Struct vstd::multiset::Multiset

source ·

pub struct Multiset<V> { /* private fields */ }

Expand description

Multiset<V> is an abstract multiset type for specifications.

Multiset<V> can be encoded as a (total) map from elements to natural numbers, where the number of nonzero entries is finite.

Multisets can be constructed in a few different ways:

Multiset::empty() constructs an empty multiset.
Multiset::singleton constructs a multiset that contains a single element with multiplicity 1.
Multiset::new constructs a multiset from a map of elements to multiplicities.
By manipulating existings multisets with Multiset::add, Multiset::insert, Multiset::sub, Multiset::remove, Multiset::update, or Multiset::filter.
TODO: multiset! constructor macro, multiset from set, from map, etc.

To prove that two multisets are equal, it is usually easiest to use the extensionality operator =~=.

Implementations§

source §

impl<V> Multiset<V>

source

pub spec fn count(self, value: V) -> nat

Returns the count, or multiplicity of a single value within the multiset.

source

pub spec fn len(self) -> nat

The total size of the multiset, i.e., the sum of all multiplicities over all values.

source

pub spec fn empty() -> Self

An empty multiset.

source

pub open spec fn from_map(m: Map<V, nat>) -> Self

{}

Creates a multiset whose elements are given by the domain of the map m and whose multiplicities are given by the corresponding values of m[element]. The map m must be finite, or else this multiset is arbitrary.

source

pub open spec fn new(m: Map<V, nat>) -> Self

👎Deprecated: use from_map instead

{ Self::from_map(m) }

source

pub open spec fn from_set(m: Set<V>) -> Self

{ Self::from_map(Map::new(|k| m.contains(k), |v| 1)) }

source

pub spec fn singleton(v: V) -> Self

A singleton multiset, i.e., a multiset with a single element of multiplicity 1.

source

pub spec fn add(self, m2: Self) -> Self

Takes the union of two multisets. For a given element, its multiplicity in the resulting multiset is the sum of its multiplicities in the operands.

source

pub spec fn sub(self, m2: Self) -> Self

Takes the difference of two multisets. The multiplicities of m2 are subtracted from those of self; if any element occurs more in m2 then the resulting multiplicity bottoms out at 0. (See axiom_multiset_sub for the precise definition.)

Note in particular that self == self.sub(m).add(m) only holds if m is included in self.

source

pub open spec fn insert(self, v: V) -> Self

{ self.add(Self::singleton(v)) }

Inserts one instance the value v into the multiset.

This always increases the total size of the multiset by 1.

source

pub open spec fn remove(self, v: V) -> Self

{ self.sub(Self::singleton(v)) }

Removes one instance of the value v from the multiset.

If v was absent from the multiset, then the multiset is unchanged.

source

pub open spec fn update(self, v: V, mult: nat) -> Self

{
    let map = Map::new(
        |key: V| (self.contains(key) || key == v),
        |key: V| if key == v { mult } else { self.count(key) },
    );
    Self::from_map(map)
}

Updates the multiplicity of the value v in the multiset to mult.

source

pub open spec fn subset_of(self, m2: Self) -> bool

{ forall |v: V| self.count(v) <= m2.count(v) }

Returns true is the left argument is contained in the right argument, that is, if for each value v, the number of occurences in the left is at most the number of occurences in the right.

source

pub open spec fn le(self, m2: Self) -> bool

👎Deprecated: use m1.subset_of(m2) or m1 <= m2 instead

{ self.subset_of(m2) }

source

pub open spec fn spec_le(self, m2: Self) -> bool

{ self.subset_of(m2) }

source

pub open spec fn ext_equal(self, m2: Self) -> bool

👎Deprecated: use =~= or =~~= instead

{ self =~= m2 }

DEPRECATED: use =~= or =~~= instead. Returns true if the two multisets are pointwise equal, i.e., for every value v: V, the counts are the same in each multiset. This is equivalent to the multisets actually being equal by axiom_multiset_ext_equal.

To prove that two maps are equal via extensionality, it may be easier to use the general-purpose =~= or =~~= or to use the assert_multisets_equal! macro, rather than using ext_equal directly.

source

pub spec fn filter(self, f: impl Fn(V) -> bool) -> Self

source

pub open spec fn choose(self) -> V

{ choose |v: V| self.count(v) > 0 }

Chooses an arbitrary value of the multiset.

This is often useful for proofs by induction.

(Note that, although the result is arbitrary, it is still a deterministic function like any other spec function.)

source

pub open spec fn contains(self, v: V) -> bool

{ self.count(v) > 0 }

Predicate indicating if the multiset contains the given value.

source

pub open spec fn intersection_with(self, other: Self) -> Self

{
    let m = Map::<
        V,
        nat,
    >::new(
        |v: V| self.contains(v),
        |v: V| min(self.count(v) as int, other.count(v) as int) as nat,
    );
    Self::from_map(m)
}

Returns a multiset containing the lower count of a given element between the two sets. In other words, returns a multiset with only the elements that “overlap”.

source

pub open spec fn difference_with(self, other: Self) -> Self

{
    let m = Map::<
        V,
        nat,
    >::new(|v: V| self.contains(v), |v: V| clip(self.count(v) - other.count(v)));
    Self::from_map(m)
}

Returns a multiset containing the difference between the count of a given element of the two sets.

source

pub open spec fn is_disjoint_from(self, other: Self) -> bool

{ forall |x: V| self.count(x) == 0 || other.count(x) == 0 }

Returns true if there exist no elements that have a count greater than 0 in both multisets. In other words, returns true if the two multisets have no elements in common.

source