creusot_std/std/iter/
take.rs

1#[cfg(creusot)]
2use crate::resolve::structural_resolve;
3use crate::{invariant::*, prelude::*, std::iter::ExactSizeIteratorSpec};
4use core::iter::Take;
5
6pub trait TakeExt<I> {
7    #[logic]
8    fn iter(self) -> I;
9
10    #[logic]
11    fn iter_mut(&mut self) -> &mut I;
12
13    #[logic]
14    fn n(self) -> usize;
15}
16
17impl<I> TakeExt<I> for Take<I> {
18    #[logic(opaque)]
19    fn iter(self) -> I {
20        dead
21    }
22
23    #[trusted]
24    #[logic(opaque)]
25    #[ensures((*self).iter() == *result && (^self).iter() == ^result)]
26    fn iter_mut(&mut self) -> &mut I {
27        dead
28    }
29
30    #[logic(opaque)]
31    fn n(self) -> usize {
32        dead
33    }
34}
35
36impl<I: Iterator> Invariant for Take<I> {
37    #[logic(prophetic, open, inline)]
38    fn invariant(self) -> bool {
39        inv(self.iter())
40    }
41}
42
43impl<I> Resolve for Take<I> {
44    #[logic(open, prophetic, inline)]
45    fn resolve(self) -> bool {
46        resolve(self.iter())
47    }
48
49    #[trusted]
50    #[logic(prophetic)]
51    #[requires(structural_resolve(self))]
52    #[ensures(self.resolve())]
53    fn resolve_coherence(self) {}
54}
55
56impl<I: IteratorSpec> IteratorSpec for Take<I> {
57    #[logic(open, prophetic)]
58    fn completed(&mut self) -> bool {
59        pearlite! {
60            self.n()@ == 0 && resolve(self) ||
61            (*self).n()@ > 0 && (*self).n()@ == (^self).n()@ + 1 && self.iter_mut().completed()
62        }
63    }
64
65    #[logic(open, prophetic)]
66    fn produces(self, visited: Seq<Self::Item>, o: Self) -> bool {
67        pearlite! {
68            self.n()@ == o.n()@ + visited.len() && self.iter().produces(visited, o.iter())
69        }
70    }
71
72    #[logic(law)]
73    #[ensures(self.produces(Seq::empty(), self))]
74    fn produces_refl(self) {}
75
76    #[logic(law)]
77    #[requires(a.produces(ab, b))]
78    #[requires(b.produces(bc, c))]
79    #[ensures(a.produces(ab.concat(bc), c))]
80    fn produces_trans(a: Self, ab: Seq<Self::Item>, b: Self, bc: Seq<Self::Item>, c: Self) {}
81}
82
83extern_spec! {
84    impl<I: Iterator> Iterator for Take<I> {
85        #[ensures(self.n() > 0usize ==> exists<r>
86            I::size_hint.postcondition((&self.iter(),), r) &&
87            (r.0 <= self.n() ==> result.0 == r.0) &&
88            (r.0 >= self.n() ==> result.0 == self.n()) &&
89            match r.1 {
90                Some(ub) =>
91                    (ub <= self.n() ==> result.1 == Some(ub)) &&
92                    (ub >= self.n() ==> result.1 == Some(self.n())),
93                None => result.1 == Some(self.n()),
94            }
95        )]
96        #[ensures(self.n() == 0usize ==> result == (0usize, Some(0usize)))]
97        fn size_hint(&self) -> (usize, Option<usize>);
98    }
99}
100
101impl<I: ExactSizeIteratorSpec> ExactSizeIteratorSpec for Take<I> {
102    #[logic(law)]
103    #[requires(Self::size_hint.postcondition((self,), r))]
104    #[ensures(r.1 == Some(r.0))]
105    #[allow(unused_variables)]
106    fn size_hint_exact(&self, r: (usize, Option<usize>)) {
107        let _ = I::size_hint_exact;
108    }
109}
creusot_std/std/iter/take.rs

creusot_std/std/iter/
take.rs
