creusot_std/std/iter/
empty.rs1use crate::{prelude::*, std::iter::Empty};
2
3impl<T> IteratorSpec for Empty<T> {
4 #[logic(open, prophetic)]
5 fn completed(&mut self) -> bool {
6 resolve(self)
7 }
8
9 #[logic(open)]
10 fn produces(self, visited: Seq<T>, o: Self) -> bool {
11 pearlite! { visited == Seq::empty() && self == o }
12 }
13
14 #[logic(law)]
15 #[ensures(self.produces(Seq::empty(), self))]
16 fn produces_refl(self) {}
17
18 #[logic(law)]
19 #[requires(a.produces(ab, b))]
20 #[requires(b.produces(bc, c))]
21 #[ensures(a.produces(ab.concat(bc), c))]
22 fn produces_trans(a: Self, ab: Seq<T>, b: Self, bc: Seq<T>, c: Self) {
23 proof_assert!(Seq::<T>::empty().concat(Seq::empty()) == Seq::empty())
24 }
25}
26
27extern_spec! {
28 impl<T> Iterator for Empty<T> {
29 #[check(ghost)]
30 #[ensures(result == None && self.completed())]
31 fn next(&mut self) -> Option<T>;
32 }
33}