From b29812f10e5f076ebf1302af5a3afea288cd37c1 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 29 Nov 2022 10:16:29 -0800 Subject: [PATCH] Import Merkle Tree from HACL* This is based on hacl-star/hacl-star at revision b78faf7e201303f4bea379d69f3769ae57bbeb48 This establishes Merkle Tree as a standalone project that can be built atop EverCrypt/HACL in its own repository. --- .gitignore | 4 + Makefile | 98 + Makefile.include | 33 + README.md | 8 + hints/MerkleTree.EverCrypt.fst.hints | 315 + hints/MerkleTree.EverCrypt.fsti.hints | 73 + hints/MerkleTree.Init.fst.hints | 1 + hints/MerkleTree.Low.Datastructures.fst.hints | 1357 ++ hints/MerkleTree.Low.Hashfunctions.fst.hints | 106 + hints/MerkleTree.Low.Serialization.fst.hints | 2892 ++++ hints/MerkleTree.Low.VectorExtras.fst.hints | 510 + hints/MerkleTree.Low.fst.hints | 12301 ++++++++++++++++ ...MerkleTree.New.High.Correct.Base.fst.hints | 4114 ++++++ ...leTree.New.High.Correct.Flushing.fst.hints | 691 + ...eTree.New.High.Correct.Insertion.fst.hints | 816 + ...MerkleTree.New.High.Correct.Path.fst.hints | 1678 +++ .../MerkleTree.New.High.Correct.Rhs.fst.hints | 1476 ++ hints/MerkleTree.New.High.Correct.fst.hints | 366 + hints/MerkleTree.New.High.fst.hints | 2282 +++ hints/MerkleTree.Spec.fst.hints | 2531 ++++ hints/MerkleTree.fsti.hints | 621 + src/Lib.RawBuffer.fst | 34 + src/Lib.RawBuffer.fsti | 34 + src/Makefile | 2 + src/MerkleTree.EverCrypt.fst | 79 + src/MerkleTree.EverCrypt.fsti | 46 + src/MerkleTree.Init.fst | 3 + src/MerkleTree.Low.Datastructures.fst | 378 + src/MerkleTree.Low.Hashfunctions.fst | 64 + src/MerkleTree.Low.Serialization.fst | 522 + src/MerkleTree.Low.VectorExtras.fst | 220 + src/MerkleTree.Low.fst | 3006 ++++ src/MerkleTree.New.High.Correct.Base.fst | 663 + src/MerkleTree.New.High.Correct.Flushing.fst | 162 + src/MerkleTree.New.High.Correct.Insertion.fst | 193 + src/MerkleTree.New.High.Correct.Path.fst | 405 + src/MerkleTree.New.High.Correct.Rhs.fst | 420 + src/MerkleTree.New.High.Correct.fst | 148 + src/MerkleTree.New.High.fst | 679 + src/MerkleTree.Spec.fst | 516 + src/MerkleTree.fsti | 353 + tests/merkle_tree_test.c | 212 + tests/merkle_tree_test.h | 1 + utils/merkle_tree_prototype.h | 52 + utils/path_verify.c | 296 + utils/path_verify.py | 157 + 46 files changed, 40918 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 Makefile.include create mode 100644 README.md create mode 100644 hints/MerkleTree.EverCrypt.fst.hints create mode 100644 hints/MerkleTree.EverCrypt.fsti.hints create mode 100644 hints/MerkleTree.Init.fst.hints create mode 100644 hints/MerkleTree.Low.Datastructures.fst.hints create mode 100644 hints/MerkleTree.Low.Hashfunctions.fst.hints create mode 100644 hints/MerkleTree.Low.Serialization.fst.hints create mode 100644 hints/MerkleTree.Low.VectorExtras.fst.hints create mode 100644 hints/MerkleTree.Low.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.Base.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.Flushing.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.Insertion.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.Path.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.Rhs.fst.hints create mode 100644 hints/MerkleTree.New.High.Correct.fst.hints create mode 100644 hints/MerkleTree.New.High.fst.hints create mode 100644 hints/MerkleTree.Spec.fst.hints create mode 100644 hints/MerkleTree.fsti.hints create mode 100644 src/Lib.RawBuffer.fst create mode 100644 src/Lib.RawBuffer.fsti create mode 100644 src/Makefile create mode 100644 src/MerkleTree.EverCrypt.fst create mode 100644 src/MerkleTree.EverCrypt.fsti create mode 100644 src/MerkleTree.Init.fst create mode 100644 src/MerkleTree.Low.Datastructures.fst create mode 100644 src/MerkleTree.Low.Hashfunctions.fst create mode 100644 src/MerkleTree.Low.Serialization.fst create mode 100644 src/MerkleTree.Low.VectorExtras.fst create mode 100644 src/MerkleTree.Low.fst create mode 100644 src/MerkleTree.New.High.Correct.Base.fst create mode 100644 src/MerkleTree.New.High.Correct.Flushing.fst create mode 100644 src/MerkleTree.New.High.Correct.Insertion.fst create mode 100644 src/MerkleTree.New.High.Correct.Path.fst create mode 100644 src/MerkleTree.New.High.Correct.Rhs.fst create mode 100644 src/MerkleTree.New.High.Correct.fst create mode 100644 src/MerkleTree.New.High.fst create mode 100644 src/MerkleTree.Spec.fst create mode 100644 src/MerkleTree.fsti create mode 100644 tests/merkle_tree_test.c create mode 100644 tests/merkle_tree_test.h create mode 100644 utils/merkle_tree_prototype.h create mode 100644 utils/path_verify.c create mode 100644 utils/path_verify.py diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c0a52a5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +obj +dist +.depend +*.exe diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..8e3e128 --- /dev/null +++ b/Makefile @@ -0,0 +1,98 @@ +all: test + +# Boilerplate +# ----------- + +include Makefile.include + +FST_FILES=$(wildcard src/*.fst) $(wildcard src/*.fsti) + +ifndef NODEPEND +ifndef MAKE_RESTARTS +.depend: .FORCE + @mkdir -p obj + @$(FSTAR) --dep full $(FST_FILES) > $@ + +.PHONY: .FORCE +.FORCE: +endif +endif + +include .depend + +.PHONY: clean +clean: + rm -rf obj .depend + +# Verification +# ------------ + +hints obj: + mkdir $@ + +%.checked: | hints obj + $(FSTAR) --hint_file hints/$(notdir $*).hints $(notdir $*) && touch -c $@ + +%.krml: + $(FSTAR) --codegen krml \ + --extract_module $(basename $(notdir $(subst .checked,,$<))) \ + $(notdir $(subst .checked,,$<)) + +# Karamel +# ------- + +KRML=$(KRML_HOME)/krml + +# Making sure that the extern symbols generated in MerkleTree_EverCrypt +# correspond to the ones found in libevercrypt.so +VALE_FLAGS= \ + -library 'Vale.Stdcalls.*' \ + -no-prefix 'Vale.Stdcalls.*' \ + -static-header 'Vale.Inline.*' \ + -library 'Vale.Inline.X64.Fadd_inline' \ + -library 'Vale.Inline.X64.Fmul_inline' \ + -library 'Vale.Inline.X64.Fswap_inline' \ + -library 'Vale.Inline.X64.Fsqr_inline' \ + -no-prefix 'Vale.Inline.X64.Fadd_inline' \ + -no-prefix 'Vale.Inline.X64.Fmul_inline' \ + -no-prefix 'Vale.Inline.X64.Fswap_inline' \ + -no-prefix 'Vale.Inline.X64.Fsqr_inline' \ + + +# The usual bug with prims.krml +dist/Makefile.basic: $(filter-out %prims.krml,$(ALL_KRML_FILES)) + $(KRML) $(KOPTS) -library EverCrypt,EverCrypt.* $^ -tmpdir dist -skip-compilation \ + -minimal \ + -add-include '"krml/internal/target.h"' \ + -add-include '"krml/internal/types.h"' \ + -add-include '"krml/lowstar_endianness.h"' \ + -add-include '' \ + -add-include '' \ + -add-include '' \ + -fparentheses \ + -o libmerkletree.a \ + $(VALE_FLAGS) \ + -no-prefix 'MerkleTree' \ + -no-prefix 'MerkleTree.EverCrypt' \ + -bundle 'MerkleTree+MerkleTree.Init+MerkleTree.EverCrypt+MerkleTree.Low+MerkleTree.Low.Serialization+MerkleTree.Low.Hashfunctions=MerkleTree.*[rename=MerkleTree]' \ + -bundle LowStar.* \ + -bundle Prims,C.Failure,C,C.String,C.Loops,Spec.Loops,C.Endianness,FStar.*[rename=Merkle_Krmllib] \ + -bundle 'Meta.*,Hacl.*,Vale.*,Spec.*,Lib.*,EverCrypt,EverCrypt.*[rename=Merkle_EverCrypt]' + +dist/libmerkletree.a: dist/Makefile.basic + $(MAKE) -C dist -f Makefile.basic + +# Tests +# ----- + +.PHONY: test +test: test.exe + ./$< + +CFLAGS+=-Idist -Itests -I$(KRML_HOME)/include -I$(KRML_HOME)/krmllib/dist/minimal + +$(HACL_HOME)/dist/gcc-compatible/libevercrypt.a: + $(error Please run make in $(dir $@)) + +test.exe: tests/merkle_tree_test.c dist/libmerkletree.a $(HACL_HOME)/dist/gcc-compatible/libevercrypt.a + $(CC) $(CFLAGS) -Idist -Itests $^ -o $@ diff --git a/Makefile.include b/Makefile.include new file mode 100644 index 0000000..167070d --- /dev/null +++ b/Makefile.include @@ -0,0 +1,33 @@ +MERKLE_HOME ?= $(realpath .) + +KRML_HOME ?= $(MERKLE_HOME)/../karamel +HACL_HOME ?= $(MERKLE_HOME)/../hacl-star + +include $(HACL_HOME)/Makefile.include + +FSTAR_INCLUDE_PATH= \ + $(MERKLE_HOME)/src \ + $(KRML_HOME)/krmllib \ + $(KRML_HOME)/krmllib/obj \ + $(ALL_HACL_DIRS) + +# In interactive mode, chill out and don't roll over if something isn't cached +# somewhere. +FSTAR_CHILL_FLAGS= \ + $(addprefix --include ,$(FSTAR_INCLUDE_PATH)) \ + --cache_checked_modules \ + --cache_dir $(MERKLE_HOME)/obj \ + --odir $(MERKLE_HOME)/obj \ + --cmi \ + --use_hints \ + --record_hints \ + $(OTHERFLAGS) + +FSTAR_FLAGS=$(FSTAR_CHILL_FLAGS) \ + --already_cached '*,-MerkleTree,-MerkleTree.*,-Lib.RawBuffer' \ + --warn_error @241-274 \ + +FSTAR=$(FSTAR_HOME)/bin/fstar.exe $(FSTAR_FLAGS) + +%.fst-in %.fsti-in: + @echo $(FSTAR_CHILL_FLAGS) diff --git a/README.md b/README.md new file mode 100644 index 0000000..a4d065f --- /dev/null +++ b/README.md @@ -0,0 +1,8 @@ +Merkle Tree +=========== + +This repository contains a fully verified Merkle Tree, with a proof by security +reduction to a collision to the underlying hash function. + +We demonstrate how to build a project on top of EverCrypt by only using the +"public" APIs and a minimal build burden. diff --git a/hints/MerkleTree.EverCrypt.fst.hints b/hints/MerkleTree.EverCrypt.fst.hints new file mode 100644 index 0000000..00a38ed --- /dev/null +++ b/hints/MerkleTree.EverCrypt.fst.hints @@ -0,0 +1,315 @@ +[ + "Ðÿ÷©k\u0007.2:ÛRÞ/¤*", + [ + [ + "MerkleTree.EverCrypt.mt_sha256_compress", + 1, + 0, + 1, + [ + "@MaxIFuel_assumption", "@query", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.S16", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_EverCrypt.Hash.preserves_freeable", + "equation_EverCrypt.Hash.repr_with_counter", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.inline_stack_inv", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_frame", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.live_region", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Monotonic.HyperStack.pop", + "equation_FStar.Monotonic.HyperStack.poppable", + "equation_FStar.Monotonic.HyperStack.popped", + "equation_FStar.Monotonic.HyperStack.remove_elt", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.replace_subseq", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.disjoint", + "equation_LowStar.Monotonic.Buffer.fresh_loc", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.sha256_compress", + "equation_MerkleTree.Spec.sha256_compress", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.extra_state", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.init_t", + "equation_Spec.Hash.Definitions.is_blake", + "equation_Spec.Hash.Definitions.word_length", + "equation_Spec.Hash.Definitions.words_state", + "equation_Spec.Hash.Definitions.words_state_", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "lemma_FStar.HyperStack.ST.lemma_equal_domains_trans", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_non_tip_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomRestrict", + "lemma_FStar.Map.lemma_SelRestrict", "lemma_FStar.Map.lemma_SelUpd2", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_mk_mem__projectors", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_subset", + "lemma_FStar.UInt32.vu_inv", + "lemma_Hacl.Hash.Lemmas.lemma_slice_ijk", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.fresh_frame_loc_not_unused_in_disjoint", + "lemma_LowStar.Monotonic.Buffer.fresh_frame_modifies", + "lemma_LowStar.Monotonic.Buffer.lemma_live_equal_mem_domains", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_loc_not_unused_in", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_addresses_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_remove_fresh_frame", + "lemma_LowStar.Monotonic.Buffer.modifies_remove_new_locs", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Monotonic.Buffer.popped_modifies", + "lemma_LowStar.Monotonic.Buffer.unused_in_loc_unused_in", + "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1322c17051ac796bcc246eda099844d9", + "refinement_interpretation_Tm_refine_147931770776e1c524a63293987f555e", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_438dd39dc41a22e210aea94798e5eb37", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5542011d20872a6178aad9a072f1b686", + "refinement_interpretation_Tm_refine_5cbd49ac88b684625921e39f6eb19e85", + "refinement_interpretation_Tm_refine_64007e4a8c187c3787ce4f8705e9db35", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f57294c296d1d065e6beb1a639e52532", + "refinement_interpretation_Tm_refine_f63e058f9631c11993f3ef0430296051", + "refinement_interpretation_Tm_refine_f759b00d0ea3017d744ed132c2ce48f4", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "true_interp", "typing_EverCrypt.Hash.footprint", + "typing_FStar.Map.contains", "typing_FStar.Map.domain", + "typing_FStar.Map.restrict", "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_rid_ctr", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Monotonic.HyperStack.remove_elt", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.replace_subseq", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.unsigned", "typing_Lib.IntTypes.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.loc_not_unused_in", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mnull", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", "typing_Spec.Agile.Hash.init", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.hash_length", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok", + "typing_tok_Spec.Hash.Definitions.SHA2_256@tok", "unit_inversion", + "unit_typing" + ], + 0, + "6a5ad1c8a200f153db76542a8e65e466" + ], + [ + "MerkleTree.EverCrypt.mt_create", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.EverCrypt.hash", + "equation_MerkleTree.EverCrypt.mt_p", + "equation_MerkleTree.EverCrypt.mt_safe", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_85c99653372c4416db0a8fd15d35a45c", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "6933ffc020ad441ec35f4fe59f6ea9c4" + ], + [ + "MerkleTree.EverCrypt.mt_create", + 2, + 0, + 0, + [ + "@query", "equation_MerkleTree.EverCrypt.mt_lift", + "equation_MerkleTree.EverCrypt.mt_loc", + "equation_MerkleTree.EverCrypt.mt_p", + "equation_MerkleTree.EverCrypt.mt_safe" + ], + 0, + "2f06405fc4f7698f01d791bcb9d75f14" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.EverCrypt.fsti.hints b/hints/MerkleTree.EverCrypt.fsti.hints new file mode 100644 index 0000000..5ba608a --- /dev/null +++ b/hints/MerkleTree.EverCrypt.fsti.hints @@ -0,0 +1,73 @@ +[ + "Á1Á¯OÂòTä–z]iúN", + [ + [ + "MerkleTree.EverCrypt.mt_create", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.EverCrypt.hash", + "equation_MerkleTree.EverCrypt.mt_p", + "equation_MerkleTree.EverCrypt.mt_safe", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_85c99653372c4416db0a8fd15d35a45c", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "567a87dae4f912d822125c304810389e" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Init.fst.hints b/hints/MerkleTree.Init.fst.hints new file mode 100644 index 0000000..8f9458f --- /dev/null +++ b/hints/MerkleTree.Init.fst.hints @@ -0,0 +1 @@ +[ "A’\u0019\u001dBÌùªÛr†«ÇËÒ\u000e", [] ] \ No newline at end of file diff --git a/hints/MerkleTree.Low.Datastructures.fst.hints b/hints/MerkleTree.Low.Datastructures.fst.hints new file mode 100644 index 0000000..d13faf2 --- /dev/null +++ b/hints/MerkleTree.Low.Datastructures.fst.hints @@ -0,0 +1,1357 @@ +[ + "p¾=Ädëp3`곧üV7P", + [ + [ + "MerkleTree.Low.Datastructures.hash_dummy", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Lib.IntTypes.uint8", + "equation_LowStar.Buffer.trivial_preorder", + "function_token_typing_Lib.IntTypes.uint8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.mnull" + ], + 0, + "c2eaa6a194d3e92c3ba4791c58152bc9" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_inv_reg", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok", + "equation_Lib.IntTypes.uint8", "equation_LowStar.Buffer.buffer", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "typing_LowStar.Buffer.trivial_preorder" + ], + 0, + "4a9d9af107cb975aabcd2db4447c457c" + ], + [ + "MerkleTree.Low.Datastructures.hash_repr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "88fa98b39e3919bc183d0c4153317948" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_repr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok", + "equation_Lib.IntTypes.uint8", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "typing_LowStar.Buffer.trivial_preorder" + ], + 0, + "0db6201bf06a46d20790e49b357e642e" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_sep", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_10803977e952633dc09afef196ee20ee" + ], + 0, + "2f083637073f817b2ad4db32b102b2da" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_sep", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "primitive_Prims.op_Equality", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Map.contains", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_MerkleTree.Low.Datastructures.hash_region_of", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "c654eb21cf534c226f384e65ddafb82b" + ], + [ + "MerkleTree.Low.Datastructures.hash_irepr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", "int_inversion", + "lemma_FStar.Seq.Base.lemma_create_len", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_64007e4a8c187c3787ce4f8705e9db35", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.v", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "b7b8776788c5eecc2f9e62c12e14016b" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_alloc", + 1, + 0, + 0, + [ "@query" ], + 0, + "bdcf948aa02a8373e31eac21d362ee06" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_alloc", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.fresh_loc", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_irepr", + "equation_MerkleTree.Low.Datastructures.hash_r_alloc_p", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.Set.lemma_equal_elim", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.live_loc_not_unused_in", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_addresses_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.unused_in_loc_unused_in", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5b03403a8d3fa4c655ec2b3c1e1359f8", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_bc562ec116ca1fbdfe61157777df7cfa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f812e4c8adc728ad9229afa07596fb23", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "true_interp", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.unsigned", + "typing_Lib.IntTypes.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_not_unused_in", + "typing_LowStar.Monotonic.Buffer.loc_unused_in", + "typing_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "0d65c3a079b6f691639b2444bc316f39" + ], + [ + "MerkleTree.Low.Datastructures.hash_r_free", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.mem_subset", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_007c3c80423debe26b11640cdf4d4e1f", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_8c0551b61a036b536158e72eb516544e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.singleton", + "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_MerkleTree.Low.Datastructures.hash_region_of", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "54a17d6334fcbf8dc6792a870affdffa" + ], + [ + "MerkleTree.Low.Datastructures.hreg", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.Low.Datastructures.hash_r_alloc_p", + "refinement_interpretation_Tm_refine_425abd470ae75ea2fff9584e9122c94a", + "true_interp" + ], + 0, + "3bf2fd8bbccdafd09cb7795236f02a5c" + ], + [ + "MerkleTree.Low.Datastructures.hash_copy", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_529fc5d835e99e9966347c4a5e502ac8" + ], + 0, + "53217e5bdc12e60396ce6cec5fd84079" + ], + [ + "MerkleTree.Low.Datastructures.hash_copy", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.disjoint", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.New.High.hash", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_529fc5d835e99e9966347c4a5e502ac8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e8212fc9d858ebf7ca7dfe61cb30d15a", + "refinement_interpretation_Tm_refine_f812e4c8adc728ad9229afa07596fb23", + "true_interp", "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.singleton", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_MerkleTree.Low.Datastructures.hash_region_of", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "76671b40b163cd8c09925ccec7d84c46" + ], + [ + "MerkleTree.Low.Datastructures.hcpy", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Regional.rg_inv", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_state", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_state", + "refinement_interpretation_Tm_refine_425abd470ae75ea2fff9584e9122c94a", + "refinement_interpretation_Tm_refine_529fc5d835e99e9966347c4a5e502ac8", + "refinement_interpretation_Tm_refine_74ea8d30b6a6be04a6721874a9888775", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of" + ], + 0, + "47e20c4535d962834d8aa38e7e85f1ef" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_inv_reg", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.buffer", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hreg", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "proj_equation_LowStar.Vector.Vec_vs", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_MerkleTree.Low.Datastructures.hash" + ], + 0, + "58f83873df314ed635285041f55b4c8e" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_repr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "25fed65b83e125b6523419a1b6871a2b" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_repr", + 1, + 0, + 0, + [ "@query", "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv" ], + 0, + "5a9b9999542782329fbbb5aced608cfb" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_sep", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_1e3ff0372c6da377dab1984f32233065" + ], + 0, + "50ef0004479ad07d5e2e7fbdb4b8f84e" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_sep", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_typing", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hreg", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.singleton", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.RVector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_MerkleTree.Low.Datastructures.hreg" + ], + 0, + "d1fb2a415e367aeed1434cf6088b2fe0" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_irepr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "f565162d0a1eee15f452a2509483e578" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_alloc", + 1, + 1, + 0, + [ "@query" ], + 0, + "0a04e1c1d917b29c92851a67d6cfb92c" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_alloc", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_FStar.Pervasives.Native.None", + "data_typing_intro_FStar.Pervasives.Native.None@tok", + "disc_equation_FStar.Pervasives.Native.None", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_region", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.fresh_loc", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_irepr", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_alloc_p", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.hashes", "equation_Prims.eqtype", + "equation_with_fuel_LowStar.RVector.as_seq_seq.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", "int_inversion", "int_typing", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.Map.lemma_SelUpd2", + "lemma_FStar.Map.lemma_UpdDomain", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.mem_union", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_unused_in", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Monotonic.Buffer.new_region_modifies", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_161e04719814801d293219f408210f95", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f812e4c8adc728ad9229afa07596fb23", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Map.contains", "typing_FStar.Map.domain", + "typing_FStar.Map.upd", "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.empty", "typing_FStar.Set.singleton", + "typing_FStar.Set.union", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg" + ], + 0, + "7a2d1455a2660bb51880a9fd5a4db374" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_r_free", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hreg", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "refinement_interpretation_Tm_refine_326d2c83ca3ea5a5a1e77e4581cf27dc", + "refinement_interpretation_Tm_refine_369f7ad234e2a7d85fc24f5ef92dd8c1", + "refinement_interpretation_Tm_refine_f812e4c8adc728ad9229afa07596fb23" + ], + 0, + "cb0be99e3702b6b7c054f9ac27bfcca6" + ], + [ + "MerkleTree.Low.Datastructures.hvreg", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_425abd470ae75ea2fff9584e9122c94a" + ], + 0, + "5486309e17d0a218e6ced62729b027a2" + ], + [ + "MerkleTree.Low.Datastructures.hash_vec_rv_inv_r_inv", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_cbd783a3f1885e09765cbe0dbdd7a63a", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.rg_inv", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "40ab6a4c097ee5ff6ad93d6cfbfc982e" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_r_inv", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_edf5bc1c4e11070967aa1e8e88f8f9ed" + ], + 0, + "96e178dd8567508b20a71060819f5448" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_r_inv", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "int_inversion", "int_typing", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash" + ], + 0, + "e69ab7c1576b7dbe3081df7fa4894dee" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_disjoint", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_7422a47661876aaa12ed4d75122642c7" + ], + 0, + "a1910063a0390ab27a9504e2425b40e7" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_disjoint", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "LowStar.Regional.Instances_interpretation_Tm_ghost_arrow_e79a3b97235ac88cf4ef318b133a3ada", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "function_token_typing_LowStar.Regional.Instances.vector_region_of", + "int_inversion", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Monotonic.HyperHeap.includes", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hvreg" + ], + 0, + "89ad56751f23c9b2f125ed252ef2becf" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_includes", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_edf5bc1c4e11070967aa1e8e88f8f9ed" + ], + 0, + "74afb18adda3d4e1d173d96c9e4de4b7" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_rv_inv_includes", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "LowStar.Regional.Instances_interpretation_Tm_ghost_arrow_e79a3b97235ac88cf4ef318b133a3ada", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_c55a67b27f4ea444400878ed4572b7c7", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_LowStar.Regional.Instances.vector_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "int_inversion", "int_typing", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.get", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_region_of", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hvreg" + ], + 0, + "4cd5f67ef0ce0c2d12b030ae6da7b992" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_as_seq_get_index", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@query", "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.lt", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "int_typing", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_edf5bc1c4e11070967aa1e8e88f8f9ed", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg" + ], + 0, + "ba376c348cedb895174db705bea6b454" + ], + [ + "MerkleTree.Low.Datastructures.hash_vv_as_seq_get_index", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@query", "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "int_typing", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "typing_FStar.Ghost.hide", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.get", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg" + ], + 0, + "2d85510d48ec301247b11f1eb54212e8" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Low.Hashfunctions.fst.hints b/hints/MerkleTree.Low.Hashfunctions.fst.hints new file mode 100644 index 0000000..75ebea1 --- /dev/null +++ b/hints/MerkleTree.Low.Hashfunctions.fst.hints @@ -0,0 +1,106 @@ +[ + "uC:¡-_ù`:Zì\t2!Ýç", + [ + [ + "MerkleTree.Low.Hashfunctions.init_hash", + 1, + 0, + 0, + [ "@query" ], + 0, + "6cdd2e9fe503526a462f73db65053c3f" + ], + [ + "MerkleTree.Low.Hashfunctions.free_hash", + 1, + 2, + 2, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "lemma_FStar.Ghost.hide_reveal", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "refinement_interpretation_Tm_refine_007c3c80423debe26b11640cdf4d4e1f", + "refinement_interpretation_Tm_refine_843cd6297b28c062237c5d3efaded389", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv" + ], + 0, + "17ed2d971db864136674f129932a58c4" + ], + [ + "MerkleTree.Low.Hashfunctions.hash_fun_t", + 1, + 2, + 2, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "e43e7ce8de0827e7cae09045204879ef" + ], + [ + "MerkleTree.Low.Hashfunctions.hash_fun_t", + 2, + 2, + 2, + [ + "@MaxIFuel_assumption", "@query", "equation_Lib.IntTypes.uint8", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.hash", + "function_token_typing_Lib.IntTypes.uint8", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_30494f3fd2c285e7cecf228074ade467", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_LowStar.Buffer.trivial_preorder" + ], + 0, + "3bfc13c23d00cd1727108549e518a76a" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Low.Serialization.fst.hints b/hints/MerkleTree.Low.Serialization.fst.hints new file mode 100644 index 0000000..b2ebe63 --- /dev/null +++ b/hints/MerkleTree.Low.Serialization.fst.hints @@ -0,0 +1,2892 @@ +[ + "\bø~4‹“\\–p—|F»ÿ_", + [ + [ + "MerkleTree.Low.Serialization.serialize_bool", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint8_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "int_inversion", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_8f35a30b5723496a838bcc2be6799465", + "refinement_interpretation_Tm_refine_cc76c1187479aaadac4ff31d2094b7c4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "true_interp", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "36c74caf84192868ea1f96faa9837494" + ], + [ + "MerkleTree.Low.Serialization.serialize_uint8_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint8_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "int_inversion", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_cc76c1187479aaadac4ff31d2094b7c4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e633d96da2f5ad1e125b09ef53e4c4f2", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "true_interp", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "4d9c43f104abe714fb82336af850b643" + ], + [ + "MerkleTree.Low.Serialization.serialize_uint16_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "c8c883e0e01cbfb3a30de9560031c70a" + ], + [ + "MerkleTree.Low.Serialization.serialize_uint32_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "4ec69e35a8a3532ba5e95c36aee85385" + ], + [ + "MerkleTree.Low.Serialization.serialize_uint64_t", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "5dceff4de46deb5047a11305c1259245" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash_i", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_519c1d4d0666e802c34e2e451d27063b", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_cf65d243580d5162516eff3756abceb2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fca1da8bf23eec7ba880d4dab9bb43f7", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "53841e65c96a272254bdc34f8f729894" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_519c1d4d0666e802c34e2e451d27063b", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_cc76c1187479aaadac4ff31d2094b7c4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "d3e300541655294a0e7199baa1410c27" + ], + [ + "MerkleTree.Low.Serialization.u64_add_fits", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt64.gte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Serialization.uint64_t", + "equation_MerkleTree.Low.uint64_max", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt64.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt.max_int", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.v", + "typing_MerkleTree.Low.uint64_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "889006d241b22b64c33b100c840b3bf4" + ], + [ + "MerkleTree.Low.Serialization.hash_vec_bytes", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Serialization.uint64_t", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_48c1b5b4c02ad49f0760911a9d4b1fb4", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5919d3f91c6fa6342ebeebd05831330c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Int.Cast.uint32_to_uint64", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.uint_to_t", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Serialization.u64_add_fits", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "c0790c8a7b1b719d657e457ea36f66e2" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash_vec_i", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.rv_inv_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_3e7d6d9effbbeae5539c0cb324d2cadb", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_519c1d4d0666e802c34e2e451d27063b", + "refinement_interpretation_Tm_refine_ac09e169622915d2fb30eeed97b3a2b2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hreg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "43fff08f61dfcfbcaa2131652f93534b" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash_vec", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_ac09e169622915d2fb30eeed97b3a2b2", + "refinement_interpretation_Tm_refine_d96c0978ac30e5f0fd109eead55c3101", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.singleton", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_MerkleTree.Low.Datastructures.hreg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e3b67b3ca985b42bae9055d0e107a311" + ], + [ + "MerkleTree.Low.Serialization.hash_vv_bytes_i", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Serialization.hash_vec_bytes", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint64_t", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_5919d3f91c6fa6342ebeebd05831330c", + "refinement_interpretation_Tm_refine_dd6b31fbf6cc990de2d6442415284c3b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Serialization.hash_vec_bytes", + "typing_MerkleTree.Low.Serialization.u64_add_fits", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "a8e1090265be68f988564d8bd8056821" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash_vv_i", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "LowStar.Regional.Instances_interpretation_Tm_ghost_arrow_e79a3b97235ac88cf4ef318b133a3ada", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_c55a67b27f4ea444400878ed4572b7c7", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_LowStar.Regional.Instances.vector_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "int_inversion", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26862678c89ff3fc205c8b94520ae4f0", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_446bf10afa9e2c979cbc68d89c3e36ad", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.singleton", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hvreg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "cf5c1d606f5b36aa14b8240d45404280" + ], + [ + "MerkleTree.Low.Serialization.serialize_hash_vv", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "LowStar.Regional.Instances_interpretation_Tm_ghost_arrow_e79a3b97235ac88cf4ef318b133a3ada", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_dummy", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_LowStar.Regional.Instances.vector_region_of", + "kinding_LowStar.Regional.regional@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_26862678c89ff3fc205c8b94520ae4f0", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.singleton", + "typing_FStar.UInt32.lt", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Regional.Instances.vector_dummy", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hvreg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "9f6f302d045756d25de5eb17269d2ed5" + ], + [ + "MerkleTree.Low.Serialization.deserialize_bool", + 1, + 0, + 0, + [ "@query" ], + 0, + "d7a0bd1fbe6e2df540099eac158cfc0d" + ], + [ + "MerkleTree.Low.Serialization.deserialize_bool", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v" + ], + 0, + "9ac22a7b7161a10dcb80e17fb393ef2b" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint8_t", + 1, + 0, + 0, + [ "@query" ], + 0, + "b8fea0d67e83b711ad0d9e7ada247066" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint8_t", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.UInt32.uv_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v" + ], + 0, + "b0461d7bee2154523145d601c6af828f" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint16_t", + 1, + 0, + 0, + [ "@query" ], + 0, + "42f18ae2b8abfa2533496517f60bd322" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint16_t", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint8_to_uint16", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.unsigned", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt.shift_left_value_lemma", + "lemma_Lib.IntTypes.pow2_4", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_541d06ed6731928026bc39b1981eb00a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Int.Cast.uint8_to_uint16", "typing_FStar.UInt.fits", + "typing_FStar.UInt16.v", "typing_FStar.UInt8.v", + "typing_Lib.IntTypes.bits", "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "dc6e07137b5dc1ab3b2835dfe3d2c631" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint32_t", + 1, + 0, + 0, + [ "@query" ], + 0, + "2b4693e42e1b9854a26b075519ae041b" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint32_t", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U16", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint16_to_uint32", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint16_t", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt.shift_left_value_lemma", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_88c857def71d9b11ced5e5e041edc24e", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Int.Cast.uint16_to_uint32", "typing_FStar.UInt.fits", + "typing_FStar.UInt16.v", "typing_FStar.UInt32.v", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "3aab8d97b7638e96de802de09082632a" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint64_t", + 1, + 0, + 0, + [ "@query" ], + 0, + "20163d7031f7b702ced0f263954f3bc1" + ], + [ + "MerkleTree.Low.Serialization.deserialize_uint64_t", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.BitVector.bv_t", + "equation_FStar.BitVector.zero_vec", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt.shift_left_value_lemma", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e2d5d62a90ceed8a6faf9d20615f4e1e", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.BitVector.zero_vec", + "typing_FStar.Int.Cast.uint32_to_uint64", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.v", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "fe7153faa60d9a892be680a710ff6b5c" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash", + 1, + 0, + 0, + [ "@query" ], + 0, + "ff5bc3d68e9dd2e5641ce53e76dc351a" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.disjoint", + "equation_LowStar.Monotonic.Buffer.fresh_loc", + "equation_LowStar.Regional.rg_dummy", + "equation_LowStar.Regional.rg_inv", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.New.High.hash", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.live_loc_not_unused_in", + "lemma_LowStar.Monotonic.Buffer.loc_buffer_null", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_addresses_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_r", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_remove_new_locs", + "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_dummy", + "proj_equation_LowStar.Regional.Rgl_loc_of", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_LowStar.Regional.Rgl_dummy", + "projection_inverse_LowStar.Regional.Rgl_loc_of", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0585ee3c240775258e9efb20961f9395", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Monotonic.Buffer.loc_buffer", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__loc_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.cast", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Regional.__proj__Rgl__item__irepr", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hreg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "30ce67b76e566f9fe2fb628d002a71f7" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vec_i", + 1, + 0, + 0, + [ "@query" ], + 0, + "e0ed492eefc848558cc3a123277bd261" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vec_i", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@query", "Prims_pretyping_f537159ed795b314b4e58c260361ae86", + "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3e7d6d9effbbeae5539c0cb324d2cadb", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a43b4918a11b234508ae97d267788230", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_c11ee48277084f734442582a62372ec4", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.domain", "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "6e3a1b7968c9d1fd98b08c4cceffe89f" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vec", + 1, + 0, + 0, + [ "@query" ], + 0, + "53aed50562ffc3ca9cc79e85b7f607a7" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vec", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_r", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_remove_new_locs", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_a43b4918a11b234508ae97d267788230", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.domain", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.UInt32.gt", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.loc_vector", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "feb857cbb1da4f2786c28157b27c360f" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vv_i", + 1, + 0, + 0, + [ "@query" ], + 0, + "c87e82d9d69fdf805d67f59aa0bf20ec" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vv_i", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@query", "Prims_pretyping_f537159ed795b314b4e58c260361ae86", + "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_heap_color", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_446bf10afa9e2c979cbc68d89c3e36ad", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_80922429ffacb2b807b93c3173eb2f07", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9fc79620c5f19b63ca4421ee1b3e7489", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d1ad46dabfb91f0d027c88b59cc5fd9b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.hide", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.color", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Monotonic.HyperStack.is_heap_color", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "2ddb6e79f9c1f3d421d2642640d134b1" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vv", + 1, + 0, + 0, + [ "@query" ], + 0, + "2d646b631cfafadca6d9c0cc5e95d2b9" + ], + [ + "MerkleTree.Low.Serialization.deserialize_hash_vv", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.loc_buffer", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.fresh_loc", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_loc_not_unused_in", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_addresses_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_r", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_remove_new_locs", + "lemma_LowStar.Monotonic.Buffer.unused_in_not_unused_in_disjoint_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_80922429ffacb2b807b93c3173eb2f07", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.hide", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.gt", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.loc_buffer", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.alloc_empty", + "typing_LowStar.Vector.loc_vector", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "764c7274e203809f308a5fe098eba369" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize_size", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "db5c29f9e73a32f0e9f32571b7817b32" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize_size", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.W64@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Serialization.hash_vec_bytes", + "equation_MerkleTree.Low.Serialization.u64_add_fits", + "equation_MerkleTree.Low.Serialization.uint64_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.uint32_max", + "equation_MerkleTree.Low.uint64_max", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_2ac8bed7a6398f84bccb91bd4fed7136", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_48c1b5b4c02ad49f0760911a9d4b1fb4", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5919d3f91c6fa6342ebeebd05831330c", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_bc552b2c624e2add758b3ac761c0c563", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e07051c88e3784a2480ae13a521fed4d", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Ghost.hide", "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.add", "typing_FStar.UInt64.mul", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.uint_to_t", + "typing_FStar.UInt64.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.q_preorder", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.ConstBuffer.qbuf_qual", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Serialization.hash_vec_bytes", + "typing_MerkleTree.Low.Serialization.u64_add_fits", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.uint64_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "7beed1e9c0b7f26efc552bf452316eed" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "2e1b5b472ea14771837e3f88a8897b77" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint8_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint64_to_uint32", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.byte_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.Serialization.uint64_t", + "equation_MerkleTree.Low.Serialization.uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_loc", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a2cc6d46f3d2c5d64a91203b6155bab3", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.q_preorder", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.ConstBuffer.qbuf_qual", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "38cfb11b240dda91a287066e6ab0bf01" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer_or_null", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.byte_t", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_cd18e9962a0d204005dcfcda04529ffc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "5e25ff109bcc381e3f4cd9f332affa35" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "equality_tok_FStar.Integers.W8@tok", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", + "function_token_typing_FStar.Integers.uint_8", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_075ca230542fbab87b93377fae66fe5c", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", "typing_FStar.UInt32.v", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.len" + ], + 0, + "911ad9f3cd552055af8e69f8224e7219" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Prims_pretyping_f537159ed795b314b4e58c260361ae86", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.None@tok", + "disc_equation_FStar.Pervasives.Native.None", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_region", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer_or_null", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.merkle_tree_conditions", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.hide_reveal", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomUpd1", "lemma_FStar.Map.lemma_SelUpd2", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.new_region_modifies", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_075ca230542fbab87b93377fae66fe5c", + "refinement_interpretation_Tm_refine_161e04719814801d293219f408210f95", + "refinement_interpretation_Tm_refine_30494f3fd2c285e7cecf228074ade467", + "refinement_interpretation_Tm_refine_33818f36d361a5f8bc0487fdff0c49fc", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_799df84338c1e83b596e1d04d8c7433c", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aac145f146e34cea91c3fd512c5b7261", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_cd18e9962a0d204005dcfcda04529ffc", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Map.contains", "typing_FStar.Map.domain", + "typing_FStar.Map.upd", "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.length", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "a7d4beba155e0c7d6c5ebf6ac0f9e782" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize_path", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.path@tok", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "typing_FStar.UInt32.t", "typing_LowStar.ConstBuffer.cast" + ], + 0, + "d7448cbd585d6d426aaef5644d6fe9e7" + ], + [ + "MerkleTree.Low.Serialization.mt_serialize_path", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.path_safe", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Negation", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.frameOf" + ], + 0, + "18945cd6bbbc70e0066a5219daee29a8" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize_path", + 1, + 2, + 1, + [ "@query" ], + 0, + "235408b0db9962c38ca977426d113812" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize_path", + 2, + 2, + 1, + [ "@query" ], + 0, + "1d7adcdde5e85d11fd940ce5b0c13bad" + ], + [ + "MerkleTree.Low.Serialization.mt_deserialize_path", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_FStar.Pervasives.Native.None@tok", + "disc_equation_FStar.Pervasives.Native.None", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", "equation_FStar.Integers.int_t", + "equation_FStar.Integers.uint_8", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_region", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.byte_t", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.pub_int_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer_or_null", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.live", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint32_t", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Integers.uint_8", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.byte_t", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomUpd1", "lemma_FStar.Map.lemma_SelUpd2", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Monotonic.Buffer.new_region_modifies", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_075ca230542fbab87b93377fae66fe5c", + "refinement_interpretation_Tm_refine_0bf64d9ba30241c6c2ada0c32b378b8c", + "refinement_interpretation_Tm_refine_161e04719814801d293219f408210f95", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aac145f146e34cea91c3fd512c5b7261", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_cd18e9962a0d204005dcfcda04529ffc", + "refinement_interpretation_Tm_refine_d3f2784247189a47e567161c4f476e6f", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0d5e04f216959384aefe0340640a2b19" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Low.VectorExtras.fst.hints b/hints/MerkleTree.Low.VectorExtras.fst.hints new file mode 100644 index 0000000..5f2453b --- /dev/null +++ b/hints/MerkleTree.Low.VectorExtras.fst.hints @@ -0,0 +1,510 @@ +[ + "Á@‹‚1)Ø”óç²°\u007f\b™²", + [ + [ + "MerkleTree.Low.VectorExtras.move_left", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.live_region", + "equation_FStar.Seq.Properties.cons", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", "equation_Prims.nat", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "int_inversion", "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_Hacl.Hash.Lemmas.lemma_slice_ijk", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "refinement_interpretation_Tm_refine_162c8b43d6c2dbc3017791d986dde750", + "refinement_interpretation_Tm_refine_22ea23156c96d1f95a36c1bf3ce83086", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_35df10cd1ace067f48aa7c60a3c8908e", + "refinement_interpretation_Tm_refine_4dc7ca08a7c220bf0bd3201470a78510", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6821f7f5df0d6d508418864506fe2cff", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_91e73391b85f4d08faee201335579e8f", + "refinement_interpretation_Tm_refine_93e0fac69114331fd162ac2e8da2223c", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e76a622bd15aa422686bd6352332d7cc", + "refinement_interpretation_Tm_refine_e99858f6530b2a363562ffe6b95e1f41", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "true_interp", "typing_FStar.Monotonic.HyperStack.live_region", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.slice", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer" + ], + 0, + "45173cfdc0a59706dc5570347bbad701" + ], + [ + "MerkleTree.Low.VectorExtras.shrink", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lte", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_de53286ac6ea7bcb1ee55a5646706534", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of" + ], + 0, + "e581e2189fd024d6e8c7fe1d76ee5f72" + ], + [ + "MerkleTree.Low.VectorExtras.shrink", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_FStar.Set.lemma_equal_refl", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Vector.Vec_sz", + "projection_inverse_LowStar.Vector.Vec_vs", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_de53286ac6ea7bcb1ee55a5646706534", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.domain", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.size_of" + ], + 0, + "45b5cd91d019ca52eeae2d34843da05f" + ], + [ + "MerkleTree.Low.VectorExtras.flush_inplace", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of" + ], + 0, + "4d971d13250f3e0480413f890048c1b0" + ], + [ + "MerkleTree.Low.VectorExtras.flush_inplace", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "equality_tok_FStar.Integers.W32@tok", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.lemma_live_equal_mem_domains", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_06a3dd4e4f3249107da2d0b06d97a202", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_be8c4716738c2a6b0c1ee477c48f8fea", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de53286ac6ea7bcb1ee55a5646706534", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.domain", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.size_of" + ], + 0, + "ee5edc37092b2457331262c0955118dc" + ], + [ + "MerkleTree.Low.VectorExtras.rv_flush_inplace", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Regional.regional", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9cc2b349cdd7d1d478708dc21464f596", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of" + ], + 0, + "55e8026c2275f667f7057230faa0d03c" + ], + [ + "MerkleTree.Low.VectorExtras.rv_flush_inplace", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.RVector.rs_loc_elems.fuel_instrumented", + "@query", "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_all_exts_from", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Regional.regional", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_complement", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_disEquality", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0b0f9776f8fbf33608e064dfe5c8ab0a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_11497e38c5d8e72f702b88e94e7dec14", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_1ffcdb8322b4b43633596ecc5d3b4123", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3aeabc37e86f7b566e1052127e0672d1", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_48c369ef9189ad76f46548f23cb76cdf", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9cc2b349cdd7d1d478708dc21464f596", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e39578da040f6c7003161732bc9d6b85", + "refinement_interpretation_Tm_refine_e7d1c8d8cd03a2e78447c400f48890d3", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fa35e0feeb188fbc071035c9b4fa011e", + "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Set.complement", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.RVector.loc_all_exts_from", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.RVector.rs_loc_elems", + "typing_LowStar.RVector.rv_loc_elems", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of" + ], + 0, + "59dd86b60075481ed317775d0654c07c" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Low.fst.hints b/hints/MerkleTree.Low.fst.hints new file mode 100644 index 0000000..82a4459 --- /dev/null +++ b/hints/MerkleTree.Low.fst.hints @@ -0,0 +1,12301 @@ +[ + "³•æ‘´\u001e­þ: jà\u0007+}", + [ + [ + "MerkleTree.Low.offsets_connect", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_EverCrypt.Helpers.uint64_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt64.gte", + "equation_MerkleTree.Low.offset_t", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt64.v" + ], + 0, + "f69a88a788a755babaff5e83a9acd5e7" + ], + [ + "MerkleTree.Low.split_offset", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint64_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.sub_mod", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_30f256051b29077fe0465c5025af3560", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt64.gte", "typing_FStar.UInt64.sub", + "typing_FStar.UInt64.v", "typing_MerkleTree.Low.offset_range_limit", + "typing_MerkleTree.Low.offsets_connect", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "a62b6a500612079bfa151c0cd7b3c285" + ], + [ + "MerkleTree.Low.add64_fits", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint64_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.uint64_max", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt64.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt64.v", "typing_Lib.IntTypes.v", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "eba08332ae30e5f059872c6464f9a063" + ], + [ + "MerkleTree.Low.join_offset", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.add64_fits", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.uint32_max", + "equation_MerkleTree.Low.uint64_max", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt64.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5e84a04c4c061530c6b5af5a230dc58d", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Int.Cast.uint32_to_uint64", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.sub", + "typing_FStar.UInt64.v", "typing_MerkleTree.Low.add64_fits", + "typing_MerkleTree.Low.offsets_connect", + "typing_MerkleTree.Low.uint64_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "ad644aa73fb5b47c7a70dda6b991bfe2" + ], + [ + "MerkleTree.Low.merkle_tree", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.gt", + "equation_FStar.UInt32.gt", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_GreaterThan", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull" + ], + 0, + "7f38444f3e5ba0bb260cd6b99b6e9bb9" + ], + [ + "MerkleTree.Low.__proj__MT__item__hash_spec", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "a1822e669c50bd1f03f1ed1db0b26cff" + ], + [ + "MerkleTree.Low.__proj__MT__item__hash_spec", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.Low.merkle_tree", + "function_token_typing_Spec.AES.elem", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "2757d7ecf90215eabbb523d4e5de43c5" + ], + [ + "MerkleTree.Low.mt_not_full", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.mt_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "81b1fa7eaddd0df4a6046bafe08cbe72" + ], + [ + "MerkleTree.Low.offset_of", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.op_Slash", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", "equation_Prims.abs", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_785c4715e6841dc78147a1cec1934162", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.v", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "db772d6b1e440c2badf4211320b8e306" + ], + [ + "MerkleTree.Low.mt_safe_elts", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_3786295f454350c666648bd63753aec1_2", + "binder_x_7cfa99e83d3eb52ccdfdacadfc7ae2e9_5", + "binder_x_ba79a150dec8bb551dfe212e44f985b4_4", + "binder_x_ecdbf09acbd799a8fbf86eb19abe4c52_3", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_43a548e64416a4e4edf09ee7ec316f7e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_864506da0c89cf2b70ca65f787703a59", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_d86030f11b3347566af91b6bf299b5b4", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", "well-founded-ordering-on-nat" + ], + 0, + "4a1e7010649f3abae31d78fa595eb15b" + ], + [ + "MerkleTree.Low.mt_safe_elts_constr", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "81d237b6406556224bcea23affec0ea0" + ], + [ + "MerkleTree.Low.mt_safe_elts_constr", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@query", "bool_inversion", "eq2-interp", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "int_inversion", "l_and-interp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "true_interp", "typing_FStar.UInt32.gte", "typing_FStar.UInt32.v" + ], + 0, + "6ec575febfe9762b673c0aa1a1bf76a2" + ], + [ + "MerkleTree.Low.mt_safe_elts_head", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "3a4b5067a86a6f6f8fd813217a44d83f" + ], + [ + "MerkleTree.Low.mt_safe_elts_head", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@query", "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "int_inversion", "l_and-interp", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0a8163696c3ee85e1b07e5a92257c43f" + ], + [ + "MerkleTree.Low.mt_safe_elts_rec", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "equality_tok_FStar.Integers.W32@tok", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_430a5074f3a28dcbdb8a5c1f8b050b57", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "663ddaa9ec825073613a6c2edd4d9d1e" + ], + [ + "MerkleTree.Low.mt_safe_elts_rec", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@query", "bool_inversion", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "int_inversion", "l_and-interp", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.v" + ], + 0, + "3fd1abae18a17bdd75027e76fcedaa27" + ], + [ + "MerkleTree.Low.mt_safe_elts_init", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.lte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.UInt32.lte", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "d951e2fd24878451a808d33ea1001ebf" + ], + [ + "MerkleTree.Low.mt_safe_elts_init", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.lte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0d91460a7d9828efa0e8ba7244c2c7e0", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.UInt32.lte", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "de78b78a723935b59e14675a4123ddd2" + ], + [ + "MerkleTree.Low.mt_safe_elts_init", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_3786295f454350c666648bd63753aec1_2", + "binder_x_ecdbf09acbd799a8fbf86eb19abe4c52_3", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_1", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", "eq2-interp", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_4a088f1e5d476aa5be20eaeaf7a4b287", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_43a548e64416a4e4edf09ee7ec316f7e", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d86030f11b3347566af91b6bf299b5b4", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.offset_of", "well-founded-ordering-on-nat" + ], + 0, + "c7ade3352e8432ae95bb3a74bc2b4155" + ], + [ + "MerkleTree.Low.mt_safe_elts_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.lte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.UInt32.lte", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "27d5a7fcf304c48e01155624681b50b6" + ], + [ + "MerkleTree.Low.mt_safe_elts_preserved", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.lte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.UInt32.lte", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "4f7e5d54554a92447743ecae8a5e1e69" + ], + [ + "MerkleTree.Low.mt_safe_elts_preserved", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_3786295f454350c666648bd63753aec1_1", + "binder_x_382030296bf6303a17937d3ebc85064c_4", + "binder_x_8358b93aec0670665ebb4c0f52fc04b7_5", + "binder_x_ba79a150dec8bb551dfe212e44f985b4_3", + "binder_x_ecdbf09acbd799a8fbf86eb19abe4c52_2", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_6", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_7", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.eq2", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_with_fuel_LowStar.Vector.loc_vector_within.fuel_instrumented", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "l_and-interp", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3378f2c95c3b14c9f9aa271e3f094c40", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_43a548e64416a4e4edf09ee7ec316f7e", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9027dde35cbb0c38f8a9c2471c61e8d5", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "well-founded-ordering-on-nat" + ], + 0, + "1fa3654509059f60e216abe96f8155c7" + ], + [ + "MerkleTree.Low.mt_safe", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.mt_p", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "338cad155aa9f532943873f878303ce9" + ], + [ + "MerkleTree.Low.mt_safe_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.mt_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "0ea87bf48c2a9c7d0d7534e86f096f6a" + ], + [ + "MerkleTree.Low.mt_safe_preserved", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Spec.AES.elem", "int_inversion", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e21ba806fbd4dc6cabc1ae68cfb58635" + ], + [ + "MerkleTree.Low.mt_safe_elts_spec", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "int_inversion", "int_typing", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_80b8d74919842cb0d70798daddff9b01", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash" + ], + 0, + "8889cae6eb92596f6cb2ca09f18ead10" + ], + [ + "MerkleTree.Low.mt_safe_elts_spec", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_0249353858000f4027ba512057c62ed3", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_80b8d74919842cb0d70798daddff9b01", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash" + ], + 0, + "5e61c80ffe8442a67a58d4cea19fe206" + ], + [ + "MerkleTree.Low.mt_safe_elts_spec", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_3786295f454350c666648bd63753aec1_2", + "binder_x_7cfa99e83d3eb52ccdfdacadfc7ae2e9_5", + "binder_x_ba79a150dec8bb551dfe212e44f985b4_4", + "binder_x_ecdbf09acbd799a8fbf86eb19abe4c52_3", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_1", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", "eq2-interp", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_43a548e64416a4e4edf09ee7ec316f7e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_864506da0c89cf2b70ca65f787703a59", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d86030f11b3347566af91b6bf299b5b4", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.New.High.offset_of", + "well-founded-ordering-on-nat" + ], + 0, + "d7e23e97b6d86a2df96ce8bdbe191472" + ], + [ + "MerkleTree.Low.merkle_tree_lift", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lte", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_28f41f94d951d2d490221c9dd8d02f61", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "9c5b0c4126c73d5ef14445ca2f694466" + ], + [ + "MerkleTree.Low.merkle_tree_lift", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hreg", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.length", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__rhs", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "70d2b5ee8cd68d6116a4d60b7a639c92" + ], + [ + "MerkleTree.Low.merkle_tree_lift", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.Low.merkle_tree", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Spec.AES.elem", "int_typing", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_28f41f94d951d2d490221c9dd8d02f61", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5e76f6a542e425345488e324376279dc", + "refinement_interpretation_Tm_refine_ab3d05da6318e7c13f8ef497ed2aa11d", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "35bd3e5b0ebdf47b8df2d8cea489879a" + ], + [ + "MerkleTree.Low.mt_lift", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.U8@tok", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.__proj__MT__item__mroot" + ], + 0, + "cd1503277a24f230921008491bceb26c" + ], + [ + "MerkleTree.Low.mt_lift", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "typing_LowStar.Buffer.trivial_preorder" + ], + 0, + "40d2d5bc5c48fbb9e0e7f10ebb3a1ddd" + ], + [ + "MerkleTree.Low.mt_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.U8@tok", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_39a75127e8dec3618c89f5e922538f08", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.__proj__MT__item__mroot" + ], + 0, + "6ee1ee07654df2fb6768971ec8a9ce50" + ], + [ + "MerkleTree.Low.mt_preserved", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.RVector.rv_inv_preserved", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "c2fcb9a849bbdb6fb847897686971bce" + ], + [ + "MerkleTree.Low.create_empty_mt", + 1, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_Prims.eqtype", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "031bd2ccb3fe88a19fd98fa5de72d7a3" + ], + [ + "MerkleTree.Low.create_empty_mt", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "fcf44658e3ebf0fc363e9e2850a99077" + ], + [ + "MerkleTree.Low.create_empty_mt", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Pervasives.Native.None", + "data_elim_LowStar.Vector.Vec", + "data_typing_intro_FStar.Pervasives.Native.None@tok", + "disc_equation_FStar.Pervasives.Native.None", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_region", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.live_region", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_FStar.UInt64.gte", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_irepr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_irepr", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_alloc_p", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.add64_fits", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_not_full", + "equation_MerkleTree.Low.mt_not_full_nst", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.Low.uint64_max", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.hash_init", + "equation_MerkleTree.New.High.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_a7699c181ce0c81068b3a2119d169dc0", + "interpretation_Tm_abs_c50b7be9e6fd29ab733f1ed43c78dc41", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomUpd1", "lemma_FStar.Map.lemma_SelUpd2", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Monotonic.Buffer.new_region_modifies", + "lemma_LowStar.RVector.as_seq_preserved", + "lemma_LowStar.RVector.rv_inv_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_irepr", + "proj_equation_LowStar.Regional.Rgl_r_alloc_p", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_cap", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.MT_rhs_ok", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_LowStar.Regional.Rgl_irepr", + "projection_inverse_LowStar.Regional.Rgl_r_alloc_p", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_MerkleTree.Low.MT_hash_spec", + "projection_inverse_MerkleTree.Low.MT_hs", + "projection_inverse_MerkleTree.Low.MT_i", + "projection_inverse_MerkleTree.Low.MT_j", + "projection_inverse_MerkleTree.Low.MT_mroot", + "projection_inverse_MerkleTree.Low.MT_offset", + "projection_inverse_MerkleTree.Low.MT_rhs", + "projection_inverse_MerkleTree.Low.MT_rhs_ok", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_161e04719814801d293219f408210f95", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_33818f36d361a5f8bc0487fdff0c49fc", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9da57778dd25e78639bdb09f02ea27a4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bb057522f06b19b94fc366689b4d9e02", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_alloc_p", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_alloc_p", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Map.contains", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Monotonic.HyperStack.live_region", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.sub", + "typing_FStar.UInt64.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Regional.__proj__Rgl__item__irepr", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_irepr", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_loc", "typing_MerkleTree.Low.mt_not_full", + "typing_MerkleTree.Low.uint32_32_max", + "typing_MerkleTree.Low.uint64_max" + ], + 0, + "067a6602df8ed76748e2f4d27192057b" + ], + [ + "MerkleTree.Low.mt_free", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.gte", + "equation_FStar.UInt32.gte", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_loc", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.frameOf_gsub", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_gsub", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1bf2de38ebce0f06df533c5a16fe8f7f", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_2b6fc12469be4ec93db00d42035fe1e6", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4a7fbc8c68fc17733d53af9a051a725b", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_afff6deb505de3023b13a1dc84a09e16", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_ce21d3346a0c5905f02b271077a3e300", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "true_interp", "typing_FStar.Ghost.hide", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.index", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc" + ], + 0, + "c784c76b4882fbe4a23b31f4edc5e4ad" + ], + [ + "MerkleTree.Low.as_seq_sub_upd", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Regional.regional", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.v", + "typing_LowStar.Vector.size_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "54a651dff6cfd374eda2d3785e6998c5" + ], + [ + "MerkleTree.Low.as_seq_sub_upd", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@query", "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Integers.int_t", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Regional.regional", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.UInt32.vu_inv", "lemma_Hacl.Hash.Lemmas.lemma_slice", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_0f7fb4d4962a6fb46c704af3cc17882b", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_7d327a2011674612376090a836f17836", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_af381e2455b15f0adf83fe95739e738e", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Base.upd", + "typing_FStar.Seq.Properties.cons", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "6d8307c7a7998feaca97aabdb3d5cf39" + ], + [ + "MerkleTree.Low.hash_vv_insert_copy", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.size_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.freeable", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.uint32_32_max", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.size_t", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9024b5c5ad38a108448c0f328d67950f", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_c2c194dfd09222ec414dbe6c498eb79b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.hide", "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt.max_int", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.Low.uint32_32_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "888bf3a9060e8582ce6ef44d767c03ae" + ], + [ + "MerkleTree.Low.hash_vv_insert_copy", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "77456303099787a6893499c64b3474df" + ], + [ + "MerkleTree.Low.hash_vv_insert_copy", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_c55a67b27f4ea444400878ed4572b7c7", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", "eq2-interp", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.Set.subset", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rs_loc_elem", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.is_full", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.max_uint32", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess_insert", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_18d2dd6c3427a161ac4d1dbab334ec57", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "interpretation_Tm_abs_b6a78f68f402269845a00408e9b23d46", + "interpretation_Tm_abs_c87aa5965b477cef27de7ff43995cd8f", + "interpretation_Tm_abs_d80d426c106e7d2d632417c193cbb574", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_seq_index", + "lemma_LowStar.RVector.as_seq_sub_as_seq", + "lemma_LowStar.Vector.modifies_as_seq", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", "primitive_Prims.op_disEquality", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0027836e41be9f6799a3ed506cd07159", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0b0f9776f8fbf33608e064dfe5c8ab0a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_347600ec1a30c5f2a581ebc2397361c4", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9024b5c5ad38a108448c0f328d67950f", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_c2c194dfd09222ec414dbe6c498eb79b", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e39578da040f6c7003161732bc9d6b85", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.upd", "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.snoc", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.RVector.rs_loc_elems", + "typing_LowStar.RVector.rv_loc_elems", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.is_full", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.Low.uint32_32_max" + ], + 0, + "ef64351a6ea99712fbeace8b109802a5" + ], + [ + "MerkleTree.Low.insert_index_helper_even", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.op_Slash", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.abs", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ef8661f9f68b1e8b6cc402dd1a59c0a8", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "306b5cb7a17dcccd49269b3fdf95704d" + ], + [ + "MerkleTree.Low.insert_index_helper_even", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "bae824f36c9fda0724cbfb271d26a476" + ], + [ + "MerkleTree.Low.insert_index_helper_even", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ef8661f9f68b1e8b6cc402dd1a59c0a8", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "16713f2d7092da328e1716ef4dbb775b" + ], + [ + "MerkleTree.Low.insert_index_helper_odd", + 1, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.op_Slash", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.uint32_32_max", "equation_Prims.abs", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0722e9115d2a1be8d90527397d01011c", + "refinement_interpretation_Tm_refine_0766302b68bb44ab7aff8c4d8be0b46f", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5f5aec8f53661a439c804b22b3d7b291", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f313a61b59f9139d3fb959df1e2ccea4", + "typing_FStar.Int.op_Slash", "typing_FStar.UInt.fits", + "typing_FStar.UInt.max_int", "typing_FStar.UInt.mod", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.Low.uint32_32_max", "typing_Prims.abs", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "921f02b4cc56d7d679c9d209cfc1aa21" + ], + [ + "MerkleTree.Low.insert_index_helper_odd", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "b395f6ee10593cffec7d121fb0884d9d" + ], + [ + "MerkleTree.Low.insert_index_helper_odd", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.uint32_32_max", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5f5aec8f53661a439c804b22b3d7b291", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.Low.uint32_32_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "1d712ec287baf29df1a084caffee5c65" + ], + [ + "MerkleTree.Low.loc_union_assoc_4", + 1, + 0, + 0, + [ "@query", "lemma_LowStar.Monotonic.Buffer.loc_union_comm" ], + 0, + "61519b488aad7aa1647bf1ddad73c905" + ], + [ + "MerkleTree.Low.insert_modifies_rec_helper", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_Prims.nat", "int_inversion", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Vector.Vec_sz", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "7596dbd1bc08eceb10a44616644d5a9b" + ], + [ + "MerkleTree.Low.insert_modifies_rec_helper", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_with_fuel_LowStar.Vector.loc_vector_within.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.loc_union_idem", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_l", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_r", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "ab82b8f21d300c37495bed41a161216b" + ], + [ + "MerkleTree.Low.insert_modifies_union_loc_weakening", + 1, + 0, + 0, + [ + "@query", "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "typing_LowStar.Monotonic.Buffer.loc_union" + ], + 0, + "32449045806259c38d9a0ab77e401eb9" + ], + [ + "MerkleTree.Low.insert_snoc_last_helper", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.snoc", "equation_Prims.nat", + "int_inversion", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length" + ], + 0, + "9a95dafe5c3497edc629ad33deb737a3" + ], + [ + "MerkleTree.Low.insert_snoc_last_helper", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.snoc", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_index_app1", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.create" + ], + 0, + "b0028b424fe29261bfcb177b60777119" + ], + [ + "MerkleTree.Low.rv_inv_rv_elems_reg", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lte", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_Prims.nat", + "fuel_guarded_inversion_LowStar.Regional.regional", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "int_typing", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_disEquality", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "refinement_interpretation_Tm_refine_0b0f9776f8fbf33608e064dfe5c8ab0a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of" + ], + 0, + "fda51064eb1d219e03fc58d39ed0f207" + ], + [ + "MerkleTree.Low.insert_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.size_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.uint32_32_max", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.size_t", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9024b5c5ad38a108448c0f328d67950f", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_c2c194dfd09222ec414dbe6c498eb79b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.uint32_32_max", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "ebab566378af12353e229bf27252b37c" + ], + [ + "MerkleTree.Low.insert_", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.v", "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_Spec.AES.gf8", "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "299e8b47da20268f48373e681a090132" + ], + [ + "MerkleTree.Low.insert_", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "FStar.Ghost_interpretation_Tm_ghost_arrow_e2f4c1991753137c5a80c115428d0cef", + "LowStar.Regional_interpretation_Tm_ghost_arrow_8efe83896e61f87df00cf72ae31ef9ac", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "data_elim_LowStar.Regional.Rgl", "data_elim_LowStar.Vector.Vec", + "eq2-interp", "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.op_Slash", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.Set.subset", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_all_exts_from", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rs_loc_elem", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", + "equation_LowStar.Vector.alloc_empty", + "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.abs", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_Spec.Hash.Definitions.bytes", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Ghost.reveal", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "kinding_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Set.mem_complement", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "lemma_LowStar.RVector.as_seq_seq_index", + "lemma_LowStar.RVector.as_seq_sub_as_seq", + "lemma_LowStar.RVector.rv_inv_preserved", + "lemma_LowStar.Vector.modifies_as_seq", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_08698b4b6e166624b5bf789ac071b4cf", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9024b5c5ad38a108448c0f328d67950f", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_c2c194dfd09222ec414dbe6c498eb79b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d52f5ab9e989c21e6ecbcb8c0796e43a", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fedcb15e96f77db85594c779fc6adaf1", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_FStar.Ghost.reveal", + "token_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Ghost.hide", "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.upd", "typing_FStar.Seq.Properties.snoc", + "typing_FStar.Set.complement", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gt", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_all_exts_from", + "typing_LowStar.RVector.rv_loc_elems", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.get", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.Low.uint32_32_max", + "typing_MerkleTree.New.High.insert_", + "typing_MerkleTree.New.High.offset_of" + ], + 0, + "ff0bb2a36927375d6d966cf4553d4fa3" + ], + [ + "MerkleTree.Low.mt_insert_pre_nst", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.mt_not_full_nst", + "equation_MerkleTree.Low.uint32_32_max", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.Low.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Int.Cast.uint32_to_uint64", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.uint32_32_max" + ], + 0, + "078807191f4c33a07174de55769e6b81" + ], + [ + "MerkleTree.Low.mt_insert_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_FStar.UInt32.t" + ], + 0, + "0b58a370f9973056cdb15b515c4a6f7f" + ], + [ + "MerkleTree.Low.mt_insert_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_eab2707d39e7332530d233d48d6d936e" + ], + 0, + "165d8b8698905699f502a6d2a86c23fe" + ], + [ + "MerkleTree.Low.mt_insert", + 1, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_insert_pre_nst", + "equation_MerkleTree.Low.mt_lift", + "equation_MerkleTree.Low.mt_not_full_nst", + "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.New.High.mt_not_full", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_1fdbc7b4203ff15d70e272de56305f43", + "refinement_interpretation_Tm_refine_2a5613a3b1b33b9ce33860f4b8c16927", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Ghost.reveal", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_MerkleTree.Low.uint32_32_max", + "typing_MerkleTree.New.High.mt_not_full", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "37a293d896d9c827ac6ee83194f1b753" + ], + [ + "MerkleTree.Low.mt_insert", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_all_exts_from", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_insert_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_not_full_nst", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_insert", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.hide_reveal", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_regions", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.MT_rhs_ok", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_MerkleTree.Low.MT_hash_spec", + "projection_inverse_MerkleTree.Low.MT_hs", + "projection_inverse_MerkleTree.Low.MT_i", + "projection_inverse_MerkleTree.Low.MT_j", + "projection_inverse_MerkleTree.Low.MT_mroot", + "projection_inverse_MerkleTree.Low.MT_rhs", + "projection_inverse_MerkleTree.Low.MT_rhs_ok", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_1fdbc7b4203ff15d70e272de56305f43", + "refinement_interpretation_Tm_refine_2a5613a3b1b33b9ce33860f4b8c16927", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "true_interp", "typing_FStar.Ghost.reveal", + "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.complement", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_all_exts_from", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_spec", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_lift", "typing_MerkleTree.Low.mt_loc", + "typing_MerkleTree.Low.mt_not_full_nst", + "typing_MerkleTree.Low.uint32_32_max", + "typing_MerkleTree.New.High.insert_" + ], + 0, + "8862f7d125e69016c2a54a9d99541cd3" + ], + [ + "MerkleTree.Low.mt_create_custom", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.mt_p", "equation_Prims.eqtype", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_89119686b81824527c5966a2e21b17be", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "b2d388008303e7a1be18de085a3c2210" + ], + [ + "MerkleTree.Low.mt_create_custom", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", + "equation_MerkleTree.Low.Datastructures.hash_size_t", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec" + ], + 0, + "1c40ca513a300fb80799a39baa445edd" + ], + [ + "MerkleTree.Low.mt_create_custom", + 3, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt64.gte", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.add64_fits", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_insert_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_not_full", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.uint64_max", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.mt_create", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt64.uv_inv", + "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_89119686b81824527c5966a2e21b17be", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_FStar.Ghost.hide", "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.Vector.alloc_empty", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc", "typing_MerkleTree.Low.mt_not_full", + "typing_MerkleTree.Low.uint64_max", + "typing_MerkleTree.New.High.hash_init" + ], + 0, + "109951128c08b9f4e6c1ccb0c6a22e40" + ], + [ + "MerkleTree.Low.phashes", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.path_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "f440472f28e0ab8494ee20c8fedfe25d" + ], + [ + "MerkleTree.Low.path_safe", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.path_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "10d58037611af3a4949e17cd5269f399" + ], + [ + "MerkleTree.Low.lift_path_", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "ad865e973b138428c177ae8d9e1cfd11" + ], + [ + "MerkleTree.Low.lift_path_", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.Datastructures.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "0cb633daf26d7f61b061767d0bd815c8" + ], + [ + "MerkleTree.Low.lift_path_", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_2b8e4e725737e1d9b14f1e4978e68728_4", + "binder_x_8f7f11c8feab2d1dbfb8e60676b43aaf_3", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_1", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Prims.int", "int_inversion", "int_typing", + "interpretation_Tm_abs_ae320cafa25b7bff088bdd417f990954", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_07fd923f1cf52f096265dbf0eca6e3e1", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_64794c8a6b670549b2a4986c07198e35", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.UInt32.v", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "well-founded-ordering-on-nat" + ], + 0, + "bc8bdc8a1b50a80de4e59f1efe302b14" + ], + [ + "MerkleTree.Low.lift_path", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.path@tok", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "3fa813030b41cc71251bfeccbbcaa36a" + ], + [ + "MerkleTree.Low.lift_path", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.path_p", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "typing_FStar.UInt32.t" + ], + 0, + "0f46d4f916fa1e3e153f0653a2a74572" + ], + [ + "MerkleTree.Low.lift_path", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_a8d77049c21db6a375169e391c705890", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_9d8be7b590c01459526425291e137ca5", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "de3ed5b3131ffc5afbefb0f9d2006f7e" + ], + [ + "MerkleTree.Low.lift_path_index_", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.gt", + "equation_FStar.UInt32.gt", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.squash", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_93225d4de1bd6dffd92cb269f08b297f", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull" + ], + 0, + "8a89807e17418ae9b1b17f7c658ff71d" + ], + [ + "MerkleTree.Low.lift_path_index_", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.uint8", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_Prims.squash", "function_token_typing_Lib.IntTypes.uint8", + "int_inversion", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_920b2e9a16334023a0245c39a609d78d", + "refinement_interpretation_Tm_refine_93225d4de1bd6dffd92cb269f08b297f", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fb1820d792b8224e19492e4f93356f98", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder" + ], + 0, + "a12b686e032d4294a13ab21a25ebd836" + ], + [ + "MerkleTree.Low.lift_path_index_", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.lift_path_.fuel_instrumented", + "@query", + "LowStar.Regional_interpretation_Tm_arrow_e5ec4d09d74ef6d9837f1dcfa06070d3", + "LowStar.Regional_interpretation_Tm_ghost_arrow_e6b8a71b615251688e17599ba9a3c6a3", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_344430588cb216e98a1c212247faaed8_4", + "binder_x_8f7f11c8feab2d1dbfb8e60676b43aaf_3", + "binder_x_9c152e1f5f6bd24fcc551cb6dc504bbc_2", + "binder_x_c863dfabeabffbe315f9343d83de00db_5", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_1", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.uint8", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", + "equation_with_fuel_MerkleTree.Low.lift_path_.fuel_instrumented", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", "int_inversion", "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_ae320cafa25b7bff088bdd417f990954", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_2739b8ccd4797c090f619c4de73594fa", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_686cedfdef13741d72c1f34439b642b8", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fa82e8cdc2a3d8728cddcadb5c9f32f7", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "typing_FStar.Ghost.hide", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.lift_path_", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "83a7872c89ed56adc4565e2b6a30154f" + ], + [ + "MerkleTree.Low.lift_path_index", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Spec.AES.elem", "int_inversion", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "l_and-interp", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_81a6d9019dae9e411b66d550a4eb0e47", + "refinement_interpretation_Tm_refine_a83fa542300c1f283806e4e50092b6a0", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_c80bb2e63f331690cd06f1d1ed52aa34", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "576aab1fb029d036cfe5e1ff79f65b04" + ], + [ + "MerkleTree.Low.lift_path_index", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", "int_inversion", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_a8d77049c21db6a375169e391c705890", + "l_and-interp", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_876ce7bb986b7461cccc812f5e3cae4a", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull" + ], + 0, + "344674990f47b3a396ff6f4e7b67c91c" + ], + [ + "MerkleTree.Low.lift_path_eq", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "int_typing", "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_579225e51ba56db899d3daaee0124121", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.v", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "b06895ad09d1bd56289ac969df3c7ada" + ], + [ + "MerkleTree.Low.lift_path_eq", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "@query", "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_MerkleTree.Low.lift_path_index_", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_93225d4de1bd6dffd92cb269f08b297f", + "refinement_interpretation_Tm_refine_a26c74317ad587930282c474757e6f98", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.lift_path_", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "166b72afa364d4258a8cdcce2fe42738" + ], + [ + "MerkleTree.Low.path_safe_preserved_", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "binder_x_344430588cb216e98a1c212247faaed8_4", + "binder_x_8358b93aec0670665ebb4c0f52fc04b7_5", + "binder_x_8f7f11c8feab2d1dbfb8e60676b43aaf_3", + "binder_x_c1c1de8ea7481018f23ab7c648051e51_1", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_FStar.Integers.int_t", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_Prims.eqtype", "equation_Prims.nat", + "function_token_typing_Prims.int", "int_inversion", + "interpretation_Tm_abs_6728875490976ccd978954670f141d3d", + "interpretation_Tm_abs_da2d7667c8fc569e381b3740685dc5cf", + "l_and-interp", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "refinement_interpretation_Tm_refine_098c247b168074b3f36ef500720aec99", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_686cedfdef13741d72c1f34439b642b8", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.singleton", + "well-founded-ordering-on-nat" + ], + 0, + "3e82e225e5b6049cb9f7d7a9c52f560d" + ], + [ + "MerkleTree.Low.path_safe_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_8daf5d335a3e8fecc18fb52021b443ed", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Vector.modifies_as_seq", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.path_loc", "typing_MerkleTree.Low.phashes", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "5866e36e65592af0903515936b7bdf49" + ], + [ + "MerkleTree.Low.path_safe_init_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.path_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "f739944c1add7c4afc42a7c30071efd7" + ], + [ + "MerkleTree.Low.path_safe_init_preserved", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Vector.modifies_as_seq", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.size_of", "typing_MerkleTree.Low.path_loc", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "3c9ffc5091f627f3a8f20481f86a7094" + ], + [ + "MerkleTree.Low.path_preserved_", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "int_inversion", "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_aae3f5a7f3472ac9a2a5ad23c238bc0c", + "l_and-interp", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_93225d4de1bd6dffd92cb269f08b297f", + "refinement_interpretation_Tm_refine_f01124243fdfdcd3ddfb975288d0279e", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v" + ], + 0, + "41fecb7e2d82c4b1b4a0ce8f25de054c" + ], + [ + "MerkleTree.Low.path_preserved_", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "int_inversion", "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_aae3f5a7f3472ac9a2a5ad23c238bc0c", + "l_and-interp", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_93225d4de1bd6dffd92cb269f08b297f", + "refinement_interpretation_Tm_refine_f01124243fdfdcd3ddfb975288d0279e", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v" + ], + 0, + "001ac82b229723adccfbc649908294fa" + ], + [ + "MerkleTree.Low.path_preserved_", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.lift_path_.fuel_instrumented", + "@query", + "LowStar.Regional_interpretation_Tm_ghost_arrow_8efe83896e61f87df00cf72ae31ef9ac", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "binder_x_03de0e8240ae2a00ba69e682c75cd60a_0", + "binder_x_344430588cb216e98a1c212247faaed8_4", + "binder_x_8358b93aec0670665ebb4c0f52fc04b7_5", + "binder_x_8f7f11c8feab2d1dbfb8e60676b43aaf_3", + "binder_x_9c152e1f5f6bd24fcc551cb6dc504bbc_2", + "binder_x_c1c1de8ea7481018f23ab7c648051e51_1", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_6", + "binder_x_ed25b04ac1a3660bf4cdc8ae577888d8_7", "bool_inversion", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "data_elim_LowStar.Regional.Rgl", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.uint_t", + "equation_LowStar.Vector.forall_seq", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_with_fuel_MerkleTree.Low.lift_path_.fuel_instrumented", + "function_token_typing_Prims.int", "int_inversion", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_6728875490976ccd978954670f141d3d", + "interpretation_Tm_abs_da2d7667c8fc569e381b3740685dc5cf", + "l_and-interp", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "refinement_interpretation_Tm_refine_08698b4b6e166624b5bf789ac071b4cf", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_686cedfdef13741d72c1f34439b642b8", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Properties.snoc", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.lift_path_", "well-founded-ordering-on-nat" + ], + 0, + "a305c257151f3ebd58cee74a9a7d9d78" + ], + [ + "MerkleTree.Low.path_preserved", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_644dd63acef05335cd39ec25f6b4acb5", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Map.contains", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "8f5f9ab1d8a0ed3e0a66d265e0a00117" + ], + [ + "MerkleTree.Low.path_preserved", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Vector.modifies_as_seq", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.path_loc", "typing_MerkleTree.Low.phashes", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "b0e765f7a982b115b89a15a740061fb1" + ], + [ + "MerkleTree.Low.init_path", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.path_p", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_typing", + "kinding_MerkleTree.Low.path@tok", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6804b46126ca14ff1a0e860171d7028d", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.disjoint", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.len", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "8a374fdc96cd1be45f7bee18f6d2fa73" + ], + [ + "MerkleTree.Low.init_path", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "b2t_def", "bool_inversion", + "data_typing_intro_MerkleTree.Low.Path@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.erid", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.uint_t", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.loc_vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_irepr", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_alloc_p", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "function_token_typing_FStar.Monotonic.Heap.heap", "int_inversion", + "kinding_MerkleTree.Low.path@tok", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomUpd1", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Vector.modifies_as_seq", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_irepr", + "proj_equation_LowStar.Regional.Rgl_r_alloc_p", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_MerkleTree.Low.Path_hashes", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_irepr", + "projection_inverse_LowStar.Regional.Rgl_r_alloc_p", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.Low.Path_hash_size", + "projection_inverse_MerkleTree.Low.Path_hashes", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0bf64d9ba30241c6c2ada0c32b378b8c", + "refinement_interpretation_Tm_refine_161e04719814801d293219f408210f95", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6804b46126ca14ff1a0e860171d7028d", + "refinement_interpretation_Tm_refine_6c5072d4c9562dd38fd2703ecfb013df", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de5002918ae419c45e5ffa2f6089b768", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_alloc_p", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_alloc_p", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_FStar.Ghost.reveal", "typing_FStar.Map.contains", + "typing_FStar.Map.domain", "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Regional.__proj__Rgl__item__irepr", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.loc_vector", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.lift_path" + ], + 0, + "124a954beebea73e21c50c705a2936c9" + ], + [ + "MerkleTree.Low.clear_path", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", "equation_FStar.UInt.gt", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.pointer", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.path_p", "equation_MerkleTree.Low.phashes", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "lemma_FStar.Map.lemma_ContainsDom", + "primitive_Prims.op_GreaterThan", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_c4ce4a664e4ce41206e7b221e8c9645c", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Map.contains", "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt32.gt", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "b6f0e392c4b5ab1edd5b15d838b4fbf5" + ], + [ + "MerkleTree.Low.clear_path", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_MerkleTree.Low.Path@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.clear", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.live", + "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "int_inversion", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.lemma_live_equal_mem_domains", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_MerkleTree.Low.Path_hashes", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Vector.Vec_a", + "projection_inverse_LowStar.Vector.Vec_vs", + "projection_inverse_MerkleTree.Low.Path_hash_size", + "projection_inverse_MerkleTree.Low.Path_hashes", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c4ce4a664e4ce41206e7b221e8c9645c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de5002918ae419c45e5ffa2f6089b768", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f16a185cad0ae1078fd5fb6b5a9e0da0", + "refinement_kinding_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_kinding_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "true_interp", "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.clear", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__Path__item__hash_size", + "typing_MerkleTree.Low.lift_path", "typing_MerkleTree.Low.phashes", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "7fc5410757efd4002be2a62655c3775d" + ], + [ + "MerkleTree.Low.free_path", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.path_p", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "7f54a0bb9fe638a759bedf6c9d83d8a7" + ], + [ + "MerkleTree.Low.free_path", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Vector.loc_addr_of_vector", + "equation_LowStar.Vector.vector", "equation_MerkleTree.Low.path_loc", + "equation_MerkleTree.Low.path_p", "equation_MerkleTree.Low.phashes", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Equality", "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_23bcaf6c6dda1a1cb7e77c4acddad0c7", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_86b900c47a5735b21b86962069473eed", + "refinement_interpretation_Tm_refine_8964b57ad0bb71cf9851d004fcef114d", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Set.singleton", "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.loc_addr_of_vector", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__Path__item__hash_size", + "typing_MerkleTree.Low.path_loc", "typing_MerkleTree.Low.phashes", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "22100a2af4b3ebfc54f09392ca144498" + ], + [ + "MerkleTree.Low.construct_rhs", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_r_inv", + "equation_LowStar.Regional.Instances.vector_r_repr", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_1f6add350a1f3a78e2f9260e4f7397ca", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_r_inv", + "token_correspondence_LowStar.Regional.Instances.vector_r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "cbffd968f9beeff57064c6ac34a26d04" + ], + [ + "MerkleTree.Low.construct_rhs", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.v", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "fc005a21a4abb9a894873dc9ef96d43d" + ], + [ + "MerkleTree.Low.construct_rhs", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_ghost_arrow_8efe83896e61f87df00cf72ae31ef9ac", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "data_elim_LowStar.Regional.Rgl", "data_elim_LowStar.Vector.Vec", + "eq2-interp", "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.op_Slash", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_r_inv", + "equation_LowStar.Regional.Instances.vector_r_repr", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", + "equation_LowStar.Vector.alloc_empty", + "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.abs", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.bytes", + "equation_with_fuel_LowStar.Vector.loc_vector_within.fuel_instrumented", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Ghost.reveal", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "kinding_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.frameOf_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_gsub", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "lemma_LowStar.RVector.as_seq_seq_index", + "lemma_LowStar.RVector.as_seq_sub_as_seq", + "lemma_LowStar.RVector.rv_inv_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Regional.Rgl_state", + "proj_equation_LowStar.Vector.Vec_cap", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_LowStar.Regional.Rgl_state", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_08698b4b6e166624b5bf789ac071b4cf", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_15c10553a064ef93b6a2ba8dc4d4e50d", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1caa49eb515770ede336b5755e71f5ac", + "refinement_interpretation_Tm_refine_1f6add350a1f3a78e2f9260e4f7397ca", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_785c4715e6841dc78147a1cec1934162", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a9b9637d3bb41194621a6df747c94eac", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bb057522f06b19b94fc366689b4d9e02", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_interpretation_Tm_refine_fb1820d792b8224e19492e4f93356f98", + "refinement_interpretation_Tm_refine_fedcb15e96f77db85594c779fc6adaf1", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_r_inv", + "token_correspondence_LowStar.Regional.Instances.vector_r_repr", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Ghost.reveal", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.get", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.New.High.construct_rhs", + "typing_MerkleTree.New.High.offset_of", "unit_inversion", + "unit_typing" + ], + 0, + "4f70c72835c28e68ede42dc67125b8e7" + ], + [ + "MerkleTree.Low.mt_get_root_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_FStar.UInt32.t" + ], + 0, + "c466e5a64e6b533745668a976dc38117" + ], + [ + "MerkleTree.Low.mt_get_root_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_757a25da4bfbb934e7d4383b76f974f6", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t" + ], + 0, + "2c47849f502bd64e6f4c785dbb43a00b" + ], + [ + "MerkleTree.Low.mt_get_root", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.uint_t", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.New.High.hash", "equation_Prims.eqtype", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0144a506c0944daedcdf856bdeb957b1", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Ghost.reveal", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.cast", + "typing_MerkleTree.Low.__proj__MT__item__j" + ], + 0, + "8443a0fe1b72c42744ce2bb1c4aee621" + ], + [ + "MerkleTree.Low.mt_get_root", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_arrow_089f19acfad0266f592c20df26e88326", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_df24cc312009e8ba8a7cb90e3ff490a1", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_r_inv", + "equation_LowStar.Regional.Instances.vector_r_repr", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.Instances.vector_repr", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_get_root_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.ConstBuffer.qbuf_pre", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_empty", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.subset_mem", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "lemma_LowStar.RVector.rv_inv_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Regional.Rgl_state", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.MT_rhs_ok", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_LowStar.Regional.Rgl_state", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_MerkleTree.Low.MT_hash_spec", + "projection_inverse_MerkleTree.Low.MT_hs", + "projection_inverse_MerkleTree.Low.MT_i", + "projection_inverse_MerkleTree.Low.MT_j", + "projection_inverse_MerkleTree.Low.MT_mroot", + "projection_inverse_MerkleTree.Low.MT_offset", + "projection_inverse_MerkleTree.Low.MT_rhs", + "projection_inverse_MerkleTree.Low.MT_rhs_ok", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0144a506c0944daedcdf856bdeb957b1", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_d90aafc042ca101ed142c8a07e919280", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_r_inv", + "token_correspondence_LowStar.Regional.Instances.vector_r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_Prims.pow2.fuel_instrumented", "true_interp", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint32_to_uint64", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.length", + "typing_LowStar.ConstBuffer.q_preorder", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.ConstBuffer.qbuf_qual", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_loc", "unit_inversion", "unit_typing" + ], + 0, + "76f3815f61c867af1a8e0ffb1206f65b" + ], + [ + "MerkleTree.Low.mt_path_insert", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.is_full", + "equation_LowStar.Vector.max_uint32", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_typing", + "kinding_MerkleTree.Low.path@tok", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_597cd9cb921c58eb03ad4b9af0ea5382", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Seq.Base.length", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.max_uint32", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "1ca85d1fda45787c614b0bd93a5c6bf6" + ], + [ + "MerkleTree.Low.mt_path_insert", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.lift_path_.fuel_instrumented", + "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Winfinite", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.Set.subset", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.is_full", + "equation_LowStar.Vector.loc_addr_of_vector", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.lift_path_.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_51b6dcbf92a8a13ac2fad5c27f406e95", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "interpretation_Tm_abs_ee02770f39fda43ce517690d67a60c60", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_anti_symmetric", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt32.uv_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Vector.modifies_as_seq", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.Path_hash_size", + "proj_equation_MerkleTree.Low.Path_hashes", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_MerkleTree.Low.Path_hash_size", + "projection_inverse_MerkleTree.Low.Path_hashes", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_550ac2ce6d345e95c253d32a2a002955", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_597cd9cb921c58eb03ad4b9af0ea5382", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d8be5235c58751d53a7668d7b5a14c48", + "refinement_interpretation_Tm_refine_ea492b88b93e3e37de307cd56674d62c", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "true_interp", "typing_FStar.Ghost.hide", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.disjoint", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Properties.snoc", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.is_full", + "typing_LowStar.Vector.loc_addr_of_vector", + "typing_LowStar.Vector.loc_vector", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.lift_path_", "typing_MerkleTree.Low.path_loc", + "typing_MerkleTree.Low.phashes", + "typing_MerkleTree.New.High.path_insert" + ], + 0, + "d6b2e64068af439ec44208e9a7bbb29e" + ], + [ + "MerkleTree.Low.mt_path_length_step", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lte", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_b6221baef2e123cb2378f2e1838b368b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v" + ], + 0, + "5e42dd5e875b076eb375215640dd7726" + ], + [ + "MerkleTree.Low.mt_path_length_step", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.op_Slash", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_Prims.abs", "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_785c4715e6841dc78147a1cec1934162", + "refinement_interpretation_Tm_refine_b6221baef2e123cb2378f2e1838b368b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.mt_path_length_step", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "1833b807db9fe0fcf0b48f6e911ecbd1" + ], + [ + "MerkleTree.Low.mt_path_length", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.v", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0c49180c933493e441c4b8a38d39d2d3" + ], + [ + "MerkleTree.Low.mt_path_length", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.v", "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "8793ca7f1faa9865d58f02d0bc7965f6" + ], + [ + "MerkleTree.Low.mt_path_length", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "binder_x_3786295f454350c666648bd63753aec1_0", + "binder_x_63b08cc0a516c5a82f5c63ae2816d650_2", + "binder_x_ba79a150dec8bb551dfe212e44f985b4_1", + "binder_x_f537159ed795b314b4e58c260361ae86_3", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.Int.op_Slash", + "equation_FStar.Integers.int_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_path_length_step", "equation_Prims.abs", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0722e9115d2a1be8d90527397d01011c", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ca0df5c17b72f1aca71becb05179c0a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_93430e89160b32d666d15725842e837c", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_aa9ac3c5ea951043097928f31d6778db", + "refinement_interpretation_Tm_refine_d725b7ad8ef4eba4ccb6546196209a9e", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt.mod", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "well-founded-ordering-on-nat" + ], + 0, + "909cf77e60307243f4a89ff1c23eb2bc" + ], + [ + "MerkleTree.Low.mt_get_path_length", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "070ec435700232c4643a8ebdd6388060" + ], + [ + "MerkleTree.Low.mt_get_path_length", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Vector.size_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "refinement_interpretation_Tm_refine_a1827a66b83c0ead743c84843275d41a", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__Path__item__hash_size", + "typing_MerkleTree.Low.__proj__Path__item__hashes" + ], + 0, + "50560f306a8f3578ae12ce8369fdd385" + ], + [ + "MerkleTree.Low.mt_make_path_step", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_path_length_step", + "equation_MerkleTree.Low.path_p", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_41db3504c860623c5143e0c676d7f829", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_7da9953a11c0a050aa23558d752e6509", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9da57778dd25e78639bdb09f02ea27a4", + "refinement_interpretation_Tm_refine_a7f3fdf0814c79d169f818363a89f350", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_de82f374584cac0c7dd16ba197f9efa4", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "9ce3a7566b941afd8004984e3357acfe" + ], + [ + "MerkleTree.Low.mt_make_path_step", + 2, + 1, + 2, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "int_inversion", + "int_typing", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v" + ], + 0, + "3efb414813da05131f56bcee5567c920" + ], + [ + "MerkleTree.Low.mt_make_path_step", + 3, + 1, + 2, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_df24cc312009e8ba8a7cb90e3ff490a1", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "data_elim_LowStar.Regional.Rgl", "data_elim_LowStar.Vector.Vec", + "eq2-interp", "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Int.op_Slash", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Seq.Properties.snoc", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", + "equation_LowStar.Vector.alloc_empty", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.is_full", + "equation_LowStar.Vector.max_uint32", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_path_length_step", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.abs", + "equation_Prims.eq2", "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "function_token_typing_Prims.__cache_version_number__", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.RVector.as_seq_seq_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_cap", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.Path_hash_size", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_41db3504c860623c5143e0c676d7f829", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_597cd9cb921c58eb03ad4b9af0ea5382", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_785c4715e6841dc78147a1cec1934162", + "refinement_interpretation_Tm_refine_7da9953a11c0a050aa23558d752e6509", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a7f3fdf0814c79d169f818363a89f350", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_b6221baef2e123cb2378f2e1838b368b", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bb057522f06b19b94fc366689b4d9e02", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d90aafc042ca101ed142c8a07e919280", + "refinement_interpretation_Tm_refine_de5002918ae419c45e5ffa2f6089b768", + "refinement_interpretation_Tm_refine_de82f374584cac0c7dd16ba197f9efa4", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fedcb15e96f77db85594c779fc6adaf1", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.snoc", "typing_FStar.UInt.fits", + "typing_FStar.UInt.max_int", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.is_full", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.lift_path", + "typing_MerkleTree.Low.lift_path_", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_path_length_step", + "typing_MerkleTree.Low.offset_of", "typing_MerkleTree.Low.path_loc", + "typing_MerkleTree.Low.phashes", + "typing_MerkleTree.New.High.offset_of", + "typing_MerkleTree.New.High.path_insert", "typing_Prims.abs", + "unit_inversion", "unit_typing" + ], + 0, + "94a5c49f84781d56f9c34f08db59c53b" + ], + [ + "MerkleTree.Low.mt_get_path_step_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.path@tok", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "typing_FStar.UInt32.t", "typing_LowStar.ConstBuffer.cast" + ], + 0, + "fccaec7baf46ec7d57b85593b89df209" + ], + [ + "MerkleTree.Low.mt_get_path_step_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", "equation_FStar.UInt.lt", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_get_path_step_pre_nst", + "equation_MerkleTree.Low.path_safe", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "primitive_Prims.op_LessThan", "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b534c9653476ff6b62261897d8500dfa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Lib.IntTypes.unsigned", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "3a78f9df8758ed7defd46844663c195a" + ], + [ + "MerkleTree.Low.mt_get_path_step", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "kinding_MerkleTree.Low.path@tok", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "typing_FStar.UInt32.t", "typing_LowStar.ConstBuffer.cast" + ], + 0, + "41725ee94c7013944cf332205eb06ae8" + ], + [ + "MerkleTree.Low.mt_get_path_step", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.UInt32.lt", "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.path_safe", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_fd4e2f81ea500c7a3d6c3c50beae6313" + ], + 0, + "b03f0bfb7f2df4585f9cf128ba464f00" + ], + [ + "MerkleTree.Low.mt_get_path_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.path_p", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_7da9953a11c0a050aa23558d752e6509", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9da57778dd25e78639bdb09f02ea27a4", + "refinement_interpretation_Tm_refine_a7f3fdf0814c79d169f818363a89f350", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b523381091ed2b15359798ec0b06aec4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.phashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "1486a6d23aac631029eb788ff4301c41" + ], + [ + "MerkleTree.Low.mt_get_path_", + 2, + 1, + 2, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equation_FStar.UInt.fits", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "int_inversion", + "int_typing", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v" + ], + 0, + "5373c7923adad2dd5055d0911e6ad78b" + ], + [ + "MerkleTree.Low.mt_get_path_", + 3, + 1, + 2, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "data_elim_LowStar.Regional.Rgl", "data_elim_LowStar.Vector.Vec", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.op_Slash", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.alloc_empty", + "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.path", "equation_Prims.abs", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Low.mt_path_length.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "kinding_MerkleTree.Low.path@tok", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_anti_symmetric", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_430a5074f3a28dcbdb8a5c1f8b050b57", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7da9953a11c0a050aa23558d752e6509", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_996a0bfeaf753650184abc6023276685", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a7f3fdf0814c79d169f818363a89f350", + "refinement_interpretation_Tm_refine_ab813ca8963e2adcc03f81a908ad288b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b523381091ed2b15359798ec0b06aec4", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_c4f5794556a41e564b20266fd7e194e9", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_de5002918ae419c45e5ffa2f6089b768", + "refinement_interpretation_Tm_refine_e0eeef1d4b7c0bcc1c9259b0546ec1bf", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_interpretation_Tm_refine_fedcb15e96f77db85594c779fc6adaf1", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.lift_path", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_path_length", + "typing_MerkleTree.Low.path_loc", "typing_MerkleTree.Low.phashes", + "typing_MerkleTree.New.High.mt_get_path_", "typing_Prims.pow2", + "unit_inversion", "unit_typing" + ], + 0, + "3299fdb9871cfc1ab0bcb71b3590d5cd" + ], + [ + "MerkleTree.Low.mt_get_path_pre_nst", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_EverCrypt.Helpers.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "typing_FStar.UInt32.t" + ], + 0, + "312589312c2cb792c60d8cd171388f0d" + ], + [ + "MerkleTree.Low.mt_get_path_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_FStar.UInt32.t" + ], + 0, + "2aea1ec6df2f0ace0260244bd827aec7" + ], + [ + "MerkleTree.Low.mt_get_path_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.path_safe", "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "primitive_Prims.op_AmpAmp", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "refinement_interpretation_Tm_refine_a7adad43a05ed9b0b623aa9e1413a6a2", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv" + ], + 0, + "db0c8c1a9bd4b626002972a196ac384f" + ], + [ + "MerkleTree.Low.mt_get_path_loc_union_helper", + 1, + 0, + 0, + [ "@query", "lemma_LowStar.Monotonic.Buffer.loc_union_idem_2" ], + 0, + "93e3e07d6ca996e7985ef6f7e9f1c6c8" + ], + [ + "MerkleTree.Low.mt_get_path", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_get_path_pre_nst", + "equation_MerkleTree.Low.mt_lift", + "equation_MerkleTree.Low.offset_t", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.split_offset", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Ghost.hide_reveal", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fe7d8182a5a4a480f10ce2c5ac8b7f97", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.sub_mod", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "48f0210532e26faf78e7bac1f40aa909" + ], + [ + "MerkleTree.Low.mt_get_path", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_arrow_e5ec4d09d74ef6d9837f1dcfa06070d3", + "LowStar.Regional_interpretation_Tm_ghost_arrow_e6b8a71b615251688e17599ba9a3c6a3", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", "eq2-interp", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.Instances.vector_region_of", + "equation_LowStar.Regional.Instances.vector_regional", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.is_full", + "equation_LowStar.Vector.max_uint32", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.Datastructures.hvvreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_get_path_pre_nst", + "equation_MerkleTree.Low.mt_get_root_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.mt_get_path", + "equation_MerkleTree.New.High.mt_get_root", + "equation_MerkleTree.New.High.mt_wf_elts", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple3", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_inv", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_anti_symmetric", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", "lemma_FStar.Set.mem_empty", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.subset_mem", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.Path_hashes", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0144a506c0944daedcdf856bdeb957b1", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1fdbc7b4203ff15d70e272de56305f43", + "refinement_interpretation_Tm_refine_2533df3e50c570efc4935485221da6e6", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_51659e7922d289d6f1d461d871f60d4c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_7108b467000c99be927e4d94496382d1", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fa82e8cdc2a3d8728cddcadb5c9f32f7", + "refinement_interpretation_Tm_refine_fad4b98bfe67b15c7f230a2cb41529f8", + "refinement_interpretation_Tm_refine_fe7d8182a5a4a480f10ce2c5ac8b7f97", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.Instances.vector_region_of", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint64_to_uint32", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.sub_mod", "typing_FStar.UInt64.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_seq", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.is_full", + "typing_LowStar.Vector.size_of", "typing_LowStar.Vector.vector", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_lift", + "typing_MerkleTree.Low.offset_range_limit", + "typing_MerkleTree.Low.path_loc", "typing_MerkleTree.Low.phashes", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.offset_of", + "typing_MerkleTree.New.High.path_insert" + ], + 0, + "20409e12a96b7ef79a527a12dea6bd11" + ], + [ + "MerkleTree.Low.mt_flush_to_modifies_rec_helper", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "8312fd7920818be2e2d65829750b39eb" + ], + [ + "MerkleTree.Low.mt_flush_to_modifies_rec_helper", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_with_fuel_LowStar.Vector.loc_vector_within.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_l", + "lemma_LowStar.Monotonic.Buffer.loc_union_loc_none_r", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Vector.Vec_vs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "7bdf4eb479b5915f1469677a204a5e72" + ], + [ + "MerkleTree.Low.mt_flush_to_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.size_t", + "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Lib.IntTypes.size_t", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_354dd9b32a4a002e2347141436628ba9", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_7f976d3b0765f2e0b41b5779bf94e17c", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Ghost.reveal", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "5ae02235d543ba28fcd211ebaeaa3524" + ], + [ + "MerkleTree.Low.mt_flush_to_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "int_inversion", + "int_typing", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_MerkleTree.Low.merkle_tree_size_lg" + ], + 0, + "614e9fa1f5ed568d1fb31be038e444a5" + ], + [ + "MerkleTree.Low.mt_flush_to_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_arrow_089f19acfad0266f592c20df26e88326", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_c55a67b27f4ea444400878ed4572b7c7", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", "eq2-interp", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rs_loc_elem", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eq2", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_18d2dd6c3427a161ac4d1dbab334ec57", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "interpretation_Tm_abs_b6a78f68f402269845a00408e9b23d46", + "interpretation_Tm_abs_c87aa5965b477cef27de7ff43995cd8f", + "interpretation_Tm_abs_d80d426c106e7d2d632417c193cbb574", + "interpretation_Tm_abs_ed80004893232e5e8f69e151c9377435", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_seq_index", + "lemma_LowStar.RVector.as_seq_sub_as_seq", + "lemma_LowStar.Vector.forall_as_seq", + "lemma_LowStar.Vector.modifies_as_seq", + "lemma_LowStar.Vector.modifies_as_seq_within", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_disEquality", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_sz", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_0027836e41be9f6799a3ed506cd07159", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0844e140699ad1b980a5881c05706d30", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0b0f9776f8fbf33608e064dfe5c8ab0a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_0fd727713601f376bb2013604f1cecaf", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_347600ec1a30c5f2a581ebc2397361c4", + "refinement_interpretation_Tm_refine_354dd9b32a4a002e2347141436628ba9", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_4639d389381bee5cf8cf77b7a6585074", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_5a88c51956f007f77dee75dd2a07bb5a", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_72a6e6d3eb60f86cdad2dd40aa09f653", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d7fbea8a1aa1c987d727318058634ac", + "refinement_interpretation_Tm_refine_7f976d3b0765f2e0b41b5779bf94e17c", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c2b8ccc25e325650b50ede764b3f6694", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_e39578da040f6c7003161732bc9d6b85", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Base.upd", + "typing_FStar.Seq.Properties.cons", "typing_FStar.Set.empty", + "typing_FStar.Set.intersect", "typing_FStar.Set.mem", + "typing_FStar.Set.singleton", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.div", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.rem", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.loc_union", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.RVector.rs_loc_elems", + "typing_LowStar.RVector.rv_loc_elems", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.get", "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.New.High.mt_flush_to_", + "typing_MerkleTree.New.High.offset_of", + "typing_Tm_abs_8af5505247aa684e407d3b8992667aef", "unit_inversion", + "unit_typing" + ], + 0, + "f0ac38e9faa14e51942a3822af767871" + ], + [ + "MerkleTree.Low.mt_flush_to_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "a9fab56f981b3309b2949474a8d3289e" + ], + [ + "MerkleTree.Low.mt_flush_to_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_e07051c88e3784a2480ae13a521fed4d", + "typing_MerkleTree.Low.mt_flush_to_pre_nst" + ], + 0, + "3eb4ff4c36aa467fa3eea59ba3722dd6" + ], + [ + "MerkleTree.Low.mt_flush_to", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_flush_to_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.eqtype", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b685b7c368418da79edd10d62bbdb4dd", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "6d38fabba3cb308c0f36e57b25040ddd" + ], + [ + "MerkleTree.Low.mt_flush_to", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_all_exts_from", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_flush_to_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_anti_symmetric", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_complement", + "lemma_FStar.Set.mem_empty", "lemma_FStar.Set.mem_intersect", + "lemma_FStar.Set.mem_singleton", "lemma_FStar.Set.mem_subset", + "lemma_FStar.Set.subset_mem", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_addresses_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.MT_rhs_ok", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_MerkleTree.Low.MT_hash_spec", + "projection_inverse_MerkleTree.Low.MT_hs", + "projection_inverse_MerkleTree.Low.MT_i", + "projection_inverse_MerkleTree.Low.MT_j", + "projection_inverse_MerkleTree.Low.MT_mroot", + "projection_inverse_MerkleTree.Low.MT_rhs", + "projection_inverse_MerkleTree.Low.MT_rhs_ok", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1fdbc7b4203ff15d70e272de56305f43", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_72a6e6d3eb60f86cdad2dd40aa09f653", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d7fbea8a1aa1c987d727318058634ac", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b685b7c368418da79edd10d62bbdb4dd", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.complement", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lt", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.sub_mod", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_all_exts_from", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.mt_flush_to_pre_nst", + "typing_MerkleTree.Low.mt_lift", "typing_MerkleTree.Low.mt_loc", + "typing_MerkleTree.Low.offsets_connect", + "typing_MerkleTree.New.High.mt_flush_to_" + ], + 0, + "624b082f88567b223db3937aec8a6b6b" + ], + [ + "MerkleTree.Low.mt_flush_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "3beef666de377f6566e5f15ffb20f369" + ], + [ + "MerkleTree.Low.mt_flush_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_e07051c88e3784a2480ae13a521fed4d", + "typing_MerkleTree.Low.mt_flush_pre_nst" + ], + 0, + "9d375c99399eafe81b5b83a38405ce36" + ], + [ + "MerkleTree.Low.mt_flush", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.gt", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_flush_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.eqtype", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_GreaterThan", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_edb2fd35c6e19db9613cfd76dceaf3d8", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot" + ], + 0, + "41278adf2b5924b9ce9aa7b70dbb8ca5" + ], + [ + "MerkleTree.Low.mt_flush", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.sub_mod", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt64.gte", "equation_FStar.UInt64.lt", + "equation_Lib.IntTypes.uint8", "equation_Lib.Sequence.seq", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.add64_fits", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.join_offset", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_flush_pre_nst", + "equation_MerkleTree.Low.mt_flush_to_pre_nst", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.Low.uint32_32_max", + "equation_MerkleTree.Low.uint64_max", + "equation_MerkleTree.New.High.mt_flush", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_5c4b9c52885cf9942fddf9073ebbcd6b", + "refinement_interpretation_Tm_refine_9b77e5f84fd6ad2912ad5c526c64e2e2", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_bc552b2c624e2add758b3ac761c0c563", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_edb2fd35c6e19db9613cfd76dceaf3d8", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.hide", "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.add", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.sub_mod", + "typing_FStar.UInt64.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.add64_fits", + "typing_MerkleTree.Low.mt_flush_pre_nst", + "typing_MerkleTree.Low.offsets_connect", + "typing_MerkleTree.Low.uint32_32_max", + "typing_MerkleTree.Low.uint64_max" + ], + 0, + "36b5708d62efb9026ead7efc7b9edf49" + ], + [ + "MerkleTree.Low.mt_retract_to_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_Lib.IntTypes.v", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_6f38fa9cf8ffc54fafb18c04ad5cdb65", + "refinement_interpretation_Tm_refine_78262dccf3c686c092c54c0e4056d92a", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_b57c1e9cab0f5ee8eb20940bc348d22b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e5622533155670d142f5bf0dd4a9da11", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.mnull", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok" + ], + 0, + "ebc8fc419002bef686ba8953ab01a210" + ], + [ + "MerkleTree.Low.mt_retract_to_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", "equation_FStar.UInt.lt", + "equation_FStar.UInt32.lt", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.v", "equation_LowStar.Vector.size_of", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_6f38fa9cf8ffc54fafb18c04ad5cdb65" + ], + 0, + "50d9aa61e81daebbd4eeb094d65af9be" + ], + [ + "MerkleTree.Low.mt_retract_to_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_correspondence_LowStar.RVector.rs_loc_elems.fuel_instrumented", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_retract_to_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_LowStar.RVector.as_seq_seq.fuel_instrumented", + "@fuel_irrelevance_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_retract_to_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_c55a67b27f4ea444400878ed4572b7c7", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", "eq2-interp", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.bits", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.pub_int_t", + "equation_Lib.IntTypes.pub_int_v", "equation_Lib.IntTypes.range", + "equation_Lib.IntTypes.unsigned", "equation_Lib.IntTypes.v", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.as_seq_sub", + "equation_LowStar.RVector.elems_inv", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rs_elems_inv", + "equation_LowStar.RVector.rs_elems_reg", + "equation_LowStar.RVector.rs_loc_elem", + "equation_LowStar.RVector.rv_elems_inv", + "equation_LowStar.RVector.rv_elems_reg", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall2", + "equation_LowStar.Vector.forall2_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_seq", + "equation_LowStar.Vector.freeable", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_vec_region_of", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_LowStar.RVector.rs_loc_elems.fuel_instrumented", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_retract_to_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_MerkleTree.Low.Datastructures.hash_vec_region_of", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "interpretation_Tm_abs_18d2dd6c3427a161ac4d1dbab334ec57", + "interpretation_Tm_abs_8af5505247aa684e407d3b8992667aef", + "interpretation_Tm_abs_b6a78f68f402269845a00408e9b23d46", + "interpretation_Tm_abs_c87aa5965b477cef27de7ff43995cd8f", + "interpretation_Tm_abs_d80d426c106e7d2d632417c193cbb574", + "interpretation_Tm_abs_ed80004893232e5e8f69e151c9377435", + "l_and-interp", "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.uv_inv", "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_refl", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_l_", + "lemma_LowStar.Monotonic.Buffer.loc_union_comm", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_seq_index", + "lemma_LowStar.RVector.as_seq_sub_as_seq", + "lemma_LowStar.Vector.forall_as_seq", + "lemma_LowStar.Vector.modifies_as_seq", + "lemma_LowStar.Vector.modifies_as_seq_within", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_disEquality", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "refinement_interpretation_Tm_refine_0027836e41be9f6799a3ed506cd07159", + "refinement_interpretation_Tm_refine_03e0ee7c990720bc4bd1c73dc60b1ac5", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0b0f9776f8fbf33608e064dfe5c8ab0a", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2836c1aa0394cd6a310bf67b2eb5ba77", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_347600ec1a30c5f2a581ebc2397361c4", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_36523c27ff52c275769e1ed58584bdac", + "refinement_interpretation_Tm_refine_365abba901205a01d0ef28ebf2198c47", + "refinement_interpretation_Tm_refine_37fc854aca14f9ca8479126899485c12", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_3f0485a7bbaea86a3ce407dd479e744c", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_4639d389381bee5cf8cf77b7a6585074", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_69d1d206ddafb5a6092734ed6446bcfd", + "refinement_interpretation_Tm_refine_6f38fa9cf8ffc54fafb18c04ad5cdb65", + "refinement_interpretation_Tm_refine_7028972db935cf1f2ecc12fc7857552a", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_812316291234d8a310a2c87c27bfa989", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_943278c01e3905c92077beb3c28e1d2f", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b57c1e9cab0f5ee8eb20940bc348d22b", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bc29bf84104028f00d869de3262aaa29", + "refinement_interpretation_Tm_refine_c623f40fce2466d5f7085645115cc739", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e39578da040f6c7003161732bc9d6b85", + "refinement_interpretation_Tm_refine_e5622533155670d142f5bf0dd4a9da11", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.RVector.rs_loc_elems.fuel_instrumented", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_vec_region_of", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperHeap.rid_freeable", + "typing_FStar.Monotonic.HyperHeap.root", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Base.upd", "typing_FStar.Seq.Properties.cons", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.bits", "typing_Lib.IntTypes.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", "typing_LowStar.RVector.as_seq_sub", + "typing_LowStar.RVector.loc_rvector", + "typing_LowStar.RVector.rs_loc_elem", + "typing_LowStar.RVector.rs_loc_elems", + "typing_LowStar.RVector.rv_loc_elems", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", + "typing_LowStar.Vector.loc_vector_within", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.offset_of", + "typing_MerkleTree.New.High.mt_retract_to_", + "typing_MerkleTree.New.High.offset_of", + "typing_Tm_abs_8af5505247aa684e407d3b8992667aef", + "typing_tok_Lib.IntTypes.PUB@tok", "typing_tok_Lib.IntTypes.U32@tok", + "unit_inversion", "unit_typing" + ], + 0, + "01116d2373da4e2f62b6fc920e88ae60" + ], + [ + "MerkleTree.Low.mt_retract_to_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "a8241f671a60a091ea2e0cf8a34fda97" + ], + [ + "MerkleTree.Low.mt_retract_to_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_e07051c88e3784a2480ae13a521fed4d", + "typing_MerkleTree.Low.mt_retract_to_pre_nst" + ], + 0, + "6a6b0391ca15c1035db306e9d1bf8e85" + ], + [ + "MerkleTree.Low.mt_retract_to", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_retract_to_pre_nst", + "equation_MerkleTree.Low.mt_safe", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_9b8d88c962259a960b6a9c4816ea90bf", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "df076eb647949b7f6c2a5db8140fb83b" + ], + [ + "MerkleTree.Low.mt_retract_to", + 2, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_LowStar.Vector.loc_vector_within.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_retract_to_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_62be7e8e1a69604f9a36351a77d748fa", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lt", "equation_FStar.UInt32.lte", + "equation_FStar.UInt64.gte", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.v", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.as_seq", + "equation_LowStar.RVector.elems_reg", + "equation_LowStar.RVector.loc_all_exts_from", + "equation_LowStar.RVector.loc_rvector", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rv_loc_elems", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.loc_vector", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hash_vv", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.Datastructures.hvreg", + "equation_MerkleTree.Low.add64_fits", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_lift", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_lift", "equation_MerkleTree.Low.mt_loc", + "equation_MerkleTree.Low.mt_p", + "equation_MerkleTree.Low.mt_retract_to_pre_nst", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.Low.uint64_max", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_retract_to", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Buffer.trivial_preorder", + "function_token_typing_MerkleTree.Low.Datastructures.hash_region_of", + "function_token_typing_Prims.int", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", + "interpretation_Tm_abs_612136ee4143d24977831c80e4f470a1", + "kinding_MerkleTree.Low.merkle_tree@tok", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Monotonic.HyperHeap.extends_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_anti_symmetric", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.lemma_equal_elim", "lemma_FStar.Set.mem_empty", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.subset_mem", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.address_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_addresses", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_union_r_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_addresses_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_trans_backwards", + "lemma_LowStar.Monotonic.Buffer.loc_includes_union_r_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.RVector.as_seq_preserved", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_mroot", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.MT_rhs_ok", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_MerkleTree.Low.MT_hash_size", + "projection_inverse_MerkleTree.Low.MT_hash_spec", + "projection_inverse_MerkleTree.Low.MT_hs", + "projection_inverse_MerkleTree.Low.MT_i", + "projection_inverse_MerkleTree.Low.MT_j", + "projection_inverse_MerkleTree.Low.MT_mroot", + "projection_inverse_MerkleTree.Low.MT_rhs", + "projection_inverse_MerkleTree.Low.MT_rhs_ok", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_1fdbc7b4203ff15d70e272de56305f43", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2836c1aa0394cd6a310bf67b2eb5ba77", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_3f0485a7bbaea86a3ce407dd479e744c", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_8156b5c8d3fbba7eba099dca362f450c", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_9a4f5366055910237954d85f232cccf4", + "refinement_interpretation_Tm_refine_9b8d88c962259a960b6a9c4816ea90bf", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b793c488ad500e6b09ecca7df8a04085", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_e39578da040f6c7003161732bc9d6b85", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "true_interp", "typing_FStar.Ghost.hide", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.Map.domain", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Set.complement", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt.max_int", + "typing_FStar.UInt32.add", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.sub_mod", + "typing_FStar.UInt64.v", "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_addr", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_addresses", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.RVector.as_seq", + "typing_LowStar.RVector.loc_all_exts_from", + "typing_LowStar.RVector.rs_loc_elems", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.loc_vector", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hash_vec_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.Datastructures.hvreg", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__mroot", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.add64_fits", "typing_MerkleTree.Low.mt_lift", + "typing_MerkleTree.Low.mt_loc", + "typing_MerkleTree.Low.mt_retract_to_pre_nst", + "typing_MerkleTree.Low.offsets_connect", + "typing_MerkleTree.Low.uint64_max", + "typing_MerkleTree.New.High.mt_retract_to_" + ], + 0, + "a4d41695a0c399fae34b68538d0e0cd8" + ], + [ + "MerkleTree.Low.mt_verify_", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.elem", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.felem", + "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_1b0f456a00c562cd8cad052157eca20e", + "refinement_interpretation_Tm_refine_2afa63a545a612312fa9433c3fa1d9a0", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_989bb40a6cd9659f94db58673e1cd2cb", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b6221baef2e123cb2378f2e1838b368b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_Lib.IntTypes.minint", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "2a82fe56bd0626c85b97d7570f4e227d" + ], + [ + "MerkleTree.Low.mt_verify_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.UInt32.v", "typing_Lib.IntTypes.minint", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "bcef38b1ebc5fef299f96b498f59889d" + ], + [ + "MerkleTree.Low.mt_verify_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Low.lift_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "LowStar.Regional_interpretation_Tm_arrow_089f19acfad0266f592c20df26e88326", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low.Datastructures_interpretation_Tm_ghost_arrow_13f802aa57fb218097b6cf82f2d13615", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.op_Slash", "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Set.subset", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.mod", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_Lib.IntTypes.uint8", + "equation_Lib.Sequence.seq", "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.Vector.as_seq", "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.lift_path", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_path_length_step", + "equation_MerkleTree.Low.path_loc", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_Prims.abs", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "equation_Spec.Hash.Definitions.bytes", + "equation_with_fuel_MerkleTree.Low.mt_path_length.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_LowStar.Regional.__proj__Rgl__item__region_of", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_inv", + "function_token_typing_MerkleTree.Low.Datastructures.hash_r_repr", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Spec.AES.elem", "int_inversion", "int_typing", + "interpretation_Tm_abs_144a21c4e76a23939e24c311809b5f8c", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Ghost.reveal_hide", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_refl", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.subset_mem", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_refl", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1b0f456a00c562cd8cad052157eca20e", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_2afa63a545a612312fa9433c3fa1d9a0", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_34656d6f5da73ae07445ae5e10cb69f3", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_41db3504c860623c5143e0c676d7f829", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_44548e614c5097c67290ae1b7ed38ae2", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_90a1661541e4f009452ab107b47b5955", + "refinement_interpretation_Tm_refine_99288644c179a2f841a08f2ffe8fb0f8", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b3090649248199ce2a2d6d6d928cff94", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b6221baef2e123cb2378f2e1838b368b", + "refinement_interpretation_Tm_refine_c0408351b1047e862723aa1a42305a52", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_cd75f5af9cb5a5c9d2e5099141ca8447", + "refinement_interpretation_Tm_refine_d53c7b956810c0246ac21f2eecb703e9", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de5002918ae419c45e5ffa2f6089b768", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_fb1820d792b8224e19492e4f93356f98", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "token_correspondence_MerkleTree.Low.lift_path_.fuel_instrumented", + "token_correspondence_MerkleTree.Low.mt_path_length.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Ghost.hide", + "typing_FStar.Monotonic.HyperHeap.extends", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.q_preorder", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.ConstBuffer.qbuf_qual", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.lift_path", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_path_length", + "typing_MerkleTree.Low.mt_path_length_step", + "typing_MerkleTree.Low.phashes", "unit_inversion", "unit_typing" + ], + 0, + "b54705a66e1d79a26f8077e0617d0dba" + ], + [ + "MerkleTree.Low.mt_verify_pre_nst", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.sub_mod", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.lte", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lt", "equation_FStar.UInt64.lte", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Vector.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.Low.uint32_max", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.Low.merkle_tree", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "lemma_FStar.UInt.pow2_values", + "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_07cc8fe8f0d0095e391d608b187ab249", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.UInt.fits", + "typing_FStar.UInt32.lte", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.sub", "typing_FStar.UInt64.sub_mod", + "typing_FStar.UInt64.v", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.merkle_tree_size_lg", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "a85860922529270b47e295f8161214d1" + ], + [ + "MerkleTree.Low.mt_verify_pre", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "typing_FStar.UInt32.t" + ], + 0, + "cc56fc308690d486a31bc35ae9b48249" + ], + [ + "MerkleTree.Low.mt_verify_pre", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.HyperStack.ST.is_eternal_region", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.path_safe", "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Negation", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_MerkleTree.Low.MT_hash_size", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "refinement_interpretation_Tm_refine_10b98b41f7d77da76d54e3efb1819147", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv" + ], + 0, + "acce3708eb85f72f6c66ae18bfa724a1" + ], + [ + "MerkleTree.Low.mt_verify", + 1, + 0, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.Int.Cast.uint64_to_uint32", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.gte", "equation_FStar.UInt.lt", + "equation_FStar.UInt.lte", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.sub_mod", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_FStar.UInt32.gte", + "equation_FStar.UInt32.lte", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lt", "equation_FStar.UInt64.lte", + "equation_Lib.IntTypes.int_t", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.unsigned", + "equation_LowStar.Buffer.buffer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rvector", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_verify_pre_nst", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.Low.uint32_max", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.elem", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.felem", "equation_Spec.GaloisField.gf", + "function_token_typing_Spec.AES.elem", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", "kinding_MerkleTree.Low.merkle_tree@tok", + "kinding_MerkleTree.Low.path@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_38e939fe1e56a3abd9b3da1236fa51a7", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_bcef36c9fe2b6458c3fdda81179b025f", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f4c4735a76eb556dc0e8d62936d83fa5", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint64_to_uint32", "typing_FStar.UInt.fits", + "typing_FStar.UInt.max_int", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.gte", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.sub", "typing_FStar.UInt32.t", + "typing_FStar.UInt32.uint_to_t", "typing_FStar.UInt32.v", + "typing_FStar.UInt64.lt", "typing_FStar.UInt64.sub", + "typing_FStar.UInt64.sub_mod", "typing_FStar.UInt64.v", + "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.unsigned", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.cast", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.as_seq", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.__proj__MT__item__hash_size", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.merkle_tree_size_lg", + "typing_MerkleTree.Low.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "2acdf8f50a5b752541e15455f834474a" + ], + [ + "MerkleTree.Low.mt_verify", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", "typing_Lib.IntTypes.minint", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "bfc78b965efa2e149b826e1fca7a5ba3" + ], + [ + "MerkleTree.Low.mt_verify", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Low.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "LowStar.ConstBuffer_pretyping_4dc8c797bc0c0a619c5d226a788d601a", + "LowStar.Regional_interpretation_Tm_ghost_arrow_8efe83896e61f87df00cf72ae31ef9ac", + "LowStar.Regional_interpretation_Tm_ghost_arrow_a79cc47015e99b7b948cff4f4be6f51d", + "MerkleTree.Low_pretyping_7e119b85ec1bddfeba5c5e23b7ab201f", + "MerkleTree.Low_pretyping_ef3005027cf8c4be033bc0421455028c", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "assumption_FStar.Monotonic.HyperHeap.Mod_set_def", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_FStar.Integers.Signed", + "constructor_distinct_FStar.Integers.W16", + "constructor_distinct_FStar.Integers.W32", + "constructor_distinct_FStar.Integers.W8", + "constructor_distinct_FStar.Integers.Winfinite", + "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_Lib.Buffer.MUT", + "constructor_distinct_Lib.IntTypes.PUB", + "constructor_distinct_Lib.IntTypes.U32", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "data_elim_LowStar.Regional.Rgl", "data_elim_LowStar.Vector.Vec", + "data_typing_intro_FStar.Pervasives.Native.None@tok", + "data_typing_intro_LowStar.ConstBuffer.IMMUTABLE@tok", + "disc_equation_FStar.Pervasives.Native.None", "eq2-interp", + "equality_tok_FStar.Integers.W16@tok", + "equality_tok_FStar.Integers.W32@tok", + "equality_tok_FStar.Integers.W8@tok", + "equality_tok_FStar.Integers.Winfinite@tok", + "equality_tok_Lib.Buffer.MUT@tok", + "equality_tok_Lib.IntTypes.PUB@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U32@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_EverCrypt.Helpers.uint64_t", + "equation_FStar.HyperStack.ST.equal_domains", + "equation_FStar.HyperStack.ST.equal_stack_domains", + "equation_FStar.Int.Cast.uint32_to_uint64", + "equation_FStar.Int.Cast.uint64_to_uint32", + "equation_FStar.Integers.int_t", + "equation_FStar.Monotonic.Heap.equal_dom", + "equation_FStar.Monotonic.HyperHeap.disjoint", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.fresh_region", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.live_region", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.Pervasives.dfst", "equation_FStar.Set.subset", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gte", + "equation_FStar.UInt.lt", "equation_FStar.UInt.lte", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.mod", "equation_FStar.UInt.size", + "equation_FStar.UInt.sub_mod", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gte", "equation_FStar.UInt32.lt", + "equation_FStar.UInt32.lte", "equation_FStar.UInt64.gte", + "equation_FStar.UInt64.lt", "equation_FStar.UInt64.lte", + "equation_Lib.Buffer.as_seq", "equation_Lib.Buffer.buffer_t", + "equation_Lib.Buffer.lbuffer_t", "equation_Lib.Buffer.length", + "equation_Lib.Buffer.live", "equation_Lib.Buffer.modifies", + "equation_Lib.Buffer.modifies0", "equation_Lib.IntTypes.int_t", + "equation_Lib.IntTypes.pub_int_t", "equation_Lib.IntTypes.pub_int_v", + "equation_Lib.IntTypes.uint8", "equation_Lib.IntTypes.v", + "equation_LowStar.Buffer.buffer", "equation_LowStar.Buffer.pointer", + "equation_LowStar.Buffer.trivial_preorder", + "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_cases", + "equation_LowStar.ConstBuffer.qbuf_mbuf", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_LowStar.Monotonic.Buffer.get", + "equation_LowStar.Monotonic.Buffer.length", + "equation_LowStar.RVector.rv_inv", + "equation_LowStar.RVector.rv_itself_inv", + "equation_LowStar.RVector.rvector", + "equation_LowStar.Regional.rg_inv", "equation_LowStar.Vector.as_seq", + "equation_LowStar.Vector.forall_", + "equation_LowStar.Vector.forall_all", + "equation_LowStar.Vector.forall_seq", "equation_LowStar.Vector.get", + "equation_LowStar.Vector.live", "equation_LowStar.Vector.size_of", + "equation_LowStar.Vector.uint32_t", "equation_LowStar.Vector.vector", + "equation_MerkleTree.Low.Datastructures.hash", + "equation_MerkleTree.Low.Datastructures.hash_dummy", + "equation_MerkleTree.Low.Datastructures.hash_r_inv", + "equation_MerkleTree.Low.Datastructures.hash_r_repr", + "equation_MerkleTree.Low.Datastructures.hash_region_of", + "equation_MerkleTree.Low.Datastructures.hash_repr", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Datastructures.hash_vec", + "equation_MerkleTree.Low.Datastructures.hash_vec_dummy", + "equation_MerkleTree.Low.Datastructures.hash_vec_repr", + "equation_MerkleTree.Low.Datastructures.hreg", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_path_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.Low.index_t", + "equation_MerkleTree.Low.merkle_tree_size_lg", + "equation_MerkleTree.Low.mt_safe", + "equation_MerkleTree.Low.mt_verify_pre_nst", + "equation_MerkleTree.Low.offset_of", + "equation_MerkleTree.Low.offset_range_limit", + "equation_MerkleTree.Low.offset_t", + "equation_MerkleTree.Low.offsets_connect", + "equation_MerkleTree.Low.path_loc", "equation_MerkleTree.Low.path_p", + "equation_MerkleTree.Low.path_safe", + "equation_MerkleTree.Low.phashes", + "equation_MerkleTree.Low.split_offset", + "equation_MerkleTree.Low.uint32_max", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.mt_verify", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.Low.mt_safe_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_LowStar.Vector.vector_str", + "function_token_typing_FStar.Ghost.reveal", + "function_token_typing_FStar.Monotonic.Heap.heap", + "function_token_typing_Lib.IntTypes.uint8", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_inversion", + "int_typing", + "interpretation_Tm_abs_58203edc3906db9e45ab79f348b6ec67", + "interpretation_Tm_abs_68316c920d170978472d5b9e8ae4e447", + "kinding_MerkleTree.Low.merkle_tree@tok", + "kinding_MerkleTree.Low.path@tok", "l_and-interp", + "lemma_FStar.Ghost.hide_reveal", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_all_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_elim", + "lemma_FStar.HyperStack.ST.lemma_same_refs_in_stack_regions_intro", + "lemma_FStar.Map.lemma_ContainsDom", + "lemma_FStar.Map.lemma_InDomUpd2", + "lemma_FStar.Monotonic.HyperHeap.includes_child", + "lemma_FStar.Monotonic.HyperHeap.lemma_disjoint_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_includes", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_not_root", + "lemma_FStar.Monotonic.HyperHeap.lemma_extends_only_parent", + "lemma_FStar.Monotonic.HyperHeap.lemma_includes_trans", + "lemma_FStar.Monotonic.HyperStack.lemma_map_invariant", + "lemma_FStar.Monotonic.HyperStack.lemma_tip_top_smt", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Set.mem_intersect", "lemma_FStar.Set.mem_singleton", + "lemma_FStar.Set.mem_subset", "lemma_FStar.Set.subset_mem", + "lemma_FStar.UInt.pow2_values", "lemma_FStar.UInt32.uv_inv", + "lemma_FStar.UInt32.vu_inv", "lemma_FStar.UInt64.vu_inv", + "lemma_LowStar.Monotonic.Buffer.as_seq_gsub", + "lemma_LowStar.Monotonic.Buffer.freeable_length", + "lemma_LowStar.Monotonic.Buffer.length_as_seq", + "lemma_LowStar.Monotonic.Buffer.length_null_1", + "lemma_LowStar.Monotonic.Buffer.length_null_2", + "lemma_LowStar.Monotonic.Buffer.live_region_frameOf", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_includes_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_none_r", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_regions", + "lemma_LowStar.Monotonic.Buffer.loc_disjoint_sym_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_none", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_buffer_", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region", + "lemma_LowStar.Monotonic.Buffer.loc_includes_region_region_", + "lemma_LowStar.Monotonic.Buffer.modifies_buffer_elim", + "lemma_LowStar.Monotonic.Buffer.modifies_liveness_insensitive_buffer_weak", + "lemma_LowStar.Monotonic.Buffer.modifies_loc_includes", + "lemma_LowStar.Monotonic.Buffer.modifies_trans_linear", + "lemma_LowStar.Monotonic.Buffer.new_region_modifies", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_LowStar.Regional.Rgl_r_inv", + "proj_equation_LowStar.Regional.Rgl_r_repr", + "proj_equation_LowStar.Regional.Rgl_region_of", + "proj_equation_LowStar.Regional.Rgl_repr", + "proj_equation_LowStar.Regional.Rgl_state", + "proj_equation_LowStar.Vector.Vec_cap", + "proj_equation_LowStar.Vector.Vec_sz", + "proj_equation_LowStar.Vector.Vec_vs", + "proj_equation_MerkleTree.Low.MT_hash_size", + "proj_equation_MerkleTree.Low.MT_hash_spec", + "proj_equation_MerkleTree.Low.MT_hs", + "proj_equation_MerkleTree.Low.MT_i", + "proj_equation_MerkleTree.Low.MT_j", + "proj_equation_MerkleTree.Low.MT_offset", + "proj_equation_MerkleTree.Low.MT_rhs", + "proj_equation_MerkleTree.Low.Path_hashes", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Signed__0", + "projection_inverse_FStar.Integers.Unsigned__0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.None_a", + "projection_inverse_LowStar.Regional.Rgl_r_inv", + "projection_inverse_LowStar.Regional.Rgl_r_repr", + "projection_inverse_LowStar.Regional.Rgl_region_of", + "projection_inverse_LowStar.Regional.Rgl_repr", + "projection_inverse_LowStar.Regional.Rgl_state", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_02a311be716ab03201b91cc11abde92c", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_08698b4b6e166624b5bf789ac071b4cf", + "refinement_interpretation_Tm_refine_0941c9ff95557f2d53bc8f8179ab793e", + "refinement_interpretation_Tm_refine_0ea1fba779ad5718e28476faeef94d56", + "refinement_interpretation_Tm_refine_10f9a76e567a9f7a467ea42f75b1890b", + "refinement_interpretation_Tm_refine_19ac6a052799e5086e9c3eb3a21d54a5", + "refinement_interpretation_Tm_refine_1cc6c9f8558dddb337b6c1187115cd6a", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_3396f1d518ffeb2163c25c13fcb1de13", + "refinement_interpretation_Tm_refine_3490e557ecd929816a5d072a5401ea5e", + "refinement_interpretation_Tm_refine_3daf37ab3cd19c1e74e63f8f5e0fb16a", + "refinement_interpretation_Tm_refine_4097c547095e70012031c1b6bbc9fb12", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_44343629c35dd2ef69240199c08f5ba1", + "refinement_interpretation_Tm_refine_4db8ba22c4504a66577a2159dcc603cd", + "refinement_interpretation_Tm_refine_4fa8e2dd96f8bb1e23e6574326e9e019", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_562ac129d341d684eac8dd463a0f41fe", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e", + "refinement_interpretation_Tm_refine_709aff84c75b0fff77dcbf3b529649dd", + "refinement_interpretation_Tm_refine_74d1ae07763cf2ce5f26906c9df0d2cc", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_827d81650b250f34fee1c4854dcd5fc0", + "refinement_interpretation_Tm_refine_84a0a087b63472bce8d22640a5aecc19", + "refinement_interpretation_Tm_refine_9d89bf7b57667578cd0e1f4470daef3b", + "refinement_interpretation_Tm_refine_9ff867c004d0e891d59193a1c818b2a7", + "refinement_interpretation_Tm_refine_a3e91433acc705e2c7f5ab6f610b2493", + "refinement_interpretation_Tm_refine_aa4b3d268075d84252df525db1f85524", + "refinement_interpretation_Tm_refine_adba45e2c79a7a6d18ea513e3b9120dc", + "refinement_interpretation_Tm_refine_adefc58894388886573cb41ee073aed9", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_b2667f894686798e74c94fc88f855ac4", + "refinement_interpretation_Tm_refine_b3a7d21fcf001dbfdf1abe7f59e4da22", + "refinement_interpretation_Tm_refine_b7508c8246dd025aecf4ee8c56206add", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_ba6d8cd7703d56fc4559ba02b15f23bf", + "refinement_interpretation_Tm_refine_bb057522f06b19b94fc366689b4d9e02", + "refinement_interpretation_Tm_refine_c16bc1b61f58b349bf6fc1c94dcaf83b", + "refinement_interpretation_Tm_refine_c8dd98bb91cb1ba6963e5299b3babaa4", + "refinement_interpretation_Tm_refine_cb95789552ffa46c14f21af13ceaad6b", + "refinement_interpretation_Tm_refine_cbd24d5334c6bfffa6fd8a84fb787f7a", + "refinement_interpretation_Tm_refine_d15a9766d4c1ec94d1574f05b54a618b", + "refinement_interpretation_Tm_refine_d4ed644d2a0cafcfc6cf2ce842d1b099", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e1ea66c9684dd17bd86606e3bf76e0f0", + "refinement_interpretation_Tm_refine_f0ac051651fa0e095f1b2c1241fd6a3f", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_interpretation_Tm_refine_f4c4735a76eb556dc0e8d62936d83fa5", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_inv", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__r_repr", + "token_correspondence_LowStar.Regional.__proj__Rgl__item__region_of", + "token_correspondence_LowStar.Regional.rg_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_inv", + "token_correspondence_MerkleTree.Low.Datastructures.hash_r_repr", + "token_correspondence_MerkleTree.Low.Datastructures.hash_region_of", + "typing_FStar.Ghost.reveal", + "typing_FStar.Int.Cast.uint32_to_uint64", + "typing_FStar.Int.Cast.uint64_to_uint32", + "typing_FStar.Map.contains", "typing_FStar.Map.upd", + "typing_FStar.Monotonic.Heap.emp", + "typing_FStar.Monotonic.HyperHeap.includes", + "typing_FStar.Monotonic.HyperHeap.mod_set", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Set.empty", "typing_FStar.Set.intersect", + "typing_FStar.Set.mem", "typing_FStar.Set.singleton", + "typing_FStar.UInt.fits", "typing_FStar.UInt32.add", + "typing_FStar.UInt32.div", "typing_FStar.UInt32.gte", + "typing_FStar.UInt32.lt", "typing_FStar.UInt32.lte", + "typing_FStar.UInt32.rem", "typing_FStar.UInt32.sub", + "typing_FStar.UInt32.t", "typing_FStar.UInt32.uint_to_t", + "typing_FStar.UInt32.v", "typing_FStar.UInt64.sub", + "typing_FStar.UInt64.sub_mod", "typing_FStar.UInt64.v", + "typing_Lib.Buffer.as_seq", "typing_Lib.ByteSequence.lbytes_eq", + "typing_LowStar.Buffer.trivial_preorder", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.q_preorder", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.ConstBuffer.qbuf_qual", + "typing_LowStar.Monotonic.Buffer.address_liveness_insensitive_locs", + "typing_LowStar.Monotonic.Buffer.as_seq", + "typing_LowStar.Monotonic.Buffer.frameOf", + "typing_LowStar.Monotonic.Buffer.g_is_null", + "typing_LowStar.Monotonic.Buffer.get", + "typing_LowStar.Monotonic.Buffer.len", + "typing_LowStar.Monotonic.Buffer.length", + "typing_LowStar.Monotonic.Buffer.loc_buffer", + "typing_LowStar.Monotonic.Buffer.loc_none", + "typing_LowStar.Monotonic.Buffer.loc_regions", + "typing_LowStar.Monotonic.Buffer.mgsub", + "typing_LowStar.Monotonic.Buffer.mnull", + "typing_LowStar.Regional.__proj__Rgl__item__irepr", + "typing_LowStar.Regional.__proj__Rgl__item__repr", + "typing_LowStar.Vector.__proj__Vec__item__cap", + "typing_LowStar.Vector.__proj__Vec__item__sz", + "typing_LowStar.Vector.__proj__Vec__item__vs", + "typing_LowStar.Vector.alloc_empty", "typing_LowStar.Vector.as_seq", + "typing_LowStar.Vector.size_of", + "typing_MerkleTree.Low.Datastructures.hash", + "typing_MerkleTree.Low.Datastructures.hash_dummy", + "typing_MerkleTree.Low.Datastructures.hash_repr", + "typing_MerkleTree.Low.Datastructures.hash_vec_dummy", + "typing_MerkleTree.Low.Datastructures.hreg", + "typing_MerkleTree.Low.__proj__MT__item__hs", + "typing_MerkleTree.Low.__proj__MT__item__i", + "typing_MerkleTree.Low.__proj__MT__item__j", + "typing_MerkleTree.Low.__proj__MT__item__offset", + "typing_MerkleTree.Low.__proj__MT__item__rhs", + "typing_MerkleTree.Low.__proj__Path__item__hashes", + "typing_MerkleTree.Low.mt_path_length", + "typing_MerkleTree.Low.offset_of", "typing_MerkleTree.Low.phashes", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.Buffer.MUT@tok" + ], + 0, + "1ee8921229534a24e15244f9a2579350" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.Base.fst.hints b/hints/MerkleTree.New.High.Correct.Base.fst.hints new file mode 100644 index 0000000..80697d3 --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.Base.fst.hints @@ -0,0 +1,4114 @@ +[ + "<'c\u007fE\u0018\u0004\u001c½R€ç\fbj'", + [ + [ + "MerkleTree.New.High.Correct.Base.seq_prefix", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81746e462692213c028719b75d01a164", + "typing_FStar.Seq.Base.length" + ], + 0, + "ae250d7067e900afbb10d3451c8e68a8" + ], + [ + "MerkleTree.New.High.Correct.Base.seq_head_cons", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.cons", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length" + ], + 0, + "9ca8a66c78b063e291d041334751ffde" + ], + [ + "MerkleTree.New.High.Correct.Base.seq_head_cons", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_create", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.create" + ], + 0, + "5a0fd7050dc285e8c1427be9cd4e3f65" + ], + [ + "MerkleTree.New.High.Correct.Base.seq_tail_cons", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.cons", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length" + ], + 0, + "f1aedbdb52e79f4e4ce8ed7073362783" + ], + [ + "MerkleTree.New.High.Correct.Base.seq_tail_cons", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.tail", "equation_Prims.nat", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.tail" + ], + 0, + "fe9dbfb3f606fbd29434fcd596a5e597" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6943e804d39d49b9fa1161abdb7863da" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "lemma_FStar.Seq.Base.lemma_create_len", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "typing_FStar.Seq.Base.empty", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "ce763050ad027d356664bf97d9ae3391" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes_head", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001" + ], + 0, + "139399dc34cf64291e69edc6c9466dae" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes_head", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "int_inversion", "lemma_FStar.Seq.Base.lemma_index_create", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "defa3871fc79ec03fd4ea9f2dcfee8a9" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes_tail", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001" + ], + 0, + "74f8d62dcbe131e77b81f73870212c40" + ], + [ + "MerkleTree.New.High.Correct.Base.empty_hashes_tail", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "9aab1801a6e4810877e313be393aa79d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "a24144cc6723fda85bebc1b9d04f9b0a" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "c878073cd8faff37a93ee941ccd06f36" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_51fba9034a886564fb18a29fa7a6025b_2", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", "equation_Prims.nat", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_85623b7d0d334235021ea957a454d881", + "well-founded-ordering-on-nat" + ], + 0, + "708908961a79137f732245ef850c9d47" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_empty", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_Prims.nat", "equation_Prims.pos", "int_typing", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "typing_Prims.pow2" + ], + 0, + "aca10145e7e379e7314002f824b84a7f" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_empty", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_Prims.nat", "equation_Prims.pos", "int_typing", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_d8ec06d315efa059e9429ae9584dcf2b", + "typing_Prims.pow2" + ], + 0, + "8d146c12ff50df830d8cfe9d01040243" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_empty", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_create", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "true_interp", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "e791554c3f9f038ec96f39aac5824360" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "c6a913bfe862b79b0a624d851a9c2c8c" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "9eda2b114d490b1a8a6ba8945690a535" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Multiply", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64" + ], + 0, + "140ee0efadb8fe0d5377d65ca0838338" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "2e59b6f2b76da9b68ce7d422911ce806" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "ee046709cc30b7edef645a3e60a4d1f0" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_667d454c60eed0d66023b4d83352da53_3", + "binder_x_a3597293d3fb700646795c4d8a2718b7_4", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_572efb46e082aa1b039cb74ce53f80ae", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_c331dc32158dc69a8b1476deb62a0360", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "well-founded-ordering-on-nat" + ], + 0, + "253983db259ebb70f0a6240119ba6e32" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_empty", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_Prims.nat", "equation_Prims.pos", "int_inversion", + "int_typing", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_Prims.pow2" + ], + 0, + "6e0d89319113f968970fef453786b418" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_empty", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_Prims.nat", "equation_Prims.pos", "int_inversion", + "int_typing", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_d96b1794c549aa92b9c1a00019bf3429", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_Prims.pow2" + ], + 0, + "9a63bf6ca2ec9380c338d0481e338b00" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_empty", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "true_interp", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "86aa7bd7d1b065aa6f48dcac8c025ff4" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_equiv", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "3878c9b16863786e9e5277f030a8e5ae" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_equiv", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0de89415305a4fcedec28002516e75fb", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "b1e644b9af5719ca3c52fe4a9ed2857d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_equiv", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_667d454c60eed0d66023b4d83352da53_3", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_4", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_5", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_572efb46e082aa1b039cb74ce53f80ae", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hashes", + "well-founded-ordering-on-nat" + ], + 0, + "9b56eef2bc188fcc58702eb375323a87" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_equiv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8" + ], + 0, + "79498f1da71485537356edf5929b4078" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_equiv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "refinement_interpretation_Tm_refine_f744dc1ad7fe4233154434c226e50e44" + ], + 0, + "2b7b0108e81c9d104cc0462a2f698ff1" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_equiv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_667d454c60eed0d66023b4d83352da53_3", + "binder_x_a3597293d3fb700646795c4d8a2718b7_4", + "binder_x_a3597293d3fb700646795c4d8a2718b7_5", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_572efb46e082aa1b039cb74ce53f80ae", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_c331dc32158dc69a8b1476deb62a0360", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hashes", + "well-founded-ordering-on-nat" + ], + 0, + "9fb28b2994048d7e115c4fea9d5e3670" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "44271cd0b8e406e7fdc944eb0b7aefba" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "c5eb4f4e098203fa5244e780f284fcb4" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_de80495d94c249ded13bcd114e104211_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_82e94a4e396280bbafb488e22d340334", + "refinement_interpretation_Tm_refine_ffa192ffd24031081463a09af5033bc6", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "cf24a0c9ee17c216c13b9baca67df088" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_empty", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Properties.cons_head_tail", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_4ef5ae8f18db40d112891674c999b23e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_79b1f96066f565b13f91f5d0e354834c", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "f2bec7021fea0ed1b7ad95886c8b972c" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_index", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "typing_MerkleTree.New.High.Correct.Base.merge_hs" + ], + 0, + "5c9cb4ba91ff16d23c17ee66182c4cb9" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_index", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_899ed9b42549f97b6b151ded8f485dab", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "typing_MerkleTree.New.High.Correct.Base.merge_hs" + ], + 0, + "f9e697766617fd6792254fa49ed14f3d" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_index", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_117efdf2115292854bfcfb870cda5779_2", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_abd453175ea86d2496fbbe2a1cc1b73b_4", + "binder_x_de80495d94c249ded13bcd114e104211_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_249ca79cfabbf87251ef136f8e8bc78f", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_ca5c7261637708c151f3c71ffceab8fc", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ffa192ffd24031081463a09af5033bc6", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "6e4e01b6223a14deeded4de5e76bc8bd" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_slice_equal", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8e05722fd967b5d9d7dc88775094d25b", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "typing_MerkleTree.New.High.Correct.Base.merge_hs" + ], + 0, + "2e0c8b3ba413a4fd98365b1b5ec8ff6a" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_slice_equal", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8e05722fd967b5d9d7dc88775094d25b", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_e0d5a09d673cfc2110bbd4060b6b42d2", + "typing_MerkleTree.New.High.Correct.Base.merge_hs" + ], + 0, + "e2d231abad77cfc24775e220608e5381" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_slice_equal", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_0488ca017eb55a869da97ace526de0cb_7", + "binder_x_117efdf2115292854bfcfb870cda5779_2", + "binder_x_117efdf2115292854bfcfb870cda5779_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_8318cc8eba1052ae772493598bf20ef0_5", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_6", + "binder_x_de80495d94c249ded13bcd114e104211_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "bool_typing", "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_72e833853911f17d47de5c800ef08fda", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_bd51bed75116cdbe1676b147260314ad", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ffa192ffd24031081463a09af5033bc6", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "13825aab3853efdf5928e4a06b9b6ba1" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_upd", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "lemma_FStar.Seq.Base.lemma_len_upd", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "f8dbfae22ec07685f870e6056464f355" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_upd", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "lemma_FStar.Seq.Base.lemma_len_upd", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_9066471df6544b97c7a558f9c02a24e5", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "b619f5de08d57068d431faf455bec0e3" + ], + [ + "MerkleTree.New.High.Correct.Base.merge_hs_upd", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_117efdf2115292854bfcfb870cda5779_2", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_abd453175ea86d2496fbbe2a1cc1b73b_4", + "binder_x_de57e94726f1653c4e53f75ab929ebb4_5", + "binder_x_de57e94726f1653c4e53f75ab929ebb4_6", + "binder_x_de80495d94c249ded13bcd114e104211_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_67afcdeaccc1e07b22a6eebaca0b8719", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_ca5c7261637708c151f3c71ffceab8fc", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_ffa192ffd24031081463a09af5033bc6", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.upd", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "70508d6beab4711440de1f14040213e7" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_inv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "well-founded-ordering-on-nat" + ], + 0, + "48b063dccf384c5bee08903b0e157ec7" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_inv_equiv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "aee8ede448dc36fb2d581adb1cae2bc4" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_inv_equiv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_ecb82b19b64aeabcf194454f1a788d78" + ], + 0, + "0c2ca5dc09d9f8d6525f2047f556ed75" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_inv_equiv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_4", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_5", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eq2", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hashes", + "well-founded-ordering-on-nat" + ], + 0, + "52e512884af5fe9f6969abe995d6c07c" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_lth_inv_ok", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227" + ], + 0, + "93a7b54efaec20b306634bc17a32da4f" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_lth_inv_ok", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ba4332359703b1a570a43b6af1572eda" + ], + 0, + "f05364e41271486ad00f4d184e57967a" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_lth_inv_ok", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_8cf65b3b9d91dec7086970aa4543f287_5", + "binder_x_abefe0b518359a5a388975bd4374c4d4_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_cbac39ab364bbcc08dab587ac968871a_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6ecc26d260b07cd8c8333ca61d7545ba", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d87d99f22d4a7ec1b20cbca92c993502", + "refinement_interpretation_Tm_refine_db1f7a375601e94233b330488ad7e8aa", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "41ee876a043e3f9c0489f76bfe4296fa" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "58c79512967702f379b7c27b1e01422a" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "304a14df8cbcc711d4c4dfda01be7498" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "e688a50ff5e7a42c7f8dcccc0148daf4" + ], + [ + "MerkleTree.New.High.Correct.Base.log2", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "8fbd9adbac6beb5f136fb2956834788a" + ], + [ + "MerkleTree.New.High.Correct.Base.log2", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "527c447b3fd5d4dce0ada558e2c24f6d" + ], + [ + "MerkleTree.New.High.Correct.Base.log2", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_c9f70ab639c9ae669e58190eb4c1b5c9_0", "equation_Prims.nat", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d428a3134600e4183ddf3caf7b45c5ad", + "well-founded-ordering-on-nat" + ], + 0, + "f6a2501a6e1724a62b894d0d581592c9" + ], + [ + "MerkleTree.New.High.Correct.Base.log2_bound", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_07fa1cd77897687fff6fd60f063ba592_1", + "binder_x_c9f70ab639c9ae669e58190eb4c1b5c9_0", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7041c6269e46b31230115ee689cc06f1", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "well-founded-ordering-on-nat" + ], + 0, + "d4b91be31b0c9f51e7b3d93bf73373a8" + ], + [ + "MerkleTree.New.High.Correct.Base.log2_div", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Division", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58" + ], + 0, + "213420757cc2a9657bd6235635ade10f" + ], + [ + "MerkleTree.New.High.Correct.Base.log2_div", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "744e603c52d5139c851b251953ac9ba7" + ], + [ + "MerkleTree.New.High.Correct.Base.log2c", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "706130dc1b9a6ea5da0d66e07b63258e" + ], + [ + "MerkleTree.New.High.Correct.Base.log2c", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "bool_typing", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001" + ], + 0, + "ee4c2e8711d531799b0d782ec93aaf47" + ], + [ + "MerkleTree.New.High.Correct.Base.log2c_div", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Division", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001" + ], + 0, + "61a5e1e990258092caba504235cffb48" + ], + [ + "MerkleTree.New.High.Correct.Base.log2c_div", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c" + ], + 0, + "31e0469b6568539ccb29cfeb9fa1a1e8" + ], + [ + "MerkleTree.New.High.Correct.Base.log2c_bound", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_aaef4192d81eba81460a4fe1d83adf13_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_0", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_3f20fe758236b0de966c5a8c64b63929", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_MerkleTree.New.High.Correct.Base.log2", + "well-founded-ordering-on-nat" + ], + 0, + "53363a6ef6a66b2ac3d9a81c12ac3716" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "3eaa3d7dfc3a4e4cc67aa9a1527c6121" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "1dd2bd5d26ab6edd8b3819f814c3f0b8" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_9367128ae882c35c606ce68e9e77dbe9_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_1", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d06a4002a04168375747565fa0c2dc0f", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "c88d4e90cd876898edd2b7310d22f86d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_next", + 1, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "32e166c2b2b865817c28e3146af54f70" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_next", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "b9223e91453aa5ecb3b2decc6276e2b3" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_next", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "eq2-interp", "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "cb70ddfcce903d3d0311756fd31e82f2" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "dbf833e9eb01d11b85c3f3ef4230029c" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "18b11a164c9358421da60c2833c37575" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_aabbf0a5d49093a6b07e3e5a24007535_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7381b22713068fe22fae5f1ab9c6c30a", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "040f56f9897ef10728a77a247b2ee5f3" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_converted_", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b76b169d628564fe0d562183a2374774", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "5959af357ec29127a53d250de736b35a" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_converted_", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b76b169d628564fe0d562183a2374774", + "refinement_interpretation_Tm_refine_bec4cc5b897a4cb8c9ffd3d7089138d7", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "278231c39e673f57841c9fb069d4112e" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_converted_", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_4", + "binder_x_937f6720cb70e9f19325af7af446ce41_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_fd00a3cd1d1731fad0b4624cc07e2a72", + "true_interp", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "bb6395b828233ab7791eddf220149e1e" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_converted", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_54b601985451a2432a353b711858af42", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "d98dfd5ea8a7bdd88deafc298c74d8bb" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log_converted", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.nat", "int_inversion", "primitive_Prims.op_Addition", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_54b601985451a2432a353b711858af42", + "typing_MerkleTree.New.High.Correct.Base.log2c" + ], + 0, + "e65d3e590441fa2621d1d8c603bb6be7" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 1, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_95b3ada44cf62e5139914056c335f5ce", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b76b169d628564fe0d562183a2374774", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "1bcac754f72d4ecaebcb7ab6863ff4b2" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_95b3ada44cf62e5139914056c335f5ce", + "refinement_interpretation_Tm_refine_aee1e2984a820b0bc138c4e87f8bca37", + "refinement_interpretation_Tm_refine_b76b169d628564fe0d562183a2374774", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "614e00fb723f6f38f9ced5dada5544ae" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 4, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", + "binder_x_ac6efc433989deefa86f3df7c09123f0_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_28b3529e604de38cfa56254e079a0089", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_800f2c0a3c298796ba6f447a0d231deb", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c82b59ca3434712cd979ca48ad5764e8", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "true_interp", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes", "unit_inversion", "unit_typing" + ], + 0, + "07ce5e72da256d8b4bb1df86ec08cfd6" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 5, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", "equation_Prims.nat", + "primitive_Prims.op_Division", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "8d2d9a5328c292aaeff13cf8d501de19" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 6, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", "equation_Prims.nat", + "int_inversion", "int_typing", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "891e41e354f1b8ea86c7fa087df870e4" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 7, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", "equation_Prims.nat", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_typing", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "e2b6f7f8f02aa97f6acd9aac6d0ad387" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 8, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", "equation_Prims.nat", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "935c9e619f2d6c19f3a8f8e48184bf80" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 9, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2145f2cebd2e6d85b6bd0701b98324a3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_9bc108937fc2f55b995cdeaeea037b85" + ], + 0, + "3ba29bb6ad68e34879451d64aef87a95" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 10, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9" + ], + 0, + "8c265844baea9b60e16807d8c20e9cdd" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 11, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_2145f2cebd2e6d85b6bd0701b98324a3", + "refinement_interpretation_Tm_refine_9bc108937fc2f55b995cdeaeea037b85" + ], + 0, + "4b7b789a21fcf86a80a3a894b975b891" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 12, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_ac6efc433989deefa86f3df7c09123f0_4", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec" + ], + 0, + "966a8ba5e2f3cdec45a82e7ad97969f6" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 13, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0faced737b97f37f286671ae8a9451a2", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afb4cfd4e23d1b10cffd769042b6419c", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "82e6392050b92ebda7a0e9927efa039d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 14, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", "equation_Prims.nat", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "a6d2facce96240e1d22189d069db33b2" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 15, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_0faced737b97f37f286671ae8a9451a2", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "4497812bd6f470617b859c6e27f9cd4b" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 16, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9" + ], + 0, + "9a29488d853bdff9777ca589cde65085" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 17, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_042f9fb02ef2e255d0ca106a5d1f2fe3", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "c85763bca52fab85ff480d702c70f06a" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 18, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_5600bf09375526e2862f19685332a01c", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9" + ], + 0, + "0e59d06abeeb32949d664d0dfea99684" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 19, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_ac6efc433989deefa86f3df7c09123f0_4", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec" + ], + 0, + "91e63aeee1d7bc673514281af37cc468" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 20, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0faced737b97f37f286671ae8a9451a2", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afb4cfd4e23d1b10cffd769042b6419c", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "b64beeaeb4fc3b5a096991ecc0a5d399" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 21, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", "equation_Prims.nat", + "int_typing", "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThan", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_037162b8f701451291a1ccf63ca40cdb", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9", + "well-founded-ordering-on-nat" + ], + 0, + "86aad93f1a69c8092fd903b7f17b0571" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 22, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_037162b8f701451291a1ccf63ca40cdb", + "refinement_interpretation_Tm_refine_0faced737b97f37f286671ae8a9451a2", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afb4cfd4e23d1b10cffd769042b6419c", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_c82b59ca3434712cd979ca48ad5764e8", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "fd3f58ab5784f5a93a6670079e72d304" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted_", + 23, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7366e78b0557d93261fa59449d67a4f4_3", + "binder_x_ac6efc433989deefa86f3df7c09123f0_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "eq2-interp", "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "lemma_FStar.Seq.Properties.slice_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_037162b8f701451291a1ccf63ca40cdb", + "refinement_interpretation_Tm_refine_042f9fb02ef2e255d0ca106a5d1f2fe3", + "refinement_interpretation_Tm_refine_0faced737b97f37f286671ae8a9451a2", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_28b3529e604de38cfa56254e079a0089", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3af864a8d79f95a13ea6e1f5b534a63e", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9df0aff09abe56d0fdb236e737e3206d", + "refinement_interpretation_Tm_refine_afb4cfd4e23d1b10cffd769042b6419c", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_c82b59ca3434712cd979ca48ad5764e8", + "refinement_interpretation_Tm_refine_c931a3602a0fba1a90727d7f737258ec", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_ece91e2ba241156664d69b33232cd1b9", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "true_interp", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes", "unit_inversion", "unit_typing" + ], + 0, + "cf46a748c396e4c77efdc31800eae142" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_01931cc5b3f69d2d0bf4a7813a1448f8", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b44fa187a56ba3501fc0af40734dcf78", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "d812bacf35fc9c4c893183d46b4f331f" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted", + 2, + 0, + 0, + [ + "@query", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "6c2a3b70a18566f06acd3f528d3196f0" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_inv_log_converted", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.nat", "int_inversion", "primitive_Prims.op_Addition", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_b44fa187a56ba3501fc0af40734dcf78", + "typing_MerkleTree.New.High.Correct.Base.log2c" + ], + 0, + "2d04f35fcc5ab97d7d629398123119e6" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "8e385afc18003237e5753857d8995c49" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "442c621baf51a209695a8cdd461d0086" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift", + 3, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_de57e94726f1653c4e53f75ab929ebb4_1", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_410063e53bf3eaf2e0e7e89fc8ca98c5", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "2a458e084438d5a198a65e9f6015052d" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift_index", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift" + ], + 0, + "c7fdc0295800beac062ebf3cb40401ad" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift_index", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "int_inversion", + "refinement_interpretation_Tm_refine_0a993cb72dab7182cd35115177cf6517", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift" + ], + 0, + "331f4c41dcfe74ca811289559f16d1f3" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_lift_index", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_de57e94726f1653c4e53f75ab929ebb4_1", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0e6f721cd0df666a9f5eccd102658f1e", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_baff442d34964c1f9d59a57f597a5da1", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.head", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "47570bcca18794f2ed6dd61576ee5bf5" + ], + [ + "MerkleTree.New.High.Correct.Base.create_pads", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "d0e5c71e63b62f1465058f08691fe63f" + ], + [ + "MerkleTree.New.High.Correct.Base.create_pads", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len" + ], + 0, + "154aa10d9b8b0cb4325a71c69f2e45cd" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hashes", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0feb76eeb65cc099e0a482acd65b1bcc", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2" + ], + 0, + "82eae9c913b64bc6a5bc3b07678e2c0b" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_index_raw", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2" + ], + 0, + "3a054bd03c1e19c48e4fc29ab216a374" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_index_raw", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hashes", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_app1", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6f92e8c304c36f55e42632b60c82c691", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash" + ], + 0, + "d06097a69f795f87eeae0303f00c4219" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_even", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_5e7f964634d7368510ffa9aa715935f6", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash" + ], + 0, + "09947f3c082e5d9892c9acb849a4e07c" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_even", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "85fb927ab907f74b2f07381e7ae648f2" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_even", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_6f92e8c304c36f55e42632b60c82c691", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.head", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.Spec.padded_hash_fun", "typing_Prims.pow2" + ], + 0, + "d4807847176df8a103305d772c6eeeb6" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_odd", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_872f239705f189864c9115006b829fb1", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2" + ], + 0, + "ecd68c8ee9ff886ea580285a51c5919d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_odd", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "d99a8b4d2c56fead594a7c10969ae09d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_lift_odd", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_6f92e8c304c36f55e42632b60c82c691", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.Spec.padded_hash_fun" + ], + 0, + "01fd7ec5dd5b6e87761e345b7062821d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_next_even", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_5e7f964634d7368510ffa9aa715935f6", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "454f1e5b981f4b939aa64c1b059666ee" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_next_even", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "5f33b2a308a2d13da3ba9105b31be078" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_hashes_next_rel_next_even", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Division", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash" + ], + 0, + "e038c43c5bffa22f8df697ff3af5ecc5" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2" + ], + 0, + "f813bd43d507b82f107f0c8558aa1ba7" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_index_raw", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "kinding_MerkleTree.Spec.padded_hash@tok", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash" + ], + 0, + "e53d85aa44249516a8cc99690d4e83ec" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_index_raw", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6f92e8c304c36f55e42632b60c82c691", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash" + ], + 0, + "b1469d9dbd07ad3c75862ff034c29bac" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_case_true", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_typing", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2" + ], + 0, + "5167298b8bb00432642bd65ca2d631fc" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_case_true", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash" + ], + 0, + "41a64432c293b1292ccd8d18ecb98e0e" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_even_next", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_5e7f964634d7368510ffa9aa715935f6", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "ddf801468989efce88c5e4999edf0b43" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_even_next", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "434a3a8fe518d6b5756f03614c20c6a9" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_even_next", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash" + ], + 0, + "49cf46dead74c6ec2db0e3f05802a0d3" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_odd_next", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_6cd5f75dfee13ac2f15c30c38b2290a4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "88b44153d109343c085a71ea2f0b5cd1" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_odd_next", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "ed201cf32606a776675e61c55ca9f5d1" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_odd_next", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_pretyping_de868e87a3b2cbc224620d2e725391a3", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "Prims_pretyping_f8666440faa91836cc5a13998af863fc", "bool_inversion", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "constructor_distinct_MerkleTree.Spec.padded_hash", + "constructor_distinct_Prims.unit", "constructor_distinct_Tm_unit", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_upd", "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.Spec.padded_hash_fun", "unit_typing" + ], + 0, + "a64d3ffa15ef173d455f0ec8ac860e86" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_next", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "ce214d44eee1c0a9b334998b2f86aaa1" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_next", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "5d124c1c2bb31844da311a3e195f0578" + ], + [ + "MerkleTree.New.High.Correct.Base.hash_seq_spec_full_next", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_99c44f87e8db7c2b2518f780068deb58" + ], + 0, + "8eb0675806b9b2b070a0054833beef1b" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_rhs_inv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "cdf6ff05bd67665d1838a136959d3cbe" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_rhs_inv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6adc53742fe4aa965c810e803d7f6597" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_rhs_inv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_53091569903cae77b4a60be8a17a11bc_4", + "binder_x_7802c6c7540d3455819384f8c2a0a0c8_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_5", "bool_inversion", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_765c5038a14ad1a170ebaf2c2e8ec7c8", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "cd2497cac756f14c61dcc5ff5fc525f4" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_base", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6c643eafe5d4ee72efcb61c424acd3c6" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_base", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "eq2-interp", "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_wf_elts", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.head", + "typing_MerkleTree.New.High.__proj__MT__item__hash_fun", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "c25247ce0fd2c9b1b7c713a0a5df995d" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_spec", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_2a7fb093a521f1abbc6b16d257336c97", + "refinement_interpretation_Tm_refine_9e2cc9c9dac6b0e7d2a3400258c6016f" + ], + 0, + "5e8d6633bef705386acb4de066627308" + ], + [ + "MerkleTree.New.High.Correct.Base.mt_inv", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.eqtype", + "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.__proj__MT__item__rhs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "d5cace71e67dd56df71c6cbc46018ca6" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.Flushing.fst.hints b/hints/MerkleTree.New.High.Correct.Flushing.fst.hints new file mode 100644 index 0000000..4bf8c0d --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.Flushing.fst.hints @@ -0,0 +1,691 @@ +[ + "1Ÿû\tEÆÔkÞÐ\"àÚú[y", + [ + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "3643e5ca552c9a6f076d85539a90502c" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e7c9cc22218ab912adbd4e15a1cd282a" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_0e34d6ba5aadb6ae8199afa904b3bbdb_7", + "binder_x_1efd3135b389a1c7e3a2fc82df2bbe21_5", + "binder_x_20ef783cabfdc90ae174ed55c128717b_4", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_a781c67b3813f82607f5722fcf0c9c76_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_03d8bb38997e9403d2effbb972e2ec07", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_11ff5223149858a6ed39dcb0f334332c", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_27e93fd1252ffee400912afd0e77b1ba", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_39306dfd6669708e31eb0364de2c27d9", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_527e8dd31becd17d6b7d9df3614c9953", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_dfd7831358eafa1a0f79e4e16bc4f710", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "well-founded-ordering-on-nat" + ], + 0, + "8c88785b1842b3fab8d8c27d9a635385" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds_hs_equiv", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "ac5049583dac9e7cc0585e16c0f8acdf" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds_hs_equiv", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_Prims.nat", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_a5141335b0b4a85f61e3dd0f2e990ef6", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "50225c013bf7e8d65ffe828baa64368e" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds_hs_equiv", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_0e34d6ba5aadb6ae8199afa904b3bbdb_7", + "binder_x_0e34d6ba5aadb6ae8199afa904b3bbdb_8", + "binder_x_1efd3135b389a1c7e3a2fc82df2bbe21_5", + "binder_x_20ef783cabfdc90ae174ed55c128717b_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_a781c67b3813f82607f5722fcf0c9c76_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_11ff5223149858a6ed39dcb0f334332c", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_27e93fd1252ffee400912afd0e77b1ba", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_527e8dd31becd17d6b7d9df3614c9953", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_dfd7831358eafa1a0f79e4e16bc4f710", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "well-founded-ordering-on-nat" + ], + 0, + "aca2462a064371411c9ab03986cbff29" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_merge_preserved", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds" + ], + 0, + "4e555847443b8c70c8344adde8a322b6" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_merge_preserved", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_e6b357551564d03cc8585331fc735beb" + ], + 0, + "06e1e06d2b8efada3613ad74888d05d4" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_merge_preserved", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_0e34d6ba5aadb6ae8199afa904b3bbdb_7", + "binder_x_1efd3135b389a1c7e3a2fc82df2bbe21_5", + "binder_x_20ef783cabfdc90ae174ed55c128717b_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_a781c67b3813f82607f5722fcf0c9c76_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_11ff5223149858a6ed39dcb0f334332c", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_27e93fd1252ffee400912afd0e77b1ba", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_39ebebc5ab51b137958cb84dd3124492", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_525e2cd43135714caa80f1c1c548dbc5", + "refinement_interpretation_Tm_refine_527e8dd31becd17d6b7d9df3614c9953", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_5e6b6c893e428236439de5e59c175f5e", + "refinement_interpretation_Tm_refine_72a6e6d3eb60f86cdad2dd40aa09f653", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d7fbea8a1aa1c987d727318058634ac", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_dfd7831358eafa1a0f79e4e16bc4f710", + "refinement_interpretation_Tm_refine_e99fe37fcae52518316cc3ec1338b5f4", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_flush_to_", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "well-founded-ordering-on-nat" + ], + 0, + "131836c70fe432fece3576c155742cf1" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_inv_preserved_", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "f9b2b2de9181d10d5fcb9bbd3cb56a9d" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_inv_preserved_", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "2079bb2bd8ab96316d871b068ab2117b" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_inv_preserved_", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "int_inversion", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_72a6e6d3eb60f86cdad2dd40aa09f653", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_91f118064a596fa16be224abb038f756", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + "typing_MerkleTree.New.High.hashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "89f118353127a54b1b3b0859af690e0a" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_inv_preserved", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "primitive_Prims.op_LessThan", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_MerkleTree.New.High.MT_i", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_db428869743ec15a24716674df186f66", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j" + ], + 0, + "d9824f019295192b6462bcd5a3d64170" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_to_inv_preserved", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@query", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.head", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.mt_base", + "equation_MerkleTree.New.High.Correct.Base.mt_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_spec", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", "primitive_Prims.op_LessThan", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_3d93e3571976634af2ba31f6b362fa73", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c1f80bc31cbe9b996d4b2f695bb8d54d", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_db428869743ec15a24716674df186f66", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "true_interp", "typing_Lib.IntTypes.minint", "typing_Lib.IntTypes.v", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds", + "typing_MerkleTree.New.High.__proj__MT__item__hash_fun", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_flush_to", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "06f6860985dd002d3fbc4c23c7bf8bf6" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_inv_preserved", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_flush", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_i", + "refinement_interpretation_Tm_refine_35cb22bdedbebf7b43fef791c588be43", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j" + ], + 0, + "0b8dbac340f9ff4743f326e551d49ee0" + ], + [ + "MerkleTree.New.High.Correct.Flushing.mt_flush_inv_preserved", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_flush", "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35cb22bdedbebf7b43fef791c588be43", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_MerkleTree.New.High.__proj__MT__item__i" + ], + 0, + "70927fbcf52bbe99651d554760bb6a06" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.Insertion.fst.hints b/hints/MerkleTree.New.High.Correct.Insertion.fst.hints new file mode 100644 index 0000000..9481323 --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.Insertion.fst.hints @@ -0,0 +1,816 @@ +[ + "zÛ.»ç„¿R‰\u0002f .Lh", + [ + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_odd", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Modulus", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d5d6229fe614bb2f0682fc77ade75507", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.hash" + ], + 0, + "8615fba5ef71d8de10a04cd4b64efd8c" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_odd", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "f3104764548c243c990df0b6aa1b4918" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_odd", + 3, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "refinement_interpretation_Tm_refine_d5d6229fe614bb2f0682fc77ade75507", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.snoc", "typing_MerkleTree.New.High.hash" + ], + 0, + "e04110ead5b408fa0d2412424731a4ae" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_even", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Modulus", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_45c3a3e8655e21898b02144a932e1fc6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_cdc09d6032c37371558f1d5d77d7bd2c", + "typing_FStar.Seq.Base.create", "typing_MerkleTree.New.High.hash" + ], + 0, + "4583e6305a5f426b612b18bf7d1e2a9c" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_even", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "21b14acbc2e245ee4fc69ce8ecee61cc" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_hashes_next_rel_insert_even", + 3, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_index_app1", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_45c3a3e8655e21898b02144a932e1fc6", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "typing_FStar.Seq.Base.create", "typing_MerkleTree.New.High.hash" + ], + 0, + "c69435d41d44e595227d8d3ce4647193" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_head", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_MerkleTree.New.High.insert_" + ], + 0, + "ad308c9c4d03fe446cfd1e94702564c4" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_head", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "f2b9f45ab5f454663d1abc67a534839f" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_head", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.snoc", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.insert_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec7556075e2dd9aa116b8d4e21458205", + "token_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Base.upd", "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.snoc", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.hashess_insert", + "typing_MerkleTree.New.High.insert_", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "6fd2c133ba0812294a5f4daad98fa3df" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved_even", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "6504632b0b466987ff443868404bf75a" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved_even", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "af91bb919535de6cc71fa1885373d14b" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved_even", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_1910ef5262f2ee8e712b6609a232b1ea", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.snoc", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_FStar.Seq.Base.index", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b878f149ab1d6e8239c17f37c2894988", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_ec7556075e2dd9aa116b8d4e21458205", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.snoc", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.insert_", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "13dc1b28cb39206b2da222caa0101f04" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "80ed10a9bd46fa9874f9b3c40f9735ea" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "14074fd8a96a3007c60be68a16a6089e" + ], + [ + "MerkleTree.New.High.Correct.Insertion.insert_inv_preserved", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_4e45ffb596fe5eb4880eecea8024fe6f_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_7", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_a781c67b3813f82607f5722fcf0c9c76_5", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_df2abc7452f72e525d1268e48951b5a9_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.snoc", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.insert_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_40673d01fb13306535934c3b172c1134", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_8c0da31ad94507db704c5dd9ebc390a0", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b918a6c7b42692d28d516d1baf91d564", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_dfd7831358eafa1a0f79e4e16bc4f710", + "refinement_interpretation_Tm_refine_ec7556075e2dd9aa116b8d4e21458205", + "refinement_interpretation_Tm_refine_eeb34a6663fec3915a03d46b7a3fadb8", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.seq", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.snoc", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashess_insert", + "typing_MerkleTree.New.High.insert_", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "well-founded-ordering-on-nat" + ], + 0, + "bcf8a9e0e8a45513d81f1d366637561e" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_insert_inv_preserved", + 1, + 2, + 1, + [ + "@query", "equation_MerkleTree.New.High.mt_insert", + "proj_equation_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_i" + ], + 0, + "ce99bd69f6b39b26e76ef1d6dd0d5baa" + ], + [ + "MerkleTree.New.High.Correct.Insertion.mt_insert_inv_preserved", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@query", "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.mt_inv", + "equation_MerkleTree.New.High.mt_insert", + "equation_MerkleTree.New.High.mt_not_full", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_2fb140eeeb3dedac16f53b39260b0172", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "true_interp", "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.mt_not_full", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "15ee23ae49385223b14ce6aaef630f78" + ], + [ + "MerkleTree.New.High.Correct.Insertion.empty_olds_inv", + 1, + 2, + 1, + [ "@query" ], + 0, + "b1dfaf46ac4de460824989010842c5b7" + ], + [ + "MerkleTree.New.High.Correct.Insertion.empty_olds_inv", + 2, + 2, + 1, + [ "@query" ], + 0, + "dcf77e16909910f3fe23b6f273d09346" + ], + [ + "MerkleTree.New.High.Correct.Insertion.empty_olds_inv", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_create", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_4af030e7a84d9598a12163975248d0c3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e2b3de0f7f893a99ca6aaacc9981bd24", + "true_interp", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.empty_hashes", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "well-founded-ordering-on-nat" + ], + 0, + "03d412e5f6eedd464b09e6ad55711142" + ], + [ + "MerkleTree.New.High.Correct.Insertion.create_empty_mt_inv_ok", + 1, + 2, + 1, + [ + "@query", "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.create_empty_mt", + "proj_equation_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_i" + ], + 0, + "b6fa5e6927852ba0399ca0545611b49e" + ], + [ + "MerkleTree.New.High.Correct.Insertion.create_empty_mt_inv_ok", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_MerkleTree.New.High.MT", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.Correct.Base.mt_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.hashess", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "primitive_Prims.op_AmpAmp", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "true_interp", "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.create_empty_mt", + "typing_MerkleTree.New.High.hashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", "unit_typing" + ], + 0, + "a389f0457921733d22889c6e34c45e4a" + ], + [ + "MerkleTree.New.High.Correct.Insertion.create_mt_inv_ok", + 1, + 2, + 1, + [ + "@query", "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.mt_create", + "equation_MerkleTree.New.High.mt_insert", + "proj_equation_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_i" + ], + 0, + "76cb57ae1edf7a20ec46d374c6f70080" + ], + [ + "MerkleTree.New.High.Correct.Insertion.create_mt_inv_ok", + 2, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "data_elim_MerkleTree.New.High.MT", + "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_create", + "equation_MerkleTree.New.High.mt_not_full", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_typing", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hashes" + ], + 0, + "69fb22aeac5ffbce86116e6114f994d2" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.Path.fst.hints b/hints/MerkleTree.New.High.Correct.Path.fst.hints new file mode 100644 index 0000000..b067cb7 --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.Path.fst.hints @@ -0,0 +1,1678 @@ +[ + "Žx8b\u0019ää:ey¥\u001e±[¶•", + [ + [ + "MerkleTree.New.High.Correct.Path.path_spec", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "ba3a7d251a477b2d7315673b0c41d51c" + ], + [ + "MerkleTree.New.High.Correct.Path.path_spec", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "5a3eef6afc36c83724c023a858b64e25" + ], + [ + "MerkleTree.New.High.Correct.Path.path_spec", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_4694e496d4f0b8a432e24108d6cde66d_4", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_1", + "binder_x_ef3cff77d20be12dde95f0777a90f70e_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_3", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16e0de92007fd732dd390f31c7906c96", + "refinement_interpretation_Tm_refine_2eb00ca989f9ebed0ed65e52a78766e7", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_802a213e14f3196e6cb3186c5be1c692", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_bcc68ef3c23a422595f4b1d1a0a4a63d", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length_step", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "well-founded-ordering-on-nat" + ], + 0, + "f9d71fa5301950685927eb082c8d6f98" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "ed57af6af5ed94ec8fdea395db71531a" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "c964e24fc1d712157b26c2ec70320f73" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + 3, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e2a58d267772cb7ee9e612c8ecc87d25" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d" + ], + 0, + "3b147b68f43335747044e2d3734296f1" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d" + ], + 0, + "a12d157b6133cc80aea5917bfde51c3f" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_53091569903cae77b4a60be8a17a11bc_4", + "binder_x_aabbf0a5d49093a6b07e3e5a24007535_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_c45ff54d3bb65363264cc96500ac56d5_5", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_6", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.Some", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.option", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Negation", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_65f0e5a3659a158ecfdb56e4d760ae69", + "refinement_interpretation_Tm_refine_6ed5d13caf4284d700420292b4831cbf", + "refinement_interpretation_Tm_refine_7381b22713068fe22fae5f1ab9c6c30a", + "refinement_interpretation_Tm_refine_765c5038a14ad1a170ebaf2c2e8ec7c8", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "well-founded-ordering-on-nat" + ], + 0, + "4a5fb7b06ca4960c4f6bd917d706d479" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc_consistent", + 1, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.None", + "disc_equation_FStar.Pervasives.Native.Some", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", "equation_Prims.nat", + "equation_Prims.pos", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "l_and-interp", + "lemma_FStar.Pervasives.invertOption", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", "primitive_Prims.op_disEquality", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "4bef61d309a7692b0072db7ad20ec5d8" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc_consistent", + 2, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "787f64b2d4528aaafd4955062e4ecdb3" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_step_acc_consistent", + 3, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Some", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.snoc", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.option", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_85b48fc854200a815ea472c3088d071c", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_make_path_step", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "e543538e9267392f04d8809144a2de20" + ], + [ + "MerkleTree.New.High.Correct.Path.seq_cons_append", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.tail", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "ec8d047be9d3bd45ecab38281280903a" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_consistent", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "f81ce88779ba341834a900e47ed9b335" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_consistent", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "7230952ad582d8338c1878fa17194e91" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_consistent", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_7", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_8cf65b3b9d91dec7086970aa4543f287_5", + "binder_x_abefe0b518359a5a388975bd4374c4d4_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_cbac39ab364bbcc08dab587ac968871a_4", + "binder_x_eb9d41692cc05f67d5dd938d707342ec_8", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_9", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_Lib.IntTypes.U8", + "disc_equation_FStar.Pervasives.Native.None", + "disc_equation_FStar.Pervasives.Native.Some", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Pervasives.invertOption", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Some_v", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_1d6dbe1d860e2d0c6f1e24584b940fd1", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4d5241eb6fe198666a8101195bbd4a2a", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_59122260c77179a912aff4679b32096c", + "refinement_interpretation_Tm_refine_5f58f4254a1acbbedf2f52de0dbf26c1", + "refinement_interpretation_Tm_refine_64745f0bab45b9f63e6c5de7f4e31013", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_6ecc26d260b07cd8c8333ca61d7545ba", + "refinement_interpretation_Tm_refine_7353c91dd3c7081589b77fa669f652e2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_85b48fc854200a815ea472c3088d071c", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_b5827934604e1411cd6eabbbb08660ec", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bb2cbefb6f9a8a50a7b780a0a53e7963", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d87d99f22d4a7ec1b20cbca92c993502", + "refinement_interpretation_Tm_refine_db1f7a375601e94233b330488ad7e8aa", + "refinement_interpretation_Tm_refine_db34bae21652cb80fc35719f7a96b599", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e06b062afb77272156afb40cf54499ea", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_interpretation_Tm_refine_fd00e7b79c3f1d6a6049dbfa5a06447f", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Pervasives.Native.__proj__Some__item__v", + "typing_FStar.Pervasives.Native.uu___is_None", + "typing_FStar.Pervasives.Native.uu___is_Some", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.minint", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_make_path_step", + "typing_MerkleTree.New.High.mt_path_length", + "typing_MerkleTree.New.High.offset_of", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "382e011cb48248370f9d292e03686ba6" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_inv_ok", + 1, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "eq2-interp", "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_626d6f620b3b085d99b31c08f3abc18e", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "46a41d5b21c886e2b0b2b98f211dac90" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_inv_ok", + 2, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "eq2-interp", "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_44bd770a274b5cbfb4feb5a2348f4203", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_626d6f620b3b085d99b31c08f3abc18e", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "4e30e0dec0cd68717cceca1042752909" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_acc_inv_ok", + 3, + 1, + 2, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_0f12bf2603e9091028a82002ad226308_3", + "binder_x_53091569903cae77b4a60be8a17a11bc_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_6", + "binder_x_c45ff54d3bb65363264cc96500ac56d5_5", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_7", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Pervasives.Native.None", + "constructor_distinct_FStar.Pervasives.Native.Some", + "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Some", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "disc_equation_FStar.Pervasives.Native.Some", "eq2-interp", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.lseq", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_hashes_next_rel", + "equation_MerkleTree.New.High.Correct.Path.mt_get_path_step_acc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.option", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "l_and-interp", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_head_tail", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Some_v", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Some_a", + "projection_inverse_FStar.Pervasives.Native.Some_v", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_65f0e5a3659a158ecfdb56e4d760ae69", + "refinement_interpretation_Tm_refine_765c5038a14ad1a170ebaf2c2e8ec7c8", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9c9eac66f829c9b567b9174502161d06", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_bf21d78812fd4c0308c10c82d85f8788", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_dc0bcc5a4556355001b46ff2d8c6e5a5", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "refinement_interpretation_Tm_refine_f57063d4bd004d8f89276081f45a638c", + "refinement_interpretation_Tm_refine_fd00e7b79c3f1d6a6049dbfa5a06447f", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "token_correspondence_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.seq", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.unsigned", + "typing_MerkleTree.New.High.Correct.Base.create_pads", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Path.mt_get_path_acc", + "typing_MerkleTree.New.High.Correct.Path.path_spec", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length_step", + "typing_MerkleTree.Spec.mt_get_path", + "typing_MerkleTree.Spec.mt_next_lv", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "2b3720cfb7c40da57d9b3827cc2f1017" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_inv_ok_", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "eq2-interp", "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4c6cdb6946a57f770e07008f14ffd053", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0633907f656a03c50a2b53dc564942", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.hash", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "72a17a01363b9878275f97e3bea36383" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_inv_ok_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "5c86b3766d7c550341c55df20c2e1b4f" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_inv_ok_", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Path.mt_get_path_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.head", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_GreaterThan", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4c6cdb6946a57f770e07008f14ffd053", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0b9b2dbca36eab00de093c1b701c6d", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_interpretation_Tm_refine_fd00e7b79c3f1d6a6049dbfa5a06447f", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Path.mt_get_path_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_get_path_", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "5a2b69261d661667202dce46c917b2ac" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_inv_ok", + 1, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_base", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_46cf8561fcb87b3a901fbf1a5ed53e3c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9e2cc9c9dac6b0e7d2a3400258c6016f", + "refinement_interpretation_Tm_refine_aeee1ad2d9f3d1c314aee4e316971702", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d8b7b3871551c3537f5a3888023b725b", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.mt_base", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "1e4b3268f904384cc23204cd3f068dc6" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_get_path_inv_ok", + 2, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", + "MerkleTree.New.High_pretyping_42b5f1434db9b9fcab9a3482ce626e35", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equality_tok_Lib.IntTypes.SEC@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.snoc", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_base", + "equation_MerkleTree.New.High.Correct.Base.mt_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_spec", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_get_path", + "equation_MerkleTree.New.High.mt_get_root", + "equation_MerkleTree.New.High.mt_wf_elts", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple3__3", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_46cf8561fcb87b3a901fbf1a5ed53e3c", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_48486e77aa5457d9a27027fef170c244", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_83845a86f2550cdf941eeb1d9b59602b", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_9e2cc9c9dac6b0e7d2a3400258c6016f", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_aeee1ad2d9f3d1c314aee4e316971702", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.snoc", "typing_Lib.IntTypes.v", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.__proj__MT__item__hash_fun", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.__proj__MT__item__rhs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_get_path_", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.AES.irred", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.SEC@tok", "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "8cdbe70b36262a7bfae655a05b2601b4" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok_", + 1, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0633907f656a03c50a2b53dc564942", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Prims.pow2", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "bbed03bf6ff7017a4eb6053d94cfca58" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok_", + 2, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", "equation_Prims.squash", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7e0633907f656a03c50a2b53dc564942", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f34ecc2172588964005a39167be10773", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Prims.pow2", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "234d29f0b0e101430418a84dc6f276c5" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok_", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_3ecda020b5cf79d02cc346b352c50370_3", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_6", + "binder_x_abda421e48b5c84421ca729d856d67d6_4", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_5", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_7", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.lseq", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.padded_hash_fun", + "equation_MerkleTree.Spec.path", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.Correct.Path.path_spec.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_verify_.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_a2f9d31ec17fd3a91ac07742b87883aa", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_b3090649248199ce2a2d6d6d928cff94", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_c87079f0f4657a4d82ef934509727b17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_dc0bcc5a4556355001b46ff2d8c6e5a5", + "refinement_interpretation_Tm_refine_dc48f78fca6f8433edb3d5a9ad647892", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_fd00e7b79c3f1d6a6049dbfa5a06447f", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.minint", + "typing_Lib.IntTypes.unsigned", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Path.path_spec", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length_step", + "typing_MerkleTree.New.High.mt_verify_", "typing_Prims.pow2", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "11da3107af21d064288d4fb7f83b7e92" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok", + 1, + 2, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_8233d76b57e95451540fc312b717fa79", + "refinement_interpretation_Tm_refine_87faf900dfa0d2b4c1716c6e280af26b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "95b48b319ba275314e0e538bbad1bbbc" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok", + 2, + 2, + 1, + [ "@query" ], + 0, + "b7d739fc9dea1060396ea706066f82ba" + ], + [ + "MerkleTree.New.High.Correct.Path.mt_verify_ok", + 3, + 2, + 1, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_typing", "eq2-interp", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.mt_verify", + "equation_MerkleTree.Spec.mt_verify", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Addition", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8233d76b57e95451540fc312b717fa79", + "refinement_interpretation_Tm_refine_87faf900dfa0d2b4c1716c6e280af26b", + "typing_MerkleTree.New.High.mt_path_length" + ], + 0, + "19dbfaefd932903a3ee24041961f5531" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.Rhs.fst.hints b/hints/MerkleTree.New.High.Correct.Rhs.fst.hints new file mode 100644 index 0000000..8a819ae --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.Rhs.fst.hints @@ -0,0 +1,1476 @@ +[ + "\n\u0013e\u0004Ï<\"[z•\u007fHeŸS", + [ + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "87826bd1a8be9902e86c7a663c037012" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "359e86eacad5a939d11cbd3684c20710" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_4", + "binder_x_aabbf0a5d49093a6b07e3e5a24007535_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hash_init", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_65ac557370bf352d1810d1fdbf624a4f", + "refinement_interpretation_Tm_refine_7381b22713068fe22fae5f1ab9c6c30a", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.seq", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "870f1e42fde6aeff20c49bbe48558e99" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_odd", + 1, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "primitive_Prims.op_disEquality", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "0f8621726c0d83b336ea090bb5433d84" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_odd", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "f0b39e16fee9717ebd50e507b9511995" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_odd", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", "eq2-interp", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.tail", "typing_Lib.IntTypes.bits", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", + "typing_MerkleTree.New.High.hashes", "typing_Prims.pow2", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "9f04121a99a48d8655086a4177c5f204" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok_0", + 1, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "eq2-interp", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_adbb92a01eb41047cc27cbb91b3e49f5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "287b136b214dc09593419e7baccb749a" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok_0", + 2, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "156e1d69f99aeea7a0c422993101ce00" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok_0", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "bool_typing", "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "data_typing_intro_MerkleTree.Spec.HRaw@tok", "eq2-interp", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.create_pads", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_adbb92a01eb41047cc27cbb91b3e49f5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e498fb51261db037ef331c43a4bc992d", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "token_correspondence_MerkleTree.New.High.Correct.Base.hash_seq_lift.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_lift", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.Spec.mt_next_lv", + "typing_MerkleTree.Spec.padded_hash_fun" + ], + 0, + "fd831b0fa8b24b4a18e9397b370f9eb4" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "eq2-interp", "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_1793ad5f7093b21b800b75ee82fa5f2f", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "d41c571b144136784a9e5393674125e2" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "eq2-interp", "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "l_and-interp", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_1793ad5f7093b21b800b75ee82fa5f2f", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "typing_MerkleTree.New.High.Correct.Base.log2" + ], + 0, + "489b5728a1b52de462060eb532db78d6" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_inv_ok", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_4", + "binder_x_c9f70ab639c9ae669e58190eb4c1b5c9_2", + "binder_x_dd21c6cd421aa589233742f950c39f9f_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_5", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.Spec.hash", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "l_and-interp", "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_BarBar", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_1367e6e7a7cd8798660a6880ab217dc1", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_33e9e47c0adfd5c76673081bc3b1f7a6", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_79be99f2c954b098ecc6368f3143c426", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "refinement_kinding_Tm_refine_79be99f2c954b098ecc6368f3143c426", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "true_interp", "typing_FStar.Pervasives.Native.fst", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.seq", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", + "typing_MerkleTree.Spec.mt_next_lv", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "dfe6a251918fdeeb013870dd889b7c3f" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "11d861f647b356a5f4715c828e0326a0" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "1f7748b6c0d9f8b25e4b1df6c70f3ebe" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_1", + "binder_x_dedb383d0fdfb7962e91acd9435031a5_2", + "binder_x_dedb383d0fdfb7962e91acd9435031a5_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_781bf0974940d7695f199f1bcaca8e4a", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "4047ff28260b9aa4d33e29e5e266c926" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv_inv_preserved", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6a8b854f6d36cda3ea04f04696f25b34" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv_inv_preserved", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "85ae5460041eeecb5f53e51f0865e93f" + ], + [ + "MerkleTree.New.High.Correct.Rhs.rhs_equiv_inv_preserved", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_53091569903cae77b4a60be8a17a11bc_4", + "binder_x_53091569903cae77b4a60be8a17a11bc_5", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_7802c6c7540d3455819384f8c2a0a0c8_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_6", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", "equation_Prims.l_True", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_rhs_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_65ac557370bf352d1810d1fdbf624a4f", + "refinement_interpretation_Tm_refine_765c5038a14ad1a170ebaf2c2e8ec7c8", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "true_interp", "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.Spec.mt_next_lv", "typing_Prims.pow2", + "unit_inversion", "unit_typing", "well-founded-ordering-on-nat" + ], + 0, + "c269f5535d68c3953ecd574cfe6ccee0" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_consistent", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@query", "equation_FStar.Pervasives.Native.fst", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "typing_FStar.Pervasives.Native.fst", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "3a287f74a67b9634bf35850185b9c10b" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_consistent", + 2, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.slice_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_0b724b6f6a7953a53d5fb02ee8337e6a", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "typing_FStar.Pervasives.Native.fst", "typing_FStar.Seq.Base.append", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "517ee2968f3f2af431c3ec60d12715bc" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_acc_consistent", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_interpretation_Tm_ghost_arrow_c8d0d4ba83f86d009153aeb71f24bf67", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_7", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_8", + "binder_x_8cf65b3b9d91dec7086970aa4543f287_5", + "binder_x_abefe0b518359a5a388975bd4374c4d4_6", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_cbac39ab364bbcc08dab587ac968871a_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_9", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "data_elim_FStar.Pervasives.Native.Mktuple2", "eq2-interp", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.last", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", + "equation_MerkleTree.Spec.hash_fun_t", "equation_Prims.eqtype", + "equation_Prims.l_True", "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv_log.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Rhs.rhs_equiv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__a", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_319130ca780c778653844ecfc44d9c4d", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_39590bd04172bfcc8f773d62c9a2dc7d", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_43a51d2a8f887f961c9753eac43d02b7", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_6ecc26d260b07cd8c8333ca61d7545ba", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b8cfbff7b918d0d751ba0dc42b418fa8", + "refinement_interpretation_Tm_refine_bb2cbefb6f9a8a50a7b780a0a53e7963", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_bf77b71bea5b62c114437d8059286011", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_d87d99f22d4a7ec1b20cbca92c993502", + "refinement_interpretation_Tm_refine_db1f7a375601e94233b330488ad7e8aa", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_ec91eb7c63ff09d16d5762b9a6555d2c", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_kinding_Tm_refine_39590bd04172bfcc8f773d62c9a2dc7d", + "refinement_kinding_Tm_refine_b8cfbff7b918d0d751ba0dc42b418fa8", + "refinement_kinding_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "token_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc.fuel_instrumented", + "true_interp", "typing_FStar.Pervasives.Native.fst", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.seq", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Base.upd", + "typing_FStar.Seq.Properties.cons", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.last", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.Correct.Rhs.construct_rhs_acc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", "unit_inversion", + "unit_typing", "well-founded-ordering-on-nat" + ], + 0, + "f2278531eeecb0867c3e00ee618c7dea" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_inv_ok", + 1, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "data_elim_FStar.Pervasives.Native.Mktuple2", "eq2-interp", + "equation_FStar.Pervasives.Native.fst", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4c6cdb6946a57f770e07008f14ffd053", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_c27bf65dd8fe7d87744990594d99330b", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "typing_FStar.Pervasives.Native.fst", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash" + ], + 0, + "728b752c3e9bbc434bcbc176cd5f076e" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_inv_ok", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "586cea50130f57e5fd4a105cd71f7585" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_inv_ok", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_elim_FStar.Pervasives.Native.Mktuple2", "eq2-interp", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_MerkleTree.New.High.Correct.Base.seq_head_cons", + "lemma_MerkleTree.New.High.Correct.Base.seq_tail_cons", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_06cb130490423446d04fd8da416162f0", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_4c6cdb6946a57f770e07008f14ffd053", + "refinement_interpretation_Tm_refine_4d0ab6134173bbad75f08ef14247f657", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "token_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "typing_FStar.Pervasives.Native.fst", "typing_FStar.Seq.Base.append", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_FStar.Seq.Properties.head", + "typing_FStar.Seq.Properties.tail", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "8cef94aa4378f50e95c0a62bb1a62d09" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_base_inv_ok", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "eq2-interp", "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_hashes_lth_inv.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1ae2a0d6b2f4da2d4b0194885669f804", + "refinement_interpretation_Tm_refine_2664edc4633a71f01ee27214d3ada3bb", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5be08a2846f9929cfec140da85f9a5a3", + "refinement_interpretation_Tm_refine_692824d7a922a649b2edb9f0e1afbf70", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "typing_FStar.Pervasives.Native.fst", + "typing_MerkleTree.New.High.Correct.Base.log2c", + "typing_MerkleTree.New.High.hash" + ], + 0, + "f1f6a36d128e06e2284863b48aac3524" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_base_inv_ok", + 2, + 1, + 0, + [ "@query" ], + 0, + "a9da4134e2ef25b2f23a5e2356c737ed" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_base_inv_ok", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2664edc4633a71f01ee27214d3ada3bb", + "refinement_interpretation_Tm_refine_47cf8b23e97a3343bc4955e0c7b0c92e", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_MerkleTree.New.High.Correct.Base.log2c" + ], + 0, + "4bc023b763dd2f6f816970e0c8d1ad9a" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_init_ignored", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "140c7c6ef94be8a0777a3f55927667c2" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_init_ignored", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "c3ef47dd3ba53451897dd7628d1b3b27" + ], + [ + "MerkleTree.New.High.Correct.Rhs.construct_rhs_init_ignored", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_7", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_8", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_5", + "binder_x_f0c2f5f0b61a8813760e74514fb47adf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_typing", + "data_elim_FStar.Pervasives.Native.Mktuple2", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_715fa59b8217d000ff3843aa60c041ce", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_843fa255df18c5621d60b239ca3b1ddf", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_MerkleTree.New.High.construct_rhs", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "7a1fb976228bfe23fea579b8891fc5cd" + ], + [ + "MerkleTree.New.High.Correct.Rhs.mt_get_root_inv_ok", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_wf_elts", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba" + ], + 0, + "abd25323993c2aabea4ec79b3720d557" + ], + [ + "MerkleTree.New.High.Correct.Rhs.mt_get_root_inv_ok", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.Correct.Base.merge_hs.fuel_instrumented", + "@query", + "MerkleTree.New.High_pretyping_42b5f1434db9b9fcab9a3482ce626e35", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_inversion", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", "eq2-interp", + "equation_FStar.Pervasives.Native.fst", + "equation_FStar.Pervasives.Native.snd", + "equation_FStar.Seq.Properties.head", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.hash_seq_spec_full", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.Base.mt_base", + "equation_MerkleTree.New.High.Correct.Base.mt_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_olds_hs_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_root_inv", + "equation_MerkleTree.New.High.Correct.Base.mt_spec", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hash_init", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_get_root", + "equation_MerkleTree.New.High.mt_wf_elts", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.Correct.Base.mt_olds_inv.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_MerkleTree.New.High.Correct.Base.merge_hs_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Equality", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_mroot", + "proj_equation_MerkleTree.New.High.MT_rhs", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.New.High.MT_hash_fun", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.MT_mroot", + "projection_inverse_MerkleTree.New.High.MT_rhs", + "projection_inverse_MerkleTree.New.High.MT_rhs_ok", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_167ef714932ec832fb671890fc3eee6c", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "refinement_interpretation_Tm_refine_9b2b3e7ac5f300ddc6add4181948ef22", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_bf3340443d6edf0ae4bc4b37060534fb", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "true_interp", "typing_FStar.Pervasives.Native.fst", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Properties.head", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.Base.merge_hs", + "typing_MerkleTree.New.High.__proj__MT__item__hash_fun", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.__proj__MT__item__rhs", + "typing_MerkleTree.New.High.__proj__MT__item__rhs_ok", + "typing_MerkleTree.New.High.construct_rhs", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", + "typing_MerkleTree.New.High.hashes", "unit_inversion", "unit_typing" + ], + 0, + "27d147e8aeff767841db8268db6c3dc1" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.Correct.fst.hints b/hints/MerkleTree.New.High.Correct.fst.hints new file mode 100644 index 0000000..1891e1f --- /dev/null +++ b/hints/MerkleTree.New.High.Correct.fst.hints @@ -0,0 +1,366 @@ +[ + "»ê¬ÞÌžœµ\u001bÉžp¸z·x", + [ + [ + "MerkleTree.New.High.Correct.mto_base", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6601d317c10475baeb6306c88dc3b92e" + ], + [ + "MerkleTree.New.High.Correct.mto_spec", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_4e8cbb8f1263c141641ff6fbf2b50156" + ], + 0, + "fc12b3e11ebd84ec72c7b1f2fb77a1f5" + ], + [ + "MerkleTree.New.High.Correct.create_mt_ok", + 1, + 0, + 0, + [ + "@query", "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.mt_create", + "equation_MerkleTree.New.High.mt_insert", + "proj_equation_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_i" + ], + 0, + "793f15412f73f4b72f5800ac33e58ed7" + ], + [ + "MerkleTree.New.High.Correct.create_mt_ok", + 2, + 0, + 0, + [ + "@query", "equation_MerkleTree.New.High.Correct.Base.empty_hashes", + "equation_MerkleTree.New.High.Correct.mto_inv", + "equation_MerkleTree.New.High.mt_create", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.Correct.MTO_olds", + "projection_inverse_MerkleTree.New.High.Correct.MTO_mt", + "projection_inverse_MerkleTree.New.High.Correct.MTO_olds" + ], + 0, + "73927fe8327d4d7a236fb6044fd9ff7d" + ], + [ + "MerkleTree.New.High.Correct.mt_insert_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_insert", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.MT_hash_fun", + "proj_equation_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_i", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_af54a76baf0052950e8e8d323663af98", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt" + ], + 0, + "52fdfbe77a8d875b73b80518baad9ec9" + ], + [ + "MerkleTree.New.High.Correct.mt_insert_ok", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.mto_inv", + "equation_MerkleTree.New.High.mt_insert", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.Correct.MTO_olds", + "projection_inverse_MerkleTree.New.High.Correct.MTO_mt", + "projection_inverse_MerkleTree.New.High.Correct.MTO_olds", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt" + ], + 0, + "746cdf956ff95bf27f8dd56e1c29c212" + ], + [ + "MerkleTree.New.High.Correct.mt_flush_to_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", + "primitive_Prims.op_LessThan", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_MerkleTree.New.High.MT_i", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_cccdd08b3350f1f3d63fd32a8aad7262", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j" + ], + 0, + "f6089742c12ba1981f670b24226b3d46" + ], + [ + "MerkleTree.New.High.Correct.mt_flush_to_ok", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@query", "equation_MerkleTree.New.High.Correct.mto_inv", + "equation_MerkleTree.New.High.mt_flush_to", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.Correct.MTO_olds", + "projection_inverse_MerkleTree.New.High.Correct.MTO_mt", + "projection_inverse_MerkleTree.New.High.Correct.MTO_olds" + ], + 0, + "2b8aa0f6fb60088069a0e7eaed19c74a" + ], + [ + "MerkleTree.New.High.Correct.mt_flush_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_flush_to", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_MerkleTree.New.High.MT_rhs_ok", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_i", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6aeb26ca7e10553e8ad3bbec45be76c6", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j" + ], + 0, + "f22755e3b63e9fe6b99f74729f74175f" + ], + [ + "MerkleTree.New.High.Correct.mt_flush_ok", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Flushing.mt_flush_to_olds.fuel_instrumented", + "@query", "equation_MerkleTree.New.High.Correct.mto_inv", + "equation_MerkleTree.New.High.mt_flush", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.Correct.MTO_olds", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_MerkleTree.New.High.Correct.MTO_mt", + "projection_inverse_MerkleTree.New.High.Correct.MTO_olds", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt" + ], + 0, + "b61fbacb33c8a394da070718a5e60be6" + ], + [ + "MerkleTree.New.High.Correct.mt_get_root_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.old_hashes", + "equation_MerkleTree.New.High.mt_wf_elts", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.Correct.MTO_olds", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_995516c5fe04fd93611e610195bbf9ba", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__olds" + ], + 0, + "0967fb270c89db4b9f6b39ac0f0dafc6" + ], + [ + "MerkleTree.New.High.Correct.mt_get_root_ok", + 2, + 0, + 0, + [ "@query", "equation_MerkleTree.New.High.Correct.mto_inv" ], + 0, + "70f2c3030ed8c1a52bd8c5b6414d5091" + ], + [ + "MerkleTree.New.High.Correct.mt_get_path_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "bool_typing", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.Correct.mto_base", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.Correct.MTO_mt", + "proj_equation_MerkleTree.New.High.MT_j", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_43e9bd73c84b0bef58f54332124111c4", + "refinement_interpretation_Tm_refine_50b625191d3488e079fd674cdaa28312", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_735a5cfb6970cf5a7cf9b08acbbd55a1", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_bcdf483d14c2d3d060ec98d698123019", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.Correct.__proj__MTO__item__mt", + "typing_MerkleTree.New.High.Correct.mto_base", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "2d8ec7dc015740b47b363b00e18e0f09" + ], + [ + "MerkleTree.New.High.Correct.mt_get_path_ok", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.Correct.mto_base", + "equation_MerkleTree.New.High.Correct.mto_inv", + "equation_MerkleTree.New.High.Correct.mto_spec", + "fuel_guarded_inversion_MerkleTree.New.High.Correct.mt_olds" + ], + 0, + "8d58408571b4d78049a12fa1810aef1d" + ], + [ + "MerkleTree.New.High.Correct.mt_verify_ok", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.Correct.Base.log2.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_typing", "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_FStar.Seq.Properties.tail", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.New.High.Correct.Base.log2c", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_13d357a23a5e1099db9eb784ff83d223", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_8233d76b57e95451540fc312b717fa79", + "refinement_interpretation_Tm_refine_87faf900dfa0d2b4c1716c6e280af26b", + "refinement_interpretation_Tm_refine_afd51579b90d50ea23e03b743a1fa001", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.Correct.Base.log2", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_path_length", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "0b1962cd3ec7847999234995a0482514" + ], + [ + "MerkleTree.New.High.Correct.mt_verify_ok", + 2, + 0, + 0, + [ "@query" ], + 0, + "112f02854feb2062f1790aa0d2d2aa76" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.New.High.fst.hints b/hints/MerkleTree.New.High.fst.hints new file mode 100644 index 0000000..e6bee25 --- /dev/null +++ b/hints/MerkleTree.New.High.fst.hints @@ -0,0 +1,2282 @@ +[ + "4¾%zvÌ\u0002¬ó0\u0019„q<…°", + [ + [ + "MerkleTree.New.High.hash", + 1, + 0, + 0, + [ "@query" ], + 0, + "01e1b39203417dbbfcf63a52b48d04c8" + ], + [ + "MerkleTree.New.High.hash_init", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U8@tok", "equation_Lib.IntTypes.bits", + "equation_Lib.IntTypes.maxint", "equation_Lib.IntTypes.minint", + "equation_Lib.IntTypes.range", "equation_Lib.IntTypes.uint8", + "equation_Lib.IntTypes.unsigned", "equation_Prims.nat", + "equation_Prims.pos", "function_token_typing_Lib.IntTypes.uint8", + "lemma_FStar.Seq.Base.lemma_create_len", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_64007e4a8c187c3787ce4f8705e9db35", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "typing_Lib.IntTypes.bits", "typing_Prims.pow2", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "a19fa9048b69d8bc80c5d52b09435747" + ], + [ + "MerkleTree.New.High.seq_slice_equal_index", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0" + ], + 0, + "4dc642d6d4e6c4bbbd30708ca26ca823" + ], + [ + "MerkleTree.New.High.seq_slice_equal_index", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", "bool_typing", + "equation_Prims.nat", "int_inversion", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_0fd1ee098f6569eb754a703d7e7e9875", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "typing_FStar.Seq.Base.slice" + ], + 0, + "22a86a2c4faf135398c596df72017516" + ], + [ + "MerkleTree.New.High.seq_slice_more_equal", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "typing_FStar.Seq.Base.length" + ], + 0, + "77f603040f4aa39e0dc8ae1ae653fc55" + ], + [ + "MerkleTree.New.High.seq_slice_more_equal", + 2, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice" + ], + 0, + "c28e20f34104a14be856052ef80e304e" + ], + [ + "MerkleTree.New.High.remainder_2_not_1_div", + 1, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Modulus", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "22106d50f608a52fab6f2dba3f8e8415" + ], + [ + "MerkleTree.New.High.remainder_2_1_div", + 1, + 0, + 0, + [ + "@query", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Modulus", + "projection_inverse_BoxInt_proj_0" + ], + 0, + "6cc0ff041b641ede8b2afe0f09d551fc" + ], + [ + "MerkleTree.New.High.offset_of", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2" + ], + 0, + "4f733924c0fa8cd1db3611bf85cfc66b" + ], + [ + "MerkleTree.New.High.hs_wf_elts", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_20ef783cabfdc90ae174ed55c128717b_4", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_11ff5223149858a6ed39dcb0f334332c", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "well-founded-ordering-on-nat" + ], + 0, + "d74256490d77a1358fb6cd0a43da7e81" + ], + [ + "MerkleTree.New.High.hs_wf_elts_equal", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "4d4eda978a011afbd0cf40f7b2bb5844" + ], + [ + "MerkleTree.New.High.hs_wf_elts_equal", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "ee39f9311a9eaedc65eeaf89838637e4" + ], + [ + "MerkleTree.New.High.hs_wf_elts_equal", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_38841de65da3d7e9ec6be1f063a8e30a_5", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.eq2", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_03ad6c395cd586145d09934af4be99c5", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_3a05cfee9574d769a800024db56a06b2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.hashes", "well-founded-ordering-on-nat" + ], + 0, + "ba89415607d75bc99a5f98e6276bf24f" + ], + [ + "MerkleTree.New.High.mt_wf_elts", + 1, + 1, + 0, + [ + "@query", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "0021fba247337021052f416b74f31c8c" + ], + [ + "MerkleTree.New.High.hs_wf_elts_empty", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "typing_FStar.Seq.Base.empty", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "9a3102e04c8877a6fb1d3f40a42e4f26" + ], + [ + "MerkleTree.New.High.hs_wf_elts_empty", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", "equation_Prims.nat", + "int_typing", "lemma_FStar.Seq.Base.lemma_create_len", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "typing_FStar.Seq.Base.empty", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "f79189358759658de1fcb53de242605c" + ], + [ + "MerkleTree.New.High.hs_wf_elts_empty", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_create", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "true_interp", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", + "well-founded-ordering-on-nat" + ], + 0, + "9c54604331ccff66673a546ddd281a18" + ], + [ + "MerkleTree.New.High.create_empty_mt", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "int_typing", + "lemma_FStar.Seq.Base.lemma_create_len", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "typing_FStar.Seq.Base.empty", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hash_init", + "typing_MerkleTree.New.High.hashes", "typing_Prims.pow2" + ], + 0, + "c66d1eaf625e70275c48afc0453179d1" + ], + [ + "MerkleTree.New.High.hashess_insert", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "1dafe724ac000f91e24236a83afefe92" + ], + [ + "MerkleTree.New.High.hashess_insert", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "a2d1066ab9c9ce15e4856176d9a07540" + ], + [ + "MerkleTree.New.High.hashess_insert", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "99b1422354e654a4134a8bfac0781f31" + ], + [ + "MerkleTree.New.High.insert_", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "315f12638985b2f32d03432228552552" + ], + [ + "MerkleTree.New.High.insert_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "d0b7b53f8da240459130f2abe9f4e54c" + ], + [ + "MerkleTree.New.High.insert_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_4e45ffb596fe5eb4880eecea8024fe6f_4", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_6", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_df2abc7452f72e525d1268e48951b5a9_5", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.Spec.hash", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_037f1ad81b929724beac1258376a29a3", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_40673d01fb13306535934c3b172c1134", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_76e82777dee381ea1df3bde8ab5956c6", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8c0da31ad94507db704c5dd9ebc390a0", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.seq", + "typing_FStar.Seq.Properties.snoc", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "c03bd004961f328565699e19fa15f2f1" + ], + [ + "MerkleTree.New.High.insert_base", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_045af5e7eb63a8f945b3568f173c29cf", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "809298d8d59d6b069c9a7cffe3fc53ad" + ], + [ + "MerkleTree.New.High.insert_base", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.insert_.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_FStar.Seq.Base.lemma_eq_refl", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_ec7556075e2dd9aa116b8d4e21458205", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.hashess_insert", + "typing_MerkleTree.New.High.insert_" + ], + 0, + "4d8fb933ede224cd3fef033b66905b4c" + ], + [ + "MerkleTree.New.High.insert_rec", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "eq2-interp", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_1c7bfee52662169f5c0e47c9fa4886b1", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Properties.snoc", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "8d8d0fa069c3e915c4efe6a5be0ec019" + ], + [ + "MerkleTree.New.High.insert_rec", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.insert_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.insert_.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.hashess_insert", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.insert_.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "lemma_FStar.Seq.Base.lemma_eq_refl", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", + "refinement_interpretation_Tm_refine_415f66b36bf9db4e21e520bb0a30c0c2", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5664991902867dbaea8455604edd6227", + "refinement_interpretation_Tm_refine_5bd34bf04340340b1bef17bcddc72002", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.insert_" + ], + 0, + "9cba38b1fa02e0110599cb4677ceaa86" + ], + [ + "MerkleTree.New.High.mt_insert", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "bool_inversion", "equation_MerkleTree.New.High.mt_not_full", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_2fb140eeeb3dedac16f53b39260b0172", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_8a3da341c52f9ae12694ec5b3b33d9c0", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.mt_not_full" + ], + 0, + "7bedd483c8e3b45430e6993cfb23e777" + ], + [ + "MerkleTree.New.High.mt_create", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.create_empty_mt", + "equation_MerkleTree.New.High.mt_not_full", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_typing", + "primitive_Prims.op_LessThan", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "token_correspondence_Prims.pow2.fuel_instrumented" + ], + 0, + "adc2ab5ed56572f2a298d007410239d6" + ], + [ + "MerkleTree.New.High.construct_rhs", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "b7df764188601ddeb45483dd80a0a51a" + ], + [ + "MerkleTree.New.High.construct_rhs", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "d0fb49bf61779831ab435653f7b40aba" + ], + [ + "MerkleTree.New.High.construct_rhs", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_4", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_7", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_5", + "binder_x_f0c2f5f0b61a8813760e74514fb47adf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_upd", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_843fa255df18c5621d60b239ca3b1ddf", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "typing_MerkleTree.New.High.hash", "well-founded-ordering-on-nat" + ], + 0, + "17d6faa50924786dda1f0833a1b11651" + ], + [ + "MerkleTree.New.High.construct_rhs_unchanged", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equation_MerkleTree.New.High.hash", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "typing_FStar.Pervasives.Native.fst", + "typing_MerkleTree.New.High.construct_rhs", + "typing_MerkleTree.New.High.hash" + ], + 0, + "eea3cee6011782c688f0fc3fdf1a32b0" + ], + [ + "MerkleTree.New.High.construct_rhs_unchanged", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "bool_inversion", + "equation_MerkleTree.New.High.hash", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_321eedad8cdd4344df397758a88ac5dc", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "refinement_kinding_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "typing_FStar.Pervasives.Native.fst", + "typing_MerkleTree.New.High.construct_rhs", + "typing_MerkleTree.New.High.hash" + ], + 0, + "a40db5e28f5bc0d019fbef9c373fff5f" + ], + [ + "MerkleTree.New.High.construct_rhs_unchanged", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6e1290e37a6b4e437f899d72093932a2_2", + "binder_x_7df3b3ce71ac0f95b834d29aa2f6700f_7", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_5", + "binder_x_f0c2f5f0b61a8813760e74514fb47adf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_8", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Pervasives.Native.fst", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_FStar.Pervasives.Native.tuple2", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_more_equal", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_843fa255df18c5621d60b239ca3b1ddf", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Base.upd", + "typing_MerkleTree.New.High.hash", "unit_inversion", "unit_typing", + "well-founded-ordering-on-nat" + ], + 0, + "25037e741e761b381db3af8501be54ec" + ], + [ + "MerkleTree.New.High.construct_rhs_even", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_4acbfd4fc8504001f22e61f824fa8d3b", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b" + ], + 0, + "f16ec5d37d894c006fc0b98189c685bb" + ], + [ + "MerkleTree.New.High.construct_rhs_even", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "3afc6e9b857c850e3784cb5702953f69" + ], + [ + "MerkleTree.New.High.construct_rhs_even", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0" + ], + 0, + "251ca39b07927833c877611533332234" + ], + [ + "MerkleTree.New.High.construct_rhs_odd", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.nat", + "equation_Prims.pos", "equation_Prims.squash", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_upd", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_MerkleTree.New.High.hash" + ], + 0, + "59afc953223701edbb30a48cbfc908f2" + ], + [ + "MerkleTree.New.High.construct_rhs_odd", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "1385bf9889f01e605be996bcc9c58d1d" + ], + [ + "MerkleTree.New.High.construct_rhs_odd", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "bool_inversion", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.construct_rhs.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b" + ], + 0, + "3fd6183d7fa1744ef622ebdb35f4cb95" + ], + [ + "MerkleTree.New.High.mt_get_root", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_wf_elts", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710" + ], + 0, + "75bd37ccc10f51369b24eadb2a288af4" + ], + [ + "MerkleTree.New.High.mt_get_root_rhs_ok_true", + 1, + 1, + 0, + [ "@query", "equation_MerkleTree.New.High.mt_get_root" ], + 0, + "f3c658f076ea5fac1b54ffff70cc927c" + ], + [ + "MerkleTree.New.High.mt_get_root_rhs_ok_false", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_wf_elts", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710" + ], + 0, + "d512b0b739b194aa03b57fb94ca3b847" + ], + [ + "MerkleTree.New.High.mt_get_root_rhs_ok_false", + 2, + 1, + 0, + [ + "@query", "equation_MerkleTree.New.High.mt_get_root", + "projection_inverse_BoxBool_proj_0" + ], + 0, + "2a90a92af71e3916b08b195196e95b25" + ], + [ + "MerkleTree.New.High.mt_path_length_step", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "ba62394fb8d3d3a6cbb961131653de69" + ], + [ + "MerkleTree.New.High.mt_path_length", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_8398694cd93cdf584a90faddba74ff40_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_0", + "binder_x_f537159ed795b314b4e58c260361ae86_2", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "int_inversion", + "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_730f09f30cda5cc9df2484cc11178d65", + "typing_MerkleTree.New.High.mt_path_length_step", + "well-founded-ordering-on-nat" + ], + 0, + "4fdcb3b7d07a7bf02bd70b1c49bd1191" + ], + [ + "MerkleTree.New.High.mt_make_path_step", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "cb3d7c9ce0b06f43d803c12563aff134" + ], + [ + "MerkleTree.New.High.mt_make_path_step", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "9461c0f6531399f039671b4ee2f3ed22" + ], + [ + "MerkleTree.New.High.mt_make_path_step", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "eq2-interp", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.UInt.pow2_values", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_85b48fc854200a815ea472c3088d071c", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "a4034f8e57b3a6acf3eb338c1f576c59" + ], + [ + "MerkleTree.New.High.mt_get_path_", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa" + ], + 0, + "1eb50fac79e7bd0f3ba06cf3d105e01f" + ], + [ + "MerkleTree.New.High.mt_get_path_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa" + ], + 0, + "f3bca0d15f289f5b53eab6e4fa3e8003" + ], + [ + "MerkleTree.New.High.mt_get_path_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_3", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_954d2fd593ae84a715f3a1e4ec8b7c6b_5", + "binder_x_abda421e48b5c84421ca729d856d67d6_7", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_ecb1afee7236cbd1e72258c33f56f1bf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_8", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_3568d7f08856471af33d1f5679303601", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f307540f575140fb07355fe34ecda795", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_path_length_step", + "well-founded-ordering-on-nat" + ], + 0, + "61afe959b303dbca27c6f5e3a5432169" + ], + [ + "MerkleTree.New.High.mt_get_path_unchanged", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_inversion", "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_get_path_", + "typing_MerkleTree.New.High.mt_path_length" + ], + 0, + "008d2326163bd638ed706904a11e6c8e" + ], + [ + "MerkleTree.New.High.mt_get_path_unchanged", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_inversion", "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_8094593530b057582bfa1f775d768078", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_get_path_", + "typing_MerkleTree.New.High.mt_path_length" + ], + 0, + "324f6f334379334d66d3a9fbd2189698" + ], + [ + "MerkleTree.New.High.mt_get_path_unchanged", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_1910ef5262f2ee8e712b6609a232b1ea", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_3", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_954d2fd593ae84a715f3a1e4ec8b7c6b_5", + "binder_x_abda421e48b5c84421ca729d856d67d6_7", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_ecb1afee7236cbd1e72258c33f56f1bf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_8", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_FStar.Seq.Base.index", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_3568d7f08856471af33d1f5679303601", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_46221ef3565997e3bd8cebeee4165f2c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f307540f575140fb07355fe34ecda795", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "token_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_get_path_", + "well-founded-ordering-on-nat" + ], + 0, + "9de26bd4fcd7e6172ab683860565da06" + ], + [ + "MerkleTree.New.High.mt_get_path_pull", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "c1c338f7b1b195a97b3d042630742bf1" + ], + [ + "MerkleTree.New.High.mt_get_path_pull", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "bb0718d4c349cfad8fe9231ba3c7728b" + ], + [ + "MerkleTree.New.High.mt_get_path_pull", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "FStar.Seq.Base_interpretation_Tm_arrow_1910ef5262f2ee8e712b6609a232b1ea", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_50de4ae25ca368b5de4d3ad61f7cc222_3", + "binder_x_6e1290e37a6b4e437f899d72093932a2_1", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_954d2fd593ae84a715f3a1e4ec8b7c6b_5", + "binder_x_abda421e48b5c84421ca729d856d67d6_7", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_ecb1afee7236cbd1e72258c33f56f1bf_6", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f537159ed795b314b4e58c260361ae86_8", "bool_inversion", + "bool_typing", "eq2-interp", "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_make_path_step", + "equation_MerkleTree.New.High.mt_path_length_step", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_FStar.Seq.Base.index", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Negation", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_3568d7f08856471af33d1f5679303601", + "refinement_interpretation_Tm_refine_42ab70f52fa85ce7b7f41db78958e96d", + "refinement_interpretation_Tm_refine_46221ef3565997e3bd8cebeee4165f2c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_85b48fc854200a815ea472c3088d071c", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_c5f0d88a3da0ddeb45db9810df49fce9", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f307540f575140fb07355fe34ecda795", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "token_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "token_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_get_path_", + "typing_MerkleTree.New.High.mt_make_path_step", + "typing_MerkleTree.New.High.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length_step", + "well-founded-ordering-on-nat" + ], + 0, + "296f2c029147d7fc1919a6c9d957d40a" + ], + [ + "MerkleTree.New.High.mt_get_path_slice", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_inversion", "equation_MerkleTree.New.High.hash", + "equation_Prims.nat", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_get_path_" + ], + 0, + "f3f22db1b016b10f0515a9f9a42549ab" + ], + [ + "MerkleTree.New.High.mt_get_path_slice", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91" + ], + 0, + "968bfcf168a018474f34ae99603cede1" + ], + [ + "MerkleTree.New.High.mt_get_path_slice", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_inversion", "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.path", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.mt_get_path_.fuel_instrumented", + "int_inversion", "int_typing", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_6e9e552283a82d93959794627615c964", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f5dcb5f7d87461830fead189c46dd01b", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.mt_get_path_", + "typing_MerkleTree.New.High.mt_path_length" + ], + 0, + "b7a730c8565364c47e7309e729bbad18" + ], + [ + "MerkleTree.New.High.mt_get_path", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_a9d60c8c7de4937910f5b34f519c7b2b" + ], + 0, + "dc3bd909f4de2bad7c4af0ba8a570111" + ], + [ + "MerkleTree.New.High.mt_get_path", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "eq2-interp", + "equation_FStar.Seq.Properties.snoc", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.mt_get_root", + "equation_MerkleTree.New.High.mt_wf_elts", + "equation_MerkleTree.New.High.offset_of", + "equation_MerkleTree.New.High.path_insert", "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_a9d60c8c7de4937910f5b34f519c7b2b", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_dc275e75190e1d8c6a7a72dda4f9b4b6", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__i", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.hash" + ], + 0, + "d2a0113867d968c562d63553c6426759" + ], + [ + "MerkleTree.New.High.mt_flush_to_", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "9b2c6f9846a3a90dea6baab9da557502" + ], + [ + "MerkleTree.New.High.mt_flush_to_", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "86dd01ed9346a9396f7d5ed3746e4fd5" + ], + [ + "MerkleTree.New.High.mt_flush_to_", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_20ef783cabfdc90ae174ed55c128717b_4", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_2", + "binder_x_a3a9d1e443789a10c20ec8f7e2fe66e3_1", + "binder_x_b9501129bf8af5491c1474484168d2cd_5", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_11ff5223149858a6ed39dcb0f334332c", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_b5bc85c11830c41ccecb153a52a51c26", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_fcd595c29bbf91c47d4de5edaed33637", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", + "well-founded-ordering-on-nat" + ], + 0, + "fe7320286c4bf797fbfe747c8643a7fb" + ], + [ + "MerkleTree.New.High.mt_flush_to_rec", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "eq2-interp", "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", "equation_Prims.squash", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "primitive_Prims.op_disEquality", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_72a6e6d3eb60f86cdad2dd40aa09f653", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d7fbea8a1aa1c987d727318058634ac", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.mt_flush_to_", + "typing_MerkleTree.New.High.offset_of", "typing_Prims.pow2" + ], + 0, + "ca84cca3cc248da7ea15aad804f8e555" + ], + [ + "MerkleTree.New.High.mt_flush_to_rec", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_da1b0dfb8283502ec162998a8bbb6431" + ], + 0, + "423939444f81490222dbdd17d7d861bd" + ], + [ + "MerkleTree.New.High.mt_flush_to_rec", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "@query", "equation_MerkleTree.New.High.offset_of", + "equation_Prims.nat", + "equation_with_fuel_MerkleTree.New.High.mt_flush_to_.fuel_instrumented", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "projection_inverse_BoxBool_proj_0" + ], + 0, + "6632b9a9efcd27adc66d689b0344635f" + ], + [ + "MerkleTree.New.High.mt_flush_to", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "int_inversion", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_a767aeb3e8a386f8149ca78110faaa32", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_db428869743ec15a24716674df186f66", + "refinement_interpretation_Tm_refine_de2646114958fcaac38b7f7890283524", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j" + ], + 0, + "ad8d6928af4721e58d7cdecb81c9ba5d" + ], + [ + "MerkleTree.New.High.mt_flush", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35cb22bdedbebf7b43fef791c588be43", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_MerkleTree.New.High.__proj__MT__item__i" + ], + 0, + "7dfbef3673482d680fb6da7cdcbaae1a" + ], + [ + "MerkleTree.New.High.mt_retract_to_", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_2836c1aa0394cd6a310bf67b2eb5ba77", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "9ab4ff01a8aba50160fbf033020e1709" + ], + [ + "MerkleTree.New.High.mt_retract_to_", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_22125f28c20990597c03dac8bb18819e", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_cd4c33bda434ba7aa827d392c18f8b0f", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b" + ], + 0, + "62e604d893439becab593e047fe0b2b3" + ], + [ + "MerkleTree.New.High.mt_retract_to_", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_1bf1458a2b16b75524237b7cf638ee76_5", + "binder_x_89dfa9cb1583ae31cce9fe730922098c_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_eacd128836d336dcd27d229643cf4d0e_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "eq2-interp", + "equation_MerkleTree.New.High.hash", + "equation_MerkleTree.New.High.hashes", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.offset_of", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.hs_wf_elts.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "l_and-interp", "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Base.lemma_len_upd", + "lemma_FStar.Seq.Properties.slice_upd", + "lemma_MerkleTree.New.High.seq_slice_equal_index", + "primitive_Prims.op_Addition", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_GreaterThanOrEqual", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0545ca68af3b2fc8df509fb388f7f2ee", + "refinement_interpretation_Tm_refine_0c5607686b89742ca6db73e6f3756284", + "refinement_interpretation_Tm_refine_16113b670c3948241b38ee17f4d8fb91", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_3275c6670c647fe05603aaa27ba49f71", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_5a8634b460d149c76a5c0476662af1d0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a2d0a3931d4fe090e54ed0ac3ce177c4", + "refinement_interpretation_Tm_refine_ad53f3413fd15db5258446e997071714", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_f4c27ae2c29a3aebda6b5ec0ca3f80c6", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_FStar.Seq.Base.upd", + "typing_MerkleTree.New.High.hash", + "typing_MerkleTree.New.High.hashes", + "typing_MerkleTree.New.High.offset_of", + "well-founded-ordering-on-nat" + ], + 0, + "1dd9bb712f7b0971871afe4c7bd1d2cd" + ], + [ + "MerkleTree.New.High.mt_retract_to", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "d362b6c6a7c7f27dc90eb39576f11429" + ], + [ + "MerkleTree.New.High.mt_retract_to", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.New.High.hashess", + "equation_MerkleTree.New.High.mt_wf_elts", "equation_Prims.eqtype", + "equation_Prims.nat", + "fuel_guarded_inversion_MerkleTree.New.High.merkle_tree", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "proj_equation_MerkleTree.New.High.MT_hs", + "proj_equation_MerkleTree.New.High.MT_i", + "proj_equation_MerkleTree.New.High.MT_j", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.New.High.MT_hs", + "projection_inverse_MerkleTree.New.High.MT_i", + "projection_inverse_MerkleTree.New.High.MT_j", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_7f59e1d21662a5bb0549ee09247e1710", + "refinement_interpretation_Tm_refine_881298fb0dff2db17e4149fcf49ad4b9", + "refinement_interpretation_Tm_refine_a9d60c8c7de4937910f5b34f519c7b2b", + "refinement_interpretation_Tm_refine_d022e51698263de0859911b2eaa8436b", + "refinement_interpretation_Tm_refine_e1db4ece26674ee2cf19b464731f2f5e", + "typing_FStar.Seq.Base.length", + "typing_MerkleTree.New.High.__proj__MT__item__hs", + "typing_MerkleTree.New.High.__proj__MT__item__j", + "typing_MerkleTree.New.High.hashes" + ], + 0, + "a853babd2eb8a6e88c5b4008faabb6ce" + ], + [ + "MerkleTree.New.High.mt_verify_", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_3ecda020b5cf79d02cc346b352c50370_3", + "binder_x_86bec0662121c4d7f8e2b57f9b893dbb_7", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_5", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "bool_typing", "equation_MerkleTree.New.High.mt_path_length_step", + "equation_Prims.eqtype", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "primitive_Prims.op_Addition", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_7d7ea0e457464ee9d02e8475aa297a7a", + "refinement_interpretation_Tm_refine_dc48f78fca6f8433edb3d5a9ad647892", + "typing_MerkleTree.New.High.mt_path_length", + "typing_MerkleTree.New.High.mt_path_length_step", + "well-founded-ordering-on-nat" + ], + 0, + "065b005d6dd7ffe96e2ff027c7b23355" + ], + [ + "MerkleTree.New.High.mt_verify", + 1, + 1, + 0, + [ "@query" ], + 0, + "6d4ec11876242fc24abaafe9ddb11a5c" + ], + [ + "MerkleTree.New.High.mt_verify", + 2, + 1, + 0, + [ "@query" ], + 0, + "1594159d01dae8fee61b6a5834ae14a0" + ], + [ + "MerkleTree.New.High.mt_verify", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.New.High.mt_path_length.fuel_instrumented", + "@query", "bool_typing", "equation_MerkleTree.New.High.hash", + "equation_Prims.eq2", "equation_Prims.nat", "equation_Prims.squash", + "equation_Prims.subtype_of", "int_inversion", + "primitive_Prims.op_Addition", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_571d9f74016be5357787170b42ecf913", + "refinement_interpretation_Tm_refine_8233d76b57e95451540fc312b717fa79", + "refinement_interpretation_Tm_refine_87faf900dfa0d2b4c1716c6e280af26b", + "typing_MerkleTree.New.High.mt_path_length" + ], + 0, + "144f042cc3bceed22afb78520367fc4a" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.Spec.fst.hints b/hints/MerkleTree.Spec.fst.hints new file mode 100644 index 0000000..f3a001a --- /dev/null +++ b/hints/MerkleTree.Spec.fst.hints @@ -0,0 +1,2531 @@ +[ + "y\rZÓÎ \u001cÀԤɕ=\u007f¬\u0002", + [ + [ + "MerkleTree.Spec.hash", + 1, + 0, + 0, + [ "@query" ], + 0, + "ab865edd6496178f9a2563949d47f732" + ], + [ + "MerkleTree.Spec.sha256_compress", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_Lib.IntTypes.S32", + "constructor_distinct_Lib.IntTypes.U1", + "constructor_distinct_Lib.IntTypes.U128", + "constructor_distinct_Lib.IntTypes.U64", + "constructor_distinct_Lib.IntTypes.U8", + "constructor_distinct_Spec.Hash.Definitions.SHA2_256", + "equality_tok_Spec.Hash.Definitions.SHA2_256@tok", + "equation_Lib.IntTypes.uint8", "equation_MerkleTree.Spec.hash", + "equation_Prims.nat", "equation_Spec.Hash.Definitions.block_length", + "equation_Spec.Hash.Definitions.block_word_length", + "equation_Spec.Hash.Definitions.bytes", + "equation_Spec.Hash.Definitions.hash_length", + "equation_Spec.Hash.Definitions.hash_word_length", + "equation_Spec.Hash.Definitions.word_length", + "function_token_typing_Lib.IntTypes.uint8", "int_inversion", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Multiply", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_29c27ac7c716b2238749315b70c9eca3", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_FStar.Seq.Base.append", "typing_FStar.Seq.Base.length", + "typing_Spec.Hash.Definitions.block_length", + "typing_Spec.Hash.Definitions.hash_length", + "typing_tok_Spec.Hash.Definitions.SHA2_256@tok" + ], + 0, + "cf15adea2805932abdb36b9bac0f1138" + ], + [ + "MerkleTree.Spec.__proj__HRaw__item__hr", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "refinement_interpretation_Tm_refine_1723d4c9b25e1d5754a0aed58daa09dd" + ], + 0, + "1bffbe6c17c508ca9808100da384143b" + ], + [ + "MerkleTree.Spec.padded_hash_fun", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "disc_equation_MerkleTree.Spec.HPad", + "disc_equation_MerkleTree.Spec.HRaw", "equation_Prims.pos", + "fuel_guarded_inversion_MerkleTree.Spec.padded_hash", + "int_inversion", "inversion-interp", + "proj_equation_FStar.Pervasives.Native.Mktuple2__1", + "proj_equation_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "312072d5905d824ae2ca757f4e905252" + ], + [ + "MerkleTree.Spec.merkle_tree", + 1, + 0, + 0, + [ "@query" ], + 0, + "d7f0ee75a105d03cb58245e917cb4e7e" + ], + [ + "MerkleTree.Spec.mt_get", + 1, + 0, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.Spec.merkle_tree", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "0872299a79f1174ac6b09035d4cf1cb1" + ], + [ + "MerkleTree.Spec.mt_left", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "fd69e0997a6ff538b8126afa811d81c6" + ], + [ + "MerkleTree.Spec.mt_left", + 2, + 1, + 0, + [ "@query" ], + 0, + "3a6910bbe25cf15287e1d69a4bb0a8f4" + ], + [ + "MerkleTree.Spec.mt_left", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b64050b06385957921d75996ec418d3c", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length" + ], + 0, + "cef5b1697ffd11a6185aaf751441205e" + ], + [ + "MerkleTree.Spec.mt_right", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "b6fa01ba55112eafc14339ec04c212ac" + ], + [ + "MerkleTree.Spec.mt_right", + 2, + 1, + 0, + [ "@query" ], + 0, + "9c729f658d4bb4d41819105f8d2fbd18" + ], + [ + "MerkleTree.Spec.mt_right", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length" + ], + 0, + "3ea0b9c673df99d7625ed0820f1b6f5e" + ], + [ + "MerkleTree.Spec.mt_left_right", + 1, + 1, + 0, + [ "@query" ], + 0, + "d172214320a1eb3e2fdd6674b87eb9de" + ], + [ + "MerkleTree.Spec.mt_left_right", + 2, + 1, + 0, + [ "@query" ], + 0, + "2f2dc4fb56d5dce55a3cbd403f248c71" + ], + [ + "MerkleTree.Spec.mt_left_right", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_FStar.Seq.Base.op_At_Bar", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_left", + "equation_MerkleTree.Spec.mt_right", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.op_At_Bar", + "typing_MerkleTree.Spec.mt_left", "typing_MerkleTree.Spec.mt_right" + ], + 0, + "e870ca8b59bc0ca5bbc1a58a99feba99" + ], + [ + "MerkleTree.Spec.hs_next_lv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "6e9d21857b86c50e3165663c62843af9" + ], + [ + "MerkleTree.Spec.hs_next_lv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "83fbdd41e4602880131b8ba36b5137f0" + ], + [ + "MerkleTree.Spec.hs_next_lv", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_87edd3f05a6505b49ecc786ae5532faf_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.op_Equals_Equals_Equals", + "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_f5cfc2a5eba744f480b1372c5b76164e", + "refinement_interpretation_Tm_refine_fd7f42e6ed86f5046ab93b7346631c4a", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "well-founded-ordering-on-nat" + ], + 0, + "de170c67a1027c50c0511499af2bc44d" + ], + [ + "MerkleTree.Spec.hs_next_lv_index", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "typing_MerkleTree.Spec.hs_next_lv" + ], + 0, + "10ac53b39fda33111167b20a9a008a28" + ], + [ + "MerkleTree.Spec.hs_next_lv_index", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_06481d8899ac067297ac6ef4cee61fc9", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "typing_MerkleTree.Spec.hs_next_lv" + ], + 0, + "3c01a5630dc1f168eaa1c5b16f811093" + ], + [ + "MerkleTree.Spec.hs_next_lv_index", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_1e8e92810844635223566aa4424e1f57_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_87edd3f05a6505b49ecc786ae5532faf_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_24e0f7a4ca49aa53202cb61b2d7edc7c", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_fd7f42e6ed86f5046ab93b7346631c4a", + "token_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.Spec.hs_next_lv", + "typing_MerkleTree.Spec.padded_hash_fun", + "well-founded-ordering-on-nat" + ], + 0, + "30ebbe89f8b244844b8613fd0314b687" + ], + [ + "MerkleTree.Spec.hs_next_lv_slice", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_MerkleTree.Spec.hashes", + "equation_Prims.nat", "equation_Prims.pos", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_376b1a8de7c236d0c522ab3535e837d6", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_cc7ec1228e62f637b46417d43aae0cfa", + "typing_MerkleTree.Spec.hs_next_lv" + ], + 0, + "233bb4ca3f9609c4251dc9359da3c359" + ], + [ + "MerkleTree.Spec.hs_next_lv_slice", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_MerkleTree.Spec.hashes", + "equation_Prims.nat", "equation_Prims.pos", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_376b1a8de7c236d0c522ab3535e837d6", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_e9c97e06fc95209dd062489cceed8584", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.Spec.hs_next_lv" + ], + 0, + "ff9497645777dc5890d93682cf174c56" + ], + [ + "MerkleTree.Spec.hs_next_lv_slice", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_87edd3f05a6505b49ecc786ae5532faf_3", + "binder_x_b6833513713c1fbbf5e7aa07204a2f3a_5", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_4", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.Spec.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_refl", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.cons_index_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.Seq.Properties.slice_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_09d2e9ab3b9c121b24316d151747e281", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_41c5b4feeb1852f2c6fb45e7cd7055f4", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_85486a6bb8abf7faf9ccd474927b1b18", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_ddd44b85040d1947cca83550b7e21966", + "refinement_interpretation_Tm_refine_fd7f42e6ed86f5046ab93b7346631c4a", + "refinement_interpretation_Tm_refine_fe10cd968c0923234d8e335578ab9130", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_MerkleTree.Spec.hs_next_lv", + "well-founded-ordering-on-nat" + ], + 0, + "ff1c0eebb89bdca1d5af4c3e7d1e1e8a" + ], + [ + "MerkleTree.Spec.mt_next_lv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "48a9ba7edd85dcaaf6205884acc2b2c0" + ], + [ + "MerkleTree.Spec.mt_next_lv", + 2, + 1, + 0, + [ "@query" ], + 0, + "e04a787713b045bcefb21491df6bd637" + ], + [ + "MerkleTree.Spec.mt_next_lv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "852205489f539c50cbfd01f4a9aaa93c" + ], + [ + "MerkleTree.Spec.mt_next_lv_mt_left", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_f641999d6ed36014062ea5dbfe670585" + ], + 0, + "643ed602885291533923155e6bc0c2b5" + ], + [ + "MerkleTree.Spec.mt_next_lv_mt_left", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_left", + "equation_MerkleTree.Spec.mt_next_lv", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9439a21fa960e31671c16e484ec50b5d", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_f641999d6ed36014062ea5dbfe670585", + "typing_MerkleTree.Spec.hs_next_lv", "typing_MerkleTree.Spec.mt_left" + ], + 0, + "40bb8a55196f83e51448bc12acfd6001" + ], + [ + "MerkleTree.Spec.mt_next_lv_mt_right", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_f641999d6ed36014062ea5dbfe670585" + ], + 0, + "d7d122b7520ab0851831521e631fb540" + ], + [ + "MerkleTree.Spec.mt_next_lv_mt_right", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.mt_right", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_f641999d6ed36014062ea5dbfe670585", + "typing_MerkleTree.Spec.hs_next_lv", + "typing_MerkleTree.Spec.mt_right" + ], + 0, + "1f801a73ef68cb4df6f33637cc0169d3" + ], + [ + "MerkleTree.Spec.hs_next_lv_equiv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", "primitive_Prims.op_Division", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_60d621a26e5887485ae506e453a89824", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "f233d415e542a99ad5982b46970f460b" + ], + [ + "MerkleTree.Spec.hs_next_lv_equiv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_MerkleTree.Spec.hashes", + "equation_Prims.eqtype", "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_60d621a26e5887485ae506e453a89824", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_f97fad2c1fb2db1c8f88c401525f4a64", + "typing_FStar.Seq.Base.slice" + ], + 0, + "6490407dc633e0ba967307e5a42b798f" + ], + [ + "MerkleTree.Spec.mt_next_lv_equiv", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "primitive_Prims.op_Division", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0c2c2fc2e950c568d5764840f56db0fe", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_MerkleTree.Spec.mt_next_lv" + ], + 0, + "65223faf769959427feeac80e1dcdaf7" + ], + [ + "MerkleTree.Spec.mt_next_lv_equiv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "refinement_interpretation_Tm_refine_0c2c2fc2e950c568d5764840f56db0fe", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "b0d5cc06824bc7fa873b66dcae9e88b4" + ], + [ + "MerkleTree.Spec.mt_next_lv_equiv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0c2c2fc2e950c568d5764840f56db0fe", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "2e4a9253e2837919c216a27c24110ab7" + ], + [ + "MerkleTree.Spec.hs_next_rel", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "f46f1c33886cbc090bd13292d0930624" + ], + [ + "MerkleTree.Spec.hs_next_rel", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "5d77c320f8f9fd06341381e06e119612" + ], + [ + "MerkleTree.Spec.hs_next_rel", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c" + ], + 0, + "5dd16cebfea161093011f39e5223852d" + ], + [ + "MerkleTree.Spec.mt_next_rel", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "a37071120da3c3aea7b0b99c0629f145" + ], + [ + "MerkleTree.Spec.mt_next_rel", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "cbd71d45c3d9d7e39c6bae07e6b0ee9d" + ], + [ + "MerkleTree.Spec.mt_next_rel", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length" + ], + 0, + "107da3f303946e55e6b07bbd15d25cc0" + ], + [ + "MerkleTree.Spec.hs_next_rel_next_lv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "07b3a8ca3f9789ece5a098fc0a3422fa" + ], + [ + "MerkleTree.Spec.hs_next_rel_next_lv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.eqtype", + "equation_Prims.nat", "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f" + ], + 0, + "41889f6713733a8b952cb565e6cde051" + ], + [ + "MerkleTree.Spec.hs_next_rel_next_lv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_364e8fc0328ce7bd4d691aa53cd50b9c_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_87edd3f05a6505b49ecc786ae5532faf_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_ae0ccf41effc2122db27984b542921f3", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_fd7f42e6ed86f5046ab93b7346631c4a", + "token_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.Spec.hs_next_lv", + "typing_MerkleTree.Spec.padded_hash_fun", + "well-founded-ordering-on-nat" + ], + 0, + "c9c83a9d16b56756286fac10f32533ed" + ], + [ + "MerkleTree.Spec.mt_next_rel_next_lv", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "0a560cd6892359a65eb6e17a32fe152a" + ], + [ + "MerkleTree.Spec.mt_next_rel_next_lv", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "62cdfcc8c751e95499383fa3801d355c" + ], + [ + "MerkleTree.Spec.mt_next_rel_next_lv", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.mt_next_rel", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.length" + ], + 0, + "6357dc20580702793c966662a4b4c586" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_292c1be36e4b2bbb97ae0dae87966ea1", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "712290902741da31cd9d6888f4dc7b40" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "b03ae3eb45855454ae3d4f4b77253ac5" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "primitive_Prims.op_Addition", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.index", + "typing_MerkleTree.Spec.padded_hash_fun" + ], + 0, + "cf9276f6f517500b38567b5c82b7e51b" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even_pad", + 1, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_292c1be36e4b2bbb97ae0dae87966ea1", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "fa7a6611255a5524bd4d64d00f5881ef" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even_pad", + 2, + 1, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "7851e934ed5b512b3e8ef3bb449af526" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_even_pad", + 3, + 1, + 1, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "MerkleTree.Spec_pretyping_de868e87a3b2cbc224620d2e725391a3", + "Prims_pretyping_f8666440faa91836cc5a13998af863fc", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.padded_hash", + "constructor_distinct_Prims.unit", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "fuel_guarded_inversion_MerkleTree.Spec.padded_hash", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.index", "typing_FStar.Seq.Base.upd", + "typing_MerkleTree.Spec.padded_hash_fun", "unit_typing" + ], + 0, + "a965e773592b331ae17bd0c7612f7716" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_odd", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_upd", "primitive_Prims.op_Addition", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_292c1be36e4b2bbb97ae0dae87966ea1", + "refinement_interpretation_Tm_refine_2ca062977a42c36634b89c1c4f193f79", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "ca31deb0abb00fa2d148c89e9d532804" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_odd", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "int_inversion", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "fb2692b70700929774ffc85704c7da11" + ], + [ + "MerkleTree.Spec.mt_next_rel_upd_odd", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.hs_next_rel", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_rel", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_index_upd1", + "lemma_FStar.Seq.Base.lemma_index_upd2", + "primitive_Prims.op_Addition", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_846c786b74a0ea856ce37380641c5798", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_df81b3f17797c6f405c1dbb191651292", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.index", + "typing_MerkleTree.Spec.padded_hash_fun" + ], + 0, + "297015c2998b1e7c11683e5b098359bb" + ], + [ + "MerkleTree.Spec.mt_get_root", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_eb6e2feb582eb76cd7b68bad49adce73_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", "primitive_Prims.op_Equality", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_Prims.pow2", "well-founded-ordering-on-nat" + ], + 0, + "54f08666563f3327cf98f1c5d1c8b430" + ], + [ + "MerkleTree.Spec.mt_get_root_step", + 1, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "7c8fae294c6fcd7394aefbd73c3e2815" + ], + [ + "MerkleTree.Spec.mt_get_root_step", + 2, + 2, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "647502952cd238ca0885f466c4d81283" + ], + [ + "MerkleTree.Spec.mt_get_root_step", + 3, + 2, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_66067bf4422ff36e3b0f55054666d1be_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_2", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_left", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.mt_right", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.Spec.mt_get_root", + "typing_MerkleTree.Spec.mt_left", + "typing_MerkleTree.Spec.mt_next_lv", + "typing_MerkleTree.Spec.mt_right", + "typing_MerkleTree.Spec.padded_hash_fun", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "a9351ce2a59ede8c92fdf48e51b1ba37" + ], + [ + "MerkleTree.Spec.mt_get_path", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_58232c9baeb1e7d93cf0ca17c6119d2c_4", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_eb6e2feb582eb76cd7b68bad49adce73_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.lseq", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.path", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_len_append", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bb8290f401f6be4f6139ae9c51e45571", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "well-founded-ordering-on-nat" + ], + 0, + "52841ea4f97c60fc028775d2c96e911e" + ], + [ + "MerkleTree.Spec.mt_verify_", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "binder_x_58232c9baeb1e7d93cf0ca17c6119d2c_4", + "binder_x_891372484a5e2256bf243c77cd7e9291_3", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.lseq", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.Spec.path", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_bb8290f401f6be4f6139ae9c51e45571", + "well-founded-ordering-on-nat" + ], + 0, + "d331a651564204c83756f3a07dac4528" + ], + [ + "MerkleTree.Spec.mt_verify", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "@query", "equation_Prims.eq2", "equation_Prims.squash", + "equation_Prims.subtype_of", + "refinement_interpretation_Tm_refine_2de20c066034c13bf76e9c0b94f4806c" + ], + 0, + "1ee618b0122b11cf7f29814e6e8c7e34" + ], + [ + "MerkleTree.Spec.hs_next_lv_get", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_9581c37592f14f4e9181b056e5f7db68" + ], + 0, + "a7053be22dac71ac442fe621915fad35" + ], + [ + "MerkleTree.Spec.hs_next_lv_get", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_Prims.nat", "equation_Prims.pos", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_b371cb851f9076330199c1e533b83a7d" + ], + 0, + "f1857911d91a6c9a86ddf1112caffa84" + ], + [ + "MerkleTree.Spec.hs_next_lv_get", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_2c39fb8f57d03da1651b478d6fcf8bb7_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6a20c5f774517d73712853dae9f63f21_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_2", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Division", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThan", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_36fcb187b0f2344dd7369cd594255768", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_4a7354e95301ca0ea16b8262c008d283", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_798d67b267f3e31cfd5a4d146a5c5872", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "token_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.Spec.hs_next_lv", + "typing_MerkleTree.Spec.padded_hash_fun", + "well-founded-ordering-on-nat" + ], + 0, + "f13596f356be7f3987d61f83434f9c5d" + ], + [ + "MerkleTree.Spec.mt_next_lv_get", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_Modulus", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_MerkleTree.Spec.mt_next_lv" + ], + 0, + "de0eb432fe5d6d72bda0c0aa90396efb" + ], + [ + "MerkleTree.Spec.mt_next_lv_get", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "e18f188318e4a215875e67e1912b89b9" + ], + [ + "MerkleTree.Spec.mt_next_lv_get", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "7cea23b9f9f9bfec6ba9db4415c6c0d4" + ], + [ + "MerkleTree.Spec.mt_get_path_ok_", + 1, + 1, + 0, + [ "@query" ], + 0, + "9182f5b10ec49600d1def54bb2e5c280" + ], + [ + "MerkleTree.Spec.mt_get_path_ok_", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_58232c9baeb1e7d93cf0ca17c6119d2c_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_eb6e2feb582eb76cd7b68bad49adce73_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.cons", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.lseq", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_get", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.path", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_verify_.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_app2", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_append", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_Addition", + "primitive_Prims.op_Division", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Modulus", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_a0cd7d06c5da6444b6b51b319febde8e", + "refinement_interpretation_Tm_refine_ac201cf927190d39c033967b63cb957b", + "refinement_interpretation_Tm_refine_baba3c4ff195e8afc82d572a0bec0709", + "refinement_interpretation_Tm_refine_bb8290f401f6be4f6139ae9c51e45571", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "token_correspondence_MerkleTree.Spec.mt_get_path.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_MerkleTree.Spec.mt_get", + "typing_MerkleTree.Spec.mt_get_path", + "typing_MerkleTree.Spec.mt_next_lv", "well-founded-ordering-on-nat" + ], + 0, + "318645fdce5c9da96ee9a6acffc36055" + ], + [ + "MerkleTree.Spec.raw_hashes", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "binder_x_6f28290f93390d12255318630c8ecfa2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.Spec.hashes", "equation_Prims.nat", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "typing_FStar.Seq.Base.length", "well-founded-ordering-on-nat" + ], + 0, + "ca5a26f70eb61e2cd6f3cc992a95f456" + ], + [ + "MerkleTree.Spec.raw_hashes_raws", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@query", "b2t_def", "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_c0dd10ca5ac1ce6ad6a881d36b8a75d7_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "bool_typing", "disc_equation_MerkleTree.Spec.HRaw", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.Spec.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_de518047687dbae99b09e646f3b3fe1b", + "typing_FStar.Seq.Base.length", "well-founded-ordering-on-nat" + ], + 0, + "b5d36039415f34a5448f9ffcfea091eb" + ], + [ + "MerkleTree.Spec.raw_hashes_index", + 1, + 1, + 0, + [ "@query" ], + 0, + "21736615f3de859ba51233bd6e067923" + ], + [ + "MerkleTree.Spec.raw_hashes_index", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_69320a8cab4b491ec8590195fb19243f_3", + "binder_x_6f28290f93390d12255318630c8ecfa2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "disc_equation_MerkleTree.Spec.HRaw", + "equation_FStar.Seq.Properties.head", + "equation_FStar.Seq.Properties.tail", + "equation_MerkleTree.Spec.hashes", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_06cd040c6b7dbecd62f15a630423bebd", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_81edd68a1a54dc7bf0e946fc95adff76", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "typing_FStar.Seq.Base.length", "well-founded-ordering-on-nat" + ], + 0, + "06bea3b4345b39e977cf30d9c309d3df" + ], + [ + "MerkleTree.Spec.raw_hashes_slice", + 1, + 1, + 0, + [ "@query" ], + 0, + "7fcb05db9be491af206fdbaefa41547a" + ], + [ + "MerkleTree.Spec.raw_hashes_slice", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@query", "Prims_pretyping_ae567c2fb75be05905677af440075565", + "b2t_def", "binder_x_5712b65b1fffee701f5900b0de73ffb7_4", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_6f28290f93390d12255318630c8ecfa2_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "disc_equation_MerkleTree.Spec.HRaw", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.Spec.hashes", "equation_Prims.eqtype", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "l_and-interp", "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.lemma_tail_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThan", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b138bd5848d4184f7632587e6e4bcf9f", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d678a450c5c5a4ea3284d5ca43ac700f", + "true_interp", "typing_FStar.Seq.Base.slice", + "well-founded-ordering-on-nat" + ], + 0, + "6bb7d555d9d3b64a3e9e5ee0a2509576" + ], + [ + "MerkleTree.Spec.pad_hashes_slice", + 1, + 1, + 0, + [ "@query" ], + 0, + "f7030bf6110b66a0b91e41269a906e4f" + ], + [ + "MerkleTree.Spec.pad_hashes_slice", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5712b65b1fffee701f5900b0de73ffb7_4", + "binder_x_6f28290f93390d12255318630c8ecfa2_2", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.pad_hashes", "equation_Prims.eqtype", + "equation_Prims.nat", + "function_token_typing_Prims.__cache_version_number__", + "function_token_typing_Prims.int", + "haseqTm_refine_542f9d4f129664613f2483a6c88bc7c2", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d678a450c5c5a4ea3284d5ca43ac700f", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "well-founded-ordering-on-nat" + ], + 0, + "74dc2b4b08fdbf24d5155c483b72141e" + ], + [ + "MerkleTree.Spec.rpmt", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "int_inversion", "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315" + ], + 0, + "34202338b53e67364899856d81936e73" + ], + [ + "MerkleTree.Spec.rpmt_raws", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1" + ], + 0, + "67138e13a2074a43d4d6a1ee31ac0846" + ], + [ + "MerkleTree.Spec.rpmt_i_0", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_Prims.pos", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "typing_Prims.pow2" + ], + 0, + "a542ada037765ddeb07f938c8da61953" + ], + [ + "MerkleTree.Spec.rpmt_i_0", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_Prims.pos", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "typing_Prims.pow2" + ], + 0, + "9dacad75e75b81ada53aeb0445331f8a" + ], + [ + "MerkleTree.Spec.rpmt_i_0", + 3, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "int_inversion", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Properties.slice_length", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1" + ], + 0, + "f66afa56f4aa93b627133409be9c98aa" + ], + [ + "MerkleTree.Spec.rpmt_left", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "672b6dae72fede6fd26dc939d9239f12" + ], + [ + "MerkleTree.Spec.rpmt_left", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "e183db5835eb2bd13cad3f6899fe74ae" + ], + [ + "MerkleTree.Spec.rpmt_left", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_left", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "int_typing", "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0bb529975fa1ed80d6d8687989d86ddf", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_277e8baa879773f898746def0f3871c3", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_9cf3deb4eab129e0325195a904e4c32a", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.empty", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.Spec.mt_left" + ], + 0, + "15575db47d9c94ab837450ef6d9ae1cb" + ], + [ + "MerkleTree.Spec.rpmt_right", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "equation_Prims.nat", "equation_Prims.pos", + "equation_with_fuel_Prims.pow2.fuel_instrumented", "int_inversion", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "47a816e0f927946141e99fd38e2442a8" + ], + [ + "MerkleTree.Spec.rpmt_right", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", "equation_Prims.pos", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5" + ], + 0, + "a96ea574d3894c256d0d7c939321a569" + ], + [ + "MerkleTree.Spec.rpmt_right", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_right", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_is_empty", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.Seq.Properties.slice_slice", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", "primitive_Prims.op_Multiply", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_0bb529975fa1ed80d6d8687989d86ddf", + "refinement_interpretation_Tm_refine_1ba8fd8bb363097813064c67740b2de5", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_b361ba8089a6e963921008d537e799a1", + "refinement_interpretation_Tm_refine_b913a3f691ca99086652e0a655e72f17", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "true_interp", "typing_FStar.Seq.Base.create", + "typing_FStar.Seq.Base.empty", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_MerkleTree.Spec.mt_right" + ], + 0, + "50df73d805f63380155bf102cee3f18d" + ], + [ + "MerkleTree.Spec.rpmt_pad_hashes_0", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "constructor_distinct_MerkleTree.Spec.HPad", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "disc_equation_MerkleTree.Spec.HRaw", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Prims.pow2" + ], + 0, + "5d61ff9384eda4c0ec4a4c7ced9394bf" + ], + [ + "MerkleTree.Spec.rpmt_pad_hashes_index_0", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_Prims.pow2" + ], + 0, + "647104d0315b983d96f5bd8844dd34fd" + ], + [ + "MerkleTree.Spec.rpmt_pad_hashes_index_0", + 2, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", "b2t_def", + "bool_inversion", "bool_typing", + "constructor_distinct_MerkleTree.Spec.HPad", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "disc_equation_MerkleTree.Spec.HPad", + "disc_equation_MerkleTree.Spec.HRaw", + "equation_FStar.Seq.Properties.head", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.raw_hashes.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_and-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_index_slice", + "lemma_FStar.Seq.Base.lemma_len_slice", + "lemma_FStar.Seq.Properties.slice_length", + "primitive_Prims.op_Addition", "primitive_Prims.op_Equality", + "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "refinement_interpretation_Tm_refine_35a0739c434508f48d0bb1d5cd5df9e8", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d3d07693cd71377864ef84dc97d10ec1", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.slice", "typing_Prims.pow2" + ], + 0, + "6356d7b27e4682c3b9a0e6839ba5a355" + ], + [ + "MerkleTree.Spec.mt_get_root_pad_index_0", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_Prims.pow2" + ], + 0, + "fe1dccef08bb8471333268a232f741d2" + ], + [ + "MerkleTree.Spec.mt_get_root_pad_index_0", + 2, + 1, + 0, + [ + "@MaxIFuel_assumption", "@query", + "equation_MerkleTree.Spec.merkle_tree", "equation_Prims.nat", + "equation_Prims.pos", "int_inversion", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_a3afde1b2b8ea59a9f875ba9dcfc5cbc", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "typing_Prims.pow2" + ], + 0, + "c8b601892217096679025875b68c6188" + ], + [ + "MerkleTree.Spec.mt_get_root_pad_index_0", + 3, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_eb6e2feb582eb76cd7b68bad49adce73_3", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "bool_typing", "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "constructor_distinct_Tm_unit", "disc_equation_MerkleTree.Spec.HPad", + "equation_FStar.Seq.Properties.cons", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_next_lv", + "equation_MerkleTree.Spec.padded_hash_fun", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", + "lemma_FStar.Seq.Base.lemma_create_len", + "lemma_FStar.Seq.Base.lemma_index_app1", + "lemma_FStar.Seq.Base.lemma_index_create", + "lemma_FStar.Seq.Base.lemma_len_slice", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "refinement_interpretation_Tm_refine_12b3c434aa6b331065cea3dabb126837", + "refinement_interpretation_Tm_refine_3a643af648e0e51f8493b1b7e51bd56c", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_81407705a0828c2c1b1976675443f647", + "refinement_interpretation_Tm_refine_c1424615841f28cac7fc34e92b7ff33c", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "token_correspondence_MerkleTree.Spec.hs_next_lv.fuel_instrumented", + "token_correspondence_Prims.pow2.fuel_instrumented", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.index", + "typing_FStar.Seq.Base.length", "typing_FStar.Seq.Base.slice", + "typing_MerkleTree.Spec.padded_hash_fun", "typing_Prims.pow2", + "well-founded-ordering-on-nat" + ], + 0, + "b917bc5e68fb1569474dc7783d7dff46" + ], + [ + "MerkleTree.Spec.rpmt_get_root_pad_hashes", + 1, + 1, + 0, + [ "@query" ], + 0, + "648775de5bb88779e2ddd5eefb7bebf7" + ], + [ + "MerkleTree.Spec.rpmt_get_root_pad", + 1, + 1, + 0, + [ "@query" ], + 0, + "8c7d1d2d0eb8dfa9478a46fe762178f7" + ], + [ + "MerkleTree.Spec.rpmt_get_root_raw", + 1, + 1, + 0, + [ + "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@query", "disc_equation_MerkleTree.Spec.HPad", + "disc_equation_MerkleTree.Spec.HRaw", + "equation_MerkleTree.Spec.rpmt", "equation_Prims.nat", + "equation_Prims.pos", + "fuel_guarded_inversion_MerkleTree.Spec.padded_hash", + "int_inversion", "inversion-interp", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_62965edeceead4d487e326631269edf4", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_MerkleTree.Spec.mt_get_root" + ], + 0, + "638ba4b1caa67649d977f6e819355abc" + ], + [ + "MerkleTree.Spec.extract", + 1, + 1, + 0, + [ + "@MaxFuel_assumption", "@MaxIFuel_assumption", + "@fuel_correspondence_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "@fuel_correspondence_Prims.pow2.fuel_instrumented", + "@fuel_irrelevance_Prims.pow2.fuel_instrumented", "@query", + "Prims_pretyping_ae567c2fb75be05905677af440075565", + "binder_x_2492560bdbf098f6deb1b9e386caa735_3", + "binder_x_5e20d151293c9e40e5203cbcff29aebe_1", + "binder_x_bb4e1c9af0265270f8e7a5f250f730e2_2", + "binder_x_f26957a7e62b271a8736230b1e9c83c1_0", "bool_inversion", + "constructor_distinct_MerkleTree.Spec.HPad", + "constructor_distinct_MerkleTree.Spec.HRaw", + "data_typing_intro_MerkleTree.Spec.HPad@tok", + "disc_equation_MerkleTree.Spec.HPad", + "disc_equation_MerkleTree.Spec.HRaw", "eq2-interp", + "equation_FStar.Seq.Base.op_At_Bar", + "equation_MerkleTree.Spec.hashes", + "equation_MerkleTree.Spec.merkle_tree", + "equation_MerkleTree.Spec.mt_left", + "equation_MerkleTree.Spec.mt_right", + "equation_MerkleTree.Spec.pad_hashes", + "equation_MerkleTree.Spec.padded_hash_fun", + "equation_MerkleTree.Spec.rpmt", + "equation_MerkleTree.Spec.rpmt_left", + "equation_MerkleTree.Spec.rpmt_right", "equation_Prims.l_not", + "equation_Prims.logical", "equation_Prims.nat", + "equation_Prims.op_Equals_Equals_Equals", "equation_Prims.pos", + "equation_with_fuel_MerkleTree.Spec.mt_get_root.fuel_instrumented", + "equation_with_fuel_Prims.pow2.fuel_instrumented", + "function_token_typing_Prims.__cache_version_number__", + "int_inversion", "int_typing", + "kinding_MerkleTree.Spec.padded_hash@tok", "l_not-interp", + "lemma_FStar.Seq.Base.lemma_eq_elim", + "lemma_FStar.Seq.Base.lemma_eq_intro", + "lemma_FStar.Seq.Properties.slice_length", + "lemma_FStar.UInt.pow2_values", "primitive_Prims.op_BarBar", + "primitive_Prims.op_Equality", "primitive_Prims.op_LessThanOrEqual", + "primitive_Prims.op_Multiply", "primitive_Prims.op_Subtraction", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__1", + "projection_inverse_FStar.Pervasives.Native.Mktuple2__2", + "projection_inverse_MerkleTree.Spec.HPad_hsz", + "projection_inverse_MerkleTree.Spec.HRaw_hr", + "projection_inverse_MerkleTree.Spec.HRaw_hsz", + "refinement_interpretation_Tm_refine_2c7ecebd8a41d0890aab4251b61d6458", + "refinement_interpretation_Tm_refine_510e0e40c0eae7eea40c300dfc42218f", + "refinement_interpretation_Tm_refine_542f9d4f129664613f2483a6c88bc7c2", + "refinement_interpretation_Tm_refine_545572ef735b56d10b297939a0e2f2a9", + "refinement_interpretation_Tm_refine_774ba3f728d91ead8ef40be66c9802e5", + "refinement_interpretation_Tm_refine_a65cb1e60bb869c115f780c5cefffa1e", + "refinement_interpretation_Tm_refine_d83f8da8ef6c1cb9f71d1465c1bb1c55", + "refinement_interpretation_Tm_refine_e166b70fde2cd9152c503654048d8315", + "refinement_interpretation_Tm_refine_e3bb46e403ec9d0fdcbeb076406810b1", + "typing_FStar.Seq.Base.create", "typing_FStar.Seq.Base.length", + "typing_FStar.Seq.Base.op_At_Bar", + "typing_FStar.StrongExcludedMiddle.strong_excluded_middle", + "typing_MerkleTree.Spec.hash", "typing_MerkleTree.Spec.mt_left", + "typing_MerkleTree.Spec.mt_right", "typing_Prims.eq2", + "typing_Prims.l_not", "well-founded-ordering-on-nat" + ], + 0, + "5d3d69ba6556f0f4189b45c54e873bc4" + ] + ] +] \ No newline at end of file diff --git a/hints/MerkleTree.fsti.hints b/hints/MerkleTree.fsti.hints new file mode 100644 index 0000000..b57a3b6 --- /dev/null +++ b/hints/MerkleTree.fsti.hints @@ -0,0 +1,621 @@ +[ + "‚ò;…»U\u0005ÀŠ¿[\u0006%ÈrH", + [ + [ + "MerkleTree.mt_init_hash", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "50ccc2a7b3817b3a3f16261a7f72c3d5" + ], + [ + "MerkleTree.mt_free_hash", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "ed0e75f50064df70201646abbdbc6eff" + ], + [ + "MerkleTree.mt_init_path", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "f4855585319e1b01569a44b30880a20a" + ], + [ + "MerkleTree.mt_free_path", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "f184875b96c45a6aa7cd980a06d098e2" + ], + [ + "MerkleTree.mt_get_path_length", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "ce574cc24eb07743c6671eb4f5a9a068" + ], + [ + "MerkleTree.mt_path_insert", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.path", "equation_MerkleTree.path_p", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "933aa1d4feb6c0882188a7920ae875ab" + ], + [ + "MerkleTree.mt_path_insert", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "969f7b79abd034139bc90a32d42dabbb" + ], + [ + "MerkleTree.path_hash_size", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.path", "equation_MerkleTree.path_p", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "300b86cce638bcbb4ee9ebe258957fcd" + ], + [ + "MerkleTree.const_path_hash_size", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.const_path_p", "equation_MerkleTree.path", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "a55a45136031026b8ffafa7e01a04345" + ], + [ + "MerkleTree.tree_hash_size", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "equation_LowStar.Buffer.pointer", + "equation_MerkleTree.Low.mt_p", "equation_MerkleTree.mt_p", + "projection_inverse_BoxInt_proj_0", + "refinement_interpretation_Tm_refine_573cfed777dae20cc82e8fef9622857e" + ], + 0, + "d50e12cf822b32190039b05c6b8f3d2a" + ], + [ + "MerkleTree.const_tree_hash_size", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "constructor_distinct_LowStar.ConstBuffer.MUTABLE", + "equality_tok_LowStar.ConstBuffer.MUTABLE@tok", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.q_preorder", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.ConstBuffer.qbuf_qual", + "equation_LowStar.ConstBuffer.qual_of", + "equation_MerkleTree.Low.const_mt_p", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.const_mt_p", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3" + ], + 0, + "a97cc12076025a959f19cee1982e1d3a" + ], + [ + "MerkleTree.mt_get_path_step", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "c075c61c25a890ce2d200bcc46ef61fa" + ], + [ + "MerkleTree.mt_get_path_step_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "df74450e14e2e05f0b267bbb7be32f29" + ], + [ + "MerkleTree.mt_create_custom", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", "equation_FStar.UInt.fits", + "equation_FStar.UInt.gt", "equation_FStar.UInt.max_int", + "equation_FStar.UInt.min_int", "equation_FStar.UInt.size", + "equation_FStar.UInt.uint_t", "equation_FStar.UInt32.gt", + "equation_Lib.IntTypes.minint", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.hash_size_t", "equation_Spec.AES.gf8", + "equation_Spec.AES.irred", "equation_Spec.GaloisField.gf", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "typing_Lib.IntTypes.minint", "typing_Spec.AES.gf8", + "typing_Spec.GaloisField.__proj__GF__item__t", + "typing_tok_Lib.IntTypes.U8@tok" + ], + 0, + "ff77d090148818859d5385e2978e2717" + ], + [ + "MerkleTree.mt_create_custom", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "32d6ff852d6affb7c212ef7a2fb0e821" + ], + [ + "MerkleTree.mt_free", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "2de9342c922abeafc9d71cb27a0f989b" + ], + [ + "MerkleTree.mt_insert", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "6646fe209f9490b910e2c707fadf3a66" + ], + [ + "MerkleTree.mt_insert_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "c051f624f286a0f22e8e6f6b3021c7ab" + ], + [ + "MerkleTree.mt_get_root", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "8b5830526280d94e6373362e1599f26d" + ], + [ + "MerkleTree.mt_get_root_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "1bcf115d83bf80976e80c6a7e201b3fe" + ], + [ + "MerkleTree.mt_get_path", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_EverCrypt.Helpers.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "typing_FStar.UInt32.t" + ], + 0, + "fb1dad479b22bd7c9f61cb5d5026eada" + ], + [ + "MerkleTree.mt_get_path", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "9293d0900fc7278119e061443afacd49" + ], + [ + "MerkleTree.mt_get_path_pre", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_EverCrypt.Helpers.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "typing_FStar.UInt32.t" + ], + 0, + "3cf158d8f8921761f765a05201881a7f" + ], + [ + "MerkleTree.mt_get_path_pre", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "224a9fb68fcdf9da9eff9ed358a677dd" + ], + [ + "MerkleTree.mt_flush", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "58c0ea4d1731891c2599bb4f0b85697d" + ], + [ + "MerkleTree.mt_flush_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "89528948a2604e5f0a8d99becaf91b67" + ], + [ + "MerkleTree.mt_flush_to", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "611f154ae4592709ff671af666000ff5" + ], + [ + "MerkleTree.mt_flush_to_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "4cbeb2ff8d876cbb94f2c39be62edc3b" + ], + [ + "MerkleTree.mt_retract_to", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "100d29cd66eff5e3d0d5c6cae91e54b8" + ], + [ + "MerkleTree.mt_retract_to_pre", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "e515b543d14bd7e55caae1766a341dfa" + ], + [ + "MerkleTree.mt_verify", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "constructor_distinct_Lib.IntTypes.U8", + "equality_tok_Lib.IntTypes.U1@tok", + "equality_tok_Lib.IntTypes.U8@tok", + "equation_EverCrypt.Helpers.uint32_t", + "equation_FStar.Monotonic.HyperHeap.hmap", + "equation_FStar.Monotonic.HyperStack.is_tip", + "equation_FStar.Monotonic.HyperStack.is_wf_with_ctr_and_tip", + "equation_FStar.Monotonic.HyperStack.mem", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_Lib.IntTypes.unsigned", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.hash_size_t", "equation_Prims.eqtype", + "equation_Spec.AES.gf8", "equation_Spec.AES.irred", + "equation_Spec.GaloisField.gf", + "function_token_typing_FStar.Monotonic.Heap.heap", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", "int_typing", + "lemma_FStar.Map.lemma_ContainsDom", "lemma_FStar.UInt32.vu_inv", + "primitive_Prims.op_AmpAmp", "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "proj_equation_Spec.GaloisField.GF_t", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_Spec.GaloisField.GF_t", + "refinement_interpretation_Tm_refine_05e15190c946858f68c69156f585f95a", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_de8080fdc4bd6678af723874a7d70466", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", "typing_FStar.Map.contains", + "typing_FStar.Monotonic.HyperHeap.rid", + "typing_FStar.Monotonic.HyperStack.get_hmap", + "typing_FStar.Monotonic.HyperStack.get_tip", "typing_FStar.UInt32.t", + "typing_Spec.AES.gf8", "typing_Spec.GaloisField.__proj__GF__item__t" + ], + 0, + "9607dcd83215d17b6398adfa4ac7b13f" + ], + [ + "MerkleTree.mt_verify", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "a417f4696c5e0704ad8de06d9d6015b4" + ], + [ + "MerkleTree.mt_verify_pre", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", + "equation_EverCrypt.Helpers.uint32_t", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_Prims.eqtype", + "haseqTm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_414d0a9f578ab0048252f8c8f552b99f", + "typing_FStar.UInt32.t" + ], + 0, + "116882791cfd25990ada159f8086672c" + ], + [ + "MerkleTree.mt_verify_pre", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "50de094c6f2305d4458c24965ec71211" + ], + [ + "MerkleTree.mt_serialize_size", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "ff713bc7bc29c256b9fc5064e74c754f" + ], + [ + "MerkleTree.mt_serialize", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "86c191696fc309d6f7bda5bb97348621" + ], + [ + "MerkleTree.mt_deserialize", + 1, + 2, + 1, + [ + "@MaxIFuel_assumption", "@query", "b2t_def", "bool_inversion", + "bool_typing", "constructor_distinct_FStar.Integers.Unsigned", + "constructor_distinct_FStar.Integers.W8", + "equality_tok_FStar.Integers.W8@tok", + "equation_FStar.Integers.int_t", "equation_FStar.Integers.uint_8", + "equation_FStar.UInt.fits", "equation_FStar.UInt.gt", + "equation_FStar.UInt.max_int", "equation_FStar.UInt.min_int", + "equation_FStar.UInt.size", "equation_FStar.UInt.uint_t", + "equation_FStar.UInt32.gt", "equation_LowStar.ConstBuffer.as_mbuf", + "equation_LowStar.ConstBuffer.length", + "equation_LowStar.ConstBuffer.qbuf_pre", + "equation_LowStar.Monotonic.Buffer.length", + "equation_MerkleTree.Low.Datastructures.hash_size_t", + "equation_MerkleTree.Low.Serialization.const_uint8_p", + "equation_MerkleTree.Low.Serialization.uint8_t", + "equation_MerkleTree.Low.const_pointer", + "equation_MerkleTree.hash_size_t", + "function_token_typing_FStar.Integers.uint_8", "int_typing", + "lemma_FStar.UInt32.vu_inv", "primitive_Prims.op_AmpAmp", + "primitive_Prims.op_GreaterThan", + "primitive_Prims.op_LessThanOrEqual", + "projection_inverse_BoxBool_proj_0", + "projection_inverse_BoxInt_proj_0", + "projection_inverse_FStar.Integers.Unsigned__0", + "refinement_interpretation_Tm_refine_40154c0b4f718f98d0b1641e5cde8819", + "refinement_interpretation_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "refinement_interpretation_Tm_refine_ae215dc23320c72afef105490c0b13c3", + "refinement_interpretation_Tm_refine_f13070840248fced9d9d60d77bdae3ec", + "refinement_kinding_Tm_refine_56b4e6db87090880a4837304bb2a2909", + "typing_FStar.Ghost.reveal", "typing_FStar.UInt32.v", + "typing_LowStar.ConstBuffer.as_mbuf", + "typing_LowStar.ConstBuffer.as_qbuf", + "typing_LowStar.ConstBuffer.qbuf_pre", + "typing_LowStar.Monotonic.Buffer.len" + ], + 0, + "2190b9698822227a9b3d75ef73895c73" + ], + [ + "MerkleTree.mt_deserialize", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "b2d88af0987296b88a79d639299bdece" + ], + [ + "MerkleTree.mt_serialize_path", + 1, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "57f2d1dd71a209f2743251530f96153a" + ], + [ + "MerkleTree.mt_deserialize_path", + 1, + 2, + 1, + [ "@query" ], + 0, + "85487b4e3496b97a28fd933d88e9bc6e" + ], + [ + "MerkleTree.mt_deserialize_path", + 2, + 2, + 1, + [ + "@query", "equation_FStar.Monotonic.HyperStack.mem", + "equation_MerkleTree.pf" + ], + 0, + "e3f8ab31a6d8ed3ae32e324cd1a7a938" + ] + ] +] \ No newline at end of file diff --git a/src/Lib.RawBuffer.fst b/src/Lib.RawBuffer.fst new file mode 100644 index 0000000..d2b78ef --- /dev/null +++ b/src/Lib.RawBuffer.fst @@ -0,0 +1,34 @@ +module Lib.RawBuffer + +friend Lib.IntTypes + +open LowStar.Buffer + +open FStar.HyperStack.ST + +module U8 = FStar.UInt8 +module U32 = FStar.UInt32 + +open Lib.IntTypes + +let blit src idx_src dst idx_dst len = + let h0 = get () in + blit src idx_src dst idx_dst len; + let h1 = get () in + assert (forall (i:nat). i < U32.v len ==> + Seq.index (as_seq h1 dst) (U32.v idx_dst + i) == + Seq.index (Seq.slice (as_seq h1 dst) (U32.v idx_dst) (U32.v idx_dst + U32.v len)) i) + +let lbytes_eq #n b1 b2 = + let open LowStar.BufferOps in + let h0 = get() in + let inv h i b = + modifies loc_none h0 h /\ + i <= U32.v n /\ + (if b then + 0 < i /\ Seq.index (as_seq h0 b1) (i-1) <> Seq.index (as_seq h0 b2) (i-1) + else + forall (j:nat).j < i ==> Seq.index (as_seq h0 b1) j == Seq.index (as_seq h0 b2) j) + in + let _, b = C.Loops.interruptible_for 0ul n inv (fun i -> b1.(i) <> b2.(i)) in + not b diff --git a/src/Lib.RawBuffer.fsti b/src/Lib.RawBuffer.fsti new file mode 100644 index 0000000..faeb019 --- /dev/null +++ b/src/Lib.RawBuffer.fsti @@ -0,0 +1,34 @@ +module Lib.RawBuffer + +open FStar.HyperStack.ST + +open LowStar.Buffer +open Lib.IntTypes + +module U8 = FStar.UInt8 +module U32 = FStar.UInt32 + +inline_for_extraction noextract +val blit: src:buffer U8.t -> idx_src:U32.t -> dst:buffer uint8 -> idx_dst:U32.t -> len:U32.t -> ST unit + (requires fun h -> + live h src /\ live h dst /\ + U32.v idx_src + U32.v len <= length src /\ + U32.v idx_dst + U32.v len <= length dst /\ + disjoint src dst) + (ensures fun h0 _ h1 -> + modifies (loc_buffer dst) h0 h1 /\ + live h1 dst /\ + (forall (i:nat). i < U32.v len ==> + Seq.index (as_seq h1 dst) (U32.v idx_dst + i) == + Lib.RawIntTypes.u8_from_UInt8 (Seq.index (as_seq h0 src) (U32.v idx_src + i))) /\ + Seq.slice (as_seq h1 dst) 0 (U32.v idx_dst) == + Seq.slice (as_seq h0 dst) 0 (U32.v idx_dst) /\ + Seq.slice (as_seq h1 dst) (U32.v idx_dst + U32.v len) (length dst) == + Seq.slice (as_seq h0 dst) (U32.v idx_dst + U32.v len) (length dst)) + +inline_for_extraction noextract +val lbytes_eq: #n:size_t -> b1:buffer uint8 -> b2:buffer uint8 -> Stack bool + (requires fun h -> len b1 == n /\ len b2 == n /\ live h b1 /\ live h b2) + (ensures fun h0 r h1 -> + modifies loc_none h0 h1 /\ + (r <==> Seq.equal (as_seq h0 b1) (as_seq h0 b2))) diff --git a/src/Makefile b/src/Makefile new file mode 100644 index 0000000..0487a01 --- /dev/null +++ b/src/Makefile @@ -0,0 +1,2 @@ +MERKLE_HOME=.. +include ../Makefile.include diff --git a/src/MerkleTree.EverCrypt.fst b/src/MerkleTree.EverCrypt.fst new file mode 100644 index 0000000..2c110f9 --- /dev/null +++ b/src/MerkleTree.EverCrypt.fst @@ -0,0 +1,79 @@ +module MerkleTree.EverCrypt + +open MerkleTree.Low + +module HH = FStar.Monotonic.HyperHeap +module B = LowStar.Buffer + +module HST = FStar.HyperStack.ST +module MTH = MerkleTree.New.High +module MTLD = MerkleTree.Low.Datastructures +module MLH = MerkleTree.Low.Hashfunctions +module Hash = Spec.Hash.Definitions + +open LowStar.Regional + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 0" + +module S = FStar.Seq + +module EHS = EverCrypt.Hash + +open MerkleTree.Low.Datastructures + +open Lib.IntTypes + +/// A definition whose sole purpose is to align the .fsti with the .fst +noextract let _align = () + +#push-options "--z3rlimit 150 --ifuel 1" +let mt_sha256_compress src1 src2 dst = + let hash_size = 32ul in + [@inline_let] + let hash_alg = Spec.Hash.Definitions.SHA2_256 in + let hh0 = HST.get () in + HST.push_frame (); + // KaRaMeL can't extract `EHS.blockLen EHS.SHA256` (= 64ul) + let cb = B.alloca (u8 0) 64ul in + B.blit src1 0ul cb 0ul hash_size; + B.blit src2 0ul cb 32ul hash_size; + + // ONLY WORKS BECAUSE hash_alg is inline_for_extraction and is known to be SHA2_256 + let st = EHS.create_in hash_alg HyperStack.root in + EHS.init #(Ghost.hide hash_alg) st; + let hh1 = HST.get () in + assert (S.equal (S.append + (Rgl?.r_repr(hreg hash_size) hh0 src1) + (Rgl?.r_repr(hreg hash_size) hh0 src2)) + (B.as_seq hh1 cb)); + + EHS.update #(Ghost.hide hash_alg) st 0UL cb; + let hh2 = HST.get () in + assert ((EHS.repr st hh2, ()) == + Spec.Agile.Hash.update hash_alg (Spec.Agile.Hash.init hash_alg) + (B.as_seq hh1 cb)); + assert (S.equal (S.append S.empty (B.as_seq hh1 cb)) + (B.as_seq hh1 cb)); + + EHS.finish #(Ghost.hide hash_alg) st dst; + let hh3 = HST.get () in + assert (S.equal (B.as_seq hh3 dst) + (Spec.Hash.PadFinish.finish hash_alg (EHS.repr st hh2, ()))); + assert (S.equal (B.as_seq hh3 dst) + (Spec.Hash.PadFinish.finish hash_alg (Spec.Agile.Hash.update hash_alg (Spec.Agile.Hash.init hash_alg) (B.as_seq hh1 cb)))); + assert (S.equal (B.as_seq hh3 dst) + (MTH.sha256_compress + (Rgl?.r_repr(hreg hash_size) hh0 src1) + (Rgl?.r_repr(hreg hash_size) hh0 src2))); + EHS.free st; + HST.pop_frame (); + + let hh4 = HST.get () in + assert (S.equal (B.as_seq hh4 dst) + (MTH.sha256_compress + (Rgl?.r_repr(hreg hash_size) hh0 src1) + (Rgl?.r_repr(hreg hash_size) hh0 src2))) +#pop-options + +let mt_create r init = + mt_create_custom 32ul (MerkleTree.New.High.sha256_compress) r init mt_sha256_compress diff --git a/src/MerkleTree.EverCrypt.fsti b/src/MerkleTree.EverCrypt.fsti new file mode 100644 index 0000000..63c141c --- /dev/null +++ b/src/MerkleTree.EverCrypt.fsti @@ -0,0 +1,46 @@ +module MerkleTree.EverCrypt + +module HH = FStar.Monotonic.HyperHeap +module B = LowStar.Buffer + +module HST = FStar.HyperStack.ST +module MTH = MerkleTree.New.High +module MTLH = MerkleTree.Low.Hashfunctions +module MTLD = MerkleTree.Low.Datastructures + +open LowStar.Regional + +#set-options "--z3rlimit 50 --fuel 0 --ifuel 0" + +/// A declaration whose sole purpose is to align the .fsti with the .fst +noextract val _align : unit + +inline_for_extraction noextract +let hash #hash_size = MTLD.hash #hash_size +inline_for_extraction noextract +let mt_p = MerkleTree.Low.mt_p +inline_for_extraction noextract +let mt_loc = MerkleTree.Low.mt_loc +inline_for_extraction noextract +let mt_safe = MerkleTree.Low.mt_safe +inline_for_extraction noextract +let mt_lift = MerkleTree.Low.mt_lift + +[@ (Comment " Default hash function")] +val mt_sha256_compress: MTLH.hash_fun_t #32ul #(Ghost.hide MTH.sha256_compress) + +[@ (Comment " Construction wired to sha256 from EverCrypt + + @param[in] init The initial hash") "c_inline"] +val mt_create: r:HST.erid -> init:hash #32ul -> HST.ST mt_p + (requires (fun h0 -> + Rgl?.r_inv (MTLD.hreg 32ul) h0 init /\ + HH.disjoint r (B.frameOf init))) + (ensures (fun h0 mt h1 -> + // memory safety + B.modifies B.(loc_union (mt_loc mt) (B.loc_all_regions_from false (B.frameOf init))) h0 h1 /\ + mt_safe h1 mt /\ + // correctness + MerkleTree.Low.MT?.hash_size (B.get h1 mt 0) = 32ul /\ + mt_lift h1 mt == MTH.mt_create 32 MTH.sha256_compress (Rgl?.r_repr (MTLD.hreg 32ul) h0 init))) + diff --git a/src/MerkleTree.Init.fst b/src/MerkleTree.Init.fst new file mode 100644 index 0000000..8f25595 --- /dev/null +++ b/src/MerkleTree.Init.fst @@ -0,0 +1,3 @@ +module MerkleTree.Init + +let init = EverCrypt.AutoConfig2.init diff --git a/src/MerkleTree.Low.Datastructures.fst b/src/MerkleTree.Low.Datastructures.fst new file mode 100644 index 0000000..fef2ab2 --- /dev/null +++ b/src/MerkleTree.Low.Datastructures.fst @@ -0,0 +1,378 @@ +module MerkleTree.Low.Datastructures + +open FStar.All +open FStar.Integers +open FStar.Mul + +open LowStar.Buffer +open LowStar.BufferOps +open LowStar.Vector +open LowStar.Regional +open LowStar.RVector +open LowStar.Regional.Instances + +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module MHS = FStar.Monotonic.HyperStack +module HH = FStar.Monotonic.HyperHeap + +module B = LowStar.Buffer +module CB = LowStar.ConstBuffer +module V = LowStar.Vector +module RV = LowStar.RVector +module RVI = LowStar.Regional.Instances + +module S = FStar.Seq + +module EHS = EverCrypt.Hash +module U32 = FStar.UInt32 +module MTH = MerkleTree.New.High + +open EverCrypt.Helpers +open Lib.IntTypes + +#set-options "--z3rlimit 10 --initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0" + +type hash_size_t = n:uint32_t{n > 0ul} +type hash (#hsz:hash_size_t) = b:B.buffer uint8 { B.len b = hsz \/ B.g_is_null b } + +// We cannot use `Low.RVector.Instances`, where we have some general +// typeclass instances of `regional`, e.g., if `rg:regional a` then +// `regional (rvector rg)`. In FStar we can use this, but KaRaMeL currently +// cannot deal with this and gives a number of errors. +// So we temporarily instantiate some `regional`s manually below, which is +// extractable to C by KaRaMeL. + +/// Some instantiations of `regional` used in Merkle tree +/// 1. `hash` is regional + +private +noextract +val hash_region_of: #hsz:hash_size_t -> v:hash #hsz -> GTot HH.rid +let hash_region_of #_ v = B.frameOf v + +private inline_for_extraction +val hash_dummy: #hsz:Ghost.erased hash_size_t -> Tot (hash #hsz) +let hash_dummy #_ = B.null + +private +noextract +val hash_r_inv: #hsz:hash_size_t -> h:HS.mem -> v:hash #hsz -> GTot Type0 +let hash_r_inv #hsz h v = + B.live h v /\ B.freeable v /\ + B.len v = hsz + +private +noextract +val hash_r_inv_reg: + #hsz:hash_size_t -> + h:HS.mem -> v:hash -> + Lemma (requires hash_r_inv h v) + (ensures MHS.live_region h (hash_region_of #hsz v)) +let hash_r_inv_reg #_ h v = () + +private +noextract +val hash_repr (#hsz:hash_size_t): Type0 +let hash_repr #hsz = MTH.hash #(U32.v hsz) + +private +noextract +val hash_r_repr: #hsz:hash_size_t -> h:HS.mem -> v:hash{hash_r_inv #hsz h v} -> GTot (hash_repr #hsz) +let hash_r_repr #_ h v = B.as_seq h v + +private +noextract +val hash_r_sep: + #hsz:hash_size_t -> + v:hash #hsz -> p:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires + hash_r_inv h0 v /\ + loc_disjoint + (loc_all_regions_from false + (hash_region_of v)) p /\ + modifies p h0 h1) + (ensures + hash_r_inv h1 v /\ + hash_r_repr h0 v == hash_r_repr h1 v) +let hash_r_sep #_ v p h0 h1 = + assert (loc_includes (loc_all_regions_from false (hash_region_of v)) + (loc_buffer v)); + B.modifies_buffer_elim v p h0 h1 + +private +noextract +val hash_irepr: #hsz:hash_size_t -> Ghost.erased (hash_repr #hsz) +let hash_irepr #hsz = + Ghost.hide (S.create (U32.v hsz) (u8 0)) + +private +noextract +val hash_r_alloc_p: #hsz:hash_size_t -> v:hash #hsz -> GTot Type0 +let hash_r_alloc_p #_ v = True + +val hash_r_alloc: + #hsz':Ghost.erased hash_size_t -> + hsz:hash_size_t { hsz == Ghost.reveal hsz' } -> + r:HST.erid -> + HST.ST (hash #hsz) + (requires (fun h0 -> true)) + (ensures (fun h0 v h1 -> + Set.subset (Map.domain (MHS.get_hmap h0)) + (Map.domain (MHS.get_hmap h1)) /\ + modifies loc_none h0 h1 /\ + hash_r_alloc_p #hsz v /\ + hash_r_inv h1 v /\ + hash_region_of v = r /\ + hash_r_repr h1 v == Ghost.reveal hash_irepr /\ + B.fresh_loc (B.loc_buffer v) h0 h1)) +let hash_r_alloc #_ s r = + B.malloc r (u8 0) s + +val hash_r_free: + #hsz':Ghost.erased hash_size_t -> + hsz:hash_size_t { hsz == Ghost.reveal hsz' } -> + v:hash #hsz' -> + HST.ST unit + (requires fun h0 -> hash_r_inv h0 v) + (ensures fun h0 _ h1 -> + modifies (loc_all_regions_from false (hash_region_of v)) h0 h1) +let hash_r_free #_ _ v = + B.free v + +noextract inline_for_extraction +val hreg (hsz:hash_size_t): regional (hash_size_t) (hash #hsz) +let hreg hsz = + Rgl #(hash_size_t) #(hash #hsz) hsz + (hash_region_of #hsz) + (B.loc_buffer) + (hash_dummy #hsz) + (hash_r_inv #hsz) + (hash_r_inv_reg #hsz) + (hash_repr #hsz) + (hash_r_repr #hsz) + (hash_r_sep #hsz) + (hash_irepr #hsz) + (hash_r_alloc_p #hsz) + (hash_r_alloc #hsz) + (hash_r_free #hsz) + +private +val hash_copy: + #s':Ghost.erased hash_size_t -> + s:hash_size_t { s == Ghost.reveal s' } -> + src:hash #s -> dst:hash #s -> + HST.ST unit + (requires fun h0 -> + hash_r_inv h0 src /\ hash_r_inv h0 dst /\ + HH.disjoint (hash_region_of src) (hash_region_of dst)) + (ensures fun h0 _ h1 -> + modifies (loc_all_regions_from false (hash_region_of dst)) h0 h1 /\ + hash_r_inv h1 dst /\ + hash_r_repr h1 dst == hash_r_repr h0 src) +let hash_copy #_ s src dst = + B.blit src 0ul dst 0ul s + +/// JP: so much stuff happening here. First, single-constructor, single-argument +/// elimination takes places and Cpy becomes completely eliminated, in favor of +/// just being a type alias for the underlying function. So now, we have a +/// function that returns a function pointer. +/// +/// Next, one might think that the hsz argument is going to be eliminated. It's +/// not, because there's a hidden implicit argument to Cpy which is (hreg hsz), +/// meaning that hsz is used at run-time even though Cpy is only using this +/// argument ghostly. This would be have to be fixed. +/// +/// Finally, if the inline_for_extraction is removed, there seems to be a +/// karamel bug that inserts a void*0. To be fixed. +inline_for_extraction +val hcpy: hsz:hash_size_t -> copyable #hash_size_t (hash #hsz) (hreg hsz) +let hcpy hsz = + Cpy (hash_copy #hsz) + +type hash_vec (#hsz:hash_size_t) = RV.rvector (hreg hsz) + +/// 2. `rvector hash` is regional + +type rhst (hsz:hash_size_t) = regional hash_size_t (hash #hsz) + +private +noextract +val hash_vec_region_of: #hsz:hash_size_t -> v:hash_vec #hsz -> GTot HH.rid +let hash_vec_region_of #_ v = V.frameOf v + +private inline_for_extraction +val hash_vec_dummy: (#hsz:Ghost.erased hash_size_t) -> hash_vec #hsz +let hash_vec_dummy #_ = V.alloc_empty (hash #_) + +noextract +val hash_vec_r_inv: #hsz:hash_size_t -> h:HS.mem -> v:hash_vec #hsz -> GTot Type0 +let hash_vec_r_inv #hsz h v = RV.rv_inv h v + +noextract +val hash_vec_r_inv_reg: + #hsz:hash_size_t -> + h:HS.mem -> v:hash_vec #hsz -> + Lemma (requires (hash_vec_r_inv h v)) + (ensures (MHS.live_region h (hash_vec_region_of v))) +let hash_vec_r_inv_reg #_ h v = () + +private +noextract +val hash_vec_repr: #hsz:hash_size_t -> Type0 +let hash_vec_repr #hsz = MTH.hashes #(U32.v hsz) + +noextract +val hash_vec_r_repr: + #hsz:hash_size_t -> + h:HS.mem -> v:hash_vec #hsz {hash_vec_r_inv h v} -> GTot (hash_vec_repr #hsz) +let hash_vec_r_repr #_ h v = + RV.as_seq h v + +noextract +val hash_vec_r_sep: + #hsz:hash_size_t -> + v:hash_vec #hsz -> p:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (hash_vec_r_inv h0 v /\ + loc_disjoint + (loc_all_regions_from false (hash_vec_region_of v)) + p /\ + modifies p h0 h1)) + (ensures (hash_vec_r_inv h1 v /\ + hash_vec_r_repr h0 v == hash_vec_r_repr h1 v)) +let hash_vec_r_sep #_ v p h0 h1 = + RV.rv_inv_preserved v p h0 h1; + RV.as_seq_preserved v p h0 h1 + +noextract +val hash_vec_irepr: #hsz:hash_size_t -> Ghost.erased (hash_vec_repr #hsz) +let hash_vec_irepr #_ = Ghost.hide S.empty + +noextract +val hash_vec_r_alloc_p: #hsz:hash_size_t -> v:hash_vec #hsz -> GTot Type0 +let hash_vec_r_alloc_p #_ v = V.size_of v = 0ul + +#push-options "--initial_fuel 1 --max_fuel 1" +val hash_vec_r_alloc: + #hsz':Ghost.erased hash_size_t -> + hsz:hash_size_t { hsz == Ghost.reveal hsz' } -> + r:HST.erid -> + HST.ST (hash_vec #hsz) + (requires (fun h0 -> true)) + (ensures (fun h0 v h1 -> + Set.subset (Map.domain (MHS.get_hmap h0)) + (Map.domain (MHS.get_hmap h1)) /\ + modifies loc_none h0 h1 /\ + hash_vec_r_alloc_p v /\ + hash_vec_r_inv h1 v /\ + hash_vec_region_of v = r /\ + hash_vec_r_repr h1 v == Ghost.reveal hash_vec_irepr /\ + B.fresh_loc (V.loc_vector v) h0 h1)) +let hash_vec_r_alloc #_ hsz r = + let nrid = HST.new_region r in + // Note: here we are not creating a generic parameterized regional, we are + // creating a specialized regional vector of hashes, so we don't need to go + // through a run-time indirection to figure out what the dummy default element + // is; we know it's the one for hashes + V.alloc_reserve 1ul (hash_dummy #hsz) r +#pop-options + +val hash_vec_r_free: + #hsz':Ghost.erased hash_size_t -> + hsz:hash_size_t { hsz == Ghost.reveal hsz' } -> + v:hash_vec #hsz -> + HST.ST unit + (requires (fun h0 -> hash_vec_r_inv h0 v)) + (ensures (fun h0 _ h1 -> + modifies (loc_all_regions_from false (hash_vec_region_of #hsz v)) h0 h1)) +let hash_vec_r_free #_ hsz v = + RV.free v + +/// This is nice because the only piece of state that we are keeping is one +/// word, the hash size, since we are implementing a specialized instance of +/// RVector over hashes of a known length. We could also, for genericity, make +/// this a mere application of RVector over hreg, which would be less +/// implementation effort, at the expense of a bigger run-time cost since there +/// would be extra space in the struct (which is passed by value!) and also a +/// run-time indirection to do the lookup of the type class instance for the +/// elements of the rvector. +noextract inline_for_extraction +val hvreg (hsz:hash_size_t): regional hash_size_t (hash_vec #hsz) +let hvreg hsz = + Rgl hsz + (hash_vec_region_of #hsz) + V.loc_vector + (hash_vec_dummy #hsz) + (hash_vec_r_inv #hsz) + (hash_vec_r_inv_reg #hsz) + (hash_vec_repr #hsz) + (hash_vec_r_repr #hsz) + (hash_vec_r_sep #hsz) + (hash_vec_irepr #hsz) + (hash_vec_r_alloc_p #hsz) + (hash_vec_r_alloc #hsz) + (hash_vec_r_free #hsz) + +/// 3. A vector of hash vectors is also regional + +type hash_vv (hsz:hash_size_t) = RV.rvector (hvreg hsz) + +noextract inline_for_extraction +val hvvreg (hsz:hash_size_t): regional (regional hash_size_t (hash_vec #hsz)) (hash_vv hsz) +let hvvreg hsz = RVI.vector_regional (hvreg hsz) + +val hash_vec_rv_inv_r_inv: + #hsz:hash_size_t -> + h:HS.mem -> hv:hash_vec #hsz -> i:uint32_t{i < V.size_of hv} -> + Lemma (requires RV.rv_inv h hv) + (ensures Rgl?.r_inv (hreg hsz) h (V.get h hv i)) +let hash_vec_rv_inv_r_inv #_ h hv i = () + +val hash_vv_rv_inv_r_inv: + #hsz:hash_size_t -> + h:HS.mem -> hvv:hash_vv hsz -> + i:uint32_t -> j:uint32_t -> + Lemma (requires RV.rv_inv h hvv /\ + i < V.size_of hvv /\ + j < V.size_of (V.get h hvv i)) + (ensures Rgl?.r_inv (hvreg hsz) h (V.get h hvv i) /\ + Rgl?.r_inv (hreg hsz) h (V.get h (V.get h hvv i) j)) +let hash_vv_rv_inv_r_inv #_ h hvv i j = () + +val hash_vv_rv_inv_disjoint: + #hsz:hash_size_t -> + h:HS.mem -> hvv:hash_vv hsz -> + i:uint32_t -> j:uint32_t -> drid:HH.rid -> + Lemma (requires (RV.rv_inv h hvv /\ + i < V.size_of hvv /\ + j < V.size_of (V.get h hvv i) /\ + HH.disjoint (Rgl?.region_of (hvvreg hsz) hvv) drid)) + (ensures (HH.disjoint (Rgl?.region_of (hreg hsz) (V.get h (V.get h hvv i) j)) drid)) +let hash_vv_rv_inv_disjoint #hsz h hvv i j drid = + assert (HH.disjoint (Rgl?.region_of (hvreg hsz) (V.get h hvv i)) drid); + assert (RV.rv_inv h (V.get h hvv i)); + assert (HH.disjoint (Rgl?.region_of (hreg hsz) (V.get h (V.get h hvv i) j)) drid) + +val hash_vv_rv_inv_includes: + #hsz:hash_size_t -> + h:HS.mem -> hvv:hash_vv hsz -> + i:uint32_t -> j:uint32_t -> + Lemma (requires (RV.rv_inv h hvv /\ + i < V.size_of hvv /\ + j < V.size_of (V.get h hvv i))) + (ensures (HH.includes + (Rgl?.region_of (hvvreg hsz) hvv) + (Rgl?.region_of (hreg hsz) (V.get h (V.get h hvv i) j)))) +let hash_vv_rv_inv_includes #_ h hvv i j = () + +val hash_vv_as_seq_get_index: + #hsz:hash_size_t -> + h:HS.mem -> hvv:hash_vv hsz -> i:uint32_t -> j:uint32_t -> + Lemma (requires (RV.rv_inv h hvv /\ + i < V.size_of hvv /\ + j < V.size_of (V.get h hvv i))) + (ensures (Rgl?.r_repr (hreg hsz) h (V.get h (V.get h hvv i) j) == + S.index (S.index (RV.as_seq h hvv) (U32.v i)) (U32.v j))) +#push-options "--z3rlimit 20" +let hash_vv_as_seq_get_index #_ h hvv i j = () +#pop-options diff --git a/src/MerkleTree.Low.Hashfunctions.fst b/src/MerkleTree.Low.Hashfunctions.fst new file mode 100644 index 0000000..216496b --- /dev/null +++ b/src/MerkleTree.Low.Hashfunctions.fst @@ -0,0 +1,64 @@ +module MerkleTree.Low.Hashfunctions + +open EverCrypt.Helpers + +open FStar.All +open FStar.Integers +open FStar.Mul + +open LowStar.Buffer +open LowStar.BufferOps +open LowStar.Vector +open LowStar.Regional +open LowStar.RVector +open LowStar.Regional.Instances + +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module MHS = FStar.Monotonic.HyperStack +module HH = FStar.Monotonic.HyperHeap + +module B = LowStar.Buffer +module CB = LowStar.ConstBuffer +module V = LowStar.Vector +module RV = LowStar.RVector +module RVI = LowStar.Regional.Instances + +module S = FStar.Seq + +module U32 = FStar.UInt32 +module MTH = MerkleTree.New.High +module MTS = MerkleTree.Spec + +open Lib.IntTypes + +open MerkleTree.Low.Datastructures + +#set-options "--z3rlimit 10 --initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0" + +let init_hash (hsz:hash_size_t) (r:HST.erid): HST.St (hash #hsz) += rg_alloc (hreg hsz) r + +#set-options "--z3rlimit 200 --initial_fuel 2 --max_fuel 2 --initial_ifuel 2 --max_ifuel 2" + +let free_hash + (#hsz:Ghost.erased hash_size_t) + (h:hash #hsz): HST.ST unit + (requires (fun h0 -> (Rgl?.r_inv (hreg hsz)) h0 h)) + (ensures (fun _ _ _ -> True)) += B.free h + +inline_for_extraction +type hash_fun_t (#hsz:hash_size_t) (#hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hsz))) = src1:hash #hsz -> src2:hash #hsz -> dst:hash #hsz -> HST.ST unit + (requires (fun h0 -> + Rgl?.r_inv (hreg hsz) h0 src1 /\ + Rgl?.r_inv (hreg hsz) h0 src2 /\ + Rgl?.r_inv (hreg hsz) h0 dst)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (B.loc_region_only false (B.frameOf dst)) h0 h1 /\ + Rgl?.r_inv (hreg hsz) h1 dst /\ + // correctness + S.equal (Rgl?.r_repr (hreg hsz) h1 dst) + ((Ghost.reveal hash_spec) (Rgl?.r_repr (hreg hsz) h0 src1) (Rgl?.r_repr (hreg hsz) h0 src2)) + )) diff --git a/src/MerkleTree.Low.Serialization.fst b/src/MerkleTree.Low.Serialization.fst new file mode 100644 index 0000000..62b1ffb --- /dev/null +++ b/src/MerkleTree.Low.Serialization.fst @@ -0,0 +1,522 @@ +module MerkleTree.Low.Serialization + +open FStar.Integers +open FStar.Mul +open LowStar.Modifies +open LowStar.BufferOps +open LowStar.Vector +open LowStar.RVector +open LowStar.Regional +open LowStar.Regional.Instances + +open MerkleTree.Low + +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module HH = FStar.Monotonic.HyperHeap + +module B = LowStar.Buffer +module CB = LowStar.ConstBuffer +module V = LowStar.Vector +module RV = LowStar.RVector +module RVI = LowStar.Regional.Instances + +module U16 = FStar.UInt16 +module U32 = FStar.UInt32 +module U64 = FStar.UInt64 +module U8 = FStar.UInt8 + +open MerkleTree.Low.Datastructures +open MerkleTree.Low.Hashfunctions +module MTS = MerkleTree.Spec + +let uint8_t = U8.t +let uint16_t = U16.t +let uint32_t = U32.t +let uint64_t = U64.t + +let uint8_p = B.buffer uint8_t + +type const_uint8_p = const_pointer uint8_t + + +#reset-options "--z3rlimit 5 --initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0" + +private let serialize_bool (ok:bool) (x:bool) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) : HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin + B.upd buf pos (if x then 1uy else 0uy); + (true, pos + 1ul) + end + +private let serialize_uint8_t (ok:bool) (x:uint8_t) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) : HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin B.upd buf pos x; + (true, pos + 1ul) + end + +private let serialize_uint16_t (ok:bool) (x:uint16_t) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) : HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += let ok, pos = serialize_uint8_t ok (Int.Cast.uint16_to_uint8 (U16.shift_right x 8ul)) buf sz pos in + serialize_uint8_t ok (Int.Cast.uint16_to_uint8 x) buf sz pos + +private let serialize_uint32_t (ok:bool) (x:uint32_t) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) : HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += let ok, pos = serialize_uint16_t ok (Int.Cast.uint32_to_uint16 (U32.shift_right x 16ul)) buf sz pos in + serialize_uint16_t ok (Int.Cast.uint32_to_uint16 x) buf sz pos + +private let serialize_uint64_t (ok:bool) (x:uint64_t) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) : HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += let ok, pos = serialize_uint32_t ok (Int.Cast.uint64_to_uint32 (U64.shift_right x 32ul)) buf sz pos in + serialize_uint32_t ok (Int.Cast.uint64_to_uint32 x) buf sz pos + +private let serialize_offset_t = serialize_uint64_t +private let serialize_index_t = serialize_uint32_t + +private let rec serialize_hash_i + (#hash_size:hash_size_t) + (ok:bool) (x:hash #hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) (i:uint32_t{i < hash_size}) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ B.live h0 x /\ B.len x = hash_size)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else let b = x.(i) in + let ok, pos = serialize_uint8_t ok (Lib.RawIntTypes.u8_to_UInt8 b) buf sz pos in + let j = i + 1ul in + if j < hash_size then serialize_hash_i #hash_size ok x buf sz pos j + else (ok, pos) + +private +let serialize_hash + (#hash_size:hash_size_t) + (ok:bool) (x:hash #hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ B.live h0 x /\ B.len x = hash_size)) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else serialize_hash_i ok x buf sz pos 0ul + +private inline_for_extraction +let u64_add_fits (x:uint64_t) (y:uint64_t): Tot (r:bool{r ==> UInt.size (U64.v x + U64.v y) 64}) = uint64_max - x >= y + +#push-options "--z3rlimit 10 --initial_fuel 1 --max_fuel 1" +private inline_for_extraction +let hash_vec_bytes + (#hash_size:hash_size_t) + (v:hash_vec #hash_size) +: Tot uint64_t += let vs_hs = U64.mul (u32_64 (V.size_of v)) (u32_64 hash_size) in + if u64_add_fits vs_hs 4UL then vs_hs + 4UL else uint64_max +#pop-options + +private +let rec serialize_hash_vec_i + (#hash_size:hash_size_t) + (ok:bool) (x:hash_vec #hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) (i:uint32_t{i < V.size_of x}) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ RV.rv_inv h0 x /\ loc_disjoint (B.loc_buffer buf) (loc_rvector x))) + (ensures (fun h0 _ h1 -> RV.rv_inv h1 x /\ modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin + let vi = V.index x i in + let ok, pos = serialize_hash ok vi buf sz pos in + let j = i + 1ul in + if j < V.size_of x then serialize_hash_vec_i ok x buf sz pos j + else (ok, pos) + end + +private +let serialize_hash_vec + (#hash_size:hash_size_t) + (ok:bool) (x:hash_vec #hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ RV.rv_inv h0 x /\ HS.disjoint (B.frameOf buf) (Rgl?.region_of (hvreg hash_size) x))) + (ensures (fun h0 _ h1 -> RV.rv_inv h1 x /\ modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin + let h0 = HST.get() in + let ok, pos = serialize_uint32_t ok (V.size_of x) buf sz pos in + let h1 = HST.get() in + RV.rv_inv_preserved x (B.loc_buffer buf) h0 h1; + if ok && V.size_of x > 0ul then serialize_hash_vec_i ok x buf sz pos 0ul + else (ok, pos) + end + +private inline_for_extraction +let rec hash_vv_bytes_i + (#hash_size:hash_size_t) + (vv:hash_vv hash_size) + (i:uint32_t) +: HST.ST uint64_t + (requires (fun h0 -> V.live h0 vv)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if i >= V.size_of vv then 4UL + else begin + let vvi = V.index vv i in + let r = hash_vec_bytes vvi in + let rest = hash_vv_bytes_i vv (i+1ul) in + if u64_add_fits r rest then begin + assert (UInt.size (U64.v r + U64.v rest) 64); + r + rest + end + else uint64_max + end + +private inline_for_extraction +let hash_vv_bytes + (#hash_size:hash_size_t) + (vv:hash_vv hash_size {V.size_of vv = merkle_tree_size_lg}) +: HST.ST uint64_t + (requires (fun h0 -> V.live h0 vv)) + (ensures (fun h0 _ h1 -> h0 == h1)) += hash_vv_bytes_i vv 0ul + +private +let rec serialize_hash_vv_i + (#hash_size:hash_size_t) + (ok:bool) (x:hash_vv hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) (i:uint32_t{i < V.size_of x}) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ RV.rv_inv h0 x /\ HS.disjoint (B.frameOf buf) (Rgl?.region_of (hvvreg hash_size) x))) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin + let vi = V.index x i in + let h0 = HST.get() in + let ok, pos = serialize_hash_vec #hash_size ok vi buf sz pos in + let h1 = HST.get() in + RV.rv_inv_preserved x (B.loc_buffer buf) h0 h1; + let j = i + 1ul in + if j < V.size_of x then + serialize_hash_vv_i #hash_size ok x buf sz pos j + else (ok, pos) + end + +private +let serialize_hash_vv + (#hash_size:hash_size_t) + (ok:bool) (x:hash_vv hash_size) (buf:uint8_p) (sz:uint32_t{B.len buf = sz}) (pos:uint32_t) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> B.live h0 buf /\ RV.rv_inv h0 x /\ HS.disjoint (B.frameOf buf) (Rgl?.region_of (hvvreg hash_size) x))) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer buf) h0 h1)) += if not ok || pos >= sz then (false, 0ul) + else begin + let h0 = HST.get() in + let ok, pos = serialize_uint32_t ok (V.size_of x) buf sz pos in + let h1 = HST.get() in + RV.rv_inv_preserved x (B.loc_buffer buf) h0 h1; + if (V.size_of x > 0ul) then serialize_hash_vv_i ok x buf sz pos 0ul + else (ok, pos) + end + +private +let deserialize_bool (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (pos:uint32_t): HST.ST (bool & uint32_t & bool) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if not ok || pos >= sz then (false, pos, false) + else (true, pos + 1ul, (match CB.index buf pos with| 0uy -> false | _ -> true)) + +private +let deserialize_uint8_t (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (pos:uint32_t): HST.ST (bool & uint32_t & uint8_t) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if not ok || pos >= sz then (false, pos, 0uy) + else (true, pos + 1ul, CB.index buf pos) + +private +let deserialize_uint16_t (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (pos:uint32_t): HST.ST (bool & uint32_t & uint16_t) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if not ok || pos >= sz then (false, pos, 0us) + else begin + let ok, pos, b0 = deserialize_uint8_t ok buf sz pos in + let ok, pos, b1 = deserialize_uint8_t ok buf sz pos in + (ok, pos, (U16.shift_left (Int.Cast.uint8_to_uint16 b0) 8ul) + Int.Cast.uint8_to_uint16 b1) + end + +private +let deserialize_uint32_t (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (pos:uint32_t): HST.ST (bool & uint32_t & uint32_t) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if not ok || pos >= sz then (false, pos, 0ul) + else begin + let ok, pos, b0 = deserialize_uint16_t ok buf sz pos in + let ok, pos, b1 = deserialize_uint16_t ok buf sz pos in + (ok, pos, (U32.shift_left (Int.Cast.uint16_to_uint32 b0) 16ul) + Int.Cast.uint16_to_uint32 b1) + end + +private +let deserialize_uint64_t (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (pos:uint32_t): HST.ST (bool & uint32_t & uint64_t) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> h0 == h1)) += if not ok || pos >= sz then (false, pos, 0UL) + else begin + let ok, pos, b0 = deserialize_uint32_t ok buf sz pos in + let ok, pos, b1 = deserialize_uint32_t ok buf sz pos in + (ok, pos, (U64.shift_left (u32_64 b0) 32ul) + u32_64 b1) + end + +private let deserialize_offset_t = deserialize_uint64_t +private let deserialize_index_t = deserialize_uint32_t + +private +let deserialize_hash + (#hash_size:hash_size_t) + (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (r:HST.erid) (pos:uint32_t) +: HST.ST (bool & uint32_t & hash #hash_size) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 (k, _, h) h1 -> (k ==> Rgl?.r_inv (hreg hash_size) h1 h) /\ + loc_disjoint (loc_buffer (CB.cast buf)) (loc_buffer h) /\ + modifies B.loc_none h0 h1)) += let rg = hreg hash_size in + if not ok || pos >= sz then (false, pos, rg_dummy rg) + else if sz - pos < hash_size then (false, pos, rg_dummy rg) + else begin + let hash = rg_alloc rg r in + Lib.RawBuffer.blit (CB.cast buf) pos hash 0ul hash_size; + (true, pos + hash_size, hash) + end + +private +let rec deserialize_hash_vec_i + (#hash_size:hash_size_t) + (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (r:HST.erid) (pos:uint32_t) (res:hash_vec #hash_size) (i:uint32_t{i < V.size_of res}) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> CB.live h0 buf /\ V.live h0 res)) + (ensures (fun h0 _ h1 -> B.modifies (B.loc_buffer (V.Vec?.vs res)) h0 h1)) += if not ok || pos >= sz then (false, pos) + else begin + let ok, pos, h = deserialize_hash ok buf sz r pos in + if not ok then (false, pos) + else begin + V.assign res i h; + (* + * AR: 04/01: The call deserialize_hash_vec_i below needs liveness of buf + * So we have to frame buf liveness for the V.assign call + * V.assign provides a modifies postcondition in terms of + * loc_vector_within, which is a recursive predicate and + * I guess hard to reason about directly + * Whereas to reason about liveness of buf, we only need an + * overapproximation that V.assign modifies V.Vec?.vs res + * Looking at the Vector library, I found the following lemma + * that does the trick + *) + V.loc_vector_within_included res i (i + 1ul); + let j = i + 1ul in + if j < V.size_of res then deserialize_hash_vec_i ok buf sz r pos res j + else (true, pos) + end + end + +private +let deserialize_hash_vec + (#hash_size:hash_size_t) + (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (r:HST.erid) (pos:uint32_t) +: HST.ST (bool & uint32_t & hash_vec #hash_size) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> B.modifies B.loc_none h0 h1)) += let rg = hvreg hash_size in + if not ok || pos >= sz then (false, pos, rg_dummy rg) + else begin + let ok, pos, n = deserialize_uint32_t ok buf sz pos in + if not ok then (false, pos, V.alloc_empty hash) + else if n = 0ul then (true, pos, V.alloc_empty hash) + else begin + let hrg = hreg hash_size in + let res = V.alloc n (rg_dummy hrg) in + let ok, pos = deserialize_hash_vec_i ok buf sz r pos res 0ul in + (ok, pos, res) + end + end + +private +let rec deserialize_hash_vv_i + (#hash_size:hash_size_t) + (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (r:HST.erid) (pos:uint32_t) (res:hash_vv hash_size) (i:uint32_t{i < V.size_of res}) +: HST.ST (bool & uint32_t) + (requires (fun h0 -> CB.live h0 buf /\ V.live h0 res /\ + B.loc_disjoint (CB.loc_buffer buf) (V.loc_vector res))) + (ensures (fun h0 _ h1 -> modifies (B.loc_buffer (V.Vec?.vs res)) h0 h1)) += + if not ok || pos >= sz then (false, 0ul) + else begin + let ok, pos, hv = deserialize_hash_vec ok buf sz r pos in + let h0 = HST.get() in + if not ok then (false, pos) + else begin + V.assign res i hv; + (* + * AR: 04/01: The call deserialize_hash_vv_i below needs liveness of buf + * So we have to frame buf liveness for the V.assign call + * V.assign provides a modifies postcondition in terms of + * loc_vector_within, which is a recursive predicate and + * I guess hard to reason about directly + * Whereas to reason about liveness of buf, we only need an + * overapproximation that V.assign modifies V.Vec?.vs res + * Looking at the Vector library, I found the following lemma + * that does the trick + *) + V.loc_vector_within_included res i (i + 1ul); + let j = i + 1ul in + if j = V.size_of res then (true, pos) + else deserialize_hash_vv_i ok buf sz r pos res j + end + end + +private let deserialize_hash_vv + (#hash_size:hash_size_t) + (ok:bool) (buf:const_uint8_p) (sz:uint32_t{CB.length buf = U32.v sz}) (r:HST.erid) (pos:uint32_t) +: HST.ST (bool & uint32_t & hash_vv hash_size) + (requires (fun h0 -> CB.live h0 buf)) + (ensures (fun h0 _ h1 -> modifies B.loc_none h0 h1)) += if not ok || pos >= sz then (false, pos, V.alloc_empty hash_vec) + else begin + let ok, pos, n = deserialize_uint32_t ok buf sz pos in + if not ok then (false, pos, V.alloc_empty hash_vec) + else if n = 0ul then (true, pos, V.alloc_empty hash_vec) + else begin + let rg = hvreg hash_size in + let res = V.alloc n (rg_dummy rg) in + let ok, pos = deserialize_hash_vv_i ok buf sz r pos res 0ul in + (ok, pos, res) + end + end + +#push-options "--z3rlimit 10" +val mt_serialize_size: mt:const_mt_p -> HST.ST uint64_t + (requires (fun h0 -> mt_safe h0 (CB.cast mt))) + (ensures (fun _ _ h1 -> mt_safe h1 (CB.cast mt))) +let mt_serialize_size mt = + let mtv = !*(CB.cast mt) in + let hs = MT?.hs mtv in + let rhs_ok = MT?.rhs_ok mtv in + let rhs = MT?.rhs mtv in + let hs_sz = hash_vv_bytes hs in + if hs_sz < uint32_max then + 1UL + // format version + 4UL + // hash_size + 8UL + // offset + 4UL + 4UL + // i, j + hs_sz + // hs + 1UL + // rhs_ok + hash_vec_bytes rhs + // rhs + u32_64 (MT?.hash_size mtv) // mroot + else + uint64_max +#pop-options + +#push-options "--z3rlimit 15 --initial_fuel 1 --max_fuel 1" +val mt_serialize: mt:const_mt_p -> output:uint8_p -> sz:uint64_t -> HST.ST uint64_t + (requires (fun h0 -> mt_safe h0 (CB.cast mt) /\ B.live h0 output /\ B.length output = U64.v sz /\ + HS.disjoint (B.frameOf output) (B.frameOf (CB.cast mt)))) + (ensures (fun h0 _ h1 -> mt_safe h1 (CB.cast mt) /\ modifies (B.loc_buffer output) h0 h1)) +let mt_serialize mt output sz = + let mt = CB.cast mt in + let sz = FStar.Int.Cast.uint64_to_uint32 sz in + let mtv = !*mt in + let h0 = HST.get() in + let ok, pos = serialize_uint8_t true 1uy output sz 0ul in // format version = 1uy + let h1 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h0 h1; + let ok, pos = serialize_uint32_t ok (MT?.hash_size mtv) output sz pos in + let h2 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h1 h2; + let ok, pos = serialize_offset_t ok (MT?.offset mtv) output sz pos in + let h3 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h2 h3; + let ok, pos = serialize_uint32_t ok (MT?.i mtv) output sz pos in + let h4 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h3 h4; + let ok, pos = serialize_uint32_t ok (MT?.j mtv) output sz pos in + let h5 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h4 h5; + let ok, pos = serialize_hash_vv ok (MT?.hs mtv) output sz pos in + let h6 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h5 h6; + let ok, pos = serialize_bool ok (MT?.rhs_ok mtv) output sz pos in + let h7 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h6 h7; + let ok, pos = serialize_hash_vec ok (MT?.rhs mtv) output sz pos in + let h8 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h7 h8; + let ok, pos = serialize_hash ok (MT?.mroot mtv) output sz pos in + let h9 = HST.get() in mt_safe_preserved mt (B.loc_buffer output) h8 h9; + if ok then (FStar.Int.Cast.uint32_to_uint64 pos) else 0UL +#pop-options + +#push-options "--z3rlimit 15 --initial_fuel 2 --max_fuel 2 --initial_ifuel 1 --max_ifuel 1" +val mt_deserialize: + #hsz:Ghost.erased hash_size_t -> + rid:HST.erid -> + input:const_uint8_p -> + sz:uint64_t{CB.length input = U64.v sz} -> + hash_spec:Ghost.erased(MTS.hash_fun_t #(U32.v (Ghost.reveal hsz))) -> + hash_fun:hash_fun_t #(Ghost.reveal hsz) #hash_spec +-> HST.ST (B.pointer_or_null merkle_tree) + (requires (fun h0 -> CB.live h0 input /\ + HS.disjoint rid (B.frameOf (CB.cast input)))) + (ensures (fun h0 r h1 -> modifies B.loc_none h0 h1 /\ + (not (g_is_null r)) ==> MT?.hash_size (B.get h1 r 0) = Ghost.reveal hsz)) +let mt_deserialize #ghsz rid input sz hash_spec hash_fun = + let sz = FStar.Int.Cast.uint64_to_uint32 sz in + let hrid = HST.new_region rid in + let hvrid = HST.new_region rid in + let hvvrid = HST.new_region rid in + let ok, pos, format_version = deserialize_uint8_t true input sz 0ul in + let ok = ok && format_version = 1uy in + let ok, pos, hsz = deserialize_uint32_t ok input sz pos in + if hsz = 0ul then B.null #merkle_tree else begin + let ok, pos, offset = deserialize_offset_t ok input sz pos in + let ok, pos, i = deserialize_index_t ok input sz pos in + let ok, pos, j = deserialize_index_t ok input sz pos in + let ok, pos, hs = deserialize_hash_vv #hsz ok input sz hvvrid pos in + let ok, pos, rhs_ok = deserialize_bool ok input sz pos in + let ok, pos, rhs = deserialize_hash_vec #hsz ok input sz hvrid pos in + let ok, pos, mroot = deserialize_hash #hsz ok input sz hrid pos in + begin + if not ok || + not (merkle_tree_conditions #hsz offset i j hs rhs_ok rhs mroot) + then B.null #merkle_tree + else begin + assume (hsz = Ghost.reveal ghsz); // We trust the user to provide a suitable hash_fun. + B.malloc rid (MT hsz offset i j hs rhs_ok rhs mroot hash_spec hash_fun) 1ul + end + end + end + +val mt_serialize_path: #hsz:Ghost.erased hash_size_t -> p:const_path_p -> output:uint8_p -> sz:uint64_t -> HST.ST uint64_t + (requires (fun h0 -> let ncp = CB.cast p in + let phv = B.get h0 ncp 0 in + Path?.hash_size phv = Ghost.reveal hsz /\ + path_safe h0 (B.frameOf (CB.cast p)) ncp /\ RV.rv_inv #(hash #hsz) #hash_size_t #(hreg hsz) h0 (Path?.hashes phv) /\ + B.live h0 output /\ B.length output = U64.v sz /\ + HS.disjoint (B.frameOf output) (B.frameOf ncp))) + (ensures (fun h0 _ h1 -> path_safe h1 (B.frameOf (CB.cast p)) (CB.cast p) /\ + modifies (B.loc_buffer output) h0 h1)) +let mt_serialize_path #hsz p output sz = + let hsz = Path?.hash_size !*(CB.cast p) in + let sz = FStar.Int.Cast.uint64_to_uint32 sz in + let ncp = CB.cast p in + let h0 = HST.get() in + let ok, pos = serialize_uint32_t true hsz output sz 0ul in + let h1 = HST.get() in + let ncpd = !*ncp in + let ok, pos = serialize_hash_vec #hsz ok (Path?.hashes ncpd) output sz pos in + if ok then (FStar.Int.Cast.uint32_to_uint64 pos) else 0UL + +val mt_deserialize_path: + rid:HST.erid -> input:const_uint8_p -> sz:uint64_t{CB.length input = U64.v sz} +-> HST.ST (B.pointer_or_null path) + (requires (fun h0 -> CB.live h0 input /\ HS.disjoint rid (B.frameOf (CB.cast input)))) + (ensures (fun h0 r h1 -> modifies B.loc_none h0 h1)) +let mt_deserialize_path rid input sz = + let sz = FStar.Int.Cast.uint64_to_uint32 sz in + let hvvrid = HST.new_region rid in + let ok, pos, hash_size = deserialize_uint32_t true input sz 0ul in + if not ok || hash_size = 0ul then B.null #path + else + let ok, pos, hs = deserialize_hash_vec #hash_size ok input sz hvvrid pos in + begin + if not ok + then (B.null #path) + else (B.malloc rid (Path hash_size hs) 1ul) + end +#pop-options diff --git a/src/MerkleTree.Low.VectorExtras.fst b/src/MerkleTree.Low.VectorExtras.fst new file mode 100644 index 0000000..e235dd5 --- /dev/null +++ b/src/MerkleTree.Low.VectorExtras.fst @@ -0,0 +1,220 @@ +module MerkleTree.Low.VectorExtras + +module B = LowStar.Buffer +module S = FStar.Seq +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module U32 = FStar.UInt32 + +open LowStar.BufferOps +open Hacl.Hash.Lemmas +open FStar.Integers +open LowStar.Modifies +open LowStar.Regional + +open LowStar.Vector +open LowStar.RVector +module V = LowStar.Vector +module RV = LowStar.RVector + + +(** Some extra functions on top of LowStar.Vector... used for Merkle Tree. *) + +#set-options "--max_fuel 0 --max_ifuel 0 --z3rlimit 50" + +inline_for_extraction +let move_left #a (b: B.buffer a) (dst src: U32.t) (l: U32.t): HST.Stack unit + (requires fun h0 -> + B.live h0 b /\ + U32.v src + U32.v l <= B.length b /\ + U32.v dst <= U32.v src) + (ensures fun h0 _ h1 -> + B.(modifies (loc_buffer b) h0 h1) /\ ( + + let b0 = B.as_seq h0 b in + let b1 = B.as_seq h1 b in + let src = U32.v src in + let dst = U32.v dst in + let l = U32.v l in + S.slice b1 dst (dst + l) `S.equal` S.slice b0 src (src + l))) += + let h0 = HST.get () in + [@inline_let] + let inv (h: HS.mem) (i: nat) = + let b0 = B.as_seq h0 b in + let b1 = B.as_seq h b in + let src = U32.v src in + let dst = U32.v dst in + let l = U32.v l in + i <= l /\ + B.(modifies (loc_buffer b) h0 h) /\ + S.slice b1 dst (dst + i) `S.equal` S.slice b0 src (src + i) /\ + S.slice b1 (src + i) (src + l) `S.equal` S.slice b0 (src + i) (src + l) + in + let f (i: U32.t { U32.(0 <= v i /\ v i < v l) }): HST.Stack unit + (requires fun h0 -> inv h0 (U32.v i)) + (ensures fun h0 _ h1 -> U32.(inv h0 (v i) /\ inv h1 (v i + 1))) + = + let h00 = HST.get () in + calc (==) { + S.index (B.as_seq h0 b) U32.(v src + v i); + (==) {} + S.index (S.slice (B.as_seq h0 b) U32.(v src + v i) U32.(v src + v l)) 0; + (==) {} + S.index (S.slice (B.as_seq h00 b) U32.(v src + v i) U32.(v src + v l)) 0; + (==) {} + S.index (B.as_seq h00 b) U32.(v src + v i); + }; + b.(dst `U32.add` i) <- b.(src `U32.add` i); + let h = HST.get () in + let b0 = B.as_seq h0 b in + let b1 = B.as_seq h b in + let src = U32.v src in + let dst = U32.v dst in + let l = U32.v l in + let i = U32.v i in + calc (S.equal) { + S.slice b1 dst (dst + (i + 1)); + (S.equal) { lemma_slice_ijk b1 dst (dst + i) (dst + i + 1) } + S.slice b1 dst (dst + i) `S.append` S.slice b1 (dst + i) (dst + i + 1); + (S.equal) { } + S.slice b0 src (src + i) `S.append` S.slice b1 (dst + i) (dst + i + 1); + (S.equal) { } + S.slice b0 src (src + i) `S.append` S.cons (S.index b1 (dst + i)) S.empty; + (S.equal) { } + S.slice b0 src (src + i) `S.append` S.cons (S.index b0 (src + i)) S.empty; + (S.equal) { } + S.slice b0 src (src + i) `S.append` S.slice b0 (src + i) (src + i + 1); + (S.equal) { lemma_slice_ijk b0 src (src + i) (src + i + 1) } + S.slice b0 src (src + (i + 1)); + }; + let s1 = S.slice b1 (src + (i + 1)) (src + l) in + let s0 = S.slice b0 (src + (i + 1)) (src + l) in + let aux (j: nat { j < S.length s0 }): Lemma (S.index s0 j == S.index s1 j) + [ SMTPat (S.index s0 j); SMTPat (S.index s1 j) ] + = + calc (==) { + S.index s0 j; + (==) {} + S.index (S.slice b0 (src + i) (src + l)) (j + 1); + (==) {} + S.index (S.slice b1 (src + i) (src + l)) (j + 1); + (==) {} + S.index s1 j; + } + in + () + in + C.Loops.for 0ul l inv f + + +inline_for_extraction +val shrink: + #a:Type -> vec:vector a -> + new_size:uint32_t{new_size <= size_of vec} -> + HST.ST (vector a) + (requires (fun h0 -> live h0 vec /\ freeable vec)) + (ensures (fun h0 r h1 -> + live h1 vec /\ live h1 r /\ size_of r = new_size /\ + frameOf r = frameOf vec /\ + hmap_dom_eq h0 h1 /\ + freeable r /\ + modifies (loc_vector vec) h0 h1 /\ + loc_vector vec == loc_vector r /\ + S.equal (S.slice (V.as_seq h0 vec) 0 (U32.v new_size)) + (S.slice (V.as_seq h1 r) 0 (U32.v new_size)))) +let shrink #a vec new_size = + Vec new_size (Vec?.cap vec) (Vec?.vs vec) + + +inline_for_extraction +val flush_inplace: + #a:Type -> vec:vector a -> + i:uint32_t{i <= size_of vec} -> + HST.ST (vector a) + (requires (fun h0 -> + live h0 vec /\ freeable vec /\ + HST.is_eternal_region (frameOf vec))) + (ensures (fun h0 fvec h1 -> + frameOf vec = frameOf fvec /\ + hmap_dom_eq h0 h1 /\ + live h1 fvec /\ freeable fvec /\ + modifies (loc_vector vec) h0 h1 /\ + loc_vector vec == loc_vector fvec /\ + size_of fvec = size_of vec - i /\ + S.equal (V.as_seq h1 fvec) + (S.slice (V.as_seq h0 vec) (U32.v i) (U32.v (size_of vec))))) +let flush_inplace #a vec i = + let h0 = HST.get() in + if i >= size_of vec then + shrink vec 0ul + else if i = 0ul then + vec + else begin + let n_shifted = size_of vec - i in + move_left (Vec?.vs vec) 0ul i n_shifted; + shrink vec n_shifted + end + + +inline_for_extraction +val rv_flush_inplace: + #a:Type0 -> #rst:Type -> #rg:regional rst a -> + rv:rvector rg -> i:uint32_t{i <= size_of rv} -> + HST.ST (rvector rg) + (requires (fun h0 -> rv_inv h0 rv)) + (ensures (fun h0 frv h1 -> + V.size_of frv = V.size_of rv - i /\ + V.frameOf rv = V.frameOf frv /\ + modifies (loc_rvector rv) h0 h1 /\ + rv_inv h1 frv /\ + S.equal (as_seq h1 frv) + (S.slice (as_seq h0 rv) (U32.v i) (U32.v (V.size_of rv))))) +let rv_flush_inplace #a #rst #rg rv i = + let hh0 = HST.get () in + (if i = 0ul then () else free_elems rv (i - 1ul)); + rv_loc_elems_included hh0 rv 0ul i; + + let hh1 = HST.get () in + assert (modifies (rs_loc_elems rg (V.as_seq hh0 rv) 0 (U32.v i)) hh0 hh1); + let frv = flush_inplace rv i in + + let hh2 = HST.get () in + assert (modifies (loc_region_only false (V.frameOf rv)) hh1 hh2); + + // Safety + rs_loc_elems_disj + rg (V.as_seq hh0 rv) (V.frameOf rv) 0 (U32.v (V.size_of rv)) + 0 (U32.v i) (U32.v i) (U32.v (V.size_of rv)); + rs_loc_elems_parent_disj + rg (V.as_seq hh0 rv) (V.frameOf rv) + (U32.v i) (U32.v (V.size_of rv)); + rs_elems_inv_preserved + rg (V.as_seq hh0 rv) (U32.v i) (U32.v (V.size_of rv)) + (loc_union (rs_loc_elems rg (V.as_seq hh0 rv) 0 (U32.v i)) + (loc_region_only false (V.frameOf rv))) + hh0 hh2; + assert (rv_inv #a #rst #rg hh2 frv); + + // Correctness + as_seq_seq_preserved + rg (V.as_seq hh0 rv) (U32.v i) (U32.v (V.size_of rv)) + (loc_union (rs_loc_elems rg (V.as_seq hh0 rv) 0 (U32.v i)) + (loc_region_only false (V.frameOf rv))) + hh0 hh2; + as_seq_seq_slice + rg hh0 (V.as_seq hh0 rv) 0 (U32.v (V.size_of rv)) + (U32.v i) (U32.v (V.size_of rv)); + assert (S.equal (S.slice (as_seq hh0 rv) (U32.v i) (U32.v (V.size_of rv))) + (as_seq_seq rg hh2 (V.as_seq hh0 rv) + (U32.v i) (U32.v (V.size_of rv)))); + as_seq_seq_eq + rg hh2 (V.as_seq hh0 rv) (V.as_seq hh2 frv) + (U32.v i) (U32.v (V.size_of rv)) 0 (U32.v (V.size_of frv)); + assert (S.equal (as_seq_seq rg hh2 (V.as_seq hh2 frv) + 0 (U32.v (V.size_of frv))) + (as_seq_seq rg hh2 (V.as_seq hh0 rv) + (U32.v i) (U32.v (V.size_of rv)))); + assert (S.equal (S.slice (as_seq hh0 rv) (U32.v i) (U32.v (V.size_of rv))) + (as_seq hh2 frv)); + frv diff --git a/src/MerkleTree.Low.fst b/src/MerkleTree.Low.fst new file mode 100644 index 0000000..d8ce1d8 --- /dev/null +++ b/src/MerkleTree.Low.fst @@ -0,0 +1,3006 @@ +module MerkleTree.Low + +open EverCrypt.Helpers + +open FStar.All +open FStar.Integers +open FStar.Mul + +open LowStar.Buffer +open LowStar.BufferOps +open LowStar.Vector +open LowStar.Regional +open LowStar.RVector +open LowStar.Regional.Instances + +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module MHS = FStar.Monotonic.HyperStack +module HH = FStar.Monotonic.HyperHeap + +module B = LowStar.Buffer +module CB = LowStar.ConstBuffer +module V = LowStar.Vector +module RV = LowStar.RVector +module RVI = LowStar.Regional.Instances + +module S = FStar.Seq + +module U32 = FStar.UInt32 +module U64 = FStar.UInt64 + +module MTH = MerkleTree.New.High +module MTS = MerkleTree.Spec + +open Lib.IntTypes + +open MerkleTree.Low.Datastructures +open MerkleTree.Low.Hashfunctions +open MerkleTree.Low.VectorExtras + +#set-options "--z3rlimit 10 --initial_fuel 0 --max_fuel 0 --initial_ifuel 0 --max_ifuel 0" + +type const_pointer (a:Type0) = b:CB.const_buffer a{CB.length b == 1 /\ CB.qual_of b == CB.MUTABLE} + +/// Low-level Merkle tree data structure +/// +// NOTE: because of a lack of 64-bit LowStar.Buffer support, currently +// we cannot change below to some other types. +type index_t = uint32_t + +let uint32_32_max = 4294967295ul +inline_for_extraction +let uint32_max = 4294967295UL +let uint64_max = 18446744073709551615UL +let offset_range_limit = uint32_max + +type offset_t = uint64_t +inline_for_extraction noextract unfold let u32_64 = Int.Cast.uint32_to_uint64 +inline_for_extraction noextract unfold let u64_32 = Int.Cast.uint64_to_uint32 + +private inline_for_extraction +let offsets_connect (x:offset_t) (y:offset_t): Tot bool = y >= x && (y - x) <= offset_range_limit + +private inline_for_extraction +let split_offset (tree:offset_t) (index:offset_t{offsets_connect tree index}): Tot index_t = + [@inline_let] let diff = U64.sub_mod index tree in + assert (diff <= offset_range_limit); + Int.Cast.uint64_to_uint32 diff + +private inline_for_extraction +let add64_fits (x:offset_t) (i:index_t): Tot bool = uint64_max - x >= (u32_64 i) + +private inline_for_extraction +let join_offset (tree:offset_t) (i:index_t{add64_fits tree i}): Tot (r:offset_t{offsets_connect tree r}) = + U64.add tree (u32_64 i) + +inline_for_extraction val merkle_tree_size_lg: uint32_t +let merkle_tree_size_lg = 32ul + +// A Merkle tree `MT i j hs rhs_ok rhs` stores all necessary hashes to generate +// a Merkle path for each element from the index `i` to `j-1`. +// - Parameters +// `hs`: a 2-dim store for hashes, where `hs[0]` contains leaf hash values. +// `rhs_ok`: to check the rightmost hashes are up-to-date +// `rhs`: a store for "rightmost" hashes, manipulated only when required to +// calculate some merkle paths that need the rightmost hashes +// as a part of them. +// `mroot`: during the construction of `rhs` we can also calculate the Merkle +// root of the tree. If `rhs_ok` is true then it has the up-to-date +// root value. +noeq type merkle_tree = +| MT: hash_size:hash_size_t -> + offset:offset_t -> + i:index_t -> j:index_t{i <= j /\ add64_fits offset j} -> + hs:hash_vv hash_size {V.size_of hs = merkle_tree_size_lg} -> + rhs_ok:bool -> + rhs:hash_vec #hash_size {V.size_of rhs = merkle_tree_size_lg} -> + mroot:hash #hash_size -> + hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hash_size)) -> + hash_fun:hash_fun_t #hash_size #hash_spec -> + merkle_tree + +type mt_p = B.pointer merkle_tree +type const_mt_p = const_pointer merkle_tree + +inline_for_extraction +let merkle_tree_conditions (#hsz:Ghost.erased hash_size_t) (offset:uint64_t) (i j:uint32_t) (hs:hash_vv hsz) (rhs_ok:bool) (rhs:hash_vec #hsz) (mroot:hash #hsz): Tot bool = + j >= i && add64_fits offset j && + V.size_of hs = merkle_tree_size_lg && + V.size_of rhs = merkle_tree_size_lg + +// The maximum number of currently held elements in the tree is (2^32 - 1). +// cwinter: even when using 64-bit indices, we fail if the underlying 32-bit +// vector is full; this can be fixed if necessary. +private inline_for_extraction +val mt_not_full_nst: mtv:merkle_tree -> Tot bool +let mt_not_full_nst mtv = MT?.j mtv < uint32_32_max + +val mt_not_full: HS.mem -> mt_p -> GTot bool +let mt_not_full h mt = mt_not_full_nst (B.get h mt 0) + +/// (Memory) Safety + +val offset_of: i:index_t -> Tot index_t +let offset_of i = if i % 2ul = 0ul then i else i - 1ul + +// `mt_safe_elts` says that it is safe to access an element from `i` to `j - 1` +// at level `lv` in the Merkle tree, i.e., hs[lv][k] (i <= k < j) is a valid +// element. +inline_for_extraction noextract +val mt_safe_elts: + #hsz:hash_size_t -> + h:HS.mem -> lv:uint32_t{lv <= merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{j >= i} -> + GTot Type0 (decreases (32 - U32.v lv)) +let rec mt_safe_elts #hsz h lv hs i j = + if lv = merkle_tree_size_lg then true + else (let ofs = offset_of i in + V.size_of (V.get h hs lv) == j - ofs /\ + mt_safe_elts #hsz h (lv + 1ul) hs (i / 2ul) (j / 2ul)) + +#push-options "--initial_fuel 1 --max_fuel 1" +val mt_safe_elts_constr: + #hsz:hash_size_t -> + h:HS.mem -> lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{j >= i} -> + Lemma (requires (V.size_of (V.get h hs lv) == j - offset_of i /\ + mt_safe_elts #hsz h (lv + 1ul) hs (i / 2ul) (j / 2ul))) + (ensures (mt_safe_elts #hsz h lv hs i j)) +let mt_safe_elts_constr #_ h lv hs i j = () + +val mt_safe_elts_head: + #hsz:hash_size_t -> + h:HS.mem -> lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{j >= i} -> + Lemma (requires (mt_safe_elts #hsz h lv hs i j)) + (ensures (V.size_of (V.get h hs lv) == j - offset_of i)) +let mt_safe_elts_head #_ h lv hs i j = () + +val mt_safe_elts_rec: + #hsz:hash_size_t -> + h:HS.mem -> lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{j >= i} -> + Lemma (requires (mt_safe_elts #hsz h lv hs i j)) + (ensures (mt_safe_elts #hsz h (lv + 1ul) hs (i / 2ul) (j / 2ul))) +let mt_safe_elts_rec #_ h lv hs i j = () + +val mt_safe_elts_init: + #hsz:hash_size_t -> + h:HS.mem -> lv:uint32_t{lv <= merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + Lemma (requires (V.forall_ h hs lv (V.size_of hs) + (fun hv -> V.size_of hv = 0ul))) + (ensures (mt_safe_elts #hsz h lv hs 0ul 0ul)) + (decreases (32 - U32.v lv)) +let rec mt_safe_elts_init #hsz h lv hs = + if lv = merkle_tree_size_lg then () + else mt_safe_elts_init #hsz h (lv + 1ul) hs +#pop-options + +val mt_safe_elts_preserved: + #hsz:hash_size_t -> + lv:uint32_t{lv <= merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{j >= i} -> + p:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (V.live h0 hs /\ + mt_safe_elts #hsz h0 lv hs i j /\ + loc_disjoint p (V.loc_vector_within hs lv (V.size_of hs)) /\ + modifies p h0 h1)) + (ensures (mt_safe_elts #hsz h1 lv hs i j)) + (decreases (32 - U32.v lv)) + [SMTPat (V.live h0 hs); + SMTPat (mt_safe_elts #hsz h0 lv hs i j); + SMTPat (loc_disjoint p (RV.loc_rvector hs)); + SMTPat (modifies p h0 h1)] +#push-options "--z3rlimit 100 --initial_fuel 2 --max_fuel 2" +let rec mt_safe_elts_preserved #hsz lv hs i j p h0 h1 = + if lv = merkle_tree_size_lg then () + else (V.get_preserved hs lv p h0 h1; + mt_safe_elts_preserved #hsz (lv + 1ul) hs (i / 2ul) (j / 2ul) p h0 h1) +#pop-options + +// `mt_safe` is the invariant of a Merkle tree through its lifetime. +// It includes liveness, regionality, disjointness (to each data structure), +// and valid element access (`mt_safe_elts`). +inline_for_extraction noextract +val mt_safe: HS.mem -> mt_p -> GTot Type0 +let mt_safe h mt = + B.live h mt /\ B.freeable mt /\ + (let mtv = B.get h mt 0 in + // Liveness & Accessibility + RV.rv_inv h (MT?.hs mtv) /\ + RV.rv_inv h (MT?.rhs mtv) /\ + Rgl?.r_inv (hreg (MT?.hash_size mtv)) h (MT?.mroot mtv) /\ + mt_safe_elts h 0ul (MT?.hs mtv) (MT?.i mtv) (MT?.j mtv) /\ + // Regionality + HH.extends (V.frameOf (MT?.hs mtv)) (B.frameOf mt) /\ + HH.extends (V.frameOf (MT?.rhs mtv)) (B.frameOf mt) /\ + HH.extends (B.frameOf (MT?.mroot mtv)) (B.frameOf mt) /\ + HH.disjoint (V.frameOf (MT?.hs mtv)) (V.frameOf (MT?.rhs mtv)) /\ + HH.disjoint (V.frameOf (MT?.hs mtv)) (B.frameOf (MT?.mroot mtv)) /\ + HH.disjoint (V.frameOf (MT?.rhs mtv)) (B.frameOf (MT?.mroot mtv))) + +// Since a Merkle tree satisfies regionality, it's ok to take all regions from +// a tree pointer as a location of the tree. +val mt_loc: mt_p -> GTot loc +let mt_loc mt = B.loc_all_regions_from false (B.frameOf mt) + +val mt_safe_preserved: + mt:mt_p -> p:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (mt_safe h0 mt /\ + loc_disjoint p (mt_loc mt) /\ + modifies p h0 h1)) + (ensures (B.get h0 mt 0 == B.get h1 mt 0 /\ + mt_safe h1 mt)) +let mt_safe_preserved mt p h0 h1 = + assert (loc_includes (mt_loc mt) (B.loc_buffer mt)); + let mtv = B.get h0 mt 0 in + assert (loc_includes (mt_loc mt) (RV.loc_rvector (MT?.hs mtv))); + assert (loc_includes (mt_loc mt) (RV.loc_rvector (MT?.rhs mtv))); + assert (loc_includes (mt_loc mt) (V.loc_vector (MT?.hs mtv))); + assert (loc_includes (mt_loc mt) + (B.loc_all_regions_from false (B.frameOf (MT?.mroot mtv)))); + RV.rv_inv_preserved (MT?.hs mtv) p h0 h1; + RV.rv_inv_preserved (MT?.rhs mtv) p h0 h1; + Rgl?.r_sep (hreg (MT?.hash_size mtv)) (MT?.mroot mtv) p h0 h1; + V.loc_vector_within_included (MT?.hs mtv) 0ul (V.size_of (MT?.hs mtv)); + mt_safe_elts_preserved 0ul (MT?.hs mtv) (MT?.i mtv) (MT?.j mtv) p h0 h1 + +/// Lifting to a high-level Merkle tree structure + +val mt_safe_elts_spec: + #hsz:hash_size_t -> + h:HS.mem -> + lv:uint32_t{lv <= merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + i:index_t -> + j:index_t{j >= i} -> + Lemma (requires (RV.rv_inv h hs /\ + mt_safe_elts #hsz h lv hs i j)) + (ensures (MTH.hs_wf_elts #(U32.v hsz) + (U32.v lv) (RV.as_seq h hs) + (U32.v i) (U32.v j))) + (decreases (32 - U32.v lv)) +#push-options "--z3rlimit 100 --initial_fuel 2 --max_fuel 2" +let rec mt_safe_elts_spec #_ h lv hs i j = + if lv = merkle_tree_size_lg then () + else mt_safe_elts_spec h (lv + 1ul) hs (i / 2ul) (j / 2ul) +#pop-options + +val merkle_tree_lift: + h:HS.mem -> + mtv:merkle_tree{ + RV.rv_inv h (MT?.hs mtv) /\ + RV.rv_inv h (MT?.rhs mtv) /\ + Rgl?.r_inv (hreg (MT?.hash_size mtv)) h (MT?.mroot mtv) /\ + mt_safe_elts #(MT?.hash_size mtv) h 0ul (MT?.hs mtv) (MT?.i mtv) (MT?.j mtv)} -> + GTot (r:MTH.merkle_tree #(U32.v (MT?.hash_size mtv)) {MTH.mt_wf_elts #_ r}) +let merkle_tree_lift h mtv = + mt_safe_elts_spec h 0ul (MT?.hs mtv) (MT?.i mtv) (MT?.j mtv); + MTH.MT #(U32.v (MT?.hash_size mtv)) + (U32.v (MT?.i mtv)) + (U32.v (MT?.j mtv)) + (RV.as_seq h (MT?.hs mtv)) + (MT?.rhs_ok mtv) + (RV.as_seq h (MT?.rhs mtv)) + (Rgl?.r_repr (hreg (MT?.hash_size mtv)) h (MT?.mroot mtv)) + (Ghost.reveal (MT?.hash_spec mtv)) + +val mt_lift: + h:HS.mem -> mt:mt_p{mt_safe h mt} -> + GTot (r:MTH.merkle_tree #(U32.v (MT?.hash_size (B.get h mt 0))) {MTH.mt_wf_elts #_ r}) +let mt_lift h mt = + merkle_tree_lift h (B.get h mt 0) + +val mt_preserved: + mt:mt_p -> p:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (mt_safe h0 mt /\ + loc_disjoint p (mt_loc mt) /\ + modifies p h0 h1)) + (ensures (mt_safe_preserved mt p h0 h1; + mt_lift h0 mt == mt_lift h1 mt)) +let mt_preserved mt p h0 h1 = + assert (loc_includes (B.loc_all_regions_from false (B.frameOf mt)) + (B.loc_buffer mt)); + B.modifies_buffer_elim mt p h0 h1; + assert (B.get h0 mt 0 == B.get h1 mt 0); + assert (loc_includes (B.loc_all_regions_from false (B.frameOf mt)) + (RV.loc_rvector (MT?.hs (B.get h0 mt 0)))); + assert (loc_includes (B.loc_all_regions_from false (B.frameOf mt)) + (RV.loc_rvector (MT?.rhs (B.get h0 mt 0)))); + assert (loc_includes (B.loc_all_regions_from false (B.frameOf mt)) + (B.loc_buffer (MT?.mroot (B.get h0 mt 0)))); + RV.as_seq_preserved (MT?.hs (B.get h0 mt 0)) p h0 h1; + RV.as_seq_preserved (MT?.rhs (B.get h0 mt 0)) p h0 h1; + B.modifies_buffer_elim (MT?.mroot (B.get h0 mt 0)) p h0 h1 + + +/// Construction + +// Note that the public function for creation is `mt_create` defined below, +// which builds a tree with an initial hash. +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +private +val create_empty_mt: + hash_size:hash_size_t -> + hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hash_size)) -> + hash_fun:hash_fun_t #hash_size #hash_spec -> + r:HST.erid -> + HST.ST mt_p + (requires (fun _ -> true)) + (ensures (fun h0 mt h1 -> + let dmt = B.get h1 mt 0 in + // memory safety + B.frameOf mt = r /\ + modifies (mt_loc mt) h0 h1 /\ + mt_safe h1 mt /\ + mt_not_full h1 mt /\ + // correctness + MT?.hash_size dmt = hash_size /\ + MT?.offset dmt = 0UL /\ + merkle_tree_lift h1 dmt == MTH.create_empty_mt #_ #(Ghost.reveal hash_spec) ())) +let create_empty_mt hsz hash_spec hash_fun r = + [@inline_let] let hrg = hreg hsz in + [@inline_let] let hvrg = hvreg hsz in + [@inline_let] let hvvrg = hvvreg hsz in + let hs_region = HST.new_region r in + let hs = RV.alloc_rid hvrg merkle_tree_size_lg hs_region in + let h0 = HST.get () in + mt_safe_elts_init #hsz h0 0ul hs; + let rhs_region = HST.new_region r in + let rhs = RV.alloc_rid hrg merkle_tree_size_lg rhs_region in + let h1 = HST.get () in + assert (RV.as_seq h1 rhs == S.create 32 (MTH.hash_init #(U32.v hsz))); + RV.rv_inv_preserved hs (V.loc_vector rhs) h0 h1; + RV.as_seq_preserved hs (V.loc_vector rhs) h0 h1; + V.loc_vector_within_included hs 0ul (V.size_of hs); + mt_safe_elts_preserved #hsz 0ul hs 0ul 0ul (V.loc_vector rhs) h0 h1; + let mroot_region = HST.new_region r in + let mroot = rg_alloc hrg mroot_region in + let h2 = HST.get () in + RV.as_seq_preserved hs loc_none h1 h2; + RV.as_seq_preserved rhs loc_none h1 h2; + mt_safe_elts_preserved #hsz 0ul hs 0ul 0ul loc_none h1 h2; + let mt = B.malloc r (MT hsz 0UL 0ul 0ul hs false rhs mroot hash_spec hash_fun) 1ul in + let h3 = HST.get () in + RV.as_seq_preserved hs loc_none h2 h3; + RV.as_seq_preserved rhs loc_none h2 h3; + Rgl?.r_sep hrg mroot loc_none h2 h3; + mt_safe_elts_preserved #hsz 0ul hs 0ul 0ul loc_none h2 h3; + mt +#pop-options + +/// Destruction (free) + +val mt_free: mt:mt_p -> + HST.ST unit + (requires (fun h0 -> mt_safe h0 mt)) + (ensures (fun h0 _ h1 -> modifies (mt_loc mt) h0 h1)) +#push-options "--z3rlimit 100" +let mt_free mt = + let mtv = !*mt in + RV.free (MT?.hs mtv); + RV.free (MT?.rhs mtv); + [@inline_let] let rg = hreg (MT?.hash_size mtv) in + rg_free rg (MT?.mroot mtv); + B.free mt +#pop-options + +/// Insertion + +private +val as_seq_sub_upd: + #a:Type0 -> #rst:Type -> #rg:regional rst a -> + h:HS.mem -> rv:rvector #a #rst rg -> + i:uint32_t{i < V.size_of rv} -> v:Rgl?.repr rg -> + Lemma (requires (RV.rv_inv h rv)) + (ensures (S.equal (S.upd (RV.as_seq h rv) (U32.v i) v) + (S.append + (RV.as_seq_sub h rv 0ul i) + (S.cons v (RV.as_seq_sub h rv (i + 1ul) (V.size_of rv)))))) +#push-options "--z3rlimit 20" +let as_seq_sub_upd #a #rst #rg h rv i v = + Seq.Properties.slice_upd (RV.as_seq h rv) 0 (U32.v i) (U32.v i) v; + Seq.Properties.slice_upd (RV.as_seq h rv) (U32.v i + 1) (U32.v (V.size_of rv)) (U32.v i) v; + RV.as_seq_seq_slice rg h (V.as_seq h rv) + 0 (U32.v (V.size_of rv)) 0 (U32.v i); + assert (S.equal (S.slice (RV.as_seq h rv) 0 (U32.v i)) + (RV.as_seq_sub h rv 0ul i)); + RV.as_seq_seq_slice rg h (V.as_seq h rv) + 0 (U32.v (V.size_of rv)) (U32.v i + 1) (U32.v (V.size_of rv)); + assert (S.equal (S.slice (RV.as_seq h rv) (U32.v i + 1) (U32.v (V.size_of rv))) + (RV.as_seq_sub h rv (i + 1ul) (V.size_of rv))); + assert (S.index (S.upd (RV.as_seq h rv) (U32.v i) v) (U32.v i) == v) +#pop-options + +// `hash_vv_insert_copy` inserts a hash element at a level `lv`, by copying +// and pushing its content to `hs[lv]`. For detailed insertion procedure, see +// `insert_` and `mt_insert`. +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1" +private +inline_for_extraction +val hash_vv_insert_copy: + #hsz:hash_size_t -> + lv:uint32_t{lv < merkle_tree_size_lg} -> + i:Ghost.erased index_t -> + j:index_t{ + Ghost.reveal i <= j && + U32.v j < pow2 (32 - U32.v lv) - 1 && + j < uint32_32_max} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + v:hash #hsz -> + HST.ST unit + (requires (fun h0 -> + RV.rv_inv h0 hs /\ + Rgl?.r_inv (hreg hsz) h0 v /\ + HH.disjoint (V.frameOf hs) (B.frameOf v) /\ + mt_safe_elts #hsz h0 lv hs (Ghost.reveal i) j)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + h0 h1 /\ + RV.rv_inv h1 hs /\ + Rgl?.r_inv (hreg hsz) h1 v /\ + V.size_of (V.get h1 hs lv) == j + 1ul - offset_of (Ghost.reveal i) /\ + V.size_of (V.get h1 hs lv) == V.size_of (V.get h0 hs lv) + 1ul /\ + mt_safe_elts #hsz h1 (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul) /\ + RV.rv_loc_elems h0 hs (lv + 1ul) (V.size_of hs) == + RV.rv_loc_elems h1 hs (lv + 1ul) (V.size_of hs) /\ + // correctness + (mt_safe_elts_spec #hsz h0 lv hs (Ghost.reveal i) j; + S.equal (RV.as_seq h1 hs) + (MTH.hashess_insert + (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq h0 hs) (Rgl?.r_repr (hreg hsz) h0 v))) /\ + S.equal (S.index (RV.as_seq h1 hs) (U32.v lv)) + (S.snoc (S.index (RV.as_seq h0 hs) (U32.v lv)) + (Rgl?.r_repr (hreg hsz) h0 v)))) +let hash_vv_insert_copy #hsz lv i j hs v = + let hh0 = HST.get () in + mt_safe_elts_rec hh0 lv hs (Ghost.reveal i) j; + + /// 1) Insert an element at the level `lv`, where the new vector is not yet + /// connected to `hs`. + let ihv = RV.insert_copy (hcpy hsz) (V.index hs lv) v in + let hh1 = HST.get () in + + // 1-0) Basic disjointness conditions + V.forall2_forall_left hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.forall2_forall_right hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.loc_vector_within_included hs lv (lv + 1ul); + V.loc_vector_within_included hs (lv + 1ul) (V.size_of hs); + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + + // 1-1) For the `modifies` postcondition. + assert (modifies (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) hh0 hh1); + + // 1-2) Preservation + Rgl?.r_sep (hreg hsz) v (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; + + // 1-3) For `mt_safe_elts` + assert (V.size_of ihv == j + 1ul - offset_of (Ghost.reveal i)); // head updated + mt_safe_elts_preserved + (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; // tail not yet + + // 1-4) For the `rv_inv` postcondition + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) 0 (U32.v lv) (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v lv); + RV.rv_elems_inv_preserved + hs 0ul lv (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs 0ul lv); + + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) + (U32.v lv + 1) (U32.v (V.size_of hs)) + (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + (U32.v lv + 1) (U32.v (V.size_of hs)); + RV.rv_elems_inv_preserved + hs (lv + 1ul) (V.size_of hs) (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs (lv + 1ul) (V.size_of hs)); + + // assert (rv_itself_inv hh1 hs); + // assert (elems_reg hh1 hs); + + // 1-5) Correctness + assert (S.equal (RV.as_seq hh1 ihv) + (S.snoc (RV.as_seq hh0 (V.get hh0 hs lv)) (Rgl?.r_repr (hreg hsz) hh0 v))); + + /// 2) Assign the updated vector to `hs` at the level `lv`. + RV.assign hs lv ihv; + let hh2 = HST.get () in + + // 2-1) For the `modifies` postcondition. + assert (modifies (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2); + assert (modifies (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) hh0 hh2); + + // 2-2) Preservation + Rgl?.r_sep (hreg hsz) v (RV.loc_rvector hs) hh1 hh2; + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-3) For `mt_safe_elts` + assert (V.size_of (V.get hh2 hs lv) == j + 1ul - offset_of (Ghost.reveal i)); + mt_safe_elts_preserved + (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-4) Correctness + RV.as_seq_sub_preserved hs 0ul lv (loc_rvector ihv) hh0 hh1; + RV.as_seq_sub_preserved hs (lv + 1ul) merkle_tree_size_lg (loc_rvector ihv) hh0 hh1; + assert (S.equal (RV.as_seq hh2 hs) + (S.append + (RV.as_seq_sub hh0 hs 0ul lv) + (S.cons (RV.as_seq hh1 ihv) + (RV.as_seq_sub hh0 hs (lv + 1ul) merkle_tree_size_lg)))); + as_seq_sub_upd hh0 hs lv (RV.as_seq hh1 ihv) +#pop-options + +private +val insert_index_helper_even: + lv:uint32_t{lv < merkle_tree_size_lg} -> + j:index_t{U32.v j < pow2 (32 - U32.v lv) - 1} -> + Lemma (requires (j % 2ul <> 1ul)) + (ensures (U32.v j % 2 <> 1 /\ j / 2ul == (j + 1ul) / 2ul)) +let insert_index_helper_even lv j = () + +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +private +val insert_index_helper_odd: + lv:uint32_t{lv < merkle_tree_size_lg} -> + i:index_t -> + j:index_t{i <= j && U32.v j < pow2 (32 - U32.v lv) - 1} -> + Lemma (requires (j % 2ul = 1ul /\ + j < uint32_32_max)) + (ensures (U32.v j % 2 = 1 /\ + U32.v (j / 2ul) < pow2 (32 - U32.v (lv + 1ul)) - 1 /\ + (j + 1ul) / 2ul == j / 2ul + 1ul /\ + j - offset_of i > 0ul)) +let insert_index_helper_odd lv i j = () +#pop-options + +private +val loc_union_assoc_4: + a:loc -> b:loc -> c:loc -> d:loc -> + Lemma (loc_union (loc_union a b) (loc_union c d) == + loc_union (loc_union a c) (loc_union b d)) +let loc_union_assoc_4 a b c d = + loc_union_assoc (loc_union a b) c d; + loc_union_assoc a b c; + loc_union_assoc a c b; + loc_union_assoc (loc_union a c) b d + +private +val insert_modifies_rec_helper: + #hsz:hash_size_t -> + lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + aloc:loc -> + h:HS.mem -> + Lemma (loc_union + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + aloc) + (loc_union + (loc_union + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + aloc) == + loc_union + (loc_union + (RV.rv_loc_elems h hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) + aloc) +#push-options "--z3rlimit 100 --initial_fuel 2 --max_fuel 2" +let insert_modifies_rec_helper #hsz lv hs aloc h = + assert (V.loc_vector_within hs lv (V.size_of hs) == + loc_union (V.loc_vector_within hs lv (lv + 1ul)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))); + RV.rs_loc_elems_rec_inverse (hvreg hsz) (V.as_seq h hs) (U32.v lv) (U32.v (V.size_of hs)); + assert (RV.rv_loc_elems h hs lv (V.size_of hs) == + loc_union (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs))); + + // Applying some association rules... + loc_union_assoc + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) aloc + (loc_union + (loc_union + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + aloc); + loc_union_assoc + (loc_union + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) aloc aloc; + loc_union_assoc + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (loc_union + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + aloc; + loc_union_assoc_4 + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul)) + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs)) +#pop-options + +private +val insert_modifies_union_loc_weakening: + l1:loc -> l2:loc -> l3:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (modifies l1 h0 h1)) + (ensures (modifies (loc_union (loc_union l1 l2) l3) h0 h1)) +let insert_modifies_union_loc_weakening l1 l2 l3 h0 h1 = + B.loc_includes_union_l l1 l2 l1; + B.loc_includes_union_l (loc_union l1 l2) l3 (loc_union l1 l2) + +private +val insert_snoc_last_helper: + #a:Type -> s:S.seq a{S.length s > 0} -> v:a -> + Lemma (S.index (S.snoc s v) (S.length s - 1) == S.last s) +let insert_snoc_last_helper #a s v = () + +private +val rv_inv_rv_elems_reg: + #a:Type0 -> #rst:Type -> #rg:regional rst a -> + h:HS.mem -> rv:rvector rg -> + i:uint32_t -> j:uint32_t{i <= j && j <= V.size_of rv} -> + Lemma (requires (RV.rv_inv h rv)) + (ensures (RV.rv_elems_reg h rv i j)) +let rv_inv_rv_elems_reg #a #rst #rg h rv i j = () + +// `insert_` recursively inserts proper hashes to each level `lv` by +// accumulating a compressed hash. For example, if there are three leaf elements +// in the tree, `insert_` will change `hs` as follow: +// (`hij` is a compressed hash from `hi` to `hj`) +// +// BEFORE INSERTION AFTER INSERTION +// lv +// 0 h0 h1 h2 ====> h0 h1 h2 h3 +// 1 h01 h01 h23 +// 2 h03 +// +private +val insert_: + #hsz:hash_size_t -> + #hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hsz)) -> + lv:uint32_t{lv < merkle_tree_size_lg} -> + i:Ghost.erased index_t -> + j:index_t{ + Ghost.reveal i <= j && + U32.v j < pow2 (32 - U32.v lv) - 1 && + j < uint32_32_max} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + acc:hash #hsz -> + hash_fun:hash_fun_t #hsz #hash_spec -> + HST.ST unit + (requires (fun h0 -> + RV.rv_inv h0 hs /\ + Rgl?.r_inv (hreg hsz) h0 acc /\ + HH.disjoint (V.frameOf hs) (B.frameOf acc) /\ + mt_safe_elts h0 lv hs (Ghost.reveal i) j)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (loc_union + (loc_union + (RV.rv_loc_elems h0 hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc))) + h0 h1 /\ + RV.rv_inv h1 hs /\ + Rgl?.r_inv (hreg hsz) h1 acc /\ + mt_safe_elts h1 lv hs (Ghost.reveal i) (j + 1ul) /\ + // correctness + (mt_safe_elts_spec h0 lv hs (Ghost.reveal i) j; + S.equal (RV.as_seq h1 hs) + (MTH.insert_ #(U32.v hsz) #hash_spec (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq h0 hs) (Rgl?.r_repr (hreg hsz) h0 acc))))) + (decreases (U32.v j)) +#push-options "--z3rlimit 800 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +let rec insert_ #hsz #hash_spec lv i j hs acc hash_fun = + let hh0 = HST.get () in + hash_vv_insert_copy lv i j hs acc; + let hh1 = HST.get () in + + // Base conditions + V.loc_vector_within_included hs lv (lv + 1ul); + V.loc_vector_within_included hs (lv + 1ul) (V.size_of hs); + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + + assert (V.size_of (V.get hh1 hs lv) == j + 1ul - offset_of (Ghost.reveal i)); + assert (mt_safe_elts hh1 (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul)); + + if j % 2ul = 1ul + then (insert_index_helper_odd lv (Ghost.reveal i) j; + assert (S.length (S.index (RV.as_seq hh0 hs) (U32.v lv)) > 0); + let lvhs = V.index hs lv in + assert (U32.v (V.size_of lvhs) == + S.length (S.index (RV.as_seq hh0 hs) (U32.v lv)) + 1); + assert (V.size_of lvhs > 1ul); + + /// 3) Update the accumulator `acc`. + hash_vec_rv_inv_r_inv hh1 (V.get hh1 hs lv) (V.size_of (V.get hh1 hs lv) - 2ul); + assert (Rgl?.r_inv (hreg hsz) hh1 acc); + hash_fun (V.index lvhs (V.size_of lvhs - 2ul)) acc acc; + let hh2 = HST.get () in + + // 3-1) For the `modifies` postcondition + assert (modifies (B.loc_all_regions_from false (B.frameOf acc)) hh1 hh2); + assert (modifies + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (B.loc_all_regions_from false (B.frameOf acc))) + hh0 hh2); + + // 3-2) Preservation + RV.rv_inv_preserved + hs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + RV.as_seq_preserved + hs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + assert (RV.rv_inv hh2 hs); + assert (Rgl?.r_inv (hreg hsz) hh2 acc); + + // 3-3) For `mt_safe_elts` + V.get_preserved hs lv + (B.loc_region_only false (B.frameOf acc)) hh1 hh2; // head preserved + mt_safe_elts_preserved + (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul) + (B.loc_region_only false (B.frameOf acc)) hh1 hh2; // tail preserved + + // 3-4) Correctness + insert_snoc_last_helper + (RV.as_seq hh0 (V.get hh0 hs lv)) + (Rgl?.r_repr (hreg hsz) hh0 acc); + assert (S.equal (Rgl?.r_repr (hreg hsz) hh2 acc) // `nacc` in `MTH.insert_` + ((Ghost.reveal hash_spec) + (S.last (S.index (RV.as_seq hh0 hs) (U32.v lv))) + (Rgl?.r_repr (hreg hsz) hh0 acc))); + + /// 4) Recursion + insert_ (lv + 1ul) + (Ghost.hide (Ghost.reveal i / 2ul)) (j / 2ul) + hs acc hash_fun; + let hh3 = HST.get () in + + // 4-0) Memory safety brought from the postcondition of the recursion + assert (RV.rv_inv hh3 hs); + assert (Rgl?.r_inv (hreg hsz) hh3 acc); + assert (modifies (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc))) + hh2 hh3); + assert (modifies + (loc_union + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (B.loc_all_regions_from false (B.frameOf acc))) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc)))) + hh0 hh3); + + // 4-1) For `mt_safe_elts` + rv_inv_rv_elems_reg hh2 hs (lv + 1ul) (V.size_of hs); + RV.rv_loc_elems_included hh2 hs (lv + 1ul) (V.size_of hs); + assert (loc_disjoint + (V.loc_vector_within hs lv (lv + 1ul)) + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs))); + assert (loc_disjoint + (V.loc_vector_within hs lv (lv + 1ul)) + (B.loc_all_regions_from false (B.frameOf acc))); + V.get_preserved hs lv + (loc_union + (loc_union + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs)) + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc))) + hh2 hh3; + + assert (V.size_of (V.get hh3 hs lv) == + j + 1ul - offset_of (Ghost.reveal i)); // head preserved + assert (mt_safe_elts hh3 (lv + 1ul) hs + (Ghost.reveal i / 2ul) (j / 2ul + 1ul)); // tail by recursion + mt_safe_elts_constr hh3 lv hs (Ghost.reveal i) (j + 1ul); + assert (mt_safe_elts hh3 lv hs (Ghost.reveal i) (j + 1ul)); + + // 4-2) Correctness + mt_safe_elts_spec hh2 (lv + 1ul) hs (Ghost.reveal i / 2ul) (j / 2ul); + assert (S.equal (RV.as_seq hh3 hs) + (MTH.insert_ #(U32.v hsz) #(Ghost.reveal hash_spec) (U32.v lv + 1) (U32.v (Ghost.reveal i) / 2) (U32.v j / 2) + (RV.as_seq hh2 hs) (Rgl?.r_repr (hreg hsz) hh2 acc))); + mt_safe_elts_spec hh0 lv hs (Ghost.reveal i) j; + MTH.insert_rec #(U32.v hsz) #(Ghost.reveal hash_spec) (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq hh0 hs) (Rgl?.r_repr (hreg hsz) hh0 acc); + assert (S.equal (RV.as_seq hh3 hs) + (MTH.insert_ #(U32.v hsz) #(Ghost.reveal hash_spec) (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq hh0 hs) (Rgl?.r_repr (hreg hsz) hh0 acc)))) + else (insert_index_helper_even lv j; + // memory safety + assert (mt_safe_elts hh1 (lv + 1ul) hs (Ghost.reveal i / 2ul) ((j + 1ul) / 2ul)); + mt_safe_elts_constr hh1 lv hs (Ghost.reveal i) (j + 1ul); + assert (mt_safe_elts hh1 lv hs (Ghost.reveal i) (j + 1ul)); + assert (modifies + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + hh0 hh1); + insert_modifies_union_loc_weakening + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (B.loc_all_regions_from false (B.frameOf acc)) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc))) + hh0 hh1; + // correctness + mt_safe_elts_spec hh0 lv hs (Ghost.reveal i) j; + MTH.insert_base #(U32.v hsz) #(Ghost.reveal hash_spec) (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq hh0 hs) (Rgl?.r_repr (hreg hsz) hh0 acc); + assert (S.equal (RV.as_seq hh1 hs) + (MTH.insert_ #(U32.v hsz) #(Ghost.reveal hash_spec) (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq hh0 hs) (Rgl?.r_repr (hreg hsz) hh0 acc)))); + + /// 5) Proving the postcondition after recursion + let hh4 = HST.get () in + + // 5-1) For the `modifies` postcondition. + assert (modifies + (loc_union + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (B.loc_all_regions_from false (B.frameOf acc))) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf acc)))) + hh0 hh4); + insert_modifies_rec_helper + lv hs (B.loc_all_regions_from false (B.frameOf acc)) hh0; + + // 5-2) For `mt_safe_elts` + assert (mt_safe_elts hh4 lv hs (Ghost.reveal i) (j + 1ul)); + + // 5-3) Preservation + assert (RV.rv_inv hh4 hs); + assert (Rgl?.r_inv (hreg hsz) hh4 acc); + + // 5-4) Correctness + mt_safe_elts_spec hh0 lv hs (Ghost.reveal i) j; + assert (S.equal (RV.as_seq hh4 hs) + (MTH.insert_ #(U32.v hsz) #hash_spec (U32.v lv) (U32.v (Ghost.reveal i)) (U32.v j) + (RV.as_seq hh0 hs) (Rgl?.r_repr (hreg hsz) hh0 acc))) // QED +#pop-options + +private inline_for_extraction +val mt_insert_pre_nst: mtv:merkle_tree -> v:hash #(MT?.hash_size mtv) -> Tot bool +let mt_insert_pre_nst mtv v = mt_not_full_nst mtv && add64_fits (MT?.offset mtv) ((MT?.j mtv) + 1ul) + +val mt_insert_pre: #hsz:Ghost.erased hash_size_t -> mt:const_mt_p -> v:hash #hsz -> HST.ST bool + (requires (fun h0 -> mt_safe h0 (CB.cast mt) /\ (MT?.hash_size (B.get h0 (CB.cast mt) 0)) = Ghost.reveal hsz)) + (ensures (fun _ _ _ -> True)) +let mt_insert_pre #hsz mt v = + let mt = !*(CB.cast mt) in + assert (MT?.hash_size mt == (MT?.hash_size mt)); + mt_insert_pre_nst mt v + +// `mt_insert` inserts a hash to a Merkle tree. Note that this operation +// manipulates the content in `v`, since it uses `v` as an accumulator during +// insertion. +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +val mt_insert: + hsz:Ghost.erased hash_size_t -> + mt:mt_p -> v:hash #hsz -> + HST.ST unit + (requires (fun h0 -> + let dmt = B.get h0 mt 0 in + mt_safe h0 mt /\ + Rgl?.r_inv (hreg hsz) h0 v /\ + HH.disjoint (B.frameOf mt) (B.frameOf v) /\ + MT?.hash_size dmt = Ghost.reveal hsz /\ + mt_insert_pre_nst dmt v)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (loc_union + (mt_loc mt) + (B.loc_all_regions_from false (B.frameOf v))) + h0 h1 /\ + mt_safe h1 mt /\ + // correctness + MT?.hash_size (B.get h1 mt 0) = Ghost.reveal hsz /\ + mt_lift h1 mt == MTH.mt_insert (mt_lift h0 mt) (Rgl?.r_repr (hreg hsz) h0 v))) +#pop-options +#push-options "--z3rlimit 40" +let mt_insert hsz mt v = + let hh0 = HST.get () in + let mtv = !*mt in + let hs = MT?.hs mtv in + let hsz = MT?.hash_size mtv in + insert_ #hsz #(Ghost.reveal (MT?.hash_spec mtv)) 0ul (Ghost.hide (MT?.i mtv)) (MT?.j mtv) hs v (MT?.hash_fun mtv); + let hh1 = HST.get () in + RV.rv_loc_elems_included hh0 (MT?.hs mtv) 0ul (V.size_of hs); + V.loc_vector_within_included hs 0ul (V.size_of hs); + RV.rv_inv_preserved + (MT?.rhs mtv) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf v))) + hh0 hh1; + RV.as_seq_preserved + (MT?.rhs mtv) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf v))) + hh0 hh1; + Rgl?.r_sep (hreg hsz) (MT?.mroot mtv) + (loc_union + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + (B.loc_all_regions_from false (B.frameOf v))) + hh0 hh1; + mt *= MT (MT?.hash_size mtv) + (MT?.offset mtv) + (MT?.i mtv) + (MT?.j mtv + 1ul) + (MT?.hs mtv) + false // `rhs` is always deprecated right after an insertion. + (MT?.rhs mtv) + (MT?.mroot mtv) + (MT?.hash_spec mtv) + (MT?.hash_fun mtv); + let hh2 = HST.get () in + RV.rv_inv_preserved + (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.rv_inv_preserved + (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved + (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved + (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + Rgl?.r_sep (hreg hsz) (MT?.mroot mtv) (B.loc_buffer mt) hh1 hh2; + mt_safe_elts_preserved + 0ul (MT?.hs mtv) (MT?.i mtv) (MT?.j mtv + 1ul) (B.loc_buffer mt) + hh1 hh2 +#pop-options + +// `mt_create` initiates a Merkle tree with a given initial hash `init`. +// A valid Merkle tree should contain at least one element. +val mt_create_custom: + hsz:hash_size_t -> + hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hsz)) -> + r:HST.erid -> init:hash #hsz -> hash_fun:hash_fun_t #hsz #hash_spec -> HST.ST mt_p + (requires (fun h0 -> + Rgl?.r_inv (hreg hsz) h0 init /\ + HH.disjoint r (B.frameOf init))) + (ensures (fun h0 mt h1 -> + // memory safety + modifies (loc_union (mt_loc mt) (B.loc_all_regions_from false (B.frameOf init))) h0 h1 /\ + mt_safe h1 mt /\ + // correctness + MT?.hash_size (B.get h1 mt 0) = hsz /\ + mt_lift h1 mt == MTH.mt_create (U32.v hsz) (Ghost.reveal hash_spec) (Rgl?.r_repr (hreg hsz) h0 init))) +#push-options "--z3rlimit 40" +let mt_create_custom hsz hash_spec r init hash_fun = + let hh0 = HST.get () in + let mt = create_empty_mt hsz hash_spec hash_fun r in + mt_insert hsz mt init; + let hh2 = HST.get () in + mt +#pop-options + +/// Construction and Destruction of paths + +// Since each element pointer in `path` is from the target Merkle tree and +// each element has different location in `MT?.hs` (thus different region id), +// we cannot use the regionality property for `path`s. Hence here we manually +// define invariants and representation. +noeq type path = +| Path: hash_size:hash_size_t -> + hashes:V.vector (hash #hash_size) -> + path +type path_p = B.pointer path +type const_path_p = const_pointer path + +private +let phashes (h:HS.mem) (p:path_p) +: GTot (V.vector (hash #(Path?.hash_size (B.get h p 0)))) += Path?.hashes (B.get h p 0) + +// Memory safety of a path as an invariant +inline_for_extraction noextract +val path_safe: + h:HS.mem -> mtr:HH.rid -> p:path_p -> GTot Type0 +let path_safe h mtr p = + B.live h p /\ B.freeable p /\ + V.live h (phashes h p) /\ V.freeable (phashes h p) /\ + HST.is_eternal_region (V.frameOf (phashes h p)) /\ + (let hsz = Path?.hash_size (B.get h p 0) in + V.forall_all h (phashes h p) + (fun hp -> Rgl?.r_inv (hreg hsz) h hp /\ + HH.includes mtr (Rgl?.region_of (hreg hsz) hp)) /\ + HH.extends (V.frameOf (phashes h p)) (B.frameOf p) /\ + HH.disjoint mtr (B.frameOf p)) + +val path_loc: path_p -> GTot loc +let path_loc p = B.loc_all_regions_from false (B.frameOf p) + +val lift_path_: + #hsz:hash_size_t -> + h:HS.mem -> + hs:S.seq (hash #hsz) -> + i:nat -> + j:nat{ + i <= j /\ j <= S.length hs /\ + V.forall_seq hs i j (fun hp -> Rgl?.r_inv (hreg hsz) h hp)} -> + GTot (hp:MTH.path #(U32.v hsz) {S.length hp = j - i}) (decreases j) +let rec lift_path_ #hsz h hs i j = + if i = j then S.empty + else (S.snoc (lift_path_ h hs i (j - 1)) + (Rgl?.r_repr (hreg hsz) h (S.index hs (j - 1)))) + +// Representation of a path +val lift_path: + #hsz:hash_size_t -> + h:HS.mem -> mtr:HH.rid -> p:path_p {path_safe h mtr p /\ (Path?.hash_size (B.get h p 0)) = hsz} -> + GTot (hp:MTH.path #(U32.v hsz) {S.length hp = U32.v (V.size_of (phashes h p))}) +let lift_path #hsz h mtr p = + lift_path_ h (V.as_seq h (phashes h p)) + 0 (S.length (V.as_seq h (phashes h p))) + +val lift_path_index_: + #hsz:hash_size_t -> + h:HS.mem -> + hs:S.seq (hash #hsz) -> + i:nat -> j:nat{i <= j && j <= S.length hs} -> + k:nat{i <= k && k < j} -> + Lemma (requires (V.forall_seq hs i j (fun hp -> Rgl?.r_inv (hreg hsz) h hp))) + (ensures (Rgl?.r_repr (hreg hsz) h (S.index hs k) == + S.index (lift_path_ h hs i j) (k - i))) + (decreases j) + [SMTPat (S.index (lift_path_ h hs i j) (k - i))] +#push-options "--initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +let rec lift_path_index_ #hsz h hs i j k = + if i = j then () + else if k = j - 1 then () + else lift_path_index_ #hsz h hs i (j - 1) k +#pop-options + +val lift_path_index: + h:HS.mem -> mtr:HH.rid -> + p:path_p -> i:uint32_t -> + Lemma (requires (path_safe h mtr p /\ + i < V.size_of (phashes h p))) + (ensures (let hsz = Path?.hash_size (B.get h p 0) in + Rgl?.r_repr (hreg hsz) h (V.get h (phashes h p) i) == + S.index (lift_path #(hsz) h mtr p) (U32.v i))) +let lift_path_index h mtr p i = + lift_path_index_ h (V.as_seq h (phashes h p)) + 0 (S.length (V.as_seq h (phashes h p))) (U32.v i) + +val lift_path_eq: + #hsz:hash_size_t -> + h:HS.mem -> + hs1:S.seq (hash #hsz) -> hs2:S.seq (hash #hsz) -> + i:nat -> j:nat -> + Lemma (requires (i <= j /\ j <= S.length hs1 /\ j <= S.length hs2 /\ + S.equal (S.slice hs1 i j) (S.slice hs2 i j) /\ + V.forall_seq hs1 i j (fun hp -> Rgl?.r_inv (hreg hsz) h hp) /\ + V.forall_seq hs2 i j (fun hp -> Rgl?.r_inv (hreg hsz) h hp))) + (ensures (S.equal (lift_path_ h hs1 i j) (lift_path_ h hs2 i j))) +let lift_path_eq #hsz h hs1 hs2 i j = + assert (forall (k:nat{i <= k && k < j}). + S.index (lift_path_ h hs1 i j) (k - i) == + Rgl?.r_repr (hreg hsz) h (S.index hs1 k)); + assert (forall (k:nat{i <= k && k < j}). + S.index (lift_path_ h hs2 i j) (k - i) == + Rgl?.r_repr (hreg hsz) h (S.index hs2 k)); + assert (forall (k:nat{k < j - i}). + S.index (lift_path_ h hs1 i j) k == + Rgl?.r_repr (hreg hsz) h (S.index hs1 (k + i))); + assert (forall (k:nat{k < j - i}). + S.index (lift_path_ h hs2 i j) k == + Rgl?.r_repr (hreg hsz) h (S.index hs2 (k + i))); + assert (forall (k:nat{k < j - i}). + S.index (S.slice hs1 i j) k == S.index (S.slice hs2 i j) k); + assert (forall (k:nat{i <= k && k < j}). + S.index (S.slice hs1 i j) (k - i) == S.index (S.slice hs2 i j) (k - i)) + +private +val path_safe_preserved_: + #hsz:hash_size_t -> + mtr:HH.rid -> hs:S.seq (hash #hsz) -> + i:nat -> j:nat{i <= j && j <= S.length hs} -> + dl:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma + (requires (V.forall_seq hs i j + (fun hp -> + Rgl?.r_inv (hreg hsz) h0 hp /\ + HH.includes mtr (Rgl?.region_of (hreg hsz) hp)) /\ + loc_disjoint dl (B.loc_all_regions_from false mtr) /\ + modifies dl h0 h1)) + (ensures (V.forall_seq hs i j + (fun hp -> + Rgl?.r_inv (hreg hsz) h1 hp /\ + HH.includes mtr (Rgl?.region_of (hreg hsz) hp)))) + (decreases j) +let rec path_safe_preserved_ #hsz mtr hs i j dl h0 h1 = + if i = j then () + else (assert (loc_includes + (B.loc_all_regions_from false mtr) + (B.loc_all_regions_from false + (Rgl?.region_of (hreg hsz) (S.index hs (j - 1))))); + Rgl?.r_sep (hreg hsz) (S.index hs (j - 1)) dl h0 h1; + path_safe_preserved_ mtr hs i (j - 1) dl h0 h1) + +val path_safe_preserved: + mtr:HH.rid -> p:path_p -> + dl:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (path_safe h0 mtr p /\ + loc_disjoint dl (path_loc p) /\ + loc_disjoint dl (B.loc_all_regions_from false mtr) /\ + modifies dl h0 h1)) + (ensures (path_safe h1 mtr p)) +let path_safe_preserved mtr p dl h0 h1 = + assert (loc_includes (path_loc p) (B.loc_buffer p)); + assert (loc_includes (path_loc p) (V.loc_vector (phashes h0 p))); + path_safe_preserved_ + mtr (V.as_seq h0 (phashes h0 p)) + 0 (S.length (V.as_seq h0 (phashes h0 p))) dl h0 h1 + +val path_safe_init_preserved: + mtr:HH.rid -> p:path_p -> + dl:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (path_safe h0 mtr p /\ + V.size_of (phashes h0 p) = 0ul /\ + B.loc_disjoint dl (path_loc p) /\ + modifies dl h0 h1)) + (ensures (path_safe h1 mtr p /\ + V.size_of (phashes h1 p) = 0ul)) +let path_safe_init_preserved mtr p dl h0 h1 = + assert (loc_includes (path_loc p) (B.loc_buffer p)); + assert (loc_includes (path_loc p) (V.loc_vector (phashes h0 p))) + +val path_preserved_: + #hsz:hash_size_t -> + mtr:HH.rid -> + hs:S.seq (hash #hsz) -> + i:nat -> j:nat{i <= j && j <= S.length hs} -> + dl:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (V.forall_seq hs i j + (fun hp -> Rgl?.r_inv (hreg hsz) h0 hp /\ + HH.includes mtr (Rgl?.region_of (hreg hsz) hp)) /\ + loc_disjoint dl (B.loc_all_regions_from false mtr) /\ + modifies dl h0 h1)) + (ensures (path_safe_preserved_ mtr hs i j dl h0 h1; + S.equal (lift_path_ h0 hs i j) + (lift_path_ h1 hs i j))) + (decreases j) +#push-options "--initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +let rec path_preserved_ #hsz mtr hs i j dl h0 h1 = + if i = j then () + else (path_safe_preserved_ mtr hs i (j - 1) dl h0 h1; + path_preserved_ mtr hs i (j - 1) dl h0 h1; + assert (loc_includes + (B.loc_all_regions_from false mtr) + (B.loc_all_regions_from false + (Rgl?.region_of (hreg hsz) (S.index hs (j - 1))))); + Rgl?.r_sep (hreg hsz) (S.index hs (j - 1)) dl h0 h1) +#pop-options + +val path_preserved: + mtr:HH.rid -> p:path_p -> + dl:loc -> h0:HS.mem -> h1:HS.mem -> + Lemma (requires (path_safe h0 mtr p /\ + loc_disjoint dl (path_loc p) /\ + loc_disjoint dl (B.loc_all_regions_from false mtr) /\ + modifies dl h0 h1)) + (ensures (path_safe_preserved mtr p dl h0 h1; + let hsz0 = (Path?.hash_size (B.get h0 p 0)) in + let hsz1 = (Path?.hash_size (B.get h1 p 0)) in + let b:MTH.path = lift_path #hsz0 h0 mtr p in + let a:MTH.path = lift_path #hsz1 h1 mtr p in + hsz0 = hsz1 /\ S.equal b a)) +let path_preserved mtr p dl h0 h1 = + assert (loc_includes (path_loc p) (B.loc_buffer p)); + assert (loc_includes (path_loc p) (V.loc_vector (phashes h0 p))); + path_preserved_ mtr (V.as_seq h0 (phashes h0 p)) + 0 (S.length (V.as_seq h0 (phashes h0 p))) + dl h0 h1 + +val init_path: + hsz:hash_size_t -> + mtr:HH.rid -> r:HST.erid -> + HST.ST path_p + (requires (fun h0 -> HH.disjoint mtr r)) + (ensures (fun h0 p h1 -> + // memory safety + path_safe h1 mtr p /\ + // correctness + Path?.hash_size (B.get h1 p 0) = hsz /\ + S.equal (lift_path #hsz h1 mtr p) S.empty)) +let init_path hsz mtr r = + let nrid = HST.new_region r in + (B.malloc r (Path hsz (rg_alloc (hvreg hsz) nrid)) 1ul) + +val clear_path: + mtr:HH.rid -> p:path_p -> + HST.ST unit + (requires (fun h0 -> path_safe h0 mtr p)) + (ensures (fun h0 _ h1 -> + // memory safety + path_safe h1 mtr p /\ + // correctness + V.size_of (phashes h1 p) = 0ul /\ + S.equal (lift_path #(Path?.hash_size (B.get h1 p 0)) h1 mtr p) S.empty)) +let clear_path mtr p = + let pv = !*p in + p *= Path (Path?.hash_size pv) (V.clear (Path?.hashes pv)) + +val free_path: + p:path_p -> + HST.ST unit + (requires (fun h0 -> + B.live h0 p /\ B.freeable p /\ + V.live h0 (phashes h0 p) /\ V.freeable (phashes h0 p) /\ + HH.extends (V.frameOf (phashes h0 p)) (B.frameOf p))) + (ensures (fun h0 _ h1 -> + modifies (path_loc p) h0 h1)) +let free_path p = + let pv = !*p in + V.free (Path?.hashes pv); + B.free p + +/// Getting the Merkle root and path + +// Construct "rightmost hashes" for a given (incomplete) Merkle tree. +// This function calculates the Merkle root as well, which is the final +// accumulator value. +private +val construct_rhs: + #hsz:hash_size_t -> + #hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hsz)) -> + lv:uint32_t{lv <= merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + rhs:hash_vec #hsz {V.size_of rhs = merkle_tree_size_lg} -> + i:index_t -> + j:index_t{i <= j && (U32.v j) < pow2 (32 - U32.v lv)} -> + acc:hash #hsz -> + actd:bool -> + hash_fun:hash_fun_t #hsz #(Ghost.reveal hash_spec) -> + HST.ST unit + (requires (fun h0 -> + RV.rv_inv h0 hs /\ RV.rv_inv h0 rhs /\ + HH.disjoint (V.frameOf hs) (V.frameOf rhs) /\ + Rgl?.r_inv (hreg hsz) h0 acc /\ + HH.disjoint (B.frameOf acc) (V.frameOf hs) /\ + HH.disjoint (B.frameOf acc) (V.frameOf rhs) /\ + mt_safe_elts #hsz h0 lv hs i j)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (loc_union + (RV.loc_rvector rhs) + (B.loc_all_regions_from false (B.frameOf acc))) + h0 h1 /\ + RV.rv_inv h1 rhs /\ + Rgl?.r_inv (hreg hsz) h1 acc /\ + // correctness + (mt_safe_elts_spec #hsz h0 lv hs i j; + MTH.construct_rhs #(U32.v hsz) #(Ghost.reveal hash_spec) + (U32.v lv) + (Rgl?.r_repr (hvvreg hsz) h0 hs) + (Rgl?.r_repr (hvreg hsz) h0 rhs) + (U32.v i) (U32.v j) + (Rgl?.r_repr (hreg hsz) h0 acc) actd == + (Rgl?.r_repr (hvreg hsz) h1 rhs, Rgl?.r_repr (hreg hsz) h1 acc) + ))) + (decreases (U32.v j)) + +#push-options "--z3rlimit 250 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +let rec construct_rhs #hsz #hash_spec lv hs rhs i j acc actd hash_fun = + let hh0 = HST.get () in + + if j = 0ul then begin + assert (RV.rv_inv hh0 hs); + assert (mt_safe_elts #hsz hh0 lv hs i j); + mt_safe_elts_spec #hsz hh0 lv hs 0ul 0ul; + assert (MTH.hs_wf_elts #(U32.v hsz) + (U32.v lv) (RV.as_seq hh0 hs) + (U32.v i) (U32.v j)); + let hh1 = HST.get() in + assert (MTH.construct_rhs #(U32.v hsz) #(Ghost.reveal hash_spec) + (U32.v lv) + (Rgl?.r_repr (hvvreg hsz) hh0 hs) + (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) + (Rgl?.r_repr (hreg hsz) hh0 acc) actd == + (Rgl?.r_repr (hvreg hsz) hh1 rhs, Rgl?.r_repr (hreg hsz) hh1 acc)) + end + else + let ofs = offset_of i in + begin + (if j % 2ul = 0ul + then begin + Math.Lemmas.pow2_double_mult (32 - U32.v lv - 1); + mt_safe_elts_rec #hsz hh0 lv hs i j; + construct_rhs #hsz #hash_spec (lv + 1ul) hs rhs (i / 2ul) (j / 2ul) acc actd hash_fun; + let hh1 = HST.get () in + // correctness + mt_safe_elts_spec #hsz hh0 lv hs i j; + MTH.construct_rhs_even #(U32.v hsz) #hash_spec + (U32.v lv) (Rgl?.r_repr (hvvreg hsz) hh0 hs) (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) (Rgl?.r_repr (hreg hsz) hh0 acc) actd; + assert (MTH.construct_rhs #(U32.v hsz) #hash_spec + (U32.v lv) + (Rgl?.r_repr (hvvreg hsz) hh0 hs) + (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) + (Rgl?.r_repr (hreg hsz) hh0 acc) + actd == + (Rgl?.r_repr (hvreg hsz) hh1 rhs, Rgl?.r_repr (hreg hsz) hh1 acc)) + end + else begin + if actd + then begin + RV.assign_copy (hcpy hsz) rhs lv acc; + let hh1 = HST.get () in + // memory safety + Rgl?.r_sep (hreg hsz) acc + (B.loc_all_regions_from false (V.frameOf rhs)) hh0 hh1; + RV.rv_inv_preserved + hs (B.loc_all_regions_from false (V.frameOf rhs)) + hh0 hh1; + RV.as_seq_preserved + hs (B.loc_all_regions_from false (V.frameOf rhs)) + hh0 hh1; + RV.rv_inv_preserved + (V.get hh0 hs lv) (B.loc_all_regions_from false (V.frameOf rhs)) + hh0 hh1; + V.loc_vector_within_included hs lv (V.size_of hs); + mt_safe_elts_preserved lv hs i j + (B.loc_all_regions_from false (V.frameOf rhs)) + hh0 hh1; + mt_safe_elts_head hh1 lv hs i j; + hash_vv_rv_inv_r_inv hh1 hs lv (j - 1ul - ofs); + + // correctness + assert (S.equal (RV.as_seq hh1 rhs) + (S.upd (RV.as_seq hh0 rhs) (U32.v lv) + (Rgl?.r_repr (hreg hsz) hh0 acc))); + + hash_fun (V.index (V.index hs lv) (j - 1ul - ofs)) acc acc; + let hh2 = HST.get () in + // memory safety + mt_safe_elts_preserved lv hs i j + (B.loc_all_regions_from false (B.frameOf acc)) hh1 hh2; + RV.rv_inv_preserved + hs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + RV.rv_inv_preserved + rhs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + RV.as_seq_preserved + hs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + RV.as_seq_preserved + rhs (B.loc_region_only false (B.frameOf acc)) hh1 hh2; + + // correctness + hash_vv_as_seq_get_index hh0 hs lv (j - 1ul - ofs); + assert (Rgl?.r_repr (hreg hsz) hh2 acc == + (Ghost.reveal hash_spec) (S.index (S.index (RV.as_seq hh0 hs) (U32.v lv)) + (U32.v j - 1 - U32.v ofs)) + (Rgl?.r_repr (hreg hsz) hh0 acc)) + end + else begin + mt_safe_elts_head hh0 lv hs i j; + hash_vv_rv_inv_r_inv hh0 hs lv (j - 1ul - ofs); + hash_vv_rv_inv_disjoint hh0 hs lv (j - 1ul - ofs) (B.frameOf acc); + Cpy?.copy (hcpy hsz) hsz (V.index (V.index hs lv) (j - 1ul - ofs)) acc; + let hh1 = HST.get () in + // memory safety + V.loc_vector_within_included hs lv (V.size_of hs); + mt_safe_elts_preserved lv hs i j + (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + RV.rv_inv_preserved + hs (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + RV.rv_inv_preserved + rhs (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + RV.as_seq_preserved + hs (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + RV.as_seq_preserved + rhs (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + + // correctness + hash_vv_as_seq_get_index hh0 hs lv (j - 1ul - ofs); + assert (Rgl?.r_repr (hreg hsz) hh1 acc == + S.index (S.index (RV.as_seq hh0 hs) (U32.v lv)) + (U32.v j - 1 - U32.v ofs)) + end; + let hh3 = HST.get () in + assert (S.equal (RV.as_seq hh3 hs) (RV.as_seq hh0 hs)); + assert (S.equal (RV.as_seq hh3 rhs) + (if actd + then S.upd (RV.as_seq hh0 rhs) (U32.v lv) + (Rgl?.r_repr (hreg hsz) hh0 acc) + else RV.as_seq hh0 rhs)); + assert (Rgl?.r_repr (hreg hsz) hh3 acc == + (if actd + then (Ghost.reveal hash_spec) (S.index (S.index (RV.as_seq hh0 hs) (U32.v lv)) + (U32.v j - 1 - U32.v ofs)) + (Rgl?.r_repr (hreg hsz) hh0 acc) + else S.index (S.index (RV.as_seq hh0 hs) (U32.v lv)) + (U32.v j - 1 - U32.v ofs))); + + mt_safe_elts_rec hh3 lv hs i j; + construct_rhs #hsz #hash_spec (lv + 1ul) hs rhs (i / 2ul) (j / 2ul) acc true hash_fun; + let hh4 = HST.get () in + mt_safe_elts_spec hh3 (lv + 1ul) hs (i / 2ul) (j / 2ul); + assert (MTH.construct_rhs #(U32.v hsz) #hash_spec + (U32.v lv + 1) + (Rgl?.r_repr (hvvreg hsz) hh3 hs) + (Rgl?.r_repr (hvreg hsz) hh3 rhs) + (U32.v i / 2) (U32.v j / 2) + (Rgl?.r_repr (hreg hsz) hh3 acc) true == + (Rgl?.r_repr (hvreg hsz) hh4 rhs, Rgl?.r_repr (hreg hsz) hh4 acc)); + mt_safe_elts_spec hh0 lv hs i j; + MTH.construct_rhs_odd #(U32.v hsz) #hash_spec + (U32.v lv) (Rgl?.r_repr (hvvreg hsz) hh0 hs) (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) (Rgl?.r_repr (hreg hsz) hh0 acc) actd; + assert (MTH.construct_rhs #(U32.v hsz) #hash_spec + (U32.v lv) + (Rgl?.r_repr (hvvreg hsz) hh0 hs) + (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) + (Rgl?.r_repr (hreg hsz) hh0 acc) actd == + (Rgl?.r_repr (hvreg hsz) hh4 rhs, Rgl?.r_repr (hreg hsz) hh4 acc)) + end) + end +#pop-options + +private inline_for_extraction +val mt_get_root_pre_nst: mtv:merkle_tree -> rt:hash #(MT?.hash_size mtv) -> Tot bool +let mt_get_root_pre_nst mtv rt = true + +val mt_get_root_pre: + #hsz:Ghost.erased hash_size_t -> + mt:const_mt_p -> + rt:hash #hsz -> + HST.ST bool + (requires (fun h0 -> + let mt = CB.cast mt in + MT?.hash_size (B.get h0 mt 0) = Ghost.reveal hsz /\ + mt_safe h0 mt /\ Rgl?.r_inv (hreg hsz) h0 rt /\ + HH.disjoint (B.frameOf mt) (B.frameOf rt))) + (ensures (fun _ _ _ -> True)) +let mt_get_root_pre #hsz mt rt = + let mt = CB.cast mt in + let mt = !*mt in + let hsz = MT?.hash_size mt in + assert (MT?.hash_size mt = hsz); + mt_get_root_pre_nst mt rt + +// `mt_get_root` returns the Merkle root. If it's already calculated with +// up-to-date hashes, the root is returned immediately. Otherwise it calls +// `construct_rhs` to build rightmost hashes and to calculate the Merkle root +// as well. +val mt_get_root: + #hsz:Ghost.erased hash_size_t -> + mt:const_mt_p -> + rt:hash #hsz -> + HST.ST unit + (requires (fun h0 -> + let mt = CB.cast mt in + let dmt = B.get h0 mt 0 in + MT?.hash_size dmt = (Ghost.reveal hsz) /\ + mt_get_root_pre_nst dmt rt /\ + mt_safe h0 mt /\ Rgl?.r_inv (hreg hsz) h0 rt /\ + HH.disjoint (B.frameOf mt) (B.frameOf rt))) + (ensures (fun h0 _ h1 -> + let mt = CB.cast mt in + // memory safety + modifies (loc_union + (mt_loc mt) + (B.loc_all_regions_from false (B.frameOf rt))) + h0 h1 /\ + mt_safe h1 mt /\ + (let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + MT?.hash_size mtv0 = (Ghost.reveal hsz) /\ + MT?.hash_size mtv1 = (Ghost.reveal hsz) /\ + MT?.i mtv1 = MT?.i mtv0 /\ MT?.j mtv1 = MT?.j mtv0 /\ + MT?.hs mtv1 == MT?.hs mtv0 /\ MT?.rhs mtv1 == MT?.rhs mtv0 /\ + MT?.offset mtv1 == MT?.offset mtv0 /\ + MT?.rhs_ok mtv1 = true /\ + Rgl?.r_inv (hreg hsz) h1 rt /\ + // correctness + MTH.mt_get_root (mt_lift h0 mt) (Rgl?.r_repr (hreg hsz) h0 rt) == + (mt_lift h1 mt, Rgl?.r_repr (hreg hsz) h1 rt)))) +#push-options "--z3rlimit 150 --initial_fuel 1 --max_fuel 1" +let mt_get_root #hsz mt rt = + let mt = CB.cast mt in + let hh0 = HST.get () in + let mtv = !*mt in + let prefix = MT?.offset mtv in + let i = MT?.i mtv in + let j = MT?.j mtv in + let hs = MT?.hs mtv in + let rhs = MT?.rhs mtv in + let mroot = MT?.mroot mtv in + let hash_size = MT?.hash_size mtv in + let hash_spec = MT?.hash_spec mtv in + let hash_fun = MT?.hash_fun mtv in + if MT?.rhs_ok mtv + then begin + Cpy?.copy (hcpy hash_size) hash_size mroot rt; + let hh1 = HST.get () in + mt_safe_preserved mt + (B.loc_all_regions_from false (Rgl?.region_of (hreg hsz) rt)) hh0 hh1; + mt_preserved mt + (B.loc_all_regions_from false (Rgl?.region_of (hreg hsz) rt)) hh0 hh1; + MTH.mt_get_root_rhs_ok_true + (mt_lift hh0 mt) (Rgl?.r_repr (hreg hsz) hh0 rt); + assert (MTH.mt_get_root (mt_lift hh0 mt) (Rgl?.r_repr (hreg hsz) hh0 rt) == + (mt_lift hh1 mt, Rgl?.r_repr (hreg hsz) hh1 rt)) + end + else begin + construct_rhs #hash_size #hash_spec 0ul hs rhs i j rt false hash_fun; + let hh1 = HST.get () in + // memory safety + assert (RV.rv_inv hh1 rhs); + assert (Rgl?.r_inv (hreg hsz) hh1 rt); + assert (B.live hh1 mt); + RV.rv_inv_preserved + hs (loc_union + (RV.loc_rvector rhs) + (B.loc_all_regions_from false (B.frameOf rt))) + hh0 hh1; + RV.as_seq_preserved + hs (loc_union + (RV.loc_rvector rhs) + (B.loc_all_regions_from false (B.frameOf rt))) + hh0 hh1; + V.loc_vector_within_included hs 0ul (V.size_of hs); + mt_safe_elts_preserved 0ul hs i j + (loc_union + (RV.loc_rvector rhs) + (B.loc_all_regions_from false (B.frameOf rt))) + hh0 hh1; + + // correctness + mt_safe_elts_spec hh0 0ul hs i j; + assert (MTH.construct_rhs #(U32.v hash_size) #hash_spec 0 + (Rgl?.r_repr (hvvreg hsz) hh0 hs) + (Rgl?.r_repr (hvreg hsz) hh0 rhs) + (U32.v i) (U32.v j) + (Rgl?.r_repr (hreg hsz) hh0 rt) false == + (Rgl?.r_repr (hvreg hsz) hh1 rhs, Rgl?.r_repr (hreg hsz) hh1 rt)); + + Cpy?.copy (hcpy hash_size) hash_size rt mroot; + let hh2 = HST.get () in + // memory safety + RV.rv_inv_preserved + hs (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + RV.rv_inv_preserved + rhs (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + RV.as_seq_preserved + hs (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + RV.as_seq_preserved + rhs (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + B.modifies_buffer_elim + rt (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + mt_safe_elts_preserved 0ul hs i j + (B.loc_all_regions_from false (B.frameOf mroot)) + hh1 hh2; + + // correctness + assert (Rgl?.r_repr (hreg hsz) hh2 mroot == Rgl?.r_repr (hreg hsz) hh1 rt); + + mt *= MT hash_size prefix i j hs true rhs mroot hash_spec hash_fun; + let hh3 = HST.get () in + // memory safety + Rgl?.r_sep (hreg hsz) rt (B.loc_buffer mt) hh2 hh3; + RV.rv_inv_preserved hs (B.loc_buffer mt) hh2 hh3; + RV.rv_inv_preserved rhs (B.loc_buffer mt) hh2 hh3; + RV.as_seq_preserved hs (B.loc_buffer mt) hh2 hh3; + RV.as_seq_preserved rhs (B.loc_buffer mt) hh2 hh3; + Rgl?.r_sep (hreg hsz) mroot (B.loc_buffer mt) hh2 hh3; + mt_safe_elts_preserved 0ul hs i j + (B.loc_buffer mt) hh2 hh3; + assert (mt_safe hh3 mt); + + // correctness + MTH.mt_get_root_rhs_ok_false + (mt_lift hh0 mt) (Rgl?.r_repr (hreg hsz) hh0 rt); + assert (MTH.mt_get_root (mt_lift hh0 mt) (Rgl?.r_repr (hreg hsz) hh0 rt) == + (MTH.MT #(U32.v hash_size) + (U32.v i) (U32.v j) + (RV.as_seq hh0 hs) + true + (RV.as_seq hh1 rhs) + (Rgl?.r_repr (hreg hsz) hh1 rt) + hash_spec, + Rgl?.r_repr (hreg hsz) hh1 rt)); + assert (MTH.mt_get_root (mt_lift hh0 mt) (Rgl?.r_repr (hreg hsz) hh0 rt) == + (mt_lift hh3 mt, Rgl?.r_repr (hreg hsz) hh3 rt)) + end +#pop-options + +inline_for_extraction +val mt_path_insert: + #hsz:hash_size_t -> + mtr:HH.rid -> p:path_p -> hp:hash #hsz -> + HST.ST unit + (requires (fun h0 -> + path_safe h0 mtr p /\ + not (V.is_full (phashes h0 p)) /\ + Rgl?.r_inv (hreg hsz) h0 hp /\ + HH.disjoint mtr (B.frameOf p) /\ + HH.includes mtr (B.frameOf hp) /\ + Path?.hash_size (B.get h0 p 0) = hsz)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (path_loc p) h0 h1 /\ + path_safe h1 mtr p /\ + // correctness + (let hsz0 = Path?.hash_size (B.get h0 p 0) in + let hsz1 = Path?.hash_size (B.get h1 p 0) in + (let before:(S.seq (MTH.hash #(U32.v hsz0))) = lift_path h0 mtr p in + let after:(S.seq (MTH.hash #(U32.v hsz1))) = lift_path h1 mtr p in + V.size_of (phashes h1 p) = V.size_of (phashes h0 p) + 1ul /\ + hsz = hsz0 /\ hsz = hsz1 /\ + (let hspec:(S.seq (MTH.hash #(U32.v hsz))) = (MTH.path_insert #(U32.v hsz) before (Rgl?.r_repr (hreg hsz) h0 hp)) in + S.equal hspec after))))) +#push-options "--z3rlimit 20 --initial_fuel 1 --max_fuel 1" +let mt_path_insert #hsz mtr p hp = + let pth = !*p in + let pv = Path?.hashes pth in + let hh0 = HST.get () in + let ipv = V.insert pv hp in + let hh1 = HST.get () in + path_safe_preserved_ + mtr (V.as_seq hh0 pv) 0 (S.length (V.as_seq hh0 pv)) + (B.loc_all_regions_from false (V.frameOf ipv)) hh0 hh1; + path_preserved_ + mtr (V.as_seq hh0 pv) 0 (S.length (V.as_seq hh0 pv)) + (B.loc_all_regions_from false (V.frameOf ipv)) hh0 hh1; + Rgl?.r_sep (hreg hsz) hp + (B.loc_all_regions_from false (V.frameOf ipv)) hh0 hh1; + p *= Path hsz ipv; + let hh2 = HST.get () in + path_safe_preserved_ + mtr (V.as_seq hh1 ipv) 0 (S.length (V.as_seq hh1 ipv)) + (B.loc_region_only false (B.frameOf p)) hh1 hh2; + path_preserved_ + mtr (V.as_seq hh1 ipv) 0 (S.length (V.as_seq hh1 ipv)) + (B.loc_region_only false (B.frameOf p)) hh1 hh2; + Rgl?.r_sep (hreg hsz) hp + (B.loc_region_only false (B.frameOf p)) hh1 hh2; + assert (S.equal (lift_path hh2 mtr p) + (lift_path_ hh1 (S.snoc (V.as_seq hh0 pv) hp) + 0 (S.length (V.as_seq hh1 ipv)))); + lift_path_eq hh1 (S.snoc (V.as_seq hh0 pv) hp) (V.as_seq hh0 pv) + 0 (S.length (V.as_seq hh0 pv)) +#pop-options + +// For given a target index `k`, the number of elements (in the tree) `j`, +// and a boolean flag (to check the existence of rightmost hashes), we can +// calculate a required Merkle path length. +// +// `mt_path_length` is a postcondition of `mt_get_path`, and a precondition +// of `mt_verify`. For detailed description, see `mt_get_path` and `mt_verify`. +private +val mt_path_length_step: + k:index_t -> + j:index_t{k <= j} -> + actd:bool -> + Tot (sl:uint32_t{U32.v sl = MTH.mt_path_length_step (U32.v k) (U32.v j) actd}) +let mt_path_length_step k j actd = + if j = 0ul then 0ul + else (if k % 2ul = 0ul + then (if j = k || (j = k + 1ul && not actd) then 0ul else 1ul) + else 1ul) + +private inline_for_extraction +val mt_path_length: + lv:uint32_t{lv <= merkle_tree_size_lg} -> + k:index_t -> + j:index_t{k <= j && U32.v j < pow2 (32 - U32.v lv)} -> + actd:bool -> + Tot (l:uint32_t{ + U32.v l = MTH.mt_path_length (U32.v k) (U32.v j) actd && + l <= 32ul - lv}) + (decreases (U32.v j)) +#push-options "--z3rlimit 10 --initial_fuel 1 --max_fuel 1" +let rec mt_path_length lv k j actd = + if j = 0ul then 0ul + else (let nactd = actd || (j % 2ul = 1ul) in + mt_path_length_step k j actd + + mt_path_length (lv + 1ul) (k / 2ul) (j / 2ul) nactd) +#pop-options + +val mt_get_path_length: + mtr:HH.rid -> + p:const_path_p -> + HST.ST uint32_t + (requires (fun h0 -> path_safe h0 mtr (CB.cast p))) + (ensures (fun h0 _ h1 -> True)) +let mt_get_path_length mtr p = + let pd = !*(CB.cast p) in + V.size_of (Path?.hashes pd) + +private inline_for_extraction +val mt_make_path_step: + #hsz:hash_size_t -> + lv:uint32_t{lv <= merkle_tree_size_lg} -> + mtr:HH.rid -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + rhs:hash_vec #hsz {V.size_of rhs = merkle_tree_size_lg} -> + i:index_t -> + j:index_t{j <> 0ul /\ i <= j /\ U32.v j < pow2 (32 - U32.v lv)} -> + k:index_t{i <= k && k <= j} -> + p:path_p -> + actd:bool -> + HST.ST unit + (requires (fun h0 -> + HH.includes mtr (V.frameOf hs) /\ + HH.includes mtr (V.frameOf rhs) /\ + RV.rv_inv h0 hs /\ RV.rv_inv h0 rhs /\ + mt_safe_elts h0 lv hs i j /\ + path_safe h0 mtr p /\ + Path?.hash_size (B.get h0 p 0) = hsz /\ + V.size_of (phashes h0 p) <= lv + 1ul)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (path_loc p) h0 h1 /\ + path_safe h1 mtr p /\ + V.size_of (phashes h1 p) == V.size_of (phashes h0 p) + mt_path_length_step k j actd /\ + V.size_of (phashes h1 p) <= lv + 2ul /\ + // correctness + (mt_safe_elts_spec h0 lv hs i j; + (let hsz0 = Path?.hash_size (B.get h0 p 0) in + let hsz1 = Path?.hash_size (B.get h1 p 0) in + let before:(S.seq (MTH.hash #(U32.v hsz0))) = lift_path h0 mtr p in + let after:(S.seq (MTH.hash #(U32.v hsz1))) = lift_path h1 mtr p in + hsz = hsz0 /\ hsz = hsz1 /\ + S.equal after + (MTH.mt_make_path_step + (U32.v lv) (RV.as_seq h0 hs) (RV.as_seq h0 rhs) + (U32.v i) (U32.v j) (U32.v k) before actd))))) +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1 --initial_ifuel 2 --max_ifuel 2" +let mt_make_path_step #hsz lv mtr hs rhs i j k p actd = + let pth = !*p in + let hh0 = HST.get () in + let ofs = offset_of i in + if k % 2ul = 1ul + then begin + hash_vv_rv_inv_includes hh0 hs lv (k - 1ul - ofs); + assert (HH.includes mtr + (B.frameOf (V.get hh0 (V.get hh0 hs lv) (k - 1ul - ofs)))); + assert(Path?.hash_size pth = hsz); + mt_path_insert #hsz mtr p (V.index (V.index hs lv) (k - 1ul - ofs)) + end + else begin + if k = j then () + else if k + 1ul = j + then (if actd + then (assert (HH.includes mtr (B.frameOf (V.get hh0 rhs lv))); + mt_path_insert mtr p (V.index rhs lv))) + else (hash_vv_rv_inv_includes hh0 hs lv (k + 1ul - ofs); + assert (HH.includes mtr + (B.frameOf (V.get hh0 (V.get hh0 hs lv) (k + 1ul - ofs)))); + mt_path_insert mtr p (V.index (V.index hs lv) (k + 1ul - ofs))) + end +#pop-options + +private inline_for_extraction +val mt_get_path_step_pre_nst: + #hsz:Ghost.erased hash_size_t -> + mtr:HH.rid -> + p:path -> + i:uint32_t -> + Tot bool +let mt_get_path_step_pre_nst #hsz mtr p i = + i < V.size_of (Path?.hashes p) + +val mt_get_path_step_pre: + #hsz:Ghost.erased hash_size_t -> + mtr:HH.rid -> + p:const_path_p -> + i:uint32_t -> + HST.ST bool + (requires (fun h0 -> + path_safe h0 mtr (CB.cast p) /\ + (let pv = B.get h0 (CB.cast p) 0 in + Path?.hash_size pv = Ghost.reveal hsz /\ + live h0 (Path?.hashes pv) /\ + mt_get_path_step_pre_nst #hsz mtr pv i))) + (ensures (fun _ _ _ -> True)) +let mt_get_path_step_pre #hsz mtr p i = + let p = CB.cast p in + mt_get_path_step_pre_nst #hsz mtr !*p i + +val mt_get_path_step: + #hsz:Ghost.erased hash_size_t -> + mtr:HH.rid -> + p:const_path_p -> + i:uint32_t -> + HST.ST (hash #hsz) + (requires (fun h0 -> + path_safe h0 mtr (CB.cast p) /\ + (let pv = B.get h0 (CB.cast p) 0 in + Path?.hash_size pv = Ghost.reveal hsz /\ + live h0 (Path?.hashes pv) /\ + i < V.size_of (Path?.hashes pv)))) + (ensures (fun h0 r h1 -> True )) +let mt_get_path_step #hsz mtr p i = + let pd = !*(CB.cast p) in + V.index #(hash #(Path?.hash_size pd)) (Path?.hashes pd) i + +private +val mt_get_path_: + #hsz:hash_size_t -> + lv:uint32_t{lv <= merkle_tree_size_lg} -> + mtr:HH.rid -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + rhs:hash_vec #hsz {V.size_of rhs = merkle_tree_size_lg} -> + i:index_t -> j:index_t{i <= j /\ U32.v j < pow2 (32 - U32.v lv)} -> + k:index_t{i <= k && k <= j} -> + p:path_p -> + actd:bool -> + HST.ST unit + (requires (fun h0 -> + HH.includes mtr (V.frameOf hs) /\ + HH.includes mtr (V.frameOf rhs) /\ + RV.rv_inv h0 hs /\ RV.rv_inv h0 rhs /\ + mt_safe_elts h0 lv hs i j /\ + path_safe h0 mtr p /\ + Path?.hash_size (B.get h0 p 0) = hsz /\ + V.size_of (phashes h0 p) <= lv + 1ul)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (path_loc p) h0 h1 /\ + path_safe h1 mtr p /\ + V.size_of (phashes h1 p) == + V.size_of (phashes h0 p) + mt_path_length lv k j actd /\ + // correctness + (mt_safe_elts_spec h0 lv hs i j; + (let hsz0 = Path?.hash_size (B.get h0 p 0) in + let hsz1 = Path?.hash_size (B.get h1 p 0) in + let before:(S.seq (MTH.hash #(U32.v hsz0))) = lift_path h0 mtr p in + let after:(S.seq (MTH.hash #(U32.v hsz1))) = lift_path h1 mtr p in + hsz = hsz0 /\ hsz = hsz1 /\ + S.equal after + (MTH.mt_get_path_ (U32.v lv) (RV.as_seq h0 hs) (RV.as_seq h0 rhs) + (U32.v i) (U32.v j) (U32.v k) before actd))))) + (decreases (32 - U32.v lv)) +#push-options "--z3rlimit 300 --initial_fuel 1 --max_fuel 1 --max_ifuel 2 --initial_ifuel 2" +let rec mt_get_path_ #hsz lv mtr hs rhs i j k p actd = + let hh0 = HST.get () in + mt_safe_elts_spec hh0 lv hs i j; + + let ofs = offset_of i in + if j = 0ul then () + else + (mt_make_path_step lv mtr hs rhs i j k p actd; + + let hh1 = HST.get () in + mt_safe_elts_spec hh0 lv hs i j; + assert (S.equal (lift_path hh1 mtr p) + (MTH.mt_make_path_step + (U32.v lv) (RV.as_seq hh0 hs) (RV.as_seq hh0 rhs) + (U32.v i) (U32.v j) (U32.v k) + (lift_path hh0 mtr p) actd)); + + RV.rv_inv_preserved hs (path_loc p) hh0 hh1; + RV.rv_inv_preserved rhs (path_loc p) hh0 hh1; + RV.as_seq_preserved hs (path_loc p) hh0 hh1; + RV.as_seq_preserved rhs (path_loc p) hh0 hh1; + V.loc_vector_within_included hs lv (V.size_of hs); + mt_safe_elts_preserved lv hs i j (path_loc p) hh0 hh1; + assert (mt_safe_elts hh1 lv hs i j); + mt_safe_elts_rec hh1 lv hs i j; + mt_safe_elts_spec hh1 (lv + 1ul) hs (i / 2ul) (j / 2ul); + + mt_get_path_ (lv + 1ul) mtr hs rhs (i / 2ul) (j / 2ul) (k / 2ul) p + (if j % 2ul = 0ul then actd else true); + + let hh2 = HST.get () in + assert (S.equal (lift_path hh2 mtr p) + (MTH.mt_get_path_ (U32.v lv + 1) + (RV.as_seq hh1 hs) (RV.as_seq hh1 rhs) + (U32.v i / 2) (U32.v j / 2) (U32.v k / 2) + (lift_path hh1 mtr p) + (if U32.v j % 2 = 0 then actd else true))); + assert (S.equal (lift_path hh2 mtr p) + (MTH.mt_get_path_ (U32.v lv) + (RV.as_seq hh0 hs) (RV.as_seq hh0 rhs) + (U32.v i) (U32.v j) (U32.v k) + (lift_path hh0 mtr p) actd))) +#pop-options + +private inline_for_extraction +val mt_get_path_pre_nst: + mtv:merkle_tree -> + idx:offset_t -> + p:path -> + root:(hash #(MT?.hash_size mtv)) -> + Tot bool +let mt_get_path_pre_nst mtv idx p root = + offsets_connect (MT?.offset mtv) idx && + Path?.hash_size p = MT?.hash_size mtv && + ([@inline_let] let idx = split_offset (MT?.offset mtv) idx in + MT?.i mtv <= idx && idx < MT?.j mtv && + V.size_of (Path?.hashes p) = 0ul) + +val mt_get_path_pre: + #hsz:Ghost.erased hash_size_t -> + mt:const_mt_p -> + idx:offset_t -> + p:const_path_p -> + root:hash #hsz -> + HST.ST bool + (requires (fun h0 -> + let mt = CB.cast mt in + let p = CB.cast p in + let dmt = B.get h0 mt 0 in + let dp = B.get h0 p 0 in + MT?.hash_size dmt = (Ghost.reveal hsz) /\ + Path?.hash_size dp = (Ghost.reveal hsz) /\ + mt_safe h0 mt /\ + path_safe h0 (B.frameOf mt) p /\ + Rgl?.r_inv (hreg hsz) h0 root /\ + HH.disjoint (B.frameOf root) (B.frameOf mt) /\ + HH.disjoint (B.frameOf root) (B.frameOf p))) + (ensures (fun _ _ _ -> True)) +let mt_get_path_pre #_ mt idx p root = + let mt = CB.cast mt in + let p = CB.cast p in + let mtv = !*mt in + mt_get_path_pre_nst mtv idx !*p root + +val mt_get_path_loc_union_helper: + l1:loc -> l2:loc -> + Lemma (loc_union (loc_union l1 l2) l2 == loc_union l1 l2) +let mt_get_path_loc_union_helper l1 l2 = () + +// Construct a Merkle path for a given index `idx`, hashes `mt.hs`, and rightmost +// hashes `mt.rhs`. Note that this operation copies "pointers" into the Merkle tree +// to the output path. +#push-options "--z3rlimit 60" +val mt_get_path: + #hsz:Ghost.erased hash_size_t -> + mt:const_mt_p -> + idx:offset_t -> + p:path_p -> + root:hash #hsz -> + HST.ST index_t + (requires (fun h0 -> + let mt = CB.cast mt in + let dmt = B.get h0 mt 0 in + MT?.hash_size dmt = Ghost.reveal hsz /\ + Path?.hash_size (B.get h0 p 0) = Ghost.reveal hsz /\ + mt_get_path_pre_nst (B.get h0 mt 0) idx (B.get h0 p 0) root /\ + mt_safe h0 mt /\ + path_safe h0 (B.frameOf mt) p /\ + Rgl?.r_inv (hreg hsz) h0 root /\ + HH.disjoint (B.frameOf root) (B.frameOf mt) /\ + HH.disjoint (B.frameOf root) (B.frameOf p))) + (ensures (fun h0 _ h1 -> + let mt = CB.cast mt in + let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + let idx = split_offset (MT?.offset mtv0) idx in + MT?.hash_size mtv0 = Ghost.reveal hsz /\ + MT?.hash_size mtv1 = Ghost.reveal hsz /\ + Path?.hash_size (B.get h0 p 0) = Ghost.reveal hsz /\ + Path?.hash_size (B.get h1 p 0) = Ghost.reveal hsz /\ + // memory safety + modifies (loc_union + (loc_union + (mt_loc mt) + (B.loc_all_regions_from false (B.frameOf root))) + (path_loc p)) + h0 h1 /\ + mt_safe h1 mt /\ + path_safe h1 (B.frameOf mt) p /\ + Rgl?.r_inv (hreg hsz) h1 root /\ + V.size_of (phashes h1 p) == + 1ul + mt_path_length 0ul idx (MT?.j mtv0) false /\ + // correctness + (let sj, sp, srt = + MTH.mt_get_path + (mt_lift h0 mt) (U32.v idx) (Rgl?.r_repr (hreg hsz) h0 root) in + sj == U32.v (MT?.j mtv1) /\ + S.equal sp (lift_path #hsz h1 (B.frameOf mt) p) /\ + srt == Rgl?.r_repr (hreg hsz) h1 root))) +#pop-options +#push-options "--z3rlimit 300 --initial_fuel 1 --max_fuel 1" +let mt_get_path #hsz mt idx p root = + let ncmt = CB.cast mt in + let mtframe = B.frameOf ncmt in + let hh0 = HST.get () in + mt_get_root mt root; + let mtv = !*ncmt in + let hsz = MT?.hash_size mtv in + + let hh1 = HST.get () in + path_safe_init_preserved mtframe p + (B.loc_union (mt_loc ncmt) + (B.loc_all_regions_from false (B.frameOf root))) + hh0 hh1; + assert (MTH.mt_get_root (mt_lift hh0 ncmt) (Rgl?.r_repr (hreg hsz) hh0 root) == + (mt_lift hh1 ncmt, Rgl?.r_repr (hreg hsz) hh1 root)); + assert (S.equal (lift_path #hsz hh1 mtframe p) S.empty); + + let idx = split_offset (MT?.offset mtv) idx in + let i = MT?.i mtv in + let ofs = offset_of (MT?.i mtv) in + let j = MT?.j mtv in + let hs = MT?.hs mtv in + let rhs = MT?.rhs mtv in + + assert (mt_safe_elts hh1 0ul hs i j); + assert (V.size_of (V.get hh1 hs 0ul) == j - ofs); + assert (idx < j); + + hash_vv_rv_inv_includes hh1 hs 0ul (idx - ofs); + hash_vv_rv_inv_r_inv hh1 hs 0ul (idx - ofs); + hash_vv_as_seq_get_index hh1 hs 0ul (idx - ofs); + + let ih = V.index (V.index hs 0ul) (idx - ofs) in + mt_path_insert #hsz mtframe p ih; + + let hh2 = HST.get () in + assert (S.equal (lift_path hh2 mtframe p) + (MTH.path_insert + (lift_path hh1 mtframe p) + (S.index (S.index (RV.as_seq hh1 hs) 0) (U32.v idx - U32.v ofs)))); + Rgl?.r_sep (hreg hsz) root (path_loc p) hh1 hh2; + mt_safe_preserved ncmt (path_loc p) hh1 hh2; + mt_preserved ncmt (path_loc p) hh1 hh2; + assert (V.size_of (phashes hh2 p) == 1ul); + + mt_get_path_ 0ul mtframe hs rhs i j idx p false; + + let hh3 = HST.get () in + + // memory safety + mt_get_path_loc_union_helper + (loc_union (mt_loc ncmt) + (B.loc_all_regions_from false (B.frameOf root))) + (path_loc p); + Rgl?.r_sep (hreg hsz) root (path_loc p) hh2 hh3; + mt_safe_preserved ncmt (path_loc p) hh2 hh3; + mt_preserved ncmt (path_loc p) hh2 hh3; + assert (V.size_of (phashes hh3 p) == + 1ul + mt_path_length 0ul idx (MT?.j (B.get hh0 ncmt 0)) false); + assert (S.length (lift_path #hsz hh3 mtframe p) == + S.length (lift_path #hsz hh2 mtframe p) + + MTH.mt_path_length (U32.v idx) (U32.v (MT?.j (B.get hh0 ncmt 0))) false); + + assert (modifies (loc_union + (loc_union + (mt_loc ncmt) + (B.loc_all_regions_from false (B.frameOf root))) + (path_loc p)) + hh0 hh3); + assert (mt_safe hh3 ncmt); + assert (path_safe hh3 mtframe p); + assert (Rgl?.r_inv (hreg hsz) hh3 root); + assert (V.size_of (phashes hh3 p) == + 1ul + mt_path_length 0ul idx (MT?.j (B.get hh0 ncmt 0)) false); + + // correctness + mt_safe_elts_spec hh2 0ul hs i j; + assert (S.equal (lift_path hh3 mtframe p) + (MTH.mt_get_path_ 0 (RV.as_seq hh2 hs) (RV.as_seq hh2 rhs) + (U32.v i) (U32.v j) (U32.v idx) + (lift_path hh2 mtframe p) false)); + assert (MTH.mt_get_path + (mt_lift hh0 ncmt) (U32.v idx) (Rgl?.r_repr (hreg hsz) hh0 root) == + (U32.v (MT?.j (B.get hh3 ncmt 0)), + lift_path hh3 mtframe p, + Rgl?.r_repr (hreg hsz) hh3 root)); + j +#pop-options + +/// Flushing + +private val +mt_flush_to_modifies_rec_helper: + #hsz:hash_size_t -> + lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + h:HS.mem -> + Lemma (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (loc_union + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) == + loc_union + (RV.rv_loc_elems h hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) +#push-options "--initial_fuel 2 --max_fuel 2" +let mt_flush_to_modifies_rec_helper #hsz lv hs h = + assert (V.loc_vector_within hs lv (V.size_of hs) == + loc_union (V.loc_vector_within hs lv (lv + 1ul)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))); + RV.rs_loc_elems_rec_inverse (hvreg hsz) (V.as_seq h hs) (U32.v lv) (U32.v (V.size_of hs)); + assert (RV.rv_loc_elems h hs lv (V.size_of hs) == + loc_union (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs))); + loc_union_assoc_4 + (RV.rs_loc_elem (hvreg hsz) (V.as_seq h hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul)) + (RV.rv_loc_elems h hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs)) +#pop-options + +private +val mt_flush_to_: + hsz:hash_size_t -> + lv:uint32_t{lv < merkle_tree_size_lg} -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + pi:index_t -> + i:index_t{i >= pi} -> + j:Ghost.erased index_t{ + Ghost.reveal j >= i && + U32.v (Ghost.reveal j) < pow2 (32 - U32.v lv)} -> + HST.ST unit + (requires (fun h0 -> + RV.rv_inv h0 hs /\ + mt_safe_elts h0 lv hs pi (Ghost.reveal j))) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (loc_union + (RV.rv_loc_elems h0 hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) + h0 h1 /\ + RV.rv_inv h1 hs /\ + mt_safe_elts h1 lv hs i (Ghost.reveal j) /\ + // correctness + (mt_safe_elts_spec h0 lv hs pi (Ghost.reveal j); + S.equal (RV.as_seq h1 hs) + (MTH.mt_flush_to_ + (U32.v lv) (RV.as_seq h0 hs) (U32.v pi) + (U32.v i) (U32.v (Ghost.reveal j)))))) + (decreases (U32.v i)) +#restart-solver +#push-options "--z3rlimit 1500 --fuel 1 --ifuel 0" +let rec mt_flush_to_ hsz lv hs pi i j = + let hh0 = HST.get () in + + // Base conditions + mt_safe_elts_rec hh0 lv hs pi (Ghost.reveal j); + V.loc_vector_within_included hs 0ul lv; + V.loc_vector_within_included hs lv (lv + 1ul); + V.loc_vector_within_included hs (lv + 1ul) (V.size_of hs); + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + + let oi = offset_of i in + let opi = offset_of pi in + if oi = opi then mt_safe_elts_spec hh0 lv hs pi (Ghost.reveal j) + else begin + + /// 1) Flush hashes at the level `lv`, where the new vector is + /// not yet connected to `hs`. + let ofs = oi - opi in + let hvec = V.index hs lv in + let flushed:(rvector (hreg hsz)) = rv_flush_inplace hvec ofs in + let hh1 = HST.get () in + + // 1-0) Basic disjointness conditions for `RV.assign` + V.forall2_forall_left hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.forall2_forall_right hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.forall_preserved + hs 0ul lv + (fun b -> HH.disjoint (Rgl?.region_of (hvreg hsz) hvec) + (Rgl?.region_of (hvreg hsz) b)) + (RV.loc_rvector hvec) + hh0 hh1; + V.forall_preserved + hs (lv + 1ul) (V.size_of hs) + (fun b -> HH.disjoint (Rgl?.region_of (hvreg hsz) hvec) + (Rgl?.region_of (hvreg hsz) b)) + (RV.loc_rvector hvec) + hh0 hh1; + assert (Rgl?.region_of (hvreg hsz) hvec == Rgl?.region_of (hvreg hsz) flushed); + + // 1-1) For the `modifies` postcondition. + assert (modifies (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) hh0 hh1); + + // 1-2) Preservation + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; + + // 1-3) For `mt_safe_elts` + assert (V.size_of flushed == Ghost.reveal j - offset_of i); // head updated + mt_safe_elts_preserved + (lv + 1ul) hs (pi / 2ul) (Ghost.reveal j / 2ul) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; // tail not yet + + // 1-4) For the `rv_inv` postcondition + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) 0 (U32.v lv) (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v lv); + RV.rv_elems_inv_preserved + hs 0ul lv (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs 0ul lv); + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) + (U32.v lv + 1) (U32.v (V.size_of hs)) + (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + (U32.v lv + 1) (U32.v (V.size_of hs)); + RV.rv_elems_inv_preserved + hs (lv + 1ul) (V.size_of hs) (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs (lv + 1ul) (V.size_of hs)); + + assert (rv_itself_inv hh1 hs); + assert (elems_reg hh1 hs); + + // 1-5) Correctness + assert (S.equal (RV.as_seq hh1 flushed) + (S.slice (RV.as_seq hh0 (V.get hh0 hs lv)) (U32.v ofs) + (S.length (RV.as_seq hh0 (V.get hh0 hs lv))))); + + /// 2) Assign the flushed vector to `hs` at the level `lv`. + RV.assign hs lv flushed; + let hh2 = HST.get () in + + // 2-1) For the `modifies` postcondition. + assert (modifies (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2); + assert (modifies (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) hh0 hh2); + + // 2-2) Preservation + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-3) For `mt_safe_elts` + assert (V.size_of (V.get hh2 hs lv) == + Ghost.reveal j - offset_of i); + mt_safe_elts_preserved + (lv + 1ul) hs (pi / 2ul) (Ghost.reveal j / 2ul) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-4) Correctness + RV.as_seq_sub_preserved hs 0ul lv (loc_rvector flushed) hh0 hh1; + RV.as_seq_sub_preserved hs (lv + 1ul) merkle_tree_size_lg (loc_rvector flushed) hh0 hh1; + assert (S.equal (RV.as_seq hh2 hs) + (S.append + (RV.as_seq_sub hh0 hs 0ul lv) + (S.cons (RV.as_seq hh1 flushed) + (RV.as_seq_sub hh0 hs (lv + 1ul) merkle_tree_size_lg)))); + as_seq_sub_upd hh0 hs lv (RV.as_seq hh1 flushed); + + // if `lv = 31` then `pi <= i <= j < 2` thus `oi = opi`, + // contradicting the branch. + assert (lv + 1ul < merkle_tree_size_lg); + assert (U32.v (Ghost.reveal j / 2ul) < pow2 (32 - U32.v (lv + 1ul))); + assert (RV.rv_inv hh2 hs); + assert (mt_safe_elts hh2 (lv + 1ul) hs (pi / 2ul) (Ghost.reveal j / 2ul)); + + /// 3) Recursion + mt_flush_to_ hsz (lv + 1ul) hs (pi / 2ul) (i / 2ul) + (Ghost.hide (Ghost.reveal j / 2ul)); + let hh3 = HST.get () in + + // 3-0) Memory safety brought from the postcondition of the recursion + assert (modifies + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs)))) + hh0 hh3); + mt_flush_to_modifies_rec_helper lv hs hh0; + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + V.loc_vector_within_included hs lv (lv + 1ul); + RV.rv_loc_elems_included hh2 hs (lv + 1ul) (V.size_of hs); + assert (loc_disjoint + (V.loc_vector_within hs lv (lv + 1ul)) + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs))); + V.get_preserved hs lv + (loc_union + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + hh2 hh3; + assert (V.size_of (V.get hh3 hs lv) == + Ghost.reveal j - offset_of i); + assert (RV.rv_inv hh3 hs); + mt_safe_elts_constr hh3 lv hs i (Ghost.reveal j); + assert (mt_safe_elts hh3 lv hs i (Ghost.reveal j)); + + // 3-1) Correctness + mt_safe_elts_spec hh2 (lv + 1ul) hs (pi / 2ul) (Ghost.reveal j / 2ul); + assert (S.equal (RV.as_seq hh3 hs) + (MTH.mt_flush_to_ (U32.v lv + 1) (RV.as_seq hh2 hs) + (U32.v pi / 2) (U32.v i / 2) (U32.v (Ghost.reveal j) / 2))); + mt_safe_elts_spec hh0 lv hs pi (Ghost.reveal j); + MTH.mt_flush_to_rec + (U32.v lv) (RV.as_seq hh0 hs) + (U32.v pi) (U32.v i) (U32.v (Ghost.reveal j)); + assert (S.equal (RV.as_seq hh3 hs) + (MTH.mt_flush_to_ (U32.v lv) (RV.as_seq hh0 hs) + (U32.v pi) (U32.v i) (U32.v (Ghost.reveal j)))) + end +#pop-options + + +// `mt_flush_to` flushes old hashes in the Merkle tree. It removes hash elements +// from `MT?.i` to **`offset_of (idx - 1)`**, but maintains the tree structure, +// i.e., the tree still holds some old internal hashes (compressed from old +// hashes) which are required to generate Merkle paths for remaining hashes. +// +// Note that `mt_flush_to` (and `mt_flush`) always remain at least one base hash +// elements. If there are `MT?.j` number of elements in the tree, because of the +// precondition `MT?.i <= idx < MT?.j` we still have `idx`-th element after +// flushing. + +private inline_for_extraction +val mt_flush_to_pre_nst: mtv:merkle_tree -> idx:offset_t -> Tot bool +let mt_flush_to_pre_nst mtv idx = + offsets_connect (MT?.offset mtv) idx && + ([@inline_let] let idx = split_offset (MT?.offset mtv) idx in + idx >= MT?.i mtv && + idx < MT?.j mtv) + +val mt_flush_to_pre: mt:const_mt_p -> idx:offset_t -> HST.ST bool + (requires (fun h0 -> mt_safe h0 (CB.cast mt))) + (ensures (fun _ _ _ -> True)) +let mt_flush_to_pre mt idx = + let mt = CB.cast mt in + let h0 = HST.get() in + let mtv = !*mt in + mt_flush_to_pre_nst mtv idx + +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1" +val mt_flush_to: + mt:mt_p -> + idx:offset_t -> + HST.ST unit + (requires (fun h0 -> mt_safe h0 mt /\ mt_flush_to_pre_nst (B.get h0 mt 0) idx)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (mt_loc mt) h0 h1 /\ + mt_safe h1 mt /\ + // correctness + (let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + let off = MT?.offset mtv0 in + let idx = split_offset off idx in + MT?.hash_size mtv0 = MT?.hash_size mtv1 /\ + MTH.mt_flush_to (mt_lift h0 mt) (U32.v idx) == mt_lift h1 mt))) +let mt_flush_to mt idx = + let hh0 = HST.get () in + let mtv = !*mt in + let offset = MT?.offset mtv in + let j = MT?.j mtv in + let hsz = MT?.hash_size mtv in + let idx = split_offset offset idx in + let hs = MT?.hs mtv in + mt_flush_to_ hsz 0ul hs (MT?.i mtv) idx (Ghost.hide (MT?.j mtv)); + let hh1 = HST.get () in + RV.rv_loc_elems_included hh0 hs 0ul (V.size_of hs); + V.loc_vector_within_included hs 0ul (V.size_of hs); + RV.rv_inv_preserved + (MT?.rhs mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + RV.as_seq_preserved + (MT?.rhs mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + Rgl?.r_sep (hreg (MT?.hash_size mtv)) (MT?.mroot mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + mt *= MT (MT?.hash_size mtv) + (MT?.offset mtv) idx (MT?.j mtv) + hs + (MT?.rhs_ok mtv) (MT?.rhs mtv) + (MT?.mroot mtv) + (MT?.hash_spec mtv) (MT?.hash_fun mtv); + let hh2 = HST.get () in + RV.rv_inv_preserved (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.rv_inv_preserved (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + Rgl?.r_sep (hreg (MT?.hash_size mtv)) (MT?.mroot mtv) (B.loc_buffer mt) hh1 hh2; + mt_safe_elts_preserved 0ul hs idx (MT?.j mtv) (B.loc_buffer mt) hh1 hh2 +#pop-options + +private inline_for_extraction +val mt_flush_pre_nst: mt:merkle_tree -> Tot bool +let mt_flush_pre_nst mt = MT?.j mt > MT?.i mt + +val mt_flush_pre: mt:const_mt_p -> HST.ST bool (requires (fun h0 -> mt_safe h0 (CB.cast mt))) (ensures (fun _ _ _ -> True)) +let mt_flush_pre mt = mt_flush_pre_nst !*(CB.cast mt) + +val mt_flush: + mt:mt_p -> + HST.ST unit + (requires (fun h0 -> mt_safe h0 mt /\ mt_flush_pre_nst (B.get h0 mt 0))) + (ensures (fun h0 _ h1 -> + let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + // memory safety + modifies (mt_loc mt) h0 h1 /\ + mt_safe h1 mt /\ + // correctness + MT?.hash_size mtv0 = MT?.hash_size mtv1 /\ + MTH.mt_flush (mt_lift h0 mt) == mt_lift h1 mt)) +#push-options "--z3rlimit 200 --initial_fuel 1 --max_fuel 1" +let mt_flush mt = + let mtv = !*mt in + let off = MT?.offset mtv in + let j = MT?.j mtv in + let j1 = j - 1ul in + assert (j1 < uint32_32_max); + assert (off < uint64_max); + assert (UInt.fits (U64.v off + U32.v j1) 64); + let jo = join_offset off j1 in + mt_flush_to mt jo +#pop-options + + +/// Retraction + +private +val mt_retract_to_: + #hsz:hash_size_t -> + hs:hash_vv hsz {V.size_of hs = merkle_tree_size_lg} -> + lv:uint32_t{lv < V.size_of hs} -> + i:index_t -> + s:index_t -> + j:index_t{i <= s && s <= j && v j < pow2 (U32.v (V.size_of hs) - v lv)} + -> HST.ST unit + (requires (fun h0 -> + RV.rv_inv h0 hs /\ + mt_safe_elts h0 lv hs i j)) + (ensures (fun h0 _ h1 -> + // memory safety + (modifies (loc_union + (RV.rv_loc_elems h0 hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) + h0 h1) /\ + RV.rv_inv h1 hs /\ + mt_safe_elts h1 lv hs i s /\ + // correctness + (mt_safe_elts_spec h0 lv hs i j; + S.equal (RV.as_seq h1 hs) + (MTH.mt_retract_to_ + (RV.as_seq h0 hs) (U32.v lv) + (U32.v i) (U32.v s) (U32.v j))) + )) + (decreases (U32.v merkle_tree_size_lg - U32.v lv)) +#push-options "--z3rlimit 300 --initial_fuel 1 --max_fuel 1" +private +let rec mt_retract_to_ #hsz hs lv i s j = + let hh0 = HST.get () in + + // Base conditions + mt_safe_elts_rec hh0 lv hs i j; + V.loc_vector_within_included hs 0ul lv; + V.loc_vector_within_included hs lv (lv + 1ul); + V.loc_vector_within_included hs (lv + 1ul) (V.size_of hs); + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + + if lv >= V.size_of hs then () + else begin + + // 1) Retract hashes at level `lv`. + let hvec = V.index hs lv in + let old_len = j - offset_of i in + let new_len = s - offset_of i in + let retracted = RV.shrink hvec new_len in + + let hh1 = HST.get () in + + // 1-0) Basic disjointness conditions for `RV.assign` + V.forall2_forall_left hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.forall2_forall_right hh0 hs 0ul (V.size_of hs) lv + (fun b1 b2 -> HH.disjoint (Rgl?.region_of (hvreg hsz) b1) + (Rgl?.region_of (hvreg hsz) b2)); + V.forall_preserved + hs 0ul lv + (fun b -> HH.disjoint (Rgl?.region_of (hvreg hsz) hvec) + (Rgl?.region_of (hvreg hsz) b)) + (RV.loc_rvector hvec) + hh0 hh1; + V.forall_preserved + hs (lv + 1ul) (V.size_of hs) + (fun b -> HH.disjoint (Rgl?.region_of (hvreg hsz) hvec) + (Rgl?.region_of (hvreg hsz) b)) + (RV.loc_rvector hvec) + hh0 hh1; + assert (Rgl?.region_of (hvreg hsz) hvec == Rgl?.region_of (hvreg hsz) retracted); + + // 1-1) For the `modifies` postcondition. + assert (modifies (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) hh0 hh1); + + // 1-2) Preservation + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; + + // 1-3) For `mt_safe_elts` + assert (V.size_of retracted == new_len); + mt_safe_elts_preserved + (lv + 1ul) hs (i / 2ul) (j / 2ul) + (RV.loc_rvector (V.get hh0 hs lv)) hh0 hh1; + + // 1-4) For the `rv_inv` postcondition + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) 0 (U32.v lv) (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v lv); + RV.rv_elems_inv_preserved + hs 0ul lv (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs 0ul lv); + RV.rs_loc_elems_elem_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + 0 (U32.v (V.size_of hs)) + (U32.v lv + 1) (U32.v (V.size_of hs)) + (U32.v lv); + RV.rs_loc_elems_parent_disj + (hvreg hsz) (V.as_seq hh0 hs) (V.frameOf hs) + (U32.v lv + 1) (U32.v (V.size_of hs)); + RV.rv_elems_inv_preserved + hs (lv + 1ul) (V.size_of hs) (RV.loc_rvector (V.get hh0 hs lv)) + hh0 hh1; + assert (RV.rv_elems_inv hh1 hs (lv + 1ul) (V.size_of hs)); + + assert (rv_itself_inv hh1 hs); + assert (elems_reg hh1 hs); + + // 1-5) Correctness + assert (S.equal (RV.as_seq hh1 retracted) + (S.slice (RV.as_seq hh0 (V.get hh0 hs lv)) 0 (U32.v new_len))); + + RV.assign hs lv retracted; + + let hh2 = HST.get() in + + // 2-1) For the `modifies` postcondition. + assert (modifies (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2); + assert (modifies (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) hh0 hh2); + + // 2-2) Preservation + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + RV.rv_loc_elems_preserved + hs (lv + 1ul) (V.size_of hs) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-3) For `mt_safe_elts` + assert (V.size_of (V.get hh2 hs lv) == s - offset_of i); + mt_safe_elts_preserved + (lv + 1ul) hs (i / 2ul) (j / 2ul) + (V.loc_vector_within hs lv (lv + 1ul)) hh1 hh2; + + // 2-4) Correctness + RV.as_seq_sub_preserved hs 0ul lv (loc_rvector retracted) hh0 hh1; + RV.as_seq_sub_preserved hs (lv + 1ul) merkle_tree_size_lg (loc_rvector retracted) hh0 hh1; + assert (S.equal (RV.as_seq hh2 hs) + (S.append + (RV.as_seq_sub hh0 hs 0ul lv) + (S.cons (RV.as_seq hh1 retracted) + (RV.as_seq_sub hh0 hs (lv + 1ul) merkle_tree_size_lg)))); + as_seq_sub_upd hh0 hs lv (RV.as_seq hh1 retracted); + + if lv + 1ul < V.size_of hs then + begin + assert (mt_safe_elts hh2 (lv + 1ul) hs (i / 2ul) (j / 2ul)); + mt_safe_elts_spec hh2 (lv + 1ul) hs (i / 2ul) (j / 2ul); + + mt_retract_to_ hs (lv + 1ul) (i / 2ul) (s / 2ul) (j / 2ul); + + // 3-0) Memory safety brought from the postcondition of the recursion + let hh3 = HST.get () in + assert (modifies + (loc_union + (loc_union + (RV.rs_loc_elem (hvreg hsz) (V.as_seq hh0 hs) (U32.v lv)) + (V.loc_vector_within hs lv (lv + 1ul))) + (loc_union + (RV.rv_loc_elems hh0 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs)))) + hh0 hh3); + mt_flush_to_modifies_rec_helper lv hs hh0; + V.loc_vector_within_disjoint hs lv (lv + 1ul) (lv + 1ul) (V.size_of hs); + V.loc_vector_within_included hs lv (lv + 1ul); + RV.rv_loc_elems_included hh2 hs (lv + 1ul) (V.size_of hs); + assert (loc_disjoint + (V.loc_vector_within hs lv (lv + 1ul)) + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs))); + V.get_preserved hs lv + (loc_union + (RV.rv_loc_elems hh2 hs (lv + 1ul) (V.size_of hs)) + (V.loc_vector_within hs (lv + 1ul) (V.size_of hs))) + hh2 hh3; + assert (V.size_of (V.get hh3 hs lv) == s - offset_of i); + assert (RV.rv_inv hh3 hs); + mt_safe_elts_constr hh3 lv hs i s; + assert (mt_safe_elts hh3 lv hs i s); + + // 3-1) Correctness + mt_safe_elts_spec hh2 (lv + 1ul) hs (i / 2ul) (j / 2ul); + assert (U32.v lv + 1 < S.length (RV.as_seq hh3 hs) ==> + S.equal (RV.as_seq hh3 hs) + (MTH.mt_retract_to_ (RV.as_seq hh2 hs) (U32.v lv + 1) + (U32.v i / 2) (U32.v s / 2) (U32.v j / 2))); + assert (RV.rv_inv hh0 hs); + assert (mt_safe_elts hh0 lv hs i j); + mt_safe_elts_spec hh0 lv hs i j; + assert (S.equal (RV.as_seq hh3 hs) + (MTH.mt_retract_to_ (RV.as_seq hh0 hs) (U32.v lv) + (U32.v i) (U32.v s) (U32.v j))) + end + else begin + let hh3 = HST.get() in + assert ((modifies (loc_union + (RV.rv_loc_elems hh0 hs lv (V.size_of hs)) + (V.loc_vector_within hs lv (V.size_of hs))) + hh0 hh3)); + assert (RV.rv_inv hh3 hs /\ mt_safe_elts hh3 lv hs i s); + mt_safe_elts_spec hh0 lv hs i j; + assert (S.equal (RV.as_seq hh3 hs) + (MTH.mt_retract_to_ + (RV.as_seq hh0 hs) (U32.v lv) + (U32.v i) (U32.v s) (U32.v j))) + end + end +#pop-options + +private inline_for_extraction +val mt_retract_to_pre_nst: mtv:merkle_tree -> r:offset_t -> Tot bool +let mt_retract_to_pre_nst mtv r = + offsets_connect (MT?.offset mtv) r && + ([@inline_let] let r = split_offset (MT?.offset mtv) r in + MT?.i mtv <= r && r < MT?.j mtv) + +val mt_retract_to_pre: mt:const_mt_p -> r:offset_t -> HST.ST bool + (requires (fun h0 -> mt_safe h0 (CB.cast mt))) + (ensures (fun _ _ _ -> True)) +let mt_retract_to_pre mt r = + let mt = CB.cast mt in + let h0 = HST.get() in + let mtv = !*mt in + mt_retract_to_pre_nst mtv r +#push-options "--z3rlimit 100" +val mt_retract_to: + mt:mt_p -> + r:offset_t -> + HST.ST unit + (requires (fun h0 -> mt_safe h0 mt /\ mt_retract_to_pre_nst (B.get h0 mt 0) r)) + (ensures (fun h0 _ h1 -> + // memory safety + modifies (mt_loc mt) h0 h1 /\ + mt_safe h1 mt /\ + // correctness + (let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + let off = MT?.offset mtv0 in + let r = split_offset off r in + MT?.hash_size mtv0 = MT?.hash_size mtv1 /\ + MTH.mt_retract_to (mt_lift h0 mt) (U32.v r) == mt_lift h1 mt))) +let mt_retract_to mt r = + let hh0 = HST.get () in + let mtv = !*mt in + let offset = MT?.offset mtv in + let r = split_offset offset r in + let hs = MT?.hs mtv in + mt_retract_to_ hs 0ul (MT?.i mtv) (r + 1ul) (MT?.j mtv); + let hh1 = HST.get () in + RV.rv_loc_elems_included hh0 hs 0ul (V.size_of hs); + V.loc_vector_within_included hs 0ul (V.size_of hs); + RV.rv_inv_preserved + (MT?.rhs mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + RV.as_seq_preserved + (MT?.rhs mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + Rgl?.r_sep (hreg (MT?.hash_size mtv)) (MT?.mroot mtv) + (loc_union + (RV.rv_loc_elems hh0 hs 0ul (V.size_of hs)) + (V.loc_vector_within hs 0ul (V.size_of hs))) + hh0 hh1; + mt *= MT (MT?.hash_size mtv) (MT?.offset mtv) (MT?.i mtv) (r+1ul) hs false (MT?.rhs mtv) (MT?.mroot mtv) (MT?.hash_spec mtv) (MT?.hash_fun mtv); + let hh2 = HST.get () in + RV.rv_inv_preserved (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.rv_inv_preserved (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved (MT?.hs mtv) (B.loc_buffer mt) hh1 hh2; + RV.as_seq_preserved (MT?.rhs mtv) (B.loc_buffer mt) hh1 hh2; + Rgl?.r_sep (hreg (MT?.hash_size mtv)) (MT?.mroot mtv) (B.loc_buffer mt) hh1 hh2; + mt_safe_elts_preserved 0ul hs (MT?.i mtv) (r+1ul) (B.loc_buffer mt) hh1 hh2 +#pop-options + + +/// Client-side verification + +private +val mt_verify_: + #hsz:hash_size_t -> + #hash_spec:MTS.hash_fun_t #(U32.v hsz) -> + k:index_t -> + j:index_t{k <= j} -> + mtr:HH.rid -> + p:const_path_p -> + ppos:uint32_t -> + acc:hash #hsz -> + actd:bool -> + hash_fun:hash_fun_t #hsz #hash_spec -> + HST.ST unit + (requires (fun h0 -> + let p = CB.cast p in + path_safe h0 mtr p /\ Rgl?.r_inv (hreg hsz) h0 acc /\ + Path?.hash_size (B.get h0 p 0) = hsz /\ + HH.disjoint (B.frameOf p) (B.frameOf acc) /\ + HH.disjoint mtr (B.frameOf acc) /\ + // Below is a very relaxed condition, + // but sufficient to ensure (+) for uint32_t is sound. + ppos <= 64ul - mt_path_length 0ul k j actd /\ + ppos + mt_path_length 0ul k j actd <= V.size_of (phashes h0 p))) + (ensures (fun h0 _ h1 -> + let p = CB.cast p in + // memory safety + modifies (B.loc_all_regions_from false (B.frameOf acc)) h0 h1 /\ + Rgl?.r_inv (hreg hsz) h1 acc /\ + // correctness + Rgl?.r_repr (hreg hsz) h1 acc == + MTH.mt_verify_ #(U32.v hsz) #hash_spec (U32.v k) (U32.v j) (lift_path h0 mtr p) + (U32.v ppos) (Rgl?.r_repr (hreg hsz) h0 acc) actd)) +#push-options "--z3rlimit 200 --initial_fuel 1 --max_fuel 1" +let rec mt_verify_ #hsz #hash_spec k j mtr p ppos acc actd hash_fun = + let ncp:path_p = CB.cast p in + let hh0 = HST.get () in + if j = 0ul then () + else (let nactd = actd || (j % 2ul = 1ul) in + if k % 2ul = 0ul then begin + if j = k || (j = k + 1ul && not actd) then + mt_verify_ (k / 2ul) (j / 2ul) mtr p ppos acc nactd hash_fun + else begin + let ncpd = !*ncp in + let phash = V.index (Path?.hashes ncpd) ppos in + hash_fun acc phash acc; + let hh1 = HST.get () in + path_preserved mtr ncp + (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + lift_path_index hh0 mtr ncp ppos; + assert (Rgl?.r_repr (hreg hsz) hh1 acc == + hash_spec (Rgl?.r_repr (hreg hsz) hh0 acc) + (S.index (lift_path #hsz hh0 mtr ncp) (U32.v ppos))); + mt_verify_ (k / 2ul) (j / 2ul) mtr p (ppos + 1ul) acc nactd hash_fun + end + end + else begin + let ncpd = !*ncp in + let phash = V.index (Path?.hashes ncpd) ppos in + hash_fun phash acc acc; + let hh1 = HST.get () in + path_preserved mtr ncp + (B.loc_all_regions_from false (B.frameOf acc)) hh0 hh1; + lift_path_index hh0 mtr ncp ppos; + assert (Rgl?.r_repr (hreg hsz) hh1 acc == + hash_spec (S.index (lift_path #hsz hh0 mtr ncp) (U32.v ppos)) + (Rgl?.r_repr (hreg hsz) hh0 acc)); + mt_verify_ (k / 2ul) (j / 2ul) mtr p (ppos + 1ul) acc nactd hash_fun + end) +#pop-options + +private inline_for_extraction +val mt_verify_pre_nst: mt:merkle_tree -> k:offset_t -> j:offset_t -> p:path -> rt:(hash #(MT?.hash_size mt)) -> Tot bool +let mt_verify_pre_nst mt k j p rt = + k < j && + offsets_connect (MT?.offset mt) k && + offsets_connect (MT?.offset mt) j && + MT?.hash_size mt = Path?.hash_size p && + ([@inline_let] let k = split_offset (MT?.offset mt) k in + [@inline_let] let j = split_offset (MT?.offset mt) j in + // We need to add one since the first element is the hash to verify. + V.size_of (Path?.hashes p) = 1ul + mt_path_length 0ul k j false) + +val mt_verify_pre: + #hsz:Ghost.erased hash_size_t -> + mt:const_mt_p -> + k:uint64_t -> + j:uint64_t -> + mtr:HH.rid -> + p:const_path_p -> + rt:hash #hsz -> + HST.ST bool + (requires (fun h0 -> + let mt = CB.cast mt in + let p = CB.cast p in + let mtv0 = B.get h0 mt 0 in + MT?.hash_size mtv0 = Ghost.reveal hsz /\ + mt_safe h0 mt /\ + path_safe h0 mtr p /\ Rgl?.r_inv (hreg hsz) h0 rt /\ + HST.is_eternal_region (B.frameOf rt) /\ + HH.disjoint (B.frameOf p) (B.frameOf rt) /\ + HH.disjoint mtr (B.frameOf rt))) + (ensures (fun _ _ _ -> True)) +let mt_verify_pre #hsz mt k j mtr p rt = + let mt = CB.cast mt in + let p = CB.cast p in + let mtv = !*mt in + mt_verify_pre_nst mtv k j !*p rt + +// `mt_verify` verifies a Merkle path `p` with given target index `k` and +// the number of elements `j`. It recursively iterates the path with an +// accumulator `acc` (a compressed hash). +// +// Note that `mt_path_length` is given as a precondition of this operation. +// This is a postcondition of `mt_get_path` so we can call `mt_verify` with +// every path generated by `mt_get_path`. +#push-options "--z3rlimit 20" +val mt_verify: + #hsz:Ghost.erased hash_size_t -> + #hash_spec:MTS.hash_fun_t #(U32.v hsz) -> + mt:const_mt_p -> + k:uint64_t -> + j:uint64_t -> + mtr:HH.rid -> + p:const_path_p -> + rt:hash #hsz -> + HST.ST bool + (requires (fun h0 -> + let mt = CB.cast mt in + let p = CB.cast p in + let mtv0 = B.get h0 mt 0 in + MT?.hash_size mtv0 = Ghost.reveal hsz /\ + Path?.hash_size (B.get h0 p 0) = Ghost.reveal hsz /\ + Ghost.reveal (MT?.hash_spec mtv0) == hash_spec /\ + mt_safe h0 mt /\ + path_safe h0 mtr p /\ Rgl?.r_inv (hreg hsz) h0 rt /\ + HST.is_eternal_region (B.frameOf rt) /\ + HH.disjoint (B.frameOf p) (B.frameOf rt) /\ + HH.disjoint mtr (B.frameOf rt) /\ + mt_verify_pre_nst (B.get h0 mt 0) k j (B.get h0 p 0) rt)) + (ensures (fun h0 b h1 -> + let mt = CB.cast mt in + let p = CB.cast p in + let mtv0 = B.get h0 mt 0 in + let mtv1 = B.get h1 mt 0 in + MT?.hash_size mtv0 = Ghost.reveal hsz /\ + MT?.hash_size mtv1 = Ghost.reveal hsz /\ + // memory safety: + // `rt` is not modified in this function, but we use a trick + // to allocate an auxiliary buffer in the extended region of `rt`. + modifies (B.loc_all_regions_from false (B.frameOf rt)) h0 h1 /\ + Rgl?.r_inv (hreg hsz) h1 rt /\ + // correctness + S.equal (Rgl?.r_repr (hreg hsz) h0 rt) (Rgl?.r_repr (hreg hsz) h1 rt) /\ + (let mtv = B.get h0 mt 0 in + let k = split_offset (MT?.offset mtv) k in + let j = split_offset (MT?.offset mtv) j in + b <==> MTH.mt_verify #(U32.v hsz) #hash_spec (U32.v k) (U32.v j) + (lift_path h0 mtr p) (Rgl?.r_repr (hreg hsz) h0 rt)))) +#pop-options +#push-options "--z3rlimit 200 --initial_fuel 2 --max_fuel 2 --initial_ifuel 1 --max_ifuel 1" +let mt_verify #_ #hash_spec mt k j mtr p rt = + let ncmt = CB.cast mt in + let ncp = CB.cast p in + let mtv = !*ncmt in + let hash_size = MT?.hash_size mtv in + let hrg = hreg hash_size in + let k = split_offset (MT?.offset mtv) k in + let j = split_offset (MT?.offset mtv) j in + let hh0 = HST.get () in + let nrid = HST.new_region (B.frameOf rt) in + let ih = rg_alloc hrg nrid in + let pth = !*ncp in + assert (MT?.hash_size mtv = hash_size); + assert (Path?.hash_size pth = hash_size); + let first = V.index (Path?.hashes pth) 0ul in + Cpy?.copy (hcpy hash_size) hash_size first ih; + let hh1 = HST.get () in + path_safe_preserved + mtr ncp (B.loc_all_regions_from false (B.frameOf rt)) hh0 hh1; + path_preserved mtr ncp (B.loc_all_regions_from false (B.frameOf rt)) hh0 hh1; + lift_path_index hh0 mtr ncp 0ul; + assert (Rgl?.r_repr hrg hh1 ih == S.index (lift_path #hash_size hh0 mtr ncp) 0); + mt_verify_ #hash_size #hash_spec k j mtr p 1ul ih false (MT?.hash_fun mtv); + let hh2 = HST.get () in + assert (Rgl?.r_repr hrg hh2 ih == + MTH.mt_verify_ #(U32.v hash_size) #hash_spec (U32.v k) (U32.v j) (lift_path hh1 mtr ncp) + 1 (Rgl?.r_repr hrg hh1 ih) false); + let r = Lib.ByteBuffer.lbytes_eq #hash_size ih rt in + rg_free hrg ih; + r +#pop-options diff --git a/src/MerkleTree.New.High.Correct.Base.fst b/src/MerkleTree.New.High.Correct.Base.fst new file mode 100644 index 0000000..e023ce6 --- /dev/null +++ b/src/MerkleTree.New.High.Correct.Base.fst @@ -0,0 +1,663 @@ +module MerkleTree.New.High.Correct.Base + +open FStar.Classical +open FStar.Ghost +open FStar.Seq + +module S = FStar.Seq + +module MTS = MerkleTree.Spec +open MerkleTree.New.High + +#set-options "--z3rlimit 40 --max_fuel 0 --max_ifuel 0" + +/// Sequence helpers + +val seq_prefix: + #a:Type -> s1:S.seq a -> + s2:S.seq a{S.length s1 <= S.length s2} -> + GTot Type0 +let seq_prefix #a s1 s2 = + S.equal s1 (S.slice s2 0 (S.length s1)) + +val seq_head_cons: + #a:Type -> x:a -> s:S.seq a -> + Lemma (S.head (S.cons x s) == x) + [SMTPat (S.cons x s)] +let seq_head_cons #a x s = () + +val seq_tail_cons: + #a:Type -> x:a -> s:S.seq a -> + Lemma (S.equal (S.tail (S.cons x s)) s) + [SMTPat (S.cons x s)] +let seq_tail_cons #a x s = () + +/// Invariants and simulation relation of high-level Merkle tree design + +// Invariants of internal hashes + +val empty_hashes: (#hsz:pos) -> (len:nat) -> GTot (hs:hashess #hsz {S.length hs = len}) +let empty_hashes #hsz len = S.create len S.empty + +val empty_hashes_head: + #hsz:pos -> + len:nat{len > 0} -> + Lemma (S.head (empty_hashes #hsz len) == S.empty) +let empty_hashes_head #_ _ = () + +val empty_hashes_tail: + #hsz:pos -> + len:nat{len > 0} -> + Lemma (S.equal (S.tail (empty_hashes len)) + (empty_hashes #hsz (len - 1))) +let empty_hashes_tail #_ _ = () + +#push-options "--max_fuel 1" +val mt_hashes_lth_inv: + #hsz:pos -> + lv:nat{lv <= 32} -> + j:nat{j < pow2 (32 - lv)} -> + fhs:hashess #hsz {S.length fhs = 32} -> + GTot Type0 (decreases (32 - lv)) +let rec mt_hashes_lth_inv #hsz lv j fhs = + if lv = 32 then true + else (S.length (S.index fhs lv) == j /\ + mt_hashes_lth_inv (lv + 1) (j / 2) fhs) + +val mt_hashes_lth_inv_empty: + #hsz:pos -> + lv:nat{lv <= 32} -> + Lemma (requires True) + (ensures mt_hashes_lth_inv lv 0 (empty_hashes #hsz 32)) + (decreases (32 - lv)) +let rec mt_hashes_lth_inv_empty #hsz lv = + if lv = 32 then () + else mt_hashes_lth_inv_empty #hsz (lv + 1) + +val mt_hashes_next_rel: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + GTot Type0 +let mt_hashes_next_rel #hsz #f j hs nhs = + forall (i:nat{i < j / 2}). + S.index nhs i == + f (S.index hs (op_Multiply 2 i)) + (S.index hs (op_Multiply 2 i + 1)) +#pop-options + +#push-options "--max_fuel 2" +val mt_hashes_inv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + j:nat{j < pow2 (32 - lv)} -> + fhs:hashess #hsz {S.length fhs = 32 /\ mt_hashes_lth_inv lv j fhs} -> + GTot Type0 (decreases (32 - lv)) +let rec mt_hashes_inv #hsz #f lv j fhs = + if lv = 31 then true + else (mt_hashes_next_rel #_ #f j (S.index fhs lv) (S.index fhs (lv + 1)) /\ + mt_hashes_inv #_ #f (lv + 1) (j / 2) fhs) + +val mt_hashes_inv_empty: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + Lemma (requires True) + (ensures (mt_hashes_lth_inv_empty #hsz lv; + mt_hashes_inv #hsz #f lv 0 (empty_hashes #hsz 32))) + (decreases (32 - lv)) +let rec mt_hashes_inv_empty #hsz #f lv = + if lv = 31 then () + else (mt_hashes_lth_inv_empty #hsz (lv + 1); + mt_hashes_inv_empty #_ #f (lv + 1)) + +val mt_hashes_lth_inv_equiv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + j:nat{j < pow2 (32 - lv)} -> + fhs1:hashess{S.length fhs1 = 32} -> + fhs2:hashess{S.length fhs2 = 32} -> + Lemma (requires mt_hashes_lth_inv lv j fhs1 /\ + S.equal (S.slice fhs1 lv 32) (S.slice fhs2 lv 32)) + (ensures mt_hashes_lth_inv #hsz lv j fhs2) + (decreases (32 - lv)) +let rec mt_hashes_lth_inv_equiv #hsz #f lv j fhs1 fhs2 = + if lv = 31 then () + else (assert (S.index fhs1 lv == S.index fhs2 lv); + mt_hashes_lth_inv_equiv #_ #f (lv + 1) (j / 2) fhs1 fhs2) +#pop-options + +#push-options "--max_fuel 1" +val mt_hashes_inv_equiv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + j:nat{j < pow2 (32 - lv)} -> + fhs1:hashess #hsz {S.length fhs1 = 32 /\ mt_hashes_lth_inv lv j fhs1} -> + fhs2:hashess #hsz {S.length fhs2 = 32 /\ mt_hashes_lth_inv lv j fhs2} -> + Lemma (requires mt_hashes_inv #_ #f lv j fhs1 /\ + S.equal (S.slice fhs1 lv 32) (S.slice fhs2 lv 32)) + (ensures mt_hashes_inv #_ #f lv j fhs2) + (decreases (32 - lv)) +let rec mt_hashes_inv_equiv #hsz #f lv j fhs1 fhs2 = + if lv = 31 then () + else (assert (S.index fhs1 lv == S.index fhs2 lv); + assert (S.index fhs1 (lv + 1) == S.index fhs2 (lv + 1)); + mt_hashes_inv_equiv #_ #f (lv + 1) (j / 2) fhs1 fhs2) + +val merge_hs: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs1:hashess #hsz -> + hs2:hashess #hsz {S.length hs1 = S.length hs2} -> + GTot (mhs:hashess #hsz {S.length mhs = S.length hs1}) + (decreases (S.length hs1)) +let rec merge_hs #hsz #f hs1 hs2 = + if S.length hs1 = 0 then S.empty + else (S.cons (S.append (S.head hs1) (S.head hs2)) + (merge_hs #_ #f (S.tail hs1) (S.tail hs2))) + +val merge_hs_empty: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + len:nat -> + Lemma (S.equal (merge_hs #_ #f (empty_hashes #hsz len) (empty_hashes #hsz len)) + (empty_hashes #hsz len)) +let rec merge_hs_empty #hsz #f len = + if len = 0 then () + else (empty_hashes_head #hsz len; + empty_hashes_tail #hsz len; + assert (S.equal (S.append #(hash #hsz) S.empty S.empty) + (S.empty #(hash #hsz))); + assert (S.equal (merge_hs #_ #f (empty_hashes len) (empty_hashes len)) + (S.cons S.empty + (merge_hs #_ #f (empty_hashes (len - 1)) + (empty_hashes (len - 1))))); + merge_hs_empty #_ #f (len - 1)) + +val merge_hs_index: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs1:hashess -> + hs2:hashess{S.length hs1 = S.length hs2} -> + i:nat{i < S.length hs1} -> + Lemma (requires True) + (ensures S.equal (S.index (merge_hs #_ #f hs1 hs2) i) + (S.append (S.index hs1 i) (S.index hs2 i))) + (decreases (S.length hs1)) + [SMTPat (S.index (merge_hs #_ #f hs1 hs2) i)] +let rec merge_hs_index #hsz #f hs1 hs2 i = + if S.length hs1 = 0 then () + else if i = 0 then () + else merge_hs_index #_ #f (S.tail hs1) (S.tail hs2) (i - 1) + +val merge_hs_slice_equal: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + ahs1:hashess #hsz -> + ahs2:hashess #hsz {S.length ahs1 = S.length ahs2} -> + bhs1:hashess #hsz -> + bhs2:hashess #hsz {S.length bhs1 = S.length bhs2} -> + i:nat -> j:nat{i <= j && j <= S.length ahs1 && j <= S.length bhs1} -> + Lemma (requires S.equal (S.slice ahs1 i j) (S.slice bhs1 i j) /\ + S.equal (S.slice ahs2 i j) (S.slice bhs2 i j)) + (ensures S.equal (S.slice (merge_hs #_ #f ahs1 ahs2) i j) + (S.slice (merge_hs #_ #f bhs1 bhs2) i j)) + (decreases (j - i)) +let rec merge_hs_slice_equal #_ #f ahs1 ahs2 bhs1 bhs2 i j = + if i = j then () + else (assert (S.index ahs1 i == S.index bhs1 i); + assert (S.index ahs2 i == S.index bhs2 i); + merge_hs_slice_equal #_ #f ahs1 ahs2 bhs1 bhs2 (i + 1) j) + +val merge_hs_upd: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs1:hashess #hsz -> + hs2:hashess #hsz {S.length hs1 = S.length hs2} -> + i:nat{i < S.length hs1} -> + v1:hashes #hsz -> v2:hashes #hsz -> + Lemma (requires S.equal (S.append (S.index hs1 i) (S.index hs2 i)) + (S.append v1 v2)) + (ensures S.equal (merge_hs #_ #f hs1 hs2) + (merge_hs #_ #f (S.upd hs1 i v1) (S.upd hs2 i v2))) + (decreases i) +let rec merge_hs_upd #_ #f hs1 hs2 i v1 v2 = + if S.length hs1 = 0 then () + else if i = 0 then () + else merge_hs_upd #_ #f (S.tail hs1) (S.tail hs2) (i - 1) v1 v2 + +val mt_olds_inv: + #hsz:pos -> + lv:nat{lv <= 32} -> + i:nat -> + olds:hashess #hsz {S.length olds = 32} -> + GTot Type0 (decreases (32 - lv)) +let rec mt_olds_inv #hsz lv i olds = + if lv = 32 then true + else (let ofs = offset_of i in + S.length (S.index olds lv) == ofs /\ + mt_olds_inv #hsz (lv + 1) (i / 2) olds) + +val mt_olds_inv_equiv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + i:nat -> + olds1:hashess #hsz {S.length olds1 = 32} -> + olds2:hashess #hsz {S.length olds2 = 32} -> + Lemma (requires mt_olds_inv #hsz lv i olds1 /\ + S.equal (S.slice olds1 lv 32) (S.slice olds2 lv 32)) + (ensures mt_olds_inv #hsz lv i olds2) + (decreases (32 - lv)) +let rec mt_olds_inv_equiv #hsz #f lv i olds1 olds2 = + if lv = 32 then () + else (assert (S.index olds1 lv == S.index olds2 lv); + mt_olds_inv_equiv #_ #f (lv + 1) (i / 2) olds1 olds2) + +val mt_olds_hs_lth_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts #hsz lv hs i j} -> + Lemma (requires True) + (ensures mt_hashes_lth_inv #hsz lv j (merge_hs #_ #f olds hs)) + (decreases (32 - lv)) +let rec mt_olds_hs_lth_inv_ok #hsz #f lv i j olds hs = + if lv = 32 then () + else (mt_olds_hs_lth_inv_ok #_ #f (lv + 1) (i / 2) (j / 2) olds hs) + +val mt_olds_hs_inv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts #hsz lv hs i j} -> + GTot Type0 +let mt_olds_hs_inv #hsz #f lv i j olds hs = + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_inv #_ #f lv j (merge_hs #_ #f olds hs) + +// Relation between valid internal hashes (satisfying `mt_olds_hs_inv`) and +// the spec. While giving such relation, all rightmost hashes are recovered. +// Note that `MT?.rhs` after `construct_rhs` does NOT contain all rightmost +// hashes; it has partial rightmost hashes that are enough to calculate +// Merkle paths. + +val log2: n:nat{n > 0} -> GTot (c:nat{pow2 c <= n && n < pow2 (c+1)}) +let rec log2 n = + if n = 1 then 0 + else 1 + log2 (n / 2) + +val log2_bound: + n:nat{n > 0} -> c:nat{n < pow2 c} -> + Lemma (log2 n <= c-1) +let rec log2_bound n c = + if n = 1 then () + else log2_bound (n / 2) (c - 1) + +val log2_div: + n:nat{n > 1} -> + Lemma (log2 (n / 2) = log2 n - 1) +let log2_div n = () + +val log2c: + n:nat -> + GTot (c:nat{c = 0 || (pow2 (c-1) <= n && n < pow2 c)}) +let log2c n = + if n = 0 then 0 else (log2 n + 1) + +val log2c_div: + n:nat{n > 0} -> + Lemma (log2c (n / 2) = log2c n - 1) +let log2c_div n = () + +val log2c_bound: + n:nat -> c:nat{n < pow2 c} -> + Lemma (log2c n <= c) +let rec log2c_bound n c = + if n = 0 then () + else log2c_bound (n / 2) (c - 1) + +val mt_hashes_lth_inv_log: + #hsz:pos -> + j:nat -> + fhs:hashess #hsz {S.length fhs = log2c j} -> + GTot Type0 (decreases j) +let rec mt_hashes_lth_inv_log #hsz j fhs = + if j = 0 then true + else (S.length (S.head fhs) == j /\ + mt_hashes_lth_inv_log #hsz (j / 2) (S.tail fhs)) +#pop-options + +#push-options "--max_fuel 2" +val mt_hashes_lth_inv_log_next: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + fhs:hashess #hsz {S.length fhs = log2c j} -> + Lemma (requires mt_hashes_lth_inv_log #hsz j fhs) + (ensures S.length (S.head fhs) == j /\ + S.length (S.head (S.tail fhs)) == j / 2) +let mt_hashes_lth_inv_log_next #_ #_ _ _ = () + +val mt_hashes_inv_log: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + fhs:hashess #hsz {S.length fhs = log2c j /\ mt_hashes_lth_inv_log #hsz j fhs} -> + GTot Type0 (decreases j) +let rec mt_hashes_inv_log #hsz #f j fhs = + if j <= 1 then true + else (mt_hashes_next_rel #_ #f j (S.index fhs 0) (S.index fhs 1) /\ + mt_hashes_inv_log #_ #f (j / 2) (S.tail fhs)) + +val mt_hashes_lth_inv_log_converted_: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + j:nat{j < pow2 (32 - lv)} -> + fhs:hashess #hsz {S.length fhs = 32} -> + Lemma (requires mt_hashes_lth_inv #hsz lv j fhs) + (ensures (log2c_bound j (32 - lv); + mt_hashes_lth_inv_log #hsz j (S.slice fhs lv (lv + log2c j)))) + (decreases j) +let rec mt_hashes_lth_inv_log_converted_ #_ #f lv j fhs = + if j = 0 then () + else (log2c_bound (j / 2) (32 - (lv + 1)); + mt_hashes_lth_inv_log_converted_ #_ #f (lv + 1) (j / 2) fhs) + +val mt_hashes_lth_inv_log_converted: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j < pow2 32} -> + fhs:hashess #hsz {S.length fhs = 32} -> + Lemma (requires mt_hashes_lth_inv #hsz 0 j fhs) + (ensures (log2c_bound j 32; + mt_hashes_lth_inv_log #hsz j (S.slice fhs 0 (log2c j)))) +let mt_hashes_lth_inv_log_converted #_ #f j fhs = + mt_hashes_lth_inv_log_converted_ #_ #f 0 j fhs + +val mt_hashes_inv_log_converted_: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + j:nat{j > 0 && j < pow2 (32 - lv)} -> + fhs:hashess #hsz {S.length fhs = 32 /\ mt_hashes_lth_inv #hsz lv j fhs} -> + Lemma (requires mt_hashes_inv #_ #f lv j fhs) + (ensures (log2c_bound j (32 - lv); + mt_hashes_lth_inv_log_converted_ #_ #f lv j fhs; + mt_hashes_inv_log #_ #f j (S.slice fhs lv (lv + log2c j)))) + (decreases j) +#pop-options + +#push-options "--z3rlimit 50 --initial_fuel 2 --max_fuel 2" +let rec mt_hashes_inv_log_converted_ #_ #f lv j fhs = + if j = 1 then () + else (log2c_bound (j / 2) (32 - (lv + 1)); + mt_hashes_lth_inv_log_converted_ #_ #f (lv + 1) (j / 2) fhs; + mt_hashes_inv_log_converted_ #_ #f (lv + 1) (j / 2) fhs) +#pop-options + +val mt_hashes_inv_log_converted: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 0 && j < pow2 32} -> + fhs:hashess #hsz {S.length fhs = 32 /\ mt_hashes_lth_inv #hsz 0 j fhs} -> + Lemma (requires mt_hashes_inv #_ #f 0 j fhs) + (ensures (log2c_bound j 32; + mt_hashes_lth_inv_log_converted_ #_ #f 0 j fhs; + mt_hashes_inv_log #_ #f j (S.slice fhs 0 (log2c j)))) +let mt_hashes_inv_log_converted #_ #f j fhs = + mt_hashes_inv_log_converted_ #_ #f 0 j fhs + +val hash_seq_lift: + #hsz:pos -> + hs:hashes #hsz -> + GTot (shs:MTS.hashes #hsz {S.length shs = S.length hs}) + (decreases (S.length hs)) +let rec hash_seq_lift #hsz hs = + if S.length hs = 0 then S.empty + else S.cons (MTS.HRaw (S.head hs)) (hash_seq_lift #hsz (S.tail hs)) + +#push-options "--z3rlimit 50 --initial_fuel 2 --max_fuel 2" +val hash_seq_lift_index: + #hsz:pos -> + hs:hashes #hsz -> + Lemma (requires True) + (ensures forall (i:nat{i < S.length hs}). + S.index (hash_seq_lift #hsz hs) i == MTS.HRaw (S.index hs i)) + (decreases (S.length hs)) +let rec hash_seq_lift_index #hsz hs = + if S.length hs = 0 then () + else hash_seq_lift_index #hsz (S.tail hs) +#pop-options + +val create_pads: #hsz:pos -> len:nat -> GTot (pads:MTS.hashes #hsz {S.length pads = len}) +let create_pads #hsz len = S.create len (MTS.HPad #hsz) + +val hash_seq_spec: + #hsz:pos -> + hs:hashes #hsz {S.length hs > 0} -> + GTot (MTS.merkle_tree #hsz (log2c (S.length hs))) +let hash_seq_spec #hsz hs = + S.append (hash_seq_lift #hsz hs) + (create_pads (pow2 (log2c (S.length hs)) - S.length hs)) + +val hash_seq_spec_index_raw: + #hsz:pos -> + hs:hashes #hsz {S.length hs > 0} -> + i:nat{i < S.length hs} -> + Lemma (S.index (hash_seq_spec #hsz hs) i == MTS.HRaw #hsz (S.index hs i)) +let hash_seq_spec_index_raw #hsz hs i = + hash_seq_lift_index #hsz hs + +// Now about recovering rightmost hashes + +#push-options "--z3rlimit 50 --initial_fuel 1 --max_fuel 1" +val mt_hashes_next_rel_lift_even: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + Lemma (requires j % 2 = 0 /\ mt_hashes_next_rel #_ #f j hs nhs) + (ensures MTS.mt_next_rel #_ #f (log2c j) + (hash_seq_spec #hsz hs) (hash_seq_spec #hsz nhs)) +let mt_hashes_next_rel_lift_even #hsz #_ j hs nhs = + hash_seq_lift_index #hsz hs; + hash_seq_lift_index #hsz nhs + +val mt_hashes_next_rel_lift_odd: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + Lemma (requires j % 2 = 1 /\ mt_hashes_next_rel #_ #f j hs nhs) + (ensures MTS.mt_next_rel #_ #f (log2c j) + (hash_seq_spec #hsz hs) + (S.upd (hash_seq_spec #hsz nhs) + (S.length nhs) (MTS.HRaw (S.last hs)))) +let mt_hashes_next_rel_lift_odd #hsz #_ j hs nhs = + log2c_div j; + hash_seq_lift_index #hsz hs; + hash_seq_lift_index #hsz nhs + +val mt_hashes_next_rel_next_even: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + Lemma (requires j % 2 = 0 /\ mt_hashes_next_rel #_ #f j hs nhs) + (ensures S.equal (hash_seq_spec #hsz nhs) + (MTS.mt_next_lv #_ #f #(log2c j) (hash_seq_spec #hsz hs))) +let mt_hashes_next_rel_next_even #hsz #f j hs nhs = + log2c_div j; + mt_hashes_next_rel_lift_even #_ #f j hs nhs; + MTS.mt_next_rel_next_lv #_ #f (log2c j) + (hash_seq_spec #hsz hs) (hash_seq_spec #hsz nhs) + +val hash_seq_spec_full: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs:hashes #hsz {S.length hs > 0} -> + acc:hash #hsz -> actd:bool -> + GTot (MTS.merkle_tree #hsz (log2c (S.length hs))) +let hash_seq_spec_full #hsz #f hs acc actd = + if actd + then (S.upd (hash_seq_spec #hsz hs) (S.length hs) (MTS.HRaw acc)) + else hash_seq_spec #hsz hs + +val hash_seq_spec_full_index_raw: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs:hashes #hsz {S.length hs > 0} -> + acc:hash #hsz -> actd:bool -> i:nat{i < S.length hs} -> + Lemma (S.index (hash_seq_spec_full #_ #f hs acc actd) i == + MTS.HRaw (S.index hs i)) +let hash_seq_spec_full_index_raw #hsz #_ hs acc actd i = + hash_seq_spec_index_raw #hsz hs i + +val hash_seq_spec_full_case_true: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs:hashes #hsz {S.length hs > 0} -> acc:hash #hsz -> + Lemma (S.index (hash_seq_spec_full #_ #f hs acc true) (S.length hs) == MTS.HRaw acc) +let hash_seq_spec_full_case_true #_ #_ _ _ = () + +val hash_seq_spec_full_even_next: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 0} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + acc:hash #hsz -> actd:bool -> + Lemma + (requires j % 2 = 0 /\ mt_hashes_next_rel #_ #f j hs nhs) + (ensures S.equal (hash_seq_spec_full #_ #f nhs acc actd) + (MTS.mt_next_lv #_ #f #(log2c j) (hash_seq_spec_full #_ #f hs acc actd))) + +#restart-solver +#push-options "--quake 1/3 --z3rlimit 100 --fuel 2 --ifuel 1" +let hash_seq_spec_full_even_next #hsz #f j hs nhs acc actd = + log2c_div j; + mt_hashes_next_rel_lift_even #_ #f j hs nhs; + if actd + then begin + MTS.mt_next_rel_upd_even_pad #_ #f (log2c j) + (hash_seq_spec #hsz hs) (hash_seq_spec #hsz nhs) (S.length hs / 2) (MTS.HRaw acc); + let n = log2c j in + let mt = S.upd (hash_seq_spec #hsz hs) (S.length hs) (MTS.HRaw acc) in + let nmt = S.upd (hash_seq_spec #hsz nhs) (S.length nhs) (MTS.HRaw acc) in + // assume (MTS.mt_next_rel #_ #f n mt nmt); + MTS.mt_next_rel_next_lv #_ #f n mt nmt + end + else MTS.mt_next_rel_next_lv #_ #f (log2c j) + (hash_seq_spec_full #_ #f hs acc actd) + (hash_seq_spec_full #_ #f nhs acc actd) +#pop-options + +#push-options "--z3rlimit 80" +val hash_seq_spec_full_odd_next: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + acc:hash #hsz -> actd:bool -> nacc:hash #hsz -> + Lemma + (requires j % 2 = 1 /\ + mt_hashes_next_rel #_ #f j hs nhs /\ + nacc == (if actd then f (S.last hs) acc else S.last hs)) + (ensures S.equal (hash_seq_spec_full #_ #f nhs nacc true) + (MTS.mt_next_lv #_ #f #(log2c j) (hash_seq_spec_full #_ #f hs acc actd))) +let hash_seq_spec_full_odd_next #hsz #f j hs nhs acc actd nacc = + log2c_div j; + mt_hashes_next_rel_lift_odd #_ #f j hs nhs; + if actd + then begin + MTS.mt_next_rel_upd_odd #_ #f (log2c j) + (hash_seq_spec #hsz hs) + (S.upd (hash_seq_spec #hsz nhs) (S.length nhs) (MTS.HRaw (S.last hs))) + (S.length nhs) (MTS.HRaw acc); + MTS.mt_next_rel_next_lv #_ #f (log2c j) + (S.upd (hash_seq_spec #hsz hs) (S.length hs) (MTS.HRaw acc)) + (S.upd (hash_seq_spec #hsz nhs) (S.length nhs) (MTS.HRaw (f (S.last hs) acc))) + end + else MTS.mt_next_rel_next_lv #_ #f (log2c j) + (hash_seq_spec_full #_ #f hs acc actd) + (hash_seq_spec_full #_ #f nhs nacc true) + +#pop-options + +val hash_seq_spec_full_next: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 1} -> + hs:hashes #hsz {S.length hs = j} -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + acc:hash #hsz -> actd:bool -> nacc:hash #hsz -> nactd:bool -> + Lemma + (requires mt_hashes_next_rel #_ #f j hs nhs /\ + nacc == (if j % 2 = 0 then acc + else if actd + then f (S.last hs) acc + else S.last hs) /\ + nactd == (actd || j % 2 = 1)) + (ensures S.equal (hash_seq_spec_full #_ #f nhs nacc nactd) + (MTS.mt_next_lv #_ #f #(log2c j) (hash_seq_spec_full #_ #f hs acc actd))) +let hash_seq_spec_full_next #_ #f j hs nhs acc actd nacc nactd = + if j % 2 = 0 + then hash_seq_spec_full_even_next #_ #f j hs nhs acc actd + else hash_seq_spec_full_odd_next #_ #f j hs nhs acc actd nacc + +val mt_rhs_inv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + smt:MTS.merkle_tree #hsz (log2c j) -> + rhs:hashes #hsz {S.length rhs = log2c j} -> + actd:bool -> + GTot Type0 (decreases j) +let rec mt_rhs_inv #_ #f j smt rhs actd = + if j = 0 then true + else begin + (if j % 2 = 1 && actd + then (S.index smt j == MTS.HRaw (S.head rhs)) + else true) /\ + mt_rhs_inv #_ #f (j / 2) (MTS.mt_next_lv #_ #f #(log2c j) smt) (S.tail rhs) + (actd || (j % 2 = 1)) + end + +val mt_root_inv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + hs0:hashes #hsz {S.length hs0 > 0} -> + acc:hash #hsz -> actd:bool -> + rt:hash #hsz -> + GTot Type0 +let mt_root_inv #_ #f hs0 acc actd rt = + MTS.mt_get_root #_ #f #(log2c (S.length hs0)) + (hash_seq_spec_full #_ #f hs0 acc actd) == MTS.HRaw rt + +val mt_base: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + GTot (bhs:hashes #hsz {S.length bhs = MT?.j mt}) +let mt_base #hsz mt olds = + S.head (merge_hs #hsz #(MT?.hash_fun mt) olds (MT?.hs mt)) + +#pop-options // --max_fuel 1 + +val mt_spec: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt /\ MT?.j mt > 0} -> + olds:hashess{S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + GTot (MTS.merkle_tree #hsz (log2c (MT?.j mt))) +let mt_spec #hsz mt olds = + hash_seq_spec #_ (mt_base mt olds) + +val mt_inv: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + olds:hashess{S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + GTot Type0 +let mt_inv #hsz mt olds = + let i = MT?.i mt in + let j = MT?.j mt in + let hs = MT?.hs mt in + let rhs = MT?.rhs mt in + let f = MT?.hash_fun mt in + let fhs = merge_hs #hsz #f olds hs in + let rt = MT?.mroot mt in + log2c_bound j 32; + mt_olds_hs_inv #_ #f 0 i j olds hs /\ + (if j > 0 && MT?.rhs_ok mt + then (mt_olds_hs_lth_inv_ok #_ #f 0 i j olds hs; + mt_hashes_lth_inv_log_converted #_ #f j fhs; + (mt_rhs_inv #_ #f j (mt_spec mt olds) (S.slice rhs 0 (log2c j)) false /\ + mt_root_inv #_ #f (mt_base mt olds) hash_init false rt)) + else true) + diff --git a/src/MerkleTree.New.High.Correct.Flushing.fst b/src/MerkleTree.New.High.Correct.Flushing.fst new file mode 100644 index 0000000..5589011 --- /dev/null +++ b/src/MerkleTree.New.High.Correct.Flushing.fst @@ -0,0 +1,162 @@ +module MerkleTree.New.High.Correct.Flushing + +open EverCrypt +open EverCrypt.Helpers + +open FStar.Classical +open FStar.Ghost +open FStar.Seq + +module List = FStar.List.Tot +module S = FStar.Seq + +module U32 = FStar.UInt32 +module U8 = FStar.UInt8 +type uint32_t = U32.t +type uint8_t = U8.t + +module EHS = EverCrypt.Hash +module MTS = MerkleTree.Spec +open MerkleTree.New.High +open MerkleTree.New.High.Correct.Base + +/// Correctness of flushing + +val mt_flush_to_olds: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + pi:nat -> + i:nat{i >= pi} -> + j:nat{j >= i /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv pi olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs pi j} -> + GTot (folds:hashess #hsz { + S.length folds = 32 /\ + S.equal (S.slice olds 0 lv) (S.slice folds 0 lv) /\ + mt_olds_inv #hsz lv i folds}) + (decreases i) +let rec mt_flush_to_olds #_ #f lv pi i j olds hs = + let oi = offset_of i in + let opi = offset_of pi in + if oi = opi then olds (* no updates *) + else (let nolds = + S.upd olds lv + (S.append (S.index olds lv) + (S.slice (S.index hs lv) 0 (oi - opi))) in + mt_olds_inv_equiv #_ #f (lv + 1) (pi / 2) olds nolds; + mt_flush_to_olds #_ #f (lv + 1) (pi / 2) (i / 2) (j / 2) nolds hs) + +val mt_flush_to_olds_hs_equiv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + pi:nat -> + i:nat{i >= pi} -> + j:nat{j >= i /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv pi olds} -> + hs1:hashess #hsz {S.length hs1 = 32 /\ hs_wf_elts lv hs1 pi j} -> + hs2:hashess #hsz {S.length hs2 = 32 /\ hs_wf_elts lv hs2 pi j} -> + Lemma (requires (S.equal (S.slice hs1 lv 32) (S.slice hs2 lv 32))) + (ensures (S.equal (mt_flush_to_olds #_ #f lv pi i j olds hs1) + (mt_flush_to_olds #_ #f lv pi i j olds hs2))) + (decreases i) +let rec mt_flush_to_olds_hs_equiv #_ #f lv pi i j olds hs1 hs2 = + let oi = offset_of i in + let opi = offset_of pi in + if oi = opi then () + else (assert (S.index hs1 lv == S.index hs2 lv); + let nolds = + S.upd olds lv + (S.append (S.index olds lv) + (S.slice (S.index hs1 lv) 0 (oi - opi))) in + mt_olds_inv_equiv #_ #f (lv + 1) (pi / 2) olds nolds; + mt_flush_to_olds_hs_equiv #_ #f + (lv + 1) (pi / 2) (i / 2) (j / 2) nolds hs1 hs2) + +val mt_flush_to_merge_preserved: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + pi:nat -> i:nat{i >= pi} -> + j:nat{j >= i /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv pi olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs pi j} -> + Lemma (requires True) + (ensures (S.equal (merge_hs #_ #f olds hs) + (merge_hs #_ #f + (mt_flush_to_olds #_ #f lv pi i j olds hs) + (mt_flush_to_ lv hs pi i j)))) + (decreases i) +#reset-options "--z3rlimit 40 --max_fuel 2" +let rec mt_flush_to_merge_preserved #_ #f lv pi i j olds hs = + let oi = offset_of i in + let opi = offset_of pi in + if oi = opi then () + else begin + let nolds = S.upd olds lv + (S.append (S.index olds lv) + (S.slice (S.index hs lv) 0 (oi - opi))) in + let nhs = S.upd hs lv + (S.slice (S.index hs lv) (oi - opi) (j - opi)) in + mt_olds_inv_equiv #_ #f (lv + 1) (pi / 2) olds nolds; + hs_wf_elts_equal (lv + 1) hs nhs (pi / 2) (j / 2); + mt_flush_to_merge_preserved #_ #f + (lv + 1) (pi / 2) (i / 2) (j / 2) nolds nhs; + mt_flush_to_olds_hs_equiv #_ #f + (lv + 1) (pi / 2) (i / 2) (j / 2) nolds hs nhs; + assert (S.equal (merge_hs #_ #f nolds nhs) + (merge_hs #_ #f + (mt_flush_to_olds #_ #f lv pi i j olds hs) + (mt_flush_to_ lv hs pi i j))); + merge_hs_upd #_ #f olds hs lv + (S.append (S.index olds lv) (S.slice (S.index hs lv) 0 (oi - opi))) + (S.slice (S.index hs lv) (oi - opi) (j - opi)); + assert (S.equal (merge_hs #_ #f olds hs) (merge_hs #_ #f nolds nhs)) + end +#reset-options + +val mt_flush_to_inv_preserved_: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + pi:nat -> i:nat{i >= pi} -> + j:nat{j >= i /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv pi olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs pi j} -> + Lemma (requires (mt_olds_hs_inv #_ #f lv pi j olds hs)) + (ensures (mt_olds_hs_inv #_ #f lv i j + (mt_flush_to_olds #_ #f lv pi i j olds hs) + (mt_flush_to_ lv hs pi i j))) +let mt_flush_to_inv_preserved_ #_ #f lv pi i j olds hs = + mt_flush_to_merge_preserved #_ #f lv pi i j olds hs; + mt_olds_hs_lth_inv_ok #_ #f lv pi j olds hs; + mt_hashes_lth_inv_equiv #_ #f lv j + (merge_hs #_ #f olds hs) + (merge_hs #_ #f (mt_flush_to_olds #_ #f lv pi i j olds hs) + (mt_flush_to_ lv hs pi i j)); + mt_hashes_inv_equiv #_ #f lv j + (merge_hs #_ #f olds hs) + (merge_hs #_ #f (mt_flush_to_olds #_ #f lv pi i j olds hs) + (mt_flush_to_ lv hs pi i j)) + +val mt_flush_to_inv_preserved: + #hsz:pos -> + mt:merkle_tree{mt_wf_elts mt} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + idx:nat{idx >= MT?.i mt /\ idx < MT?.j mt} -> + Lemma (requires (mt_inv mt olds)) + (ensures (mt_inv (mt_flush_to mt idx) + (mt_flush_to_olds #_ #(MT?.hash_fun mt) 0 (MT?.i mt) idx (MT?.j mt) olds (MT?.hs mt)))) +let mt_flush_to_inv_preserved #hsz mt olds idx = + mt_flush_to_inv_preserved_ #_ #(MT?.hash_fun mt) 0 (MT?.i mt) idx (MT?.j mt) olds (MT?.hs mt); + mt_flush_to_merge_preserved #_ #(MT?.hash_fun mt) 0 (MT?.i mt) idx (MT?.j mt) olds (MT?.hs mt) + +val mt_flush_inv_preserved: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt /\ MT?.j mt > MT?.i mt} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + Lemma (requires (mt_inv mt olds)) + (ensures (mt_inv (mt_flush mt) + (mt_flush_to_olds #_ #(MT?.hash_fun mt) + 0 (MT?.i mt) (MT?.j mt - 1) (MT?.j mt) + olds (MT?.hs mt)))) +let mt_flush_inv_preserved #hsz mt olds = + mt_flush_to_inv_preserved #hsz mt olds (MT?.j mt - 1) + diff --git a/src/MerkleTree.New.High.Correct.Insertion.fst b/src/MerkleTree.New.High.Correct.Insertion.fst new file mode 100644 index 0000000..b6b1398 --- /dev/null +++ b/src/MerkleTree.New.High.Correct.Insertion.fst @@ -0,0 +1,193 @@ +module MerkleTree.New.High.Correct.Insertion + +open EverCrypt +open EverCrypt.Helpers + +open FStar.Classical +open FStar.Ghost +open FStar.Seq + +module List = FStar.List.Tot +module S = FStar.Seq + +module U32 = FStar.UInt32 +module U8 = FStar.UInt8 +type uint32_t = U32.t +type uint8_t = U8.t + +module EHS = EverCrypt.Hash +module MTS = MerkleTree.Spec +open MerkleTree.New.High +open MerkleTree.New.High.Correct.Base + +/// Correctness of insertion + +val mt_hashes_next_rel_insert_odd: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j % 2 = 1} -> + hs:hashes #hsz {S.length hs = j} -> v:hash -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + Lemma (requires (mt_hashes_next_rel #_ #f j hs nhs)) + (ensures (mt_hashes_next_rel #_ #f (j + 1) + (S.snoc hs v) (S.snoc nhs (f (S.last hs) v)))) +let mt_hashes_next_rel_insert_odd #_ #_ j hs v nhs = () + +val mt_hashes_next_rel_insert_even: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j % 2 <> 1} -> + hs:hashes #hsz {S.length hs = j} -> v:hash -> + nhs:hashes #hsz {S.length nhs = j / 2} -> + Lemma (requires (mt_hashes_next_rel #_ #f j hs nhs)) + (ensures (mt_hashes_next_rel #_ #f (j + 1) (S.snoc hs v) nhs)) +let mt_hashes_next_rel_insert_even #_ #_ j hs v nhs = () + +val insert_head: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv) - 1} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + acc:hash -> + Lemma (S.equal (S.index (insert_ #_ #f lv i j hs acc) lv) + (S.snoc (S.index hs lv) acc)) +let insert_head #_ #_ lv i j hs acc = () + +val insert_inv_preserved_even: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv) - 1} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + acc:hash -> + Lemma (requires (j % 2 <> 1 /\ mt_olds_hs_inv #_ #f lv i j olds hs)) + (ensures (mt_olds_hs_inv #_ #f lv i (j + 1) olds (insert_ #_ #f lv i j hs acc))) + (decreases (32 - lv)) +#reset-options "--z3rlimit 120 --max_fuel 2" +let insert_inv_preserved_even #_ #f lv i j olds hs acc = + let ihs = hashess_insert lv i j hs acc in + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + assert (mt_hashes_inv #_ #f lv j (merge_hs #_ #f olds hs)); + merge_hs_slice_equal #_ #f olds hs olds ihs (lv + 1) 32; + remainder_2_not_1_div j; + insert_base #_ #f lv i j hs acc; + + if lv = 31 then () + else begin + // Facts + assert (S.index (merge_hs #_ #f olds hs) (lv + 1) == + S.index (merge_hs #_ #f olds ihs) (lv + 1)); + + // Head proof of `mt_hashes_inv` + mt_hashes_next_rel_insert_even #_ #f j + (S.index (merge_hs #_ #f olds hs) lv) acc + (S.index (merge_hs #_ #f olds hs) (lv + 1)); + assert (mt_hashes_next_rel #_ #f (j + 1) + (S.index (merge_hs #_ #f olds ihs) lv) + (S.index (merge_hs #_ #f olds ihs) (lv + 1))); + + // Tail proof of `mt_hashes_inv` + mt_hashes_lth_inv_equiv #_ #f (lv + 1) ((j + 1) / 2) + (merge_hs #_ #f olds hs) (merge_hs #_ #f olds ihs); + mt_hashes_inv_equiv #_ #f (lv + 1) ((j + 1) / 2) + (merge_hs #_ #f olds hs) (merge_hs #_ #f olds ihs); + assert (mt_hashes_inv #_ #f (lv + 1) ((j + 1) / 2) (merge_hs #_ #f olds ihs)) + end + +val insert_inv_preserved: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv) - 1} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + acc:hash -> + Lemma (requires (mt_olds_hs_inv #_ #f lv i j olds hs)) + (ensures (mt_olds_hs_inv #_ #f lv i (j + 1) olds (insert_ #_ #f lv i j hs acc))) + (decreases (32 - lv)) +#reset-options "--z3rlimit 240 --max_fuel 1" +let rec insert_inv_preserved #_ #f lv i j olds hs acc = + if j % 2 = 1 + then begin + let ihs = hashess_insert lv i j hs acc in + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + merge_hs_slice_equal #_ #f olds hs olds ihs (lv + 1) 32; + assert (mt_hashes_inv #_ #f lv j (merge_hs #_ #f olds hs)); + + remainder_2_1_div j; + insert_rec #_ #f lv i j hs acc; + + // Recursion + mt_hashes_lth_inv_equiv #_ #f (lv + 1) (j / 2) + (merge_hs #_ #f olds hs) (merge_hs #_ #f olds ihs); + mt_hashes_inv_equiv #_ #f (lv + 1) (j / 2) + (merge_hs #_ #f olds hs) (merge_hs #_ #f olds ihs); + let nacc = f (S.last (S.index hs lv)) acc in + let rihs = insert_ #_ #f (lv + 1) (i / 2) (j / 2) ihs nacc in + insert_inv_preserved #_ #f (lv + 1) (i / 2) (j / 2) olds ihs nacc; + + // Head proof of `mt_hashes_inv` + mt_olds_hs_lth_inv_ok #_ #f lv i (j + 1) olds rihs; + mt_hashes_next_rel_insert_odd #_ #f j + (S.index (merge_hs #_ #f olds hs) lv) acc + (S.index (merge_hs #_ #f olds hs) (lv + 1)); + assert (S.equal (S.index rihs lv) (S.index ihs lv)); + insert_head #_ #f (lv + 1) (i / 2) (j / 2) ihs nacc; + assert (S.equal (S.index ihs (lv + 1)) (S.index hs (lv + 1))); + assert (mt_hashes_next_rel #_ #f (j + 1) + (S.index (merge_hs #_ #f olds rihs) lv) + (S.index (merge_hs #_ #f olds rihs) (lv + 1))); + + // Tail proof of `mt_hashes_inv` by recursion + assert (mt_olds_hs_inv #_ #f (lv + 1) (i / 2) ((j + 1) / 2) olds rihs); + + assert (mt_hashes_inv #_ #f lv (j + 1) (merge_hs #_ #f olds rihs)); + assert (mt_olds_hs_inv #_ #f lv i (j + 1) olds rihs); + assert (mt_olds_hs_inv #_ #f lv i (j + 1) olds (insert_ #_ #f lv i j hs acc)) + end + else begin + insert_inv_preserved_even #_ #f lv i j olds hs acc; + assert (mt_olds_hs_inv #_ #f lv i (j + 1) olds (insert_ #_ #f lv i j hs acc)) + end +#reset-options + +val mt_insert_inv_preserved: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt /\ mt_not_full mt} -> v:hash -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + Lemma (requires (mt_inv #hsz mt olds)) + (ensures (mt_inv #hsz (mt_insert mt v) olds)) +let mt_insert_inv_preserved #_ mt v olds = + insert_inv_preserved #_ #(MT?.hash_fun mt) 0 (MT?.i mt) (MT?.j mt) olds (MT?.hs mt) v + +/// Correctness of `create_mt` + +val empty_olds_inv: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + Lemma (requires True) + (ensures (mt_olds_inv #hsz lv 0 (empty_hashes 32))) + (decreases (32 - lv)) +let rec empty_olds_inv #_ #f lv = + if lv = 32 then () + else empty_olds_inv #_ #f (lv + 1) + +val create_empty_mt_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + unit -> + Lemma (empty_olds_inv #_ #f 0; + mt_inv #hsz (create_empty_mt #_ #f ()) (empty_hashes 32)) +let create_empty_mt_inv_ok #_ #f _ = + merge_hs_empty #_ #f 32; + mt_hashes_inv_empty #_ #f 0 + +val create_mt_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + init:hash -> + Lemma (empty_olds_inv #_ #f 0; + mt_inv #hsz (mt_create hsz f init) (empty_hashes 32)) +let create_mt_inv_ok #hsz #f init = + create_empty_mt_inv_ok #_ #f (); + empty_olds_inv #_ #f 0; + mt_insert_inv_preserved #_ (create_empty_mt #hsz #f ()) init (empty_hashes 32) + diff --git a/src/MerkleTree.New.High.Correct.Path.fst b/src/MerkleTree.New.High.Correct.Path.fst new file mode 100644 index 0000000..3542da7 --- /dev/null +++ b/src/MerkleTree.New.High.Correct.Path.fst @@ -0,0 +1,405 @@ +module MerkleTree.New.High.Correct.Path + +open EverCrypt +open EverCrypt.Helpers + +open MerkleTree.New.High.Correct.Base +// Need to use some facts of `mt_get_root` +open MerkleTree.New.High.Correct.Rhs + +open FStar.Classical +open FStar.Ghost +open FStar.Seq + +module List = FStar.List.Tot +module S = FStar.Seq + +module U32 = FStar.UInt32 +module U8 = FStar.UInt8 +type uint32_t = U32.t +type uint8_t = U8.t + +module EHS = EverCrypt.Hash +module MTS = MerkleTree.Spec +open MerkleTree.New.High + +#reset-options "--z3rlimit 20" + +/// Correctness of path generation + +val path_spec: + #hsz:pos -> + k:nat -> + j:nat{k <= j} -> + actd:bool -> + p:path #hsz {S.length p = mt_path_length k j actd} -> + GTot (sp:S.seq (MTS.padded_hash #hsz){S.length sp = log2c j}) + (decreases j) +let rec path_spec #hsz k j actd p = + if j = 0 then S.empty + else (if k % 2 = 0 + then (if j = k || (j = k + 1 && not actd) + then S.cons MTS.HPad (path_spec (k / 2) (j / 2) (actd || (j % 2 = 1)) p) + else S.cons (MTS.HRaw #hsz (S.head p)) + (path_spec (k / 2) (j / 2) (actd || (j % 2 = 1)) (S.tail p))) + else S.cons (MTS.HRaw #hsz (S.head p)) + (path_spec (k / 2) (j / 2) (actd || (j % 2 = 1)) (S.tail p))) + +val mt_get_path_step_acc: + #hsz:pos -> + j:nat{j > 0} -> + chs:hashes #hsz {S.length chs = j} -> + crh:hash #hsz -> + k:nat{k <= j} -> + actd:bool -> + GTot (option (hash #hsz)) +let mt_get_path_step_acc #hsz j chs crh k actd = + if k % 2 = 1 + then Some (S.index chs (k - 1)) + else (if k = j then None + else if k + 1 = j + then (if actd then Some crh else None) + else Some (S.index chs (k + 1))) + +val mt_get_path_acc: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + fhs:hashess #hsz {S.length fhs = log2c j /\ mt_hashes_lth_inv_log #hsz j fhs} -> + rhs:hashes #hsz {S.length rhs = log2c j} -> + k:nat{k <= j} -> + actd:bool -> + GTot (np:path #hsz {S.length np = mt_path_length k j actd}) + (decreases j) +let rec mt_get_path_acc #_ #f j fhs rhs k actd = + if j = 0 then S.empty + else + (let sp = mt_get_path_step_acc #_ j (S.head fhs) (S.head rhs) k actd in + let rp = mt_get_path_acc #_ #f (j / 2) (S.tail fhs) (S.tail rhs) (k / 2) + (actd || j % 2 = 1) in + if Some? sp + then (S.cons (Some?.v sp) rp) + else rp) + +val mt_get_path_step_acc_consistent: + #hsz:pos -> #f:MTS.hash_fun_t -> + lv:nat{lv <= 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + k:nat{i <= k && k <= j} -> + actd:bool -> + Lemma (requires (j <> 0)) + (ensures + (log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + (match mt_get_path_step_acc j + (S.index (merge_hs #_ #f olds hs) lv) (S.index rhs lv) + k actd with + | Some v -> + S.equal (mt_make_path_step lv hs rhs i j k S.empty actd) + (S.cons v S.empty) + | None -> + S.equal (mt_make_path_step lv hs rhs i j k S.empty actd) + S.empty))) +let mt_get_path_step_acc_consistent #_ #_ lv i j olds hs rhs k actd = () + +private val seq_cons_append: + #a:Type -> hd:a -> tl:S.seq a -> + Lemma (S.equal (S.append (S.cons hd S.empty) tl) + (S.cons hd tl)) +private let seq_cons_append #a hd tl = () + +val mt_get_path_acc_consistent: + #hsz:pos -> #f:MTS.hash_fun_t -> + lv:nat{lv <= 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + k:nat{i <= k && k <= j} -> + actd:bool -> + Lemma (requires True) + (ensures + (log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + S.equal (mt_get_path_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) + (S.slice rhs lv (lv + log2c j)) k actd) + (mt_get_path_ #_ lv hs rhs i j k S.empty actd))) + (decreases j) +#push-options "--z3rlimit 1000 --max_fuel 1 --max_ifuel 0" +let rec mt_get_path_acc_consistent #hsz #f lv i j olds hs rhs k actd = + log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + + if j = 0 then () + else begin + let nactd = if j % 2 = 0 then actd else true in + let nactd_ = actd || j % 2 = 1 in + assert (nactd == nactd_); + + let pa = mt_get_path_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) + (S.slice rhs lv (lv + log2c j)) k actd in + let p = mt_get_path_ lv hs rhs i j k S.empty actd in + + log2c_div j; log2c_bound (j / 2) (32 - (lv + 1)); + assert (mt_hashes_lth_inv (lv + 1) (j / 2) (merge_hs #_ #f olds hs)); + assert (mt_hashes_lth_inv_log #hsz (j / 2) + (S.slice (merge_hs #_ #f olds hs) (lv + 1) (lv + 1 + log2c (j / 2)))); + let npsa = mt_get_path_step_acc j + (S.index (merge_hs #_ #f olds hs) lv) (S.index rhs lv) k actd in + let npa = mt_get_path_acc #_ #f (j / 2) + (S.slice (merge_hs #_ #f olds hs) (lv + 1) (lv + 1 + log2c (j / 2))) + (S.slice rhs (lv + 1) (lv + 1 + log2c (j / 2))) (k / 2) nactd_ in + let nps = mt_make_path_step lv hs rhs i j k S.empty actd in + let np = mt_get_path_ (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) nps nactd in + let npe = mt_get_path_ (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) S.empty nactd in + mt_get_path_pull (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) nps nactd; + assert (S.equal p np); + assert (S.equal np (S.append nps npe)); + assert (S.equal p (S.append nps npe)); + assert (S.equal pa (if Some? npsa + then S.cons (Some?.v npsa) npa + else npa)); + + mt_get_path_acc_consistent #_ #f (lv + 1) (i / 2) (j / 2) + olds hs rhs (k / 2) nactd; + assert (S.equal npa npe); + + mt_get_path_step_acc_consistent #_ #f lv i j olds hs rhs k actd; + if Some? npsa + then begin + assert (S.equal nps (S.cons (Some?.v npsa) S.empty)); + assert (S.equal p (S.append (S.cons (Some?.v npsa) S.empty) npa)); + assert (S.equal pa (S.cons (Some?.v npsa) npa)); + seq_cons_append (Some?.v npsa) npa; + assert (S.equal pa p) + end + else begin + assert (S.equal nps S.empty); + S.append_empty_l npe; + assert (S.equal p npe); + assert (S.equal pa npa); + assert (S.equal pa p) + end + end +#pop-options + +val mt_get_path_acc_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t -> + j:nat -> + fhs:hashess #hsz {S.length fhs = log2c j} -> + rhs:hashes #hsz {S.length rhs = log2c j} -> + k:nat{k <= j} -> + acc:hash -> actd:bool -> + Lemma (requires (j > 0 /\ + mt_hashes_lth_inv_log #hsz j fhs /\ + mt_hashes_inv_log #_ #f j fhs /\ + mt_rhs_inv #_ #f j (hash_seq_spec_full #_ #f (S.head fhs) acc actd) rhs actd)) + (ensures (S.equal (path_spec k j actd (mt_get_path_acc #_ #f j fhs rhs k actd)) + (MTS.mt_get_path #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) k))) + (decreases j) +#push-options "--z3rlimit 80 --max_fuel 1" +let rec mt_get_path_acc_inv_ok #_ #f j fhs rhs k acc actd = + // Below dummy `let` is necessary to provide guidance to the SMT solver. + let _ = mt_get_path_step_acc j (S.head fhs) (S.head rhs) k actd in + let smt = hash_seq_spec_full #_ #f (S.head fhs) acc actd in + let nacc = (if j % 2 = 0 then acc + else if actd + then f (S.last (S.head fhs)) acc + else S.last (S.head fhs)) in + let nactd = actd || j % 2 = 1 in + + if j = 1 then (if k = 0 then () else ()) + else begin + mt_hashes_lth_inv_log_next #_ #f j fhs; + hash_seq_spec_full_next #_ #f j (S.head fhs) (S.head (S.tail fhs)) acc actd nacc nactd; + mt_get_path_acc_inv_ok #_ #f (j / 2) (S.tail fhs) (S.tail rhs) (k / 2) nacc nactd; + if k % 2 = 0 + then begin + if k = j || (k + 1 = j && not actd) + then assert (S.index smt (k + 1) == MTS.HPad) + else if k + 1 = j + then assert (S.index smt (k + 1) == MTS.HRaw (S.head rhs)) + else hash_seq_spec_full_index_raw #_ #f (S.head fhs) acc actd (k + 1) + end + else begin + hash_seq_spec_full_index_raw #_ #f (S.head fhs) acc actd (k - 1) + end + end +#pop-options + +#push-options "--max_fuel 1 --initial_fuel 1 --max_ifuel 0 --z3rlimit 60" +val mt_get_path_inv_ok_: + #hsz:pos -> #f:MTS.hash_fun_t -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{j > 0 /\ i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + acc:hash -> actd:bool -> + Lemma (requires (log2c_div j; log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + (mt_hashes_inv #_ #f lv j (merge_hs #_ #f olds hs) /\ + (let t1 = hash_seq_spec_full #_ #f (S.index (merge_hs #_ #f olds hs) lv) acc actd in + let t2 = S.slice rhs lv (lv + log2c j) in + mt_rhs_inv #_ #f j t1 t2 actd)))) + (ensures (S.equal (path_spec k j actd + (S.slice (mt_get_path_ lv hs rhs i j k p actd) + (S.length p) (S.length p + mt_path_length k j actd))) + (MTS.mt_get_path #_ #f #(log2c j) + (hash_seq_spec_full #_ #f + (S.index (merge_hs #_ #f olds hs) lv) acc actd) k))) +let mt_get_path_inv_ok_ #_ #f lv i j olds hs rhs k p acc actd = + log2c_div j; log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + mt_hashes_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + + mt_get_path_acc_consistent #_ #f lv i j olds hs rhs k actd; + mt_get_path_slice lv hs rhs i j k p actd; + mt_get_path_acc_inv_ok #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) + (S.slice rhs lv (lv + log2c j)) + k acc actd +#pop-options + +val mt_get_path_inv_ok: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + idx:nat{MT?.i mt <= idx && idx < MT?.j mt} -> + drt:hash -> + Lemma (requires (MT?.j mt > 0 /\ mt_inv mt olds)) + (ensures (let j, p, rt = mt_get_path mt idx drt in + j == MT?.j mt /\ + mt_root_inv #_ #(MT?.hash_fun mt) (mt_base mt olds) hash_init false rt /\ + S.head p == S.index (mt_base mt olds) idx /\ + (assert (S.length (S.tail p) == mt_path_length idx (MT?.j mt) false); + S.equal (path_spec idx (MT?.j mt) false (S.tail p)) + (MTS.mt_get_path #_ #(MT?.hash_fun mt) #(log2c j) (mt_spec mt olds) idx)))) +#push-options "--z3rlimit 40" +let mt_get_path_inv_ok #hsz mt olds idx drt = + let j, p, rt = mt_get_path mt idx drt in + mt_get_root_inv_ok mt drt olds; + assert (j == MT?.j mt); + assert (mt_root_inv #_ #(MT?.hash_fun mt) (mt_base mt olds) hash_init false rt); + + let ofs = offset_of (MT?.i mt) in + let umt, _ = mt_get_root mt drt in + let ip = path_insert S.empty (S.index (mt_base mt olds) idx) in + mt_get_path_unchanged 0 (MT?.hs umt) (MT?.rhs umt) + (MT?.i umt) (MT?.j umt) idx ip false; + assert (S.head ip == S.head (S.slice p 0 (S.length ip))); + assert (S.head ip == S.head p); + assert (S.head p == S.index (mt_base mt olds) idx); + + assert (S.length (S.tail p) == mt_path_length idx (MT?.j mt) false); + mt_get_path_inv_ok_ #_ #(MT?.hash_fun mt) 0 (MT?.i umt) (MT?.j umt) + olds (MT?.hs umt) (MT?.rhs umt) idx ip hash_init false +#pop-options + +val mt_verify_ok_: + #hsz:pos -> #f:MTS.hash_fun_t -> + k:nat -> + j:nat{k <= j} -> + p:path -> + ppos:nat -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires (ppos + mt_path_length k j actd <= S.length p)) + (ensures (MTS.HRaw (mt_verify_ #_ #f k j p ppos acc actd) == + MTS.mt_verify_ #_ #f #(log2c j) + (path_spec k j actd + (S.slice p ppos (ppos + mt_path_length k j actd))) + k (MTS.HRaw acc))) + (decreases j) +#push-options "--z3rlimit 40 --max_fuel 1" +let rec mt_verify_ok_ #hsz #f k j p ppos acc actd = + if j = 0 then () + else begin + log2c_div j; + let vi = mt_verify_ #_ #f k j p ppos acc actd in + let plen = mt_path_length k j actd in + let vs = MTS.mt_verify_ #_ #f #(log2c j) + (path_spec k j actd (S.slice p ppos (ppos + plen))) + k (MTS.HRaw acc) in + let nactd = actd || (j % 2 = 1) in + let nplen = mt_path_length (k / 2) (j / 2) nactd in + + if k % 2 = 0 + then begin + if j = k || (j = k + 1 && not actd) + then begin + assert (vi == mt_verify_ #_ #f (k / 2) (j / 2) p ppos acc nactd); + assert (plen == nplen); + assert (S.equal (path_spec k j actd (S.slice p ppos (ppos + plen))) + (S.cons MTS.HPad + (path_spec (k / 2) (j / 2) nactd + (S.slice p ppos (ppos + plen))))); + assert (vs == + MTS.mt_verify_ #_ #f #(log2c (j / 2)) + (path_spec (k / 2) (j / 2) nactd (S.slice p ppos (ppos + plen))) + (k / 2) (MTS.HRaw acc)); + mt_verify_ok_ #_ #f (k / 2) (j / 2) p ppos acc nactd + end + else begin + let nacc = f acc (S.index p ppos) in + assert (vi == mt_verify_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd); + assert (plen == nplen + 1); + assert (S.equal (S.tail (S.slice p ppos (ppos + plen))) + (S.slice p (ppos + 1) (ppos + 1 + nplen))); + assert (S.equal (path_spec k j actd (S.slice p ppos (ppos + plen))) + (S.cons (MTS.HRaw (S.index p ppos)) + (path_spec (k / 2) (j / 2) nactd + (S.slice p (ppos + 1) (ppos + 1 + nplen))))); + assert (vs == + MTS.mt_verify_ #_ #f #(log2c (j / 2)) + (path_spec (k / 2) (j / 2) nactd + (S.slice p (ppos + 1) (ppos + 1 + nplen))) + (k / 2) (MTS.HRaw nacc)); + mt_verify_ok_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd + end + end + else begin + let nacc = f (S.index p ppos) acc in + assert (vi == mt_verify_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd); + assert (plen == 1 + nplen); + assert (S.equal (S.tail (S.slice p ppos (ppos + plen))) + (S.slice p (ppos + 1) (ppos + 1 + nplen))); + assert (S.equal (path_spec k j actd (S.slice p ppos (ppos + plen))) + (S.cons (MTS.HRaw (S.index p ppos)) + (path_spec (k / 2) (j / 2) nactd + (S.slice p (ppos + 1) (ppos + 1 + nplen))))); + assert (vs == + MTS.mt_verify_ #_ #f #(log2c (j / 2)) + (path_spec (k / 2) (j / 2) nactd + (S.slice p (ppos + 1) (ppos + 1 + nplen))) + (k / 2) (MTS.HRaw nacc)); + mt_verify_ok_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd + end + end +#pop-options + +val mt_verify_ok: + #hsz:pos -> #f:MTS.hash_fun_t -> + k:nat -> + j:nat{k < j} -> + p:path #hsz {S.length p = 1 + mt_path_length k j false} -> + rt:hash #hsz -> + Lemma (mt_verify #_ #f k j p rt <==> + MTS.mt_verify #_ #f #(log2c j) + (path_spec k j false (S.tail p)) k (MTS.HRaw (S.head p)) (MTS.HRaw rt)) +let mt_verify_ok #_ #f k j p rt = + mt_verify_ok_ #_ #f k j p 1 (S.head p) false diff --git a/src/MerkleTree.New.High.Correct.Rhs.fst b/src/MerkleTree.New.High.Correct.Rhs.fst new file mode 100644 index 0000000..8ef303a --- /dev/null +++ b/src/MerkleTree.New.High.Correct.Rhs.fst @@ -0,0 +1,420 @@ +module MerkleTree.New.High.Correct.Rhs + +open FStar.Classical +open FStar.Ghost +open FStar.Seq + +module S = FStar.Seq + +module MTS = MerkleTree.Spec +open MerkleTree.New.High +open MerkleTree.New.High.Correct.Base + + +#set-options "--z3rlimit 10 --initial_fuel 1 --max_fuel 1 --initial_ifuel 0 --max_ifuel 0" + +/// Correctness of rightmost hashes + +// Another version of `construct_rhs` that recursively +// accumulates rightmost hashes. +val construct_rhs_acc: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + fhs:hashess #hsz { + S.length fhs = log2c j /\ + mt_hashes_lth_inv_log #hsz j fhs} -> + acc:hash #hsz -> + actd:bool -> + GTot (rhs:hashes #hsz {S.length rhs = log2c j} * hash #hsz) (decreases j) +let rec construct_rhs_acc #_ #f j fhs acc actd = + if j = 0 then (S.empty, acc) + else begin + if j % 2 = 0 + then (let nrhsh = construct_rhs_acc #_ #f(j / 2) (S.tail fhs) acc actd in + (S.cons hash_init (fst nrhsh), snd nrhsh)) + else (let rhd = if actd then acc else hash_init in + let nacc = if actd + then f (S.last (S.head fhs)) acc + else S.last (S.head fhs) in + let nrhsh = construct_rhs_acc #_ #f (j / 2) (S.tail fhs) nacc true in + (S.cons rhd (fst nrhsh), snd nrhsh)) + end + +#push-options "--initial_ifuel 1 --max_ifuel 1" +val construct_rhs_acc_odd: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + fhs:hashess #hsz { + S.length fhs = log2c j /\ + mt_hashes_lth_inv_log #hsz j fhs} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires (j % 2 <> 0)) + (ensures (let rrf = construct_rhs_acc #_ #f j fhs acc actd in + let nacc = if actd + then f (S.last (S.head fhs)) acc + else S.last (S.head fhs) in + let nrrf = construct_rhs_acc #_ #f (j / 2) (S.tail fhs) nacc true in + S.equal (S.tail (fst rrf)) (fst nrrf) /\ + snd rrf == snd nrrf)) +let construct_rhs_acc_odd #_ #f j fhs acc actd = () +#pop-options + +#push-options "--initial_fuel 2 --max_fuel 2" +val construct_rhs_acc_inv_ok_0: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + fhs:hashess #hsz { + S.length fhs = 1 /\ + mt_hashes_lth_inv_log #hsz 1 fhs /\ + mt_hashes_inv_log #_ #f 1 fhs} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires True) + (ensures (let crhs = construct_rhs_acc #_ #f 1 fhs acc actd in + mt_rhs_inv #_ #f 1 + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) + (fst crhs) actd /\ + MTS.mt_get_root #_ #f #1 + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) == + MTS.HRaw #hsz (snd crhs))) +let construct_rhs_acc_inv_ok_0 #_ #f fhs acc actd = () +#pop-options + +#push-options "--z3rlimit 240" +val construct_rhs_acc_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat{j > 0} -> + fhs:hashess #hsz { + S.length fhs = log2c j /\ + mt_hashes_lth_inv_log #hsz j fhs /\ + mt_hashes_inv_log #_ #f j fhs} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires True) + (ensures (let crhs = construct_rhs_acc #_ #f j fhs acc actd in + mt_rhs_inv #_ #f j + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) + (fst crhs) actd /\ + MTS.mt_get_root #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) == + MTS.HRaw (snd crhs))) + (decreases j) +let rec construct_rhs_acc_inv_ok #hsz #f j fhs acc actd = + if j = 1 then + construct_rhs_acc_inv_ok_0 #_ #f fhs acc actd + else if j % 2 = 0 then begin + construct_rhs_acc_inv_ok #_ #f (j / 2) (S.tail fhs) acc actd; + let rcrhs = construct_rhs_acc #_ #f (j / 2) (S.tail fhs) acc actd in + assert (mt_rhs_inv #_ #f (j / 2) + (hash_seq_spec_full #_ #f (S.head (S.tail fhs)) acc actd) + (fst rcrhs) actd); + assert (MTS.mt_get_root #_ #f #(log2c j - 1) + (hash_seq_spec_full #_ #f (S.head (S.tail fhs)) acc actd) == + MTS.HRaw (snd rcrhs)); + + let crhs = (S.cons hash_init (fst rcrhs), snd rcrhs) in + mt_hashes_lth_inv_log_next #_ #f j fhs; + hash_seq_spec_full_even_next #_ #f + j (S.head fhs) (S.head (S.tail fhs)) acc actd; + assert (mt_rhs_inv #_ #f (j / 2) + (MTS.mt_next_lv #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd)) + (fst rcrhs) actd); + + assert (mt_rhs_inv #_ #f j + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) + (fst crhs) actd); + assert (MTS.mt_get_root #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) == + MTS.HRaw (snd rcrhs)) + end + + else begin + let rhd = if actd then acc else hash_init #hsz in + let nacc = if actd + then f (S.last (S.head fhs)) acc + else S.last (S.head fhs) in + construct_rhs_acc_inv_ok #_ #f (j / 2) (S.tail fhs) nacc true; + let rcrhs = construct_rhs_acc #_ #f (j / 2) (S.tail fhs) nacc true in + assert (mt_rhs_inv #_ #f (j / 2) + (hash_seq_spec_full #_ #f (S.head (S.tail fhs)) nacc true) + (fst rcrhs) true); + assert (MTS.mt_get_root #_ #f #(log2c j - 1) + (hash_seq_spec_full #_ #f (S.head (S.tail fhs)) nacc true) == + MTS.HRaw (snd rcrhs)); + + let crhs = (S.cons rhd (fst rcrhs), snd rcrhs) in + mt_hashes_lth_inv_log_next #_ #f j fhs; + hash_seq_spec_full_odd_next #_ #f + j (S.head fhs) (S.head (S.tail fhs)) acc actd nacc; + (if actd then hash_seq_spec_full_case_true #_ #f (S.head fhs) acc); + assert (if actd + then (S.index (hash_seq_spec_full #_ #f (S.head fhs) acc actd) j == + MTS.HRaw rhd) + else true); + assert (mt_rhs_inv #_ #f (j / 2) + (MTS.mt_next_lv #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd)) + (fst rcrhs) true); + + assert (mt_rhs_inv #_ #f j + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) + (fst crhs) actd); + assert (MTS.mt_get_root #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head fhs) acc actd) == + MTS.HRaw (snd crhs)) + end +#pop-options + + +val rhs_equiv: + #hsz:pos -> + j:nat -> + rhs1:hashes #hsz {S.length rhs1 = log2c j} -> + rhs2:hashes #hsz {S.length rhs2 = log2c j} -> + actd:bool -> + GTot Type0 (decreases j) +let rec rhs_equiv #hsz j rhs1 rhs2 actd = + if j = 0 then true + else if j % 2 = 0 + then rhs_equiv #hsz (j / 2) (S.tail rhs1) (S.tail rhs2) actd + else ((if actd then S.head rhs1 == S.head rhs2 else true) /\ + rhs_equiv #hsz (j / 2) (S.tail rhs1) (S.tail rhs2) true) + +val rhs_equiv_inv_preserved: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + j:nat -> + smt:MTS.merkle_tree (log2c j) -> + rhs1:hashes #hsz {S.length rhs1 = log2c j} -> + rhs2:hashes #hsz {S.length rhs2 = log2c j} -> + actd:bool -> + Lemma (requires (mt_rhs_inv #_ #f j smt rhs1 actd /\ + rhs_equiv #hsz j rhs1 rhs2 actd)) + (ensures (mt_rhs_inv #_ #f j smt rhs2 actd)) + (decreases j) +let rec rhs_equiv_inv_preserved #_ #f j smt rhs1 rhs2 actd = + if j = 0 then () + else if j % 2 = 0 + then rhs_equiv_inv_preserved #_ #f (j / 2) (MTS.mt_next_lv #_ #f #(log2c j) smt) + (S.tail rhs1) (S.tail rhs2) actd + else begin + (if actd + then (assert (S.index smt j == MTS.HRaw (S.head rhs1)); + assert (S.head rhs1 == S.head rhs2)) + else ()); + rhs_equiv_inv_preserved #_ #f (j / 2) (MTS.mt_next_lv #_ #f #(log2c j) smt) + (S.tail rhs1) (S.tail rhs2) true + end + +val construct_rhs_acc_consistent: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires True) + (ensures + (log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + (let rrf = construct_rhs_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd in + let rr = construct_rhs #_ #f lv hs rhs i j acc actd in + rhs_equiv #hsz j (fst rrf) (S.slice (fst rr) lv (lv + log2c j)) actd /\ + snd rrf == snd rr))) + (decreases j) + +#push-options "--z3rlimit 250 --ifuel 1" +#push-options "--quake 1/3" +let rec construct_rhs_acc_consistent #hsz #f lv i j olds hs rhs acc actd = + assert (j < pow2 (32 - lv)); + assert (j <> 0 ==> j / 2 < pow2 (32 - (lv + 1))); + log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + let rrf = construct_rhs_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd in + let rr = construct_rhs #_ #f lv hs rhs i j acc actd in + construct_rhs_unchanged #_ #f lv hs rhs i j acc actd; + assert (S.equal (S.slice rhs 0 lv) (S.slice (fst rr) 0 lv)); + + if j = 0 then () + else begin + log2c_div j; + assert (32 - (lv + 1) >= 0); + log2c_bound (j / 2) (32 - (lv + 1)); + mt_olds_hs_lth_inv_ok #_ #f (lv + 1) (i / 2) (j / 2) olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f (lv + 1) (j / 2) (merge_hs #_ #f olds hs); + + if j % 2 = 0 then begin + construct_rhs_acc_consistent #_ #f (lv + 1) (i / 2) (j / 2) + olds hs rhs acc actd; + log2c_bound (j/2) (32 - (lv + 1)); + mt_olds_hs_lth_inv_ok #hsz #f (lv+1) (i/2) (j/2) olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + let rrf = construct_rhs_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd in + let rr = construct_rhs #_ #f lv hs rhs i j acc actd in + assert (rhs_equiv #hsz j (fst rrf) (S.slice (fst rr) lv (lv + log2c j)) actd); + assert (snd rrf == snd rr) + end + else + begin + let rhd = if actd then acc else hash_init in + let nacc = if actd + then f (S.last (S.index hs lv)) acc + else S.last (S.index hs lv) in + assert (S.equal (S.tail (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j))) + (S.slice (merge_hs #_ #f olds hs) + (lv + 1) (lv + 1 + log2c (j / 2)))); + + // Recursion step for `construct_rhs_acc` + let nrrf = construct_rhs_acc #_ #f (j / 2) + (S.slice (merge_hs #_ #f olds hs) (lv + 1) (lv + 1 + (log2c (j / 2)))) + nacc true in + construct_rhs_acc_odd #_ #f j (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd; + + // Recursion step for `construct_rhs` + assert (hs_wf_elts (lv + 1) hs (i / 2) (j / 2)); + let nrhs = if actd then S.upd rhs lv acc else rhs in + let nrr = construct_rhs #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true in + construct_rhs_odd #_ #f lv hs rhs i j acc actd; + construct_rhs_unchanged #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true; + assert (S.equal (S.slice nrhs 0 (lv + 1)) (S.slice (fst nrr) 0 (lv + 1))); + assert (S.index (fst nrr) lv == S.index nrhs lv); + + // Recursion for the proof + construct_rhs_acc_consistent #_ #f (lv + 1) (i / 2) (j / 2) + olds hs nrhs nacc true; + assert (rhs_equiv #hsz (j / 2) (fst nrrf) + (S.slice (fst nrr) (lv + 1) (lv + 1 + log2c (j / 2))) true); + assert (snd nrrf == snd nrr); + + // All together + (if actd + then (assert (S.head (fst rrf) == rhd); + assert (rhd == acc); + assert (S.index (fst rr) lv == S.index nrhs lv); + assert (S.index nrhs lv == acc); + assert (S.head (fst rrf) == S.index (fst rr) lv)) + else ()); + + assert (if actd then S.head (fst rrf) == S.index (fst rr) lv else true); + assert (rhs_equiv #hsz (j / 2) (S.tail (fst rrf)) + (S.slice (fst rr) (lv + 1) (lv + 1 + log2c (j / 2))) true); + assert (rhs_equiv #hsz j (fst rrf) (S.slice (fst rr) lv (lv + log2c j)) actd); + assert (snd rrf == snd rr) + end + end +#pop-options + +val construct_rhs_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + i:nat -> + j:nat{j > 0 /\ i <= j /\ j < pow2 (32 - lv)} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz lv i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires (mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_inv #_ #f lv j (merge_hs #_ #f olds hs))) + (ensures (log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + (let crhs = construct_rhs #_ #f lv hs rhs i j acc actd in + mt_rhs_inv #_ #f j + (hash_seq_spec_full #_ #f (S.index (merge_hs #_ #f olds hs) lv) acc actd) + (S.slice (fst crhs) lv (lv + log2c j)) actd /\ + MTS.mt_get_root #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.index (merge_hs #_ #f olds hs) lv) acc actd) == + MTS.HRaw (snd crhs)))) +let construct_rhs_inv_ok #hsz #f lv i j olds hs rhs acc actd = + log2c_div j; log2c_bound j (32 - lv); + mt_olds_hs_lth_inv_ok #_ #f lv i j olds hs; + mt_hashes_lth_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + mt_hashes_inv_log_converted_ #_ #f lv j (merge_hs #_ #f olds hs); + let crhs = construct_rhs #_ #f lv hs rhs i j acc actd in + let crhsf = construct_rhs_acc #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd in + construct_rhs_acc_consistent #_ #f lv i j olds hs rhs acc actd; + construct_rhs_acc_inv_ok #_ #f j + (S.slice (merge_hs #_ #f olds hs) lv (lv + log2c j)) acc actd; + rhs_equiv_inv_preserved #_ #f j + (hash_seq_spec_full #_ #f (S.index (merge_hs #_ #f olds hs) lv) acc actd) + (fst crhsf) (S.slice (fst crhs) lv (lv + log2c j)) actd +#pop-options + +val construct_rhs_base_inv_ok: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + i:nat -> j:nat{j > 0 /\ i <= j /\ j < pow2 32} -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 i olds} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts 0 hs i j} -> + rhs:hashes #hsz {S.length rhs = 32} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires (mt_olds_hs_lth_inv_ok #_ #f 0 i j olds hs; + mt_hashes_inv #_ #f 0 j (merge_hs #_ #f olds hs))) + (ensures (log2c_bound j 32; + mt_olds_hs_lth_inv_ok #_ #f 0 i j olds hs; + (let crhs = construct_rhs #_ #f 0 hs rhs i j acc actd in + mt_rhs_inv #_ #f j + (hash_seq_spec_full #_ #f (S.head (merge_hs #_ #f olds hs)) acc actd) + (S.slice (fst crhs) 0 (log2c j)) actd /\ + MTS.mt_get_root #_ #f #(log2c j) + (hash_seq_spec_full #_ #f (S.head (merge_hs #_ #f olds hs)) acc actd) == + MTS.HRaw (snd crhs)))) +let construct_rhs_base_inv_ok #hsz #f i j olds hs rhs acc actd = + construct_rhs_inv_ok #_ #f 0 i j olds hs rhs acc actd + +val construct_rhs_init_ignored: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + acc1:hash #hsz -> acc2:hash #hsz -> + Lemma (requires (j > 0)) + (ensures (let rr1 = construct_rhs #_ #f lv hs rhs i j acc1 false in + let rr2 = construct_rhs #_ #f lv hs rhs i j acc2 false in + S.equal (fst rr1) (fst rr2) /\ snd rr1 == snd rr2)) + (decreases j) +#push-options "--z3rlimit 100 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +let rec construct_rhs_init_ignored #hsz #f lv hs rhs i j acc1 acc2 = + if j % 2 = 0 + then construct_rhs_init_ignored #_ #f (lv + 1) hs rhs (i / 2) (j / 2) acc1 acc2 + else () +#pop-options + +val mt_get_root_inv_ok: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> drt:hash -> + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} -> + Lemma (requires (mt_inv mt olds)) + (ensures (let nmt, rt = mt_get_root mt drt in + // Only `MT?.rhs` and `MT?.mroot` are changed. + MT?.i mt == MT?.i nmt /\ + MT?.j mt == MT?.j nmt /\ + MT?.hs mt == MT?.hs nmt /\ + // A Merkle tree with new `MT?.rhs` and `MT?.mroot` is valid. + mt_inv nmt olds /\ + // A returned root is indeed the Merkle root. + rt == MT?.mroot nmt)) +let mt_get_root_inv_ok #hsz mt drt olds = + if MT?.rhs_ok mt then () + else if MT?.j mt = 0 then () + else begin + construct_rhs_base_inv_ok #_ #(MT?.hash_fun mt) + (MT?.i mt) (MT?.j mt) olds (MT?.hs mt) (MT?.rhs mt) + hash_init false; + construct_rhs_init_ignored #_ #(MT?.hash_fun mt) + 0 (MT?.hs mt) (MT?.rhs mt) (MT?.i mt) (MT?.j mt) + hash_init drt + end diff --git a/src/MerkleTree.New.High.Correct.fst b/src/MerkleTree.New.High.Correct.fst new file mode 100644 index 0000000..0ca3a71 --- /dev/null +++ b/src/MerkleTree.New.High.Correct.fst @@ -0,0 +1,148 @@ +module MerkleTree.New.High.Correct + +open FStar.Seq + +open MerkleTree.New.High +open MerkleTree.New.High.Correct.Base +open MerkleTree.New.High.Correct.Insertion +open MerkleTree.New.High.Correct.Rhs +open MerkleTree.New.High.Correct.Flushing +open MerkleTree.New.High.Correct.Path + +module S = FStar.Seq + +module Insertion = MerkleTree.New.High.Correct.Insertion +module Rhs = MerkleTree.New.High.Correct.Rhs +module Flushing = MerkleTree.New.High.Correct.Flushing +module Path = MerkleTree.New.High.Correct.Path + +module MTS = MerkleTree.Spec + +#set-options "--z3rlimit 20 --max_fuel 0 --max_ifuel 0" + +/// Correctness of the high-level Merkle tree design + +// We claim below statements as the correctness of the high-level Merkle tree design: +// 1) There is an invariant (`mt_inv`), and `create_mt` satisfies it. +// 2) The invariant is preserved for insertion and flushing. +// 3) Assuming the invariant, we can construct the specification (`mt_spec`) for a given tree. +// 4) Merkle paths generated by the design and the corresponding spec are equal. +// 5) Merkle path verification by the design and the spec give the same result. + +type old_hashes (#hsz:pos) (mt:merkle_tree #hsz) = + olds:hashess #hsz {S.length olds = 32 /\ mt_olds_inv #hsz 0 (MT?.i mt) olds} + +noeq type mt_olds (#hsz:pos) = +| MTO: mt:merkle_tree #hsz {mt_wf_elts mt} -> + olds:old_hashes #hsz mt -> + mt_olds #hsz + +val mto_inv: #hsz:pos -> mt_olds #hsz -> GTot Type0 +let mto_inv #hsz mto = + mt_inv (MTO?.mt mto) (MTO?.olds mto) + +val mto_base: #hsz:pos -> mto:mt_olds #hsz -> GTot (hs:hashes #hsz{S.length hs = MT?.j (MTO?.mt mto)}) +let mto_base #hsz mto = + mt_base (MTO?.mt mto) (MTO?.olds mto) + +val mto_spec: + #hsz:pos -> + mto:mt_olds #hsz {MT?.j (MTO?.mt mto) > 0} -> + GTot (MTS.merkle_tree #hsz (log2c (MT?.j (MTO?.mt mto)))) +let mto_spec #hsz mto = + mt_spec (MTO?.mt mto) (MTO?.olds mto) + +// `create_mt` is correct. + +val create_mt_ok: + hsz:pos -> f:MTS.hash_fun_t -> + init:hash #hsz -> + Lemma (empty_olds_inv #_ #f 0; + mto_inv (MTO (mt_create hsz f init) (empty_hashes 32))) +let create_mt_ok hsz f init = + Insertion.create_mt_inv_ok #_ #f init + +// `mt_insert` is correct. + +val mt_insert_ok: + #hsz:pos -> + mto:mt_olds #hsz -> v:hash #hsz -> + Lemma (requires mto_inv mto /\ mt_not_full (MTO?.mt mto)) + (ensures mto_inv (MTO (mt_insert (MTO?.mt mto) v) (MTO?.olds mto))) +let mt_insert_ok #hsz mto v = + Insertion.mt_insert_inv_preserved (MTO?.mt mto) v (MTO?.olds mto) + +// `mt_flush_to` and `mt_flush` are correct. + +val mt_flush_to_ok: + #hsz:pos -> + mto:mt_olds #hsz -> + idx:nat{idx >= MT?.i (MTO?.mt mto) /\ idx < MT?.j (MTO?.mt mto)} -> + Lemma (requires mto_inv mto) + (ensures mto_inv (MTO (mt_flush_to (MTO?.mt mto) idx) + (mt_flush_to_olds #hsz #(MT?.hash_fun (MTO?.mt mto)) 0 (MT?.i (MTO?.mt mto)) idx (MT?.j (MTO?.mt mto)) + (MTO?.olds mto) (MT?.hs (MTO?.mt mto))))) +let mt_flush_to_ok #_ mto idx = + Flushing.mt_flush_to_inv_preserved (MTO?.mt mto) (MTO?.olds mto) idx + +val mt_flush_ok: + #hsz:pos -> + mto:mt_olds #hsz -> + Lemma (requires mto_inv mto /\ MT?.j (MTO?.mt mto) > MT?.i (MTO?.mt mto)) + (ensures mto_inv (MTO (mt_flush_to (MTO?.mt mto) (MT?.j (MTO?.mt mto) - 1)) + (mt_flush_to_olds #hsz #(MT?.hash_fun (MTO?.mt mto)) 0 (MT?.i (MTO?.mt mto)) + (MT?.j (MTO?.mt mto) - 1) (MT?.j (MTO?.mt mto)) + (MTO?.olds mto) (MT?.hs (MTO?.mt mto))))) +let mt_flush_ok #_ mto = + Flushing.mt_flush_inv_preserved (MTO?.mt mto) (MTO?.olds mto) + +// `mt_get_root` is correct. + +val mt_get_root_ok: + #hsz:pos -> + mto:mt_olds #hsz -> drt:hash #hsz -> + Lemma (requires mto_inv mto) + (ensures (let nmt, rt = mt_get_root (MTO?.mt mto) drt in + // Only `MT?.rhs` and `MT?.mroot` are changed. + MT?.i (MTO?.mt mto) == MT?.i nmt /\ + MT?.j (MTO?.mt mto) == MT?.j nmt /\ + MT?.hs (MTO?.mt mto) == MT?.hs nmt /\ + // A Merkle tree with new `MT?.rhs` and `MT?.mroot` is valid. + mt_inv nmt (MTO?.olds mto) /\ + // A returned root is indeed the Merkle root. + rt == MT?.mroot nmt)) +let mt_get_root_ok #_ mto drt = + Rhs.mt_get_root_inv_ok (MTO?.mt mto) drt (MTO?.olds mto) + +// `mt_get_path` is correct. + +val mt_get_path_ok: + #hsz:pos -> + mto:mt_olds #hsz -> + idx:nat{MT?.i (MTO?.mt mto) <= idx && idx < MT?.j (MTO?.mt mto)} -> + drt:hash -> + Lemma (requires mto_inv mto /\ MT?.j (MTO?.mt mto) > 0) + (ensures (let f = (MT?.hash_fun (MTO?.mt mto)) in + let j, p, rt = mt_get_path (MTO?.mt mto) idx drt in + j == MT?.j (MTO?.mt mto) /\ + mt_root_inv #_ #f (mto_base mto) hash_init false rt /\ + S.head p == S.index (mto_base mto) idx /\ + (assert (S.length (S.tail p) == mt_path_length idx (MT?.j (MTO?.mt mto)) false); + S.equal (path_spec idx (MT?.j (MTO?.mt mto)) false (S.tail p)) + (MTS.mt_get_path #_ #f #(log2c j) (mto_spec mto) idx)))) +let mt_get_path_ok #_ mto idx drt = + Path.mt_get_path_inv_ok (MTO?.mt mto) (MTO?.olds mto) idx drt + +// `mt_verify` is correct. + +val mt_verify_ok: + #hsz:pos -> #f:MTS.hash_fun_t -> + k:nat -> + j:nat{k < j} -> + p:path #hsz {S.length p = 1 + mt_path_length k j false} -> + rt:hash #hsz -> + Lemma (mt_verify #_ #f k j p rt <==> + MTS.mt_verify #_ #f #(log2c j) + (path_spec k j false (S.tail p)) k (MTS.HRaw (S.head p)) (MTS.HRaw rt)) +let mt_verify_ok #_ #f k j p rt = + Path.mt_verify_ok #_ #f k j p rt diff --git a/src/MerkleTree.New.High.fst b/src/MerkleTree.New.High.fst new file mode 100644 index 0000000..05f05f0 --- /dev/null +++ b/src/MerkleTree.New.High.fst @@ -0,0 +1,679 @@ +module MerkleTree.New.High + +open FStar.Ghost +open FStar.Seq + +module S = FStar.Seq + +module U32 = FStar.UInt32 +module U8 = FStar.UInt8 + +module MTS = MerkleTree.Spec + +#set-options "--z3rlimit 10 --max_fuel 0 --max_ifuel 0" + +type uint32_t = U32.t +type uint8_t = U8.t + +type hash (#hsz:pos) = b:Spec.Hash.Definitions.bytes{Seq.length b = hsz} +type hashes (#hsz:pos) = S.seq (hash #hsz) +type hashess (#hsz:pos) = S.seq (hashes #hsz) + +noextract +let hash_init (#hsz:pos): hash #hsz = + Seq.create hsz (Lib.IntTypes.u8 0) + +val sha256_compress: src1:hash #32 -> src2:hash #32 -> GTot (hash #32) +let sha256_compress = MTS.sha256_compress + + +/// Facts about sequences + +val seq_slice_equal_index: + #a:Type -> s1:S.seq a -> s2:S.seq a -> + i:nat -> j:nat{i <= j && j <= S.length s1 && j <= S.length s2} -> + k:nat{i <= k && k < j} -> + Lemma (requires S.equal (S.slice s1 i j) (S.slice s2 i j)) + (ensures S.index s1 k == S.index s2 k) + [SMTPat (S.equal (S.slice s1 i j) (S.slice s2 i j)); + SMTPat (S.index s1 k)] +let seq_slice_equal_index #a s1 s2 i j k = + assert (S.index (S.slice s1 i j) (k - i) == S.index (S.slice s2 i j) (k - i)) + +private val seq_slice_more_equal: + #a:Type -> s1:S.seq a -> s2:S.seq a -> + n:nat -> m:nat{n <= m && m <= S.length s1 && m <= S.length s2} -> + k:nat{n <= k} -> l:nat{k <= l && l <= m} -> + Lemma (requires S.equal (S.slice s1 n m) (S.slice s2 n m)) + (ensures S.equal (S.slice s1 k l) (S.slice s2 k l)) + [SMTPat (S.equal (S.slice s1 n m) (S.slice s2 n m)); + SMTPat (S.equal (S.slice s1 k l) (S.slice s2 k l))] +private let seq_slice_more_equal #a s1 s2 n m k l = + slice_slice s1 n m (k - n) (l - n); + slice_slice s2 n m (k - n) (l - n) + +/// Facts about "2" + +val remainder_2_not_1_div: n:nat -> + Lemma (requires n % 2 <> 1) + (ensures n / 2 = (n + 1) / 2) +let remainder_2_not_1_div n = () + +val remainder_2_1_div: n:nat -> + Lemma (requires n % 2 = 1) + (ensures n / 2 + 1 = (n + 1) / 2) +let remainder_2_1_div n = () + +/// High-level Merkle tree data structure + +noeq type merkle_tree (#hsz:pos) = +| MT: i:nat -> + j:nat{i <= j && j < pow2 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs_ok:bool -> + rhs:hashes #hsz {S.length rhs = 32} -> // Rightmost hashes + mroot:hash #hsz -> + hash_fun:MTS.hash_fun_t #hsz -> + merkle_tree #hsz + +val mt_not_full (#hsz:pos): merkle_tree #hsz -> GTot bool +let mt_not_full #hsz mt = + MT?.j mt < pow2 32 - 1 + +val mt_empty (#hsz:pos): merkle_tree #hsz -> GTot bool +let mt_empty #hsz mt = + MT?.j mt = 0 + +val mt_not_empty (#hsz:pos): merkle_tree #hsz -> GTot bool +let mt_not_empty #hsz mt = + MT?.j mt > 0 + +/// Well-formedness w.r.t. indices of base hash elements + +noextract +val offset_of: i:nat -> Tot nat +let offset_of i = + if i % 2 = 0 then i else i - 1 + +val hs_wf_elts: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + i:nat -> j:nat{j >= i} -> + GTot Type0 (decreases (32 - lv)) +let rec hs_wf_elts #hsz lv hs i j = + if lv = 32 then true + else (let ofs = offset_of i in + S.length (S.index hs lv) == j - ofs /\ + hs_wf_elts #hsz (lv + 1) hs (i / 2) (j / 2)) + +#push-options "--max_fuel 1" + +val hs_wf_elts_equal: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs1:hashess #hsz {S.length hs1 = 32} -> + hs2:hashess #hsz {S.length hs2 = 32} -> + i:nat -> + j:nat{j >= i} -> + Lemma (requires hs_wf_elts lv hs1 i j /\ + S.equal (S.slice hs1 lv 32) (S.slice hs2 lv 32)) + (ensures hs_wf_elts lv hs2 i j) + (decreases (32 - lv)) +let rec hs_wf_elts_equal #hsz lv hs1 hs2 i j = + if lv = 32 then () + else (S.slice_slice hs1 lv 32 1 (32 - lv); + S.slice_slice hs2 lv 32 1 (32 - lv); + assert (S.equal (S.slice hs1 (lv + 1) 32) + (S.slice hs2 (lv + 1) 32)); + S.lemma_index_slice hs1 lv 32 0; + S.lemma_index_slice hs2 lv 32 0; + assert (S.index hs1 lv == S.index hs2 lv); + hs_wf_elts_equal (lv + 1) hs1 hs2 (i / 2) (j / 2)) + +val mt_wf_elts (#hsz:pos): merkle_tree #hsz -> GTot Type0 +let mt_wf_elts #_ (MT i j hs _ _ _ _) = + hs_wf_elts 0 hs i j + + /// Construction + +val hs_wf_elts_empty: + #hsz:pos -> + lv:nat{lv <= 32} -> + Lemma (requires True) + (ensures hs_wf_elts #hsz lv (S.create 32 S.empty) 0 0) + (decreases (32 - lv)) +let rec hs_wf_elts_empty #hsz lv = + if lv = 32 then () + else hs_wf_elts_empty #hsz (lv + 1) + +// NOTE: the public function is `create_mt` defined below, which +// builds a tree with an initial hash. +noextract inline_for_extraction +val create_empty_mt (#hsz:pos) (#f:MTS.hash_fun_t #hsz): unit -> GTot (mt:merkle_tree #hsz {mt_wf_elts #hsz mt}) +let create_empty_mt #hsz #f _ = + hs_wf_elts_empty #hsz 0; + MT 0 0 (S.create 32 S.empty) false (S.create 32 (hash_init #hsz)) (hash_init #hsz) f + +/// Insertion + +val hashess_insert: + #hsz:pos -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv) - 1} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + v:hash #hsz -> + GTot (ihs:hashess #hsz {S.length ihs = 32 /\ hs_wf_elts (lv + 1) ihs (i / 2) (j / 2)}) +let hashess_insert #hsz lv i j hs v = + let ihs = S.upd hs lv (S.snoc (S.index hs lv) v) in + hs_wf_elts_equal (lv + 1) hs ihs (i / 2) (j / 2); + ihs + +val insert_: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv < 32} -> + i:nat -> + j:nat{i <= j /\ j < pow2 (32 - lv) - 1} -> + hs:hashess #hsz {S.length hs = 32 /\ hs_wf_elts lv hs i j} -> + acc:hash #hsz -> + GTot (ihs:hashess #hsz { + S.length ihs = 32 /\ + hs_wf_elts #hsz lv ihs i (j + 1) /\ + S.equal (S.slice hs 0 lv) (S.slice ihs 0 lv)}) + (decreases j) +let rec insert_ #hsz #f lv i j hs acc = + let ihs = hashess_insert #hsz lv i j hs acc in + assert (S.equal (S.slice hs 0 lv) (S.slice ihs 0 lv)); + if j % 2 = 1 // S.length (S.index hs lv) > 0 + then begin + remainder_2_1_div j; + let nacc = f (S.last (S.index hs lv)) acc in + let rihs = insert_ #hsz #f (lv + 1) (i / 2) (j / 2) ihs nacc in + assert (hs_wf_elts #hsz (lv + 1) rihs (i / 2) (j / 2 + 1)); + assert (S.equal (S.slice ihs 0 (lv + 1)) (S.slice rihs 0 (lv + 1))); + assert (S.index ihs lv == S.index rihs lv); + assert (S.length (S.index rihs lv) = (j + 1) - offset_of i); + assert (S.equal (S.slice ihs 0 (lv + 1)) (S.slice rihs 0 (lv + 1))); + assert (S.equal (S.slice ihs 0 lv) (S.slice rihs 0 lv)); + rihs + end + else ihs + +val insert_base: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat -> i:nat -> j:nat -> hs:hashess #hsz -> acc:hash #hsz -> + Lemma (requires + lv < 32 /\ i <= j /\ j < pow2 (32 - lv) - 1 /\ + S.length hs = 32 /\ hs_wf_elts lv hs i j /\ + j % 2 <> 1) + (ensures S.equal (insert_ #_ #f lv i j hs acc) + (hashess_insert lv i j hs acc)) +let insert_base #_ #_ lv i j hs acc = () + +val insert_rec: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat -> i:nat -> j:nat -> hs:hashess -> acc:hash -> + Lemma (requires + lv < 32 /\ i <= j /\ j < pow2 (32 - lv) - 1 /\ + S.length hs = 32 /\ hs_wf_elts lv hs i j /\ + j % 2 == 1) + (ensures + (hs_wf_elts_equal (lv + 1) hs + (hashess_insert lv i j hs acc) (i / 2) (j / 2); + S.equal (insert_ #_ #f lv i j hs acc) + (insert_ #_ #f (lv + 1) (i / 2) (j / 2) + (hashess_insert lv i j hs acc) + (f (S.last (S.index hs lv)) acc)))) +let insert_rec #_ #_ lv i j hs acc = () + +val mt_insert: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt /\ mt_not_full mt} -> v:hash #hsz -> + GTot (imt:merkle_tree #hsz{mt_wf_elts #hsz imt}) +let mt_insert #hsz mt v = + MT (MT?.i mt) + (MT?.j mt + 1) + (insert_ #_ #(MT?.hash_fun mt) 0 (MT?.i mt) (MT?.j mt) (MT?.hs mt) v) + false + (MT?.rhs mt) + (MT?.mroot mt) + (MT?.hash_fun mt) + +val mt_create: + hsz:pos -> f:MTS.hash_fun_t #hsz -> + init:hash #hsz -> GTot (mt:merkle_tree{mt_wf_elts #hsz mt}) +let mt_create hsz f init = + mt_insert #_ (create_empty_mt #_ #f ()) init + +/// Getting the Merkle root and path + +type path (#hsz:pos) = S.seq (hash #hsz) + +// Construct the rightmost hashes for a given (incomplete) Merkle tree. +// This function calculates the Merkle root as well, which is the final +// accumulator value. +val construct_rhs: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts #hsz lv hs i j} -> + acc:hash #hsz -> + actd:bool -> + GTot (crhs:hashes #hsz {S.length crhs = 32} * (hash #hsz)) + (decreases j) +let rec construct_rhs #hsz #f lv hs rhs i j acc actd = + let ofs = offset_of i in + if j = 0 then (rhs, acc) + else + (if j % 2 = 0 + then (construct_rhs #_ #f (lv + 1) hs rhs (i / 2) (j / 2) acc actd) + else (let nrhs = if actd then S.upd rhs lv acc else rhs in + let nacc = if actd + then f (S.index (S.index hs lv) (j - 1 - ofs)) acc + else S.index (S.index hs lv) (j - 1 - ofs) in + construct_rhs #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true)) + +val construct_rhs_unchanged: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts #hsz lv hs i j} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires True) + (ensures S.equal (S.slice rhs 0 lv) + (S.slice (fst (construct_rhs #_ #f lv hs rhs i j acc actd)) 0 lv)) + (decreases j) +let rec construct_rhs_unchanged #hsz #f lv hs rhs i j acc actd = + let ofs = offset_of i in + if j = 0 then () + else if j % 2 = 0 + then (construct_rhs_unchanged #_ #f (lv + 1) hs rhs (i / 2) (j / 2) acc actd; + let rrhs = fst (construct_rhs #_ #f (lv + 1) hs rhs (i / 2) (j / 2) acc actd) in + assert (S.equal (S.slice rhs 0 lv) (S.slice rrhs 0 lv))) + else (let nrhs = if actd then S.upd rhs lv acc else rhs in + let nacc = if actd + then f (S.index (S.index hs lv) (j - 1 - ofs)) acc + else S.index (S.index hs lv) (j - 1 - ofs) in + construct_rhs_unchanged #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true; + let rrhs = fst (construct_rhs #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true) in + assert (S.equal (S.slice nrhs 0 lv) (S.slice rrhs 0 lv)); + assert (S.equal (S.slice rhs 0 lv) (S.slice nrhs 0 lv))) + +val construct_rhs_even: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts #hsz lv hs i j} -> + acc:hash #hsz -> + actd:bool -> + Lemma (requires j <> 0 /\ j % 2 = 0) + (ensures construct_rhs #_ #f lv hs rhs i j acc actd == + construct_rhs #_ #f (lv + 1) hs rhs (i / 2) (j / 2) acc actd) +let construct_rhs_even #_ #_ _ _ _ _ _ _ _ = () + +val construct_rhs_odd: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + acc:hash -> + actd:bool -> + Lemma (requires j % 2 = 1) + (ensures construct_rhs #_ #f lv hs rhs i j acc actd == + (let ofs = offset_of i in + let nrhs = if actd then S.upd rhs lv acc else rhs in + let nacc = if actd + then f (S.index (S.index hs lv) (j - 1 - ofs)) acc + else S.index (S.index hs lv) (j - 1 - ofs) in + construct_rhs #_ #f (lv + 1) hs nrhs (i / 2) (j / 2) nacc true)) +let construct_rhs_odd #_ #_ _ _ _ _ _ _ _ = () + +val mt_get_root: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts #hsz mt} -> drt:hash #hsz -> + GTot (merkle_tree #hsz * hash #hsz) +let mt_get_root #hsz mt drt = + if MT?.rhs_ok mt then (mt, MT?.mroot mt) + else begin + let (nrhs, rt) = construct_rhs #_ #(MT?.hash_fun mt) 0 (MT?.hs mt) (MT?.rhs mt) (MT?.i mt) (MT?.j mt) drt false in + (MT (MT?.i mt) (MT?.j mt) (MT?.hs mt) true nrhs rt (MT?.hash_fun mt), rt) + end + +val mt_get_root_rhs_ok_true: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> drt:hash #hsz -> + Lemma (requires MT?.rhs_ok mt == true) + (ensures mt_get_root #hsz mt drt == (mt, MT?.mroot mt)) +let mt_get_root_rhs_ok_true #hsz mt drt = () + +val mt_get_root_rhs_ok_false: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> drt:hash -> + Lemma (requires MT?.rhs_ok mt == false) + (ensures mt_get_root mt drt == + (let (nrhs, rt) = + construct_rhs #_ #(MT?.hash_fun mt) + 0 (MT?.hs mt) (MT?.rhs mt) (MT?.i mt) (MT?.j mt) + drt false in + (MT (MT?.i mt) (MT?.j mt) (MT?.hs mt) true nrhs rt (MT?.hash_fun mt), rt))) +let mt_get_root_rhs_ok_false #_ _ _ = () + +val path_insert: (#hsz:pos) -> p:path #hsz -> hp:hash #hsz -> GTot (path #hsz) +let path_insert #_ p hp = S.snoc p hp + +val mt_path_length_step: + k:nat -> j:nat{k <= j} -> actd:bool -> GTot nat +let mt_path_length_step k j actd = + if j = 0 then 0 + else (if k % 2 = 0 + then (if j = k || (j = k + 1 && not actd) then 0 else 1) + else 1) + +val mt_path_length: + k:nat -> j:nat{k <= j} -> actd:bool -> GTot nat +let rec mt_path_length k j actd = + if j = 0 then 0 + else (let nactd = actd || (j % 2 = 1) in + mt_path_length_step k j actd + + mt_path_length (k / 2) (j / 2) nactd) + +val mt_make_path_step: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + j <> 0 /\ i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + actd:bool -> + GTot (path #hsz) +let mt_make_path_step #hsz lv hs rhs i j k p actd = + let ofs = offset_of i in + if k % 2 = 1 + then path_insert p (S.index (S.index hs lv) (k - 1 - ofs)) + else (if k = j then p + else if k + 1 = j + then (if actd + then path_insert p (S.index rhs lv) + else p) + else path_insert p (S.index (S.index hs lv) (k + 1 - ofs))) + +// Construct a Merkle path for a given index `k`, hashes `hs`, +// and rightmost hashes `rhs`. +val mt_get_path_: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + actd:bool -> + GTot (np:path #hsz {S.length np = S.length p + mt_path_length k j actd}) + (decreases (32 - lv)) +let rec mt_get_path_ #hsz lv hs rhs i j k p actd = + let ofs = offset_of i in + if j = 0 then p + else + (let np = mt_make_path_step lv hs rhs i j k p actd in + mt_get_path_ (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) np + (if j % 2 = 0 then actd else true)) + +val mt_get_path_unchanged: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts #hsz lv hs i j} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + actd:bool -> + Lemma (requires True) + (ensures S.equal p (S.slice (mt_get_path_ lv hs rhs i j k p actd) + 0 (S.length p))) + (decreases (32 - lv)) +let rec mt_get_path_unchanged #hsz lv hs rhs i j k p actd = + let ofs = offset_of i in + if j = 0 then () + else + (let np = mt_make_path_step lv hs rhs i j k p actd in + assert (S.equal p (S.slice np 0 (S.length p))); + mt_get_path_unchanged (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) np + (if j % 2 = 0 then actd else true)) + +#push-options "--z3rlimit 20" + +val mt_get_path_pull: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + actd:bool -> + Lemma (requires True) + (ensures S.equal (mt_get_path_ lv hs rhs i j k p actd) + (S.append p (mt_get_path_ lv hs rhs i j k S.empty actd))) + (decreases (32 - lv)) +let rec mt_get_path_pull #hsz lv hs rhs i j k p actd = + let ofs = offset_of i in + if j = 0 then () + else + (let np = mt_make_path_step lv hs rhs i j k p actd in + let nactd = if j % 2 = 0 then actd else true in + mt_get_path_pull (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) np nactd; + mt_get_path_pull (lv + 1) hs rhs (i / 2) (j / 2) (k / 2) + (mt_make_path_step lv hs rhs i j k S.empty actd) nactd) + +#pop-options + +val mt_get_path_slice: + #hsz:pos -> + lv:nat{lv <= 32} -> + hs:hashess #hsz {S.length hs = 32} -> + rhs:hashes #hsz {S.length rhs = 32} -> + i:nat -> + j:nat{ + i <= j /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs i j} -> + k:nat{i <= k && k <= j} -> + p:path #hsz -> + actd:bool -> + Lemma (requires True) + (ensures S.equal (S.slice (mt_get_path_ lv hs rhs i j k p actd) + (S.length p) (S.length p + mt_path_length k j actd)) + (mt_get_path_ lv hs rhs i j k S.empty actd)) + (decreases (32 - lv)) +let mt_get_path_slice #hsz lv hs rhs i j k p actd = + mt_get_path_pull lv hs rhs i j k p actd + +val mt_get_path: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + idx:nat{MT?.i mt <= idx /\ idx < MT?.j mt} -> + drt:hash #hsz -> + GTot (nat * + (np:path #hsz {S.length np = 1 + mt_path_length idx (MT?.j mt) false}) * + hash #hsz) +let mt_get_path #hsz mt idx drt = + let (umt, root) = mt_get_root mt drt in + let ofs = offset_of (MT?.i umt) in + let np = path_insert S.empty (S.index (S.index (MT?.hs umt) 0) (idx - ofs)) in + MT?.j umt, + mt_get_path_ 0 (MT?.hs umt) (MT?.rhs umt) + (MT?.i umt) (MT?.j umt) idx np false, + root + +/// Flushing + +val mt_flush_to_: + #hsz:pos -> + lv:nat{lv < 32} -> + hs:hashess #hsz {S.length hs = 32} -> + pi:nat -> + i:nat{i >= pi} -> + j:nat{ + j >= i /\ j < pow2 (32 - lv) /\ + hs_wf_elts #hsz lv hs pi j} -> + GTot (fhs:hashess{ + S.length fhs = 32 /\ + S.equal (S.slice hs 0 lv) (S.slice fhs 0 lv) /\ + hs_wf_elts #hsz lv fhs i j}) + (decreases i) +let rec mt_flush_to_ #hsz lv hs pi i j = + let oi = offset_of i in + let opi = offset_of pi in + if oi = opi then hs + else (let ofs = oi - opi in + let hvec = S.index hs lv in + let flushed = S.slice hvec ofs (S.length hvec) in + let nhs = S.upd hs lv flushed in + hs_wf_elts_equal (lv + 1) hs nhs (pi / 2) (j / 2); + mt_flush_to_ (lv + 1) nhs (pi / 2) (i / 2) (j / 2)) + +val mt_flush_to_rec: + #hsz:pos -> + lv:nat{lv < 32} -> + hs:hashess #hsz {S.length hs = 32} -> + pi:nat -> + i:nat{i >= pi} -> + j:nat{ + j >= i /\ j < pow2 (32 - lv) /\ + hs_wf_elts lv hs pi j} -> + Lemma (requires offset_of i <> offset_of pi) + (ensures mt_flush_to_ lv hs pi i j == + (let ofs = offset_of i - offset_of pi in + let hvec = S.index hs lv in + let flushed = S.slice hvec ofs (S.length hvec) in + let nhs = S.upd hs lv flushed in + hs_wf_elts_equal (lv + 1) hs nhs (pi / 2) (j / 2); + mt_flush_to_ #hsz (lv + 1) nhs (pi / 2) (i / 2) (j / 2))) +let mt_flush_to_rec #hsz lv hs pi i j = () + +val mt_flush_to: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + idx:nat{idx >= MT?.i mt /\ idx < MT?.j mt} -> + GTot (fmt:merkle_tree{mt_wf_elts #hsz fmt}) +let mt_flush_to #hsz mt idx = + let fhs = mt_flush_to_ #hsz 0 (MT?.hs mt) (MT?.i mt) idx (MT?.j mt) in + MT idx (MT?.j mt) fhs (MT?.rhs_ok mt) (MT?.rhs mt) (MT?.mroot mt) (MT?.hash_fun mt) + +val mt_flush: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt /\ MT?.j mt > MT?.i mt} -> + GTot (fmt:merkle_tree{mt_wf_elts #hsz fmt}) +let mt_flush #hsz mt = + mt_flush_to mt (MT?.j mt - 1) + +#push-options "--max_fuel 2" + +/// Retraction + +val mt_retract_to_: + #hsz:pos -> + hs:hashess #hsz {S.length hs = 32} -> + lv:nat{lv < S.length hs} -> + i:nat -> + s:nat -> // s is the first index excluded from nhs + j:nat{ i <= s /\ s <= j /\ + j < pow2 (S.length hs - lv) /\ + hs_wf_elts lv hs i j} -> + GTot (nhs:hashess #hsz { + S.length nhs = S.length hs /\ + S.equal (S.slice hs 0 lv) (S.slice nhs 0 lv) /\ + hs_wf_elts #hsz lv nhs i s}) + (decreases (S.length hs - lv)) +let rec mt_retract_to_ #hsz hs lv i s j = + if lv >= S.length hs then hs + else begin + let hvec = S.index hs lv in + let old_len = j - offset_of i in + let new_len = s - offset_of i in + assert (S.length hvec = old_len); + assert (new_len <= old_len); + assert (new_len <= S.length hvec); + let retracted = S.slice hvec 0 new_len in + let nhs = S.upd hs lv retracted in + if lv >= S.length hs - 1 then nhs else + begin + hs_wf_elts_equal (lv + 1) hs nhs (i / 2) (j / 2); + mt_retract_to_ nhs (lv + 1) (i / 2) (s / 2) (j / 2) + end + end + +#pop-options + +val mt_retract_to: + #hsz:pos -> + mt:merkle_tree #hsz {mt_wf_elts mt} -> + r:nat{MT?.i mt <= r /\ r < MT?.j mt} -> + GTot (rmt:merkle_tree #hsz {mt_wf_elts rmt /\ MT?.i rmt = MT?.i mt /\ MT?.j rmt = r + 1}) +let mt_retract_to #hsz mt r = + let nhs = mt_retract_to_ (MT?.hs mt) 0 (MT?.i mt) (r+1) (MT?.j mt) in + MT (MT?.i mt) (r+1) nhs false (MT?.rhs mt) (MT?.mroot mt) (MT?.hash_fun mt) + + +/// Verification + +val mt_verify_: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + k:nat -> + j:nat{k <= j} -> + p:path #hsz -> + ppos:nat -> + acc:hash #hsz -> + actd:bool{ppos + mt_path_length k j actd <= S.length p} -> + GTot (hash #hsz) +let rec mt_verify_ #hsz #f k j p ppos acc actd = + if j = 0 then acc + else (let nactd = actd || (j % 2 = 1) in + if k % 2 = 0 + then (if j = k || (j = k + 1 && not actd) + then mt_verify_ #_ #f (k / 2) (j / 2) p ppos acc nactd + else (let nacc = f acc (S.index p ppos) in + mt_verify_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd)) + else (let nacc = f (S.index p ppos) acc in + mt_verify_ #_ #f (k / 2) (j / 2) p (ppos + 1) nacc nactd)) + +val mt_verify: + #hsz:pos -> #f:MTS.hash_fun_t #hsz -> + k:nat -> + j:nat{k < j} -> + p:path #hsz {S.length p = 1 + mt_path_length k j false} -> + rt:hash #hsz -> + GTot prop +let mt_verify #_ #f k j p rt = + let crt = mt_verify_ #_ #f k j p 1 (S.index p 0) false in + crt == rt diff --git a/src/MerkleTree.Spec.fst b/src/MerkleTree.Spec.fst new file mode 100644 index 0000000..c83f151 --- /dev/null +++ b/src/MerkleTree.Spec.fst @@ -0,0 +1,516 @@ +module MerkleTree.Spec + +open FStar.Classical +open FStar.Mul +open FStar.Seq + +module S = FStar.Seq + +#set-options "--max_fuel 0 --max_ifuel 0 --z3rlimit 10" + +// For SHA2_256, this is is a sequence of 32 bytes +// These are secret bytes, hence not an eqtype +type hash (#hsz:pos) = b:Spec.Hash.Definitions.bytes { Seq.length b = hsz } + +type hash_fun_t (#hsz:pos) = hash #hsz -> hash #hsz -> GTot (hash #hsz) + +val sha256_compress: hash_fun_t #32 +let sha256_compress src1 src2 = + let sz = Spec.Hash.Definitions.SHA2_256 in + let hash_alg = Spec.Hash.Definitions.SHA2_256 in + let acc = Spec.Agile.Hash.init hash_alg in + let acc = Spec.Agile.Hash.update hash_alg acc (S.append src1 src2) in + Spec.Hash.PadFinish.finish hash_alg acc + +/// For simplicity, we will specify the root for a sequence of [i] +/// tags where [i <= 2^n] as the root of a full binary tree with [2^n] +/// leaves obtained by padding the sequence with dummies. This +/// requires extending the definitions of hashes and hash functions. Our +/// extended definition of hash justifies skipping any concrete +/// computation on dummies. +noeq +type padded_hash #hsz = +| HRaw: hr:hash #hsz -> padded_hash #hsz +| HPad // right padding to make the size of a Merkle tree a power of 2 + +val padded_hash_fun: (#hsz:pos) -> (f:hash_fun_t #hsz) -> (lh:padded_hash #hsz) -> (rh:padded_hash #hsz) -> GTot (padded_hash #hsz) +let padded_hash_fun #hsz f lh rh = + allow_inversion (padded_hash #hsz); + match lh, rh with + | HPad , _ -> HPad + | _ , HPad -> lh + | HRaw lhr, HRaw rhr -> HRaw (f lhr rhr) + +noextract +val hashes (#hsz:pos): Type0 +let hashes #hsz = S.seq (padded_hash #hsz) + +type merkle_tree (#hsz:pos) n = hs:hashes #hsz {S.length hs = pow2 n} + +val mt_get: #hsz:pos -> #n:nat -> mt:merkle_tree #hsz n -> idx:nat{idx < pow2 n} -> GTot (padded_hash #hsz) +let mt_get #_ #_ mt idx = S.index mt idx + +unfold let op_String_Access (#hsz:pos) = S.index #(padded_hash #hsz) + +#push-options "--max_fuel 1" + +val mt_left: #hsz:pos -> #n:pos -> mt:merkle_tree #hsz n -> merkle_tree #hsz (n-1) +let mt_left #_ #n mt = S.slice mt 0 (pow2 (n-1)) + +val mt_right: #hsz:pos -> #n:pos -> mt:merkle_tree #hsz n -> merkle_tree #hsz (n-1) +let mt_right #_ #n mt = S.slice mt (pow2 (n-1)) (pow2 n) + +val mt_left_right: #hsz:pos -> #n:pos -> mt:merkle_tree #hsz n -> + Lemma (S.equal mt (mt_left mt @| mt_right mt)) +let mt_left_right #_ #_ mt = () + +val hs_next_lv: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> hs:hashes #hsz {S.length hs = 2 * n} -> GTot (nhs:hashes #hsz {S.length nhs = n}) +let rec hs_next_lv #hsz #f #n hs = + if n = 0 then S.empty + else S.cons + (padded_hash_fun #hsz f hs.[0] hs.[1]) + (hs_next_lv #hsz #f #(n-1) (S.slice hs 2 (S.length hs))) + +val hs_next_lv_index: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> hs:hashes{S.length hs = 2 * n} -> i:nat{i < n} -> + Lemma ((hs_next_lv #hsz #f #n hs).[i] == padded_hash_fun #hsz f hs.[2 * i] hs.[2 * i + 1]) +let rec hs_next_lv_index #hsz #f #n hs i = + if n = 0 || i = 0 then () + else hs_next_lv_index #hsz #f #(n - 1) (S.slice hs 2 (S.length hs)) (i - 1) + +val hs_next_lv_slice: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> + hs:hashes{S.length hs = 2 * n} -> i:nat -> j:nat{i <= j && j <= n} -> + Lemma (requires True) + (ensures S.equal (hs_next_lv #hsz #f #(j - i) (S.slice hs (2 * i) (2 * j))) + (S.slice (hs_next_lv #hsz #f #n hs) i j)) + (decreases (j - i)) +let rec hs_next_lv_slice #hsz #f #n hs i j = + if i = j then () + else begin + let x = S.slice hs (2 * i) (2 * j) in + assert (S.equal (hs_next_lv #hsz #f #(j - i) x) + (S.cons (padded_hash_fun #hsz f x.[0] x.[1]) + (hs_next_lv #hsz #f #(j - i - 1) (S.slice x 2 (S.length x))))); + hs_next_lv_slice #hsz #f #n hs (i + 1) j; + hs_next_lv_index #hsz #f #n hs i + end + +val mt_next_lv: #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> mt:merkle_tree #hsz n -> GTot (merkle_tree #hsz (n-1)) +let mt_next_lv #_ #f #n mt = hs_next_lv #_ #f #(pow2 (n-1)) mt + +val mt_next_lv_mt_left: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat{1 < n} -> mt:merkle_tree #hsz n -> + Lemma (S.equal (mt_next_lv #_ #f #_ (mt_left mt)) (mt_left (mt_next_lv #_ #f #_ mt))) +let mt_next_lv_mt_left #hsz #f #n mt = + hs_next_lv_slice #_ #f #(pow2 (n-1)) mt 0 (pow2 (n-2)) + +val mt_next_lv_mt_right: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat{1 < n} -> mt:merkle_tree #hsz n -> + Lemma (S.equal (mt_next_lv #_ #f #_ (mt_right mt)) (mt_right (mt_next_lv #_ #f #_ mt))) +let mt_next_lv_mt_right #hsz #f #n mt = + hs_next_lv_slice #hsz #f #(pow2 (n-1)) mt (pow2 (n-2)) (pow2 (n-1)) + +val hs_next_lv_equiv: + #hsz:pos -> #f:hash_fun_t #hsz -> + j:nat -> n:pos{j <= 2 * n} -> + hs1:hashes{S.length hs1 = 2 * n} -> + hs2:hashes{S.length hs2 = 2 * n} -> + Lemma (requires S.equal (S.slice hs1 0 j) (S.slice hs2 0 j)) + (ensures S.equal (S.slice (hs_next_lv #hsz #f #n hs1) 0 (j / 2)) + (S.slice (hs_next_lv #hsz #f #n hs2) 0 (j / 2))) +let hs_next_lv_equiv #hsz #f j n hs1 hs2 = + forall_intro (hs_next_lv_index #_ #f #n hs1); + forall_intro (hs_next_lv_index #_ #f #n hs2); + let hs1' = hs_next_lv #_ #f #n hs1 in + let hs2' = hs_next_lv #_ #f #n hs2 in + assert (forall (i:nat{i < j / 2}). hs1'.[i] == padded_hash_fun #hsz f hs1.[2 * i] hs1.[2 * i + 1]); + assert (forall (i:nat{i < j / 2}). hs2'.[i] == padded_hash_fun #hsz f hs2.[2 * i] hs2.[2 * i + 1]); + assert (forall (i:nat{i < j}). (S.slice hs1 0 j).[i] == (S.slice hs2 0 j).[i]); + assert (forall (i:nat{i < j}). hs1.[i] == hs2.[i]); + assert (forall (i:nat{i < j / 2}). hs1.[2 * i] == hs2.[2 * i]); + assert (forall (i:nat{i < j / 2}). hs1.[2 * i + 1] == hs2.[2 * i + 1]); + assert (forall (i:nat{i < j / 2}). hs1'.[i] == hs2'.[i]) + +val mt_next_lv_equiv: + #hsz:pos -> #f:hash_fun_t #hsz -> + j:nat -> n:pos{j <= pow2 n} -> + mt1:merkle_tree #hsz n -> mt2:merkle_tree #hsz n -> + Lemma (requires S.equal (S.slice mt1 0 j) (S.slice mt2 0 j)) + (ensures S.equal (S.slice (mt_next_lv #_ #f #_ mt1) 0 (j / 2)) + (S.slice (mt_next_lv #_ #f #_ mt2) 0 (j / 2))) +let mt_next_lv_equiv #hsz #f j n mt1 mt2 = + hs_next_lv_equiv #_ #f j (pow2 (n-1)) mt1 mt2 + +val hs_next_rel: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:nat -> + hs:hashes #hsz {S.length hs = 2 * n} -> + nhs:hashes #hsz {S.length nhs = n} -> + GTot Type0 +let hs_next_rel #hsz #f n hs nhs = + forall (i:nat{i < n}). + S.index nhs i == + padded_hash_fun #hsz f (S.index hs (2 * i)) (S.index hs (2 * i + 1)) + +val mt_next_rel: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:pos -> + mt:merkle_tree #hsz n -> + nmt:merkle_tree #hsz (n - 1) -> + GTot Type0 +let mt_next_rel #hsz #f n mt nmt = + hs_next_rel #hsz #f (pow2 (n-1)) mt nmt + +val hs_next_rel_next_lv: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:nat -> + hs:hashes{S.length hs = 2 * n} -> + nhs:hashes{S.length nhs = n} -> + Lemma (requires hs_next_rel #_ #f n hs nhs) + (ensures S.equal nhs (hs_next_lv #_ #f #n hs)) +let rec hs_next_rel_next_lv #hsz #f n hs nhs = + if n = 0 then () + else hs_next_rel_next_lv #_ #f (n - 1) + (S.slice hs 2 (S.length hs)) + (S.slice nhs 1 (S.length nhs)) + +val mt_next_rel_next_lv: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:pos -> + mt:merkle_tree #hsz n -> + nmt:merkle_tree (n - 1) -> + Lemma (requires mt_next_rel #_ #f n mt nmt) + (ensures S.equal nmt (mt_next_lv #_ #f mt)) +let mt_next_rel_next_lv #hsz #f n mt nmt = + hs_next_rel_next_lv #_ #f (pow2 (n-1)) mt nmt + +val mt_next_rel_upd_even: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:pos -> + mt:merkle_tree #hsz n -> + nmt:merkle_tree (n - 1) -> + i:nat{i < pow2 (n-1)} -> + v:padded_hash -> + Lemma (requires mt_next_rel #_ #f n mt nmt) + (ensures mt_next_rel #_ #f n + (S.upd mt (2 * i) v) + (S.upd nmt i (padded_hash_fun #hsz f v (S.index mt (2 * i + 1))))) +let mt_next_rel_upd_even #hsz #f n mt nmt i v = () + +#push-options "--z3rlimit 10 --initial_fuel 1 --max_fuel 1 --initial_ifuel 1 --max_ifuel 1" +val mt_next_rel_upd_even_pad: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:pos -> + mt:merkle_tree #hsz n -> + nmt:merkle_tree #hsz (n - 1) -> + i:nat{i < pow2 (n-1)} -> + v:padded_hash #hsz -> + Lemma (requires (mt_next_rel #_ #f n mt nmt) /\ (S.index mt (2 * i + 1) == HPad)) + (ensures (mt_next_rel #_ #f n (S.upd mt (2 * i) v) (S.upd nmt i v))) +let mt_next_rel_upd_even_pad #hsz #f n mt nmt i v = () +#pop-options + +val mt_next_rel_upd_odd: + #hsz:pos -> #f:hash_fun_t #hsz -> + n:pos -> + mt:merkle_tree #hsz n -> + nmt:merkle_tree (n - 1) -> + i:nat{i < pow2 (n-1)} -> + v:padded_hash -> + Lemma (requires mt_next_rel #_ #f n mt nmt) + (ensures mt_next_rel #_ #f n + (S.upd mt (2 * i + 1) v) + (S.upd nmt i (padded_hash_fun #_ f (S.index mt (2 * i)) v))) +let mt_next_rel_upd_odd #hsz #f n mt nmt i v = () + +// fournet: just [root]? +val mt_get_root: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> mt:merkle_tree #hsz n -> GTot (padded_hash #hsz) +let rec mt_get_root #hsz #f #n mt = + if n = 0 then mt.[0] + else mt_get_root #_ #f (mt_next_lv #_ #f mt) + +#push-options "--initial_fuel 2 --max_fuel 2" + +val mt_get_root_step: #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> mt:merkle_tree #hsz n -> + Lemma (mt_get_root #_ #f mt == + padded_hash_fun #_ f (mt_get_root #_ #f (mt_left mt)) (mt_get_root #_ #f (mt_right mt))) +let rec mt_get_root_step #hsz #f #n mt = + if n = 1 then () + else begin + mt_get_root_step #_ #f (mt_next_lv #_ #f mt); + mt_next_lv_mt_left #_ #f mt; + mt_next_lv_mt_right #_ #f mt + end + +#pop-options + +type path #hsz n = S.lseq (padded_hash #hsz) n + +/// We first specify full paths, including padding. + +val mt_get_path: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> + mt:merkle_tree #hsz n -> i:nat{i < pow2 n} -> GTot (path #hsz n) +let rec mt_get_path #hsz #f #n t i = + if n = 0 then S.empty + else S.cons + (if i % 2 = 0 then t.[i + 1] else t.[i - 1]) + (mt_get_path #_ #f (mt_next_lv #_ #f t) (i / 2)) + +val mt_verify_: + #hsz:pos -> #f:hash_fun_t #hsz ->#n:nat -> + p:path #hsz n -> idx:nat{idx < pow2 n} -> padded_hash #hsz -> GTot (padded_hash #hsz) +let rec mt_verify_ #hsz #f #n p idx h = + if n = 0 then h + else mt_verify_ #_ #f #(n-1) (S.tail p) (idx / 2) + (if idx % 2 = 0 + then padded_hash_fun #_ f h (S.head p) + else padded_hash_fun #_ f (S.head p) h) + +val mt_verify: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> + p:(path #hsz n) -> idx:nat{idx < pow2 n} -> padded_hash #hsz -> padded_hash #hsz -> GTot prop +let mt_verify #hsz #f #n p idx h rt = + rt == mt_verify_ #_ #f p idx h + + +/// Correctness: the root of a tree is correctly recomputed from any of its paths + +val hs_next_lv_get: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> + hs:hashes{S.length hs = 2 * n} -> idx:nat{idx < 2 * n} -> + Lemma ((hs_next_lv #_ #f #n hs).[idx / 2] == + (if idx % 2 = 0 + then padded_hash_fun #_ f hs.[idx] hs.[idx + 1] + else padded_hash_fun #_ f hs.[idx - 1] hs.[idx])) +let rec hs_next_lv_get #hsz #f #n hs idx = + if idx < 2 then () + else hs_next_lv_get #_ #f #(n-1) (S.slice hs 2 (S.length hs)) (idx - 2) + +val mt_next_lv_get: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> + mt:merkle_tree #hsz n -> idx:nat{idx < pow2 n} -> + Lemma ( + (mt_next_lv #_ #f mt).[idx / 2] == + (if idx % 2 = 0 + then padded_hash_fun #_ f mt.[idx] mt.[idx + 1] + else padded_hash_fun #_ f mt.[idx - 1] mt.[idx])) +let mt_next_lv_get #hsz #f #n mt idx = + hs_next_lv_get #_ #f #(pow2 (n-1)) mt idx + +val mt_get_path_ok_: + #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> + t:merkle_tree #hsz n -> i:nat{i < pow2 n} -> + Lemma (mt_verify_ #_ #f (mt_get_path #_ #f t i) i (mt_get t i) == mt_get_root #_ #f t) +let rec mt_get_path_ok_ #hsz #f #n mt idx = + if n = 0 then () + else begin + assert (S.head (mt_get_path #_ #f mt idx) == + (if idx % 2 = 0 then mt.[idx + 1] else mt.[idx - 1])); + assert (S.equal (S.tail (mt_get_path #_ #f mt idx)) + (mt_get_path #_ #f (mt_next_lv #_ #f mt) (idx / 2))); + mt_get_path_ok_ #_ #f (mt_next_lv #_ #f mt) (idx / 2); + mt_next_lv_get #_ #f mt idx + end + + +/// Security: we reduce tree collisions to collisions on the hash +/// compression function. Such collisions yield collisions on the SHA2 +/// standard (by adding the same length and padding to the +/// accumulators). +/// +/// One complication addressed in the proof is the handling of +/// implicit padding. + +/// All hashes in a sequence are raw hashes, not padding +val raw_hashes: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes #hsz -> Tot Type0 (decreases (S.length hs)) +let rec raw_hashes #hsz #f hs = + if S.length hs = 0 then True + else (HRaw? (S.head hs) /\ raw_hashes #_ #f (S.tail hs)) + +val raw_hashes_raws: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes{raw_hashes #hsz #f hs} -> + Tot (S.seq (hash #hsz)) (decreases (S.length hs)) +let rec raw_hashes_raws #hsz #f hs = + if S.length hs = 0 then S.empty + else S.cons (HRaw?.hr (S.head hs)) (raw_hashes_raws #_ #f (S.tail hs)) + +val raw_hashes_index: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes -> i:nat{i < S.length hs} -> + Lemma (requires raw_hashes #_ #f hs) + (ensures HRaw? #hsz hs.[i]) + (decreases i) +let rec raw_hashes_index #hsz #f hs i = + if i = 0 then () + else raw_hashes_index #_ #f (S.tail hs) (i - 1) + +val raw_hashes_slice: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes -> i:nat -> j:nat{i <= j && j <= S.length hs} -> + Lemma (requires raw_hashes #_ #f hs) + (ensures raw_hashes #_ #f (S.slice hs i j)) + (decreases (j - i)) +let rec raw_hashes_slice #hsz #f hs i j = + if i = j then () + else ( + raw_hashes_index #_ #f hs i; + raw_hashes_slice #_ #f hs (i + 1) j) + +/// All hashes in a sequence are just padding +val pad_hashes: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes #hsz -> Type0 +let pad_hashes #hsz #f hs = + S.equal hs (S.create (S.length hs) HPad) + +val pad_hashes_slice: + #hsz:pos -> #f:hash_fun_t #hsz -> + hs:hashes -> i:nat -> j:nat{i <= j && j <= S.length hs} -> + Lemma (requires pad_hashes #_ #f hs) + (ensures pad_hashes #_ #f (S.slice hs i j)) + (decreases (j - i)) +let rec pad_hashes_slice #hsz #f hs i j = + if i = j then () + else pad_hashes_slice #_ #f hs (i + 1) j + +/// Right-padded Merkle tree, a tree refinement + +let rpmt (#hsz:pos) (#f:hash_fun_t) (n:nat) (i:nat{i <= pow2 n}) = + mt:merkle_tree #hsz n { + raw_hashes #_ #f (S.slice mt 0 i) /\ + pad_hashes #_ #f (S.slice mt i (S.length mt)) } + +val rpmt_raws: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> #i:nat{i <= pow2 n} -> mt:rpmt #hsz #f n i -> S.seq (hash #hsz) +let rpmt_raws #hsz #f #n #i mt = raw_hashes_raws #_ #f (S.slice mt 0 i) + +val rpmt_i_0: #hsz:pos -> #f:hash_fun_t #hsz -> #n:nat -> mt:rpmt #hsz #f n 0 -> + Lemma (S.equal mt (S.create (pow2 n) (HPad #hsz))) +let rpmt_i_0 #hsz #f #n mt = () + +val rpmt_left: #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> #i:nat{i <= pow2 n} -> rpmt #hsz #f n i -> + rpmt #hsz #f (n-1) (if i <= pow2 (n-1) then i else pow2 (n-1)) +let rpmt_left #hsz #f #n #i mt = + if i <= pow2 (n-1) + then pad_hashes_slice #_ #f (S.slice mt i (S.length mt)) 0 (pow2 (n-1) - i) + else raw_hashes_slice #_ #f (S.slice mt 0 i) 0 (pow2 (n-1)); + mt_left mt + +#push-options "--z3rlimit 40" + +val rpmt_right: #hsz:pos -> #f:hash_fun_t #hsz -> #n:pos -> #i:nat{i <= pow2 n} -> rpmt #hsz #f n i -> + rpmt #_ #f (n-1) (if i <= pow2 (n-1) then 0 else i - pow2 (n-1)) +let rpmt_right #hsz #f #n #i mt = + if i <= pow2 (n-1) + then pad_hashes_slice #_ #f (S.slice mt i (S.length mt)) (pow2 (n-1) - i) (pow2 n - i) + else raw_hashes_slice #_ #f (S.slice mt 0 i) (pow2 (n-1)) i; + mt_right mt + +/// Two right-padded Merkle trees collide when +/// 1) they have the same height (`n`) and number of raw hashes (`i`), +/// 2) their contents differ, and +/// 3) their roots are same. + +// fournet: we may want to work towards removing 1) using a hash prefix +noeq +type mt_collide (#hsz:pos) (#f:hash_fun_t #hsz) (n:nat) (i:nat{i <= pow2 n}) = | Collision: + mt1:rpmt #_ #f n i -> mt2:rpmt #_ #f n i { + mt1 =!= mt2 /\ + mt_get_root #_ #f #_ mt1 == mt_get_root #_ #f #_ mt2 } -> mt_collide #_ #f n i + +noeq +type hash2_raw_collide = | Collision2: + #hsz:pos -> #f:hash_fun_t #hsz -> + lh1:hash -> rh1:hash -> + lh2:hash -> rh2:hash { + (lh1 =!= lh2 \/ rh1 =!= rh2) /\ + f lh1 rh1 == f lh2 rh2 } -> hash2_raw_collide + +/// Auxiliary lemmas for the proof + +val rpmt_pad_hashes_0: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> mt:rpmt #_ #f n i -> + Lemma (i = 0 <==> pad_hashes #_ #f mt ) +let rpmt_pad_hashes_0 #_ #_ #n #i mt = () + +val rpmt_pad_hashes_index_0: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> + mt:rpmt #_ #f n i -> + Lemma (pad_hashes #_ #f mt <==> HPad? mt.[0]) +let rpmt_pad_hashes_index_0 #_ #_ #n #i mt = () + +val mt_get_root_pad_index_0: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> mt:merkle_tree #hsz n -> + Lemma (HPad? mt.[0] <==> HPad? (mt_get_root #_ #f mt)) +let rec mt_get_root_pad_index_0 #hsz #f #n (mt:merkle_tree #hsz n) = + if n = 0 then () + else + let mt:merkle_tree #hsz (n-1) = mt_next_lv #_ #f #n mt in + mt_get_root_pad_index_0 #_ #f #(n-1) mt + +#pop-options + +val rpmt_get_root_pad_hashes: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> mt:rpmt #_ #f n i -> + Lemma (pad_hashes #_ #f mt <==> HPad? (mt_get_root #_ #f mt)) +let rpmt_get_root_pad_hashes #_ #f #n #i mt = + rpmt_pad_hashes_index_0 #_ #f mt; + mt_get_root_pad_index_0 #_ #f mt + +val rpmt_get_root_pad: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> mt:rpmt #_ #f n i -> + Lemma (i = 0 <==> HPad? (mt_get_root #_ #f mt)) +let rpmt_get_root_pad #_ #f #n #i mt = + rpmt_get_root_pad_hashes #_ #f mt; + rpmt_pad_hashes_0 #_ #f mt + +val rpmt_get_root_raw: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> mt:rpmt #_ #f n i -> + Lemma (i > 0 <==> HRaw? (mt_get_root #_ #f mt)) +let rpmt_get_root_raw #hsz #f #n #i mt = + allow_inversion (padded_hash #hsz); + rpmt_get_root_pad #_ #f mt + +#push-options "--z3rlimit 100" + +val extract: + #hsz:pos -> #f:hash_fun_t #hsz -> + #n:nat -> #i:nat{i <= pow2 n} -> mt_collide #_ #f n i -> GTot hash2_raw_collide +let rec extract #hsz #f #n #i (Collision t1 t2) = + assert(n = 0 ==> S.equal t1 t2); // excludes n = 0 + mt_left_right t1; mt_left_right t2; + mt_get_root_step #_ #f t1; + mt_get_root_step #_ #f t2; + rpmt_get_root_pad t1; + assert(i <> 0); + let l1 = rpmt_left t1 in + let l2 = rpmt_left t2 in + let r1 = rpmt_right t1 in + let r2 = rpmt_right t2 in + if i <= pow2 (n-1) + then ( + rpmt_get_root_pad r1; rpmt_get_root_pad r2; + rpmt_i_0 #_ #f r1; rpmt_i_0 #_ #f r2; + extract (Collision l1 l2)) + else ( + rpmt_get_root_raw l1; rpmt_get_root_raw l2; + rpmt_get_root_raw r1; rpmt_get_root_raw r2; + let HRaw lh1 = mt_get_root #_ #f l1 in + let HRaw lh2 = mt_get_root #_ #f l2 in + let HRaw rh1 = mt_get_root #_ #f r1 in + let HRaw rh2 = mt_get_root #_ #f r2 in + if StrongExcludedMiddle.strong_excluded_middle (lh1 =!= lh2) || + StrongExcludedMiddle.strong_excluded_middle (rh1 =!= rh2) + then Collision2 #_ #f lh1 rh1 lh2 rh2 + else if StrongExcludedMiddle.strong_excluded_middle (l1 == l2) + then extract (Collision r1 r2) + else extract (Collision l1 l2)) diff --git a/src/MerkleTree.fsti b/src/MerkleTree.fsti new file mode 100644 index 0000000..4749434 --- /dev/null +++ b/src/MerkleTree.fsti @@ -0,0 +1,353 @@ +module MerkleTree + +module HS = FStar.HyperStack +module HST = FStar.HyperStack.ST +module HH = FStar.Monotonic.HyperHeap + +module B = LowStar.Buffer +module CB = LowStar.ConstBuffer + +module U32 = FStar.UInt32 +module U64 = FStar.UInt64 + +module MTS = MerkleTree.Spec +module MTNL = MerkleTree.Low +module MTNLHF = MerkleTree.Low.Hashfunctions +module MTNLE = MerkleTree.EverCrypt +module MTNLD = MerkleTree.Low.Datastructures +module MTNLS = MerkleTree.Low.Serialization + + +let hash_size_t = MTNLD.hash_size_t +let offset_t = MTNL.offset_t +let index_t = MTNL.index_t +let hash #hash_size = MTNLD.hash #hash_size + +type path = MTNL.path +type path_p = B.pointer path +type const_path_p = MTNL.const_pointer path + +let merkle_tree = MTNL.merkle_tree +let mt_p = MTNL.mt_p +let const_mt_p = MTNL.const_mt_p + +inline_for_extraction noextract +let pf = fun _ -> False +inline_for_extraction noextract +let pt = fun _ _ _ -> True + +[@ (Comment " Constructor for hashes") "c_inline"] +let mt_init_hash (hash_size:hash_size_t) (r:HST.erid): HST.ST (hash #hash_size) pf pt = MTNLHF.init_hash hash_size r + +[@ (Comment " Destructor for hashes") "c_inline"] +let mt_free_hash (#hash_size:Ghost.erased hash_size_t) (h:hash #hash_size): HST.ST unit pf pt = MTNLHF.free_hash h + + +[@ (Comment " Constructor for paths") "c_inline"] +let mt_init_path (hash_size:hash_size_t) (mtr:HH.rid) (r:HST.erid): HST.ST path_p pf pt = MTNL.init_path hash_size mtr r + +[@ (Comment " Destructor for paths") "c_inline"] +let mt_free_path (path:path_p): HST.ST unit pf pt = MTNL.free_path path + +[@ (Comment " Length of a path + + @param[in] p Path + + return The length of the path") "c_inline"] +let mt_get_path_length (mtr:HH.rid) (path:const_path_p): HST.ST U32.t pf pt = MTNL.mt_get_path_length mtr path + +[@ (Comment " Insert hash into path + + @param[in] p Path + @param[in] hash Hash to insert") "c_inline"] +let mt_path_insert + (#h:HS.mem) + (#mtr:HH.rid) + (path:path_p) + (hash:hash #(MTNL.Path?.hash_size (B.get h path 0))) +: HST.ST unit pf pt += let hash_size = MTNL.Path?.hash_size (B.index path 0ul) in + MTNL.mt_path_insert #hash_size mtr path hash + +inline_for_extraction +let path_hash_size (#h:HS.mem) (path:path_p) = MTNL.Path?.hash_size (B.get h path 0) +inline_for_extraction +let const_path_hash_size (#h:HS.mem) (path:const_path_p) = path_hash_size #h (CB.cast path) +inline_for_extraction +let tree_hash_size (#h:HS.mem) (mt:mt_p) = MTNL.MT?.hash_size (B.get h mt 0) +inline_for_extraction +let const_tree_hash_size (#h:HS.mem) (mt:const_mt_p) = tree_hash_size #h (CB.cast mt) + +[@ (Comment " Get step on a path + + @param[in] p Path + @param[in] i Path step index + + return The hash at step i of p") "c_inline"] +let mt_get_path_step + (#h:HS.mem) + (#mtr:HH.rid) + (path:const_path_p) + (i:U32.t) +: HST.ST (hash #(const_path_hash_size #h path)) pf pt += let hash_size = MTNL.Path?.hash_size (B.index (CB.cast path) 0ul) in + MTNL.mt_get_path_step #hash_size mtr path i + +[@ (Comment " Precondition predicate for mt_get_path_step") "c_inline"] +let mt_get_path_step_pre + (#h:HS.mem) + (mtr:HH.rid) + (path:const_path_p) + (i:U32.t) +: HST.ST bool pf pt += let hash_size = MTNL.Path?.hash_size (B.index (CB.cast path) 0ul) in + MTNL.mt_get_path_step_pre #hash_size mtr path i + + +[@ (Comment " Construction with custom hash functions + + @param[in] hash_size Hash size (in bytes) + @param[in] i The initial hash + + return The new Merkle tree") "c_inline"] +let mt_create_custom + (hash_size:hash_size_t) + (hash_spec:Ghost.erased (MTS.hash_fun_t #(U32.v hash_size))) + (r:HST.erid) + (i:hash #hash_size) + (hash_fun:MTNLHF.hash_fun_t #hash_size #hash_spec) +: HST.ST mt_p pf pt += MTNL.mt_create_custom hash_size hash_spec r i hash_fun + + +[@ (Comment " Destruction + + @param[in] mt The Merkle tree") "c_inline"] +let mt_free (mt:mt_p): HST.ST unit pf pt = MTNL.mt_free mt + + +[@ (Comment " Insertion + + @param[in] mt The Merkle tree + @param[in] v The tree does not take ownership of the hash, it makes a copy of its content. + + Note: The content of the hash will be overwritten with an arbitrary value.") "c_inline"] +let mt_insert + (#h:HS.mem) + (mt:mt_p) + (v:hash #(tree_hash_size #h mt)) +: HST.ST unit pf pt += let hash_size = MTNL.MT?.hash_size (B.index mt 0ul) in + MTNL.mt_insert hash_size mt v + +[@ (Comment " Precondition predicate for mt_insert") "c_inline"] +let mt_insert_pre + (#h:HS.mem) + (mt:const_mt_p) + (v:hash #(const_tree_hash_size #h mt)) +: HST.ST bool pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_insert_pre #hash_size mt v + + +[@ (Comment " Getting the Merkle root + + @param[in] mt The Merkle tree + @param[out] root The Merkle root") "c_inline"] +let mt_get_root + (#h:HS.mem) + (mt:const_mt_p) + (root:hash #(const_tree_hash_size #h mt)) +: HST.ST unit pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_get_root #hash_size mt root + +[@ (Comment " Precondition predicate for mt_get_root") "c_inline"] +let mt_get_root_pre + (#h:HS.mem) + (mt:const_mt_p) + (root:hash #(const_tree_hash_size #h mt)) +: HST.ST bool pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_get_root_pre #hash_size mt root + + +[@ (Comment " Getting a Merkle path + + @param[in] mt The Merkle tree + @param[in] idx The index of the target hash + @param[out] path A resulting Merkle path that contains the leaf hash. + @param[out] root The Merkle root + + return The number of elements in the tree + + Notes: + - The resulting path contains pointers to hashes in the tree, not copies of + the hash values. + - idx must be within the currently held indices in the tree (past the + last flush index).") "c_inline"] +let mt_get_path + (#h:HS.mem) + (mt:const_mt_p) + (idx:offset_t) + (path:path_p{path_hash_size #h path = const_tree_hash_size #h mt}) + (root:hash #(path_hash_size #h path)) +: HST.ST index_t pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_get_path #hash_size mt idx path root + +[@ (Comment " Precondition predicate for mt_get_path") "c_inline"] +let mt_get_path_pre + (#h:HS.mem) + (mt:const_mt_p) + (idx:offset_t) + (path:const_path_p{const_path_hash_size #h path = const_tree_hash_size #h mt}) + (root:hash #(const_path_hash_size #h path)) +: HST.ST bool pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_get_path_pre #hash_size mt idx path root + + +[@ (Comment " Flush the Merkle tree + + @param[in] mt The Merkle tree") "c_inline"] +let mt_flush (mt:mt_p): HST.ST unit pf pt = MTNL.mt_flush mt + +[@ (Comment " Precondition predicate for mt_flush") "c_inline"] +let mt_flush_pre (mt:const_mt_p): HST.ST bool pf pt = MTNL.mt_flush_pre mt + + +[@ (Comment " Flush the Merkle tree up to a given index + + @param[in] mt The Merkle tree + @param[in] idx The index up to which to flush the tree") "c_inline"] +let mt_flush_to (mt:mt_p) (idx:offset_t): HST.ST unit pf pt = MTNL.mt_flush_to mt idx + +[@ (Comment " Precondition predicate for mt_flush_to")] +let mt_flush_to_pre (mt:const_mt_p) (idx:offset_t): HST.ST bool pf pt = MTNL.mt_flush_to_pre mt idx + + +[@ (Comment " Retract the Merkle tree down to a given index + + @param[in] mt The Merkle tree + @param[in] idx The index to retract the tree to + + Note: The element and idx will remain in the tree.") "c_inline"] +let mt_retract_to (mt:mt_p) (idx:offset_t): HST.ST unit pf pt = MTNL.mt_retract_to mt idx + +[@ (Comment " Precondition predicate for mt_retract_to") "c_inline"] +let mt_retract_to_pre (mt:const_mt_p) (idx:offset_t): HST.ST bool pf pt = MTNL.mt_retract_to_pre mt idx + + +[@ (Comment " Client-side verification + + @param[in] mt The Merkle tree + @param[in] tgt The index of the target hash + @param[in] max The maximum index + 1 of the tree when the path was generated + @param[in] path The Merkle path to verify + @param[in] root + + return true if the verification succeeded, false otherwise + + Note: max - tgt must be less than 2^32.") "c_inline"] +let mt_verify + (#h:HS.mem) + (#hash_size:Ghost.erased hash_size_t) + (#hash_spec:MTS.hash_fun_t #(U32.v hash_size)) + (mt:const_mt_p) + (tgt:UInt64.t) + (max:UInt64.t) + (mtr:HH.rid) + (path:const_path_p{let phs = const_path_hash_size #h path in phs = const_tree_hash_size #h mt /\ phs = Ghost.reveal hash_size}) + (root:hash #(const_path_hash_size #h path)) +: HST.ST bool pf pt += let dmt = B.index (CB.cast mt) 0ul in + let hsz = MTNL.MT?.hash_size dmt in + MTNL.mt_verify #hsz #hash_spec mt tgt max mtr path root + +[@ (Comment " Precondition predicate for mt_verify") "c_inline"] +let mt_verify_pre + (#h:HS.mem) + (mt:const_mt_p) + (tgt:UInt64.t) + (max:UInt64.t) + (mtr:HH.rid) + (path:const_path_p{const_path_hash_size #h path = const_tree_hash_size #h mt}) + (root:hash #(const_path_hash_size #h path)) +: HST.ST bool pf pt += let hash_size = MTNL.MT?.hash_size (B.index (CB.cast mt) 0ul) in + MTNL.mt_verify_pre #hash_size mt tgt max mtr path root + + +[@ (Comment " Serialization size + + @param[in] mt The Merkle tree + + return the number of bytes required to serialize the tree") "c_inline"] +let mt_serialize_size (mt:const_mt_p): HST.ST UInt64.t pf pt = MTNLS.mt_serialize_size mt + + +[@ (Comment " Merkle tree serialization + + @param[in] mt The Merkle tree + @param[out] buf The buffer to serialize the tree into + @param[in] len Length of buf + + return the number of bytes written + + Note: buf must be a buffer of size mt_serialize_size(mt) or larger, but + smaller than 2^32 (larger buffers are currently not supported).") "c_inline"] +let mt_serialize (mt:const_mt_p) (buf:MTNLS.uint8_p) (len:UInt64.t): HST.ST UInt64.t pf pt = MTNLS.mt_serialize mt buf len + + +[@ (Comment " Merkle tree deserialization + + @param[in] expected_hash_size Expected hash size to match hash_fun + @param[in] buf The buffer to deserialize the tree from + @param[in] len Length of buf + @param[in] hash_fun Hash function + + return pointer to the new tree if successful, NULL otherwise + + Note: buf must point to an allocated buffer.") "c_inline"] +let mt_deserialize + (#hsz:Ghost.erased hash_size_t) + (rid:HST.erid) + (buf:MTNLS.const_uint8_p) + (len:UInt64.t{CB.length buf = U64.v len}) + (hash_spec:Ghost.erased(MTS.hash_fun_t #(U32.v hsz))) + (hash_fun:MTNLHF.hash_fun_t #hsz #hash_spec) +: HST.ST (B.pointer_or_null merkle_tree) pf pt += MTNLS.mt_deserialize #hsz rid buf len hash_spec hash_fun + + +[@ (Comment " Path serialization + + @param[in] path The path + @param[out] buf The buffer to serialize the path into + @param[in] len Length of buf + + return the number of bytes written") "c_inline"] +let mt_serialize_path + (path:const_path_p) + (buf:MTNLS.uint8_p) + (len:UInt64.t) +: HST.ST UInt64.t pf pt += let hash_size = MTNL.Path?.hash_size (B.index (CB.cast path) 0ul) in + MTNLS.mt_serialize_path #hash_size path buf len + + +[@ (Comment " Path deserialization + + @param[in] buf The buffer to deserialize the path from + @param[in] len Length of buf + + return pointer to the new path if successful, NULL otherwise + + Note: buf must point to an allocated buffer.") "c_inline"] +let mt_deserialize_path + (rid:HST.erid) + (buf:MTNLS.const_uint8_p) + (len:UInt64.t{CB.length buf = U64.v len}) +: HST.ST (B.pointer_or_null (path)) pf pt += MTNLS.mt_deserialize_path rid buf len diff --git a/tests/merkle_tree_test.c b/tests/merkle_tree_test.c new file mode 100644 index 0000000..29f24c9 --- /dev/null +++ b/tests/merkle_tree_test.c @@ -0,0 +1,212 @@ +#include +#include +#include + +#include "MerkleTree.h" +#include "merkle_tree_test.h" + +static char hs[64U+1]; + +static const uint32_t hash_size = 32; + +const char* hash_to_string(const uint8_t *h) { + for (uint32_t i = 0; i < 32U; i++) + sprintf(&hs[2*i], "%02x", h[i]); + return hs; +} + +void print_hash(const char *name, const uint8_t *h) { + const char* hs = hash_to_string(h); + printf("%s: %s\n", name, hs); +} + +void print_tree(const mt_p mt, size_t num_elts) { + printf("Tree:\n"); + for (size_t lv = 0; lv < num_elts; lv++) { + printf("%02lu:", lv); + uint32_t lvsz = mt->hs.vs[lv].sz; + for (size_t i = 0; i < lvsz; i++) + printf(" %lu=%s", i, hash_to_string(mt->hs.vs[lv].vs[i])); + printf("\n"); + } +} + +int main(int argc, char *argv[]) { + + uint64_t num_elts = 1; + if (argc > 1) + num_elts = atoi(argv[1]); + + MerkleTree_Init_init(); + + // Creation + uint8_t *ih = mt_init_hash(hash_size); + mt_p mt = mt_create(ih); + print_hash("root", ih); + mt_free_hash(ih); + + printf("Merkle tree created.\n"); + + // Insertion + for (size_t i = 1; i < num_elts; i++) { + uint8_t *hash = mt_init_hash(hash_size); + hash[hash_size-1] = (uint8_t)i; + print_hash("elem", hash); + mt_insert(mt, hash); + mt_free_hash(hash); + } + + + printf("Tree holds [%ld,%"PRIu64"\n", 0UL, num_elts-1); + uint8_t *rh = mt_init_hash(hash_size); + mt_get_root(mt, rh); + print_hash("root", rh); + mt_free_hash(rh); + + printf("All values are inserted!\n"); + + print_tree(mt, num_elts); + + // Getting the Merkle path and verify it + uint8_t *root = mt_init_hash(hash_size); + for (uint64_t k = 0; k < num_elts; k++) { + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + uint32_t sz = mt_get_path(mt, k, cur_path, root); + + printf("path from k=%"PRIu64"\n", k); + uint8_t *tmp = mt_init_hash(hash_size); + memcpy(tmp, mt_get_path_step(cur_path, 0), hash_size); + for (uint32_t l = 0; l < mt_get_path_length(cur_path); l++) { + uint8_t* step = mt_get_path_step(cur_path, l); + print_hash(" elem", step); + if (l > 0) { + mt_sha256_compress(tmp, step, tmp); + print_hash(" tmp ", tmp); + } + } + mt_free_hash(tmp); + print_hash(" root", root); + + bool verified = mt_verify(mt, k, sz, cur_path, root); + printf("Verification with k=%"PRIu64" sz=%d: %d\n", k, sz, verified); + + mt_free_path(cur_path); + } + + uint64_t flush_to = num_elts / 3; + mt_flush_to(mt, flush_to); + printf("Flushed tree to [%"PRIu64"%"PRIu64"\n", flush_to, num_elts); + + for (uint64_t k = flush_to; k < num_elts; k++) { + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + uint32_t j = mt_get_path(mt, k, cur_path, root); + + bool verified = mt_verify(mt, k, j, cur_path, root); + printf("Verification (after flushing) with k(%"PRIu64", j(%d): %d\n", k, j, verified); + + mt_free_path(cur_path); + } + + flush_to = num_elts / 2; + mt_flush_to(mt, flush_to); + printf("Flushed tree to [%"PRIu64"%"PRIu64"\n", flush_to, num_elts); + + for (uint64_t k = flush_to; k < num_elts; k++) { + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + uint32_t j = mt_get_path(mt, k, cur_path, root); + + bool verified = mt_verify(mt, k, j, cur_path, root); + printf("Verification (after flushing) with k(%"PRIu64", j(%d): %d\n", k, j, verified); + + mt_free_path(cur_path); + } + + printf("All merkle paths are verified!\n"); + + { + printf("Testing (de)serialization...\n"); + size_t num_bytes = mt_serialize_size(mt) * sizeof(uint8_t); + uint8_t *buf = malloc(num_bytes); + uint32_t written = mt_serialize(mt, buf, num_bytes); + + if (written != num_bytes) { + printf("Serialization failed!\n"); + return 1; + } + + merkle_tree *mtd = mt_deserialize(buf, written, mt_sha256_compress); + + if (mtd == NULL) { + printf("Deserialization failed!\n"); + return 1; + } + + free(buf); + + printf("Re-verifying paths on deserialized tree...\n"); + for (uint64_t k = flush_to; k < num_elts; k++) { + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + uint32_t j = mt_get_path(mtd, k, cur_path, root); + + bool verified = mt_verify(mtd, k, j, cur_path, root); + + uint8_t buffer[2048]; + uint32_t spsz = mt_serialize_path(cur_path, buffer, 2048); + assert(spsz > 0); + MerkleTree_Low_path *dpath = mt_deserialize_path(buffer, 2048); + assert(dpath != NULL); + + bool dverified = mt_verify(mtd, k, j, dpath, root); + printf("Verification with k(%"PRIu64", j(%d): %d, deserialized (sz=%d): %d\n", k, j, verified, spsz, dverified); + + mt_free_path(dpath); + mt_free_path(cur_path); + } + + mt_free(mtd); + } + + uint64_t retract_to = flush_to + (num_elts - flush_to)/2; + if (!mt_retract_to_pre(mt, retract_to)) { + printf("ERROR: Precondition for mt_retract_to does not hold; exiting.\n"); + exit(1); + } + + mt_retract_to(mt, retract_to); + printf("Retracted tree to [%"PRIu64"%"PRIu64"\n", flush_to, retract_to); + + printf("Re-verifying paths on retracted tree...\n"); + for (uint64_t k = flush_to; k <= retract_to; k++) { + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + if (!mt_get_path_pre(mt, k, cur_path, root)) { + printf("ERROR: Precondition for mt_get_path does not hold; exiting.\n"); + exit(1); + } + uint32_t j = mt_get_path(mt, k, cur_path, root); + + bool verified = mt_verify(mt, k, j, cur_path, root); + printf("Verification with k(%"PRIu64", j(%d): %d\n", k, j, verified); + + mt_free_path(cur_path); + } + + flush_to = retract_to; + mt_flush_to(mt, flush_to); + printf("Flushed tree to [%"PRIu64"%"PRIu64"\n", flush_to, retract_to); + { + uint64_t k = flush_to; + MerkleTree_Low_path *cur_path = mt_init_path(hash_size); + uint32_t j = mt_get_path(mt, k, cur_path, root); + bool verified = mt_verify(mt, k, j, cur_path, root); + printf("Final verification with k(%"PRIu64", j(%d): %d\n", k, j, verified); + mt_free_path(cur_path); + } + + // Free + mt_free(mt); + mt_free_hash(root); + + printf("The Merkle tree is freed\n"); + + return 0; +} diff --git a/tests/merkle_tree_test.h b/tests/merkle_tree_test.h new file mode 100644 index 0000000..131cf83 --- /dev/null +++ b/tests/merkle_tree_test.h @@ -0,0 +1 @@ +int main (); diff --git a/utils/merkle_tree_prototype.h b/utils/merkle_tree_prototype.h new file mode 100644 index 0000000..ec8273d --- /dev/null +++ b/utils/merkle_tree_prototype.h @@ -0,0 +1,52 @@ +#include "stdint.h" + +extern hash_vec; +extern merkle_tree; + +typedef uint8_t *hash; +typedef merkle_tree *mt_p; +typedef hash_vec *path; + +/// Utilities + +hash init_hash(); +void free_hash(hash h); + +path init_path(); +void free_path(path p); +void clear_path(path p); + +/// Construction and destruction (free) +mt_p create_mt(hash init); +void free_mt(mt_p mt); + +/* Insertion +* @param[in] v The tree does not take ownership of the hash, it makes a copy of +* its content. Note that the content of the hash will be +* overwritten with an arbitrary value by the call. +*/ +void mt_insert(mt_p mt, hash v); + +/** Getting the Merkle root + * @param[out] root The merkle root returned as a hash pointer + */ +void mt_get_root(mt_p mt, hash root); + +/** Getting the Merkle path + * @param idx The index of the target hash + * @param[out] root The Merkle root + * @param[out] path A resulting Merkle path that contains the leaf hash. + * Note that the path contains pointers to hashes in the tree, + * not the actual hash values. + * @return The number of elements in the tree + */ +uint32_t mt_get_path(mt_p mt, uint32_t idx, hash root, hash *path); + +void mt_flush(mt_p mt); +void mt_flush_to(mt_p mt, uint32_t idx); + +/** Client-side verification + * @param k The index of the target hash + * @param j The maximum index + 1 of the tree when the path is generated + */ +bool mt_verify(uint32_t k, uint32_t j, hash *path, hash root); diff --git a/utils/path_verify.c b/utils/path_verify.c new file mode 100644 index 0000000..d087f14 --- /dev/null +++ b/utils/path_verify.c @@ -0,0 +1,296 @@ +/* Compile with: gcc -g path_verify.c -o path_verify */ +/* For OpenSSL add -DUSE_OPENSSL -lcrypto */ + +#include +#include +#include +#include +#include +#include // for be32toh, htobe32 + +/** @file + * Examples of Merkle path verification + */ + +/** + * The size of hashes in bytes + */ +#define HASH_SIZE 32 + +/** + * Parse a hash string + * + * @param input a string to parse + * @return byte array of length @link HASH_SIZE + */ +uint8_t *parse_hash(const char *input) +{ + uint8_t *r = (uint8_t *)malloc(sizeof(uint8_t) * HASH_SIZE); + for (int i = 0; i < HASH_SIZE; i++) { + unsigned tmp; + if (sscanf(input + 2 * i, "%02x", &tmp) != 1) { + printf("hash parsing error\n"); + return NULL; + } + r[i] = tmp & 0xff; + } + return r; +} + +/** + * Print a hash to stdout + * + * @param hash hash to print + */ +void print_hash(const uint8_t *hash) +{ + for (int i = 0; i < HASH_SIZE; i++) + printf("%02x", hash[i] & 0xff); +} + +#ifdef USE_OPENSSL +#include + +/** + * SHA256 compression function (based on OpenSSL) + * + * @param h1 left block + * @param h2 right block + * @param out compressed block + */ +void compress(const uint8_t *h1, const uint8_t *h2, uint8_t *out) +{ + unsigned char block[HASH_SIZE * 2]; + memcpy(&block[0], h1, HASH_SIZE); + memcpy(&block[HASH_SIZE], h2, HASH_SIZE); + + SHA256_CTX ctx; + if (SHA256_Init(&ctx) != 1) + printf("SHA256_Init error"); + SHA256_Transform(&ctx, &block[0]); + + for (int i = 0; i < 8; i++) + ((uint32_t *)out)[i] = htobe32(((uint32_t *)ctx.h)[i]); +} +#else +uint32_t constants[] = { + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2}; + +/** + * SHA256 compression function (custom) + * + * @param h1 left block + * @param h2 right block + * @param out compressed block + */ +void compress(const uint8_t *h1, const uint8_t *h2, uint8_t *out) +{ + uint8_t block[HASH_SIZE * 2]; + memcpy(&block[0], h1, HASH_SIZE); + memcpy(&block[HASH_SIZE], h2, HASH_SIZE); + + uint32_t s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + + uint32_t cws[64]; + memset(cws, 0, 64); + + for (int i = 0; i < 16; i++) + cws[i] = be32toh(((int32_t *)block)[i]); + + for (int i = 16; i < 64; i++) { + uint32_t t16 = cws[i - 16]; + uint32_t t15 = cws[i - 15]; + uint32_t t7 = cws[i - 7]; + uint32_t t2 = cws[i - 2]; + uint32_t s1 = (t2 >> 17 | t2 << 15) ^ ((t2 >> 19 | t2 << 13) ^ t2 >> 10); + uint32_t s0 = (t15 >> 7 | t15 << 25) ^ ((t15 >> 18 | t15 << 14) ^ t15 >> 3); + cws[i] = (s1 + t7 + s0 + t16); + } + + uint32_t h[8]; + for (int i = 0; i < 8; i++) + h[i] = s[i]; + + for (int i = 0; i < 64; i++) { + uint32_t a0 = h[0]; + uint32_t b0 = h[1]; + uint32_t c0 = h[2]; + uint32_t d0 = h[3]; + uint32_t e0 = h[4]; + uint32_t f0 = h[5]; + uint32_t g0 = h[6]; + uint32_t h03 = h[7]; + uint32_t w = cws[i]; + uint32_t t1 = h03 + ((e0 >> 6 | e0 << 26) ^ ((e0 >> 11 | e0 << 21) ^ (e0 >> 25 | e0 << 7))) + ((e0 & f0) ^ (~e0 & g0)) + constants[i] + w; + uint32_t t2 = ((a0 >> 2 | a0 << 30) ^ ((a0 >> 13 | a0 << 19) ^ (a0 >> 22 | a0 << 10))) + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))); + h[0] = t1 + t2; + h[1] = a0; + h[2] = b0; + h[3] = c0; + h[4] = d0 + t1; + h[5] = e0; + h[6] = f0; + h[7] = g0; + } + + uint32_t *r = (uint32_t *)out; + for (int i = 0; i < 8; i++) + r[i] = htobe32(s[i] + h[i]); +} +#endif + +/** + * Recursive implementation of path recomputation + * + * @param i index to recompute + * @param n size of the tree + * @param path neighbouring hashes along branches + * @param path_len length of path + * @param pi current path index + * @param tag current tag + * @param actd flag + * @return 0 for success, non-zero otherwise + */ +int recompute_rec(uint32_t i, uint32_t n, uint8_t *const *path, size_t path_len, size_t pi, uint8_t *tag, int actd) +{ + /* printf("%u %u %lu ", i, n, pi); print_hash(tag); printf("\n"); */ + if (n < 0 || i > n || path_len == 0 || pi < 0 || pi > path_len) + return 1; + + if (n != 0) { + int nactd = actd || n % 2 == 1; + if (i % 2 == 0) { + if (n == i || ((n == i + 1) && !actd)) + return recompute_rec(i / 2, n / 2, path, path_len, pi, tag, nactd); + const uint8_t *phash = path[pi]; + compress(tag, phash, tag); + return recompute_rec(i / 2, n / 2, path, path_len, pi + 1, tag, nactd); + } + else { + const uint8_t *phash = path[pi]; + compress(phash, tag, tag); + } + return recompute_rec(i / 2, n / 2, path, path_len, pi + 1, tag, nactd); + } + + return 0; +} + +/** + * Iterative implementation of path recomputation + * + * @param i index to recompute + * @param n size of the tree + * @param path neighbouring hashes along branches + * @param path_len length of path + * @param tag current tag + * @return 0 for success, non-zero otherwise + */ +int recompute(uint32_t i, uint32_t n, uint8_t *const *path, size_t path_len, uint8_t *tag) +{ + if (n < 0 || i > n || path_len == 0) + return 1; + + memcpy(tag, path[0], HASH_SIZE); + size_t pi = 1; + int inside = 1; + while (n > 0) { + /* printf("%u %u %lu ", i, n, pi); print_hash(tag); printf("\n"); */ + int left = i % 2 == 1; /* going up to the left */ + int skip = i == n || (i + 1 == n && inside); /* no more hashes to the right */ + + if (left || !skip) { + assert(pi < path_len); + if (left) + compress(path[pi], tag, tag); + else + compress(tag, path[pi], tag); + pi++; + } + + inside &= n % 2 == 0; + i /= 2; + n /= 2; + } + + return 0; +} + +/** + * Merkle path verification + * + * @param offset 64-bit offset of the internal 32-bit tree + * @param i index to recompute + * @param n size of the tree + * @param path neighbouring hashes along branches + * @param root root of the tree + * @return 0 for success, non-zero otherwise. + */ +int verify(uint32_t offset, uint32_t i, uint32_t n, uint8_t *const *path, size_t path_len, const uint8_t *root) +{ + uint8_t acc_rec[HASH_SIZE], acc_itr[HASH_SIZE]; + memcpy(acc_rec, path[0], HASH_SIZE); + int r1 = recompute_rec(i - offset, n - offset, path, path_len, 1, acc_rec, 0); + int r2 = recompute(i - offset, n - offset, path, path_len, acc_itr); + if (r1 != 0 || r2 != 0) { + printf("Recomputation error\n"); + return 1; + } + assert(memcmp(acc_rec, acc_itr, HASH_SIZE) == 0); + return memcmp(acc_itr, root, HASH_SIZE) != 0; +} + +/** + * Various Merkle path verification tests + */ +int main(int argc, char **argv) +{ + uint8_t *root = parse_hash("50b2a21d29533d9ab25cbde1776c76db2c4eef059ad300e20335605942edb4a9"); + + uint8_t *paths[4][3] = { + { + parse_hash("0000000000000000000000000000000000000000000000000000000000000000"), + parse_hash("0000000000000000000000000000000000000000000000000000000000000001"), + parse_hash("0fff9b7f003a6cffbe9db48e026410191e893f0e8519cc39262df228cde1f5d2") + }, + { + parse_hash("0000000000000000000000000000000000000000000000000000000000000001"), + parse_hash("0000000000000000000000000000000000000000000000000000000000000000"), + parse_hash("0fff9b7f003a6cffbe9db48e026410191e893f0e8519cc39262df228cde1f5d2") + }, + { + parse_hash("0000000000000000000000000000000000000000000000000000000000000002"), + parse_hash("0000000000000000000000000000000000000000000000000000000000000003"), + parse_hash("b40f7ca600e9693557a6a01a2a9288c200d14c5e76329d4d0d069cae776a096d") + }, + { + parse_hash("0000000000000000000000000000000000000000000000000000000000000003"), + parse_hash("0000000000000000000000000000000000000000000000000000000000000002"), + parse_hash("b40f7ca600e9693557a6a01a2a9288c200d14c5e76329d4d0d069cae776a096d") + } + }; + + for (int i = 0; i < 4; i++) { + if (verify(0, i, 4, paths[i], 3, root) != 0) { + printf("Verification failure\n"); + exit(2); + } + } + + printf("All ok.\n"); + + free(root); + for (int i = 0; i < 4; i++) + for (int j = 0; j < 3; j++) + free(paths[i][j]); + + return 0; +} diff --git a/utils/path_verify.py b/utils/path_verify.py new file mode 100644 index 0000000..857d6cc --- /dev/null +++ b/utils/path_verify.py @@ -0,0 +1,157 @@ +""" +Examples of Merkle path verification +""" + +import binascii # hexlify +import struct # endianness conversions + +constants = [ + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +] + +def compress(block): + """ + Compression function of SHA256 + + :param block: block to compress + """ + s = [ 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19 ] + + cws = [ 0 ] * 64 + for i in range(16): + cws[i] = struct.unpack(">I", block[i*4:(i+1)*4])[0] + for i in range(16, 64): + t16, t15, t7, t2 = cws[i - 16], cws[i - 15], cws[i - 7], cws[i - 2] + s1 = (t2 >> 17 | t2 << 15) ^ ((t2 >> 19 | t2 << 13) ^ t2 >> 10) + s0 = (t15 >> 7 | t15 << 25) ^ ((t15 >> 18 | t15 << 14) ^ t15 >> 3) + cws[i] = (s1 + t7 + s0 + t16) & 0xffffffff + + h = list(s) + for i in range(64): + [a0, b0, c0, d0, e0, f0, g0, h03] = h + w = cws[i] + t1 = h03 + ((e0 >> 6 | e0 << 26) ^ ((e0 >> 11 | e0 << 21) ^ (e0 >> 25 | e0 << 7))) + ((e0 & f0) ^ (~e0 & g0)) + constants[i] + w + t2 = ((a0 >> 2 | a0 << 30) ^ ((a0 >> 13 | a0 << 19) ^ (a0 >> 22 | a0 << 10))) + ((a0 & b0) ^ ((a0 & c0) ^ (b0 & c0))) + h = [ (t1 + t2) & 0xffffffff, a0 & 0xffffffff, b0 & 0xffffffff, c0 & 0xffffffff, + (d0 + t1) & 0xffffffff, e0 & 0xffffffff, f0 & 0xffffffff, g0 & 0xffffffff ] + + r = bytearray() + for i in range(8): + r += struct.pack(">I",(s[i] + h[i]) & 0xffffffff) + return r + +def recompute_rec(i, n, path, pi, tag, actd): + """ + Recursive recomputation of tag + + :param i: index to recompute + :param n: size of the tree + :param path: neighbouring hashes along branches + :param pi: current path index + :param tag: current tag + :param actd: flag + :returns: recomputed tag + """ + if n < 0 or i > n or not len(path) or pi < 0 or pi > len(path): + return [] + + # print([str(i), str(n), str(pi), binascii.hexlify(tag)]) + if n == 0: + return tag + nactd = actd or n % 2 == 1 + if i % 2 == 0: + if n == i or (n == i + 1 and not actd): + return recompute_rec(i // 2, n // 2, path, pi, tag, nactd) + tag = compress(tag + path[pi]) + else: + tag = compress(path[pi] + tag) + return recompute_rec(i // 2, n // 2, path, pi + 1, tag, nactd) + +def recompute(i, n, path): + """ + Iterative recomputation of tag + + :param i: index to recompute + :param n: size of the tree + :param path: neighbouring hashes along branches + """ + if n < 0 or i > n or not len(path): + return [] + + tag = path[0] + pi = 1 + inside = True + while n > 0: + # print([str(i), str(n), str(pi), binascii.hexlify(tag)]) + left = i % 2 == 1 # going up to the left + skip = i == n or (i + 1 == n and inside) # no more hashes to the right + if left or not skip: + assert (pi < len(path)) + if left: + tag = compress(path[pi] + tag) + else: + tag = compress(tag + path[pi]) + pi += 1 + inside &= n % 2 == 0 + i //= 2 + n //= 2 + return tag + +def verify(offset, i, n, path, root): + """ + Merkle path verification + + :param offset: 64-bit offset of the internal 32-bit tree + :param i: index to verify + :param n: size of the tree + :param path: neighbouring hashes along branches + :param root: root of the tree + :returns: True for success, False otherwise. + """ + io = i - offset + no = n - offset + tag_rec = recompute_rec(io, no, path, 1, path[0], False) + tag = recompute(io, no, path) + assert(tag_rec == tag) + return tag == root + +def tests(): + """Various test inputs""" + + root = bytearray.fromhex("50b2a21d29533d9ab25cbde1776c76db2c4eef059ad300e20335605942edb4a9") + + path = [ bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000000"), + bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000001"), + bytearray.fromhex("0fff9b7f003a6cffbe9db48e026410191e893f0e8519cc39262df228cde1f5d2") ] + v1 = verify(0, 0, 4, path, root) + + path = [ bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000001"), + bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000000"), + bytearray.fromhex("0fff9b7f003a6cffbe9db48e026410191e893f0e8519cc39262df228cde1f5d2") ] + v2 = verify(0, 1, 4, path, root) + + path = [ bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000002"), + bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000003"), + bytearray.fromhex("b40f7ca600e9693557a6a01a2a9288c200d14c5e76329d4d0d069cae776a096d") ] + v3 = verify(0, 2, 4, path, root) + + path = [ bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000003"), + bytearray.fromhex("0000000000000000000000000000000000000000000000000000000000000002"), + bytearray.fromhex("b40f7ca600e9693557a6a01a2a9288c200d14c5e76329d4d0d069cae776a096d") ] + v4 = verify(0, 3, 4, path, root) + + if v1 and v2 and v3 and v4: + print("All ok.") + else: + print("Verification failure.") + +if __name__ == '__main__': + tests()