diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 000000000..71b334ff8 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "hax-lib/core-models"] + path = hax-lib/core-models + url = https://github.com/cryspen/rust-core-models diff --git a/Cargo.toml b/Cargo.toml index 294a9b8e9..0177dd51f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -17,7 +17,7 @@ members = [ "rust-engine", "rust-engine/macros", ] -exclude = ["tests", "rustc-coverage-tests", "rust-engine/tests", "hax-lib/core-models"] +exclude = ["tests", "rustc-coverage-tests", "rust-engine/tests", "hax-lib/core-models", "hax-lib/std"] default-members = [ "frontend/exporter", "frontend/exporter/options", diff --git a/engine/backends/fstar/fstar_backend.ml b/engine/backends/fstar/fstar_backend.ml index 35fbb37cb..cd767e024 100644 --- a/engine/backends/fstar/fstar_backend.ml +++ b/engine/backends/fstar/fstar_backend.ml @@ -829,13 +829,9 @@ struct | GCType { goal; name } -> let typ = c_trait_goal span goal in Some { kind = Tcresolve; ident = F.id name; typ } - | GCProjection { impl = { kind = LocalBound { id }; _ }; assoc_item; typ } - -> - let proj = - F.term - @@ F.AST.Project - (F.term @@ F.AST.Var (F.lid [ id ]), pconcrete_ident assoc_item) - in + | GCProjection { impl; assoc_item; typ } -> + let* i = pimpl_expr span impl in + let proj = F.term @@ F.AST.Project (i, pconcrete_ident assoc_item) in let typ = F.mk_refined "_" (F.term_of_string "unit") (fun ~x -> F.term diff --git a/hax-lib/core-models b/hax-lib/core-models new file mode 160000 index 000000000..763267761 --- /dev/null +++ b/hax-lib/core-models @@ -0,0 +1 @@ +Subproject commit 76326776162faa2e2862f8f24dd9547d511e7b0a diff --git a/hax-lib/core-models/.gitignore b/hax-lib/core-models/.gitignore deleted file mode 100644 index 2930fe7d2..000000000 --- a/hax-lib/core-models/.gitignore +++ /dev/null @@ -1 +0,0 @@ -proofs diff --git a/hax-lib/core-models/Cargo.lock b/hax-lib/core-models/Cargo.lock deleted file mode 100644 index 4cf50f716..000000000 --- a/hax-lib/core-models/Cargo.lock +++ /dev/null @@ -1,366 +0,0 @@ -# This file is automatically @generated by Cargo. -# It is not intended for manual editing. -version = 4 - -[[package]] -name = "alloc" -version = "0.1.0" -dependencies = [ - "hax-lib", - "rust_primitives", -] - -[[package]] -name = "autocfg" -version = "1.5.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" - -[[package]] -name = "bumpalo" -version = "3.19.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "46c5e41b57b8bba42a04676d81cb89e9ee8e859a1a66f80a5a72e1cb76b34d43" - -[[package]] -name = "cfg-if" -version = "1.0.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2fd1289c04a9ea8cb22300a459a72a385d7c73d3259e2ed7dcb2af674838cfa9" - -[[package]] -name = "core-models" -version = "0.1.0" -dependencies = [ - "hax-lib", - "pastey", - "rust_primitives", -] - -[[package]] -name = "getrandom" -version = "0.3.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "26145e563e54f2cadc477553f1ec5ee650b00862f0a58bcd12cbdc5f0ea2d2f4" -dependencies = [ - "cfg-if", - "libc", - "r-efi", - "wasi", -] - -[[package]] -name = "hax-lib" -version = "0.3.6" -dependencies = [ - "hax-lib-macros", - "num-bigint", - "num-traits", -] - -[[package]] -name = "hax-lib-macros" -version = "0.3.6" -dependencies = [ - "hax-lib-macros-types", - "proc-macro-error2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "hax-lib-macros-types" -version = "0.3.6" -dependencies = [ - "proc-macro2", - "quote", - "serde", - "serde_json", - "uuid", -] - -[[package]] -name = "itoa" -version = "1.0.15" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "4a5f13b858c8d314ee3e8f639011f7ccefe71f97f96e50151fb991f267928e2c" - -[[package]] -name = "js-sys" -version = "0.3.77" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1cfaf33c695fc6e08064efbc1f72ec937429614f25eef83af942d0e227c3a28f" -dependencies = [ - "once_cell", - "wasm-bindgen", -] - -[[package]] -name = "libc" -version = "0.2.175" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a82ae493e598baaea5209805c49bbf2ea7de956d50d7da0da1164f9c6d28543" - -[[package]] -name = "log" -version = "0.4.27" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "13dc2df351e3202783a1fe0d44375f7295ffb4049267b0f3018346dc122a1d94" - -[[package]] -name = "memchr" -version = "2.7.5" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "32a282da65faaf38286cf3be983213fcf1d2e2a58700e808f83f4ea9a4804bc0" - -[[package]] -name = "num-bigint" -version = "0.4.6" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" -dependencies = [ - "num-integer", - "num-traits", -] - -[[package]] -name = "num-integer" -version = "0.1.46" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" -dependencies = [ - "num-traits", -] - -[[package]] -name = "num-traits" -version = "0.2.19" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" -dependencies = [ - "autocfg", -] - -[[package]] -name = "once_cell" -version = "1.21.3" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "42f5e15c9953c5e4ccceeb2e7382a716482c34515315f7b03532b8b4e8393d2d" - -[[package]] -name = "pastey" -version = "0.1.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec" - -[[package]] -name = "proc-macro-error-attr2" -version = "2.0.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" -dependencies = [ - "proc-macro2", - "quote", -] - -[[package]] -name = "proc-macro-error2" -version = "2.0.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" -dependencies = [ - "proc-macro-error-attr2", - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "proc-macro2" -version = "1.0.101" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "89ae43fd86e4158d6db51ad8e2b80f313af9cc74f5c0e03ccb87de09998732de" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "quote" -version = "1.0.40" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1885c039570dc00dcb4ff087a89e185fd56bae234ddc7f056a945bf36467248d" -dependencies = [ - "proc-macro2", -] - -[[package]] -name = "r-efi" -version = "5.3.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f" - -[[package]] -name = "rand_core" -version = "0.1.0" - -[[package]] -name = "rust_primitives" -version = "0.1.0" -dependencies = [ - "hax-lib", - "pastey", -] - -[[package]] -name = "rustversion" -version = "1.0.22" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" - -[[package]] -name = "ryu" -version = "1.0.20" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "28d3b2b1366ec20994f1fd18c3c594f05c5dd4bc44d8bb0c1c632c8d6829481f" - -[[package]] -name = "serde" -version = "1.0.219" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5f0e2c6ed6606019b4e29e69dbaba95b11854410e5347d525002456dbbb786b6" -dependencies = [ - "serde_derive", -] - -[[package]] -name = "serde_derive" -version = "1.0.219" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5b0276cf7f2c73365f7157c8123c21cd9a50fbbd844757af28ca1f5925fc2a00" -dependencies = [ - "proc-macro2", - "quote", - "syn", -] - -[[package]] -name = "serde_json" -version = "1.0.143" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d401abef1d108fbd9cbaebc3e46611f4b1021f714a0597a71f41ee463f5f4a5a" -dependencies = [ - "itoa", - "memchr", - "ryu", - "serde", -] - -[[package]] -name = "std" -version = "0.1.0" -dependencies = [ - "core-models", - "hax-lib", -] - -[[package]] -name = "syn" -version = "2.0.106" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "ede7c438028d4436d71104916910f5bb611972c5cfd7f89b8300a8186e6fada6" -dependencies = [ - "proc-macro2", - "quote", - "unicode-ident", -] - -[[package]] -name = "unicode-ident" -version = "1.0.18" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "5a5f39404a5da50712a4c1eecf25e90dd62b613502b7e925fd4e4d19b5c96512" - -[[package]] -name = "uuid" -version = "1.18.1" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f87b8aa10b915a06587d0dec516c282ff295b475d94abf425d62b57710070a2" -dependencies = [ - "getrandom", - "js-sys", - "wasm-bindgen", -] - -[[package]] -name = "wasi" -version = "0.14.3+wasi-0.2.4" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "6a51ae83037bdd272a9e28ce236db8c07016dd0d50c27038b3f407533c030c95" -dependencies = [ - "wit-bindgen", -] - -[[package]] -name = "wasm-bindgen" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1edc8929d7499fc4e8f0be2262a241556cfc54a0bea223790e71446f2aab1ef5" -dependencies = [ - "cfg-if", - "once_cell", - "rustversion", - "wasm-bindgen-macro", -] - -[[package]] -name = "wasm-bindgen-backend" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "2f0a0651a5c2bc21487bde11ee802ccaf4c51935d0d3d42a6101f98161700bc6" -dependencies = [ - "bumpalo", - "log", - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-macro" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "7fe63fc6d09ed3792bd0897b314f53de8e16568c2b3f7982f468c0bf9bd0b407" -dependencies = [ - "quote", - "wasm-bindgen-macro-support", -] - -[[package]] -name = "wasm-bindgen-macro-support" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "8ae87ea40c9f689fc23f209965b6fb8a99ad69aeeb0231408be24920604395de" -dependencies = [ - "proc-macro2", - "quote", - "syn", - "wasm-bindgen-backend", - "wasm-bindgen-shared", -] - -[[package]] -name = "wasm-bindgen-shared" -version = "0.2.100" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "1a05d73b933a847d6cccdda8f838a22ff101ad9bf93e33684f39c1f5f0eece3d" -dependencies = [ - "unicode-ident", -] - -[[package]] -name = "wit-bindgen" -version = "0.45.0" -source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "052283831dbae3d879dc7f51f3d92703a316ca49f91540417d38591826127814" diff --git a/hax-lib/core-models/Cargo.toml b/hax-lib/core-models/Cargo.toml deleted file mode 100644 index 4820c5fca..000000000 --- a/hax-lib/core-models/Cargo.toml +++ /dev/null @@ -1,19 +0,0 @@ -[package] -name = "core-models" -version = "0.1.0" -edition = "2024" - -[dependencies] -pastey = "0.1.1" -rust_primitives = { "path" = "rust_primitives" } -hax-lib.workspace = true - -[workspace.dependencies] -hax-lib = { "path" = ".." } - -# Workaround for https://github.com/rust-lang/cargo/issues/6745 -[workspace] -members = ["alloc", "rand_core", "rust_primitives", "std"] - -[lints.rust] -unexpected_cfgs = { level = "warn", check-cfg = ['cfg(hax)', 'cfg(hax_compilation)', 'cfg(hax_backend_fstar)'] } diff --git a/hax-lib/core-models/README.md b/hax-lib/core-models/README.md deleted file mode 100644 index 414942080..000000000 --- a/hax-lib/core-models/README.md +++ /dev/null @@ -1,64 +0,0 @@ -This crate contains a partial model of Rust core that should preserve the same types signatures and behaviour as the original Rust core library. It only contains code that can be extracted with hax and used in `proof-libs` to give a model to Rust core items in the different hax backends. - -## Contributing - -Currently the only backend supported is F*, and the extracted models coexist with hand-written F* models. When a new module is added, the hand-written version should be deleted and replaced by the generated one. `.hax.sh extract` takes care of extracting and placing the result in `proof-libs`. - -## Style considerations - -Here is a list of things to pay attention to when contributing to the models: -* When using the `Fn` traits, the syntax shortcuts `Fn(T) -> U` are not available for the model traits. We need to write `Fn` -* The `core::mem::take`, `core::mem::swap`, etc. functions cannot be given a good model that fits the Rust interface, we can only use unsafe or the original version, or change the interface to something corresponding to the interface of translated code (state passing instead of `&mut`). - -## Adding new models - -To add new models, you should place yourself in the right module (create it if it doesn't already exist) corresponding to where it is located in Rust core. Then create the items with the same interface as in Rust (the Rust documentation is a good source of information, or sometimes the actual code). The interface can be slightly modified sometimes (removing `const`, or traits that we erase with hax). The code you write for the body can also be based on the real code if it is simple enough, or you can write something new that models the behaviour. - -## Tests - -This is a work in progress. All models should be executable, then the test strategy will be to test the model against its reference (probably with a property-based testing framework). Once the infrastructure is in place, all new models should come with tests. The extracted code should also be tested in each backend (to make sure the naming is correct, and basic proofs using the items can work). - -## Relying on primitives - -Some primitive operations are easier to model directly using the backend's language (integers, arithmetic, sequence-like data structures, etc.). This can happen in two different ways: -- Implicitly: integer types and arithmetic operations, array and slice types can be used directly. Hax has a special treatment of them, so any use in the core models implicitly refers to their implementation in Rust primitives (implemented manually for each backend) -- Explicitly: some more specific arithmetic operations, sequences, etc. are available in the rust_primitives crate. This crate provides all the other definitions that need a manual model in each backend. The definitions from this crate can be used in core models, but the crate itself is not extracted. - -## Example - -The `core::options` module is a good example. It mostly contains the definition of the `Option` enum which can be copied: - -```Rust -pub enum Option { - Some(T), - None, -} -``` - -Most functions can be defined in a very similar way to the original versions like: -```Rust -pub fn is_some(&self) -> bool { - matches!(*self, Some(_)) -} -``` -The definition is exactly the same except that it is not `const`, and the attributes have been removed. - -Whenever we take functions/closures as argument there is a bit more modification to be done. Indeed, we must use the `FnOnce` trait from our models and not the original one. For example: - -```rust -pub const fn is_some_and(self, f: impl [const] FnOnce(T) -> bool + [const] Destruct) -> bool { - match self { - None => false, - Some(x) => f(x), - } -} -``` -becomes -```rust -pub fn is_some_and>(self, f: F) -> bool { - match self { - None => false, - Some(x) => f.call_once(x), - } -} -``` diff --git a/hax-lib/core-models/alloc/Cargo.toml b/hax-lib/core-models/alloc/Cargo.toml deleted file mode 100644 index fedad0e3c..000000000 --- a/hax-lib/core-models/alloc/Cargo.toml +++ /dev/null @@ -1,9 +0,0 @@ -[package] -name = "alloc" -version = "0.1.0" -edition = "2024" - -[dependencies] - -rust_primitives = {path = "../rust_primitives"} -hax-lib.workspace = true diff --git a/hax-lib/core-models/alloc/src/lib.rs b/hax-lib/core-models/alloc/src/lib.rs deleted file mode 100644 index 0763da290..000000000 --- a/hax-lib/core-models/alloc/src/lib.rs +++ /dev/null @@ -1,361 +0,0 @@ -mod alloc { - pub struct Global; -} - -mod borrow { - struct Cow(T); - - pub trait ToOwned { - fn to_owned(self) -> Self; - } - impl ToOwned for T { - fn to_owned(self) -> Self { - self - } - } -} - -mod boxed { - pub struct Box(pub T); - impl Box { - // Hax removes boxes, so this should be the identity - fn new(v: T) -> T { - v - } - } -} - -mod collections { - // All implementations are dummy (for interfaces only) - - mod binary_heap { - #[hax_lib::fstar::before("open Rust_primitives.Notations")] - use crate::vec::*; - struct BinaryHeap(Vec); - - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - impl BinaryHeap<(), ()> {} - - #[hax_lib::attributes] - impl BinaryHeap { - fn new() -> BinaryHeap { - BinaryHeap(Vec( - rust_primitives::sequence::seq_empty(), - std::marker::PhantomData::, - )) - } - #[hax_lib::requires(self.len() < core::primitive::usize::MAX)] - fn push(&mut self, v: T) { - self.0.push(v) - } - #[hax_lib::ensures(|res| (self.len() > 0) == res.is_some())] - fn pop(&mut self) -> Option { - let mut max: Option<&T> = None; - let mut index = 0; - for i in 0..self.len() { - hax_lib::loop_invariant!(|i: usize| (i > 0) == max.is_some()); - if max.is_none_or(|max| self.0[i] > *max) { - max = Some(&self.0[i]); - index = i; - } - } - if max.is_some() { - Some(self.0.remove(index)) - } else { - None - } - } - } - - #[hax_lib::attributes] - impl BinaryHeap { - fn len(&self) -> usize { - self.0.len() - } - - #[hax_lib::ensures(|res| (self.len() > 0) == res.is_some())] - fn peek(&self) -> Option<&T> { - let mut max: Option<&T> = None; - for i in 0..self.len() { - hax_lib::loop_invariant!(|i: usize| (i > 0) == max.is_some()); - if max.is_none_or(|max| self.0[i] > *max) { - max = Some(&self.0[i]); - } - } - max - } - } - - #[hax_lib::fstar::after(" -assume val lemma_peek_pop: #t:Type -> (#a: Type) -> (#i: Core_models.Cmp.t_Ord t) -> h: t_BinaryHeap t a - -> Lemma (impl_11__peek h == snd (impl_10__pop h)) - [SMTPat (impl_11__peek #t #a h)] - ")] - use core::*; - } - mod btree { - mod set { - #[hax_lib::opaque] - struct BTreeSet(Option, Option); - - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - impl BTreeSet<(), ()> {} - - impl BTreeSet { - fn new() -> BTreeSet { - BTreeSet(None, None) - } - } - } - } - mod vec_deque { - use rust_primitives::sequence::*; - pub struct VecDeque(pub Seq, std::marker::PhantomData); - - impl VecDeque<(), ()> {} - impl VecDeque<(), ()> {} - impl VecDeque<(), ()> {} - impl VecDeque<(), ()> {} - impl VecDeque<(), ()> {} - - impl VecDeque { - #[hax_lib::opaque] - fn push_back(&mut self, x: T) {} - fn len(&self) -> usize { - seq_len(&self.0) - } - fn pop_front(&mut self) -> Option { - if self.len() == 0 { - None - } else { - Some(seq_last(&self.0)) - } - } - } - - impl std::ops::Index for VecDeque { - type Output = T; - fn index(&self, i: usize) -> &T { - seq_index(&self.0, i) - } - } - } -} - -mod fmt { - #[hax_lib::opaque] - fn format(args: core::fmt::Arguments) -> String { - String::new() - } -} - -mod slice { - #[hax_lib::exclude] - struct Dummy(T); - - use super::vec::Vec; - use rust_primitives::sequence::*; - - impl Dummy { - fn to_vec(s: &[T]) -> Vec { - Vec( - seq_from_slice(s), - std::marker::PhantomData::, - ) - } - fn into_vec(s: Box<&[T]>) -> Vec { - Vec(seq_from_slice(*s), std::marker::PhantomData::) - } - #[hax_lib::opaque] - fn sort_by core::cmp::Ordering>(s: &mut [T], compare: F) {} - } -} - -mod string { - use rust_primitives::string::*; - - struct String(&'static str); - impl String { - fn new() -> Self { - String("") - } - fn push_str(&mut self, other: &'static str) { - *self = String(str_concat(self.0, other)) - } - fn push(&mut self, c: char) { - *self = String(str_concat(self.0, str_of_char(c))) - } - fn pop(&mut self) -> Option { - let l = self.0.len(); - if l > 0 { - *self = String(str_sub(self.0, 0, l - 1)); - Some(str_index(self.0, l - 1)) - } else { - None - } - } - } -} - -pub mod vec { - // TODO drain (to be done with iterators) - use hax_lib::ToInt; - use rust_primitives::sequence::*; - - pub struct Vec(pub Seq, pub std::marker::PhantomData); - - fn from_elem(item: T, len: usize) -> Vec { - Vec( - seq_create(item, len), - std::marker::PhantomData::, - ) - } - - #[hax_lib::attributes] - impl Vec { - pub fn new() -> Vec { - Vec( - seq_empty(), - std::marker::PhantomData::, - ) - } - pub fn with_capacity(_c: usize) -> Vec { - Vec::new() - } - } - - #[hax_lib::attributes] - impl Vec { - pub fn len(&self) -> usize { - seq_len(&self.0) - } - #[hax_lib::requires(seq_len(&self.0) < usize::MAX)] - pub fn push(&mut self, x: T) { - seq_concat(&mut self.0, &seq_one(x)) - } - pub fn pop(&mut self) -> Option { - if seq_len(&self.0) > 0 { - let last = seq_last(&self.0); - self.0 = seq_slice(&self.0, 0, seq_len(&self.0) - 1); - Some(last) - } else { - None - } - } - pub fn is_empty(&self) -> bool { - seq_len(&self.0) == 0 - } - #[hax_lib::requires(index <= seq_len(&self.0) && seq_len(&self.0) < usize::MAX)] - pub fn insert(&mut self, index: usize, element: T) { - let mut left = seq_slice(&self.0, 0, index); - let right = seq_slice(&self.0, index, seq_len(&self.0)); - seq_concat(&mut left, &seq_one(element)); - seq_concat(&mut left, &right); - self.0 = left; - } - pub fn as_slice(&self) -> &[T] { - seq_to_slice(&self.0) - } - #[hax_lib::opaque] - pub fn truncate(&mut self, n: usize) {} - #[hax_lib::opaque] - pub fn swap_remove(&mut self, n: usize) -> T { - seq_last(&self.0) - } - #[hax_lib::opaque] - #[hax_lib::ensures(|_| future(self).len() == new_size)] - pub fn resize(&mut self, new_size: usize, value: &T) {} - #[hax_lib::opaque] - pub fn remove(&mut self, index: usize) -> T { - seq_last(&self.0) - } - #[hax_lib::opaque] - pub fn clear(&mut self) {} - #[hax_lib::requires(self.len().to_int() + other.len().to_int() <= usize::MAX.to_int())] - pub fn append(&mut self, other: &mut Vec) { - seq_concat(&mut self.0, &other.0); - other.0 = seq_empty() - } - #[hax_lib::opaque] - pub fn drain */>(&mut self, _range: R) -> drain::Drain { - drain::Drain( - seq_slice(&self.0, 0, self.len()), - std::marker::PhantomData::, - ) // TODO use range bounds - } - } - pub mod drain { - use rust_primitives::sequence::*; - pub struct Drain(pub Seq, pub std::marker::PhantomData); - impl Iterator for Drain { - type Item = T; - fn next(&mut self) -> Option { - if seq_len(&self.0) == 0 { - Option::None - } else { - let res = seq_first(&self.0); - self.0 = seq_slice(&self.0, 1, seq_len(&self.0)); - Option::Some(res) - } - } - } - } - - #[hax_lib::attributes] - impl Vec { - #[hax_lib::requires(seq_len(&s.0).to_int() + other.len().to_int() <= usize::MAX.to_int())] - fn extend_from_slice(s: &mut Vec, other: &[T]) { - seq_concat(&mut s.0, &seq_from_slice(other)) - } - } - - #[hax_lib::attributes] - impl std::ops::Index for Vec { - type Output = T; - #[hax_lib::requires(i < self.len())] - fn index(&self, i: usize) -> &T { - seq_index(&self.0, i) - } - } - - #[hax_lib::attributes] - impl core::ops::Deref for Vec { - type Target = [T]; - - fn deref(&self) -> &[T] { - self.as_slice() - } - } - - #[hax_lib::attributes] - #[hax_lib::opaque] - impl std::iter::FromIterator for Vec { - fn from_iter(iter: I) -> Self - where - I: IntoIterator, - { - let mut res = Vec::new(); - for el in iter { - res.push(el) - } - res - } - } -} diff --git a/hax-lib/core-models/rand_core/Cargo.toml b/hax-lib/core-models/rand_core/Cargo.toml deleted file mode 100644 index 154a72eb0..000000000 --- a/hax-lib/core-models/rand_core/Cargo.toml +++ /dev/null @@ -1,6 +0,0 @@ -[package] -name = "rand_core" -version = "0.1.0" -edition = "2024" - -[dependencies] diff --git a/hax-lib/core-models/rand_core/src/lib.rs b/hax-lib/core-models/rand_core/src/lib.rs deleted file mode 100644 index 062dff3c0..000000000 --- a/hax-lib/core-models/rand_core/src/lib.rs +++ /dev/null @@ -1,23 +0,0 @@ -pub trait RngCore { - // Required methods - fn next_u32(&mut self) -> u32; - fn next_u64(&mut self) -> u64; - fn fill_bytes(&mut self, dst: &mut [u8]); -} - -pub trait CryptoRng: RngCore {} - -mod os { - pub struct OsRng; - // Dummy impl - impl super::RngCore for OsRng { - fn next_u32(&mut self) -> u32 { - 0 - } - fn next_u64(&mut self) -> u64 { - 0 - } - fn fill_bytes(&mut self, dst: &mut [u8]) {} - } - impl super::CryptoRng for OsRng {} -} diff --git a/hax-lib/core-models/rust_primitives/Cargo.toml b/hax-lib/core-models/rust_primitives/Cargo.toml deleted file mode 100644 index 1bfe4c963..000000000 --- a/hax-lib/core-models/rust_primitives/Cargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[package] -name = "rust_primitives" -version = "0.1.0" -edition = "2024" - -[dependencies] -pastey = "0.1.1" -hax-lib.workspace = true diff --git a/hax-lib/core-models/rust_primitives/src/lib.rs b/hax-lib/core-models/rust_primitives/src/lib.rs deleted file mode 100644 index 913959021..000000000 --- a/hax-lib/core-models/rust_primitives/src/lib.rs +++ /dev/null @@ -1,211 +0,0 @@ -#![allow(unused_variables)] - -pub mod slice { - pub fn slice_length(s: &[T]) -> usize { - unimplemented!("This is a stub that is implemented in each backend") - } - #[hax_lib::requires(mid <= slice_length(s))] - pub fn slice_split_at(s: &[T], mid: usize) -> (&[T], &[T]) { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn slice_contains(s: &[T], v: T) -> bool { - unimplemented!("This is a stub that is implemented in each backend") - } - #[hax_lib::requires(i < slice_length(s))] - pub fn slice_index(s: &[T], i: usize) -> &T { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn slice_slice(s: &[T], b: usize, e: usize) -> &[T] { - unimplemented!("This is a stub that is implemented in each backend") - } - // In the following two functions, F is actually a function type. - // Not constraining that here allows to call it with closures, - // or to pass parameters that implement the `Fn` trait for core_models. - // Each backend can type `f` as needed. - pub fn array_from_fn(f: F) -> [T; N] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn array_map(s: [T; N], f: F) -> [U; N] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn array_as_slice(s: &[T; N]) -> &[T] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn array_slice(a: &[T; N], b: usize, e: usize) -> &[T] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn array_index(a: &[T; N], i: usize) -> &T { - unimplemented!("This is a stub that is implemented in each backend") - } -} - -pub mod sequence { - pub struct Seq(Option); - pub fn seq_empty() -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_from_slice(_s: &[T]) -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_from_array(_s: [T; N]) -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_to_slice(_s: &Seq) -> &[T] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_concat(s1: &mut Seq, s2: &Seq) { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_one(x: T) -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_create(x: T, n: usize) -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_len(s: &Seq) -> usize { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_slice(s: &Seq, b: usize, e: usize) -> Seq { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_last(s: &Seq) -> T { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_first(s: &Seq) -> T { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn seq_index(s: &Seq, i: usize) -> &T { - unimplemented!("This is a stub that is implemented in each backend") - } -} - -pub mod string { - pub fn str_concat(s1: &'static str, s2: &'static str) -> &'static str { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn str_of_char(c: char) -> &'static str { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn str_sub(s: &'static str, b: usize, e: usize) -> &'static str { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn str_index(s: &'static str, i: usize) -> char { - unimplemented!("This is a stub that is implemented in each backend") - } -} - -pub mod mem { - pub fn replace<'a, T: ?Sized>(dest: &'a mut T, src: &'a T) -> &'a T { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn copy(x: &T) -> T { - unimplemented!("This is a stub that is implemented in each backend") - } -} - -pub mod arithmetic { - use pastey::paste; - - macro_rules! arithmetic_ops { - ( - types: $t:ident, - ops: $($op:ident)*, - overflowing_ops: $($ov_op:ident)*, - ) => { - paste!{ - $(pub fn [<$op _ $t>](x: $t, y: $t) -> $t { - unimplemented!("This is a stub that is implemented in each backend") - })* - $(pub fn [<$ov_op _ $t>](x: $t, y: $t) -> ($t, bool) { - unimplemented!("This is a stub that is implemented in each backend") - })* - } - }; - - ( - types: $first_t:ident $($t:ident)+, - ops: $($op:ident)*, - overflowing_ops: $($ov_op:ident)*, - ) => { - arithmetic_ops!(types: $first_t, ops: $($op)*, overflowing_ops: $($ov_op)*,); - arithmetic_ops!(types: $($t)*, ops: $($op)*, overflowing_ops: $($ov_op)*,); - }; - - } - - macro_rules! all_ops { - ( - $($Self: ident)*, - $($Bytes: expr)*, - ) => { - paste! { - $( - pub fn [](x: $Self, exp: u32) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](x: $Self) -> u32 { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](x: $Self, n: u32) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](x: $Self, n: u32) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](x: $Self) -> u32 { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](x: $Self) -> u32 { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](bytes: [u8; $Bytes]) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](bytes: [u8; $Bytes]) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](bytes: $Self) -> [u8; $Bytes] { - unimplemented!("This is a stub that is implemented in each backend") - } - pub fn [](bytes: $Self) -> [u8; $Bytes] { - unimplemented!("This is a stub that is implemented in each backend") - })* - } - } - } - - macro_rules! signed_ops { - ($($Self: ident)*) => { - paste! { - $( - pub fn [](x: $Self) -> $Self { - unimplemented!("This is a stub that is implemented in each backend") - } - )* - } - } - } - - // Rust inlines these values, for now we model usize by u64 - // eventually we could try to define in the backend as 32 or 64 - pub const SIZE_BYTES: usize = 8; - pub const SIZE_BITS: u32 = 64; - pub const USIZE_MAX: usize = u64::MAX as usize; - pub const ISIZE_MAX: isize = i64::MAX as isize; - pub const ISIZE_MIN: isize = i64::MIN as isize; - - arithmetic_ops! { - types: u8 u16 u32 u64 u128 usize i8 i16 i32 i64 i128 isize, - ops: wrapping_add saturating_add wrapping_sub saturating_sub wrapping_mul saturating_mul rem_euclid, - overflowing_ops: overflowing_add overflowing_sub overflowing_mul, - } - - all_ops! { - u8 u16 u32 u64 u128 usize i8 i16 i32 i64 i128 isize, - 1 2 4 8 16 SIZE_BYTES 1 2 4 8 16 SIZE_BYTES, - } - - signed_ops! { - i8 i16 i32 i64 i128 isize - } -} diff --git a/hax-lib/core-models/src/core/array.rs b/hax-lib/core-models/src/core/array.rs deleted file mode 100644 index 41443e5d0..000000000 --- a/hax-lib/core-models/src/core/array.rs +++ /dev/null @@ -1,128 +0,0 @@ -use rust_primitives::{sequence::*, slice::*}; - -pub struct TryFromSliceError; - -// Dummy type to allow impls -#[hax_lib::exclude] -struct Dummy([T; N]); - -// Dummy impls to get the right disambiguator (https://github.com/cryspen/hax/issues/828) -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} -impl Dummy {} - -impl Dummy { - pub fn map, U>( - s: [T; N], - f: fn(T) -> U, // We cannot use type `F` because it is incompatible with `array_map` - ) -> [U; N] { - array_map(s, f) - } - pub fn as_slice(s: &[T; N]) -> &[T] { - array_as_slice(s) - } -} - -pub fn from_fn>( - f: fn(usize) -> T, // We cannot use type `F` because it is incompatible with `array_from_fn` -) -> [T; N] { - array_from_fn(f) -} - -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl crate::iter::traits::collect::IntoIterator for [T; N] { - type IntoIter = iter::IntoIter; - fn into_iter(self) -> iter::IntoIter { - iter::IntoIter(seq_from_array(self)) - } -} - -use crate::ops::{ - index::Index, - range::{Range, RangeFrom, RangeFull, RangeTo}, -}; - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index for [T; N] { - type Output = T; - #[hax_lib::requires(i < self.len())] - fn index(&self, i: usize) -> &T { - rust_primitives::slice::array_index(self, i) - } -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for [T; N] { - type Output = [T]; - #[hax_lib::requires(i.start <= i.end && i.end <= self.len())] - fn index(&self, i: Range) -> &[T] { - array_slice(self, i.start, i.end) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for [T; N] { - type Output = [T]; - #[hax_lib::requires(i.end <= self.len())] - fn index(&self, i: RangeTo) -> &[T] { - array_slice(self, 0, i.end) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for [T; N] { - type Output = [T]; - #[hax_lib::requires(i.start <= self.len())] - fn index(&self, i: RangeFrom) -> &[T] { - array_slice(self, i.start, N) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index for [T; N] { - type Output = [T]; - fn index(&self, i: RangeFull) -> &[T] { - array_slice(self, 0, N) - } -} - -mod iter { - use crate::option::Option; - use rust_primitives::sequence::*; - pub struct IntoIter(pub Seq); - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl crate::iter::traits::iterator::Iterator for IntoIter { - type Item = T; - fn next(&mut self) -> Option { - if seq_len(&self.0) == 0 { - Option::None - } else { - let res = seq_first(&self.0); - self.0 = seq_slice(&self.0, 1, seq_len(&self.0)); - Option::Some(res) - } - } - } -} diff --git a/hax-lib/core-models/src/core/borrow.rs b/hax-lib/core-models/src/core/borrow.rs deleted file mode 100644 index 0aef292d5..000000000 --- a/hax-lib/core-models/src/core/borrow.rs +++ /dev/null @@ -1,3 +0,0 @@ -trait Borrow { - fn borrow(&self) -> Borrowed; -} diff --git a/hax-lib/core-models/src/core/clone.rs b/hax-lib/core-models/src/core/clone.rs deleted file mode 100644 index 86245b2a9..000000000 --- a/hax-lib/core-models/src/core/clone.rs +++ /dev/null @@ -1,21 +0,0 @@ -// In F* we replace the definition to have the equality a value -// and its clone. -// We need to consume self, instead of taking a reference, otherwise Rust would -// not allow returning an owned Self. This is the same after going through hax. -#[hax_lib::fstar::replace( - "class t_Clone self = { - f_clone_pre: self -> Type0; - f_clone_post: self -> self -> Type0; - f_clone: x:self -> r:self {x == r} -}" -)] -pub trait Clone { - fn clone(self) -> Self; -} - -// In our model, everything is clonable -impl Clone for T { - fn clone(self) -> Self { - self - } -} diff --git a/hax-lib/core-models/src/core/cmp.rs b/hax-lib/core-models/src/core/cmp.rs deleted file mode 100644 index 41e45c3ff..000000000 --- a/hax-lib/core-models/src/core/cmp.rs +++ /dev/null @@ -1,181 +0,0 @@ -use crate::option::Option; - -#[hax_lib::attributes] -pub trait PartialEq -where - Rhs: ?Sized, -{ - #[hax_lib::requires(true)] - fn eq(&self, other: &Rhs) -> bool; -} - -pub trait Eq: PartialEq {} - -pub enum Ordering { - Less = -1, - Equal = 0, - Greater = 1, -} - -#[hax_lib::attributes] -pub trait PartialOrd: PartialEq -where - Rhs: ?Sized, -{ - #[hax_lib::requires(true)] - fn partial_cmp(&self, other: &Rhs) -> Option; -} - -// These methods in core are provided using trait defaults, but this is not supported by hax -// so we have to define them in a different way. -#[hax_lib::attributes] -trait Neq { - #[hax_lib::requires(true)] - fn neq(&self, y: &Rhs) -> bool; -} - -impl> Neq for T { - fn neq(&self, y: &T) -> bool { - // Not using negation is a workaround for the F* lib - self.eq(y) == false - } -} - -#[hax_lib::attributes] -trait PartialOrdDefaults { - #[hax_lib::requires(true)] - fn lt(&self, y: &Rhs) -> bool - where - Self: PartialOrd; - #[hax_lib::requires(true)] - fn le(&self, y: &Rhs) -> bool - where - Self: PartialOrd; - #[hax_lib::requires(true)] - fn gt(&self, y: &Rhs) -> bool - where - Self: PartialOrd; - #[hax_lib::requires(true)] - fn ge(&self, y: &Rhs) -> bool - where - Self: PartialOrd; -} - -impl> PartialOrdDefaults for T { - fn lt(&self, y: &T) -> bool - where - T: PartialOrd, - { - matches!(self.partial_cmp(y), Option::Some(Ordering::Less)) - } - fn le(&self, y: &T) -> bool - where - T: PartialOrd, - { - matches!( - self.partial_cmp(y), - Option::Some(Ordering::Less | Ordering::Equal) - ) - } - fn gt(&self, y: &T) -> bool - where - T: PartialOrd, - { - matches!(self.partial_cmp(y), Option::Some(Ordering::Greater)) - } - fn ge(&self, y: &T) -> bool - where - T: PartialOrd, - { - matches!( - self.partial_cmp(y), - Option::Some(Ordering::Greater | Ordering::Equal) - ) - } -} - -#[hax_lib::attributes] -pub trait Ord: Eq + PartialOrd { - #[hax_lib::requires(true)] - fn cmp(&self, other: &Self) -> Ordering; -} - -pub fn max(v1: T, v2: T) -> T { - match v1.cmp(&v2) { - Ordering::Greater => v1, - _ => v2, - } -} - -pub fn min(v1: T, v2: T) -> T { - match v1.cmp(&v2) { - Ordering::Greater => v2, - _ => v1, - } -} - -pub struct Reverse(pub T); - -impl> PartialOrd> for Reverse { - fn partial_cmp(&self, other: &Reverse) -> Option { - other.0.partial_cmp(&self.0) - } -} - -impl> PartialEq> for Reverse { - fn eq(&self, other: &Reverse) -> bool { - other.0.eq(&self.0) - } -} - -impl Eq for Reverse {} - -impl Ord for Reverse { - fn cmp(&self, other: &Reverse) -> Ordering { - other.0.cmp(&self.0) - } -} - -macro_rules! int_impls { - ($($t:ty)*) => ($( - #[hax_lib::attributes] - impl PartialOrd<$t> for $t { - #[hax_lib::ensures(|res| { - match res { - Option::Some(Ordering::Less) => self < other, - Option::Some(Ordering::Equal) => self == other, - Option::Some(Ordering::Greater) => self > other, - Option::None => false - } - })] - fn partial_cmp(&self, other: &Self) -> Option { - if self < other {Option::Some(Ordering::Less)} - else if self > other {Option::Some(Ordering::Greater)} - else {Option::Some(Ordering::Equal)} - } - } - #[hax_lib::attributes] - impl Ord for $t { - #[hax_lib::ensures(|res| { - match res { - Ordering::Less => self < other, - Ordering::Equal => self == other, - Ordering::Greater => self > other, - } - })] - fn cmp(&self, other: &Self) -> Ordering { - if self < other {Ordering::Less} - else if self > other {Ordering::Greater} - else {Ordering::Equal} - } - } - impl PartialEq<$t> for $t { - fn eq(&self, other: &Self) -> bool { - self == other - } - } - impl Eq for $t {} - )*) -} - -int_impls! { u8 i8 u16 i16 u32 i32 u64 i64 u128 i128 usize isize } diff --git a/hax-lib/core-models/src/core/convert.rs b/hax-lib/core-models/src/core/convert.rs deleted file mode 100644 index 22163e2dd..000000000 --- a/hax-lib/core-models/src/core/convert.rs +++ /dev/null @@ -1,141 +0,0 @@ -use super::result::Result; - -#[hax_lib::attributes] -trait TryInto { - type Error; - #[hax_lib::requires(true)] - fn try_into(self) -> Result; -} - -#[hax_lib::attributes] -trait Into { - #[hax_lib::requires(true)] - fn into(self) -> T; -} - -#[hax_lib::attributes] -trait From { - #[hax_lib::requires(true)] - fn from(x: T) -> Self; -} - -#[hax_lib::attributes] -trait TryFrom: Sized { - type Error; - #[hax_lib::requires(true)] - fn try_from(x: T) -> Result; -} - -impl> Into for T { - fn into(self) -> U { - U::from(self) - } -} - -pub struct Infallible; - -impl> TryFrom for U { - type Error = Infallible; - fn try_from(x: T) -> Result { - Result::Ok(U::from(x)) - } -} - -use crate::array::TryFromSliceError; -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl TryFrom<&[T]> for [T; N] { - type Error = TryFromSliceError; - fn try_from(x: &[T]) -> Result<[T; N], TryFromSliceError> { - if x.len() == N { - Result::Ok(rust_primitives::slice::array_from_fn(|i| { - *rust_primitives::slice::slice_index(x, i) - })) - } else { - Result::Err(TryFromSliceError) - } - } -} - -impl> TryInto for T { - type Error = U::Error; - fn try_into(self) -> Result { - U::try_from(self) - } -} - -impl From for T { - fn from(x: T) -> Self { - x - } -} - -#[hax_lib::attributes] -trait AsRef { - #[hax_lib::requires(true)] - fn as_ref(self) -> T; -} - -impl AsRef for T { - fn as_ref(self) -> T { - self - } -} - -macro_rules! int_from { - ( - $($From_t: ident)*, - $($To_t: ident)*, - ) => { - $( - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl From<$From_t> for $To_t { - fn from(x: $From_t) -> $To_t { - x as $To_t - } - } - )* - } -} - -use super::num::error::TryFromIntError; - -macro_rules! int_try_from { - ( - $($From_t: ident)*, - $($To_t: ident)*, - ) => { - $( - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl TryFrom<$From_t> for $To_t { - type Error = TryFromIntError; - fn try_from(x: $From_t) -> Result<$To_t, TryFromIntError> { - if x > ($To_t::MAX as $From_t) || x < ($To_t::MIN as $From_t) { - Result::Err(TryFromIntError(())) - } else { - Result::Ok(x as $To_t) - } - } - } - )* - } -} - -int_from! { - u8 u8 u16 u8 u16 u32 u8 u16 u32 u64 usize u8 u16, - u16 u32 u32 u64 u64 u64 u128 u128 u128 u128 u128 usize usize, -} - -int_from! { - i8 i8 i16 i8 i16 i32 i8 i16 i32 i64 isize i8 i16, - i16 i32 i32 i64 i64 i64 i128 i128 i128 i128 i128 isize isize, -} - -int_try_from! { - u16 u32 u32 u32 u64 u64 u64 u64 u128 u128 u128 u128 u128 usize usize usize usize, - u8 u8 u16 usize u8 u16 u32 usize u8 u16 u32 u64 usize u8 u16 u32 u64, -} - -int_try_from! { - i16 i32 i32 i32 i64 i64 i64 i64 i128 i128 i128 i128 i128 isize isize isize isize, - i8 i8 i16 isize i8 i16 i32 isize i8 i16 i32 i64 isize i8 i16 i32 i64, -} diff --git a/hax-lib/core-models/src/core/default.rs b/hax-lib/core-models/src/core/default.rs deleted file mode 100644 index 8f3dd081e..000000000 --- a/hax-lib/core-models/src/core/default.rs +++ /dev/null @@ -1,5 +0,0 @@ -#[hax_lib::attributes] -pub trait Default { - #[hax_lib::requires(true)] - fn default() -> Self; -} diff --git a/hax-lib/core-models/src/core/error.rs b/hax-lib/core-models/src/core/error.rs deleted file mode 100644 index 83c388d84..000000000 --- a/hax-lib/core-models/src/core/error.rs +++ /dev/null @@ -1,3 +0,0 @@ -use super::fmt::{Debug, Display}; - -pub trait Error: Display + Debug {} diff --git a/hax-lib/core-models/src/core/f32.rs b/hax-lib/core-models/src/core/f32.rs deleted file mode 100644 index 0d3233899..000000000 --- a/hax-lib/core-models/src/core/f32.rs +++ /dev/null @@ -1,10 +0,0 @@ -#[allow(non_camel_case_types)] -#[hax_lib::exclude] -struct f32; - -impl f32 { - #[hax_lib::opaque] - fn abs(x: f64) -> f64 { - panic!() - } -} diff --git a/hax-lib/core-models/src/core/fmt.rs b/hax-lib/core-models/src/core/fmt.rs deleted file mode 100644 index 6dddc14a9..000000000 --- a/hax-lib/core-models/src/core/fmt.rs +++ /dev/null @@ -1,107 +0,0 @@ -#![allow(unused_variables)] - -pub struct Error; - -pub type Result = super::result::Result<(), Error>; - -pub struct Formatter; - -pub trait Display { - fn fmt(&self, f: &mut Formatter) -> Result; -} - -pub trait Debug { - fn dbg_fmt(&self, f: &mut Formatter) -> Result; -} - -pub struct Arguments<'a>(&'a ()); - -impl Debug for T { - fn dbg_fmt(&self, f: &mut Formatter) -> Result { - Result::Ok(()) - } -} - -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> {} -impl<'a> Arguments<'a> { - fn write_fmt(f: &mut Formatter, args: Arguments) -> Result { - Result::Ok(()) - } -} - -mod rt { - #[hax_lib::opaque] - // The internals of this are not important in this model - enum ArgumentType<'a> { - Placeholder { - /* value: NonNull<()>, - formatter: unsafe fn(NonNull<()>, &mut Formatter<'_>) -> Result, */ - _lifetime: std::marker::PhantomData<&'a ()>, - }, - /* Count(u16), */ - } - - pub struct Argument<'a> { - ty: ArgumentType<'a>, - } - - impl Argument<'_> { - #[hax_lib::opaque] - fn new_display(x: &T) -> Self { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn new_debug(x: &T) -> Self { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn new_lower_hex(x: &T) -> Self { - crate::panicking::internal::panic() - } - } - impl<'a> Argument<'a> { - #[hax_lib::opaque] - fn new_binary(x: &T) -> Self { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn new_const(x: &T, y: &U) -> super::Arguments<'a> { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn new_v1(x: &T, y: &U, z: &V, t: &W) -> super::Arguments<'a> { - crate::panicking::internal::panic() - } - fn none() -> [Self; 0] { - [] - } - #[hax_lib::opaque] - fn new_v1_formatted(x: &T, y: &U, z: &V) -> super::Arguments<'a> { - crate::panicking::internal::panic() - } - } - - enum Count { - Is(u16), - Param(u16), - Implied, - } - - struct Placeholder { - position: usize, - flags: u32, - precision: Count, - width: Count, - } - - struct UnsafeArg; -} diff --git a/hax-lib/core-models/src/core/hash.rs b/hax-lib/core-models/src/core/hash.rs deleted file mode 100644 index 98a516a99..000000000 --- a/hax-lib/core-models/src/core/hash.rs +++ /dev/null @@ -1,14 +0,0 @@ -pub trait Hasher {} - -#[hax_lib::attributes] -pub trait Hash { - #[hax_lib::requires(true)] - fn hash(&self, h: H) -> H; -} - -// Temporary -impl Hash for T { - fn hash(&self, h: H) -> H { - crate::panicking::internal::panic() - } -} diff --git a/hax-lib/core-models/src/core/hint.rs b/hax-lib/core-models/src/core/hint.rs deleted file mode 100644 index c8150e4fd..000000000 --- a/hax-lib/core-models/src/core/hint.rs +++ /dev/null @@ -1,9 +0,0 @@ -#[hax_lib::ensures(|res| fstar!("$res == $dummy"))] -pub fn black_box(dummy: T) -> T { - dummy -} - -#[hax_lib::ensures(|res| fstar!("$res == $value"))] -pub fn must_use(value: T) -> T { - value -} diff --git a/hax-lib/core-models/src/core/iter.rs b/hax-lib/core-models/src/core/iter.rs deleted file mode 100644 index fe5c346bc..000000000 --- a/hax-lib/core-models/src/core/iter.rs +++ /dev/null @@ -1,343 +0,0 @@ -// This model of iterators doesn't respect the signatures of the original definitions in Rust core. -// We avoid default implementations for trait methods, and instead provide them as external to the trait. -// This means overriding them is not possible. -// We also avoid the coinductivity between `IntoIter` and `Iterator`. - -pub mod traits { - pub mod iterator { - use super::super::adapters::{ - enumerate::Enumerate, flat_map::FlatMap, flatten::Flatten, map::Map, step_by::StepBy, - take::Take, zip::Zip, - }; - use crate::ops::function::*; - use crate::option::Option; - #[hax_lib::attributes] - pub trait Iterator { - type Item; - #[hax_lib::requires(true)] - fn next(&mut self) -> Option; - } - - // This trait is an addition to deal with the default methods that the F* backend doesn't handle - trait IteratorMethods: Iterator { - fn fold>(self, init: B, f: F) -> B; - fn enumerate(self) -> Enumerate - where - Self: Sized; - fn step_by(self, step: usize) -> StepBy - where - Self: Sized; - fn map>(self, f: F) -> Map - where - Self: Sized; - fn all>(self, f: F) -> bool; - fn take(self, n: usize) -> Take - where - Self: Sized; - fn flat_map>( - self, - f: F, - ) -> FlatMap - where - Self: Sized; - fn flatten(self) -> Flatten - where - Self::Item: Iterator, - Self: Sized; - fn zip(self, it2: I2) -> Zip - where - Self: Sized; - } - - impl IteratorMethods for I { - fn fold>(mut self, init: B, f: F) -> B { - let mut accum = init; - /* while let Option::Some(x) = self.next() { - accum = f.call_once((accum, x)); - } */ - accum - } - - fn enumerate(self) -> Enumerate { - Enumerate::new(self) - } - - fn step_by(self, step: usize) -> StepBy { - StepBy::new(self, step) - } - - fn map>(self, f: F) -> Map { - Map::new(self, f) - } - - fn all>(mut self, f: F) -> bool { - /* while let Option::Some(x) = self.next() { - if !f.call_once(x) { - return false; - } - } */ - true - } - - fn take(self, n: usize) -> Take { - Take::new(self, n) - } - - fn flat_map>( - self, - f: F, - ) -> FlatMap { - FlatMap::new(self, f) - } - - fn flatten(self) -> Flatten - where - I::Item: Iterator, - { - Flatten::new(self) - } - - fn zip(self, it2: I2) -> Zip { - Zip::new(self, it2) - } - } - - impl super::collect::IntoIterator for I { - type IntoIter = Self; - fn into_iter(self) -> Self { - self - } - } - - // TODO rev: DoubleEndedIterator? - } - pub mod collect { - pub trait IntoIterator { - // Ignoring type Item, and trait bound Iterator to avoid coinduction - // type Item; - type IntoIter; //: Iterator - fn into_iter(self) -> Self::IntoIter; - } - #[hax_lib::attributes] - pub trait FromIterator: Sized { - #[hax_lib::requires(true)] - fn from_iter(iter: T) -> Self; - } - } -} - -pub mod adapters { - pub mod enumerate { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - pub struct Enumerate { - iter: I, - count: usize, - } - impl Enumerate { - pub fn new(iter: I) -> Enumerate { - Enumerate { iter, count: 0 } - } - } - impl Iterator for Enumerate { - type Item = (usize, ::Item); - - fn next(&mut self) -> Option<(usize, ::Item)> { - match self.iter.next() { - Option::Some(a) => { - let i = self.count; - // TODO check what to do here. It would be bad to have an iterator with - // more than usize::MAX elements, this could be a requirement (but hard to formulate). - hax_lib::assume!(self.count < usize::MAX); - self.count += 1; - Option::Some((i, a)) - } - Option::None => Option::None, - } - } - } - } - pub mod step_by { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - pub struct StepBy { - iter: I, - step: usize, - } - impl StepBy { - pub fn new(iter: I, step: usize) -> Self { - StepBy { iter, step } - } - } - - #[hax_lib::opaque] - impl Iterator for StepBy { - type Item = ::Item; - - fn next(&mut self) -> Option<::Item> { - for _ in 1..self.step { - if let Option::None = self.iter.next() { - return Option::None; - } - } - self.iter.next() - } - } - } - pub mod map { - pub struct Map { - iter: I, - f: F, - } - impl Map { - pub fn new(iter: I, f: F) -> Self { - Self { iter, f } - } - } - use super::super::traits::iterator::Iterator; - use crate::ops::function::*; - use crate::option::Option; - impl> Iterator for Map { - type Item = O; - - fn next(&mut self) -> Option { - match self.iter.next() { - Option::Some(v) => Option::Some(self.f.call_once(v)), - Option::None => Option::None, - } - } - } - } - pub mod take { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - pub struct Take { - iter: I, - n: usize, - } - impl Take { - pub fn new(iter: I, n: usize) -> Take { - Take { iter, n } - } - } - impl Iterator for Take { - type Item = ::Item; - - fn next(&mut self) -> Option<::Item> { - if self.n != 0 { - self.n -= 1; - self.iter.next() - } else { - Option::None - } - } - } - } - pub mod flat_map { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - pub struct FlatMap { - it: I, - f: F, - current: Option, - } - impl> FlatMap { - pub fn new(it: I, f: F) -> Self { - Self { - it, - f, - current: Option::None, - } - } - } - use crate::ops::function::*; - #[hax_lib::opaque] - impl> Iterator for FlatMap { - type Item = U::Item; - fn next(&mut self) -> Option { - loop { - if let Option::Some(current_it) = &mut self.current - && let Option::Some(v) = current_it.next() - { - return Option::Some(v); - } else { - match self.it.next() { - Option::Some(c) => self.current = Option::Some(self.f.call_once(c)), - Option::None => return Option::None, - } - } - } - } - } - } - pub mod flatten { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - #[hax_lib::fstar::before("noeq")] // https://github.com/cryspen/hax/issues/1810 - pub struct Flatten - where - I::Item: Iterator, - { - it: I, - current: Option, - } - impl Flatten - where - I::Item: Iterator, - { - pub fn new(it: I) -> Self { - Self { - it, - current: Option::None, - } - } - } - #[hax_lib::opaque] - impl Iterator for Flatten - where - I::Item: Iterator, - { - type Item = <::Item as Iterator>::Item; - fn next(&mut self) -> Option<<::Item as Iterator>::Item> { - loop { - if let Option::Some(current_it) = &mut self.current - && let Option::Some(v) = current_it.next() - { - return Option::Some(v); - } else { - match self.it.next() { - Option::Some(c) => self.current = Option::Some(c), - Option::None => return Option::None, - } - } - } - } - } - } - pub mod zip { - use super::super::traits::iterator::Iterator; - use crate::option::Option; - pub struct Zip { - it1: I1, - it2: I2, - } - impl Zip { - pub fn new(it1: I1, it2: I2) -> Self { - Self { it1, it2 } - } - } - #[hax_lib::opaque] - impl Iterator for Zip { - type Item = (I1::Item, I2::Item); - fn next(&mut self) -> Option { - match self.it1.next() { - Option::Some(v1) => match self.it2.next() { - Option::Some(v2) => Option::Some((v1, v2)), - Option::None => Option::None, - }, - Option::None => Option::None, - } - } - } - } -} diff --git a/hax-lib/core-models/src/core/marker.rs b/hax-lib/core-models/src/core/marker.rs deleted file mode 100644 index b0dec8a50..000000000 --- a/hax-lib/core-models/src/core/marker.rs +++ /dev/null @@ -1,17 +0,0 @@ -use super::clone::Clone; - -pub trait Copy: Clone {} -pub trait Send {} -pub trait Sync {} -pub trait Sized {} -pub trait StructuralPartialEq {} - -// In our models, all types implement those marker traits -impl Send for T {} -impl Sync for T {} -impl Sized for T {} -impl Copy for T {} - -#[hax_lib::fstar::replace("type t_PhantomData (v_T: Type0) = | PhantomData : t_PhantomData v_T")] -#[hax_lib::lean::replace("structure PhantomData (T : Type) where")] -struct PhantomData(T); diff --git a/hax-lib/core-models/src/core/mem.rs b/hax-lib/core-models/src/core/mem.rs deleted file mode 100644 index 31c948f17..000000000 --- a/hax-lib/core-models/src/core/mem.rs +++ /dev/null @@ -1,106 +0,0 @@ -#![allow(unused_variables)] - -use super::marker::Copy; - -#[hax_lib::opaque] -pub fn forget(t: T) { - panic!() -} - -#[hax_lib::opaque] -pub fn forget_unsized(t: T) { - panic!() -} - -#[hax_lib::opaque] -pub fn size_of() -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn size_of_val(val: &T) -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn min_align_of() -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn min_align_of_val(val: &T) -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn align_of() -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn align_of_val(val: &T) -> usize { - panic!() -} - -#[hax_lib::opaque] -pub unsafe fn align_of_val_raw(val: T) -> usize { - panic!() -} - -#[hax_lib::opaque] -pub fn needs_drop() -> bool { - panic!() -} - -#[hax_lib::opaque] -pub unsafe fn uninitialized() -> T { - panic!() -} - -#[hax_lib::opaque] -pub fn swap(x: &mut T, y: &mut T) { - panic!() -} - -#[hax_lib::opaque] -pub fn replace(dest: &mut T, src: T) -> T { - panic!() -} - -#[hax_lib::opaque] -pub fn drop(_x: T) {} - -pub fn copy(x: &T) -> T { - rust_primitives::mem::copy(x) -} - -#[hax_lib::opaque] -pub unsafe fn take(x: &mut T) -> T { - panic!() -} - -#[hax_lib::opaque] -pub unsafe fn transmute_copy(src: &Src) -> Dst { - panic!() -} - -#[hax_lib::opaque] -pub fn variant_count() -> usize { - panic!() -} - -#[hax_lib::opaque] -pub unsafe fn zeroed() -> T { - panic!() -} - -#[hax_lib::opaque] -pub unsafe fn transmute(src: Src) -> Dst { - panic!() -} - -mod manually_drop { - pub struct ManuallyDrop { - value: T, - } -} diff --git a/hax-lib/core-models/src/core/num/error.rs b/hax-lib/core-models/src/core/num/error.rs deleted file mode 100644 index d685363da..000000000 --- a/hax-lib/core-models/src/core/num/error.rs +++ /dev/null @@ -1,20 +0,0 @@ -//! Error types for conversion to integral types. -#![allow(unused_variables)] - -pub struct TryFromIntError(pub(crate) ()); - -pub struct ParseIntError { - pub(super) kind: IntErrorKind, -} - -// Because of representations, enums bring a dependency to isize. -// TODO Fix the dependency issue and add `IntErrorKind` -/* pub enum IntErrorKind { - Empty, - InvalidDigit, - PosOverflow, - NegOverflow, - Zero, -} */ - -pub struct IntErrorKind; diff --git a/hax-lib/core-models/src/core/num/mod.rs b/hax-lib/core-models/src/core/num/mod.rs deleted file mode 100644 index a232ec645..000000000 --- a/hax-lib/core-models/src/core/num/mod.rs +++ /dev/null @@ -1,427 +0,0 @@ -#![allow(non_camel_case_types, unused_variables)] - -use crate::result::Result; -use pastey::paste; - -pub mod error; - -use rust_primitives::arithmetic::*; - -macro_rules! uint_impl { - ( - $Self: ty, - $Name: ty, - $Max: expr, - $Bits: expr, - $Bytes: expr, - ) => { - #[hax_lib::attributes] - impl $Name { - pub const MIN: $Self = 0; - pub const MAX: $Self = $Max; - pub const BITS: core::primitive::u32 = $Bits; - fn wrapping_add(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_add(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_add(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_add(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() + y.to_int() - && x.to_int() + y.to_int() <= Self::MAX.to_int() - { - Option::Some(x + y) - } else { - Option::None - } - } - fn wrapping_sub(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_sub(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_sub(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_sub(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() - y.to_int() - && x.to_int() - y.to_int() <= Self::MAX.to_int() - { - Option::Some(x - y) - } else { - Option::None - } - } - fn wrapping_mul(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_mul(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_mul(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_mul(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() * y.to_int() - && x.to_int() * y.to_int() <= Self::MAX.to_int() - { - Option::Some(x * y) - } else { - Option::None - } - } - #[hax_lib::requires(y != 0)] - fn rem_euclid(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn pow(x: $Self, exp: core::primitive::u32) -> $Self { - paste! { [](x, exp) } - } - fn count_ones(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::opaque] - fn rotate_right(x: $Self, n: core::primitive::u32) -> $Self { - paste! { [](x, n) } - } - #[hax_lib::opaque] - fn rotate_left(x: $Self, n: core::primitive::u32) -> $Self { - paste! { [](x, n) } - } - #[hax_lib::opaque] - fn leading_zeros(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::opaque] - fn ilog2(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::opaque] - fn from_str_radix( - src: &str, - radix: core::primitive::u32, - ) -> Result<$Self, error::ParseIntError> { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn from_be_bytes(bytes: [core::primitive::u8; $Bytes]) -> $Self { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn from_le_bytes(bytes: [core::primitive::u8; $Bytes]) -> $Self { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn to_be_bytes(bytes: $Self) -> [core::primitive::u8; $Bytes] { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn to_le_bytes(bytes: $Self) -> [core::primitive::u8; $Bytes] { - paste! { [](bytes) } - } - } - }; -} - -use crate::option::Option; -use hax_lib::int::ToInt; - -macro_rules! iint_impl { - ( - $Self: ty, - $Name: ty, - $Max: expr, - $Min: expr, - $Bits: expr, - $Bytes: expr, - ) => { - #[hax_lib::attributes] - impl $Name { - pub const MIN: $Self = $Min; - pub const MAX: $Self = $Max; - pub const BITS: core::primitive::u32 = $Bits; - fn wrapping_add(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_add(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_add(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_add(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() + y.to_int() - && x.to_int() + y.to_int() <= Self::MAX.to_int() - { - Option::Some(x + y) - } else { - Option::None - } - } - fn wrapping_sub(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_sub(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_sub(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_sub(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() - y.to_int() - && x.to_int() - y.to_int() <= Self::MAX.to_int() - { - Option::Some(x - y) - } else { - Option::None - } - } - fn wrapping_mul(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn saturating_mul(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn overflowing_mul(x: $Self, y: $Self) -> ($Self, bool) { - paste! { [](x, y) } - } - fn checked_mul(x: $Self, y: $Self) -> Option<$Self> { - if Self::MIN.to_int() <= x.to_int() * y.to_int() - && x.to_int() * y.to_int() <= Self::MAX.to_int() - { - Option::Some(x * y) - } else { - Option::None - } - } - #[hax_lib::requires(y != 0)] - fn rem_euclid(x: $Self, y: $Self) -> $Self { - paste! { [](x, y) } - } - fn pow(x: $Self, exp: core::primitive::u32) -> $Self { - paste! { [](x, exp) } - } - fn count_ones(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::requires(x > $Self::MIN)] - fn abs(x: $Self) -> $Self { - paste! { [](x) } - } - #[hax_lib::opaque] - fn rotate_right(x: $Self, n: core::primitive::u32) -> $Self { - paste! { [](x, n) } - } - #[hax_lib::opaque] - fn rotate_left(x: $Self, n: core::primitive::u32) -> $Self { - paste! { [](x, n) } - } - #[hax_lib::opaque] - fn leading_zeros(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::opaque] - fn ilog2(x: $Self) -> core::primitive::u32 { - paste! { [](x) } - } - #[hax_lib::opaque] - fn from_str_radix( - src: &str, - radix: core::primitive::u32, - ) -> Result<$Self, error::ParseIntError> { - crate::panicking::internal::panic() - } - #[hax_lib::opaque] - fn from_be_bytes(bytes: [core::primitive::u8; $Bytes]) -> $Self { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn from_le_bytes(bytes: [core::primitive::u8; $Bytes]) -> $Self { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn to_be_bytes(bytes: $Self) -> [core::primitive::u8; $Bytes] { - paste! { [](bytes) } - } - #[hax_lib::opaque] - fn to_le_bytes(bytes: $Self) -> [core::primitive::u8; $Bytes] { - paste! { [](bytes) } - } - } - }; -} - -// These types are a trick to define impls on the right names as -// it is forbidden to do it on primitive types -#[hax_lib::exclude] -pub struct u8; -#[hax_lib::exclude] -pub struct u16; -#[hax_lib::exclude] -pub struct u32; -#[hax_lib::exclude] -pub struct u64; -#[hax_lib::exclude] -pub struct u128; -#[hax_lib::exclude] -pub struct usize; -#[hax_lib::exclude] -pub struct i8; -#[hax_lib::exclude] -pub struct i16; -#[hax_lib::exclude] -pub struct i32; -#[hax_lib::exclude] -pub struct i64; -#[hax_lib::exclude] -pub struct i128; -#[hax_lib::exclude] -pub struct isize; - -// Placeholders to get the same impl numbering as in core: -#[hax_lib::attributes] -impl i8 {} -#[hax_lib::attributes] -impl i16 {} -#[hax_lib::attributes] -impl i32 {} -#[hax_lib::attributes] -impl i64 {} -#[hax_lib::attributes] -impl i128 {} -#[hax_lib::attributes] -impl isize {} - -uint_impl! { - core::primitive::u8, - u8, - 255, - 8, - 1, -} - -uint_impl! { - core::primitive::u16, - u16, - 65535, - 16, - 2, -} - -uint_impl! { - core::primitive::u32, - u32, - 4294967295, - 32, - 4, -} - -uint_impl! { - core::primitive::u64, - u64, - 18446744073709551615, - 64, - 8, -} - -uint_impl! { - core::primitive::u128, - u128, - 340282366920938463463374607431768211455, - 128, - 16, -} - -uint_impl! { - core::primitive::usize, - usize, - USIZE_MAX, - SIZE_BITS, - SIZE_BYTES, -} - -iint_impl! { - core::primitive::i8, - i8, - 127, - -128, - 8, - 1, -} - -iint_impl! { - core::primitive::i16, - i16, - 32767, - -32768, - 16, - 2, -} - -iint_impl! { - core::primitive::i32, - i32, - 2147483647, - -2147483648, - 32, - 4, -} - -iint_impl! { - core::primitive::i64, - i64, - 9223372036854775807, - -9223372036854775808, - 64, - 8, -} - -iint_impl! { - core::primitive::i128, - i128, - 170141183460469231731687303715884105727, - -170141183460469231731687303715884105728, - 128, - 16, -} - -iint_impl! { - core::primitive::isize, - isize, - ISIZE_MAX, - ISIZE_MIN, - SIZE_BITS, - SIZE_BYTES, -} - -macro_rules! impl_default_for_int { - ($($t:ty),*) => { - $( - #[hax_lib::attributes] - impl crate::default::Default for $t { - fn default() -> $t { - 0 - } - } - )* - }; -} - -impl_default_for_int!( - core::primitive::u8, - core::primitive::u16, - core::primitive::u32, - core::primitive::u64, - core::primitive::u128, - core::primitive::usize, - core::primitive::i8, - core::primitive::i16, - core::primitive::i32, - core::primitive::i64, - core::primitive::i128, - core::primitive::isize -); diff --git a/hax-lib/core-models/src/core/ops.rs b/hax-lib/core-models/src/core/ops.rs deleted file mode 100644 index f088905d2..000000000 --- a/hax-lib/core-models/src/core/ops.rs +++ /dev/null @@ -1,218 +0,0 @@ -pub mod arith { - pub trait Add { - type Output; - fn add(self, rhs: Rhs) -> Self::Output; - } - pub trait Sub { - type Output; - fn sub(self, rhs: Rhs) -> Self::Output; - } - pub trait Mul { - type Output; - fn mul(self, rhs: Rhs) -> Self::Output; - } - pub trait Div { - type Output; - fn div(self, rhs: Rhs) -> Self::Output; - } - pub trait Neg { - type Output; - fn neg(self) -> Self::Output; - } - pub trait Rem { - type Output; - fn rem(self, rhs: Rhs) -> Self::Output; - } - pub trait AddAssign { - fn add_assign(&mut self, rhs: Rhs); - } - pub trait SubAssign { - fn sub_assign(&mut self, rhs: Rhs); - } - pub trait MulAssign { - fn mul_assign(&mut self, rhs: Rhs); - } - pub trait DivAssign { - fn div_assign(&mut self, rhs: Rhs); - } - pub trait RemAssign { - fn rem_assign(&mut self, rhs: Rhs); - } - - macro_rules! int_trait_impls { - ($($Self:ty)*) => { - use hax_lib::ToInt; - $( - #[hax_lib::attributes] - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl crate::ops::arith::AddAssign<$Self> for $Self { - #[hax_lib::requires(self.to_int() + rhs.to_int() <= $Self::MAX.to_int())] - fn add_assign(&mut self, rhs: $Self) { - *self = *self + rhs - } - } - #[hax_lib::attributes] - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl crate::ops::arith::SubAssign<$Self> for $Self { - #[hax_lib::requires(self.to_int() - rhs.to_int() >= 0.to_int())] - fn sub_assign(&mut self, rhs: $Self) { - *self = *self - rhs - } - })* - } - } - - int_trait_impls!(u8 u16 u32 u64); -} - -pub mod bit { - trait Shr { - type Output; - fn shr(self, rhs: Rhs) -> Self::Output; - } - trait Shl { - type Output; - fn shl(self, rhs: Rhs) -> Self::Output; - } - trait BitXor { - type Output; - fn bitxor(self, rhs: Rhs) -> Self::Output; - } - trait BitAnd { - type Output; - fn bitand(self, rhs: Rhs) -> Self::Output; - } - trait BitOr { - type Output; - fn bitor(self, rhs: Rhs) -> Self::Output; - } -} - -pub mod control_flow { - pub enum ControlFlow { - Continue(C), - Break(B), - } -} - -pub mod index { - pub trait Index { - type Output: ?Sized; - fn index(&self, i: Idx) -> &Self::Output; - } -} - -pub mod function { - #[hax_lib::attributes] - pub trait FnOnce { - type Output; - #[hax_lib::requires(true)] - fn call_once(&self, args: Args) -> Self::Output; - } - #[hax_lib::attributes] - pub trait Fn: FnOnce { - #[hax_lib::requires(true)] - fn call(&self, args: Args) -> Self::Output; - } - - /* These instances provide implementations of the F* type classes corresponding to Fn traits for anonymous functions. - This ensures that passing a closure where something implementing Fn works when translated to F* */ - #[hax_lib::fstar::after( - "unfold instance fnonce_arrow_binder t u - : t_FnOnce (_:t -> u) t = { - f_Output = u; - f_call_once_pre = (fun _ _ -> true); - f_call_once_post = (fun (x0: (_:t -> u)) (x1: t) (res: u) -> res == x0 x1); - f_call_once = (fun (x0: (_:t -> u)) (x1: t) -> x0 x1); - }" - )] - impl FnOnce for fn(Arg) -> Out { - type Output = Out; - fn call_once(&self, arg: Arg) -> Out { - self(arg) - } - } - impl FnOnce<(Arg1, Arg2)> for fn(Arg1, Arg2) -> Out { - type Output = Out; - fn call_once(&self, arg: (Arg1, Arg2)) -> Out { - self(arg.0, arg.1) - } - } - impl FnOnce<(Arg1, Arg2, Arg3)> for fn(Arg1, Arg2, Arg3) -> Out { - type Output = Out; - fn call_once(&self, arg: (Arg1, Arg2, Arg3)) -> Out { - self(arg.0, arg.1, arg.2) - } - } -} - -mod try_trait { - trait FromResidual { - fn from_residual(x: R) -> Self; - } - - trait Try { - type Output; - type Residual; - fn from_output(x: Self::Output) -> Self; - fn branch(&self) -> super::control_flow::ControlFlow; - } -} - -mod deref { - pub trait Deref { - type Target: ?Sized; - - fn deref(&self) -> &Self::Target; - } - - impl Deref for &T { - type Target = T; - fn deref(&self) -> &T { - &self - } - } -} - -mod drop { - trait Drop { - fn drop(&mut self); - } -} - -pub mod range { - pub struct RangeTo { - pub end: T, - } - pub struct RangeFrom { - pub start: T, - } - pub struct Range { - pub start: T, - pub end: T, - } - pub struct RangeFull; - - macro_rules! impl_iterator_range_int { - ($($int_type: ident)*) => { - use crate::option::Option; - $( - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl crate::iter::traits::iterator::Iterator for Range<$int_type> { - type Item = $int_type; - fn next(&mut self) -> Option<$int_type> { - if self.start >= self.end { - Option::None - } else { - let res = self.start; - self.start += 1; - Option::Some(res) - } - } - } - )* - } - } - - impl_iterator_range_int!(u8 u16 u32 u64 u128 usize i8 i16 i32 i64 i128 isize); -} diff --git a/hax-lib/core-models/src/core/option.rs b/hax-lib/core-models/src/core/option.rs deleted file mode 100644 index 6c212987f..000000000 --- a/hax-lib/core-models/src/core/option.rs +++ /dev/null @@ -1,153 +0,0 @@ -pub enum Option { - Some(T), - None, -} - -use super::default::Default; -use super::ops::function::*; -use super::result::Result::*; -use super::result::*; -use Option::*; - -#[hax_lib::attributes] -impl Option { - #[hax_lib::ensures(|res| hax_lib::Prop::implies(res.into(), fstar!("Option_Some? self")))] - pub fn is_some(&self) -> bool { - matches!(*self, Some(_)) - } - - pub fn is_some_and>(self, f: F) -> bool { - match self { - None => false, - Some(x) => f.call_once(x), - } - } - - pub fn is_none(&self) -> bool { - self.is_some() == false - } - - pub fn is_none_or>(self, f: F) -> bool { - match self { - None => true, - Some(x) => f.call_once(x), - } - } - pub const fn as_ref(&self) -> Option<&T> { - match *self { - Some(ref x) => Some(x), - None => None, - } - } - - #[hax_lib::requires(self.is_some())] - pub fn expect(self, _msg: &str) -> T { - match self { - Some(val) => val, - None => super::panicking::internal::panic(), - } - } - - #[hax_lib::requires(self.is_some())] - pub fn unwrap(self) -> T { - match self { - Some(val) => val, - None => super::panicking::internal::panic(), - } - } - - pub fn unwrap_or(self, default: T) -> T { - match self { - Some(x) => x, - None => default, - } - } - - pub fn unwrap_or_else>(self, f: F) -> T { - match self { - Some(x) => x, - None => f.call_once(()), - } - } - - pub fn unwrap_or_default(self) -> T - where - T: Default, - { - match self { - Some(x) => x, - None => T::default(), - } - } - - pub fn map(self, f: F) -> Option - where - F: FnOnce, - { - match self { - Some(x) => Some(f.call_once(x)), - None => None, - } - } - - pub fn map_or(self, default: U, f: F) -> U - where - F: FnOnce, - { - match self { - Some(t) => f.call_once(t), - None => default, - } - } - - pub fn map_or_else(self, default: D, f: F) -> U - where - F: FnOnce, - D: FnOnce<(), Output = U>, - { - match self { - Some(t) => f.call_once(t), - None => default.call_once(()), - } - } - - pub fn map_or_default(self, f: F) -> U - where - F: FnOnce, - U: Default, - { - match self { - Some(t) => f.call_once(t), - None => U::default(), - } - } - pub fn ok_or(self, err: E) -> Result { - match self { - Some(v) => Ok(v), - None => Err(err), - } - } - - pub fn ok_or_else>(self, err: F) -> Result { - match self { - Some(v) => Ok(v), - None => Err(err.call_once(())), - } - } - - pub fn and_then(self, f: F) -> Option - where - F: FnOnce>, - { - match self { - Some(x) => f.call_once(x), - None => None, - } - } - - // The interface in Rust is wrong. but is good after extraction. - // We cannot make a useful model with the right interface so we loose the executability. - pub fn take(self) -> (Option, Option) { - (None, self) - } -} diff --git a/hax-lib/core-models/src/core/panicking.rs b/hax-lib/core-models/src/core/panicking.rs deleted file mode 100644 index 22fee1155..000000000 --- a/hax-lib/core-models/src/core/panicking.rs +++ /dev/null @@ -1,27 +0,0 @@ -#[hax_lib::opaque] -#[hax_lib::requires(false)] -pub fn panic_explicit() -> ! { - panic!() -} - -#[hax_lib::opaque] -#[hax_lib::requires(false)] -pub fn panic(_msg: &str) -> ! { - panic!() -} - -#[hax_lib::opaque] -#[hax_lib::requires(false)] -pub fn panic_fmt(_fmt: super::fmt::Arguments) -> ! { - panic!() -} - -pub mod internal { - // This module is used to break a dependency cycle (other core modules have - // panics and this brings a dependency on core::fmt that we need to avoid) - #[hax_lib::opaque] - #[hax_lib::requires(false)] - pub fn panic() -> T { - panic!("") - } -} diff --git a/hax-lib/core-models/src/core/result.rs b/hax-lib/core-models/src/core/result.rs deleted file mode 100644 index 11daa67ec..000000000 --- a/hax-lib/core-models/src/core/result.rs +++ /dev/null @@ -1,88 +0,0 @@ -pub enum Result { - Ok(T), - Err(E), -} - -use super::ops::function::*; -use super::option::Option; -use Result::*; - -#[hax_lib::attributes] -impl Result { - #[hax_lib::requires(self.is_ok())] - pub fn unwrap(self) -> T { - match self { - Ok(t) => t, - Err(_) => super::panicking::internal::panic(), - } - } - pub fn unwrap_or(self, default: T) -> T { - match self { - Ok(t) => t, - Err(_) => default, - } - } - #[hax_lib::requires(self.is_ok())] - pub fn expect(self, _msg: &str) -> T { - match self { - Ok(t) => t, - Err(_) => super::panicking::internal::panic(), - } - } - pub fn map(self, op: F) -> Result - where - F: FnOnce, - { - match self { - Ok(t) => Ok(op.call_once(t)), - Err(e) => Err(e), - } - } - pub fn map_or(self, default: U, f: F) -> U - where - F: FnOnce, - { - match self { - Ok(t) => f.call_once(t), - Err(_e) => default, - } - } - pub fn map_or_else(self, default: D, f: F) -> U - where - F: FnOnce, - D: FnOnce, - { - match self { - Ok(t) => f.call_once(t), - Err(e) => default.call_once(e), - } - } - pub fn map_err(self, op: O) -> Result - where - O: FnOnce, - { - match self { - Ok(t) => Ok(t), - Err(e) => Err(op.call_once(e)), - } - } - - pub fn is_ok(&self) -> bool { - matches!(*self, Ok(_)) - } - pub fn and_then(self, op: F) -> Result - where - F: FnOnce>, - { - match self { - Ok(t) => op.call_once(t), - Err(e) => Err(e), - } - } - pub fn ok(self) -> Option { - match self { - Ok(x) => Option::Some(x), - Err(_) => Option::None, - } - } -} diff --git a/hax-lib/core-models/src/core/slice.rs b/hax-lib/core-models/src/core/slice.rs deleted file mode 100644 index 505e2d72a..000000000 --- a/hax-lib/core-models/src/core/slice.rs +++ /dev/null @@ -1,269 +0,0 @@ -use crate::result::Result; - -// Dummy type to allow impls -#[hax_lib::exclude] -struct Slice(T); - -pub mod iter { - use crate::option::Option; - use rust_primitives::{sequence::*, slice::*}; - - pub struct Chunks<'a, T> { - cs: usize, - elements: &'a [T], - } - impl<'a, T> Chunks<'a, T> { - pub fn new(cs: usize, elements: &'a [T]) -> Chunks<'a, T> { - Chunks { cs, elements } - } - } - pub struct ChunksExact<'a, T> { - cs: usize, - elements: &'a [T], - } - impl<'a, T> ChunksExact<'a, T> { - pub fn new(cs: usize, elements: &'a [T]) -> ChunksExact<'a, T> { - ChunksExact { cs, elements } - } - } - pub struct Iter(pub Seq); - - impl crate::iter::traits::iterator::Iterator for Iter { - type Item = T; - fn next(&mut self) -> Option { - if seq_len(&self.0) == 0 { - Option::None - } else { - let res = seq_first(&self.0); - self.0 = seq_slice(&self.0, 1, seq_len(&self.0)); - Option::Some(res) - } - } - } - - impl<'a, T> crate::iter::traits::iterator::Iterator for Chunks<'a, T> { - type Item = &'a [T]; - fn next(&mut self) -> Option { - if slice_length(self.elements) == 0 { - Option::None - } else if slice_length(self.elements) < self.cs { - let res = self.elements; - self.elements = slice_slice(self.elements, 0, 0); - Option::Some(res) - } else { - let (res, new_elements) = slice_split_at(self.elements, self.cs); - self.elements = new_elements; - Option::Some(res) - } - } - } - - impl<'a, T> crate::iter::traits::iterator::Iterator for ChunksExact<'a, T> { - type Item = &'a [T]; - fn next(&mut self) -> Option { - if slice_length(self.elements) < self.cs { - Option::None - } else { - let (res, new_elements) = slice_split_at(self.elements, self.cs); - self.elements = new_elements; - Option::Some(res) - } - } - } -} - -#[hax_lib::attributes] -impl Slice { - fn len(s: &[T]) -> usize { - rust_primitives::slice::slice_length(s) - } - fn chunks<'a>(s: &'a [T], cs: usize) -> iter::Chunks<'a, T> { - iter::Chunks::new(cs, s) - } - fn iter(s: &[T]) -> iter::Iter { - iter::Iter(rust_primitives::sequence::seq_from_slice(s)) - } - fn chunks_exact<'a>(s: &'a [T], cs: usize) -> iter::ChunksExact<'a, T> { - iter::ChunksExact::new(cs, s) - } - #[hax_lib::requires(Slice::len(s) == Slice::len(src))] - fn copy_from_slice(s: &mut [T], src: &[T]) - where - T: crate::marker::Copy, - { - rust_primitives::mem::replace(s, src); - } - #[hax_lib::requires(Slice::len(s) == Slice::len(src))] - fn clone_from_slice(s: &mut [T], src: &[T]) - where - T: crate::clone::Clone, - { - rust_primitives::mem::replace(s, src); - } - #[hax_lib::requires(mid <= Slice::len(s))] - fn split_at(s: &[T], mid: usize) -> (&[T], &[T]) { - rust_primitives::slice::slice_split_at(s, mid) - } - fn split_at_checked(s: &[T], mid: usize) -> Option<(&[T], &[T])> { - if mid <= Slice::len(s) { - Option::Some(Self::split_at(s, mid)) - } else { - Option::None - } - } - fn is_empty(s: &[T]) -> bool { - Self::len(s) == 0 - } - #[hax_lib::opaque] - fn contains(s: &[T], v: T) -> bool { - rust_primitives::slice::slice_contains(s, v) - } - #[hax_lib::opaque] - fn copy_within(s: &[T], src: R, dest: usize) -> &[T] - where - T: Copy, - { - todo!() - } - #[hax_lib::opaque] - fn binary_search(s: &[T], x: &T) -> Result /* where T: super::ops::Ord */ { - todo!() - } - fn get>(s: &[T], index: I) -> Option<&>::Output> { - index.get(s) - } -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl crate::iter::traits::collect::IntoIterator for &[T] { - type IntoIter = iter::Iter; - fn into_iter(self) -> Self::IntoIter { - Slice::iter(self) - } -} -use crate::option::Option; -use rust_primitives::slice::*; - -#[hax_lib::attributes] -pub trait SliceIndex { - type Output: ?Sized; - - #[hax_lib::requires(true)] - fn get(self, slice: &T) -> Option<&Self::Output>; - /* fn get_mut(self, slice: &mut T) -> Option<&mut Self::Output>; - unsafe fn get_unchecked(self, slice: *const T) -> *const Self::Output; - unsafe fn get_unchecked_mut(self, slice: *mut T) -> *mut Self::Output; - fn index(self, slice: &T) -> &Self::Output; - fn index_mut(self, slice: &mut T) -> &mut Self::Output; */ -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl SliceIndex<[T]> for usize { - type Output = T; - fn get(self, slice: &[T]) -> Option<&T> { - if self < slice.len() { - Option::Some(slice_index(slice, self)) - } else { - Option::None - } - } -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl SliceIndex<[T]> for crate::ops::range::RangeFull { - type Output = [T]; - fn get(self, slice: &[T]) -> Option<&[T]> { - Option::Some(slice) - } -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl SliceIndex<[T]> for crate::ops::range::RangeFrom { - type Output = [T]; - fn get(self, slice: &[T]) -> Option<&[T]> { - if self.start < slice.len() { - Option::Some(slice_slice(slice, self.start, slice.len())) - } else { - Option::None - } - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl SliceIndex<[T]> for crate::ops::range::RangeTo { - type Output = [T]; - fn get(self, slice: &[T]) -> Option<&[T]> { - if self.end <= slice.len() { - Option::Some(slice_slice(slice, 0, self.end)) - } else { - Option::None - } - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl SliceIndex<[T]> for crate::ops::range::Range { - type Output = [T]; - fn get(self, slice: &[T]) -> Option<&[T]> { - if self.start < self.end && self.end <= slice.len() { - Option::Some(slice_slice(slice, self.start, self.end)) - } else { - Option::None - } - } -} - -use crate::ops::{ - index::Index, - range::{Range, RangeFrom, RangeFull, RangeTo}, -}; - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for &[T] { - type Output = [T]; - #[hax_lib::requires(i.start <= i.end && i.end <= self.len())] - fn index(&self, i: Range) -> &[T] { - slice_slice(self, i.start, i.end) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for &[T] { - type Output = [T]; - #[hax_lib::requires(i.end <= self.len())] - fn index(&self, i: RangeTo) -> &[T] { - slice_slice(self, 0, i.end) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index> for &[T] { - type Output = [T]; - #[hax_lib::requires(i.start <= self.len())] - fn index(&self, i: RangeFrom) -> &[T] { - slice_slice(self, i.start, slice_length(self)) - } -} -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl Index for &[T] { - type Output = [T]; - fn index(&self, i: RangeFull) -> &[T] { - slice_slice(self, 0, slice_length(self)) - } -} - -#[hax_lib::attributes] -#[cfg_attr(hax_backend_lean, hax_lib::exclude)] -impl crate::ops::index::Index for &[T] { - type Output = T; - #[hax_lib::requires(i < self.len())] - fn index(&self, i: usize) -> &T { - rust_primitives::slice::slice_index(self, i) - } -} diff --git a/hax-lib/core-models/src/core/str.rs b/hax-lib/core-models/src/core/str.rs deleted file mode 100644 index b0c0dcc34..000000000 --- a/hax-lib/core-models/src/core/str.rs +++ /dev/null @@ -1,30 +0,0 @@ -mod converts { - #[hax_lib::opaque] - fn from_utf8(s: &[u8]) -> crate::result::Result<&str, super::error::Utf8Error> { - panic!() - } -} - -mod error { - pub struct Utf8Error; -} - -mod iter { - struct Split(T); -} - -mod traits { - trait FromStr: Sized { - type Err; - fn from_str(s: &str) -> crate::result::Result; - } - - #[hax_lib::opaque] - #[cfg_attr(hax_backend_lean, hax_lib::exclude)] - impl FromStr for u64 { - type Err = u64; - fn from_str(s: &str) -> crate::result::Result { - panic!() - } - } -} diff --git a/hax-lib/core-models/src/lib.rs b/hax-lib/core-models/src/lib.rs deleted file mode 100644 index d16ca4be8..000000000 --- a/hax-lib/core-models/src/lib.rs +++ /dev/null @@ -1,71 +0,0 @@ -//! `core-models`: A Rust Model for the `core` Library -//! -//! `core-models` is a simplified, self-contained model of Rust’s `core` library. It aims to provide -//! a purely Rust-based specification of `core`'s fundamental operations, making them easier to -//! understand, analyze, and formally verify. Unlike `core`, which may rely on platform-specific -//! intrinsics and compiler magic, `core-models` expresses everything in plain Rust, prioritizing -//! clarity and explicitness over efficiency. -//! -//! ## Key Features -//! -//! - **Partial Modeling**: `core-models` includes only a subset of `core`, focusing on modeling -//! fundamental operations rather than providing a complete replacement. -//! - **Exact Signatures**: Any item that exists in both `core-models` and `core` has the same type signature, -//! ensuring compatibility with formal verification efforts. -//! - **Purely Functional Approach**: Where possible, `core-models` favors functional programming principles, -//! avoiding unnecessary mutation and side effects to facilitate formal reasoning. -//! - **Explicit Implementations**: Even low-level operations, such as SIMD, are modeled explicitly using -//! Rust constructs like bit arrays and partial maps. -//! - **Extra Abstractions**: `core-models` includes additional helper types and functions to support -//! modeling. These extra items are marked appropriately to distinguish them from `core` definitions. -//! -//! ## Intended Use -//! -//! `core-models` is designed as a reference model for formal verification and reasoning about Rust programs. -//! By providing a readable, well-specified version of `core`'s behavior, it serves as a foundation for -//! proof assistants and other verification tools. - -#![allow(dead_code)] - -#[path = "core/array.rs"] -pub mod array; -#[path = "core/borrow.rs"] -pub mod borrow; -#[path = "core/clone.rs"] -pub mod clone; -#[path = "core/cmp.rs"] -pub mod cmp; -#[path = "core/convert.rs"] -pub mod convert; -#[path = "core/default.rs"] -pub mod default; -#[path = "core/error.rs"] -pub mod error; -#[path = "core/f32.rs"] -pub mod f32; -#[path = "core/fmt.rs"] -pub mod fmt; -#[path = "core/hash.rs"] -pub mod hash; -#[path = "core/hint.rs"] -pub mod hint; -#[path = "core/iter.rs"] -pub mod iter; -#[path = "core/marker.rs"] -pub mod marker; -#[path = "core/mem.rs"] -pub mod mem; -#[path = "core/num/mod.rs"] -pub mod num; -#[path = "core/ops.rs"] -pub mod ops; -#[path = "core/option.rs"] -pub mod option; -#[path = "core/panicking.rs"] -pub mod panicking; -#[path = "core/result.rs"] -pub mod result; -#[path = "core/slice.rs"] -pub mod slice; -#[path = "core/str.rs"] -pub mod str; diff --git a/hax-lib/core-models/std/Cargo.toml b/hax-lib/core-models/std/Cargo.toml deleted file mode 100644 index 08ba183f4..000000000 --- a/hax-lib/core-models/std/Cargo.toml +++ /dev/null @@ -1,8 +0,0 @@ -[package] -name = "std" -version = "0.1.0" -edition = "2024" - -[dependencies] -hax-lib.workspace = true -core-models = {path = ".."} diff --git a/hax-lib/core-models/hax.sh b/hax-lib/extract-core-models.sh similarity index 56% rename from hax-lib/core-models/hax.sh rename to hax-lib/extract-core-models.sh index f5d21026d..7160d7ffa 100755 --- a/hax-lib/core-models/hax.sh +++ b/hax-lib/extract-core-models.sh @@ -1,20 +1,24 @@ #!/usr/bin/env bash set -e +# Extracts core-models / alloc / std (this repo) and the external core-models +# submodule (hax-lib/core-models, pinned to cryspen/rust-core-models) to F* and +# Lean, and copies the result into hax-lib/proof-libs/{fstar,lean}/. + function extract_fstar() { - go_to "./" - HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax into fstar --interfaces '+!core_models::str::* +!**::num::error +!**::panicking::internal +!core_models::borrow +!core_models::default +!core_models::error +!core_models::hash +!core_models::hint +!core_models::ops::bit +!core_models::ops::arith +!core_models::fmt +!core_models::fmt::rt +!core_models::mem +!core_models::mem::*' - cp proofs/fstar/extraction/*.fst* ../proof-libs/fstar/core - HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p std \; into -i '-core_models::**' fstar --interfaces '+!**' - cp std/proofs/fstar/extraction/*.fst* ../proof-libs/fstar/core - HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p alloc \; into fstar --interfaces '+!**::collections::btree::** +!**::collections::vec_deque::**' - cp alloc/proofs/fstar/extraction/*.fst* ../proof-libs/fstar/core - HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p rand_core \; into fstar --interfaces '+!**' - cp rand_core/proofs/fstar/extraction/*.fst* ../proof-libs/fstar/core + go_to "core-models" + HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p core-models \; into fstar --interfaces '+!core_models::str::* +!**::num::error +!**::panicking::internal +!core_models::borrow +!core_models::default +!core_models::error +!core_models::hash +!core_models::hint +!core_models::ops::bit +!core_models::ops::arith +!core_models::fmt +!core_models::fmt::rt +!core_models::mem +!core_models::mem::*' + cp core-models/proofs/fstar/extraction/*.fst* "$PROOF_LIBS_FSTAR_CORE/" + HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p alloc \; into fstar --interfaces '+!**::collections::btree::** +!**::collections::vec_deque::**' + cp alloc/proofs/fstar/extraction/*.fst* "$PROOF_LIBS_FSTAR_CORE/" + + go_to "std" + HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax -C -p std \; into -i '-core_models::**' fstar --interfaces '+!**' + cp proofs/fstar/extraction/*.fst* "$PROOF_LIBS_FSTAR_CORE/" } function extract_lean() { - go_to "./" + go_to "core-models" LEAN_FILTERS="" LEAN_FILTERS+=" -core_models::result::**::unwrap" # Issue #1818 LEAN_FILTERS+=" -core_models::result::**::expect" # Issue #1818 @@ -41,14 +45,22 @@ function extract_lean() { LEAN_FILTERS+=" -core_models::num::**::to_le_bytes" LEAN_FILTERS+=" -core_models::num::**::rotate_left" LEAN_FILTERS+=" -core_models::num::**::rotate_right" - + LEAN_FILTERS+=" -rust_primitives::slice::array_from_fn" # hax issue #1923 + LEAN_FILTERS+=" -rust_primitives::slice::array_map" # hax issue #1923 + LEAN_FILTERS+=" -core_models::iter::traits::iterator::**" # hax issue #1923 + LEAN_FILTERS+=" -core_models::iter::adapters::map::**" # hax issue #1923 + LEAN_FILTERS+=" -core_models::iter::adapters::flat_map::**" # hax issue #1923 + LEAN_FILTERS+=" -core_models::iter::adapters::filter::**" # hax issue #1923 + LEAN_FILTERS+=" -core_models::array::**" # hax issue #1923 + LEAN_FILTERS+=" -alloc::slice::**::sort_by" # hax issue #1923 + LEAN_FILTERS="$(echo "$LEAN_FILTERS" | xargs)" HAX_CORE_MODELS_EXTRACTION_MODE=on cargo hax into -i "$LEAN_FILTERS" lean - OUT="proofs/lean/extraction/core_models.lean" + OUT="core-models/proofs/lean/extraction/core_models.lean" sed -i 's/import Hax/import Hax.core_models.prologue\nimport Hax.Tactic.HaxSpec/g' "$OUT" - cp "$OUT" ../proof-libs/lean/Hax/core_models/core_models.lean + cp "$OUT" "$PROOF_LIBS_LEAN_CORE_MODELS/core_models.lean" } function init_vars() { @@ -56,6 +68,17 @@ function init_vars() { SCRIPT_NAME="$(basename "${BASH_SOURCE[0]}")" SCRIPT_PATH="${SCRIPT_DIR}/${SCRIPT_NAME}" + # SCRIPT_DIR is hax-lib/. The submodule sits at hax-lib/core-models/, std at hax-lib/std/. + CORE_MODELS_DIR="$SCRIPT_DIR/core-models" + STD_DIR="$SCRIPT_DIR/std" + PROOF_LIBS_FSTAR_CORE="$SCRIPT_DIR/proof-libs/fstar/core" + PROOF_LIBS_LEAN_CORE_MODELS="$SCRIPT_DIR/proof-libs/lean/Hax/core_models" + + if [ ! -f "$CORE_MODELS_DIR/Cargo.toml" ]; then + echo "[$SCRIPT_NAME] error: $CORE_MODELS_DIR is missing — run 'git submodule update --init hax-lib/core-models'" + exit 1 + fi + if [ -t 1 ]; then BLUE='\033[34m' GREEN='\033[32m' @@ -70,9 +93,11 @@ function init_vars() { } function go_to() { - ROOT="$SCRIPT_DIR" - cd "$ROOT" - cd "$1" + case "$1" in + core-models) cd "$CORE_MODELS_DIR" ;; + std) cd "$STD_DIR" ;; + *) echo "go_to: unknown target '$1'"; exit 1 ;; + esac } function msg() { @@ -81,7 +106,7 @@ function msg() { function help() { - echo "Script to extract to F* or Lean and place the result in proof-libs" + echo "Script to extract core-models (external submodule) and std (local) to F* or Lean, and copy the result into proof-libs." echo "" echo "Usage: $0 [COMMAND]" echo "" @@ -96,12 +121,11 @@ function cli() { help exit 1 fi - # Check if an argument was provided case "$1" in --help) #> Show help message help;; - extract) #> Extract the F* code and copy it to proof-libs. Use `extract fstar` for F*, `extract lean` for Lean, or `extract` for both + extract) #> Extract the F* and/or Lean code and copy it to proof-libs. Use `extract fstar` for F*, `extract lean` for Lean, or `extract` for both case "$2" in "") # no subcommand -> run both extract_fstar diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Collections.Vec_deque.fsti b/hax-lib/proof-libs/fstar/core/Alloc.Collections.Vec_deque.fsti index 360a57a10..076ec88f6 100644 --- a/hax-lib/proof-libs/fstar/core/Alloc.Collections.Vec_deque.fsti +++ b/hax-lib/proof-libs/fstar/core/Alloc.Collections.Vec_deque.fsti @@ -22,7 +22,9 @@ val impl_5__pop_front (#v_T #v_A: Type0) (self: t_VecDeque v_T v_A) let impl_6 (#v_T #v_A: Type0) : Core_models.Ops.Index.t_Index (t_VecDeque v_T v_A) usize = { f_Output = v_T; - f_index_pre = (fun (self: t_VecDeque v_T v_A) (i: usize) -> true); + f_index_pre + = + (fun (self_: t_VecDeque v_T v_A) (i: usize) -> i <. (impl_5__len #v_T #v_A self_ <: usize)); f_index_post = (fun (self: t_VecDeque v_T v_A) (i: usize) (out: v_T) -> true); f_index = diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Slice.fst b/hax-lib/proof-libs/fstar/core/Alloc.Slice.fst index 631d4e1b2..64025a7ab 100644 --- a/hax-lib/proof-libs/fstar/core/Alloc.Slice.fst +++ b/hax-lib/proof-libs/fstar/core/Alloc.Slice.fst @@ -3,14 +3,20 @@ module Alloc.Slice open FStar.Mul open Rust_primitives -let impl__to_vec (#v_T: Type0) (s: t_Slice v_T) : Alloc.Vec.t_Vec v_T Alloc.Alloc.t_Global = - Alloc.Vec.Vec (Rust_primitives.Sequence.seq_from_slice #v_T s) +let impl__to_vec + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Clone.t_Clone v_T) + (s: t_Slice v_T) + : Alloc.Vec.t_Vec v_T Alloc.Alloc.t_Global = + let seq:Rust_primitives.Sequence.t_Seq v_T = Rust_primitives.Sequence.seq_empty #v_T () in + let seq:Rust_primitives.Sequence.t_Seq v_T = Rust_primitives.Sequence.seq_extend #v_T seq s in + Alloc.Vec.Vec seq (Core_models.Marker.PhantomData <: Core_models.Marker.t_PhantomData Alloc.Alloc.t_Global) <: Alloc.Vec.t_Vec v_T Alloc.Alloc.t_Global let impl__into_vec (#v_T #v_A: Type0) (s: t_Slice v_T) : Alloc.Vec.t_Vec v_T v_A = - Alloc.Vec.Vec (Rust_primitives.Sequence.seq_from_slice #v_T s) + Alloc.Vec.Vec (Rust_primitives.Sequence.seq_from_boxed_slice #v_T s) (Core_models.Marker.PhantomData <: Core_models.Marker.t_PhantomData v_A) <: Alloc.Vec.t_Vec v_T v_A @@ -20,6 +26,7 @@ val impl__sort_by': #v_T: Type0 -> #v_F: Type0 -> {| i0: Core_models.Ops.Function.t_Fn v_F (v_T & v_T) |} -> + #_: unit{i0._super_i0._super_i0.Core_models.Ops.Function.f_Output == Core_models.Cmp.t_Ordering} -> s: t_Slice v_T -> compare: v_F -> t_Slice v_T @@ -28,4 +35,8 @@ unfold let impl__sort_by (#v_T #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_Fn v_F (v_T & v_T)) - = impl__sort_by' #v_T #v_F #i0 + (#_: + unit + {i0._super_i0._super_i0.Core_models.Ops.Function.f_Output == Core_models.Cmp.t_Ordering} + ) + = impl__sort_by' #v_T #v_F #i0 #_ diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Vec.Drain.fst b/hax-lib/proof-libs/fstar/core/Alloc.Vec.Drain.fst index d175b6362..aa436cdb8 100644 --- a/hax-lib/proof-libs/fstar/core/Alloc.Vec.Drain.fst +++ b/hax-lib/proof-libs/fstar/core/Alloc.Vec.Drain.fst @@ -14,7 +14,8 @@ let impl (#v_T #v_A: Type0) : Core_models.Iter.Traits.Iterator.t_Iterator (t_Dra f_next_pre = (fun (self: t_Drain v_T v_A) -> true); f_next_post = - (fun (self: t_Drain v_T v_A) (out: (t_Drain v_T v_A & Core_models.Option.t_Option v_T)) -> true); + (fun (self: t_Drain v_T v_A) (out1: (t_Drain v_T v_A & Core_models.Option.t_Option v_T)) -> true + ); f_next = fun (self: t_Drain v_T v_A) -> @@ -25,20 +26,11 @@ let impl (#v_T #v_A: Type0) : Core_models.Iter.Traits.Iterator.t_Iterator (t_Dra <: (t_Drain v_T v_A & Core_models.Option.t_Option v_T) else - let res:v_T = Rust_primitives.Sequence.seq_first #v_T self._0 in - let self:t_Drain v_T v_A = - { - self with - _0 - = - Rust_primitives.Sequence.seq_slice #v_T - self._0 - (mk_usize 1) - (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) - } - <: - t_Drain v_T v_A + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (out: v_T) = + Rust_primitives.Sequence.seq_remove #v_T self._0 (mk_usize 0) in + let self:t_Drain v_T v_A = { self with _0 = tmp0 } <: t_Drain v_T v_A in + let res:v_T = out in self, (Core_models.Option.Option_Some res <: Core_models.Option.t_Option v_T) <: (t_Drain v_T v_A & Core_models.Option.t_Option v_T) diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fst b/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fst new file mode 100644 index 000000000..266fe0612 --- /dev/null +++ b/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fst @@ -0,0 +1,8 @@ +module Alloc.Vec.Into_iter +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open FStar.Mul +open Rust_primitives + +type t_IntoIter (v_T: Type0) (v_A: Type0) = + | IntoIter : Rust_primitives.Sequence.t_Seq v_T -> Core_models.Marker.t_PhantomData v_A + -> t_IntoIter v_T v_A diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fsti b/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fsti deleted file mode 100644 index 0afeaf5bf..000000000 --- a/hax-lib/proof-libs/fstar/core/Alloc.Vec.Into_iter.fsti +++ /dev/null @@ -1,7 +0,0 @@ -module Alloc.Vec.Into_iter - -val t_IntoIter (t: Type0) (_: unit): Type0 - -[@@ FStar.Tactics.Typeclasses.tcinstance] -val into_iter_into_iterator (t: Type0): - Core_models.Iter.Traits.Collect.t_IntoIterator (t_IntoIter t Alloc.Alloc.t_Global) diff --git a/hax-lib/proof-libs/fstar/core/Alloc.Vec.fst b/hax-lib/proof-libs/fstar/core/Alloc.Vec.fst index bda94c6b8..b6d93e74b 100644 --- a/hax-lib/proof-libs/fstar/core/Alloc.Vec.fst +++ b/hax-lib/proof-libs/fstar/core/Alloc.Vec.fst @@ -3,6 +3,8 @@ module Alloc.Vec open FStar.Mul open Rust_primitives +open Rust_primitives.Notations + type t_Vec (v_T: Type0) (v_A: Type0) = | Vec : Rust_primitives.Sequence.t_Seq v_T -> Core_models.Marker.t_PhantomData v_A -> t_Vec v_T v_A @@ -32,23 +34,15 @@ let impl_1__len (#v_T #v_A: Type0) (self: t_Vec v_T v_A) : usize = let impl_1__pop (#v_T #v_A: Type0) (self: t_Vec v_T v_A) : (t_Vec v_T v_A & Core_models.Option.t_Option v_T) = + let l:usize = Rust_primitives.Sequence.seq_len #v_T self._0 in let (self: t_Vec v_T v_A), (hax_temp_output: Core_models.Option.t_Option v_T) = - if (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) >. mk_usize 0 + if l >. mk_usize 0 then - let last:v_T = Rust_primitives.Sequence.seq_last #v_T self._0 in - let self:t_Vec v_T v_A = - { - self with - _0 - = - Rust_primitives.Sequence.seq_slice #v_T - self._0 - (mk_usize 0) - ((Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) -! mk_usize 1 <: usize) - } - <: - t_Vec v_T v_A + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (out: v_T) = + Rust_primitives.Sequence.seq_remove #v_T self._0 (l -! mk_usize 1 <: usize) in + let self:t_Vec v_T v_A = { self with _0 = tmp0 } <: t_Vec v_T v_A in + let last:v_T = out in self, (Core_models.Option.Option_Some last <: Core_models.Option.t_Option v_T) <: (t_Vec v_T v_A & Core_models.Option.t_Option v_T) @@ -105,16 +99,7 @@ let impl_1__push (#v_T #v_A: Type0) (self: t_Vec v_T v_A) (x: v_T) (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) <. Core_models.Num.impl_usize__MAX) (fun _ -> Prims.l_True) = let self:t_Vec v_T v_A = - { - self with - _0 - = - Rust_primitives.Sequence.seq_concat #v_T - self._0 - (Rust_primitives.Sequence.seq_one #v_T x <: Rust_primitives.Sequence.t_Seq v_T) - } - <: - t_Vec v_T v_A + { self with _0 = Rust_primitives.Sequence.seq_push #v_T self._0 x } <: t_Vec v_T v_A in self @@ -124,24 +109,21 @@ let impl_1__insert (#v_T #v_A: Type0) (self: t_Vec v_T v_A) (index: usize) (elem index <=. (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) && (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) <. Core_models.Num.impl_usize__MAX) (fun _ -> Prims.l_True) = - let left:Rust_primitives.Sequence.t_Seq v_T = - Rust_primitives.Sequence.seq_slice #v_T self._0 (mk_usize 0) index - in - let right:Rust_primitives.Sequence.t_Seq v_T = - Rust_primitives.Sequence.seq_slice #v_T - self._0 - index - (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) + let l:usize = Rust_primitives.Sequence.seq_len #v_T self._0 in + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (out: Rust_primitives.Sequence.t_Seq v_T) = + Rust_primitives.Sequence.seq_drain #v_T self._0 index l in - let left:Rust_primitives.Sequence.t_Seq v_T = - Rust_primitives.Sequence.seq_concat #v_T - left - (Rust_primitives.Sequence.seq_one #v_T element <: Rust_primitives.Sequence.t_Seq v_T) + let self:t_Vec v_T v_A = { self with _0 = tmp0 } <: t_Vec v_T v_A in + let right:Rust_primitives.Sequence.t_Seq v_T = out in + let self:t_Vec v_T v_A = + { self with _0 = Rust_primitives.Sequence.seq_push #v_T self._0 element } <: t_Vec v_T v_A in - let left:Rust_primitives.Sequence.t_Seq v_T = - Rust_primitives.Sequence.seq_concat #v_T left right + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (tmp1: Rust_primitives.Sequence.t_Seq v_T) = + Rust_primitives.Sequence.seq_concat #v_T self._0 right in - let self:t_Vec v_T v_A = { self with _0 = left } <: t_Vec v_T v_A in + let self:t_Vec v_T v_A = { self with _0 = tmp0 } <: t_Vec v_T v_A in + let right:Rust_primitives.Sequence.t_Seq v_T = tmp1 in + let _:Prims.unit = () in self assume @@ -174,18 +156,27 @@ let impl_1__append (#v_T #v_A: Type0) (self other: t_Vec v_T v_A) Hax_lib.Int.t_Int) <= (Rust_primitives.Hax.Int.from_machine Core_models.Num.impl_usize__MAX <: Hax_lib.Int.t_Int)) (fun _ -> Prims.l_True) = - let self:t_Vec v_T v_A = - { self with _0 = Rust_primitives.Sequence.seq_concat #v_T self._0 other._0 } <: t_Vec v_T v_A + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (tmp1: Rust_primitives.Sequence.t_Seq v_T) = + Rust_primitives.Sequence.seq_concat #v_T self._0 other._0 in + let self:t_Vec v_T v_A = { self with _0 = tmp0 } <: t_Vec v_T v_A in + let other:t_Vec v_T v_A = { other with _0 = tmp1 } <: t_Vec v_T v_A in + let _:Prims.unit = () in let other:t_Vec v_T v_A = { other with _0 = Rust_primitives.Sequence.seq_empty #v_T () } <: t_Vec v_T v_A in self, other <: (t_Vec v_T v_A & t_Vec v_T v_A) -let impl_2__extend_from_slice (#v_T #v_A: Type0) (s: t_Vec v_T v_A) (other: t_Slice v_T) +let impl_2__extend_from_slice + (#v_T #v_A: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Clone.t_Clone v_T) + (self: t_Vec v_T v_A) + (other: t_Slice v_T) : Prims.Pure (t_Vec v_T v_A) (requires - ((Rust_primitives.Hax.Int.from_machine (Rust_primitives.Sequence.seq_len #v_T s._0 <: usize) + ((Rust_primitives.Hax.Int.from_machine (Rust_primitives.Sequence.seq_len #v_T self._0 + <: + usize) <: Hax_lib.Int.t_Int) + (Rust_primitives.Hax.Int.from_machine (Core_models.Slice.impl__len #v_T other <: usize) @@ -195,31 +186,41 @@ let impl_2__extend_from_slice (#v_T #v_A: Type0) (s: t_Vec v_T v_A) (other: t_Sl Hax_lib.Int.t_Int) <= (Rust_primitives.Hax.Int.from_machine Core_models.Num.impl_usize__MAX <: Hax_lib.Int.t_Int)) (fun _ -> Prims.l_True) = - let s:t_Vec v_T v_A = - { - s with - _0 - = - Rust_primitives.Sequence.seq_concat #v_T - s._0 - (Rust_primitives.Sequence.seq_from_slice #v_T other <: Rust_primitives.Sequence.t_Seq v_T) - } - <: - t_Vec v_T v_A + let self:t_Vec v_T v_A = + { self with _0 = Rust_primitives.Sequence.seq_extend #v_T self._0 other } <: t_Vec v_T v_A in - s + self +/// Generic `Index` impl for `Vec`, matching std\'s +/// `impl, A: Allocator> Index for Vec` +/// (in `alloc/src/vec/mod.rs`). Delegates through `Deref` to the +/// `<[T]>::index` impl, the same body std uses. We omit the +/// `A: Allocator` bound because we do not model `Allocator` as a +/// trait — functionally identical for our purposes. The trait bound +/// references `std::slice::SliceIndex` (the real one) rather than +/// `core_models::slice::index::SliceIndex` because this crate is +/// standalone and does not depend on `core_models`; Aeneas\'s name +/// map for `std::slice::SliceIndex` aligns the extracted Lean path +/// with `core_models`\'s SliceIndex extraction (both extract under +/// `core.slice.index.SliceIndex`). [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (#v_T #v_A: Type0) : Core_models.Ops.Index.t_Index (t_Vec v_T v_A) usize = +let impl_3 + (#v_T #v_I #v_A: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i0: + Core_models.Slice.Index.t_SliceIndex v_I (t_Slice v_T)) + : Core_models.Ops.Index.t_Index (t_Vec v_T v_A) v_I = { - f_Output = v_T; + f_Output = i0.f_Output; f_index_pre = - (fun (self_: t_Vec v_T v_A) (i: usize) -> i <. (impl_1__len #v_T #v_A self_ <: usize)); - f_index_post = (fun (self: t_Vec v_T v_A) (i: usize) (out: v_T) -> true); - f_index - = - fun (self: t_Vec v_T v_A) (i: usize) -> Rust_primitives.Sequence.seq_index #v_T self._0 i + (fun (self_: t_Vec v_T v_A) (i: v_I) -> + Core_models.Option.impl__is_some #i0.f_Output + (Core_models.Slice.impl__get #v_T #v_I (impl_1__as_slice self_ <: t_Slice v_T) i + <: + Core_models.Option.t_Option i0.f_Output)); + f_index_post = (fun (self: t_Vec v_T v_A) (i: v_I) (out: i0.f_Output) -> true); + f_index = fun (self: t_Vec v_T v_A) (i: v_I) -> (impl_1__as_slice self <: t_Slice v_T).[ i ] } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Array.Iter.fst b/hax-lib/proof-libs/fstar/core/Core_models.Array.Iter.fst index 61ba929a5..d5ff718b5 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Array.Iter.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Array.Iter.fst @@ -14,7 +14,10 @@ let impl (#v_T: Type0) (v_N: usize) f_next_pre = (fun (self: t_IntoIter v_T v_N) -> true); f_next_post = - (fun (self: t_IntoIter v_T v_N) (out: (t_IntoIter v_T v_N & Core_models.Option.t_Option v_T)) -> + (fun + (self: t_IntoIter v_T v_N) + (out1: (t_IntoIter v_T v_N & Core_models.Option.t_Option v_T)) + -> true); f_next = @@ -26,20 +29,11 @@ let impl (#v_T: Type0) (v_N: usize) <: (t_IntoIter v_T v_N & Core_models.Option.t_Option v_T) else - let res:v_T = Rust_primitives.Sequence.seq_first #v_T self._0 in - let self:t_IntoIter v_T v_N = - { - self with - _0 - = - Rust_primitives.Sequence.seq_slice #v_T - self._0 - (mk_usize 1) - (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) - } - <: - t_IntoIter v_T v_N + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (out: v_T) = + Rust_primitives.Sequence.seq_remove #v_T self._0 (mk_usize 0) in + let self:t_IntoIter v_T v_N = { self with _0 = tmp0 } <: t_IntoIter v_T v_N in + let res:v_T = out in self, (Core_models.Option.Option_Some res <: Core_models.Option.t_Option v_T) <: (t_IntoIter v_T v_N & Core_models.Option.t_Option v_T) diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Array.fst b/hax-lib/proof-libs/fstar/core/Core_models.Array.fst index 60ecd92f3..91808abf7 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Array.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Array.fst @@ -3,34 +3,40 @@ module Core_models.Array open FStar.Mul open Rust_primitives +/// See [`std::array::TryFromSliceError`] type t_TryFromSliceError = | TryFromSliceError : t_TryFromSliceError +/// See [`std::array::map`] let impl_23__map (#v_T: Type0) (v_N: usize) (#v_F #v_U: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) - (#_: unit{i0.Core_models.Ops.Function.f_Output == v_U}) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_Fn v_F v_T) + (#_: unit{i0._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U}) (s: t_Array v_T v_N) - (f: (v_T -> v_U)) - : t_Array v_U v_N = Rust_primitives.Slice.array_map #v_T #v_U v_N #(v_T -> v_U) s f + (f: v_F) + : t_Array v_U v_N = Rust_primitives.Slice.array_map #v_T #v_U v_N #v_F s f +/// See [`std::array::as_slice`] let impl_23__as_slice (#v_T: Type0) (v_N: usize) (s: t_Array v_T v_N) : t_Slice v_T = Rust_primitives.Slice.array_as_slice #v_T v_N s -let from_fn - (#v_T: Type0) - (v_N: usize) - (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F usize) - (#_: unit{i0.Core_models.Ops.Function.f_Output == v_T}) - (f: (usize -> v_T)) - : t_Array v_T v_N = Rust_primitives.Slice.array_from_fn #v_T v_N #(usize -> v_T) f +/// See [`std::array::each_ref`] +let impl_23__each_ref (#v_T: Type0) (v_N: usize) (s: t_Array v_T v_N) : t_Array v_T v_N = + Rust_primitives.Slice.array_from_fn #v_T + v_N + #(usize -> v_T) + (fun i -> + let i:usize = i in + Rust_primitives.Slice.array_index #v_T v_N s i <: v_T) + +let from_fn = Rust_primitives.Slice.array_from_fn [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_24 (#v_T: Type0) (v_N: usize) : Core_models.Iter.Traits.Collect.t_IntoIterator (t_Array v_T v_N) = { + f_Item = v_T; f_IntoIter = Core_models.Array.Iter.t_IntoIter v_T v_N; f_into_iter_pre = (fun (self: t_Array v_T v_N) -> true); f_into_iter_post diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Borrow.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Borrow.fsti index 878c2c69a..1e2cf44b6 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Borrow.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Borrow.fsti @@ -3,6 +3,7 @@ module Core_models.Borrow open FStar.Mul open Rust_primitives +/// See [`std::borrow::Borrow`] class t_Borrow (v_Self: Type0) (v_Borrowed: Type0) = { f_borrow_pre:v_Self -> Type0; f_borrow_post:v_Self -> v_Borrowed -> Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Bundle.fst b/hax-lib/proof-libs/fstar/core/Core_models.Bundle.fst index 3c36c1d9b..62b7d76a1 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Bundle.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Bundle.fst @@ -3,10 +3,12 @@ module Core_models.Bundle open FStar.Mul open Rust_primitives +/// See [`std::option::Option`] type t_Option (v_T: Type0) = | Option_Some : v_T -> t_Option v_T | Option_None : t_Option v_T +/// See [`std::option::Option::is_some_and`] let impl__is_some_and (#v_T #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -17,8 +19,9 @@ let impl__is_some_and match self <: t_Option v_T with | Option_None -> false | Option_Some x -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f x + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (x <: v_T) +/// See [`std::option::Option::is_none_or`] let impl__is_none_or (#v_T #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -29,18 +32,21 @@ let impl__is_none_or match self <: t_Option v_T with | Option_None -> true | Option_Some x -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f x + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (x <: v_T) +/// See [`std::option::Option::as_ref`] let impl__as_ref (#v_T: Type0) (self: t_Option v_T) : t_Option v_T = match self <: t_Option v_T with | Option_Some x -> Option_Some x <: t_Option v_T | Option_None -> Option_None <: t_Option v_T +/// See [`std::option::Option::unwrap_or`] let impl__unwrap_or (#v_T: Type0) (self: t_Option v_T) (v_default: v_T) : v_T = match self <: t_Option v_T with | Option_Some x -> x | Option_None -> v_default +/// See [`std::option::Option::unwrap_or_else`] let impl__unwrap_or_else (#v_T #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -59,6 +65,7 @@ let impl__unwrap_or_else f (() <: Prims.unit) +/// See [`std::option::Option::unwrap_or_default`] let impl__unwrap_or_default (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Default.t_Default v_T) @@ -68,6 +75,7 @@ let impl__unwrap_or_default | Option_Some x -> x | Option_None -> Core_models.Default.f_default #v_T #FStar.Tactics.Typeclasses.solve () +/// See [`std::option::Option::map`] let impl__map (#v_T #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -78,11 +86,12 @@ let impl__map match self <: t_Option v_T with | Option_Some x -> Option_Some - (Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f x) + (Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (x <: v_T)) <: t_Option v_U | Option_None -> Option_None <: t_Option v_U +/// See [`std::option::Option::map_or`] let impl__map_or (#v_T #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -93,9 +102,10 @@ let impl__map_or : v_U = match self <: t_Option v_T with | Option_Some t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f t + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) | Option_None -> v_default +/// See [`std::option::Option::map_or_else`] let impl__map_or_else (#v_T #v_U #v_D #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -110,7 +120,7 @@ let impl__map_or_else : v_U = match self <: t_Option v_T with | Option_Some t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f t + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) | Option_None -> Core_models.Ops.Function.f_call_once #v_D #Prims.unit @@ -118,6 +128,7 @@ let impl__map_or_else v_default (() <: Prims.unit) +/// See [`std::option::Option::map_or_default`] let impl__map_or_default (#v_T #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -128,9 +139,10 @@ let impl__map_or_default : v_U = match self <: t_Option v_T with | Option_Some t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f t + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) | Option_None -> Core_models.Default.f_default #v_U #FStar.Tactics.Typeclasses.solve () +/// See [`std::option::Option::and_then`] let impl__and_then (#v_T #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -140,12 +152,91 @@ let impl__and_then : t_Option v_U = match self <: t_Option v_T with | Option_Some x -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f x + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (x <: v_T) | Option_None -> Option_None <: t_Option v_U +/// See [`std::option::Option::take`] +/// Note: The interface in Rust is wrong, but is good after extraction. +/// We cannot make a useful model with the right interface so we lose the executability. let impl__take (#v_T: Type0) (self: t_Option v_T) : (t_Option v_T & t_Option v_T) = (Option_None <: t_Option v_T), self <: (t_Option v_T & t_Option v_T) +/// See [`std::option::Option::filter`] +assume +val impl__filter': + #v_T: Type0 -> + #v_P: Type0 -> + {| i0: Core_models.Ops.Function.t_FnOnce v_P v_T |} -> + #_: unit{i0.Core_models.Ops.Function.f_Output == bool} -> + self: t_Option v_T -> + predicate: v_P + -> t_Option v_T + +unfold +let impl__filter + (#v_T #v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_P v_T) + (#_: unit{i0.Core_models.Ops.Function.f_Output == bool}) + = impl__filter' #v_T #v_P #i0 #_ + +/// See [`std::option::Option::or`] +let impl__or (#v_T: Type0) (self optb: t_Option v_T) : t_Option v_T = + match self <: t_Option v_T with + | Option_Some x -> Option_Some x <: t_Option v_T + | Option_None -> optb + +/// See [`std::option::Option::or_else`] +let impl__or_else + (#v_T #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i0: + Core_models.Ops.Function.t_FnOnce v_F Prims.unit) + (#_: unit{i0.Core_models.Ops.Function.f_Output == t_Option v_T}) + (self: t_Option v_T) + (f: v_F) + : t_Option v_T = + match self <: t_Option v_T with + | Option_Some x -> Option_Some x <: t_Option v_T + | Option_None -> + Core_models.Ops.Function.f_call_once #v_F + #Prims.unit + #FStar.Tactics.Typeclasses.solve + f + (() <: Prims.unit) + +/// See [`std::option::Option::xor`] +let impl__xor (#v_T: Type0) (self optb: t_Option v_T) : t_Option v_T = + match self, optb <: (t_Option v_T & t_Option v_T) with + | Option_Some a, Option_None -> Option_Some a <: t_Option v_T + | Option_None , Option_Some b -> Option_Some b <: t_Option v_T + | _ -> Option_None <: t_Option v_T + +/// See [`std::option::Option::zip`] +let impl__zip (#v_T #v_U: Type0) (self: t_Option v_T) (other: t_Option v_U) : t_Option (v_T & v_U) = + match self, other <: (t_Option v_T & t_Option v_U) with + | Option_Some a, Option_Some b -> Option_Some (a, b <: (v_T & v_U)) <: t_Option (v_T & v_U) + | _ -> Option_None <: t_Option (v_T & v_U) + +/// See [`std::option::Option::inspect`] +let impl__inspect + (#v_T #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) + (#_: unit{i0.Core_models.Ops.Function.f_Output == Prims.unit}) + (self: t_Option v_T) + (f: v_F) + : t_Option v_T = + let _:Prims.unit = + match self <: t_Option v_T with + | Option_Some x -> + let _:Prims.unit = + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (x <: v_T) + in + () + | _ -> () + in + self + +/// See [`std::option::Option::is_some`] let impl__is_some (#v_T: Type0) (self: t_Option v_T) : Prims.Pure bool Prims.l_True @@ -157,30 +248,50 @@ let impl__is_some (#v_T: Type0) (self: t_Option v_T) | Option_Some _ -> true | _ -> false +/// See [`std::option::Option::is_none`] let impl__is_none (#v_T: Type0) (self: t_Option v_T) : bool = (impl__is_some #v_T self <: bool) =. false +/// See [`std::option::Option::expect`] let impl__expect (#v_T: Type0) (self: t_Option v_T) (e_msg: string) : Prims.Pure v_T (requires impl__is_some #v_T self) (fun _ -> Prims.l_True) = match self <: t_Option v_T with | Option_Some v_val -> v_val | Option_None -> Core_models.Panicking.Internal.panic #v_T () +/// See [`std::option::Option::unwrap`] let impl__unwrap (#v_T: Type0) (self: t_Option v_T) : Prims.Pure v_T (requires impl__is_some #v_T self) (fun _ -> Prims.l_True) = match self <: t_Option v_T with | Option_Some v_val -> v_val | Option_None -> Core_models.Panicking.Internal.panic #v_T () +/// See [`std::option::Option::flatten`] +let impl_1__flatten (#v_T: Type0) (self: t_Option (t_Option v_T)) : t_Option v_T = + match self <: t_Option (t_Option v_T) with + | Option_Some inner -> inner + | Option_None -> Option_None <: t_Option v_T + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (#v_T: Type0) : Core_models.Default.t_Default (t_Option v_T) = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: t_Option v_T) -> true); + f_default = fun (_: Prims.unit) -> Option_None <: t_Option v_T + } + +/// See [`std::result::Result`] type t_Result (v_T: Type0) (v_E: Type0) = | Result_Ok : v_T -> t_Result v_T v_E | Result_Err : v_E -> t_Result v_T v_E +/// See [`std::option::Option::ok_or`] let impl__ok_or (#v_T #v_E: Type0) (self: t_Option v_T) (err: v_E) : t_Result v_T v_E = match self <: t_Option v_T with | Option_Some v -> Result_Ok v <: t_Result v_T v_E | Option_None -> Result_Err err <: t_Result v_T v_E +/// See [`std::option::Option::ok_or_else`] let impl__ok_or_else (#v_T #v_E #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] @@ -202,11 +313,78 @@ let impl__ok_or_else <: t_Result v_T v_E +/// See [`std::result::Result::is_ok`] +let impl__is_ok (#v_T #v_E: Type0) (self: t_Result v_T v_E) : bool = + match self <: t_Result v_T v_E with + | Result_Ok _ -> true + | _ -> false + +/// See [`std::result::Result::is_ok_and`] +let impl__is_ok_and + (#v_T #v_E #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) + (#_: unit{i0.Core_models.Ops.Function.f_Output == bool}) + (self: t_Result v_T v_E) + (f: v_F) + : bool = + match self <: t_Result v_T v_E with + | Result_Ok t -> + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) + | Result_Err _ -> false + +/// See [`std::result::Result::is_err`] +let impl__is_err (#v_T #v_E: Type0) (self: t_Result v_T v_E) : bool = + ~.(impl__is_ok #v_T #v_E self <: bool) + +/// See [`std::result::Result::is_err_and`] +let impl__is_err_and + (#v_T #v_E #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_E) + (#_: unit{i0.Core_models.Ops.Function.f_Output == bool}) + (self: t_Result v_T v_E) + (f: v_F) + : bool = + match self <: t_Result v_T v_E with + | Result_Ok _ -> false + | Result_Err e -> + Core_models.Ops.Function.f_call_once #v_F #v_E #FStar.Tactics.Typeclasses.solve f (e <: v_E) + +/// See [`std::result::Result::as_ref`] +let impl__as_ref__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) : t_Result v_T v_E = + match self <: t_Result v_T v_E with + | Result_Ok t -> Result_Ok t <: t_Result v_T v_E + | Result_Err e -> Result_Err e <: t_Result v_T v_E + +/// See [`std::result::Result::unwrap_or`] let impl__unwrap_or__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) (v_default: v_T) : v_T = match self <: t_Result v_T v_E with | Result_Ok t -> t | Result_Err _ -> v_default +/// See [`std::result::Result::unwrap_or_else`] +let impl__unwrap_or_else__from__result + (#v_T #v_E #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_E) + (#_: unit{i0.Core_models.Ops.Function.f_Output == v_T}) + (self: t_Result v_T v_E) + (op: v_F) + : v_T = + match self <: t_Result v_T v_E with + | Result_Ok t -> t + | Result_Err e -> + Core_models.Ops.Function.f_call_once #v_F #v_E #FStar.Tactics.Typeclasses.solve op (e <: v_E) + +/// See [`std::result::Result::unwrap_or_default`] +let impl__unwrap_or_default__from__result + (#v_T #v_E: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Default.t_Default v_T) + (self: t_Result v_T v_E) + : v_T = + match self <: t_Result v_T v_E with + | Result_Ok t -> t + | Result_Err _ -> Core_models.Default.f_default #v_T #FStar.Tactics.Typeclasses.solve () + +/// See [`std::result::Result::map`] let impl__map__from__result (#v_T #v_E #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -216,11 +394,13 @@ let impl__map__from__result : t_Result v_U v_E = match self <: t_Result v_T v_E with | Result_Ok t -> - Result_Ok (Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve op t) + Result_Ok + (Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve op (t <: v_T)) <: t_Result v_U v_E | Result_Err e -> Result_Err e <: t_Result v_U v_E +/// See [`std::result::Result::map_or`] let impl__map_or__from__result (#v_T #v_E #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -231,9 +411,10 @@ let impl__map_or__from__result : v_U = match self <: t_Result v_T v_E with | Result_Ok t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f t - | Result_Err e_e -> v_default + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) + | Result_Err _ -> v_default +/// See [`std::result::Result::map_or_else`] let impl__map_or_else__from__result (#v_T #v_E #v_U #v_D #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -246,10 +427,29 @@ let impl__map_or_else__from__result : v_U = match self <: t_Result v_T v_E with | Result_Ok t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f t + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) | Result_Err e -> - Core_models.Ops.Function.f_call_once #v_D #v_E #FStar.Tactics.Typeclasses.solve v_default e + Core_models.Ops.Function.f_call_once #v_D + #v_E + #FStar.Tactics.Typeclasses.solve + v_default + (e <: v_E) + +/// See [`std::result::Result::map_or_default`] +let impl__map_or_default__from__result + (#v_T #v_E #v_U #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Default.t_Default v_U) + (#_: unit{i0.Core_models.Ops.Function.f_Output == v_U}) + (self: t_Result v_T v_E) + (f: v_F) + : v_U = + match self <: t_Result v_T v_E with + | Result_Ok t -> + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) + | Result_Err _ -> Core_models.Default.f_default #v_U #FStar.Tactics.Typeclasses.solve () +/// See [`std::result::Result::map_err`] let impl__map_err (#v_T #v_E #v_F #v_O: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_O v_E) @@ -261,15 +461,68 @@ let impl__map_err | Result_Ok t -> Result_Ok t <: t_Result v_T v_F | Result_Err e -> Result_Err - (Core_models.Ops.Function.f_call_once #v_O #v_E #FStar.Tactics.Typeclasses.solve op e) + (Core_models.Ops.Function.f_call_once #v_O #v_E #FStar.Tactics.Typeclasses.solve op (e <: v_E)) <: t_Result v_T v_F -let impl__is_ok (#v_T #v_E: Type0) (self: t_Result v_T v_E) : bool = +/// See [`std::result::Result::inspect`] +let impl__inspect__from__result + (#v_T #v_E #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) + (#_: unit{i0.Core_models.Ops.Function.f_Output == Prims.unit}) + (self: t_Result v_T v_E) + (f: v_F) + : t_Result v_T v_E = + let _:Prims.unit = + match self <: t_Result v_T v_E with + | Result_Ok t -> + let _:Prims.unit = + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve f (t <: v_T) + in + () + | _ -> () + in + self + +/// See [`std::result::Result::inspect_err`] +let impl__inspect_err + (#v_T #v_E #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_E) + (#_: unit{i0.Core_models.Ops.Function.f_Output == Prims.unit}) + (self: t_Result v_T v_E) + (f: v_F) + : t_Result v_T v_E = + let _:Prims.unit = + match self <: t_Result v_T v_E with + | Result_Err e -> + let _:Prims.unit = + Core_models.Ops.Function.f_call_once #v_F #v_E #FStar.Tactics.Typeclasses.solve f (e <: v_E) + in + () + | _ -> () + in + self + +/// See [`std::result::Result::ok`] +let impl__ok (#v_T #v_E: Type0) (self: t_Result v_T v_E) : t_Option v_T = match self <: t_Result v_T v_E with - | Result_Ok _ -> true - | _ -> false + | Result_Ok x -> Option_Some x <: t_Option v_T + | Result_Err _ -> Option_None <: t_Option v_T + +/// See [`std::result::Result::err`] +let impl__err (#v_T #v_E: Type0) (self: t_Result v_T v_E) : t_Option v_E = + match self <: t_Result v_T v_E with + | Result_Ok _ -> Option_None <: t_Option v_E + | Result_Err e -> Option_Some e <: t_Option v_E +/// See [`std::result::Result::and`] +let impl__and (#v_T #v_E #v_U: Type0) (self: t_Result v_T v_E) (res: t_Result v_U v_E) + : t_Result v_U v_E = + match self <: t_Result v_T v_E with + | Result_Ok _ -> res + | Result_Err e -> Result_Err e <: t_Result v_U v_E + +/// See [`std::result::Result::and_then`] let impl__and_then__from__result (#v_T #v_E #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_F v_T) @@ -279,22 +532,81 @@ let impl__and_then__from__result : t_Result v_U v_E = match self <: t_Result v_T v_E with | Result_Ok t -> - Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve op t + Core_models.Ops.Function.f_call_once #v_F #v_T #FStar.Tactics.Typeclasses.solve op (t <: v_T) | Result_Err e -> Result_Err e <: t_Result v_U v_E -let impl__ok (#v_T #v_E: Type0) (self: t_Result v_T v_E) : t_Option v_T = +/// See [`std::result::Result::or`] +let impl__or__from__result (#v_T #v_E #v_F: Type0) (self: t_Result v_T v_E) (res: t_Result v_T v_F) + : t_Result v_T v_F = match self <: t_Result v_T v_E with - | Result_Ok x -> Option_Some x <: t_Option v_T - | Result_Err _ -> Option_None <: t_Option v_T + | Result_Ok t -> Result_Ok t <: t_Result v_T v_F + | Result_Err _ -> res -let impl__unwrap__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) +/// See [`std::result::Result::or_else`] +let impl__or_else__from__result + (#v_T #v_E #v_F #v_O: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_FnOnce v_O v_E) + (#_: unit{i0.Core_models.Ops.Function.f_Output == t_Result v_T v_F}) + (self: t_Result v_T v_E) + (op: v_O) + : t_Result v_T v_F = + match self <: t_Result v_T v_E with + | Result_Ok t -> Result_Ok t <: t_Result v_T v_F + | Result_Err e -> + Core_models.Ops.Function.f_call_once #v_O #v_E #FStar.Tactics.Typeclasses.solve op (e <: v_E) + +/// See [`std::result::Result::expect`] +let impl__expect__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) (e_msg: string) : Prims.Pure v_T (requires impl__is_ok #v_T #v_E self) (fun _ -> Prims.l_True) = match self <: t_Result v_T v_E with | Result_Ok t -> t | Result_Err _ -> Core_models.Panicking.Internal.panic #v_T () -let impl__expect__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) (e_msg: string) +/// See [`std::result::Result::unwrap`] +let impl__unwrap__from__result (#v_T #v_E: Type0) (self: t_Result v_T v_E) : Prims.Pure v_T (requires impl__is_ok #v_T #v_E self) (fun _ -> Prims.l_True) = match self <: t_Result v_T v_E with | Result_Ok t -> t | Result_Err _ -> Core_models.Panicking.Internal.panic #v_T () + +/// See [`std::result::Result::expect_err`] +let impl__expect_err (#v_T #v_E: Type0) (self: t_Result v_T v_E) (e_msg: string) + : Prims.Pure v_E (requires impl__is_err #v_T #v_E self) (fun _ -> Prims.l_True) = + match self <: t_Result v_T v_E with + | Result_Ok _ -> Core_models.Panicking.Internal.panic #v_E () + | Result_Err e -> e + +/// See [`std::result::Result::unwrap_err`] +let impl__unwrap_err (#v_T #v_E: Type0) (self: t_Result v_T v_E) + : Prims.Pure v_E (requires impl__is_err #v_T #v_E self) (fun _ -> Prims.l_True) = + match self <: t_Result v_T v_E with + | Result_Ok _ -> Core_models.Panicking.Internal.panic #v_E () + | Result_Err e -> e + +/// See [`std::result::Result::cloned`] +let impl_1__cloned + (#v_T #v_E: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Clone.t_Clone v_T) + (self: t_Result v_T v_E) + : t_Result v_T v_E = + match self <: t_Result v_T v_E with + | Result_Ok t -> + Result_Ok (Core_models.Clone.f_clone #v_T #FStar.Tactics.Typeclasses.solve t) + <: + t_Result v_T v_E + | Result_Err e -> Result_Err e <: t_Result v_T v_E + +/// See [`std::result::Result::transpose`] +let impl_2__transpose (#v_T #v_E: Type0) (self: t_Result (t_Option v_T) v_E) + : t_Option (t_Result v_T v_E) = + match self <: t_Result (t_Option v_T) v_E with + | Result_Ok (Option_Some t) -> + Option_Some (Result_Ok t <: t_Result v_T v_E) <: t_Option (t_Result v_T v_E) + | Result_Ok (Option_None ) -> Option_None <: t_Option (t_Result v_T v_E) + | Result_Err e -> Option_Some (Result_Err e <: t_Result v_T v_E) <: t_Option (t_Result v_T v_E) + +/// See [`std::result::Result::flatten`] +let impl_3__flatten (#v_T #v_E: Type0) (self: t_Result (t_Result v_T v_E) v_E) : t_Result v_T v_E = + match self <: t_Result (t_Result v_T v_E) v_E with + | Result_Ok inner -> inner + | Result_Err e -> Result_Err e <: t_Result v_T v_E diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Cmp.fst b/hax-lib/proof-libs/fstar/core/Core_models.Cmp.fst index 1f17d592e..d6992cab0 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Cmp.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Cmp.fst @@ -3,6 +3,7 @@ module Core_models.Cmp open FStar.Mul open Rust_primitives +/// See [`std::cmp::PartialEq`] class t_PartialEq (v_Self: Type0) (v_Rhs: Type0) = { f_eq_pre:self_: v_Self -> other: v_Rhs -> pred: Type0{true ==> pred}; f_eq_post:v_Self -> v_Rhs -> bool -> Type0; @@ -10,6 +11,7 @@ class t_PartialEq (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure bool (f_eq_pre x0 x1) (fun result -> f_eq_post x0 x1 result) } +/// See [`std::cmp::Eq`] class t_Eq (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:t_PartialEq v_Self v_Self } @@ -17,6 +19,7 @@ class t_Eq (v_Self: Type0) = { [@@ FStar.Tactics.Typeclasses.tcinstance] let _ = fun (v_Self:Type0) {|i: t_Eq v_Self|} -> i._super_i0 +/// See [`std::cmp::Ordering`] type t_Ordering = | Ordering_Less : t_Ordering | Ordering_Equal : t_Ordering @@ -34,6 +37,7 @@ let t_Ordering_cast_to_repr (x: t_Ordering) : isize = | Ordering_Equal -> anon_const_Ordering_Equal__anon_const_0 | Ordering_Greater -> anon_const_Ordering_Greater__anon_const_0 +/// See [`std::cmp::PartialOrd`] class t_PartialOrd (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:t_PartialEq v_Self v_Rhs; f_partial_cmp_pre:self_: v_Self -> other: v_Rhs -> pred: Type0{true ==> pred}; @@ -217,6 +221,7 @@ let impl_1 (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Partia | _ -> false } +/// See [`std::cmp::Ord`] class t_Ord (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:t_Eq v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_i1:t_PartialOrd v_Self v_Self; @@ -232,16 +237,19 @@ let _ = fun (v_Self:Type0) {|i: t_Ord v_Self|} -> i._super_i0 [@@ FStar.Tactics.Typeclasses.tcinstance] let _ = fun (v_Self:Type0) {|i: t_Ord v_Self|} -> i._super_i1 +/// See [`std::cmp::max`] let max (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Ord v_T) (v1 v2: v_T) : v_T = match f_cmp #v_T #FStar.Tactics.Typeclasses.solve v1 v2 <: t_Ordering with | Ordering_Greater -> v1 | _ -> v2 +/// See [`std::cmp::min`] let min (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Ord v_T) (v1 v2: v_T) : v_T = match f_cmp #v_T #FStar.Tactics.Typeclasses.solve v1 v2 <: t_Ordering with | Ordering_Greater -> v2 | _ -> v1 +/// See [`std::cmp::Reverse`] type t_Reverse (v_T: Type0) = | Reverse : v_T -> t_Reverse v_T [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -1073,3 +1081,95 @@ let impl_Ord_for_isize: t_Ord isize = then Ordering_Less <: t_Ordering else if self >. other then Ordering_Greater <: t_Ordering else Ordering_Equal <: t_Ordering } + +/// See [`std::cmp::Ordering::is_eq`] +let impl_Ordering__is_eq (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Equal -> true + | _ -> false + +/// See [`std::cmp::Ordering::is_ne`] +let impl_Ordering__is_ne (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Less | Ordering_Greater -> true + | _ -> false + +/// See [`std::cmp::Ordering::is_lt`] +let impl_Ordering__is_lt (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Less -> true + | _ -> false + +/// See [`std::cmp::Ordering::is_gt`] +let impl_Ordering__is_gt (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Greater -> true + | _ -> false + +/// See [`std::cmp::Ordering::is_le`] +let impl_Ordering__is_le (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Less | Ordering_Equal -> true + | _ -> false + +/// See [`std::cmp::Ordering::is_ge`] +let impl_Ordering__is_ge (self: t_Ordering) : bool = + match self <: t_Ordering with + | Ordering_Greater | Ordering_Equal -> true + | _ -> false + +/// See [`std::cmp::Ordering::reverse`] +let impl_Ordering__reverse (self: t_Ordering) : t_Ordering = + match self <: t_Ordering with + | Ordering_Less -> Ordering_Greater <: t_Ordering + | Ordering_Equal -> Ordering_Equal <: t_Ordering + | Ordering_Greater -> Ordering_Less <: t_Ordering + +/// See [`std::cmp::Ordering::then`] +let impl_Ordering__then (self other: t_Ordering) : t_Ordering = + match self <: t_Ordering with + | Ordering_Equal -> other + | _ -> self + +/// See [`std::cmp::Ordering::then_with`] +let impl_Ordering__then_with + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i0: + Core_models.Ops.Function.t_FnOnce v_F Prims.unit) + (#_: unit{i0.Core_models.Ops.Function.f_Output == t_Ordering}) + (self: t_Ordering) + (f: v_F) + : t_Ordering = + match self <: t_Ordering with + | Ordering_Equal -> + Core_models.Ops.Function.f_call_once #v_F + #Prims.unit + #FStar.Tactics.Typeclasses.solve + f + (() <: Prims.unit) + | _ -> self + +/// See [`std::cmp::clamp`] +let clamp + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Ord v_T) + (value min max: v_T) + : Prims.Pure v_T + (requires + impl_Ordering__is_le (f_cmp #v_T #FStar.Tactics.Typeclasses.solve min max <: t_Ordering)) + (fun _ -> Prims.l_True) = + let _:Prims.unit = + if + ~.(impl_Ordering__is_le (f_cmp #v_T #FStar.Tactics.Typeclasses.solve min max <: t_Ordering) + <: + bool) + then Core_models.Panicking.Internal.panic #Prims.unit () + in + match f_cmp #v_T #FStar.Tactics.Typeclasses.solve value min <: t_Ordering with + | Ordering_Less -> min + | Ordering_Equal -> value + | Ordering_Greater -> + match f_cmp #v_T #FStar.Tactics.Typeclasses.solve value max <: t_Ordering with + | Ordering_Greater -> max + | _ -> value diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Convert.fst b/hax-lib/proof-libs/fstar/core/Core_models.Convert.fst index 560f806f2..a4e85b3f8 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Convert.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Convert.fst @@ -3,12 +3,14 @@ module Core_models.Convert open FStar.Mul open Rust_primitives +/// See [`std::convert::Into`] class t_Into (v_Self: Type0) (v_T: Type0) = { f_into_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_into_post:v_Self -> v_T -> Type0; f_into:x0: v_Self -> Prims.Pure v_T (f_into_pre x0) (fun result -> f_into_post x0 result) } +/// See [`std::convert::From`] class t_From (v_Self: Type0) (v_T: Type0) = { f_from_pre:x: v_T -> pred: Type0{true ==> pred}; f_from_post:v_T -> v_Self -> Type0; @@ -24,6 +26,7 @@ let impl (#v_T #v_U: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Fro f_into = fun (self: v_T) -> f_from #v_U #v_T #FStar.Tactics.Typeclasses.solve self } +/// See [`std::convert::Infallible`] type t_Infallible = | Infallible : t_Infallible [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -34,6 +37,7 @@ let impl_4 (#v_T: Type0) : t_From v_T v_T = f_from = fun (x: v_T) -> x } +/// See [`std::convert::AsRef`] class t_AsRef (v_Self: Type0) (v_T: Type0) = { f_as_ref_pre:self_: v_Self -> pred: Type0{true ==> pred}; f_as_ref_post:v_Self -> v_T -> Type0; @@ -256,6 +260,7 @@ let impl_31: t_From isize i16 = f_from = fun (x: i16) -> cast (x <: i16) <: isize } +/// See [`std::convert::TryInto`] class t_TryInto (v_Self: Type0) (v_T: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Error:Type0; f_try_into_pre:self_: v_Self -> pred: Type0{true ==> pred}; @@ -266,6 +271,7 @@ class t_TryInto (v_Self: Type0) (v_T: Type0) = { (fun result -> f_try_into_post x0 result) } +/// See [`std::convert::TryFrom`] class t_TryFrom (v_Self: Type0) (v_T: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Error:Type0; f_try_from_pre:x: v_T -> pred: Type0{true ==> pred}; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Default.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Default.fsti index 2c7087635..06b1213cf 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Default.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Default.fsti @@ -3,6 +3,7 @@ module Core_models.Default open FStar.Mul open Rust_primitives +/// See [`std::default::Default`] class t_Default (v_Self: Type0) = { f_default_pre:x: Prims.unit -> pred: diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Error.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Error.fsti index 18a1ff7ca..e443f2322 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Error.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Error.fsti @@ -3,6 +3,7 @@ module Core_models.Error open FStar.Mul open Rust_primitives +/// See [`std::error::Error`] class t_Error (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:Core_models.Fmt.t_Display v_Self; [@@@ FStar.Tactics.Typeclasses.no_method]_super_i1:Core_models.Fmt.t_Debug v_Self diff --git a/hax-lib/proof-libs/fstar/core/Core_models.F32.fst b/hax-lib/proof-libs/fstar/core/Core_models.F32.fst index 723141d35..350faa0cd 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.F32.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.F32.fst @@ -3,6 +3,7 @@ module Core_models.F32 open FStar.Mul open Rust_primitives +/// See [`std::primitive::f32::abs`] assume val impl_f32__abs': x: float -> float diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Fmt.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Fmt.fsti index 466517cd1..c9ba8da59 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Fmt.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Fmt.fsti @@ -3,10 +3,13 @@ module Core_models.Fmt open FStar.Mul open Rust_primitives +/// See [`std::fmt::Error`] type t_Error = | Error : t_Error +/// See [`std::fmt::Formatter`] type t_Formatter = | Formatter : t_Formatter +/// See [`std::fmt::Display`] class t_Display (v_Self: Type0) = { f_fmt_pre:v_Self -> t_Formatter -> Type0; f_fmt_post:v_Self -> t_Formatter -> (t_Formatter & Core_models.Result.t_Result Prims.unit t_Error) @@ -17,6 +20,7 @@ class t_Display (v_Self: Type0) = { (fun result -> f_fmt_post x0 x1 result) } +/// See [`std::fmt::Debug`] class t_Debug (v_Self: Type0) = { f_dbg_fmt_pre:v_Self -> t_Formatter -> Type0; f_dbg_fmt_post: @@ -30,6 +34,7 @@ class t_Debug (v_Self: Type0) = { (fun result -> f_dbg_fmt_post x0 x1 result) } +/// See [`std::fmt::Arguments`] type t_Arguments = | Arguments : Prims.unit -> t_Arguments [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Hash.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Hash.fsti index 5f37bb00e..5f97fc62c 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Hash.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Hash.fsti @@ -3,8 +3,10 @@ module Core_models.Hash open FStar.Mul open Rust_primitives +/// See [`std::hash::Hasher`] class t_Hasher (v_Self: Type0) = { __marker_trait_t_Hasher:Prims.unit } +/// See [`std::hash::Hash`] class t_Hash (v_Self: Type0) = { f_hash_pre:#v_H: Type0 -> {| i1: t_Hasher v_H |} -> self_: v_Self -> h: v_H -> pred: Type0{true ==> pred}; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Hint.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Hint.fsti index 7879f5fb7..596d763f6 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Hint.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Hint.fsti @@ -3,6 +3,7 @@ module Core_models.Hint open FStar.Mul open Rust_primitives +/// See [`std::hint::black_box`] val black_box (#v_T: Type0) (dummy: v_T) : Prims.Pure v_T Prims.l_True @@ -11,6 +12,7 @@ val black_box (#v_T: Type0) (dummy: v_T) let res:v_T = res in res == dummy) +/// See [`std::hint::must_use`] val must_use (#v_T: Type0) (value: v_T) : Prims.Pure v_T Prims.l_True diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Chain.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Chain.fst new file mode 100644 index 000000000..f1e6ee705 --- /dev/null +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Chain.fst @@ -0,0 +1,10 @@ +module Core_models.Iter.Adapters.Chain +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open FStar.Mul +open Rust_primitives + +include Core_models.Iter.Bundle {t_Chain as t_Chain} + +include Core_models.Iter.Bundle {impl__new as impl__new} + +include Core_models.Iter.Bundle {impl_1 as impl_1} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Enumerate.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Enumerate.fst index 3d9128ad7..2e597c672 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Enumerate.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Enumerate.fst @@ -5,6 +5,6 @@ open Rust_primitives include Core_models.Iter.Bundle {t_Enumerate as t_Enumerate} -include Core_models.Iter.Bundle {impl__new as impl__new} +include Core_models.Iter.Bundle {impl__new__from__enumerate as impl__new} -include Core_models.Iter.Bundle {impl_1 as impl_1} +include Core_models.Iter.Bundle {impl_1__from__enumerate as impl_1} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Filter.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Filter.fst new file mode 100644 index 000000000..2ce642c30 --- /dev/null +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Filter.fst @@ -0,0 +1,10 @@ +module Core_models.Iter.Adapters.Filter +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open FStar.Mul +open Rust_primitives + +include Core_models.Iter.Bundle {t_Filter as t_Filter} + +include Core_models.Iter.Bundle {impl__new__from__filter as impl__new} + +include Core_models.Iter.Bundle {impl_1__from__filter as impl_1} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Skip.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Skip.fst new file mode 100644 index 000000000..ed6fbdad7 --- /dev/null +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Adapters.Skip.fst @@ -0,0 +1,10 @@ +module Core_models.Iter.Adapters.Skip +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open FStar.Mul +open Rust_primitives + +include Core_models.Iter.Bundle {t_Skip as t_Skip} + +include Core_models.Iter.Bundle {impl__new__from__skip as impl__new} + +include Core_models.Iter.Bundle {impl_1__from__skip as impl_1} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Bundle.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Bundle.fst index 59d042752..62b2de23e 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Bundle.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Bundle.fst @@ -3,20 +3,38 @@ module Core_models.Iter.Bundle open FStar.Mul open Rust_primitives +/// See [`std::iter::Chain`] +type t_Chain (v_A: Type0) (v_B: Type0) = { + f_a:Core_models.Option.t_Option v_A; + f_b:v_B +} + +/// See [`std::iter::Enumerate`] type t_Enumerate (v_I: Type0) = { f_iter:v_I; f_count:usize } -let impl__new (#v_I: Type0) (iter: v_I) : t_Enumerate v_I = +let impl__new__from__enumerate (#v_I: Type0) (iter: v_I) : t_Enumerate v_I = { f_iter = iter; f_count = mk_usize 0 } <: t_Enumerate v_I +/// See [`std::iter::Filter`] +type t_Filter (v_I: Type0) (v_P: Type0) = { + f_iter:v_I; + f_predicate:v_P +} + +let impl__new__from__filter (#v_I #v_P: Type0) (iter: v_I) (predicate: v_P) : t_Filter v_I v_P = + { f_iter = iter; f_predicate = predicate } <: t_Filter v_I v_P + +/// See [`std::iter::FlatMap`] type t_FlatMap (v_I: Type0) (v_U: Type0) (v_F: Type0) = { f_it:v_I; f_f:v_F; f_current:Core_models.Option.t_Option v_U } +/// See [`std::iter::Map`] type t_Map (v_I: Type0) (v_F: Type0) = { f_iter:v_I; f_f:v_F @@ -25,6 +43,16 @@ type t_Map (v_I: Type0) (v_F: Type0) = { let impl__new__from__map (#v_I #v_F: Type0) (iter: v_I) (f: v_F) : t_Map v_I v_F = { f_iter = iter; f_f = f } <: t_Map v_I v_F +/// See [`std::iter::Skip`] +type t_Skip (v_I: Type0) = { + f_iter:v_I; + f_n:usize +} + +let impl__new__from__skip (#v_I: Type0) (iter: v_I) (n: usize) : t_Skip v_I = + { f_iter = iter; f_n = n } <: t_Skip v_I + +/// See [`std::iter::StepBy`] type t_StepBy (v_I: Type0) = { f_iter:v_I; f_step:usize @@ -33,6 +61,7 @@ type t_StepBy (v_I: Type0) = { let impl__new__from__step_by (#v_I: Type0) (iter: v_I) (step: usize) : t_StepBy v_I = { f_iter = iter; f_step = step } <: t_StepBy v_I +/// See [`std::iter::Take`] type t_Take (v_I: Type0) = { f_iter:v_I; f_n:usize @@ -41,11 +70,13 @@ type t_Take (v_I: Type0) = { let impl__new__from__take (#v_I: Type0) (iter: v_I) (n: usize) : t_Take v_I = { f_iter = iter; f_n = n } <: t_Take v_I +/// See [`std::iter::Zip`] type t_Zip (v_I1: Type0) (v_I2: Type0) = { f_it1:v_I1; f_it2:v_I2 } +/// See [`std::iter::Iterator`] class t_Iterator (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Item:Type0; f_next_pre:self_: v_Self -> pred: Type0{true ==> pred}; @@ -56,8 +87,40 @@ class t_Iterator (v_Self: Type0) = { (fun result -> f_next_post x0 result) } +let impl__new + (#v_A #v_B: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_A) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_B) + (#_: unit{i1.f_Item == i0.f_Item}) + (a: v_A) + (b: v_B) + : t_Chain v_A v_B = + { f_a = Core_models.Option.Option_Some a <: Core_models.Option.t_Option v_A; f_b = b } + <: + t_Chain v_A v_B + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1': + #v_A: Type0 -> + #v_B: Type0 -> + {| i0: t_Iterator v_A |} -> + {| i1: t_Iterator v_B |} -> + #_: unit{i1.f_Item == i0.f_Item} + -> t_Iterator (t_Chain v_A v_B) + +unfold +let impl_1 + (#v_A #v_B: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_A) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_B) + (#_: unit{i1.f_Item == i0.f_Item}) + = impl_1' #v_A #v_B #i0 #i1 #_ + [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1 (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) +let impl_1__from__enumerate + (#v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) : t_Iterator (t_Enumerate v_I) = { f_Item = (usize & i0.f_Item); @@ -101,14 +164,30 @@ let impl_1 (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterat self, hax_temp_output <: (t_Enumerate v_I & Core_models.Option.t_Option (usize & i0.f_Item)) } +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1__from__filter': + #v_I: Type0 -> + #v_P: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} + -> t_Iterator (t_Filter v_I v_P) + +unfold +let impl_1__from__filter + (#v_I #v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool}) + = impl_1__from__filter' #v_I #v_P #i0 #i1 #_ + let impl__new__from__flat_map (#v_I #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) - (#_: unit{i2.Core_models.Ops.Function.f_Output == v_U}) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U}) (it: v_I) (f: v_F) : t_FlatMap v_I v_U v_F = @@ -128,8 +207,8 @@ val impl_1__from__flat_map': #v_F: Type0 -> {| i0: t_Iterator v_I |} -> {| i1: t_Iterator v_U |} -> - {| i2: Core_models.Ops.Function.t_FnOnce v_F i0.f_Item |} -> - #_: unit{i2.Core_models.Ops.Function.f_Output == v_U} + {| i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item |} -> + #_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U} -> t_Iterator (t_FlatMap v_I v_U v_F) unfold @@ -137,14 +216,13 @@ let impl_1__from__flat_map (#v_I #v_U #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) - (#_: unit{i2.Core_models.Ops.Function.f_Output == v_U}) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U}) = impl_1__from__flat_map' #v_I #v_U #v_F #i0 #i1 #i2 #_ noeq +/// See [`std::iter::Flatten`] type t_Flatten (v_I: Type0) {| i0: t_Iterator v_I |} {| i1: t_Iterator i0.f_Item |} = { f_it:v_I; f_current:Core_models.Option.t_Option i0.f_Item @@ -179,10 +257,8 @@ let impl_1__from__flatten let impl_1__from__map (#v_I #v_O #v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) - (#_: unit{i1.Core_models.Ops.Function.f_Output == v_O}) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_O}) : t_Iterator (t_Map v_I v_F) = { f_Item = v_O; @@ -201,11 +277,11 @@ let impl_1__from__map match out <: Core_models.Option.t_Option i0.f_Item with | Core_models.Option.Option_Some v -> Core_models.Option.Option_Some - (Core_models.Ops.Function.f_call_once #v_F + (Core_models.Ops.Function.f_call #v_F #i0.f_Item #FStar.Tactics.Typeclasses.solve self.f_f - v) + (v <: i0.f_Item)) <: Core_models.Option.t_Option v_O | Core_models.Option.Option_None -> @@ -214,6 +290,14 @@ let impl_1__from__map self, hax_temp_output <: (t_Map v_I v_F & Core_models.Option.t_Option v_O) } +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_1__from__skip': #v_I: Type0 -> {| i0: t_Iterator v_I |} -> t_Iterator (t_Skip v_I) + +unfold +let impl_1__from__skip (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) = + impl_1__from__skip' #v_I #i0 + [@@ FStar.Tactics.Typeclasses.tcinstance] assume val impl_1__from__step_by': #v_I: Type0 -> {| i0: t_Iterator v_I |} -> t_Iterator (t_StepBy v_I) @@ -282,8 +366,8 @@ class t_IteratorMethods (v_Self: Type0) = { f_fold_pre: #v_B: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (v_B & (_super_i0).f_Item) |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_B} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (v_B & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_B} -> v_Self -> v_B -> v_F @@ -291,8 +375,8 @@ class t_IteratorMethods (v_Self: Type0) = { f_fold_post: #v_B: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (v_B & (_super_i0).f_Item) |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_B} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (v_B & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_B} -> v_Self -> v_B -> v_F -> @@ -301,8 +385,8 @@ class t_IteratorMethods (v_Self: Type0) = { f_fold: #v_B: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (v_B & (_super_i0).f_Item) |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_B} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (v_B & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_B} -> x0: v_Self -> x1: v_B -> x2: v_F @@ -324,16 +408,16 @@ class t_IteratorMethods (v_Self: Type0) = { f_map_pre: #v_O: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_O} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_O} -> v_Self -> v_F -> Type0; f_map_post: #v_O: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_O} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_O} -> v_Self -> v_F -> t_Map v_Self v_F @@ -341,8 +425,8 @@ class t_IteratorMethods (v_Self: Type0) = { f_map: #v_O: Type0 -> #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == v_O} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_O} -> x0: v_Self -> x1: v_F -> Prims.Pure (t_Map v_Self v_F) @@ -350,23 +434,23 @@ class t_IteratorMethods (v_Self: Type0) = { (fun result -> f_map_post #v_O #v_F #i1 #_ x0 x1 result); f_all_pre: #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == bool} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> v_Self -> v_F -> Type0; f_all_post: #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == bool} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> v_Self -> v_F -> bool -> Type0; f_all: #v_F: Type0 -> - {| i1: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i1.Core_models.Ops.Function.f_Output == bool} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> x0: v_Self -> x1: v_F -> Prims.Pure bool @@ -380,8 +464,8 @@ class t_IteratorMethods (v_Self: Type0) = { #v_U: Type0 -> #v_F: Type0 -> {| i1: t_Iterator v_U |} -> - {| i2: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i2.Core_models.Ops.Function.f_Output == v_U} -> + {| i2: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U} -> v_Self -> v_F -> Type0; @@ -389,8 +473,8 @@ class t_IteratorMethods (v_Self: Type0) = { #v_U: Type0 -> #v_F: Type0 -> {| i1: t_Iterator v_U |} -> - {| i2: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i2.Core_models.Ops.Function.f_Output == v_U} -> + {| i2: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U} -> v_Self -> v_F -> t_FlatMap v_Self v_U v_F @@ -399,8 +483,8 @@ class t_IteratorMethods (v_Self: Type0) = { #v_U: Type0 -> #v_F: Type0 -> {| i1: t_Iterator v_U |} -> - {| i2: Core_models.Ops.Function.t_FnOnce v_F (_super_i0).f_Item |} -> - #_: unit{i2.Core_models.Ops.Function.f_Output == v_U} -> + {| i2: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i2._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U} -> x0: v_Self -> x1: v_F -> Prims.Pure (t_FlatMap v_Self v_U v_F) @@ -418,12 +502,502 @@ class t_IteratorMethods (v_Self: Type0) = { f_zip:#v_I2: Type0 -> {| i1: t_Iterator v_I2 |} -> x0: v_Self -> x1: v_I2 -> Prims.Pure (t_Zip v_Self v_I2) (f_zip_pre #v_I2 #i1 x0 x1) - (fun result -> f_zip_post #v_I2 #i1 x0 x1 result) + (fun result -> f_zip_post #v_I2 #i1 x0 x1 result); + f_filter_pre: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P + -> Type0; + f_filter_post: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P -> + t_Filter v_Self v_P + -> Type0; + f_filter: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + x0: v_Self -> + x1: v_P + -> Prims.Pure (t_Filter v_Self v_P) + (f_filter_pre #v_P #i1 #_ x0 x1) + (fun result -> f_filter_post #v_P #i1 #_ x0 x1 result); + f_chain_pre: + #v_U: Type0 -> + {| i1: t_Iterator v_U |} -> + #_: unit{i1.f_Item == (_super_i0).f_Item} -> + v_Self -> + v_U + -> Type0; + f_chain_post: + #v_U: Type0 -> + {| i1: t_Iterator v_U |} -> + #_: unit{i1.f_Item == (_super_i0).f_Item} -> + v_Self -> + v_U -> + t_Chain v_Self v_U + -> Type0; + f_chain: + #v_U: Type0 -> + {| i1: t_Iterator v_U |} -> + #_: unit{i1.f_Item == (_super_i0).f_Item} -> + x0: v_Self -> + x1: v_U + -> Prims.Pure (t_Chain v_Self v_U) + (f_chain_pre #v_U #i1 #_ x0 x1) + (fun result -> f_chain_post #v_U #i1 #_ x0 x1 result); + f_skip_pre:v_Self -> usize -> Type0; + f_skip_post:v_Self -> usize -> t_Skip v_Self -> Type0; + f_skip:x0: v_Self -> x1: usize + -> Prims.Pure (t_Skip v_Self) (f_skip_pre x0 x1) (fun result -> f_skip_post x0 x1 result); + f_any_pre: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_F + -> Type0; + f_any_post: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_F -> + bool + -> Type0; + f_any: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + x0: v_Self -> + x1: v_F + -> Prims.Pure bool + (f_any_pre #v_F #i1 #_ x0 x1) + (fun result -> f_any_post #v_F #i1 #_ x0 x1 result); + f_find_pre: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P + -> Type0; + f_find_post: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P -> + Core_models.Option.t_Option (_super_i0).f_Item + -> Type0; + f_find: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + x0: v_Self -> + x1: v_P + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_find_pre #v_P #i1 #_ x0 x1) + (fun result -> f_find_post #v_P #i1 #_ x0 x1 result); + f_find_map_pre: + #v_B: Type0 -> + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: + unit + { i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == + Core_models.Option.t_Option v_B } -> + v_Self -> + v_F + -> Type0; + f_find_map_post: + #v_B: Type0 -> + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: + unit + { i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == + Core_models.Option.t_Option v_B } -> + v_Self -> + v_F -> + Core_models.Option.t_Option v_B + -> Type0; + f_find_map: + #v_B: Type0 -> + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: + unit + { i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == + Core_models.Option.t_Option v_B } -> + x0: v_Self -> + x1: v_F + -> Prims.Pure (Core_models.Option.t_Option v_B) + (f_find_map_pre #v_B #v_F #i1 #_ x0 x1) + (fun result -> f_find_map_post #v_B #v_F #i1 #_ x0 x1 result); + f_position_pre: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P + -> Type0; + f_position_post: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + v_Self -> + v_P -> + Core_models.Option.t_Option usize + -> Type0; + f_position: + #v_P: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_P (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + x0: v_Self -> + x1: v_P + -> Prims.Pure (Core_models.Option.t_Option usize) + (f_position_pre #v_P #i1 #_ x0 x1) + (fun result -> f_position_post #v_P #i1 #_ x0 x1 result); + f_count_pre:v_Self -> Type0; + f_count_post:v_Self -> usize -> Type0; + f_count:x0: v_Self -> Prims.Pure usize (f_count_pre x0) (fun result -> f_count_post x0 result); + f_nth_pre:v_Self -> usize -> Type0; + f_nth_post:v_Self -> usize -> Core_models.Option.t_Option (_super_i0).f_Item -> Type0; + f_nth:x0: v_Self -> x1: usize + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_nth_pre x0 x1) + (fun result -> f_nth_post x0 x1 result); + f_last_pre:v_Self -> Type0; + f_last_post:v_Self -> Core_models.Option.t_Option (_super_i0).f_Item -> Type0; + f_last:x0: v_Self + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_last_pre x0) + (fun result -> f_last_post x0 result); + f_for_each_pre: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == Prims.unit} -> + v_Self -> + v_F + -> Type0; + f_for_each_post: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == Prims.unit} -> + v_Self -> + v_F -> + Prims.unit + -> Type0; + f_for_each: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F (_super_i0).f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == Prims.unit} -> + x0: v_Self -> + x1: v_F + -> Prims.Pure Prims.unit + (f_for_each_pre #v_F #i1 #_ x0 x1) + (fun result -> f_for_each_post #v_F #i1 #_ x0 x1 result); + f_reduce_pre: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F ((_super_i0).f_Item & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == (_super_i0).f_Item} -> + v_Self -> + v_F + -> Type0; + f_reduce_post: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F ((_super_i0).f_Item & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == (_super_i0).f_Item} -> + v_Self -> + v_F -> + Core_models.Option.t_Option (_super_i0).f_Item + -> Type0; + f_reduce: + #v_F: Type0 -> + {| i1: Core_models.Ops.Function.t_Fn v_F ((_super_i0).f_Item & (_super_i0).f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == (_super_i0).f_Item} -> + x0: v_Self -> + x1: v_F + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_reduce_pre #v_F #i1 #_ x0 x1) + (fun result -> f_reduce_post #v_F #i1 #_ x0 x1 result); + f_min_pre:{| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> v_Self -> Type0; + f_min_post: + {| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> + v_Self -> + Core_models.Option.t_Option (_super_i0).f_Item + -> Type0; + f_min:{| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> x0: v_Self + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_min_pre #i1 x0) + (fun result -> f_min_post #i1 x0 result); + f_max_pre:{| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> v_Self -> Type0; + f_max_post: + {| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> + v_Self -> + Core_models.Option.t_Option (_super_i0).f_Item + -> Type0; + f_max:{| i1: Core_models.Cmp.t_Ord (_super_i0).f_Item |} -> x0: v_Self + -> Prims.Pure (Core_models.Option.t_Option (_super_i0).f_Item) + (f_max_pre #i1 x0) + (fun result -> f_max_post #i1 x0 result); + f_collect_pre: + #v_B: Type0 -> + {| i1: Core_models.Iter.Traits.Collect.t_FromIterator v_B (_super_i0).f_Item |} -> + v_Self + -> Type0; + f_collect_post: + #v_B: Type0 -> + {| i1: Core_models.Iter.Traits.Collect.t_FromIterator v_B (_super_i0).f_Item |} -> + v_Self -> + v_B + -> Type0; + f_collect: + #v_B: Type0 -> + {| i1: Core_models.Iter.Traits.Collect.t_FromIterator v_B (_super_i0).f_Item |} -> + x0: v_Self + -> Prims.Pure v_B (f_collect_pre #v_B #i1 x0) (fun result -> f_collect_post #v_B #i1 x0 result) } [@@ FStar.Tactics.Typeclasses.tcinstance] let _ = fun (v_Self:Type0) {|i: t_IteratorMethods v_Self|} -> i._super_i0 +assume +val iter_fold': + #v_I: Type0 -> + #v_B: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (v_B & i0.f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_B} -> + iter: v_I -> + init: v_B -> + f: v_F + -> v_B + +unfold +let iter_fold + (#v_I #v_B #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Ops.Function.t_Fn v_F (v_B & i0.f_Item)) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_B}) + = iter_fold' #v_I #v_B #v_F #i0 #i1 #_ + +assume +val iter_all': + #v_I: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + iter: v_I -> + f: v_F + -> bool + +unfold +let iter_all + (#v_I #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool}) + = iter_all' #v_I #v_F #i0 #i1 #_ + +assume +val iter_any': + #v_I: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + iter: v_I -> + f: v_F + -> bool + +unfold +let iter_any + (#v_I #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool}) + = iter_any' #v_I #v_F #i0 #i1 #_ + +assume +val iter_find': + #v_I: Type0 -> + #v_P: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + iter: v_I -> + predicate: v_P + -> (v_I & Core_models.Option.t_Option i0.f_Item) + +unfold +let iter_find + (#v_I #v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool}) + = iter_find' #v_I #v_P #i0 #i1 #_ + +assume +val iter_find_map': + #v_I: Type0 -> + #v_B: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item |} -> + #_: + unit + { i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == + Core_models.Option.t_Option v_B } -> + iter: v_I -> + f: v_F + -> Core_models.Option.t_Option v_B + +unfold +let iter_find_map + (#v_I #v_B #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: + unit + { i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == + Core_models.Option.t_Option v_B }) + = iter_find_map' #v_I #v_B #v_F #i0 #i1 #_ + +assume +val iter_position': + #v_I: Type0 -> + #v_P: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool} -> + iter: v_I -> + predicate: v_P + -> Core_models.Option.t_Option usize + +unfold +let iter_position + (#v_I #v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == bool}) + = iter_position' #v_I #v_P #i0 #i1 #_ + +assume +val iter_count': #v_I: Type0 -> {| i0: t_Iterator v_I |} -> iter: v_I -> usize + +unfold +let iter_count (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) = + iter_count' #v_I #i0 + +assume +val iter_nth': #v_I: Type0 -> {| i0: t_Iterator v_I |} -> iter: v_I -> n: usize + -> Core_models.Option.t_Option i0.f_Item + +unfold +let iter_nth (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) = + iter_nth' #v_I #i0 + +assume +val iter_last': #v_I: Type0 -> {| i0: t_Iterator v_I |} -> iter: v_I + -> Core_models.Option.t_Option i0.f_Item + +unfold +let iter_last (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) = + iter_last' #v_I #i0 + +assume +val iter_for_each': + #v_I: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == Prims.unit} -> + iter: v_I -> + f: v_F + -> Prims.unit + +unfold +let iter_for_each + (#v_I #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == Prims.unit}) + = iter_for_each' #v_I #v_F #i0 #i1 #_ + +assume +val iter_reduce': + #v_I: Type0 -> + #v_F: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Ops.Function.t_Fn v_F (i0.f_Item & i0.f_Item) |} -> + #_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == i0.f_Item} -> + iter: v_I -> + f: v_F + -> Core_models.Option.t_Option i0.f_Item + +unfold +let iter_reduce + (#v_I #v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Ops.Function.t_Fn v_F (i0.f_Item & i0.f_Item)) + (#_: unit{i1._super_i0._super_i0.Core_models.Ops.Function.f_Output == i0.f_Item}) + = iter_reduce' #v_I #v_F #i0 #i1 #_ + +assume +val iter_min': + #v_I: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Cmp.t_Ord i0.f_Item |} -> + iter: v_I + -> Core_models.Option.t_Option i0.f_Item + +unfold +let iter_min + (#v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + = iter_min' #v_I #i0 #i1 + +assume +val iter_max': + #v_I: Type0 -> + {| i0: t_Iterator v_I |} -> + {| i1: Core_models.Cmp.t_Ord i0.f_Item |} -> + iter: v_I + -> Core_models.Option.t_Option i0.f_Item + +unfold +let iter_max + (#v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + = iter_max' #v_I #i0 #i1 + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1__from__iterator + (#v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) + : Core_models.Iter.Traits.Collect.t_IntoIterator v_I = + { + f_Item = i0.f_Item; + f_IntoIter = v_I; + f_into_iter_pre = (fun (self: v_I) -> true); + f_into_iter_post = (fun (self: v_I) (out: v_I) -> true); + f_into_iter = fun (self: v_I) -> self + } + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) : t_IteratorMethods v_I = @@ -436,7 +1010,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: - Core_models.Ops.Function.t_FnOnce v_F (v_B & i0.f_Item)) + Core_models.Ops.Function.t_Fn v_F (v_B & i0.f_Item)) (self: v_I) (init: v_B) (f: v_F) @@ -449,7 +1023,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: - Core_models.Ops.Function.t_FnOnce v_F (v_B & i0.f_Item)) + Core_models.Ops.Function.t_Fn v_F (v_B & i0.f_Item)) (self: v_I) (init: v_B) (f: v_F) @@ -463,15 +1037,15 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: - Core_models.Ops.Function.t_FnOnce v_F (v_B & i0.f_Item)) + Core_models.Ops.Function.t_Fn v_F (v_B & i0.f_Item)) (self: v_I) (init: v_B) (f: v_F) -> - init); + iter_fold #v_I #v_B #v_F self init f); f_enumerate_pre = (fun (self: v_I) -> true); f_enumerate_post = (fun (self: v_I) (out: t_Enumerate v_I) -> true); - f_enumerate = (fun (self: v_I) -> impl__new #v_I self); + f_enumerate = (fun (self: v_I) -> impl__new__from__enumerate #v_I self); f_step_by_pre = (fun (self: v_I) (step: usize) -> true); f_step_by_post = (fun (self: v_I) (step: usize) (out: t_StepBy v_I) -> true); f_step_by = (fun (self: v_I) (step: usize) -> impl__new__from__step_by #v_I self step); @@ -480,9 +1054,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (fun (#v_O: Type0) (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> @@ -492,9 +1064,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (fun (#v_O: Type0) (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) (out: t_Map v_I v_F) @@ -505,9 +1075,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (fun (#v_O: Type0) (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> @@ -516,9 +1084,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator = (fun (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> @@ -527,9 +1093,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator = (fun (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) (out: bool) @@ -539,13 +1103,11 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator = (fun (#v_F: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i1: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> - true); + iter_all #v_I #v_F self f); f_take_pre = (fun (self: v_I) (n: usize) -> true); f_take_post = (fun (self: v_I) (n: usize) (out: t_Take v_I) -> true); f_take = (fun (self: v_I) (n: usize) -> impl__new__from__take #v_I self n); @@ -555,9 +1117,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_U: Type0) (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> @@ -568,9 +1128,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_U: Type0) (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) (out: t_FlatMap v_I v_U v_F) @@ -582,9 +1140,7 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator (#v_U: Type0) (#v_F: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) - (#[FStar.Tactics.Typeclasses.tcresolve ()] - i2: - Core_models.Ops.Function.t_FnOnce v_F i0.f_Item) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i2: Core_models.Ops.Function.t_Fn v_F i0.f_Item) (self: v_I) (f: v_F) -> @@ -625,23 +1181,339 @@ let impl (#v_I: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator true); f_zip = + (fun + (#v_I2: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_I2) + (self: v_I) + (it2: v_I2) + -> + impl__new__from__zip #v_I #v_I2 self it2); + f_filter_pre + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + true); + f_filter_post + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + (out: t_Filter v_I v_P) + -> + true); + f_filter + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + impl__new__from__filter #v_I #v_P self predicate); + f_chain_pre + = + (fun + (#v_U: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) + (self: v_I) + (other: v_U) + -> + true); + f_chain_post + = + (fun + (#v_U: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) + (self: v_I) + (other: v_U) + (out: t_Chain v_I v_U) + -> + true); + f_chain + = + (fun + (#v_U: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_U) + (self: v_I) + (other: v_U) + -> + impl__new #v_I #v_U self other); + f_skip_pre = (fun (self: v_I) (n: usize) -> true); + f_skip_post = (fun (self: v_I) (n: usize) (out: t_Skip v_I) -> true); + f_skip = (fun (self: v_I) (n: usize) -> impl__new__from__skip #v_I self n); + f_any_pre + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + true); + f_any_post + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + (out: bool) + -> + true); + f_any + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + iter_any #v_I #v_F self f); + f_find_pre + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + true); + f_find_post + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + (out1: Core_models.Option.t_Option i0.f_Item) + -> + true); + f_find + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + let (tmp0: v_I), (out: Core_models.Option.t_Option i0.f_Item) = + iter_find #v_I #v_P self predicate + in + let self:v_I = tmp0 in + out); + f_find_map_pre + = + (fun + (#v_B: Type0) + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + true); + f_find_map_post + = + (fun + (#v_B: Type0) + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + (out: Core_models.Option.t_Option v_B) + -> + true); + f_find_map + = + (fun + (#v_B: Type0) + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + iter_find_map #v_I #v_B #v_F self f); + f_position_pre + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + true); + f_position_post + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + (out: Core_models.Option.t_Option usize) + -> + true); + f_position + = + (fun + (#v_P: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_P i0.f_Item) + (self: v_I) + (predicate: v_P) + -> + iter_position #v_I #v_P self predicate); + f_count_pre = (fun (self: v_I) -> true); + f_count_post = (fun (self: v_I) (out: usize) -> true); + f_count = (fun (self: v_I) -> iter_count #v_I self); + f_nth_pre = (fun (self: v_I) (n: usize) -> true); + f_nth_post = (fun (self: v_I) (n: usize) (out: Core_models.Option.t_Option i0.f_Item) -> true); + f_nth = (fun (self: v_I) (n: usize) -> iter_nth #v_I self n); + f_last_pre = (fun (self: v_I) -> true); + f_last_post = (fun (self: v_I) (out: Core_models.Option.t_Option i0.f_Item) -> true); + f_last = (fun (self: v_I) -> iter_last #v_I self); + f_for_each_pre + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + true); + f_for_each_post + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + (out: Prims.unit) + -> + true); + f_for_each + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Ops.Function.t_Fn v_F i0.f_Item) + (self: v_I) + (f: v_F) + -> + iter_for_each #v_I #v_F self f); + f_reduce_pre + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Ops.Function.t_Fn v_F (i0.f_Item & i0.f_Item)) + (self: v_I) + (f: v_F) + -> + true); + f_reduce_post + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Ops.Function.t_Fn v_F (i0.f_Item & i0.f_Item)) + (self: v_I) + (f: v_F) + (out: Core_models.Option.t_Option i0.f_Item) + -> + true); + f_reduce + = + (fun + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Ops.Function.t_Fn v_F (i0.f_Item & i0.f_Item)) + (self: v_I) + (f: v_F) + -> + iter_reduce #v_I #v_F self f); + f_min_pre + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + -> + true); + f_min_post + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + (out: Core_models.Option.t_Option i0.f_Item) + -> + true); + f_min + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + -> + iter_min #v_I self); + f_max_pre + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + -> + true); + f_max_post + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + (out: Core_models.Option.t_Option i0.f_Item) + -> + true); + f_max + = + (fun + (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: Core_models.Cmp.t_Ord i0.f_Item) + (self: v_I) + -> + iter_max #v_I self); + f_collect_pre + = + (fun + (#v_B: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Iter.Traits.Collect.t_FromIterator v_B i0.f_Item) + (self: v_I) + -> + true); + f_collect_post + = + (fun + (#v_B: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Iter.Traits.Collect.t_FromIterator v_B i0.f_Item) + (self: v_I) + (out: v_B) + -> + true); + f_collect + = fun - (#v_I2: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i1: t_Iterator v_I2) + (#v_B: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i1: + Core_models.Iter.Traits.Collect.t_FromIterator v_B i0.f_Item) (self: v_I) - (it2: v_I2) -> - impl__new__from__zip #v_I #v_I2 self it2 - } - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_1__from__iterator - (#v_I: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_Iterator v_I) - : Core_models.Iter.Traits.Collect.t_IntoIterator v_I = - { - f_IntoIter = v_I; - f_into_iter_pre = (fun (self: v_I) -> true); - f_into_iter_post = (fun (self: v_I) (out: v_I) -> true); - f_into_iter = fun (self: v_I) -> self + Core_models.Iter.Traits.Collect.f_from_iter #v_B + #i0.f_Item + #FStar.Tactics.Typeclasses.solve + #v_I + self } diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Collect.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Collect.fst index e6a021783..1f8a55388 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Collect.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Collect.fst @@ -3,7 +3,9 @@ module Core_models.Iter.Traits.Collect open FStar.Mul open Rust_primitives +/// See [`std::iter::IntoIterator`] class t_IntoIterator (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]f_Item:Type0; [@@@ FStar.Tactics.Typeclasses.no_method]f_IntoIter:Type0; f_into_iter_pre:v_Self -> Type0; f_into_iter_post:v_Self -> f_IntoIter -> Type0; @@ -11,6 +13,7 @@ class t_IntoIterator (v_Self: Type0) = { -> Prims.Pure f_IntoIter (f_into_iter_pre x0) (fun result -> f_into_iter_post x0 result) } +/// See [`std::iter::FromIterator`] class t_FromIterator (v_Self: Type0) (v_A: Type0) = { f_from_iter_pre:#v_T: Type0 -> {| i1: t_IntoIterator v_T |} -> iter: v_T -> pred: Type0{true ==> pred}; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Iterator.fst b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Iterator.fst index 30df8074f..15d454c5e 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Iterator.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Iter.Traits.Iterator.fst @@ -69,6 +69,122 @@ include Core_models.Iter.Bundle {f_zip_post as f_zip_post} include Core_models.Iter.Bundle {f_zip as f_zip} +include Core_models.Iter.Bundle {f_filter_pre as f_filter_pre} + +include Core_models.Iter.Bundle {f_filter_post as f_filter_post} + +include Core_models.Iter.Bundle {f_filter as f_filter} + +include Core_models.Iter.Bundle {f_chain_pre as f_chain_pre} + +include Core_models.Iter.Bundle {f_chain_post as f_chain_post} + +include Core_models.Iter.Bundle {f_chain as f_chain} + +include Core_models.Iter.Bundle {f_skip_pre as f_skip_pre} + +include Core_models.Iter.Bundle {f_skip_post as f_skip_post} + +include Core_models.Iter.Bundle {f_skip as f_skip} + +include Core_models.Iter.Bundle {f_any_pre as f_any_pre} + +include Core_models.Iter.Bundle {f_any_post as f_any_post} + +include Core_models.Iter.Bundle {f_any as f_any} + +include Core_models.Iter.Bundle {f_find_pre as f_find_pre} + +include Core_models.Iter.Bundle {f_find_post as f_find_post} + +include Core_models.Iter.Bundle {f_find as f_find} + +include Core_models.Iter.Bundle {f_find_map_pre as f_find_map_pre} + +include Core_models.Iter.Bundle {f_find_map_post as f_find_map_post} + +include Core_models.Iter.Bundle {f_find_map as f_find_map} + +include Core_models.Iter.Bundle {f_position_pre as f_position_pre} + +include Core_models.Iter.Bundle {f_position_post as f_position_post} + +include Core_models.Iter.Bundle {f_position as f_position} + +include Core_models.Iter.Bundle {f_count_pre as f_count_pre} + +include Core_models.Iter.Bundle {f_count_post as f_count_post} + +include Core_models.Iter.Bundle {f_count as f_count} + +include Core_models.Iter.Bundle {f_nth_pre as f_nth_pre} + +include Core_models.Iter.Bundle {f_nth_post as f_nth_post} + +include Core_models.Iter.Bundle {f_nth as f_nth} + +include Core_models.Iter.Bundle {f_last_pre as f_last_pre} + +include Core_models.Iter.Bundle {f_last_post as f_last_post} + +include Core_models.Iter.Bundle {f_last as f_last} + +include Core_models.Iter.Bundle {f_for_each_pre as f_for_each_pre} + +include Core_models.Iter.Bundle {f_for_each_post as f_for_each_post} + +include Core_models.Iter.Bundle {f_for_each as f_for_each} + +include Core_models.Iter.Bundle {f_reduce_pre as f_reduce_pre} + +include Core_models.Iter.Bundle {f_reduce_post as f_reduce_post} + +include Core_models.Iter.Bundle {f_reduce as f_reduce} + +include Core_models.Iter.Bundle {f_min_pre as f_min_pre} + +include Core_models.Iter.Bundle {f_min_post as f_min_post} + +include Core_models.Iter.Bundle {f_min as f_min} + +include Core_models.Iter.Bundle {f_max_pre as f_max_pre} + +include Core_models.Iter.Bundle {f_max_post as f_max_post} + +include Core_models.Iter.Bundle {f_max as f_max} + +include Core_models.Iter.Bundle {f_collect_pre as f_collect_pre} + +include Core_models.Iter.Bundle {f_collect_post as f_collect_post} + +include Core_models.Iter.Bundle {f_collect as f_collect} + +include Core_models.Iter.Bundle {iter_fold as iter_fold} + +include Core_models.Iter.Bundle {iter_all as iter_all} + +include Core_models.Iter.Bundle {iter_any as iter_any} + +include Core_models.Iter.Bundle {iter_find as iter_find} + +include Core_models.Iter.Bundle {iter_find_map as iter_find_map} + +include Core_models.Iter.Bundle {iter_position as iter_position} + +include Core_models.Iter.Bundle {iter_count as iter_count} + +include Core_models.Iter.Bundle {iter_nth as iter_nth} + +include Core_models.Iter.Bundle {iter_last as iter_last} + +include Core_models.Iter.Bundle {iter_for_each as iter_for_each} + +include Core_models.Iter.Bundle {iter_reduce as iter_reduce} + +include Core_models.Iter.Bundle {iter_min as iter_min} + +include Core_models.Iter.Bundle {iter_max as iter_max} + include Core_models.Iter.Bundle {impl as impl} include Core_models.Iter.Bundle {impl_1__from__iterator as impl_1} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Marker.fst b/hax-lib/proof-libs/fstar/core/Core_models.Marker.fst index 661de38c7..0239270be 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Marker.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Marker.fst @@ -3,6 +3,7 @@ module Core_models.Marker open FStar.Mul open Rust_primitives +/// See [`std::marker::Copy`] class t_Copy (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:Core_models.Clone.t_Clone v_Self } @@ -10,12 +11,16 @@ class t_Copy (v_Self: Type0) = { [@@ FStar.Tactics.Typeclasses.tcinstance] let _ = fun (v_Self:Type0) {|i: t_Copy v_Self|} -> i._super_i0 +/// See [`std::marker::Send`] class t_Send (v_Self: Type0) = { __marker_trait_t_Send:Prims.unit } +/// See [`std::marker::Sync`] class t_Sync (v_Self: Type0) = { __marker_trait_t_Sync:Prims.unit } +/// See [`std::marker::Sized`] class t_Sized (v_Self: Type0) = { __marker_trait_t_Sized:Prims.unit } +/// See [`std::marker::StructuralPartialEq`] class t_StructuralPartialEq (v_Self: Type0) = { __marker_trait_t_StructuralPartialEq:Prims.unit } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Mem.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Mem.fsti index 1a739591c..b4af45751 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Mem.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Mem.fsti @@ -3,50 +3,66 @@ module Core_models.Mem open FStar.Mul open Rust_primitives +/// See [`std::mem::forget`] val forget (#v_T: Type0) (t: v_T) : Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::forget_unsized`] val forget_unsized (#v_T: Type0) (t: v_T) : Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::size_of`] val size_of: #v_T: Type0 -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::size_of_val`] val size_of_val (#v_T: Type0) (v_val: v_T) : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::min_align_of`] val min_align_of: #v_T: Type0 -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::min_align_of_val`] val min_align_of_val (#v_T: Type0) (v_val: v_T) : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::align_of`] val align_of: #v_T: Type0 -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::align_of_val`] val align_of_val (#v_T: Type0) (v_val: v_T) : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::align_of_val_raw`] val align_of_val_raw (#v_T: Type0) (v_val: v_T) : Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::needs_drop`] val needs_drop: #v_T: Type0 -> Prims.unit -> Prims.Pure bool Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::uninitialized`] val uninitialized: #v_T: Type0 -> Prims.unit -> Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::swap`] val swap (#v_T: Type0) (x y: v_T) : Prims.Pure (v_T & v_T) Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::replace`] val replace (#v_T: Type0) (dest src: v_T) : Prims.Pure (v_T & v_T) Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::drop`] val drop (#v_T: Type0) (e_x: v_T) : Prims.Pure Prims.unit Prims.l_True (fun _ -> Prims.l_True) -val copy (#v_T: Type0) {| i0: Core_models.Marker.t_Copy v_T |} (x: v_T) - : Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) - +/// See [`std::mem::take`] val take (#v_T: Type0) (x: v_T) : Prims.Pure (v_T & v_T) Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::transmute_copy`] val transmute_copy (#v_Src #v_Dst: Type0) (src: v_Src) : Prims.Pure v_Dst Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::variant_count`] val variant_count: #v_T: Type0 -> Prims.unit -> Prims.Pure usize Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::zeroed`] val zeroed: #v_T: Type0 -> Prims.unit -> Prims.Pure v_T Prims.l_True (fun _ -> Prims.l_True) +/// See [`std::mem::transmute`] val transmute (#v_Src #v_Dst: Type0) (src: v_Src) : Prims.Pure v_Dst Prims.l_True (fun _ -> Prims.l_True) diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Num.Error.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Num.Error.fsti index a16758b01..f5e6a4db0 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Num.Error.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Num.Error.fsti @@ -3,8 +3,11 @@ module Core_models.Num.Error open FStar.Mul open Rust_primitives +/// See [`std::num::TryFromIntError`] type t_TryFromIntError = | TryFromIntError : Prims.unit -> t_TryFromIntError +/// See [`std::num::IntErrorKind`] type t_IntErrorKind = | IntErrorKind : t_IntErrorKind +/// See [`std::num::ParseIntError`] type t_ParseIntError = { f_kind:t_IntErrorKind } diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Num.fst b/hax-lib/proof-libs/fstar/core/Core_models.Num.fst index 88419248b..e0c08a843 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Num.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Num.fst @@ -3,19 +3,26 @@ module Core_models.Num open FStar.Mul open Rust_primitives +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_u8__MIN: u8 = mk_u8 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_u8__MAX: u8 = mk_u8 255 +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_u8__BITS: u32 = mk_u32 8 +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_u8__wrapping_add (x y: u8) : u8 = Rust_primitives.Arithmetic.wrapping_add_u8 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_u8__saturating_add (x y: u8) : u8 = Rust_primitives.Arithmetic.saturating_add_u8 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_u8__overflowing_add (x y: u8) : (u8 & bool) = Rust_primitives.Arithmetic.overflowing_add_u8 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_u8__checked_add (x y: u8) : Core_models.Option.t_Option u8 = if (Rust_primitives.Hax.Int.from_machine impl_u8__MIN <: Hax_lib.Int.t_Int) <= @@ -31,13 +38,17 @@ let impl_u8__checked_add (x y: u8) : Core_models.Option.t_Option u8 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option u8 else Core_models.Option.Option_None <: Core_models.Option.t_Option u8 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_u8__wrapping_sub (x y: u8) : u8 = Rust_primitives.Arithmetic.wrapping_sub_u8 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_u8__saturating_sub (x y: u8) : u8 = Rust_primitives.Arithmetic.saturating_sub_u8 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_u8__overflowing_sub (x y: u8) : (u8 & bool) = Rust_primitives.Arithmetic.overflowing_sub_u8 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_u8__checked_sub (x y: u8) : Core_models.Option.t_Option u8 = if (Rust_primitives.Hax.Int.from_machine impl_u8__MIN <: Hax_lib.Int.t_Int) <= @@ -53,13 +64,17 @@ let impl_u8__checked_sub (x y: u8) : Core_models.Option.t_Option u8 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option u8 else Core_models.Option.Option_None <: Core_models.Option.t_Option u8 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_u8__wrapping_mul (x y: u8) : u8 = Rust_primitives.Arithmetic.wrapping_mul_u8 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_u8__saturating_mul (x y: u8) : u8 = Rust_primitives.Arithmetic.saturating_mul_u8 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_u8__overflowing_mul (x y: u8) : (u8 & bool) = Rust_primitives.Arithmetic.overflowing_mul_u8 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_u8__checked_mul (x y: u8) : Core_models.Option.t_Option u8 = if (Rust_primitives.Hax.Int.from_machine impl_u8__MIN <: Hax_lib.Int.t_Int) <= @@ -75,34 +90,41 @@ let impl_u8__checked_mul (x y: u8) : Core_models.Option.t_Option u8 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option u8 else Core_models.Option.Option_None <: Core_models.Option.t_Option u8 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_u8__pow (x: u8) (exp: u32) : u8 = Rust_primitives.Arithmetic.pow_u8 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_u8__count_ones (x: u8) : u32 = Rust_primitives.Arithmetic.count_ones_u8 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_u8__rotate_right': x: u8 -> n: u32 -> u8 unfold let impl_u8__rotate_right = impl_u8__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_u8__rotate_left': x: u8 -> n: u32 -> u8 unfold let impl_u8__rotate_left = impl_u8__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_u8__leading_zeros': x: u8 -> u32 unfold let impl_u8__leading_zeros = impl_u8__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_u8__ilog2': x: u8 -> u32 unfold let impl_u8__ilog2 = impl_u8__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_u8__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result u8 Core_models.Num.Error.t_ParseIntError @@ -110,46 +132,74 @@ val impl_u8__from_str_radix': src: string -> radix: u32 unfold let impl_u8__from_str_radix = impl_u8__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_u8__from_be_bytes': bytes: t_Array u8 (mk_usize 1) -> u8 unfold let impl_u8__from_be_bytes = impl_u8__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_u8__from_le_bytes': bytes: t_Array u8 (mk_usize 1) -> u8 unfold let impl_u8__from_le_bytes = impl_u8__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_u8__to_be_bytes': bytes: u8 -> t_Array u8 (mk_usize 1) unfold let impl_u8__to_be_bytes = impl_u8__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_u8__to_le_bytes': bytes: u8 -> t_Array u8 (mk_usize 1) unfold let impl_u8__to_le_bytes = impl_u8__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_u8__checked_div (x y: u8) : Core_models.Option.t_Option u8 = + if y =. mk_u8 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u8 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option u8 + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_u8__checked_rem (x y: u8) : Core_models.Option.t_Option u8 = + if y =. mk_u8 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u8 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option u8 + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_u8__is_power_of_two (x: u8) : bool = + x <>. mk_u8 0 && (x &. (x -! mk_u8 1 <: u8) <: u8) =. mk_u8 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_u8__rem_euclid (x y: u8) : Prims.Pure u8 (requires y <>. mk_u8 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_u8 x y +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_u16__MIN: u16 = mk_u16 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_u16__MAX: u16 = mk_u16 65535 +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_u16__BITS: u32 = mk_u32 16 +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_u16__wrapping_add (x y: u16) : u16 = Rust_primitives.Arithmetic.wrapping_add_u16 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_u16__saturating_add (x y: u16) : u16 = Rust_primitives.Arithmetic.saturating_add_u16 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_u16__overflowing_add (x y: u16) : (u16 & bool) = Rust_primitives.Arithmetic.overflowing_add_u16 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_u16__checked_add (x y: u16) : Core_models.Option.t_Option u16 = if (Rust_primitives.Hax.Int.from_machine impl_u16__MIN <: Hax_lib.Int.t_Int) <= @@ -165,13 +215,17 @@ let impl_u16__checked_add (x y: u16) : Core_models.Option.t_Option u16 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option u16 else Core_models.Option.Option_None <: Core_models.Option.t_Option u16 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_u16__wrapping_sub (x y: u16) : u16 = Rust_primitives.Arithmetic.wrapping_sub_u16 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_u16__saturating_sub (x y: u16) : u16 = Rust_primitives.Arithmetic.saturating_sub_u16 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_u16__overflowing_sub (x y: u16) : (u16 & bool) = Rust_primitives.Arithmetic.overflowing_sub_u16 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_u16__checked_sub (x y: u16) : Core_models.Option.t_Option u16 = if (Rust_primitives.Hax.Int.from_machine impl_u16__MIN <: Hax_lib.Int.t_Int) <= @@ -187,13 +241,17 @@ let impl_u16__checked_sub (x y: u16) : Core_models.Option.t_Option u16 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option u16 else Core_models.Option.Option_None <: Core_models.Option.t_Option u16 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_u16__wrapping_mul (x y: u16) : u16 = Rust_primitives.Arithmetic.wrapping_mul_u16 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_u16__saturating_mul (x y: u16) : u16 = Rust_primitives.Arithmetic.saturating_mul_u16 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_u16__overflowing_mul (x y: u16) : (u16 & bool) = Rust_primitives.Arithmetic.overflowing_mul_u16 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_u16__checked_mul (x y: u16) : Core_models.Option.t_Option u16 = if (Rust_primitives.Hax.Int.from_machine impl_u16__MIN <: Hax_lib.Int.t_Int) <= @@ -209,34 +267,41 @@ let impl_u16__checked_mul (x y: u16) : Core_models.Option.t_Option u16 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option u16 else Core_models.Option.Option_None <: Core_models.Option.t_Option u16 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_u16__pow (x: u16) (exp: u32) : u16 = Rust_primitives.Arithmetic.pow_u16 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_u16__count_ones (x: u16) : u32 = Rust_primitives.Arithmetic.count_ones_u16 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_u16__rotate_right': x: u16 -> n: u32 -> u16 unfold let impl_u16__rotate_right = impl_u16__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_u16__rotate_left': x: u16 -> n: u32 -> u16 unfold let impl_u16__rotate_left = impl_u16__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_u16__leading_zeros': x: u16 -> u32 unfold let impl_u16__leading_zeros = impl_u16__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_u16__ilog2': x: u16 -> u32 unfold let impl_u16__ilog2 = impl_u16__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_u16__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result u16 Core_models.Num.Error.t_ParseIntError @@ -244,47 +309,75 @@ val impl_u16__from_str_radix': src: string -> radix: u32 unfold let impl_u16__from_str_radix = impl_u16__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_u16__from_be_bytes': bytes: t_Array u8 (mk_usize 2) -> u16 unfold let impl_u16__from_be_bytes = impl_u16__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_u16__from_le_bytes': bytes: t_Array u8 (mk_usize 2) -> u16 unfold let impl_u16__from_le_bytes = impl_u16__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_u16__to_be_bytes': bytes: u16 -> t_Array u8 (mk_usize 2) unfold let impl_u16__to_be_bytes = impl_u16__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_u16__to_le_bytes': bytes: u16 -> t_Array u8 (mk_usize 2) unfold let impl_u16__to_le_bytes = impl_u16__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_u16__checked_div (x y: u16) : Core_models.Option.t_Option u16 = + if y =. mk_u16 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u16 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option u16 + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_u16__checked_rem (x y: u16) : Core_models.Option.t_Option u16 = + if y =. mk_u16 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u16 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option u16 + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_u16__is_power_of_two (x: u16) : bool = + x <>. mk_u16 0 && (x &. (x -! mk_u16 1 <: u16) <: u16) =. mk_u16 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_u16__rem_euclid (x y: u16) : Prims.Pure u16 (requires y <>. mk_u16 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_u16 x y +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_u32__MIN: u32 = mk_u32 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_u32__MAX: u32 = mk_u32 4294967295 +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_u32__BITS: u32 = mk_u32 32 +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_u32__wrapping_add (x y: u32) : u32 = Rust_primitives.Arithmetic.wrapping_add_u32 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_u32__saturating_add (x y: u32) : u32 = Rust_primitives.Arithmetic.saturating_add_u32 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_u32__overflowing_add (x y: u32) : (u32 & bool) = Rust_primitives.Arithmetic.overflowing_add_u32 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_u32__checked_add (x y: u32) : Core_models.Option.t_Option u32 = if (Rust_primitives.Hax.Int.from_machine impl_u32__MIN <: Hax_lib.Int.t_Int) <= @@ -300,13 +393,17 @@ let impl_u32__checked_add (x y: u32) : Core_models.Option.t_Option u32 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option u32 else Core_models.Option.Option_None <: Core_models.Option.t_Option u32 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_u32__wrapping_sub (x y: u32) : u32 = Rust_primitives.Arithmetic.wrapping_sub_u32 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_u32__saturating_sub (x y: u32) : u32 = Rust_primitives.Arithmetic.saturating_sub_u32 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_u32__overflowing_sub (x y: u32) : (u32 & bool) = Rust_primitives.Arithmetic.overflowing_sub_u32 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_u32__checked_sub (x y: u32) : Core_models.Option.t_Option u32 = if (Rust_primitives.Hax.Int.from_machine impl_u32__MIN <: Hax_lib.Int.t_Int) <= @@ -322,13 +419,17 @@ let impl_u32__checked_sub (x y: u32) : Core_models.Option.t_Option u32 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option u32 else Core_models.Option.Option_None <: Core_models.Option.t_Option u32 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_u32__wrapping_mul (x y: u32) : u32 = Rust_primitives.Arithmetic.wrapping_mul_u32 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_u32__saturating_mul (x y: u32) : u32 = Rust_primitives.Arithmetic.saturating_mul_u32 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_u32__overflowing_mul (x y: u32) : (u32 & bool) = Rust_primitives.Arithmetic.overflowing_mul_u32 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_u32__checked_mul (x y: u32) : Core_models.Option.t_Option u32 = if (Rust_primitives.Hax.Int.from_machine impl_u32__MIN <: Hax_lib.Int.t_Int) <= @@ -344,34 +445,41 @@ let impl_u32__checked_mul (x y: u32) : Core_models.Option.t_Option u32 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option u32 else Core_models.Option.Option_None <: Core_models.Option.t_Option u32 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_u32__pow (x exp: u32) : u32 = Rust_primitives.Arithmetic.pow_u32 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_u32__count_ones (x: u32) : u32 = Rust_primitives.Arithmetic.count_ones_u32 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_u32__rotate_right': x: u32 -> n: u32 -> u32 unfold let impl_u32__rotate_right = impl_u32__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_u32__rotate_left': x: u32 -> n: u32 -> u32 unfold let impl_u32__rotate_left = impl_u32__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_u32__leading_zeros': x: u32 -> u32 unfold let impl_u32__leading_zeros = impl_u32__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_u32__ilog2': x: u32 -> u32 unfold let impl_u32__ilog2 = impl_u32__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_u32__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result u32 Core_models.Num.Error.t_ParseIntError @@ -379,47 +487,75 @@ val impl_u32__from_str_radix': src: string -> radix: u32 unfold let impl_u32__from_str_radix = impl_u32__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_u32__from_be_bytes': bytes: t_Array u8 (mk_usize 4) -> u32 unfold let impl_u32__from_be_bytes = impl_u32__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_u32__from_le_bytes': bytes: t_Array u8 (mk_usize 4) -> u32 unfold let impl_u32__from_le_bytes = impl_u32__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_u32__to_be_bytes': bytes: u32 -> t_Array u8 (mk_usize 4) unfold let impl_u32__to_be_bytes = impl_u32__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_u32__to_le_bytes': bytes: u32 -> t_Array u8 (mk_usize 4) unfold let impl_u32__to_le_bytes = impl_u32__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_u32__checked_div (x y: u32) : Core_models.Option.t_Option u32 = + if y =. mk_u32 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u32 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option u32 + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_u32__checked_rem (x y: u32) : Core_models.Option.t_Option u32 = + if y =. mk_u32 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u32 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option u32 + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_u32__is_power_of_two (x: u32) : bool = + x <>. mk_u32 0 && (x &. (x -! mk_u32 1 <: u32) <: u32) =. mk_u32 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_u32__rem_euclid (x y: u32) : Prims.Pure u32 (requires y <>. mk_u32 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_u32 x y +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_u64__MIN: u64 = mk_u64 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_u64__MAX: u64 = mk_u64 18446744073709551615 +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_u64__BITS: u32 = mk_u32 64 +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_u64__wrapping_add (x y: u64) : u64 = Rust_primitives.Arithmetic.wrapping_add_u64 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_u64__saturating_add (x y: u64) : u64 = Rust_primitives.Arithmetic.saturating_add_u64 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_u64__overflowing_add (x y: u64) : (u64 & bool) = Rust_primitives.Arithmetic.overflowing_add_u64 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_u64__checked_add (x y: u64) : Core_models.Option.t_Option u64 = if (Rust_primitives.Hax.Int.from_machine impl_u64__MIN <: Hax_lib.Int.t_Int) <= @@ -435,13 +571,17 @@ let impl_u64__checked_add (x y: u64) : Core_models.Option.t_Option u64 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option u64 else Core_models.Option.Option_None <: Core_models.Option.t_Option u64 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_u64__wrapping_sub (x y: u64) : u64 = Rust_primitives.Arithmetic.wrapping_sub_u64 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_u64__saturating_sub (x y: u64) : u64 = Rust_primitives.Arithmetic.saturating_sub_u64 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_u64__overflowing_sub (x y: u64) : (u64 & bool) = Rust_primitives.Arithmetic.overflowing_sub_u64 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_u64__checked_sub (x y: u64) : Core_models.Option.t_Option u64 = if (Rust_primitives.Hax.Int.from_machine impl_u64__MIN <: Hax_lib.Int.t_Int) <= @@ -457,13 +597,17 @@ let impl_u64__checked_sub (x y: u64) : Core_models.Option.t_Option u64 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option u64 else Core_models.Option.Option_None <: Core_models.Option.t_Option u64 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_u64__wrapping_mul (x y: u64) : u64 = Rust_primitives.Arithmetic.wrapping_mul_u64 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_u64__saturating_mul (x y: u64) : u64 = Rust_primitives.Arithmetic.saturating_mul_u64 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_u64__overflowing_mul (x y: u64) : (u64 & bool) = Rust_primitives.Arithmetic.overflowing_mul_u64 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_u64__checked_mul (x y: u64) : Core_models.Option.t_Option u64 = if (Rust_primitives.Hax.Int.from_machine impl_u64__MIN <: Hax_lib.Int.t_Int) <= @@ -479,34 +623,41 @@ let impl_u64__checked_mul (x y: u64) : Core_models.Option.t_Option u64 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option u64 else Core_models.Option.Option_None <: Core_models.Option.t_Option u64 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_u64__pow (x: u64) (exp: u32) : u64 = Rust_primitives.Arithmetic.pow_u64 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_u64__count_ones (x: u64) : u32 = Rust_primitives.Arithmetic.count_ones_u64 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_u64__rotate_right': x: u64 -> n: u32 -> u64 unfold let impl_u64__rotate_right = impl_u64__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_u64__rotate_left': x: u64 -> n: u32 -> u64 unfold let impl_u64__rotate_left = impl_u64__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_u64__leading_zeros': x: u64 -> u32 unfold let impl_u64__leading_zeros = impl_u64__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_u64__ilog2': x: u64 -> u32 unfold let impl_u64__ilog2 = impl_u64__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_u64__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result u64 Core_models.Num.Error.t_ParseIntError @@ -514,48 +665,76 @@ val impl_u64__from_str_radix': src: string -> radix: u32 unfold let impl_u64__from_str_radix = impl_u64__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_u64__from_be_bytes': bytes: t_Array u8 (mk_usize 8) -> u64 unfold let impl_u64__from_be_bytes = impl_u64__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_u64__from_le_bytes': bytes: t_Array u8 (mk_usize 8) -> u64 unfold let impl_u64__from_le_bytes = impl_u64__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_u64__to_be_bytes': bytes: u64 -> t_Array u8 (mk_usize 8) unfold let impl_u64__to_be_bytes = impl_u64__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_u64__to_le_bytes': bytes: u64 -> t_Array u8 (mk_usize 8) unfold let impl_u64__to_le_bytes = impl_u64__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_u64__checked_div (x y: u64) : Core_models.Option.t_Option u64 = + if y =. mk_u64 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u64 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option u64 + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_u64__checked_rem (x y: u64) : Core_models.Option.t_Option u64 = + if y =. mk_u64 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u64 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option u64 + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_u64__is_power_of_two (x: u64) : bool = + x <>. mk_u64 0 && (x &. (x -! mk_u64 1 <: u64) <: u64) =. mk_u64 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_u64__rem_euclid (x y: u64) : Prims.Pure u64 (requires y <>. mk_u64 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_u64 x y +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_u128__MIN: u128 = mk_u128 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_u128__MAX: u128 = mk_u128 340282366920938463463374607431768211455 +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_u128__BITS: u32 = mk_u32 128 +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_u128__wrapping_add (x y: u128) : u128 = Rust_primitives.Arithmetic.wrapping_add_u128 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_u128__saturating_add (x y: u128) : u128 = Rust_primitives.Arithmetic.saturating_add_u128 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_u128__overflowing_add (x y: u128) : (u128 & bool) = Rust_primitives.Arithmetic.overflowing_add_u128 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_u128__checked_add (x y: u128) : Core_models.Option.t_Option u128 = if (Rust_primitives.Hax.Int.from_machine impl_u128__MIN <: Hax_lib.Int.t_Int) <= @@ -571,14 +750,18 @@ let impl_u128__checked_add (x y: u128) : Core_models.Option.t_Option u128 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option u128 else Core_models.Option.Option_None <: Core_models.Option.t_Option u128 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_u128__wrapping_sub (x y: u128) : u128 = Rust_primitives.Arithmetic.wrapping_sub_u128 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_u128__saturating_sub (x y: u128) : u128 = Rust_primitives.Arithmetic.saturating_sub_u128 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_u128__overflowing_sub (x y: u128) : (u128 & bool) = Rust_primitives.Arithmetic.overflowing_sub_u128 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_u128__checked_sub (x y: u128) : Core_models.Option.t_Option u128 = if (Rust_primitives.Hax.Int.from_machine impl_u128__MIN <: Hax_lib.Int.t_Int) <= @@ -594,14 +777,18 @@ let impl_u128__checked_sub (x y: u128) : Core_models.Option.t_Option u128 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option u128 else Core_models.Option.Option_None <: Core_models.Option.t_Option u128 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_u128__wrapping_mul (x y: u128) : u128 = Rust_primitives.Arithmetic.wrapping_mul_u128 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_u128__saturating_mul (x y: u128) : u128 = Rust_primitives.Arithmetic.saturating_mul_u128 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_u128__overflowing_mul (x y: u128) : (u128 & bool) = Rust_primitives.Arithmetic.overflowing_mul_u128 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_u128__checked_mul (x y: u128) : Core_models.Option.t_Option u128 = if (Rust_primitives.Hax.Int.from_machine impl_u128__MIN <: Hax_lib.Int.t_Int) <= @@ -617,34 +804,41 @@ let impl_u128__checked_mul (x y: u128) : Core_models.Option.t_Option u128 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option u128 else Core_models.Option.Option_None <: Core_models.Option.t_Option u128 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_u128__pow (x: u128) (exp: u32) : u128 = Rust_primitives.Arithmetic.pow_u128 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_u128__count_ones (x: u128) : u32 = Rust_primitives.Arithmetic.count_ones_u128 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_u128__rotate_right': x: u128 -> n: u32 -> u128 unfold let impl_u128__rotate_right = impl_u128__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_u128__rotate_left': x: u128 -> n: u32 -> u128 unfold let impl_u128__rotate_left = impl_u128__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_u128__leading_zeros': x: u128 -> u32 unfold let impl_u128__leading_zeros = impl_u128__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_u128__ilog2': x: u128 -> u32 unfold let impl_u128__ilog2 = impl_u128__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_u128__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result u128 Core_models.Num.Error.t_ParseIntError @@ -652,49 +846,77 @@ val impl_u128__from_str_radix': src: string -> radix: u32 unfold let impl_u128__from_str_radix = impl_u128__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_u128__from_be_bytes': bytes: t_Array u8 (mk_usize 16) -> u128 unfold let impl_u128__from_be_bytes = impl_u128__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_u128__from_le_bytes': bytes: t_Array u8 (mk_usize 16) -> u128 unfold let impl_u128__from_le_bytes = impl_u128__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_u128__to_be_bytes': bytes: u128 -> t_Array u8 (mk_usize 16) unfold let impl_u128__to_be_bytes = impl_u128__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_u128__to_le_bytes': bytes: u128 -> t_Array u8 (mk_usize 16) unfold let impl_u128__to_le_bytes = impl_u128__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_u128__checked_div (x y: u128) : Core_models.Option.t_Option u128 = + if y =. mk_u128 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u128 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option u128 + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_u128__checked_rem (x y: u128) : Core_models.Option.t_Option u128 = + if y =. mk_u128 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option u128 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option u128 + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_u128__is_power_of_two (x: u128) : bool = + x <>. mk_u128 0 && (x &. (x -! mk_u128 1 <: u128) <: u128) =. mk_u128 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_u128__rem_euclid (x y: u128) : Prims.Pure u128 (requires y <>. mk_u128 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_u128 x y +/// See [`std::primitive::u8::MIN`] (and similar for other unsigned integer types) let impl_usize__MIN: usize = mk_usize 0 +/// See [`std::primitive::u8::MAX`] (and similar for other unsigned integer types) let impl_usize__MAX: usize = Rust_primitives.Arithmetic.v_USIZE_MAX +/// See [`std::primitive::u8::BITS`] (and similar for other unsigned integer types) let impl_usize__BITS: u32 = Rust_primitives.Arithmetic.v_SIZE_BITS +/// See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) let impl_usize__wrapping_add (x y: usize) : usize = Rust_primitives.Arithmetic.wrapping_add_usize x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_usize__saturating_add (x y: usize) : usize = Rust_primitives.Arithmetic.saturating_add_usize x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_usize__overflowing_add (x y: usize) : (usize & bool) = Rust_primitives.Arithmetic.overflowing_add_usize x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_usize__checked_add (x y: usize) : Core_models.Option.t_Option usize = if (Rust_primitives.Hax.Int.from_machine impl_usize__MIN <: Hax_lib.Int.t_Int) <= @@ -710,15 +932,19 @@ let impl_usize__checked_add (x y: usize) : Core_models.Option.t_Option usize = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option usize else Core_models.Option.Option_None <: Core_models.Option.t_Option usize +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_usize__wrapping_sub (x y: usize) : usize = Rust_primitives.Arithmetic.wrapping_sub_usize x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_usize__saturating_sub (x y: usize) : usize = Rust_primitives.Arithmetic.saturating_sub_usize x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_usize__overflowing_sub (x y: usize) : (usize & bool) = Rust_primitives.Arithmetic.overflowing_sub_usize x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_usize__checked_sub (x y: usize) : Core_models.Option.t_Option usize = if (Rust_primitives.Hax.Int.from_machine impl_usize__MIN <: Hax_lib.Int.t_Int) <= @@ -734,15 +960,19 @@ let impl_usize__checked_sub (x y: usize) : Core_models.Option.t_Option usize = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option usize else Core_models.Option.Option_None <: Core_models.Option.t_Option usize +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_usize__wrapping_mul (x y: usize) : usize = Rust_primitives.Arithmetic.wrapping_mul_usize x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_usize__saturating_mul (x y: usize) : usize = Rust_primitives.Arithmetic.saturating_mul_usize x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_usize__overflowing_mul (x y: usize) : (usize & bool) = Rust_primitives.Arithmetic.overflowing_mul_usize x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_usize__checked_mul (x y: usize) : Core_models.Option.t_Option usize = if (Rust_primitives.Hax.Int.from_machine impl_usize__MIN <: Hax_lib.Int.t_Int) <= @@ -758,34 +988,41 @@ let impl_usize__checked_mul (x y: usize) : Core_models.Option.t_Option usize = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option usize else Core_models.Option.Option_None <: Core_models.Option.t_Option usize +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_usize__pow (x: usize) (exp: u32) : usize = Rust_primitives.Arithmetic.pow_usize x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_usize__count_ones (x: usize) : u32 = Rust_primitives.Arithmetic.count_ones_usize x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_usize__rotate_right': x: usize -> n: u32 -> usize unfold let impl_usize__rotate_right = impl_usize__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_usize__rotate_left': x: usize -> n: u32 -> usize unfold let impl_usize__rotate_left = impl_usize__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_usize__leading_zeros': x: usize -> u32 unfold let impl_usize__leading_zeros = impl_usize__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_usize__ilog2': x: usize -> u32 unfold let impl_usize__ilog2 = impl_usize__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_usize__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result usize Core_models.Num.Error.t_ParseIntError @@ -793,47 +1030,74 @@ val impl_usize__from_str_radix': src: string -> radix: u32 unfold let impl_usize__from_str_radix = impl_usize__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_usize__from_be_bytes': bytes: t_Array u8 (mk_usize 8) -> usize unfold let impl_usize__from_be_bytes = impl_usize__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_usize__from_le_bytes': bytes: t_Array u8 (mk_usize 8) -> usize unfold let impl_usize__from_le_bytes = impl_usize__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_usize__to_be_bytes': bytes: usize -> t_Array u8 (mk_usize 8) unfold let impl_usize__to_be_bytes = impl_usize__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_usize__to_le_bytes': bytes: usize -> t_Array u8 (mk_usize 8) unfold let impl_usize__to_le_bytes = impl_usize__to_le_bytes' +/// See [`std::primitive::u8::checked_div`] (and similar for other integer types) +let impl_usize__checked_div (x y: usize) : Core_models.Option.t_Option usize = + if y =. mk_usize 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option usize + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option usize + +/// See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +let impl_usize__checked_rem (x y: usize) : Core_models.Option.t_Option usize = + if y =. mk_usize 0 + then Core_models.Option.Option_None <: Core_models.Option.t_Option usize + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option usize + +/// See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +let impl_usize__is_power_of_two (x: usize) : bool = + x <>. mk_usize 0 && (x &. (x -! mk_usize 1 <: usize) <: usize) =. mk_usize 0 + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_usize__rem_euclid (x y: usize) : Prims.Pure usize (requires y <>. mk_usize 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_usize x y +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_i8__MIN: i8 = mk_i8 (-128) +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_i8__MAX: i8 = mk_i8 127 +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_i8__BITS: u32 = mk_u32 8 let impl_i8__wrapping_add (x y: i8) : i8 = Rust_primitives.Arithmetic.wrapping_add_i8 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_i8__saturating_add (x y: i8) : i8 = Rust_primitives.Arithmetic.saturating_add_i8 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_i8__overflowing_add (x y: i8) : (i8 & bool) = Rust_primitives.Arithmetic.overflowing_add_i8 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_i8__checked_add (x y: i8) : Core_models.Option.t_Option i8 = if (Rust_primitives.Hax.Int.from_machine impl_i8__MIN <: Hax_lib.Int.t_Int) <= @@ -849,13 +1113,17 @@ let impl_i8__checked_add (x y: i8) : Core_models.Option.t_Option i8 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option i8 else Core_models.Option.Option_None <: Core_models.Option.t_Option i8 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_i8__wrapping_sub (x y: i8) : i8 = Rust_primitives.Arithmetic.wrapping_sub_i8 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_i8__saturating_sub (x y: i8) : i8 = Rust_primitives.Arithmetic.saturating_sub_i8 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_i8__overflowing_sub (x y: i8) : (i8 & bool) = Rust_primitives.Arithmetic.overflowing_sub_i8 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_i8__checked_sub (x y: i8) : Core_models.Option.t_Option i8 = if (Rust_primitives.Hax.Int.from_machine impl_i8__MIN <: Hax_lib.Int.t_Int) <= @@ -871,13 +1139,17 @@ let impl_i8__checked_sub (x y: i8) : Core_models.Option.t_Option i8 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option i8 else Core_models.Option.Option_None <: Core_models.Option.t_Option i8 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_i8__wrapping_mul (x y: i8) : i8 = Rust_primitives.Arithmetic.wrapping_mul_i8 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_i8__saturating_mul (x y: i8) : i8 = Rust_primitives.Arithmetic.saturating_mul_i8 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_i8__overflowing_mul (x y: i8) : (i8 & bool) = Rust_primitives.Arithmetic.overflowing_mul_i8 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_i8__checked_mul (x y: i8) : Core_models.Option.t_Option i8 = if (Rust_primitives.Hax.Int.from_machine impl_i8__MIN <: Hax_lib.Int.t_Int) <= @@ -893,34 +1165,41 @@ let impl_i8__checked_mul (x y: i8) : Core_models.Option.t_Option i8 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option i8 else Core_models.Option.Option_None <: Core_models.Option.t_Option i8 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_i8__pow (x: i8) (exp: u32) : i8 = Rust_primitives.Arithmetic.pow_i8 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_i8__count_ones (x: i8) : u32 = Rust_primitives.Arithmetic.count_ones_i8 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_i8__rotate_right': x: i8 -> n: u32 -> i8 unfold let impl_i8__rotate_right = impl_i8__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_i8__rotate_left': x: i8 -> n: u32 -> i8 unfold let impl_i8__rotate_left = impl_i8__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_i8__leading_zeros': x: i8 -> u32 unfold let impl_i8__leading_zeros = impl_i8__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_i8__ilog2': x: i8 -> u32 unfold let impl_i8__ilog2 = impl_i8__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_i8__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result i8 Core_models.Num.Error.t_ParseIntError @@ -928,49 +1207,77 @@ val impl_i8__from_str_radix': src: string -> radix: u32 unfold let impl_i8__from_str_radix = impl_i8__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_i8__from_be_bytes': bytes: t_Array u8 (mk_usize 1) -> i8 unfold let impl_i8__from_be_bytes = impl_i8__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_i8__from_le_bytes': bytes: t_Array u8 (mk_usize 1) -> i8 unfold let impl_i8__from_le_bytes = impl_i8__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_i8__to_be_bytes': bytes: i8 -> t_Array u8 (mk_usize 1) unfold let impl_i8__to_be_bytes = impl_i8__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_i8__to_le_bytes': bytes: i8 -> t_Array u8 (mk_usize 1) unfold let impl_i8__to_le_bytes = impl_i8__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_i8__checked_div (x y: i8) : Core_models.Option.t_Option i8 = + if y =. mk_i8 0 || x =. impl_i8__MIN && y =. mk_i8 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i8 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option i8 + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_i8__checked_rem (x y: i8) : Core_models.Option.t_Option i8 = + if y =. mk_i8 0 || x =. impl_i8__MIN && y =. mk_i8 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i8 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option i8 + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_i8__signum (x: i8) : i8 = + if x >. mk_i8 0 then mk_i8 1 else if x =. mk_i8 0 then mk_i8 0 else mk_i8 (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_i8__rem_euclid (x y: i8) : Prims.Pure i8 (requires y <>. mk_i8 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_i8 x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_i8__abs (x: i8) : Prims.Pure i8 (requires x >. impl_i8__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_i8 x +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_i16__MIN: i16 = mk_i16 (-32768) +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_i16__MAX: i16 = mk_i16 32767 +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_i16__BITS: u32 = mk_u32 16 let impl_i16__wrapping_add (x y: i16) : i16 = Rust_primitives.Arithmetic.wrapping_add_i16 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_i16__saturating_add (x y: i16) : i16 = Rust_primitives.Arithmetic.saturating_add_i16 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_i16__overflowing_add (x y: i16) : (i16 & bool) = Rust_primitives.Arithmetic.overflowing_add_i16 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_i16__checked_add (x y: i16) : Core_models.Option.t_Option i16 = if (Rust_primitives.Hax.Int.from_machine impl_i16__MIN <: Hax_lib.Int.t_Int) <= @@ -986,13 +1293,17 @@ let impl_i16__checked_add (x y: i16) : Core_models.Option.t_Option i16 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option i16 else Core_models.Option.Option_None <: Core_models.Option.t_Option i16 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_i16__wrapping_sub (x y: i16) : i16 = Rust_primitives.Arithmetic.wrapping_sub_i16 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_i16__saturating_sub (x y: i16) : i16 = Rust_primitives.Arithmetic.saturating_sub_i16 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_i16__overflowing_sub (x y: i16) : (i16 & bool) = Rust_primitives.Arithmetic.overflowing_sub_i16 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_i16__checked_sub (x y: i16) : Core_models.Option.t_Option i16 = if (Rust_primitives.Hax.Int.from_machine impl_i16__MIN <: Hax_lib.Int.t_Int) <= @@ -1008,13 +1319,17 @@ let impl_i16__checked_sub (x y: i16) : Core_models.Option.t_Option i16 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option i16 else Core_models.Option.Option_None <: Core_models.Option.t_Option i16 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_i16__wrapping_mul (x y: i16) : i16 = Rust_primitives.Arithmetic.wrapping_mul_i16 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_i16__saturating_mul (x y: i16) : i16 = Rust_primitives.Arithmetic.saturating_mul_i16 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_i16__overflowing_mul (x y: i16) : (i16 & bool) = Rust_primitives.Arithmetic.overflowing_mul_i16 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_i16__checked_mul (x y: i16) : Core_models.Option.t_Option i16 = if (Rust_primitives.Hax.Int.from_machine impl_i16__MIN <: Hax_lib.Int.t_Int) <= @@ -1030,34 +1345,41 @@ let impl_i16__checked_mul (x y: i16) : Core_models.Option.t_Option i16 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option i16 else Core_models.Option.Option_None <: Core_models.Option.t_Option i16 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_i16__pow (x: i16) (exp: u32) : i16 = Rust_primitives.Arithmetic.pow_i16 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_i16__count_ones (x: i16) : u32 = Rust_primitives.Arithmetic.count_ones_i16 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_i16__rotate_right': x: i16 -> n: u32 -> i16 unfold let impl_i16__rotate_right = impl_i16__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_i16__rotate_left': x: i16 -> n: u32 -> i16 unfold let impl_i16__rotate_left = impl_i16__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_i16__leading_zeros': x: i16 -> u32 unfold let impl_i16__leading_zeros = impl_i16__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_i16__ilog2': x: i16 -> u32 unfold let impl_i16__ilog2 = impl_i16__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_i16__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result i16 Core_models.Num.Error.t_ParseIntError @@ -1065,50 +1387,78 @@ val impl_i16__from_str_radix': src: string -> radix: u32 unfold let impl_i16__from_str_radix = impl_i16__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_i16__from_be_bytes': bytes: t_Array u8 (mk_usize 2) -> i16 unfold let impl_i16__from_be_bytes = impl_i16__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_i16__from_le_bytes': bytes: t_Array u8 (mk_usize 2) -> i16 unfold let impl_i16__from_le_bytes = impl_i16__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_i16__to_be_bytes': bytes: i16 -> t_Array u8 (mk_usize 2) unfold let impl_i16__to_be_bytes = impl_i16__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_i16__to_le_bytes': bytes: i16 -> t_Array u8 (mk_usize 2) unfold let impl_i16__to_le_bytes = impl_i16__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_i16__checked_div (x y: i16) : Core_models.Option.t_Option i16 = + if y =. mk_i16 0 || x =. impl_i16__MIN && y =. mk_i16 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i16 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option i16 + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_i16__checked_rem (x y: i16) : Core_models.Option.t_Option i16 = + if y =. mk_i16 0 || x =. impl_i16__MIN && y =. mk_i16 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i16 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option i16 + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_i16__signum (x: i16) : i16 = + if x >. mk_i16 0 then mk_i16 1 else if x =. mk_i16 0 then mk_i16 0 else mk_i16 (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_i16__rem_euclid (x y: i16) : Prims.Pure i16 (requires y <>. mk_i16 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_i16 x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_i16__abs (x: i16) : Prims.Pure i16 (requires x >. impl_i16__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_i16 x +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_i32__MIN: i32 = mk_i32 (-2147483648) +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_i32__MAX: i32 = mk_i32 2147483647 +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_i32__BITS: u32 = mk_u32 32 let impl_i32__wrapping_add (x y: i32) : i32 = Rust_primitives.Arithmetic.wrapping_add_i32 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_i32__saturating_add (x y: i32) : i32 = Rust_primitives.Arithmetic.saturating_add_i32 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_i32__overflowing_add (x y: i32) : (i32 & bool) = Rust_primitives.Arithmetic.overflowing_add_i32 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_i32__checked_add (x y: i32) : Core_models.Option.t_Option i32 = if (Rust_primitives.Hax.Int.from_machine impl_i32__MIN <: Hax_lib.Int.t_Int) <= @@ -1124,13 +1474,17 @@ let impl_i32__checked_add (x y: i32) : Core_models.Option.t_Option i32 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option i32 else Core_models.Option.Option_None <: Core_models.Option.t_Option i32 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_i32__wrapping_sub (x y: i32) : i32 = Rust_primitives.Arithmetic.wrapping_sub_i32 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_i32__saturating_sub (x y: i32) : i32 = Rust_primitives.Arithmetic.saturating_sub_i32 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_i32__overflowing_sub (x y: i32) : (i32 & bool) = Rust_primitives.Arithmetic.overflowing_sub_i32 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_i32__checked_sub (x y: i32) : Core_models.Option.t_Option i32 = if (Rust_primitives.Hax.Int.from_machine impl_i32__MIN <: Hax_lib.Int.t_Int) <= @@ -1146,13 +1500,17 @@ let impl_i32__checked_sub (x y: i32) : Core_models.Option.t_Option i32 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option i32 else Core_models.Option.Option_None <: Core_models.Option.t_Option i32 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_i32__wrapping_mul (x y: i32) : i32 = Rust_primitives.Arithmetic.wrapping_mul_i32 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_i32__saturating_mul (x y: i32) : i32 = Rust_primitives.Arithmetic.saturating_mul_i32 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_i32__overflowing_mul (x y: i32) : (i32 & bool) = Rust_primitives.Arithmetic.overflowing_mul_i32 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_i32__checked_mul (x y: i32) : Core_models.Option.t_Option i32 = if (Rust_primitives.Hax.Int.from_machine impl_i32__MIN <: Hax_lib.Int.t_Int) <= @@ -1168,34 +1526,41 @@ let impl_i32__checked_mul (x y: i32) : Core_models.Option.t_Option i32 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option i32 else Core_models.Option.Option_None <: Core_models.Option.t_Option i32 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_i32__pow (x: i32) (exp: u32) : i32 = Rust_primitives.Arithmetic.pow_i32 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_i32__count_ones (x: i32) : u32 = Rust_primitives.Arithmetic.count_ones_i32 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_i32__rotate_right': x: i32 -> n: u32 -> i32 unfold let impl_i32__rotate_right = impl_i32__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_i32__rotate_left': x: i32 -> n: u32 -> i32 unfold let impl_i32__rotate_left = impl_i32__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_i32__leading_zeros': x: i32 -> u32 unfold let impl_i32__leading_zeros = impl_i32__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_i32__ilog2': x: i32 -> u32 unfold let impl_i32__ilog2 = impl_i32__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_i32__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result i32 Core_models.Num.Error.t_ParseIntError @@ -1203,50 +1568,78 @@ val impl_i32__from_str_radix': src: string -> radix: u32 unfold let impl_i32__from_str_radix = impl_i32__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_i32__from_be_bytes': bytes: t_Array u8 (mk_usize 4) -> i32 unfold let impl_i32__from_be_bytes = impl_i32__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_i32__from_le_bytes': bytes: t_Array u8 (mk_usize 4) -> i32 unfold let impl_i32__from_le_bytes = impl_i32__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_i32__to_be_bytes': bytes: i32 -> t_Array u8 (mk_usize 4) unfold let impl_i32__to_be_bytes = impl_i32__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_i32__to_le_bytes': bytes: i32 -> t_Array u8 (mk_usize 4) unfold let impl_i32__to_le_bytes = impl_i32__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_i32__checked_div (x y: i32) : Core_models.Option.t_Option i32 = + if y =. mk_i32 0 || x =. impl_i32__MIN && y =. mk_i32 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i32 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option i32 + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_i32__checked_rem (x y: i32) : Core_models.Option.t_Option i32 = + if y =. mk_i32 0 || x =. impl_i32__MIN && y =. mk_i32 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i32 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option i32 + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_i32__signum (x: i32) : i32 = + if x >. mk_i32 0 then mk_i32 1 else if x =. mk_i32 0 then mk_i32 0 else mk_i32 (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_i32__rem_euclid (x y: i32) : Prims.Pure i32 (requires y <>. mk_i32 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_i32 x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_i32__abs (x: i32) : Prims.Pure i32 (requires x >. impl_i32__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_i32 x +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_i64__MIN: i64 = mk_i64 (-9223372036854775808) +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_i64__MAX: i64 = mk_i64 9223372036854775807 +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_i64__BITS: u32 = mk_u32 64 let impl_i64__wrapping_add (x y: i64) : i64 = Rust_primitives.Arithmetic.wrapping_add_i64 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_i64__saturating_add (x y: i64) : i64 = Rust_primitives.Arithmetic.saturating_add_i64 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_i64__overflowing_add (x y: i64) : (i64 & bool) = Rust_primitives.Arithmetic.overflowing_add_i64 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_i64__checked_add (x y: i64) : Core_models.Option.t_Option i64 = if (Rust_primitives.Hax.Int.from_machine impl_i64__MIN <: Hax_lib.Int.t_Int) <= @@ -1262,13 +1655,17 @@ let impl_i64__checked_add (x y: i64) : Core_models.Option.t_Option i64 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option i64 else Core_models.Option.Option_None <: Core_models.Option.t_Option i64 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_i64__wrapping_sub (x y: i64) : i64 = Rust_primitives.Arithmetic.wrapping_sub_i64 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_i64__saturating_sub (x y: i64) : i64 = Rust_primitives.Arithmetic.saturating_sub_i64 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_i64__overflowing_sub (x y: i64) : (i64 & bool) = Rust_primitives.Arithmetic.overflowing_sub_i64 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_i64__checked_sub (x y: i64) : Core_models.Option.t_Option i64 = if (Rust_primitives.Hax.Int.from_machine impl_i64__MIN <: Hax_lib.Int.t_Int) <= @@ -1284,13 +1681,17 @@ let impl_i64__checked_sub (x y: i64) : Core_models.Option.t_Option i64 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option i64 else Core_models.Option.Option_None <: Core_models.Option.t_Option i64 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_i64__wrapping_mul (x y: i64) : i64 = Rust_primitives.Arithmetic.wrapping_mul_i64 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_i64__saturating_mul (x y: i64) : i64 = Rust_primitives.Arithmetic.saturating_mul_i64 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_i64__overflowing_mul (x y: i64) : (i64 & bool) = Rust_primitives.Arithmetic.overflowing_mul_i64 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_i64__checked_mul (x y: i64) : Core_models.Option.t_Option i64 = if (Rust_primitives.Hax.Int.from_machine impl_i64__MIN <: Hax_lib.Int.t_Int) <= @@ -1306,34 +1707,41 @@ let impl_i64__checked_mul (x y: i64) : Core_models.Option.t_Option i64 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option i64 else Core_models.Option.Option_None <: Core_models.Option.t_Option i64 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_i64__pow (x: i64) (exp: u32) : i64 = Rust_primitives.Arithmetic.pow_i64 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_i64__count_ones (x: i64) : u32 = Rust_primitives.Arithmetic.count_ones_i64 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_i64__rotate_right': x: i64 -> n: u32 -> i64 unfold let impl_i64__rotate_right = impl_i64__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_i64__rotate_left': x: i64 -> n: u32 -> i64 unfold let impl_i64__rotate_left = impl_i64__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_i64__leading_zeros': x: i64 -> u32 unfold let impl_i64__leading_zeros = impl_i64__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_i64__ilog2': x: i64 -> u32 unfold let impl_i64__ilog2 = impl_i64__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_i64__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result i64 Core_models.Num.Error.t_ParseIntError @@ -1341,51 +1749,79 @@ val impl_i64__from_str_radix': src: string -> radix: u32 unfold let impl_i64__from_str_radix = impl_i64__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_i64__from_be_bytes': bytes: t_Array u8 (mk_usize 8) -> i64 unfold let impl_i64__from_be_bytes = impl_i64__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_i64__from_le_bytes': bytes: t_Array u8 (mk_usize 8) -> i64 unfold let impl_i64__from_le_bytes = impl_i64__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_i64__to_be_bytes': bytes: i64 -> t_Array u8 (mk_usize 8) unfold let impl_i64__to_be_bytes = impl_i64__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_i64__to_le_bytes': bytes: i64 -> t_Array u8 (mk_usize 8) unfold let impl_i64__to_le_bytes = impl_i64__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_i64__checked_div (x y: i64) : Core_models.Option.t_Option i64 = + if y =. mk_i64 0 || x =. impl_i64__MIN && y =. mk_i64 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i64 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option i64 + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_i64__checked_rem (x y: i64) : Core_models.Option.t_Option i64 = + if y =. mk_i64 0 || x =. impl_i64__MIN && y =. mk_i64 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i64 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option i64 + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_i64__signum (x: i64) : i64 = + if x >. mk_i64 0 then mk_i64 1 else if x =. mk_i64 0 then mk_i64 0 else mk_i64 (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_i64__rem_euclid (x y: i64) : Prims.Pure i64 (requires y <>. mk_i64 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_i64 x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_i64__abs (x: i64) : Prims.Pure i64 (requires x >. impl_i64__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_i64 x +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_i128__MIN: i128 = mk_i128 (-170141183460469231731687303715884105728) +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_i128__MAX: i128 = mk_i128 170141183460469231731687303715884105727 +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_i128__BITS: u32 = mk_u32 128 let impl_i128__wrapping_add (x y: i128) : i128 = Rust_primitives.Arithmetic.wrapping_add_i128 x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_i128__saturating_add (x y: i128) : i128 = Rust_primitives.Arithmetic.saturating_add_i128 x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_i128__overflowing_add (x y: i128) : (i128 & bool) = Rust_primitives.Arithmetic.overflowing_add_i128 x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_i128__checked_add (x y: i128) : Core_models.Option.t_Option i128 = if (Rust_primitives.Hax.Int.from_machine impl_i128__MIN <: Hax_lib.Int.t_Int) <= @@ -1401,14 +1837,18 @@ let impl_i128__checked_add (x y: i128) : Core_models.Option.t_Option i128 = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option i128 else Core_models.Option.Option_None <: Core_models.Option.t_Option i128 +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_i128__wrapping_sub (x y: i128) : i128 = Rust_primitives.Arithmetic.wrapping_sub_i128 x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_i128__saturating_sub (x y: i128) : i128 = Rust_primitives.Arithmetic.saturating_sub_i128 x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_i128__overflowing_sub (x y: i128) : (i128 & bool) = Rust_primitives.Arithmetic.overflowing_sub_i128 x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_i128__checked_sub (x y: i128) : Core_models.Option.t_Option i128 = if (Rust_primitives.Hax.Int.from_machine impl_i128__MIN <: Hax_lib.Int.t_Int) <= @@ -1424,14 +1864,18 @@ let impl_i128__checked_sub (x y: i128) : Core_models.Option.t_Option i128 = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option i128 else Core_models.Option.Option_None <: Core_models.Option.t_Option i128 +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_i128__wrapping_mul (x y: i128) : i128 = Rust_primitives.Arithmetic.wrapping_mul_i128 x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_i128__saturating_mul (x y: i128) : i128 = Rust_primitives.Arithmetic.saturating_mul_i128 x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_i128__overflowing_mul (x y: i128) : (i128 & bool) = Rust_primitives.Arithmetic.overflowing_mul_i128 x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_i128__checked_mul (x y: i128) : Core_models.Option.t_Option i128 = if (Rust_primitives.Hax.Int.from_machine impl_i128__MIN <: Hax_lib.Int.t_Int) <= @@ -1447,34 +1891,41 @@ let impl_i128__checked_mul (x y: i128) : Core_models.Option.t_Option i128 = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option i128 else Core_models.Option.Option_None <: Core_models.Option.t_Option i128 +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_i128__pow (x: i128) (exp: u32) : i128 = Rust_primitives.Arithmetic.pow_i128 x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_i128__count_ones (x: i128) : u32 = Rust_primitives.Arithmetic.count_ones_i128 x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_i128__rotate_right': x: i128 -> n: u32 -> i128 unfold let impl_i128__rotate_right = impl_i128__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_i128__rotate_left': x: i128 -> n: u32 -> i128 unfold let impl_i128__rotate_left = impl_i128__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_i128__leading_zeros': x: i128 -> u32 unfold let impl_i128__leading_zeros = impl_i128__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_i128__ilog2': x: i128 -> u32 unfold let impl_i128__ilog2 = impl_i128__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_i128__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result i128 Core_models.Num.Error.t_ParseIntError @@ -1482,53 +1933,81 @@ val impl_i128__from_str_radix': src: string -> radix: u32 unfold let impl_i128__from_str_radix = impl_i128__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_i128__from_be_bytes': bytes: t_Array u8 (mk_usize 16) -> i128 unfold let impl_i128__from_be_bytes = impl_i128__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_i128__from_le_bytes': bytes: t_Array u8 (mk_usize 16) -> i128 unfold let impl_i128__from_le_bytes = impl_i128__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_i128__to_be_bytes': bytes: i128 -> t_Array u8 (mk_usize 16) unfold let impl_i128__to_be_bytes = impl_i128__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_i128__to_le_bytes': bytes: i128 -> t_Array u8 (mk_usize 16) unfold let impl_i128__to_le_bytes = impl_i128__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_i128__checked_div (x y: i128) : Core_models.Option.t_Option i128 = + if y =. mk_i128 0 || x =. impl_i128__MIN && y =. mk_i128 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i128 + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option i128 + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_i128__checked_rem (x y: i128) : Core_models.Option.t_Option i128 = + if y =. mk_i128 0 || x =. impl_i128__MIN && y =. mk_i128 (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option i128 + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option i128 + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_i128__signum (x: i128) : i128 = + if x >. mk_i128 0 then mk_i128 1 else if x =. mk_i128 0 then mk_i128 0 else mk_i128 (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_i128__rem_euclid (x y: i128) : Prims.Pure i128 (requires y <>. mk_i128 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_i128 x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_i128__abs (x: i128) : Prims.Pure i128 (requires x >. impl_i128__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_i128 x +/// See [`std::primitive::i8::MIN`] (and similar for other signed integer types) let impl_isize__MIN: isize = Rust_primitives.Arithmetic.v_ISIZE_MIN +/// See [`std::primitive::i8::MAX`] (and similar for other signed integer types) let impl_isize__MAX: isize = Rust_primitives.Arithmetic.v_ISIZE_MAX +/// See [`std::primitive::i8::BITS`] (and similar for other signed integer types) let impl_isize__BITS: u32 = Rust_primitives.Arithmetic.v_SIZE_BITS let impl_isize__wrapping_add (x y: isize) : isize = Rust_primitives.Arithmetic.wrapping_add_isize x y +/// See [`std::primitive::u8::saturating_add`] (and similar for other integer types) let impl_isize__saturating_add (x y: isize) : isize = Rust_primitives.Arithmetic.saturating_add_isize x y +/// See [`std::primitive::u8::overflowing_add`] (and similar for other integer types) let impl_isize__overflowing_add (x y: isize) : (isize & bool) = Rust_primitives.Arithmetic.overflowing_add_isize x y +/// See [`std::primitive::u8::checked_add`] (and similar for other integer types) let impl_isize__checked_add (x y: isize) : Core_models.Option.t_Option isize = if (Rust_primitives.Hax.Int.from_machine impl_isize__MIN <: Hax_lib.Int.t_Int) <= @@ -1544,15 +2023,19 @@ let impl_isize__checked_add (x y: isize) : Core_models.Option.t_Option isize = then Core_models.Option.Option_Some (x +! y) <: Core_models.Option.t_Option isize else Core_models.Option.Option_None <: Core_models.Option.t_Option isize +/// See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) let impl_isize__wrapping_sub (x y: isize) : isize = Rust_primitives.Arithmetic.wrapping_sub_isize x y +/// See [`std::primitive::u8::saturating_sub`] (and similar for other integer types) let impl_isize__saturating_sub (x y: isize) : isize = Rust_primitives.Arithmetic.saturating_sub_isize x y +/// See [`std::primitive::u8::overflowing_sub`] (and similar for other integer types) let impl_isize__overflowing_sub (x y: isize) : (isize & bool) = Rust_primitives.Arithmetic.overflowing_sub_isize x y +/// See [`std::primitive::u8::checked_sub`] (and similar for other integer types) let impl_isize__checked_sub (x y: isize) : Core_models.Option.t_Option isize = if (Rust_primitives.Hax.Int.from_machine impl_isize__MIN <: Hax_lib.Int.t_Int) <= @@ -1568,15 +2051,19 @@ let impl_isize__checked_sub (x y: isize) : Core_models.Option.t_Option isize = then Core_models.Option.Option_Some (x -! y) <: Core_models.Option.t_Option isize else Core_models.Option.Option_None <: Core_models.Option.t_Option isize +/// See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) let impl_isize__wrapping_mul (x y: isize) : isize = Rust_primitives.Arithmetic.wrapping_mul_isize x y +/// See [`std::primitive::u8::saturating_mul`] (and similar for other integer types) let impl_isize__saturating_mul (x y: isize) : isize = Rust_primitives.Arithmetic.saturating_mul_isize x y +/// See [`std::primitive::u8::overflowing_mul`] (and similar for other integer types) let impl_isize__overflowing_mul (x y: isize) : (isize & bool) = Rust_primitives.Arithmetic.overflowing_mul_isize x y +/// See [`std::primitive::u8::checked_mul`] (and similar for other integer types) let impl_isize__checked_mul (x y: isize) : Core_models.Option.t_Option isize = if (Rust_primitives.Hax.Int.from_machine impl_isize__MIN <: Hax_lib.Int.t_Int) <= @@ -1592,34 +2079,41 @@ let impl_isize__checked_mul (x y: isize) : Core_models.Option.t_Option isize = then Core_models.Option.Option_Some (x *! y) <: Core_models.Option.t_Option isize else Core_models.Option.Option_None <: Core_models.Option.t_Option isize +/// See [`std::primitive::u8::pow`] (and similar for other integer types) let impl_isize__pow (x: isize) (exp: u32) : isize = Rust_primitives.Arithmetic.pow_isize x exp +/// See [`std::primitive::u8::count_ones`] (and similar for other integer types) let impl_isize__count_ones (x: isize) : u32 = Rust_primitives.Arithmetic.count_ones_isize x +/// See [`std::primitive::u8::rotate_right`] (and similar for other integer types) assume val impl_isize__rotate_right': x: isize -> n: u32 -> isize unfold let impl_isize__rotate_right = impl_isize__rotate_right' +/// See [`std::primitive::u8::rotate_left`] (and similar for other integer types) assume val impl_isize__rotate_left': x: isize -> n: u32 -> isize unfold let impl_isize__rotate_left = impl_isize__rotate_left' +/// See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) assume val impl_isize__leading_zeros': x: isize -> u32 unfold let impl_isize__leading_zeros = impl_isize__leading_zeros' +/// See [`std::primitive::u8::ilog2`] (and similar for other integer types) assume val impl_isize__ilog2': x: isize -> u32 unfold let impl_isize__ilog2 = impl_isize__ilog2' +/// See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) assume val impl_isize__from_str_radix': src: string -> radix: u32 -> Core_models.Result.t_Result isize Core_models.Num.Error.t_ParseIntError @@ -1627,34 +2121,56 @@ val impl_isize__from_str_radix': src: string -> radix: u32 unfold let impl_isize__from_str_radix = impl_isize__from_str_radix' +/// See [`std::primitive::u8::from_be_bytes`] (and similar for other integer types) assume val impl_isize__from_be_bytes': bytes: t_Array u8 (mk_usize 8) -> isize unfold let impl_isize__from_be_bytes = impl_isize__from_be_bytes' +/// See [`std::primitive::u8::from_le_bytes`] (and similar for other integer types) assume val impl_isize__from_le_bytes': bytes: t_Array u8 (mk_usize 8) -> isize unfold let impl_isize__from_le_bytes = impl_isize__from_le_bytes' +/// See [`std::primitive::u8::to_be_bytes`] (and similar for other integer types) assume val impl_isize__to_be_bytes': bytes: isize -> t_Array u8 (mk_usize 8) unfold let impl_isize__to_be_bytes = impl_isize__to_be_bytes' +/// See [`std::primitive::u8::to_le_bytes`] (and similar for other integer types) assume val impl_isize__to_le_bytes': bytes: isize -> t_Array u8 (mk_usize 8) unfold let impl_isize__to_le_bytes = impl_isize__to_le_bytes' +/// See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +let impl_isize__checked_div (x y: isize) : Core_models.Option.t_Option isize = + if y =. mk_isize 0 || x =. impl_isize__MIN && y =. mk_isize (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option isize + else Core_models.Option.Option_Some (x /! y) <: Core_models.Option.t_Option isize + +/// See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +let impl_isize__checked_rem (x y: isize) : Core_models.Option.t_Option isize = + if y =. mk_isize 0 || x =. impl_isize__MIN && y =. mk_isize (-1) + then Core_models.Option.Option_None <: Core_models.Option.t_Option isize + else Core_models.Option.Option_Some (x %! y) <: Core_models.Option.t_Option isize + +/// See [`std::primitive::i8::signum`] (and similar for other signed integer types) +let impl_isize__signum (x: isize) : isize = + if x >. mk_isize 0 then mk_isize 1 else if x =. mk_isize 0 then mk_isize 0 else mk_isize (-1) + +/// See [`std::primitive::u8::rem_euclid`] (and similar for other integer types) let impl_isize__rem_euclid (x y: isize) : Prims.Pure isize (requires y <>. mk_isize 0) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.rem_euclid_isize x y +/// See [`std::primitive::i8::abs`] (and similar for other signed integer types) let impl_isize__abs (x: isize) : Prims.Pure isize (requires x >. impl_isize__MIN) (fun _ -> Prims.l_True) = Rust_primitives.Arithmetic.abs_isize x @@ -1754,3 +2270,11 @@ let impl_29: Core_models.Default.t_Default isize = f_default_post = (fun (_: Prims.unit) (out: isize) -> true); f_default = fun (_: Prims.unit) -> mk_isize 0 } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_30: Core_models.Default.t_Default bool = + { + f_default_pre = (fun (_: Prims.unit) -> true); + f_default_post = (fun (_: Prims.unit) (out: bool) -> true); + f_default = fun (_: Prims.unit) -> false + } diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Arith.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Arith.fsti index 957cf69d7..ec0547d4a 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Arith.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Arith.fsti @@ -3,6 +3,7 @@ module Core_models.Ops.Arith open FStar.Mul open Rust_primitives +/// See [`std::ops::AddAssign`] class t_AddAssign (v_Self: Type0) (v_Rhs: Type0) = { f_add_assign_pre:v_Self -> v_Rhs -> Type0; f_add_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; @@ -10,6 +11,7 @@ class t_AddAssign (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure v_Self (f_add_assign_pre x0 x1) (fun result -> f_add_assign_post x0 x1 result) } +/// See [`std::ops::SubAssign`] class t_SubAssign (v_Self: Type0) (v_Rhs: Type0) = { f_sub_assign_pre:v_Self -> v_Rhs -> Type0; f_sub_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; @@ -17,6 +19,7 @@ class t_SubAssign (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure v_Self (f_sub_assign_pre x0 x1) (fun result -> f_sub_assign_post x0 x1 result) } +/// See [`std::ops::MulAssign`] class t_MulAssign (v_Self: Type0) (v_Rhs: Type0) = { f_mul_assign_pre:v_Self -> v_Rhs -> Type0; f_mul_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; @@ -24,6 +27,7 @@ class t_MulAssign (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure v_Self (f_mul_assign_pre x0 x1) (fun result -> f_mul_assign_post x0 x1 result) } +/// See [`std::ops::DivAssign`] class t_DivAssign (v_Self: Type0) (v_Rhs: Type0) = { f_div_assign_pre:v_Self -> v_Rhs -> Type0; f_div_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; @@ -31,6 +35,7 @@ class t_DivAssign (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure v_Self (f_div_assign_pre x0 x1) (fun result -> f_div_assign_post x0 x1 result) } +/// See [`std::ops::RemAssign`] class t_RemAssign (v_Self: Type0) (v_Rhs: Type0) = { f_rem_assign_pre:v_Self -> v_Rhs -> Type0; f_rem_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; @@ -62,6 +67,7 @@ val impl_6:t_AddAssign u64 u64 [@@ FStar.Tactics.Typeclasses.tcinstance] val impl_7:t_SubAssign u64 u64 +/// See [`std::ops::Add`] class t_Add (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_add_pre:v_Self -> v_Rhs -> Type0; @@ -70,6 +76,7 @@ class t_Add (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_add_pre x0 x1) (fun result -> f_add_post x0 x1 result) } +/// See [`std::ops::Sub`] class t_Sub (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_sub_pre:v_Self -> v_Rhs -> Type0; @@ -78,6 +85,7 @@ class t_Sub (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_sub_pre x0 x1) (fun result -> f_sub_post x0 x1 result) } +/// See [`std::ops::Mul`] class t_Mul (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_mul_pre:v_Self -> v_Rhs -> Type0; @@ -86,6 +94,7 @@ class t_Mul (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_mul_pre x0 x1) (fun result -> f_mul_post x0 x1 result) } +/// See [`std::ops::Div`] class t_Div (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_div_pre:v_Self -> v_Rhs -> Type0; @@ -94,6 +103,7 @@ class t_Div (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_div_pre x0 x1) (fun result -> f_div_post x0 x1 result) } +/// See [`std::ops::Neg`] class t_Neg (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_neg_pre:v_Self -> Type0; @@ -101,6 +111,7 @@ class t_Neg (v_Self: Type0) = { f_neg:x0: v_Self -> Prims.Pure f_Output (f_neg_pre x0) (fun result -> f_neg_post x0 result) } +/// See [`std::ops::Rem`] class t_Rem (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_rem_pre:v_Self -> v_Rhs -> Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Bit.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Bit.fsti index e13f3a490..12a3eed26 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Bit.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Bit.fsti @@ -3,6 +3,51 @@ module Core_models.Ops.Bit open FStar.Mul open Rust_primitives +/// See [`std::ops::ShrAssign`] +class t_ShrAssign (v_Self: Type0) (v_Rhs: Type0) = { + f_shr_assign_pre:v_Self -> v_Rhs -> Type0; + f_shr_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; + f_shr_assign:x0: v_Self -> x1: v_Rhs + -> Prims.Pure v_Self (f_shr_assign_pre x0 x1) (fun result -> f_shr_assign_post x0 x1 result) +} + +/// See [`std::ops::ShlAssign`] +class t_ShlAssign (v_Self: Type0) (v_Rhs: Type0) = { + f_shl_assign_pre:v_Self -> v_Rhs -> Type0; + f_shl_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; + f_shl_assign:x0: v_Self -> x1: v_Rhs + -> Prims.Pure v_Self (f_shl_assign_pre x0 x1) (fun result -> f_shl_assign_post x0 x1 result) +} + +/// See [`std::ops::BitXorAssign`] +class t_BitXorAssign (v_Self: Type0) (v_Rhs: Type0) = { + f_bitxor_assign_pre:v_Self -> v_Rhs -> Type0; + f_bitxor_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; + f_bitxor_assign:x0: v_Self -> x1: v_Rhs + -> Prims.Pure v_Self + (f_bitxor_assign_pre x0 x1) + (fun result -> f_bitxor_assign_post x0 x1 result) +} + +/// See [`std::ops::BitAndAssign`] +class t_BitAndAssign (v_Self: Type0) (v_Rhs: Type0) = { + f_bitand_assign_pre:v_Self -> v_Rhs -> Type0; + f_bitand_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; + f_bitand_assign:x0: v_Self -> x1: v_Rhs + -> Prims.Pure v_Self + (f_bitand_assign_pre x0 x1) + (fun result -> f_bitand_assign_post x0 x1 result) +} + +/// See [`std::ops::BitOrAssign`] +class t_BitOrAssign (v_Self: Type0) (v_Rhs: Type0) = { + f_bitor_assign_pre:v_Self -> v_Rhs -> Type0; + f_bitor_assign_post:v_Self -> v_Rhs -> v_Self -> Type0; + f_bitor_assign:x0: v_Self -> x1: v_Rhs + -> Prims.Pure v_Self (f_bitor_assign_pre x0 x1) (fun result -> f_bitor_assign_post x0 x1 result) +} + +/// See [`std::ops::Shr`] class t_Shr (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_shr_pre:v_Self -> v_Rhs -> Type0; @@ -11,6 +56,7 @@ class t_Shr (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_shr_pre x0 x1) (fun result -> f_shr_post x0 x1 result) } +/// See [`std::ops::Shl`] class t_Shl (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_shl_pre:v_Self -> v_Rhs -> Type0; @@ -19,6 +65,7 @@ class t_Shl (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_shl_pre x0 x1) (fun result -> f_shl_post x0 x1 result) } +/// See [`std::ops::BitXor`] class t_BitXor (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_bitxor_pre:v_Self -> v_Rhs -> Type0; @@ -27,6 +74,7 @@ class t_BitXor (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_bitxor_pre x0 x1) (fun result -> f_bitxor_post x0 x1 result) } +/// See [`std::ops::BitAnd`] class t_BitAnd (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_bitand_pre:v_Self -> v_Rhs -> Type0; @@ -35,6 +83,7 @@ class t_BitAnd (v_Self: Type0) (v_Rhs: Type0) = { -> Prims.Pure f_Output (f_bitand_pre x0 x1) (fun result -> f_bitand_post x0 x1 result) } +/// See [`std::ops::BitOr`] class t_BitOr (v_Self: Type0) (v_Rhs: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_bitor_pre:v_Self -> v_Rhs -> Type0; @@ -42,3 +91,11 @@ class t_BitOr (v_Self: Type0) (v_Rhs: Type0) = { f_bitor:x0: v_Self -> x1: v_Rhs -> Prims.Pure f_Output (f_bitor_pre x0 x1) (fun result -> f_bitor_post x0 x1 result) } + +/// See [`std::ops::Not`] +class t_Not (v_Self: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; + f_not_pre:v_Self -> Type0; + f_not_post:v_Self -> f_Output -> Type0; + f_not:x0: v_Self -> Prims.Pure f_Output (f_not_pre x0) (fun result -> f_not_post x0 result) +} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Control_flow.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Control_flow.fst index a3432607f..67d179902 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Control_flow.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Control_flow.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Control_flow open FStar.Mul open Rust_primitives +/// See [`std::ops::ControlFlow`] type t_ControlFlow (v_B: Type0) (v_C: Type0) = | ControlFlow_Continue : v_C -> t_ControlFlow v_B v_C | ControlFlow_Break : v_B -> t_ControlFlow v_B v_C diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Deref.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Deref.fst index 4b99568b4..aed78829a 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Deref.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Deref.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Deref open FStar.Mul open Rust_primitives +/// See [`std::ops::Deref`] class t_Deref (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Target:Type0; f_deref_pre:v_Self -> Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Drop.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Drop.fst index eefabe801..eb6e8105b 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Drop.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Drop.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Drop open FStar.Mul open Rust_primitives +/// See [`std::ops::Drop`] class t_Drop (v_Self: Type0) = { f_drop_pre:v_Self -> Type0; f_drop_post:v_Self -> v_Self -> Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Function.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Function.fst index 6f17dae9f..a1edbe65e 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Function.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Function.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Function open FStar.Mul open Rust_primitives +/// See [`std::ops::FnOnce`] class t_FnOnce (v_Self: Type0) (v_Args: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_call_once_pre:self_: v_Self -> args: v_Args -> pred: Type0{true ==> pred}; @@ -11,12 +12,29 @@ class t_FnOnce (v_Self: Type0) (v_Args: Type0) = { -> Prims.Pure f_Output (f_call_once_pre x0 x1) (fun result -> f_call_once_post x0 x1 result) } -class t_Fn (v_Self: Type0) (v_Args: Type0) = { +/// See [`std::ops::Fn`] +class t_FnMut (v_Self: Type0) (v_Args: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:t_FnOnce v_Self v_Args; + f_call_mut_pre:self_: v_Self -> args: v_Args -> pred: Type0{true ==> pred}; + f_call_mut_post:v_Self -> v_Args -> (_super_i0).f_Output -> Type0; + f_call_mut:x0: v_Self -> x1: v_Args + -> Prims.Pure (_super_i0).f_Output + (f_call_mut_pre x0 x1) + (fun result -> f_call_mut_post x0 x1 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let _ = fun (v_Self:Type0) (v_Args:Type0) {|i: t_FnMut v_Self v_Args|} -> i._super_i0 + +/// See [`std::ops::Fn`] +class t_Fn (v_Self: Type0) (v_Args: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]_super_i0:t_FnMut v_Self v_Args; f_call_pre:self_: v_Self -> args: v_Args -> pred: Type0{true ==> pred}; - f_call_post:v_Self -> v_Args -> (_super_i0).f_Output -> Type0; + f_call_post:v_Self -> v_Args -> (_super_i0)._super_i0.f_Output -> Type0; f_call:x0: v_Self -> x1: v_Args - -> Prims.Pure (_super_i0).f_Output (f_call_pre x0 x1) (fun result -> f_call_post x0 x1 result) + -> Prims.Pure (_super_i0)._super_i0.f_Output + (f_call_pre x0 x1) + (fun result -> f_call_post x0 x1 result) } [@@ FStar.Tactics.Typeclasses.tcinstance] diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Index.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Index.fst index 554e8e3be..ec174dcfa 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Index.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Index.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Index open FStar.Mul open Rust_primitives +/// See [`std::ops::Index`] class t_Index (v_Self: Type0) (v_Idx: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; f_index_pre:v_Self -> v_Idx -> Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Range.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Range.fst index e0712e393..bb3251fd7 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Range.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Range.fst @@ -3,17 +3,27 @@ module Core_models.Ops.Range open FStar.Mul open Rust_primitives +/// See [`std::ops::RangeTo`] type t_RangeTo (v_T: Type0) = { f_end:v_T } +/// See [`std::ops::RangeFrom`] type t_RangeFrom (v_T: Type0) = { f_start:v_T } +/// See [`std::ops::Range`] type t_Range (v_T: Type0) = { f_start:v_T; f_end:v_T } +/// See [`std::ops::RangeFull`] type t_RangeFull = | RangeFull : t_RangeFull +/// See [`std::ops::RangeInclusive`] +type t_RangeInclusive (v_T: Type0) = { + f_start:v_T; + f_end:v_T +} + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl: Core_models.Iter.Traits.Iterator.t_Iterator (t_Range u8) = { diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Try_trait.fst b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Try_trait.fst index 0a6ab294c..bbe8891e5 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Ops.Try_trait.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Ops.Try_trait.fst @@ -3,6 +3,7 @@ module Core_models.Ops.Try_trait open FStar.Mul open Rust_primitives +/// See [`std::ops::FromResidual`] class t_FromResidual (v_Self: Type0) (v_R: Type0) = { f_from_residual_pre:v_R -> Type0; f_from_residual_post:v_R -> v_Self -> Type0; @@ -10,6 +11,7 @@ class t_FromResidual (v_Self: Type0) (v_R: Type0) = { -> Prims.Pure v_Self (f_from_residual_pre x0) (fun result -> f_from_residual_post x0 result) } +/// See [`std::ops::Try`] class t_Try (v_Self: Type0) = { [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; [@@@ FStar.Tactics.Typeclasses.no_method]f_Residual:Type0; diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Option.fst b/hax-lib/proof-libs/fstar/core/Core_models.Option.fst index 7d3e8d099..cfa79c1dc 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Option.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Option.fst @@ -44,3 +44,19 @@ include Core_models.Bundle {impl__ok_or_else as impl__ok_or_else} include Core_models.Bundle {impl__and_then as impl__and_then} include Core_models.Bundle {impl__take as impl__take} + +include Core_models.Bundle {impl__filter as impl__filter} + +include Core_models.Bundle {impl__or as impl__or} + +include Core_models.Bundle {impl__or_else as impl__or_else} + +include Core_models.Bundle {impl__xor as impl__xor} + +include Core_models.Bundle {impl__zip as impl__zip} + +include Core_models.Bundle {impl__inspect as impl__inspect} + +include Core_models.Bundle {impl_1__flatten as impl_1__flatten} + +include Core_models.Bundle {impl_2 as impl_2} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Result.fst b/hax-lib/proof-libs/fstar/core/Core_models.Result.fst index 9a1970add..11014b44d 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Result.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Result.fst @@ -9,11 +9,29 @@ include Core_models.Bundle {Result_Ok as Result_Ok} include Core_models.Bundle {Result_Err as Result_Err} +include Core_models.Bundle {impl__is_ok as impl__is_ok} + +include Core_models.Bundle {impl__is_ok_and as impl__is_ok_and} + +include Core_models.Bundle {impl__is_err as impl__is_err} + +include Core_models.Bundle {impl__is_err_and as impl__is_err_and} + +include Core_models.Bundle {impl__as_ref__from__result as impl__as_ref} + +include Core_models.Bundle {impl__expect__from__result as impl__expect} + include Core_models.Bundle {impl__unwrap__from__result as impl__unwrap} +include Core_models.Bundle {impl__expect_err as impl__expect_err} + +include Core_models.Bundle {impl__unwrap_err as impl__unwrap_err} + include Core_models.Bundle {impl__unwrap_or__from__result as impl__unwrap_or} -include Core_models.Bundle {impl__expect__from__result as impl__expect} +include Core_models.Bundle {impl__unwrap_or_else__from__result as impl__unwrap_or_else} + +include Core_models.Bundle {impl__unwrap_or_default__from__result as impl__unwrap_or_default} include Core_models.Bundle {impl__map__from__result as impl__map} @@ -21,10 +39,28 @@ include Core_models.Bundle {impl__map_or__from__result as impl__map_or} include Core_models.Bundle {impl__map_or_else__from__result as impl__map_or_else} +include Core_models.Bundle {impl__map_or_default__from__result as impl__map_or_default} + include Core_models.Bundle {impl__map_err as impl__map_err} -include Core_models.Bundle {impl__is_ok as impl__is_ok} +include Core_models.Bundle {impl__inspect__from__result as impl__inspect} -include Core_models.Bundle {impl__and_then__from__result as impl__and_then} +include Core_models.Bundle {impl__inspect_err as impl__inspect_err} include Core_models.Bundle {impl__ok as impl__ok} + +include Core_models.Bundle {impl__err as impl__err} + +include Core_models.Bundle {impl__and as impl__and} + +include Core_models.Bundle {impl__and_then__from__result as impl__and_then} + +include Core_models.Bundle {impl__or__from__result as impl__or} + +include Core_models.Bundle {impl__or_else__from__result as impl__or_else} + +include Core_models.Bundle {impl_1__cloned as impl_1__cloned} + +include Core_models.Bundle {impl_2__transpose as impl_2__transpose} + +include Core_models.Bundle {impl_3__flatten as impl_3__flatten} diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Slice.Index.fst b/hax-lib/proof-libs/fstar/core/Core_models.Slice.Index.fst new file mode 100644 index 000000000..d635cb6e6 --- /dev/null +++ b/hax-lib/proof-libs/fstar/core/Core_models.Slice.Index.fst @@ -0,0 +1,245 @@ +module Core_models.Slice.Index +#set-options "--fuel 0 --ifuel 1 --z3rlimit 15" +open FStar.Mul +open Rust_primitives + +/// See [`std::slice::SliceIndex`]. We model the safe methods only; +/// `get_unchecked`/`get_unchecked_mut` would require raw-pointer +/// machinery and `*const`/`*mut` semantics we don\'t have. The +/// `&mut`-flavored `get_mut`/`index_mut` are also omitted — they +/// need a back-edge tuple shape and aren\'t required by anything +/// downstream Aeneas extraction emits in our test crate yet. +class t_SliceIndex (v_Self: Type0) (v_T: Type0) = { + [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; + f_get_pre:self_: v_Self -> slice: v_T -> pred: Type0{true ==> pred}; + f_get_post:v_Self -> v_T -> Core_models.Option.t_Option f_Output -> Type0; + f_get:x0: v_Self -> x1: v_T + -> Prims.Pure (Core_models.Option.t_Option f_Output) + (f_get_pre x0 x1) + (fun result -> f_get_post x0 x1 result); + f_index_pre:v_Self -> v_T -> Type0; + f_index_post:v_Self -> v_T -> f_Output -> Type0; + f_index:x0: v_Self -> x1: v_T + -> Prims.Pure f_Output (f_index_pre x0 x1) (fun result -> f_index_post x0 x1 result) +} + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl (#v_T: Type0) : t_SliceIndex usize (t_Slice v_T) = + { + f_Output = v_T; + f_get_pre = (fun (self: usize) (slice: t_Slice v_T) -> true); + f_get_post + = + (fun (self: usize) (slice: t_Slice v_T) (out: Core_models.Option.t_Option v_T) -> true); + f_get + = + (fun (self: usize) (slice: t_Slice v_T) -> + if self <. (Rust_primitives.Slice.slice_length #v_T slice <: usize) + then + Core_models.Option.Option_Some (Rust_primitives.Slice.slice_index #v_T slice self) + <: + Core_models.Option.t_Option v_T + else Core_models.Option.Option_None <: Core_models.Option.t_Option v_T); + f_index_pre + = + (fun (self_: usize) (slice: t_Slice v_T) -> + self_ <. (Rust_primitives.Slice.slice_length #v_T slice <: usize)); + f_index_post = (fun (self: usize) (slice: t_Slice v_T) (out: v_T) -> true); + f_index + = + fun (self: usize) (slice: t_Slice v_T) -> Rust_primitives.Slice.slice_index #v_T slice self + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_1 (#v_T: Type0) : t_SliceIndex Core_models.Ops.Range.t_RangeFull (t_Slice v_T) = + { + f_Output = t_Slice v_T; + f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> true); + f_get_post + = + (fun + (self: Core_models.Ops.Range.t_RangeFull) + (slice: t_Slice v_T) + (out: Core_models.Option.t_Option (t_Slice v_T)) + -> + true); + f_get + = + (fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> + Core_models.Option.Option_Some slice <: Core_models.Option.t_Option (t_Slice v_T)); + f_index_pre = (fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> true); + f_index_post + = + (fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) (out: t_Slice v_T) -> true); + f_index = fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> slice + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_2 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_RangeFrom usize) (t_Slice v_T) = + { + f_Output = t_Slice v_T; + f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> true); + f_get_post + = + (fun + (self: Core_models.Ops.Range.t_RangeFrom usize) + (slice: t_Slice v_T) + (out: Core_models.Option.t_Option (t_Slice v_T)) + -> + true); + f_get + = + (fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> + if + self.Core_models.Ops.Range.f_start <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize) + then + Core_models.Option.Option_Some + (Rust_primitives.Slice.slice_slice #v_T + slice + self.Core_models.Ops.Range.f_start + (Rust_primitives.Slice.slice_length #v_T slice <: usize)) + <: + Core_models.Option.t_Option (t_Slice v_T) + else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T)); + f_index_pre + = + (fun (self_: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> + self_.Core_models.Ops.Range.f_start <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize)); + f_index_post + = + (fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) (out: t_Slice v_T) -> + true); + f_index + = + fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> + Rust_primitives.Slice.slice_slice #v_T + slice + self.Core_models.Ops.Range.f_start + (Rust_primitives.Slice.slice_length #v_T slice <: usize) + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_3 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_RangeTo usize) (t_Slice v_T) = + { + f_Output = t_Slice v_T; + f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> true); + f_get_post + = + (fun + (self: Core_models.Ops.Range.t_RangeTo usize) + (slice: t_Slice v_T) + (out: Core_models.Option.t_Option (t_Slice v_T)) + -> + true); + f_get + = + (fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> + if + self.Core_models.Ops.Range.f_end <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize) + then + Core_models.Option.Option_Some + (Rust_primitives.Slice.slice_slice #v_T + slice + (mk_usize 0) + self.Core_models.Ops.Range.f_end) + <: + Core_models.Option.t_Option (t_Slice v_T) + else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T)); + f_index_pre + = + (fun (self_: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> + self_.Core_models.Ops.Range.f_end <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize)); + f_index_post + = + (fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) (out: t_Slice v_T) -> + true); + f_index + = + fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> + Rust_primitives.Slice.slice_slice #v_T slice (mk_usize 0) self.Core_models.Ops.Range.f_end + } + +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_4 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_Range usize) (t_Slice v_T) = + { + f_Output = t_Slice v_T; + f_get_pre = (fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> true); + f_get_post + = + (fun + (self: Core_models.Ops.Range.t_Range usize) + (slice: t_Slice v_T) + (out: Core_models.Option.t_Option (t_Slice v_T)) + -> + true); + f_get + = + (fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> + if + self.Core_models.Ops.Range.f_start <=. self.Core_models.Ops.Range.f_end && + self.Core_models.Ops.Range.f_end <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize) + then + Core_models.Option.Option_Some + (Rust_primitives.Slice.slice_slice #v_T + slice + self.Core_models.Ops.Range.f_start + self.Core_models.Ops.Range.f_end) + <: + Core_models.Option.t_Option (t_Slice v_T) + else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T)); + f_index_pre + = + (fun (self_: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> + self_.Core_models.Ops.Range.f_start <=. self_.Core_models.Ops.Range.f_end && + self_.Core_models.Ops.Range.f_end <=. + (Rust_primitives.Slice.slice_length #v_T slice <: usize)); + f_index_post + = + (fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) (out: t_Slice v_T) -> true + ); + f_index + = + fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> + Rust_primitives.Slice.slice_slice #v_T + slice + self.Core_models.Ops.Range.f_start + self.Core_models.Ops.Range.f_end + } + +/// Generic `Index` for `[T]`, matching std\'s +/// `impl> Index for [T]` +/// in `core/src/slice/index.rs`. Body delegates to +/// `SliceIndex::get` (we removed the `index`/`index_mut` methods +/// from the trait to avoid modeling raw pointers; std would call +/// `index.index(self)` instead). +[@@ FStar.Tactics.Typeclasses.tcinstance] +let impl_5 + (#v_T #v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_SliceIndex v_I (t_Slice v_T)) + : Core_models.Ops.Index.t_Index (t_Slice v_T) v_I = + { + f_Output = i0.f_Output; + f_index_pre + = + (fun (self_: t_Slice v_T) (i: v_I) -> + Core_models.Option.impl__is_some #i0.f_Output + (f_get #v_I #(t_Slice v_T) #FStar.Tactics.Typeclasses.solve i self_ + <: + Core_models.Option.t_Option i0.f_Output)); + f_index_post = (fun (self: t_Slice v_T) (i: v_I) (out: i0.f_Output) -> true); + f_index + = + fun (self: t_Slice v_T) (i: v_I) -> + match + f_get #v_I #(t_Slice v_T) #FStar.Tactics.Typeclasses.solve i self + <: + Core_models.Option.t_Option i0.f_Output + with + | Core_models.Option.Option_Some r -> r + | Core_models.Option.Option_None -> Core_models.Panicking.Internal.panic #i0.f_Output () + } diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Slice.Iter.fst b/hax-lib/proof-libs/fstar/core/Core_models.Slice.Iter.fst index 7284def17..0700a19c9 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Slice.Iter.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Slice.Iter.fst @@ -3,6 +3,7 @@ module Core_models.Slice.Iter open FStar.Mul open Rust_primitives +/// See [`std::slice::Chunks`] type t_Chunks (v_T: Type0) = { f_cs:usize; f_elements:t_Slice v_T @@ -11,6 +12,7 @@ type t_Chunks (v_T: Type0) = { let impl__new (#v_T: Type0) (cs: usize) (elements: t_Slice v_T) : t_Chunks v_T = { f_cs = cs; f_elements = elements } <: t_Chunks v_T +/// See [`std::slice::ChunksExact`] type t_ChunksExact (v_T: Type0) = { f_cs:usize; f_elements:t_Slice v_T @@ -19,6 +21,7 @@ type t_ChunksExact (v_T: Type0) = { let impl_1__new (#v_T: Type0) (cs: usize) (elements: t_Slice v_T) : t_ChunksExact v_T = { f_cs = cs; f_elements = elements } <: t_ChunksExact v_T +/// See [`std::slice::Iter`] type t_Iter (v_T: Type0) = | Iter : Rust_primitives.Sequence.t_Seq v_T -> t_Iter v_T [@@ FStar.Tactics.Typeclasses.tcinstance] @@ -28,7 +31,7 @@ let impl_2 (#v_T: Type0) : Core_models.Iter.Traits.Iterator.t_Iterator (t_Iter v f_next_pre = (fun (self: t_Iter v_T) -> true); f_next_post = - (fun (self: t_Iter v_T) (out: (t_Iter v_T & Core_models.Option.t_Option v_T)) -> true); + (fun (self: t_Iter v_T) (out1: (t_Iter v_T & Core_models.Option.t_Option v_T)) -> true); f_next = fun (self: t_Iter v_T) -> @@ -39,20 +42,11 @@ let impl_2 (#v_T: Type0) : Core_models.Iter.Traits.Iterator.t_Iterator (t_Iter v <: (t_Iter v_T & Core_models.Option.t_Option v_T) else - let res:v_T = Rust_primitives.Sequence.seq_first #v_T self._0 in - let self:t_Iter v_T = - { - self with - _0 - = - Rust_primitives.Sequence.seq_slice #v_T - self._0 - (mk_usize 1) - (Rust_primitives.Sequence.seq_len #v_T self._0 <: usize) - } - <: - t_Iter v_T + let (tmp0: Rust_primitives.Sequence.t_Seq v_T), (out: v_T) = + Rust_primitives.Sequence.seq_remove #v_T self._0 (mk_usize 0) in + let self:t_Iter v_T = { self with _0 = tmp0 } <: t_Iter v_T in + let res:v_T = out in self, (Core_models.Option.Option_Some res <: Core_models.Option.t_Option v_T) <: (t_Iter v_T & Core_models.Option.t_Option v_T) @@ -141,3 +135,19 @@ let impl_4 (#v_T: Type0) : Core_models.Iter.Traits.Iterator.t_Iterator (t_Chunks in self, hax_temp_output <: (t_ChunksExact v_T & Core_models.Option.t_Option (t_Slice v_T)) } + +/// See [`std::slice::Windows`] +type t_Windows (v_T: Type0) = { + f_size:usize; + f_elements:t_Slice v_T +} + +let impl_5__new (#v_T: Type0) (size: usize) (elements: t_Slice v_T) : t_Windows v_T = + { f_size = size; f_elements = elements } <: t_Windows v_T + +[@@ FStar.Tactics.Typeclasses.tcinstance] +assume +val impl_6': #v_T: Type0 -> Core_models.Iter.Traits.Iterator.t_Iterator (t_Windows v_T) + +unfold +let impl_6 (#v_T: Type0) = impl_6' #v_T diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Slice.fst b/hax-lib/proof-libs/fstar/core/Core_models.Slice.fst index 800377c3b..7ec08f5de 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Slice.fst +++ b/hax-lib/proof-libs/fstar/core/Core_models.Slice.fst @@ -3,27 +3,42 @@ module Core_models.Slice open FStar.Mul open Rust_primitives +/// See [`std::slice::len`] let impl__len (#v_T: Type0) (s: t_Slice v_T) : usize = Rust_primitives.Slice.slice_length #v_T s +/// See [`std::slice::chunks`] let impl__chunks (#v_T: Type0) (s: t_Slice v_T) (cs: usize) : Core_models.Slice.Iter.t_Chunks v_T = Core_models.Slice.Iter.impl__new #v_T cs s +/// See [`std::slice::iter`] let impl__iter (#v_T: Type0) (s: t_Slice v_T) : Core_models.Slice.Iter.t_Iter v_T = Core_models.Slice.Iter.Iter (Rust_primitives.Sequence.seq_from_slice #v_T s) <: Core_models.Slice.Iter.t_Iter v_T +/// See [`std::slice::chunks_exact`] let impl__chunks_exact (#v_T: Type0) (s: t_Slice v_T) (cs: usize) : Core_models.Slice.Iter.t_ChunksExact v_T = Core_models.Slice.Iter.impl_1__new #v_T cs s +/// See [`std::slice::is_empty`] let impl__is_empty (#v_T: Type0) (s: t_Slice v_T) : bool = (impl__len #v_T s <: usize) =. mk_usize 0 +/// See [`std::slice::contains`] assume -val impl__contains': #v_T: Type0 -> s: t_Slice v_T -> v: v_T -> bool +val impl__contains': + #v_T: Type0 -> + {| i0: Core_models.Cmp.t_PartialEq v_T v_T |} -> + s: t_Slice v_T -> + v: v_T + -> bool unfold -let impl__contains (#v_T: Type0) = impl__contains' #v_T +let impl__contains + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Cmp.t_PartialEq v_T v_T) + = impl__contains' #v_T #i0 +/// See [`std::slice::copy_within`] assume val impl__copy_within': #v_T: Type0 -> @@ -40,6 +55,7 @@ let impl__copy_within (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Marker.t_Copy v_T) = impl__copy_within' #v_T #v_R #i0 +/// See [`std::slice::binary_search`] assume val impl__binary_search': #v_T: Type0 -> s: t_Slice v_T -> x: v_T -> Core_models.Result.t_Result usize usize @@ -47,6 +63,89 @@ val impl__binary_search': #v_T: Type0 -> s: t_Slice v_T -> x: v_T unfold let impl__binary_search (#v_T: Type0) = impl__binary_search' #v_T +/// See [`std::slice::get`] +let impl__get + (#v_T #v_I: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] + i0: + Core_models.Slice.Index.t_SliceIndex v_I (t_Slice v_T)) + (s: t_Slice v_T) + (index: v_I) + : Core_models.Option.t_Option i0.f_Output = + Core_models.Slice.Index.f_get #v_I #(t_Slice v_T) #FStar.Tactics.Typeclasses.solve index s + +/// See [`std::slice::first`] +let impl__first (#v_T: Type0) (s: t_Slice v_T) : Core_models.Option.t_Option v_T = + if impl__is_empty #v_T s + then Core_models.Option.Option_None <: Core_models.Option.t_Option v_T + else + Core_models.Option.Option_Some (Rust_primitives.Slice.slice_index #v_T s (mk_usize 0)) + <: + Core_models.Option.t_Option v_T + +/// See [`std::slice::last`] +let impl__last (#v_T: Type0) (s: t_Slice v_T) : Core_models.Option.t_Option v_T = + if impl__is_empty #v_T s + then Core_models.Option.Option_None <: Core_models.Option.t_Option v_T + else + Core_models.Option.Option_Some + (Rust_primitives.Slice.slice_index #v_T s ((impl__len #v_T s <: usize) -! mk_usize 1 <: usize)) + <: + Core_models.Option.t_Option v_T + +/// See [`std::slice::reverse`] +assume +val impl__reverse': #v_T: Type0 -> s: t_Slice v_T -> t_Slice v_T + +unfold +let impl__reverse (#v_T: Type0) = impl__reverse' #v_T + +/// See [`std::slice::starts_with`] +assume +val impl__starts_with': + #v_T: Type0 -> + {| i0: Core_models.Cmp.t_PartialEq v_T v_T |} -> + s: t_Slice v_T -> + needle: t_Slice v_T + -> bool + +unfold +let impl__starts_with + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Cmp.t_PartialEq v_T v_T) + = impl__starts_with' #v_T #i0 + +/// See [`std::slice::ends_with`] +assume +val impl__ends_with': + #v_T: Type0 -> + {| i0: Core_models.Cmp.t_PartialEq v_T v_T |} -> + s: t_Slice v_T -> + needle: t_Slice v_T + -> bool + +unfold +let impl__ends_with + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Cmp.t_PartialEq v_T v_T) + = impl__ends_with' #v_T #i0 + +/// See [`std::slice::fill`] +assume +val impl__fill': + #v_T: Type0 -> + {| i0: Core_models.Clone.t_Clone v_T |} -> + s: t_Slice v_T -> + value: v_T + -> t_Slice v_T + +unfold +let impl__fill + (#v_T: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Clone.t_Clone v_T) + = impl__fill' #v_T #i0 + +/// See [`std::slice::copy_from_slice`] let impl__copy_from_slice (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Marker.t_Copy v_T) @@ -54,11 +153,10 @@ let impl__copy_from_slice : Prims.Pure (t_Slice v_T) (requires (impl__len #v_T s <: usize) =. (impl__len #v_T src <: usize)) (fun _ -> Prims.l_True) = - let (tmp0: t_Slice v_T), (out: t_Slice v_T) = Rust_primitives.Mem.replace #(t_Slice v_T) s src in - let s:t_Slice v_T = tmp0 in - let _:t_Slice v_T = out in + let s:t_Slice v_T = Rust_primitives.Slice.slice_clone_from_slice #v_T s src in s +/// See [`std::slice::clone_from_slice`] let impl__clone_from_slice (#v_T: Type0) (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Clone.t_Clone v_T) @@ -66,16 +164,16 @@ let impl__clone_from_slice : Prims.Pure (t_Slice v_T) (requires (impl__len #v_T s <: usize) =. (impl__len #v_T src <: usize)) (fun _ -> Prims.l_True) = - let (tmp0: t_Slice v_T), (out: t_Slice v_T) = Rust_primitives.Mem.replace #(t_Slice v_T) s src in - let s:t_Slice v_T = tmp0 in - let _:t_Slice v_T = out in + let s:t_Slice v_T = Rust_primitives.Slice.slice_clone_from_slice #v_T s src in s +/// See [`std::slice::split_at`] let impl__split_at (#v_T: Type0) (s: t_Slice v_T) (mid: usize) : Prims.Pure (t_Slice v_T & t_Slice v_T) (requires mid <=. (impl__len #v_T s <: usize)) (fun _ -> Prims.l_True) = Rust_primitives.Slice.slice_split_at #v_T s mid +/// See [`std::slice::split_at_checked`] let impl__split_at_checked (#v_T: Type0) (s: t_Slice v_T) (mid: usize) : Core_models.Option.t_Option (t_Slice v_T & t_Slice v_T) = if mid <=. (impl__len #v_T s <: usize) @@ -85,9 +183,30 @@ let impl__split_at_checked (#v_T: Type0) (s: t_Slice v_T) (mid: usize) Core_models.Option.t_Option (t_Slice v_T & t_Slice v_T) else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T & t_Slice v_T) +/// See [`std::slice::swap`] +assume +val impl__swap': #v_T: Type0 -> s: t_Slice v_T -> a: usize -> b: usize + -> Prims.Pure (t_Slice v_T) + (requires a <. (impl__len #v_T s <: usize) && b <. (impl__len #v_T s <: usize)) + (fun _ -> Prims.l_True) + +unfold +let impl__swap (#v_T: Type0) = impl__swap' #v_T + +/// See [`std::slice::windows`] +let impl__windows (#v_T: Type0) (s: t_Slice v_T) (size: usize) + : Prims.Pure (Core_models.Slice.Iter.t_Windows v_T) + (requires size >. mk_usize 0) + (fun _ -> Prims.l_True) = + let _:Prims.unit = + if size =. mk_usize 0 then Core_models.Panicking.Internal.panic #Prims.unit () + in + Core_models.Slice.Iter.impl_5__new #v_T size s + [@@ FStar.Tactics.Typeclasses.tcinstance] let impl_1 (#v_T: Type0) : Core_models.Iter.Traits.Collect.t_IntoIterator (t_Slice v_T) = { + f_Item = v_T; f_IntoIter = Core_models.Slice.Iter.t_Iter v_T; f_into_iter_pre = (fun (self: t_Slice v_T) -> true); f_into_iter_post = (fun (self: t_Slice v_T) (out: Core_models.Slice.Iter.t_Iter v_T) -> true); @@ -95,7 +214,7 @@ let impl_1 (#v_T: Type0) : Core_models.Iter.Traits.Collect.t_IntoIterator (t_Sli } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_7 (#v_T: Type0) +let impl_2 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) (Core_models.Ops.Range.t_Range usize) = { f_Output = t_Slice v_T; @@ -117,7 +236,7 @@ let impl_7 (#v_T: Type0) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_8 (#v_T: Type0) +let impl_3 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) (Core_models.Ops.Range.t_RangeTo usize) = { f_Output = t_Slice v_T; @@ -135,7 +254,7 @@ let impl_8 (#v_T: Type0) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_9 (#v_T: Type0) +let impl_4 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) (Core_models.Ops.Range.t_RangeFrom usize) = { f_Output = t_Slice v_T; @@ -157,7 +276,7 @@ let impl_9 (#v_T: Type0) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_10 (#v_T: Type0) +let impl_5 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) Core_models.Ops.Range.t_RangeFull = { f_Output = t_Slice v_T; @@ -175,149 +294,10 @@ let impl_10 (#v_T: Type0) } [@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_11 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) usize = +let impl_6 (#v_T: Type0) : Core_models.Ops.Index.t_Index (t_Slice v_T) usize = { f_Output = v_T; f_index_pre = (fun (self_: t_Slice v_T) (i: usize) -> i <. (impl__len #v_T self_ <: usize)); f_index_post = (fun (self: t_Slice v_T) (i: usize) (out: v_T) -> true); f_index = fun (self: t_Slice v_T) (i: usize) -> Rust_primitives.Slice.slice_index #v_T self i } - -class t_SliceIndex (v_Self: Type0) (v_T: Type0) = { - [@@@ FStar.Tactics.Typeclasses.no_method]f_Output:Type0; - f_get_pre:self_: v_Self -> slice: v_T -> pred: Type0{true ==> pred}; - f_get_post:v_Self -> v_T -> Core_models.Option.t_Option f_Output -> Type0; - f_get:x0: v_Self -> x1: v_T - -> Prims.Pure (Core_models.Option.t_Option f_Output) - (f_get_pre x0 x1) - (fun result -> f_get_post x0 x1 result) -} - -let impl__get - (#v_T #v_I: Type0) - (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: t_SliceIndex v_I (t_Slice v_T)) - (s: t_Slice v_T) - (index: v_I) - : Core_models.Option.t_Option i0.f_Output = - f_get #v_I #(t_Slice v_T) #FStar.Tactics.Typeclasses.solve index s - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_2 (#v_T: Type0) : t_SliceIndex usize (t_Slice v_T) = - { - f_Output = v_T; - f_get_pre = (fun (self: usize) (slice: t_Slice v_T) -> true); - f_get_post - = - (fun (self: usize) (slice: t_Slice v_T) (out: Core_models.Option.t_Option v_T) -> true); - f_get - = - fun (self: usize) (slice: t_Slice v_T) -> - if self <. (impl__len #v_T slice <: usize) - then - Core_models.Option.Option_Some (Rust_primitives.Slice.slice_index #v_T slice self) - <: - Core_models.Option.t_Option v_T - else Core_models.Option.Option_None <: Core_models.Option.t_Option v_T - } - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_3 (#v_T: Type0) : t_SliceIndex Core_models.Ops.Range.t_RangeFull (t_Slice v_T) = - { - f_Output = t_Slice v_T; - f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> true); - f_get_post - = - (fun - (self: Core_models.Ops.Range.t_RangeFull) - (slice: t_Slice v_T) - (out: Core_models.Option.t_Option (t_Slice v_T)) - -> - true); - f_get - = - fun (self: Core_models.Ops.Range.t_RangeFull) (slice: t_Slice v_T) -> - Core_models.Option.Option_Some slice <: Core_models.Option.t_Option (t_Slice v_T) - } - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_4 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_RangeFrom usize) (t_Slice v_T) = - { - f_Output = t_Slice v_T; - f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> true); - f_get_post - = - (fun - (self: Core_models.Ops.Range.t_RangeFrom usize) - (slice: t_Slice v_T) - (out: Core_models.Option.t_Option (t_Slice v_T)) - -> - true); - f_get - = - fun (self: Core_models.Ops.Range.t_RangeFrom usize) (slice: t_Slice v_T) -> - if self.Core_models.Ops.Range.f_start <. (impl__len #v_T slice <: usize) - then - Core_models.Option.Option_Some - (Rust_primitives.Slice.slice_slice #v_T - slice - self.Core_models.Ops.Range.f_start - (impl__len #v_T slice <: usize)) - <: - Core_models.Option.t_Option (t_Slice v_T) - else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T) - } - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_5 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_RangeTo usize) (t_Slice v_T) = - { - f_Output = t_Slice v_T; - f_get_pre = (fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> true); - f_get_post - = - (fun - (self: Core_models.Ops.Range.t_RangeTo usize) - (slice: t_Slice v_T) - (out: Core_models.Option.t_Option (t_Slice v_T)) - -> - true); - f_get - = - fun (self: Core_models.Ops.Range.t_RangeTo usize) (slice: t_Slice v_T) -> - if self.Core_models.Ops.Range.f_end <=. (impl__len #v_T slice <: usize) - then - Core_models.Option.Option_Some - (Rust_primitives.Slice.slice_slice #v_T slice (mk_usize 0) self.Core_models.Ops.Range.f_end) - <: - Core_models.Option.t_Option (t_Slice v_T) - else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T) - } - -[@@ FStar.Tactics.Typeclasses.tcinstance] -let impl_6 (#v_T: Type0) : t_SliceIndex (Core_models.Ops.Range.t_Range usize) (t_Slice v_T) = - { - f_Output = t_Slice v_T; - f_get_pre = (fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> true); - f_get_post - = - (fun - (self: Core_models.Ops.Range.t_Range usize) - (slice: t_Slice v_T) - (out: Core_models.Option.t_Option (t_Slice v_T)) - -> - true); - f_get - = - fun (self: Core_models.Ops.Range.t_Range usize) (slice: t_Slice v_T) -> - if - self.Core_models.Ops.Range.f_start <. self.Core_models.Ops.Range.f_end && - self.Core_models.Ops.Range.f_end <=. (impl__len #v_T slice <: usize) - then - Core_models.Option.Option_Some - (Rust_primitives.Slice.slice_slice #v_T - slice - self.Core_models.Ops.Range.f_start - self.Core_models.Ops.Range.f_end) - <: - Core_models.Option.t_Option (t_Slice v_T) - else Core_models.Option.Option_None <: Core_models.Option.t_Option (t_Slice v_T) - } diff --git a/hax-lib/proof-libs/fstar/core/Core_models.Str.Error.fsti b/hax-lib/proof-libs/fstar/core/Core_models.Str.Error.fsti index 0e6a0575c..a0a275d98 100644 --- a/hax-lib/proof-libs/fstar/core/Core_models.Str.Error.fsti +++ b/hax-lib/proof-libs/fstar/core/Core_models.Str.Error.fsti @@ -3,4 +3,5 @@ module Core_models.Str.Error open FStar.Mul open Rust_primitives +/// See [`std::str::Utf8Error`] type t_Utf8Error = | Utf8Error : t_Utf8Error diff --git a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Arrays.fsti b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Arrays.fsti index 4bdfa7ebb..421a558fb 100644 --- a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Arrays.fsti +++ b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Arrays.fsti @@ -8,7 +8,7 @@ type t_Slice t = s:Seq.seq t{Seq.length s <= max_usize} type t_Array t (l:usize) = s: Seq.seq t { Seq.length s == v l } /// Length of a slice -let length (#a: Type) (s: t_Slice a): usize = sz (Seq.length s) +let length (#a: Type) (s: t_Slice a): res:usize {res == sz (Seq.length s)} = sz (Seq.length s) /// Check whether a slice contains an item let contains (#t: eqtype) (s: t_Slice t) (x: t): bool = Seq.mem x s diff --git a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Integers.fsti b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Integers.fsti index 9205f0692..1831c4bf5 100644 --- a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Integers.fsti +++ b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Integers.fsti @@ -428,9 +428,6 @@ let ( |. ) #t = logor #t unfold let ( &. ) #t = logand #t -unfold -let ( ~. ) #t = lognot #t - unfold let (/!) #t = div #t @@ -455,6 +452,18 @@ let (>.) #t = gt #t unfold let (>=.) #t = gte #t +class negation_tc self = { + ( ~. ): self -> self; +} + +instance negation_for_integers #t: negation_tc (int_t t) = { + ( ~. ) = fun x -> lognot x +} + +instance negation_for_bool: negation_tc bool = { + ( ~. ) = not +} + type bit = n: nat {n < 2} /// Mathematical `get_bit` definition on `nat`s diff --git a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Notations.fsti b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Notations.fsti index bff0bf2ed..c19f75c6d 100644 --- a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Notations.fsti +++ b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Notations.fsti @@ -1,18 +1,6 @@ module Rust_primitives.Notations open Rust_primitives -class negation_tc self = { - ( ~. ): self -> self; -} - -instance negation_for_integers #t: negation_tc (int_t t) = { - ( ~. ) = fun x -> lognot x -} - -instance negation_for_bool: negation_tc bool = { - ( ~. ) = not -} - open Core_models.Ops.Index let ( .[] ) #self #idx {| inst: t_Index self idx |} diff --git a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Sequence.fst b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Sequence.fst index 1bfdbd39a..d92d544b2 100644 --- a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Sequence.fst +++ b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Sequence.fst @@ -8,22 +8,28 @@ let seq_empty #t () : t_Seq t = FStar.Seq.empty let seq_from_slice #t (s: Rust_primitives.Arrays.t_Slice t) : t_Seq t = s +let seq_from_boxed_slice #t (s: Rust_primitives.Arrays.t_Slice t) : t_Seq t = s + let seq_from_array #t n (s: Rust_primitives.Arrays.t_Array t n) : t_Seq t = s let seq_to_slice #t (s: t_Seq t) : Rust_primitives.Arrays.t_Slice t = s -let seq_len #t (s: t_Seq t): usize = mk_usize (Seq.length s) +let seq_concat #t (s1: t_Seq t) (s2: t_Seq t {(Seq.length s1) + (Seq.length s2) <= max_usize}): t_Seq t & t_Seq t = Seq.append s1 s2, FStar.Seq.empty -let seq_slice #t (s: t_Seq t) (b: usize) (e: usize{e >=. b && e <=. seq_len s}): t_Seq t = Seq.slice s (v b) (v e) +let seq_extend #t (s1: t_Seq t) (s2: t_Seq t {(Seq.length s1) + (Seq.length s2) <= max_usize}): t_Seq t = Seq.append s1 s2 -let seq_index #t (s: t_Seq t) (i: usize{i <. seq_len s}): t = Rust_primitives.Slice.slice_index s i +let seq_push #t (s: t_Seq t {Seq.length s < max_usize}) (x: t): t_Seq t = Seq.append s (Seq.create 1 x) + +let seq_one #t (x: t): t_Seq t = Seq.create 1 x -let seq_last #t (s: t_Seq t{seq_len s >. mk_usize 0}): t = Seq.index s ((Seq.length s) - 1) +let seq_create #t (x: t) (n: usize): t_Seq t = Seq.create (v n) x -let seq_first #t (s: t_Seq t{seq_len s >. mk_usize 0}): t = Seq.index s 0 +let seq_len #t (s: t_Seq t): usize = mk_usize (Seq.length s) -let seq_concat #t (s1: t_Seq t) (s2: t_Seq t {(Seq.length s1) + (Seq.length s2) <= max_usize}): t_Seq t = Seq.append s1 s2 +let seq_drain #t (s: t_Seq t) (b: usize) (e: usize{e >=. b && e <=. seq_len s}): t_Seq t & t_Seq t = + Seq.append (Seq.slice s 0 (v b)) (Seq.slice s (v e) (Seq.length s)), Seq.slice s (v b) (v e) -let seq_one #t (x: t): t_Seq t = Seq.create 1 x +let seq_remove #t (s: t_Seq t) (i: usize{v i >= 0 && i <. seq_len s}): t_Seq t & t = + Seq.append (Seq.slice s 0 (v i)) (Seq.slice s (1 + v i) (Seq.length s)), Rust_primitives.Slice.slice_index s i -let seq_create #t (x: t) (n: usize): t_Seq t = Seq.create (v n) x +let seq_index #t (s: t_Seq t) (i: usize{i <. seq_len s}): t = Rust_primitives.Slice.slice_index s i diff --git a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Slice.fsti b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Slice.fsti index fa8c23744..cd9096aa7 100644 --- a/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Slice.fsti +++ b/hax-lib/proof-libs/fstar/rust_primitives/Rust_primitives.Slice.fsti @@ -11,11 +11,23 @@ let slice_contains (#a: eqtype) (s: t_Slice a) (v: a): bool = Seq.mem v s let slice_index (#t: Type) (s: t_Slice t) (i: usize {i <. length s}): t = Seq.index s (v i) let slice_slice (#v_T: Type0) (s: t_Slice v_T) (start: usize {start <=. length s}) (end_: usize {start <=. end_ /\ end_ <=. length s}): t_Slice v_T = Seq.slice s (v start) (v end_) -val array_map (#t: Type) (#u: Type) (l: usize) (#ft: Type) - (s: t_Array t l) (f: t -> u): res: t_Array u l {forall i. Seq.index res i == f (Seq.index s i)} +let slice_clone_from_slice (#v_T: Type0) (s: t_Slice v_T) (src: t_Slice v_T {slice_length src == slice_length s}): t_Slice v_T = src +val array_map + (#v_T #v_U: Type0) + (v_N: usize) + (#v_F: Type0) + (#[FStar.Tactics.Typeclasses.tcresolve ()] i0: Core_models.Ops.Function.t_Fn v_F v_T) + (#_: unit{i0._super_i0._super_i0.Core_models.Ops.Function.f_Output == v_U}) + (s: t_Array v_T v_N) + (f: v_F) + : res: t_Array v_U v_N {forall i. Seq.index res i == Core_models.Ops.Function.f_call f (Seq.index s i)} let array_as_slice (#t: Type) (l: usize) (s: t_Array t l): t_Slice t = s let array_slice (#t: Type) (l: usize) (s: t_Array t l) = slice_slice s -val array_from_fn (#t: Type) (len: usize) (#ft: Type) (f: (x: usize {x <. len}) -> t): - Pure (t_Array t len) (requires True) (ensures (fun a -> forall i. Seq.index a i == f (sz i))) +val array_from_fn + (#v_T: Type0) + (v_N: usize) + (#v_F: Type0) + (f: (i: usize {i <. v_N}) -> v_T): + Pure (t_Array v_T v_N) (requires True) (ensures (fun a -> forall i. Seq.index a i == f (sz i))) let array_index (#t: Type) (l: usize) (s: t_Array t l) (i: usize {i <. length s}): t = Seq.index s (v i) diff --git a/hax-lib/proof-libs/lean/Hax/core_models/alloc.lean b/hax-lib/proof-libs/lean/Hax/core_models/alloc.lean new file mode 100644 index 000000000..d4e44ef73 --- /dev/null +++ b/hax-lib/proof-libs/lean/Hax/core_models/alloc.lean @@ -0,0 +1,719 @@ + +-- Experimental lean backend for Hax +-- The Hax prelude library can be found in hax/proof-libs/lean +/- import Hax -/ +import Hax.core_models.core_models +import Std.Tactic.Do +import Std.Do.Triple +import Std.Tactic.Do.Syntax +open Std.Do +open Std.Tactic + +set_option mvcgen.warning false +set_option linter.unusedVariables false + + +namespace alloc.alloc + +structure Global where + -- no fields + +end alloc.alloc + + +namespace alloc.borrow + +structure Cow (T : Type) where + _0 : T + +class ToOwned.AssociatedTypes (Self : Type) where + +class ToOwned (Self : Type) + [associatedTypes : outParam (ToOwned.AssociatedTypes (Self : Type))] + where + to_owned (Self) : (Self -> RustM Self) + +@[reducible] instance Impl.AssociatedTypes (T : Type) : + ToOwned.AssociatedTypes T + where + +instance Impl (T : Type) : ToOwned T where + to_owned := fun (self : T) => do (pure self) + +end alloc.borrow + + +namespace alloc.boxed + +structure Box (T : Type) where + _0 : T + +@[spec] +def Impl.new (T : Type) (v : T) : RustM T := do (pure v) + +end alloc.boxed + + +namespace alloc.collections.btree.set + +opaque BTreeSet (T : Type) (U : Type) : Type + +@[spec] +def Impl_11.new (T : Type) (U : Type) (_ : rust_primitives.hax.Tuple0) : + RustM (BTreeSet T U) := do + (pure (BTreeSet.mk core.option.Option.None core.option.Option.None)) + +end alloc.collections.btree.set + + +namespace alloc.collections.vec_deque + +structure VecDeque (T : Type) (A : Type) where + _0 : (rust_primitives.sequence.Seq T) + _1 : (core.marker.PhantomData A) + +opaque Impl_5.push_back (T : Type) (A : Type) (self : (VecDeque T A)) (x : T) : + RustM (VecDeque T A) + +@[spec] +def Impl_5.len (T : Type) (A : Type) (self : (VecDeque T A)) : RustM usize := do + (rust_primitives.sequence.seq_len T (VecDeque._0 self)) + +@[spec] +def Impl_5.pop_front (T : Type) (A : Type) (self : (VecDeque T A)) : + RustM + (rust_primitives.hax.Tuple2 (VecDeque T A) (core.option.Option T)) + := do + let hax_temp_output : (core.option.Option T) ← + if (← ((← (Impl_5.len T A self)) ==? (0 : usize))) then do + (pure core.option.Option.None) + else do + (pure (core.option.Option.Some + (← (rust_primitives.sequence.seq_last T (VecDeque._0 self))))); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + +@[reducible] instance Impl_6.AssociatedTypes (T : Type) (A : Type) : + core.ops.index.Index.AssociatedTypes (VecDeque T A) usize + where + Output := T + +instance Impl_6 (T : Type) (A : Type) : + core.ops.index.Index (VecDeque T A) usize + where + index := fun (self : (VecDeque T A)) (i : usize) => do + (rust_primitives.sequence.seq_index T (VecDeque._0 self) i) + +end alloc.collections.vec_deque + + +namespace alloc.string + +structure String where + _0 : String + +end alloc.string + + +namespace alloc.fmt + +opaque format (args : core.fmt.Arguments) : RustM alloc.string.String + +end alloc.fmt + + +namespace alloc.string + +@[spec] +def Impl.new (_ : rust_primitives.hax.Tuple0) : RustM String := do + (pure (String.mk "")) + +@[spec] +def Impl.push_str (self : String) (other : String) : RustM String := do + let self : String := + (String.mk (← (rust_primitives.string.str_concat (String._0 self) other))); + (pure self) + +@[spec] +def Impl.push (self : String) (c : Char) : RustM String := do + let self : String := + (String.mk + (← (rust_primitives.string.str_concat + (String._0 self) + (← (rust_primitives.string.str_of_char c))))); + (pure self) + +@[spec] +def Impl.pop (self : String) : + RustM (rust_primitives.hax.Tuple2 String (core.option.Option Char)) := do + let l : usize ← (core.str.Impl.len (String._0 self)); + let ⟨self, hax_temp_output⟩ ← + if (← (l >? (0 : usize))) then do + let self : String := + (String.mk + (← (rust_primitives.string.str_sub + (String._0 self) + (0 : usize) + (← (l -? (1 : usize)))))); + (pure (rust_primitives.hax.Tuple2.mk + self + (core.option.Option.Some + (← (rust_primitives.string.str_index + (String._0 self) + (← (l -? (1 : usize)))))))) + else do + (pure (rust_primitives.hax.Tuple2.mk self core.option.Option.None)); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + +end alloc.string + + +namespace alloc.vec + +structure Vec (T : Type) (A : Type) where + _0 : (rust_primitives.sequence.Seq T) + _1 : (core.marker.PhantomData A) + +end alloc.vec + + +namespace alloc.collections.binary_heap + +structure BinaryHeap (T : Type) (A : Type) where + _0 : (alloc.vec.Vec T A) + +@[spec] +def Impl_10.new + (T : Type) + (A : Type) + [trait_constr_new_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_new_i0 : core.cmp.Ord T ] + (_ : rust_primitives.hax.Tuple0) : + RustM (BinaryHeap T A) := do + (pure (BinaryHeap.mk + (alloc.vec.Vec.mk + (← (rust_primitives.sequence.seq_empty T rust_primitives.hax.Tuple0.mk)) + core.marker.PhantomData.mk))) + +end alloc.collections.binary_heap + + +namespace alloc.slice + +@[spec] +def Impl.to_vec (T : Type) (s : (RustSlice T)) : + RustM (alloc.vec.Vec T alloc.alloc.Global) := do + (pure (alloc.vec.Vec.mk + (← (rust_primitives.sequence.seq_from_slice T s)) + core.marker.PhantomData.mk)) + +@[spec] +def Impl.into_vec (T : Type) (A : Type) (s : (RustSlice T)) : + RustM (alloc.vec.Vec T A) := do + (pure (alloc.vec.Vec.mk + (← (rust_primitives.sequence.seq_from_slice T s)) + core.marker.PhantomData.mk)) + +end alloc.slice + + +namespace alloc.vec + +@[spec] +def from_elem + (T : Type) + [trait_constr_from_elem_associated_type_i0 : + core.clone.Clone.AssociatedTypes + T] + [trait_constr_from_elem_i0 : core.clone.Clone T ] + (item : T) + (len : usize) : + RustM (Vec T alloc.alloc.Global) := do + (pure (Vec.mk + (← (rust_primitives.sequence.seq_create T item len)) + core.marker.PhantomData.mk)) + +@[spec] +def Impl.new (T : Type) (_ : rust_primitives.hax.Tuple0) : + RustM (Vec T alloc.alloc.Global) := do + (pure (Vec.mk + (← (rust_primitives.sequence.seq_empty T rust_primitives.hax.Tuple0.mk)) + core.marker.PhantomData.mk)) + +@[spec] +def Impl.with_capacity (T : Type) (_c : usize) : + RustM (Vec T alloc.alloc.Global) := do + (Impl.new T rust_primitives.hax.Tuple0.mk) + +@[spec] +def Impl_1.len (T : Type) (A : Type) (self : (Vec T A)) : RustM usize := do + (rust_primitives.sequence.seq_len T (Vec._0 self)) + +end alloc.vec + + +namespace alloc.collections.binary_heap + +@[spec] +def Impl_11.len + (T : Type) + (A : Type) + [trait_constr_len_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_len_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) : + RustM usize := do + (alloc.vec.Impl_1.len T A (BinaryHeap._0 self)) + +end alloc.collections.binary_heap + + +namespace alloc.vec + +@[spec] +def Impl_1.pop (T : Type) (A : Type) (self : (Vec T A)) : + RustM (rust_primitives.hax.Tuple2 (Vec T A) (core.option.Option T)) := do + let ⟨self, hax_temp_output⟩ ← + if + (← ((← (rust_primitives.sequence.seq_len T (Vec._0 self))) >? (0 : usize))) + then do + let last : T ← (rust_primitives.sequence.seq_last T (Vec._0 self)); + let self : (Vec T A) := + {self + with _0 := (← (rust_primitives.sequence.seq_slice T + (Vec._0 self) + (0 : usize) + (← ((← (rust_primitives.sequence.seq_len T (Vec._0 self))) + -? (1 : usize)))))}; + (pure (rust_primitives.hax.Tuple2.mk self (core.option.Option.Some last))) + else do + (pure (rust_primitives.hax.Tuple2.mk self core.option.Option.None)); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + +@[spec] +def Impl_1.is_empty (T : Type) (A : Type) (self : (Vec T A)) : RustM Bool := do + ((← (rust_primitives.sequence.seq_len T (Vec._0 self))) ==? (0 : usize)) + +@[spec] +def Impl_1.as_slice (T : Type) (A : Type) (self : (Vec T A)) : + RustM (RustSlice T) := do + (rust_primitives.sequence.seq_to_slice T (Vec._0 self)) + +opaque Impl_1.truncate (T : Type) (A : Type) (self : (Vec T A)) (n : usize) : + RustM (Vec T A) + +opaque Impl_1.swap_remove (T : Type) (A : Type) (self : (Vec T A)) (n : usize) : + RustM (rust_primitives.hax.Tuple2 (Vec T A) T) + +opaque Impl_1.remove (T : Type) (A : Type) (self : (Vec T A)) (index : usize) : + RustM (rust_primitives.hax.Tuple2 (Vec T A) T) + +opaque Impl_1.clear (T : Type) (A : Type) (self : (Vec T A)) : RustM (Vec T A) + +def Impl_1.push (T : Type) (A : Type) (self : (Vec T A)) (x : T) : + RustM (Vec T A) := do + let self : (Vec T A) := + {self + with _0 := (← (rust_primitives.sequence.seq_concat T + (Vec._0 self) + (← (rust_primitives.sequence.seq_one T x))))}; + (pure self) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def Impl_1.push.spec (T : Type) (A : Type) (self : (Vec T A)) (x : T) : + Spec + (requires := do + ((← (rust_primitives.sequence.seq_len T (Vec._0 self))) + pure True) + (Impl_1.push (T : Type) (A : Type) (self : (Vec T A)) (x : T)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_1.push] <;> bv_decide +} + +end alloc.vec + + +namespace alloc.collections.binary_heap + +def Impl_10.push + (T : Type) + (A : Type) + [trait_constr_push_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_push_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) + (v : T) : + RustM (BinaryHeap T A) := do + let self : (BinaryHeap T A) := + {self with _0 := (← (alloc.vec.Impl_1.push T A (BinaryHeap._0 self) v))}; + (pure self) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_10.push.spec + (T : Type) + (A : Type) + [trait_constr_push_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_push_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) + (v : T) : + Spec + (requires := do ((← (Impl_11.len T A self)) pure True) + (Impl_10.push (T : Type) (A : Type) (self : (BinaryHeap T A)) (v : T)) := +{ + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_10.push] <;> bv_decide +} + +end alloc.collections.binary_heap + + +namespace alloc.vec + +def Impl_1.insert (T : Type) (A : Type) + (self : (Vec T A)) + (index : usize) + (element : T) : + RustM (Vec T A) := do + let left : (rust_primitives.sequence.Seq T) ← + (rust_primitives.sequence.seq_slice T (Vec._0 self) (0 : usize) index); + let right : (rust_primitives.sequence.Seq T) ← + (rust_primitives.sequence.seq_slice T + (Vec._0 self) + index + (← (rust_primitives.sequence.seq_len T (Vec._0 self)))); + let left : (rust_primitives.sequence.Seq T) ← + (rust_primitives.sequence.seq_concat T + left + (← (rust_primitives.sequence.seq_one T element))); + let left : (rust_primitives.sequence.Seq T) ← + (rust_primitives.sequence.seq_concat T left right); + let self : (Vec T A) := {self with _0 := left}; + (pure self) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_1.insert.spec (T : Type) (A : Type) + (self : (Vec T A)) + (index : usize) + (element : T) : + Spec + (requires := do + ((← (index <=? (← (rust_primitives.sequence.seq_len T (Vec._0 self))))) + &&? (← ((← (rust_primitives.sequence.seq_len T (Vec._0 self))) + pure True) + (Impl_1.insert + (T : Type) + (A : Type) + (self : (Vec T A)) + (index : usize) + (element : T)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_1.insert] <;> bv_decide +} + +opaque Impl_1.resize (T : Type) (A : Type) + (self : (Vec T A)) + (new_size : usize) + (value : T) : + RustM (Vec T A) + +def Impl_1.append (T : Type) (A : Type) (self : (Vec T A)) (other : (Vec T A)) : + RustM (rust_primitives.hax.Tuple2 (Vec T A) (Vec T A)) := do + let self : (Vec T A) := + {self + with _0 := (← (rust_primitives.sequence.seq_concat T + (Vec._0 self) + (Vec._0 other)))}; + let other : (Vec T A) := + {other + with _0 := (← (rust_primitives.sequence.seq_empty T + rust_primitives.hax.Tuple0.mk))}; + (pure (rust_primitives.hax.Tuple2.mk self other)) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_1.append.spec (T : Type) (A : Type) + (self : (Vec T A)) + (other : (Vec T A)) : + Spec + (requires := do + (rust_primitives.hax.int.le + (← (rust_primitives.hax.int.add + (← (rust_primitives.hax.int.from_machine (← (Impl_1.len T A self)))) + (← (rust_primitives.hax.int.from_machine + (← (Impl_1.len T A other)))))) + (← (rust_primitives.hax.int.from_machine core.num.Impl_11.MAX)))) + (ensures := fun _ => pure True) + (Impl_1.append + (T : Type) + (A : Type) + (self : (Vec T A)) + (other : (Vec T A))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_1.append] <;> bv_decide +} + +end alloc.vec + + +namespace alloc.vec.drain + +structure Drain (T : Type) (A : Type) where + _0 : (rust_primitives.sequence.Seq T) + _1 : (core.marker.PhantomData A) + +end alloc.vec.drain + + +namespace alloc.vec + +opaque Impl_1.drain (T : Type) (A : Type) (R : Type) + (self : (Vec T A)) + (_range : R) : + RustM (rust_primitives.hax.Tuple2 (Vec T A) (alloc.vec.drain.Drain T A)) + +end alloc.vec + + +namespace alloc.vec.drain + +@[reducible] instance Impl.AssociatedTypes (T : Type) (A : Type) : + core.iter.traits.iterator.Iterator.AssociatedTypes (Drain T A) + where + Item := T + +instance Impl (T : Type) (A : Type) : + core.iter.traits.iterator.Iterator (Drain T A) + where + next := fun (self : (Drain T A)) => do + let ⟨self, hax_temp_output⟩ ← + if + (← ((← (rust_primitives.sequence.seq_len T (Drain._0 self))) + ==? (0 : usize))) then do + (pure (rust_primitives.hax.Tuple2.mk self core.option.Option.None)) + else do + let res : T ← (rust_primitives.sequence.seq_first T (Drain._0 self)); + let self : (Drain T A) := + {self + with _0 := (← (rust_primitives.sequence.seq_slice T + (Drain._0 self) + (1 : usize) + (← (rust_primitives.sequence.seq_len T (Drain._0 self)))))}; + (pure (rust_primitives.hax.Tuple2.mk + self + (core.option.Option.Some res))); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + +end alloc.vec.drain + + +namespace alloc.vec + +def Impl_2.extend_from_slice (T : Type) (A : Type) + (s : (Vec T A)) + (other : (RustSlice T)) : + RustM (Vec T A) := do + let s : (Vec T A) := + {s + with _0 := (← (rust_primitives.sequence.seq_concat T + (Vec._0 s) + (← (rust_primitives.sequence.seq_from_slice T other))))}; + (pure s) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_2.extend_from_slice.spec (T : Type) (A : Type) + (s : (Vec T A)) + (other : (RustSlice T)) : + Spec + (requires := do + (rust_primitives.hax.int.le + (← (rust_primitives.hax.int.add + (← (rust_primitives.hax.int.from_machine + (← (rust_primitives.sequence.seq_len T (Vec._0 s))))) + (← (rust_primitives.hax.int.from_machine + (← (core.slice.Impl.len T other)))))) + (← (rust_primitives.hax.int.from_machine core.num.Impl_11.MAX)))) + (ensures := fun _ => pure True) + (Impl_2.extend_from_slice + (T : Type) + (A : Type) + (s : (Vec T A)) + (other : (RustSlice T))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_2.extend_from_slice] <;> bv_decide +} + +@[reducible] instance Impl_3.AssociatedTypes (T : Type) (A : Type) : + core.ops.index.Index.AssociatedTypes (Vec T A) usize + where + Output := T + +instance Impl_3 (T : Type) (A : Type) : + core.ops.index.Index (Vec T A) usize + where + index := fun (self : (Vec T A)) (i : usize) => do + (rust_primitives.sequence.seq_index T (Vec._0 self) i) + +end alloc.vec + + +namespace alloc.collections.binary_heap + +def Impl_10.pop + (T : Type) + (A : Type) + [trait_constr_pop_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_pop_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) : + RustM + (rust_primitives.hax.Tuple2 (BinaryHeap T A) (core.option.Option T)) + := do + let max : (core.option.Option T) := core.option.Option.None; + let index : usize := (0 : usize); + let ⟨index, max⟩ ← + (rust_primitives.hax.folds.fold_range + (0 : usize) + (← (Impl_11.len T A self)) + (fun ⟨index, max⟩ i => + (do + ((← (i >? (0 : usize))) ==? (← (core.option.Impl.is_some T max))) : + RustM Bool)) + (rust_primitives.hax.Tuple2.mk index max) + (fun ⟨index, max⟩ i => + (do + if + (← (core.option.Impl.is_none_or T (T -> RustM Bool) + max + (fun max => + (do + (core.cmp.PartialOrd.gt T T (← (BinaryHeap._0 self)[i]_?) max) : + RustM Bool)))) then do + let max : (core.option.Option T) := + (core.option.Option.Some (← (BinaryHeap._0 self)[i]_?)); + let index : usize := i; + (pure (rust_primitives.hax.Tuple2.mk index max)) + else do + (pure (rust_primitives.hax.Tuple2.mk index max)) : + RustM (rust_primitives.hax.Tuple2 usize (core.option.Option T))))); + let ⟨self, hax_temp_output⟩ ← + if (← (core.option.Impl.is_some T max)) then do + let ⟨tmp0, out⟩ ← + (alloc.vec.Impl_1.remove T A (BinaryHeap._0 self) index); + let self : (BinaryHeap T A) := {self with _0 := tmp0}; + (pure (rust_primitives.hax.Tuple2.mk self (core.option.Option.Some out))) + else do + (pure (rust_primitives.hax.Tuple2.mk self core.option.Option.None)); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_10.pop.spec + (T : Type) + (A : Type) + [trait_constr_pop_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_pop_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) : + Spec + (requires := do pure True) + (ensures := fun + ⟨self__future, res⟩ => do + ((← ((← (Impl_11.len T A self)) >? (0 : usize))) + ==? (← (core.option.Impl.is_some T res)))) + (Impl_10.pop (T : Type) (A : Type) (self : (BinaryHeap T A))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_10.pop] <;> bv_decide +} + +def Impl_11.peek + (T : Type) + (A : Type) + [trait_constr_peek_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_peek_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) : + RustM (core.option.Option T) := do + let max : (core.option.Option T) := core.option.Option.None; + let max : (core.option.Option T) ← + (rust_primitives.hax.folds.fold_range + (0 : usize) + (← (Impl_11.len T A self)) + (fun max i => + (do + ((← (i >? (0 : usize))) ==? (← (core.option.Impl.is_some T max))) : + RustM Bool)) + max + (fun max i => + (do + if + (← (core.option.Impl.is_none_or T (T -> RustM Bool) + max + (fun max => + (do + (core.cmp.PartialOrd.gt T T (← (BinaryHeap._0 self)[i]_?) max) : + RustM Bool)))) then do + let max : (core.option.Option T) := + (core.option.Option.Some (← (BinaryHeap._0 self)[i]_?)); + (pure max) + else do + (pure max) : + RustM (core.option.Option T)))); + (pure max) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl_11.peek.spec + (T : Type) + (A : Type) + [trait_constr_peek_associated_type_i0 : core.cmp.Ord.AssociatedTypes T] + [trait_constr_peek_i0 : core.cmp.Ord T ] + (self : (BinaryHeap T A)) : + Spec + (requires := do pure True) + (ensures := fun + res => do + ((← ((← (Impl_11.len T A self)) >? (0 : usize))) + ==? (← (core.option.Impl.is_some T res)))) + (Impl_11.peek (T : Type) (A : Type) (self : (BinaryHeap T A))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl_11.peek] <;> bv_decide +} + +end alloc.collections.binary_heap + + +namespace alloc.vec + +@[reducible] instance Impl_4.AssociatedTypes (T : Type) (A : Type) : + core.ops.deref.Deref.AssociatedTypes (Vec T A) + where + Target := (RustSlice T) + +instance Impl_4 (T : Type) (A : Type) : core.ops.deref.Deref (Vec T A) where + deref := fun (self : (Vec T A)) => do (Impl_1.as_slice T A self) + +@[instance] opaque Impl_5.AssociatedTypes (T : Type) : + core.iter.traits.collect.FromIterator.AssociatedTypes + (Vec T alloc.alloc.Global) + T := + by constructor <;> exact Inhabited.default + +@[instance] opaque Impl_5 (T : Type) : + core.iter.traits.collect.FromIterator (Vec T alloc.alloc.Global) T := + by constructor <;> exact Inhabited.default + +end alloc.vec diff --git a/hax-lib/proof-libs/lean/Hax/core_models/core_models.lean b/hax-lib/proof-libs/lean/Hax/core_models/core_models.lean index 98f089c51..be6d29e39 100644 --- a/hax-lib/proof-libs/lean/Hax/core_models/core_models.lean +++ b/hax-lib/proof-libs/lean/Hax/core_models/core_models.lean @@ -13,29 +13,9 @@ set_option mvcgen.warning false set_option linter.unusedVariables false -namespace core_models.array - -structure TryFromSliceError where - -- no fields - -@[spec] -def Impl_23.as_slice (T : Type) (N : usize) (s : (RustArray T N)) : - RustM (RustSlice T) := do - (rust_primitives.slice.array_as_slice T (N) s) - -end core_models.array - - -namespace core_models.array.iter - -structure IntoIter (T : Type) (N : usize) where - _0 : (rust_primitives.sequence.Seq T) - -end core_models.array.iter - - namespace core_models.borrow +-- See [`std::borrow::Borrow`] class Borrow.AssociatedTypes (Self : Type) (Borrowed : Type) where class Borrow (Self : Type) (Borrowed : Type) @@ -49,6 +29,7 @@ end core_models.borrow namespace core_models.clone +-- See [`std::clone::Clone`] class Clone.AssociatedTypes (Self : Type) where class Clone (Self : Type) @@ -68,6 +49,7 @@ end core_models.clone namespace core_models.cmp +-- See [`std::cmp::PartialEq`] class PartialEq.AssociatedTypes (Self : Type) (Rhs : Type) where class PartialEq (Self : Type) (Rhs : Type) @@ -76,6 +58,7 @@ class PartialEq (Self : Type) (Rhs : Type) where eq (Self) (Rhs) : (Self -> Rhs -> RustM Bool) +-- See [`std::cmp::Eq`] class Eq.AssociatedTypes (Self : Type) where [trait_constr_Eq_i0 : PartialEq.AssociatedTypes Self Self] @@ -88,10 +71,14 @@ class Eq (Self : Type) attribute [instance_reducible, instance] Eq.trait_constr_Eq_i0 +-- See [`std::cmp::Ordering`] inductive Ordering : Type -| Less : Ordering -| Equal : Ordering -| Greater : Ordering +| -- See [`std::cmp::Ordering::Less`] + Less : Ordering +| -- See [`std::cmp::Ordering::Equal`] + Equal : Ordering +| -- See [`std::cmp::Ordering::Greater`] + Greater : Ordering def Ordering.Less.AnonConst : isize := (-1 : isize) @@ -128,6 +115,7 @@ instance Impl where neq := fun (self : T) (y : T) => do ((← (PartialEq.eq T T self y)) ==? false) +-- See [`std::cmp::Reverse`] structure Reverse (T : Type) where _0 : T @@ -161,143 +149,89 @@ instance Impl_4 Eq (Reverse T) where -@[reducible] instance Impl_6.AssociatedTypes : - PartialEq.AssociatedTypes u8 u8 - where - -instance Impl_6 : PartialEq u8 u8 where - eq := fun (self : u8) (other : u8) => do (self ==? other) - -@[reducible] instance Impl_7.AssociatedTypes : Eq.AssociatedTypes u8 where - -instance Impl_7 : Eq u8 where - -@[reducible] instance Impl_8.AssociatedTypes : - PartialEq.AssociatedTypes i8 i8 - where - -instance Impl_8 : PartialEq i8 i8 where - eq := fun (self : i8) (other : i8) => do (self ==? other) - -@[reducible] instance Impl_9.AssociatedTypes : Eq.AssociatedTypes i8 where - -instance Impl_9 : Eq i8 where - -@[reducible] instance Impl_10.AssociatedTypes : - PartialEq.AssociatedTypes u16 u16 - where - -instance Impl_10 : PartialEq u16 u16 where - eq := fun (self : u16) (other : u16) => do (self ==? other) - -@[reducible] instance Impl_11.AssociatedTypes : Eq.AssociatedTypes u16 where - -instance Impl_11 : Eq u16 where - -@[reducible] instance Impl_12.AssociatedTypes : - PartialEq.AssociatedTypes i16 i16 - where - -instance Impl_12 : PartialEq i16 i16 where - eq := fun (self : i16) (other : i16) => do (self ==? other) - -@[reducible] instance Impl_13.AssociatedTypes : Eq.AssociatedTypes i16 where - -instance Impl_13 : Eq i16 where - -@[reducible] instance Impl_14.AssociatedTypes : - PartialEq.AssociatedTypes u32 u32 - where - -instance Impl_14 : PartialEq u32 u32 where - eq := fun (self : u32) (other : u32) => do (self ==? other) - -@[reducible] instance Impl_15.AssociatedTypes : Eq.AssociatedTypes u32 where - -instance Impl_15 : Eq u32 where - -@[reducible] instance Impl_16.AssociatedTypes : - PartialEq.AssociatedTypes i32 i32 - where - -instance Impl_16 : PartialEq i32 i32 where - eq := fun (self : i32) (other : i32) => do (self ==? other) - -@[reducible] instance Impl_17.AssociatedTypes : Eq.AssociatedTypes i32 where - -instance Impl_17 : Eq i32 where - -@[reducible] instance Impl_18.AssociatedTypes : - PartialEq.AssociatedTypes u64 u64 - where - -instance Impl_18 : PartialEq u64 u64 where - eq := fun (self : u64) (other : u64) => do (self ==? other) - -@[reducible] instance Impl_19.AssociatedTypes : Eq.AssociatedTypes u64 where - -instance Impl_19 : Eq u64 where - -@[reducible] instance Impl_20.AssociatedTypes : - PartialEq.AssociatedTypes i64 i64 - where - -instance Impl_20 : PartialEq i64 i64 where - eq := fun (self : i64) (other : i64) => do (self ==? other) - -@[reducible] instance Impl_21.AssociatedTypes : Eq.AssociatedTypes i64 where - -instance Impl_21 : Eq i64 where - -@[reducible] instance Impl_22.AssociatedTypes : - PartialEq.AssociatedTypes u128 u128 - where - -instance Impl_22 : PartialEq u128 u128 where - eq := fun (self : u128) (other : u128) => do (self ==? other) - -@[reducible] instance Impl_23.AssociatedTypes : Eq.AssociatedTypes u128 where - -instance Impl_23 : Eq u128 where - -@[reducible] instance Impl_24.AssociatedTypes : - PartialEq.AssociatedTypes i128 i128 - where - -instance Impl_24 : PartialEq i128 i128 where - eq := fun (self : i128) (other : i128) => do (self ==? other) - -@[reducible] instance Impl_25.AssociatedTypes : Eq.AssociatedTypes i128 where - -instance Impl_25 : Eq i128 where +-- See [`std::cmp::Ordering::is_eq`] +@[spec] +def Impl_54.is_eq (self : Ordering) : RustM Bool := do + match self with | (Ordering.Equal ) => do (pure true) | _ => do (pure false) -@[reducible] instance Impl_26.AssociatedTypes : - PartialEq.AssociatedTypes usize usize - where +-- See [`std::cmp::Ordering::is_ne`] +@[spec] +def Impl_54.is_ne (self : Ordering) : RustM Bool := do + match self with + | (Ordering.Less ) | (Ordering.Greater ) => do (pure true) + | _ => do (pure false) -instance Impl_26 : PartialEq usize usize where - eq := fun (self : usize) (other : usize) => do (self ==? other) +-- See [`std::cmp::Ordering::is_lt`] +@[spec] +def Impl_54.is_lt (self : Ordering) : RustM Bool := do + match self with | (Ordering.Less ) => do (pure true) | _ => do (pure false) -@[reducible] instance Impl_27.AssociatedTypes : Eq.AssociatedTypes usize where +-- See [`std::cmp::Ordering::is_gt`] +@[spec] +def Impl_54.is_gt (self : Ordering) : RustM Bool := do + match self with | (Ordering.Greater ) => do (pure true) | _ => do (pure false) -instance Impl_27 : Eq usize where +-- See [`std::cmp::Ordering::is_le`] +@[spec] +def Impl_54.is_le (self : Ordering) : RustM Bool := do + match self with + | (Ordering.Less ) | (Ordering.Equal ) => do (pure true) + | _ => do (pure false) -@[reducible] instance Impl_28.AssociatedTypes : - PartialEq.AssociatedTypes isize isize - where +-- See [`std::cmp::Ordering::is_ge`] +@[spec] +def Impl_54.is_ge (self : Ordering) : RustM Bool := do + match self with + | (Ordering.Greater ) | (Ordering.Equal ) => do (pure true) + | _ => do (pure false) -instance Impl_28 : PartialEq isize isize where - eq := fun (self : isize) (other : isize) => do (self ==? other) +-- See [`std::cmp::Ordering::reverse`] +@[spec] +def Impl_54.reverse (self : Ordering) : RustM Ordering := do + match self with + | (Ordering.Less ) => do (pure Ordering.Greater) + | (Ordering.Equal ) => do (pure Ordering.Equal) + | (Ordering.Greater ) => do (pure Ordering.Less) -@[reducible] instance Impl_29.AssociatedTypes : Eq.AssociatedTypes isize where +-- See [`std::cmp::Ordering::then`] +@[spec] +def Impl_54.then (self : Ordering) (other : Ordering) : RustM Ordering := do + match self with | (Ordering.Equal ) => do (pure other) | _ => do (pure self) -instance Impl_29 : Eq isize where +-- See [`std::cmp::Ordering::then_with`] +@[spec] +def Impl_54.then_with + (F : Type) + [trait_constr_then_with_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0] + [trait_constr_then_with_i0 : core.ops.function.FnOnce + F + rust_primitives.hax.Tuple0 + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0 + by infer_instance + with Output := Ordering})] + (self : Ordering) + (f : F) : + RustM Ordering := do + match self with + | (Ordering.Equal ) => do + (core.ops.function.FnOnce.call_once + F + rust_primitives.hax.Tuple0 f rust_primitives.hax.Tuple0.mk) + | _ => do (pure self) end core_models.cmp namespace core_models.convert +-- See [`std::convert::Into`] class Into.AssociatedTypes (Self : Type) (T : Type) where class Into (Self : Type) (T : Type) @@ -305,6 +239,7 @@ class Into (Self : Type) (T : Type) where into (Self) (T) : (Self -> RustM T) +-- See [`std::convert::From`] class From.AssociatedTypes (Self : Type) (T : Type) where class From (Self : Type) (T : Type) @@ -329,6 +264,7 @@ instance Impl where into := fun (self : T) => do (From._from U T self) +-- See [`std::convert::Infallible`] structure Infallible where -- no fields @@ -339,6 +275,7 @@ structure Infallible where instance Impl_3 (T : Type) : From T T where _from := fun (x : T) => do (pure x) +-- See [`std::convert::AsRef`] class AsRef.AssociatedTypes (Self : Type) (T : Type) where class AsRef (Self : Type) (T : Type) @@ -358,6 +295,7 @@ end core_models.convert namespace core_models.default +-- See [`std::default::Default`] class Default.AssociatedTypes (Self : Type) where class Default (Self : Type) @@ -370,6 +308,7 @@ end core_models.default namespace core_models.f32 +-- See [`std::primitive::f32::abs`] opaque Impl.abs (x : f64) : RustM f64 end core_models.f32 @@ -377,12 +316,15 @@ end core_models.f32 namespace core_models.fmt +-- See [`std::fmt::Error`] structure Error where -- no fields +-- See [`std::fmt::Formatter`] structure Formatter where -- no fields +-- See [`std::fmt::Arguments`] structure Arguments where _0 : rust_primitives.hax.Tuple0 @@ -444,12 +386,14 @@ end core_models.fmt.rt namespace core_models.hash +-- See [`std::hash::Hasher`] class Hasher.AssociatedTypes (Self : Type) where class Hasher (Self : Type) [associatedTypes : outParam (Hasher.AssociatedTypes (Self : Type))] where +-- See [`std::hash::Hash`] class Hash.AssociatedTypes (Self : Type) where class Hash (Self : Type) @@ -466,6 +410,7 @@ end core_models.hash namespace core_models.hint +-- See [`std::hint::black_box`] def black_box (T : Type) (dummy : T) : RustM T := do (pure dummy) set_option hax_mvcgen.specset "bv" in @@ -480,6 +425,7 @@ def black_box.spec (T : Type) (dummy : T) : contract := by hax_mvcgen [black_box] <;> bv_decide } +-- See [`std::hint::must_use`] def must_use (T : Type) (value : T) : RustM T := do (pure value) set_option hax_mvcgen.specset "bv" in @@ -499,6 +445,7 @@ end core_models.hint namespace core_models.iter.adapters.enumerate +-- See [`std::iter::Enumerate`] structure Enumerate (I : Type) where iter : I count : usize @@ -512,6 +459,7 @@ end core_models.iter.adapters.enumerate namespace core_models.iter.adapters.step_by +-- See [`std::iter::StepBy`] structure StepBy (I : Type) where iter : I step : usize @@ -520,24 +468,30 @@ structure StepBy (I : Type) where def Impl.new (I : Type) (iter : I) (step : usize) : RustM (StepBy I) := do (pure (StepBy.mk (iter := iter) (step := step))) -end core_models.iter.adapters.step_by - - -namespace core_models.iter.adapters.map - -structure Map (I : Type) (F : Type) where - iter : I - f : F +@[instance] opaque Impl_1.AssociatedTypes + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (StepBy I) := + by constructor <;> exact Inhabited.default -@[spec] -def Impl.new (I : Type) (F : Type) (iter : I) (f : F) : RustM (Map I F) := do - (pure (Map.mk (iter := iter) (f := f))) +@[instance] opaque Impl_1 + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator (StepBy I) := + by constructor <;> exact Inhabited.default -end core_models.iter.adapters.map +end core_models.iter.adapters.step_by namespace core_models.iter.adapters.take +-- See [`std::iter::Take`] structure Take (I : Type) where iter : I n : usize @@ -551,15 +505,94 @@ end core_models.iter.adapters.take namespace core_models.iter.adapters.zip +-- See [`std::iter::Zip`] structure Zip (I1 : Type) (I2 : Type) where it1 : I1 it2 : I2 +@[spec] +def Impl.new + (I1 : Type) + (I2 : Type) + [trait_constr_new_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I1] + [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator I1 ] + [trait_constr_new_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I2] + [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator I2 ] + (it1 : I1) + (it2 : I2) : + RustM (Zip I1 I2) := do + (pure (Zip.mk (it1 := it1) (it2 := it2))) + +@[instance] opaque Impl_1.AssociatedTypes + (I1 : Type) + (I2 : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I1] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I1 ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I2] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator I2 ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Zip I1 I2) := + by constructor <;> exact Inhabited.default + +@[instance] opaque Impl_1 + (I1 : Type) + (I2 : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I1] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I1 ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I2] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator I2 ] : + core_models.iter.traits.iterator.Iterator (Zip I1 I2) := + by constructor <;> exact Inhabited.default + end core_models.iter.adapters.zip +namespace core_models.iter.adapters.skip + +-- See [`std::iter::Skip`] +structure Skip (I : Type) where + iter : I + n : usize + +@[spec] +def Impl.new (I : Type) (iter : I) (n : usize) : RustM (Skip I) := do + (pure (Skip.mk (iter := iter) (n := n))) + +@[instance] opaque Impl_1.AssociatedTypes + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Skip I) := + by constructor <;> exact Inhabited.default + +@[instance] opaque Impl_1 + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator (Skip I) := + by constructor <;> exact Inhabited.default + +end core_models.iter.adapters.skip + + namespace core_models.marker +-- See [`std::marker::Copy`] class Copy.AssociatedTypes (Self : Type) where [trait_constr_Copy_i0 : core_models.clone.Clone.AssociatedTypes Self] @@ -573,24 +606,28 @@ class Copy (Self : Type) attribute [instance_reducible, instance] Copy.trait_constr_Copy_i0 +-- See [`std::marker::Send`] class Send.AssociatedTypes (Self : Type) where class Send (Self : Type) [associatedTypes : outParam (Send.AssociatedTypes (Self : Type))] where +-- See [`std::marker::Sync`] class Sync.AssociatedTypes (Self : Type) where class Sync (Self : Type) [associatedTypes : outParam (Sync.AssociatedTypes (Self : Type))] where +-- See [`std::marker::Sized`] class Sized.AssociatedTypes (Self : Type) where class Sized (Self : Type) [associatedTypes : outParam (Sized.AssociatedTypes (Self : Type))] where +-- See [`std::marker::StructuralPartialEq`] class StructuralPartialEq.AssociatedTypes (Self : Type) where class StructuralPartialEq (Self : Type) @@ -641,54 +678,62 @@ end core_models.marker namespace core_models.mem +-- See [`std::mem::forget`] opaque forget (T : Type) (t : T) : RustM rust_primitives.hax.Tuple0 +-- See [`std::mem::forget_unsized`] opaque forget_unsized (T : Type) (t : T) : RustM rust_primitives.hax.Tuple0 +-- See [`std::mem::size_of`] opaque size_of (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM usize +-- See [`std::mem::size_of_val`] opaque size_of_val (T : Type) (val : T) : RustM usize +-- See [`std::mem::min_align_of`] opaque min_align_of (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM usize +-- See [`std::mem::min_align_of_val`] opaque min_align_of_val (T : Type) (val : T) : RustM usize +-- See [`std::mem::align_of`] opaque align_of (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM usize +-- See [`std::mem::align_of_val`] opaque align_of_val (T : Type) (val : T) : RustM usize +-- See [`std::mem::align_of_val_raw`] opaque align_of_val_raw (T : Type) (val : T) : RustM usize +-- See [`std::mem::needs_drop`] opaque needs_drop (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM Bool +-- See [`std::mem::uninitialized`] opaque uninitialized (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM T +-- See [`std::mem::swap`] opaque swap (T : Type) (x : T) (y : T) : RustM (rust_primitives.hax.Tuple2 T T) +-- See [`std::mem::replace`] opaque replace (T : Type) (dest : T) (src : T) : RustM (rust_primitives.hax.Tuple2 T T) +-- See [`std::mem::drop`] opaque drop (T : Type) (_x : T) : RustM rust_primitives.hax.Tuple0 -@[spec] -def copy - (T : Type) - [trait_constr_copy_associated_type_i0 : - core_models.marker.Copy.AssociatedTypes - T] - [trait_constr_copy_i0 : core_models.marker.Copy T ] - (x : T) : - RustM T := do - (rust_primitives.mem.copy T x) - +-- See [`std::mem::take`] opaque take (T : Type) (x : T) : RustM (rust_primitives.hax.Tuple2 T T) +-- See [`std::mem::transmute_copy`] opaque transmute_copy (Src : Type) (Dst : Type) (src : Src) : RustM Dst +-- See [`std::mem::variant_count`] opaque variant_count (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM usize +-- See [`std::mem::zeroed`] opaque zeroed (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM T +-- See [`std::mem::transmute`] opaque transmute (Src : Type) (Dst : Type) (src : Src) : RustM Dst end core_models.mem @@ -704,12 +749,15 @@ end core_models.mem.manually_drop namespace core_models.num.error +-- See [`std::num::TryFromIntError`] structure TryFromIntError where _0 : rust_primitives.hax.Tuple0 +-- See [`std::num::IntErrorKind`] structure IntErrorKind where -- no fields +-- See [`std::num::ParseIntError`] structure ParseIntError where kind : IntErrorKind @@ -718,246 +766,401 @@ end core_models.num.error namespace core_models.num +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_6.wrapping_add (x : u8) (y : u8) : RustM u8 := do (rust_primitives.arithmetic.wrapping_add_u8 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_6.wrapping_sub (x : u8) (y : u8) : RustM u8 := do (rust_primitives.arithmetic.wrapping_sub_u8 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_6.wrapping_mul (x : u8) (y : u8) : RustM u8 := do (rust_primitives.arithmetic.wrapping_mul_u8 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_6.pow (x : u8) (exp : u32) : RustM u8 := do (rust_primitives.arithmetic.pow_u8 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_6.leading_zeros (x : u8) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_6.ilog2 (x : u8) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_6.is_power_of_two (x : u8) : RustM Bool := do + ((← (x !=? (0 : u8))) &&? (← ((← (x &&&? (← (x -? (1 : u8))))) ==? (0 : u8)))) + +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_7.wrapping_add (x : u16) (y : u16) : RustM u16 := do (rust_primitives.arithmetic.wrapping_add_u16 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_7.wrapping_sub (x : u16) (y : u16) : RustM u16 := do (rust_primitives.arithmetic.wrapping_sub_u16 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_7.wrapping_mul (x : u16) (y : u16) : RustM u16 := do (rust_primitives.arithmetic.wrapping_mul_u16 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_7.pow (x : u16) (exp : u32) : RustM u16 := do (rust_primitives.arithmetic.pow_u16 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_7.leading_zeros (x : u16) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_7.ilog2 (x : u16) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_7.is_power_of_two (x : u16) : RustM Bool := do + ((← (x !=? (0 : u16))) + &&? (← ((← (x &&&? (← (x -? (1 : u16))))) ==? (0 : u16)))) + +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_8.wrapping_add (x : u32) (y : u32) : RustM u32 := do (rust_primitives.arithmetic.wrapping_add_u32 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_8.wrapping_sub (x : u32) (y : u32) : RustM u32 := do (rust_primitives.arithmetic.wrapping_sub_u32 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_8.wrapping_mul (x : u32) (y : u32) : RustM u32 := do (rust_primitives.arithmetic.wrapping_mul_u32 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_8.pow (x : u32) (exp : u32) : RustM u32 := do (rust_primitives.arithmetic.pow_u32 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_8.leading_zeros (x : u32) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_8.ilog2 (x : u32) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_8.is_power_of_two (x : u32) : RustM Bool := do + ((← (x !=? (0 : u32))) + &&? (← ((← (x &&&? (← (x -? (1 : u32))))) ==? (0 : u32)))) + +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_9.wrapping_add (x : u64) (y : u64) : RustM u64 := do (rust_primitives.arithmetic.wrapping_add_u64 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_9.wrapping_sub (x : u64) (y : u64) : RustM u64 := do (rust_primitives.arithmetic.wrapping_sub_u64 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_9.wrapping_mul (x : u64) (y : u64) : RustM u64 := do (rust_primitives.arithmetic.wrapping_mul_u64 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_9.pow (x : u64) (exp : u32) : RustM u64 := do (rust_primitives.arithmetic.pow_u64 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_9.leading_zeros (x : u64) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_9.ilog2 (x : u64) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_9.is_power_of_two (x : u64) : RustM Bool := do + ((← (x !=? (0 : u64))) + &&? (← ((← (x &&&? (← (x -? (1 : u64))))) ==? (0 : u64)))) + +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_10.wrapping_add (x : u128) (y : u128) : RustM u128 := do (rust_primitives.arithmetic.wrapping_add_u128 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_10.wrapping_sub (x : u128) (y : u128) : RustM u128 := do (rust_primitives.arithmetic.wrapping_sub_u128 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_10.wrapping_mul (x : u128) (y : u128) : RustM u128 := do (rust_primitives.arithmetic.wrapping_mul_u128 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_10.pow (x : u128) (exp : u32) : RustM u128 := do (rust_primitives.arithmetic.pow_u128 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_10.leading_zeros (x : u128) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_10.ilog2 (x : u128) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_10.is_power_of_two (x : u128) : RustM Bool := do + ((← (x !=? (0 : u128))) + &&? (← ((← (x &&&? (← (x -? (1 : u128))))) ==? (0 : u128)))) + +-- See [`std::primitive::u8::wrapping_add`] (and similar for other unsigned integer types) @[spec] def Impl_11.wrapping_add (x : usize) (y : usize) : RustM usize := do (rust_primitives.arithmetic.wrapping_add_usize x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_11.wrapping_sub (x : usize) (y : usize) : RustM usize := do (rust_primitives.arithmetic.wrapping_sub_usize x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_11.wrapping_mul (x : usize) (y : usize) : RustM usize := do (rust_primitives.arithmetic.wrapping_mul_usize x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_11.pow (x : usize) (exp : u32) : RustM usize := do (rust_primitives.arithmetic.pow_usize x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_11.leading_zeros (x : usize) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_11.ilog2 (x : usize) : RustM u32 +-- See [`std::primitive::u8::is_power_of_two`] (and similar for other unsigned integer types) +@[spec] +def Impl_11.is_power_of_two (x : usize) : RustM Bool := do + ((← (x !=? (0 : usize))) + &&? (← ((← (x &&&? (← (x -? (1 : usize))))) ==? (0 : usize)))) + @[spec] def Impl_12.wrapping_add (x : i8) (y : i8) : RustM i8 := do (rust_primitives.arithmetic.wrapping_add_i8 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_12.wrapping_sub (x : i8) (y : i8) : RustM i8 := do (rust_primitives.arithmetic.wrapping_sub_i8 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_12.wrapping_mul (x : i8) (y : i8) : RustM i8 := do (rust_primitives.arithmetic.wrapping_mul_i8 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_12.pow (x : i8) (exp : u32) : RustM i8 := do (rust_primitives.arithmetic.pow_i8 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_12.leading_zeros (x : i8) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_12.ilog2 (x : i8) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_12.signum (x : i8) : RustM i8 := do + if (← (x >? (0 : i8))) then do + (pure (1 : i8)) + else do + if (← (x ==? (0 : i8))) then do (pure (0 : i8)) else do (pure (-1 : i8)) + @[spec] def Impl_13.wrapping_add (x : i16) (y : i16) : RustM i16 := do (rust_primitives.arithmetic.wrapping_add_i16 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_13.wrapping_sub (x : i16) (y : i16) : RustM i16 := do (rust_primitives.arithmetic.wrapping_sub_i16 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_13.wrapping_mul (x : i16) (y : i16) : RustM i16 := do (rust_primitives.arithmetic.wrapping_mul_i16 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_13.pow (x : i16) (exp : u32) : RustM i16 := do (rust_primitives.arithmetic.pow_i16 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_13.leading_zeros (x : i16) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_13.ilog2 (x : i16) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_13.signum (x : i16) : RustM i16 := do + if (← (x >? (0 : i16))) then do + (pure (1 : i16)) + else do + if (← (x ==? (0 : i16))) then do (pure (0 : i16)) else do (pure (-1 : i16)) + @[spec] def Impl_14.wrapping_add (x : i32) (y : i32) : RustM i32 := do (rust_primitives.arithmetic.wrapping_add_i32 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_14.wrapping_sub (x : i32) (y : i32) : RustM i32 := do (rust_primitives.arithmetic.wrapping_sub_i32 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_14.wrapping_mul (x : i32) (y : i32) : RustM i32 := do (rust_primitives.arithmetic.wrapping_mul_i32 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_14.pow (x : i32) (exp : u32) : RustM i32 := do (rust_primitives.arithmetic.pow_i32 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_14.leading_zeros (x : i32) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_14.ilog2 (x : i32) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_14.signum (x : i32) : RustM i32 := do + if (← (x >? (0 : i32))) then do + (pure (1 : i32)) + else do + if (← (x ==? (0 : i32))) then do (pure (0 : i32)) else do (pure (-1 : i32)) + @[spec] def Impl_15.wrapping_add (x : i64) (y : i64) : RustM i64 := do (rust_primitives.arithmetic.wrapping_add_i64 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_15.wrapping_sub (x : i64) (y : i64) : RustM i64 := do (rust_primitives.arithmetic.wrapping_sub_i64 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_15.wrapping_mul (x : i64) (y : i64) : RustM i64 := do (rust_primitives.arithmetic.wrapping_mul_i64 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_15.pow (x : i64) (exp : u32) : RustM i64 := do (rust_primitives.arithmetic.pow_i64 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_15.leading_zeros (x : i64) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_15.ilog2 (x : i64) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_15.signum (x : i64) : RustM i64 := do + if (← (x >? (0 : i64))) then do + (pure (1 : i64)) + else do + if (← (x ==? (0 : i64))) then do (pure (0 : i64)) else do (pure (-1 : i64)) + @[spec] def Impl_16.wrapping_add (x : i128) (y : i128) : RustM i128 := do (rust_primitives.arithmetic.wrapping_add_i128 x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_16.wrapping_sub (x : i128) (y : i128) : RustM i128 := do (rust_primitives.arithmetic.wrapping_sub_i128 x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_16.wrapping_mul (x : i128) (y : i128) : RustM i128 := do (rust_primitives.arithmetic.wrapping_mul_i128 x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_16.pow (x : i128) (exp : u32) : RustM i128 := do (rust_primitives.arithmetic.pow_i128 x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_16.leading_zeros (x : i128) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_16.ilog2 (x : i128) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_16.signum (x : i128) : RustM i128 := do + if (← (x >? (0 : i128))) then do + (pure (1 : i128)) + else do + if (← (x ==? (0 : i128))) then do + (pure (0 : i128)) + else do + (pure (-1 : i128)) + @[spec] def Impl_17.wrapping_add (x : isize) (y : isize) : RustM isize := do (rust_primitives.arithmetic.wrapping_add_isize x y) +-- See [`std::primitive::u8::wrapping_sub`] (and similar for other integer types) @[spec] def Impl_17.wrapping_sub (x : isize) (y : isize) : RustM isize := do (rust_primitives.arithmetic.wrapping_sub_isize x y) +-- See [`std::primitive::u8::wrapping_mul`] (and similar for other integer types) @[spec] def Impl_17.wrapping_mul (x : isize) (y : isize) : RustM isize := do (rust_primitives.arithmetic.wrapping_mul_isize x y) +-- See [`std::primitive::u8::pow`] (and similar for other integer types) @[spec] def Impl_17.pow (x : isize) (exp : u32) : RustM isize := do (rust_primitives.arithmetic.pow_isize x exp) +-- See [`std::primitive::u8::leading_zeros`] (and similar for other integer types) opaque Impl_17.leading_zeros (x : isize) : RustM u32 +-- See [`std::primitive::u8::ilog2`] (and similar for other integer types) opaque Impl_17.ilog2 (x : isize) : RustM u32 +-- See [`std::primitive::i8::signum`] (and similar for other signed integer types) +@[spec] +def Impl_17.signum (x : isize) : RustM isize := do + if (← (x >? (0 : isize))) then do + (pure (1 : isize)) + else do + if (← (x ==? (0 : isize))) then do + (pure (0 : isize)) + else do + (pure (-1 : isize)) + @[reducible] instance Impl_18.AssociatedTypes : core_models.default.Default.AssociatedTypes u8 where @@ -1042,11 +1245,19 @@ instance Impl_28 : core_models.default.Default i128 where instance Impl_29 : core_models.default.Default isize where default := fun (_ : rust_primitives.hax.Tuple0) => do (pure (0 : isize)) +@[reducible] instance Impl_30.AssociatedTypes : + core_models.default.Default.AssociatedTypes Bool + where + +instance Impl_30 : core_models.default.Default Bool where + default := fun (_ : rust_primitives.hax.Tuple0) => do (pure false) + end core_models.num namespace core_models.ops.arith +-- See [`std::ops::AddAssign`] class AddAssign.AssociatedTypes (Self : Type) (Rhs : Type) where class AddAssign (Self : Type) (Rhs : Type) @@ -1055,6 +1266,7 @@ class AddAssign (Self : Type) (Rhs : Type) where add_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) +-- See [`std::ops::SubAssign`] class SubAssign.AssociatedTypes (Self : Type) (Rhs : Type) where class SubAssign (Self : Type) (Rhs : Type) @@ -1063,6 +1275,7 @@ class SubAssign (Self : Type) (Rhs : Type) where sub_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) +-- See [`std::ops::MulAssign`] class MulAssign.AssociatedTypes (Self : Type) (Rhs : Type) where class MulAssign (Self : Type) (Rhs : Type) @@ -1071,6 +1284,7 @@ class MulAssign (Self : Type) (Rhs : Type) where mul_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) +-- See [`std::ops::DivAssign`] class DivAssign.AssociatedTypes (Self : Type) (Rhs : Type) where class DivAssign (Self : Type) (Rhs : Type) @@ -1079,6 +1293,7 @@ class DivAssign (Self : Type) (Rhs : Type) where div_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) +-- See [`std::ops::RemAssign`] class RemAssign.AssociatedTypes (Self : Type) (Rhs : Type) where class RemAssign (Self : Type) (Rhs : Type) @@ -1090,17 +1305,71 @@ class RemAssign (Self : Type) (Rhs : Type) end core_models.ops.arith +namespace core_models.ops.bit + +-- See [`std::ops::ShrAssign`] +class ShrAssign.AssociatedTypes (Self : Type) (Rhs : Type) where + +class ShrAssign (Self : Type) (Rhs : Type) + [associatedTypes : outParam (ShrAssign.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + shr_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) + +-- See [`std::ops::ShlAssign`] +class ShlAssign.AssociatedTypes (Self : Type) (Rhs : Type) where + +class ShlAssign (Self : Type) (Rhs : Type) + [associatedTypes : outParam (ShlAssign.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + shl_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) + +-- See [`std::ops::BitXorAssign`] +class BitXorAssign.AssociatedTypes (Self : Type) (Rhs : Type) where + +class BitXorAssign (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitXorAssign.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + bitxor_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) + +-- See [`std::ops::BitAndAssign`] +class BitAndAssign.AssociatedTypes (Self : Type) (Rhs : Type) where + +class BitAndAssign (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitAndAssign.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + bitand_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) + +-- See [`std::ops::BitOrAssign`] +class BitOrAssign.AssociatedTypes (Self : Type) (Rhs : Type) where + +class BitOrAssign (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitOrAssign.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + bitor_assign (Self) (Rhs) : (Self -> Rhs -> RustM Self) + +end core_models.ops.bit + + namespace core_models.ops.control_flow +-- See [`std::ops::ControlFlow`] inductive ControlFlow (B : Type) (C : Type) : Type -| Continue : C -> ControlFlow (B : Type) (C : Type) -| Break : B -> ControlFlow (B : Type) (C : Type) +| -- See [`std::ops::ControlFlow::Continue`] + Continue : C -> ControlFlow (B : Type) (C : Type) +| -- See [`std::ops::ControlFlow::Break`] + Break : B -> ControlFlow (B : Type) (C : Type) end core_models.ops.control_flow namespace core_models.ops.try_trait +-- See [`std::ops::FromResidual`] class FromResidual.AssociatedTypes (Self : Type) (R : Type) where class FromResidual (Self : Type) (R : Type) @@ -1114,6 +1383,7 @@ end core_models.ops.try_trait namespace core_models.ops.drop +-- See [`std::ops::Drop`] class Drop.AssociatedTypes (Self : Type) where class Drop (Self : Type) @@ -1126,33 +1396,46 @@ end core_models.ops.drop namespace core_models.ops.range +-- See [`std::ops::RangeTo`] structure RangeTo (T : Type) where _end : T +-- See [`std::ops::RangeFrom`] structure RangeFrom (T : Type) where start : T +-- See [`std::ops::Range`] structure Range (T : Type) where start : T _end : T +-- See [`std::ops::RangeFull`] structure RangeFull where -- no fields -end core_models.ops.range +-- See [`std::ops::RangeInclusive`] +structure RangeInclusive (T : Type) where + start : T + _end : T + +end core_models.ops.range namespace core_models.option +-- See [`std::option::Option`] inductive Option (T : Type) : Type -| Some : T -> Option (T : Type) -| None : Option (T : Type) +| -- See [`std::option::Option::Some`] + Some : T -> Option (T : Type) +| -- See [`std::option::Option::None`] + None : Option (T : Type) end core_models.option namespace core_models.cmp +-- See [`std::cmp::PartialOrd`] class PartialOrd.AssociatedTypes (Self : Type) (Rhs : Type) where [trait_constr_PartialOrd_i0 : PartialEq.AssociatedTypes Self Rhs] @@ -1238,6 +1521,7 @@ instance Impl_1 (pure true) | _ => do (pure false) +-- See [`std::cmp::Ord`] class Ord.AssociatedTypes (Self : Type) where [trait_constr_Ord_i0 : Eq.AssociatedTypes Self] [trait_constr_Ord_i1 : PartialOrd.AssociatedTypes Self Self] @@ -1257,6 +1541,7 @@ attribute [instance_reducible, instance] Ord.trait_constr_Ord_i0 attribute [instance_reducible, instance] Ord.trait_constr_Ord_i1 +-- See [`std::cmp::max`] @[spec] def max (T : Type) @@ -1269,6 +1554,7 @@ def max | (Ordering.Greater ) => do (pure v1) | _ => do (pure v2) +-- See [`std::cmp::min`] @[spec] def min (T : Type) @@ -1313,345 +1599,585 @@ instance Impl_5 cmp := fun (self : (Reverse T)) (other : (Reverse T)) => do (Ord.cmp T (Reverse._0 other) (Reverse._0 self)) -@[reducible] instance Impl_30.AssociatedTypes : - PartialOrd.AssociatedTypes u8 u8 - where +end core_models.cmp -instance Impl_30 : PartialOrd u8 u8 where - partial_cmp := fun (self : u8) (other : u8) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) -@[reducible] instance Impl_31.AssociatedTypes : Ord.AssociatedTypes u8 where +namespace core_models.iter.adapters.enumerate -instance Impl_31 : Ord u8 where - cmp := fun (self : u8) (other : u8) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +@[reducible] instance Impl_1.AssociatedTypes + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Enumerate I) + where + Item := (rust_primitives.hax.Tuple2 + usize + (core_models.iter.traits.iterator.Iterator.Item I)) -@[reducible] instance Impl_32.AssociatedTypes : - PartialOrd.AssociatedTypes i8 i8 +instance Impl_1 + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator (Enumerate I) where + next := fun (self : (Enumerate I)) => do + let ⟨tmp0, out⟩ ← + (core_models.iter.traits.iterator.Iterator.next I (Enumerate.iter self)); + let self : (Enumerate I) := {self with iter := tmp0}; + let ⟨self, hax_temp_output⟩ ← + match out with + | (core_models.option.Option.Some a) => do + let i : usize := (Enumerate.count self); + let _ ← + (hax_lib.assume + (← (hax_lib.prop.constructors.from_bool + (← ((Enumerate.count self) do + (pure (rust_primitives.hax.Tuple2.mk + self + core_models.option.Option.None)); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) -instance Impl_32 : PartialOrd i8 i8 where - partial_cmp := fun (self : i8) (other : i8) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +end core_models.iter.adapters.enumerate -@[reducible] instance Impl_33.AssociatedTypes : Ord.AssociatedTypes i8 where -instance Impl_33 : Ord i8 where - cmp := fun (self : i8) (other : i8) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +namespace core_models.iter.adapters.take -@[reducible] instance Impl_34.AssociatedTypes : - PartialOrd.AssociatedTypes u16 u16 +@[reducible] instance Impl_1.AssociatedTypes + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Take I) where + Item := (core_models.iter.traits.iterator.Iterator.Item I) -instance Impl_34 : PartialOrd u16 u16 where - partial_cmp := fun (self : u16) (other : u16) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) +instance Impl_1 + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : + core_models.iter.traits.iterator.Iterator (Take I) + where + next := fun (self : (Take I)) => do + let ⟨self, hax_temp_output⟩ ← + if (← ((Take.n self) !=? (0 : usize))) then do + let self : (Take I) := + {self with n := (← ((Take.n self) -? (1 : usize)))}; + let ⟨tmp0, out⟩ ← + (core_models.iter.traits.iterator.Iterator.next I (Take.iter self)); + let self : (Take I) := {self with iter := tmp0}; + (pure (rust_primitives.hax.Tuple2.mk self out)) else do - (pure (core_models.option.Option.Some Ordering.Equal)) + (pure (rust_primitives.hax.Tuple2.mk + self + core_models.option.Option.None)); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) -@[reducible] instance Impl_35.AssociatedTypes : Ord.AssociatedTypes u16 where +end core_models.iter.adapters.take -instance Impl_35 : Ord u16 where - cmp := fun (self : u16) (other : u16) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) -@[reducible] instance Impl_36.AssociatedTypes : - PartialOrd.AssociatedTypes i16 i16 +namespace core_models.iter.adapters.flatten + +-- See [`std::iter::Flatten`] +structure Flatten + (I : Type) + [trait_constr_Flatten_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Flatten_i0 : core_models.iter.traits.iterator.Iterator I ] + [trait_constr_Flatten_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + (core_models.iter.traits.iterator.Iterator.Item I)] + [trait_constr_Flatten_i1 : core_models.iter.traits.iterator.Iterator + (core_models.iter.traits.iterator.Iterator.Item I) + ] where + it : I + current : (core_models.option.Option + (core_models.iter.traits.iterator.Iterator.Item I)) -instance Impl_36 : PartialOrd i16 i16 where - partial_cmp := fun (self : i16) (other : i16) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +@[spec] +def Impl.new + (I : Type) + [trait_constr_new_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator I ] + [trait_constr_new_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + (core_models.iter.traits.iterator.Iterator.Item I)] + [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator + (core_models.iter.traits.iterator.Iterator.Item I) + ] + (it : I) : + RustM (Flatten I) := do + (pure (Flatten.mk (it := it) (current := core_models.option.Option.None))) -@[reducible] instance Impl_37.AssociatedTypes : Ord.AssociatedTypes i16 where +@[instance] opaque Impl_1.AssociatedTypes + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + (core_models.iter.traits.iterator.Iterator.Item I)] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator + (core_models.iter.traits.iterator.Iterator.Item I) + ] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Flatten I) := + by constructor <;> exact Inhabited.default -instance Impl_37 : Ord i16 where - cmp := fun (self : i16) (other : i16) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +@[instance] opaque Impl_1 + (I : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + I] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + (core_models.iter.traits.iterator.Iterator.Item I)] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator + (core_models.iter.traits.iterator.Iterator.Item I) + ] : + core_models.iter.traits.iterator.Iterator (Flatten I) := + by constructor <;> exact Inhabited.default -@[reducible] instance Impl_38.AssociatedTypes : - PartialOrd.AssociatedTypes u32 u32 - where +end core_models.iter.adapters.flatten -instance Impl_38 : PartialOrd u32 u32 where - partial_cmp := fun (self : u32) (other : u32) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) -@[reducible] instance Impl_39.AssociatedTypes : Ord.AssociatedTypes u32 where +namespace core_models.iter.adapters.chain -instance Impl_39 : Ord u32 where - cmp := fun (self : u32) (other : u32) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::iter::Chain`] +structure Chain (A : Type) (B : Type) where + a : (core_models.option.Option A) + b : B -@[reducible] instance Impl_40.AssociatedTypes : - PartialOrd.AssociatedTypes i32 i32 - where +@[spec] +def Impl.new + (A : Type) + (B : Type) + [trait_constr_new_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + A] + [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator A ] + [trait_constr_new_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + B] + [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator + B + (associatedTypes := { + show core_models.iter.traits.iterator.Iterator.AssociatedTypes B + by infer_instance + with Item := (core_models.iter.traits.iterator.Iterator.Item A)})] + (a : A) + (b : B) : + RustM (Chain A B) := do + (pure (Chain.mk (a := (core_models.option.Option.Some a)) (b := b))) -instance Impl_40 : PartialOrd i32 i32 where - partial_cmp := fun (self : i32) (other : i32) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +@[instance] opaque Impl_1.AssociatedTypes + (A : Type) + (B : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + A] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator A ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + B] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator + B + (associatedTypes := { + show core_models.iter.traits.iterator.Iterator.AssociatedTypes B + by infer_instance + with Item := (core_models.iter.traits.iterator.Iterator.Item A)})] : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Chain A B) := + by constructor <;> exact Inhabited.default -@[reducible] instance Impl_41.AssociatedTypes : Ord.AssociatedTypes i32 where +@[instance] opaque Impl_1 + (A : Type) + (B : Type) + [trait_constr_Impl_1_associated_type_i0 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + A] + [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator A ] + [trait_constr_Impl_1_associated_type_i1 : + core_models.iter.traits.iterator.Iterator.AssociatedTypes + B] + [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator + B + (associatedTypes := { + show core_models.iter.traits.iterator.Iterator.AssociatedTypes B + by infer_instance + with Item := (core_models.iter.traits.iterator.Iterator.Item A)})] : + core_models.iter.traits.iterator.Iterator (Chain A B) := + by constructor <;> exact Inhabited.default -instance Impl_41 : Ord i32 where - cmp := fun (self : i32) (other : i32) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +end core_models.iter.adapters.chain -@[reducible] instance Impl_42.AssociatedTypes : - PartialOrd.AssociatedTypes u64 u64 - where -instance Impl_42 : PartialOrd u64 u64 where - partial_cmp := fun (self : u64) (other : u64) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +namespace core_models.num -@[reducible] instance Impl_43.AssociatedTypes : Ord.AssociatedTypes u64 where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_6.checked_div (x : u8) (y : u8) : + RustM (core_models.option.Option u8) := do + if (← (y ==? (0 : u8))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_43 : Ord u64 where - cmp := fun (self : u64) (other : u64) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_6.checked_rem (x : u8) (y : u8) : + RustM (core_models.option.Option u8) := do + if (← (y ==? (0 : u8))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_44.AssociatedTypes : - PartialOrd.AssociatedTypes i64 i64 - where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_7.checked_div (x : u16) (y : u16) : + RustM (core_models.option.Option u16) := do + if (← (y ==? (0 : u16))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_44 : PartialOrd i64 i64 where - partial_cmp := fun (self : i64) (other : i64) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_7.checked_rem (x : u16) (y : u16) : + RustM (core_models.option.Option u16) := do + if (← (y ==? (0 : u16))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_45.AssociatedTypes : Ord.AssociatedTypes i64 where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_8.checked_div (x : u32) (y : u32) : + RustM (core_models.option.Option u32) := do + if (← (y ==? (0 : u32))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_45 : Ord i64 where - cmp := fun (self : i64) (other : i64) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_8.checked_rem (x : u32) (y : u32) : + RustM (core_models.option.Option u32) := do + if (← (y ==? (0 : u32))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_46.AssociatedTypes : - PartialOrd.AssociatedTypes u128 u128 - where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_9.checked_div (x : u64) (y : u64) : + RustM (core_models.option.Option u64) := do + if (← (y ==? (0 : u64))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_46 : PartialOrd u128 u128 where - partial_cmp := fun (self : u128) (other : u128) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_9.checked_rem (x : u64) (y : u64) : + RustM (core_models.option.Option u64) := do + if (← (y ==? (0 : u64))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_47.AssociatedTypes : Ord.AssociatedTypes u128 where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_10.checked_div (x : u128) (y : u128) : + RustM (core_models.option.Option u128) := do + if (← (y ==? (0 : u128))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_47 : Ord u128 where - cmp := fun (self : u128) (other : u128) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_10.checked_rem (x : u128) (y : u128) : + RustM (core_models.option.Option u128) := do + if (← (y ==? (0 : u128))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_48.AssociatedTypes : - PartialOrd.AssociatedTypes i128 i128 - where +-- See [`std::primitive::u8::checked_div`] (and similar for other integer types) +@[spec] +def Impl_11.checked_div (x : usize) (y : usize) : + RustM (core_models.option.Option usize) := do + if (← (y ==? (0 : usize))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_48 : PartialOrd i128 i128 where - partial_cmp := fun (self : i128) (other : i128) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +-- See [`std::primitive::u8::checked_rem`] (and similar for other integer types) +@[spec] +def Impl_11.checked_rem (x : usize) (y : usize) : + RustM (core_models.option.Option usize) := do + if (← (y ==? (0 : usize))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_49.AssociatedTypes : Ord.AssociatedTypes i128 where +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_12.checked_div (x : i8) (y : i8) : + RustM (core_models.option.Option i8) := do + if + (← ((← (y ==? (0 : i8))) + ||? (← ((← (x ==? Impl_12.MIN)) &&? (← (y ==? (-1 : i8))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_49 : Ord i128 where - cmp := fun (self : i128) (other : i128) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_12.checked_rem (x : i8) (y : i8) : + RustM (core_models.option.Option i8) := do + if + (← ((← (y ==? (0 : i8))) + ||? (← ((← (x ==? Impl_12.MIN)) &&? (← (y ==? (-1 : i8))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_50.AssociatedTypes : - PartialOrd.AssociatedTypes usize usize - where +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_13.checked_div (x : i16) (y : i16) : + RustM (core_models.option.Option i16) := do + if + (← ((← (y ==? (0 : i16))) + ||? (← ((← (x ==? Impl_13.MIN)) &&? (← (y ==? (-1 : i16))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_50 : PartialOrd usize usize where - partial_cmp := fun (self : usize) (other : usize) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_13.checked_rem (x : i16) (y : i16) : + RustM (core_models.option.Option i16) := do + if + (← ((← (y ==? (0 : i16))) + ||? (← ((← (x ==? Impl_13.MIN)) &&? (← (y ==? (-1 : i16))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_51.AssociatedTypes : Ord.AssociatedTypes usize where +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_14.checked_div (x : i32) (y : i32) : + RustM (core_models.option.Option i32) := do + if + (← ((← (y ==? (0 : i32))) + ||? (← ((← (x ==? Impl_14.MIN)) &&? (← (y ==? (-1 : i32))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_51 : Ord usize where - cmp := fun (self : usize) (other : usize) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_14.checked_rem (x : i32) (y : i32) : + RustM (core_models.option.Option i32) := do + if + (← ((← (y ==? (0 : i32))) + ||? (← ((← (x ==? Impl_14.MIN)) &&? (← (y ==? (-1 : i32))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_52.AssociatedTypes : - PartialOrd.AssociatedTypes isize isize - where +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_15.checked_div (x : i64) (y : i64) : + RustM (core_models.option.Option i64) := do + if + (← ((← (y ==? (0 : i64))) + ||? (← ((← (x ==? Impl_15.MIN)) &&? (← (y ==? (-1 : i64))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_52 : PartialOrd isize isize where - partial_cmp := fun (self : isize) (other : isize) => do - if (← (self ? other)) then do - (pure (core_models.option.Option.Some Ordering.Greater)) - else do - (pure (core_models.option.Option.Some Ordering.Equal)) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_15.checked_rem (x : i64) (y : i64) : + RustM (core_models.option.Option i64) := do + if + (← ((← (y ==? (0 : i64))) + ||? (← ((← (x ==? Impl_15.MIN)) &&? (← (y ==? (-1 : i64))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -@[reducible] instance Impl_53.AssociatedTypes : Ord.AssociatedTypes isize where +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_16.checked_div (x : i128) (y : i128) : + RustM (core_models.option.Option i128) := do + if + (← ((← (y ==? (0 : i128))) + ||? (← ((← (x ==? Impl_16.MIN)) &&? (← (y ==? (-1 : i128))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) -instance Impl_53 : Ord isize where - cmp := fun (self : isize) (other : isize) => do - if (← (self ? other)) then do - (pure Ordering.Greater) - else do - (pure Ordering.Equal) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_16.checked_rem (x : i128) (y : i128) : + RustM (core_models.option.Option i128) := do + if + (← ((← (y ==? (0 : i128))) + ||? (← ((← (x ==? Impl_16.MIN)) &&? (← (y ==? (-1 : i128))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -end core_models.cmp +-- See [`std::primitive::i8::checked_div`] (and similar for other signed integer types) +@[spec] +def Impl_17.checked_div (x : isize) (y : isize) : + RustM (core_models.option.Option isize) := do + if + (← ((← (y ==? (0 : isize))) + ||? (← ((← (x ==? Impl_17.MIN)) &&? (← (y ==? (-1 : isize))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x /? y)))) +-- See [`std::primitive::i8::checked_rem`] (and similar for other signed integer types) +@[spec] +def Impl_17.checked_rem (x : isize) (y : isize) : + RustM (core_models.option.Option isize) := do + if + (← ((← (y ==? (0 : isize))) + ||? (← ((← (x ==? Impl_17.MIN)) &&? (← (y ==? (-1 : isize))))))) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some (← (x %? y)))) -namespace core_models.iter.adapters.flat_map +end core_models.num -structure FlatMap (I : Type) (U : Type) (F : Type) where - it : I - f : F - current : (core_models.option.Option U) -end core_models.iter.adapters.flat_map +namespace core_models.option +-- See [`std::option::Option::is_some_and`] +@[spec] +def Impl.is_some_and + (T : Type) + (F : Type) + [trait_constr_is_some_and_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_is_some_and_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := Bool})] + (self : (Option T)) + (f : F) : + RustM Bool := do + match self with + | (Option.None ) => do (pure false) + | (Option.Some x) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk x)) -namespace core_models.option +-- See [`std::option::Option::is_none_or`] +@[spec] +def Impl.is_none_or + (T : Type) + (F : Type) + [trait_constr_is_none_or_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_is_none_or_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := Bool})] + (self : (Option T)) + (f : F) : + RustM Bool := do + match self with + | (Option.None ) => do (pure true) + | (Option.Some x) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk x)) +-- See [`std::option::Option::as_ref`] @[spec] def Impl.as_ref (T : Type) (self : (Option T)) : RustM (Option T) := do match self with | (Option.Some x) => do (pure (Option.Some x)) | (Option.None ) => do (pure Option.None) +-- See [`std::option::Option::unwrap_or`] @[spec] def Impl.unwrap_or (T : Type) (self : (Option T)) (default : T) : RustM T := do match self with | (Option.Some x) => do (pure x) | (Option.None ) => do (pure default) +-- See [`std::option::Option::unwrap_or_else`] +@[spec] +def Impl.unwrap_or_else + (T : Type) + (F : Type) + [trait_constr_unwrap_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0] + [trait_constr_unwrap_or_else_i0 : core.ops.function.FnOnce + F + rust_primitives.hax.Tuple0 + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0 + by infer_instance + with Output := T})] + (self : (Option T)) + (f : F) : + RustM T := do + match self with + | (Option.Some x) => do (pure x) + | (Option.None ) => do + (core.ops.function.FnOnce.call_once + F + rust_primitives.hax.Tuple0 f rust_primitives.hax.Tuple0.mk) + +-- See [`std::option::Option::unwrap_or_default`] @[spec] def Impl.unwrap_or_default (T : Type) @@ -1666,38 +2192,345 @@ def Impl.unwrap_or_default | (Option.None ) => do (core_models.default.Default.default T rust_primitives.hax.Tuple0.mk) +-- See [`std::option::Option::map`] @[spec] -def Impl.take (T : Type) (self : (Option T)) : - RustM (rust_primitives.hax.Tuple2 (Option T) (Option T)) := do - (pure (rust_primitives.hax.Tuple2.mk Option.None self)) - -def Impl.is_some (T : Type) (self : (Option T)) : RustM Bool := do - match self with | (Option.Some _) => do (pure true) | _ => do (pure false) +def Impl.map + (T : Type) + (U : Type) + (F : Type) + [trait_constr_map_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + (self : (Option T)) + (f : F) : + RustM (Option U) := do + match self with + | (Option.Some x) => do + (pure (Option.Some + (← (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk x))))) + | (Option.None ) => do (pure Option.None) -set_option hax_mvcgen.specset "bv" in -@[hax_spec] -def Impl.is_some.spec (T : Type) (self : (Option T)) : - Spec - (requires := do pure True) - (ensures := fun - res => do - (hax_lib.prop.constructors.implies - (← (hax_lib.prop.constructors.from_bool res)) - (← (hax_lib.prop.Impl.from_bool true)))) - (Impl.is_some (T : Type) (self : (Option T))) := { - pureRequires := by hax_construct_pure <;> bv_decide - pureEnsures := by hax_construct_pure <;> bv_decide - contract := by hax_mvcgen [Impl.is_some] <;> bv_decide -} +-- See [`std::option::Option::map_or`] +@[spec] +def Impl.map_or + (T : Type) + (U : Type) + (F : Type) + [trait_constr_map_or_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + (self : (Option T)) + (default : U) + (f : F) : + RustM U := do + match self with + | (Option.Some t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Option.None ) => do (pure default) +-- See [`std::option::Option::map_or_else`] @[spec] -def Impl.is_none (T : Type) (self : (Option T)) : RustM Bool := do - ((← (Impl.is_some T self)) ==? false) +def Impl.map_or_else + (T : Type) + (U : Type) + (D : Type) + (F : Type) + [trait_constr_map_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_else_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + [trait_constr_map_or_else_associated_type_i1 : + core.ops.function.FnOnce.AssociatedTypes + D + rust_primitives.hax.Tuple0] + [trait_constr_map_or_else_i1 : core.ops.function.FnOnce + D + rust_primitives.hax.Tuple0 + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + D + rust_primitives.hax.Tuple0 + by infer_instance + with Output := U})] + (self : (Option T)) + (default : D) + (f : F) : + RustM U := do + match self with + | (Option.Some t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Option.None ) => do + (core.ops.function.FnOnce.call_once + D + rust_primitives.hax.Tuple0 default rust_primitives.hax.Tuple0.mk) -end core_models.option +-- See [`std::option::Option::map_or_default`] +@[spec] +def Impl.map_or_default + (T : Type) + (U : Type) + (F : Type) + [trait_constr_map_or_default_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_default_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + [trait_constr_map_or_default_associated_type_i1 : + core_models.default.Default.AssociatedTypes + U] + [trait_constr_map_or_default_i1 : core_models.default.Default U ] + (self : (Option T)) + (f : F) : + RustM U := do + match self with + | (Option.Some t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Option.None ) => do + (core_models.default.Default.default U rust_primitives.hax.Tuple0.mk) +-- See [`std::option::Option::and_then`] +@[spec] +def Impl.and_then + (T : Type) + (U : Type) + (F : Type) + [trait_constr_and_then_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_and_then_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := (Option U)})] + (self : (Option T)) + (f : F) : + RustM (Option U) := do + match self with + | (Option.Some x) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk x)) + | (Option.None ) => do (pure Option.None) -namespace core_models.panicking +-- See [`std::option::Option::take`] +-- +-- Note: The interface in Rust is wrong, but is good after extraction. +-- We cannot make a useful model with the right interface so we lose the executability. +@[spec] +def Impl.take (T : Type) (self : (Option T)) : + RustM (rust_primitives.hax.Tuple2 (Option T) (Option T)) := do + (pure (rust_primitives.hax.Tuple2.mk Option.None self)) + +-- See [`std::option::Option::filter`] +opaque Impl.filter + (T : Type) + (P : Type) + [trait_constr_filter_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + P + (rust_primitives.hax.Tuple1 T)] + [trait_constr_filter_i0 : core.ops.function.FnOnce + P + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + P + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := Bool})] + (self : (Option T)) + (predicate : P) : + RustM (Option T) + +-- See [`std::option::Option::or`] +@[spec] +def Impl.or (T : Type) (self : (Option T)) (optb : (Option T)) : + RustM (Option T) := do + match self with + | (Option.Some x) => do (pure (Option.Some x)) + | (Option.None ) => do (pure optb) + +-- See [`std::option::Option::or_else`] +@[spec] +def Impl.or_else + (T : Type) + (F : Type) + [trait_constr_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0] + [trait_constr_or_else_i0 : core.ops.function.FnOnce + F + rust_primitives.hax.Tuple0 + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0 + by infer_instance + with Output := (Option T)})] + (self : (Option T)) + (f : F) : + RustM (Option T) := do + match self with + | (Option.Some x) => do (pure (Option.Some x)) + | (Option.None ) => do + (core.ops.function.FnOnce.call_once + F + rust_primitives.hax.Tuple0 f rust_primitives.hax.Tuple0.mk) + +-- See [`std::option::Option::xor`] +@[spec] +def Impl.xor (T : Type) (self : (Option T)) (optb : (Option T)) : + RustM (Option T) := do + match (rust_primitives.hax.Tuple2.mk self optb) with + | ⟨(Option.Some a), (Option.None )⟩ => do (pure (Option.Some a)) + | ⟨(Option.None ), (Option.Some b)⟩ => do (pure (Option.Some b)) + | _ => do (pure Option.None) + +-- See [`std::option::Option::zip`] +@[spec] +def Impl.zip (T : Type) (U : Type) (self : (Option T)) (other : (Option U)) : + RustM (Option (rust_primitives.hax.Tuple2 T U)) := do + match (rust_primitives.hax.Tuple2.mk self other) with + | ⟨(Option.Some a), (Option.Some b)⟩ => do + (pure (Option.Some (rust_primitives.hax.Tuple2.mk a b))) + | _ => do (pure Option.None) + +-- See [`std::option::Option::inspect`] +@[spec] +def Impl.inspect + (T : Type) + (F : Type) + [trait_constr_inspect_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_inspect_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := rust_primitives.hax.Tuple0})] + (self : (Option T)) + (f : F) : + RustM (Option T) := do + let _ ← + match self with + | (Option.Some x) => do + let _ ← + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk x)); + (pure rust_primitives.hax.Tuple0.mk) + | _ => do (pure rust_primitives.hax.Tuple0.mk); + (pure self) + +-- See [`std::option::Option::is_some`] +def Impl.is_some (T : Type) (self : (Option T)) : RustM Bool := do + match self with | (Option.Some _) => do (pure true) | _ => do (pure false) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def Impl.is_some.spec (T : Type) (self : (Option T)) : + Spec + (requires := do pure True) + (ensures := fun + res => do + (hax_lib.prop.constructors.implies + (← (hax_lib.prop.constructors.from_bool res)) + (← (hax_lib.prop.Impl.from_bool true)))) + (Impl.is_some (T : Type) (self : (Option T))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.is_some] <;> bv_decide +} + +-- See [`std::option::Option::is_none`] +@[spec] +def Impl.is_none (T : Type) (self : (Option T)) : RustM Bool := do + ((← (Impl.is_some T self)) ==? false) + +-- See [`std::option::Option::flatten`] +@[spec] +def Impl_1.flatten (T : Type) (self : (Option (Option T))) : + RustM (Option T) := do + match self with + | (Option.Some inner) => do (pure inner) + | (Option.None ) => do (pure Option.None) + +@[reducible] instance Impl_2.AssociatedTypes (T : Type) : + core_models.default.Default.AssociatedTypes (Option T) + where + +instance Impl_2 (T : Type) : core_models.default.Default (Option T) where + default := fun (_ : rust_primitives.hax.Tuple0) => do (pure Option.None) + +end core_models.option + + +namespace core_models.panicking opaque panic_explicit (_ : rust_primitives.hax.Tuple0) : RustM rust_primitives.hax.Never @@ -1717,6 +2550,53 @@ opaque panic (T : Type) (_ : rust_primitives.hax.Tuple0) : RustM T end core_models.panicking.internal +namespace core_models.cmp + +-- See [`std::cmp::clamp`] +def clamp + (T : Type) + [trait_constr_clamp_associated_type_i0 : Ord.AssociatedTypes T] + [trait_constr_clamp_i0 : Ord T ] + (value : T) + (min : T) + (max : T) : + RustM T := do + let _ ← + if (← (!? (← (Impl_54.is_le (← (Ord.cmp T min max)))))) then do + (core_models.panicking.internal.panic rust_primitives.hax.Tuple0 + rust_primitives.hax.Tuple0.mk) + else do + (pure rust_primitives.hax.Tuple0.mk); + match (← (Ord.cmp T value min)) with + | (Ordering.Less ) => do (pure min) + | (Ordering.Equal ) => do (pure value) + | (Ordering.Greater ) => do + match (← (Ord.cmp T value max)) with + | (Ordering.Greater ) => do (pure max) + | _ => do (pure value) + +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + clamp.spec + (T : Type) + [trait_constr_clamp_associated_type_i0 : Ord.AssociatedTypes T] + [trait_constr_clamp_i0 : Ord T ] + (value : T) + (min : T) + (max : T) : + Spec + (requires := do (Impl_54.is_le (← (Ord.cmp T min max)))) + (ensures := fun _ => pure True) + (clamp (T : Type) (value : T) (min : T) (max : T)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [clamp] <;> bv_decide +} + +end core_models.cmp + + namespace core_models.hash @[reducible] instance Impl.AssociatedTypes (T : Type) : @@ -1736,19 +2616,24 @@ end core_models.hash namespace core_models.result +-- See [`std::result::Result`] inductive Result (T : Type) (E : Type) : Type -| Ok : T -> Result (T : Type) (E : Type) -| Err : E -> Result (T : Type) (E : Type) +| -- See [`std::result::Result::Ok`] + Ok : T -> Result (T : Type) (E : Type) +| -- See [`std::result::Result::Err`] + Err : E -> Result (T : Type) (E : Type) end core_models.result namespace core_models.fmt +-- See [`std::fmt::Result`] abbrev Result : Type := (core_models.result.Result rust_primitives.hax.Tuple0 Error) +-- See [`std::fmt::Display`] class Display.AssociatedTypes (Self : Type) where class Display (Self : Type) @@ -1761,6 +2646,7 @@ class Display (Self : Type) Formatter (core_models.result.Result rust_primitives.hax.Tuple0 Error))) +-- See [`std::fmt::Debug`] class Debug.AssociatedTypes (Self : Type) where class Debug (Self : Type) @@ -1778,6 +2664,7 @@ end core_models.fmt namespace core_models.error +-- See [`std::error::Error`] class Error.AssociatedTypes (Self : Type) where [trait_constr_Error_i0 : core_models.fmt.Display.AssociatedTypes Self] [trait_constr_Error_i1 : core_models.fmt.Debug.AssociatedTypes Self] @@ -1835,39 +2722,51 @@ end core_models.fmt namespace core_models.num +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_6.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result u8 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_7.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result u16 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_8.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result u32 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_9.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result u64 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_10.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result u128 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_11.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result usize core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_12.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result i8 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_13.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result i16 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_14.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result i32 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_15.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result i64 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_16.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result i128 core_models.num.error.ParseIntError) +-- See [`std::primitive::u8::from_str_radix`] (and similar for other integer types) opaque Impl_17.from_str_radix (src : String) (radix : u32) : RustM (core_models.result.Result isize core_models.num.error.ParseIntError) @@ -1876,6 +2775,7 @@ end core_models.num namespace core_models.option +-- See [`std::option::Option::ok_or`] @[spec] def Impl.ok_or (T : Type) (E : Type) (self : (Option T)) (err : E) : RustM (core_models.result.Result T E) := do @@ -1883,1936 +2783,1538 @@ def Impl.ok_or (T : Type) (E : Type) (self : (Option T)) (err : E) : | (Option.Some v) => do (pure (core_models.result.Result.Ok v)) | (Option.None ) => do (pure (core_models.result.Result.Err err)) +-- See [`std::option::Option::ok_or_else`] +@[spec] +def Impl.ok_or_else + (T : Type) + (E : Type) + (F : Type) + [trait_constr_ok_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0] + [trait_constr_ok_or_else_i0 : core.ops.function.FnOnce + F + rust_primitives.hax.Tuple0 + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + rust_primitives.hax.Tuple0 + by infer_instance + with Output := E})] + (self : (Option T)) + (err : F) : + RustM (core_models.result.Result T E) := do + match self with + | (Option.Some v) => do (pure (core_models.result.Result.Ok v)) + | (Option.None ) => do + (pure (core_models.result.Result.Err + (← (core.ops.function.FnOnce.call_once + F + rust_primitives.hax.Tuple0 err rust_primitives.hax.Tuple0.mk)))) + end core_models.option namespace core_models.result -@[spec] -def Impl.unwrap_or (T : Type) (E : Type) (self : (Result T E)) (default : T) : - RustM T := do - match self with - | (Result.Ok t) => do (pure t) - | (Result.Err _) => do (pure default) - +-- See [`std::result::Result::is_ok`] @[spec] def Impl.is_ok (T : Type) (E : Type) (self : (Result T E)) : RustM Bool := do match self with | (Result.Ok _) => do (pure true) | _ => do (pure false) +-- See [`std::result::Result::is_ok_and`] @[spec] -def Impl.ok (T : Type) (E : Type) (self : (Result T E)) : - RustM (core_models.option.Option T) := do +def Impl.is_ok_and + (T : Type) + (E : Type) + (F : Type) + [trait_constr_is_ok_and_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_is_ok_and_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := Bool})] + (self : (Result T E)) + (f : F) : + RustM Bool := do match self with - | (Result.Ok x) => do (pure (core_models.option.Option.Some x)) - | (Result.Err _) => do (pure core_models.option.Option.None) - -end core_models.result - - -namespace core_models.slice.iter - -structure Chunks (T : Type) where - cs : usize - elements : (RustSlice T) + | (Result.Ok t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Result.Err _) => do (pure false) +-- See [`std::result::Result::is_err`] @[spec] -def Impl.new (T : Type) (cs : usize) (elements : (RustSlice T)) : - RustM (Chunks T) := do - (pure (Chunks.mk (cs := cs) (elements := elements))) - -structure ChunksExact (T : Type) where - cs : usize - elements : (RustSlice T) +def Impl.is_err (T : Type) (E : Type) (self : (Result T E)) : RustM Bool := do + (!? (← (Impl.is_ok T E self))) +-- See [`std::result::Result::is_err_and`] @[spec] -def Impl_1.new (T : Type) (cs : usize) (elements : (RustSlice T)) : - RustM (ChunksExact T) := do - (pure (ChunksExact.mk (cs := cs) (elements := elements))) - -structure Iter (T : Type) where - _0 : (rust_primitives.sequence.Seq T) - -end core_models.slice.iter - - -namespace core_models.slice +def Impl.is_err_and + (T : Type) + (E : Type) + (F : Type) + [trait_constr_is_err_and_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E)] + [trait_constr_is_err_and_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := Bool})] + (self : (Result T E)) + (f : F) : + RustM Bool := do + match self with + | (Result.Ok _) => do (pure false) + | (Result.Err e) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 E) f (rust_primitives.hax.Tuple1.mk e)) +-- See [`std::result::Result::as_ref`] @[spec] -def Impl.len (T : Type) (s : (RustSlice T)) : RustM usize := do - (rust_primitives.slice.slice_length T s) +def Impl.as_ref (T : Type) (E : Type) (self : (Result T E)) : + RustM (Result T E) := do + match self with + | (Result.Ok t) => do (pure (Result.Ok t)) + | (Result.Err e) => do (pure (Result.Err e)) +-- See [`std::result::Result::unwrap_or`] @[spec] -def Impl.chunks (T : Type) (s : (RustSlice T)) (cs : usize) : - RustM (core_models.slice.iter.Chunks T) := do - (core_models.slice.iter.Impl.new T cs s) +def Impl.unwrap_or (T : Type) (E : Type) (self : (Result T E)) (default : T) : + RustM T := do + match self with + | (Result.Ok t) => do (pure t) + | (Result.Err _) => do (pure default) +-- See [`std::result::Result::unwrap_or_else`] @[spec] -def Impl.iter (T : Type) (s : (RustSlice T)) : - RustM (core_models.slice.iter.Iter T) := do - (pure (core_models.slice.iter.Iter.mk - (← (rust_primitives.sequence.seq_from_slice T s)))) +def Impl.unwrap_or_else + (T : Type) + (E : Type) + (F : Type) + [trait_constr_unwrap_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E)] + [trait_constr_unwrap_or_else_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := T})] + (self : (Result T E)) + (op : F) : + RustM T := do + match self with + | (Result.Ok t) => do (pure t) + | (Result.Err e) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 E) op (rust_primitives.hax.Tuple1.mk e)) +-- See [`std::result::Result::unwrap_or_default`] @[spec] -def Impl.chunks_exact (T : Type) (s : (RustSlice T)) (cs : usize) : - RustM (core_models.slice.iter.ChunksExact T) := do - (core_models.slice.iter.Impl_1.new T cs s) +def Impl.unwrap_or_default + (T : Type) + (E : Type) + [trait_constr_unwrap_or_default_associated_type_i0 : + core_models.default.Default.AssociatedTypes + T] + [trait_constr_unwrap_or_default_i0 : core_models.default.Default T ] + (self : (Result T E)) : + RustM T := do + match self with + | (Result.Ok t) => do (pure t) + | (Result.Err _) => do + (core_models.default.Default.default T rust_primitives.hax.Tuple0.mk) +-- See [`std::result::Result::map`] @[spec] -def Impl.is_empty (T : Type) (s : (RustSlice T)) : RustM Bool := do - ((← (Impl.len T s)) ==? (0 : usize)) - -opaque Impl.contains (T : Type) (s : (RustSlice T)) (v : T) : RustM Bool - -opaque Impl.copy_within +def Impl.map (T : Type) - (R : Type) - [trait_constr_copy_within_associated_type_i0 : - core.marker.Copy.AssociatedTypes - T] - [trait_constr_copy_within_i0 : core.marker.Copy T ] - (s : (RustSlice T)) - (src : R) - (dest : usize) : - RustM (RustSlice T) - -opaque Impl.binary_search (T : Type) (s : (RustSlice T)) (x : T) : - RustM (core_models.result.Result usize usize) + (E : Type) + (U : Type) + (F : Type) + [trait_constr_map_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + (self : (Result T E)) + (op : F) : + RustM (Result U E) := do + match self with + | (Result.Ok t) => do + (pure (Result.Ok + (← (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) + op + (rust_primitives.hax.Tuple1.mk t))))) + | (Result.Err e) => do (pure (Result.Err e)) -def Impl.copy_from_slice +-- See [`std::result::Result::map_or`] +@[spec] +def Impl.map_or (T : Type) - [trait_constr_copy_from_slice_associated_type_i0 : - core_models.marker.Copy.AssociatedTypes - T] - [trait_constr_copy_from_slice_i0 : core_models.marker.Copy T ] - (s : (RustSlice T)) - (src : (RustSlice T)) : - RustM (RustSlice T) := do - let ⟨tmp0, out⟩ ← (rust_primitives.mem.replace (RustSlice T) s src); - let s : (RustSlice T) := tmp0; - let _ := out; - (pure s) - -set_option hax_mvcgen.specset "bv" in -@[hax_spec] -def - Impl.copy_from_slice.spec - (T : Type) - [trait_constr_copy_from_slice_associated_type_i0 : - core_models.marker.Copy.AssociatedTypes - T] - [trait_constr_copy_from_slice_i0 : core_models.marker.Copy T ] - (s : (RustSlice T)) - (src : (RustSlice T)) : - Spec - (requires := do ((← (Impl.len T s)) ==? (← (Impl.len T src)))) - (ensures := fun _ => pure True) - (Impl.copy_from_slice - (T : Type) - (s : (RustSlice T)) - (src : (RustSlice T))) := { - pureRequires := by hax_construct_pure <;> bv_decide - pureEnsures := by hax_construct_pure <;> bv_decide - contract := by hax_mvcgen [Impl.copy_from_slice] <;> bv_decide -} + (E : Type) + (U : Type) + (F : Type) + [trait_constr_map_or_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + (self : (Result T E)) + (default : U) + (f : F) : + RustM U := do + match self with + | (Result.Ok t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Result.Err _) => do (pure default) -def Impl.clone_from_slice +-- See [`std::result::Result::map_or_else`] +@[spec] +def Impl.map_or_else (T : Type) - [trait_constr_clone_from_slice_associated_type_i0 : - core_models.clone.Clone.AssociatedTypes - T] - [trait_constr_clone_from_slice_i0 : core_models.clone.Clone T ] - (s : (RustSlice T)) - (src : (RustSlice T)) : - RustM (RustSlice T) := do - let ⟨tmp0, out⟩ ← (rust_primitives.mem.replace (RustSlice T) s src); - let s : (RustSlice T) := tmp0; - let _ := out; - (pure s) - -set_option hax_mvcgen.specset "bv" in -@[hax_spec] -def - Impl.clone_from_slice.spec - (T : Type) - [trait_constr_clone_from_slice_associated_type_i0 : - core_models.clone.Clone.AssociatedTypes - T] - [trait_constr_clone_from_slice_i0 : core_models.clone.Clone T ] - (s : (RustSlice T)) - (src : (RustSlice T)) : - Spec - (requires := do ((← (Impl.len T s)) ==? (← (Impl.len T src)))) - (ensures := fun _ => pure True) - (Impl.clone_from_slice - (T : Type) - (s : (RustSlice T)) - (src : (RustSlice T))) := { - pureRequires := by hax_construct_pure <;> bv_decide - pureEnsures := by hax_construct_pure <;> bv_decide - contract := by hax_mvcgen [Impl.clone_from_slice] <;> bv_decide -} - -def Impl.split_at (T : Type) (s : (RustSlice T)) (mid : usize) : - RustM (rust_primitives.hax.Tuple2 (RustSlice T) (RustSlice T)) := do - (rust_primitives.slice.slice_split_at T s mid) - -set_option hax_mvcgen.specset "bv" in -@[hax_spec] -def Impl.split_at.spec (T : Type) (s : (RustSlice T)) (mid : usize) : - Spec - (requires := do (mid <=? (← (Impl.len T s)))) - (ensures := fun _ => pure True) - (Impl.split_at (T : Type) (s : (RustSlice T)) (mid : usize)) := { - pureRequires := by hax_construct_pure <;> bv_decide - pureEnsures := by hax_construct_pure <;> bv_decide - contract := by hax_mvcgen [Impl.split_at] <;> bv_decide -} + (E : Type) + (U : Type) + (D : Type) + (F : Type) + [trait_constr_map_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_else_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + [trait_constr_map_or_else_associated_type_i1 : + core.ops.function.FnOnce.AssociatedTypes + D + (rust_primitives.hax.Tuple1 E)] + [trait_constr_map_or_else_i1 : core.ops.function.FnOnce + D + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + D + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := U})] + (self : (Result T E)) + (default : D) + (f : F) : + RustM U := do + match self with + | (Result.Ok t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Result.Err e) => do + (core.ops.function.FnOnce.call_once + D + (rust_primitives.hax.Tuple1 E) + default + (rust_primitives.hax.Tuple1.mk e)) +-- See [`std::result::Result::map_or_default`] @[spec] -def Impl.split_at_checked (T : Type) (s : (RustSlice T)) (mid : usize) : - RustM - (core_models.option.Option - (rust_primitives.hax.Tuple2 (RustSlice T) (RustSlice T))) - := do - if (← (mid <=? (← (Impl.len T s)))) then do - (pure (core_models.option.Option.Some (← (Impl.split_at T s mid)))) - else do - (pure core_models.option.Option.None) - -end core_models.slice - - -namespace core_models.str.error - -structure Utf8Error where - -- no fields - -end core_models.str.error - - -namespace core_models.str.converts - -opaque from_utf8 (s : (RustSlice u8)) : - RustM (core_models.result.Result String core_models.str.error.Utf8Error) - -end core_models.str.converts - - -namespace core_models.str.iter - -structure Split (T : Type) where - _0 : T - -end core_models.str.iter - - -namespace core_models.convert - -class TryInto.AssociatedTypes (Self : Type) (T : Type) where - Error : Type - -attribute [reducible] TryInto.AssociatedTypes.Error - -abbrev TryInto.Error := - TryInto.AssociatedTypes.Error - -class TryInto (Self : Type) (T : Type) - [associatedTypes : outParam (TryInto.AssociatedTypes (Self : Type) (T : - Type))] - where - try_into (Self) (T) : - (Self -> RustM (core_models.result.Result T associatedTypes.Error)) - -class TryFrom.AssociatedTypes (Self : Type) (T : Type) where - Error : Type - -attribute [reducible] TryFrom.AssociatedTypes.Error - -abbrev TryFrom.Error := - TryFrom.AssociatedTypes.Error - -class TryFrom (Self : Type) (T : Type) - [associatedTypes : outParam (TryFrom.AssociatedTypes (Self : Type) (T : - Type))] - where - try_from (Self) (T) : - (T -> RustM (core_models.result.Result Self associatedTypes.Error)) - -end core_models.convert - - -namespace core_models.iter.traits.iterator - -class Iterator.AssociatedTypes (Self : Type) where - Item : Type - -attribute [reducible] Iterator.AssociatedTypes.Item - -abbrev Iterator.Item := - Iterator.AssociatedTypes.Item - -class Iterator (Self : Type) - [associatedTypes : outParam (Iterator.AssociatedTypes (Self : Type))] - where - next (Self) : - (Self -> - RustM (rust_primitives.hax.Tuple2 - Self - (core_models.option.Option associatedTypes.Item))) - -end core_models.iter.traits.iterator - - -namespace core_models.iter.traits.collect - -class IntoIterator.AssociatedTypes (Self : Type) where - IntoIter : Type - -attribute [reducible] IntoIterator.AssociatedTypes.IntoIter - -abbrev IntoIterator.IntoIter := - IntoIterator.AssociatedTypes.IntoIter - -class IntoIterator (Self : Type) - [associatedTypes : outParam (IntoIterator.AssociatedTypes (Self : Type))] - where - into_iter (Self) : (Self -> RustM associatedTypes.IntoIter) - -end core_models.iter.traits.collect - - -namespace core_models.ops.arith - -class Add.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type - -attribute [reducible] Add.AssociatedTypes.Output - -abbrev Add.Output := - Add.AssociatedTypes.Output - -class Add (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Add.AssociatedTypes (Self : Type) (Rhs : Type))] - where - add (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) - -class Sub.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type - -attribute [reducible] Sub.AssociatedTypes.Output - -abbrev Sub.Output := - Sub.AssociatedTypes.Output - -class Sub (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Sub.AssociatedTypes (Self : Type) (Rhs : Type))] - where - sub (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) - -class Mul.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type - -attribute [reducible] Mul.AssociatedTypes.Output - -abbrev Mul.Output := - Mul.AssociatedTypes.Output - -class Mul (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Mul.AssociatedTypes (Self : Type) (Rhs : Type))] - where - mul (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) - -class Div.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type - -attribute [reducible] Div.AssociatedTypes.Output +def Impl.map_or_default + (T : Type) + (E : Type) + (U : Type) + (F : Type) + [trait_constr_map_or_default_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_map_or_default_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := U})] + [trait_constr_map_or_default_associated_type_i1 : + core_models.default.Default.AssociatedTypes + U] + [trait_constr_map_or_default_i1 : core_models.default.Default U ] + (self : (Result T E)) + (f : F) : + RustM U := do + match self with + | (Result.Ok t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)) + | (Result.Err _) => do + (core_models.default.Default.default U rust_primitives.hax.Tuple0.mk) -abbrev Div.Output := - Div.AssociatedTypes.Output +-- See [`std::result::Result::map_err`] +@[spec] +def Impl.map_err + (T : Type) + (E : Type) + (F : Type) + (O : Type) + [trait_constr_map_err_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + O + (rust_primitives.hax.Tuple1 E)] + [trait_constr_map_err_i0 : core.ops.function.FnOnce + O + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + O + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := F})] + (self : (Result T E)) + (op : O) : + RustM (Result T F) := do + match self with + | (Result.Ok t) => do (pure (Result.Ok t)) + | (Result.Err e) => do + (pure (Result.Err + (← (core.ops.function.FnOnce.call_once + O + (rust_primitives.hax.Tuple1 E) + op + (rust_primitives.hax.Tuple1.mk e))))) -class Div (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Div.AssociatedTypes (Self : Type) (Rhs : Type))] - where - div (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) +-- See [`std::result::Result::inspect`] +@[spec] +def Impl.inspect + (T : Type) + (E : Type) + (F : Type) + [trait_constr_inspect_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_inspect_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := rust_primitives.hax.Tuple0})] + (self : (Result T E)) + (f : F) : + RustM (Result T E) := do + let _ ← + match self with + | (Result.Ok t) => do + let _ ← + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) f (rust_primitives.hax.Tuple1.mk t)); + (pure rust_primitives.hax.Tuple0.mk) + | _ => do (pure rust_primitives.hax.Tuple0.mk); + (pure self) -class Neg.AssociatedTypes (Self : Type) where - Output : Type +-- See [`std::result::Result::inspect_err`] +@[spec] +def Impl.inspect_err + (T : Type) + (E : Type) + (F : Type) + [trait_constr_inspect_err_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E)] + [trait_constr_inspect_err_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := rust_primitives.hax.Tuple0})] + (self : (Result T E)) + (f : F) : + RustM (Result T E) := do + let _ ← + match self with + | (Result.Err e) => do + let _ ← + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 E) f (rust_primitives.hax.Tuple1.mk e)); + (pure rust_primitives.hax.Tuple0.mk) + | _ => do (pure rust_primitives.hax.Tuple0.mk); + (pure self) -attribute [reducible] Neg.AssociatedTypes.Output +-- See [`std::result::Result::ok`] +@[spec] +def Impl.ok (T : Type) (E : Type) (self : (Result T E)) : + RustM (core_models.option.Option T) := do + match self with + | (Result.Ok x) => do (pure (core_models.option.Option.Some x)) + | (Result.Err _) => do (pure core_models.option.Option.None) -abbrev Neg.Output := - Neg.AssociatedTypes.Output +-- See [`std::result::Result::err`] +@[spec] +def Impl.err (T : Type) (E : Type) (self : (Result T E)) : + RustM (core_models.option.Option E) := do + match self with + | (Result.Ok _) => do (pure core_models.option.Option.None) + | (Result.Err e) => do (pure (core_models.option.Option.Some e)) -class Neg (Self : Type) - [associatedTypes : outParam (Neg.AssociatedTypes (Self : Type))] - where - neg (Self) : (Self -> RustM associatedTypes.Output) +-- See [`std::result::Result::and`] +@[spec] +def Impl.and (T : Type) (E : Type) (U : Type) + (self : (Result T E)) + (res : (Result U E)) : + RustM (Result U E) := do + match self with + | (Result.Ok _) => do (pure res) + | (Result.Err e) => do (pure (Result.Err e)) -class Rem.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type +-- See [`std::result::Result::and_then`] +@[spec] +def Impl.and_then + (T : Type) + (E : Type) + (U : Type) + (F : Type) + [trait_constr_and_then_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T)] + [trait_constr_and_then_i0 : core.ops.function.FnOnce + F + (rust_primitives.hax.Tuple1 T) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + F + (rust_primitives.hax.Tuple1 T) + by infer_instance + with Output := (Result U E)})] + (self : (Result T E)) + (op : F) : + RustM (Result U E) := do + match self with + | (Result.Ok t) => do + (core.ops.function.FnOnce.call_once + F + (rust_primitives.hax.Tuple1 T) op (rust_primitives.hax.Tuple1.mk t)) + | (Result.Err e) => do (pure (Result.Err e)) -attribute [reducible] Rem.AssociatedTypes.Output +-- See [`std::result::Result::or`] +@[spec] +def Impl.or (T : Type) (E : Type) (F : Type) + (self : (Result T E)) + (res : (Result T F)) : + RustM (Result T F) := do + match self with + | (Result.Ok t) => do (pure (Result.Ok t)) + | (Result.Err _) => do (pure res) -abbrev Rem.Output := - Rem.AssociatedTypes.Output +-- See [`std::result::Result::or_else`] +@[spec] +def Impl.or_else + (T : Type) + (E : Type) + (F : Type) + (O : Type) + [trait_constr_or_else_associated_type_i0 : + core.ops.function.FnOnce.AssociatedTypes + O + (rust_primitives.hax.Tuple1 E)] + [trait_constr_or_else_i0 : core.ops.function.FnOnce + O + (rust_primitives.hax.Tuple1 E) + (associatedTypes := { + show + core.ops.function.FnOnce.AssociatedTypes + O + (rust_primitives.hax.Tuple1 E) + by infer_instance + with Output := (Result T F)})] + (self : (Result T E)) + (op : O) : + RustM (Result T F) := do + match self with + | (Result.Ok t) => do (pure (Result.Ok t)) + | (Result.Err e) => do + (core.ops.function.FnOnce.call_once + O + (rust_primitives.hax.Tuple1 E) op (rust_primitives.hax.Tuple1.mk e)) -class Rem (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Rem.AssociatedTypes (Self : Type) (Rhs : Type))] - where - rem (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) +-- See [`std::result::Result::expect_err`] +def Impl.expect_err (T : Type) (E : Type) + (self : (Result T E)) + (_msg : String) : + RustM E := do + match self with + | (Result.Ok _) => do + (core_models.panicking.internal.panic E rust_primitives.hax.Tuple0.mk) + | (Result.Err e) => do (pure e) -end core_models.ops.arith +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl.expect_err.spec (T : Type) (E : Type) + (self : (Result T E)) + (_msg : String) : + Spec + (requires := do (Impl.is_err T E self)) + (ensures := fun _ => pure True) + (Impl.expect_err + (T : Type) + (E : Type) + (self : (Result T E)) + (_msg : String)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.expect_err] <;> bv_decide +} +-- See [`std::result::Result::unwrap_err`] +def Impl.unwrap_err (T : Type) (E : Type) (self : (Result T E)) : RustM E := do + match self with + | (Result.Ok _) => do + (core_models.panicking.internal.panic E rust_primitives.hax.Tuple0.mk) + | (Result.Err e) => do (pure e) -namespace core_models.ops.bit +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def Impl.unwrap_err.spec (T : Type) (E : Type) (self : (Result T E)) : + Spec + (requires := do (Impl.is_err T E self)) + (ensures := fun _ => pure True) + (Impl.unwrap_err (T : Type) (E : Type) (self : (Result T E))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.unwrap_err] <;> bv_decide +} -class Shr.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type +-- See [`std::result::Result::cloned`] +@[spec] +def Impl_1.cloned + (T : Type) + (E : Type) + [trait_constr_cloned_associated_type_i0 : + core_models.clone.Clone.AssociatedTypes + T] + [trait_constr_cloned_i0 : core_models.clone.Clone T ] + (self : (Result T E)) : + RustM (Result T E) := do + match self with + | (Result.Ok t) => do + (pure (Result.Ok (← (core_models.clone.Clone.clone T t)))) + | (Result.Err e) => do (pure (Result.Err e)) -attribute [reducible] Shr.AssociatedTypes.Output +-- See [`std::result::Result::transpose`] +@[spec] +def Impl_2.transpose (T : Type) (E : Type) + (self : (Result (core_models.option.Option T) E)) : + RustM (core_models.option.Option (Result T E)) := do + match self with + | (Result.Ok (core_models.option.Option.Some t)) => do + (pure (core_models.option.Option.Some (Result.Ok t))) + | (Result.Ok (core_models.option.Option.None )) => do + (pure core_models.option.Option.None) + | (Result.Err e) => do + (pure (core_models.option.Option.Some (Result.Err e))) -abbrev Shr.Output := - Shr.AssociatedTypes.Output +-- See [`std::result::Result::flatten`] +@[spec] +def Impl_3.flatten (T : Type) (E : Type) (self : (Result (Result T E) E)) : + RustM (Result T E) := do + match self with + | (Result.Ok inner) => do (pure inner) + | (Result.Err e) => do (pure (Result.Err e)) -class Shr (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Shr.AssociatedTypes (Self : Type) (Rhs : Type))] - where - shr (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) +end core_models.result -class Shl.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type -attribute [reducible] Shl.AssociatedTypes.Output +namespace core_models.slice.iter -abbrev Shl.Output := - Shl.AssociatedTypes.Output +-- See [`std::slice::Chunks`] +structure Chunks (T : Type) where + cs : usize + elements : (RustSlice T) -class Shl (Self : Type) (Rhs : Type) - [associatedTypes : outParam (Shl.AssociatedTypes (Self : Type) (Rhs : Type))] - where - shl (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) +@[spec] +def Impl.new (T : Type) (cs : usize) (elements : (RustSlice T)) : + RustM (Chunks T) := do + (pure (Chunks.mk (cs := cs) (elements := elements))) -class BitXor.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type +-- See [`std::slice::ChunksExact`] +structure ChunksExact (T : Type) where + cs : usize + elements : (RustSlice T) -attribute [reducible] BitXor.AssociatedTypes.Output +@[spec] +def Impl_1.new (T : Type) (cs : usize) (elements : (RustSlice T)) : + RustM (ChunksExact T) := do + (pure (ChunksExact.mk (cs := cs) (elements := elements))) -abbrev BitXor.Output := - BitXor.AssociatedTypes.Output +-- See [`std::slice::Iter`] +structure Iter (T : Type) where + _0 : (rust_primitives.sequence.Seq T) -class BitXor (Self : Type) (Rhs : Type) - [associatedTypes : outParam (BitXor.AssociatedTypes (Self : Type) (Rhs : - Type))] +@[reducible] instance Impl_2.AssociatedTypes (T : Type) : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Iter T) where - bitxor (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) + Item := T -class BitAnd.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type +instance Impl_2 (T : Type) : + core_models.iter.traits.iterator.Iterator (Iter T) + where + next := fun (self : (Iter T)) => do + let ⟨self, hax_temp_output⟩ ← + if + (← ((← (rust_primitives.sequence.seq_len T (Iter._0 self))) + ==? (0 : usize))) then do + (pure (rust_primitives.hax.Tuple2.mk + self + core_models.option.Option.None)) + else do + let ⟨tmp0, out⟩ ← + (rust_primitives.sequence.seq_remove T (Iter._0 self) (0 : usize)); + let self : (Iter T) := {self with _0 := tmp0}; + let res : T := out; + (pure (rust_primitives.hax.Tuple2.mk + self + (core_models.option.Option.Some res))); + (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) -attribute [reducible] BitAnd.AssociatedTypes.Output +@[reducible] instance Impl_3.AssociatedTypes (T : Type) : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Chunks T) + where + Item := (RustSlice T) -abbrev BitAnd.Output := - BitAnd.AssociatedTypes.Output +instance Impl_3 (T : Type) : + core_models.iter.traits.iterator.Iterator (Chunks T) + where + next := fun (self : (Chunks T)) => do + let ⟨self, hax_temp_output⟩ ← + if + (← ((← (rust_primitives.slice.slice_length T (Chunks.elements self))) + ==? (0 : usize))) then do + (pure (rust_primitives.hax.Tuple2.mk + self + core_models.option.Option.None)) + else do + if + (← ((← (rust_primitives.slice.slice_length T (Chunks.elements self))) + Rhs -> RustM associatedTypes.Output) + Item := (RustSlice T) -class BitOr.AssociatedTypes (Self : Type) (Rhs : Type) where - Output : Type +instance Impl_4 (T : Type) : + core_models.iter.traits.iterator.Iterator (ChunksExact T) + where + next := fun (self : (ChunksExact T)) => do + let ⟨self, hax_temp_output⟩ ← + if + (← ((← (rust_primitives.slice.slice_length T (ChunksExact.elements self))) + Rhs -> RustM associatedTypes.Output) +@[instance] opaque Impl_6.AssociatedTypes (T : Type) : + core_models.iter.traits.iterator.Iterator.AssociatedTypes (Windows T) := + by constructor <;> exact Inhabited.default -end core_models.ops.bit +@[instance] opaque Impl_6 (T : Type) : + core_models.iter.traits.iterator.Iterator (Windows T) := + by constructor <;> exact Inhabited.default +end core_models.slice.iter -namespace core_models.ops.index -class Index.AssociatedTypes (Self : Type) (Idx : Type) where - Output : Type +namespace core_models.slice -attribute [reducible] Index.AssociatedTypes.Output +-- See [`std::slice::len`] +@[spec] +def Impl.len (T : Type) (s : (RustSlice T)) : RustM usize := do + (rust_primitives.slice.slice_length T s) -abbrev Index.Output := - Index.AssociatedTypes.Output +-- See [`std::slice::chunks`] +@[spec] +def Impl.chunks (T : Type) (s : (RustSlice T)) (cs : usize) : + RustM (core_models.slice.iter.Chunks T) := do + (core_models.slice.iter.Impl.new T cs s) -class Index (Self : Type) (Idx : Type) - [associatedTypes : outParam (Index.AssociatedTypes (Self : Type) (Idx : - Type))] - where - index (Self) (Idx) : (Self -> Idx -> RustM associatedTypes.Output) +-- See [`std::slice::iter`] +@[spec] +def Impl.iter (T : Type) (s : (RustSlice T)) : + RustM (core_models.slice.iter.Iter T) := do + (pure (core_models.slice.iter.Iter.mk + (← (rust_primitives.sequence.seq_from_slice T s)))) -end core_models.ops.index +-- See [`std::slice::chunks_exact`] +@[spec] +def Impl.chunks_exact (T : Type) (s : (RustSlice T)) (cs : usize) : + RustM (core_models.slice.iter.ChunksExact T) := do + (core_models.slice.iter.Impl_1.new T cs s) +-- See [`std::slice::is_empty`] +@[spec] +def Impl.is_empty (T : Type) (s : (RustSlice T)) : RustM Bool := do + ((← (Impl.len T s)) ==? (0 : usize)) -namespace core_models.ops.function +-- See [`std::slice::contains`] +opaque Impl.contains + (T : Type) + [trait_constr_contains_associated_type_i0 : + core.cmp.PartialEq.AssociatedTypes + T + T] + [trait_constr_contains_i0 : core.cmp.PartialEq T T ] + (s : (RustSlice T)) + (v : T) : + RustM Bool -class FnOnce.AssociatedTypes (Self : Type) (Args : Type) where - Output : Type +-- See [`std::slice::copy_within`] +opaque Impl.copy_within + (T : Type) + (R : Type) + [trait_constr_copy_within_associated_type_i0 : + core.marker.Copy.AssociatedTypes + T] + [trait_constr_copy_within_i0 : core.marker.Copy T ] + (s : (RustSlice T)) + (src : R) + (dest : usize) : + RustM (RustSlice T) -attribute [reducible] FnOnce.AssociatedTypes.Output +-- See [`std::slice::binary_search`] +opaque Impl.binary_search (T : Type) (s : (RustSlice T)) (x : T) : + RustM (core_models.result.Result usize usize) -abbrev FnOnce.Output := - FnOnce.AssociatedTypes.Output +-- See [`std::slice::first`] +@[spec] +def Impl.first (T : Type) (s : (RustSlice T)) : + RustM (core_models.option.Option T) := do + if (← (Impl.is_empty T s)) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some + (← (rust_primitives.slice.slice_index T s (0 : usize))))) -class FnOnce (Self : Type) (Args : Type) - [associatedTypes : outParam (FnOnce.AssociatedTypes (Self : Type) (Args : - Type))] - where - call_once (Self) (Args) : (Self -> Args -> RustM associatedTypes.Output) +-- See [`std::slice::last`] +@[spec] +def Impl.last (T : Type) (s : (RustSlice T)) : + RustM (core_models.option.Option T) := do + if (← (Impl.is_empty T s)) then do + (pure core_models.option.Option.None) + else do + (pure (core_models.option.Option.Some + (← (rust_primitives.slice.slice_index T + s + (← ((← (Impl.len T s)) -? (1 : usize))))))) -end core_models.ops.function +-- See [`std::slice::reverse`] +opaque Impl.reverse (T : Type) (s : (RustSlice T)) : RustM (RustSlice T) +-- See [`std::slice::starts_with`] +opaque Impl.starts_with + (T : Type) + [trait_constr_starts_with_associated_type_i0 : + core.cmp.PartialEq.AssociatedTypes + T + T] + [trait_constr_starts_with_i0 : core.cmp.PartialEq T T ] + (s : (RustSlice T)) + (needle : (RustSlice T)) : + RustM Bool -namespace core_models.ops.try_trait +-- See [`std::slice::ends_with`] +opaque Impl.ends_with + (T : Type) + [trait_constr_ends_with_associated_type_i0 : + core.cmp.PartialEq.AssociatedTypes + T + T] + [trait_constr_ends_with_i0 : core.cmp.PartialEq T T ] + (s : (RustSlice T)) + (needle : (RustSlice T)) : + RustM Bool -class Try.AssociatedTypes (Self : Type) where - Output : Type - Residual : Type +-- See [`std::slice::fill`] +opaque Impl.fill + (T : Type) + [trait_constr_fill_associated_type_i0 : core.clone.Clone.AssociatedTypes T] + [trait_constr_fill_i0 : core.clone.Clone T ] + (s : (RustSlice T)) + (value : T) : + RustM (RustSlice T) -attribute [reducible] Try.AssociatedTypes.Output +-- See [`std::slice::copy_from_slice`] +def Impl.copy_from_slice + (T : Type) + [trait_constr_copy_from_slice_associated_type_i0 : + core.marker.Copy.AssociatedTypes + T] + [trait_constr_copy_from_slice_i0 : core.marker.Copy T ] + (s : (RustSlice T)) + (src : (RustSlice T)) : + RustM (RustSlice T) := do + let s : (RustSlice T) ← + (rust_primitives.slice.slice_clone_from_slice T s src); + (pure s) -attribute [reducible] Try.AssociatedTypes.Residual +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl.copy_from_slice.spec + (T : Type) + [trait_constr_copy_from_slice_associated_type_i0 : + core.marker.Copy.AssociatedTypes + T] + [trait_constr_copy_from_slice_i0 : core.marker.Copy T ] + (s : (RustSlice T)) + (src : (RustSlice T)) : + Spec + (requires := do ((← (Impl.len T s)) ==? (← (Impl.len T src)))) + (ensures := fun _ => pure True) + (Impl.copy_from_slice + (T : Type) + (s : (RustSlice T)) + (src : (RustSlice T))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.copy_from_slice] <;> bv_decide +} -abbrev Try.Output := - Try.AssociatedTypes.Output +-- See [`std::slice::clone_from_slice`] +def Impl.clone_from_slice + (T : Type) + [trait_constr_clone_from_slice_associated_type_i0 : + core.clone.Clone.AssociatedTypes + T] + [trait_constr_clone_from_slice_i0 : core.clone.Clone T ] + (s : (RustSlice T)) + (src : (RustSlice T)) : + RustM (RustSlice T) := do + let s : (RustSlice T) ← + (rust_primitives.slice.slice_clone_from_slice T s src); + (pure s) -abbrev Try.Residual := - Try.AssociatedTypes.Residual +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def + Impl.clone_from_slice.spec + (T : Type) + [trait_constr_clone_from_slice_associated_type_i0 : + core.clone.Clone.AssociatedTypes + T] + [trait_constr_clone_from_slice_i0 : core.clone.Clone T ] + (s : (RustSlice T)) + (src : (RustSlice T)) : + Spec + (requires := do ((← (Impl.len T s)) ==? (← (Impl.len T src)))) + (ensures := fun _ => pure True) + (Impl.clone_from_slice + (T : Type) + (s : (RustSlice T)) + (src : (RustSlice T))) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.clone_from_slice] <;> bv_decide +} -class Try (Self : Type) - [associatedTypes : outParam (Try.AssociatedTypes (Self : Type))] - where - from_output (Self) : (associatedTypes.Output -> RustM Self) - branch (Self) : - (Self -> - RustM (core_models.ops.control_flow.ControlFlow - associatedTypes.Residual - associatedTypes.Output)) +-- See [`std::slice::split_at`] +def Impl.split_at (T : Type) (s : (RustSlice T)) (mid : usize) : + RustM (rust_primitives.hax.Tuple2 (RustSlice T) (RustSlice T)) := do + (rust_primitives.slice.slice_split_at T s mid) -end core_models.ops.try_trait +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def Impl.split_at.spec (T : Type) (s : (RustSlice T)) (mid : usize) : + Spec + (requires := do (mid <=? (← (Impl.len T s)))) + (ensures := fun _ => pure True) + (Impl.split_at (T : Type) (s : (RustSlice T)) (mid : usize)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.split_at] <;> bv_decide +} +-- See [`std::slice::split_at_checked`] +@[spec] +def Impl.split_at_checked (T : Type) (s : (RustSlice T)) (mid : usize) : + RustM + (core_models.option.Option + (rust_primitives.hax.Tuple2 (RustSlice T) (RustSlice T))) + := do + if (← (mid <=? (← (Impl.len T s)))) then do + (pure (core_models.option.Option.Some (← (Impl.split_at T s mid)))) + else do + (pure core_models.option.Option.None) -namespace core_models.ops.deref +-- See [`std::slice::swap`] +opaque Impl.swap (T : Type) (s : (RustSlice T)) (a : usize) (b : usize) : + RustM (RustSlice T) -class Deref.AssociatedTypes (Self : Type) where - Target : Type +-- See [`std::slice::windows`] +def Impl.windows (T : Type) (s : (RustSlice T)) (size : usize) : + RustM (core_models.slice.iter.Windows T) := do + let _ ← + if (← (size ==? (0 : usize))) then do + (core_models.panicking.internal.panic rust_primitives.hax.Tuple0 + rust_primitives.hax.Tuple0.mk) + else do + (pure rust_primitives.hax.Tuple0.mk); + (core_models.slice.iter.Impl_5.new T size s) -attribute [reducible] Deref.AssociatedTypes.Target +set_option hax_mvcgen.specset "bv" in +@[hax_spec] +def Impl.windows.spec (T : Type) (s : (RustSlice T)) (size : usize) : + Spec + (requires := do (size >? (0 : usize))) + (ensures := fun _ => pure True) + (Impl.windows (T : Type) (s : (RustSlice T)) (size : usize)) := { + pureRequires := by hax_construct_pure <;> bv_decide + pureEnsures := by hax_construct_pure <;> bv_decide + contract := by hax_mvcgen [Impl.windows] <;> bv_decide +} -abbrev Deref.Target := - Deref.AssociatedTypes.Target +end core_models.slice -class Deref (Self : Type) - [associatedTypes : outParam (Deref.AssociatedTypes (Self : Type))] - where - deref (Self) : (Self -> RustM associatedTypes.Target) -end core_models.ops.deref +namespace core_models.str.error +-- See [`std::str::Utf8Error`] +structure Utf8Error where + -- no fields -namespace core_models.slice +end core_models.str.error -class SliceIndex.AssociatedTypes (Self : Type) (T : Type) where - Output : Type -attribute [reducible] SliceIndex.AssociatedTypes.Output +namespace core_models.str.converts -abbrev SliceIndex.Output := - SliceIndex.AssociatedTypes.Output +opaque from_utf8 (s : (RustSlice u8)) : + RustM (core_models.result.Result String core_models.str.error.Utf8Error) -class SliceIndex (Self : Type) (T : Type) - [associatedTypes : outParam (SliceIndex.AssociatedTypes (Self : Type) (T : - Type))] - where - get (Self) (T) : - (Self -> T -> RustM (core_models.option.Option associatedTypes.Output)) +end core_models.str.converts -end core_models.slice +namespace core_models.str.iter -namespace core_models.str.traits +structure Split (T : Type) where + _0 : T -class FromStr.AssociatedTypes (Self : Type) where - Err : Type +end core_models.str.iter -attribute [reducible] FromStr.AssociatedTypes.Err -abbrev FromStr.Err := - FromStr.AssociatedTypes.Err +namespace core_models.convert -class FromStr (Self : Type) - [associatedTypes : outParam (FromStr.AssociatedTypes (Self : Type))] - where - from_str (Self) : - (String -> RustM (core_models.result.Result Self associatedTypes.Err)) +-- See [`std::convert::TryInto`] +class TryInto.AssociatedTypes (Self : Type) (T : Type) where + Error : Type -end core_models.str.traits +attribute [reducible] TryInto.AssociatedTypes.Error +abbrev TryInto.Error := + TryInto.AssociatedTypes.Error -namespace core_models.array +class TryInto (Self : Type) (T : Type) + [associatedTypes : outParam (TryInto.AssociatedTypes (Self : Type) (T : + Type))] + where + try_into (Self) (T) : + (Self -> RustM (core_models.result.Result T associatedTypes.Error)) -@[spec] -def Impl_23.map - (T : Type) - (N : usize) - (F : Type) - (U : Type) - [trait_constr_map_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - (s : (RustArray T N)) - (f : (T -> RustM U)) : - RustM (RustArray U N) := do - (rust_primitives.slice.array_map T U (N) (T -> RustM U) s f) +-- See [`std::convert::TryFrom`] +class TryFrom.AssociatedTypes (Self : Type) (T : Type) where + Error : Type -@[spec] -def from_fn - (T : Type) - (N : usize) - (F : Type) - [trait_constr_from_fn_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - usize] - [trait_constr_from_fn_i0 : core_models.ops.function.FnOnce - F - usize - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F usize - by infer_instance - with Output := T})] - (f : (usize -> RustM T)) : - RustM (RustArray T N) := do - (rust_primitives.slice.array_from_fn T (N) (usize -> RustM T) f) +attribute [reducible] TryFrom.AssociatedTypes.Error -end core_models.array +abbrev TryFrom.Error := + TryFrom.AssociatedTypes.Error +class TryFrom (Self : Type) (T : Type) + [associatedTypes : outParam (TryFrom.AssociatedTypes (Self : Type) (T : + Type))] + where + try_from (Self) (T) : + (T -> RustM (core_models.result.Result Self associatedTypes.Error)) -namespace core_models.convert +end core_models.convert -@[reducible] instance Impl_1.AssociatedTypes - (T : Type) - (U : Type) - [trait_constr_Impl_1_associated_type_i0 : From.AssociatedTypes U T] - [trait_constr_Impl_1_i0 : From U T ] : - TryFrom.AssociatedTypes U T - where - Error := Infallible -instance Impl_1 - (T : Type) - (U : Type) - [trait_constr_Impl_1_associated_type_i0 : From.AssociatedTypes U T] - [trait_constr_Impl_1_i0 : From U T ] : - TryFrom U T - where - try_from := fun (x : T) => do - (pure (core_models.result.Result.Ok (← (From._from U T x)))) +namespace core_models.iter.traits.collect -@[reducible] instance Impl_2.AssociatedTypes - (T : Type) - (U : Type) - [trait_constr_Impl_2_associated_type_i0 : TryFrom.AssociatedTypes U T] - [trait_constr_Impl_2_i0 : TryFrom U T ] : - TryInto.AssociatedTypes T U - where - Error := (TryFrom.Error U T) +-- See [`std::iter::IntoIterator`] +class IntoIterator.AssociatedTypes (Self : Type) where + Item : Type + IntoIter : Type -instance Impl_2 - (T : Type) - (U : Type) - [trait_constr_Impl_2_associated_type_i0 : TryFrom.AssociatedTypes U T] - [trait_constr_Impl_2_i0 : TryFrom U T ] : - TryInto T U - where - try_into := fun (self : T) => do (TryFrom.try_from U T self) +attribute [reducible] IntoIterator.AssociatedTypes.Item -end core_models.convert +attribute [reducible] IntoIterator.AssociatedTypes.IntoIter +abbrev IntoIterator.Item := + IntoIterator.AssociatedTypes.Item -namespace core_models.iter.traits.iterator +abbrev IntoIterator.IntoIter := + IntoIterator.AssociatedTypes.IntoIter -@[reducible] instance Impl_1.AssociatedTypes - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : Iterator.AssociatedTypes I] - [trait_constr_Impl_1_i0 : Iterator I ] : - core_models.iter.traits.collect.IntoIterator.AssociatedTypes I +class IntoIterator (Self : Type) + [associatedTypes : outParam (IntoIterator.AssociatedTypes (Self : Type))] where - IntoIter := I + into_iter (Self) : (Self -> RustM associatedTypes.IntoIter) -instance Impl_1 - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : Iterator.AssociatedTypes I] - [trait_constr_Impl_1_i0 : Iterator I ] : - core_models.iter.traits.collect.IntoIterator I - where - into_iter := fun (self : I) => do (pure self) +end core_models.iter.traits.collect -end core_models.iter.traits.iterator +namespace core_models.ops.arith -namespace core_models.iter.traits.collect +-- See [`std::ops::Add`] +class Add.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -class FromIterator.AssociatedTypes (Self : Type) (A : Type) where +attribute [reducible] Add.AssociatedTypes.Output -class FromIterator (Self : Type) (A : Type) - [associatedTypes : outParam (FromIterator.AssociatedTypes (Self : Type) (A : - Type))] +abbrev Add.Output := + Add.AssociatedTypes.Output + +class Add (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Add.AssociatedTypes (Self : Type) (Rhs : Type))] where - from_iter (Self) (A) - (T : Type) - [trait_constr_from_iter_associated_type_i1 : IntoIterator.AssociatedTypes T] - [trait_constr_from_iter_i1 : IntoIterator T ] : - (T -> RustM Self) + add (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -end core_models.iter.traits.collect +-- See [`std::ops::Sub`] +class Sub.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type +attribute [reducible] Sub.AssociatedTypes.Output -namespace core_models.iter.adapters.enumerate +abbrev Sub.Output := + Sub.AssociatedTypes.Output -@[reducible] instance Impl_1.AssociatedTypes - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Enumerate I) +class Sub (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Sub.AssociatedTypes (Self : Type) (Rhs : Type))] where - Item := (rust_primitives.hax.Tuple2 - usize - (core_models.iter.traits.iterator.Iterator.Item I)) + sub (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -instance Impl_1 - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator (Enumerate I) - where - next := fun (self : (Enumerate I)) => do - let ⟨tmp0, out⟩ ← - (core_models.iter.traits.iterator.Iterator.next I (Enumerate.iter self)); - let self : (Enumerate I) := {self with iter := tmp0}; - let ⟨self, hax_temp_output⟩ ← - match out with - | (core_models.option.Option.Some a) => do - let i : usize := (Enumerate.count self); - let _ ← - (hax_lib.assume - (← (hax_lib.prop.constructors.from_bool - (← ((Enumerate.count self) do - (pure (rust_primitives.hax.Tuple2.mk - self - core_models.option.Option.None)); - (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) +-- See [`std::ops::Mul`] +class Mul.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -end core_models.iter.adapters.enumerate +attribute [reducible] Mul.AssociatedTypes.Output +abbrev Mul.Output := + Mul.AssociatedTypes.Output -namespace core_models.iter.adapters.step_by +class Mul (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Mul.AssociatedTypes (Self : Type) (Rhs : Type))] + where + mul (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -@[instance] opaque Impl_1.AssociatedTypes - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (StepBy I) := - by constructor <;> exact Inhabited.default +-- See [`std::ops::Div`] +class Div.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -@[instance] opaque Impl_1 - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator (StepBy I) := - by constructor <;> exact Inhabited.default +attribute [reducible] Div.AssociatedTypes.Output -end core_models.iter.adapters.step_by +abbrev Div.Output := + Div.AssociatedTypes.Output +class Div (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Div.AssociatedTypes (Self : Type) (Rhs : Type))] + where + div (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -namespace core_models.iter.adapters.map +-- See [`std::ops::Neg`] +class Neg.AssociatedTypes (Self : Type) where + Output : Type -@[reducible] instance Impl_1.AssociatedTypes - (I : Type) - (O : Type) - (F : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i1 : core_models.ops.function.FnOnce - F - (core_models.iter.traits.iterator.Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I) - by infer_instance - with Output := O})] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Map I F) - where - Item := O +attribute [reducible] Neg.AssociatedTypes.Output -instance Impl_1 - (I : Type) - (O : Type) - (F : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i1 : core_models.ops.function.FnOnce - F - (core_models.iter.traits.iterator.Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I) - by infer_instance - with Output := O})] : - core_models.iter.traits.iterator.Iterator (Map I F) +abbrev Neg.Output := + Neg.AssociatedTypes.Output + +class Neg (Self : Type) + [associatedTypes : outParam (Neg.AssociatedTypes (Self : Type))] where - next := fun (self : (Map I F)) => do - let ⟨tmp0, out⟩ ← - (core_models.iter.traits.iterator.Iterator.next I (Map.iter self)); - let self : (Map I F) := {self with iter := tmp0}; - let hax_temp_output : (core_models.option.Option O) ← - match out with - | (core_models.option.Option.Some v) => do - (pure (core_models.option.Option.Some - (← (core_models.ops.function.FnOnce.call_once - F - (core_models.iter.traits.iterator.Iterator.Item I) - (Map.f self) - v)))) - | (core_models.option.Option.None ) => do - (pure core_models.option.Option.None); - (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) + neg (Self) : (Self -> RustM associatedTypes.Output) -end core_models.iter.adapters.map +-- See [`std::ops::Rem`] +class Rem.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type +attribute [reducible] Rem.AssociatedTypes.Output -namespace core_models.iter.adapters.take +abbrev Rem.Output := + Rem.AssociatedTypes.Output -@[reducible] instance Impl_1.AssociatedTypes - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Take I) +class Rem (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Rem.AssociatedTypes (Self : Type) (Rhs : Type))] where - Item := (core_models.iter.traits.iterator.Iterator.Item I) + rem (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -instance Impl_1 - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] : - core_models.iter.traits.iterator.Iterator (Take I) - where - next := fun (self : (Take I)) => do - let ⟨self, hax_temp_output⟩ ← - if (← ((Take.n self) !=? (0 : usize))) then do - let self : (Take I) := - {self with n := (← ((Take.n self) -? (1 : usize)))}; - let ⟨tmp0, out⟩ ← - (core_models.iter.traits.iterator.Iterator.next I (Take.iter self)); - let self : (Take I) := {self with iter := tmp0}; - (pure (rust_primitives.hax.Tuple2.mk self out)) - else do - (pure (rust_primitives.hax.Tuple2.mk - self - core_models.option.Option.None)); - (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) +end core_models.ops.arith -end core_models.iter.adapters.take +namespace core_models.ops.bit -namespace core_models.iter.adapters.flat_map +-- See [`std::ops::Shr`] +class Shr.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -@[spec] -def Impl.new - (I : Type) - (U : Type) - (F : Type) - [trait_constr_new_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_new_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - U] - [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator U ] - [trait_constr_new_associated_type_i2 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_new_i2 : core_models.ops.function.FnOnce - F - (core_models.iter.traits.iterator.Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I) - by infer_instance - with Output := U})] - (it : I) - (f : F) : - RustM (FlatMap I U F) := do - (pure (FlatMap.mk - (it := it) - (f := f) - (current := core_models.option.Option.None))) +attribute [reducible] Shr.AssociatedTypes.Output -@[instance] opaque Impl_1.AssociatedTypes - (I : Type) - (U : Type) - (F : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - U] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator U ] - [trait_constr_Impl_1_associated_type_i2 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i2 : core_models.ops.function.FnOnce - F - (core_models.iter.traits.iterator.Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I) - by infer_instance - with Output := U})] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (FlatMap I U F) := - by constructor <;> exact Inhabited.default +abbrev Shr.Output := + Shr.AssociatedTypes.Output -@[instance] opaque Impl_1 - (I : Type) - (U : Type) - (F : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - U] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator U ] - [trait_constr_Impl_1_associated_type_i2 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i2 : core_models.ops.function.FnOnce - F - (core_models.iter.traits.iterator.Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (core_models.iter.traits.iterator.Iterator.Item I) - by infer_instance - with Output := U})] : - core_models.iter.traits.iterator.Iterator (FlatMap I U F) := - by constructor <;> exact Inhabited.default +class Shr (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Shr.AssociatedTypes (Self : Type) (Rhs : Type))] + where + shr (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -end core_models.iter.adapters.flat_map +-- See [`std::ops::Shl`] +class Shl.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type +attribute [reducible] Shl.AssociatedTypes.Output -namespace core_models.iter.adapters.flatten +abbrev Shl.Output := + Shl.AssociatedTypes.Output -structure Flatten - (I : Type) - [trait_constr_Flatten_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Flatten_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Flatten_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Flatten_i1 : core_models.iter.traits.iterator.Iterator - (core_models.iter.traits.iterator.Iterator.Item I) - ] +class Shl (Self : Type) (Rhs : Type) + [associatedTypes : outParam (Shl.AssociatedTypes (Self : Type) (Rhs : Type))] where - it : I - current : (core_models.option.Option - (core_models.iter.traits.iterator.Iterator.Item I)) + shl (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -end core_models.iter.adapters.flatten +-- See [`std::ops::BitXor`] +class BitXor.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type + +attribute [reducible] BitXor.AssociatedTypes.Output + +abbrev BitXor.Output := + BitXor.AssociatedTypes.Output +class BitXor (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitXor.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + bitxor (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -namespace core_models.iter.traits.iterator +-- See [`std::ops::BitAnd`] +class BitAnd.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -class IteratorMethods.AssociatedTypes (Self : Type) where - [trait_constr_IteratorMethods_i0 : Iterator.AssociatedTypes Self] +attribute [reducible] BitAnd.AssociatedTypes.Output -attribute [instance_reducible, instance] - IteratorMethods.AssociatedTypes.trait_constr_IteratorMethods_i0 +abbrev BitAnd.Output := + BitAnd.AssociatedTypes.Output -class IteratorMethods (Self : Type) - [associatedTypes : outParam (IteratorMethods.AssociatedTypes (Self : Type))] +class BitAnd (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitAnd.AssociatedTypes (Self : Type) (Rhs : + Type))] where - [trait_constr_IteratorMethods_i0 : Iterator Self] - fold (Self) - (B : Type) - (F : Type) - [trait_constr_fold_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (rust_primitives.hax.Tuple2 B (Iterator.Item Self))] - [trait_constr_fold_i1 : core_models.ops.function.FnOnce - F - (rust_primitives.hax.Tuple2 B (Iterator.Item Self)) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (rust_primitives.hax.Tuple2 B (Iterator.Item Self)) - by infer_instance - with Output := B})] : - (Self -> B -> F -> RustM B) - enumerate (Self) : - (Self -> RustM (core_models.iter.adapters.enumerate.Enumerate Self)) - step_by (Self) : - (Self -> usize -> RustM (core_models.iter.adapters.step_by.StepBy Self)) - map (Self) - (O : Type) - (F : Type) - [trait_constr_map_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self)] - [trait_constr_map_i1 : core_models.ops.function.FnOnce - F - (Iterator.Item Self) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self) - by infer_instance - with Output := O})] : - (Self -> F -> RustM (core_models.iter.adapters.map.Map Self F)) - all (Self) - (F : Type) - [trait_constr_all_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self)] - [trait_constr_all_i1 : core_models.ops.function.FnOnce - F - (Iterator.Item Self) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self) - by infer_instance - with Output := Bool})] : - (Self -> F -> RustM Bool) - take (Self) : - (Self -> usize -> RustM (core_models.iter.adapters.take.Take Self)) - flat_map (Self) - (U : Type) - (F : Type) - [trait_constr_flat_map_associated_type_i1 : Iterator.AssociatedTypes U] - [trait_constr_flat_map_i1 : Iterator U ] - [trait_constr_flat_map_associated_type_i2 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self)] - [trait_constr_flat_map_i2 : core_models.ops.function.FnOnce - F - (Iterator.Item Self) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item Self) - by infer_instance - with Output := U})] : - (Self -> F -> RustM (core_models.iter.adapters.flat_map.FlatMap Self U F)) - flatten (Self) - [trait_constr_flatten_associated_type_i1 : Iterator.AssociatedTypes - (Iterator.Item Self)] - [trait_constr_flatten_i1 : Iterator (Iterator.Item Self) ] : - (Self -> RustM (core_models.iter.adapters.flatten.Flatten Self)) - zip (Self) - (I2 : Type) - [trait_constr_zip_associated_type_i1 : Iterator.AssociatedTypes I2] - [trait_constr_zip_i1 : Iterator I2 ] : - (Self -> I2 -> RustM (core_models.iter.adapters.zip.Zip Self I2)) + bitand (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -attribute [instance_reducible, instance] - IteratorMethods.trait_constr_IteratorMethods_i0 +-- See [`std::ops::BitOr`] +class BitOr.AssociatedTypes (Self : Type) (Rhs : Type) where + Output : Type -end core_models.iter.traits.iterator +attribute [reducible] BitOr.AssociatedTypes.Output +abbrev BitOr.Output := + BitOr.AssociatedTypes.Output -namespace core_models.iter.adapters.flatten +class BitOr (Self : Type) (Rhs : Type) + [associatedTypes : outParam (BitOr.AssociatedTypes (Self : Type) (Rhs : + Type))] + where + bitor (Self) (Rhs) : (Self -> Rhs -> RustM associatedTypes.Output) -@[spec] -def Impl.new - (I : Type) - [trait_constr_new_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_new_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator - (core_models.iter.traits.iterator.Iterator.Item I) - ] - (it : I) : - RustM (Flatten I) := do - (pure (Flatten.mk (it := it) (current := core_models.option.Option.None))) +-- See [`std::ops::Not`] +class Not.AssociatedTypes (Self : Type) where + Output : Type -@[instance] opaque Impl_1.AssociatedTypes - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator - (core_models.iter.traits.iterator.Iterator.Item I) - ] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Flatten I) := - by constructor <;> exact Inhabited.default +attribute [reducible] Not.AssociatedTypes.Output -@[instance] opaque Impl_1 - (I : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - (core_models.iter.traits.iterator.Iterator.Item I)] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator - (core_models.iter.traits.iterator.Iterator.Item I) - ] : - core_models.iter.traits.iterator.Iterator (Flatten I) := - by constructor <;> exact Inhabited.default +abbrev Not.Output := + Not.AssociatedTypes.Output -end core_models.iter.adapters.flatten +class Not (Self : Type) + [associatedTypes : outParam (Not.AssociatedTypes (Self : Type))] + where + not (Self) : (Self -> RustM associatedTypes.Output) +end core_models.ops.bit -namespace core_models.iter.adapters.zip -@[spec] -def Impl.new - (I1 : Type) - (I2 : Type) - [trait_constr_new_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I1] - [trait_constr_new_i0 : core_models.iter.traits.iterator.Iterator I1 ] - [trait_constr_new_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I2] - [trait_constr_new_i1 : core_models.iter.traits.iterator.Iterator I2 ] - (it1 : I1) - (it2 : I2) : - RustM (Zip I1 I2) := do - (pure (Zip.mk (it1 := it1) (it2 := it2))) +namespace core_models.ops.index -end core_models.iter.adapters.zip +-- See [`std::ops::Index`] +class Index.AssociatedTypes (Self : Type) (Idx : Type) where + Output : Type +attribute [reducible] Index.AssociatedTypes.Output -namespace core_models.iter.traits.iterator +abbrev Index.Output := + Index.AssociatedTypes.Output -@[reducible] instance Impl.AssociatedTypes - (I : Type) - [trait_constr_Impl_associated_type_i0 : Iterator.AssociatedTypes I] - [trait_constr_Impl_i0 : Iterator I ] : - IteratorMethods.AssociatedTypes I +class Index (Self : Type) (Idx : Type) + [associatedTypes : outParam (Index.AssociatedTypes (Self : Type) (Idx : + Type))] where + index (Self) (Idx) : (Self -> Idx -> RustM associatedTypes.Output) -instance Impl - (I : Type) - [trait_constr_Impl_associated_type_i0 : Iterator.AssociatedTypes I] - [trait_constr_Impl_i0 : Iterator I ] : - IteratorMethods I +end core_models.ops.index + + +namespace core_models.ops.function + +-- See [`std::ops::FnOnce`] +class FnOnce.AssociatedTypes (Self : Type) (Args : Type) where + Output : Type + +attribute [reducible] FnOnce.AssociatedTypes.Output + +abbrev FnOnce.Output := + FnOnce.AssociatedTypes.Output + +class FnOnce (Self : Type) (Args : Type) + [associatedTypes : outParam (FnOnce.AssociatedTypes (Self : Type) (Args : + Type))] where - fold := - fun - (B : Type) - (F : Type) - [trait_constr_fold_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (rust_primitives.hax.Tuple2 B (Iterator.Item I))] - [trait_constr_fold_i1 : core_models.ops.function.FnOnce - F - (rust_primitives.hax.Tuple2 B (Iterator.Item I)) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (rust_primitives.hax.Tuple2 B (Iterator.Item I)) - by infer_instance - with Output := B})] (self : I) (init : B) (f : F) => do - (pure init) - enumerate := fun (self : I) => do - (core_models.iter.adapters.enumerate.Impl.new I self) - step_by := fun (self : I) (step : usize) => do - (core_models.iter.adapters.step_by.Impl.new I self step) - map := - fun - (O : Type) - (F : Type) - [trait_constr_map_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I)] - [trait_constr_map_i1 : core_models.ops.function.FnOnce - F - (Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I) - by infer_instance - with Output := O})] (self : I) (f : F) => do - (core_models.iter.adapters.map.Impl.new I F self f) - all := - fun - (F : Type) - [trait_constr_all_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I)] - [trait_constr_all_i1 : core_models.ops.function.FnOnce - F - (Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I) - by infer_instance - with Output := Bool})] (self : I) (f : F) => do - (pure true) - take := fun (self : I) (n : usize) => do - (core_models.iter.adapters.take.Impl.new I self n) - flat_map := - fun - (U : Type) - (F : Type) - [trait_constr_flat_map_associated_type_i1 : Iterator.AssociatedTypes U] - [trait_constr_flat_map_i1 : Iterator U ] - [trait_constr_flat_map_associated_type_i2 : - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I)] - [trait_constr_flat_map_i2 : core_models.ops.function.FnOnce - F - (Iterator.Item I) - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - (Iterator.Item I) - by infer_instance - with Output := U})] (self : I) (f : F) => do - (core_models.iter.adapters.flat_map.Impl.new I U F self f) - flatten := - fun - [trait_constr_flatten_associated_type_i1 : Iterator.AssociatedTypes - (Iterator.Item I)] - [trait_constr_flatten_i1 : Iterator (Iterator.Item I) ] (self : I) => do - (core_models.iter.adapters.flatten.Impl.new I self) - zip := - fun - (I2 : Type) - [trait_constr_zip_associated_type_i1 : Iterator.AssociatedTypes I2] - [trait_constr_zip_i1 : Iterator I2 ] (self : I) (it2 : I2) => do - (core_models.iter.adapters.zip.Impl.new I I2 self it2) + call_once (Self) (Args) : (Self -> Args -> RustM associatedTypes.Output) -end core_models.iter.traits.iterator +end core_models.ops.function -namespace core_models.iter.adapters.zip +namespace core_models.ops.try_trait -@[instance] opaque Impl_1.AssociatedTypes - (I1 : Type) - (I2 : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I1] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I1 ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I2] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator I2 ] : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Zip I1 I2) := - by constructor <;> exact Inhabited.default +-- See [`std::ops::Try`] +class Try.AssociatedTypes (Self : Type) where + Output : Type + Residual : Type -@[instance] opaque Impl_1 - (I1 : Type) - (I2 : Type) - [trait_constr_Impl_1_associated_type_i0 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I1] - [trait_constr_Impl_1_i0 : core_models.iter.traits.iterator.Iterator I1 ] - [trait_constr_Impl_1_associated_type_i1 : - core_models.iter.traits.iterator.Iterator.AssociatedTypes - I2] - [trait_constr_Impl_1_i1 : core_models.iter.traits.iterator.Iterator I2 ] : - core_models.iter.traits.iterator.Iterator (Zip I1 I2) := - by constructor <;> exact Inhabited.default +attribute [reducible] Try.AssociatedTypes.Output -end core_models.iter.adapters.zip +attribute [reducible] Try.AssociatedTypes.Residual +abbrev Try.Output := + Try.AssociatedTypes.Output -namespace core_models.ops.function +abbrev Try.Residual := + Try.AssociatedTypes.Residual -class Fn.AssociatedTypes (Self : Type) (Args : Type) where - [trait_constr_Fn_i0 : FnOnce.AssociatedTypes Self Args] +class Try (Self : Type) + [associatedTypes : outParam (Try.AssociatedTypes (Self : Type))] + where + from_output (Self) : (associatedTypes.Output -> RustM Self) + branch (Self) : + (Self -> + RustM (core_models.ops.control_flow.ControlFlow + associatedTypes.Residual + associatedTypes.Output)) -attribute [instance_reducible, instance] Fn.AssociatedTypes.trait_constr_Fn_i0 +end core_models.ops.try_trait -class Fn (Self : Type) (Args : Type) - [associatedTypes : outParam (Fn.AssociatedTypes (Self : Type) (Args : Type))] - where - [trait_constr_Fn_i0 : FnOnce Self Args] - call (Self) (Args) : (Self -> Args -> RustM (FnOnce.Output Self Args)) -attribute [instance_reducible, instance] Fn.trait_constr_Fn_i0 +namespace core_models.ops.deref -@[reducible] instance Impl_2.AssociatedTypes (Arg : Type) (Out : Type) : - FnOnce.AssociatedTypes (Arg -> RustM Out) Arg - where - Output := Out +-- See [`std::ops::Deref`] +class Deref.AssociatedTypes (Self : Type) where + Target : Type -instance Impl_2 (Arg : Type) (Out : Type) : FnOnce (Arg -> RustM Out) Arg where - call_once := fun (self : (Arg -> RustM Out)) (arg : Arg) => do (self arg) +attribute [reducible] Deref.AssociatedTypes.Target -@[reducible] instance Impl.AssociatedTypes - (Arg1 : Type) - (Arg2 : Type) - (Out : Type) : - FnOnce.AssociatedTypes - (Arg1 -> Arg2 -> RustM Out) - (rust_primitives.hax.Tuple2 Arg1 Arg2) - where - Output := Out +abbrev Deref.Target := + Deref.AssociatedTypes.Target -instance Impl (Arg1 : Type) (Arg2 : Type) (Out : Type) : - FnOnce (Arg1 -> Arg2 -> RustM Out) (rust_primitives.hax.Tuple2 Arg1 Arg2) +class Deref (Self : Type) + [associatedTypes : outParam (Deref.AssociatedTypes (Self : Type))] where - call_once := - fun - (self : (Arg1 -> Arg2 -> RustM Out)) - (arg : (rust_primitives.hax.Tuple2 Arg1 Arg2)) => do - (self - (rust_primitives.hax.Tuple2._0 arg) - (rust_primitives.hax.Tuple2._1 arg)) + deref (Self) : (Self -> RustM associatedTypes.Target) -@[reducible] instance Impl_1.AssociatedTypes - (Arg1 : Type) - (Arg2 : Type) - (Arg3 : Type) - (Out : Type) : - FnOnce.AssociatedTypes - (Arg1 -> Arg2 -> Arg3 -> RustM Out) - (rust_primitives.hax.Tuple3 Arg1 Arg2 Arg3) - where - Output := Out - -instance Impl_1 (Arg1 : Type) (Arg2 : Type) (Arg3 : Type) (Out : Type) : - FnOnce - (Arg1 -> Arg2 -> Arg3 -> RustM Out) - (rust_primitives.hax.Tuple3 Arg1 Arg2 Arg3) - where - call_once := - fun - (self : (Arg1 -> Arg2 -> Arg3 -> RustM Out)) - (arg : (rust_primitives.hax.Tuple3 Arg1 Arg2 Arg3)) => do - (self - (rust_primitives.hax.Tuple3._0 arg) - (rust_primitives.hax.Tuple3._1 arg) - (rust_primitives.hax.Tuple3._2 arg)) +end core_models.ops.deref -end core_models.ops.function +namespace core_models.slice.index -namespace core_models.ops.deref +-- See [`std::slice::SliceIndex`]. We model the safe methods only; +-- `get_unchecked`/`get_unchecked_mut` would require raw-pointer +-- machinery and `*const`/`*mut` semantics we don\'t have. The +-- `&mut`-flavored `get_mut`/`index_mut` are also omitted — they +-- need a back-edge tuple shape and aren\'t required by anything +-- downstream Aeneas extraction emits in our test crate yet. +class SliceIndex.AssociatedTypes (Self : Type) (T : Type) where + Output : Type -@[reducible] instance Impl.AssociatedTypes (T : Type) : - Deref.AssociatedTypes T - where - Target := T +attribute [reducible] SliceIndex.AssociatedTypes.Output -instance Impl (T : Type) : Deref T where - deref := fun (self : T) => do (pure self) +abbrev SliceIndex.Output := + SliceIndex.AssociatedTypes.Output -end core_models.ops.deref +class SliceIndex (Self : Type) (T : Type) + [associatedTypes : outParam (SliceIndex.AssociatedTypes (Self : Type) (T : + Type))] + where + get (Self) (T) : + (Self -> T -> RustM (core_models.option.Option associatedTypes.Output)) + index (Self) (T) : (Self -> T -> RustM associatedTypes.Output) +end core_models.slice.index -namespace core_models.option -@[spec] -def Impl.is_some_and - (T : Type) - (F : Type) - [trait_constr_is_some_and_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_is_some_and_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := Bool})] - (self : (Option T)) - (f : F) : - RustM Bool := do - match self with - | (Option.None ) => do (pure false) - | (Option.Some x) => do (core_models.ops.function.FnOnce.call_once F T f x) +namespace core_models.str.traits -@[spec] -def Impl.is_none_or - (T : Type) - (F : Type) - [trait_constr_is_none_or_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_is_none_or_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := Bool})] - (self : (Option T)) - (f : F) : - RustM Bool := do - match self with - | (Option.None ) => do (pure true) - | (Option.Some x) => do (core_models.ops.function.FnOnce.call_once F T f x) +class FromStr.AssociatedTypes (Self : Type) where + Err : Type -@[spec] -def Impl.unwrap_or_else - (T : Type) - (F : Type) - [trait_constr_unwrap_or_else_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - rust_primitives.hax.Tuple0] - [trait_constr_unwrap_or_else_i0 : core_models.ops.function.FnOnce - F - rust_primitives.hax.Tuple0 - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - rust_primitives.hax.Tuple0 - by infer_instance - with Output := T})] - (self : (Option T)) - (f : F) : - RustM T := do - match self with - | (Option.Some x) => do (pure x) - | (Option.None ) => do - (core_models.ops.function.FnOnce.call_once - F - rust_primitives.hax.Tuple0 f rust_primitives.hax.Tuple0.mk) +attribute [reducible] FromStr.AssociatedTypes.Err -@[spec] -def Impl.map - (T : Type) - (U : Type) - (F : Type) - [trait_constr_map_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - (self : (Option T)) - (f : F) : - RustM (Option U) := do - match self with - | (Option.Some x) => do - (pure (Option.Some - (← (core_models.ops.function.FnOnce.call_once F T f x)))) - | (Option.None ) => do (pure Option.None) +abbrev FromStr.Err := + FromStr.AssociatedTypes.Err -@[spec] -def Impl.map_or - (T : Type) - (U : Type) - (F : Type) - [trait_constr_map_or_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_or_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - (self : (Option T)) - (default : U) - (f : F) : - RustM U := do - match self with - | (Option.Some t) => do (core_models.ops.function.FnOnce.call_once F T f t) - | (Option.None ) => do (pure default) +class FromStr (Self : Type) + [associatedTypes : outParam (FromStr.AssociatedTypes (Self : Type))] + where + from_str (Self) : + (String -> RustM (core_models.result.Result Self associatedTypes.Err)) -@[spec] -def Impl.map_or_else - (T : Type) - (U : Type) - (D : Type) - (F : Type) - [trait_constr_map_or_else_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_or_else_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - [trait_constr_map_or_else_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - D - rust_primitives.hax.Tuple0] - [trait_constr_map_or_else_i1 : core_models.ops.function.FnOnce - D - rust_primitives.hax.Tuple0 - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - D - rust_primitives.hax.Tuple0 - by infer_instance - with Output := U})] - (self : (Option T)) - (default : D) - (f : F) : - RustM U := do - match self with - | (Option.Some t) => do (core_models.ops.function.FnOnce.call_once F T f t) - | (Option.None ) => do - (core_models.ops.function.FnOnce.call_once - D - rust_primitives.hax.Tuple0 default rust_primitives.hax.Tuple0.mk) +end core_models.str.traits -@[spec] -def Impl.map_or_default - (T : Type) - (U : Type) - (F : Type) - [trait_constr_map_or_default_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_or_default_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - [trait_constr_map_or_default_associated_type_i1 : - core_models.default.Default.AssociatedTypes - U] - [trait_constr_map_or_default_i1 : core_models.default.Default U ] - (self : (Option T)) - (f : F) : - RustM U := do - match self with - | (Option.Some t) => do (core_models.ops.function.FnOnce.call_once F T f t) - | (Option.None ) => do - (core_models.default.Default.default U rust_primitives.hax.Tuple0.mk) -@[spec] -def Impl.ok_or_else - (T : Type) - (E : Type) - (F : Type) - [trait_constr_ok_or_else_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - rust_primitives.hax.Tuple0] - [trait_constr_ok_or_else_i0 : core_models.ops.function.FnOnce - F - rust_primitives.hax.Tuple0 - (associatedTypes := { - show - core_models.ops.function.FnOnce.AssociatedTypes - F - rust_primitives.hax.Tuple0 - by infer_instance - with Output := E})] - (self : (Option T)) - (err : F) : - RustM (core_models.result.Result T E) := do - match self with - | (Option.Some v) => do (pure (core_models.result.Result.Ok v)) - | (Option.None ) => do - (pure (core_models.result.Result.Err - (← (core_models.ops.function.FnOnce.call_once - F - rust_primitives.hax.Tuple0 err rust_primitives.hax.Tuple0.mk)))) +namespace core_models.convert -@[spec] -def Impl.and_then - (T : Type) - (U : Type) - (F : Type) - [trait_constr_and_then_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_and_then_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := (Option U)})] - (self : (Option T)) - (f : F) : - RustM (Option U) := do - match self with - | (Option.Some x) => do (core_models.ops.function.FnOnce.call_once F T f x) - | (Option.None ) => do (pure Option.None) +@[reducible] instance Impl_1.AssociatedTypes + (T : Type) + (U : Type) + [trait_constr_Impl_1_associated_type_i0 : From.AssociatedTypes U T] + [trait_constr_Impl_1_i0 : From U T ] : + TryFrom.AssociatedTypes U T + where + Error := Infallible -end core_models.option +instance Impl_1 + (T : Type) + (U : Type) + [trait_constr_Impl_1_associated_type_i0 : From.AssociatedTypes U T] + [trait_constr_Impl_1_i0 : From U T ] : + TryFrom U T + where + try_from := fun (x : T) => do + (pure (core_models.result.Result.Ok (← (From._from U T x)))) +@[reducible] instance Impl_2.AssociatedTypes + (T : Type) + (U : Type) + [trait_constr_Impl_2_associated_type_i0 : TryFrom.AssociatedTypes U T] + [trait_constr_Impl_2_i0 : TryFrom U T ] : + TryInto.AssociatedTypes T U + where + Error := (TryFrom.Error U T) -namespace core_models.result +instance Impl_2 + (T : Type) + (U : Type) + [trait_constr_Impl_2_associated_type_i0 : TryFrom.AssociatedTypes U T] + [trait_constr_Impl_2_i0 : TryFrom U T ] : + TryInto T U + where + try_into := fun (self : T) => do (TryFrom.try_from U T self) -@[spec] -def Impl.map - (T : Type) - (E : Type) - (U : Type) - (F : Type) - [trait_constr_map_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - (self : (Result T E)) - (op : F) : - RustM (Result U E) := do - match self with - | (Result.Ok t) => do - (pure (Result.Ok - (← (core_models.ops.function.FnOnce.call_once F T op t)))) - | (Result.Err e) => do (pure (Result.Err e)) +end core_models.convert -@[spec] -def Impl.map_or - (T : Type) - (E : Type) - (U : Type) - (F : Type) - [trait_constr_map_or_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_or_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - (self : (Result T E)) - (default : U) - (f : F) : - RustM U := do - match self with - | (Result.Ok t) => do (core_models.ops.function.FnOnce.call_once F T f t) - | (Result.Err _e) => do (pure default) -@[spec] -def Impl.map_or_else - (T : Type) - (E : Type) - (U : Type) - (D : Type) - (F : Type) - [trait_constr_map_or_else_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_map_or_else_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := U})] - [trait_constr_map_or_else_associated_type_i1 : - core_models.ops.function.FnOnce.AssociatedTypes - D - E] - [trait_constr_map_or_else_i1 : core_models.ops.function.FnOnce - D - E - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes D E - by infer_instance - with Output := U})] - (self : (Result T E)) - (default : D) - (f : F) : - RustM U := do - match self with - | (Result.Ok t) => do (core_models.ops.function.FnOnce.call_once F T f t) - | (Result.Err e) => do - (core_models.ops.function.FnOnce.call_once D E default e) +namespace core_models.iter.traits.collect -@[spec] -def Impl.map_err - (T : Type) - (E : Type) - (F : Type) - (O : Type) - [trait_constr_map_err_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - O - E] - [trait_constr_map_err_i0 : core_models.ops.function.FnOnce - O - E - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes O E - by infer_instance - with Output := F})] - (self : (Result T E)) - (op : O) : - RustM (Result T F) := do - match self with - | (Result.Ok t) => do (pure (Result.Ok t)) - | (Result.Err e) => do - (pure (Result.Err - (← (core_models.ops.function.FnOnce.call_once O E op e)))) +-- See [`std::iter::FromIterator`] +class FromIterator.AssociatedTypes (Self : Type) (A : Type) where -@[spec] -def Impl.and_then +class FromIterator (Self : Type) (A : Type) + [associatedTypes : outParam (FromIterator.AssociatedTypes (Self : Type) (A : + Type))] + where + from_iter (Self) (A) (T : Type) - (E : Type) - (U : Type) - (F : Type) - [trait_constr_and_then_associated_type_i0 : - core_models.ops.function.FnOnce.AssociatedTypes - F - T] - [trait_constr_and_then_i0 : core_models.ops.function.FnOnce - F - T - (associatedTypes := { - show core_models.ops.function.FnOnce.AssociatedTypes F T - by infer_instance - with Output := (Result U E)})] - (self : (Result T E)) - (op : F) : - RustM (Result U E) := do - match self with - | (Result.Ok t) => do (core_models.ops.function.FnOnce.call_once F T op t) - | (Result.Err e) => do (pure (Result.Err e)) + [trait_constr_from_iter_associated_type_i1 : IntoIterator.AssociatedTypes T] + [trait_constr_from_iter_i1 : IntoIterator T ] : + (T -> RustM Self) -end core_models.result +end core_models.iter.traits.collect -namespace core_models.slice.iter +namespace core_models.ops.function -@[reducible] instance Impl_2.AssociatedTypes (T : Type) : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Iter T) - where - Item := T +-- See [`std::ops::Fn`] +class FnMut.AssociatedTypes (Self : Type) (Args : Type) where + [trait_constr_FnMut_i0 : FnOnce.AssociatedTypes Self Args] -instance Impl_2 (T : Type) : - core_models.iter.traits.iterator.Iterator (Iter T) - where - next := fun (self : (Iter T)) => do - let ⟨self, hax_temp_output⟩ ← - if - (← ((← (rust_primitives.sequence.seq_len T (Iter._0 self))) - ==? (0 : usize))) then do - (pure (rust_primitives.hax.Tuple2.mk - self - core_models.option.Option.None)) - else do - let res : T ← (rust_primitives.sequence.seq_first T (Iter._0 self)); - let self : (Iter T) := - {self - with _0 := (← (rust_primitives.sequence.seq_slice T - (Iter._0 self) - (1 : usize) - (← (rust_primitives.sequence.seq_len T (Iter._0 self)))))}; - (pure (rust_primitives.hax.Tuple2.mk - self - (core_models.option.Option.Some res))); - (pure (rust_primitives.hax.Tuple2.mk self hax_temp_output)) +attribute [instance_reducible, instance] + FnMut.AssociatedTypes.trait_constr_FnMut_i0 -@[reducible] instance Impl_3.AssociatedTypes (T : Type) : - core_models.iter.traits.iterator.Iterator.AssociatedTypes (Chunks T) +class FnMut (Self : Type) (Args : Type) + [associatedTypes : outParam (FnMut.AssociatedTypes (Self : Type) (Args : + Type))] where - Item := (RustSlice T) + [trait_constr_FnMut_i0 : FnOnce Self Args] + call_mut (Self) (Args) : (Self -> Args -> RustM (FnOnce.Output Self Args)) -instance Impl_3 (T : Type) : - core_models.iter.traits.iterator.Iterator (Chunks T) - where - next := fun (self : (Chunks T)) => do - let ⟨self, hax_temp_output⟩ ← - if - (← ((← (rust_primitives.slice.slice_length T (Chunks.elements self))) - ==? (0 : usize))) then do - (pure (rust_primitives.hax.Tuple2.mk - self - core_models.option.Option.None)) - else do - if - (← ((← (rust_primitives.slice.slice_length T (Chunks.elements self))) - Args -> RustM (FnOnce.Output Self Args)) -instance Impl_4 (T : Type) : - core_models.iter.traits.iterator.Iterator (ChunksExact T) +attribute [instance_reducible, instance] Fn.trait_constr_Fn_i0 + +end core_models.ops.function + + +namespace core_models.ops.deref + +@[reducible] instance Impl.AssociatedTypes (T : Type) : + Deref.AssociatedTypes T where - next := fun (self : (ChunksExact T)) => do - let ⟨self, hax_temp_output⟩ ← - if - (← ((← (rust_primitives.slice.slice_length T (ChunksExact.elements self))) - do (pure self) + +end core_models.ops.deref namespace core_models.slice +-- See [`std::slice::get`] @[spec] def Impl.get (T : Type) (I : Type) - [trait_constr_get_associated_type_i0 : SliceIndex.AssociatedTypes + [trait_constr_get_associated_type_i0 : + core_models.slice.index.SliceIndex.AssociatedTypes I (RustSlice T)] - [trait_constr_get_i0 : SliceIndex I (RustSlice T) ] + [trait_constr_get_i0 : core_models.slice.index.SliceIndex I (RustSlice T) ] (s : (RustSlice T)) (index : I) : - RustM (core_models.option.Option (SliceIndex.Output I (RustSlice T))) := do - (SliceIndex.get I (RustSlice T) index s) + RustM + (core_models.option.Option + (core_models.slice.index.SliceIndex.Output I (RustSlice T))) + := do + (core_models.slice.index.SliceIndex.get I (RustSlice T) index s) end core_models.slice diff --git a/hax-lib/std/Cargo.lock b/hax-lib/std/Cargo.lock new file mode 100644 index 000000000..252d41e1c --- /dev/null +++ b/hax-lib/std/Cargo.lock @@ -0,0 +1,615 @@ +# This file is automatically @generated by Cargo. +# It is not intended for manual editing. +version = 4 + +[[package]] +name = "anyhow" +version = "1.0.102" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c" + +[[package]] +name = "autocfg" +version = "1.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8" + +[[package]] +name = "bitflags" +version = "2.11.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3" + +[[package]] +name = "bumpalo" +version = "3.20.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb" + +[[package]] +name = "cfg-if" +version = "1.0.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801" + +[[package]] +name = "core-models" +version = "0.1.0" +dependencies = [ + "hax-lib 0.3.6 (git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4)", + "pastey 0.2.2", + "rust_primitives", +] + +[[package]] +name = "equivalent" +version = "1.0.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f" + +[[package]] +name = "foldhash" +version = "0.1.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2" + +[[package]] +name = "getrandom" +version = "0.4.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555" +dependencies = [ + "cfg-if", + "libc", + "r-efi", + "wasip2", + "wasip3", +] + +[[package]] +name = "hashbrown" +version = "0.15.5" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1" +dependencies = [ + "foldhash", +] + +[[package]] +name = "hashbrown" +version = "0.17.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51" + +[[package]] +name = "hax-lib" +version = "0.3.6" +dependencies = [ + "hax-lib-macros 0.3.6", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib" +version = "0.3.6" +source = "git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4#492a34e33c8744b9672eb3cf1c982ac40469f7d4" +dependencies = [ + "hax-lib-macros 0.3.6 (git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4)", + "num-bigint", + "num-traits", +] + +[[package]] +name = "hax-lib-macros" +version = "0.3.6" +dependencies = [ + "hax-lib-macros-types 0.3.6", + "proc-macro-error2", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "hax-lib-macros" +version = "0.3.6" +source = "git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4#492a34e33c8744b9672eb3cf1c982ac40469f7d4" +dependencies = [ + "hax-lib-macros-types 0.3.6 (git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4)", + "proc-macro-error2", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.3.6" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "hax-lib-macros-types" +version = "0.3.6" +source = "git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4#492a34e33c8744b9672eb3cf1c982ac40469f7d4" +dependencies = [ + "proc-macro2", + "quote", + "serde", + "serde_json", + "uuid", +] + +[[package]] +name = "heck" +version = "0.5.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea" + +[[package]] +name = "id-arena" +version = "2.3.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954" + +[[package]] +name = "indexmap" +version = "2.14.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9" +dependencies = [ + "equivalent", + "hashbrown 0.17.0", + "serde", + "serde_core", +] + +[[package]] +name = "itoa" +version = "1.0.18" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682" + +[[package]] +name = "js-sys" +version = "0.3.95" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca" +dependencies = [ + "once_cell", + "wasm-bindgen", +] + +[[package]] +name = "leb128fmt" +version = "0.1.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2" + +[[package]] +name = "libc" +version = "0.2.186" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "68ab91017fe16c622486840e4c83c9a37afeff978bd239b5293d61ece587de66" + +[[package]] +name = "log" +version = "0.4.29" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897" + +[[package]] +name = "memchr" +version = "2.8.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79" + +[[package]] +name = "num-bigint" +version = "0.4.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9" +dependencies = [ + "num-integer", + "num-traits", +] + +[[package]] +name = "num-integer" +version = "0.1.46" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f" +dependencies = [ + "num-traits", +] + +[[package]] +name = "num-traits" +version = "0.2.19" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841" +dependencies = [ + "autocfg", +] + +[[package]] +name = "once_cell" +version = "1.21.4" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50" + +[[package]] +name = "pastey" +version = "0.1.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "35fb2e5f958ec131621fdd531e9fc186ed768cbe395337403ae56c17a74c68ec" + +[[package]] +name = "pastey" +version = "0.2.2" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "c5a797f0e07bdf071d15742978fc3128ec6c22891c31a3a931513263904c982a" + +[[package]] +name = "prettyplease" +version = "0.2.37" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b" +dependencies = [ + "proc-macro2", + "syn", +] + +[[package]] +name = "proc-macro-error-attr2" +version = "2.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5" +dependencies = [ + "proc-macro2", + "quote", +] + +[[package]] +name = "proc-macro-error2" +version = "2.0.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802" +dependencies = [ + "proc-macro-error-attr2", + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "proc-macro2" +version = "1.0.106" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "quote" +version = "1.0.45" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924" +dependencies = [ + "proc-macro2", +] + +[[package]] +name = "r-efi" +version = "6.0.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf" + +[[package]] +name = "rust_primitives" +version = "0.1.0" +dependencies = [ + "hax-lib 0.3.6 (git+https://github.com/cryspen/hax?rev=492a34e33c8744b9672eb3cf1c982ac40469f7d4)", + "pastey 0.1.1", +] + +[[package]] +name = "rustversion" +version = "1.0.22" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d" + +[[package]] +name = "semver" +version = "1.0.28" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd" + +[[package]] +name = "serde" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e" +dependencies = [ + "serde_core", + "serde_derive", +] + +[[package]] +name = "serde_core" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad" +dependencies = [ + "serde_derive", +] + +[[package]] +name = "serde_derive" +version = "1.0.228" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79" +dependencies = [ + "proc-macro2", + "quote", + "syn", +] + +[[package]] +name = "serde_json" +version = "1.0.149" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86" +dependencies = [ + "itoa", + "memchr", + "serde", + "serde_core", + "zmij", +] + +[[package]] +name = "std" +version = "0.1.0" +dependencies = [ + "core-models", + "hax-lib 0.3.6", +] + +[[package]] +name = "syn" +version = "2.0.117" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99" +dependencies = [ + "proc-macro2", + "quote", + "unicode-ident", +] + +[[package]] +name = "unicode-ident" +version = "1.0.24" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75" + +[[package]] +name = "unicode-xid" +version = "0.2.6" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853" + +[[package]] +name = "uuid" +version = "1.23.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76" +dependencies = [ + "getrandom", + "js-sys", + "wasm-bindgen", +] + +[[package]] +name = "wasip2" +version = "1.0.3+wasi-0.2.9" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6" +dependencies = [ + "wit-bindgen 0.57.1", +] + +[[package]] +name = "wasip3" +version = "0.4.0+wasi-0.3.0-rc-2026-01-06" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5" +dependencies = [ + "wit-bindgen 0.51.0", +] + +[[package]] +name = "wasm-bindgen" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89" +dependencies = [ + "cfg-if", + "once_cell", + "rustversion", + "wasm-bindgen-macro", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-macro" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed" +dependencies = [ + "quote", + "wasm-bindgen-macro-support", +] + +[[package]] +name = "wasm-bindgen-macro-support" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904" +dependencies = [ + "bumpalo", + "proc-macro2", + "quote", + "syn", + "wasm-bindgen-shared", +] + +[[package]] +name = "wasm-bindgen-shared" +version = "0.2.118" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129" +dependencies = [ + "unicode-ident", +] + +[[package]] +name = "wasm-encoder" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319" +dependencies = [ + "leb128fmt", + "wasmparser", +] + +[[package]] +name = "wasm-metadata" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909" +dependencies = [ + "anyhow", + "indexmap", + "wasm-encoder", + "wasmparser", +] + +[[package]] +name = "wasmparser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe" +dependencies = [ + "bitflags", + "hashbrown 0.15.5", + "indexmap", + "semver", +] + +[[package]] +name = "wit-bindgen" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5" +dependencies = [ + "wit-bindgen-rust-macro", +] + +[[package]] +name = "wit-bindgen" +version = "0.57.1" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e" + +[[package]] +name = "wit-bindgen-core" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc" +dependencies = [ + "anyhow", + "heck", + "wit-parser", +] + +[[package]] +name = "wit-bindgen-rust" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21" +dependencies = [ + "anyhow", + "heck", + "indexmap", + "prettyplease", + "syn", + "wasm-metadata", + "wit-bindgen-core", + "wit-component", +] + +[[package]] +name = "wit-bindgen-rust-macro" +version = "0.51.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a" +dependencies = [ + "anyhow", + "prettyplease", + "proc-macro2", + "quote", + "syn", + "wit-bindgen-core", + "wit-bindgen-rust", +] + +[[package]] +name = "wit-component" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2" +dependencies = [ + "anyhow", + "bitflags", + "indexmap", + "log", + "serde", + "serde_derive", + "serde_json", + "wasm-encoder", + "wasm-metadata", + "wasmparser", + "wit-parser", +] + +[[package]] +name = "wit-parser" +version = "0.244.0" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736" +dependencies = [ + "anyhow", + "id-arena", + "indexmap", + "log", + "semver", + "serde", + "serde_derive", + "serde_json", + "unicode-xid", + "wasmparser", +] + +[[package]] +name = "zmij" +version = "1.0.21" +source = "registry+https://github.com/rust-lang/crates.io-index" +checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa" diff --git a/hax-lib/std/Cargo.toml b/hax-lib/std/Cargo.toml new file mode 100644 index 000000000..4991a04da --- /dev/null +++ b/hax-lib/std/Cargo.toml @@ -0,0 +1,11 @@ +[package] +name = "std" +version = "0.1.0" +edition = "2024" + +[dependencies] +hax-lib = { path = ".." } +core-models = { path = "../core-models/core-models" } + +# Workaround for https://github.com/rust-lang/cargo/issues/6745 +[workspace] diff --git a/hax-lib/core-models/std/src/lib.rs b/hax-lib/std/src/lib.rs similarity index 100% rename from hax-lib/core-models/std/src/lib.rs rename to hax-lib/std/src/lib.rs