Struct creusot_contracts::logic::Int

pub struct Int(/* private fields */);

An unbounded, mathematical integer.

This type cannot be only be constructed in logical or ghost code.

Integers in pearlite

Note that in pearlite, all integer literals are of type Int:

let x = 1i32;
//             ↓ need to use the view operator to convert `i32` to `Int`
proof_assert!(x@ == 1);

You can use the usual operators on integers: +, -, *, / and %.

Note that those operators are not available in ghost code.

Implementations

impl Int

pub fn new(value: i128) -> GhostBox<Self>

Create a new Int value

The result is wrapped in a GhostBox, so that it can only be access inside a ghost! block.

You should not have to use this method directly: instead, use the int suffix inside of a ghost block:

let x: GhostBox<Int> = ghost!(1int);
ghost! {
    let y: Int = 2int;
};

pure

ensures

*result == value@

pub fn pow(self, p: Int) -> Int

Compute self^p.

Example

proof_assert!(2.pow(3) == 8);

logic

pub fn max(self, x: Int) -> Int

Compute the maximum of self and x.

Example

proof_assert!(10.max(2) == 10);

logic

pub fn min(self, x: Int) -> Int

Compute the minimum of self and x.

Example

proof_assert!(10.max(2) == 2);

logic

pub fn div_euclid(self, d: Int) -> Int

Compute the euclidean division of self by d.

Example

proof_assert!(10.div_euclid(3) == 3);

logic

pub fn rem_euclid(self, d: Int) -> Int

Compute the remainder of the euclidean division of self by d.

Example

 proof_assert!(10.rem_euclid(3) == 1);

logic

pub fn abs_diff(self, other: Int) -> Int

Compute the absolute difference of self and x.

Example

proof_assert!(10.abs_diff(3) == 7);
proof_assert!(3.abs_diff(10) == 7);
proof_assert!((-5).abs_diff(5) == 10);

logic

if self < other {
    other - self
} else {
    self - other
}

Trait Implementations

impl Add for Int

fn add(self, other: Int) -> Self

pure

ensures

result == self + other

type Output = Int

The resulting type after applying the + operator.

impl AddLogic for Int

fn add(self, other: Self) -> Self

logic

type Output = Int

impl Clone for Int

fn clone(&self) -> Self

pure

ensures

result == *self

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl DeepModel for Int

fn deep_model(self) -> Self::DeepModelTy

logic

self

type DeepModelTy = Int

impl Div for Int

fn div(self, other: Int) -> Self

pure

ensures

result == self / other

type Output = Int

The resulting type after applying the / operator.

impl DivLogic for Int

fn div(self, other: Self) -> Self

logic

type Output = Int

impl<T> IndexLogic<Int> for [T]

fn index_logic(self, ix: Int) -> Self::Item

logic

pearlite! { self@[ix] }

type Item = T

impl<T, const N: usize> IndexLogic<Int> for [T; N]

fn index_logic(self, ix: Int) -> Self::Item

logic

pearlite! { self@[ix] }

type Item = T

impl<T> IndexLogic<Int> for Seq<T>

fn index_logic(self, _: Int) -> Self::Item

logic

type Item = T

impl<T> IndexLogic<Int> for Snapshot<Seq<T>>

fn index_logic(self, ix: Int) -> Self::Item

logic

pearlite! { (*self)[ix] }

type Item = T

impl<T, A: Allocator> IndexLogic<Int> for Vec<T, A>

fn index_logic(self, ix: Int) -> Self::Item

logic

pearlite! { self@[ix] }

type Item = T

impl<T, A: Allocator> IndexLogic<Int> for VecDeque<T, A>

fn index_logic(self, ix: Int) -> Self::Item

logic

pearlite! { self@[ix] }

type Item = T

impl Mul for Int

fn mul(self, other: Int) -> Self

pure

ensures

result == self * other

type Output = Int

The resulting type after applying the * operator.

impl MulLogic for Int

fn mul(self, other: Self) -> Self

logic

type Output = Int

impl Neg for Int

fn neg(self) -> Self

pure

ensures

result == -self

type Output = Int

The resulting type after applying the - operator.

impl NegLogic for Int

fn neg(self) -> Self

logic

type Output = Int

impl OrdLogic for Int

fn cmp_log(self, o: Self) -> Ordering

logic

if self < o {
    Ordering::Less
} else if self == o {
    Ordering::Equal
} else {
    Ordering::Greater
}

fn le_log(self, _: Self) -> bool

logic

fn lt_log(self, _: Self) -> bool

logic

fn ge_log(self, _: Self) -> bool

logic

fn gt_log(self, _: Self) -> bool

logic

fn cmp_le_log(x: Self, y: Self)

law

ensures

x.le_log(y) == (x.cmp_log(y) != Ordering::Greater)

fn cmp_lt_log(x: Self, y: Self)

law

ensures

x.lt_log(y) == (x.cmp_log(y) == Ordering::Less)

fn cmp_ge_log(x: Self, y: Self)

law

ensures

x.ge_log(y) == (x.cmp_log(y) != Ordering::Less)

fn cmp_gt_log(x: Self, y: Self)

law

ensures

x.gt_log(y) == (x.cmp_log(y) == Ordering::Greater)

fn refl(x: Self)

law

ensures

x.cmp_log(x) == Ordering::Equal

fn trans(x: Self, y: Self, z: Self, o: Ordering)

law

requires

x.cmp_log(y) == o

requires

y.cmp_log(z) == o

ensures

x.cmp_log(z) == o

fn antisym1(x: Self, y: Self)

law

requires

x.cmp_log(y) == Ordering::Less

ensures

y.cmp_log(x) == Ordering::Greater

fn antisym2(x: Self, y: Self)

law

requires

x.cmp_log(y) == Ordering::Greater

ensures

y.cmp_log(x) == Ordering::Less

fn eq_cmp(x: Self, y: Self)

law

ensures

(x == y) == (x.cmp_log(y) == Ordering::Equal)

impl PartialEq for Int

fn eq(&self, other: &Self) -> bool

pure

ensures

result == (*self == *other)

fn ne(&self, other: &Rhs) -> bool

This method tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.

impl Rem for Int

fn rem(self, other: Int) -> Self

pure

ensures

result == self % other

type Output = Int

The resulting type after applying the % operator.

impl RemLogic for Int

fn rem(self, other: Self) -> Self

logic

type Output = Int

impl Sub for Int

fn sub(self, other: Int) -> Self

pure

ensures

result == self - other

type Output = Int

The resulting type after applying the - operator.

impl SubLogic for Int

fn sub(self, other: Self) -> Self

logic

type Output = Int

impl Copy for Int

impl WellFounded for Int