project-everest
diff --git a/‎src/cbor/pulse/CBOR.Pulse.API.Base.fst‎
Lines changed: 5 additions & 0 deletions b/‎src/cbor/pulse/CBOR.Pulse.API.Base.fst‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎src/cbor/pulse/CBOR.Pulse.API.Det.Rust.Macros.fst‎
Lines changed: 21 additions & 7 deletions b/‎src/cbor/pulse/CBOR.Pulse.API.Det.Rust.Macros.fst‎
Lines changed: 21 additions & 7 deletions
diff --git a/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.C.fst‎
Lines changed: 4 additions & 0 deletions b/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.C.fst‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.Common.fst‎
Lines changed: 49 additions & 1 deletion b/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.Common.fst‎
Lines changed: 49 additions & 1 deletion
diff --git a/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.Rust.fst‎
Lines changed: 9 additions & 2 deletions b/‎src/cbor/pulse/raw/CBOR.Pulse.API.Det.Rust.fst‎
Lines changed: 9 additions & 2 deletions
@@ -1154,8 +1154,10 @@ fn mk_map_gen
   let bres = mk_map_gen_by_ref a dest;
   if bres {
     let res = !dest;
+    with res' . rewrite mk_map_gen_post vmatch1 vmatch2 a va pv vv res' as mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res);
     Some res
   } else {
+    with res' . rewrite mk_map_gen_post vmatch1 vmatch2 a va pv vv res' as mk_map_gen_post vmatch1 vmatch2 a va pv vv None;
     None #t1
   }
 }
@@ -1411,6 +1413,7 @@ fn mk_map_from_ref
   PM.seq_list_match_length (vmatch2 pv) va vv;
   let _ = mk_map_gen a dest;
   let res = !dest;
+  with res' . rewrite (mk_map_gen_post vmatch1 vmatch2 a va pv vv res') as (mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res));
   unfold (mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res));
   res
 }
@@ -1514,8 +1517,10 @@ fn map_get_as_option
   let bres = m x k dest;
   if bres {
     let res = !dest;
+    with res' . rewrite map_get_post vmatch x px vx vk res' as map_get_post vmatch x px vx vk (Some res);
     Some res
   } else {
+    with res' . rewrite map_get_post vmatch x px vx vk res' as map_get_post vmatch x px vx vk None;
     None #t
   }
 }
 
@@ -20,7 +20,13 @@ fn cbor_det_mk_int64'
   (v: _)
 {
   let mty = (if ty = cbor_major_type_uint64 then UInt64 else NegInt64);
-  cbor_det_mk_int64 mty v
+  let res = cbor_det_mk_int64 mty v;
+  with ty' . rewrite cbor_det_match 1.0R
+      res
+      (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CInt64 ty' v)) as cbor_det_match 1.0R
+      res
+      (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CInt64 ty v));
+  res
 }
 
 inline_for_extraction
@@ -32,6 +38,11 @@ fn cbor_det_mk_simple'
 {
   let Some res = cbor_det_mk_simple_value v;
   unfold (cbor_det_mk_simple_value_post v (Some res));
+  with res' . rewrite cbor_det_match 1.0R
+      res
+      res' as cbor_det_match 1.0R
+      res
+      (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CSimple v));
   res
 }
 
@@ -49,6 +60,7 @@ fn cbor_det_mk_string0
   let mty = (if ty = cbor_major_type_byte_string then ByteString else TextString);
   let res = cbor_det_mk_string mty s;
   let Some c = res;
+  with ty' res' . rewrite (cbor_det_mk_string_post ty' s p v res') as (cbor_det_mk_string_post ty s p v (Some c));
   unfold (cbor_det_mk_string_post ty s p v (Some c));
   c
 }
@@ -230,7 +242,7 @@ fn cbor_det_array_iterator_start'
   with p' . assert (cbor_det_view_match p' v y);
   let Array a = v;
   Trade.rewrite_with_trade
-    (cbor_det_view_match p' v y)
+    (cbor_det_view_match p' _ y)
     (cbor_det_array_match p' a y);
   Trade.trans _ _ (cbor_det_match p x y);
   let res = cbor_det_array_iterator_start a;
@@ -252,7 +264,7 @@ fn cbor_det_get_array_item'
   with p' . assert (cbor_det_view_match p' v y);
   let Array a = v;
   Trade.rewrite_with_trade
-    (cbor_det_view_match p' v y)
+    (cbor_det_view_match p' _ y)
     (cbor_det_array_match p' a y);
   Trade.trans _ _ (cbor_det_match p x y);
   let ores = cbor_det_get_array_item a i;
@@ -295,7 +307,7 @@ fn cbor_det_map_iterator_start'
   with p' . assert (cbor_det_view_match p' v y);
   let Map a = v;
   Trade.rewrite_with_trade
-    (cbor_det_view_match p' v y)
+    (cbor_det_view_match p' _ y)
     (cbor_det_map_match p' a y);
   Trade.trans _ _ (cbor_det_match p x y);
   let res = cbor_det_map_iterator_start a;
@@ -326,13 +338,15 @@ ensures
       unfold (safe_map_get_post m p' vx vk None);
       Trade.elim _ _;
       fold (Base.map_get_post_none cbor_det_match x px vx vk);
-      fold (Base.map_get_post cbor_det_match x px vx vk None)
+      fold (Base.map_get_post cbor_det_match x px vx vk None);
+      rewrite (Base.map_get_post cbor_det_match x px vx vk None) as (Base.map_get_post cbor_det_match x px vx vk res)
     }
     Some x' -> {
       unfold (safe_map_get_post m p' vx vk (Some x'));
       Trade.trans _ _ (cbor_det_match px x vx);
       fold (Base.map_get_post_some cbor_det_match x px vx vk x');
-      fold (Base.map_get_post cbor_det_match x px vx vk (Some x'))
+      fold (Base.map_get_post cbor_det_match x px vx vk (Some x'));
+      rewrite (Base.map_get_post cbor_det_match x px vx vk (Some x')) as (Base.map_get_post cbor_det_match x px vx vk res);
     }
   }
 }
@@ -353,7 +367,7 @@ fn cbor_det_map_get'
   with p' . assert (cbor_det_view_match p' x' vx);
   let Map m = x';
   Trade.rewrite_with_trade
-    (cbor_det_view_match p' x' vx)
+    (cbor_det_view_match p' _ vx)
     (cbor_det_map_match p' m vx);
   Trade.trans _ _ (cbor_det_match px x vx);
   let res = cbor_det_map_get m k;
 
@@ -216,6 +216,8 @@ ensures
       unfold (mk_map_gen_post vmatch1 vmatch2 s va pv vv None);
       S.to_array s;
       fold (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest false);
+      rewrite (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest false)
+        as (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest bres);
     }
     Some vres -> {
       unfold (mk_map_gen_post vmatch1 vmatch2 s va pv vv (Some vres));
@@ -233,6 +235,8 @@ ensures
       Trade.trans_concl_l _ _ _ _;
       rewrite each vres as vdest;
       fold (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest true);
+      rewrite (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest true)
+        as (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest bres);
     }
   }
 }
 
@@ -180,6 +180,7 @@ fn cbor_det_parse_valid
   let res = Parse.cbor_parse input len;
   with v1' . assert (Raw.cbor_match 1.0R res v1');
   Classical.forall_intro_2 (cbor_det_parse_aux v (SZ.v len) v1');
+  rewrite Raw.cbor_match 1.0R res v1' as Raw.cbor_match 1.0R res (SpecRaw.mk_det_raw_cbor (SpecRaw.mk_cbor v1'));
   fold (cbor_det_match 1.0R res (SpecRaw.mk_cbor v1'));
   rewrite each 
     Raw.cbor_match 1.0R res v1'
@@ -430,6 +431,10 @@ fn cbor_det_mk_simple_value (_: unit) : mk_simple_t u#0 #_ cbor_det_match
 {
   let res = Raw.cbor_match_simple_intro v;
   SpecRaw.mk_cbor_eq (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CSimple v)));
+  rewrite Raw.cbor_match 1.0R res (SpecRaw.Simple v) as Raw.cbor_match 1.0R
+      res
+      (SpecRaw.mk_det_raw_cbor (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CSimple
+                v)));
   fold (cbor_det_match 1.0R res (Spec.pack (Spec.CSimple v)));
   res
 }
@@ -443,6 +448,10 @@ fn cbor_det_mk_int64 (_: unit) : mk_int64_t u#0 #_ cbor_det_match
 {
   let res = Raw.cbor_match_int_intro ty (SpecRaw.mk_raw_uint64 v);
   SpecRaw.mk_cbor_eq (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CInt64 ty v)));
+  rewrite Raw.cbor_match 1.0R res (SpecRaw.Int64 ty (SpecRaw.mk_raw_uint64 v)) as Raw.cbor_match 1.0R
+      res
+      (SpecRaw.mk_det_raw_cbor (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CInt64
+                  ty v)));
   fold (cbor_det_match 1.0R res (Spec.pack (Spec.CInt64 ty v)));
   res
 }
@@ -469,11 +478,16 @@ fn cbor_det_mk_string (_: unit) : mk_string_t u#0 #_ cbor_det_match
     (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CString ty v)))
     (SpecRaw.String ty len64 v);
   assert (pure (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CString ty v)) == SpecRaw.String ty len64 v));
+  rewrite Raw.cbor_match 1.0R res r as Raw.cbor_match 1.0R
+      res
+      (SpecRaw.mk_det_raw_cbor (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CString
+                  ty v)));
   fold (cbor_det_match 1.0R res (Spec.pack (Spec.CString ty v)));
   rewrite each
     Raw.cbor_match 1.0R res r
   as
     cbor_det_match 1.0R res (SpecRaw.mk_cbor r);
+  rewrite each (SpecRaw.mk_cbor r) as (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CString ty v));
   res
 }
 
@@ -505,11 +519,18 @@ fn cbor_det_mk_tagged (_: unit) : mk_tagged_t #_ cbor_det_match
     (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CTagged tag v')))
     (SpecRaw.Tagged tag64 w');
   assert (pure (SpecRaw.mk_det_raw_cbor (Spec.pack (Spec.CTagged tag v')) == SpecRaw.Tagged tag64 w'));
+  rewrite Raw.cbor_match 1.0R res (SpecRaw.Tagged tag64 w') as
+    Raw.cbor_match 1.0R
+      res
+      (SpecRaw.mk_det_raw_cbor (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CTagged
+                  tag v')));
   fold (cbor_det_match 1.0R res (Spec.pack (Spec.CTagged tag v')));
   rewrite each
     Raw.cbor_match 1.0R res r
   as
     cbor_det_match 1.0R res (SpecRaw.mk_cbor r);
+  rewrite each (SpecRaw.mk_cbor (SpecRaw.Tagged tag64 w')) as
+    (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CTagged tag v'));
   res
 }
 
@@ -553,6 +574,9 @@ decreases v
     SM.seq_list_match_cons_intro_trade (Seq.head c) (mk_det_raw_cbor (List.Tot.hd v)) (Seq.tail c) (List.Tot.map mk_det_raw_cbor (List.Tot.tl v)) (Raw.cbor_match p);
     Trade.trans _ _ (SM.seq_list_match c v (cbor_det_match p));
     rewrite each Seq.cons (Seq.head c) (Seq.tail c) as c;
+    rewrite each (mk_det_raw_cbor (List.Tot.Base.hd v) ::
+            List.Tot.Base.map mk_det_raw_cbor (List.Tot.Base.tl v))
+      as List.Tot.Base.map mk_det_raw_cbor v;
     ();
   }
 }
@@ -594,12 +618,19 @@ fn cbor_det_mk_array (_: unit) : mk_array_t #_ cbor_det_match
   with r. assert Raw.cbor_match 1.0R res r;
   Trade.trans_concl_r _ _ _ _;
   Spec.unpack_pack (Spec.CArray vv);
+  rewrite Raw.cbor_match 1.0R res r
+  as
+  Raw.cbor_match 1.0R
+      res
+      (SpecRaw.mk_det_raw_cbor (CBOR.Spec.API.Type.pack (CBOR.Spec.API.Type.CArray
+                vv)));
   fold (cbor_det_match 1.0R res (Spec.pack (Spec.CArray vv)));
   rewrite
     each
       Raw.cbor_match 1.0R res r
     as
       cbor_det_match 1.0R res v';
+  rewrite each Ghost.reveal v' as (Spec.pack (Spec.CArray vv));
   res
 }
 
@@ -698,6 +729,11 @@ decreases v
     SM.seq_list_match_cons_intro_trade (Seq.head c) (SpecRaw.mk_det_raw_cbor_map_entry (List.Tot.hd v)) (Seq.tail c) (List.Tot.map SpecRaw.mk_det_raw_cbor_map_entry (List.Tot.tl v)) (Raw.cbor_match_map_entry p);
     Trade.trans _ _ (SM.seq_list_match c v (cbor_det_map_entry_match p));
     rewrite each Seq.cons (Seq.head c) (Seq.tail c) as c;
+    rewrite each (SpecRaw.mk_det_raw_cbor_map_entry (List.Tot.Base.hd v) ::
+            List.Tot.Base.map SpecRaw.mk_det_raw_cbor_map_entry
+              (List.Tot.Base.tl v)) as (
+            List.Tot.Base.map SpecRaw.mk_det_raw_cbor_map_entry
+              (v));
     ();
   }
 }
@@ -723,7 +759,8 @@ fn cbor_det_mk_map_entry
   Trade.rewrite_with_trade
     (Raw.cbor_match_map_entry 1.0R res (SpecRaw.mk_det_raw_cbor vk, SpecRaw.mk_det_raw_cbor vv))
     (cbor_det_map_entry_match 1.0R res (Ghost.reveal vk, Ghost.reveal vv));
-  Trade.trans (cbor_det_map_entry_match 1.0R res (Ghost.reveal vk, Ghost.reveal vv)) _ _;
+  CBOR.Pulse.Raw.Iterator.trade_trans_nounify (cbor_det_map_entry_match 1.0R res (Ghost.reveal vk, Ghost.reveal vv)) _ (Raw.cbor_match_map_entry 1.0R
+          res _) _;
   Trade.trans_concl_l (cbor_det_map_entry_match 1.0R res (Ghost.reveal vk, Ghost.reveal vv)) _ _ _;
   Trade.trans_concl_r (cbor_det_map_entry_match 1.0R res (Ghost.reveal vk, Ghost.reveal vv)) _ _ _;
   res
@@ -853,6 +890,9 @@ decreases v
     SM.seq_list_match_cons_intro_trade (Seq.head c) (mk_cbor_map_entry (List.Tot.hd v)) (Seq.tail c) (List.Tot.map mk_cbor_map_entry (List.Tot.tl v)) (cbor_det_map_entry_match p);
     Trade.trans _ _ (SM.seq_list_match c v (Raw.cbor_match_map_entry p));
     rewrite each Seq.cons (Seq.head c) (Seq.tail c) as c;
+    rewrite each (mk_cbor_map_entry (List.Tot.Base.hd v) ::
+            List.Tot.Base.map mk_cbor_map_entry (List.Tot.Base.tl v)) as (
+            List.Tot.Base.map mk_cbor_map_entry (v));
     ();
   }
 }
@@ -1788,13 +1828,17 @@ ensures
       Trade.elim _ _;
       fold (map_get_post_none cbor_det_match x px vx vk);
       fold (map_get_post cbor_det_match x px vx vk None);
+      rewrite (map_get_post cbor_det_match x px vx vk None)
+        as (map_get_post cbor_det_match x px vx vk res);
       ();
     }
     Some x' -> {
       unfold (cbor_det_map_get_invariant false px x vx vk m p' i (Some x'));
       unfold (cbor_det_map_get_invariant_some px x vx vk m x');
       fold (map_get_post_some cbor_det_match x px vx vk x');
       fold (map_get_post cbor_det_match x px vx vk (Some x'));
+      rewrite (map_get_post cbor_det_match x px vx vk (Some x'))
+       as (map_get_post cbor_det_match x px vx vk res);
     }
   }
 }
@@ -1833,6 +1877,8 @@ fn cbor_det_map_get (_: unit)
     pure (cont == cont')
   {
     with gb gi gres . assert (cbor_det_map_get_invariant gb px x vx vk m p' gi gres);
+    rewrite (cbor_det_map_get_invariant gb px x vx vk m p' gi gres)
+      as   (cbor_det_map_get_invariant gb px x vx vk m p' gi None);
     unfold (cbor_det_map_get_invariant gb px x vx vk m p' gi None);
     unfold (cbor_det_map_get_invariant_none gb px x vx vk m p' gi);
     let entry = cbor_det_map_iterator_next () pi;
@@ -1859,6 +1905,7 @@ fn cbor_det_map_get (_: unit)
       List.Tot.assoc_mem (Ghost.reveal vk) l';
       pcont := false;
       fold (cbor_det_map_get_invariant_none false px x vx vk m p' gi');
+      assert (pts_to pres None);
       fold (cbor_det_map_get_invariant false px x vx vk m p' gi' None);
     } else {
       Trade.elim_hyp_l _ _ (cbor_det_match px x vx);
@@ -1870,6 +1917,7 @@ fn cbor_det_map_get (_: unit)
       let cont = not is_empty;
       pcont := cont;
       fold (cbor_det_map_get_invariant_none cont px x vx vk m p' i');
+      assert (pts_to pres None);
       fold (cbor_det_map_get_invariant cont px x vx vk m p' i' None);
     }
   };
 
@@ -272,7 +272,7 @@ ensures exists* p' .
     let s = cbor_det_get_string () c;
     with p' v' . assert (pts_to s #p' v');
     fold (cbor_det_string_match ty p' s v);
-    fold (cbor_det_view_match p' (String k s) v);
+    rewrite (cbor_det_string_match ty p' s v) as (cbor_det_view_match p' (String k s) v);
     intro
       (Trade.trade
         (cbor_det_view_match p' (String k s) v)
@@ -282,13 +282,14 @@ ensures exists* p' .
       fn _
     {
       unfold (cbor_det_view_match p' (String k s) v);
-      unfold (cbor_det_string_match ty p' s v);
+      with ty . unfold (cbor_det_string_match ty p' s v);
     };
     Trade.trans _ _ (cbor_det_match p c v);
     String k s
   }
   else if (ty = cbor_major_type_array) {
     let res : cbor_det_array = { array = c };
+    rewrite Det.cbor_det_match p c v as Det.cbor_det_match p res.array v;
     fold (cbor_det_array_match p res v);
     fold (cbor_det_view_match p (Array res) v);
     intro
@@ -301,11 +302,13 @@ ensures exists* p' .
     {
       unfold (cbor_det_view_match p (Array res) v);
       unfold (cbor_det_array_match p res v);
+      rewrite Det.cbor_det_match p res.array v as Det.cbor_det_match p c v;
     };
     Array res
   }
   else if (ty = cbor_major_type_map) {
     let res : cbor_det_map = { map = c };
+    rewrite Det.cbor_det_match p c v as Det.cbor_det_match p res.map v;
     fold (cbor_det_map_match p res v);
     fold (cbor_det_view_match p (Map res) v);
     intro
@@ -318,6 +321,7 @@ ensures exists* p' .
     {
       unfold (cbor_det_view_match p (Map res) v);
       unfold (cbor_det_map_match p res v);
+      rewrite Det.cbor_det_match p res.map v as Det.cbor_det_match p c v;
     };
     Map res
   }
@@ -337,6 +341,7 @@ ensures exists* p' .
     {
       unfold (cbor_det_view_match p' (Tagged tag payload) v);
       unfold (cbor_det_tagged_match p' tag payload v);
+      with v_ . rewrite Det.cbor_det_match p' payload v_ as Det.cbor_det_match p' payload v'
     };
     Trade.trans _ _ (cbor_det_match p c v);
     Tagged tag payload
@@ -573,12 +578,14 @@ ensures
       unfold (map_get_post_none cbor_det_match x.map px vx vk);
       Trade.elim _ _;
       fold (safe_map_get_post x px vx vk None);
+      rewrite (safe_map_get_post x px vx vk None) as (safe_map_get_post x px vx vk res)
     }
     Some res' -> {
       unfold (map_get_post cbor_det_match x.map px vx vk (Some res'));
       unfold (map_get_post_some cbor_det_match x.map px vx vk res');
       Trade.trans _ _ (cbor_det_map_match px x vx);
       fold (safe_map_get_post x px vx vk (Some res'));
+      rewrite (safe_map_get_post x px vx vk (Some res')) as (safe_map_get_post x px vx vk res)
     }
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -1154,8 +1154,10 @@ fn mk_map_gen`
`1154`	`1154`	`let bres = mk_map_gen_by_ref a dest;`
`1155`	`1155`	`if bres {`
`1156`	`1156`	`let res = !dest;`
	`1157`	`+ with res' . rewrite mk_map_gen_post vmatch1 vmatch2 a va pv vv res' as mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res);`
`1157`	`1158`	`Some res`
`1158`	`1159`	`} else {`
	`1160`	`+ with res' . rewrite mk_map_gen_post vmatch1 vmatch2 a va pv vv res' as mk_map_gen_post vmatch1 vmatch2 a va pv vv None;`
`1159`	`1161`	`None #t1`
`1160`	`1162`	`}`
`1161`	`1163`	`}`
`@@ -1411,6 +1413,7 @@ fn mk_map_from_ref`
`1411`	`1413`	`PM.seq_list_match_length (vmatch2 pv) va vv;`
`1412`	`1414`	`let _ = mk_map_gen a dest;`
`1413`	`1415`	`let res = !dest;`
	`1416`	`+ with res' . rewrite (mk_map_gen_post vmatch1 vmatch2 a va pv vv res') as (mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res));`
`1414`	`1417`	`unfold (mk_map_gen_post vmatch1 vmatch2 a va pv vv (Some res));`
`1415`	`1418`	`res`
`1416`	`1419`	`}`
`@@ -1514,8 +1517,10 @@ fn map_get_as_option`
`1514`	`1517`	`let bres = m x k dest;`
`1515`	`1518`	`if bres {`
`1516`	`1519`	`let res = !dest;`
	`1520`	`+ with res' . rewrite map_get_post vmatch x px vx vk res' as map_get_post vmatch x px vx vk (Some res);`
`1517`	`1521`	`Some res`
`1518`	`1522`	`} else {`
	`1523`	`+ with res' . rewrite map_get_post vmatch x px vx vk res' as map_get_post vmatch x px vx vk None;`
`1519`	`1524`	`None #t`
`1520`	`1525`	`}`
`1521`	`1526`	`}`
Original file line number	Diff line number	Diff line change
`@@ -216,6 +216,8 @@ ensures`
`216`	`216`	`unfold (mk_map_gen_post vmatch1 vmatch2 s va pv vv None);`
`217`	`217`	`S.to_array s;`
`218`	`218`	`fold (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest false);`
	`219`	`+ rewrite (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest false)`
	`220`	`+ as (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest bres);`
`219`	`221`	`}`
`220`	`222`	`Some vres -> {`
`221`	`223`	`unfold (mk_map_gen_post vmatch1 vmatch2 s va pv vv (Some vres));`
`@@ -233,6 +235,8 @@ ensures`
`233`	`235`	`Trade.trans_concl_l _ _ _ _;`
`234`	`236`	`rewrite each vres as vdest;`
`235`	`237`	`fold (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest true);`
	`238`	`+ rewrite (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest true)`
	`239`	`+ as (mk_map_from_array_safe_post vmatch1 vmatch2 a va pv vv vdest bres);`
`236`	`240`	`}`
`237`	`241`	`}`
`238`	`242`	`}`