Skip to main content

creusot_std/logic/ra/
option.rs

1#[cfg(creusot)]
2use crate::logic::such_that;
3use crate::{
4    logic::ra::{
5        RA, UnitRA,
6        update::{LocalUpdate, Update},
7    },
8    prelude::*,
9};
10
11impl<T: RA> RA for Option<T> {
12    #[logic(open)]
13    fn op(self, other: Self) -> Option<Self> {
14        match (self, other) {
15            (None, _) => Some(other),
16            (_, None) => Some(self),
17            (Some(x), Some(y)) => x.op(y).map_logic(|z| Some(z)),
18        }
19    }
20
21    #[logic(open)]
22    #[ensures(match result {
23        Some(c) => factor.op(c) == Some(self),
24        None => forall<c: Self> factor.op(c) != Some(self),
25    })]
26    fn factor(self, factor: Self) -> Option<Self> {
27        match (self, factor) {
28            (x, None) => Some(x),
29            (None, _) => None,
30            (Some(x), Some(y)) => match x.factor(y) {
31                Some(z) => Some(Some(z)),
32                None => {
33                    if x == y {
34                        Some(None)
35                    } else {
36                        None
37                    }
38                }
39            },
40        }
41    }
42
43    #[logic(open, inline)]
44    #[ensures(result == (self == other))]
45    fn eq(self, other: Self) -> bool {
46        match (self, other) {
47            (Some(s), Some(o)) => s.eq(o),
48            (None, None) => true,
49            _ => false,
50        }
51    }
52
53    #[logic(law)]
54    #[ensures(a.op(b) == b.op(a))]
55    fn commutative(a: Self, b: Self) {
56        let _ = <T as RA>::commutative;
57    }
58
59    #[logic]
60    #[ensures(a.op(b).and_then_logic(|ab: Self| ab.op(c)) == b.op(c).and_then_logic(|bc| a.op(bc)))]
61    fn associative(a: Self, b: Self, c: Self) {}
62
63    #[logic(open)]
64    fn core(self) -> Option<Self> {
65        match self {
66            None => Some(None),
67            Some(x) => Some(x.core()),
68        }
69    }
70
71    #[logic]
72    #[requires(self.core() != None)]
73    #[ensures({
74        let c = self.core().unwrap_logic();
75        c.op(c) == Some(c)
76    })]
77    #[ensures(self.core().unwrap_logic().op(self) == Some(self))]
78    fn core_idemp(self) {
79        self.core_total_idemp()
80    }
81
82    #[logic]
83    #[requires(i.op(i) == Some(i))]
84    #[requires(i.op(self) == Some(self))]
85    #[ensures(match self.core() {
86        Some(c) => i.incl(c),
87        None => false,
88    })]
89    fn core_is_maximal_idemp(self, i: Self) {
90        match (self, i) {
91            (Some(x), Some(i)) => x.core_is_maximal_idemp(i),
92            _ => (),
93        }
94    }
95}
96
97impl<T: RA> UnitRA for Option<T> {
98    #[logic(open)]
99    #[ensures(forall<x: Self> #[trigger(x.op(result))] x.op(result) == Some(x))]
100    fn unit() -> Self {
101        None
102    }
103
104    #[logic(open)]
105    #[ensures(self.core() == Some(result))]
106    fn core_total(self) -> Self {
107        match self {
108            None => None,
109            Some(x) => x.core(),
110        }
111    }
112
113    #[logic]
114    #[ensures(self.core_total().op(self.core_total()) == Some(self.core_total()))]
115    #[ensures(self.core_total().op(self) == Some(self))]
116    fn core_total_idemp(self) {
117        let _ = T::core_idemp;
118    }
119}
120
121/// Apply an [update](Update) to the inner value of an [`Option`] resource.
122///
123/// This requires the resource to be in the `Some` state.
124///
125/// # Example
126///
127/// ```
128/// use creusot_std::{
129///     ghost::resource::Resource,
130///     logic::ra::{
131///         excl::{Excl, ExclUpdate},
132///         option::OptionUpdate,
133///     },
134///     prelude::*,
135/// };
136///
137/// let mut res = Resource::alloc(snapshot!(Some(Excl(1))));
138/// ghost! { res.update(OptionUpdate(ExclUpdate(snapshot!(2)))) };
139/// proof_assert!(res@ == Some(Excl(2)));
140/// ```
141pub struct OptionUpdate<U>(pub U);
142
143impl<R: RA, U: Update<R>> Update<Option<R>> for OptionUpdate<U> {
144    type Choice = U::Choice;
145
146    #[logic(open, inline)]
147    fn premise(self, from: Option<R>) -> bool {
148        match from {
149            Some(from) => self.0.premise(from),
150            None => false,
151        }
152    }
153
154    #[logic(open, inline)]
155    #[requires(self.premise(from))]
156    fn update(self, from: Option<R>, ch: U::Choice) -> Option<R> {
157        match from {
158            Some(from) => Some(self.0.update(from, ch)),
159            None => None, /* Dummy */
160        }
161    }
162
163    #[logic]
164    #[requires(self.premise(from))]
165    #[requires(from.op(frame) != None)]
166    #[ensures(self.update(from, result).op(frame) != None)]
167    fn frame_preserving(self, from: Option<R>, frame: Option<R>) -> U::Choice {
168        match frame {
169            Some(frame) => self.0.frame_preserving(from.unwrap_logic(), frame),
170            None => such_that(|_| true),
171        }
172    }
173}
174
175/// Apply an [update](LocalUpdate) to the inner value of an authority/fragment
176/// pair of [`Option`]s.
177///
178/// This requires that both the authority and the fragment are not `None`.
179pub struct OptionLocalUpdate<U>(pub U);
180
181impl<R: RA, U: LocalUpdate<R>> LocalUpdate<Option<R>> for OptionLocalUpdate<U> {
182    #[logic(open, inline)]
183    fn premise(self, from_auth: Option<R>, from_frag: Option<R>) -> bool {
184        match (from_auth, from_frag) {
185            (Some(from_auth), Some(from_frag)) => self.0.premise(from_auth, from_frag),
186            _ => false,
187        }
188    }
189
190    #[logic(open, inline)]
191    fn update(self, from_auth: Option<R>, from_frag: Option<R>) -> (Option<R>, Option<R>) {
192        match (from_auth, from_frag) {
193            (Some(from_auth), Some(from_frag)) => {
194                let (to_auth, to_frag) = self.0.update(from_auth, from_frag);
195                (Some(to_auth), Some(to_frag))
196            }
197            _ => (None, None), // Dummy
198        }
199    }
200
201    #[logic]
202    #[requires(self.premise(from_auth, from_frag))]
203    #[requires(Some(from_frag).op(frame) == Some(Some(from_auth)))]
204    #[ensures({
205        let (to_auth, to_frag) = self.update(from_auth, from_frag);
206        Some(to_frag).op(frame) == Some(Some(to_auth))
207    })]
208    fn frame_preserving(
209        self,
210        from_auth: Option<R>,
211        from_frag: Option<R>,
212        frame: Option<Option<R>>,
213    ) {
214        let frame = match frame {
215            None => None,
216            Some(f) => f,
217        };
218        self.0.frame_preserving(from_auth.unwrap_logic(), from_frag.unwrap_logic(), frame)
219    }
220}