creusot_std/std/iter/
empty.rs1use crate::{
2 prelude::*,
3 std::iter::{Empty, ExactSizeIteratorSpec},
4};
5
6impl<T> IteratorSpec for Empty<T> {
7 #[logic(open, prophetic)]
8 fn completed(&mut self) -> bool {
9 resolve(self)
10 }
11
12 #[logic(open)]
13 fn produces(self, visited: Seq<T>, o: Self) -> bool {
14 pearlite! { visited == Seq::empty() && self == o }
15 }
16
17 #[logic(law)]
18 #[ensures(self.produces(Seq::empty(), self))]
19 fn produces_refl(self) {}
20
21 #[logic(law)]
22 #[requires(a.produces(ab, b))]
23 #[requires(b.produces(bc, c))]
24 #[ensures(a.produces(ab.concat(bc), c))]
25 fn produces_trans(a: Self, ab: Seq<T>, b: Self, bc: Seq<T>, c: Self) {
26 proof_assert!(Seq::<T>::empty().concat(Seq::empty()) == Seq::empty())
27 }
28}
29
30extern_spec! {
31 impl<T> Iterator for Empty<T> {
32 #[check(ghost)]
33 #[ensures(result == None && self.completed())]
34 fn next(&mut self) -> Option<T>;
35
36 #[check(ghost)]
37 #[ensures(result == (0usize, Some(0usize)))]
38 fn size_hint(&self) -> (usize, Option<usize>);
39 }
40}
41
42impl<T> ExactSizeIteratorSpec for Empty<T> {
43 #[logic(law)]
44 #[requires(Self::size_hint.postcondition((self,), r))]
45 #[ensures(r.1 == Some(r.0))]
46 #[allow(unused_variables)]
47 fn size_hint_exact(&self, r: (usize, Option<usize>)) {}
48}