Skip to main content

Nat

creusot_std::logic

Struct Nat 

Source 
pub struct Nat(/* private fields */);
Expand description

Natural numbers, i.e., integers that are greater or equal to 0.

Implementations§

Source§

impl Nat

Source

pub fn to_int(self) -> Int

ensures 

result >= 0

Source

pub fn new(n: Int) -> Nat

requires 

n >= 0

ensures 

result.to_int() == n

Source

pub fn ext_eq(self, other: Self) -> bool

(open)

let _ = Subset::<NatInner>::inner_inj;
self.to_int() == other.to_int()

ensures 

result == (self == other)

Trait Implementations§

Source§

impl AddLogic for Nat

Source§

fn add(self, other: Self) -> Self

ensures 

result.to_int() == self.to_int() + other.to_int()

Source§

type Output = Nat

Source§

impl MulLogic for Nat

Source§

fn mul(self, other: Self) -> Self

ensures 

result.to_int() == self.to_int() * other.to_int()

Source§

type Output = Nat

Source§

impl RA for Nat

Source§

fn op(self, other: Self) -> Option<Nat>

(open, inline) 

Some(self + other)

Source§

fn factor(self, factor: Self) -> Option<Self>

(open, inline)

let _ = Nat::ext_eq;
if self.to_int() >= factor.to_int() {
    Some(Nat::new(self.to_int() - factor.to_int()))
} else {
    None
}

ensures

match result {
        Some(c) => factor.op(c) == Some(self),
        None => forall<c: Self> factor.op(c) != Some(self),
    }
Source§

fn eq(self, other: Self) -> bool

(open, inline) 

self.ext_eq(other)

ensures 

result == (self == other)

Source§

fn commutative(a: Self, b: Self)

(law)

ensures 

a.op(b) == b.op(a)

Source§

fn associative(a: Self, b: Self, c: Self)

ensures

a.op(b).and_then_logic(|ab: Self| ab.op(c)) == b.op(c).and_then_logic(|bc| a.op(bc))
Source§

fn core(self) -> Option<Self>

(open, inline) 

Some(Nat::new(0))

Source§

fn core_idemp(self)

ensures

let c = self.core().unwrap_logic();
c.op(c) == Some(c)

ensures 

self.core().unwrap_logic().op(self) == Some(self)

Source§

fn core_is_maximal_idemp(self, i: Self)

requires 

i.op(i) == Some(i)

requires 

i.op(self) == Some(self)

ensures

match self.core() {
        Some(c) => i.incl(c),
        None => false,
    }
Source§

fn incl(self, other: Self) -> bool

Inclusion of RA. Read more
Source§

fn incl_op(self, other: Self, comb: Self)

(law) Read more
Source§

fn incl_eq(self, other: Self) -> bool

(open, sealed) Read more

Source§

fn incl_eq_op(a: Self, b: Self, x: Self) -> bool

(open, sealed) Read more
Source§

fn update(self, x: Self) -> bool

Ensures that we can go from self to x without making composition with the frame invalid. Read more
Source§

fn update_nondet(self, s: Set<Self>) -> bool

This is used in Resource::update_nondet. Read more
Source§

fn associative_none(a: Self, b: Self, c: Self, bc: Self)

Specialized version of Self::associative, in the case where a.op(b) == None. Read more
Source§

fn associative_some(a: Self, b: Self, c: Self, ab: Self, bc: Self)

Specialized version of Self::associative, in the case where a.op(b) and b.op(c) are both valid. Read more
Source§

fn incl_transitive(a: Self, b: Self, c: Self)

RA::incl is transitive. Read more
Source§

impl UnitRA for Nat

Source§

fn unit() -> Self

(open, inline)

let _ = Nat::ext_eq;
Nat::new(0)

ensures 

forall<x: Self> #[trigger(x.op(result))] x.op(result) == Some(x)

Source§

fn core_total(self) -> Self

(open, inline) 

Nat::new(0)

ensures 

self.core() == Some(result)

Source§

fn core_total_idemp(self)

ensures 

self.core_total().op(self.core_total()) == Some(self.core_total())

ensures 

self.core_total().op(self) == Some(self)

Source§

fn incl_refl()

In unitary RAs, the inclusion relation is reflexive Read more
Source§

fn unit_core()

The unit is its own core Read more

Auto Trait Implementations§

§

impl Freeze for Nat

§

impl RefUnwindSafe for Nat

§

impl Send for Nat

§

impl Sync for Nat

§

impl Unpin for Nat

§

impl UnwindSafe for Nat

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.