creusot_contracts/std/iter/
take.rs1#[cfg(creusot)]
2use crate::resolve::structural_resolve;
3use crate::{invariant::*, std::iter::Take, *};
4
5pub trait TakeExt<I> {
6 #[logic]
7 fn iter(self) -> I;
8
9 #[logic]
10 fn iter_mut(&mut self) -> &mut I;
11
12 #[logic]
13 fn n(self) -> Int;
14}
15
16impl<I> TakeExt<I> for Take<I> {
17 #[trusted]
18 #[logic(opaque)]
19 #[ensures(inv(self) ==> inv(result))]
20 fn iter(self) -> I {
21 dead
22 }
23
24 #[trusted]
25 #[logic(opaque)]
26 #[ensures((*self).iter() == *result && (^self).iter() == ^result)]
27 fn iter_mut(&mut self) -> &mut I {
28 dead
29 }
30
31 #[trusted]
32 #[logic(opaque)]
33 #[ensures(result >= 0 && result <= usize::MAX@)]
34 fn n(self) -> Int {
35 dead
36 }
37}
38
39impl<I> Resolve for Take<I> {
40 #[logic(open, prophetic, inline)]
41 fn resolve(self) -> bool {
42 resolve(self.iter())
43 }
44
45 #[trusted]
46 #[logic(prophetic)]
47 #[requires(structural_resolve(self))]
48 #[ensures(self.resolve())]
49 fn resolve_coherence(self) {}
50}
51
52impl<I: Iterator> Iterator for Take<I> {
53 #[logic(open, prophetic)]
54 fn completed(&mut self) -> bool {
55 pearlite! {
56 self.n() == 0 && resolve(self) ||
57 (*self).n() > 0 && (*self).n() == (^self).n() + 1 && self.iter_mut().completed()
58 }
59 }
60
61 #[logic(open, prophetic)]
62 fn produces(self, visited: Seq<Self::Item>, o: Self) -> bool {
63 pearlite! {
64 self.n() == o.n() + visited.len() && self.iter().produces(visited, o.iter())
65 }
66 }
67
68 #[logic(law)]
69 #[ensures(self.produces(Seq::empty(), self))]
70 fn produces_refl(self) {}
71
72 #[logic(law)]
73 #[requires(a.produces(ab, b))]
74 #[requires(b.produces(bc, c))]
75 #[ensures(a.produces(ab.concat(bc), c))]
76 fn produces_trans(a: Self, ab: Seq<Self::Item>, b: Self, bc: Seq<Self::Item>, c: Self) {}
77}