- String is converted to
List Charin Lean. This helps constructing induction proofs. - The integer types that are used in String indexing are converted to
Natin the Lean implementation. This assumes that overflow exceptions will not happen. Note that overflow exceptions can only happen in Rust programs which use usize for String indexing when the Strings size are GBs. - Byte Lists (for UTF8 conversion) are represented as
List Natin Lean. Strings are converted fromList ChartoList Natby the functionStr_toUTF8. This function ensures that the output is a valid UTF8 string. We use three axioms:Char_Pos0,Char_Diff, andChar_Sizewhich describe the properties of UTF8 encoding (see RustLeanModels/UTF8Str.lean). - The trait std::str::pattern::Pattern is converted to the inductive type
Pattern(see RustString.lean).
| Rust String function | Lean equivalent function | Description link |
|---|---|---|
| core::str::chars | self | https://doc.rust-lang.org/std/primitive.str.html#method.chars |
| core::str::is_empty | List.isEmpty | https://doc.rust-lang.org/std/primitive.str.html#method.is_empty |
| core::str::len | List.length | https://doc.rust-lang.org/std/primitive.str.html#method.len |
The RustString library does not include:
- Functions that mutate their input (e.g.,
make_ascii_lowercase), but it includes the cloning version (e.g.to_ascii_lowercase). - Functions which may panic (e.g., slice indexing), but it includes the non-panicking version (e.g.
str::get)