3 releases (breaking)
0.3.0 | Jun 6, 2020 |
---|---|
0.2.0 | Nov 5, 2019 |
0.1.0 | Nov 4, 2019 |
#45 in #invariants
Used in rep
22KB
334 lines
rep
rep
is a tiny utility that lets you easily enforce representation/class invariants throughout your Rust data structures.
Representation invariants are logical assertions that must hold true for every mutation of your data structure. For example, in your GIS application, you may have the following rep invariant for a LatLong
.
self.lat >= -90.0 && self.lat <= 90 && self.long >= -180.0 && self.long <= 180
Enforcing representation invariants is easy with rep
. Adding invariants to your data structures is just 2 easy steps.
- Define a correct representation (by implementing
CheckRep
either manually or with a macro) - Insert runtime checks (either manually or with a macro)
some examples
We can start off with a simple data structure.
use rep::*;
pub struct Line {
x1: i32,
y1: i32,
x2: i32,
y2: i32
}
The CheckRep
trait can be implemented. This serves as a definition of correct representation.
impl CheckRep for Line {
fn is_correct(&self) -> bool {
self.x1 != self.x2 && self.y1 != self.y2
}
}
Now we can use the #[check_rep]
macro to automatically insert calls to check_rep
at start and end of all methods that are pub
and mutate &mut self
. We can also manually make calls to check_rep
wherever we so desire.
#[check_rep] // <-- this inserts calls to check_rep at start and end of move_by
impl Line {
pub fn new() -> Self {
let new_line = Self {
x1: -1,
y1: -1,
x1: 1,
y1: 1
};
new_line.check_rep();
new_line
}
pub fn move_by(&mut self, x: i32, y: i32) {
self.x1 += x;
self.x2 += x;
self.y1 += y;
self.y2 += y;
}
}
some more examples
For simple representations, we can even derive an implementation of CheckRep
.
#[derive(CheckRep)]
struct Circle {
x: i32,
y: i32,
#[rep(assert_gt = 0)]
#[rep(assert_le = 2048)]
r: i32,
}
struct Parser {
#[rep(assert_default)]
unclosed_delims: (usize, usize, usize) // this is representing (parens, braces, brackets)
}
We can recursively check representation and use custom functions per field.
fn is_health_valid(h: u32) -> bool {
h > 0 && h < 100
}
#[derive(CheckRep)]
struct Player {
#[rep(check)]
position: Point,
#[rep(assert_with = "is_health_valid")]
health: u32
}
More advanced rep-checking can be done through custom checking.
fn is_health_valid(h: u32) -> bool {
h > 0 && h < 100
}
#[derive(CheckRep)]
struct Player {
#[rep(use_custom)] // indicates that custom code should be used
#[rep(check)]
position: Point,
#[rep(assert_with = "is_health_valid")]
health: u32
}
impl CustomCheckRep for Line {
fn c_correctness(&self) -> Result<(), Vec<String>> {
let mut errors = vec![];
if self.x2 != self.y2 {
errors.push(String::from("self.x2 must equal self.y2"));
}
if errors.len() == 0 { Ok(()) } else { Err(errors) }
}
}
struct Player {
position: Point,
health: u32
}
impl CheckRep for Player {
fn correctness(&self) -> Result<(), Vec<String>> {
let mut errors = vec![];
// your code here...
if errors.len() == 0 { Ok(()) } else { Err(errors) }
}
}
Once CheckRep
is implemented, you may use it with the #[check_rep
, #[require_rep
, and #[check_rep
macros.
// this adds `check_rep` at start and end of all public mutating methods
#[check_rep]
impl Device {
pub fn turn_on(&mut self) {}
// require_rep, ensure_rep, check_rep add to start, end, start and end respectively
#[require_rep]
pub fn get_voltage(&mut self, p: Position) {}
#[ensure_rep]
pub fn actuate(&mut self, p: Position, v: Voltage) {}
#[check_rep]
fn do_something(&self) {}
}
If a logger is present invariant violation will be logged instead of panicked.
usage
Just add the following to your Cargo.toml
file.
[dependencies]
rep = "0.3.0"
Then, in your module.
use rep::*;
Dependencies
~1.5MB
~38K SLoC