more coercions used in mach.* modules

parent f5f8599c
This diff is collapsed.
......@@ -99,14 +99,14 @@ module Bounded_int
use import int.ComputerDivision
val (/) (a:t) (b:t) : t
requires { "expl:division by zero" to_int b <> 0 }
requires { "expl:integer overflow" in_bounds (div (to_int a) (to_int b)) }
ensures { to_int result = div (to_int a) (to_int b) }
requires { "expl:division by zero" b <> 0 }
requires { "expl:integer overflow" in_bounds (div a b) }
ensures { result = div a b }
val (%) (a:t) (b:t) : t
requires { "expl:division by zero" to_int b <> 0 }
requires { "expl:integer overflow" in_bounds (mod (to_int a) (to_int b)) }
ensures { to_int result = mod (to_int a) (to_int b) }
requires { "expl:division by zero" b <> 0 }
requires { "expl:integer overflow" in_bounds (mod a b) }
ensures { result = mod a b }
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment