certeza/lib.rs
1//! # certeza - Asymptotic Test Effectiveness Framework
2//!
3//! A scientific experiment into realistic provability with Rust.
4//!
5//! This crate provides a comprehensive framework for approaching asymptotic test effectiveness
6//! in Rust software systems through the pragmatic integration of:
7//!
8//! - Property-based testing (using proptest)
9//! - Mutation testing (using cargo-mutants)
10//! - Structural coverage analysis
11//! - Selective formal verification (using Kani)
12//!
13//! ## Tiered TDD-X Workflow
14//!
15//! The framework implements three-tiered verification:
16//!
17//! ### Tier 1: ON-SAVE (Sub-second feedback)
18//! - Unit tests and focused property tests
19//! - Static analysis (`cargo check`, `cargo clippy`)
20//! - Enables rapid iteration in flow state
21//!
22//! ### Tier 2: ON-COMMIT (1-5 minutes)
23//! - Full property-based test suite
24//! - Coverage analysis (target: 95%+ line coverage)
25//! - Integration tests
26//!
27//! ### Tier 3: ON-MERGE/NIGHTLY (Hours)
28//! - Comprehensive mutation testing (target: >85% mutation score)
29//! - Formal verification for critical paths
30//! - Performance benchmarks
31//!
32//! ## Example
33//!
34//! ```rust
35//! use certeza::TruenoVec;
36//!
37//! let mut vec = TruenoVec::new();
38//! vec.push(1);
39//! vec.push(2);
40//! vec.push(3);
41//!
42//! assert_eq!(vec.len(), 3);
43//! assert_eq!(vec.get(1), Some(&2));
44//! assert_eq!(vec.pop(), Some(3));
45//! ```
46//!
47//! ## Philosophy
48//!
49//! While complete verification remains theoretically impossible (Dijkstra: "testing can
50//! only prove the presence of bugs, not their absence"), this framework provides a
51//! reproducible methodology for achieving practical maximum confidence in critical systems.
52
53#![warn(missing_docs)]
54#![warn(clippy::all)]
55#![warn(clippy::pedantic)]
56#![warn(clippy::nursery)]
57#![allow(clippy::module_name_repetitions)]
58
59#[macro_use]
60#[allow(unused_macros)]
61mod generated_contracts;
62
63pub mod benchmark;
64pub mod chaos;
65pub mod vec;
66
67pub use benchmark::*;
68pub use vec::{IntoIter, Iter, IterMut, TruenoVec};
69
70/// Adds two numbers together.
71///
72/// This is a simple example function demonstrating the testing framework.
73///
74/// # Examples
75///
76/// ```
77/// use certeza::add;
78///
79/// assert_eq!(add(2, 2), 4);
80/// assert_eq!(add(0, 0), 0);
81/// assert_eq!(add(1, 1), 2);
82/// ```
83///
84/// # Properties
85///
86/// This function satisfies several mathematical properties:
87/// - Commutativity: `add(a, b) == add(b, a)`
88/// - Associativity: `add(add(a, b), c) == add(a, add(b, c))`
89/// - Identity: `add(a, 0) == a`
90#[must_use]
91pub const fn add(left: u64, right: u64) -> u64 {
92 left + right
93}
94
95/// Subtracts one number from another.
96///
97/// # Examples
98///
99/// ```
100/// use certeza::subtract;
101///
102/// assert_eq!(subtract(4, 2), 2);
103/// assert_eq!(subtract(10, 5), 5);
104/// ```
105///
106/// # Panics
107///
108/// This function will panic if `right > left` due to unsigned integer underflow.
109/// Consider using checked arithmetic for production code.
110#[must_use]
111pub const fn subtract(left: u64, right: u64) -> u64 {
112 left - right
113}
114
115/// Multiplies two numbers together.
116///
117/// # Examples
118///
119/// ```
120/// use certeza::multiply;
121///
122/// assert_eq!(multiply(2, 3), 6);
123/// assert_eq!(multiply(0, 100), 0);
124/// ```
125///
126/// # Properties
127///
128/// This function satisfies several mathematical properties:
129/// - Commutativity: `multiply(a, b) == multiply(b, a)`
130/// - Associativity: `multiply(multiply(a, b), c) == multiply(a, multiply(b, c))`
131/// - Identity: `multiply(a, 1) == a`
132/// - Zero property: `multiply(a, 0) == 0`
133#[must_use]
134pub const fn multiply(left: u64, right: u64) -> u64 {
135 left * right
136}
137
138// ============================================================================
139// Unit Tests (Tier 1: Sub-second feedback)
140// ============================================================================
141
142#[cfg(test)]
143mod tests {
144 use super::*;
145
146 // Basic unit tests
147 #[test]
148 fn test_add_basic() {
149 assert_eq!(add(2, 2), 4);
150 assert_eq!(add(0, 0), 0);
151 assert_eq!(add(1, 1), 2);
152 }
153
154 #[test]
155 fn test_add_identity() {
156 assert_eq!(add(5, 0), 5);
157 assert_eq!(add(0, 5), 5);
158 }
159
160 #[test]
161 fn test_add_commutativity() {
162 assert_eq!(add(3, 7), add(7, 3));
163 assert_eq!(add(10, 20), add(20, 10));
164 }
165
166 #[test]
167 fn test_subtract_basic() {
168 assert_eq!(subtract(10, 5), 5);
169 assert_eq!(subtract(4, 2), 2);
170 }
171
172 #[test]
173 fn test_subtract_identity() {
174 assert_eq!(subtract(5, 0), 5);
175 assert_eq!(subtract(100, 0), 100);
176 }
177
178 #[test]
179 fn test_multiply_basic() {
180 assert_eq!(multiply(2, 3), 6);
181 assert_eq!(multiply(4, 5), 20);
182 }
183
184 #[test]
185 fn test_multiply_identity() {
186 assert_eq!(multiply(5, 1), 5);
187 assert_eq!(multiply(1, 5), 5);
188 }
189
190 #[test]
191 fn test_multiply_zero() {
192 assert_eq!(multiply(0, 5), 0);
193 assert_eq!(multiply(5, 0), 0);
194 assert_eq!(multiply(0, 0), 0);
195 }
196
197 #[test]
198 fn test_multiply_commutativity() {
199 assert_eq!(multiply(3, 7), multiply(7, 3));
200 assert_eq!(multiply(10, 20), multiply(20, 10));
201 }
202}
203
204// ============================================================================
205// Property-Based Tests (Tier 2: 1-5 minutes)
206// ============================================================================
207
208#[cfg(test)]
209mod property_tests {
210 use super::*;
211 use proptest::prelude::*;
212
213 // Property: Addition is commutative
214 proptest! {
215 #[test]
216 fn property_add_commutative(a in 0u64..1_000_000, b in 0u64..1_000_000) {
217 prop_assert_eq!(add(a, b), add(b, a));
218 }
219 }
220
221 // Property: Addition identity element is 0
222 proptest! {
223 #[test]
224 fn property_add_identity(a in 0u64..u64::MAX) {
225 prop_assert_eq!(add(a, 0), a);
226 prop_assert_eq!(add(0, a), a);
227 }
228 }
229
230 // Property: Addition is associative
231 proptest! {
232 #[test]
233 fn property_add_associative(
234 a in 0u64..1000,
235 b in 0u64..1000,
236 c in 0u64..1000,
237 ) {
238 // Limit values to prevent overflow
239 let left = add(add(a, b), c);
240 let right = add(a, add(b, c));
241 prop_assert_eq!(left, right);
242 }
243 }
244
245 // Property: Subtraction identity
246 proptest! {
247 #[test]
248 fn property_subtract_identity(a in 0u64..u64::MAX) {
249 prop_assert_eq!(subtract(a, 0), a);
250 }
251 }
252
253 // Property: Subtraction inverse of addition
254 proptest! {
255 #[test]
256 fn property_subtract_inverse(a in 0u64..1_000_000, b in 0u64..1_000_000) {
257 // Use checked_add to prevent overflow
258 if let Some(sum) = a.checked_add(b) {
259 prop_assert_eq!(subtract(sum, b), a);
260 }
261 }
262 }
263
264 // Property: Multiplication is commutative
265 proptest! {
266 #[test]
267 fn property_multiply_commutative(a in 0u64..100_000, b in 0u64..100_000) {
268 prop_assert_eq!(multiply(a, b), multiply(b, a));
269 }
270 }
271
272 // Property: Multiplication identity is 1
273 proptest! {
274 #[test]
275 fn property_multiply_identity(a in 0u64..u64::MAX) {
276 prop_assert_eq!(multiply(a, 1), a);
277 prop_assert_eq!(multiply(1, a), a);
278 }
279 }
280
281 // Property: Multiplication by zero
282 proptest! {
283 #[test]
284 fn property_multiply_zero(a in 0u64..u64::MAX) {
285 prop_assert_eq!(multiply(a, 0), 0);
286 prop_assert_eq!(multiply(0, a), 0);
287 }
288 }
289
290 // Property: Multiplication is associative
291 proptest! {
292 #[test]
293 fn property_multiply_associative(
294 a in 1u64..100,
295 b in 1u64..100,
296 c in 1u64..100,
297 ) {
298 // Limit values to prevent overflow
299 let left = multiply(multiply(a, b), c);
300 let right = multiply(a, multiply(b, c));
301 prop_assert_eq!(left, right);
302 }
303 }
304
305 // Property: Distributive property
306 proptest! {
307 #[test]
308 fn property_distributive(
309 a in 0u64..1000,
310 b in 0u64..1000,
311 c in 0u64..1000,
312 ) {
313 // a * (b + c) == (a * b) + (a * c)
314 let left = multiply(a, add(b, c));
315 let right = add(multiply(a, b), multiply(a, c));
316 prop_assert_eq!(left, right);
317 }
318 }
319}