Sum

creusot_contracts::logic::ra::sum

Enum Sum 

Source 
pub enum Sum<T, U> {
    Left(T),
    Right(U),
}
Expand description

The ‘sum’ (or ‘either’) Resource Algebra.

This represents a resource that is in two possible states. Combining a Left with a Right is invalid.

Variants§

§

Left(T)

§

Right(U)

Trait Implementations§

Source§

impl<R1: RA, R2: RA, U: LocalUpdate<R1>> LocalUpdate<Sum<R1, R2>> for SumLocalUpdateL<U>

Source§

fn premise(self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>) -> bool

(open)

match (from_auth, from_frag) {
    (Sum::Left(from_auth), Sum::Left(from_frag)) => self.0.premise(from_auth, from_frag),
    (Sum::Right(_), Sum::Right(_)) => false,
    _ => true,
}
Source§

fn update( self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>, ) -> (Sum<R1, R2>, Sum<R1, R2>)

(open)

match (from_auth, from_frag) {
    (Sum::Left(from_auth), Sum::Left(from_frag)) => {
        let (to_auth, to_frag) = self.0.update(from_auth, from_frag);
        (Sum::Left(to_auth), Sum::Left(to_frag))
    }
    _ => such_that(|_| true),
}
Source§

fn frame_preserving( self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>, frame: Option<Sum<R1, R2>>, )

requires 

self.premise(from_auth, from_frag)

requires 

Some(from_frag).op(frame) == Some(Some(from_auth))

ensures

let (to_auth, to_frag) = self.update(from_auth, from_frag);
Some(to_frag).op(frame) == Some(Some(to_auth))
Source§

impl<R1: RA, R2: RA, U: LocalUpdate<R2>> LocalUpdate<Sum<R1, R2>> for SumLocalUpdateR<U>

Source§

fn premise(self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>) -> bool

(open)

match (from_auth, from_frag) {
    (Sum::Right(from_auth), Sum::Right(from_frag)) => self.0.premise(from_auth, from_frag),
    (Sum::Left(_), Sum::Left(_)) => false,
    _ => true,
}
Source§

fn update( self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>, ) -> (Sum<R1, R2>, Sum<R1, R2>)

(open)

match (from_auth, from_frag) {
    (Sum::Right(from_auth), Sum::Right(from_frag)) => {
        let (to_auth, to_frag) = self.0.update(from_auth, from_frag);
        (Sum::Right(to_auth), Sum::Right(to_frag))
    }
    _ => such_that(|_| true),
}
Source§

fn frame_preserving( self, from_auth: Sum<R1, R2>, from_frag: Sum<R1, R2>, frame: Option<Sum<R1, R2>>, )

requires 

self.premise(from_auth, from_frag)

requires 

Some(from_frag).op(frame) == Some(Some(from_auth))

ensures

let (to_auth, to_frag) = self.update(from_auth, from_frag);
Some(to_frag).op(frame) == Some(Some(to_auth))
Source§

impl<R1: RA, R2: RA> RA for Sum<R1, R2>

Source§

fn op(self, other: Self) -> Option<Self>

(open)

match (self, other) {
    (Self::Left(x), Self::Left(y)) => x.op(y).map_logic(|l| Self::Left(l)),
    (Self::Right(x), Self::Right(y)) => x.op(y).map_logic(|r| Self::Right(r)),
    _ => None,
}
Source§

fn factor(self, factor: Self) -> Option<Self>

(open)

match (self, factor) {
    (Self::Left(x), Self::Left(y)) => x.factor(y).map_logic(|l| Self::Left(l)),
    (Self::Right(x), Self::Right(y)) => x.factor(y).map_logic(|r| Self::Right(r)),
    _ => None,
}

ensures

match result {
        Some(c) => factor.op(c) == Some(self),
        None => forall<c: Self> factor.op(c) != Some(self),
    }
Source§

fn commutative(a: Self, b: Self)

(open(pub(self)), law)

ensures 

a.op(b) == b.op(a)

Source§

fn associative(a: Self, b: Self, c: Self)

(open(pub(self)), law)

ensures

a.op(b).and_then_logic(|ab: Self| ab.op(c)) == b.op(c).and_then_logic(|bc| a.op(bc))
Source§

fn core(self) -> Option<Self>

(open)

match self {
    Self::Left(x) => x.core().map_logic(|l| Self::Left(l)),
    Self::Right(x) => x.core().map_logic(|r| Self::Right(r)),
}

ensures

match result {
        Some(c) => c.op(c) == Some(c) && c.op(self) == Some(self),
        None => true
    }
Source§

fn core_is_maximal_idemp(self, i: Self)

requires 

i.op(i) == Some(i)

requires 

i.op(self) == Some(self)

ensures

match self.core() {
        Some(c) => i.incl(c),
        None => false,
    }
Source§

fn incl(self, other: Self) -> bool

Inclusion of RA. Read more
Source§

fn incl_op(self, other: Self, comb: Self)

(law, sealed) Read more
Source§

fn incl_eq(self, other: Self) -> bool

(open, sealed) Read more

Source§

fn incl_eq_op(a: Self, b: Self, x: Self) -> bool

(open, sealed) Read more
Source§

fn update(self, x: Self) -> bool

Ensures that we can go from self to x without making composition with the frame invalid. Read more
Source§

fn update_nondet(self, s: Set<Self>) -> bool

This is used in Resource::update_nondet. Read more
Source§

fn incl_transitive(a: Self, b: Self, c: Self)

RA::incl is transitive. Read more
Source§

impl<R1: RA, R2: RA, U: Update<R1>> Update<Sum<R1, R2>> for SumUpdateL<U>

Source§

fn premise(self, from: Sum<R1, R2>) -> bool

(open)

match from {
    Sum::Left(from) => self.0.premise(from),
    Sum::Right(_) => false,
}
Source§

fn update(self, from: Sum<R1, R2>, ch: U::Choice) -> Sum<R1, R2>

(open)

match from {
    Sum::Left(from) => Sum::Left(self.0.update(from, ch)),
    x => x, /* Dummy */
}

requires 

self.premise(from)

Source§

fn frame_preserving(self, from: Sum<R1, R2>, frame: Sum<R1, R2>) -> U::Choice

requires 

self.premise(from)

requires 

from.op(frame) != None

ensures 

self.update(from, result).op(frame) != None

Source§

type Choice = <U as Update<R1>>::Choice

Source§

impl<R: RA, U: Update<R>, V: RA> Update<Sum<V, R>> for SumUpdateR<U>

Source§

fn premise(self, from: Sum<V, R>) -> bool

(open)

match from {
    Sum::Right(from) => self.0.premise(from),
    Sum::Left(_) => false,
}
Source§

fn update(self, from: Sum<V, R>, ch: U::Choice) -> Sum<V, R>

(open)

match from {
    Sum::Right(from) => Sum::Right(self.0.update(from, ch)),
    x => x, /* Dummy */
}

requires 

self.premise(from)

Source§

fn frame_preserving(self, from: Sum<V, R>, frame: Sum<V, R>) -> U::Choice

requires 

self.premise(from)

requires 

from.op(frame) != None

ensures 

self.update(from, result).op(frame) != None

Source§

type Choice = <U as Update<R>>::Choice

Auto Trait Implementations§

§

impl<T, U> Freeze for Sum<T, U>
where T: Freeze, U: Freeze,

§

impl<T, U> RefUnwindSafe for Sum<T, U>
where T: RefUnwindSafe, U: RefUnwindSafe,

§

impl<T, U> Send for Sum<T, U>
where T: Send, U: Send,

§

impl<T, U> Sync for Sum<T, U>
where T: Sync, U: Sync,

§

impl<T, U> Unpin for Sum<T, U>
where T: Unpin, U: Unpin,

§

impl<T, U> UnwindSafe for Sum<T, U>
where T: UnwindSafe, U: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.