SNumber a n is a runtime representation of the value of n.

For N# n :: SNumber a n and N# m :: SNumber a m, the following must hold:

• n ~ m iff n == m (according to the Eq instance of a).
• CmpInteger m n ~ 'LT iff compare m n == LT (according to Ord).
• CmpInteger m n ~ 'EQ iff compare m n == EQ.
• CmpInteger m n ~ 'GT iff compare m n == GT.
• toInteger n == integerVal @n.
• a upholds the Ord laws.

These are exactly the set of things we're willing to unsafeCoerce proofs for. It is unsafe to construct an SNumber that violates these by any means.

Note that the first requirement means that you must never construct N# 0 :: SNumber _ ('Neg 0), because that would prove that 'Neg 0 ~ 'Pos 0. In practice, we largely ignore the existence of 'Neg 0: trySNumber (and, by extension, the instance derivation via KnownInteger) will throw a runtime error when trying to construct 'Neg 0, and SafeSNumber instances explicitly exclude 'Neg 0 with type-level checks.

There are six main ways to introduce an SNumber, from the cartesian product of several choices

• How do you validate that the value is in-bounds for the representation type?

  • If by runtime checks, the function name has a "try" infix.
  • If by trusting the caller blindly, the function name has an "unsafe" prefix and an "Unchecked" infix.
  • If by type-level bounds checks, the function name has neither of these.

• How do you validate that the runtime Integer value matches the type-level Integer?

  • If by trusting the user to pass in the right Integer, the function has an "unsafe" prefix and a "Mk" infix: we're "making" the SNumber from a runtime value rather than deriving it from KnownNat.
  • If by getting it from a KnownNat instance, the function name doesn't have that infix.

Thus:

• snumber: type-level checks, safe KnownNat.
• trySNumber: runtime checks, safe KnownNat.
• unsafeUncheckedSNumber: no checks, safe KnownNat.
• unsafeMkSNumber: type-level checks, unsafe Integer parameter.
• unsafeTryMkSNumber: runtime checks, unsafe Integer parameter.
• unsafeUncheckedMkSNumber: no checks, unsafe a parameter. a.k.a. N#.

Finally, there's one other way to get an SNumber: by asking the constraint solver to give you one, with a KnownSNumber class and its snumberVal method. Currently, this will be solved automatically from KnownNat by using trySNumber, and of course it can be solved from a matching instance in the function's context (which compiles to an a parameter for KnownSNumber a n).

The class of types that are suitable for use as integer value witnesses.

Implementing an instance of this class amounts to asserting that the type and its Integral, Ord, and Eq instances uphold the requirements of SNumber, for any integer n that satisfies SafeSNumber a n.

Furthermore, it requires that every value of a is an integer, i.e. that forall x :: a. exists y :: Integer. x == fromInteger y, toInteger x == y. This ensures we can wrap any a in SomeSNumberVal and be sure it corresponds to a valid K.Integer.

Construct an SNumber, doing all validation at the type level.

This is completely safe and cannot raise runtime errors.

Create an SNumber for n, if it's faithfully represented by a.

This is completely safe, but it may raise runtime errors, because it tests at runtime whether a can represent n correctly.

Create an SNumber from a KnownInteger constraint without any checks.

This will cause type unsoundness if the value is not correctly represented by a or if the instances of a do not behave according to the safety requirements described on SNumber.

Semi-safely construct an SNumber as if by N#.

Callers must ensure that the a argument is fromInteger (integerVal n) (semantically, not syntactically: unsafeSNumber ('Pos 42) 42 is fine and is in fact the intended use case).

The extra constraint here compared to N# ensures that if you write unsafeMkSNumber @n (fromInteger n), the result is either a valid SNumber or a type error. In particular, the cases this rules out are those where toInteger (fromInteger n :: a) /= n or where fromInteger m :: a == fromInteger n does not imply m == n.

Create an SNumber for n, if it's faithfully represented by a.

As with unsafeMkSNumber, this trusts you to pass integerVal @n, and violating that will lead to type unsoundness.

This tests at runtime whether a represents n correctly.

Create an SNumber for n, with no safety measures whatsoever.

An SNumber with an existential Integer type parameter.

Create an SNumber a from any value of type a.

Since SNumberRepr guarantees every a value is an integer, we can freely wrap up a value in an SNumber with existential Integer type parameter.

Like someSNumberVal, but in quantified CPS style rather than GADT style.

Compare two type-level Integers using their runtime witnesses.

Test equality of two type-level Integers using their runtime witnesses.

Arithmetic ops with overflow detection.

Laws:

• overflowAdd x y = (False, xy) =>
        toInteger xy === toInteger x + toInteger y

• overflowSub x y = (False, xy) =>
        toInteger xy === toInteger x - toInteger y

• overflowMul x y = (False, xy) =>
        toInteger xy === toInteger x * toInteger y

This is used for arithmetic on SNumber runtime values, so creating incorrect instances is type-unsafe.

Compute a runtime witness of m + n, or Nothing.

Compute a runtime witness of m - n, or Nothing.

Compute a runtime witness of m * n, or Nothing.

An exception for overflows in checked SNumber arithmetic.

Compute a runtime witness of m + n, or throw.

Compute a runtime witness of m - n, or throw.

Compute a runtime witness of m * n, or throw.

Compute a runtime witness of exact division.

We could provide division in terms of Div instead, but Kinds.Integer doesn't currently have division.

Like KnownNat, but represented by a instead of Natural.

This is currently solved automatically from KnownNat via runtime checks, to ease migration (we can incrementally strengthen KnownNat constraints to KnownSNumber constraints), but in the future it may be changed to use SafeSNumber, which will rule out runtime failures but will require additional proofs in order to solve via KnownNat. For statically known Integers, these proofs will be entirely automatic.

This class is meant to be used primarily in instance contexts; for standalone functions, it's probably better to pass an SNumber explicitly.

Get an SNumber out of the context from KnownSNumber or KnownNat.

This has the number as its first type parameter, for TypeApplications convenience.

Stash an SNumber at the type level as a KnownSNumber instance.

Use a positive SNumber to introduce a KnownNat instance.

The number of bits in the present system's Int type.

The smallest representable Int value.

One more than the largest representable Int value.

The number of bits in the present system's Word type.

One more than the largest representable Word value.