creusot_contracts/std/
array.rs1#[cfg(creusot)]
2use crate::resolve::structural_resolve;
3use crate::{invariant::*, logic::ops::IndexLogic, prelude::*};
4use std::array::*;
5
6impl<T, const N: usize> Invariant for [T; N] {
7 #[logic(open, prophetic)]
8 fn invariant(self) -> bool {
9 pearlite! { inv(self@) && self@.len() == N@ }
10 }
11}
12
13impl<T, const N: usize> View for [T; N] {
14 type ViewTy = Seq<T>;
15
16 #[logic]
17 #[cfg_attr(target_pointer_width = "16", builtin("creusot.slice.Slice16.view"))]
18 #[cfg_attr(target_pointer_width = "32", builtin("creusot.slice.Slice32.view"))]
19 #[cfg_attr(target_pointer_width = "64", builtin("creusot.slice.Slice64.view"))]
20 fn view(self) -> Self::ViewTy {
21 dead
22 }
23}
24
25impl<T: DeepModel, const N: usize> DeepModel for [T; N] {
26 type DeepModelTy = Seq<T::DeepModelTy>;
27
28 #[trusted]
29 #[logic(opaque)]
30 #[ensures(self.view().len() == result.len())]
31 #[ensures(forall<i> 0 <= i && i < result.len() ==> result[i] == self[i].deep_model())]
32 fn deep_model(self) -> Self::DeepModelTy {
33 dead
34 }
35}
36
37impl<T, const N: usize> Resolve for [T; N] {
38 #[logic(open, prophetic, inline)]
39 #[creusot::trusted_trivial_if_param_trivial]
40 fn resolve(self) -> bool {
41 pearlite! { forall<i: Int> 0 <= i && i < N@ ==> resolve(self@[i]) }
42 }
43
44 #[trusted]
45 #[logic(prophetic)]
46 #[requires(structural_resolve(self))]
47 #[ensures(self.resolve())]
48 fn resolve_coherence(self) {}
49}
50
51impl<T, const N: usize> IndexLogic<Int> for [T; N] {
52 type Item = T;
53
54 #[logic(open, inline)]
55 fn index_logic(self, ix: Int) -> Self::Item {
56 pearlite! { self@[ix] }
57 }
58}
59
60impl<T, const N: usize> IndexLogic<usize> for [T; N] {
61 type Item = T;
62
63 #[logic(open, inline)]
64 fn index_logic(self, ix: usize) -> Self::Item {
65 pearlite! { self@[ix@] }
66 }
67}
68
69impl<T, const N: usize> View for IntoIter<T, N> {
70 type ViewTy = Seq<T>;
71
72 #[logic(opaque)]
73 fn view(self) -> Self::ViewTy {
74 dead
75 }
76}
77
78impl<T, const N: usize> IteratorSpec for IntoIter<T, N> {
79 #[logic(open, prophetic)]
80 fn produces(self, visited: Seq<Self::Item>, o: Self) -> bool {
81 pearlite! { self@ == visited.concat(o@) }
82 }
83
84 #[logic(open, prophetic)]
85 fn completed(&mut self) -> bool {
86 pearlite! { resolve(self) && self@ == Seq::empty() }
87 }
88
89 #[logic(open, law)]
90 #[ensures(self.produces(Seq::empty(), self))]
91 fn produces_refl(self) {}
92
93 #[logic(open, law)]
94 #[requires(a.produces(ab, b))]
95 #[requires(b.produces(bc, c))]
96 #[ensures(a.produces(ab.concat(bc), c))]
97 fn produces_trans(a: Self, ab: Seq<Self::Item>, b: Self, bc: Seq<Self::Item>, c: Self) {}
98}
99
100extern_spec! {
101 impl<T, const N: usize> IntoIterator for [T; N] {
102 #[check(ghost)]
103 #[ensures(self@ == result@)]
104 fn into_iter(self) -> std::array::IntoIter<T, N>;
105 }
106
107 impl<T: Clone, const N: usize> Clone for [T; N] {
108 #[ensures(forall<i> 0 <= i && i < self@.len() ==>
109 T::clone.postcondition((&self@[i],), result@[i]))]
110 fn clone(&self) -> [T; N];
111 }
112}