allow const source buffers for memcpy

this commit should go hand-in-hand with FStarLang/karamel#537

Author: tahina-pro

lib/pulse/lib/Pulse.Lib.ArrayPtr.fst

@@ -227,37 +227,3 @@ fn join (#t: Type) (s1: ptr t) (#p: perm) (#v1: Seq.seq t) (s2: ptr t) (#v2: Seq
     A.pts_to_range_join s1.base (SZ.v s1.offset) (SZ.v s1.offset + Seq.length v1) (SZ.v s1.offset + Seq.length v1 + Seq.length v2);
     fold_pts_to s1 #p (Seq.append v1 v2)
 }
-
-module R = Pulse.Lib.Reference
-
-fn memcpy
-    (#t:Type0) (#p0:perm)
-    (src:ptr t) (idx_src: SZ.t)
-    (dst:ptr t) (idx_dst: SZ.t)
-    (len: SZ.t)
-    (#s0:Ghost.erased (Seq.seq t) { SZ.v idx_src + SZ.v len <= Seq.length s0 })
-    (#s1:Ghost.erased (Seq.seq t) { SZ.v idx_dst + SZ.v len <= Seq.length s1 })
-  requires pts_to src #p0 s0 ** pts_to dst s1
-  ensures pts_to src #p0 s0 **
-    pts_to dst (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1))
-{
-  let mut i = 0sz;
-  while (let vi = !i; SZ.lt vi len)
-    invariant b. exists* s1' vi.
-      R.pts_to i vi **
-      pts_to src #p0 s0 **
-      pts_to dst s1' **
-      pure (b == SZ.lt vi len /\ SZ.lte vi len /\
-        Seq.length s1' == Seq.length s1 /\
-        forall (j:nat). j < Seq.length s1' ==>
-          Seq.index s1' j == (if j < SZ.v vi then Seq.index s0 j else Seq.index s1 j))
-  {
-    let vi = !i;
-    let x = src.(vi);
-    dst.(vi) <- x;
-    i := SZ.add vi 1sz;
-  };
-  with s1'. assert pts_to dst s1';
-  assert pure (s1' `Seq.equal`
-    (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1)))
-}

lib/pulse/lib/Pulse.Lib.ArrayPtr.fsti

@@ -129,14 +129,3 @@ val ghost_split (#t: Type) (s: ptr t) (#p: perm) (i: SZ.t)
 val join (#t: Type) (s1: ptr t) (#p: perm) (#v1: Seq.seq t) (s2: ptr t) (#v2: Seq.seq t) : stt_ghost unit emp_inames
     (pts_to s1 #p v1 ** pts_to s2 #p v2 ** pure (adjacent s1 (Seq.length v1) s2))
     (fun _ -> pts_to s1 #p (Seq.append v1 v2))
-
-val memcpy
-    (#t:Type0) (#p0:perm)
-    (src:ptr t) (idx_src: SZ.t)
-    (dst:ptr t) (idx_dst: SZ.t)
-    (len: SZ.t)
-    (#s0:Ghost.erased (Seq.seq t) { SZ.v idx_src + SZ.v len <= Seq.length s0 })
-    (#s1:Ghost.erased (Seq.seq t) { SZ.v idx_dst + SZ.v len <= Seq.length s1 })
-  : stt unit
-    (pts_to src #p0 s0 ** pts_to dst s1)
-    (fun _ -> pts_to src #p0 s0 ** pts_to dst (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1)))

lib/pulse/lib/Pulse.Lib.ConstArrayPtr.fst

@@ -45,3 +45,37 @@ let split #t s #p i #v = AP.split #t s #p i #v
 let ghost_split #t s #p i #v = AP.ghost_split #t s #p i #v
 
 let join #t s1 #p #v1 s2 #v2 = AP.join #t s1 #p #v1 s2 #v2
+
+module R = Pulse.Lib.Reference
+
+fn memcpy
+    (#t:Type0) (#p0:perm)
+    (src:ptr t) (idx_src: SZ.t)
+    (dst:ptr t) (idx_dst: SZ.t)
+    (len: SZ.t)
+    (#s0:Ghost.erased (Seq.seq t) { SZ.v idx_src + SZ.v len <= Seq.length s0 })
+    (#s1:Ghost.erased (Seq.seq t) { SZ.v idx_dst + SZ.v len <= Seq.length s1 })
+  requires pts_to src #p0 s0 ** pts_to dst s1
+  ensures pts_to src #p0 s0 **
+    pts_to dst (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1))
+{
+  let mut i = 0sz;
+  while (let vi = !i; SZ.lt vi len)
+    invariant b. exists* s1' vi.
+      R.pts_to i vi **
+      pts_to src #p0 s0 **
+      pts_to dst s1' **
+      pure (b == SZ.lt vi len /\ SZ.lte vi len /\
+        Seq.length s1' == Seq.length s1 /\
+        forall (j:nat). j < Seq.length s1' ==>
+          Seq.index s1' j == (if j < SZ.v vi then Seq.index s0 j else Seq.index s1 j))
+  {
+    let vi = !i;
+    let x = src.(vi);
+    AP.op_Array_Assignment dst vi x;
+    i := SZ.add vi 1sz;
+  };
+  with s1'. assert pts_to dst s1';
+  assert pure (s1' `Seq.equal`
+    (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1)))
+}

lib/pulse/lib/Pulse.Lib.ConstArrayPtr.fsti

@@ -119,3 +119,14 @@ val ghost_split (#t: Type) (s: ptr t) (#p: perm) (i: SZ.t)
 val join (#t: Type) (s1: ptr t) (#p: perm) (#v1: Seq.seq t) (s2: ptr t) (#v2: Seq.seq t) : stt_ghost unit emp_inames
     (pts_to s1 #p v1 ** pts_to s2 #p v2 ** pure (adjacent s1 (Seq.length v1) s2))
     (fun _ -> pts_to s1 #p (Seq.append v1 v2))
+
+val memcpy
+    (#t:Type0) (#p0:perm)
+    (src:ptr t) (idx_src: SZ.t)
+    (dst:AP.ptr t) (idx_dst: SZ.t)
+    (len: SZ.t)
+    (#s0:Ghost.erased (Seq.seq t) { SZ.v idx_src + SZ.v len <= Seq.length s0 })
+    (#s1:Ghost.erased (Seq.seq t) { SZ.v idx_dst + SZ.v len <= Seq.length s1 })
+  : stt unit
+    (pts_to src #p0 s0 ** pts_to dst s1)
+    (fun _ -> pts_to src #p0 s0 ** pts_to dst (Seq.slice s0 0 (SZ.v len) `Seq.append` Seq.slice s1 (SZ.v len) (Seq.length s1)))

lib/pulse/lib/Pulse.Lib.MutableSlice.fst

@@ -18,6 +18,7 @@ module Pulse.Lib.MutableSlice
 #lang-pulse
 
 module AP = Pulse.Lib.ArrayPtr
+module Trade = Pulse.Lib.Trade.Util
 
 noeq
 type slice t = {
@@ -159,6 +160,41 @@ ensures
   fold_pts_to s #p v
 }
 
+module CAP = Pulse.Lib.ConstArrayPtr
+
+fn to_slice
+  (#t: Type) (s: slice t) (#p: perm) (#v: Ghost.erased (Seq.seq t))
+requires
+  pts_to s #p v
+returns res: S.slice t
+ensures
+  pts_to res #p v ** Trade.trade (pts_to res #p v) (pts_to s #p v)
+{
+  let len = len s;
+  pts_to_len s;
+  let a = slice_to_arrayptr_intro s;
+  ghost fn aux (_: unit)
+  requires slice_to_arrayptr s a ** pts_to a #p v
+  ensures pts_to s #p v
+  {
+    slice_to_arrayptr_elim a;
+  };
+  Trade.intro _ _ _ aux;
+  let ca = CAP.from_arrayptr a;
+  Trade.trans _ _ (pts_to s #p v);
+  let res = S.arrayptr_to_slice_intro ca len;
+  S.pts_to_len res;
+  ghost fn aux2 (_: unit)
+  requires S.arrayptr_to_slice ca res ** pts_to res #p v
+  ensures pts_to ca #p v
+  {
+    S.arrayptr_to_slice_elim res
+  };
+  Trade.intro _ _ _ aux2;
+  Trade.trans _ _ (pts_to s #p v);
+  res
+}
+
 fn op_Array_Access
         (#t: Type)
         (a: slice t)
@@ -324,19 +360,21 @@ fn subslice #t (s: slice t) #p (i j: SZ.t) (#v: erased (Seq.seq t) { SZ.v i <= S
 }
 
 fn copy
-  (#t: Type) (dst: slice t) (#p: perm) (src: slice t) (#v: Ghost.erased (Seq.seq t))
+  (#t: Type) (dst: slice t) (#p: perm) (src: S.slice t) (#v: Ghost.erased (Seq.seq t))
 requires
-  (exists* v_dst . pts_to dst v_dst ** pts_to src #p v ** pure (len src == len dst))
+  (exists* v_dst . pts_to dst v_dst ** pts_to src #p v ** pure (S.len src == len dst))
 ensures
   (pts_to dst v ** pts_to src #p v)
 {
   with v_dst . assert (pts_to dst v_dst);
   unfold_pts_to dst v_dst;
-  unfold_pts_to src #p v;
-  AP.memcpy src.elt 0sz dst.elt 0sz src.len;
-  fold_pts_to src #p v;
+  S.pts_to_len src;
+  let slen = S.len src;
+  let ssrc = S.slice_to_arrayptr_intro src;
+  CAP.memcpy ssrc 0sz dst.elt 0sz slen;
+  S.slice_to_arrayptr_elim ssrc;
   assert pure (v `Seq.equal`
-    Seq.append (Seq.slice v 0 (SZ.v src.len))
-      (Seq.slice v_dst (SZ.v src.len) (Seq.length v_dst)));
+    Seq.append (Seq.slice v 0 (SZ.v (S.len src)))
+      (Seq.slice v_dst (SZ.v (S.len src)) (Seq.length v_dst)));
   fold_pts_to dst v
 }

lib/pulse/lib/Pulse.Lib.MutableSlice.fsti

@@ -19,6 +19,8 @@ open FStar.Tactics.V2
 open Pulse.Lib.Pervasives
 module SZ = FStar.SizeT
 module A = Pulse.Lib.Array
+module S = Pulse.Lib.Slice
+module Trade = Pulse.Lib.Trade
 
 val slice ([@@@strictly_positive] elt: Type0) : Type0
 
@@ -80,6 +82,12 @@ val slice_to_arrayptr_elim (#t: Type) (a: AP.ptr t) (#p: perm) (#v: Seq.seq t) (
 
 (* END C only *)
 
+val to_slice
+  (#t: Type) (s: slice t) (#p: perm) (#v: Ghost.erased (Seq.seq t))
+: stt (S.slice t)
+  (pts_to s #p v)
+  (fun res -> pts_to res #p v ** Trade.trade (pts_to res #p v) (pts_to s #p v))
+
 (* Written x.(i) *)
 val op_Array_Access
         (#t: Type)
@@ -163,6 +171,6 @@ val subslice #t (s: slice t) #p (i j: SZ.t) (#v: erased (Seq.seq t) { SZ.v i <=
   stt (slice t) (pts_to s #p v)
     fun res -> pts_to res #p (Seq.slice v (SZ.v i) (SZ.v j)) ** subslice_rest res s p i j v
 
-val copy (#t: Type) (dst: slice t) (#p: perm) (src: slice t) (#v: Ghost.erased (Seq.seq t)) : stt unit
-    (exists* v_dst . pts_to dst v_dst ** pts_to src #p v ** pure (len src == len dst))
+val copy (#t: Type) (dst: slice t) (#p: perm) (src: S.slice t) (#v: Ghost.erased (Seq.seq t)) : stt unit
+    (exists* v_dst . pts_to dst v_dst ** pts_to src #p v ** pure (S.len src == len dst))
     (fun _ -> pts_to dst v ** pts_to src #p v)

lib/pulse/lib/Pulse.Lib.Slice.fst

@@ -160,39 +160,6 @@ ensures
   fold_pts_to s #p v
 }
 
-fn from_mutable_slice
-  (#t: Type) (s: MS.slice t) (#p: perm) (#v: Ghost.erased (Seq.seq t))
-requires
-  pts_to s #p v
-returns res: slice t
-ensures
-  pts_to res #p v ** Trade.trade (pts_to res #p v) (pts_to s #p v)
-{
-  let len = MS.len s;
-  MS.pts_to_len s;
-  let a = MS.slice_to_arrayptr_intro s;
-  ghost fn aux (_: unit)
-  requires MS.slice_to_arrayptr s a ** pts_to a #p v
-  ensures pts_to s #p v
-  {
-    MS.slice_to_arrayptr_elim a;
-  };
-  Trade.intro _ _ _ aux;
-  let ca = AP.from_arrayptr a;
-  Trade.trans _ _ (pts_to s #p v);
-  let res = arrayptr_to_slice_intro ca len;
-  pts_to_len res;
-  ghost fn aux2 (_: unit)
-  requires arrayptr_to_slice ca res ** pts_to res #p v
-  ensures pts_to ca #p v
-  {
-    arrayptr_to_slice_elim res
-  };
-  Trade.intro _ _ _ aux2;
-  Trade.trans _ _ (pts_to s #p v);
-  res
-}
-
 fn op_Array_Access
         (#t: Type)
         (a: slice t)

lib/pulse/lib/Pulse.Lib.Slice.fsti

@@ -20,7 +20,6 @@ open Pulse.Lib.Pervasives
 module SZ = FStar.SizeT
 module A = Pulse.Lib.Array
 module Trade = Pulse.Lib.Trade
-module MS = Pulse.Lib.MutableSlice
 
 val slice ([@@@strictly_positive] elt: Type0) : Type0
 
@@ -82,12 +81,6 @@ val slice_to_arrayptr_elim (#t: Type) (a: AP.ptr t) (#p: perm) (#v: Seq.seq t) (
 
 (* END C only *)
 
-val from_mutable_slice
-  (#t: Type) (s: MS.slice t) (#p: perm) (#v: Ghost.erased (Seq.seq t))
-: stt (slice t)
-  (pts_to s #p v)
-  (fun res -> pts_to res #p v ** Trade.trade (pts_to res #p v) (pts_to s #p v))
-
 (* Written x.(i) *)
 val op_Array_Access
         (#t: Type)

pulse2rust/src/Pulse2Rust.Extract.fst

@@ -655,6 +655,7 @@ and extract_mlexpr (g:env) (e:S.mlexpr) : expr =
   | S.MLE_App ({expr=S.MLE_TApp ({expr=S.MLE_Name p}, [_])}, e::_)
     when S.string_of_mlpath p = "Pulse.Lib.Slice.from_array"
      || S.string_of_mlpath p = "Pulse.Lib.MutableSlice.from_array"
+     || S.string_of_mlpath p = "Pulse.Lib.MutableSlice.to_slice"
     ->
     extract_mlexpr g e
   | S.MLE_App ({expr=S.MLE_TApp ({expr=S.MLE_Name p}, [_])}, e::_::i::_)

src/extraction/ExtractPulse.fst

@@ -141,6 +141,7 @@ let pulse_translate_expr : translate_expr_t = fun env e ->
   | MLE_App ({ expr = MLE_TApp({ expr = MLE_Name p }, _) }, [ x; _p; _w ])
     when string_of_mlpath p = "Pulse.Lib.ArrayPtr.from_array"
     || string_of_mlpath p = "Pulse.Lib.ConstArrayPtr.from_array"
+    || string_of_mlpath p = "Pulse.Lib.ConstArrayPtr.from_arrayptr"
     ->
     translate_expr env x
 
@@ -155,7 +156,7 @@ let pulse_translate_expr : translate_expr_t = fun env e ->
     EBufWrite (translate_expr env e, translate_expr env i, translate_expr env v)
 
   | MLE_App ({ expr = MLE_TApp({ expr = MLE_Name p }, _) }, [ _; e1; e2; e3; e4; e5; _; _ ])
-    when string_of_mlpath p = "Pulse.Lib.ArrayPtr.memcpy" ->
+    when string_of_mlpath p = "Pulse.Lib.ConstArrayPtr.memcpy" ->
     EBufBlit (translate_expr env e1, translate_expr env e2, translate_expr env e3, translate_expr env e4, translate_expr env e5)
 
   | MLE_App ({ expr = MLE_TApp({ expr = MLE_Name p }, _) }, [ b ])