Skip to main content

Authority

creusot_std::ghost::resource

Struct Authority 

Source 
pub struct Authority<R: UnitRA>(/* private fields */);
Expand description

Wrapper around a Resource, that contains an authoritative value.

This type is a specialization of Resource for the common case where you want an authoritative resource. Authority and Fragment respectively contain the authoritative part and the fragment part of the ressource, and come with handy ghost functions to use them (provers have some trouble authomatically deriving when the context is full of other hypotheses).

Implementations§

Source§

impl<R: UnitRA> Authority<R>

Source

pub fn id(self) -> Id

Id of the underlying Resource.

logic

Source

pub fn id_ghost(&self) -> Id

Get the id for this resource.

This is the same as Self::id, but for ghost code.

terminates

ghost

ensures 

result == self.id()

Source

pub fn alloc() -> Ghost<Self>

Create a new, empty authority.

terminates

ghost

ensures 

result@ == R::unit()

Source

pub fn from_resource(r: Resource<Auth<R>>) -> (Self, Fragment<R>)

Create a new authority/fragment pair from a raw Auth resource.

terminates

ghost

requires 

r@.auth() != None

ensures 

result.0.id() == r.id() && result.1.id() == r.id()

ensures 

result.0@ == r@.auth().unwrap_logic()

ensures 

result.1@ == r@.frag()

Source

pub fn update<U: LocalUpdate<R>>(&mut self, frag: &mut Fragment<R>, upd: U)

Perform a local update on an authority, fragment pair

terminates

ghost

requires 

self.id() == frag.id()

requires 

upd.premise(self@, frag@)

ensures 

self.id() == (^self).id()

ensures 

frag.id() == (^frag).id()

ensures 

frag@.incl(self@)

ensures 

((^self)@, (^frag)@) == upd.update(self@, frag@)

Source

pub fn add_fragment(&mut self, frag: Snapshot<R>) -> Fragment<R>

Add a piece to the authority, and return a new fragment corresponding to this piece.

This is a specialization of Self::update with OpLocalUpdate.

terminates

ghost

requires 

self@.op(*frag) != None

ensures 

(^self)@ == self@.op(*frag).unwrap_logic()

ensures 

result@ == *frag

ensures 

result.id() == self.id() && (^self).id() == self.id()

Source

pub fn frag_lemma(&self, frag: &Fragment<R>)

Asserts that the fragment represented by frag is contained in self.

terminates

ghost

requires 

self.id() == frag.id()

ensures 

frag@.incl(self@)

Trait Implementations§

Source§

impl<R: UnitRA> Invariant for Authority<R>

Source§

fn invariant(self) -> bool

logic

Source§

impl<R: UnitRA> View for Authority<R>

Source§

fn view(self) -> R

Get the authoritative value.

logic

Source§

type ViewTy = R

Auto Trait Implementations§

§

impl<R> Freeze for Authority<R>

§

impl<R> Objective for Authority<R>
where R: Objective,

§

impl<R> RefUnwindSafe for Authority<R>
where R: RefUnwindSafe,

§

impl<R> Send for Authority<R>

§

impl<R> Sync for Authority<R>
where R: Sync,

§

impl<R> Unpin for Authority<R>
where R: Unpin,

§

impl<R> UnsafeUnpin for Authority<R>

§

impl<R> UnwindSafe for Authority<R>
where R: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.