-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Provide Specs for the Standard Library #1249
base: master
Are you sure you want to change the base?
Conversation
That's exciting stuff! Would this also be possible for |
Sure! For the values so far, size and alignment seem to be the same, so that should be really simple. Interestingly, it seems that |
includes inheritance of postconditions and auto trait "transitivity"
have to desugar this manually since prusti syntax breaks rust's macro parsing
Oh yeah, to establish a link: this resolves #941! |
is this something that could be partially merged? |
As part of my thesis under @Aurel300, this pull request adds specifications to the most popular types & functions in the Rust Standard Library. I am using data gathered through qrates to inform decisions on what specs to prioritize, along with a sense of logical units, e.g. covering all members of the unconstrained
Option<T>
orResult<T, E>
impl
s, rather than only specifying the subset of these methods that sees the most usage.Outline of Planned & Completed Specifications
These specs are very much a work in progress and far from complete at the moment, though what is there should be sound.
core::option::Option
core::result::Result
core::clone::Clone
core::default::Default
specific default values
()
,bool
,char
, numbers (the types specified here)core::ops::Deref
This is currently blocked due to #1221.
core::ops::Index
/core::ops::IndexMut
This is similarly blocked due to #1221.
core::ops::Try
core::option::Option
core::option::Result
core::mem::size_of
core::convert::From
/Into
Slices/Arrays
usize
(built-in)Indexing is currently blocked due to #1221.
alloc::vec::Vec
Deref
as slice (Error when using pure functions that return a reference #1221)as_slice
(Error when using pure functions that return a reference #1221)vec!
macro (requires unsizing from above, but very simple given that!)alloc::string::String
Deref
asstr
(Error when using pure functions that return a reference #1221)as_str
(Error when using pure functions that return a reference #1221)&str
toString
conversion usingFrom
/Into
I envision Strings and Vecs to work very similarly, mostly powered by a pure
as_str
/as_slice
that acts as the source of truth. Unfortunately, that approach (like so much other stuff) is currently blocked, but I think the issue is so fundamental that it's better to just resolve it directly than to find a temporary workaround.core::cmp::PartialEq
/core::cmp::PartialOrd
These are currently blocked due to #1311.
Ranges
contains
on inclusive & half-open ranges, for loops & invariants (Inheritance of Purity from Trait Specs #1311)core::ops
Binary Ops for ReferencesThese operations don't have blanket impls for when one or both sides are a reference, but their implementations are unified using macros, which probably makes sense for us to replicate.
Smart Pointers (e.g.
alloc::rc::Rc
)This fundamentally relies on
Deref
and is thus also blocked by #1221.Once that is resolved, specifying their
Deref
implementation as pure and expressing transfer into and out of a box via e.g.ensures(old(x) === snap(result.deref()))
should go a long way towards specifying this type usefully.Note that
Box
already has builtin support in Prusti, partly because Rust itself already treats it specially (e.g. that*box
can move out of the box).