Skip to content

Commit d20a094

Browse files
squellsquell
committed
cleanup
1 parent 3e1f660 commit d20a094

1 file changed

Lines changed: 5 additions & 11 deletions

File tree

proofs/sudoers.mlw

Lines changed: 5 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -9,16 +9,10 @@ use witness.Witness
99
(* model for a hashmap *)
1010
type table 'id 'value
1111

12-
function contains_key (t: table 'id 'value) (key: 'id): bool
12+
val function contains_key (t: table 'id 'value) (key: 'id): bool
1313

14-
val contains_key (t: table 'id 'value) (key: 'id): bool
15-
ensures { result = contains_key t key }
16-
17-
function get (t: table 'id 'value) (key: 'id): 'value
18-
19-
val get (t: table 'id 'value) (key: 'id): 'value
14+
val function get (t: table 'id 'value) (key: 'id): 'value
2015
requires { contains_key t key }
21-
ensures { result = get t key }
2216

2317
(* loose models for the types in sudoers::Ast *)
2418

@@ -129,7 +123,7 @@ let function fmap_get (t: fmap 'id 'v) (k: 'id): 'v
129123
= any 'v ensures { result = Fmap.find k t }
130124

131125
clone export FindItem
132-
with type table = fmap, function contains_key = fmap_contains_key, function get = fmap_get
126+
with type table = fmap, val contains_key = fmap_contains_key, val get = fmap_get
133127

134128
clone fmap.MapImp as H
135129
with type key = name
@@ -152,7 +146,7 @@ let lemma prepending_doesnt_change_match (x: spec () 'a) (set: found_aliases) (p
152146
ensures { final_match (matched_by set pred) specs = final_match (matched_by set pred) (cons x specs) }
153147
= for j = 0 to length specs - 1 do
154148
invariant { exists i. j <= i < length specs /\ matched_by set pred specs[i] }
155-
if matched_by set pred specs[j] && any bool ensures { result <-> forall k. j < k < length specs -> not matched_by set pred specs[k] } then
149+
if matched_by set pred specs[j] && pure { forall k. j < k < length specs -> not matched_by set pred specs[k] } then
156150
begin
157151
assert { specs[j] = (cons x specs)[j+1] };
158152
assert { final_match (matched_by set pred) specs = specs[j] };
@@ -167,7 +161,7 @@ let lemma final_match_exists (pred: 'a -> bool) (a: seq 'a)
167161
ensures { exists j. is_final_match pred a j }
168162
= for k = 0 to a.length - 1 do
169163
invariant { exists i. k <= i < length a /\ pred a[i] }
170-
if any bool ensures { result <-> forall j. k < j < length a -> not pred a[j] } then break
164+
if pure { forall j. k < j < length a -> not pred a[j] } then break
171165
done
172166

173167
let get_aliases (table: seq (def 'a)) (pred: 'a -> bool): found_aliases

0 commit comments

Comments
 (0)