Update tests

Author: arnaudgolfouse

tests/creusot-contracts/creusot-contracts.coma

@@ -1,12 +1,12 @@
 module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs" 10 0 10 46]
-  let%span s01_resolve_unsoundness = "01_resolve_unsoundness.rs" 12 16 12 17
-  let%span s01_resolve_unsoundness'0 = "01_resolve_unsoundness.rs" 13 16 13 37
-  let%span s01_resolve_unsoundness'1 = "01_resolve_unsoundness.rs" 15 17 15 22
-  let%span s01_resolve_unsoundness'2 = "01_resolve_unsoundness.rs" 16 13 16 14
-  let%span s01_resolve_unsoundness'3 = "01_resolve_unsoundness.rs" 9 10 9 29
-  let%span svec = "../../../creusot-contracts/src/std/vec.rs" 72 26 72 44
-  let%span svec'0 = "../../../creusot-contracts/src/std/vec.rs" 85 26 85 56
-  let%span svec'1 = "../../../creusot-contracts/src/std/vec.rs" 21 14 21 41
+  let%span s01_resolve_unsoundness = "01_resolve_unsoundness.rs" 9 10 9 29
+  let%span s01_resolve_unsoundness'0 = "01_resolve_unsoundness.rs" 12 16 12 17
+  let%span s01_resolve_unsoundness'1 = "01_resolve_unsoundness.rs" 13 16 13 37
+  let%span s01_resolve_unsoundness'2 = "01_resolve_unsoundness.rs" 15 17 15 22
+  let%span s01_resolve_unsoundness'3 = "01_resolve_unsoundness.rs" 16 13 16 14
+  let%span svec = "../../../creusot-contracts/src/std/vec.rs" 21 14 21 41
+  let%span svec'0 = "../../../creusot-contracts/src/std/vec.rs" 72 26 72 44
+  let%span svec'1 = "../../../creusot-contracts/src/std/vec.rs" 85 26 85 56
   let%span sord = "../../../creusot-contracts/src/logic/ord.rs" 129 39 129 89
   let%span sord'0 = "../../../creusot-contracts/src/logic/ord.rs" 134 39 134 86
   let%span sord'1 = "../../../creusot-contracts/src/logic/ord.rs" 139 39 139 86
@@ -20,7 +20,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs"
   let%span sord'9 = "../../../creusot-contracts/src/logic/ord.rs" 167 40 167 73
   let%span sord'10 = "../../../creusot-contracts/src/logic/ord.rs" 168 39 168 69
   let%span sord'11 = "../../../creusot-contracts/src/logic/ord.rs" 173 39 173 84
-  let%span sord'12 = "../../../creusot-contracts/src/logic/ord.rs" 230 16 236 17
+  let%span sord'12 = "../../../creusot-contracts/src/logic/ord.rs" 260 16 266 17
   let%span smodel = "../../../creusot-contracts/src/model.rs" 62 8 62 22
 
   use creusot.prelude.Opaque
@@ -52,10 +52,10 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs"
 
   function view (self: t_Vec) : Seq.seq bool
 
-  axiom view_spec: forall self: t_Vec. [%#svec'1] Seq.length (view self) <= UInt64.t'int v_MAX
+  axiom view_spec: forall self: t_Vec. [%#svec] Seq.length (view self) <= UInt64.t'int v_MAX
 
   let rec new (return'  (x:t_Vec))= any
-    [ return''0 (result:t_Vec)-> {[%#svec] Seq.length (view result) = 0} (! return' {result}) ]
+    [ return''0 (result:t_Vec)-> {[%#svec'0] Seq.length (view result) = 0} (! return' {result}) ]
 
 
   type t_Ordering  =
@@ -109,28 +109,28 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs"
     [%#smodel] view self.current
 
   let rec push (self_:MutBorrow.t t_Vec) (v:bool) (return'  (x:()))= any
-    [ return''0 (result:())-> {[%#svec'0] view self_.final = Seq.snoc (view'0 self_) v} (! return' {result}) ]
+    [ return''0 (result:())-> {[%#svec'1] view self_.final = Seq.snoc (view'0 self_) v} (! return' {result}) ]
 
 
   meta "compute_max_steps" 1000000
 
   let rec make_vec_of_size[#"01_resolve_unsoundness.rs" 10 0 10 46] (n:UInt64.t) (return'  (x:t_Vec))= (! bb0
     [ bb0 = s0 [ s0 = new (fun (_ret:t_Vec) ->  [ &out <- _ret ] s1) | s1 = bb1 ] 
-    | bb1 = s0 [ s0 =  [ &i <- [%#s01_resolve_unsoundness] (0: UInt64.t) ] s1 | s1 = bb2 ] 
+    | bb1 = s0 [ s0 =  [ &i <- [%#s01_resolve_unsoundness'0] (0: UInt64.t) ] s1 | s1 = bb2 ] 
     | bb2 = bb2'0
-      [ bb2'0 = {[@expl:loop invariant] [%#s01_resolve_unsoundness'0] UInt64.le (0: UInt64.t) i /\ UInt64.le i n'0}
+      [ bb2'0 = {[@expl:loop invariant] [%#s01_resolve_unsoundness'1] UInt64.le (0: UInt64.t) i /\ UInt64.le i n'0}
         (! s0) [ s0 = bb3 ] 
         [ bb3 = s0
           [ s0 =  [ &_10 <- UInt64.le i n'0 ] s1 | s1 = any [ br0 -> {_10 = false} (! bb6) | br1 -> {_10} (! bb4) ]  ]
 
         | bb4 = s0
           [ s0 = MutBorrow.borrow_mut <t_Vec> {out}
               (fun (_ret:MutBorrow.t t_Vec) ->  [ &_14 <- _ret ]  [ &out <- _ret.final ] s1)
-          | s1 = push {_14} {[%#s01_resolve_unsoundness'1] false} (fun (_ret:()) ->  [ &_13 <- _ret ] s2)
+          | s1 = push {_14} {[%#s01_resolve_unsoundness'2] false} (fun (_ret:()) ->  [ &_13 <- _ret ] s2)
           | s2 = bb5 ]
 
         | bb5 = s0
-          [ s0 = UInt64.add {i} {[%#s01_resolve_unsoundness'2] (1: UInt64.t)}
+          [ s0 = UInt64.add {i} {[%#s01_resolve_unsoundness'3] (1: UInt64.t)}
               (fun (_ret:UInt64.t) ->  [ &i <- _ret ] s1)
           | s1 = bb2'0 ]
          ]
@@ -147,7 +147,7 @@ module M_01_resolve_unsoundness__make_vec_of_size [#"01_resolve_unsoundness.rs"
     | & _13: () = Any.any_l ()
     | & _14: MutBorrow.t t_Vec = Any.any_l () ]
 
-    [ return''0 (result:t_Vec)-> {[@expl:make_vec_of_size ensures] [%#s01_resolve_unsoundness'3] Seq.length (view result)
+    [ return''0 (result:t_Vec)-> {[@expl:make_vec_of_size ensures] [%#s01_resolve_unsoundness] Seq.length (view result)
       = UInt64.t'int n}
       (! return' {result}) ]
 

tests/creusot-contracts/creusot-contracts/why3session.xml

@@ -2,15 +2,19 @@ module M_1204__evil [#"1204.rs" 8 0 8 22]
   let%span s1204 = "1204.rs" 6 11 6 16
   let%span s1204'0 = "1204.rs" 7 10 7 11
   let%span s1204'1 = "1204.rs" 9 4 9 16
+  let%span swell_founded = "../../../creusot-contracts/src/well_founded.rs" 39 8 39 33
 
   use mach.int.Int
 
+  predicate well_founded_relation (self: int) (other: int) =
+    [%#swell_founded] self >= 0 /\ self > other
+  
   constant x  : int
 
   function evil [#"1204.rs" 8 0 8 22] (x'0: int) : int
 
   goal vc_evil: ([%#s1204] false)
-   -> ([@expl:evil requires] [%#s1204] false) /\ 0 <= ([%#s1204'0] x) /\ ([%#s1204'0] - x) < ([%#s1204'0] x)
+   -> ([@expl:evil requires] [%#s1204] false) /\ well_founded_relation ([%#s1204'0] x) ([%#s1204'0] - x)
 end
 module M_1204__wrong [#"1204.rs" 14 0 14 10]
   let%span s1204 = "1204.rs" 13 10 13 15

tests/creusot-contracts/creusot-contracts/why3shapes.gz

@@ -9,14 +9,14 @@
 <file format="coma">
 <path name=".."/><path name="1204.coma"/>
 <theory name="M_1204__evil" proved="true">
- <goal name="vc_evil&#39;0" proved="true">
+ <goal name="vc_evil" proved="true">
  <proof prover="3"><result status="valid" time="0.021834" steps="0"/></proof>
  </goal>
 </theory>
 <theory name="M_1204__wrong">
- <goal name="vc_wrong&#39;0">
+ <goal name="vc_wrong">
  <transf name="split_vc" >
-  <goal name="vc_wrong&#39;0.0" expl="evil requires">
+  <goal name="vc_wrong.0" expl="evil requires">
   <proof prover="0"><result status="unknown" time="0.013960" steps="8"/></proof>
   <proof prover="1"><result status="unknown" time="0.014204" steps="34"/></proof>
   <proof prover="2"><result status="unknown" time="0.011006" steps="47"/></proof>

tests/should_fail/bug/01_resolve_unsoundness.coma

@@ -29,6 +29,9 @@ module M_222__uses_invariant [#"222.rs" 40 0 40 41]
     | C_None
     | C_Some t_T
 
+  type t_Once  =
+    { t_Once__0: t_Option }
+  
   predicate inv (_0: t_T)
 
   predicate inv'0 (_0: t_Option)
@@ -39,17 +42,31 @@ module M_222__uses_invariant [#"222.rs" 40 0 40 41]
     | C_Some a_0 -> inv a_0
     end
 
-  type t_Once  =
-    { t_Once__0: t_Option }
+  predicate inv'1 (_0: t_Once)
+  
+  axiom inv_axiom'0 [@rewrite]: forall x: t_Once [inv'1 x]. inv'1 x
+  = match x with
+    | {t_Once__0 = a_0} -> inv'0 a_0
+    end
+  
+  predicate invariant' (self: MutBorrow.t t_Once) =
+    [%#sinvariant] inv'1 self.current /\ inv'1 self.final
+  
+  predicate inv'2 (_0: MutBorrow.t t_Once)
+  
+  axiom inv_axiom'1 [@rewrite]: forall x: MutBorrow.t t_Once [inv'2 x]. inv'2 x = invariant' x
 
-  predicate invariant' (self: MutBorrow.t t_Option) =
+  predicate invariant''0 [#"222.rs" 29 4 29 30] (self: t_Once) =
+    [%#s222'2] true
+  
+  predicate invariant''1 (self: MutBorrow.t t_Option) =
     [%#sinvariant] inv'0 self.current /\ inv'0 self.final
 
-  predicate inv'1 (_0: MutBorrow.t t_Option)
+  predicate inv'3 (_0: MutBorrow.t t_Option)
 
-  axiom inv_axiom'0 [@rewrite]: forall x: MutBorrow.t t_Option [inv'1 x]. inv'1 x = invariant' x
+  axiom inv_axiom'2 [@rewrite]: forall x: MutBorrow.t t_Option [inv'3 x]. inv'3 x = invariant''1 x
 
-  let rec take (self_:MutBorrow.t t_Option) (return'  (x:t_Option))= {[@expl:take 'self_' type invariant] [%#soption] inv'1 self_}
+  let rec take (self_:MutBorrow.t t_Option) (return'  (x:t_Option))= {[@expl:take 'self_' type invariant] [%#soption] inv'3 self_}
     any
     [ return''0 (result:t_Option)-> {inv'0 result}
       {[%#soption'0] result = self_.current /\ self_.final = C_None}
@@ -67,33 +84,16 @@ module M_222__uses_invariant [#"222.rs" 40 0 40 41]
   predicate resolve'1 (_0: t_Option) =
     resolve'0 _0
 
-  predicate inv'2 (_0: t_Once)
-  
-  axiom inv_axiom'1 [@rewrite]: forall x: t_Once [inv'2 x]. inv'2 x
-  = match x with
-    | {t_Once__0 = a_0} -> inv'0 a_0
-    end
-  
-  predicate invariant''0 (self: MutBorrow.t t_Once) =
-    [%#sinvariant] inv'2 self.current /\ inv'2 self.final
-  
-  predicate inv'3 (_0: MutBorrow.t t_Once)
-  
-  axiom inv_axiom'2 [@rewrite]: forall x: MutBorrow.t t_Once [inv'3 x]. inv'3 x = invariant''0 x
-  
   predicate resolve'2 (self: MutBorrow.t t_Once) =
     [%#sresolve'0] self.final = self.current
 
   predicate resolve'3 (_0: MutBorrow.t t_Once) =
     resolve'2 _0
 
-  predicate invariant''1 [#"222.rs" 29 4 29 30] (self: t_Once) =
-    [%#s222'2] true
-  
   meta "compute_max_steps" 1000000
 
-  let rec uses_invariant[#"222.rs" 40 0 40 41] (x:MutBorrow.t t_Once) (return'  (x'0:()))= {[@expl:uses_invariant 'x' type invariant] [%#s222] inv'3 x}
-    {[@expl:uses_invariant requires] [%#s222'0] invariant''1 x.current}
+  let rec uses_invariant[#"222.rs" 40 0 40 41] (x:MutBorrow.t t_Once) (return'  (x'0:()))= {[@expl:uses_invariant 'x' type invariant] [%#s222] inv'2 x}
+    {[@expl:uses_invariant requires] [%#s222'0] invariant''0 x.current}
     (! bb0
     [ bb0 = s0
       [ s0 = {inv'0 (x'0.current).t_Once__0}
@@ -108,12 +108,12 @@ module M_222__uses_invariant [#"222.rs" 40 0 40 41]
       | s3 = -{resolve'1 _4}- s4
       | s4 = bb1 ]
 
-    | bb1 = s0 [ s0 = {[@expl:type invariant] inv'3 x'0} s1 | s1 = -{resolve'3 x'0}- s2 | s2 = bb2 ] 
+    | bb1 = s0 [ s0 = {[@expl:type invariant] inv'2 x'0} s1 | s1 = -{resolve'3 x'0}- s2 | s2 = bb2 ] 
     | bb2 = return''0 {_0} ]
     )
     [ & _0: () = Any.any_l ()
     | & x'0: MutBorrow.t t_Once = x
     | & _4: t_Option = Any.any_l ()
     | & _5: MutBorrow.t t_Option = Any.any_l () ]
-     [ return''0 (result:())-> {[@expl:uses_invariant ensures] [%#s222'1] invariant''1 x.final} (! return' {result}) ] 
+     [ return''0 (result:())-> {[@expl:uses_invariant ensures] [%#s222'1] invariant''0 x.final} (! return' {result}) ] 
 end

tests/should_fail/bug/1204.coma

@@ -9,16 +9,16 @@
 <file format="coma">
 <path name=".."/><path name="222.coma"/>
 <theory name="M_222__A__is_true">
- <goal name="vc_is_true&#39;0">
+ <goal name="vc_is_true">
  <proof prover="0"><result status="unknown" time="0.021949" steps="3"/></proof>
  <proof prover="1"><result status="unknown" time="0.018668" steps="51"/></proof>
  <proof prover="3"><result status="unknown" time="0.015903" steps="64"/></proof>
  <proof prover="6"><result status="unknown" time="0.016368" steps="59"/></proof>
  </goal>
 </theory>
 <theory name="M_222__uses_invariant" proved="true">
- <goal name="vc_uses_invariant&#39;0" proved="true">
- <proof prover="6" timelimit="1"><result status="valid" time="0.008047" steps="2669"/></proof>
+ <goal name="vc_uses_invariant" proved="true">
+ <proof prover="6" timelimit="1"><result status="valid" time="0.008047" steps="2672"/></proof>
  </goal>
 </theory>
 </file>