pub struct Certified<B, P, T> { /* private fields */ }Expand description
Explicit trust boundary for externally-certified values.
This type does not silently become Proven<P, T>. Converting from
external evidence into a Karpal proof witness is unsafe, making the
trust boundary visible in code review.
Implementations§
Source§impl<B, P, T> Certified<B, P, T>
impl<B, P, T> Certified<B, P, T>
Sourcepub unsafe fn assume(value: T, certificate: Certificate) -> Certified<B, P, T>
pub unsafe fn assume(value: T, certificate: Certificate) -> Certified<B, P, T>
Import an externally checked value.
§Safety
The caller must ensure the certificate genuinely establishes property
P for value, according to backend B.
pub fn certificate(&self) -> &Certificate
pub fn value(&self) -> &T
pub fn into_inner(self) -> T
Sourcepub unsafe fn into_proven(self) -> Proven<P, T>
pub unsafe fn into_proven(self) -> Proven<P, T>
Convert external evidence into Proven<P, T>.
§Safety
This is the explicit trust boundary: the caller accepts the imported certificate as sound.
Trait Implementations§
Auto Trait Implementations§
impl<B, P, T> Freeze for Certified<B, P, T>where
T: Freeze,
impl<B, P, T> RefUnwindSafe for Certified<B, P, T>
impl<B, P, T> Send for Certified<B, P, T>
impl<B, P, T> Sync for Certified<B, P, T>
impl<B, P, T> Unpin for Certified<B, P, T>
impl<B, P, T> UnsafeUnpin for Certified<B, P, T>where
T: UnsafeUnpin,
impl<B, P, T> UnwindSafe for Certified<B, P, T>
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more