Skip to content

New approach to specifying iterators via a prophetic sequence encoding#2163

Draft
parno wants to merge 190 commits intomainfrom
iter-clean
Draft

New approach to specifying iterators via a prophetic sequence encoding#2163
parno wants to merge 190 commits intomainfrom
iter-clean

Conversation

@parno
Copy link
Collaborator

@parno parno commented Feb 10, 2026

So far, this only updates the iterator definitions for Vec and Range. If we decide we like this style, we'll need to update the other containers, as well as Slice for &Vec.

By submitting this pull request, I confirm that my contribution is made under the terms of the MIT license.

Chris-Hawblitzel and others added 30 commits June 17, 2025 10:06
@Chris-Hawblitzel
Add examples of styles of iterator specification from last year's dis…
ec101c3 
…cussions
@parno
Eliminate compiler errors/warnings.
2c6443b
@parno
Factor code into two separate modules, so that we can broadcast use
e203f3c 
generic proofs about iterator properties.
@parno
Import work on iters3.rs into a project for faster iteration in VS Code.
b7f6c4c
@parno
Restore the iters to a verifying state.
ac84622
@parno
Remove some redundancy and update crate versions.
0702c69
@parno
Add a constructor for Take3 and use it in a some tests
44fadba
@parno
It turns out we don't need the "inner details" of the vec iterator
d1ead26 
for the Skip/Take proofs to go through.
@parno
Specify the postcondition of reaches_monotonic more succinctly
3daf608
@parno
Work towards a DoubleEndedIterator
8bffda8
@parno
Attempt to prove apply_ops_concat
0b46fa9
@parno
Prove reaches_monotonic
09c27db
@parno
Prove that next() maintains inv.
d17c285
@parno
Prove Next given an assumed lemma
cdcec84
@parno
Prove the final lemma.
275c705
@parno
Proof for next_back
11219b7
@parno
Prove that new establishes a valid MyVecFancyIter
cb63eba
@parno
Restore all but one test
abb76ef
@parno
Fix the last test
aa44d64
@parno
Additional experiments with a Rev iterator, and a generic test
11c7288
@parno
New approach works on the first test.
9678f7b
@parno
Work on reviving Take3
6e538c7
@parno
Eliminate outputs()
ae4dfeb
@parno
Clean up
a8124bf
@parno
Restore more examples. This time, Take3 doesn't need to know about
577c23f 
all_next(), which is an improvement on the old design.
@parno
Eliminate the all_next requirement for Skip3 and replace it with a more
751b889 
reasonable invariant that says we only perform Next operations.
This suffices to restore two Skip3 tests.
@parno
Restore more tests.
827bdca
@parno
Simplify definition of events for Skip3
b1cf25b
@parno
Adjust triggers so that our generic example goes through.
33a64b7
@parno
Restore DoubleEndedIter
12761d5
tjhance and others added 25 commits February 10, 2026 10:36
@tjhance @parno
internal docs: more docs for VIR Place
15314c0
@tjhance @parno
update comment
0292fb5
@tjhance @parno
enforce alignment for PointsTo (#1900)
2ed06f7
@tjhance @parno
vstd cell restructuring (#2032)
afafb48
@bsdinis @parno
cfg_features: add verus_in_verification feature and documentation o…
7d90eda 
…n how to use it. (#2104)

* cfg_features: add verus_in_verification feature

In relation to #2063, this commit adds a new verus_in_verification
feature flag that is intended for client usage (but only on use
statements). Usage outside use statements can serve as an escape hatch
for verification, possibly introducing unsoundness.

This commit also adds documentation in the guide about the feature flag,
how to use it and its pitfalls.

* cfg_features: add allow unexpected_cfgs to default Cargo.toml generated by cargo-verus
@tjhance @parno
Allow mut refs to tracked locations (#2121)
806a405
@tjhance @parno
add a test about Tracked<&mut _> params
9a5a703
@tjhance @parno
fix implicit reborrows in tracked code
1ba5123
@Chris-Hawblitzel @parno
Fix redirect_calls_in_default_methods to account for generic trait fu…
3045237 
…nctions
@bsdinis @parno
ci: cancel in progress worflows for the same PR (#2139)
a7b4011 
This should save some CI time
@parno @Chris-Hawblitzel
Fix of GitHub issue #2047 (#2129)
8452fdf 
Create a direct call in the call graph for a function call within an extension trait impl, addressing a false positive in the cyclic dependency check.

Fixes #2047

---------

Co-authored-by: Chris Hawblitzel <Chris.Hawblitzel@microsoft.com>
@tjhance @parno
add migrate_postconditions_with_mut_refs to vstd (#2144)
5c6bf77
@parno
Remove notes from clean branch.
7f2f9fc
@parno
Unify deguar functions
11dc405
@parno
Merge branch 'main' into iter-clean
714f25b
@parno
Initial effort to add a new Iterator spec for Range
93d85d0
@parno
Implement the new Iterator trait for Range, to the point where
d4cd561 
a basic test passes.
@parno
Work towards getting Range examples working.
bf77fa2 
Restores `peek`, but that causes a panic.
@parno
Strengthen Range's initial_value_inv, so that the test cases pass.
bae7472
@parno
Fix some test cases.
70a783d
@parno
Adjust some failing tests.
2785833
@parno
loops test passes
99e9c3d
@parno
Apply similar changes to loops_no_spinoff.rs
f995d28
@parno
Fix some failing example tests.
2efb8f2
@parno
vargo fmt
c1047ec
parno
parno commented Feb 10, 2026
View reviewed changes
source/rust_verify_test/tests/loops_no_spinoff.rs
}
} => Ok(())
}
//test_verify_one_file_with_options! {
Copy link
Collaborator Author

@parno parno Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wasn't sure if we still wanted a test along these lines, but I can cook one up if we do.

parno
parno commented Feb 10, 2026
View reviewed changes
source/vir/src/prelude.rs
Copy link
Collaborator Author

@parno parno Feb 10, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I initially couldn't remember why this file changed, but it was due to 612d209 to make the encoding of the decreases clause more flexible.

@parno parno mentioned this pull request Feb 10, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Chris-Hawblitzel Chris-Hawblitzel Awaiting requested review from Chris-Hawblitzel

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@parno @Chris-Hawblitzel @tjhance @bsdinis @elanortang @mkovaxx @jaylorch