creusot_contracts/std/iter/
take.rs1#[cfg(creusot)]
2use crate::resolve::structural_resolve;
3use crate::{invariant::*, prelude::*};
4use std::iter::Take;
5
6pub trait TakeExt<I> {
7 #[logic]
8 fn iter(self) -> I;
9
10 #[logic]
11 fn iter_mut(&mut self) -> &mut I;
12
13 #[logic]
14 fn n(self) -> usize;
15}
16
17impl<I> TakeExt<I> for Take<I> {
18 #[logic(opaque)]
19 fn iter(self) -> I {
20 dead
21 }
22
23 #[trusted]
24 #[logic(opaque)]
25 #[ensures((*self).iter() == *result && (^self).iter() == ^result)]
26 fn iter_mut(&mut self) -> &mut I {
27 dead
28 }
29
30 #[logic(opaque)]
31 fn n(self) -> usize {
32 dead
33 }
34}
35
36impl<I: Iterator> Invariant for Take<I> {
37 #[logic(prophetic, open, inline)]
38 fn invariant(self) -> bool {
39 inv(self.iter())
40 }
41}
42
43impl<I> Resolve for Take<I> {
44 #[logic(open, prophetic, inline)]
45 fn resolve(self) -> bool {
46 resolve(self.iter())
47 }
48
49 #[trusted]
50 #[logic(prophetic)]
51 #[requires(structural_resolve(self))]
52 #[ensures(self.resolve())]
53 fn resolve_coherence(self) {}
54}
55
56impl<I: IteratorSpec> IteratorSpec for Take<I> {
57 #[logic(open, prophetic)]
58 fn completed(&mut self) -> bool {
59 pearlite! {
60 self.n()@ == 0 && resolve(self) ||
61 (*self).n()@ > 0 && (*self).n()@ == (^self).n()@ + 1 && self.iter_mut().completed()
62 }
63 }
64
65 #[logic(open, prophetic)]
66 fn produces(self, visited: Seq<Self::Item>, o: Self) -> bool {
67 pearlite! {
68 self.n()@ == o.n()@ + visited.len() && self.iter().produces(visited, o.iter())
69 }
70 }
71
72 #[logic(law)]
73 #[ensures(self.produces(Seq::empty(), self))]
74 fn produces_refl(self) {}
75
76 #[logic(law)]
77 #[requires(a.produces(ab, b))]
78 #[requires(b.produces(bc, c))]
79 #[ensures(a.produces(ab.concat(bc), c))]
80 fn produces_trans(a: Self, ab: Seq<Self::Item>, b: Self, bc: Seq<Self::Item>, c: Self) {}
81}