Skip to main content

FSet

creusot_std::logic

Struct FSet 

Source 
pub struct FSet<T>(/* private fields */);
Expand description

A finite set type usable in pearlite and ghost! blocks.

If you need an infinite set, see Set.

§Ghost

Since std::collections::HashSet and std::collections::BTreeSet have finite capacity, this could cause some issues in ghost code:

ghost! {
    let mut set = HashSet::new();
    for _ in 0..=usize::MAX as u128 + 1 {
        set.insert(0); // cannot fail, since we are in a ghost block
    }
    proof_assert!(set.len() <= usize::MAX@); // by definition
    proof_assert!(set.len() > usize::MAX@); // uh-oh
}

This type is designed for this use-case, with no restriction on the capacity.

Implementations§

Source§

impl<T> FSet<T>

Ghost definitions

Source

pub fn new() -> Ghost<Self>

Create a new, empty set on the ghost heap.

Source

pub fn len_ghost(&self) -> Int

Returns the number of elements in the set.

If you need to get the length in pearlite, consider using len.

§Example
use creusot_std::{logic::FSet, prelude::*};

let mut set = FSet::new();
ghost! {
    let len1 = set.len_ghost();
    set.insert_ghost(1);
    set.insert_ghost(2);
    set.insert_ghost(1);
    let len2 = set.len_ghost();
    proof_assert!(len1 == 0);
    proof_assert!(len2 == 2);
};
Source

pub fn contains_ghost(&self, value: &T) -> bool

Returns true if the set contains the specified value.

§Example
use creusot_std::{logic::FSet, prelude::*};

let mut set = FSet::new();
ghost! {
    set.insert_ghost(1);
    let (b1, b2) = (set.contains_ghost(&1), set.contains_ghost(&2));
    proof_assert!(b1);
    proof_assert!(!b2);
};
Source

pub fn insert_ghost(&mut self, value: T) -> bool

Adds a value to the set.

Returns whether the value was newly inserted. That is:

  • If the set did not previously contain this value, true is returned.
  • If the set already contained this value, false is returned, and the set is not modified: original value is not replaced, and the value passed as argument is dropped.
§Example
use creusot_std::{logic::FSet, prelude::*};

let mut set = FSet::new();
ghost! {
    let res1 = set.insert_ghost(42);
    proof_assert!(res1);
    proof_assert!(set.contains(42i32));

    let res2 = set.insert_ghost(41);
    let res3 = set.insert_ghost(42);
    proof_assert!(res2);
    proof_assert!(!res3);
    proof_assert!(set.len() == 2);
};
Source

pub fn remove_ghost(&mut self, value: &T) -> bool

Removes a value from the set. Returns whether the value was present in the set.

§Example
use creusot_std::{logic::FSet, prelude::*};

let mut set = FSet::new();
let res = ghost! {
    set.insert_ghost(1);
    let res1 = set.remove_ghost(&1);
    let res2 = set.remove_ghost(&1);
    proof_assert!(res1 && !res2);
};
Source

pub fn clear_ghost(&mut self)

Clears the set, removing all values.

§Example
use creusot_std::{prelude::*, logic::FSet};

let mut s = FSet::new();
ghost! {
    s.insert_ghost(1);
    s.insert_ghost(2);
    s.insert_ghost(3);
    s.clear_ghost();
    proof_assert!(s == FSet::empty());
};

Trait Implementations§

Source§

impl<T: Clone + Copy> Clone for FSet<T>

Source§

fn clone(&self) -> Self

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl<T: Clone + Copy> Copy for FSet<T>

Source§

impl<T> Invariant for FSet<T>

Source§

impl<T> Resolve for FSet<T>

Auto Trait Implementations§

§

impl<T> Freeze for FSet<T>

§

impl<T> RefUnwindSafe for FSet<T>
where T: RefUnwindSafe,

§

impl<T> Send for FSet<T>
where T: Send,

§

impl<T> Sync for FSet<T>
where T: Sync,

§

impl<T> Unpin for FSet<T>
where T: Unpin,

§

impl<T> UnsafeUnpin for FSet<T>

§

impl<T> UnwindSafe for FSet<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<F> FnGhost for F