Opt

vest_lib::regular::variant

Struct Opt 

Source 
pub struct Opt<T>(pub T);
Expand description

The optional combinator that never fails. If the inner combinator fails, the result is None.

§Note

One might think that the Opt<T> combinator can be encoded as OrdChoice<T, Success>. However, this is not the case because one cannot prove that Success is disjoint from T. In fact, there is a fundamental difference between Opt<T> and OrdChoice<Fst, Snd>: the Disjoint conditions can be aggregated for OrdChoice, making it “nestable”, while the “productivity” condition cannot be aggregated for Opt (i.e., Opt<Opt<T>> can never be constructed).

Tuple Fields§

§0: T

Implementations§

Source§

impl<C: View> Opt<C>
where C::V: SecureSpecCombinator,

Source

pub exec fn new(c: C) -> o : Self

requires
c@.is_productive(),
ensures
o == Opt(c),

Constructs a new Opt combinator, only if the inner combinator is productive.

Trait Implementations§

Source§

impl<'x, I, O, T> Combinator<'x, I, O> for Opt<T>
where I: VestInput, O: VestOutput<I>, T: Combinator<'x, I, O, SType = &'x <T as Combinator<'x, I, O>>::Type>, T::V: SecureSpecCombinator<Type = <T::Type as View>::V>, T::Type: 'x,

Source§

exec fn length(&self, v: Self::SType) -> usize

Source§

open spec fn ex_requires(&self) -> bool

{ self.0.ex_requires() }
Source§

exec fn parse(&self, s: I) -> res : Result<(usize, Self::Type), ParseError>

Source§

exec fn serialize( &self, v: Self::SType, data: &mut O, pos: usize, ) -> res : Result<usize, SerializeError>

Source§

type Type = Optional<<T as Combinator<'x, I, O>>::Type>

The result type of parsing
Source§

type SType = &'x <Opt<T> as Combinator<'x, I, O>>::Type

The input type of serialization, often a reference to Self::Type. For “structural” formats though (e.g., crate::regular::sequence::Pair and crate::regular::variant::Choice), this is the tuple/sum of the corresponding Combinator::SType types.
Source§

impl<T: SecureSpecCombinator> SecureSpecCombinator for Opt<T>

Source§

open spec fn is_prefix_secure() -> bool

{ false }
Source§

open spec fn is_productive(&self) -> bool

{ false }
Source§

proof fn lemma_prefix_secure(&self, s1: Seq<u8>, s2: Seq<u8>)

Source§

proof fn theorem_serialize_parse_roundtrip(&self, v: Self::Type)

Source§

proof fn theorem_parse_serialize_roundtrip(&self, buf: Seq<u8>)

Source§

proof fn lemma_parse_length(&self, s: Seq<u8>)

Source§

proof fn lemma_parse_productive(&self, s: Seq<u8>)

Source§

fn corollary_parse_surjective(&self, v: Self::Type)

Read more
Source§

fn corollary_serialize_injective(&self, v1: Self::Type, v2: Self::Type)

Read more
Source§

fn corollary_serialize_injective_contraposition( &self, v1: Self::Type, v2: Self::Type, )

Read more
Source§

fn corollary_parse_non_malleable(&self, buf1: Seq<u8>, buf2: Seq<u8>)

Read more
Source§

fn lemma_serialize_productive(&self, v: Self::Type)

Read more
Source§

impl<T: SecureSpecCombinator> SpecCombinator for Opt<T>

Source§

open spec fn requires(&self) -> bool

{ self.0.requires() && self.0.is_productive() }
Source§

open spec fn wf(&self, v: Self::Type) -> bool

{
    match v {
        Some(vv) => self.0.wf(vv),
        None => true,
    }
}
Source§

open spec fn spec_parse(&self, s: Seq<u8>) -> Option<(int, Self::Type)>

{
    if let Some((n, v)) = self.0.spec_parse(s) {
        Some((n, Some(v)))
    } else {
        Some((0, None))
    }
}
Source§

open spec fn spec_serialize(&self, v: Self::Type) -> Seq<u8>

{
    match v {
        Some(v) => self.0.spec_serialize(v),
        None => Seq::empty(),
    }
}
Source§

type Type = Option<<T as SpecCombinator>::Type>

The view of [Combinator::Result].
Source§

impl<T: View> View for Opt<T>

Source§

open spec fn view(&self) -> Self::V

{ Opt(self.0@) }
Source§

type V = Opt<<T as View>::V>

Auto Trait Implementations§

§

impl<T> Freeze for Opt<T>
where T: Freeze,

§

impl<T> RefUnwindSafe for Opt<T>
where T: RefUnwindSafe,

§

impl<T> Send for Opt<T>
where T: Send,

§

impl<T> Sync for Opt<T>
where T: Sync,

§

impl<T> Unpin for Opt<T>
where T: Unpin,

§

impl<T> UnwindSafe for Opt<T>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T
where T: View, <T as View>::V: SpecFrom<<T as View>::V>,

Source§

exec fn ex_from(t: T) -> res : T

Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where T: View, U: View + From<T>, <U as View>::V: SpecFrom<<T as View>::V>,

Source§

exec fn ex_into(self) -> U

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T> SpecFrom<T> for T

Source§

open spec fn spec_from(t: T) -> T

{ t }
Source§

impl<T, U> SpecInto<U> for T
where U: SpecFrom<T>,

Source§

open spec fn spec_into(self) -> U

{ U::spec_from(self) }
Source§

impl<T, U> SpecTryInto<U> for T
where U: SpecTryFrom<T>,

Source§

open spec fn spec_try_into(self) -> Result<U, <U as SpecTryFrom<T>>::Error>

{ U::spec_try_from(self) }
Source§

type Error = <U as SpecTryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where T: View, U: View + TryFrom<T>, <U as View>::V: SpecTryFrom<<T as View>::V>,

Source§

exec fn ex_try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>