Skip to main content

Seq

creusot_std::logic::seq

Struct Seq 

Source 
pub struct Seq<T>(/* private fields */);
Expand description

A type of sequence usable in pearlite and ghost! blocks.

§Logic

This type is (in particular) the logical representation of a Vec. This can be accessed via its view (The @ operator).

#[logic]
fn get_model<T>(v: Vec<T>) -> Seq<T> {
    pearlite!(v@)
}

§Ghost

Since Vec have finite capacity, this could cause some issues in ghost code:

ghost! {
    let mut v = Vec::new();
    for _ in 0..=usize::MAX as u128 + 1 {
        v.push(0); // cannot fail, since we are in a ghost block
    }
    proof_assert!(v@.len() <= usize::MAX@); // by definition
    proof_assert!(v@.len() > usize::MAX@); // uh-oh
}

This type is designed for this use-case, with no restriction on the capacity.

Implementations§

Source§

impl<T> Seq<T>

This impl block contains no items.

Logical definitions

Source§

impl<T> Seq<T>

Ghost definitions

Source

pub fn new() -> Ghost<Self>

Constructs a new, empty Seq<T>.

This can only be manipulated in the ghost world, and as such is wrapped in Ghost.

§Example
use creusot_std::prelude::*;
let ghost_seq = Seq::<i32>::new();
proof_assert!(seq == Seq::create());
Source

pub fn len_ghost(&self) -> Int

Returns the number of elements in the sequence, also referred to as its ‘length’.

If you need to get the length in pearlite, consider using len.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    s.push_back_ghost(3);
    let len = s.len_ghost();
    proof_assert!(len == 3);
};
Source

pub fn is_empty_ghost(&self) -> bool

Returns true if the sequence is empty.

§Example
use creusot_std::prelude::*;
#[check(ghost)]
#[requires(s.len() == 0)]
pub fn foo(mut s: Seq<i32>) {
    assert!(s.is_empty_ghost());
    s.push_back_ghost(1i32);
    assert!(!s.is_empty_ghost());
}
ghost! {
    foo(Seq::new().into_inner())
};
Source

pub fn push_front_ghost(&mut self, x: T)

Appends an element to the front of a collection.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_front_ghost(1);
    s.push_front_ghost(2);
    s.push_front_ghost(3);
    proof_assert!(s[0] == 3i32 && s[1] == 2i32 && s[2] == 1i32);
};
Source

pub fn push_back_ghost(&mut self, x: T)

Appends an element to the back of a collection.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    s.push_back_ghost(3);
    proof_assert!(s[0] == 1i32 && s[1] == 2i32 && s[2] == 3i32);
};
Source

pub fn get_ghost(&self, index: Int) -> Option<&T>

Returns a reference to an element at index or None if index is out of bounds.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(10);
    s.push_back_ghost(40);
    s.push_back_ghost(30);
    let get1 = s.get_ghost(1int);
    let get2 = s.get_ghost(3int);
    proof_assert!(get1 == Some(&40i32));
    proof_assert!(get2 == None);
};
Source

pub fn get_mut_ghost(&mut self, index: Int) -> Option<&mut T>

Returns a mutable reference to an element at index or None if index is out of bounds.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();

ghost! {
    s.push_back_ghost(0);
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    if let Some(elem) = s.get_mut_ghost(1int) {
        *elem = 42;
    }
    proof_assert!(s[0] == 0i32 && s[1] == 42i32 && s[2] == 2i32);
};
Source

pub fn pop_back_ghost(&mut self) -> Option<T>

Removes the last element from a vector and returns it, or None if it is empty.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    s.push_back_ghost(3);
    let popped = s.pop_back_ghost();
    proof_assert!(popped == Some(3i32));
    proof_assert!(s[0] == 1i32 && s[1] == 2i32);
};
Source

pub fn pop_front_ghost(&mut self) -> Option<T>

Removes the first element from a vector and returns it, or None if it is empty.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    s.push_back_ghost(3);
    let popped = s.pop_front_ghost();
    proof_assert!(popped == Some(1i32));
    proof_assert!(s[0] == 2i32 && s[1] == 3i32);
};
Source

pub fn clear_ghost(&mut self)

Clears the sequence, removing all values.

§Example
use creusot_std::prelude::*;

let mut s = Seq::new();
ghost! {
    s.push_back_ghost(1);
    s.push_back_ghost(2);
    s.push_back_ghost(3);
    s.clear_ghost();
    proof_assert!(s == Seq::empty());
};
Source

pub fn split_off_ghost(&mut self, mid: Int) -> Self

Split a sequence in two at the given index.

Trait Implementations§

Source§

impl<T: Clone + Copy> Clone for Seq<T>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T> Index<(Int, Int)> for Seq<T>

Source§

type Output = (T, T)

The returned type after indexing.
Source§

fn index(&self, index: (Int, Int)) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl<T> Index<Int> for Seq<T>

Source§

type Output = T

The returned type after indexing.
Source§

fn index(&self, index: Int) -> &Self::Output

Performs the indexing (container[index]) operation. Read more
Source§

impl<T> IndexLogic<Int> for Seq<T>

Source§

type Item = T

Source§

impl<T> IndexLogic<Range<Int>> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexLogic<RangeFrom<Int>> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexLogic<RangeFull> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexLogic<RangeInclusive<Int>> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexLogic<RangeTo<Int>> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexLogic<RangeToInclusive<Int>> for Seq<T>

Source§

type Item = Seq<T>

Source§

impl<T> IndexMut<(Int, Int)> for Seq<T>

Source§

fn index_mut(&mut self, index: (Int, Int)) -> &mut Self::Output

Performs the mutable indexing (container[index]) operation. Read more
Source§

impl<T> IndexMut<Int> for Seq<T>

Source§

fn index_mut(&mut self, index: Int) -> &mut Self::Output

Performs the mutable indexing (container[index]) operation. Read more
Source§

impl<'a, T> IntoIterator for &'a Seq<T>

Source§

type Item = &'a T

The type of the elements being iterated over.
Source§

type IntoIter = SeqIterRef<'a, T>

Which kind of iterator are we turning this into?
Source§

fn into_iter(self) -> Self::IntoIter

Creates an iterator from a value. Read more
Source§

impl<T> IntoIterator for Seq<T>

Source§

type Item = T

The type of the elements being iterated over.
Source§

type IntoIter = SeqIter<T>

Which kind of iterator are we turning this into?
Source§

fn into_iter(self) -> SeqIter<T>

Creates an iterator from a value. Read more
Source§

impl<T: Plain> Plain for Seq<T>

Source§

fn into_ghost(snap: Snapshot<Self>) -> Ghost<Self>

Source§

impl<T: Copy> Copy for Seq<T>

Source§

impl<T> Invariant for Seq<T>

Source§

impl<T> Resolve for Seq<T>

Auto Trait Implementations§

§

impl<T> Freeze for Seq<T>

§

impl<T> RefUnwindSafe for Seq<T>
where T: RefUnwindSafe,

§

impl<T> Send for Seq<T>
where T: Send,

§

impl<T> Sync for Seq<T>
where T: Sync,

§

impl<T> Unpin for Seq<T>
where T: Unpin,

§

impl<T> UnsafeUnpin for Seq<T>

§

impl<T> UnwindSafe for Seq<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<F> FnGhost for F