Struct Int 

pub struct Int;

An unbounded, mathematical integer.

This type cannot be only be constructed in logical or ghost code.

Integers in pearlite

Note that in pearlite, all integer literals are of type Int:

let x = 1i32;
//             ↓ need to use the view operator to convert `i32` to `Int`
proof_assert!(x@ == 1);

You can use the usual operators on integers: +, -, *, / and %.

Note that those operators are not available in ghost code.

Implementations

impl Int

pub fn pow(self, p: Int) -> Int

Compute self^p.

Example

proof_assert!(3.pow(4) == 729);

pub fn pow2(self) -> Int

Compute 2^p.

Example

proof_assert!(pow2(4) == 16);

pub fn max(self, x: Int) -> Int

Compute the maximum of self and x.

Example

proof_assert!(10.max(2) == 10);

pub fn min(self, x: Int) -> Int

Compute the minimum of self and x.

Example

proof_assert!(10.max(2) == 2);

pub fn div_euclid(self, d: Int) -> Int

Compute the euclidean division of self by d.

Example

proof_assert!(10.div_euclid(3) == 3);

pub fn rem_euclid(self, d: Int) -> Int

Compute the remainder of the euclidean division of self by d.

Example

 proof_assert!(10.rem_euclid(3) == 1);

pub fn abs_diff(self, other: Int) -> Int

Compute the absolute difference of self and x.

Example

proof_assert!(10.abs_diff(3) == 7);
proof_assert!(3.abs_diff(10) == 7);
proof_assert!((-5).abs_diff(5) == 10);

(open)

if self < other { other - self } else { self - other }

impl Int

pub fn new(value: i128) -> Ghost<Self>

Create a new Int value

The result is wrapped in a Ghost, so that it can only be access inside a ghost! block.

You should not have to use this method directly: instead, use the int suffix inside of a ghost block:

let x: Ghost<Int> = ghost!(1int);
ghost! {
    let y: Int = 2int;
};

terminates

ghost

ensures

*result == value@

pub fn incr_ghost(&mut self)

terminates

ghost

ensures

^self == *self + 1

pub fn decr_ghost(&mut self)

terminates

ghost

ensures

^self == *self - 1

Trait Implementations

impl Add for Int

fn add(self, other: Int) -> Self

terminates

ghost

ensures

result == self + other

type Output = Int

The resulting type after applying the + operator.

impl AddLogic for Int

fn add(self, other: Self) -> Self

type Output = Int

impl Clone for Int

fn clone(&self) -> Self

terminates

ghost

ensures

result == *self

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl DeepModel for Int

fn deep_model(self) -> Self::DeepModelTy

(open, inline)

self

type DeepModelTy = Int

impl Div for Int

fn div(self, other: Int) -> Self

terminates

ghost

ensures

result == self / other

type Output = Int

The resulting type after applying the / operator.

impl DivLogic for Int

fn div(self, other: Self) -> Self

type Output = Int

impl<T> Index<Int> for Seq<T>

fn index(&self, index: Int) -> &Self::Output

terminates

ghost

requires

0 <= index && index < self.len()

ensures

*result == self[index]

type Output = T

The returned type after indexing.

impl<T> IndexLogic<Int> for [T]

fn index_logic(self, ix: Int) -> Self::Item

(open, inline)

pearlite! { self@[ix] }

type Item = T

impl<T, const N: usize> IndexLogic<Int> for [T; N]

fn index_logic(self, ix: Int) -> Self::Item

(open, inline)

pearlite! { self@[ix] }

type Item = T

impl<T> IndexLogic<Int> for Seq<T>

fn index_logic(self, _: Int) -> Self::Item

type Item = T

impl<T, A: Allocator> IndexLogic<Int> for Vec<T, A>

Available on crate feature nightly only.

fn index_logic(self, ix: Int) -> Self::Item

(open, inline)

pearlite! { self@[ix] }

type Item = T

impl<T, A: Allocator> IndexLogic<Int> for VecDeque<T, A>

Available on crate feature nightly only.

fn index_logic(self, ix: Int) -> Self::Item

(open, inline)

pearlite! { self@[ix] }

type Item = T

impl<T> IndexMut<Int> for Seq<T>

fn index_mut(&mut self, index: Int) -> &mut Self::Output

terminates

ghost

requires

0 <= index && index < self.len()

ensures

(*self).len() == (^self).len()

ensures

*result == (*self)[index] && ^result == (^self)[index]

ensures

forall<i> i != index ==> (*self).get(i) == (^self).get(i)

impl Mul for Int

fn mul(self, other: Int) -> Self

terminates

ghost

ensures

result == self * other

type Output = Int

The resulting type after applying the * operator.

impl MulLogic for Int

fn mul(self, other: Self) -> Self

type Output = Int

impl Neg for Int

fn neg(self) -> Self

terminates

ghost

ensures

result == -self

type Output = Int

The resulting type after applying the - operator.

impl NegLogic for Int

fn neg(self) -> Self

type Output = Int

impl OrdLogic for Int

fn cmp_log(self, o: Self) -> Ordering

(open)

if self < o {
    Ordering::Less
} else if self == o {
    Ordering::Equal
} else {
    Ordering::Greater
}

fn le_log(self, _: Self) -> bool

fn lt_log(self, _: Self) -> bool

fn ge_log(self, _: Self) -> bool

fn gt_log(self, _: Self) -> bool

fn cmp_le_log(x: Self, y: Self)

(open(pub(self)), law)

ensures

x.le_log(y) == (x.cmp_log(y) != Ordering::Greater)

fn cmp_lt_log(x: Self, y: Self)

(open(pub(self)), law)

ensures

x.lt_log(y) == (x.cmp_log(y) == Ordering::Less)

fn cmp_ge_log(x: Self, y: Self)

(open(pub(self)), law)

ensures

x.ge_log(y) == (x.cmp_log(y) != Ordering::Less)

fn cmp_gt_log(x: Self, y: Self)

(open(pub(self)), law)

ensures

x.gt_log(y) == (x.cmp_log(y) == Ordering::Greater)

fn refl(x: Self)

(open(pub(self)), law)

ensures

x.cmp_log(x) == Ordering::Equal

fn trans(x: Self, y: Self, z: Self, o: Ordering)

(open(pub(self)), law)

requires

x.cmp_log(y) == o

requires

y.cmp_log(z) == o

ensures

x.cmp_log(z) == o

fn antisym1(x: Self, y: Self)

(open(pub(self)), law)

requires

x.cmp_log(y) == Ordering::Less

ensures

y.cmp_log(x) == Ordering::Greater

fn antisym2(x: Self, y: Self)

(open(pub(self)), law)

requires

x.cmp_log(y) == Ordering::Greater

ensures

y.cmp_log(x) == Ordering::Less

fn eq_cmp(x: Self, y: Self)

(open(pub(self)), law)

ensures

(x == y) == (x.cmp_log(y) == Ordering::Equal)

impl PartialEq for Int

fn eq(&self, other: &Self) -> bool

terminates

ghost

ensures

result == (*self == *other)

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl PartialOrd for Int

fn partial_cmp(&self, other: &Self) -> Option<Ordering>

terminates

ghost

ensures

result == Some((*self).cmp_log(*other))

fn lt(&self, other: &Self) -> bool

terminates

ghost

ensures

result == (*self).lt_log(*other)

fn le(&self, other: &Self) -> bool

terminates

ghost

ensures

result == (*self).le_log(*other)

fn gt(&self, other: &Self) -> bool

terminates

ghost

ensures

result == (*self).gt_log(*other)

fn ge(&self, other: &Self) -> bool

terminates

ghost

ensures

result == (*self).ge_log(*other)

impl Rem for Int

fn rem(self, other: Int) -> Self

terminates

ghost

ensures

result == self % other

type Output = Int

The resulting type after applying the % operator.

impl RemLogic for Int

fn rem(self, other: Self) -> Self

type Output = Int

impl Sub for Int

fn sub(self, other: Int) -> Self

terminates

ghost

ensures

result == self - other

type Output = Int

The resulting type after applying the - operator.

impl SubLogic for Int

fn sub(self, other: Self) -> Self

type Output = Int

impl WellFounded for Int

fn well_founded_relation(self, other: Self) -> bool

(open, inline)

self >= 0 && self > other

fn no_infinite_decreasing_sequence(s: Mapping<Int, Self>) -> Int

(opaque)

ensures

result >= 0

ensures

!Self::well_founded_relation(s[result], s[result + 1])

impl Copy for Int

impl Plain for Int