creusot_std/logic/ra/
option.rs

1#[cfg(creusot)]
2use crate::logic::such_that;
3use crate::{
4    logic::ra::{
5        RA, UnitRA,
6        update::{LocalUpdate, Update},
7    },
8    prelude::*,
9};
10
11impl<T: RA> RA for Option<T> {
12    #[logic(open)]
13    fn op(self, other: Self) -> Option<Self> {
14        match (self, other) {
15            (None, _) => Some(other),
16            (_, None) => Some(self),
17            (Some(x), Some(y)) => x.op(y).map_logic(|z| Some(z)),
18        }
19    }
20
21    #[logic(open)]
22    #[ensures(match result {
23        Some(c) => factor.op(c) == Some(self),
24        None => forall<c: Self> factor.op(c) != Some(self),
25    })]
26    fn factor(self, factor: Self) -> Option<Self> {
27        match (self, factor) {
28            (x, None) => Some(x),
29            (None, _) => None,
30            (Some(x), Some(y)) => match x.factor(y) {
31                Some(z) => Some(Some(z)),
32                None => {
33                    if x == y {
34                        Some(None)
35                    } else {
36                        None
37                    }
38                }
39            },
40        }
41    }
42
43    #[logic(open, inline)]
44    #[ensures(result == (self == other))]
45    fn eq(self, other: Self) -> bool {
46        match (self, other) {
47            (Some(s), Some(o)) => s.eq(o),
48            (None, None) => true,
49            _ => false,
50        }
51    }
52
53    #[logic(law)]
54    #[ensures(a.op(b) == b.op(a))]
55    fn commutative(a: Self, b: Self) {
56        let _ = <T as RA>::commutative;
57    }
58
59    #[logic]
60    #[ensures(a.op(b).and_then_logic(|ab: Self| ab.op(c)) == b.op(c).and_then_logic(|bc| a.op(bc)))]
61    fn associative(a: Self, b: Self, c: Self) {}
62
63    #[logic(open)]
64    fn core(self) -> Option<Self> {
65        match self {
66            None => Some(None),
67            Some(x) => Some(x.core()),
68        }
69    }
70
71    #[logic]
72    #[requires(self.core() != None)]
73    #[ensures({
74        let c = self.core().unwrap_logic();
75        c.op(c) == Some(c)
76    })]
77    #[ensures(self.core().unwrap_logic().op(self) == Some(self))]
78    fn core_idemp(self) {
79        self.core_total_idemp()
80    }
81
82    #[logic]
83    #[requires(i.op(i) == Some(i))]
84    #[requires(i.op(self) == Some(self))]
85    #[ensures(match self.core() {
86        Some(c) => i.incl(c),
87        None => false,
88    })]
89    fn core_is_maximal_idemp(self, i: Self) {
90        match (self, i) {
91            (Some(x), Some(i)) => x.core_is_maximal_idemp(i),
92            _ => (),
93        }
94    }
95}
96
97impl<T: RA> UnitRA for Option<T> {
98    #[logic(open)]
99    #[ensures(forall<x: Self> #[trigger(x.op(result))] x.op(result) == Some(x))]
100    fn unit() -> Self {
101        None
102    }
103
104    #[logic(open)]
105    #[ensures(self.core() == Some(result))]
106    fn core_total(self) -> Self {
107        match self {
108            None => None,
109            Some(x) => x.core(),
110        }
111    }
112
113    #[logic]
114    #[ensures(self.core_total().op(self.core_total()) == Some(self.core_total()))]
115    #[ensures(self.core_total().op(self) == Some(self))]
116    fn core_total_idemp(self) {
117        let _ = T::core_idemp;
118    }
119}
120
121pub struct OptionUpdate<U>(pub U);
122
123impl<R: RA, U: Update<R>> Update<Option<R>> for OptionUpdate<U> {
124    type Choice = U::Choice;
125
126    #[logic(open, inline)]
127    fn premise(self, from: Option<R>) -> bool {
128        match from {
129            Some(from) => self.0.premise(from),
130            None => false,
131        }
132    }
133
134    #[logic(open, inline)]
135    #[requires(self.premise(from))]
136    fn update(self, from: Option<R>, ch: U::Choice) -> Option<R> {
137        match from {
138            Some(from) => Some(self.0.update(from, ch)),
139            None => None, /* Dummy */
140        }
141    }
142
143    #[logic]
144    #[requires(self.premise(from))]
145    #[requires(from.op(frame) != None)]
146    #[ensures(self.update(from, result).op(frame) != None)]
147    fn frame_preserving(self, from: Option<R>, frame: Option<R>) -> U::Choice {
148        match frame {
149            Some(frame) => self.0.frame_preserving(from.unwrap_logic(), frame),
150            None => such_that(|_| true),
151        }
152    }
153}
154
155pub struct OptionLocalUpdate<U>(pub U);
156
157impl<R: RA, U: LocalUpdate<R>> LocalUpdate<Option<R>> for OptionLocalUpdate<U> {
158    #[logic(open, inline)]
159    fn premise(self, from_auth: Option<R>, from_frag: Option<R>) -> bool {
160        match (from_auth, from_frag) {
161            (Some(from_auth), Some(from_frag)) => self.0.premise(from_auth, from_frag),
162            _ => false,
163        }
164    }
165
166    #[logic(open, inline)]
167    fn update(self, from_auth: Option<R>, from_frag: Option<R>) -> (Option<R>, Option<R>) {
168        match (from_auth, from_frag) {
169            (Some(from_auth), Some(from_frag)) => {
170                let (to_auth, to_frag) = self.0.update(from_auth, from_frag);
171                (Some(to_auth), Some(to_frag))
172            }
173            _ => (None, None), // Dummy
174        }
175    }
176
177    #[logic]
178    #[requires(self.premise(from_auth, from_frag))]
179    #[requires(Some(from_frag).op(frame) == Some(Some(from_auth)))]
180    #[ensures({
181        let (to_auth, to_frag) = self.update(from_auth, from_frag);
182        Some(to_frag).op(frame) == Some(Some(to_auth))
183    })]
184    fn frame_preserving(
185        self,
186        from_auth: Option<R>,
187        from_frag: Option<R>,
188        frame: Option<Option<R>>,
189    ) {
190        let frame = match frame {
191            None => None,
192            Some(f) => f,
193        };
194        self.0.frame_preserving(from_auth.unwrap_logic(), from_frag.unwrap_logic(), frame)
195    }
196}
creusot_std/logic/ra/option.rs

creusot_std/logic/ra/
option.rs
