1cb24cd2c6c79397ab15774837a0bc5755" dependencies = [ "winapi-util", ] @@ -273,21 +318,21 @@ dependencies = [ [[package]] name = "unicode-ident" -version = "1.0.8" +version = "1.0.12" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "e5464a87b239f13a63a501f2701565754bae92d243d4bb7eb12f6d57d2269bf4" +checksum = "3354b9ac3fae1ff6755cb6db53683adb661634f67557942dea4facebec0fee4b" [[package]] name = "unicode-width" -version = "0.1.10" +version = "0.1.11" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b" +checksum = "e51733f11c9c4f72aa0c160008246859e340b00807569a0da0e7a1079b27ba85" [[package]] name = "uuid" -version = "1.3.2" +version = "1.8.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4dad5567ad0cf5b760e5665964bec1b47dfd077ba8a2544b513f3556d3d239a2" +checksum = "a183cf7feeba97b4dd1c0d46788634f6221d87fa961b305bed08c851829efcc0" dependencies = [ "getrandom", ] @@ -322,9 +367,9 @@ checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" [[package]] name = "winapi-util" -version = "0.1.5" +version = "0.1.6" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "70ec6ce85bb158151cae5e5c87f95a8e97d2c0c4b001223f33a334e3ce5de178" +checksum = "f29e6f9198ba0d26b4c9f07dbe6f9ed633e1f3d5b8b414090084349e46a52596" dependencies = [ "winapi", ] diff --git a/Friday/Cargo.toml b/Friday/Cargo.toml index a440a8d7..af5a60e6 100644 --- a/Friday/Cargo.toml +++ b/Friday/Cargo.toml @@ -7,7 +7,7 @@ edition = "2021" [dependencies] #clap = "2.33.3" -creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "5cc6cdd6" } +creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "1357cc97" } [features] contracts = ["creusot-contracts/contracts"] diff --git a/Friday/src/lib.rs b/Friday/src/lib.rs index 85081296..33816ea7 100644 --- a/Friday/src/lib.rs +++ b/Friday/src/lib.rs @@ -30,6 +30,7 @@ pub struct Formula { impl Formula { #[predicate] + #[open(self)] fn invariant(self) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -38,6 +39,7 @@ impl Formula { } #[predicate] + #[open(self)] fn sat(self, a: Assignments) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -48,6 +50,7 @@ impl Formula { impl Clause { #[predicate] + #[open(self)] fn vars_in_range(self, n: Int) -> bool { pearlite! { forall 0 <= i && i < self.0@.len() ==> @@ -58,14 +61,16 @@ impl Clause { impl Lit { #[predicate] - fn var_in_range(self, n: Int) -> bool { + #[open] + pub fn var_in_range(self, n: Int) -> bool { pearlite! { self.var@ < n } } #[predicate] - fn sat(self, a: Assignments) -> bool { + #[open] + pub fn sat(self, a: Assignments) -> bool { pearlite! { a.0@[self.var@] == self.value } @@ -74,6 +79,7 @@ impl Lit { impl Assignments { #[predicate] + #[open] fn compatible(self, pa: Pasn) -> bool { pearlite! { pa.assign.0@.len() == self.0@.len() && @@ -85,6 +91,7 @@ impl Assignments { impl Pasn { #[predicate] + #[open] fn invariant(self, n: Int) -> bool { pearlite! { self.ix@ <= self.assign.0@.len() @@ -95,6 +102,7 @@ impl Pasn { impl Clause { #[predicate] + #[open(self)] fn sat(self, a: Assignments) -> bool { pearlite! { exists 0 <= i && i < self.0@.len() && diff --git a/mlcfgs/Friday.mlcfg b/mlcfgs/Friday.mlcfg index 0dc821b9..2ac9bdd6 100644 --- a/mlcfgs/Friday.mlcfg +++ b/mlcfgs/Friday.mlcfg @@ -17,17 +17,23 @@ module Core_Ptr_Unique_Unique_Type | C_Unique (Core_Ptr_NonNull_NonNull_Type.t_nonnull 't) (Core_Marker_PhantomData_Type.t_phantomdata 't) end -module Alloc_RawVec_RawVec_Type - use prelude.Int +module Alloc_RawVec_Cap_Type use prelude.UIntSize + use prelude.Int + type t_cap = + | C_Cap usize + +end +module Alloc_RawVec_RawVec_Type + use Alloc_RawVec_Cap_Type as Alloc_RawVec_Cap_Type use Core_Ptr_Unique_Unique_Type as Core_Ptr_Unique_Unique_Type type t_rawvec 't 'a = - | C_RawVec (Core_Ptr_Unique_Unique_Type.t_unique 't) usize 'a + | C_RawVec (Core_Ptr_Unique_Unique_Type.t_unique 't) (Alloc_RawVec_Cap_Type.t_cap) 'a end module Alloc_Vec_Vec_Type - use prelude.Int use prelude.UIntSize + use prelude.Int use Alloc_RawVec_RawVec_Type as Alloc_RawVec_RawVec_Type type t_vec 't 'a = | C_Vec (Alloc_RawVec_RawVec_Type.t_rawvec 't 'a) usize @@ -46,53 +52,83 @@ module Friday_Assignments_Type let function assignments_0 (self : t_assignments) : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Assignments a -> a end end -module Alloc_Vec_Impl11_Clone_Interface - type t - type a - use prelude.Borrow - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - val clone' (self : Alloc_Vec_Vec_Type.t_vec t a) : Alloc_Vec_Vec_Type.t_vec t a - ensures { result = self } +module Friday_Impl8_Clone + use seq.Seq + predicate invariant2 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : Seq.seq bool) : bool + ensures { result = invariant2 self } -end -module Friday_Impl8_Clone_Interface - use prelude.Borrow - use Friday_Assignments_Type as Friday_Assignments_Type - val clone' [#"../Friday/src/lib.rs" 13 9 13 14] (self : Friday_Assignments_Type.t_assignments) : Friday_Assignments_Type.t_assignments - ensures { [#"../Friday/src/lib.rs" 13 9 13 14] result = self } + predicate inv2 (_x : Seq.seq bool) + val inv2 (_x : Seq.seq bool) : bool + ensures { result = inv2 _x } -end -module Friday_Impl8_Clone - use prelude.Borrow - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type + axiom inv2 : forall x : Seq.seq bool . inv2 x = true + use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone Alloc_Vec_Impl11_Clone_Interface as Clone0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global + use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type + use prelude.Int + use prelude.UIntSize + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) + use seq.Seq + predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv1 _x } + + function shallow_model0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self} + ensures { result = shallow_model0 self } + + axiom shallow_model0_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv2 (shallow_model0 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model0 self) <= UIntSize.to_int max0) + predicate invariant1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv2 (shallow_model0 self) + val invariant1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant1 self } + + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant0 self } + + predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv0 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + use prelude.Borrow + val clone0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) + requires {inv0 self} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/clone.rs" 7 0 20 1] result = self } + ensures { inv1 result } + use Friday_Assignments_Type as Friday_Assignments_Type - let rec cfg clone' [#"../Friday/src/lib.rs" 13 9 13 14] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Assignments_Type.t_assignments) : Friday_Assignments_Type.t_assignments - ensures { [#"../Friday/src/lib.rs" 13 9 13 14] result = self } + let rec cfg clone' [#"../../../Friday/src/lib.rs" 13 9 13 14] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Assignments_Type.t_assignments) : Friday_Assignments_Type.t_assignments + ensures { [#"../../../Friday/src/lib.rs" 13 9 13 14] result = self } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Friday_Assignments_Type.t_assignments; - var self_1 : Friday_Assignments_Type.t_assignments; + var self : Friday_Assignments_Type.t_assignments = self; var _3 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); - var _4 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); + var _5 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); { - self_1 <- self; goto BB0 } BB0 { - _4 <- Friday_Assignments_Type.assignments_0 self_1; - _3 <- ([#"../Friday/src/lib.rs" 14 19 14 28] Clone0.clone' _4); + [#"../../../Friday/src/lib.rs" 13 9 13 14] _5 <- Friday_Assignments_Type.assignments_0 self; + [#"../../../Friday/src/lib.rs" 14 19 14 28] _3 <- ([#"../../../Friday/src/lib.rs" 14 19 14 28] clone0 _5); goto BB1 } BB1 { - _0 <- Friday_Assignments_Type.C_Assignments _3; + [#"../../../Friday/src/lib.rs" 13 9 13 14] _0 <- Friday_Assignments_Type.C_Assignments _3; + _3 <- any Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); goto BB2 } BB2 { @@ -101,70 +137,60 @@ module Friday_Impl8_Clone end module Friday_Pasn_Type - use prelude.Int use prelude.UIntSize + use prelude.Int use Friday_Assignments_Type as Friday_Assignments_Type type t_pasn = | C_Pasn (Friday_Assignments_Type.t_assignments) usize let function pasn_assign (self : t_pasn) : Friday_Assignments_Type.t_assignments = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Pasn a _ -> a end let function pasn_ix (self : t_pasn) : usize = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Pasn _ a -> a end end -module Core_Clone_Impls_Impl5_Clone_Interface - use prelude.Borrow - use prelude.Int - use prelude.UIntSize - val clone' (self : usize) : usize - ensures { result = self } - -end -module Friday_Impl9_Clone_Interface - use prelude.Borrow - use Friday_Pasn_Type as Friday_Pasn_Type - val clone' [#"../Friday/src/lib.rs" 21 9 21 14] (self : Friday_Pasn_Type.t_pasn) : Friday_Pasn_Type.t_pasn - ensures { [#"../Friday/src/lib.rs" 21 9 21 14] result = self } - -end module Friday_Impl9_Clone use prelude.Borrow - use prelude.Int use prelude.UIntSize - clone Core_Clone_Impls_Impl5_Clone_Interface as Clone1 + use prelude.Int use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl8_Clone_Interface as Clone0 + val clone1 (self : usize) : usize + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/clone.rs" 7 0 20 1] result = self } + + val clone0 [#"../../../Friday/src/lib.rs" 13 9 13 14] (self : Friday_Assignments_Type.t_assignments) : Friday_Assignments_Type.t_assignments + ensures { [#"../../../Friday/src/lib.rs" 13 9 13 14] result = self } + use Friday_Pasn_Type as Friday_Pasn_Type - let rec cfg clone' [#"../Friday/src/lib.rs" 21 9 21 14] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Pasn_Type.t_pasn) : Friday_Pasn_Type.t_pasn - ensures { [#"../Friday/src/lib.rs" 21 9 21 14] result = self } + let rec cfg clone' [#"../../../Friday/src/lib.rs" 21 9 21 14] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Pasn_Type.t_pasn) : Friday_Pasn_Type.t_pasn + ensures { [#"../../../Friday/src/lib.rs" 21 9 21 14] result = self } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Friday_Pasn_Type.t_pasn; - var self_1 : Friday_Pasn_Type.t_pasn; + var self : Friday_Pasn_Type.t_pasn = self; var _3 : Friday_Assignments_Type.t_assignments; - var _4 : Friday_Assignments_Type.t_assignments; - var _5 : usize; + var _5 : Friday_Assignments_Type.t_assignments; var _6 : usize; + var _8 : usize; { - self_1 <- self; goto BB0 } BB0 { - _4 <- Friday_Pasn_Type.pasn_assign self_1; - _3 <- ([#"../Friday/src/lib.rs" 23 4 23 23] Clone0.clone' _4); + [#"../../../Friday/src/lib.rs" 23 4 23 23] _5 <- Friday_Pasn_Type.pasn_assign self; + [#"../../../Friday/src/lib.rs" 23 4 23 23] _3 <- ([#"../../../Friday/src/lib.rs" 23 4 23 23] clone0 _5); goto BB1 } BB1 { - _6 <- Friday_Pasn_Type.pasn_ix self_1; - _5 <- ([#"../Friday/src/lib.rs" 24 4 24 13] Clone1.clone' _6); + [#"../../../Friday/src/lib.rs" 24 4 24 13] _8 <- Friday_Pasn_Type.pasn_ix self; + [#"../../../Friday/src/lib.rs" 24 4 24 13] _6 <- ([#"../../../Friday/src/lib.rs" 24 4 24 13] clone1 _8); goto BB2 } BB2 { - _0 <- Friday_Pasn_Type.C_Pasn _3 _5; + [#"../../../Friday/src/lib.rs" 21 9 21 14] _0 <- Friday_Pasn_Type.C_Pasn _3 _6; + _3 <- any Friday_Assignments_Type.t_assignments; + _6 <- any usize; goto BB3 } BB3 { @@ -173,17 +199,17 @@ module Friday_Impl9_Clone end module Friday_Lit_Type - use prelude.Int use prelude.UIntSize + use prelude.Int type t_lit = | C_Lit usize bool let function lit_var (self : t_lit) : usize = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Lit a _ -> a end let function lit_value (self : t_lit) : bool = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Lit _ a -> a end end @@ -197,13 +223,13 @@ module Friday_Clause_Type let function clause_0 (self : t_clause) : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Clause a -> a end end module Friday_Formula_Type - use prelude.Int use prelude.UIntSize + use prelude.Int use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Friday_Clause_Type as Friday_Clause_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type @@ -213,1290 +239,945 @@ module Friday_Formula_Type let function formula_clauses (self : t_formula) : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Formula a _ -> a end let function formula_num_vars (self : t_formula) : usize = [@vc:do_not_keep_trace] [@vc:sp] - match (self) with + match self with | C_Formula _ a -> a end end -module Core_Num_Impl11_Max_Stub - use prelude.Int - use prelude.UIntSize - val constant mAX' : usize -end -module Core_Num_Impl11_Max - use prelude.Int - use prelude.UIntSize - let constant mAX' : usize = [@vc:do_not_keep_trace] [@vc:sp] - (18446744073709551615 : usize) -end -module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub - type t - type a - use seq.Seq - use prelude.UIntSize - use prelude.Int - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t -end -module CreusotContracts_Std1_Vec_Impl0_ShallowModel_Interface - type t - type a - use seq.Seq - use prelude.UIntSize - use prelude.Int - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX' -end -module CreusotContracts_Std1_Vec_Impl0_ShallowModel - type t - type a +module Friday_Impl6_Eval use seq.Seq - use prelude.UIntSize - use prelude.Int - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - function shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t - val shallow_model (self : Alloc_Vec_Vec_Type.t_vec t a) : Seq.seq t - ensures { result = shallow_model self } + predicate invariant8 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant8 (self : Seq.seq bool) : bool + ensures { result = invariant8 self } - axiom shallow_model_spec : forall self : Alloc_Vec_Vec_Type.t_vec t a . Seq.length (shallow_model self) <= UIntSize.to_int Max0.mAX' -end -module Friday_Impl2_VarInRange_Stub - use prelude.Int - use Friday_Lit_Type as Friday_Lit_Type - predicate var_in_range [#"../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) -end -module Friday_Impl2_VarInRange_Interface - use prelude.Int - use Friday_Lit_Type as Friday_Lit_Type - predicate var_in_range [#"../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) -end -module Friday_Impl2_VarInRange - use prelude.Int - use prelude.UIntSize - use Friday_Lit_Type as Friday_Lit_Type - predicate var_in_range [#"../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) = - [#"../Friday/src/lib.rs" 63 12 63 25] UIntSize.to_int (Friday_Lit_Type.lit_var self) < n - val var_in_range [#"../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) : bool - ensures { result = var_in_range self n } + predicate inv8 (_x : Seq.seq bool) + val inv8 (_x : Seq.seq bool) : bool + ensures { result = inv8 _x } -end -module Friday_Impl1_VarsInRange_Stub - use prelude.Int - use Friday_Clause_Type as Friday_Clause_Type - predicate vars_in_range [#"../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) -end -module Friday_Impl1_VarsInRange_Interface - use prelude.Int - use Friday_Clause_Type as Friday_Clause_Type - predicate vars_in_range [#"../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) -end -module Friday_Impl1_VarsInRange - use prelude.Int - use seq.Seq - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Friday_Lit_Type as Friday_Lit_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - clone Friday_Impl2_VarInRange_Stub as VarInRange0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Clause_Type as Friday_Clause_Type - predicate vars_in_range [#"../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) = - [#"../Friday/src/lib.rs" 52 8 55 9] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (Friday_Clause_Type.clause_0 self)) -> VarInRange0.var_in_range (Seq.get (ShallowModel0.shallow_model (Friday_Clause_Type.clause_0 self)) i) n - val vars_in_range [#"../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) : bool - ensures { result = vars_in_range self n } - -end -module Friday_Impl0_Invariant_Stub - use Friday_Formula_Type as Friday_Formula_Type - predicate invariant' [#"../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) -end -module Friday_Impl0_Invariant_Interface - use Friday_Formula_Type as Friday_Formula_Type - predicate invariant' [#"../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) -end -module Friday_Impl0_Invariant - use prelude.Int - use seq.Seq + axiom inv8 : forall x : Seq.seq bool . inv8 x = true use prelude.UIntSize use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Friday_Clause_Type as Friday_Clause_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - clone Friday_Impl1_VarsInRange_Stub as VarsInRange0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Formula_Type as Friday_Formula_Type - predicate invariant' [#"../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) = - [#"../Friday/src/lib.rs" 34 8 37 9] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (Friday_Formula_Type.formula_clauses self)) -> VarsInRange0.vars_in_range (Seq.get (ShallowModel0.shallow_model (Friday_Formula_Type.formula_clauses self)) i) (UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)) - val invariant' [#"../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) : bool - ensures { result = invariant' self } - -end -module Friday_Impl2_Sat_Stub - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Lit_Type as Friday_Lit_Type - predicate sat [#"../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl2_Sat_Interface - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Lit_Type as Friday_Lit_Type - predicate sat [#"../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl2_Sat + use prelude.Int use prelude.UIntSize + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) use seq.Seq - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Assignments_Type as Friday_Assignments_Type + predicate inv7 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv7 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv7 _x } + + function shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv7 self} + ensures { result = shallow_model2 self } + + axiom shallow_model2_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv7 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv8 (shallow_model2 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model2 self) <= UIntSize.to_int max0) + predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv8 (shallow_model2 self) + val invariant7 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant7 self } + + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + predicate invariant6 (self : bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant6 (self : bool) : bool + ensures { result = invariant6 self } + + predicate inv6 (_x : bool) + val inv6 (_x : bool) : bool + ensures { result = inv6 _x } + + axiom inv6 : forall x : bool . inv6 x = true + predicate invariant5 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant5 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant5 self } + + predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv5 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv5 _x } + + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv5 x = true use Friday_Lit_Type as Friday_Lit_Type - predicate sat [#"../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) - - = - [#"../Friday/src/lib.rs" 70 12 70 41] Seq.get (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)) (UIntSize.to_int (Friday_Lit_Type.lit_var self)) = Friday_Lit_Type.lit_value self - val sat [#"../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) : bool - ensures { result = sat self a } - -end -module Friday_Impl5_Sat_Stub - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Clause_Type as Friday_Clause_Type - predicate sat [#"../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl5_Sat_Interface - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Clause_Type as Friday_Clause_Type - predicate sat [#"../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl5_Sat - use prelude.Int + predicate invariant4 (self : Friday_Lit_Type.t_lit) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant4 (self : Friday_Lit_Type.t_lit) : bool + ensures { result = invariant4 self } + + predicate inv4 (_x : Friday_Lit_Type.t_lit) + val inv4 (_x : Friday_Lit_Type.t_lit) : bool + ensures { result = inv4 _x } + + axiom inv4 : forall x : Friday_Lit_Type.t_lit . inv4 x = true + predicate invariant3 (self : usize) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant3 (self : usize) : bool + ensures { result = invariant3 self } + + predicate inv3 (_x : usize) + val inv3 (_x : usize) : bool + ensures { result = inv3 _x } + + axiom inv3 : forall x : usize . inv3 x = true + predicate invariant2 (self : Seq.seq (Friday_Lit_Type.t_lit)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = invariant2 self } + + predicate inv2 (_x : Seq.seq (Friday_Lit_Type.t_lit)) + val inv2 (_x : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = inv2 _x } + + axiom inv2 : forall x : Seq.seq (Friday_Lit_Type.t_lit) . inv2 x = true use seq.Seq - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Friday_Lit_Type as Friday_Lit_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl2_Sat_Stub as Sat0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Clause_Type as Friday_Clause_Type - predicate sat [#"../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) - - = - [#"../Friday/src/lib.rs" 99 8 102 9] exists i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (Friday_Clause_Type.clause_0 self)) /\ Sat0.sat (Seq.get (ShallowModel0.shallow_model (Friday_Clause_Type.clause_0 self)) i) a - val sat [#"../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool - ensures { result = sat self a } - -end -module Friday_Impl0_Sat_Stub - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Formula_Type as Friday_Formula_Type - predicate sat [#"../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl0_Sat_Interface - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Formula_Type as Friday_Formula_Type - predicate sat [#"../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) - -end -module Friday_Impl0_Sat - use prelude.Int + predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) + val inv1 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv1 _x } + + function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + + val shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self} + ensures { result = shallow_model1 self } + + axiom shallow_model1_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv2 (shallow_model1 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model1 self) <= UIntSize.to_int max0) + predicate invariant1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv2 (shallow_model1 self) + val invariant1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant1 self } + + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + predicate invariant0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant0 self } + + predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) + val inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Friday_Clause_Type as Friday_Clause_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl5_Sat_Stub as Sat0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Formula_Type as Friday_Formula_Type - predicate sat [#"../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) + predicate sat0 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) = - [#"../Friday/src/lib.rs" 42 8 45 9] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel0.shallow_model (Friday_Formula_Type.formula_clauses self)) -> Sat0.sat (Seq.get (ShallowModel0.shallow_model (Friday_Formula_Type.formula_clauses self)) i) a - val sat [#"../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool - ensures { result = sat self a } + [#"../../../Friday/src/lib.rs" 70 12 70 41] Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 a)) (UIntSize.to_int (Friday_Lit_Type.lit_var self)) = Friday_Lit_Type.lit_value self + val sat0 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat0 self a } -end -module Friday_Impl3_Compatible_Stub - use Friday_Pasn_Type as Friday_Pasn_Type - use Friday_Assignments_Type as Friday_Assignments_Type - predicate compatible [#"../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) - -end -module Friday_Impl3_Compatible_Interface - use Friday_Pasn_Type as Friday_Pasn_Type - use Friday_Assignments_Type as Friday_Assignments_Type - predicate compatible [#"../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) - -end -module Friday_Impl3_Compatible use seq.Seq - use prelude.Int - use prelude.UIntSize - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Pasn_Type as Friday_Pasn_Type - use Friday_Assignments_Type as Friday_Assignments_Type - predicate compatible [#"../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) + use Friday_Clause_Type as Friday_Clause_Type + predicate sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) = - [#"../Friday/src/lib.rs" 78 8 82 9] Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) = Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 self)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) -> Seq.get (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) i = Seq.get (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 self)) i) - val compatible [#"../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) : bool - ensures { result = compatible self pa } + [#"../../../Friday/src/lib.rs" 99 8 102 9] exists i : int . 0 <= i /\ i < Seq.length (shallow_model1 (Friday_Clause_Type.clause_0 self)) /\ sat0 (Seq.get (shallow_model1 (Friday_Clause_Type.clause_0 self)) i) a + val sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat1 self a } -end -module Friday_Impl4_Invariant_Stub - use prelude.Int - use Friday_Pasn_Type as Friday_Pasn_Type - predicate invariant' [#"../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) -end -module Friday_Impl4_Invariant_Interface - use prelude.Int - use Friday_Pasn_Type as Friday_Pasn_Type - predicate invariant' [#"../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) -end -module Friday_Impl4_Invariant - use prelude.Int - use prelude.UIntSize - use seq.Seq - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Pasn_Type as Friday_Pasn_Type - predicate invariant' [#"../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) = - [#"../Friday/src/lib.rs" 90 12 91 40] UIntSize.to_int (Friday_Pasn_Type.pasn_ix self) <= Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) /\ Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) = n - val invariant' [#"../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) : bool - ensures { result = invariant' self n } + predicate var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) = + [#"../../../Friday/src/lib.rs" 63 12 63 25] UIntSize.to_int (Friday_Lit_Type.lit_var self) < n + val var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) : bool + ensures { result = var_in_range0 self n } -end -module CreusotContracts_Model_ShallowModel_ShallowModelTy_Type - type self - type shallowModelTy -end -module CreusotContracts_Model_ShallowModel_ShallowModel_Stub - type self - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = self - function shallow_model (self : self) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_ShallowModel_ShallowModel_Interface - type self - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = self - function shallow_model (self : self) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_ShallowModel_ShallowModel - type self - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = self - function shallow_model (self : self) : ShallowModelTy0.shallowModelTy - val shallow_model (self : self) : ShallowModelTy0.shallowModelTy - ensures { result = shallow_model self } + predicate vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) = + [#"../../../Friday/src/lib.rs" 52 8 55 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model1 (Friday_Clause_Type.clause_0 self)) + -> var_in_range0 (Seq.get (shallow_model1 (Friday_Clause_Type.clause_0 self)) i) n + val vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) : bool + ensures { result = vars_in_range0 self n } -end -module CreusotContracts_Model_Impl1_ShallowModel_Stub - type t - use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - function shallow_model (self : t) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_Impl1_ShallowModel_Interface - type t use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - function shallow_model (self : t) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_Impl1_ShallowModel - type t - use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - clone CreusotContracts_Model_ShallowModel_ShallowModel_Stub as ShallowModel0 with - type self = t, - type ShallowModelTy0.shallowModelTy = ShallowModelTy0.shallowModelTy - function shallow_model (self : t) : ShallowModelTy0.shallowModelTy = - ShallowModel0.shallow_model self - val shallow_model (self : t) : ShallowModelTy0.shallowModelTy - ensures { result = shallow_model self } - -end -module Alloc_Vec_Impl1_Len_Interface - type t - type a - use prelude.UIntSize - use seq.Seq - use prelude.Borrow - use prelude.Int - use seq.Seq - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone CreusotContracts_Model_Impl1_ShallowModel_Stub as ShallowModel0 with - type t = Alloc_Vec_Vec_Type.t_vec t a, - type ShallowModelTy0.shallowModelTy = Seq.seq t - val len (self : Alloc_Vec_Vec_Type.t_vec t a) : usize - ensures { UIntSize.to_int result = Seq.length (ShallowModel0.shallow_model self) } + use prelude.Bool + use prelude.Slice + predicate has_value1 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 122 20 122 37] Seq.get seq (UIntSize.to_int self) = out + val has_value1 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) : bool + ensures { result = has_value1 self seq out } + + predicate in_bounds1 [@inline:trivial] (self : usize) (seq : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 115 20 115 37] UIntSize.to_int self < Seq.length seq + val in_bounds1 [@inline:trivial] (self : usize) (seq : Seq.seq bool) : bool + ensures { result = in_bounds1 self seq } + + function shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/model.rs" 79 8 79 31] shallow_model2 self + val shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + ensures { result = shallow_model4 self } + + val index1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) (index : usize) : bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 141 27 141 46] in_bounds1 index (shallow_model4 self)} + requires {inv5 self} + requires {inv3 index} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 142 26 142 54] has_value1 index (shallow_model4 self) result } + ensures { inv6 result } + + predicate has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Lit_Type.t_lit)) (out : Friday_Lit_Type.t_lit) -end -module CreusotContracts_Std1_Slice_SliceIndex_InBounds_Stub - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate in_bounds (self : self) (seq : ShallowModelTy0.shallowModelTy) -end -module CreusotContracts_Std1_Slice_SliceIndex_InBounds_Interface - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate in_bounds (self : self) (seq : ShallowModelTy0.shallowModelTy) -end -module CreusotContracts_Std1_Slice_SliceIndex_InBounds - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate in_bounds (self : self) (seq : ShallowModelTy0.shallowModelTy) - val in_bounds (self : self) (seq : ShallowModelTy0.shallowModelTy) : bool - ensures { result = in_bounds self seq } + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 122 20 122 37] Seq.get seq (UIntSize.to_int self) = out + val has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Lit_Type.t_lit)) (out : Friday_Lit_Type.t_lit) : bool + ensures { result = has_value0 self seq out } -end -module Core_Slice_Index_SliceIndex_Output_Type - type self - type t - type output -end -module CreusotContracts_Std1_Slice_SliceIndex_HasValue_Stub - type self - type t - clone Core_Slice_Index_SliceIndex_Output_Type as Output0 with - type self = self, - type t = t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate has_value (self : self) (seq : ShallowModelTy0.shallowModelTy) (out : Output0.output) -end -module CreusotContracts_Std1_Slice_SliceIndex_HasValue_Interface - type self - type t - clone Core_Slice_Index_SliceIndex_Output_Type as Output0 with - type self = self, - type t = t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate has_value (self : self) (seq : ShallowModelTy0.shallowModelTy) (out : Output0.output) -end -module CreusotContracts_Std1_Slice_SliceIndex_HasValue - type self - type t - clone Core_Slice_Index_SliceIndex_Output_Type as Output0 with - type self = self, - type t = t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate has_value (self : self) (seq : ShallowModelTy0.shallowModelTy) (out : Output0.output) - val has_value (self : self) (seq : ShallowModelTy0.shallowModelTy) (out : Output0.output) : bool - ensures { result = has_value self seq out } + predicate in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Lit_Type.t_lit)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 115 20 115 37] UIntSize.to_int self < Seq.length seq + val in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = in_bounds0 self seq } -end -module Alloc_Vec_Impl13_Index_Interface - type t - type i - type a - use prelude.Borrow - use prelude.Slice - use seq.Seq - use seq.Seq - clone Core_Slice_Index_SliceIndex_Output_Type as Output0 with - type self = i, - type t = slice t - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone CreusotContracts_Std1_Slice_SliceIndex_HasValue_Stub as HasValue0 with - type self = i, - type t = slice t, - type ShallowModelTy0.shallowModelTy = Seq.seq t, - type Output0.output = Output0.output - clone CreusotContracts_Std1_Slice_SliceIndex_InBounds_Stub as InBounds0 with - type self = i, - type t = slice t, - type ShallowModelTy0.shallowModelTy = Seq.seq t - clone CreusotContracts_Model_Impl1_ShallowModel_Stub as ShallowModel0 with - type t = Alloc_Vec_Vec_Type.t_vec t a, - type ShallowModelTy0.shallowModelTy = Seq.seq t - val index (self : Alloc_Vec_Vec_Type.t_vec t a) (index : i) : Output0.output - requires {InBounds0.in_bounds index (ShallowModel0.shallow_model self)} - ensures { HasValue0.has_value index (ShallowModel0.shallow_model self) result } + function shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) -end -module CreusotContracts_Std1_Slice_Impl5_InBounds_Stub - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) -end -module CreusotContracts_Std1_Slice_Impl5_InBounds_Interface - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) -end -module CreusotContracts_Std1_Slice_Impl5_InBounds - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) = - UIntSize.to_int self < Seq.length seq - val in_bounds [@inline:trivial] (self : usize) (seq : Seq.seq t) : bool - ensures { result = in_bounds self seq } + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/model.rs" 79 8 79 31] shallow_model1 self + val shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + ensures { result = shallow_model3 self } -end -module CreusotContracts_Std1_Slice_Impl5_HasValue_Stub - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) -end -module CreusotContracts_Std1_Slice_Impl5_HasValue_Interface - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) -end -module CreusotContracts_Std1_Slice_Impl5_HasValue - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) = - Seq.get seq (UIntSize.to_int self) = out - val has_value [@inline:trivial] (self : usize) (seq : Seq.seq t) (out : t) : bool - ensures { result = has_value self seq out } + val index0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) (index : usize) : Friday_Lit_Type.t_lit + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 141 27 141 46] in_bounds0 index (shallow_model3 self)} + requires {inv0 self} + requires {inv3 index} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 142 26 142 54] has_value0 index (shallow_model3 self) result } + ensures { inv4 result } -end -module Friday_Impl6_Eval_Interface - use seq.Seq - use prelude.Borrow - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - use Friday_Clause_Type as Friday_Clause_Type - use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl5_Sat_Stub as Sat0 - clone Friday_Impl1_VarsInRange_Stub as VarsInRange0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - val eval [#"../Friday/src/lib.rs" 109 4 109 43] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool - requires {[#"../Friday/src/lib.rs" 107 15 107 45] VarsInRange0.vars_in_range self (Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)))} - ensures { [#"../Friday/src/lib.rs" 108 14 108 36] result = Sat0.sat self a } + val len0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : usize + requires {inv0 self} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 75 26 75 48] UIntSize.to_int result = Seq.length (shallow_model3 self) } -end -module Friday_Impl6_Eval - use prelude.Borrow - use prelude.Int - use prelude.UIntSize - use seq.Seq - use prelude.Bool - use seq.Seq - clone CreusotContracts_Std1_Slice_Impl5_HasValue as HasValue1 with - type t = bool - clone CreusotContracts_Std1_Slice_Impl5_InBounds as InBounds1 with - type t = bool - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max as Max0 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone CreusotContracts_Model_Impl1_ShallowModel as ShallowModel3 with - type t = Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global), - type ShallowModelTy0.shallowModelTy = Seq.seq bool, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model - use Friday_Lit_Type as Friday_Lit_Type - clone CreusotContracts_Std1_Slice_Impl5_HasValue as HasValue0 with - type t = Friday_Lit_Type.t_lit - clone CreusotContracts_Std1_Slice_Impl5_InBounds as InBounds0 with - type t = Friday_Lit_Type.t_lit - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel1 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone CreusotContracts_Model_Impl1_ShallowModel as ShallowModel2 with - type t = Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global), - type ShallowModelTy0.shallowModelTy = Seq.seq (Friday_Lit_Type.t_lit), - function ShallowModel0.shallow_model = ShallowModel1.shallow_model - clone Friday_Impl2_VarInRange as VarInRange0 - clone Alloc_Vec_Impl13_Index_Interface as Index1 with - type t = bool, - type i = usize, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel3.shallow_model, - predicate InBounds0.in_bounds = InBounds1.in_bounds, - predicate HasValue0.has_value = HasValue1.has_value, - type Output0.output = bool - clone Alloc_Vec_Impl13_Index_Interface as Index0 with - type t = Friday_Lit_Type.t_lit, - type i = usize, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, - predicate InBounds0.in_bounds = InBounds0.in_bounds, - predicate HasValue0.has_value = HasValue0.has_value, - type Output0.output = Friday_Lit_Type.t_lit - use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl2_Sat as Sat1 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone Alloc_Vec_Impl1_Len_Interface as Len0 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel2.shallow_model - use Friday_Clause_Type as Friday_Clause_Type - clone Friday_Impl5_Sat as Sat0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate Sat0.sat = Sat1.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl1_VarsInRange as VarsInRange0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate VarInRange0.var_in_range = VarInRange0.var_in_range, - val Max0.mAX' = Max0.mAX' - let rec cfg eval [#"../Friday/src/lib.rs" 109 4 109 43] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool - requires {[#"../Friday/src/lib.rs" 107 15 107 45] VarsInRange0.vars_in_range self (Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)))} - ensures { [#"../Friday/src/lib.rs" 108 14 108 36] result = Sat0.sat self a } + let rec cfg eval [#"../../../Friday/src/lib.rs" 109 4 109 43] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + requires {[#"../../../Friday/src/lib.rs" 107 15 107 45] vars_in_range0 self (Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 a)))} + ensures { [#"../../../Friday/src/lib.rs" 108 14 108 36] result = sat1 self a } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; - var self_1 : Friday_Clause_Type.t_clause; - var a_2 : Friday_Assignments_Type.t_assignments; - var i_5 : usize; - var clause_len_6 : usize; - var _7 : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global); - var _8 : (); - var _11 : (); + var self : Friday_Clause_Type.t_clause = self; + var a : Friday_Assignments_Type.t_assignments = a; + var i : usize; + var clause_len : usize; var _12 : bool; - var _13 : usize; - var _14 : usize; - var _15 : (); var _16 : bool; - var _17 : bool; var _18 : bool; - var _19 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); - var _20 : usize; var _21 : Friday_Lit_Type.t_lit; - var _22 : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global); - var _23 : usize; - var _24 : bool; var _25 : Friday_Lit_Type.t_lit; - var _26 : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global); - var _27 : usize; - var _28 : (); - var _29 : (); - var _30 : (); - var _31 : (); { - self_1 <- self; - a_2 <- a; goto BB0 } BB0 { - i_5 <- ([#"../Friday/src/lib.rs" 110 27 110 28] (0 : usize)); - _7 <- Friday_Clause_Type.clause_0 self_1; - clause_len_6 <- ([#"../Friday/src/lib.rs" 111 25 111 37] Len0.len _7); + [#"../../../Friday/src/lib.rs" 110 27 110 28] i <- ([#"../../../Friday/src/lib.rs" 110 27 110 28] (0 : usize)); + [#"../../../Friday/src/lib.rs" 111 25 111 37] clause_len <- ([#"../../../Friday/src/lib.rs" 111 25 111 37] len0 (Friday_Clause_Type.clause_0 self)); goto BB1 } BB1 { goto BB2 } BB2 { - invariant { [#"../Friday/src/lib.rs" 112 8 112 77] forall j : int . 0 <= j /\ j < UIntSize.to_int i_5 -> not Sat1.sat (Seq.get (ShallowModel1.shallow_model (Friday_Clause_Type.clause_0 self_1)) j) a_2 }; - invariant { [#"../Friday/src/lib.rs" 113 20 113 37] UIntSize.to_int i_5 <= UIntSize.to_int clause_len_6 }; - _13 <- i_5; - _14 <- clause_len_6; - _12 <- ([#"../Friday/src/lib.rs" 114 14 114 28] _13 < _14); - switch (_12) - | False -> goto BB9 - | True -> goto BB3 - end + invariant { [#"../../../Friday/src/lib.rs" 112 8 112 77] forall j : int . 0 <= j /\ j < UIntSize.to_int i + -> not sat0 (Seq.get (shallow_model1 (Friday_Clause_Type.clause_0 self)) j) a }; + invariant { [#"../../../Friday/src/lib.rs" 113 20 113 37] UIntSize.to_int i <= UIntSize.to_int clause_len }; + goto BB3 } BB3 { - _19 <- Friday_Assignments_Type.assignments_0 a_2; - _22 <- Friday_Clause_Type.clause_0 self_1; - _23 <- i_5; - _21 <- ([#"../Friday/src/lib.rs" 115 19 115 28] Index0.index _22 _23); - goto BB4 + [#"../../../Friday/src/lib.rs" 114 14 114 28] _12 <- i < clause_len; + switch (_12) + | False -> goto BB10 + | True -> goto BB4 + end } BB4 { - _20 <- Friday_Lit_Type.lit_var _21; - _18 <- ([#"../Friday/src/lib.rs" 115 15 115 33] Index1.index _19 _20); + [#"../../../Friday/src/lib.rs" 115 25 115 28] _21 <- ([#"../../../Friday/src/lib.rs" 115 25 115 28] index0 (Friday_Clause_Type.clause_0 self) i); goto BB5 } BB5 { - _17 <- _18; - _26 <- Friday_Clause_Type.clause_0 self_1; - _27 <- i_5; - _25 <- ([#"../Friday/src/lib.rs" 115 37 115 46] Index0.index _26 _27); + [#"../../../Friday/src/lib.rs" 115 18 115 33] _18 <- ([#"../../../Friday/src/lib.rs" 115 18 115 33] index1 (Friday_Assignments_Type.assignments_0 a) (Friday_Lit_Type.lit_var _21)); goto BB6 } BB6 { - _24 <- Friday_Lit_Type.lit_value _25; - _16 <- ([#"../Friday/src/lib.rs" 115 15 115 52] Bool.eqb _17 _24); - switch (_16) - | False -> goto BB8 - | True -> goto BB7 - end + [#"../../../Friday/src/lib.rs" 115 43 115 46] _25 <- ([#"../../../Friday/src/lib.rs" 115 43 115 46] index0 (Friday_Clause_Type.clause_0 self) i); + goto BB7 } BB7 { - _0 <- ([#"../Friday/src/lib.rs" 116 23 116 27] true); - goto BB10 + [#"../../../Friday/src/lib.rs" 115 15 115 52] _16 <- Bool.eqb _18 (Friday_Lit_Type.lit_value _25); + switch (_16) + | False -> goto BB9 + | True -> goto BB8 + end } BB8 { - _15 <- (); - i_5 <- ([#"../Friday/src/lib.rs" 118 12 118 18] i_5 + ([#"../Friday/src/lib.rs" 118 17 118 18] (1 : usize))); - _11 <- (); - goto BB2 + [#"../../../Friday/src/lib.rs" 116 23 116 27] _0 <- ([#"../../../Friday/src/lib.rs" 116 23 116 27] true); + goto BB11 } BB9 { - _8 <- (); - _0 <- ([#"../Friday/src/lib.rs" 120 8 120 13] false); - goto BB10 + [#"../../../Friday/src/lib.rs" 118 12 118 18] i <- i + ([#"../../../Friday/src/lib.rs" 118 17 118 18] (1 : usize)); + goto BB2 } BB10 { + [#"../../../Friday/src/lib.rs" 120 8 120 13] _0 <- ([#"../../../Friday/src/lib.rs" 120 8 120 13] false); + goto BB11 + } + BB11 { return _0 } end -module Friday_Impl7_Eval_Interface +module Friday_Impl7_Eval + use Friday_Lit_Type as Friday_Lit_Type use seq.Seq + predicate invariant9 (self : Seq.seq (Friday_Lit_Type.t_lit)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant9 (self : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = invariant9 self } + + predicate inv8 (_x : Seq.seq (Friday_Lit_Type.t_lit)) + val inv8 (_x : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = inv8 _x } + + axiom inv8 : forall x : Seq.seq (Friday_Lit_Type.t_lit) . inv8 x = true use prelude.UIntSize - use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 + use prelude.Int + use prelude.UIntSize + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) + use seq.Seq + predicate inv7 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) + val inv7 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv7 _x } + + function shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + + val shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv7 self} + ensures { result = shallow_model3 self } + + axiom shallow_model3_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv7 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv8 (shallow_model3 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model3 self) <= UIntSize.to_int max0) + predicate invariant8 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv8 (shallow_model3 self) + val invariant8 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant8 self } + + axiom inv7 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . inv7 x = true + predicate invariant7 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant7 (self : Seq.seq bool) : bool + ensures { result = invariant7 self } + + predicate inv6 (_x : Seq.seq bool) + val inv6 (_x : Seq.seq bool) : bool + ensures { result = inv6 _x } + + axiom inv6 : forall x : Seq.seq bool . inv6 x = true + use seq.Seq + predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv5 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv5 _x } + + function shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self} + ensures { result = shallow_model2 self } + + axiom shallow_model2_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv6 (shallow_model2 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model2 self) <= UIntSize.to_int max0) + predicate invariant6 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv6 (shallow_model2 self) + val invariant6 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant6 self } + + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + use Friday_Clause_Type as Friday_Clause_Type + predicate invariant5 (self : Friday_Clause_Type.t_clause) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant5 (self : Friday_Clause_Type.t_clause) : bool + ensures { result = invariant5 self } + + predicate inv4 (_x : Friday_Clause_Type.t_clause) + val inv4 (_x : Friday_Clause_Type.t_clause) : bool + ensures { result = inv4 _x } + + axiom inv4 : forall x : Friday_Clause_Type.t_clause . inv4 x = true + predicate invariant4 (self : usize) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant4 (self : usize) : bool + ensures { result = invariant4 self } + + predicate inv3 (_x : usize) + val inv3 (_x : usize) : bool + ensures { result = inv3 _x } + + axiom inv3 : forall x : usize . inv3 x = true + predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant3 self } + + predicate inv2 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + val inv2 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv2 _x } + + axiom inv2 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . inv2 x = true + predicate invariant2 (self : Seq.seq (Friday_Clause_Type.t_clause)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = invariant2 self } + + predicate inv1 (_x : Seq.seq (Friday_Clause_Type.t_clause)) + val inv1 (_x : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = inv1 _x } + + axiom inv1 : forall x : Seq.seq (Friday_Clause_Type.t_clause) . inv1 x = true + use seq.Seq + predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + val inv0 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv0 _x } + + function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + + val shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv0 self} + ensures { result = shallow_model1 self } + + axiom shallow_model1_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv0 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv1 (shallow_model1 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model1 self) <= UIntSize.to_int max0) + predicate invariant1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv1 (shallow_model1 self) + val invariant1 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant1 self } + + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . inv0 x = true + use seq.Seq use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat_Stub as Sat0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone Friday_Impl0_Invariant_Stub as Invariant0 - val eval [#"../Friday/src/lib.rs" 128 4 128 43] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool - requires {[#"../Friday/src/lib.rs" 125 15 125 31] Invariant0.invariant' self} - requires {[#"../Friday/src/lib.rs" 126 15 126 43] Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)} - ensures { [#"../Friday/src/lib.rs" 127 14 127 36] result = Sat0.sat self a } + predicate sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 70 12 70 41] Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 a)) (UIntSize.to_int (Friday_Lit_Type.lit_var self)) = Friday_Lit_Type.lit_value self + val sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat2 self a } -end -module Friday_Impl7_Eval - use prelude.Borrow - use prelude.Int - use prelude.UIntSize use seq.Seq - use Friday_Lit_Type as Friday_Lit_Type - clone Friday_Impl2_VarInRange as VarInRange0 - use Friday_Clause_Type as Friday_Clause_Type - clone CreusotContracts_Std1_Slice_Impl5_HasValue as HasValue0 with - type t = Friday_Clause_Type.t_clause - clone CreusotContracts_Std1_Slice_Impl5_InBounds as InBounds0 with - type t = Friday_Clause_Type.t_clause + predicate sat0 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 99 8 102 9] exists i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Clause_Type.clause_0 self)) /\ sat2 (Seq.get (shallow_model3 (Friday_Clause_Type.clause_0 self)) i) a + val sat0 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat0 self a } + use seq.Seq - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max as Max0 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel1 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone CreusotContracts_Model_Impl1_ShallowModel as ShallowModel3 with - type t = Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global), - type ShallowModelTy0.shallowModelTy = Seq.seq (Friday_Clause_Type.t_clause), - function ShallowModel0.shallow_model = ShallowModel1.shallow_model - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl2_Sat as Sat2 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel2 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone Friday_Impl1_VarsInRange as VarsInRange0 with - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, - predicate VarInRange0.var_in_range = VarInRange0.var_in_range, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl5_Sat as Sat1 with - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, - predicate Sat0.sat = Sat2.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl6_Eval_Interface as Eval0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - predicate VarsInRange0.vars_in_range = VarsInRange0.vars_in_range, - predicate Sat0.sat = Sat1.sat, - val Max0.mAX' = Max0.mAX' - clone Alloc_Vec_Impl13_Index_Interface as Index0 with - type t = Friday_Clause_Type.t_clause, - type i = usize, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel3.shallow_model, - predicate InBounds0.in_bounds = InBounds0.in_bounds, - predicate HasValue0.has_value = HasValue0.has_value, - type Output0.output = Friday_Clause_Type.t_clause - clone Alloc_Vec_Impl1_Len_Interface as Len0 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel3.shallow_model use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat as Sat0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate Sat0.sat = Sat1.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl0_Invariant as Invariant0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate VarsInRange0.vars_in_range = VarsInRange0.vars_in_range, - val Max0.mAX' = Max0.mAX' - let rec cfg eval [#"../Friday/src/lib.rs" 128 4 128 43] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool - requires {[#"../Friday/src/lib.rs" 125 15 125 31] Invariant0.invariant' self} - requires {[#"../Friday/src/lib.rs" 126 15 126 43] Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)} - ensures { [#"../Friday/src/lib.rs" 127 14 127 36] result = Sat0.sat self a } + predicate sat1 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 42 8 45 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model1 (Friday_Formula_Type.formula_clauses self)) + -> sat0 (Seq.get (shallow_model1 (Friday_Formula_Type.formula_clauses self)) i) a + val sat1 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat1 self a } + + predicate var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) = + [#"../../../Friday/src/lib.rs" 63 12 63 25] UIntSize.to_int (Friday_Lit_Type.lit_var self) < n + val var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) : bool + ensures { result = var_in_range0 self n } + + predicate vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) = + [#"../../../Friday/src/lib.rs" 52 8 55 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Clause_Type.clause_0 self)) + -> var_in_range0 (Seq.get (shallow_model3 (Friday_Clause_Type.clause_0 self)) i) n + val vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) : bool + ensures { result = vars_in_range0 self n } + + predicate invariant0 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) = + [#"../../../Friday/src/lib.rs" 34 8 37 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model1 (Friday_Formula_Type.formula_clauses self)) + -> vars_in_range0 (Seq.get (shallow_model1 (Friday_Formula_Type.formula_clauses self)) i) (UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)) + val invariant0 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) : bool + ensures { result = invariant0 self } + + use prelude.Borrow + val eval0 [#"../../../Friday/src/lib.rs" 109 4 109 43] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + requires {[#"../../../Friday/src/lib.rs" 107 15 107 45] vars_in_range0 self (Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 a)))} + ensures { [#"../../../Friday/src/lib.rs" 108 14 108 36] result = sat0 self a } + + use prelude.Slice + predicate has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Clause_Type.t_clause)) (out : Friday_Clause_Type.t_clause) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 122 20 122 37] Seq.get seq (UIntSize.to_int self) = out + val has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Clause_Type.t_clause)) (out : Friday_Clause_Type.t_clause) : bool + ensures { result = has_value0 self seq out } + + predicate in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Clause_Type.t_clause)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 115 20 115 37] UIntSize.to_int self < Seq.length seq + val in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = in_bounds0 self seq } + + function shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/model.rs" 79 8 79 31] shallow_model1 self + val shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + ensures { result = shallow_model4 self } + + val index0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) (index : usize) : Friday_Clause_Type.t_clause + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 141 27 141 46] in_bounds0 index (shallow_model4 self)} + requires {inv2 self} + requires {inv3 index} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 142 26 142 54] has_value0 index (shallow_model4 self) result } + ensures { inv4 result } + + val len0 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : usize + requires {inv2 self} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 75 26 75 48] UIntSize.to_int result = Seq.length (shallow_model4 self) } + + let rec cfg eval [#"../../../Friday/src/lib.rs" 128 4 128 43] [@cfg:stackify] [@cfg:subregion_analysis] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool + requires {[#"../../../Friday/src/lib.rs" 125 15 125 31] invariant0 self} + requires {[#"../../../Friday/src/lib.rs" 126 15 126 43] Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)} + ensures { [#"../../../Friday/src/lib.rs" 127 14 127 36] result = sat1 self a } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; - var self_1 : Friday_Formula_Type.t_formula; - var a_2 : Friday_Assignments_Type.t_assignments; - var i_6 : usize; - var _7 : (); - var _9 : (); + var self : Friday_Formula_Type.t_formula = self; + var a : Friday_Assignments_Type.t_assignments = a; + var i : usize; var _10 : bool; - var _11 : usize; var _12 : usize; - var _13 : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); - var _14 : (); var _15 : bool; - var _16 : bool; var _17 : Friday_Clause_Type.t_clause; - var _18 : Friday_Clause_Type.t_clause; - var _19 : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); - var _20 : usize; - var _21 : Friday_Assignments_Type.t_assignments; - var _22 : (); - var _23 : (); - var _24 : (); - var _25 : (); { - self_1 <- self; - a_2 <- a; goto BB0 } BB0 { - i_6 <- ([#"../Friday/src/lib.rs" 129 27 129 28] (0 : usize)); + [#"../../../Friday/src/lib.rs" 129 27 129 28] i <- ([#"../../../Friday/src/lib.rs" 129 27 129 28] (0 : usize)); goto BB1 } BB1 { - invariant { [#"../Friday/src/lib.rs" 130 8 130 82] forall j : int . 0 <= j /\ j < UIntSize.to_int i_6 -> Sat1.sat (Seq.get (ShallowModel1.shallow_model (Friday_Formula_Type.formula_clauses self_1)) j) a_2 }; - _11 <- i_6; - _13 <- Friday_Formula_Type.formula_clauses self_1; - _12 <- ([#"../Friday/src/lib.rs" 131 18 131 36] Len0.len _13); + invariant { [#"../../../Friday/src/lib.rs" 130 8 130 82] forall j : int . 0 <= j /\ j < UIntSize.to_int i + -> sat0 (Seq.get (shallow_model1 (Friday_Formula_Type.formula_clauses self)) j) a }; goto BB2 } BB2 { - _10 <- ([#"../Friday/src/lib.rs" 131 14 131 36] _11 < _12); - switch (_10) - | False -> goto BB8 - | True -> goto BB3 - end + [#"../../../Friday/src/lib.rs" 131 18 131 36] _12 <- ([#"../../../Friday/src/lib.rs" 131 18 131 36] len0 (Friday_Formula_Type.formula_clauses self)); + goto BB3 } BB3 { - _19 <- Friday_Formula_Type.formula_clauses self_1; - _20 <- i_6; - _18 <- ([#"../Friday/src/lib.rs" 132 16 132 31] Index0.index _19 _20); - goto BB4 + [#"../../../Friday/src/lib.rs" 131 14 131 36] _10 <- i < _12; + _12 <- any usize; + switch (_10) + | False -> goto BB9 + | True -> goto BB4 + end } BB4 { - _17 <- _18; - _21 <- a_2; - _16 <- ([#"../Friday/src/lib.rs" 132 16 132 39] Eval0.eval _17 _21); + [#"../../../Friday/src/lib.rs" 132 28 132 31] _17 <- ([#"../../../Friday/src/lib.rs" 132 28 132 31] index0 (Friday_Formula_Type.formula_clauses self) i); goto BB5 } BB5 { - _15 <- not _16; - switch (_15) - | False -> goto BB7 - | True -> goto BB6 - end + [#"../../../Friday/src/lib.rs" 132 16 132 39] _15 <- ([#"../../../Friday/src/lib.rs" 132 16 132 39] eval0 _17 a); + goto BB6 } BB6 { - _0 <- ([#"../Friday/src/lib.rs" 133 23 133 28] false); - goto BB9 + switch (_15) + | False -> goto BB8 + | True -> goto BB7 + end } BB7 { - _14 <- (); - i_6 <- ([#"../Friday/src/lib.rs" 135 12 135 18] i_6 + ([#"../Friday/src/lib.rs" 135 17 135 18] (1 : usize))); - _9 <- (); + [#"../../../Friday/src/lib.rs" 135 12 135 18] i <- i + ([#"../../../Friday/src/lib.rs" 135 17 135 18] (1 : usize)); goto BB1 } BB8 { - _7 <- (); - _0 <- ([#"../Friday/src/lib.rs" 137 8 137 12] true); - goto BB9 + [#"../../../Friday/src/lib.rs" 133 23 133 28] _0 <- ([#"../../../Friday/src/lib.rs" 133 23 133 28] false); + goto BB10 } BB9 { + [#"../../../Friday/src/lib.rs" 137 8 137 12] _0 <- ([#"../../../Friday/src/lib.rs" 137 8 137 12] true); + goto BB10 + } + BB10 { return _0 } end -module Core_Usize_Max_Stub - use prelude.Int - use prelude.UIntSize - val constant mAX' : usize -end -module Core_Usize_Max - use prelude.Int - use prelude.UIntSize - let constant mAX' : usize = [@vc:do_not_keep_trace] [@vc:sp] - (18446744073709551615 : usize) -end -module CreusotContracts_Resolve_Impl1_Resolve_Stub - type t - use prelude.Borrow - predicate resolve (self : borrowed t) -end -module CreusotContracts_Resolve_Impl1_Resolve_Interface - type t - use prelude.Borrow - predicate resolve (self : borrowed t) -end -module CreusotContracts_Resolve_Impl1_Resolve - type t - use prelude.Borrow - predicate resolve (self : borrowed t) = - ^ self = * self - val resolve (self : borrowed t) : bool - ensures { result = resolve self } - -end -module CreusotContracts_Model_Impl3_ShallowModel_Stub - type t - use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - function shallow_model (self : borrowed t) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_Impl3_ShallowModel_Interface - type t - use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - function shallow_model (self : borrowed t) : ShallowModelTy0.shallowModelTy -end -module CreusotContracts_Model_Impl3_ShallowModel - type t - use prelude.Borrow - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - clone CreusotContracts_Model_ShallowModel_ShallowModel_Stub as ShallowModel0 with - type self = t, - type ShallowModelTy0.shallowModelTy = ShallowModelTy0.shallowModelTy - function shallow_model (self : borrowed t) : ShallowModelTy0.shallowModelTy = - ShallowModel0.shallow_model ( * self) - val shallow_model (self : borrowed t) : ShallowModelTy0.shallowModelTy - ensures { result = shallow_model self } - -end -module CreusotContracts_Std1_Slice_SliceIndex_ResolveElswhere_Stub - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate resolve_elswhere (self : self) (old' : ShallowModelTy0.shallowModelTy) (fin : ShallowModelTy0.shallowModelTy) - -end -module CreusotContracts_Std1_Slice_SliceIndex_ResolveElswhere_Interface - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate resolve_elswhere (self : self) (old' : ShallowModelTy0.shallowModelTy) (fin : ShallowModelTy0.shallowModelTy) - -end -module CreusotContracts_Std1_Slice_SliceIndex_ResolveElswhere - type self - type t - clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with - type self = t - predicate resolve_elswhere (self : self) (old' : ShallowModelTy0.shallowModelTy) (fin : ShallowModelTy0.shallowModelTy) - - val resolve_elswhere (self : self) (old' : ShallowModelTy0.shallowModelTy) (fin : ShallowModelTy0.shallowModelTy) : bool - ensures { result = resolve_elswhere self old' fin } - -end -module Alloc_Vec_Impl14_IndexMut_Interface - type t - type i - type a - use prelude.Borrow - use seq.Seq - use prelude.Slice - clone Core_Num_Impl11_Max_Stub as Max0 +module Friday_SetNext use seq.Seq - clone Core_Slice_Index_SliceIndex_Output_Type as Output0 with - type self = i, - type t = slice t - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone CreusotContracts_Std1_Slice_SliceIndex_ResolveElswhere_Stub as ResolveElswhere0 with - type self = i, - type t = slice t, - type ShallowModelTy0.shallowModelTy = Seq.seq t - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel1 with - type t = t, - type a = a, - val Max0.mAX' = Max0.mAX', - axiom . - clone CreusotContracts_Std1_Slice_SliceIndex_HasValue_Stub as HasValue0 with - type self = i, - type t = slice t, - type ShallowModelTy0.shallowModelTy = Seq.seq t, - type Output0.output = Output0.output - clone CreusotContracts_Std1_Slice_SliceIndex_InBounds_Stub as InBounds0 with - type self = i, - type t = slice t, - type ShallowModelTy0.shallowModelTy = Seq.seq t - clone CreusotContracts_Model_Impl3_ShallowModel_Stub as ShallowModel0 with - type t = Alloc_Vec_Vec_Type.t_vec t a, - type ShallowModelTy0.shallowModelTy = Seq.seq t - val index_mut (self : borrowed (Alloc_Vec_Vec_Type.t_vec t a)) (index : i) : borrowed Output0.output - requires {InBounds0.in_bounds index (ShallowModel0.shallow_model self)} - ensures { HasValue0.has_value index (ShallowModel0.shallow_model self) ( * result) } - ensures { HasValue0.has_value index (ShallowModel1.shallow_model ( ^ self)) ( ^ result) } - ensures { ResolveElswhere0.resolve_elswhere index (ShallowModel0.shallow_model self) (ShallowModel1.shallow_model ( ^ self)) } - ensures { Seq.length (ShallowModel1.shallow_model ( ^ self)) = Seq.length (ShallowModel0.shallow_model self) } + predicate invariant4 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant4 (self : Seq.seq bool) : bool + ensures { result = invariant4 self } -end -module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere_Stub - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) -end -module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere_Interface - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) -end -module CreusotContracts_Std1_Slice_Impl5_ResolveElswhere - type t - use prelude.Int - use prelude.UIntSize - use seq.Seq - predicate resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) = - forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' -> Seq.get old' i = Seq.get fin i - val resolve_elswhere [@inline:trivial] (self : usize) (old' : Seq.seq t) (fin : Seq.seq t) : bool - ensures { result = resolve_elswhere self old' fin } + predicate inv4 (_x : Seq.seq bool) + val inv4 (_x : Seq.seq bool) : bool + ensures { result = inv4 _x } -end -module Friday_SetNext_Interface + axiom inv4 : forall x : Seq.seq bool . inv4 x = true use prelude.UIntSize - use seq.Seq - use prelude.Int - use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max1 - use Friday_Pasn_Type as Friday_Pasn_Type - use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl3_Compatible_Stub as Compatible0 - clone Core_Usize_Max_Stub as Max0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max1.mAX', - axiom . - val set_next [#"../Friday/src/lib.rs" 146 0 146 39] (pa : Friday_Pasn_Type.t_pasn) (b : bool) : Friday_Pasn_Type.t_pasn - requires {[#"../Friday/src/lib.rs" 141 11 141 38] UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) < Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa)))} - requires {[#"../Friday/src/lib.rs" 142 11 142 44] Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) <= UIntSize.to_int Max0.mAX'} - ensures { [#"../Friday/src/lib.rs" 143 0 143 41] Compatible0.compatible (Friday_Pasn_Type.pasn_assign result) pa } - ensures { [#"../Friday/src/lib.rs" 144 10 144 39] Seq.get (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign result))) (UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)) = b } - ensures { [#"../Friday/src/lib.rs" 145 10 145 34] UIntSize.to_int (Friday_Pasn_Type.pasn_ix result) = UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + 1 } - -end -module Friday_SetNext - use prelude.Borrow use prelude.Int use prelude.UIntSize + let constant max1 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) use seq.Seq + predicate inv3 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv3 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv3 _x } + + function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self} + ensures { result = shallow_model1 self } + + axiom shallow_model1_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv4 (shallow_model1 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model1 self) <= UIntSize.to_int max1) + predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv4 (shallow_model1 self) + val invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant3 self } + + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + use prelude.Borrow + predicate invariant2 (self : borrowed bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : borrowed bool) : bool + ensures { result = invariant2 self } + + predicate inv2 (_x : borrowed bool) + val inv2 (_x : borrowed bool) : bool + ensures { result = inv2 _x } + + axiom inv2 : forall x : borrowed bool . inv2 x = true + predicate invariant1 (self : usize) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant1 (self : usize) : bool + ensures { result = invariant1 self } + + predicate inv1 (_x : usize) + val inv1 (_x : usize) : bool + ensures { result = inv1 _x } + + axiom inv1 : forall x : usize . inv1 x = true + predicate invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : bool + ensures { result = invariant0 self } + + predicate inv0 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) + val inv0 (_x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) . inv0 x = true use seq.Seq - clone CreusotContracts_Std1_Slice_Impl5_ResolveElswhere as ResolveElswhere0 with - type t = bool - clone CreusotContracts_Std1_Slice_Impl5_HasValue as HasValue0 with - type t = bool - clone CreusotContracts_Std1_Slice_Impl5_InBounds as InBounds0 with - type t = bool - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max as Max1 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max1.mAX', - axiom . - clone CreusotContracts_Model_Impl3_ShallowModel as ShallowModel1 with - type t = Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global), - type ShallowModelTy0.shallowModelTy = Seq.seq bool, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model - clone CreusotContracts_Resolve_Impl1_Resolve as Resolve0 with - type t = bool - clone Alloc_Vec_Impl14_IndexMut_Interface as IndexMut0 with - type t = bool, - type i = usize, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate InBounds0.in_bounds = InBounds0.in_bounds, - predicate HasValue0.has_value = HasValue0.has_value, - function ShallowModel1.shallow_model = ShallowModel0.shallow_model, - predicate ResolveElswhere0.resolve_elswhere = ResolveElswhere0.resolve_elswhere, - type Output0.output = bool, - val Max0.mAX' = Max1.mAX' use Friday_Pasn_Type as Friday_Pasn_Type - clone Friday_Impl9_Clone_Interface as Clone0 use Friday_Assignments_Type as Friday_Assignments_Type - clone Friday_Impl3_Compatible as Compatible0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max1.mAX' - clone Core_Usize_Max as Max0 - let rec cfg set_next [#"../Friday/src/lib.rs" 146 0 146 39] [@cfg:stackify] [@cfg:subregion_analysis] (pa : Friday_Pasn_Type.t_pasn) (b : bool) : Friday_Pasn_Type.t_pasn - requires {[#"../Friday/src/lib.rs" 141 11 141 38] UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) < Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa)))} - requires {[#"../Friday/src/lib.rs" 142 11 142 44] Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) <= UIntSize.to_int Max0.mAX'} - ensures { [#"../Friday/src/lib.rs" 143 0 143 41] Compatible0.compatible (Friday_Pasn_Type.pasn_assign result) pa } - ensures { [#"../Friday/src/lib.rs" 144 10 144 39] Seq.get (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign result))) (UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)) = b } - ensures { [#"../Friday/src/lib.rs" 145 10 145 34] UIntSize.to_int (Friday_Pasn_Type.pasn_ix result) = UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + 1 } + predicate compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) + + = + [#"../../../Friday/src/lib.rs" 78 8 82 9] Seq.length (shallow_model1 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) = Seq.length (shallow_model1 (Friday_Assignments_Type.assignments_0 self)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + -> Seq.get (shallow_model1 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) i = Seq.get (shallow_model1 (Friday_Assignments_Type.assignments_0 self)) i) + val compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) : bool + ensures { result = compatible0 self pa } + + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) + predicate resolve0 (self : borrowed bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/resolve.rs" 26 20 26 34] ^ self = * self + val resolve0 (self : borrowed bool) : bool + ensures { result = resolve0 self } + + use prelude.Slice + predicate resolve_elswhere0 [@inline:trivial] (self : usize) (old' : Seq.seq bool) (fin : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 129 8 129 96] forall i : int . 0 <= i /\ i <> UIntSize.to_int self /\ i < Seq.length old' + -> Seq.get old' i = Seq.get fin i + val resolve_elswhere0 [@inline:trivial] (self : usize) (old' : Seq.seq bool) (fin : Seq.seq bool) : bool + ensures { result = resolve_elswhere0 self old' fin } + + predicate has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 122 20 122 37] Seq.get seq (UIntSize.to_int self) = out + val has_value0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) (out : bool) : bool + ensures { result = has_value0 self seq out } + + predicate in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/slice.rs" 115 20 115 37] UIntSize.to_int self < Seq.length seq + val in_bounds0 [@inline:trivial] (self : usize) (seq : Seq.seq bool) : bool + ensures { result = in_bounds0 self seq } + + function shallow_model2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : Seq.seq bool + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/model.rs" 97 8 97 31] shallow_model1 ( * self) + val shallow_model2 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) : Seq.seq bool + ensures { result = shallow_model2 self } + + val index_mut0 (self : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))) (index : usize) : borrowed bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 132 27 132 46] in_bounds0 index (shallow_model2 self)} + requires {inv0 self} + requires {inv1 index} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 133 26 133 54] has_value0 index (shallow_model2 self) ( * result) } + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 134 26 134 57] has_value0 index (shallow_model1 ( ^ self)) ( ^ result) } + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 135 26 135 62] resolve_elswhere0 index (shallow_model2 self) (shallow_model1 ( ^ self)) } + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 136 26 136 55] Seq.length (shallow_model1 ( ^ self)) = Seq.length (shallow_model2 self) } + ensures { inv2 result } + + val clone0 [#"../../../Friday/src/lib.rs" 21 9 21 14] (self : Friday_Pasn_Type.t_pasn) : Friday_Pasn_Type.t_pasn + ensures { [#"../../../Friday/src/lib.rs" 21 9 21 14] result = self } + + let rec cfg set_next [#"../../../Friday/src/lib.rs" 146 0 146 39] [@cfg:stackify] [@cfg:subregion_analysis] (pa : Friday_Pasn_Type.t_pasn) (b : bool) : Friday_Pasn_Type.t_pasn + requires {[#"../../../Friday/src/lib.rs" 141 11 141 38] UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) < Seq.length (shallow_model1 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa)))} + requires {[#"../../../Friday/src/lib.rs" 142 11 142 44] Seq.length (shallow_model1 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) <= UIntSize.to_int max0} + ensures { [#"../../../Friday/src/lib.rs" 143 0 143 41] compatible0 (Friday_Pasn_Type.pasn_assign result) pa } + ensures { [#"../../../Friday/src/lib.rs" 144 10 144 39] Seq.get (shallow_model1 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign result))) (UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)) = b } + ensures { [#"../../../Friday/src/lib.rs" 145 10 145 34] UIntSize.to_int (Friday_Pasn_Type.pasn_ix result) = UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + 1 } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : Friday_Pasn_Type.t_pasn; - var pa_1 : Friday_Pasn_Type.t_pasn; - var b_2 : bool; - var new_pa_8 : Friday_Pasn_Type.t_pasn; - var _9 : Friday_Pasn_Type.t_pasn; - var _10 : bool; + var pa : Friday_Pasn_Type.t_pasn = pa; + var b : bool = b; + var new_pa : Friday_Pasn_Type.t_pasn; var _11 : borrowed bool; var _12 : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); - var _13 : usize; { - pa_1 <- pa; - b_2 <- b; goto BB0 } BB0 { - _9 <- pa_1; - new_pa_8 <- ([#"../Friday/src/lib.rs" 147 21 147 31] Clone0.clone' _9); + [#"../../../Friday/src/lib.rs" 147 21 147 31] new_pa <- ([#"../../../Friday/src/lib.rs" 147 21 147 31] clone0 pa); goto BB1 } BB1 { - _10 <- b_2; - _12 <- borrow_mut (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign new_pa_8)); - new_pa_8 <- (let Friday_Pasn_Type.C_Pasn a b = new_pa_8 in Friday_Pasn_Type.C_Pasn (let Friday_Assignments_Type.C_Assignments a = Friday_Pasn_Type.pasn_assign new_pa_8 in Friday_Assignments_Type.C_Assignments ( ^ _12)) b); - _13 <- Friday_Pasn_Type.pasn_ix pa_1; - _11 <- ([#"../Friday/src/lib.rs" 148 4 148 26] IndexMut0.index_mut _12 _13); + [#"../../../Friday/src/lib.rs" 148 4 148 19] _12 <- Borrow.borrow_mut (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign new_pa)); + [#"../../../Friday/src/lib.rs" 148 4 148 19] new_pa <- (let Friday_Pasn_Type.C_Pasn x0 x1 = new_pa in Friday_Pasn_Type.C_Pasn (let Friday_Assignments_Type.C_Assignments x0 = Friday_Pasn_Type.pasn_assign new_pa in Friday_Assignments_Type.C_Assignments ( ^ _12)) x1); + [#"../../../Friday/src/lib.rs" 148 19 148 26] _11 <- ([#"../../../Friday/src/lib.rs" 148 19 148 26] index_mut0 _12 (Friday_Pasn_Type.pasn_ix pa)); + _12 <- any borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); goto BB2 } BB2 { - _11 <- { _11 with current = _10 }; - _10 <- any bool; - assume { Resolve0.resolve _11 }; - new_pa_8 <- (let Friday_Pasn_Type.C_Pasn a b = new_pa_8 in Friday_Pasn_Type.C_Pasn a ([#"../Friday/src/lib.rs" 149 4 149 18] Friday_Pasn_Type.pasn_ix new_pa_8 + ([#"../Friday/src/lib.rs" 149 17 149 18] (1 : usize)))); - _0 <- new_pa_8; - new_pa_8 <- any Friday_Pasn_Type.t_pasn; + [#"../../../Friday/src/lib.rs" 148 4 148 30] _11 <- { _11 with current = b ; }; + assume { resolve0 _11 }; + [#"../../../Friday/src/lib.rs" 149 4 149 18] new_pa <- (let Friday_Pasn_Type.C_Pasn x0 x1 = new_pa in Friday_Pasn_Type.C_Pasn x0 (Friday_Pasn_Type.pasn_ix new_pa + ([#"../../../Friday/src/lib.rs" 149 17 149 18] (1 : usize)))); + [#"../../../Friday/src/lib.rs" 150 4 150 10] _0 <- new_pa; + new_pa <- any Friday_Pasn_Type.t_pasn; goto BB3 } BB3 { return _0 } -end -module Friday_Solve_Interface - use prelude.UIntSize - use prelude.Int - use prelude.Borrow - use Friday_Pasn_Type as Friday_Pasn_Type - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat_Stub as Sat0 - clone Friday_Impl3_Compatible_Stub as Compatible0 - clone Friday_Impl0_Invariant_Stub as Invariant1 - clone Friday_Impl4_Invariant_Stub as Invariant0 - val solve [#"../Friday/src/lib.rs" 157 0 157 39] (f : Friday_Formula_Type.t_formula) (pa : Friday_Pasn_Type.t_pasn) : bool - requires {[#"../Friday/src/lib.rs" 154 11 154 36] Invariant0.invariant' pa (UIntSize.to_int (Friday_Formula_Type.formula_num_vars f))} - requires {[#"../Friday/src/lib.rs" 155 11 155 24] Invariant1.invariant' f} - ensures { [#"../Friday/src/lib.rs" 156 10 156 76] (not result) = (forall a : Friday_Assignments_Type.t_assignments . Compatible0.compatible a pa -> not Sat0.sat f a) } - end module Friday_Solve - use prelude.Borrow + use Friday_Lit_Type as Friday_Lit_Type + use seq.Seq + predicate invariant8 (self : Seq.seq (Friday_Lit_Type.t_lit)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant8 (self : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = invariant8 self } + + predicate inv6 (_x : Seq.seq (Friday_Lit_Type.t_lit)) + val inv6 (_x : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = inv6 _x } + + axiom inv6 : forall x : Seq.seq (Friday_Lit_Type.t_lit) . inv6 x = true + use prelude.UIntSize + use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type + use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type use prelude.Int use prelude.UIntSize + let constant max1 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) + use seq.Seq + predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) + val inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv5 _x } + + function shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + + val shallow_model4 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self} + ensures { result = shallow_model4 self } + + axiom shallow_model4_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv6 (shallow_model4 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model4 self) <= UIntSize.to_int max1) + predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv6 (shallow_model4 self) + val invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant7 self } + + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + use Friday_Clause_Type as Friday_Clause_Type + predicate invariant6 (self : Seq.seq (Friday_Clause_Type.t_clause)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant6 (self : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = invariant6 self } + + predicate inv4 (_x : Seq.seq (Friday_Clause_Type.t_clause)) + val inv4 (_x : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = inv4 _x } + + axiom inv4 : forall x : Seq.seq (Friday_Clause_Type.t_clause) . inv4 x = true + use seq.Seq + predicate inv3 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + val inv3 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv3 _x } + + function shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + + val shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self} + ensures { result = shallow_model3 self } + + axiom shallow_model3_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv4 (shallow_model3 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model3 self) <= UIntSize.to_int max1) + predicate invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv4 (shallow_model3 self) + val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant5 self } + + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + predicate invariant4 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant4 (self : Seq.seq bool) : bool + ensures { result = invariant4 self } + + predicate inv2 (_x : Seq.seq bool) + val inv2 (_x : Seq.seq bool) : bool + ensures { result = inv2 _x } + + axiom inv2 : forall x : Seq.seq bool . inv2 x = true + use seq.Seq + predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv1 _x } + + function shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self} + ensures { result = shallow_model2 self } + + axiom shallow_model2_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv2 (shallow_model2 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model2 self) <= UIntSize.to_int max1) + predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv2 (shallow_model2 self) + val invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant3 self } + + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + predicate invariant2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant2 self } + + predicate inv0 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv0 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv0 x = true use seq.Seq - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max as Max0 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Lit_Type as Friday_Lit_Type - clone Friday_Impl2_Sat as Sat2 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl2_VarInRange as VarInRange0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel3 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone Core_Usize_Max as Max1 + predicate sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 70 12 70 41] Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 a)) (UIntSize.to_int (Friday_Lit_Type.lit_var self)) = Friday_Lit_Type.lit_value self + val sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat2 self a } + + use seq.Seq + predicate sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 99 8 102 9] exists i : int . 0 <= i /\ i < Seq.length (shallow_model4 (Friday_Clause_Type.clause_0 self)) /\ sat2 (Seq.get (shallow_model4 (Friday_Clause_Type.clause_0 self)) i) a + val sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat1 self a } + use seq.Seq - clone CreusotContracts_Model_Impl1_ShallowModel as ShallowModel2 with - type t = Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global), - type ShallowModelTy0.shallowModelTy = Seq.seq bool, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model - use Friday_Clause_Type as Friday_Clause_Type - clone Friday_Impl5_Sat as Sat1 with - function ShallowModel0.shallow_model = ShallowModel3.shallow_model, - predicate Sat0.sat = Sat2.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl1_VarsInRange as VarsInRange0 with - function ShallowModel0.shallow_model = ShallowModel3.shallow_model, - predicate VarInRange0.var_in_range = VarInRange0.var_in_range, - val Max0.mAX' = Max0.mAX' - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel1 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Pasn_Type as Friday_Pasn_Type - clone Friday_Impl3_Compatible as Compatible0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone Friday_SetNext_Interface as SetNext0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max1.mAX', - predicate Compatible0.compatible = Compatible0.compatible, - val Max1.mAX' = Max0.mAX' use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat as Sat0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate Sat0.sat = Sat1.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl0_Invariant as Invariant1 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate VarsInRange0.vars_in_range = VarsInRange0.vars_in_range, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl7_Eval_Interface as Eval0 with - predicate Invariant0.invariant' = Invariant1.invariant', - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - predicate Sat0.sat = Sat0.sat, - val Max0.mAX' = Max0.mAX' - clone Alloc_Vec_Impl1_Len_Interface as Len0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - function ShallowModel0.shallow_model = ShallowModel2.shallow_model - clone Friday_Impl4_Invariant as Invariant0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - let rec cfg solve [#"../Friday/src/lib.rs" 157 0 157 39] [@cfg:stackify] [@cfg:subregion_analysis] (f : Friday_Formula_Type.t_formula) (pa : Friday_Pasn_Type.t_pasn) : bool - requires {[#"../Friday/src/lib.rs" 154 11 154 36] Invariant0.invariant' pa (UIntSize.to_int (Friday_Formula_Type.formula_num_vars f))} - requires {[#"../Friday/src/lib.rs" 155 11 155 24] Invariant1.invariant' f} - ensures { [#"../Friday/src/lib.rs" 156 10 156 76] (not result) = (forall a : Friday_Assignments_Type.t_assignments . Compatible0.compatible a pa -> not Sat0.sat f a) } - variant {[#"../Friday/src/lib.rs" 153 0 153 32] UIntSize.to_int (Friday_Formula_Type.formula_num_vars f) - UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)} + predicate sat0 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 42 8 45 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Formula_Type.formula_clauses self)) + -> sat1 (Seq.get (shallow_model3 (Friday_Formula_Type.formula_clauses self)) i) a + val sat0 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat0 self a } + + use Friday_Pasn_Type as Friday_Pasn_Type + predicate compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) + + = + [#"../../../Friday/src/lib.rs" 78 8 82 9] Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) = Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 self)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + -> Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) i = Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 self)) i) + val compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) : bool + ensures { result = compatible0 self pa } + + predicate var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) = + [#"../../../Friday/src/lib.rs" 63 12 63 25] UIntSize.to_int (Friday_Lit_Type.lit_var self) < n + val var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) : bool + ensures { result = var_in_range0 self n } + + predicate vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) = + [#"../../../Friday/src/lib.rs" 52 8 55 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model4 (Friday_Clause_Type.clause_0 self)) + -> var_in_range0 (Seq.get (shallow_model4 (Friday_Clause_Type.clause_0 self)) i) n + val vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) : bool + ensures { result = vars_in_range0 self n } + + predicate invariant1 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) = + [#"../../../Friday/src/lib.rs" 34 8 37 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Formula_Type.formula_clauses self)) + -> vars_in_range0 (Seq.get (shallow_model3 (Friday_Formula_Type.formula_clauses self)) i) (UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)) + val invariant1 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) : bool + ensures { result = invariant1 self } + + predicate invariant0 [#"../../../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) = + [#"../../../Friday/src/lib.rs" 90 12 91 40] UIntSize.to_int (Friday_Pasn_Type.pasn_ix self) <= Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) /\ Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) = n + val invariant0 [#"../../../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) : bool + ensures { result = invariant0 self n } + + use prelude.Borrow + val eval0 [#"../../../Friday/src/lib.rs" 128 4 128 43] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool + requires {[#"../../../Friday/src/lib.rs" 125 15 125 31] invariant1 self} + requires {[#"../../../Friday/src/lib.rs" 126 15 126 43] Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)} + ensures { [#"../../../Friday/src/lib.rs" 127 14 127 36] result = sat0 self a } + + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) + val set_next0 [#"../../../Friday/src/lib.rs" 146 0 146 39] (pa : Friday_Pasn_Type.t_pasn) (b : bool) : Friday_Pasn_Type.t_pasn + requires {[#"../../../Friday/src/lib.rs" 141 11 141 38] UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) < Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa)))} + requires {[#"../../../Friday/src/lib.rs" 142 11 142 44] Seq.length (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) <= UIntSize.to_int max0} + ensures { [#"../../../Friday/src/lib.rs" 143 0 143 41] compatible0 (Friday_Pasn_Type.pasn_assign result) pa } + ensures { [#"../../../Friday/src/lib.rs" 144 10 144 39] Seq.get (shallow_model2 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign result))) (UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)) = b } + ensures { [#"../../../Friday/src/lib.rs" 145 10 145 34] UIntSize.to_int (Friday_Pasn_Type.pasn_ix result) = UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + 1 } + + function shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/model.rs" 79 8 79 31] shallow_model2 self + val shallow_model1 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + ensures { result = shallow_model1 self } + + val len0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : usize + requires {inv0 self} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 75 26 75 48] UIntSize.to_int result = Seq.length (shallow_model1 self) } + + let rec cfg solve [#"../../../Friday/src/lib.rs" 157 0 157 39] [@cfg:stackify] [@cfg:subregion_analysis] (f : Friday_Formula_Type.t_formula) (pa : Friday_Pasn_Type.t_pasn) : bool + requires {[#"../../../Friday/src/lib.rs" 154 11 154 36] invariant0 pa (UIntSize.to_int (Friday_Formula_Type.formula_num_vars f))} + requires {[#"../../../Friday/src/lib.rs" 155 11 155 24] invariant1 f} + ensures { [#"../../../Friday/src/lib.rs" 156 10 156 76] (not result) = (forall a : Friday_Assignments_Type.t_assignments . compatible0 a pa + -> not sat0 f a) } + variant {[#"../../../Friday/src/lib.rs" 153 0 153 32] UIntSize.to_int (Friday_Formula_Type.formula_num_vars f) - UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa)} = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; - var f_1 : Friday_Formula_Type.t_formula; - var pa_2 : Friday_Pasn_Type.t_pasn; - var _7 : (); + var f : Friday_Formula_Type.t_formula = f; + var pa : Friday_Pasn_Type.t_pasn = pa; var _8 : bool; - var _9 : usize; var _10 : usize; - var _11 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); - var _12 : (); - var _13 : Friday_Formula_Type.t_formula; - var _14 : Friday_Assignments_Type.t_assignments; var _15 : Friday_Assignments_Type.t_assignments; var _16 : bool; - var _17 : Friday_Formula_Type.t_formula; var _18 : Friday_Pasn_Type.t_pasn; - var _19 : Friday_Pasn_Type.t_pasn; var _20 : Friday_Pasn_Type.t_pasn; - var _21 : bool; - var _22 : Friday_Formula_Type.t_formula; - var _23 : Friday_Pasn_Type.t_pasn; + var _22 : Friday_Pasn_Type.t_pasn; var _24 : Friday_Pasn_Type.t_pasn; - var _25 : Friday_Pasn_Type.t_pasn; { - f_1 <- f; - pa_2 <- pa; goto BB0 } BB0 { @@ -1506,246 +1187,291 @@ module Friday_Solve goto BB2 } BB2 { - _9 <- Friday_Pasn_Type.pasn_ix pa_2; - _11 <- Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa_2); - _10 <- ([#"../Friday/src/lib.rs" 158 16 158 33] Len0.len _11); + [#"../../../Friday/src/lib.rs" 158 16 158 33] _10 <- ([#"../../../Friday/src/lib.rs" 158 16 158 33] len0 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))); goto BB3 } BB3 { - _8 <- ([#"../Friday/src/lib.rs" 158 7 158 33] _9 = _10); + [#"../../../Friday/src/lib.rs" 158 7 158 33] _8 <- Friday_Pasn_Type.pasn_ix pa = _10; + _10 <- any usize; switch (_8) | False -> goto BB6 | True -> goto BB4 end } BB4 { - _13 <- f_1; - _15 <- Friday_Pasn_Type.pasn_assign pa_2; - _14 <- _15; - _0 <- ([#"../Friday/src/lib.rs" 159 15 159 33] Eval0.eval _13 _14); + [#"../../../Friday/src/lib.rs" 159 22 159 32] _15 <- Friday_Pasn_Type.pasn_assign pa; + [#"../../../Friday/src/lib.rs" 159 15 159 33] _0 <- ([#"../../../Friday/src/lib.rs" 159 15 159 33] eval0 f _15); goto BB5 } BB5 { - goto BB14 + goto BB15 } BB6 { - _7 <- (); - _17 <- f_1; - _20 <- pa_2; - _19 <- _20; - _18 <- ([#"../Friday/src/lib.rs" 161 13 161 32] SetNext0.set_next _19 ([#"../Friday/src/lib.rs" 161 27 161 31] true)); - goto BB10 + [#"../../../Friday/src/lib.rs" 161 22 161 25] _20 <- pa; + [#"../../../Friday/src/lib.rs" 161 13 161 32] _18 <- ([#"../../../Friday/src/lib.rs" 161 13 161 32] set_next0 _20 ([#"../../../Friday/src/lib.rs" 161 27 161 31] true)); + goto BB7 } BB7 { - _0 <- ([#"../Friday/src/lib.rs" 161 4 161 67] true); - goto BB9 + [#"../../../Friday/src/lib.rs" 161 4 161 33] _16 <- ([#"../../../Friday/src/lib.rs" 161 4 161 33] solve f _18); + _18 <- any Friday_Pasn_Type.t_pasn; + goto BB8 } BB8 { - _22 <- f_1; - _25 <- pa_2; - _24 <- _25; - _23 <- ([#"../Friday/src/lib.rs" 161 46 161 66] SetNext0.set_next _24 ([#"../Friday/src/lib.rs" 161 60 161 65] false)); - goto BB12 + switch (_16) + | False -> goto BB10 + | True -> goto BB9 + end } BB9 { + [#"../../../Friday/src/lib.rs" 161 4 161 67] _0 <- ([#"../../../Friday/src/lib.rs" 161 4 161 67] true); goto BB14 } BB10 { - _16 <- ([#"../Friday/src/lib.rs" 161 4 161 33] solve _17 _18); goto BB11 } BB11 { - switch (_16) - | False -> goto BB8 - | True -> goto BB7 - end + [#"../../../Friday/src/lib.rs" 161 55 161 58] _24 <- pa; + [#"../../../Friday/src/lib.rs" 161 46 161 66] _22 <- ([#"../../../Friday/src/lib.rs" 161 46 161 66] set_next0 _24 ([#"../../../Friday/src/lib.rs" 161 60 161 65] false)); + goto BB12 } BB12 { - _21 <- ([#"../Friday/src/lib.rs" 161 37 161 67] solve _22 _23); + [#"../../../Friday/src/lib.rs" 161 37 161 67] _0 <- ([#"../../../Friday/src/lib.rs" 161 37 161 67] solve f _22); + _22 <- any Friday_Pasn_Type.t_pasn; goto BB13 } BB13 { - _0 <- _21; - _21 <- any bool; - goto BB9 + goto BB14 } BB14 { + goto BB15 + } + BB15 { return _0 } end -module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub - type t - type s - use prelude.Int - function index_logic [@inline:trivial] (self : s) (ix : int) : t -end -module CreusotContracts_Logic_Ops_Impl0_IndexLogic_Interface - type t - type s - use prelude.Int - function index_logic [@inline:trivial] (self : s) (ix : int) : t -end -module CreusotContracts_Logic_Ops_Impl0_IndexLogic - type t - type s - use prelude.Int - use seq.Seq +module Friday_Solver + use Friday_Lit_Type as Friday_Lit_Type use seq.Seq - clone CreusotContracts_Model_ShallowModel_ShallowModel_Stub as ShallowModel0 with - type self = s, - type ShallowModelTy0.shallowModelTy = Seq.seq t - function index_logic [@inline:trivial] (self : s) (ix : int) : t = - Seq.get (ShallowModel0.shallow_model self) ix - val index_logic [@inline:trivial] (self : s) (ix : int) : t - ensures { result = index_logic self ix } + predicate invariant8 (self : Seq.seq (Friday_Lit_Type.t_lit)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant8 (self : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = invariant8 self } -end -module Alloc_Vec_FromElem_Interface - type t - use seq.Seq - use prelude.UIntSize - use prelude.Int - clone Core_Num_Impl11_Max_Stub as Max0 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone CreusotContracts_Logic_Ops_Impl0_IndexLogic_Stub as IndexLogic0 with - type t = t, - type s = Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = t, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - val from_elem (elem : t) (n : usize) : Alloc_Vec_Vec_Type.t_vec t (Alloc_Alloc_Global_Type.t_global) - ensures { Seq.length (ShallowModel0.shallow_model result) = UIntSize.to_int n } - ensures { forall i : int . 0 <= i /\ i < UIntSize.to_int n -> IndexLogic0.index_logic result i = elem } + predicate inv6 (_x : Seq.seq (Friday_Lit_Type.t_lit)) + val inv6 (_x : Seq.seq (Friday_Lit_Type.t_lit)) : bool + ensures { result = inv6 _x } -end -module Friday_Solver_Interface - use seq.Seq + axiom inv6 : forall x : Seq.seq (Friday_Lit_Type.t_lit) . inv6 x = true use prelude.UIntSize - use prelude.Borrow use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max_Stub as Max0 - use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat_Stub as Sat0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel_Stub as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - clone Friday_Impl0_Invariant_Stub as Invariant0 - val solver [#"../Friday/src/lib.rs" 168 0 168 34] (f : Friday_Formula_Type.t_formula) : bool - requires {[#"../Friday/src/lib.rs" 164 11 164 24] Invariant0.invariant' f} - ensures { [#"../Friday/src/lib.rs" 165 0 166 33] not result -> (forall a : Friday_Assignments_Type.t_assignments . Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars f) -> not Sat0.sat f a) } - ensures { [#"../Friday/src/lib.rs" 167 0 167 55] result -> (exists a : Friday_Assignments_Type.t_assignments . Sat0.sat f a) } - -end -module Friday_Solver - use prelude.Borrow use prelude.Int use prelude.UIntSize + let constant max0 : usize = [@vc:do_not_keep_trace] [@vc:sp] + (18446744073709551615 : usize) use seq.Seq + predicate inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) + val inv5 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv5 _x } + + function shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + + val shallow_model3 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Lit_Type.t_lit) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self} + ensures { result = shallow_model3 self } + + axiom shallow_model3_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv5 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv6 (shallow_model3 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model3 self) <= UIntSize.to_int max0) + predicate invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv6 (shallow_model3 self) + val invariant7 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant7 self } + + axiom inv5 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Lit_Type.t_lit) (Alloc_Alloc_Global_Type.t_global) . inv5 x = true + use Friday_Clause_Type as Friday_Clause_Type + predicate invariant6 (self : Seq.seq (Friday_Clause_Type.t_clause)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant6 (self : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = invariant6 self } + + predicate inv4 (_x : Seq.seq (Friday_Clause_Type.t_clause)) + val inv4 (_x : Seq.seq (Friday_Clause_Type.t_clause)) : bool + ensures { result = inv4 _x } + + axiom inv4 : forall x : Seq.seq (Friday_Clause_Type.t_clause) . inv4 x = true + use seq.Seq + predicate inv3 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + val inv3 (_x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv3 _x } + + function shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + + val shallow_model2 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : Seq.seq (Friday_Clause_Type.t_clause) + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self} + ensures { result = shallow_model2 self } + + axiom shallow_model2_spec : forall self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv3 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv4 (shallow_model2 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model2 self) <= UIntSize.to_int max0) + predicate invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv4 (shallow_model2 self) + val invariant5 (self : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant5 self } + + axiom inv3 : forall x : Alloc_Vec_Vec_Type.t_vec (Friday_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global) . inv3 x = true + predicate invariant4 (self : Seq.seq bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant4 (self : Seq.seq bool) : bool + ensures { result = invariant4 self } + + predicate inv2 (_x : Seq.seq bool) + val inv2 (_x : Seq.seq bool) : bool + ensures { result = inv2 _x } + + axiom inv2 : forall x : Seq.seq bool . inv2 x = true + use seq.Seq + predicate inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) + val inv1 (_x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = inv1 _x } + + function shallow_model0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + val shallow_model0 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : Seq.seq bool + requires {[#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self} + ensures { result = shallow_model0 self } + + axiom shallow_model0_spec : forall self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 21 19 25] inv1 self) + -> ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 19 4 19 36] inv2 (shallow_model0 self)) && ([#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 18 14 18 41] Seq.length (shallow_model0 self) <= UIntSize.to_int max0) + predicate invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 60 20 60 41] inv2 (shallow_model0 self) + val invariant3 (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) : bool + ensures { result = invariant3 self } + + axiom inv1 : forall x : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) . inv1 x = true + predicate invariant2 (self : bool) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant2 (self : bool) : bool + ensures { result = invariant2 self } + + predicate inv0 (_x : bool) + val inv0 (_x : bool) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : bool . inv0 x = true use seq.Seq - use Alloc_Vec_Vec_Type as Alloc_Vec_Vec_Type - clone Core_Num_Impl11_Max as Max0 - use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel0 with - type t = bool, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . use Friday_Assignments_Type as Friday_Assignments_Type - use Friday_Lit_Type as Friday_Lit_Type - clone Friday_Impl2_Sat as Sat2 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl2_VarInRange as VarInRange0 - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel2 with - type t = Friday_Lit_Type.t_lit, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . - use Friday_Pasn_Type as Friday_Pasn_Type - clone Friday_Impl3_Compatible as Compatible0 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl4_Invariant as Invariant1 with - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - val Max0.mAX' = Max0.mAX' - clone CreusotContracts_Logic_Ops_Impl0_IndexLogic as IndexLogic0 with - type t = bool, - type s = Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global), - function ShallowModel0.shallow_model = ShallowModel0.shallow_model - use Friday_Clause_Type as Friday_Clause_Type - clone Friday_Impl5_Sat as Sat1 with - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, - predicate Sat0.sat = Sat2.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl1_VarsInRange as VarsInRange0 with - function ShallowModel0.shallow_model = ShallowModel2.shallow_model, - predicate VarInRange0.var_in_range = VarInRange0.var_in_range, - val Max0.mAX' = Max0.mAX' - clone CreusotContracts_Std1_Vec_Impl0_ShallowModel as ShallowModel1 with - type t = Friday_Clause_Type.t_clause, - type a = Alloc_Alloc_Global_Type.t_global, - val Max0.mAX' = Max0.mAX', - axiom . + predicate sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 70 12 70 41] Seq.get (shallow_model0 (Friday_Assignments_Type.assignments_0 a)) (UIntSize.to_int (Friday_Lit_Type.lit_var self)) = Friday_Lit_Type.lit_value self + val sat2 [#"../../../Friday/src/lib.rs" 68 4 68 40] (self : Friday_Lit_Type.t_lit) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat2 self a } + + use seq.Seq + predicate sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 99 8 102 9] exists i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Clause_Type.clause_0 self)) /\ sat2 (Seq.get (shallow_model3 (Friday_Clause_Type.clause_0 self)) i) a + val sat1 [#"../../../Friday/src/lib.rs" 98 4 98 40] (self : Friday_Clause_Type.t_clause) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat1 self a } + + use seq.Seq use Friday_Formula_Type as Friday_Formula_Type - clone Friday_Impl0_Sat as Sat0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate Sat0.sat = Sat1.sat, - val Max0.mAX' = Max0.mAX' - clone Friday_Impl0_Invariant as Invariant0 with - function ShallowModel0.shallow_model = ShallowModel1.shallow_model, - predicate VarsInRange0.vars_in_range = VarsInRange0.vars_in_range, - val Max0.mAX' = Max0.mAX' - clone Friday_Solve_Interface as Solve0 with - predicate Invariant0.invariant' = Invariant1.invariant', - predicate Invariant1.invariant' = Invariant0.invariant', - predicate Compatible0.compatible = Compatible0.compatible, - predicate Sat0.sat = Sat0.sat - clone Alloc_Vec_FromElem_Interface as FromElem0 with - type t = bool, - function ShallowModel0.shallow_model = ShallowModel0.shallow_model, - function IndexLogic0.index_logic = IndexLogic0.index_logic, - val Max0.mAX' = Max0.mAX' - let rec cfg solver [#"../Friday/src/lib.rs" 168 0 168 34] [@cfg:stackify] [@cfg:subregion_analysis] (f : Friday_Formula_Type.t_formula) : bool - requires {[#"../Friday/src/lib.rs" 164 11 164 24] Invariant0.invariant' f} - ensures { [#"../Friday/src/lib.rs" 165 0 166 33] not result -> (forall a : Friday_Assignments_Type.t_assignments . Seq.length (ShallowModel0.shallow_model (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars f) -> not Sat0.sat f a) } - ensures { [#"../Friday/src/lib.rs" 167 0 167 55] result -> (exists a : Friday_Assignments_Type.t_assignments . Sat0.sat f a) } + predicate sat0 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) + + = + [#"../../../Friday/src/lib.rs" 42 8 45 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model2 (Friday_Formula_Type.formula_clauses self)) + -> sat1 (Seq.get (shallow_model2 (Friday_Formula_Type.formula_clauses self)) i) a + val sat0 [#"../../../Friday/src/lib.rs" 41 4 41 40] (self : Friday_Formula_Type.t_formula) (a : Friday_Assignments_Type.t_assignments) : bool + ensures { result = sat0 self a } + + predicate var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) = + [#"../../../Friday/src/lib.rs" 63 12 63 25] UIntSize.to_int (Friday_Lit_Type.lit_var self) < n + val var_in_range0 [#"../../../Friday/src/lib.rs" 61 4 61 41] (self : Friday_Lit_Type.t_lit) (n : int) : bool + ensures { result = var_in_range0 self n } + + predicate vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) = + [#"../../../Friday/src/lib.rs" 52 8 55 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model3 (Friday_Clause_Type.clause_0 self)) + -> var_in_range0 (Seq.get (shallow_model3 (Friday_Clause_Type.clause_0 self)) i) n + val vars_in_range0 [#"../../../Friday/src/lib.rs" 51 4 51 42] (self : Friday_Clause_Type.t_clause) (n : int) : bool + ensures { result = vars_in_range0 self n } + + predicate invariant0 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) = + [#"../../../Friday/src/lib.rs" 34 8 37 9] forall i : int . 0 <= i /\ i < Seq.length (shallow_model2 (Friday_Formula_Type.formula_clauses self)) + -> vars_in_range0 (Seq.get (shallow_model2 (Friday_Formula_Type.formula_clauses self)) i) (UIntSize.to_int (Friday_Formula_Type.formula_num_vars self)) + val invariant0 [#"../../../Friday/src/lib.rs" 33 4 33 30] (self : Friday_Formula_Type.t_formula) : bool + ensures { result = invariant0 self } + + use prelude.Borrow + use Friday_Pasn_Type as Friday_Pasn_Type + predicate compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) + + = + [#"../../../Friday/src/lib.rs" 78 8 82 9] Seq.length (shallow_model0 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) = Seq.length (shallow_model0 (Friday_Assignments_Type.assignments_0 self)) /\ (forall i : int . 0 <= i /\ i < UIntSize.to_int (Friday_Pasn_Type.pasn_ix pa) + -> Seq.get (shallow_model0 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign pa))) i = Seq.get (shallow_model0 (Friday_Assignments_Type.assignments_0 self)) i) + val compatible0 [#"../../../Friday/src/lib.rs" 77 4 77 41] (self : Friday_Assignments_Type.t_assignments) (pa : Friday_Pasn_Type.t_pasn) : bool + ensures { result = compatible0 self pa } + + predicate invariant1 [#"../../../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) = + [#"../../../Friday/src/lib.rs" 90 12 91 40] UIntSize.to_int (Friday_Pasn_Type.pasn_ix self) <= Seq.length (shallow_model0 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) /\ Seq.length (shallow_model0 (Friday_Assignments_Type.assignments_0 (Friday_Pasn_Type.pasn_assign self))) = n + val invariant1 [#"../../../Friday/src/lib.rs" 88 4 88 38] (self : Friday_Pasn_Type.t_pasn) (n : int) : bool + ensures { result = invariant1 self n } + + val solve0 [#"../../../Friday/src/lib.rs" 157 0 157 39] (f : Friday_Formula_Type.t_formula) (pa : Friday_Pasn_Type.t_pasn) : bool + requires {[#"../../../Friday/src/lib.rs" 154 11 154 36] invariant1 pa (UIntSize.to_int (Friday_Formula_Type.formula_num_vars f))} + requires {[#"../../../Friday/src/lib.rs" 155 11 155 24] invariant0 f} + ensures { [#"../../../Friday/src/lib.rs" 156 10 156 76] (not result) = (forall a : Friday_Assignments_Type.t_assignments . compatible0 a pa + -> not sat0 f a) } + + function index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) (ix : int) : bool + + = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/logic/ops.rs" 20 8 20 31] Seq.get (shallow_model0 self) ix + val index_logic0 [@inline:trivial] (self : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)) (ix : int) : bool + ensures { result = index_logic0 self ix } + + val from_elem0 (elem : bool) (n : usize) : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global) + requires {inv0 elem} + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 157 22 157 41] Seq.length (shallow_model0 result) = UIntSize.to_int n } + ensures { [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/std/vec.rs" 158 12 158 78] forall i : int . 0 <= i /\ i < UIntSize.to_int n + -> index_logic0 result i = elem } + ensures { inv1 result } + + let rec cfg solver [#"../../../Friday/src/lib.rs" 168 0 168 34] [@cfg:stackify] [@cfg:subregion_analysis] (f : Friday_Formula_Type.t_formula) : bool + requires {[#"../../../Friday/src/lib.rs" 164 11 164 24] invariant0 f} + ensures { [#"../../../Friday/src/lib.rs" 165 0 166 33] not result + -> (forall a : Friday_Assignments_Type.t_assignments . Seq.length (shallow_model0 (Friday_Assignments_Type.assignments_0 a)) = UIntSize.to_int (Friday_Formula_Type.formula_num_vars f) + -> not sat0 f a) } + ensures { [#"../../../Friday/src/lib.rs" 167 0 167 55] result + -> (exists a : Friday_Assignments_Type.t_assignments . sat0 f a) } = [@vc:do_not_keep_trace] [@vc:sp] var _0 : bool; - var f_1 : Friday_Formula_Type.t_formula; - var _5 : Friday_Formula_Type.t_formula; + var f : Friday_Formula_Type.t_formula = f; var _6 : Friday_Pasn_Type.t_pasn; var _7 : Friday_Assignments_Type.t_assignments; var _8 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); - var _9 : usize; { - f_1 <- f; goto BB0 } BB0 { - _5 <- f_1; - _9 <- Friday_Formula_Type.formula_num_vars f_1; - _8 <- ([#"../Friday/src/lib.rs" 169 40 169 63] FromElem0.from_elem ([#"../Friday/src/lib.rs" 169 45 169 50] false) _9); + [#"../../../Friday/src/lib.rs" 169 40 169 63] _8 <- ([#"../../../Friday/src/lib.rs" 169 40 169 63] from_elem0 ([#"../../../Friday/src/lib.rs" 169 45 169 50] false) (Friday_Formula_Type.formula_num_vars f)); goto BB1 } BB1 { - _7 <- Friday_Assignments_Type.C_Assignments _8; + [#"../../../Friday/src/lib.rs" 169 28 169 64] _7 <- Friday_Assignments_Type.C_Assignments _8; + _8 <- any Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); goto BB2 } BB2 { - _6 <- Friday_Pasn_Type.C_Pasn _7 ([#"../Friday/src/lib.rs" 169 70 169 71] (0 : usize)); + [#"../../../Friday/src/lib.rs" 169 13 169 73] _6 <- Friday_Pasn_Type.C_Pasn _7 ([#"../../../Friday/src/lib.rs" 169 70 169 71] (0 : usize)); + _7 <- any Friday_Assignments_Type.t_assignments; goto BB3 } BB3 { - _0 <- ([#"../Friday/src/lib.rs" 169 4 169 74] Solve0.solve _5 _6); + [#"../../../Friday/src/lib.rs" 169 4 169 74] _0 <- ([#"../../../Friday/src/lib.rs" 169 4 169 74] solve0 f _6); + _6 <- any Friday_Pasn_Type.t_pasn; goto BB4 } BB4 { @@ -1754,12 +1480,54 @@ module Friday_Solver end module Friday_Impl8 - use prelude.Borrow use Friday_Assignments_Type as Friday_Assignments_Type - goal clone'_refn : [#"../Friday/src/lib.rs" 13 9 13 14] forall self : Friday_Assignments_Type.t_assignments . forall result : Friday_Assignments_Type.t_assignments . result = self -> result = self + predicate invariant1 (self : Friday_Assignments_Type.t_assignments) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant1 (self : Friday_Assignments_Type.t_assignments) : bool + ensures { result = invariant1 self } + + predicate inv1 (_x : Friday_Assignments_Type.t_assignments) + val inv1 (_x : Friday_Assignments_Type.t_assignments) : bool + ensures { result = inv1 _x } + + axiom inv1 : forall x : Friday_Assignments_Type.t_assignments . inv1 x = true + predicate invariant0 (self : Friday_Assignments_Type.t_assignments) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant0 (self : Friday_Assignments_Type.t_assignments) : bool + ensures { result = invariant0 self } + + predicate inv0 (_x : Friday_Assignments_Type.t_assignments) + val inv0 (_x : Friday_Assignments_Type.t_assignments) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : Friday_Assignments_Type.t_assignments . inv0 x = true + use prelude.Borrow + goal clone'_refn : [#"../../../Friday/src/lib.rs" 13 9 13 14] forall self : Friday_Assignments_Type.t_assignments . inv0 self + -> (forall result : Friday_Assignments_Type.t_assignments . result = self -> inv1 result /\ result = self) end module Friday_Impl9 - use prelude.Borrow use Friday_Pasn_Type as Friday_Pasn_Type - goal clone'_refn : [#"../Friday/src/lib.rs" 21 9 21 14] forall self : Friday_Pasn_Type.t_pasn . forall result : Friday_Pasn_Type.t_pasn . result = self -> result = self + predicate invariant1 (self : Friday_Pasn_Type.t_pasn) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant1 (self : Friday_Pasn_Type.t_pasn) : bool + ensures { result = invariant1 self } + + predicate inv1 (_x : Friday_Pasn_Type.t_pasn) + val inv1 (_x : Friday_Pasn_Type.t_pasn) : bool + ensures { result = inv1 _x } + + axiom inv1 : forall x : Friday_Pasn_Type.t_pasn . inv1 x = true + predicate invariant0 (self : Friday_Pasn_Type.t_pasn) = + [#"../../../../../../../../../.cargo/git/checkouts/creusot-8bb2a9f6fb1f15ef/1357cc9/creusot-contracts/src/invariant.rs" 8 8 8 12] true + val invariant0 (self : Friday_Pasn_Type.t_pasn) : bool + ensures { result = invariant0 self } + + predicate inv0 (_x : Friday_Pasn_Type.t_pasn) + val inv0 (_x : Friday_Pasn_Type.t_pasn) : bool + ensures { result = inv0 _x } + + axiom inv0 : forall x : Friday_Pasn_Type.t_pasn . inv0 x = true + use prelude.Borrow + goal clone'_refn : [#"../../../Friday/src/lib.rs" 21 9 21 14] forall self : Friday_Pasn_Type.t_pasn . inv0 self + -> (forall result : Friday_Pasn_Type.t_pasn . result = self -> inv1 result /\ result = self) end From d0ebc21c05e350106c86bd24bef202c718692ee2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Sun, 7 Apr 2024 12:06:04 +0200 Subject: [PATCH 6/9] Update Robinson --- Robinson/Cargo.toml | 2 +- Robinson/src/assignments.rs | 17 ++++++--- Robinson/src/clause.rs | 16 +++++++-- Robinson/src/decision.rs | 1 + Robinson/src/formula.rs | 16 ++++++++- Robinson/src/lit.rs | 9 +++++ Robinson/src/logic.rs | 9 +++++ Robinson/src/solver.rs | 2 +- Robinson/src/util.rs | 7 ++-- mlcfgs/Robinson.mlcfg | 72 ++++++++++++++++++------------------- 10 files changed, 104 insertions(+), 47 deletions(-) diff --git a/Robinson/Cargo.toml b/Robinson/Cargo.toml index 264ccb96..b62a745f 100644 --- a/Robinson/Cargo.toml +++ b/Robinson/Cargo.toml @@ -6,7 +6,7 @@ edition = "2021" [dependencies] clap = "2.33.3" -creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "5cc6cdd6" } +creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "1357cc97" } # This is just copied verbatim from CreuSAT. [features] diff --git a/Robinson/src/assignments.rs b/Robinson/src/assignments.rs index 24a9a2e0..86c2e304 100644 --- a/Robinson/src/assignments.rs +++ b/Robinson/src/assignments.rs @@ -16,12 +16,14 @@ impl ShallowModel for Assignments { type ShallowModelTy = Seq; #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { self.0.shallow_model() } } #[predicate] +#[open] pub fn compatible_inner(a: Seq, a2: Seq) -> bool { pearlite! { a.len() == a2.len() && (forall 0 <= i && i < a.len() ==> @@ -30,6 +32,7 @@ pub fn compatible_inner(a: Seq, a2: Seq) -> bool { } #[predicate] +#[open] pub fn complete_inner(a: Seq) -> bool { pearlite! { forall 0 <= i && i < a.len() ==> !unset(a[i]) @@ -37,11 +40,13 @@ pub fn complete_inner(a: Seq) -> bool { } #[predicate] +#[open] pub fn compatible_complete_inner(a: Seq, a2: Seq) -> bool { compatible_inner(a, a2) && complete_inner(a2) } #[predicate] +#[open] pub fn assignments_invariant(a: Seq, f: Formula) -> bool { pearlite! { f.num_vars@ == a.len() } } @@ -49,6 +54,7 @@ pub fn assignments_invariant(a: Seq, f: Formula) -> bool { // Predicates impl Assignments { #[predicate] + #[open] pub fn invariant(self, f: Formula) -> bool { pearlite! { f.num_vars@ == self@.len() && self.1@ <= f.num_vars@ @@ -56,11 +62,13 @@ impl Assignments { } #[predicate] + #[open] pub fn compatible(self, a2: Assignments) -> bool { pearlite! { compatible_inner(self@, a2@) } } #[predicate] + #[open] pub fn complete(self) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> !unset(self@[i]) @@ -68,6 +76,7 @@ impl Assignments { } #[predicate] + #[open] pub fn compatible_complete(self, a2: Assignments) -> bool { self.compatible(a2) && a2.complete() } @@ -126,7 +135,7 @@ impl Assignments { } i += 1; } - panic!(); + unreachable!(); } #[cfg_attr(feature = "trust_assignments", trusted)] @@ -150,7 +159,7 @@ impl Assignments { #[ensures((self).complete() ==> *self == ^self && ((result == ClauseState::Unsat) || (result == ClauseState::Sat)))] pub fn unit_prop_once(&mut self, i: usize, f: &Formula) -> ClauseState { let clause = &f.clauses[i]; - let _old_a: Ghost<&mut Assignments> = ghost!(self); + let _old_a: Snapshot<&mut Assignments> = snapshot!(self); match clause.check_if_unit(self, f) { ClauseState::Unit => { // I tried both to make ClauseState::Unit contain a usize and to return a tuple, but @@ -187,7 +196,7 @@ impl Assignments { })] #[ensures((self).complete() ==> *self == (^self) && ((result == ClauseState::Unsat) || f.sat(*self)))] pub fn unit_propagate(&mut self, f: &Formula) -> ClauseState { - let _old_a: Ghost<&mut Assignments> = ghost!(self); + let _old_a: Snapshot<&mut Assignments> = snapshot!(self); let mut i: usize = 0; let mut out = ClauseState::Sat; #[invariant(self.invariant(*f))] @@ -232,7 +241,7 @@ impl Assignments { #[ensures(result == Some(true) ==> f.sat(^self))] #[ensures(result == None ==> !(^self).complete())] pub fn do_unit_propagation(&mut self, f: &Formula) -> Option { - let _old_a: Ghost<&mut Assignments> = ghost!(self); + let _old_a: Snapshot<&mut Assignments> = snapshot!(self); #[invariant(self.invariant(*f))] #[invariant(_old_a.compatible(*self))] #[invariant(f.eventually_sat_complete(*_old_a.inner()) ==> f.eventually_sat_complete(*self))] diff --git a/Robinson/src/clause.rs b/Robinson/src/clause.rs index b031c8dc..bf739341 100644 --- a/Robinson/src/clause.rs +++ b/Robinson/src/clause.rs @@ -16,6 +16,7 @@ impl ShallowModel for Clause { type ShallowModelTy = Seq; #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { self.rest.shallow_model() } @@ -23,6 +24,7 @@ impl ShallowModel for Clause { impl Clause { #[predicate] + #[open] pub fn in_formula(self, f: Formula) -> bool { pearlite! { exists 0 <= i && i < f.clauses@.len() && @@ -31,6 +33,7 @@ impl Clause { } #[predicate] + #[open] pub fn unit_inner(self, a: Seq) -> bool { pearlite! { self.vars_in_range(a.len()) @@ -40,11 +43,13 @@ impl Clause { } } #[predicate] + #[open] pub fn unit(self, a: Assignments) -> bool { pearlite! { self.unit_inner(a@) } } #[predicate] + #[open] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> @@ -53,11 +58,13 @@ impl Clause { } #[predicate] + #[open] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { exists 0 <= i && i < self@.len() && @@ -66,16 +73,19 @@ impl Clause { } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) } } #[predicate] + #[open] pub fn unknown(self, a: Assignments) -> bool { !self.sat(a) && !self.unsat(a) } #[predicate] + #[open] pub fn vars_in_range(self, n: Int) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> @@ -84,6 +94,7 @@ impl Clause { } #[predicate] + #[open] pub fn no_duplicate_indexes(self) -> bool { pearlite! { forall 0 <= j && j < self@.len() && @@ -92,6 +103,7 @@ impl Clause { } #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { self.vars_in_range(n) //&& self.no_duplicate_indexes() } @@ -120,7 +132,7 @@ impl Clause { #[ensures((result == ClauseState::Unknown) ==> !a.complete())] pub fn check_if_unit(&self, a: &Assignments, _f: &Formula) -> ClauseState { let mut i: usize = 0; - let mut _k: usize = 0; // _k is the "ghost" index of the unset literal + let mut _k: usize = 0; // _k is the "Snapshot" index of the unset literal let mut unassigned: usize = 0; #[invariant(0 <= i@ && i@ <= (self.rest@).len())] #[invariant(unassigned@ <= 1)] @@ -170,7 +182,7 @@ impl Clause { } i += 1; } - panic!(); + unreachable!(); } #[cfg_attr(feature = "trust_clause", trusted)] diff --git a/Robinson/src/decision.rs b/Robinson/src/decision.rs index 7de14a94..287b710a 100644 --- a/Robinson/src/decision.rs +++ b/Robinson/src/decision.rs @@ -10,6 +10,7 @@ pub struct Decisions { impl Decisions { #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { pearlite! { self.lit_order@.len() == n diff --git a/Robinson/src/formula.rs b/Robinson/src/formula.rs index 75e32d15..4f403d00 100644 --- a/Robinson/src/formula.rs +++ b/Robinson/src/formula.rs @@ -17,12 +17,14 @@ impl ShallowModel for Formula { type ShallowModelTy = (Seq, Int); #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { (self.clauses.shallow_model(), self.num_vars.shallow_model()) } } #[predicate] +#[open] pub fn formula_sat_inner(f: (Seq, Int), a: Seq) -> bool { pearlite! { forall 0 <= i && i < f.0.len() ==> @@ -33,6 +35,7 @@ pub fn formula_sat_inner(f: (Seq, Int), a: Seq) -> bool { // Predicates impl Formula { #[predicate] + #[open] pub fn invariant(self) -> bool { pearlite! { forall 0 <= i && i < (self.clauses@).len() ==> @@ -41,6 +44,7 @@ impl Formula { } #[predicate] + #[open] pub fn eventually_sat_inner(self, a: Seq) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && compatible_inner(a, a2) && self.sat_inner(a2) @@ -48,11 +52,13 @@ impl Formula { } #[predicate] + #[open] pub fn eventually_sat_no_ass(self) -> bool { pearlite! { exists> self.sat_inner(a2) } } #[predicate] + #[open] pub fn eventually_sat_complete_no_ass(self) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && complete_inner(a2) && self.sat_inner(a2) @@ -60,6 +66,7 @@ impl Formula { } #[predicate] + #[open] pub fn eventually_sat_complete_inner(self, a: Seq) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && compatible_complete_inner(a, a2) && self.sat_inner(a2) @@ -67,16 +74,19 @@ impl Formula { } #[predicate] + #[open] pub fn eventually_sat_complete(self, a: Assignments) -> bool { pearlite! { self.eventually_sat_complete_inner(a@) } } #[predicate] + #[open] pub fn eventually_sat(self, a: Assignments) -> bool { pearlite! { self.eventually_sat_inner(a@) } } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -85,11 +95,13 @@ impl Formula { } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) } } #[predicate] + #[open] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { exists 0 <= i && i < self.clauses@.len() && @@ -98,11 +110,13 @@ impl Formula { } #[predicate] + #[open] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } #[predicate] + #[open] pub fn contains_empty_clause(self) -> bool { pearlite! { exists 0 <= i && i < self.clauses@.len() && @@ -129,7 +143,7 @@ impl Formula { proof_assert!(self.eventually_sat_no_ass()); return SatResult::Sat(a); } - let old_self: Ghost<&mut Formula> = ghost!(self); + let old_self: Snapshot<&mut Formula> = snapshot!(self); let mut i: usize = 0; #[invariant(forall 0 <= j && j < i@ ==> self.clauses@[j].invariant(self.num_vars@))] #[invariant(forall 0 <= j && j < i@ ==> self.clauses@[j]@.len() > 0)] diff --git a/Robinson/src/lit.rs b/Robinson/src/lit.rs index df4e57cd..4f24841d 100644 --- a/Robinson/src/lit.rs +++ b/Robinson/src/lit.rs @@ -16,6 +16,7 @@ pub struct Lit { // Logic impl Lit { #[logic] + #[open] #[why3::attr = "inline:trivial"] pub fn index_logic(self) -> Int { pearlite! { self.idx@ } @@ -25,6 +26,7 @@ impl Lit { // Predicates impl Lit { #[predicate] + #[open] pub fn lit_in(self, c: Clause) -> bool { pearlite! { exists 0 <= i && i < c@.len() && c@[i] == self @@ -32,11 +34,13 @@ impl Lit { } #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { pearlite! { self.idx@ < n } } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { match self.polarity { @@ -47,6 +51,7 @@ impl Lit { } #[predicate] + #[open] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { match self.polarity { @@ -57,6 +62,7 @@ impl Lit { } #[predicate] + #[open] pub fn unset_inner(self, a: Seq) -> bool { pearlite! { a[self.idx@]@ >= 2 @@ -64,6 +70,7 @@ impl Lit { } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) @@ -71,11 +78,13 @@ impl Lit { } #[predicate] + #[open] pub fn unset(self, a: Assignments) -> bool { pearlite! { self.unset_inner(a@) } } #[predicate] + #[open] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } diff --git a/Robinson/src/logic.rs b/Robinson/src/logic.rs index 4b438b9b..c950fd5c 100644 --- a/Robinson/src/logic.rs +++ b/Robinson/src/logic.rs @@ -4,6 +4,7 @@ use creusot_contracts::*; use crate::{assignments::*, clause::*, formula::*}; #[logic] +#[open] #[ensures(b ==> result@ == 1)] #[ensures(!b ==> result@ == 0)] pub fn bool_to_assignedstate(b: bool) -> AssignedState { @@ -15,6 +16,7 @@ pub fn bool_to_assignedstate(b: bool) -> AssignedState { } #[logic] +#[open] fn flip_v(v: AssignedState) -> AssignedState { pearlite! { if v@ == 0 { @@ -28,16 +30,19 @@ fn flip_v(v: AssignedState) -> AssignedState { } #[logic] +#[open] fn pos() -> AssignedState { 1u8 } #[logic] +#[open] fn neg() -> AssignedState { 0u8 } #[predicate] +#[open] pub fn unset(v: AssignedState) -> bool { pearlite! { if v@ >= 2 { @@ -49,6 +54,7 @@ pub fn unset(v: AssignedState) -> bool { } #[logic] +#[open] #[requires(f.invariant())] #[requires(f.num_vars@ == a.len())] #[requires(0 <= ix && ix < a.len() && unset(a[ix]))] @@ -59,6 +65,7 @@ pub fn unset(v: AssignedState) -> bool { pub fn lemma_unit_forces(f: Formula, a: Seq, ix: Int, v: AssignedState) {} #[logic] +#[open] #[requires(f.invariant())] #[requires(f.num_vars@ == a.len())] #[requires(0 <= ix && ix < a.len() && unset(a[ix]))] @@ -76,12 +83,14 @@ pub fn lemma_unit_wrong_polarity_unsat_formula( } #[logic] +#[open] #[requires(0 <= ix && ix < a.len() && unset(a[ix]))] #[requires(f.eventually_sat_complete_inner(a.set(ix, v)))] #[ensures(f.eventually_sat_complete_inner(a))] pub fn lemma_extension_sat_base_sat(f: Formula, a: Seq, ix: Int, v: AssignedState) {} #[logic] +#[open] #[requires(0 <= ix && ix < a.len() && unset(a[ix]))] #[requires(!f.eventually_sat_complete_inner(a.set(ix, neg())))] #[requires(!f.eventually_sat_complete_inner(a.set(ix, pos())))] diff --git a/Robinson/src/solver.rs b/Robinson/src/solver.rs index 2f9adf2d..6fed112e 100644 --- a/Robinson/src/solver.rs +++ b/Robinson/src/solver.rs @@ -45,7 +45,7 @@ fn inner(f: &Formula, mut a: Assignments, d: &Decisions) -> bool { })] #[ensures((^formula).clauses == formula.clauses)] pub fn solver(formula: &mut Formula) -> SatResult { - let old_f: Ghost<&mut Formula> = ghost!(formula); + let old_f: Snapshot<&mut Formula> = snapshot!(formula); match formula.check_and_establish_formula_invariant() { SatResult::Unknown => {} o => return o, diff --git a/Robinson/src/util.rs b/Robinson/src/util.rs index ceb38e6a..d499937f 100644 --- a/Robinson/src/util.rs +++ b/Robinson/src/util.rs @@ -2,18 +2,21 @@ extern crate creusot_contracts; use creusot_contracts::*; #[predicate] -fn sorted_range_rev(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool { +#[open]//#[open(self)] +pub fn sorted_range_rev(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool { pearlite! { forall l <= i && i < j && j < u ==> s[i].0 >= s[j].0 } } #[predicate] +#[open]//#[open(self)] pub fn sorted_rev(s: Seq<(usize, usize)>) -> bool { sorted_range_rev(s, 0, s.len()) } #[predicate] +#[open] fn partition_rev(v: Seq<(usize, usize)>, i: Int) -> bool { pearlite! { forall 0 <= k1 && k1 < i && i <= k2 && k2 < v.len() ==> v[k1].0 >= v[k2].0} } @@ -24,7 +27,7 @@ fn partition_rev(v: Seq<(usize, usize)>, i: Int) -> bool { #[ensures((^v)@.permutation_of(v@))] pub fn sort_reverse(v: &mut Vec<(usize, usize)>) { let mut i: usize = 0; - let _old_v: Ghost<&mut Vec<(usize, usize)>> = ghost!(v); + let _old_v: Snapshot<&mut Vec<(usize, usize)>> = snapshot!(v); #[invariant(v@.permutation_of(_old_v.inner()@))] #[invariant(sorted_range_rev(v@, 0, i@))] #[invariant(partition_rev(v@, i@))] diff --git a/mlcfgs/Robinson.mlcfg b/mlcfgs/Robinson.mlcfg index 5a25b14a..8def56ff 100644 --- a/mlcfgs/Robinson.mlcfg +++ b/mlcfgs/Robinson.mlcfg @@ -1970,7 +1970,7 @@ end module Robinson_Logic_BoolToAssignedstate_Impl use prelude.UInt8 use prelude.Int - let rec ghost function bool_to_assignedstate [#"../Robinson/src/logic.rs" 9 0 9 54] (b : bool) : uint8 + let rec Snapshot function bool_to_assignedstate [#"../Robinson/src/logic.rs" 9 0 9 54] (b : bool) : uint8 ensures { [#"../Robinson/src/logic.rs" 7 0 7 30] b -> UInt8.to_int result = 1 } ensures { [#"../Robinson/src/logic.rs" 8 0 8 31] not b -> UInt8.to_int result = 0 } @@ -2234,7 +2234,7 @@ module Robinson_Logic_LemmaUnitWrongPolarityUnsatFormula_Impl function ShallowModel0.shallow_model = ShallowModel1.shallow_model, predicate Invariant0.invariant' = Invariant1.invariant', val Max0.mAX' = Max0.mAX' - let rec ghost function lemma_unit_wrong_polarity_unsat_formula [#"../Robinson/src/logic.rs" 73 0 75 1] (c : Robinson_Clause_Clause_Type.t_clause) (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () + let rec Snapshot function lemma_unit_wrong_polarity_unsat_formula [#"../Robinson/src/logic.rs" 73 0 75 1] (c : Robinson_Clause_Clause_Type.t_clause) (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () requires {[#"../Robinson/src/logic.rs" 62 11 62 24] Invariant0.invariant' f} requires {[#"../Robinson/src/logic.rs" 63 11 63 33] UIntSize.to_int (Robinson_Formula_Formula_Type.formula_num_vars f) = Seq.length a} requires {[#"../Robinson/src/logic.rs" 64 11 64 50] 0 <= ix /\ ix < Seq.length a /\ Unset0.unset (Seq.get a ix)} @@ -2356,7 +2356,7 @@ module Robinson_Logic_LemmaUnitForces_Impl function ShallowModel0.shallow_model = ShallowModel0.shallow_model, predicate Invariant0.invariant' = Invariant1.invariant', val Max0.mAX' = Max0.mAX' - let rec ghost function lemma_unit_forces [#"../Robinson/src/logic.rs" 59 0 59 86] (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () + let rec Snapshot function lemma_unit_forces [#"../Robinson/src/logic.rs" 59 0 59 86] (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () requires {[#"../Robinson/src/logic.rs" 52 11 52 24] Invariant0.invariant' f} requires {[#"../Robinson/src/logic.rs" 53 11 53 33] UIntSize.to_int (Robinson_Formula_Formula_Type.formula_num_vars f) = Seq.length a} requires {[#"../Robinson/src/logic.rs" 54 11 54 50] 0 <= ix /\ ix < Seq.length a /\ Unset0.unset (Seq.get a ix)} @@ -2449,7 +2449,7 @@ module Robinson_Logic_LemmaExtensionSatBaseSat_Impl clone Robinson_Formula_Impl1_EventuallySatCompleteInner as EventuallySatCompleteInner0 with predicate CompatibleCompleteInner0.compatible_complete_inner = CompatibleCompleteInner0.compatible_complete_inner, predicate SatInner0.sat_inner = SatInner0.sat_inner - let rec ghost function lemma_extension_sat_base_sat [#"../Robinson/src/logic.rs" 82 0 82 97] (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () + let rec Snapshot function lemma_extension_sat_base_sat [#"../Robinson/src/logic.rs" 82 0 82 97] (f : Robinson_Formula_Formula_Type.t_formula) (a : Seq.seq uint8) (ix : int) (v : uint8) : () requires {[#"../Robinson/src/logic.rs" 79 11 79 50] 0 <= ix /\ ix < Seq.length a /\ Unset0.unset (Seq.get a ix)} requires {[#"../Robinson/src/logic.rs" 80 11 80 56] EventuallySatCompleteInner0.eventually_sat_complete_inner f (Seq.set a ix v)} ensures { [#"../Robinson/src/logic.rs" 81 10 81 44] EventuallySatCompleteInner0.eventually_sat_complete_inner f a } @@ -2585,7 +2585,7 @@ module Robinson_Logic_LemmaExtensionsUnsatBaseUnsat_Impl predicate CompatibleCompleteInner0.compatible_complete_inner = CompatibleCompleteInner0.compatible_complete_inner, predicate SatInner0.sat_inner = SatInner0.sat_inner clone Robinson_Logic_Neg as Neg0 - let rec ghost function lemma_extensions_unsat_base_unsat [#"../Robinson/src/logic.rs" 89 0 89 84] (a : Seq.seq uint8) (ix : int) (f : Robinson_Formula_Formula_Type.t_formula) : () + let rec Snapshot function lemma_extensions_unsat_base_unsat [#"../Robinson/src/logic.rs" 89 0 89 84] (a : Seq.seq uint8) (ix : int) (f : Robinson_Formula_Formula_Type.t_formula) : () requires {[#"../Robinson/src/logic.rs" 85 11 85 50] 0 <= ix /\ ix < Seq.length a /\ Unset0.unset (Seq.get a ix)} requires {[#"../Robinson/src/logic.rs" 86 11 86 61] not EventuallySatCompleteInner0.eventually_sat_complete_inner f (Seq.set a ix (Neg0.neg ()))} requires {[#"../Robinson/src/logic.rs" 87 11 87 61] not EventuallySatCompleteInner0.eventually_sat_complete_inner f (Seq.set a ix (Pos0.pos ()))} @@ -3595,7 +3595,7 @@ module Robinson_Assignments_Impl2_UnitPropOnce use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use prelude.UInt8 use seq.Seq @@ -3827,7 +3827,7 @@ module Robinson_Assignments_Impl2_UnitPropOnce var _13 : Robinson_Clause_Clause_Type.t_clause; var _14 : Alloc_Vec_Vec_Type.t_vec (Robinson_Clause_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); var _15 : usize; - var _old_a_16 : Ghost.ghost_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); + var _old_a_16 : Snapshot.Snapshot_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); var _18 : (); var _19 : Robinson_Clause_ClauseState_Type.t_clausestate; var _20 : Robinson_Clause_Clause_Type.t_clause; @@ -3871,7 +3871,7 @@ module Robinson_Assignments_Impl2_UnitPropOnce BB1 { clause_12 <- _13; _18 <- (); - _old_a_16 <- ([#"../Robinson/src/assignments.rs" 153 46 153 58] Ghost.new self_1); + _old_a_16 <- ([#"../Robinson/src/assignments.rs" 153 46 153 58] Snapshot.new self_1); goto BB2 } BB2 { @@ -3950,11 +3950,11 @@ module Robinson_Assignments_Impl2_UnitPropOnce goto BB13 } BB13 { - assert { [#"../Robinson/src/assignments.rs" 168 30 168 135] let _ = LemmaExtensionSatBaseSat0.lemma_extension_sat_base_sat f_3 (ShallowModel1.shallow_model (Ghost.inner _old_a_16)) (IndexLogic0.index_logic lit_25) (BoolToAssignedstate0.bool_to_assignedstate (Robinson_Lit_Lit_Type.lit_polarity lit_25)) in true }; + assert { [#"../Robinson/src/assignments.rs" 168 30 168 135] let _ = LemmaExtensionSatBaseSat0.lemma_extension_sat_base_sat f_3 (ShallowModel1.shallow_model (Snapshot.inner _old_a_16)) (IndexLogic0.index_logic lit_25) (BoolToAssignedstate0.bool_to_assignedstate (Robinson_Lit_Lit_Type.lit_polarity lit_25)) in true }; _43 <- (); - assert { [#"../Robinson/src/assignments.rs" 169 30 169 103] let _ = LemmaExtensionsUnsatBaseUnsat0.lemma_extensions_unsat_base_unsat (ShallowModel1.shallow_model (Ghost.inner _old_a_16)) (IndexLogic0.index_logic lit_25) f_3 in true }; + assert { [#"../Robinson/src/assignments.rs" 169 30 169 103] let _ = LemmaExtensionsUnsatBaseUnsat0.lemma_extensions_unsat_base_unsat (ShallowModel1.shallow_model (Snapshot.inner _old_a_16)) (IndexLogic0.index_logic lit_25) f_3 in true }; _45 <- (); - assert { [#"../Robinson/src/assignments.rs" 170 30 170 54] ^ self_1 = ^ Ghost.inner _old_a_16 }; + assert { [#"../Robinson/src/assignments.rs" 170 30 170 54] ^ self_1 = ^ Snapshot.inner _old_a_16 }; _47 <- (); _0 <- Robinson_Clause_ClauseState_Type.C_Unit; goto BB14 @@ -4068,7 +4068,7 @@ module Robinson_Assignments_Impl2_UnitPropagate_Interface end module Robinson_Assignments_Impl2_UnitPropagate use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.UIntSize use prelude.IntSize @@ -4222,7 +4222,7 @@ module Robinson_Assignments_Impl2_UnitPropagate var self_1 : borrowed (Robinson_Assignments_Assignments_Type.t_assignments); var f_2 : Robinson_Formula_Formula_Type.t_formula; var _3 : (); - var _old_a_11 : Ghost.ghost_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); + var _old_a_11 : Snapshot.Snapshot_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); var _13 : (); var i_14 : usize; var out_15 : Robinson_Clause_ClauseState_Type.t_clausestate; @@ -4252,7 +4252,7 @@ module Robinson_Assignments_Impl2_UnitPropagate } BB0 { _13 <- (); - _old_a_11 <- ([#"../Robinson/src/assignments.rs" 190 46 190 58] Ghost.new self_1); + _old_a_11 <- ([#"../Robinson/src/assignments.rs" 190 46 190 58] Snapshot.new self_1); goto BB1 } BB1 { @@ -4262,12 +4262,12 @@ module Robinson_Assignments_Impl2_UnitPropagate } BB2 { invariant { [#"../Robinson/src/assignments.rs" 193 20 193 38] Invariant0.invariant' ( * self_1) f_2 }; - invariant { [#"../Robinson/src/assignments.rs" 194 20 194 44] Compatible0.compatible ( * Ghost.inner _old_a_11) ( * self_1) }; - invariant { [#"../Robinson/src/assignments.rs" 195 20 195 98] EventuallySatComplete0.eventually_sat_complete f_2 ( * Ghost.inner _old_a_11) = EventuallySatComplete0.eventually_sat_complete f_2 ( * self_1) }; + invariant { [#"../Robinson/src/assignments.rs" 194 20 194 44] Compatible0.compatible ( * Snapshot.inner _old_a_11) ( * self_1) }; + invariant { [#"../Robinson/src/assignments.rs" 195 20 195 98] EventuallySatComplete0.eventually_sat_complete f_2 ( * Snapshot.inner _old_a_11) = EventuallySatComplete0.eventually_sat_complete f_2 ( * self_1) }; invariant { [#"../Robinson/src/assignments.rs" 196 20 196 48] not out_15 = Robinson_Clause_ClauseState_Type.C_Unsat }; - invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] Complete0.complete ( * Ghost.inner _old_a_11) -> * Ghost.inner _old_a_11 = * self_1 /\ (forall j : int . 0 <= j /\ j < UIntSize.to_int i_14 -> not Unknown0.unknown (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ not Unit0.unit (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ Sat1.sat (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1)) }; + invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] Complete0.complete ( * Snapshot.inner _old_a_11) -> * Snapshot.inner _old_a_11 = * self_1 /\ (forall j : int . 0 <= j /\ j < UIntSize.to_int i_14 -> not Unknown0.unknown (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ not Unit0.unit (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ Sat1.sat (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1)) }; invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] out_15 = Robinson_Clause_ClauseState_Type.C_Sat -> (forall j : int . 0 <= j /\ j < UIntSize.to_int i_14 -> not Unsat1.unsat (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ not Unknown0.unknown (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ not Unit0.unit (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1) /\ Sat1.sat (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses f_2)) j) ( * self_1)) }; - invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] out_15 = Robinson_Clause_ClauseState_Type.C_Unit -> not Complete0.complete ( * Ghost.inner _old_a_11) }; + invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] out_15 = Robinson_Clause_ClauseState_Type.C_Unit -> not Complete0.complete ( * Snapshot.inner _old_a_11) }; invariant { [#"../Robinson/src/assignments.rs" 193 8 193 40] out_15 = Robinson_Clause_ClauseState_Type.C_Unknown -> not Complete0.complete ( * self_1) }; _27 <- i_14; _29 <- Robinson_Formula_Formula_Type.formula_clauses f_2; @@ -4387,7 +4387,7 @@ module Robinson_Assignments_Impl2_DoUnitPropagation_Interface end module Robinson_Assignments_Impl2_DoUnitPropagation use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.IntSize use prelude.UInt8 @@ -4499,7 +4499,7 @@ module Robinson_Assignments_Impl2_DoUnitPropagation var _0 : Core_Option_Option_Type.t_option bool; var self_1 : borrowed (Robinson_Assignments_Assignments_Type.t_assignments); var f_2 : Robinson_Formula_Formula_Type.t_formula; - var _old_a_11 : Ghost.ghost_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); + var _old_a_11 : Snapshot.Snapshot_ty (borrowed (Robinson_Assignments_Assignments_Type.t_assignments)); var _13 : (); var _17 : (); var _18 : (); @@ -4517,7 +4517,7 @@ module Robinson_Assignments_Impl2_DoUnitPropagation } BB0 { _13 <- (); - _old_a_11 <- ([#"../Robinson/src/assignments.rs" 235 46 235 58] Ghost.new self_1); + _old_a_11 <- ([#"../Robinson/src/assignments.rs" 235 46 235 58] Snapshot.new self_1); goto BB1 } BB1 { @@ -4525,8 +4525,8 @@ module Robinson_Assignments_Impl2_DoUnitPropagation } BB2 { invariant { [#"../Robinson/src/assignments.rs" 236 20 236 38] Invariant1.invariant' ( * self_1) f_2 }; - invariant { [#"../Robinson/src/assignments.rs" 237 20 237 44] Compatible0.compatible ( * Ghost.inner _old_a_11) ( * self_1) }; - invariant { [#"../Robinson/src/assignments.rs" 236 8 236 40] EventuallySatComplete0.eventually_sat_complete f_2 ( * Ghost.inner _old_a_11) -> EventuallySatComplete0.eventually_sat_complete f_2 ( * self_1) }; + invariant { [#"../Robinson/src/assignments.rs" 237 20 237 44] Compatible0.compatible ( * Snapshot.inner _old_a_11) ( * self_1) }; + invariant { [#"../Robinson/src/assignments.rs" 236 8 236 40] EventuallySatComplete0.eventually_sat_complete f_2 ( * Snapshot.inner _old_a_11) -> EventuallySatComplete0.eventually_sat_complete f_2 ( * self_1) }; _20 <- borrow_mut ( * self_1); self_1 <- { self_1 with current = ( ^ _20) }; _21 <- f_2; @@ -5310,7 +5310,7 @@ module Robinson_Util_SortReverse use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Slice use seq.Seq clone Core_Num_Impl11_Max as Max0 @@ -5385,7 +5385,7 @@ module Robinson_Util_SortReverse var _0 : (); var v_1 : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global)); var i_4 : usize; - var _old_v_5 : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); + var _old_v_5 : Snapshot.Snapshot_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); var _7 : (); var _11 : (); var _12 : bool; @@ -5430,14 +5430,14 @@ module Robinson_Util_SortReverse BB0 { i_4 <- ([#"../Robinson/src/util.rs" 26 23 26 24] (0 : usize)); _7 <- (); - _old_v_5 <- ([#"../Robinson/src/util.rs" 27 50 27 59] Ghost.new v_1); + _old_v_5 <- ([#"../Robinson/src/util.rs" 27 50 27 59] Snapshot.new v_1); goto BB1 } BB1 { goto BB2 } BB2 { - invariant { [#"../Robinson/src/util.rs" 28 4 28 52] PermutationOf0.permutation_of (ShallowModel1.shallow_model v_1) (ShallowModel1.shallow_model (Ghost.inner _old_v_5)) }; + invariant { [#"../Robinson/src/util.rs" 28 4 28 52] PermutationOf0.permutation_of (ShallowModel1.shallow_model v_1) (ShallowModel1.shallow_model (Snapshot.inner _old_v_5)) }; invariant { [#"../Robinson/src/util.rs" 29 16 29 43] SortedRangeRev0.sorted_range_rev (ShallowModel1.shallow_model v_1) 0 (UIntSize.to_int i_4) }; invariant { [#"../Robinson/src/util.rs" 30 16 30 37] PartitionRev0.partition_rev (ShallowModel1.shallow_model v_1) (UIntSize.to_int i_4) }; _13 <- i_4; @@ -6377,7 +6377,7 @@ module Robinson_Formula_Impl2_CheckAndEstablishFormulaInvariant use prelude.Int use prelude.UIntSize use prelude.UInt8 - use prelude.Ghost + use prelude.Snapshot use seq.Seq use seq.Seq clone Robinson_Logic_Unset as Unset0 @@ -6515,7 +6515,7 @@ module Robinson_Formula_Impl2_CheckAndEstablishFormulaInvariant var _12 : (); var _14 : (); var _16 : Alloc_Vec_Vec_Type.t_vec uint8 (Alloc_Alloc_Global_Type.t_global); - var old_self_17 : Ghost.ghost_ty (borrowed (Robinson_Formula_Formula_Type.t_formula)); + var old_self_17 : Snapshot.Snapshot_ty (borrowed (Robinson_Formula_Formula_Type.t_formula)); var _19 : (); var i_20 : usize; var _21 : (); @@ -6587,7 +6587,7 @@ module Robinson_Formula_Impl2_CheckAndEstablishFormulaInvariant BB6 { _6 <- (); _19 <- (); - old_self_17 <- ([#"../Robinson/src/formula.rs" 132 44 132 56] Ghost.new self_1); + old_self_17 <- ([#"../Robinson/src/formula.rs" 132 44 132 56] Snapshot.new self_1); goto BB7 } BB7 { @@ -6597,8 +6597,8 @@ module Robinson_Formula_Impl2_CheckAndEstablishFormulaInvariant BB8 { invariant { [#"../Robinson/src/formula.rs" 134 8 134 100] forall j : int . 0 <= j /\ j < UIntSize.to_int i_20 -> Invariant1.invariant' (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses ( * self_1))) j) (UIntSize.to_int (Robinson_Formula_Formula_Type.formula_num_vars ( * self_1))) }; invariant { [#"../Robinson/src/formula.rs" 134 8 134 100] forall j : int . 0 <= j /\ j < UIntSize.to_int i_20 -> Seq.length (ShallowModel3.shallow_model (Seq.get (ShallowModel0.shallow_model (Robinson_Formula_Formula_Type.formula_clauses ( * self_1))) j)) > 0 }; - invariant { [#"../Robinson/src/formula.rs" 136 20 136 50] (let (a, _) = ShallowModel1.shallow_model self_1 in a) = (let (a, _) = ShallowModel1.shallow_model (Ghost.inner old_self_17) in a) }; - invariant { [#"../Robinson/src/formula.rs" 137 20 137 52] Robinson_Formula_Formula_Type.formula_clauses ( * self_1) = Robinson_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_self_17) }; + invariant { [#"../Robinson/src/formula.rs" 136 20 136 50] (let (a, _) = ShallowModel1.shallow_model self_1 in a) = (let (a, _) = ShallowModel1.shallow_model (Snapshot.inner old_self_17) in a) }; + invariant { [#"../Robinson/src/formula.rs" 137 20 137 52] Robinson_Formula_Formula_Type.formula_clauses ( * self_1) = Robinson_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_self_17) }; _28 <- i_20; _30 <- Robinson_Formula_Formula_Type.formula_clauses ( * self_1); _29 <- ([#"../Robinson/src/formula.rs" 138 18 138 36] Len0.len _30); @@ -7251,7 +7251,7 @@ module Robinson_Solver_Solver_Interface end module Robinson_Solver_Solver use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.IntSize use prelude.UInt8 @@ -7397,7 +7397,7 @@ module Robinson_Solver_Solver var _0 : Robinson_Solver_SatResult_Type.t_satresult; var formula_1 : borrowed (Robinson_Formula_Formula_Type.t_formula); var _2 : (); - var old_f_6 : Ghost.ghost_ty (borrowed (Robinson_Formula_Formula_Type.t_formula)); + var old_f_6 : Snapshot.Snapshot_ty (borrowed (Robinson_Formula_Formula_Type.t_formula)); var _8 : (); var _9 : (); var _10 : Robinson_Solver_SatResult_Type.t_satresult; @@ -7424,7 +7424,7 @@ module Robinson_Solver_Solver } BB0 { _8 <- (); - old_f_6 <- ([#"../Robinson/src/solver.rs" 48 37 48 52] Ghost.new formula_1); + old_f_6 <- ([#"../Robinson/src/solver.rs" 48 37 48 52] Snapshot.new formula_1); goto BB1 } BB1 { @@ -7452,7 +7452,7 @@ module Robinson_Solver_Solver goto BB5 } BB5 { - assert { [#"../Robinson/src/solver.rs" 53 18 53 50] Robinson_Formula_Formula_Type.formula_clauses ( * formula_1) = Robinson_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_f_6) }; + assert { [#"../Robinson/src/solver.rs" 53 18 53 50] Robinson_Formula_Formula_Type.formula_clauses ( * formula_1) = Robinson_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_f_6) }; _15 <- (); _18 <- * formula_1; assignments_17 <- ([#"../Robinson/src/solver.rs" 54 22 54 47] New0.new _18); From bf37922a95a0cd1a9c3874e08cb23d0fc270311f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Wed, 10 Apr 2024 16:16:05 +0200 Subject: [PATCH 7/9] Update CreuSAT to new Creusot --- CreuSAT/Cargo.toml | 2 +- CreuSAT/src/assignments.rs | 4 +- CreuSAT/src/clause.rs | 15 +- CreuSAT/src/conflict_analysis.rs | 16 +- CreuSAT/src/decision.rs | 7 +- CreuSAT/src/formula.rs | 32 +- CreuSAT/src/lib.rs | 2 +- CreuSAT/src/lit.rs | 2 + CreuSAT/src/logic/logic.rs | 11 +- CreuSAT/src/logic/logic_assignments.rs | 6 + CreuSAT/src/logic/logic_clause.rs | 63 ++- CreuSAT/src/logic/logic_conflict_analysis.rs | 19 +- CreuSAT/src/logic/logic_decision.rs | 1 + CreuSAT/src/logic/logic_formula.rs | 54 ++- CreuSAT/src/logic/logic_lit.rs | 17 + CreuSAT/src/logic/logic_trail.rs | 56 ++- CreuSAT/src/logic/logic_util.rs | 13 + CreuSAT/src/logic/logic_watches.rs | 7 + CreuSAT/src/solver.rs | 12 +- CreuSAT/src/trail.rs | 16 +- CreuSAT/src/unit_prop.rs | 28 +- CreuSAT/src/util.rs | 12 +- CreuSAT/src/watches.rs | 10 +- mlcfgs/CreuSAT.mlcfg | 408 +++++++++---------- 24 files changed, 480 insertions(+), 333 deletions(-) diff --git a/CreuSAT/Cargo.toml b/CreuSAT/Cargo.toml index 9446f78a..c6b55917 100644 --- a/CreuSAT/Cargo.toml +++ b/CreuSAT/Cargo.toml @@ -8,7 +8,7 @@ edition = "2021" #clap = "4.0.18" clap = "2.33.3" rand = "*" -creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "5cc6cdd6" } +creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "1357cc97" } [dev-dependencies] termcolor = "1.1" diff --git a/CreuSAT/src/assignments.rs b/CreuSAT/src/assignments.rs index 2f1a8d1b..fdd33d72 100644 --- a/CreuSAT/src/assignments.rs +++ b/CreuSAT/src/assignments.rs @@ -70,8 +70,8 @@ impl Assignments { #[ensures((forall 0 <= j && j < self@.len() && j != lit.index_logic() ==> self@[j] == (^self)@[j]))] #[ensures(lit.sat(^self))] pub fn set_assignment(&mut self, lit: Lit, _f: &Formula, _t: &Vec) { - let old_self: Ghost<&mut Assignments> = ghost! { self }; - //self.0[lit.index()] = lit.is_positive() as u8; + let old_self: Snapshot<&mut Assignments> = snapshot! { self }; + //self.clauses[lit.index()] = lit.is_positive() as u8; if lit.is_positive() { self.0[lit.index()] = 1; } else { diff --git a/CreuSAT/src/clause.rs b/CreuSAT/src/clause.rs index e309006c..aade6dca 100644 --- a/CreuSAT/src/clause.rs +++ b/CreuSAT/src/clause.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, Clone, Ghost, *}; +use creusot_contracts::{std::*, Clone, Snapshot, *}; use crate::{assignments::*, formula::*, lit::*, solver::*, trail::*}; use ::std::ops::{Index, IndexMut}; @@ -61,10 +61,7 @@ impl Clause { } i += 1; } - if self.no_duplicates() { - return true; - } - false + return self.no_duplicates(); } #[cfg_attr(feature = "trust_clause", trusted)] @@ -161,14 +158,16 @@ impl Clause { #[cfg_attr(feature = "trust_clause", trusted)] #[requires(self@.len() > j@)] #[requires(self@.len() > k@)] + #[requires(_f.invariant())] #[maintains((mut self).invariant(_f.num_vars@))] #[maintains((mut self).equisat_extension(*_f))] #[ensures(self@.len() == (^self)@.len())] + #[ensures((^self)@.exchange(self@, j@, k@))] pub fn swap_lits_in_clause(&mut self, _f: &Formula, j: usize, k: usize) { - let old_c: Ghost<&mut Clause> = ghost! { self }; + let old_c: Snapshot<&mut Clause> = snapshot! { self }; self.lits.swap(j, k); - proof_assert!(eventually_sat_complete(((_f@.0).push(*self), _f@.1)) ==> - eventually_sat_complete(((_f@.0).push(*old_c.inner()), _f@.1))); + proof_assert!(lemma_permuted_clause_maintains_equisat(_f@, *old_c.inner(), *self); true); + proof_assert!(dup_stable_on_permut(*old_c.inner(), *self); true); } #[cfg_attr(feature = "trust_clause", trusted)] diff --git a/CreuSAT/src/conflict_analysis.rs b/CreuSAT/src/conflict_analysis.rs index 5749342e..c6271e55 100644 --- a/CreuSAT/src/conflict_analysis.rs +++ b/CreuSAT/src/conflict_analysis.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, vec, Ghost, *}; +use creusot_contracts::{std::*, vec, Snapshot, *}; use crate::{assignments::*, clause::*, decision::*, formula::*, lit::*, trail::*}; @@ -54,10 +54,10 @@ fn resolve( _f: &Formula, c: &mut Clause, o: &Clause, idx: usize, c_idx: usize, trail: &Trail, seen: &mut Vec, path_c: &mut usize, to_bump: &mut Vec, ) { - let old_c: Ghost<&mut Clause> = ghost!(c); - let old_seen: Ghost<&mut Vec> = ghost!(seen); - let old_path_c: Ghost<&mut usize> = ghost!(path_c); - let old_to_bump: Ghost<&mut Vec> = ghost!(to_bump); + let old_c: Snapshot<&mut Clause> = snapshot!(c); + let old_seen: Snapshot<&mut Vec> = snapshot!(seen); + let old_path_c: Snapshot<&mut usize> = snapshot!(path_c); + let old_to_bump: Snapshot<&mut Vec> = snapshot!(to_bump); proof_assert!(c.clause_is_seen(*seen)); @@ -68,7 +68,7 @@ fn resolve( proof_assert!(^seen == ^old_seen.inner()); proof_assert!(c.clause_is_seen(*seen)); - let old_c2: Ghost<&mut Clause> = ghost!(c); + let old_c2: Snapshot<&mut Clause> = snapshot!(c); proof_assert!(!old_c@[c_idx@].lit_in(*c)); proof_assert!(^c == ^old_c.inner()); proof_assert!(forall 0 <= j && j < old_c@.len() @@ -89,7 +89,7 @@ fn resolve( #[invariant(seen@.len() == _f.num_vars@)] #[invariant(elems_less_than(to_bump@, _f.num_vars@))] while i < o.len() { - let old_c3: Ghost<&mut Clause> = ghost!(c); + let old_c3: Snapshot<&mut Clause> = snapshot!(c); proof_assert!(^c == ^old_c3.inner()); if !idx_in(&c.lits, o[i].index(), &seen) { @@ -127,7 +127,7 @@ fn resolve( None => (^i)@ == 0 })] fn choose_literal(c: &Clause, trail: &Trail, i: &mut usize, _f: &Formula, seen: &Vec) -> Option { - let old_i: Ghost<&mut usize> = ghost! {i}; + let old_i: Snapshot<&mut usize> = snapshot! {i}; #[invariant(0 <= i@ && i@ <= trail.trail@.len())] while *i > 0 { *i -= 1; diff --git a/CreuSAT/src/decision.rs b/CreuSAT/src/decision.rs index 639503f0..59a86b70 100644 --- a/CreuSAT/src/decision.rs +++ b/CreuSAT/src/decision.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{ensures, ghost, invariant, maintains, proof_assert, requires, std::vec, Clone, Ghost, Int, *}; +use creusot_contracts::{ensures, invariant, maintains, proof_assert, requires, std::vec, Clone, Int, Snapshot, *}; use crate::{assignments::*, formula::*, util::*}; @@ -26,6 +26,7 @@ impl ::std::default::Default for Node { impl creusot_contracts::Default for Node { #[predicate] + #[open] fn is_default(self) -> bool { pearlite! { self.next@ == usize::MAX@ && self.prev@ == usize::MAX@ && self.ts@ == 0 } } @@ -135,7 +136,7 @@ impl Decisions { #[ensures((^self).linked_list@.len() == self.linked_list@.len())] fn rescore(&mut self, _f: &Formula) { let INVALID: usize = usize::MAX; - let old_self: Ghost<&mut Decisions> = ghost! { self }; + let old_self: Snapshot<&mut Decisions> = snapshot! { self }; let mut curr_score = self.linked_list.len(); let mut i: usize = 0; let mut curr = self.start; @@ -203,7 +204,7 @@ impl Decisions { #[maintains((mut self).invariant(f.num_vars@))] pub fn increment_and_move(&mut self, f: &Formula, v: Vec) { let mut counts_with_index: Vec<(usize, usize)> = vec![(0, 0); v.len()]; - let old_self: Ghost<&mut Decisions> = ghost! { self }; + let old_self: Snapshot<&mut Decisions> = snapshot! { self }; let mut i: usize = 0; #[invariant(old_self.inner() == self)] #[invariant(v@.len() == counts_with_index@.len())] diff --git a/CreuSAT/src/formula.rs b/CreuSAT/src/formula.rs index f2465aba..b3fc5040 100644 --- a/CreuSAT/src/formula.rs +++ b/CreuSAT/src/formula.rs @@ -1,7 +1,7 @@ // Formula is Mac OK with an inline_full + split on VC #12 for add_clause 11.04 22.18 extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; use crate::{assignments::*, clause::*, solver::*, trail::*, watches::*}; use ::std::ops::{Index, IndexMut}; @@ -25,8 +25,8 @@ impl Index for Formula { type Output = Clause; #[inline] #[cfg_attr(feature = "trust_formula", trusted)] - #[requires(ix@ < self@.0.len())] - #[ensures(self@.0[ix@] == *result)] + #[requires(ix@ < self@.clauses.len())] + #[ensures(self@.clauses[ix@] == *result)] fn index(&self, ix: usize) -> &Clause { #[cfg(not(creusot))] unsafe { @@ -40,11 +40,11 @@ impl Index for Formula { impl IndexMut for Formula { #[inline] #[cfg_attr(feature = "trust_formula", trusted)] - #[requires(ix@ < self@.0.len())] - #[ensures(self@.0[ix@] == *result)] - #[ensures((^self)@.0[ix@] == ^result)] - #[ensures(forall 0 <= i && i != ix@ && i < self@.0.len() ==> self@.0[i] == (^self)@.0[i])] - #[ensures((^self)@.0.len() == (*self)@.0.len())] + #[requires(ix@ < self@.clauses.len())] + #[ensures(self@.clauses[ix@] == *result)] + #[ensures((^self)@.clauses[ix@] == ^result)] + #[ensures(forall 0 <= i && i != ix@ && i < self@.clauses.len() ==> self@.clauses[i] == (^self)@.clauses[i])] + #[ensures((^self)@.clauses.len() == (*self)@.clauses.len())] fn index_mut(&mut self, ix: usize) -> &mut Clause { #[cfg(not(creusot))] unsafe { @@ -122,7 +122,7 @@ impl Formula { #[ensures((^self).clauses@[result@] == clause)] #[ensures(self.clauses@.len() + 1 == (^self).clauses@.len())] pub fn add_clause(&mut self, clause: Clause, watches: &mut Watches, _t: &Trail) -> usize { - let old_self: Ghost<&mut Formula> = ghost! { self }; + let old_self: Snapshot<&mut Formula> = snapshot! { self }; let cref = self.clauses.len(); // The weird assignment to first_/second_lit is because otherwise we break the precond for // add_watcher that the cref should be less than f.clauses.len(). We can't update the watches @@ -154,7 +154,7 @@ impl Formula { #[ensures((^self).clauses@[result@] == clause)] #[ensures(self.clauses@.len() + 1 == (^self).clauses@.len())] pub fn add_unwatched_clause(&mut self, clause: Clause, watches: &mut Watches, _t: &Trail) -> usize { - let old_self: Ghost<&mut Formula> = ghost! { self }; + let old_self: Snapshot<&mut Formula> = snapshot! { self }; let cref = self.clauses.len(); self.clauses.push(clause); cref @@ -177,7 +177,7 @@ impl Formula { #[ensures((^self).clauses@[result@]@.len() == 1)] #[ensures(self.clauses@.len() + 1 == (^self).clauses@.len())] pub fn add_unit(&mut self, clause: Clause, _t: &Trail) -> usize { - let old_self: Ghost<&mut Formula> = ghost! { self }; + let old_self: Snapshot<&mut Formula> = snapshot! { self }; let cref = self.clauses.len(); self.clauses.push(clause); cref @@ -209,7 +209,7 @@ impl Formula { #[ensures(self.equisat(^self))] #[ensures(self.num_vars == (^self).num_vars)] fn delete_clause(&mut self, cref: usize, watches: &mut Watches, t: &Trail) { - let old_f: Ghost<&mut Formula> = ghost! { self }; + let old_f: Snapshot<&mut Formula> = snapshot! { self }; watches.unwatch(self, t, cref, self.clauses[cref][0]); watches.unwatch(self, t, cref, self.clauses[cref][1]); self.clauses[cref].deleted = true; @@ -229,8 +229,8 @@ impl Formula { #[ensures(self.num_vars == (^self).num_vars)] #[ensures(self.equisat(^self))] pub fn delete_clauses(&mut self, watches: &mut Watches, t: &Trail) { - let old_f: Ghost<&mut Formula> = ghost! { self }; - let old_w: Ghost<&mut Watches> = ghost! { watches }; + let old_f: Snapshot<&mut Formula> = snapshot! { self }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; // unwatch trivially SAT let mut i = 0; #[invariant(watches.invariant(*self))] @@ -287,8 +287,8 @@ impl Formula { } //s.num_lemmas = 0; let mut i = s.initial_len; - let old_f: Ghost<&mut Formula> = ghost! { self }; - let old_w: Ghost<&mut Watches> = ghost! { watches }; + let old_f: Snapshot<&mut Formula> = snapshot! { self }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; #[invariant(watches.invariant(*self))] #[invariant(t.invariant(*self))] #[invariant(self.invariant())] diff --git a/CreuSAT/src/lib.rs b/CreuSAT/src/lib.rs index ea5cd19b..27e47e62 100644 --- a/CreuSAT/src/lib.rs +++ b/CreuSAT/src/lib.rs @@ -7,7 +7,7 @@ #![recursion_limit = "512"] extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; mod assignments; mod clause; diff --git a/CreuSAT/src/lit.rs b/CreuSAT/src/lit.rs index fe132a65..67d2cf20 100644 --- a/CreuSAT/src/lit.rs +++ b/CreuSAT/src/lit.rs @@ -20,6 +20,7 @@ impl ShallowModel for Lit { type ShallowModelTy = Lit; #[logic] + #[open] fn shallow_model(self) -> Self { self } @@ -30,6 +31,7 @@ impl DeepModel for Lit { type DeepModelTy = Lit; #[logic] + #[open] fn deep_model(self) -> Self { self } diff --git a/CreuSAT/src/logic/logic.rs b/CreuSAT/src/logic/logic.rs index a2b14933..af4db998 100644 --- a/CreuSAT/src/logic/logic.rs +++ b/CreuSAT/src/logic/logic.rs @@ -7,16 +7,19 @@ use crate::{assignments::*, clause::*, formula::*, lit::*, trail::*}; use crate::logic::{logic_assignments::*, logic_clause::*, logic_formula::*, logic_trail::*}; #[logic] -fn pos() -> AssignedState { +#[open] +pub fn pos() -> AssignedState { 1u8 } #[logic] -fn neg() -> AssignedState { +#[open] +pub fn neg() -> AssignedState { 0u8 } #[predicate] +#[open] pub fn unset(v: AssignedState) -> bool { pearlite! { if v@ >= 2 { @@ -29,6 +32,7 @@ pub fn unset(v: AssignedState) -> bool { #[cfg_attr(feature = "trust_logic_logic", trusted)] #[logic] +#[open] #[ensures(b ==> result@ == 1)] #[ensures(!b ==> result@ == 0)] pub fn bool_to_assignedstate(b: bool) -> AssignedState { @@ -40,7 +44,8 @@ pub fn bool_to_assignedstate(b: bool) -> AssignedState { } #[logic] -fn flip_v(v: AssignedState) -> AssignedState { +#[open] +pub fn flip_v(v: AssignedState) -> AssignedState { pearlite! { if v@ == 0 { 1u8 diff --git a/CreuSAT/src/logic/logic_assignments.rs b/CreuSAT/src/logic/logic_assignments.rs index 40fbd46e..44323638 100644 --- a/CreuSAT/src/logic/logic_assignments.rs +++ b/CreuSAT/src/logic/logic_assignments.rs @@ -15,12 +15,14 @@ impl ShallowModel for Assignments { type ShallowModelTy = Seq; #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { self.0.shallow_model() } } #[predicate] +#[open] pub fn compatible_inner(a: Seq, a2: Seq) -> bool { pearlite! { a.len() == a2.len() && (forall 0 <= i && i < a.len() ==> @@ -29,6 +31,7 @@ pub fn compatible_inner(a: Seq, a2: Seq) -> bool { } #[predicate] +#[open] pub fn complete_inner(a: Seq) -> bool { pearlite! { forall 0 <= i && i < a.len() ==> !unset(a[i]) @@ -36,6 +39,7 @@ pub fn complete_inner(a: Seq) -> bool { } #[predicate] +#[open] pub fn compatible_complete_inner(a: Seq, a2: Seq) -> bool { compatible_inner(a, a2) && complete_inner(a2) } @@ -43,6 +47,7 @@ pub fn compatible_complete_inner(a: Seq, a2: Seq) // Predicates impl Assignments { #[predicate] + #[open] pub fn invariant(self, f: Formula) -> bool { pearlite! { f.num_vars@ == self@.len() @@ -51,6 +56,7 @@ impl Assignments { } #[predicate] + #[open] pub fn complete(self) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> !unset(self@[i]) diff --git a/CreuSAT/src/logic/logic_clause.rs b/CreuSAT/src/logic/logic_clause.rs index faa1a08d..d561877b 100644 --- a/CreuSAT/src/logic/logic_clause.rs +++ b/CreuSAT/src/logic/logic_clause.rs @@ -12,12 +12,14 @@ impl ShallowModel for Clause { type ShallowModelTy = Seq; #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { self.lits.shallow_model() //.push(self.first)//.push(self.second) } } #[predicate] +#[open] pub fn vars_in_range_inner(s: Seq, n: Int) -> bool { pearlite! { forall 0 <= i && i < s.len() ==> @@ -26,23 +28,33 @@ pub fn vars_in_range_inner(s: Seq, n: Int) -> bool { } #[predicate] +#[open] pub fn invariant_internal(s: Seq, n: Int) -> bool { vars_in_range_inner(s, n) && no_duplicate_indexes_inner(s) } #[predicate] -pub fn equisat_extension_inner(c: Clause, f: (Seq, Int)) -> bool { +#[open] +pub fn equisat_extension_inner(c: Clause, f: FormulaModel) -> bool { pearlite! { - eventually_sat_complete(f) ==> eventually_sat_complete((f.0.push(c), f.1)) + eventually_sat_complete(f) ==> eventually_sat_complete(FormulaModel { clauses: f.clauses.push(c), num_vars: f.num_vars }) } } #[predicate] +#[open] pub fn no_duplicate_indexes_inner(s: Seq) -> bool { + pearlite! { + forall 0 <= j && j < s.len() && + 0 <= k && k < s.len() && k != j ==> s[k].index_logic() != s[j].index_logic() + } + /* + // The previous one pearlite! { forall 0 <= j && j < s.len() && 0 <= k && k < j ==> !(s[k].index_logic() == s[j].index_logic()) } + */ /* pearlite! { forall 0 <= j && j < s.len() && @@ -53,6 +65,7 @@ pub fn no_duplicate_indexes_inner(s: Seq) -> bool { impl Clause { #[predicate] + #[open] pub fn post_unit_inner(self, a: Seq) -> bool { pearlite! { exists 0 <= i && i < self@.len() && self@[i].sat_inner(a) @@ -62,6 +75,7 @@ impl Clause { } #[predicate] + #[open] pub fn no_unset_inner(self, a: Seq) -> bool { pearlite! { forall 0 <= j && j < self@.len() ==> !self@[j].unset_inner(a) @@ -69,11 +83,13 @@ impl Clause { } #[predicate] + #[open] pub fn post_unit(self, a: Assignments) -> bool { pearlite! { self.post_unit_inner(a@) } } #[predicate] + #[open] pub fn eq_assn_inner(self, a: Seq, a2: Seq) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> @@ -84,11 +100,13 @@ impl Clause { impl Clause { #[predicate] + #[open] pub fn equisat_extension(self, f: Formula) -> bool { pearlite! { equisat_extension_inner(self, f@) } } #[predicate] + #[open] pub fn same_idx_same_polarity_except(self, other: Clause, exception: Int) -> bool { pearlite! { forall 0 <= i && i < self@.len() && 0 <= j && j < other@.len() ==> @@ -99,6 +117,7 @@ impl Clause { } #[predicate] + #[open] pub fn resolvent_of(self, c: Clause, c2: Clause, k: Int, m: Int) -> bool { pearlite! { (forall 0 <= i && i < c @.len() && i != m ==> c @[i].lit_in(self)) && @@ -111,6 +130,7 @@ impl Clause { } #[predicate] + #[open] pub fn in_formula(self, f: Formula) -> bool { pearlite! { exists 0 <= i && i < f.clauses@.len() && @@ -119,14 +139,16 @@ impl Clause { } #[predicate] - pub fn in_formula_inner(self, f: (Seq, Int)) -> bool { + #[open] + pub fn in_formula_inner(self, f: FormulaModel) -> bool { pearlite! { - exists 0 <= i && i < f.0.len() && f.0[i] == self + exists 0 <= i && i < f.clauses.len() && f.clauses[i] == self } } #[predicate] - fn unit_inner(self, a: Seq) -> bool { + #[open] + pub fn unit_inner(self, a: Seq) -> bool { pearlite! { self.vars_in_range(a.len()) && !self.sat_inner(a) && @@ -136,12 +158,15 @@ impl Clause { !self@[j].unset_inner(a)) } } + #[predicate] + #[open] //#[open(self)] pub fn unit(self, a: Assignments) -> bool { pearlite! { self.unit_inner(a@) } } #[predicate] + #[open] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> @@ -150,11 +175,13 @@ impl Clause { } #[predicate] + #[open] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { exists 0 <= i && i < self@.len() && @@ -163,6 +190,7 @@ impl Clause { } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) @@ -170,31 +198,37 @@ impl Clause { } #[predicate] + #[open] pub fn unknown(self, a: Assignments) -> bool { !self.sat(a) && !self.unsat(a) } #[predicate] + #[open] pub fn vars_in_range(self, n: Int) -> bool { pearlite! { vars_in_range_inner(self@, n) } } #[predicate] + #[open] pub fn no_duplicate_indexes(self) -> bool { pearlite! { no_duplicate_indexes_inner(self@) } } #[predicate] + #[open] pub fn search_idx_in_range(self) -> bool { pearlite! { 2 <= self.search@ && self.search@ <= self@.len() } } #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { pearlite! { invariant_internal(self@, n) } } #[predicate] + #[open] pub fn clause_is_seen(self, seen: Vec) -> bool { pearlite! { forall 0 <= idx && idx < seen@.len() ==> @@ -203,6 +237,7 @@ impl Clause { } #[predicate] + #[open] pub fn equals(self, o: Clause) -> bool { pearlite! { self@.len() == o@.len() @@ -211,3 +246,21 @@ impl Clause { } } } + +#[cfg_attr(feature = "trust_logic_logic", trusted)] +#[logic] +#[open(self)] +#[requires(formula_invariant(f))] +#[requires(equisat_extension_inner(c, f))] +#[requires(c@.permutation_of(c2@))] +#[ensures(equisat_extension_inner(c2, f))] +pub fn lemma_permuted_clause_maintains_equisat(f: FormulaModel, c: Clause, c2: Clause) {} + +#[logic] +#[requires(no_duplicate_indexes_inner(c1@))] +#[requires(exists c2@.exchange(c1@, j, i))] +#[ensures(c1@.permutation_of(c2@))] +#[ensures(c2@.permutation_of(c1@))] +#[ensures(no_duplicate_indexes_inner(c2@))] +#[open] +pub fn dup_stable_on_permut(c1: Clause, c2: Clause) {} diff --git a/CreuSAT/src/logic/logic_conflict_analysis.rs b/CreuSAT/src/logic/logic_conflict_analysis.rs index 0a63a15a..e831da12 100644 --- a/CreuSAT/src/logic/logic_conflict_analysis.rs +++ b/CreuSAT/src/logic/logic_conflict_analysis.rs @@ -3,28 +3,31 @@ use creusot_contracts::std::*; use creusot_contracts::*; use crate::clause::*; +use crate::formula::Formula; use crate::logic::{logic_assignments::*, logic_clause::*, logic_formula::*}; #[cfg_attr(feature = "trust_logic_logic", trusted)] #[logic] -#[requires(f2.0 == f.0.push(c))] +#[open] //#[open(self)] +#[requires(f2.clauses == f.clauses.push(c))] #[requires(formula_invariant(f))] -#[ensures(f.0.len() + 1 == f2.0.len())] -#[ensures(forall 0 <= i && i < f.0.len() ==> f.0[i].equals(f2.0[i]))] -#[ensures(f2.0[f2.0.len()-1]@ == c@)] +#[ensures(f.clauses.len() + 1 == f2.clauses.len())] +#[ensures(forall 0 <= i && i < f.clauses.len() ==> f.clauses[i].equals(f2.clauses[i]))] +#[ensures(f2.clauses[f2.clauses.len()-1]@ == c@)] //#[ensures(formula_invariant(f2))] -//#[ensures(f.1 == f2.1)] -fn lemma_eq_formulas(f: (Seq, Int), f2: (Seq, Int), c: Clause) {} +//#[ensures(f.num_vars == f2.num_vars)] +pub fn lemma_eq_formulas(f: FormulaModel, f2: FormulaModel, c: Clause) {} #[cfg_attr(feature = "trust_logic_logic", trusted)] #[logic] +#[open] //#[open(self)] #[requires(formula_invariant(f))] #[requires(equisat_extension_inner(c, f))] #[requires(c2.in_formula_inner(f))] #[requires(c3.resolvent_of(c, c2, k, m))] #[ensures(equisat_extension_inner(c3, f))] pub fn lemma_resolvent_of_equisat_extension_is_equisat( - f: (Seq, Int), c: Clause, c2: Clause, c3: Clause, k: Int, m: Int, + f: FormulaModel, c: Clause, c2: Clause, c3: Clause, k: Int, m: Int, ) { - lemma_eq_formulas(f, (f.0.push(c3), f.1), c3); + lemma_eq_formulas(f, FormulaModel { clauses: f.clauses.push(c3), num_vars: f.num_vars }, c3); } diff --git a/CreuSAT/src/logic/logic_decision.rs b/CreuSAT/src/logic/logic_decision.rs index 8368eb67..8f79b85f 100644 --- a/CreuSAT/src/logic/logic_decision.rs +++ b/CreuSAT/src/logic/logic_decision.rs @@ -6,6 +6,7 @@ use crate::decision::*; impl Decisions { #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { pearlite! { self.linked_list@.len() == n diff --git a/CreuSAT/src/logic/logic_formula.rs b/CreuSAT/src/logic/logic_formula.rs index ac29389c..d4715d52 100644 --- a/CreuSAT/src/logic/logic_formula.rs +++ b/CreuSAT/src/logic/logic_formula.rs @@ -7,41 +7,51 @@ use crate::{assignments::*, clause::*, formula::*, lit::*, trail::*, watches::*} use crate::logic::{logic::*, logic_assignments::*}; +pub struct FormulaModel { + pub clauses: Seq, + pub num_vars: Int, +} + #[cfg(creusot)] impl ShallowModel for Formula { - type ShallowModelTy = (Seq, Int); + type ShallowModelTy = FormulaModel; #[logic] + #[open] fn shallow_model(self) -> Self::ShallowModelTy { - (self.clauses.shallow_model(), self.num_vars.shallow_model()) + FormulaModel { clauses: self.clauses.shallow_model(), num_vars: self.num_vars.shallow_model() } } } #[predicate] -pub fn formula_invariant(f: (Seq, Int)) -> bool { +#[open] +pub fn formula_invariant(f: FormulaModel) -> bool { pearlite! { - forall 0 <= i && i < f.0.len() ==> - (f.0[i].invariant(f.1) && f.0[i]@.len() > 0) + forall 0 <= i && i < f.clauses.len() ==> + (f.clauses[i].invariant(f.num_vars) && f.clauses[i]@.len() > 0) } } #[predicate] -pub fn formula_sat_inner(f: (Seq, Int), a: Seq) -> bool { +#[open] +pub fn formula_sat_inner(f: FormulaModel, a: Seq) -> bool { pearlite! { - forall 0 <= i && i < f.0.len() ==> - f.0[i].sat_inner(a) + forall 0 <= i && i < f.clauses.len() ==> + f.clauses[i].sat_inner(a) } } #[predicate] -pub fn eventually_sat_complete(f: (Seq, Int)) -> bool { +#[open] +pub fn eventually_sat_complete(f: FormulaModel) -> bool { pearlite! { - exists> a2.len() == f.1 && complete_inner(a2) && formula_sat_inner(f, a2) + exists> a2.len() == f.num_vars && complete_inner(a2) && formula_sat_inner(f, a2) } } #[predicate] -fn equisat(f: (Seq, Int), o: (Seq, Int)) -> bool { +#[open] +pub fn equisat(f: FormulaModel, o: FormulaModel) -> bool { pearlite! { eventually_sat_complete(f) == eventually_sat_complete(o) } @@ -50,6 +60,7 @@ fn equisat(f: (Seq, Int), o: (Seq, Int)) -> bool { // Predicates impl Formula { #[predicate] + #[open] pub fn eventually_sat_complete(self) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && complete_inner(a2) && self.sat_inner(a2) @@ -57,11 +68,13 @@ impl Formula { } #[predicate] + #[open] pub fn equisat(self, o: Formula) -> bool { self.eventually_sat_complete() == o.eventually_sat_complete() } #[predicate] + #[open] #[cfg_attr(feature = "trust_formula_logic", trusted)] #[ensures(result == self.invariant_mirror())] // Removing this makes a bunch of seemingly unrelated things fail pub fn invariant(self) -> bool { @@ -69,7 +82,8 @@ impl Formula { } #[predicate] - fn invariant_mirror(self) -> bool { + #[open] + pub fn invariant_mirror(self) -> bool { pearlite! { (forall 0 <= i && i < self.clauses@.len() ==> self.clauses@[i].invariant(self.num_vars@)) @@ -81,25 +95,29 @@ impl Formula { } #[predicate] - fn eventually_sat_inner(self, a: Seq) -> bool { + #[open] + pub fn eventually_sat_inner(self, a: Seq) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && compatible_inner(a, a2) && self.sat_inner(a2) } } #[predicate] - fn eventually_sat_complete_inner(self, a: Seq) -> bool { + #[open] + pub fn eventually_sat_complete_inner(self, a: Seq) -> bool { pearlite! { exists> a2.len() == self.num_vars@ && compatible_complete_inner(a, a2) && self.sat_inner(a2) } } #[predicate] - fn eventually_sat(self, a: Assignments) -> bool { + #[open] //#[open(self)] + pub fn eventually_sat(self, a: Assignments) -> bool { pearlite! { self.eventually_sat_inner(a@)} } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -108,12 +126,14 @@ impl Formula { } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { formula_sat_inner(self@, a@) } } #[predicate] - fn unsat_inner(self, a: Seq) -> bool { + #[open] + pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { exists 0 <= i && i < self.clauses@.len() && self.clauses@[i].unsat_inner(a) @@ -121,11 +141,13 @@ impl Formula { } #[predicate] + #[open] //#[open(self)] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } #[predicate] + #[open] pub fn not_satisfiable(self) -> bool { pearlite! { exists c@.len() == 0 && c.equisat_extension(self) } } diff --git a/CreuSAT/src/logic/logic_lit.rs b/CreuSAT/src/logic/logic_lit.rs index dfcb2104..617aaca4 100644 --- a/CreuSAT/src/logic/logic_lit.rs +++ b/CreuSAT/src/logic/logic_lit.rs @@ -5,6 +5,7 @@ use creusot_contracts::*; use crate::{assignments::*, clause::*, lit::*, trail::*}; #[predicate] +#[open] //#[ensures(result == self.lit_in_internal(c))] #[why3::attr = "inline:trivial"] pub fn idx_in_logic(idx: Int, c: Seq) -> bool { @@ -17,24 +18,28 @@ pub fn idx_in_logic(idx: Int, c: Seq) -> bool { // Logic impl Lit { #[logic] + #[open] #[why3::attr = "inline:trivial"] pub fn index_logic(self) -> Int { pearlite! { self.idx@ } } #[logic] + #[open] #[why3::attr = "inline:trivial"] pub fn is_positive_logic(self) -> bool { pearlite! { self.polarity } } #[logic] + #[open] #[why3::attr = "inline:trivial"] pub fn to_watchidx_logic(self) -> Int { pearlite! { self.index_logic() * 2 + if self.is_positive_logic() { 0 } else { 1 } } } #[logic] + #[open] #[why3::attr = "inline:trivial"] pub fn to_neg_watchidx_logic(self) -> Int { pearlite! { self.index_logic() * 2 + if self.is_positive_logic() { 1 } else { 0 } } @@ -44,6 +49,7 @@ impl Lit { // Predicates impl Lit { #[predicate] + #[open] pub fn is_opp(self, o: Lit) -> bool { pearlite! { self.index_logic() == o.index_logic() && self.is_positive_logic() != o.is_positive_logic() @@ -51,16 +57,19 @@ impl Lit { } #[predicate] + #[open] pub fn lit_in_internal(self, c: Seq) -> bool { pearlite! { exists 0 <= i && i < c.len() && c[i] == self } } #[predicate] + #[open] pub fn lit_in(self, c: Clause) -> bool { pearlite! { exists 0 <= i && i < c@.len() && c@[i] == self } } #[predicate] + #[open] pub fn lit_idx_in(self, c: Clause) -> bool { pearlite! { exists 0 <= i && i < c@.len() && @@ -69,11 +78,13 @@ impl Lit { } #[predicate] + #[open] pub fn invariant(self, n: Int) -> bool { pearlite! { self.index_logic() < n } } #[predicate] + #[open] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { match self.is_positive_logic() { @@ -84,6 +95,7 @@ impl Lit { } #[predicate] + #[open] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { match self.is_positive_logic() { @@ -94,26 +106,31 @@ impl Lit { } #[predicate] + #[open] pub fn unset_inner(self, a: Seq) -> bool { pearlite! { a[self.index_logic()]@ >= 2 } } #[predicate] + #[open] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) } } #[predicate] + #[open] pub fn unset(self, a: Assignments) -> bool { pearlite! { self.unset_inner(a@) } } #[predicate] + #[open] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } #[predicate] + #[open] pub fn idx_in_trail(self, t: Vec) -> bool { pearlite! { exists 0 <= i && i < t@.len() && diff --git a/CreuSAT/src/logic/logic_trail.rs b/CreuSAT/src/logic/logic_trail.rs index 2890b2c1..ce39e714 100644 --- a/CreuSAT/src/logic/logic_trail.rs +++ b/CreuSAT/src/logic/logic_trail.rs @@ -9,6 +9,7 @@ use crate::logic::{logic::*, logic_clause::*, logic_util::*}; impl Reason { #[predicate] + #[open] pub fn invariant(self, f: Formula) -> bool { pearlite! { match self { @@ -24,30 +25,32 @@ impl Reason { } /* - #[predicate] - pub fn invariant_reason_new(self, f: Formula, a: Assignments) -> bool { - pearlite! { - match self { - Reason::Long(cref) => - (0 <= cref@ && cref@ < f.clauses@.len()) - && (@f.clauses@[cref@]).len() > 1 - && (forall 1 <= i && i < (@f.clauses@[cref@]).len() ==> - (@f.clauses@[cref@])[i].unsat_inner(a@)) - && (@f.clauses@[cref@])[0].sat_inner(a@), - Reason::Unit(cref) => - (0 <= cref@ && cref@ < f.clauses@.len()) - && (@f.clauses@[cref@]).len() == 1 - && (@f.clauses@[cref@])[0].sat_inner(a@), - _ => true + #[predicate] + #[open] + pub fn invariant_reason_new(self, f: Formula, a: Assignments) -> bool { + pearlite! { + match self { + Reason::Long(cref) => + (0 <= cref@ && cref@ < f.clauses@.len()) + && (@f.clauses@[cref@]).len() > 1 + && (forall 1 <= i && i < (@f.clauses@[cref@]).len() ==> + (@f.clauses@[cref@])[i].unsat_inner(a@)) + && (@f.clauses@[cref@])[0].sat_inner(a@), + Reason::Unit(cref) => + (0 <= cref@ && cref@ < f.clauses@.len()) + && (@f.clauses@[cref@]).len() == 1 + && (@f.clauses@[cref@])[0].sat_inner(a@), + _ => true + } } } - } - */ + */ } // LOGIC impl Trail { #[predicate] + #[open] //#[open(self)] #[why3::attr = "inline:trivial"] pub fn invariant(self, f: Formula) -> bool { pearlite! { @@ -65,6 +68,7 @@ impl Trail { } #[predicate] + #[open] //#[open(self)] #[why3::attr = "inline:trivial"] pub fn invariant_no_decision(self, f: Formula) -> bool { pearlite! { @@ -82,6 +86,7 @@ impl Trail { } #[predicate] +#[open] pub fn lit_not_in_less_inner(t: Seq, f: Formula) -> bool { pearlite! { forall 0 <= i && i < t.len() ==> @@ -94,6 +99,7 @@ pub fn lit_not_in_less_inner(t: Seq, f: Formula) -> bool { } #[predicate] +#[open] pub fn trail_invariant(trail: Seq, f: Formula) -> bool { pearlite! { forall 0 <= i && i < trail.len() ==> @@ -103,7 +109,8 @@ pub fn trail_invariant(trail: Seq, f: Formula) -> bool { } #[predicate] -fn trail_entries_are_assigned_inner(t: Seq, a: Seq) -> bool { +#[open] +pub fn trail_entries_are_assigned_inner(t: Seq, a: Seq) -> bool { pearlite! { forall 0 <= j && j < t.len() ==> t[j].lit.sat_inner(a) @@ -111,11 +118,13 @@ fn trail_entries_are_assigned_inner(t: Seq, a: Seq) -> bool } #[predicate] +#[open] pub fn clause_post_with_regards_to(c: Clause, a: Assignments, j: Int) -> bool { pearlite! { clause_post_with_regards_to_inner(c, a@, j) } } #[predicate] +#[open] pub fn clause_post_with_regards_to_inner(c: Clause, a: Seq, j: Int) -> bool { pearlite! { c@[0].index_logic() == j @@ -125,12 +134,14 @@ pub fn clause_post_with_regards_to_inner(c: Clause, a: Seq, j: In } #[predicate] +#[open] pub fn clause_post_with_regards_to_lit(c: Clause, a: Assignments, lit: Lit) -> bool { pearlite! { clause_post_with_regards_to_inner(c, a@, lit.idx@) } } #[predicate] -fn lit_is_unique_inner(trail: Seq) -> bool { +#[open] +pub fn lit_is_unique_inner(trail: Seq) -> bool { pearlite! { forall 0 <= i && i < trail.len() ==> forall 0 <= j && j < i ==> @@ -139,6 +150,7 @@ fn lit_is_unique_inner(trail: Seq) -> bool { } #[predicate] +#[open] pub fn long_are_post_unit(trail: Trail, f: Formula) -> bool { pearlite! { forall 0 <= j && j < trail.trail@.len() ==> @@ -150,6 +162,7 @@ pub fn long_are_post_unit(trail: Trail, f: Formula) -> bool { } #[predicate] +#[open] pub fn long_are_post_unit_inner(trail: Seq, f: Formula, a: Seq) -> bool { pearlite! { forall 0 <= j && j < trail.len() ==> @@ -161,7 +174,8 @@ pub fn long_are_post_unit_inner(trail: Seq, f: Formula, a: Seq, f: Formula, a: Assignments) -> bool { +#[open] +pub fn unit_are_sat(trail: Seq, f: Formula, a: Assignments) -> bool { pearlite! { forall 0 <= j && j < trail.len() ==> match trail[j].reason { @@ -176,6 +190,7 @@ fn unit_are_sat(trail: Seq, f: Formula, a: Assignments) -> bool { /* #[cfg_attr(feature = "trust_trail_logic", trusted)] #[logic] +#[open] #[requires(a.invariant(f))] #[requires(f.invariant())] #[requires(trail_invariant(v, f))] @@ -190,6 +205,7 @@ pub fn lemma_assign_maintains_long_are_post_unit(v: Seq, f: Formula, a: As #[cfg_attr(feature = "trust_trail_logic", trusted)] #[logic] +#[open] #[requires(f.invariant())] #[requires(t.invariant(f))] #[requires(unset(t.assignments@[step.lit.index_logic()]))] diff --git a/CreuSAT/src/logic/logic_util.rs b/CreuSAT/src/logic/logic_util.rs index d889982d..413e2ca0 100644 --- a/CreuSAT/src/logic/logic_util.rs +++ b/CreuSAT/src/logic/logic_util.rs @@ -3,6 +3,7 @@ use creusot_contracts::std::*; use creusot_contracts::*; #[predicate] +#[open] pub fn sorted_range_rev(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool { pearlite! { forall l <= i && i < j && j < u ==> s[i].0 >= s[j].0 @@ -10,21 +11,25 @@ pub fn sorted_range_rev(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool { } #[predicate] +#[open] pub fn sorted_rev(s: Seq<(usize, usize)>) -> bool { sorted_range_rev(s, 0, s.len()) } #[predicate] +#[open] pub fn sorted_range(s: Seq, l: Int, u: Int) -> bool { pearlite! { forall l <= i && i < j && j < u ==> s[i] <= s[j] } } #[predicate] +#[open] pub fn sorted(s: Seq) -> bool { sorted_range(s, 0, s.len()) } #[predicate] +#[open] pub fn sorted_range_tuple_zeroth(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool { pearlite! { forall l <= i && i < j && j < u ==> s[i].0 <= s[j].0 @@ -32,26 +37,31 @@ pub fn sorted_range_tuple_zeroth(s: Seq<(usize, usize)>, l: Int, u: Int) -> bool } #[predicate] +#[open] pub fn sorted_tuple_zeroth(s: Seq<(usize, usize)>) -> bool { sorted_range_tuple_zeroth(s, 0, s.len()) } #[predicate] +#[open] pub fn partition(v: Seq<(usize, usize)>, i: Int) -> bool { pearlite! { forall 0 <= k1 && k1 < i && i <= k2 && k2 < v.len() ==> v[k1].0 <= v[k2].0 } } #[predicate] +#[open] pub fn partition_rev(v: Seq<(usize, usize)>, i: Int) -> bool { pearlite! { forall 0 <= k1 && k1 < i && i <= k2 && k2 < v.len() ==> v[k1].0 >= v[k2].0 } } #[predicate] +#[open] pub fn elems_less_than(v: Seq, n: Int) -> bool { pearlite! { forall 0 <= i && i < v.len() ==> v[i]@ < n } } #[logic] +#[open] #[cfg_attr(feature = "trust_util_logic", trusted)] #[requires(s.len() > 0)] #[ensures(result == s.subsequence(0, s.len() - 1))] @@ -62,6 +72,7 @@ pub fn pop(s: Seq) -> Seq { } #[logic] +#[open] #[cfg_attr(feature = "trust_util_logic", trusted)] #[requires(s.len() > 0)] pub fn last_idx(s: Seq) -> Int { @@ -69,6 +80,7 @@ pub fn last_idx(s: Seq) -> Int { } #[logic] +#[open] #[cfg_attr(feature = "trust_util_logic", trusted)] #[requires(s.len() > 0)] pub fn last_elem(s: Seq) -> T { @@ -76,6 +88,7 @@ pub fn last_elem(s: Seq) -> T { } #[logic] +#[open] #[cfg_attr(feature = "trust_util_logic", trusted)] #[requires(s.len() > 0)] #[requires(sorted(s))] diff --git a/CreuSAT/src/logic/logic_watches.rs b/CreuSAT/src/logic/logic_watches.rs index 7a9d2335..7f1cd302 100644 --- a/CreuSAT/src/logic/logic_watches.rs +++ b/CreuSAT/src/logic/logic_watches.rs @@ -8,6 +8,7 @@ use crate::logic::logic_util::*; // The n is here so that we can "hijack" it during initialization #[predicate] +#[open] pub fn watches_invariant_internal(w: Seq>, n: Int, f: Formula) -> bool { pearlite! { 2 * n == w.len() @@ -22,6 +23,7 @@ pub fn watches_invariant_internal(w: Seq>, n: Int, f: Formula) -> b // The watches for a specific literal are valid for a formula #[predicate] +#[open] pub fn watch_valid(w: Seq, f: Formula) -> bool { pearlite! { forall 0 <= j && j < w.len() ==> @@ -32,6 +34,7 @@ pub fn watch_valid(w: Seq, f: Formula) -> bool { } #[predicate] +#[open] pub fn watcher_crefs_in_range(w: Seq, f: Formula) -> bool { pearlite! { forall 0 <= j && j < w.len() ==> @@ -40,6 +43,7 @@ pub fn watcher_crefs_in_range(w: Seq, f: Formula) -> bool { } #[predicate] +#[open] pub fn watches_crefs_in_range(w: Seq>, f: Formula) -> bool { pearlite! { forall 0 <= i && i < w.len() ==> @@ -48,6 +52,7 @@ pub fn watches_crefs_in_range(w: Seq>, f: Formula) -> bool { } #[logic] +#[open] #[cfg_attr(feature = "trust_watches_logic", trusted)] #[requires(w.len() > 0)] #[requires(watcher_crefs_in_range(w, f))] @@ -55,6 +60,7 @@ pub fn watches_crefs_in_range(w: Seq>, f: Formula) -> bool { pub fn lemma_pop_watch_maintains_watcher_invariant(w: Seq, f: Formula) {} #[logic] +#[open] #[cfg_attr(feature = "trust_watches_logic", trusted)] #[requires(watcher_crefs_in_range(w, f))] #[requires(o.cref@ < f.clauses@.len())] @@ -63,6 +69,7 @@ pub fn lemma_push_maintains_watcher_invariant(w: Seq, f: Formula, o: Wa impl Watches { #[predicate] + #[open] //#[ensures(result == watches_invariant_internal(self.watches@, n))] pub fn invariant(self, f: Formula) -> bool { pearlite! { diff --git a/CreuSAT/src/solver.rs b/CreuSAT/src/solver.rs index 8f75fff7..63377039 100644 --- a/CreuSAT/src/solver.rs +++ b/CreuSAT/src/solver.rs @@ -1,7 +1,7 @@ extern crate creusot_contracts; use ::std::panic; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; use crate::{ assignments::*, clause::*, conflict_analysis::*, decision::*, formula::*, trail::*, unit_prop::*, util::*, @@ -227,10 +227,10 @@ impl Solver { #[ensures(f.num_vars@ == (^f).num_vars@)] #[ensures(f.equisat(^f))] fn unit_prop_loop(&mut self, f: &mut Formula, d: &mut Decisions, t: &mut Trail, w: &mut Watches) -> Option { - let old_f: Ghost<&mut Formula> = ghost! { f }; - let old_t: Ghost<&mut Trail> = ghost! { t }; - let old_w: Ghost<&mut Watches> = ghost! { w }; - let old_d: Ghost<&mut Decisions> = ghost! { d }; + let old_f: Snapshot<&mut Formula> = snapshot! { f }; + let old_t: Snapshot<&mut Trail> = snapshot! { t }; + let old_w: Snapshot<&mut Watches> = snapshot! { w }; + let old_d: Snapshot<&mut Decisions> = snapshot! { d }; #[invariant(f.invariant())] #[invariant(t.invariant(*f))] #[invariant(w.invariant(*f))] @@ -320,7 +320,7 @@ impl Solver { fn inner( &mut self, formula: &mut Formula, mut decisions: Decisions, mut trail: Trail, mut watches: Watches, ) -> SatResult { - let old_f: Ghost<&mut Formula> = ghost! { formula }; + let old_f: Snapshot<&mut Formula> = snapshot! { formula }; #[invariant(old_f.inner().equisat(*formula))] #[invariant(formula.num_vars@ == old_f.num_vars@)] #[invariant(formula.invariant())] diff --git a/CreuSAT/src/trail.rs b/CreuSAT/src/trail.rs index a22a972e..43388eed 100644 --- a/CreuSAT/src/trail.rs +++ b/CreuSAT/src/trail.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; use crate::{assignments::*, decision::*, formula::*, lit::*}; @@ -60,7 +60,7 @@ impl Trail { #[ensures(result@ < f.num_vars@)] //#[ensures((self@.trail).len() == (@(^self).trail).len() + 1)] // added fn backstep(&mut self, f: &Formula) -> usize { - let old_t: Ghost<&mut Trail> = ghost! { self }; + let old_t: Snapshot<&mut Trail> = snapshot! { self }; //proof_assert!(self == old_t@); let last = self.trail.pop(); match last { @@ -116,8 +116,8 @@ impl Trail { #[ensures(long_are_post_unit_inner((^self).trail@, *f, (^self).assignments@))] // Backtracks to the start of level pub fn backtrack_to(&mut self, level: usize, f: &Formula, d: &mut Decisions) { - let old_t: Ghost<&mut Trail> = ghost! { self }; - let old_d: Ghost<&mut Decisions> = ghost! { d }; + let old_t: Snapshot<&mut Trail> = snapshot! { self }; + let old_d: Snapshot<&mut Decisions> = snapshot! { d }; let how_many = self.trail.len() - self.decisions[level]; let des = self.decisions[level]; let mut i: usize = 0; @@ -146,7 +146,7 @@ impl Trail { #[invariant(long_are_post_unit_inner(self.trail@, *f, self.assignments@))] #[invariant(self.invariant_no_decision(*f))] while self.decisions.len() > level { - let old_t2: Ghost<&mut Trail> = ghost! { self }; + let old_t2: Snapshot<&mut Trail> = snapshot! { self }; proof_assert!(sorted(self.decisions@)); proof_assert!(self.decisions@.len() > 0); proof_assert!(lemma_pop_maintains_sorted(self.decisions@); true); @@ -165,7 +165,7 @@ impl Trail { #[invariant(long_are_post_unit_inner(self.trail@, *f, self.assignments@))] #[invariant(self.invariant_no_decision(*f))] while self.decisions.len() > 0 && self.decisions[self.decisions.len() - 1] > self.trail.len() { - let old_t3: Ghost<&mut Trail> = ghost! { self }; + let old_t3: Snapshot<&mut Trail> = snapshot! { self }; proof_assert!(sorted(self.decisions@)); proof_assert!(self.decisions@.len() > 0); proof_assert!(lemma_pop_maintains_sorted(self.decisions@); true); @@ -309,8 +309,8 @@ impl Trail { })] pub fn learn_units(&mut self, f: &Formula, d: &mut Decisions) -> Option { let mut i = 0; - let old_d: Ghost<&mut Decisions> = ghost! { d }; - let old_self: Ghost<&mut Trail> = ghost! { self }; + let old_d: Snapshot<&mut Decisions> = snapshot! { d }; + let old_self: Snapshot<&mut Trail> = snapshot! { self }; #[invariant(self.invariant(*f))] #[invariant(d.invariant(f.num_vars@))] while i < f.clauses.len() { diff --git a/CreuSAT/src/unit_prop.rs b/CreuSAT/src/unit_prop.rs index 67ecc50a..198e7c12 100644 --- a/CreuSAT/src/unit_prop.rs +++ b/CreuSAT/src/unit_prop.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; use crate::{assignments::*, clause::*, formula::*, lit::*, trail::*, util, watches::*}; @@ -66,7 +66,7 @@ fn check_and_move_watch( //#[ensures(f.clauses@[cref@]@.len() == (^f).clauses@[cref@]@.len())] #[ensures(f.equisat(^f))] // <- fn swap(f: &mut Formula, trail: &Trail, watches: &Watches, cref: usize, j: usize, k: usize) { - let old_f: Ghost<&mut Formula> = ghost! { f }; + let old_f: Snapshot<&mut Formula> = snapshot! { f }; f.clauses[cref].lits.swap(j, k); @@ -98,8 +98,8 @@ fn swap(f: &mut Formula, trail: &Trail, watches: &Watches, cref: usize, j: usize fn exists_new_watchable_lit( f: &mut Formula, trail: &Trail, watches: &mut Watches, cref: usize, j: usize, lit: Lit, ) -> bool { - let old_w: Ghost<&mut Watches> = ghost! { watches }; - let old_f: Ghost<&mut Formula> = ghost! { f }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; + let old_f: Snapshot<&mut Formula> = snapshot! { f }; let clause_len: usize = f.clauses[cref].len(); let init_search = util::max(util::min(f[cref].search, clause_len), 2); // TODO: Lame check let mut search = init_search; @@ -111,7 +111,7 @@ fn exists_new_watchable_lit( #[invariant(!f.clauses@[cref@]@[0].sat_inner(trail.assignments@))] while search < clause_len { if check_and_move_watch(f, trail, watches, cref, j, search, lit) { - let old_f2: Ghost<&mut Formula> = ghost! { f }; + let old_f2: Snapshot<&mut Formula> = snapshot! { f }; f.clauses[cref].search = search; proof_assert!(forall 0 <= j && j < f.clauses@.len() ==> f.clauses@[j]@ == old_f2.inner().clauses@[j]@); proof_assert!(old_f2.inner().equisat(*f)); @@ -130,7 +130,7 @@ fn exists_new_watchable_lit( #[invariant(!f.clauses@[cref@]@[0].sat_inner(trail.assignments@))] while search < init_search { if check_and_move_watch(f, trail, watches, cref, j, search, lit) { - let old_f2: Ghost<&mut Formula> = ghost! { f }; + let old_f2: Snapshot<&mut Formula> = snapshot! { f }; f.clauses[cref].search = search; proof_assert!(forall 0 <= j && j < f.clauses@.len() ==> f.clauses@[j]@ == old_f2.inner().clauses@[j]@); proof_assert!(old_f2.inner().equisat(*f)); @@ -163,7 +163,7 @@ fn exists_new_watchable_lit( fn propagate_lit_with_regard_to_clause( f: &mut Formula, trail: &mut Trail, watches: &mut Watches, cref: usize, lit: Lit, j: usize, ) -> Result { - let old_w: Ghost<&mut Watches> = ghost! { watches }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; let clause = &f[cref]; let first_lit = clause[0]; if first_lit.lit_sat(&trail.assignments) { @@ -209,7 +209,7 @@ fn propagate_lit_with_regard_to_clause( return Ok(true); } else if second_lit.lit_unset(&trail.assignments) { let step = Step { lit: second_lit, decision_level: trail.decision_level(), reason: Reason::Long(cref) }; - let old_c: Ghost = ghost! { f.clauses[cref] }; + let old_c: Snapshot = snapshot! { f.clauses[cref] }; proof_assert!(f.clauses@[cref@]@[1].unset(trail.assignments)); swap(f, trail, watches, cref, 0, 1); proof_assert!(f.clauses@[cref@]@.exchange(old_c@, 0, 1)); @@ -240,9 +240,9 @@ fn propagate_literal(f: &mut Formula, trail: &mut Trail, watches: &mut Watches, let watchidx = lit.to_watchidx(); proof_assert!(watches.watches@.len() == 2 * f.num_vars@); proof_assert!(watches.watches@.len() > watchidx@); - let old_trail: Ghost<&mut Trail> = ghost! { trail }; - let old_f: Ghost<&mut Formula> = ghost! { f }; - let old_w: Ghost<&mut Watches> = ghost! { watches }; + let old_trail: Snapshot<&mut Trail> = snapshot! { trail }; + let old_f: Snapshot<&mut Formula> = snapshot! { f }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; #[invariant(trail.invariant(*f))] #[invariant(watches.watches@.len() == old_w.watches@.len())] #[invariant(watches.invariant(*f))] @@ -283,9 +283,9 @@ fn propagate_literal(f: &mut Formula, trail: &mut Trail, watches: &mut Watches, #[ensures(f.equisat(^f))] pub fn unit_propagate(f: &mut Formula, trail: &mut Trail, watches: &mut Watches) -> Result<(), usize> { let mut i = trail.curr_i; - let old_trail: Ghost<&mut Trail> = ghost! { trail }; - let old_f: Ghost<&mut Formula> = ghost! { f }; - let old_w: Ghost<&mut Watches> = ghost! { watches }; + let old_trail: Snapshot<&mut Trail> = snapshot! { trail }; + let old_f: Snapshot<&mut Formula> = snapshot! { f }; + let old_w: Snapshot<&mut Watches> = snapshot! { watches }; #[invariant(f.invariant())] #[invariant(trail.invariant(*f))] #[invariant(watches.watches@.len() == old_w.watches@.len())] diff --git a/CreuSAT/src/util.rs b/CreuSAT/src/util.rs index ab49ae34..b3b59e15 100644 --- a/CreuSAT/src/util.rs +++ b/CreuSAT/src/util.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; #[cfg(creusot)] use crate::logic::logic_util::*; @@ -10,7 +10,7 @@ use crate::logic::logic_util::*; #[ensures((^v)@.permutation_of(v@))] pub fn sort_reverse(v: &mut Vec<(usize, usize)>) { let mut i: usize = 0; - let old_v: Ghost<&mut Vec<(usize, usize)>> = ghost! { v }; + let old_v: Snapshot<&mut Vec<(usize, usize)>> = snapshot! { v }; #[invariant(v@.permutation_of(old_v@))] #[invariant(i@ <= v@.len())] #[invariant(sorted_range_rev(v@, 0, i@))] @@ -58,7 +58,7 @@ pub fn update_slow(slow: &mut usize, lbd: usize) { #[ensures((^v)@.permutation_of(v@))] pub fn sort(v: &mut Vec<(usize, usize)>) { let mut i: usize = 0; - let old_v: Ghost<&mut Vec<(usize, usize)>> = ghost! { v }; + let old_v: Snapshot<&mut Vec<(usize, usize)>> = snapshot! { v }; #[invariant(v@.permutation_of(old_v@))] #[invariant(i@ <= v@.len())] #[invariant(sorted_range_tuple_zeroth(v@, 0, i@))] @@ -81,7 +81,8 @@ pub fn sort(v: &mut Vec<(usize, usize)>) { } #[logic] -fn min_log(a: Int, b: Int) -> Int { +#[open] +pub fn min_log(a: Int, b: Int) -> Int { if a <= b { a } else { @@ -103,7 +104,8 @@ pub fn min(a: usize, b: usize) -> usize { } #[logic] -fn max_log(a: Int, b: Int) -> Int { +#[open] +pub fn max_log(a: Int, b: Int) -> Int { if a >= b { a } else { diff --git a/CreuSAT/src/watches.rs b/CreuSAT/src/watches.rs index 8a8145da..f1f3710d 100644 --- a/CreuSAT/src/watches.rs +++ b/CreuSAT/src/watches.rs @@ -1,5 +1,5 @@ extern crate creusot_contracts; -use creusot_contracts::{std::*, Ghost, *}; +use creusot_contracts::{std::*, Snapshot, *}; use crate::{formula::*, lit::*, trail::*}; @@ -39,7 +39,7 @@ pub fn update_watch(f: &Formula, trail: &Trail, watches: &mut Watches, cref: usi watches.watches[watchidx].swap(j, end); let curr_lit = f[cref][k]; proof_assert!(watchidx@ < watches.watches@.len()); - let old_w: Ghost<&mut Watches> = ghost!(watches); + let old_w: Snapshot<&mut Watches> = snapshot!(watches); proof_assert!(watcher_crefs_in_range(watches.watches@[watchidx@]@, *f)); match watches.watches[watchidx].pop() { Some(w) => { @@ -130,7 +130,7 @@ impl Watches { #[requires(f.num_vars@ < usize::MAX@/2)] #[requires(f.invariant())] pub fn init_watches(&mut self, f: &Formula) { - let old_w: Ghost<&mut Watches> = ghost! { self }; + let old_w: Snapshot<&mut Watches> = snapshot! { self }; let mut i = 0; #[invariant(self.invariant(*f))] #[invariant(self.watches@.len() == 2 * f.num_vars@)] @@ -165,8 +165,8 @@ impl Watches { self.watches[watchidx].swap(i, end); // TODO - // Ugly "ghost" match. Grr. - let old_w: Ghost<&mut Watches> = ghost! { self }; + // Ugly "Snapshot" match. Grr. + let old_w: Snapshot<&mut Watches> = snapshot! { self }; match self.watches[watchidx].pop() { Some(w) => { proof_assert!(^old_w.inner() == ^self); diff --git a/mlcfgs/CreuSAT.mlcfg b/mlcfgs/CreuSAT.mlcfg index e5d42227..b5fe0e54 100644 --- a/mlcfgs/CreuSAT.mlcfg +++ b/mlcfgs/CreuSAT.mlcfg @@ -1199,7 +1199,7 @@ module CreuSat_Logic_LogicFormula_Impl1_Invariant_Impl predicate Invariant0.invariant' = Invariant0.invariant', function ShallowModel1.shallow_model = ShallowModel2.shallow_model, val Max0.mAX' = Max0.mAX' - let rec ghost predicate invariant' [#"../CreuSAT/src/logic/logic_formula.rs" 67 4 67 34] (self : CreuSat_Formula_Formula_Type.t_formula) + let rec Snapshot predicate invariant' [#"../CreuSAT/src/logic/logic_formula.rs" 67 4 67 34] (self : CreuSat_Formula_Formula_Type.t_formula) ensures { [#"../CreuSAT/src/logic/logic_formula.rs" 66 14 66 47] result = InvariantMirror0.invariant_mirror self } = [@vc:do_not_keep_trace] [@vc:sp] @@ -1637,7 +1637,7 @@ module CreuSat_Assignments_Impl2_SetAssignment_Interface end module CreuSat_Assignments_Impl2_SetAssignment use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.UInt8 use prelude.UIntSize @@ -1794,7 +1794,7 @@ module CreuSat_Assignments_Impl2_SetAssignment var lit_2 : CreuSat_Lit_Lit_Type.t_lit; var _f_3 : CreuSat_Formula_Formula_Type.t_formula; var _t_4 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Trail_Step_Type.t_step) (Alloc_Alloc_Global_Type.t_global); - var old_self_17 : Ghost.ghost_ty (borrowed (CreuSat_Assignments_Assignments_Type.t_assignments)); + var old_self_17 : Snapshot.Snapshot_ty (borrowed (CreuSat_Assignments_Assignments_Type.t_assignments)); var _19 : (); var _20 : bool; var _21 : CreuSat_Lit_Lit_Type.t_lit; @@ -1815,7 +1815,7 @@ module CreuSat_Assignments_Impl2_SetAssignment } BB0 { _19 <- (); - old_self_17 <- ([#"../CreuSAT/src/assignments.rs" 73 48 73 63] Ghost.new self_1); + old_self_17 <- ([#"../CreuSAT/src/assignments.rs" 73 48 73 63] Snapshot.new self_1); goto BB1 } BB1 { @@ -4056,7 +4056,7 @@ module CreuSat_Clause_Impl2_SwapLitsInClause use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Slice use seq.Seq use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -4167,7 +4167,7 @@ module CreuSat_Clause_Impl2_SwapLitsInClause var _f_2 : CreuSat_Formula_Formula_Type.t_formula; var j_3 : usize; var k_4 : usize; - var old_c_12 : Ghost.ghost_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); + var old_c_12 : Snapshot.Snapshot_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); var _14 : (); var _15 : (); var _16 : borrowed (slice (CreuSat_Lit_Lit_Type.t_lit)); @@ -4185,7 +4185,7 @@ module CreuSat_Clause_Impl2_SwapLitsInClause } BB0 { _14 <- (); - old_c_12 <- ([#"../CreuSAT/src/clause.rs" 168 40 168 55] Ghost.new self_1); + old_c_12 <- ([#"../CreuSAT/src/clause.rs" 168 40 168 55] Snapshot.new self_1); goto BB1 } BB1 { @@ -4205,7 +4205,7 @@ module CreuSat_Clause_Impl2_SwapLitsInClause goto BB3 } BB3 { - assert { [#"../CreuSAT/src/clause.rs" 170 8 171 85] EventuallySatComplete0.eventually_sat_complete (Seq.snoc (let (a, _) = ShallowModel2.shallow_model _f_2 in a) ( * self_1), let (_, a) = ShallowModel2.shallow_model _f_2 in a) -> EventuallySatComplete0.eventually_sat_complete (Seq.snoc (let (a, _) = ShallowModel2.shallow_model _f_2 in a) ( * Ghost.inner old_c_12), let (_, a) = ShallowModel2.shallow_model _f_2 in a) }; + assert { [#"../CreuSAT/src/clause.rs" 170 8 171 85] EventuallySatComplete0.eventually_sat_complete (Seq.snoc (let (a, _) = ShallowModel2.shallow_model _f_2 in a) ( * self_1), let (_, a) = ShallowModel2.shallow_model _f_2 in a) -> EventuallySatComplete0.eventually_sat_complete (Seq.snoc (let (a, _) = ShallowModel2.shallow_model _f_2 in a) ( * Snapshot.inner old_c_12), let (_, a) = ShallowModel2.shallow_model _f_2 in a) }; _21 <- (); _0 <- (); return _0 @@ -5157,31 +5157,31 @@ module CreuSat_Logic_LogicClause_Impl2_Unsat ensures { result = unsat self a } end -module CreusotContracts_Ghost_Impl1_ShallowModel_Stub +module CreusotContracts_Snapshot_Impl1_ShallowModel_Stub type t - use prelude.Ghost + use prelude.Snapshot clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with type self = t - function shallow_model (self : Ghost.ghost_ty t) : ShallowModelTy0.shallowModelTy + function shallow_model (self : Snapshot.Snapshot_ty t) : ShallowModelTy0.shallowModelTy end -module CreusotContracts_Ghost_Impl1_ShallowModel_Interface +module CreusotContracts_Snapshot_Impl1_ShallowModel_Interface type t - use prelude.Ghost + use prelude.Snapshot clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with type self = t - function shallow_model (self : Ghost.ghost_ty t) : ShallowModelTy0.shallowModelTy + function shallow_model (self : Snapshot.Snapshot_ty t) : ShallowModelTy0.shallowModelTy end -module CreusotContracts_Ghost_Impl1_ShallowModel +module CreusotContracts_Snapshot_Impl1_ShallowModel type t - use prelude.Ghost + use prelude.Snapshot clone CreusotContracts_Model_ShallowModel_ShallowModelTy_Type as ShallowModelTy0 with type self = t clone CreusotContracts_Model_Impl1_ShallowModel_Stub as ShallowModel0 with type t = t, type ShallowModelTy0.shallowModelTy = ShallowModelTy0.shallowModelTy - function shallow_model (self : Ghost.ghost_ty t) : ShallowModelTy0.shallowModelTy = - [#"../CreuSAT/src/unit_prop.rs" 211 51 211 79] ShallowModel0.shallow_model (Ghost.inner self) - val shallow_model (self : Ghost.ghost_ty t) : ShallowModelTy0.shallowModelTy + function shallow_model (self : Snapshot.Snapshot_ty t) : ShallowModelTy0.shallowModelTy = + [#"../CreuSAT/src/unit_prop.rs" 211 51 211 79] ShallowModel0.shallow_model (Snapshot.inner self) + val shallow_model (self : Snapshot.Snapshot_ty t) : ShallowModelTy0.shallowModelTy ensures { result = shallow_model self } end @@ -5339,7 +5339,7 @@ module CreuSat_Logic_LogicConflictAnalysis_LemmaEqFormulas_Impl clone CreuSat_Logic_LogicFormula_FormulaInvariant as FormulaInvariant0 with predicate Invariant0.invariant' = Invariant0.invariant', function ShallowModel0.shallow_model = ShallowModel0.shallow_model - let rec ghost function lemma_eq_formulas [#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 17 0 17 78] (f : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (f2 : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (c : CreuSat_Clause_Clause_Type.t_clause) : () + let rec Snapshot function lemma_eq_formulas [#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 17 0 17 78] (f : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (f2 : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (c : CreuSat_Clause_Clause_Type.t_clause) : () requires {[#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 10 11 10 30] (let (a, _) = f2 in a) = Seq.snoc (let (a, _) = f in a) c} requires {[#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 11 11 11 31] FormulaInvariant0.formula_invariant f} ensures { [#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 12 10 12 37] Seq.length (let (a, _) = f in a) + 1 = Seq.length (let (a, _) = f2 in a) } @@ -5467,7 +5467,7 @@ module CreuSat_Logic_LogicConflictAnalysis_LemmaResolventOfEquisatExtensionIsEqu clone CreuSat_Logic_LogicClause_Impl2_InFormulaInner as InFormulaInner0 clone CreuSat_Logic_LogicClause_EquisatExtensionInner as EquisatExtensionInner0 with predicate EventuallySatComplete0.eventually_sat_complete = EventuallySatComplete0.eventually_sat_complete - let rec ghost function lemma_resolvent_of_equisat_extension_is_equisat [#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 26 0 28 1] (f : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (c : CreuSat_Clause_Clause_Type.t_clause) (c2 : CreuSat_Clause_Clause_Type.t_clause) (c3 : CreuSat_Clause_Clause_Type.t_clause) (k : int) (m : int) : () + let rec Snapshot function lemma_resolvent_of_equisat_extension_is_equisat [#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 26 0 28 1] (f : (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int)) (c : CreuSat_Clause_Clause_Type.t_clause) (c2 : CreuSat_Clause_Clause_Type.t_clause) (c3 : CreuSat_Clause_Clause_Type.t_clause) (k : int) (m : int) : () requires {[#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 21 11 21 31] FormulaInvariant0.formula_invariant f} requires {[#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 22 11 22 40] EquisatExtensionInner0.equisat_extension_inner c f} requires {[#"../CreuSAT/src/logic/logic_conflict_analysis.rs" 23 11 23 33] InFormulaInner0.in_formula_inner c2 f} @@ -5668,7 +5668,7 @@ module CreuSat_ConflictAnalysis_Resolve use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -5921,7 +5921,7 @@ module CreuSat_ConflictAnalysis_Resolve function ShallowModel0.shallow_model = ShallowModel1.shallow_model clone CreuSat_Clause_Impl2_Len_Interface as Len0 with function ShallowModel0.shallow_model = ShallowModel1.shallow_model - clone CreusotContracts_Ghost_Impl1_ShallowModel as ShallowModel10 with + clone CreusotContracts_Snapshot_Impl1_ShallowModel as ShallowModel10 with type t = borrowed (CreuSat_Clause_Clause_Type.t_clause), type ShallowModelTy0.shallowModelTy = Seq.seq (CreuSat_Lit_Lit_Type.t_lit), function ShallowModel0.shallow_model = ShallowModel17.shallow_model @@ -6024,13 +6024,13 @@ module CreuSat_ConflictAnalysis_Resolve var seen_7 : borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global)); var path_c_8 : borrowed usize; var to_bump_9 : borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global)); - var old_c_32 : Ghost.ghost_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); + var old_c_32 : Snapshot.Snapshot_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); var _34 : (); - var old_seen_35 : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))); + var old_seen_35 : Snapshot.Snapshot_ty (borrowed (Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global))); var _37 : (); - var old_path_c_38 : Ghost.ghost_ty (borrowed usize); + var old_path_c_38 : Snapshot.Snapshot_ty (borrowed usize); var _40 : (); - var old_to_bump_41 : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))); + var old_to_bump_41 : Snapshot.Snapshot_ty (borrowed (Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global))); var _43 : (); var _44 : (); var _46 : (); @@ -6042,7 +6042,7 @@ module CreuSat_ConflictAnalysis_Resolve var _52 : usize; var _53 : (); var _55 : (); - var old_c2_57 : Ghost.ghost_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); + var old_c2_57 : Snapshot.Snapshot_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); var _59 : (); var _60 : (); var _62 : (); @@ -6054,7 +6054,7 @@ module CreuSat_ConflictAnalysis_Resolve var _81 : usize; var _82 : usize; var _83 : CreuSat_Clause_Clause_Type.t_clause; - var old_c3_84 : Ghost.ghost_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); + var old_c3_84 : Snapshot.Snapshot_ty (borrowed (CreuSat_Clause_Clause_Type.t_clause)); var _86 : (); var _87 : (); var _89 : (); @@ -6124,22 +6124,22 @@ module CreuSat_ConflictAnalysis_Resolve } BB0 { _34 <- (); - old_c_32 <- ([#"../CreuSAT/src/conflict_analysis.rs" 57 36 57 45] Ghost.new c_2); + old_c_32 <- ([#"../CreuSAT/src/conflict_analysis.rs" 57 36 57 45] Snapshot.new c_2); goto BB1 } BB1 { _37 <- (); - old_seen_35 <- ([#"../CreuSAT/src/conflict_analysis.rs" 58 42 58 54] Ghost.new seen_7); + old_seen_35 <- ([#"../CreuSAT/src/conflict_analysis.rs" 58 42 58 54] Snapshot.new seen_7); goto BB2 } BB2 { _40 <- (); - old_path_c_38 <- ([#"../CreuSAT/src/conflict_analysis.rs" 59 40 59 54] Ghost.new path_c_8); + old_path_c_38 <- ([#"../CreuSAT/src/conflict_analysis.rs" 59 40 59 54] Snapshot.new path_c_8); goto BB3 } BB3 { _43 <- (); - old_to_bump_41 <- ([#"../CreuSAT/src/conflict_analysis.rs" 60 46 60 61] Ghost.new to_bump_9); + old_to_bump_41 <- ([#"../CreuSAT/src/conflict_analysis.rs" 60 46 60 61] Snapshot.new to_bump_9); goto BB4 } BB4 { @@ -6163,18 +6163,18 @@ module CreuSat_ConflictAnalysis_Resolve BB6 { _50 <- { _50 with current = ([#"../CreuSAT/src/conflict_analysis.rs" 67 16 67 21] false) }; assume { Resolve0.resolve _50 }; - assert { [#"../CreuSAT/src/conflict_analysis.rs" 69 18 69 44] ^ seen_7 = ^ Ghost.inner old_seen_35 }; + assert { [#"../CreuSAT/src/conflict_analysis.rs" 69 18 69 44] ^ seen_7 = ^ Snapshot.inner old_seen_35 }; _53 <- (); assert { [#"../CreuSAT/src/conflict_analysis.rs" 70 18 70 41] ClauseIsSeen0.clause_is_seen ( * c_2) ( * seen_7) }; _55 <- (); _59 <- (); - old_c2_57 <- ([#"../CreuSAT/src/conflict_analysis.rs" 71 37 71 46] Ghost.new c_2); + old_c2_57 <- ([#"../CreuSAT/src/conflict_analysis.rs" 71 37 71 46] Snapshot.new c_2); goto BB7 } BB7 { assert { [#"../CreuSAT/src/conflict_analysis.rs" 72 4 72 45] not LitIn0.lit_in (Seq.get (ShallowModel10.shallow_model old_c_32) (UIntSize.to_int c_idx_5)) ( * c_2) }; _60 <- (); - assert { [#"../CreuSAT/src/conflict_analysis.rs" 73 18 73 38] ^ c_2 = ^ Ghost.inner old_c_32 }; + assert { [#"../CreuSAT/src/conflict_analysis.rs" 73 18 73 38] ^ c_2 = ^ Snapshot.inner old_c_32 }; _62 <- (); assert { [#"../CreuSAT/src/conflict_analysis.rs" 74 4 75 48] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel10.shallow_model old_c_32) /\ j <> UIntSize.to_int c_idx_5 -> LitIn0.lit_in (Seq.get (ShallowModel10.shallow_model old_c_32) j) ( * c_2) }; _64 <- (); @@ -6188,7 +6188,7 @@ module CreuSat_ConflictAnalysis_Resolve invariant { [#"../CreuSAT/src/conflict_analysis.rs" 79 4 79 43] not LitIn0.lit_in (Seq.get (ShallowModel10.shallow_model old_c_32) (UIntSize.to_int c_idx_5)) ( * c_2) /\ not LitIn0.lit_in (Seq.get (ShallowModel1.shallow_model o_3) 0) ( * c_2) }; invariant { [#"../CreuSAT/src/conflict_analysis.rs" 79 4 79 43] forall j : int . 1 <= j /\ j < UIntSize.to_int i_66 -> LitIn0.lit_in (Seq.get (ShallowModel1.shallow_model o_3) j) ( * c_2) }; invariant { [#"../CreuSAT/src/conflict_analysis.rs" 79 4 79 43] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel10.shallow_model old_c_32) /\ j <> UIntSize.to_int c_idx_5 -> LitIn0.lit_in (Seq.get (ShallowModel10.shallow_model old_c_32) j) ( * c_2) }; - invariant { [#"../CreuSAT/src/conflict_analysis.rs" 79 4 79 43] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model c_2) -> LitIn0.lit_in (Seq.get (ShallowModel0.shallow_model c_2) j) ( * Ghost.inner old_c_32) \/ LitIn0.lit_in (Seq.get (ShallowModel0.shallow_model c_2) j) o_3 }; + invariant { [#"../CreuSAT/src/conflict_analysis.rs" 79 4 79 43] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model c_2) -> LitIn0.lit_in (Seq.get (ShallowModel0.shallow_model c_2) j) ( * Snapshot.inner old_c_32) \/ LitIn0.lit_in (Seq.get (ShallowModel0.shallow_model c_2) j) o_3 }; invariant { [#"../CreuSAT/src/conflict_analysis.rs" 87 16 87 35] ShallowModel3.shallow_model path_c_8 <= Seq.length (ShallowModel0.shallow_model c_2) }; invariant { [#"../CreuSAT/src/conflict_analysis.rs" 88 16 88 39] ClauseIsSeen0.clause_is_seen ( * c_2) ( * seen_7) }; invariant { [#"../CreuSAT/src/conflict_analysis.rs" 89 16 89 43] Seq.length (ShallowModel4.shallow_model seen_7) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars _f_1) }; @@ -6207,11 +6207,11 @@ module CreuSat_ConflictAnalysis_Resolve } BB10 { _86 <- (); - old_c3_84 <- ([#"../CreuSAT/src/conflict_analysis.rs" 92 41 92 50] Ghost.new c_2); + old_c3_84 <- ([#"../CreuSAT/src/conflict_analysis.rs" 92 41 92 50] Snapshot.new c_2); goto BB11 } BB11 { - assert { [#"../CreuSAT/src/conflict_analysis.rs" 93 22 93 43] ^ c_2 = ^ Ghost.inner old_c3_84 }; + assert { [#"../CreuSAT/src/conflict_analysis.rs" 93 22 93 43] ^ c_2 = ^ Snapshot.inner old_c3_84 }; _87 <- (); _93 <- CreuSat_Clause_Clause_Type.clause_lits ( * c_2); _92 <- _93; @@ -6352,9 +6352,9 @@ module CreuSat_ConflictAnalysis_Resolve assume { Resolve3.resolve path_c_8 }; assume { Resolve4.resolve to_bump_9 }; _67 <- (); - assert { [#"../CreuSAT/src/conflict_analysis.rs" 111 18 111 63] ResolventOf0.resolvent_of ( * c_2) ( * Ghost.inner old_c_32) o_3 0 (UIntSize.to_int c_idx_5) }; + assert { [#"../CreuSAT/src/conflict_analysis.rs" 111 18 111 63] ResolventOf0.resolvent_of ( * c_2) ( * Snapshot.inner old_c_32) o_3 0 (UIntSize.to_int c_idx_5) }; _144 <- (); - assert { [#"../CreuSAT/src/conflict_analysis.rs" 112 18 112 105] let _ = LemmaResolventOfEquisatExtensionIsEquisat0.lemma_resolvent_of_equisat_extension_is_equisat (ShallowModel6.shallow_model _f_1) ( * Ghost.inner old_c_32) o_3 ( * c_2) (UIntSize.to_int c_idx_5) 0 in true }; + assert { [#"../CreuSAT/src/conflict_analysis.rs" 112 18 112 105] let _ = LemmaResolventOfEquisatExtensionIsEquisat0.lemma_resolvent_of_equisat_extension_is_equisat (ShallowModel6.shallow_model _f_1) ( * Snapshot.inner old_c_32) o_3 ( * c_2) (UIntSize.to_int c_idx_5) 0 in true }; _146 <- (); _0 <- (); return _0 @@ -6411,7 +6411,7 @@ module CreuSat_ConflictAnalysis_ChooseLiteral use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use Alloc_Alloc_Global_Type as Alloc_Alloc_Global_Type @@ -6602,7 +6602,7 @@ module CreuSat_ConflictAnalysis_ChooseLiteral var i_3 : borrowed usize; var _f_4 : CreuSat_Formula_Formula_Type.t_formula; var seen_5 : Alloc_Vec_Vec_Type.t_vec bool (Alloc_Alloc_Global_Type.t_global); - var old_i_11 : Ghost.ghost_ty (borrowed usize); + var old_i_11 : Snapshot.Snapshot_ty (borrowed usize); var _13 : (); var _14 : (); var _16 : (); @@ -6651,7 +6651,7 @@ module CreuSat_ConflictAnalysis_ChooseLiteral } BB0 { _13 <- (); - old_i_11 <- ([#"../CreuSAT/src/conflict_analysis.rs" 130 35 130 45] Ghost.new i_3); + old_i_11 <- ([#"../CreuSAT/src/conflict_analysis.rs" 130 35 130 45] Snapshot.new i_3); goto BB1 } BB1 { @@ -7198,7 +7198,7 @@ module CreuSat_Util_Sort use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Slice use seq.Seq clone Core_Num_Impl11_Max as Max0 @@ -7265,7 +7265,7 @@ module CreuSat_Util_Sort function ShallowModel0.shallow_model = ShallowModel4.shallow_model clone CreuSat_Logic_LogicUtil_Partition as Partition0 clone CreuSat_Logic_LogicUtil_SortedRangeTupleZeroth as SortedRangeTupleZeroth0 - clone CreusotContracts_Ghost_Impl1_ShallowModel as ShallowModel2 with + clone CreusotContracts_Snapshot_Impl1_ShallowModel as ShallowModel2 with type t = borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global)), type ShallowModelTy0.shallowModelTy = Seq.seq (usize, usize), function ShallowModel0.shallow_model = ShallowModel3.shallow_model @@ -7281,7 +7281,7 @@ module CreuSat_Util_Sort var _0 : (); var v_1 : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global)); var i_4 : usize; - var old_v_5 : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); + var old_v_5 : Snapshot.Snapshot_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); var _7 : (); var _12 : (); var _13 : bool; @@ -7326,7 +7326,7 @@ module CreuSat_Util_Sort BB0 { i_4 <- ([#"../CreuSAT/src/util.rs" 60 23 60 24] (0 : usize)); _7 <- (); - old_v_5 <- ([#"../CreuSAT/src/util.rs" 61 49 61 61] Ghost.new v_1); + old_v_5 <- ([#"../CreuSAT/src/util.rs" 61 49 61 61] Snapshot.new v_1); goto BB1 } BB1 { @@ -7465,7 +7465,7 @@ module CreuSat_Decision_Impl2_Rescore use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use seq.Seq use CreuSat_Decision_Node_Type as CreuSat_Decision_Node_Type clone CreusotContracts_Std1_Slice_Impl5_ResolveElswhere as ResolveElswhere0 with @@ -7537,7 +7537,7 @@ module CreuSat_Decision_Impl2_Rescore var self_1 : borrowed (CreuSat_Decision_Decisions_Type.t_decisions); var _f_2 : CreuSat_Formula_Formula_Type.t_formula; var iNVALID'_8 : usize; - var old_self_9 : Ghost.ghost_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); + var old_self_9 : Snapshot.Snapshot_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); var _11 : (); var curr_score_12 : usize; var _13 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Decision_Node_Type.t_node) (Alloc_Alloc_Global_Type.t_global); @@ -7573,7 +7573,7 @@ module CreuSat_Decision_Impl2_Rescore BB0 { iNVALID'_8 <- ([#"../CreuSAT/src/decision.rs" 137 29 137 39] (18446744073709551615 : usize)); _11 <- (); - old_self_9 <- ([#"../CreuSAT/src/decision.rs" 138 46 138 61] Ghost.new self_1); + old_self_9 <- ([#"../CreuSAT/src/decision.rs" 138 46 138 61] Snapshot.new self_1); goto BB1 } BB1 { @@ -7588,7 +7588,7 @@ module CreuSat_Decision_Impl2_Rescore } BB3 { invariant { [#"../CreuSAT/src/decision.rs" 142 20 142 73] curr_15 = Max0.mAX' \/ UIntSize.to_int curr_15 < Seq.length (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) }; - invariant { [#"../CreuSAT/src/decision.rs" 142 8 142 75] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) -> CreuSat_Decision_Node_Type.node_next (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) j) = CreuSat_Decision_Node_Type.node_next (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * Ghost.inner old_self_9))) j) /\ CreuSat_Decision_Node_Type.node_prev (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) j) = CreuSat_Decision_Node_Type.node_prev (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * Ghost.inner old_self_9))) j) }; + invariant { [#"../CreuSAT/src/decision.rs" 142 8 142 75] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) -> CreuSat_Decision_Node_Type.node_next (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) j) = CreuSat_Decision_Node_Type.node_next (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * Snapshot.inner old_self_9))) j) /\ CreuSat_Decision_Node_Type.node_prev (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) j) = CreuSat_Decision_Node_Type.node_prev (Seq.get (ShallowModel0.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * Snapshot.inner old_self_9))) j) }; invariant { [#"../CreuSAT/src/decision.rs" 147 20 147 48] Invariant0.invariant' ( * self_1) (UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars _f_2)) }; _22 <- curr_15; _23 <- iNVALID'_8; @@ -8002,7 +8002,7 @@ module CreuSat_Decision_Impl2_IncrementAndMove use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use seq.Seq use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type clone CreuSat_Logic_LogicLit_Impl0_IndexLogic as IndexLogic2 @@ -8218,7 +8218,7 @@ module CreuSat_Decision_Impl2_IncrementAndMove var _10 : (usize, usize); var _11 : usize; var _12 : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); - var old_self_13 : Ghost.ghost_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); + var old_self_13 : Snapshot.Snapshot_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); var _15 : (); var i_16 : usize; var _17 : (); @@ -8282,7 +8282,7 @@ module CreuSat_Decision_Impl2_IncrementAndMove } BB3 { _15 <- (); - old_self_13 <- ([#"../CreuSAT/src/decision.rs" 206 46 206 61] Ghost.new self_1); + old_self_13 <- ([#"../CreuSAT/src/decision.rs" 206 46 206 61] Snapshot.new self_1); goto BB4 } BB4 { @@ -8296,7 +8296,7 @@ module CreuSat_Decision_Impl2_IncrementAndMove goto BB7 } BB7 { - invariant { [#"../CreuSAT/src/decision.rs" 208 20 208 44] Ghost.inner old_self_13 = self_1 }; + invariant { [#"../CreuSAT/src/decision.rs" 208 20 208 44] Snapshot.inner old_self_13 = self_1 }; invariant { [#"../CreuSAT/src/decision.rs" 209 20 209 56] Seq.length (ShallowModel0.shallow_model v_3) = Seq.length (ShallowModel1.shallow_model counts_with_index_9) }; invariant { [#"../CreuSAT/src/decision.rs" 208 8 208 46] forall j : int . 0 <= j /\ j < UIntSize.to_int i_16 -> UIntSize.to_int (let (_, a) = Seq.get (ShallowModel1.shallow_model counts_with_index_9) j in a) < Seq.length (ShallowModel2.shallow_model (CreuSat_Decision_Decisions_Type.decisions_linked_list ( * self_1))) }; _23 <- i_16; @@ -10962,7 +10962,7 @@ module CreuSat_Util_SortReverse use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Slice use seq.Seq clone Core_Num_Impl11_Max as Max0 @@ -11029,7 +11029,7 @@ module CreuSat_Util_SortReverse function ShallowModel0.shallow_model = ShallowModel4.shallow_model clone CreuSat_Logic_LogicUtil_PartitionRev as PartitionRev0 clone CreuSat_Logic_LogicUtil_SortedRangeRev as SortedRangeRev0 - clone CreusotContracts_Ghost_Impl1_ShallowModel as ShallowModel2 with + clone CreusotContracts_Snapshot_Impl1_ShallowModel as ShallowModel2 with type t = borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global)), type ShallowModelTy0.shallowModelTy = Seq.seq (usize, usize), function ShallowModel0.shallow_model = ShallowModel3.shallow_model @@ -11045,7 +11045,7 @@ module CreuSat_Util_SortReverse var _0 : (); var v_1 : borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global)); var i_4 : usize; - var old_v_5 : Ghost.ghost_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); + var old_v_5 : Snapshot.Snapshot_ty (borrowed (Alloc_Vec_Vec_Type.t_vec (usize, usize) (Alloc_Alloc_Global_Type.t_global))); var _7 : (); var _12 : (); var _13 : bool; @@ -11090,7 +11090,7 @@ module CreuSat_Util_SortReverse BB0 { i_4 <- ([#"../CreuSAT/src/util.rs" 12 23 12 24] (0 : usize)); _7 <- (); - old_v_5 <- ([#"../CreuSAT/src/util.rs" 13 49 13 61] Ghost.new v_1); + old_v_5 <- ([#"../CreuSAT/src/util.rs" 13 49 13 61] Snapshot.new v_1); goto BB1 } BB1 { @@ -13531,7 +13531,7 @@ module CreuSat_Formula_Impl2_AddClause use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -13778,7 +13778,7 @@ module CreuSat_Formula_Impl2_AddClause var clause_2 : CreuSat_Clause_Clause_Type.t_clause; var watches_3 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var _t_4 : CreuSat_Trail_Trail_Type.t_trail; - var old_self_20 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_self_20 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _22 : (); var cref_23 : usize; var _24 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Clause_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); @@ -13827,7 +13827,7 @@ module CreuSat_Formula_Impl2_AddClause } BB4 { _22 <- (); - old_self_20 <- ([#"../CreuSAT/src/formula.rs" 125 44 125 59] Ghost.new self_1); + old_self_20 <- ([#"../CreuSAT/src/formula.rs" 125 44 125 59] Snapshot.new self_1); goto BB5 } BB5 { @@ -13878,9 +13878,9 @@ module CreuSat_Formula_Impl2_AddClause goto BB11 } BB11 { - assert { [#"../CreuSAT/src/formula.rs" 136 22 136 48] ^ Ghost.inner old_self_20 = ^ self_1 }; + assert { [#"../CreuSAT/src/formula.rs" 136 22 136 48] ^ Snapshot.inner old_self_20 = ^ self_1 }; _46 <- (); - assert { [#"../CreuSAT/src/formula.rs" 138 22 138 45] Equisat0.equisat ( * Ghost.inner old_self_20) ( * self_1) }; + assert { [#"../CreuSAT/src/formula.rs" 138 22 138 45] Equisat0.equisat ( * Snapshot.inner old_self_20) ( * self_1) }; _48 <- (); assert { [#"../CreuSAT/src/formula.rs" 139 22 139 55] TrailInvariant0.trail_invariant (ShallowModel3.shallow_model (CreuSat_Trail_Trail_Type.trail_trail _t_4)) ( * self_1) }; _50 <- (); @@ -13946,7 +13946,7 @@ module CreuSat_Formula_Impl2_AddUnwatchedClause use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -14175,7 +14175,7 @@ module CreuSat_Formula_Impl2_AddUnwatchedClause var clause_2 : CreuSat_Clause_Clause_Type.t_clause; var watches_3 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var _t_4 : CreuSat_Trail_Trail_Type.t_trail; - var old_self_20 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_self_20 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _22 : (); var cref_23 : usize; var _24 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Clause_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); @@ -14204,7 +14204,7 @@ module CreuSat_Formula_Impl2_AddUnwatchedClause } BB4 { _22 <- (); - old_self_20 <- ([#"../CreuSAT/src/formula.rs" 157 44 157 59] Ghost.new self_1); + old_self_20 <- ([#"../CreuSAT/src/formula.rs" 157 44 157 59] Snapshot.new self_1); goto BB5 } BB5 { @@ -14285,7 +14285,7 @@ module CreuSat_Formula_Impl2_AddUnit use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -14490,7 +14490,7 @@ module CreuSat_Formula_Impl2_AddUnit var self_1 : borrowed (CreuSat_Formula_Formula_Type.t_formula); var clause_2 : CreuSat_Clause_Clause_Type.t_clause; var _t_3 : CreuSat_Trail_Trail_Type.t_trail; - var old_self_20 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_self_20 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _22 : (); var cref_23 : usize; var _24 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Clause_Clause_Type.t_clause) (Alloc_Alloc_Global_Type.t_global); @@ -14520,7 +14520,7 @@ module CreuSat_Formula_Impl2_AddUnit } BB5 { _22 <- (); - old_self_20 <- ([#"../CreuSAT/src/formula.rs" 180 44 180 59] Ghost.new self_1); + old_self_20 <- ([#"../CreuSAT/src/formula.rs" 180 44 180 59] Snapshot.new self_1); goto BB6 } BB6 { @@ -14812,7 +14812,7 @@ module CreuSat_Watches_Impl0_Unwatch use prelude.Int use prelude.UIntSize use prelude.Slice - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use seq.Seq use prelude.UInt8 @@ -15124,7 +15124,7 @@ module CreuSat_Watches_Impl0_Unwatch var _49 : usize; var _50 : usize; var _51 : usize; - var old_w_52 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_52 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _54 : (); var _55 : (); var _56 : Core_Option_Option_Type.t_option (CreuSat_Watches_Watcher_Type.t_watcher); @@ -15235,7 +15235,7 @@ module CreuSat_Watches_Impl0_Unwatch } BB13 { _54 <- (); - old_w_52 <- ([#"../CreuSAT/src/watches.rs" 169 49 169 64] Ghost.new self_1); + old_w_52 <- ([#"../CreuSAT/src/watches.rs" 169 49 169 64] Snapshot.new self_1); goto BB14 } BB14 { @@ -15268,7 +15268,7 @@ module CreuSat_Watches_Impl0_Unwatch BB19 { w_62 <- Core_Option_Option_Type.some_0 _56; _56 <- (let Core_Option_Option_Type.C_Some a = _56 in Core_Option_Option_Type.C_Some (any CreuSat_Watches_Watcher_Type.t_watcher)); - assert { [#"../CreuSAT/src/watches.rs" 172 38 172 61] ^ Ghost.inner old_w_52 = ^ self_1 }; + assert { [#"../CreuSAT/src/watches.rs" 172 38 172 61] ^ Snapshot.inner old_w_52 = ^ self_1 }; _63 <- (); assert { [#"../CreuSAT/src/watches.rs" 173 38 173 56] Invariant0.invariant' ( * self_1) f_2 }; _65 <- (); @@ -15337,7 +15337,7 @@ module CreuSat_Formula_Impl2_DeleteClause use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -15584,7 +15584,7 @@ module CreuSat_Formula_Impl2_DeleteClause var cref_2 : usize; var watches_3 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var t_4 : CreuSat_Trail_Trail_Type.t_trail; - var old_f_16 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_16 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _18 : (); var _19 : (); var _20 : borrowed (CreuSat_Watches_Watches_Type.t_watches); @@ -15623,7 +15623,7 @@ module CreuSat_Formula_Impl2_DeleteClause } BB0 { _18 <- (); - old_f_16 <- ([#"../CreuSAT/src/formula.rs" 212 41 212 56] Ghost.new self_1); + old_f_16 <- ([#"../CreuSAT/src/formula.rs" 212 41 212 56] Snapshot.new self_1); goto BB1 } BB1 { @@ -15680,11 +15680,11 @@ module CreuSat_Formula_Impl2_DeleteClause BB8 { _41 <- { _41 with current = (let CreuSat_Clause_Clause_Type.C_Clause a b c d = * _41 in CreuSat_Clause_Clause_Type.C_Clause ([#"../CreuSAT/src/formula.rs" 215 37 215 41] true) b c d) }; assume { Resolve2.resolve _41 }; - assert { [#"../CreuSAT/src/formula.rs" 216 8 217 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * self_1))) (UIntSize.to_int cref_2))) -> Seq.get (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * self_1))) (UIntSize.to_int cref_2))) i = Seq.get (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_f_16))) (UIntSize.to_int cref_2))) i }; + assert { [#"../CreuSAT/src/formula.rs" 216 8 217 66] forall i : int . 0 <= i /\ i < Seq.length (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * self_1))) (UIntSize.to_int cref_2))) -> Seq.get (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * self_1))) (UIntSize.to_int cref_2))) i = Seq.get (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_f_16))) (UIntSize.to_int cref_2))) i }; _44 <- (); - assert { [#"../CreuSAT/src/formula.rs" 218 22 218 42] Equisat0.equisat ( * Ghost.inner old_f_16) ( * self_1) }; + assert { [#"../CreuSAT/src/formula.rs" 218 22 218 42] Equisat0.equisat ( * Snapshot.inner old_f_16) ( * self_1) }; _46 <- (); - assert { [#"../CreuSAT/src/formula.rs" 219 22 219 45] ^ self_1 = ^ Ghost.inner old_f_16 }; + assert { [#"../CreuSAT/src/formula.rs" 219 22 219 45] ^ self_1 = ^ Snapshot.inner old_f_16 }; _48 <- (); _0 <- (); return _0 @@ -15721,7 +15721,7 @@ module CreuSat_Formula_Impl2_DeleteClauses_Interface end module CreuSat_Formula_Impl2_DeleteClauses use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.UIntSize use prelude.UInt8 @@ -15963,9 +15963,9 @@ module CreuSat_Formula_Impl2_DeleteClauses var self_1 : borrowed (CreuSat_Formula_Formula_Type.t_formula); var watches_2 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var t_3 : CreuSat_Trail_Trail_Type.t_trail; - var old_f_14 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_14 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _16 : (); - var old_w_17 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_17 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _19 : (); var i_20 : usize; var _26 : (); @@ -16008,12 +16008,12 @@ module CreuSat_Formula_Impl2_DeleteClauses } BB0 { _16 <- (); - old_f_14 <- ([#"../CreuSAT/src/formula.rs" 232 41 232 56] Ghost.new self_1); + old_f_14 <- ([#"../CreuSAT/src/formula.rs" 232 41 232 56] Snapshot.new self_1); goto BB1 } BB1 { _19 <- (); - old_w_17 <- ([#"../CreuSAT/src/formula.rs" 233 41 233 59] Ghost.new watches_2); + old_w_17 <- ([#"../CreuSAT/src/formula.rs" 233 41 233 59] Snapshot.new watches_2); goto BB2 } BB2 { @@ -16024,8 +16024,8 @@ module CreuSat_Formula_Impl2_DeleteClauses invariant { [#"../CreuSAT/src/formula.rs" 236 20 236 44] Invariant1.invariant' ( * watches_2) ( * self_1) }; invariant { [#"../CreuSAT/src/formula.rs" 237 20 237 38] Invariant2.invariant' t_3 ( * self_1) }; invariant { [#"../CreuSAT/src/formula.rs" 238 20 238 36] Invariant0.invariant' ( * self_1) }; - invariant { [#"../CreuSAT/src/formula.rs" 239 20 239 53] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * self_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_14)) }; - invariant { [#"../CreuSAT/src/formula.rs" 240 20 240 48] Equisat0.equisat ( * self_1) ( * Ghost.inner old_f_14) }; + invariant { [#"../CreuSAT/src/formula.rs" 239 20 239 53] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * self_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_14)) }; + invariant { [#"../CreuSAT/src/formula.rs" 240 20 240 48] Equisat0.equisat ( * self_1) ( * Snapshot.inner old_f_14) }; _28 <- i_20; _30 <- CreuSat_Formula_Formula_Type.formula_clauses ( * self_1); _29 <- ([#"../CreuSAT/src/formula.rs" 241 18 241 36] Len0.len _30); @@ -16421,7 +16421,7 @@ module CreuSat_Formula_Impl2_ReduceDb use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Int32 use prelude.UInt8 use seq.Seq @@ -16679,9 +16679,9 @@ module CreuSat_Formula_Impl2_ReduceDb var _25 : (); var _26 : (); var i_27 : usize; - var old_f_28 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_28 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _30 : (); - var old_w_31 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_31 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _33 : (); var _39 : bool; var _40 : usize; @@ -16783,12 +16783,12 @@ module CreuSat_Formula_Impl2_ReduceDb BB6 { i_27 <- CreuSat_Solver_Solver_Type.solver_initial_len ( * s_4); _30 <- (); - old_f_28 <- ([#"../CreuSAT/src/formula.rs" 290 41 290 56] Ghost.new self_1); + old_f_28 <- ([#"../CreuSAT/src/formula.rs" 290 41 290 56] Snapshot.new self_1); goto BB7 } BB7 { _33 <- (); - old_w_31 <- ([#"../CreuSAT/src/formula.rs" 291 41 291 59] Ghost.new watches_2); + old_w_31 <- ([#"../CreuSAT/src/formula.rs" 291 41 291 59] Snapshot.new watches_2); goto BB8 } BB8 { @@ -16798,8 +16798,8 @@ module CreuSat_Formula_Impl2_ReduceDb invariant { [#"../CreuSAT/src/formula.rs" 292 20 292 44] Invariant1.invariant' ( * watches_2) ( * self_1) }; invariant { [#"../CreuSAT/src/formula.rs" 293 20 293 38] Invariant2.invariant' t_3 ( * self_1) }; invariant { [#"../CreuSAT/src/formula.rs" 294 20 294 36] Invariant0.invariant' ( * self_1) }; - invariant { [#"../CreuSAT/src/formula.rs" 295 20 295 53] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * self_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_28)) }; - invariant { [#"../CreuSAT/src/formula.rs" 296 20 296 48] Equisat0.equisat ( * self_1) ( * Ghost.inner old_f_28) }; + invariant { [#"../CreuSAT/src/formula.rs" 295 20 295 53] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * self_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_28)) }; + invariant { [#"../CreuSAT/src/formula.rs" 296 20 296 48] Equisat0.equisat ( * self_1) ( * Snapshot.inner old_f_28) }; _40 <- i_27; _42 <- CreuSat_Formula_Formula_Type.formula_clauses ( * self_1); _41 <- ([#"../CreuSAT/src/formula.rs" 297 18 297 36] Len0.len _42); @@ -17609,7 +17609,7 @@ end module CreuSat_Logic_Logic_BoolToAssignedstate_Impl use prelude.UInt8 use prelude.Int - let rec ghost function bool_to_assignedstate [#"../CreuSAT/src/logic/logic.rs" 34 0 34 54] (b : bool) : uint8 + let rec Snapshot function bool_to_assignedstate [#"../CreuSAT/src/logic/logic.rs" 34 0 34 54] (b : bool) : uint8 ensures { [#"../CreuSAT/src/logic/logic.rs" 32 0 32 30] b -> UInt8.to_int result = 1 } ensures { [#"../CreuSAT/src/logic/logic.rs" 33 0 33 31] not b -> UInt8.to_int result = 0 } @@ -18500,7 +18500,7 @@ module CreuSat_Logic_LogicTrail_LemmaPushMaintainsLitNotInLess_Impl function ShallowModel0.shallow_model = ShallowModel2.shallow_model, predicate FormulaInvariant0.formula_invariant = FormulaInvariant0.formula_invariant, axiom . - let rec ghost function lemma_push_maintains_lit_not_in_less [#"../CreuSAT/src/logic/logic_trail.rs" 200 0 200 77] (t : CreuSat_Trail_Trail_Type.t_trail) (f : CreuSat_Formula_Formula_Type.t_formula) (step : CreuSat_Trail_Step_Type.t_step) : () + let rec Snapshot function lemma_push_maintains_lit_not_in_less [#"../CreuSAT/src/logic/logic_trail.rs" 200 0 200 77] (t : CreuSat_Trail_Trail_Type.t_trail) (f : CreuSat_Formula_Formula_Type.t_formula) (step : CreuSat_Trail_Step_Type.t_step) : () requires {[#"../CreuSAT/src/logic/logic_trail.rs" 193 11 193 24] Invariant0.invariant' f} requires {[#"../CreuSAT/src/logic/logic_trail.rs" 194 11 194 25] Invariant1.invariant' t f} requires {[#"../CreuSAT/src/logic/logic_trail.rs" 195 11 195 56] Unset0.unset (Seq.get (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_assignments t)) (IndexLogic0.index_logic (CreuSat_Trail_Step_Type.step_lit step)))} @@ -18544,7 +18544,7 @@ module CreuSat_Logic_LogicUtil_Pop_Impl use seq.Seq use prelude.Int use seq_ext.SeqExt - let rec ghost function pop [#"../CreuSAT/src/logic/logic_util.rs" 60 0 60 34] (s : Seq.seq t) : Seq.seq t + let rec Snapshot function pop [#"../CreuSAT/src/logic/logic_util.rs" 60 0 60 34] (s : Seq.seq t) : Seq.seq t requires {[#"../CreuSAT/src/logic/logic_util.rs" 56 11 56 22] Seq.length s > 0} ensures { [#"../CreuSAT/src/logic/logic_util.rs" 57 10 57 49] result = SeqExt.subsequence s 0 (Seq.length s - 1) } ensures { [#"../CreuSAT/src/logic/logic_util.rs" 58 10 58 37] Seq.length result = Seq.length s - 1 } @@ -18580,7 +18580,7 @@ module CreuSat_Logic_LogicUtil_LastIdx_Impl type t use seq.Seq use prelude.Int - let rec ghost function last_idx [#"../CreuSAT/src/logic/logic_util.rs" 67 0 67 36] (s : Seq.seq t) : int + let rec Snapshot function last_idx [#"../CreuSAT/src/logic/logic_util.rs" 67 0 67 36] (s : Seq.seq t) : int requires {[#"../CreuSAT/src/logic/logic_util.rs" 66 11 66 22] Seq.length s > 0} = [@vc:do_not_keep_trace] [@vc:sp] @@ -18613,7 +18613,7 @@ module CreuSat_Logic_LogicUtil_LastElem_Impl type t use seq.Seq use prelude.Int - let rec ghost function last_elem [#"../CreuSAT/src/logic/logic_util.rs" 74 0 74 35] (s : Seq.seq t) : t + let rec Snapshot function last_elem [#"../CreuSAT/src/logic/logic_util.rs" 74 0 74 35] (s : Seq.seq t) : t requires {[#"../CreuSAT/src/logic/logic_util.rs" 73 11 73 22] Seq.length s > 0} = [@vc:do_not_keep_trace] [@vc:sp] @@ -18667,7 +18667,7 @@ module CreuSat_Logic_LogicUtil_LemmaPopMaintainsSorted_Impl axiom . clone CreuSat_Logic_LogicUtil_Sorted as Sorted0 with predicate SortedRange0.sorted_range = SortedRange0.sorted_range - let rec ghost function lemma_pop_maintains_sorted [#"../CreuSAT/src/logic/logic_util.rs" 83 0 83 48] (s : Seq.seq usize) : () + let rec Snapshot function lemma_pop_maintains_sorted [#"../CreuSAT/src/logic/logic_util.rs" 83 0 83 48] (s : Seq.seq usize) : () requires {[#"../CreuSAT/src/logic/logic_util.rs" 80 11 80 22] Seq.length s > 0} requires {[#"../CreuSAT/src/logic/logic_util.rs" 81 11 81 20] Sorted0.sorted s} ensures { [#"../CreuSAT/src/logic/logic_util.rs" 82 10 82 24] Sorted0.sorted (Pop0.pop s) } @@ -18857,7 +18857,7 @@ module CreuSat_Logic_LogicWatches_LemmaPopWatchMaintainsWatcherInvariant_Impl clone CreuSat_Logic_LogicWatches_WatcherCrefsInRange as WatcherCrefsInRange0 with function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' - let rec ghost function lemma_pop_watch_maintains_watcher_invariant [#"../CreuSAT/src/logic/logic_watches.rs" 55 0 55 79] (w : Seq.seq (CreuSat_Watches_Watcher_Type.t_watcher)) (f : CreuSat_Formula_Formula_Type.t_formula) : () + let rec Snapshot function lemma_pop_watch_maintains_watcher_invariant [#"../CreuSAT/src/logic/logic_watches.rs" 55 0 55 79] (w : Seq.seq (CreuSat_Watches_Watcher_Type.t_watcher)) (f : CreuSat_Formula_Formula_Type.t_formula) : () requires {[#"../CreuSAT/src/logic/logic_watches.rs" 52 11 52 22] Seq.length w > 0} requires {[#"../CreuSAT/src/logic/logic_watches.rs" 53 11 53 39] WatcherCrefsInRange0.watcher_crefs_in_range w f} ensures { [#"../CreuSAT/src/logic/logic_watches.rs" 54 10 54 43] WatcherCrefsInRange0.watcher_crefs_in_range (Pop0.pop w) f } @@ -18949,7 +18949,7 @@ module CreuSat_Logic_LogicWatches_LemmaPushMaintainsWatcherInvariant_Impl clone CreuSat_Logic_LogicWatches_WatcherCrefsInRange as WatcherCrefsInRange0 with function ShallowModel0.shallow_model = ShallowModel0.shallow_model, val Max0.mAX' = Max0.mAX' - let rec ghost function lemma_push_maintains_watcher_invariant [#"../CreuSAT/src/logic/logic_watches.rs" 62 0 62 86] (w : Seq.seq (CreuSat_Watches_Watcher_Type.t_watcher)) (f : CreuSat_Formula_Formula_Type.t_formula) (o : CreuSat_Watches_Watcher_Type.t_watcher) : () + let rec Snapshot function lemma_push_maintains_watcher_invariant [#"../CreuSAT/src/logic/logic_watches.rs" 62 0 62 86] (w : Seq.seq (CreuSat_Watches_Watcher_Type.t_watcher)) (f : CreuSat_Formula_Formula_Type.t_formula) (o : CreuSat_Watches_Watcher_Type.t_watcher) : () requires {[#"../CreuSAT/src/logic/logic_watches.rs" 59 11 59 39] WatcherCrefsInRange0.watcher_crefs_in_range w f} requires {[#"../CreuSAT/src/logic/logic_watches.rs" 60 11 60 37] UIntSize.to_int (CreuSat_Watches_Watcher_Type.watcher_cref o) < Seq.length (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses f))} ensures { [#"../CreuSAT/src/logic/logic_watches.rs" 61 10 61 46] WatcherCrefsInRange0.watcher_crefs_in_range (Seq.snoc w o) f } @@ -19719,7 +19719,7 @@ module CreuSat_Trail_Impl0_Backstep use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use prelude.UInt8 use seq.Seq @@ -19919,7 +19919,7 @@ module CreuSat_Trail_Impl0_Backstep var self_1 : borrowed (CreuSat_Trail_Trail_Type.t_trail); var f_2 : CreuSat_Formula_Formula_Type.t_formula; var _3 : (); - var old_t_11 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_t_11 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _13 : (); var last_14 : Core_Option_Option_Type.t_option (CreuSat_Trail_Step_Type.t_step); var _15 : borrowed (Alloc_Vec_Vec_Type.t_vec (CreuSat_Trail_Step_Type.t_step) (Alloc_Alloc_Global_Type.t_global)); @@ -19949,7 +19949,7 @@ module CreuSat_Trail_Impl0_Backstep } BB0 { _13 <- (); - old_t_11 <- ([#"../CreuSAT/src/trail.rs" 63 39 63 54] Ghost.new self_1); + old_t_11 <- ([#"../CreuSAT/src/trail.rs" 63 39 63 54] Snapshot.new self_1); goto BB1 } BB1 { @@ -19996,9 +19996,9 @@ module CreuSat_Trail_Impl0_Backstep BB7 { _20 <- { _20 with current = ([#"../CreuSAT/src/trail.rs" 69 16 69 55] * _20 + ([#"../CreuSAT/src/trail.rs" 69 54 69 55] (2 : uint8))) }; assume { Resolve1.resolve _20 }; - assert { [#"../CreuSAT/src/trail.rs" 71 30 71 62] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * Ghost.inner old_t_11))) }; + assert { [#"../CreuSAT/src/trail.rs" 71 30 71 62] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * Snapshot.inner old_t_11))) }; _24 <- (); - assert { [#"../CreuSAT/src/trail.rs" 72 30 72 53] ^ Ghost.inner old_t_11 = ^ self_1 }; + assert { [#"../CreuSAT/src/trail.rs" 72 30 72 53] ^ Snapshot.inner old_t_11 = ^ self_1 }; _26 <- (); _29 <- borrow_mut (CreuSat_Trail_Trail_Type.trail_lit_to_level ( * self_1)); self_1 <- { self_1 with current = (let CreuSat_Trail_Trail_Type.C_Trail a b c d e = * self_1 in CreuSat_Trail_Trail_Type.C_Trail a ( ^ _29) c d e) }; @@ -20074,7 +20074,7 @@ module CreuSat_Trail_Impl0_BacktrackTo use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use seq.Seq use prelude.UInt8 @@ -20325,9 +20325,9 @@ module CreuSat_Trail_Impl0_BacktrackTo var level_2 : usize; var f_3 : CreuSat_Formula_Formula_Type.t_formula; var d_4 : borrowed (CreuSat_Decision_Decisions_Type.t_decisions); - var old_t_13 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_t_13 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _15 : (); - var old_d_16 : Ghost.ghost_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); + var old_d_16 : Snapshot.Snapshot_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); var _18 : (); var how_many_19 : usize; var _20 : usize; @@ -20376,7 +20376,7 @@ module CreuSat_Trail_Impl0_BacktrackTo var _72 : usize; var _73 : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); var _74 : usize; - var old_t2_75 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_t2_75 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _77 : (); var _78 : (); var _80 : (); @@ -20407,7 +20407,7 @@ module CreuSat_Trail_Impl0_BacktrackTo var _112 : Alloc_Vec_Vec_Type.t_vec usize (Alloc_Alloc_Global_Type.t_global); var _113 : usize; var _114 : Alloc_Vec_Vec_Type.t_vec (CreuSat_Trail_Step_Type.t_step) (Alloc_Alloc_Global_Type.t_global); - var old_t3_115 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_t3_115 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _117 : (); var _118 : (); var _120 : (); @@ -20438,12 +20438,12 @@ module CreuSat_Trail_Impl0_BacktrackTo } BB0 { _15 <- (); - old_t_13 <- ([#"../CreuSAT/src/trail.rs" 119 39 119 54] Ghost.new self_1); + old_t_13 <- ([#"../CreuSAT/src/trail.rs" 119 39 119 54] Snapshot.new self_1); goto BB1 } BB1 { _18 <- (); - old_d_16 <- ([#"../CreuSAT/src/trail.rs" 120 43 120 55] Ghost.new d_4); + old_d_16 <- ([#"../CreuSAT/src/trail.rs" 120 43 120 55] Snapshot.new d_4); goto BB2 } BB2 { @@ -20494,7 +20494,7 @@ module CreuSat_Trail_Impl0_BacktrackTo goto BB10 } BB10 { - invariant { [#"../CreuSAT/src/trail.rs" 126 20 126 44] UIntSize.to_int i_30 <= Seq.length (ShallowModel1.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * Ghost.inner old_t_13))) }; + invariant { [#"../CreuSAT/src/trail.rs" 126 20 126 44] UIntSize.to_int i_30 <= Seq.length (ShallowModel1.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * Snapshot.inner old_t_13))) }; invariant { [#"../CreuSAT/src/trail.rs" 127 20 127 33] i_30 <= how_many_19 }; invariant { [#"../CreuSAT/src/trail.rs" 128 20 128 80] LongArePostUnitInner0.long_are_post_unit_inner (ShallowModel1.shallow_model (CreuSat_Trail_Trail_Type.trail_trail ( * self_1))) f_3 (ShallowModel2.shallow_model (CreuSat_Trail_Trail_Type.trail_assignments ( * self_1))) }; invariant { [#"../CreuSAT/src/trail.rs" 129 20 129 50] InvariantNoDecision0.invariant_no_decision ( * self_1) f_3 }; @@ -20577,7 +20577,7 @@ module CreuSat_Trail_Impl0_BacktrackTo } BB20 { _77 <- (); - old_t2_75 <- ([#"../CreuSAT/src/trail.rs" 149 44 149 59] Ghost.new self_1); + old_t2_75 <- ([#"../CreuSAT/src/trail.rs" 149 44 149 59] Snapshot.new self_1); goto BB21 } BB21 { @@ -20607,9 +20607,9 @@ module CreuSat_Trail_Impl0_BacktrackTo absurd } BB25 { - assert { [#"../CreuSAT/src/trail.rs" 155 34 155 75] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Ghost.inner old_t2_75))) }; + assert { [#"../CreuSAT/src/trail.rs" 155 34 155 75] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Snapshot.inner old_t2_75))) }; _88 <- (); - assert { [#"../CreuSAT/src/trail.rs" 156 34 156 60] ^ Ghost.inner old_t2_75 = ^ self_1 }; + assert { [#"../CreuSAT/src/trail.rs" 156 34 156 60] ^ Snapshot.inner old_t2_75 = ^ self_1 }; _90 <- (); _84 <- (); assert { [#"../CreuSAT/src/trail.rs" 162 26 162 49] Sorted0.sorted (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1))) }; @@ -20670,7 +20670,7 @@ module CreuSat_Trail_Impl0_BacktrackTo } BB35 { _117 <- (); - old_t3_115 <- ([#"../CreuSAT/src/trail.rs" 168 44 168 59] Ghost.new self_1); + old_t3_115 <- ([#"../CreuSAT/src/trail.rs" 168 44 168 59] Snapshot.new self_1); goto BB36 } BB36 { @@ -20700,12 +20700,12 @@ module CreuSat_Trail_Impl0_BacktrackTo absurd } BB40 { - assert { [#"../CreuSAT/src/trail.rs" 175 34 175 75] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Ghost.inner old_t3_115))) }; + assert { [#"../CreuSAT/src/trail.rs" 175 34 175 75] ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1)) = Pop1.pop (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Snapshot.inner old_t3_115))) }; _128 <- (); - assert { [#"../CreuSAT/src/trail.rs" 176 34 176 60] ^ Ghost.inner old_t3_115 = ^ self_1 }; + assert { [#"../CreuSAT/src/trail.rs" 176 34 176 60] ^ Snapshot.inner old_t3_115 = ^ self_1 }; _130 <- (); _124 <- (); - assert { [#"../CreuSAT/src/trail.rs" 182 26 182 71] let _ = LemmaPopMaintainsSorted0.lemma_pop_maintains_sorted (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Ghost.inner old_t3_115))) in true }; + assert { [#"../CreuSAT/src/trail.rs" 182 26 182 71] let _ = LemmaPopMaintainsSorted0.lemma_pop_maintains_sorted (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Snapshot.inner old_t3_115))) in true }; _134 <- (); assert { [#"../CreuSAT/src/trail.rs" 183 26 183 49] Sorted0.sorted (ShallowModel0.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * self_1))) }; _136 <- (); @@ -23346,7 +23346,7 @@ module CreuSat_UnitProp_Swap use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.Slice use seq.Seq use seq.Permut @@ -23529,7 +23529,7 @@ module CreuSat_UnitProp_Swap clone CreuSat_Logic_LogicFormula_EventuallySatComplete as EventuallySatComplete0 with predicate CompleteInner0.complete_inner = CompleteInner0.complete_inner, predicate FormulaSatInner0.formula_sat_inner = FormulaSatInner0.formula_sat_inner - clone CreusotContracts_Ghost_Impl1_ShallowModel as ShallowModel3 with + clone CreusotContracts_Snapshot_Impl1_ShallowModel as ShallowModel3 with type t = borrowed (CreuSat_Formula_Formula_Type.t_formula), type ShallowModelTy0.shallowModelTy = (Seq.seq (CreuSat_Clause_Clause_Type.t_clause), int), function ShallowModel0.shallow_model = ShallowModel15.shallow_model @@ -23614,7 +23614,7 @@ module CreuSat_UnitProp_Swap var cref_4 : usize; var j_5 : usize; var k_6 : usize; - var old_f_22 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_22 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _24 : (); var _25 : (); var _26 : borrowed (slice (CreuSat_Lit_Lit_Type.t_lit)); @@ -23641,7 +23641,7 @@ module CreuSat_UnitProp_Swap } BB0 { _24 <- (); - old_f_22 <- ([#"../CreuSAT/src/unit_prop.rs" 69 37 69 49] Ghost.new f_1); + old_f_22 <- ([#"../CreuSAT/src/unit_prop.rs" 69 37 69 49] Snapshot.new f_1); goto BB1 } BB1 { @@ -23673,11 +23673,11 @@ module CreuSat_UnitProp_Swap _34 <- (); assert { [#"../CreuSAT/src/unit_prop.rs" 74 18 74 64] NoDuplicateIndexesInner0.no_duplicate_indexes_inner (ShallowModel1.shallow_model (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) }; _36 <- (); - assert { [#"../CreuSAT/src/unit_prop.rs" 76 4 76 170] forall a2 : Seq.seq uint8 . Seq.length a2 = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) /\ CompleteInner0.complete_inner a2 /\ SatInner1.sat_inner (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_f_22))) (UIntSize.to_int cref_4)) a2 -> SatInner1.sat_inner (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4)) a2 }; + assert { [#"../CreuSAT/src/unit_prop.rs" 76 4 76 170] forall a2 : Seq.seq uint8 . Seq.length a2 = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) /\ CompleteInner0.complete_inner a2 /\ SatInner1.sat_inner (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_f_22))) (UIntSize.to_int cref_4)) a2 -> SatInner1.sat_inner (Seq.get (ShallowModel0.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4)) a2 }; _38 <- (); assert { [#"../CreuSAT/src/unit_prop.rs" 77 4 77 82] EventuallySatComplete0.eventually_sat_complete (ShallowModel3.shallow_model old_f_22) -> EventuallySatComplete0.eventually_sat_complete (ShallowModel4.shallow_model f_1) }; _40 <- (); - assert { [#"../CreuSAT/src/unit_prop.rs" 78 18 78 38] ^ f_1 = ^ Ghost.inner old_f_22 }; + assert { [#"../CreuSAT/src/unit_prop.rs" 78 18 78 38] ^ f_1 = ^ Snapshot.inner old_f_22 }; _42 <- (); _0 <- (); return _0 @@ -23741,7 +23741,7 @@ module CreuSat_Watches_UpdateWatch use prelude.Int use prelude.UIntSize use prelude.Slice - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use seq.Seq use prelude.UInt8 @@ -24079,7 +24079,7 @@ module CreuSat_Watches_UpdateWatch var _40 : usize; var _41 : usize; var _42 : (); - var old_w_44 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_44 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _46 : (); var _47 : (); var _49 : Core_Option_Option_Type.t_option (CreuSat_Watches_Watcher_Type.t_watcher); @@ -24177,7 +24177,7 @@ module CreuSat_Watches_UpdateWatch assert { [#"../CreuSAT/src/watches.rs" 41 18 41 52] UIntSize.to_int watchidx_18 < Seq.length (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) }; _42 <- (); _46 <- (); - old_w_44 <- ([#"../CreuSAT/src/watches.rs" 42 37 42 52] Ghost.new watches_3); + old_w_44 <- ([#"../CreuSAT/src/watches.rs" 42 37 42 52] Snapshot.new watches_3); goto BB9 } BB9 { @@ -24213,9 +24213,9 @@ module CreuSat_Watches_UpdateWatch BB14 { w_55 <- Core_Option_Option_Type.some_0 _49; _49 <- (let Core_Option_Option_Type.C_Some a = _49 in Core_Option_Option_Type.C_Some (any CreuSat_Watches_Watcher_Type.t_watcher)); - assert { [#"../CreuSAT/src/watches.rs" 46 26 46 101] let _ = LemmaPopWatchMaintainsWatcherInvariant0.lemma_pop_watch_maintains_watcher_invariant (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Ghost.inner old_w_44))) (UIntSize.to_int watchidx_18))) f_1 in true }; + assert { [#"../CreuSAT/src/watches.rs" 46 26 46 101] let _ = LemmaPopWatchMaintainsWatcherInvariant0.lemma_pop_watch_maintains_watcher_invariant (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Snapshot.inner old_w_44))) (UIntSize.to_int watchidx_18))) f_1 in true }; _56 <- (); - assert { [#"../CreuSAT/src/watches.rs" 47 26 47 89] ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) (UIntSize.to_int watchidx_18)) = Pop1.pop (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Ghost.inner old_w_44))) (UIntSize.to_int watchidx_18))) }; + assert { [#"../CreuSAT/src/watches.rs" 47 26 47 89] ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) (UIntSize.to_int watchidx_18)) = Pop1.pop (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Snapshot.inner old_w_44))) (UIntSize.to_int watchidx_18))) }; _58 <- (); assert { [#"../CreuSAT/src/watches.rs" 48 26 48 82] WatcherCrefsInRange0.watcher_crefs_in_range (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) (UIntSize.to_int watchidx_18))) f_1 }; _60 <- (); @@ -24856,7 +24856,7 @@ module CreuSat_UnitProp_ExistsNewWatchableLit use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use seq.Seq use prelude.UInt8 use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -25137,9 +25137,9 @@ module CreuSat_UnitProp_ExistsNewWatchableLit var cref_4 : usize; var j_5 : usize; var lit_6 : CreuSat_Lit_Lit_Type.t_lit; - var old_w_25 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_25 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _27 : (); - var old_f_28 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_28 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _30 : (); var clause_len_31 : usize; var _32 : CreuSat_Clause_Clause_Type.t_clause; @@ -25169,7 +25169,7 @@ module CreuSat_UnitProp_ExistsNewWatchableLit var _61 : usize; var _62 : CreuSat_Lit_Lit_Type.t_lit; var _63 : (); - var old_f2_64 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f2_64 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _66 : (); var _67 : usize; var _68 : borrowed (CreuSat_Clause_Clause_Type.t_clause); @@ -25194,7 +25194,7 @@ module CreuSat_UnitProp_ExistsNewWatchableLit var _95 : usize; var _96 : CreuSat_Lit_Lit_Type.t_lit; var _97 : (); - var old_f2_98 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f2_98 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _100 : (); var _101 : usize; var _102 : borrowed (CreuSat_Clause_Clause_Type.t_clause); @@ -25216,12 +25216,12 @@ module CreuSat_UnitProp_ExistsNewWatchableLit } BB0 { _27 <- (); - old_w_25 <- ([#"../CreuSAT/src/unit_prop.rs" 101 37 101 55] Ghost.new watches_3); + old_w_25 <- ([#"../CreuSAT/src/unit_prop.rs" 101 37 101 55] Snapshot.new watches_3); goto BB1 } BB1 { _30 <- (); - old_f_28 <- ([#"../CreuSAT/src/unit_prop.rs" 102 37 102 49] Ghost.new f_1); + old_f_28 <- ([#"../CreuSAT/src/unit_prop.rs" 102 37 102 49] Snapshot.new f_1); goto BB2 } BB2 { @@ -25257,8 +25257,8 @@ module CreuSat_UnitProp_ExistsNewWatchableLit } BB8 { invariant { [#"../CreuSAT/src/unit_prop.rs" 106 16 106 28] UIntSize.to_int search_43 >= 2 }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 107 16 107 27] f_1 = Ghost.inner old_f_28 }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 108 16 108 33] watches_3 = Ghost.inner old_w_25 }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 107 16 107 27] f_1 = Snapshot.inner old_f_28 }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 108 16 108 33] watches_3 = Snapshot.inner old_w_25 }; invariant { [#"../CreuSAT/src/unit_prop.rs" 106 4 106 30] forall m : int . UIntSize.to_int init_search_36 <= m /\ m < UIntSize.to_int search_43 -> Unsat0.unsat (Seq.get (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) m) (CreuSat_Trail_Trail_Type.trail_assignments trail_2) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 106 4 106 30] not SatInner0.sat_inner (Seq.get (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) 0) (ShallowModel4.shallow_model (CreuSat_Trail_Trail_Type.trail_assignments trail_2)) }; _52 <- search_43; @@ -25291,7 +25291,7 @@ module CreuSat_UnitProp_ExistsNewWatchableLit BB11 { assume { Resolve0.resolve watches_3 }; _66 <- (); - old_f2_64 <- ([#"../CreuSAT/src/unit_prop.rs" 114 46 114 58] Ghost.new f_1); + old_f2_64 <- ([#"../CreuSAT/src/unit_prop.rs" 114 46 114 58] Snapshot.new f_1); goto BB12 } BB12 { @@ -25307,9 +25307,9 @@ module CreuSat_UnitProp_ExistsNewWatchableLit _68 <- { _68 with current = (let CreuSat_Clause_Clause_Type.C_Clause a b c d = * _68 in CreuSat_Clause_Clause_Type.C_Clause a b _67 d) }; _67 <- any usize; assume { Resolve2.resolve _68 }; - assert { [#"../CreuSAT/src/unit_prop.rs" 116 12 116 122] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) -> ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) j) = ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_f2_64))) j) }; + assert { [#"../CreuSAT/src/unit_prop.rs" 116 12 116 122] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) -> ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) j) = ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_f2_64))) j) }; _71 <- (); - assert { [#"../CreuSAT/src/unit_prop.rs" 117 26 117 52] Equisat0.equisat ( * Ghost.inner old_f2_64) ( * f_1) }; + assert { [#"../CreuSAT/src/unit_prop.rs" 117 26 117 52] Equisat0.equisat ( * Snapshot.inner old_f2_64) ( * f_1) }; _73 <- (); _0 <- ([#"../CreuSAT/src/unit_prop.rs" 119 19 119 23] true); goto BB24 @@ -25327,8 +25327,8 @@ module CreuSat_UnitProp_ExistsNewWatchableLit } BB16 { invariant { [#"../CreuSAT/src/unit_prop.rs" 124 16 124 54] 2 <= UIntSize.to_int search_43 /\ UIntSize.to_int search_43 <= UIntSize.to_int clause_len_31 }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 125 16 125 27] f_1 = Ghost.inner old_f_28 }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 126 16 126 33] watches_3 = Ghost.inner old_w_25 }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 125 16 125 27] f_1 = Snapshot.inner old_f_28 }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 126 16 126 33] watches_3 = Snapshot.inner old_w_25 }; invariant { [#"../CreuSAT/src/unit_prop.rs" 124 4 124 56] forall m : int . UIntSize.to_int init_search_36 <= m /\ m < UIntSize.to_int clause_len_31 -> Unsat0.unsat (Seq.get (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) m) (CreuSat_Trail_Trail_Type.trail_assignments trail_2) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 124 4 124 56] forall m : int . 2 <= m /\ m < UIntSize.to_int search_43 -> Unsat0.unsat (Seq.get (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) m) (CreuSat_Trail_Trail_Type.trail_assignments trail_2) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 124 4 124 56] not SatInner0.sat_inner (Seq.get (ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) (UIntSize.to_int cref_4))) 0) (ShallowModel4.shallow_model (CreuSat_Trail_Trail_Type.trail_assignments trail_2)) }; @@ -25362,7 +25362,7 @@ module CreuSat_UnitProp_ExistsNewWatchableLit BB19 { assume { Resolve0.resolve watches_3 }; _100 <- (); - old_f2_98 <- ([#"../CreuSAT/src/unit_prop.rs" 133 46 133 58] Ghost.new f_1); + old_f2_98 <- ([#"../CreuSAT/src/unit_prop.rs" 133 46 133 58] Snapshot.new f_1); goto BB20 } BB20 { @@ -25378,9 +25378,9 @@ module CreuSat_UnitProp_ExistsNewWatchableLit _102 <- { _102 with current = (let CreuSat_Clause_Clause_Type.C_Clause a b c d = * _102 in CreuSat_Clause_Clause_Type.C_Clause a b _101 d) }; _101 <- any usize; assume { Resolve2.resolve _102 }; - assert { [#"../CreuSAT/src/unit_prop.rs" 135 12 135 122] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) -> ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) j) = ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Ghost.inner old_f2_98))) j) }; + assert { [#"../CreuSAT/src/unit_prop.rs" 135 12 135 122] forall j : int . 0 <= j /\ j < Seq.length (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) -> ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1))) j) = ShallowModel3.shallow_model (Seq.get (ShallowModel2.shallow_model (CreuSat_Formula_Formula_Type.formula_clauses ( * Snapshot.inner old_f2_98))) j) }; _105 <- (); - assert { [#"../CreuSAT/src/unit_prop.rs" 136 26 136 52] Equisat0.equisat ( * Ghost.inner old_f2_98) ( * f_1) }; + assert { [#"../CreuSAT/src/unit_prop.rs" 136 26 136 52] Equisat0.equisat ( * Snapshot.inner old_f2_98) ( * f_1) }; _107 <- (); _0 <- ([#"../CreuSAT/src/unit_prop.rs" 138 19 138 23] true); goto BB24 @@ -25483,7 +25483,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use seq.Seq use seq.Permut use prelude.UInt8 @@ -25698,7 +25698,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause predicate Invariant0.invariant' = Invariant6.invariant', function ShallowModel1.shallow_model = ShallowModel3.shallow_model, val Max0.mAX' = Max1.mAX' - clone CreusotContracts_Ghost_Impl1_ShallowModel as ShallowModel5 with + clone CreusotContracts_Snapshot_Impl1_ShallowModel as ShallowModel5 with type t = CreuSat_Clause_Clause_Type.t_clause, type ShallowModelTy0.shallowModelTy = Seq.seq (CreuSat_Lit_Lit_Type.t_lit), function ShallowModel0.shallow_model = ShallowModel11.shallow_model @@ -25888,7 +25888,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause var cref_4 : usize; var lit_5 : CreuSat_Lit_Lit_Type.t_lit; var j_6 : usize; - var old_w_23 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_23 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _25 : (); var clause_26 : CreuSat_Clause_Clause_Type.t_clause; var _27 : CreuSat_Clause_Clause_Type.t_clause; @@ -25979,7 +25979,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause var _122 : CreuSat_Trail_Trail_Type.t_trail; var _123 : CreuSat_Trail_Reason_Type.t_reason; var _124 : usize; - var old_c_125 : Ghost.ghost_ty (CreuSat_Clause_Clause_Type.t_clause); + var old_c_125 : Snapshot.Snapshot_ty (CreuSat_Clause_Clause_Type.t_clause); var _128 : (); var _129 : (); var _131 : (); @@ -26008,7 +26008,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause } BB0 { _25 <- (); - old_w_23 <- ([#"../CreuSAT/src/unit_prop.rs" 166 37 166 55] Ghost.new watches_3); + old_w_23 <- ([#"../CreuSAT/src/unit_prop.rs" 166 37 166 55] Snapshot.new watches_3); goto BB1 } BB1 { @@ -26040,7 +26040,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause BB5 { assume { Resolve0.resolve f_1 }; assume { Resolve1.resolve trail_2 }; - assert { [#"../CreuSAT/src/unit_prop.rs" 171 22 171 48] ^ watches_3 = ^ Ghost.inner old_w_23 }; + assert { [#"../CreuSAT/src/unit_prop.rs" 171 22 171 48] ^ watches_3 = ^ Snapshot.inner old_w_23 }; _39 <- (); assert { [#"../CreuSAT/src/unit_prop.rs" 172 22 172 59] IndexLogic0.index_logic first_lit_30 < UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) }; _41 <- (); @@ -26094,7 +26094,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause BB12 { assume { Resolve0.resolve f_1 }; assume { Resolve1.resolve trail_2 }; - assert { [#"../CreuSAT/src/unit_prop.rs" 179 22 179 48] ^ watches_3 = ^ Ghost.inner old_w_23 }; + assert { [#"../CreuSAT/src/unit_prop.rs" 179 22 179 48] ^ watches_3 = ^ Snapshot.inner old_w_23 }; _60 <- (); assert { [#"../CreuSAT/src/unit_prop.rs" 180 22 180 60] IndexLogic0.index_logic second_lit_51 < UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) }; _62 <- (); @@ -26246,7 +26246,7 @@ module CreuSat_UnitProp_PropagateLitWithRegardToClause _123 <- CreuSat_Trail_Reason_Type.C_Long _124; step_119 <- CreuSat_Trail_Step_Type.C_Step _120 _121 _123; _128 <- (); - old_c_125 <- ([#"../CreuSAT/src/unit_prop.rs" 212 35 212 61] Ghost.new (Index2.index (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1)) cref_4)); + old_c_125 <- ([#"../CreuSAT/src/unit_prop.rs" 212 35 212 61] Snapshot.new (Index2.index (CreuSat_Formula_Formula_Type.formula_clauses ( * f_1)) cref_4)); goto BB31 } BB31 { @@ -26358,7 +26358,7 @@ module CreuSat_UnitProp_PropagateLiteral use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use seq.Seq use prelude.UInt8 @@ -26648,11 +26648,11 @@ module CreuSat_UnitProp_PropagateLiteral var _18 : CreuSat_Lit_Lit_Type.t_lit; var _19 : (); var _21 : (); - var old_trail_23 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_trail_23 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _25 : (); - var old_f_26 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_26 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _28 : (); - var old_w_29 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_29 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _31 : (); var _32 : (); var _40 : (); @@ -26709,17 +26709,17 @@ module CreuSat_UnitProp_PropagateLiteral assert { [#"../CreuSAT/src/unit_prop.rs" 242 18 242 52] Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) > UIntSize.to_int watchidx_17 }; _21 <- (); _25 <- (); - old_trail_23 <- ([#"../CreuSAT/src/unit_prop.rs" 243 39 243 55] Ghost.new trail_2); + old_trail_23 <- ([#"../CreuSAT/src/unit_prop.rs" 243 39 243 55] Snapshot.new trail_2); goto BB2 } BB2 { _28 <- (); - old_f_26 <- ([#"../CreuSAT/src/unit_prop.rs" 244 37 244 49] Ghost.new f_1); + old_f_26 <- ([#"../CreuSAT/src/unit_prop.rs" 244 37 244 49] Snapshot.new f_1); goto BB3 } BB3 { _31 <- (); - old_w_29 <- ([#"../CreuSAT/src/unit_prop.rs" 245 37 245 55] Ghost.new watches_3); + old_w_29 <- ([#"../CreuSAT/src/unit_prop.rs" 245 37 245 55] Snapshot.new watches_3); goto BB4 } BB4 { @@ -26727,12 +26727,12 @@ module CreuSat_UnitProp_PropagateLiteral } BB5 { invariant { [#"../CreuSAT/src/unit_prop.rs" 246 16 246 35] Invariant1.invariant' ( * trail_2) ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 247 16 247 62] Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) = Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Ghost.inner old_w_29))) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 247 16 247 62] Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) = Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Snapshot.inner old_w_29))) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 248 16 248 37] Invariant2.invariant' ( * watches_3) ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 249 16 249 33] Equisat0.equisat ( * Ghost.inner old_f_26) ( * f_1) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 249 16 249 33] Equisat0.equisat ( * Snapshot.inner old_f_26) ( * f_1) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 250 16 250 29] Invariant0.invariant' ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 251 16 251 56] ShallowModel2.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * trail_2)) = ShallowModel2.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Ghost.inner old_trail_23)) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 252 16 252 46] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_26)) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 251 16 251 56] ShallowModel2.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * trail_2)) = ShallowModel2.shallow_model (CreuSat_Trail_Trail_Type.trail_decisions ( * Snapshot.inner old_trail_23)) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 252 16 252 46] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_26)) }; _42 <- j_16; _46 <- CreuSat_Watches_Watches_Type.watches_watches ( * watches_3); _47 <- watchidx_17; @@ -26901,7 +26901,7 @@ module CreuSat_UnitProp_UnitPropagate use prelude.Int use prelude.UIntSize use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.IntSize use seq.Seq use prelude.UInt8 @@ -27148,11 +27148,11 @@ module CreuSat_UnitProp_UnitPropagate var trail_2 : borrowed (CreuSat_Trail_Trail_Type.t_trail); var watches_3 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var i_14 : usize; - var old_trail_15 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_trail_15 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _17 : (); - var old_f_18 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_18 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _20 : (); - var old_w_21 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_21 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _23 : (); var _24 : (); var _31 : (); @@ -27188,17 +27188,17 @@ module CreuSat_UnitProp_UnitPropagate BB0 { i_14 <- CreuSat_Trail_Trail_Type.trail_curr_i ( * trail_2); _17 <- (); - old_trail_15 <- ([#"../CreuSAT/src/unit_prop.rs" 286 39 286 55] Ghost.new trail_2); + old_trail_15 <- ([#"../CreuSAT/src/unit_prop.rs" 286 39 286 55] Snapshot.new trail_2); goto BB1 } BB1 { _20 <- (); - old_f_18 <- ([#"../CreuSAT/src/unit_prop.rs" 287 37 287 49] Ghost.new f_1); + old_f_18 <- ([#"../CreuSAT/src/unit_prop.rs" 287 37 287 49] Snapshot.new f_1); goto BB2 } BB2 { _23 <- (); - old_w_21 <- ([#"../CreuSAT/src/unit_prop.rs" 288 37 288 55] Ghost.new watches_3); + old_w_21 <- ([#"../CreuSAT/src/unit_prop.rs" 288 37 288 55] Snapshot.new watches_3); goto BB3 } BB3 { @@ -27207,10 +27207,10 @@ module CreuSat_UnitProp_UnitPropagate BB4 { invariant { [#"../CreuSAT/src/unit_prop.rs" 289 16 289 29] Invariant0.invariant' ( * f_1) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 290 16 290 35] Invariant1.invariant' ( * trail_2) ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 291 16 291 62] Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) = Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Ghost.inner old_w_21))) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 291 16 291 62] Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * watches_3))) = Seq.length (ShallowModel1.shallow_model (CreuSat_Watches_Watches_Type.watches_watches ( * Snapshot.inner old_w_21))) }; invariant { [#"../CreuSAT/src/unit_prop.rs" 292 16 292 37] Invariant2.invariant' ( * watches_3) ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 293 16 293 33] Equisat0.equisat ( * Ghost.inner old_f_18) ( * f_1) }; - invariant { [#"../CreuSAT/src/unit_prop.rs" 294 16 294 46] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_18)) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 293 16 293 33] Equisat0.equisat ( * Snapshot.inner old_f_18) ( * f_1) }; + invariant { [#"../CreuSAT/src/unit_prop.rs" 294 16 294 46] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_1)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_18)) }; _33 <- i_14; _35 <- CreuSat_Trail_Trail_Type.trail_trail ( * trail_2); _34 <- ([#"../CreuSAT/src/unit_prop.rs" 295 14 295 31] Len0.len _35); @@ -27748,7 +27748,7 @@ module CreuSat_Solver_Impl0_UnitPropLoop_Interface end module CreuSat_Solver_Impl0_UnitPropLoop use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.IntSize use prelude.UIntSize @@ -27993,13 +27993,13 @@ module CreuSat_Solver_Impl0_UnitPropLoop var d_3 : borrowed (CreuSat_Decision_Decisions_Type.t_decisions); var t_4 : borrowed (CreuSat_Trail_Trail_Type.t_trail); var w_5 : borrowed (CreuSat_Watches_Watches_Type.t_watches); - var old_f_18 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_18 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _20 : (); - var old_t_21 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_t_21 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _23 : (); - var old_w_24 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_24 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _26 : (); - var old_d_27 : Ghost.ghost_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); + var old_d_27 : Snapshot.Snapshot_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); var _29 : (); var _36 : (); var _37 : (); @@ -28023,22 +28023,22 @@ module CreuSat_Solver_Impl0_UnitPropLoop } BB0 { _20 <- (); - old_f_18 <- ([#"../CreuSAT/src/solver.rs" 230 41 230 53] Ghost.new f_2); + old_f_18 <- ([#"../CreuSAT/src/solver.rs" 230 41 230 53] Snapshot.new f_2); goto BB1 } BB1 { _23 <- (); - old_t_21 <- ([#"../CreuSAT/src/solver.rs" 231 39 231 51] Ghost.new t_4); + old_t_21 <- ([#"../CreuSAT/src/solver.rs" 231 39 231 51] Snapshot.new t_4); goto BB2 } BB2 { _26 <- (); - old_w_24 <- ([#"../CreuSAT/src/solver.rs" 232 41 232 53] Ghost.new w_5); + old_w_24 <- ([#"../CreuSAT/src/solver.rs" 232 41 232 53] Snapshot.new w_5); goto BB3 } BB3 { _29 <- (); - old_d_27 <- ([#"../CreuSAT/src/solver.rs" 233 43 233 55] Ghost.new d_3); + old_d_27 <- ([#"../CreuSAT/src/solver.rs" 233 43 233 55] Snapshot.new d_3); goto BB4 } BB4 { @@ -28049,8 +28049,8 @@ module CreuSat_Solver_Impl0_UnitPropLoop invariant { [#"../CreuSAT/src/solver.rs" 235 20 235 35] Invariant1.invariant' ( * t_4) ( * f_2) }; invariant { [#"../CreuSAT/src/solver.rs" 236 20 236 35] Invariant2.invariant' ( * w_5) ( * f_2) }; invariant { [#"../CreuSAT/src/solver.rs" 237 20 237 44] Invariant3.invariant' ( * d_3) (UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_2))) }; - invariant { [#"../CreuSAT/src/solver.rs" 238 20 238 45] Equisat0.equisat ( * Ghost.inner old_f_18) ( * f_2) }; - invariant { [#"../CreuSAT/src/solver.rs" 239 20 239 50] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_2)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_18)) }; + invariant { [#"../CreuSAT/src/solver.rs" 238 20 238 45] Equisat0.equisat ( * Snapshot.inner old_f_18) ( * f_2) }; + invariant { [#"../CreuSAT/src/solver.rs" 239 20 239 50] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * f_2)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_18)) }; _39 <- borrow_mut ( * self_1); self_1 <- { self_1 with current = ( ^ _39) }; _40 <- borrow_mut ( * f_2); @@ -29179,7 +29179,7 @@ module CreuSat_Solver_Impl0_Inner_Interface end module CreuSat_Solver_Impl0_Inner use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.IntSize use prelude.UInt8 @@ -29441,7 +29441,7 @@ module CreuSat_Solver_Impl0_Inner var decisions_3 : CreuSat_Decision_Decisions_Type.t_decisions; var trail_4 : CreuSat_Trail_Trail_Type.t_trail; var watches_5 : CreuSat_Watches_Watches_Type.t_watches; - var old_f_14 : Ghost.ghost_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); + var old_f_14 : Snapshot.Snapshot_ty (borrowed (CreuSat_Formula_Formula_Type.t_formula)); var _16 : (); var _23 : (); var _24 : (); @@ -29481,7 +29481,7 @@ module CreuSat_Solver_Impl0_Inner } BB4 { _16 <- (); - old_f_14 <- ([#"../CreuSAT/src/solver.rs" 323 41 323 59] Ghost.new formula_2); + old_f_14 <- ([#"../CreuSAT/src/solver.rs" 323 41 323 59] Snapshot.new formula_2); goto BB5 } BB5 { @@ -29497,8 +29497,8 @@ module CreuSat_Solver_Impl0_Inner goto BB9 } BB9 { - invariant { [#"../CreuSAT/src/solver.rs" 324 20 324 51] Equisat0.equisat ( * Ghost.inner old_f_14) ( * formula_2) }; - invariant { [#"../CreuSAT/src/solver.rs" 325 20 325 56] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * formula_2)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Ghost.inner old_f_14)) }; + invariant { [#"../CreuSAT/src/solver.rs" 324 20 324 51] Equisat0.equisat ( * Snapshot.inner old_f_14) ( * formula_2) }; + invariant { [#"../CreuSAT/src/solver.rs" 325 20 325 56] UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * formula_2)) = UIntSize.to_int (CreuSat_Formula_Formula_Type.formula_num_vars ( * Snapshot.inner old_f_14)) }; invariant { [#"../CreuSAT/src/solver.rs" 326 20 326 39] Invariant0.invariant' ( * formula_2) }; invariant { [#"../CreuSAT/src/solver.rs" 327 20 327 45] Invariant2.invariant' trail_4 ( * formula_2) }; invariant { [#"../CreuSAT/src/solver.rs" 328 20 328 47] Invariant3.invariant' watches_5 ( * formula_2) }; @@ -30017,7 +30017,7 @@ module CreuSat_Watches_Impl0_InitWatches_Interface end module CreuSat_Watches_Impl0_InitWatches use prelude.Borrow - use prelude.Ghost + use prelude.Snapshot use prelude.Int use prelude.UIntSize use seq.Seq @@ -30169,7 +30169,7 @@ module CreuSat_Watches_Impl0_InitWatches var _0 : (); var self_1 : borrowed (CreuSat_Watches_Watches_Type.t_watches); var f_2 : CreuSat_Formula_Formula_Type.t_formula; - var old_w_7 : Ghost.ghost_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); + var old_w_7 : Snapshot.Snapshot_ty (borrowed (CreuSat_Watches_Watches_Type.t_watches)); var _9 : (); var i_10 : usize; var _13 : (); @@ -30221,7 +30221,7 @@ module CreuSat_Watches_Impl0_InitWatches } BB0 { _9 <- (); - old_w_7 <- ([#"../CreuSAT/src/watches.rs" 133 41 133 56] Ghost.new self_1); + old_w_7 <- ([#"../CreuSAT/src/watches.rs" 133 41 133 56] Snapshot.new self_1); goto BB1 } BB1 { @@ -30374,7 +30374,7 @@ module CreuSat_Trail_Impl0_LearnUnits use prelude.Borrow use prelude.Int use prelude.UIntSize - use prelude.Ghost + use prelude.Snapshot use prelude.UInt8 use seq.Seq use CreuSat_Lit_Lit_Type as CreuSat_Lit_Lit_Type @@ -30633,9 +30633,9 @@ module CreuSat_Trail_Impl0_LearnUnits var d_3 : borrowed (CreuSat_Decision_Decisions_Type.t_decisions); var _4 : (); var i_11 : usize; - var old_d_12 : Ghost.ghost_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); + var old_d_12 : Snapshot.Snapshot_ty (borrowed (CreuSat_Decision_Decisions_Type.t_decisions)); var _14 : (); - var old_self_15 : Ghost.ghost_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); + var old_self_15 : Snapshot.Snapshot_ty (borrowed (CreuSat_Trail_Trail_Type.t_trail)); var _17 : (); var _18 : (); var _21 : (); @@ -30684,12 +30684,12 @@ module CreuSat_Trail_Impl0_LearnUnits BB0 { i_11 <- ([#"../CreuSAT/src/trail.rs" 311 20 311 21] (0 : usize)); _14 <- (); - old_d_12 <- ([#"../CreuSAT/src/trail.rs" 312 43 312 55] Ghost.new d_3); + old_d_12 <- ([#"../CreuSAT/src/trail.rs" 312 43 312 55] Snapshot.new d_3); goto BB1 } BB1 { _17 <- (); - old_self_15 <- ([#"../CreuSAT/src/trail.rs" 313 42 313 57] Ghost.new self_1); + old_self_15 <- ([#"../CreuSAT/src/trail.rs" 313 42 313 57] Snapshot.new self_1); goto BB2 } BB2 { From 5c6244bc84743bdfa0c24cc4d49016f5b0dc1449 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Wed, 10 Apr 2024 17:20:12 +0200 Subject: [PATCH 8/9] Opening invariants in NewDB. Broken due to publicity and opacity being intertwined. Not fixing that --- NewDB/Cargo.toml | 2 +- NewDB/src/assignments.rs | 10 ++++++++-- NewDB/src/clause.rs | 4 ++++ NewDB/src/clause_allocator.rs | 23 ++++++++++++++++------- NewDB/src/clause_manager.rs | 6 +++++- NewDB/src/cref_manager.rs | 9 ++++++--- NewDB/src/formula.rs | 19 +++++++++++++------ NewDB/src/friday.rs | 18 ++++++++++++------ NewDB/src/lit.rs | 15 ++++++++++----- NewDB/src/logic_util.rs | 3 +++ 10 files changed, 78 insertions(+), 31 deletions(-) diff --git a/NewDB/Cargo.toml b/NewDB/Cargo.toml index 5ec05edf..c23f3fb7 100644 --- a/NewDB/Cargo.toml +++ b/NewDB/Cargo.toml @@ -6,4 +6,4 @@ edition = "2021" [dependencies] -creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "5cc6cdd6" } +creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "1357cc97" } diff --git a/NewDB/src/assignments.rs b/NewDB/src/assignments.rs index fd436ee7..fb937df4 100644 --- a/NewDB/src/assignments.rs +++ b/NewDB/src/assignments.rs @@ -7,16 +7,19 @@ use creusot_contracts::{std::clone::Clone, std::*, vec, *}; pub type AssignedState = u8; +#[open] #[logic] fn pos() -> AssignedState { 1u8 } +#[open] #[logic] fn neg() -> AssignedState { 0u8 } +#[open] #[predicate] pub fn unset(v: AssignedState) -> bool { pearlite! { v@ >= 2 } @@ -29,14 +32,16 @@ pub struct Assignments(pub Vec); impl ShallowModel for Assignments { type ShallowModelTy = Seq; - #[logic] + #[open] +#[logic] fn shallow_model(self) -> Self::ShallowModelTy { self.0.shallow_model() } } impl Assignments { - #[predicate] + #[open] +#[predicate] pub fn invariant(self) -> bool { pearlite! { forall 0 <= i && i < self@.len() ==> @@ -45,6 +50,7 @@ impl Assignments { } } +#[open] #[predicate] pub fn complete_inner(a: Seq) -> bool { pearlite! { diff --git a/NewDB/src/clause.rs b/NewDB/src/clause.rs index 993855ba..4a395784 100644 --- a/NewDB/src/clause.rs +++ b/NewDB/src/clause.rs @@ -4,6 +4,7 @@ use creusot_contracts::{logic::FSet, std::*}; use crate::{assignments::*, lit::*}; +#[open] #[predicate] pub(crate) fn clause_sat(clause: FSet, assignments: Seq) -> bool { pearlite! { @@ -11,6 +12,7 @@ pub(crate) fn clause_sat(clause: FSet, assignments: Seq) -> } } +#[open] #[predicate] pub(crate) fn clause_invariant(clause: FSet, num_vars: Int) -> bool { pearlite! { @@ -18,6 +20,7 @@ pub(crate) fn clause_invariant(clause: FSet, num_vars: Int) -> bool { } } +#[open] #[predicate] pub(crate) fn clause_invariant_seq(clause: Seq, num_vars: Int) -> bool { pearlite! { @@ -26,6 +29,7 @@ pub(crate) fn clause_invariant_seq(clause: Seq, num_vars: Int) -> bool { } } +#[open] #[predicate] pub(crate) fn no_duplicate_indexes_inner(clause: Seq) -> bool { pearlite! { diff --git a/NewDB/src/clause_allocator.rs b/NewDB/src/clause_allocator.rs index 68ef9ca0..c2f92a59 100644 --- a/NewDB/src/clause_allocator.rs +++ b/NewDB/src/clause_allocator.rs @@ -12,6 +12,7 @@ pub type CRef = u32; // TODO: This seems to be a non-ideal invariant // TODO: Add more +#[open] #[predicate] pub(crate) fn cref_invariant(cref: Int, clause_allocator: ClauseAllocator, num_vars: Int) -> bool { pearlite! { @@ -22,6 +23,7 @@ pub(crate) fn cref_invariant(cref: Int, clause_allocator: ClauseAllocator, num_v } } +#[open] #[predicate] pub(crate) fn cref_invariant_fset(cref: Int, clause_allocator: ClauseAllocator, num_vars: Int) -> bool { pearlite! { @@ -38,14 +40,16 @@ pub(crate) struct ClauseAllocator { } impl ClauseAllocator { - #[logic] + #[open] +#[logic] //#[ensures(forall 0 <= i && i < (self@.buffer).len() ==> (self@.buffer)[i] == (result@.buffer)[i])] //#[ensures(result@.num_vars == self.num_vars@)] pub(crate) fn push(self, lit: Lit) -> Self { self } - #[predicate] + #[open] +#[predicate] pub(crate) fn extended(self, new: ClauseAllocator) -> bool { pearlite! { forall 0 <= i && i < self.buffer@.len() ==> self.buffer@[i] == new.buffer@[i] @@ -56,12 +60,14 @@ impl ClauseAllocator { } impl ClauseAllocator { - #[predicate] + #[open] +#[predicate] pub(crate) fn invariant(self) -> bool { pearlite! { self@.len() <= u32::MAX@ } } - #[logic] + #[open] +#[logic] //#[requires(cref_invariant(cref, self))] pub(crate) fn get_clause_logic(self, cref: Int) -> Seq { pearlite! { @@ -69,7 +75,8 @@ impl ClauseAllocator { } } - #[logic] + #[open] +#[logic] //#[requires(cref_invariant(cref, self))] pub(crate) fn get_clause_fset(self, cref: Int) -> FSet { pearlite! { @@ -77,7 +84,8 @@ impl ClauseAllocator { } } - #[logic] + #[open] +#[logic] //#[requires(cref_invariant(cref, self))] #[variant(upper - idx)] #[requires(idx >= 0 && upper <= self@.len())] @@ -97,7 +105,8 @@ impl ClauseAllocator { impl ShallowModel for ClauseAllocator { type ShallowModelTy = Seq; - #[logic] + #[open] +#[logic] fn shallow_model(self) -> Self::ShallowModelTy { self.buffer.shallow_model() } diff --git a/NewDB/src/clause_manager.rs b/NewDB/src/clause_manager.rs index fd3c1fda..df16beeb 100644 --- a/NewDB/src/clause_manager.rs +++ b/NewDB/src/clause_manager.rs @@ -13,7 +13,8 @@ pub struct ClauseManager { } impl ClauseManager { - #[predicate] + #[open] +#[predicate] pub(crate) fn invariant(self) -> bool { pearlite! { self.clause_allocator.invariant() @@ -24,6 +25,7 @@ impl ClauseManager { } } +#[open] #[logic] #[requires(learnt_clauses.are_implied_by(original_clauses, ca))] #[ensures(learnt_clauses.are_implied_by(original_clauses, ca.push(lit)))] @@ -32,6 +34,7 @@ fn lemma_implied_by_stable_on_push( ) { } +#[open] #[logic] #[requires(learnt_clauses.are_implied_by(original_clauses, ca))] #[requires(ca.extended(ca2))] @@ -42,6 +45,7 @@ fn lemma_implied_by_stable_on_extension( ) { } +#[open] #[logic] #[requires(learnt_clauses.are_implied_by(original_clauses, ca))] #[requires(ca.num_vars == ca2.num_vars)] diff --git a/NewDB/src/cref_manager.rs b/NewDB/src/cref_manager.rs index 1968bfce..5291e774 100644 --- a/NewDB/src/cref_manager.rs +++ b/NewDB/src/cref_manager.rs @@ -15,14 +15,16 @@ pub struct CRefManager { impl ShallowModel for CRefManager { type ShallowModelTy = Seq; - #[logic] + #[open] +#[logic] fn shallow_model(self) -> Self::ShallowModelTy { self.crefs.shallow_model() } } impl CRefManager { - #[predicate] + #[open] +#[predicate] pub(crate) fn invariant(self, clause_allocator: ClauseAllocator) -> bool { pearlite! { clause_allocator.invariant() @@ -32,7 +34,8 @@ impl CRefManager { } } - #[predicate] + #[open] +#[predicate] pub(crate) fn are_implied_by(self, original_clauses: CRefManager, clause_allocator: ClauseAllocator) -> bool { pearlite! { let formula = Formula::from(self@, clause_allocator, self.num_vars@); diff --git a/NewDB/src/formula.rs b/NewDB/src/formula.rs index 7312986a..23c99bbf 100644 --- a/NewDB/src/formula.rs +++ b/NewDB/src/formula.rs @@ -12,6 +12,7 @@ pub(crate) struct Formula { } /* +#[open] #[logic] #[variant(just.len() - ix)] #[requires(ix >= 0)] @@ -32,7 +33,8 @@ pub fn abs_just_inner(self, just: Seq, ix: Int) -> FSet<(theory::Term, th impl Formula { // TODO: Look at actually implementing from - #[logic] + #[open] +#[logic] #[requires(clause_allocator.invariant())] #[requires(forall 0 <= i && i < crefs.len() ==> cref_invariant(crefs[i]@, clause_allocator, num_vars))] // CRefManager.invariant unwrapped -> TODO: refactor? @@ -43,12 +45,14 @@ impl Formula { Formula { formula: Formula::from_internal(crefs, clause_allocator, 0, num_vars), num_vars } } - #[logic] + #[open] +#[logic] fn insert(self, clause: FSet) -> Formula { Formula { formula: self.formula.insert(clause), num_vars: self.num_vars } } - #[logic] + #[open] +#[logic] //#[variant((clause@_allocator).len() - idx)] #[variant(crefs.len() - idx)] #[requires(idx >= 0)] @@ -70,14 +74,16 @@ impl Formula { } } - #[predicate] + #[open] +#[predicate] pub(crate) fn implies(self, clause: FSet) -> bool { pearlite! { self.eventually_sat_complete() ==> self.insert(clause).eventually_sat_complete() } } - #[predicate] + #[open] +#[predicate] pub(crate) fn eventually_sat_complete(self) -> bool { pearlite! { exists> a.len() == self.num_vars @@ -86,7 +92,8 @@ impl Formula { } } - #[predicate] + #[open] +#[predicate] pub(crate) fn sat(self, a: Seq) -> bool { pearlite! { forall self.formula.contains(c) ==> clause_sat(c, a) diff --git a/NewDB/src/friday.rs b/NewDB/src/friday.rs index 8250e0d0..b9b35be6 100644 --- a/NewDB/src/friday.rs +++ b/NewDB/src/friday.rs @@ -13,7 +13,8 @@ struct Pasn { } impl Assignments { - #[predicate] + #[open] +#[predicate] fn compatible(self, pa: Pasn) -> bool { pearlite! { self.invariant() && @@ -29,7 +30,8 @@ pub struct Formula { } impl Formula { - #[predicate] + #[open] +#[predicate] fn invariant(self) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -37,7 +39,8 @@ impl Formula { } } - #[predicate] + #[open] +#[predicate] fn sat(self, a: Assignments) -> bool { pearlite! { forall 0 <= i && i < self.clauses@.len() ==> @@ -47,7 +50,8 @@ impl Formula { } impl Clause { - #[predicate] + #[open] +#[predicate] fn vars_in_range(self, n: Int) -> bool { pearlite! { forall 0 <= i && i < self.0@.len() ==> @@ -57,7 +61,8 @@ impl Clause { } impl Pasn { - #[predicate] + #[open] +#[predicate] fn invariant(self, n: Int) -> bool { pearlite! { self.ix@ <= self.assign.0@.len() @@ -68,7 +73,8 @@ impl Pasn { } impl Clause { - #[predicate] + #[open] +#[predicate] fn clause_sat_logic(self, a: Assignments) -> bool { pearlite! { exists 0 <= i && i < self.0@.len() && diff --git a/NewDB/src/lit.rs b/NewDB/src/lit.rs index 08160497..08aa2bdf 100644 --- a/NewDB/src/lit.rs +++ b/NewDB/src/lit.rs @@ -12,13 +12,15 @@ pub struct Lit { } impl Lit { - #[logic] + #[open] +#[logic] #[why3::attr = "inline:trivial"] pub fn index_logic(self) -> Int { pearlite! { self.code@ / 2 } } - #[logic] + #[open] +#[logic] #[why3::attr = "inline:trivial"] pub fn is_positive_logic(self) -> bool { pearlite! { self.code@ % 2 == 0 } @@ -26,14 +28,16 @@ impl Lit { } impl Lit { - #[predicate] + #[open] +#[predicate] pub(crate) fn var_in_range(self, n: Int) -> bool { pearlite! { self.index_logic() < n } } - #[predicate] + #[open] +#[predicate] #[why3::attr = "inline:trivial"] pub(crate) fn lit_sat_logic(self, a: Assignments) -> bool { pearlite! { @@ -42,7 +46,8 @@ impl Lit { } // This is the one that is supposed to stay - #[predicate] + #[open] +#[predicate] #[why3::attr = "inline:trivial"] pub(crate) fn sat(self, a: Seq) -> bool { pearlite! { diff --git a/NewDB/src/logic_util.rs b/NewDB/src/logic_util.rs index 799c0ddb..5038c926 100644 --- a/NewDB/src/logic_util.rs +++ b/NewDB/src/logic_util.rs @@ -5,6 +5,7 @@ use creusot_contracts::*; use crate::lit::*; +#[open] #[logic] #[why3::attr = "inline:trivial"] pub(crate) fn bool_as_u8(b: bool) -> u8 { @@ -16,6 +17,7 @@ pub(crate) fn bool_as_u8(b: bool) -> u8 { } } +#[open] #[logic] #[ensures(forall 0 <= i && i < seq.len() ==> result.contains(seq[i]))] #[ensures(forall result.contains(l) ==> exists 0 <= i && i < seq.len() && seq[i] == l)] @@ -25,6 +27,7 @@ pub(crate) fn seq_to_fset(seq: Seq) -> FSet { } } +#[open] #[logic] #[variant(seq.len() - idx)] #[requires(idx >= 0)] From 48620183805a0f18f583ed1b514356b6cf742fd0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sarek=20H=C3=B8verstad=20Skot=C3=A5m?= Date: Wed, 10 Apr 2024 17:40:55 +0200 Subject: [PATCH 9/9] Opening invariants in Scratch. Broken due to publicity and opacity being intertwined. Not fixing that --- Scratch/Cargo.toml | 2 +- Scratch/src/assignments.rs | 6 ++++++ Scratch/src/clause.rs | 27 +++++++++++++++++++++++++++ Scratch/src/formula.rs | 17 +++++++++++++++++ Scratch/src/lit.rs | 31 +++++++++++++++++++++++++------ Scratch/src/logic.rs | 5 +++++ Scratch/src/scratch.rs | 3 +++ 7 files changed, 84 insertions(+), 7 deletions(-) diff --git a/Scratch/Cargo.toml b/Scratch/Cargo.toml index 937c0c7f..97245617 100644 --- a/Scratch/Cargo.toml +++ b/Scratch/Cargo.toml @@ -6,7 +6,7 @@ edition = "2021" [dependencies] clap = "2.33.3" -creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "5cc6cdd6" } +creusot-contracts = { git = "https://github.com/xldenis/creusot", version = "^0", rev = "1357cc97" } # This is just copied verbatim from CreuSAT. [features] diff --git a/Scratch/src/assignments.rs b/Scratch/src/assignments.rs index 26551b15..c6ab5697 100644 --- a/Scratch/src/assignments.rs +++ b/Scratch/src/assignments.rs @@ -16,12 +16,14 @@ pub struct Assignments(pub Vec); impl ShallowModel for Assignments { type ShallowModelTy = Seq; + #[open] #[logic] fn shallow_model(self) -> Self::ShallowModelTy { self.0.shallow_model() } } +#[open] #[predicate] pub fn compatible_inner(a: Seq, a2: Seq) -> bool { pearlite! { @@ -30,6 +32,7 @@ pub fn compatible_inner(a: Seq, a2: Seq) -> bool { } } +#[open] #[predicate] pub fn complete_inner(a: Seq) -> bool { pearlite! { @@ -37,6 +40,7 @@ pub fn complete_inner(a: Seq) -> bool { } } +#[open] #[predicate] pub fn compatible_complete_inner(a: Seq, a2: Seq) -> bool { compatible_inner(a, a2) && complete_inner(a2) @@ -44,6 +48,7 @@ pub fn compatible_complete_inner(a: Seq, a2: Seq) // Predicates impl Assignments { + #[open] #[predicate] pub fn invariant(self, f: Formula) -> bool { pearlite! { @@ -52,6 +57,7 @@ impl Assignments { } } + #[open] #[predicate] pub fn complete(self) -> bool { pearlite! { diff --git a/Scratch/src/clause.rs b/Scratch/src/clause.rs index 10a397f2..6e922749 100644 --- a/Scratch/src/clause.rs +++ b/Scratch/src/clause.rs @@ -15,12 +15,14 @@ pub struct Clause { impl ShallowModel for Clause { type ShallowModelTy = Seq; + #[open] #[logic] fn shallow_model(self) -> Self::ShallowModelTy { self.lits.shallow_model() //.push(self.first)//.push(self.second) } } +#[open] #[predicate] pub fn vars_in_range_inner(s: Seq, n: Int) -> bool { pearlite! { @@ -29,11 +31,13 @@ pub fn vars_in_range_inner(s: Seq, n: Int) -> bool { } } +#[open] #[predicate] pub fn invariant_internal(s: Seq, n: Int) -> bool { vars_in_range_inner(s, n) && no_duplicate_indexes_inner(s) } +#[open] #[predicate] pub fn equisat_extension_inner(c: Clause, f: (Seq, Int)) -> bool { pearlite! { @@ -41,6 +45,7 @@ pub fn equisat_extension_inner(c: Clause, f: (Seq, Int)) -> bool { } } +#[open] #[predicate] pub fn no_duplicate_indexes_inner(s: Seq) -> bool { pearlite! { @@ -56,6 +61,7 @@ pub fn no_duplicate_indexes_inner(s: Seq) -> bool { } impl Clause { + #[open] #[predicate] pub fn post_unit_inner(self, a: Seq) -> bool { pearlite! { @@ -65,6 +71,7 @@ impl Clause { } } + #[open] #[predicate] pub fn no_unset_inner(self, a: Seq) -> bool { pearlite! { @@ -72,11 +79,13 @@ impl Clause { } } + #[open] #[predicate] pub fn post_unit(self, a: Assignments) -> bool { pearlite! { self.post_unit_inner(a@) } } + #[open] #[predicate] pub fn eq_assn_inner(self, a: Seq, a2: Seq) -> bool { pearlite! { @@ -87,11 +96,13 @@ impl Clause { } impl Clause { + #[open] #[predicate] pub fn equisat_extension(self, f: Formula) -> bool { pearlite! { equisat_extension_inner(self, f@) } } + #[open] #[predicate] pub fn same_idx_same_polarity_except(self, other: Clause, exception: Int) -> bool { pearlite! { @@ -102,6 +113,7 @@ impl Clause { } } + #[open] #[predicate] pub fn resolvent_of(self, c: Clause, c2: Clause, k: Int, m: Int) -> bool { pearlite! { @@ -114,6 +126,7 @@ impl Clause { } } + #[open] #[predicate] pub fn in_formula(self, f: Formula) -> bool { pearlite! { @@ -122,6 +135,7 @@ impl Clause { } } + #[open] #[predicate] pub fn in_formula_inner(self, f: (Seq, Int)) -> bool { pearlite! { @@ -129,6 +143,7 @@ impl Clause { } } + #[open] #[predicate] fn unit_inner(self, a: Seq) -> bool { pearlite! { @@ -140,11 +155,13 @@ impl Clause { !self@[j].unset_inner(a)) } } + #[open] #[predicate] pub fn unit(self, a: Assignments) -> bool { pearlite! { self.unit_inner(a@) } } + #[open] #[predicate] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { @@ -153,11 +170,13 @@ impl Clause { } } + #[open] #[predicate] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } + #[open] #[predicate] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { @@ -166,6 +185,7 @@ impl Clause { } } + #[open] #[predicate] pub fn sat(self, a: Assignments) -> bool { pearlite! { @@ -173,31 +193,37 @@ impl Clause { } } + #[open] #[predicate] pub fn unknown(self, a: Assignments) -> bool { !self.sat(a) && !self.unsat(a) } + #[open] #[predicate] pub fn vars_in_range(self, n: Int) -> bool { pearlite! { vars_in_range_inner(self@, n) } } + #[open] #[predicate] pub fn no_duplicate_indexes(self) -> bool { pearlite! { no_duplicate_indexes_inner(self@) } } + #[open] #[predicate] pub fn search_idx_in_range(self) -> bool { pearlite! { 2 <= self.search@ && self.search@ <= self@.len() } } + #[open] #[predicate] pub fn invariant(self, n: Int) -> bool { pearlite! { invariant_internal(self@, n) } } + #[open] #[predicate] pub fn clause_is_seen(self, seen: Vec) -> bool { pearlite! { @@ -206,6 +232,7 @@ impl Clause { } } + #[open] #[predicate] pub fn equals(self, o: Clause) -> bool { pearlite! { diff --git a/Scratch/src/formula.rs b/Scratch/src/formula.rs index f9152569..e70de3f7 100644 --- a/Scratch/src/formula.rs +++ b/Scratch/src/formula.rs @@ -15,12 +15,14 @@ pub struct Formula { impl ShallowModel for Formula { type ShallowModelTy = (Seq, Int); + #[open] #[logic] fn shallow_model(self) -> Self::ShallowModelTy { (self.clauses.shallow_model(), self.num_vars.shallow_model()) } } +#[open] #[predicate] pub fn formula_invariant(f: (Seq, Int)) -> bool { pearlite! { @@ -29,6 +31,7 @@ pub fn formula_invariant(f: (Seq, Int)) -> bool { } } +#[open] #[predicate] pub fn formula_sat_inner(f: (Seq, Int), a: Seq) -> bool { pearlite! { @@ -37,6 +40,7 @@ pub fn formula_sat_inner(f: (Seq, Int), a: Seq) -> bool { } } +#[open] #[predicate] pub fn eventually_sat_complete(f: (Seq, Int)) -> bool { pearlite! { @@ -44,6 +48,7 @@ pub fn eventually_sat_complete(f: (Seq, Int)) -> bool { } } +#[open] #[predicate] fn equisat(f: (Seq, Int), o: (Seq, Int)) -> bool { pearlite! { @@ -53,6 +58,7 @@ fn equisat(f: (Seq, Int), o: (Seq, Int)) -> bool { // Predicates impl Formula { + #[open] #[predicate] pub fn eventually_sat_complete(self) -> bool { pearlite! { @@ -60,11 +66,13 @@ impl Formula { } } + #[open] #[predicate] pub fn equisat(self, o: Formula) -> bool { self.eventually_sat_complete() == o.eventually_sat_complete() } + #[open] #[predicate] #[cfg_attr(feature = "trust_formula_logic", trusted)] #[ensures(result == self.invariant_mirror())] // Removing this makes a bunch of seemingly unrelated things fail @@ -72,6 +80,7 @@ impl Formula { pearlite! { formula_invariant(self@) } } + #[open] #[predicate] fn invariant_mirror(self) -> bool { pearlite! { @@ -84,6 +93,7 @@ impl Formula { } } + #[open] #[predicate] fn eventually_sat_inner(self, a: Seq) -> bool { pearlite! { @@ -91,6 +101,7 @@ impl Formula { } } + #[open] #[predicate] fn eventually_sat_complete_inner(self, a: Seq) -> bool { pearlite! { @@ -98,11 +109,13 @@ impl Formula { } } + #[open] #[predicate] fn eventually_sat(self, a: Assignments) -> bool { pearlite! { self.eventually_sat_inner(a@)} } + #[open] #[predicate] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { @@ -111,11 +124,13 @@ impl Formula { } } + #[open] #[predicate] pub fn sat(self, a: Assignments) -> bool { pearlite! { formula_sat_inner(self@, a@) } } + #[open] #[predicate] fn unsat_inner(self, a: Seq) -> bool { pearlite! { @@ -124,11 +139,13 @@ impl Formula { } } + #[open] #[predicate] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } + #[open] #[predicate] pub fn not_satisfiable(self) -> bool { pearlite! { exists c@.len() == 0 && c.equisat_extension(self) } diff --git a/Scratch/src/lit.rs b/Scratch/src/lit.rs index 99492376..2d2a446a 100644 --- a/Scratch/src/lit.rs +++ b/Scratch/src/lit.rs @@ -17,6 +17,7 @@ pub struct Lit { impl ShallowModel for Lit { type ShallowModelTy = Lit; + #[open] #[logic] fn shallow_model(self) -> Self { self @@ -27,12 +28,14 @@ impl ShallowModel for Lit { impl DeepModel for Lit { type DeepModelTy = Lit; + #[open] #[logic] fn deep_model(self) -> Self { self } } +#[open] #[predicate] //#[ensures(result == self.lit_in_internalc@)] #[why3::attr = "inline:trivial"] @@ -45,24 +48,28 @@ pub fn idx_in_logic(idx: Int, c: Seq) -> bool { // Logic impl Lit { + #[open] #[logic] #[why3::attr = "inline:trivial"] pub fn index_logic(self) -> Int { pearlite! { self.idx@ } } + #[open] #[logic] #[why3::attr = "inline:trivial"] pub fn is_positive_logic(self) -> bool { pearlite! { self.polarity } } + #[open] #[logic] #[why3::attr = "inline:trivial"] pub fn to_watchidx_logic(self) -> Int { pearlite! { self.index_logic() * 2 + if self.is_positive_logic() { 0 } else { 1 } } } + #[open] #[logic] #[why3::attr = "inline:trivial"] pub fn to_neg_watchidx_logic(self) -> Int { @@ -72,6 +79,7 @@ impl Lit { // Predicates impl Lit { + #[open] #[predicate] pub fn is_opp(self, o: Lit) -> bool { pearlite! { @@ -79,16 +87,19 @@ impl Lit { } } + #[open] #[predicate] pub fn lit_in_internal(self, c: Seq) -> bool { pearlite! { exists 0 <= i && i < c.len() && c[i] == self } } + #[open] #[predicate] pub fn lit_in(self, c: Clause) -> bool { pearlite! { exists 0 <= i && i < c@.len() && c@[i] == self } } + #[open] #[predicate] pub fn lit_idx_in(self, c: Clause) -> bool { pearlite! { @@ -97,11 +108,13 @@ impl Lit { } } + #[open] #[predicate] pub fn invariant(self, n: Int) -> bool { pearlite! { self.index_logic() < n } } + #[open] #[predicate] pub fn sat_inner(self, a: Seq) -> bool { pearlite! { @@ -112,6 +125,7 @@ impl Lit { } } + #[open] #[predicate] pub fn unsat_inner(self, a: Seq) -> bool { pearlite! { @@ -122,33 +136,38 @@ impl Lit { } } + #[open] #[predicate] pub fn unset_inner(self, a: Seq) -> bool { pearlite! { a[self.index_logic()]@ >= 2 } } + #[open] #[predicate] pub fn sat(self, a: Assignments) -> bool { pearlite! { self.sat_inner(a@) } } + #[open] #[predicate] pub fn unset(self, a: Assignments) -> bool { pearlite! { self.unset_inner(a@) } } + #[open] #[predicate] pub fn unsat(self, a: Assignments) -> bool { pearlite! { self.unsat_inner(a@) } } /* + #[open] #[predicate] - pub fn idx_in_trail(self, t: Vec) -> bool { - pearlite! { - exists 0 <= i && i < (@t).len() && - (@t)[i].lit.index_logic() == self.index_logic() + pub fn idx_in_trail(self, t: Vec) -> bool { + pearlite! { + exists 0 <= i && i < (@t).len() && + (@t)[i].lit.index_logic() == self.index_logic() + } } - } - */ + */ } diff --git a/Scratch/src/logic.rs b/Scratch/src/logic.rs index 6143f730..2fad19e8 100644 --- a/Scratch/src/logic.rs +++ b/Scratch/src/logic.rs @@ -4,16 +4,19 @@ use creusot_contracts::*; use crate::assignments::*; +#[open] #[logic] fn pos() -> AssignedState { 1u8 } +#[open] #[logic] fn neg() -> AssignedState { 0u8 } +#[open] #[predicate] pub fn unset(v: AssignedState) -> bool { pearlite! { @@ -26,6 +29,7 @@ pub fn unset(v: AssignedState) -> bool { } #[cfg_attr(feature = "trust_logic_logic", trusted)] +#[open] #[logic] #[ensures(b ==> result@ == 1)] #[ensures(!b ==> result@ == 0)] @@ -37,6 +41,7 @@ pub fn bool_to_assignedstate(b: bool) -> AssignedState { } } +#[open] #[logic] fn flip_v(v: AssignedState) -> AssignedState { pearlite! { diff --git a/Scratch/src/scratch.rs b/Scratch/src/scratch.rs index 8fad41bf..7b0b8c1d 100644 --- a/Scratch/src/scratch.rs +++ b/Scratch/src/scratch.rs @@ -9,6 +9,7 @@ use crate::{assignments::*, clause::*, formula::*, lit::*}; //#[cfg_attr(feature = "trust_trail_logic", trusted)] /* +#[open] #[logic] #[requires(f.invariant())] #[requires(t.invariant(f))] @@ -20,11 +21,13 @@ use crate::{assignments::*, clause::*, formula::*, lit::*}; pub fn lemma_push_maintains_lit_not_in_less(t: Trail, f: Formula, step: Step) {} */ +#[open] #[logic] #[requires(c.sat(a))] #[ensures(forall c2@.permutation_of(c@) ==> c2.sat(a))] pub fn lemma_clause_permuted_maintains_sat(c: Clause, a: Assignments) {} +#[open] #[logic] #[requires(c.unsat(a))] #[ensures(forall c2@.permutation_of(c@) ==> c2.unsat(a))]