Sum

vstd_extra::sum

Enum Sum 

Source 
pub enum Sum<L, R> {
    Left(L),
    Right(R),
}
Expand description

The Sum Type, corresponding to the Either type in Rust.

Variants§

§

Left(L)

§

Right(R)

Implementations§

Source§

impl<L, R> Sum<L, R>

Source

pub fn arrow_Left_0(self) -> L

Source

pub fn arrow_Right_0(self) -> R

Source§

impl<L, R> Sum<L, R>

Source

pub open spec fn left(self) -> L

{ self->Left_0 }
Source

pub open spec fn right(self) -> R

{ self->Right_0 }
Source

pub proof fn new_left(tracked left: L) -> tracked res : Self

returns
Self::Left(left),
Source

pub proof fn new_right(tracked right: R) -> tracked res : Self

returns
Self::Right(right),
Source

pub proof fn tracked_take_left(tracked self) -> tracked res : L

requires
self is Left,
returns
self->Left_0,
Source

pub proof fn tracked_take_right(tracked self) -> tracked res : R

requires
self is Right,
returns
self->Right_0,
Source

pub proof fn tracked_borrow_left(tracked &self) -> tracked res : &L

requires
self is Left,
ensures
*res == self->Left_0,
Source

pub proof fn tracked_borrow_right(tracked &self) -> tracked res : &R

requires
self is Right,
ensures
*res == self->Right_0,
Source

pub open spec fn lift_map_left<K>(m: Map<K, L>) -> Map<K, Self>

{ m.map_values(|w| Sum::<L, R>::Left(w)) }
Source

pub open spec fn lift_map_right<K>(m: Map<K, R>) -> Map<K, Self>

{ m.map_values(|v| Sum::<L, R>::Right(v)) }
Source

pub proof fn tracked_swap_left(tracked &mut self, tracked new_left: L) -> tracked res : L

requires
*old(self) is Left,
ensures
res == old(self)->Left_0,
*self is Left,
self->Left_0 == new_left,
Source

pub proof fn tracked_swap_right(tracked &mut self, tracked new_right: R) -> tracked res : R

requires
*old(self) is Right,
ensures
res == old(self)->Right_0,
*self is Right,
self->Right_0 == new_right,

Trait Implementations§

Source§

impl<L: Inv, R: Inv> Inv for Sum<L, R>

Source§

open spec fn inv(self) -> bool

{
    match self {
        Self::Left(left) => left.inv(),
        Self::Right(right) => right.inv(),
    }
}
Source§

impl<A, B, const TOTAL: u64> Protocol<(), Sum<A, B>> for CsumP<A, B, TOTAL>

Source§

open spec fn op(self, other: Self) -> Self

{
    match (self, other) {
        (CsumP::Unit, x) => x,
        (x, CsumP::Unit) => x,
        (CsumP::Cinl(ov1, n1, b1), CsumP::Cinl(ov2, n2, b2)) => {
            if !self.is_valid() || !other.is_valid() || n1 + n2 > TOTAL || b1 && b2
                || ov1 is Some && ov2 is Some
            {
                CsumP::CsumInvalid
            } else {
                CsumP::Cinl(if ov1 is Some { ov1 } else { ov2 }, n1 + n2, b1 || b2)
            }
        }
        (CsumP::Cinr(ov1, n1, b1), CsumP::Cinr(ov2, n2, b2)) => {
            if !self.is_valid() || !other.is_valid() || n1 + n2 > TOTAL || b1 && b2
                || ov1 is Some && ov2 is Some
            {
                CsumP::CsumInvalid
            } else {
                CsumP::Cinr(if ov1 is Some { ov1 } else { ov2 }, n1 + n2, b1 || b2)
            }
        }
        _ => CsumP::CsumInvalid,
    }
}
Source§

open spec fn rel(self, s: Map<(), Sum<A, B>>) -> bool

{
    match self {
        CsumP::Unit => s.is_empty(),
        CsumP::Cinl(None, n, true) => 0 <= n <= TOTAL && s.is_empty(),
        CsumP::Cinl(Some(a), n, true) => {
            0 <= n <= TOTAL && s.contains_key(()) && s[()] == Sum::<A, B>::Left(a)
        }
        CsumP::Cinr(None, n, true) => 0 <= n <= TOTAL && s.is_empty(),
        CsumP::Cinr(Some(b), n, true) => {
            0 <= n <= TOTAL && s.contains_key(()) && s[()] == Sum::<A, B>::Right(b)
        }
        _ => false,
    }
}
Source§

open spec fn unit() -> Self

{ CsumP::Unit }
Source§

proof fn commutative(a: Self, b: Self)

Source§

proof fn associative(a: Self, b: Self, c: Self)

Source§

proof fn op_unit(a: Self)

Auto Trait Implementations§

§

impl<L, R> Freeze for Sum<L, R>
where L: Freeze, R: Freeze,

§

impl<L, R> RefUnwindSafe for Sum<L, R>
where L: RefUnwindSafe, R: RefUnwindSafe,

§

impl<L, R> Send for Sum<L, R>
where L: Send, R: Send,

§

impl<L, R> Sync for Sum<L, R>
where L: Sync, R: Sync,

§

impl<L, R> Unpin for Sum<L, R>
where L: Unpin, R: Unpin,

§

impl<L, R> UnwindSafe for Sum<L, R>
where L: UnwindSafe, R: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>