creusot_contracts/std/iter/
skip.rs1#[cfg(creusot)]
2use crate::resolve::structural_resolve;
3use crate::{std::iter::Skip, *};
4
5pub trait SkipExt<I> {
6 #[logic]
7 fn iter(self) -> I;
8
9 #[logic]
10 fn n(self) -> Int;
11}
12
13impl<I> SkipExt<I> for Skip<I> {
14 #[trusted]
15 #[logic(opaque)]
16 #[ensures(inv(self) ==> inv(result))]
17 fn iter(self) -> I {
18 dead
19 }
20
21 #[trusted]
22 #[logic(opaque)]
23 #[ensures(result >= 0 && result <= usize::MAX@)]
24 fn n(self) -> Int {
25 dead
26 }
27}
28
29impl<I> Resolve for Skip<I> {
30 #[logic(open, prophetic, inline)]
31 fn resolve(self) -> bool {
32 resolve(self.iter())
33 }
34
35 #[trusted]
36 #[logic(prophetic)]
37 #[requires(structural_resolve(self))]
38 #[ensures(self.resolve())]
39 fn resolve_coherence(self) {}
40}
41
42impl<I: Iterator> Iterator for Skip<I> {
43 #[logic(open, prophetic)]
44 fn completed(&mut self) -> bool {
45 pearlite! {
46 (^self).n() == 0 &&
47 exists<s: Seq<Self::Item>, i: &mut I>
48 s.len() <= (*self).n()
49 && self.iter().produces(s, *i)
50 && (forall<i> 0 <= i && i < s.len() ==> resolve(s[i]))
51 && i.completed()
52 && ^i == (^self).iter()
53 }
54 }
55
56 #[logic(open, prophetic)]
57 fn produces(self, visited: Seq<Self::Item>, o: Self) -> bool {
58 pearlite! {
59 visited == Seq::empty() && self == o ||
60 o.n() == 0 && visited.len() > 0 &&
61 exists<s: Seq<Self::Item>>
62 s.len() == self.n()
63 && self.iter().produces(s.concat(visited), o.iter())
64 && forall<i> 0 <= i && i < s.len() ==> resolve(s[i])
65 }
66 }
67
68 #[logic(law)]
69 #[ensures(self.produces(Seq::empty(), self))]
70 fn produces_refl(self) {}
71
72 #[logic(law)]
73 #[requires(a.produces(ab, b))]
74 #[requires(b.produces(bc, c))]
75 #[ensures(a.produces(ab.concat(bc), c))]
76 fn produces_trans(a: Self, ab: Seq<Self::Item>, b: Self, bc: Seq<Self::Item>, c: Self) {}
77}