proptest/strategy/traits.rs
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691 692 693 694 695 696 697 698 699 700 701 702 703 704 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721 722 723 724 725 726 727 728 729 730 731 732 733 734 735 736 737 738 739 740 741 742 743 744 745 746 747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769 770 771 772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816 817 818 819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837 838 839 840 841 842 843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890 891 892 893 894 895 896 897 898 899 900 901 902 903 904 905 906 907 908 909 910 911 912 913 914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 948 949 950 951 952 953 954 955 956 957 958 959 960 961 962 963 964 965 966 967 968 969 970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985 986 987 988 989 990 991 992 993 994 995 996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018 1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031 1032 1033 1034 1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054
//-
// Copyright 2017, 2018 The proptest developers
//
// Licensed under the Apache License, Version 2.0 <LICENSE-APACHE or
// http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
// <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your
// option. This file may not be copied, modified, or distributed
// except according to those terms.
use crate::std_facade::{fmt, Arc, Box, Rc};
use core::cmp;
use crate::strategy::*;
use crate::test_runner::*;
//==============================================================================
// Traits
//==============================================================================
/// A new [`ValueTree`] from a [`Strategy`] when [`Ok`] or otherwise [`Err`]
/// when a new value-tree can not be produced for some reason such as
/// in the case of filtering with a predicate which always returns false.
/// You should pass in your strategy as the type parameter.
///
/// [`Strategy`]: trait.Strategy.html
/// [`ValueTree`]: trait.ValueTree.html
/// [`Ok`]: https://doc.rust-lang.org/nightly/std/result/enum.Result.html#variant.Ok
/// [`Err`]: https://doc.rust-lang.org/nightly/std/result/enum.Result.html#variant.Err
pub type NewTree<S> = Result<<S as Strategy>::Tree, Reason>;
/// A strategy for producing arbitrary values of a given type.
///
/// `fmt::Debug` is a hard requirement for all strategies currently due to
/// `prop_flat_map()`. This constraint will be removed when specialisation
/// becomes stable.
#[must_use = "strategies do nothing unless used"]
pub trait Strategy: fmt::Debug {
/// The value tree generated by this `Strategy`.
type Tree: ValueTree<Value = Self::Value>;
/// The type of value used by functions under test generated by this Strategy.
///
/// This corresponds to the same type as the associated type `Value`
/// in `Self::Tree`. It is provided here to simplify usage particularly
/// in conjunction with `-> impl Strategy<Value = MyType>`.
type Value: fmt::Debug;
/// Generate a new value tree from the given runner.
///
/// This may fail if there are constraints on the generated value and the
/// generator is unable to produce anything that satisfies them. Any
/// failure is wrapped in `TestError::Abort`.
///
/// This method is generally expected to be deterministic. That is, given a
/// `TestRunner` with its RNG in a particular state, this should produce an
/// identical `ValueTree` every time. Non-deterministic strategies do not
/// cause problems during normal operation, but they do break failure
/// persistence since it is implemented by simply saving the seed used to
/// generate the test case.
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self>;
/// Returns a strategy which produces values transformed by the function
/// `fun`.
///
/// There is no need (or possibility, for that matter) to define how the
/// output is to be shrunken. Shrinking continues to take place in terms of
/// the source value.
///
/// `fun` should be a deterministic function. That is, for a given input
/// value, it should produce an equivalent output value on every call.
/// Proptest assumes that it can call the function as many times as needed
/// to generate as many identical values as needed. For this reason, `F` is
/// `Fn` rather than `FnMut`.
fn prop_map<O: fmt::Debug, F: Fn(Self::Value) -> O>(
self,
fun: F,
) -> Map<Self, F>
where
Self: Sized,
{
Map {
source: self,
fun: Arc::new(fun),
}
}
/// Returns a strategy which produces values of type `O` by transforming
/// `Self` with `Into<O>`.
///
/// You should always prefer this operation instead of `prop_map` when
/// you can as it is both clearer and also currently more efficient.
///
/// There is no need (or possibility, for that matter) to define how the
/// output is to be shrunken. Shrinking continues to take place in terms of
/// the source value.
fn prop_map_into<O: fmt::Debug>(self) -> MapInto<Self, O>
where
Self: Sized,
Self::Value: Into<O>,
{
MapInto::new(self)
}
/// Returns a strategy which produces values transformed by the function
/// `fun`, which is additionally given a random number generator.
///
/// This is exactly like `prop_map()` except for the addition of the second
/// argument to the function. This allows introducing chaotic variations to
/// generated values that are not easily expressed otherwise while allowing
/// shrinking to proceed reasonably.
///
/// During shrinking, `fun` is always called with an identical random
/// number generator, so if it is a pure function it will always perform
/// the same perturbation.
///
/// ## Example
///
/// ```
/// // The prelude also gets us the `Rng` trait.
/// use proptest::prelude::*;
///
/// proptest! {
/// #[test]
/// fn test_something(a in (0i32..10).prop_perturb(
/// // Perturb the integer `a` (range 0..10) to a pair of that
/// // integer and another that's ± 10 of it.
/// // Note that this particular case would be better implemented as
/// // `(0i32..10, -10i32..10).prop_map(|(a, b)| (a, a + b))`
/// // but is shown here for simplicity.
/// |centre, rng| (centre, centre + rng.gen_range(-10, 10))))
/// {
/// // Test stuff
/// }
/// }
/// # fn main() { }
/// ```
fn prop_perturb<O: fmt::Debug, F: Fn(Self::Value, TestRng) -> O>(
self,
fun: F,
) -> Perturb<Self, F>
where
Self: Sized,
{
Perturb {
source: self,
fun: Arc::new(fun),
}
}
/// Maps values produced by this strategy into new strategies and picks
/// values from those strategies.
///
/// `fun` is used to transform the values produced by this strategy into
/// other strategies. Values are then chosen from the derived strategies.
/// Shrinking proceeds by shrinking individual values as well as shrinking
/// the input used to generate the internal strategies.
///
/// ## Shrinking
///
/// In the case of test failure, shrinking will not only shrink the output
/// from the combinator itself, but also the input, i.e., the strategy used
/// to generate the output itself. Doing this requires searching the new
/// derived strategy for a new failing input. The combinator will generate
/// up to `Config::cases` values for this search.
///
/// As a result, nested `prop_flat_map`/`Flatten` combinators risk
/// exponential run time on this search for new failing values. To ensure
/// that test failures occur within a reasonable amount of time, all of
/// these combinators share a single "flat map regen" counter, and will
/// stop generating new values if it exceeds `Config::max_flat_map_regens`.
///
/// ## Example
///
/// Generate two integers, where the second is always less than the first,
/// without using filtering:
///
/// ```
/// use proptest::prelude::*;
///
/// proptest! {
/// # /*
/// #[test]
/// # */
/// fn test_two(
/// // Pick integers in the 1..65536 range, and derive a strategy
/// // which emits a tuple of that integer and another one which is
/// // some value less than it.
/// (a, b) in (1..65536).prop_flat_map(|a| (Just(a), 0..a))
/// ) {
/// prop_assert!(b < a);
/// }
/// }
/// #
/// # fn main() { test_two(); }
/// ```
///
/// ## Choosing the right flat-map
///
/// `Strategy` has three "flat-map" combinators. They look very similar at
/// first, and can be used to produce superficially identical test results.
/// For example, the following three expressions all produce inputs which
/// are 2-tuples `(a,b)` where the `b` component is less than `a`.
///
/// ```no_run
/// # #![allow(unused_variables)]
/// use proptest::prelude::*;
///
/// let flat_map = (1..10).prop_flat_map(|a| (Just(a), 0..a));
/// let ind_flat_map = (1..10).prop_ind_flat_map(|a| (Just(a), 0..a));
/// let ind_flat_map2 = (1..10).prop_ind_flat_map2(|a| 0..a);
/// ```
///
/// The three do differ however in terms of how they shrink.
///
/// For `flat_map`, both `a` and `b` will shrink, and the invariant that
/// `b < a` is maintained. This is a "dependent" or "higher-order" strategy
/// in that it remembers that the strategy for choosing `b` is dependent on
/// the value chosen for `a`.
///
/// For `ind_flat_map`, the invariant `b < a` is maintained, but only
/// because `a` does not shrink. This is due to the fact that the
/// dependency between the strategies is not tracked; `a` is simply seen as
/// a constant.
///
/// Finally, for `ind_flat_map2`, the invariant `b < a` is _not_
/// maintained, because `a` can shrink independently of `b`, again because
/// the dependency between the two variables is not tracked, but in this
/// case the derivation of `a` is still exposed to the shrinking system.
///
/// The use-cases for the independent flat-map variants is pretty narrow.
/// For the majority of cases where invariants need to be maintained and
/// you want all components to shrink, `prop_flat_map` is the way to go.
/// `prop_ind_flat_map` makes the most sense when the input to the map
/// function is not exposed in the output and shrinking across strategies
/// is not expected to be useful. `prop_ind_flat_map2` is useful for using
/// related values as starting points while not constraining them to that
/// relation.
fn prop_flat_map<S: Strategy, F: Fn(Self::Value) -> S>(
self,
fun: F,
) -> Flatten<Map<Self, F>>
where
Self: Sized,
{
Flatten::new(Map {
source: self,
fun: Arc::new(fun),
})
}
/// Maps values produced by this strategy into new strategies and picks
/// values from those strategies while considering the new strategies to be
/// independent.
///
/// This is very similar to `prop_flat_map()`, but shrinking will *not*
/// attempt to shrink the input that produces the derived strategies. This
/// is appropriate for when the derived strategies already fully shrink in
/// the desired way.
///
/// In most cases, you want `prop_flat_map()`.
///
/// See `prop_flat_map()` for a more detailed explanation on how the
/// three flat-map combinators differ.
fn prop_ind_flat_map<S: Strategy, F: Fn(Self::Value) -> S>(
self,
fun: F,
) -> IndFlatten<Map<Self, F>>
where
Self: Sized,
{
IndFlatten(Map {
source: self,
fun: Arc::new(fun),
})
}
/// Similar to `prop_ind_flat_map()`, but produces 2-tuples with the input
/// generated from `self` in slot 0 and the derived strategy in slot 1.
///
/// See `prop_flat_map()` for a more detailed explanation on how the
/// three flat-map combinators differ.
fn prop_ind_flat_map2<S: Strategy, F: Fn(Self::Value) -> S>(
self,
fun: F,
) -> IndFlattenMap<Self, F>
where
Self: Sized,
{
IndFlattenMap {
source: self,
fun: Arc::new(fun),
}
}
/// Returns a strategy which only produces values accepted by `fun`.
///
/// This results in a very naïve form of rejection sampling and should only
/// be used if (a) relatively few values will actually be rejected; (b) it
/// isn't easy to express what you want by using another strategy and/or
/// `map()`.
///
/// There are a lot of downsides to this form of filtering. It slows
/// testing down, since values must be generated but then discarded.
/// Proptest only allows a limited number of rejects this way (across the
/// entire `TestRunner`). Rejection can interfere with shrinking;
/// particularly, complex filters may largely or entirely prevent shrinking
/// from substantially altering the original value.
///
/// Local rejection sampling is still preferable to rejecting the entire
/// input to a test (via `TestCaseError::Reject`), however, and the default
/// number of local rejections allowed is much higher than the number of
/// whole-input rejections.
///
/// `whence` is used to record where and why the rejection occurred.
fn prop_filter<R: Into<Reason>, F: Fn(&Self::Value) -> bool>(
self,
whence: R,
fun: F,
) -> Filter<Self, F>
where
Self: Sized,
{
Filter::new(self, whence.into(), fun)
}
/// Returns a strategy which only produces transformed values where `fun`
/// returns `Some(value)` and rejects those where `fun` returns `None`.
///
/// Using this method is preferable to using `.prop_map(..).prop_filter(..)`.
///
/// This results in a very naïve form of rejection sampling and should only
/// be used if (a) relatively few values will actually be rejected; (b) it
/// isn't easy to express what you want by using another strategy and/or
/// `map()`.
///
/// There are a lot of downsides to this form of filtering. It slows
/// testing down, since values must be generated but then discarded.
/// Proptest only allows a limited number of rejects this way (across the
/// entire `TestRunner`). Rejection can interfere with shrinking;
/// particularly, complex filters may largely or entirely prevent shrinking
/// from substantially altering the original value.
///
/// Local rejection sampling is still preferable to rejecting the entire
/// input to a test (via `TestCaseError::Reject`), however, and the default
/// number of local rejections allowed is much higher than the number of
/// whole-input rejections.
///
/// `whence` is used to record where and why the rejection occurred.
fn prop_filter_map<F: Fn(Self::Value) -> Option<O>, O: fmt::Debug>(
self,
whence: impl Into<Reason>,
fun: F,
) -> FilterMap<Self, F>
where
Self: Sized,
{
FilterMap::new(self, whence.into(), fun)
}
/// Returns a strategy which picks uniformly from `self` and `other`.
///
/// When shrinking, if a value from `other` was originally chosen but that
/// value can be shrunken no further, it switches to a value from `self`
/// and starts shrinking that.
///
/// Be aware that chaining `prop_union` calls will result in a very
/// right-skewed distribution. If this is not what you want, you can call
/// the `.or()` method on the `Union` to add more values to the same union,
/// or directly call `Union::new()`.
///
/// Both `self` and `other` must be of the same type. To combine
/// heterogeneous strategies, call the `boxed()` method on both `self` and
/// `other` to erase the type differences before calling `prop_union()`.
fn prop_union(self, other: Self) -> Union<Self>
where
Self: Sized,
{
Union::new(vec![self, other])
}
/// Generate a recursive structure with `self` items as leaves.
///
/// `recurse` is applied to various strategies that produce the same type
/// as `self` with nesting depth _n_ to create a strategy that produces the
/// same type with nesting depth _n+1_. Generated structures will have a
/// depth between 0 and `depth` and will usually have up to `desired_size`
/// total elements, though they may have more. `expected_branch_size` gives
/// the expected maximum size for any collection which may contain
/// recursive elements and is used to control branch probability to achieve
/// the desired size. Passing a too small value can result in trees vastly
/// larger than desired.
///
/// Note that `depth` only counts branches; i.e., `depth = 0` is a single
/// leaf, and `depth = 1` is a leaf or a branch containing only leaves.
///
/// In practise, generated values usually have a lower depth than `depth`
/// (but `depth` is a hard limit) and almost always under
/// `expected_branch_size` (though it is not a hard limit) since the
/// underlying code underestimates probabilities.
///
/// Shrinking shrinks both the inner values and attempts switching from
/// recursive to non-recursive cases.
///
/// ## Example
///
/// ```rust,no_run
/// # #![allow(unused_variables)]
/// use std::collections::HashMap;
///
/// use proptest::prelude::*;
///
/// /// Define our own JSON AST type
/// #[derive(Debug, Clone)]
/// enum JsonNode {
/// Null,
/// Bool(bool),
/// Number(f64),
/// String(String),
/// Array(Vec<JsonNode>),
/// Map(HashMap<String, JsonNode>),
/// }
///
/// # fn main() {
/// #
/// // Define a strategy for generating leaf nodes of the AST
/// let json_leaf = prop_oneof![
/// Just(JsonNode::Null),
/// prop::bool::ANY.prop_map(JsonNode::Bool),
/// prop::num::f64::ANY.prop_map(JsonNode::Number),
/// ".*".prop_map(JsonNode::String),
/// ];
///
/// // Now define a strategy for a whole tree
/// let json_tree = json_leaf.prop_recursive(
/// 4, // No more than 4 branch levels deep
/// 64, // Target around 64 total elements
/// 16, // Each collection is up to 16 elements long
/// |element| prop_oneof![
/// // NB `element` is an `Arc` and we'll need to reference it twice,
/// // so we clone it the first time.
/// prop::collection::vec(element.clone(), 0..16)
/// .prop_map(JsonNode::Array),
/// prop::collection::hash_map(".*", element, 0..16)
/// .prop_map(JsonNode::Map)
/// ]);
/// # }
/// ```
fn prop_recursive<
R: Strategy<Value = Self::Value> + 'static,
F: Fn(BoxedStrategy<Self::Value>) -> R,
>(
self,
depth: u32,
desired_size: u32,
expected_branch_size: u32,
recurse: F,
) -> Recursive<Self::Value, F>
where
Self: Sized + 'static,
{
Recursive::new(self, depth, desired_size, expected_branch_size, recurse)
}
/// Shuffle the contents of the values produced by this strategy.
///
/// That is, this modifies a strategy producing a `Vec`, slice, etc, to
/// shuffle the contents of that `Vec`/slice/etc.
///
/// Initially, the value is fully shuffled. During shrinking, the input
/// value will initially be unchanged while the result will gradually be
/// restored to its original order. Once de-shuffling either completes or
/// is cancelled by calls to `complicate()` pinning it to a particular
/// permutation, the inner value will be simplified.
///
/// ## Example
///
/// ```
/// use proptest::prelude::*;
///
/// static VALUES: &'static [u32] = &[0, 1, 2, 3, 4];
///
/// fn is_permutation(orig: &[u32], mut actual: Vec<u32>) -> bool {
/// actual.sort();
/// orig == &actual[..]
/// }
///
/// proptest! {
/// # /*
/// #[test]
/// # */
/// fn test_is_permutation(
/// ref perm in Just(VALUES.to_owned()).prop_shuffle()
/// ) {
/// assert!(is_permutation(VALUES, perm.clone()));
/// }
/// }
/// #
/// # fn main() { test_is_permutation(); }
/// ```
fn prop_shuffle(self) -> Shuffle<Self>
where
Self: Sized,
Self::Value: Shuffleable,
{
Shuffle(self)
}
/// Erases the type of this `Strategy` so it can be passed around as a
/// simple trait object.
///
/// See also `sboxed()` if this `Strategy` is `Send` and `Sync` and you
/// want to preserve that information.
///
/// Strategies of this type afford cheap shallow cloning via reference
/// counting by using an `Arc` internally.
fn boxed(self) -> BoxedStrategy<Self::Value>
where
Self: Sized + 'static,
{
BoxedStrategy(Arc::new(BoxedStrategyWrapper(self)))
}
/// Erases the type of this `Strategy` so it can be passed around as a
/// simple trait object.
///
/// Unlike `boxed()`, this conversion retains the `Send` and `Sync` traits
/// on the output.
///
/// Strategies of this type afford cheap shallow cloning via reference
/// counting by using an `Arc` internally.
fn sboxed(self) -> SBoxedStrategy<Self::Value>
where
Self: Sized + Send + Sync + 'static,
{
SBoxedStrategy(Arc::new(BoxedStrategyWrapper(self)))
}
/// Wraps this strategy to prevent values from being subject to shrinking.
///
/// Suppressing shrinking is useful when testing things like linear
/// approximation functions. Ordinarily, proptest will tend to shrink the
/// input to the function until the result is just barely outside the
/// acceptable range whereas the original input may have produced a result
/// far outside of it. Since this makes it harder to see what the actual
/// problem is, making the input `NoShrink` allows learning about inputs
/// that produce more incorrect results.
fn no_shrink(self) -> NoShrink<Self>
where
Self: Sized,
{
NoShrink(self)
}
}
/// A generated value and its associated shrinker.
///
/// Conceptually, a `ValueTree` represents a spectrum between a "minimally
/// complex" value and a starting, randomly-chosen value. For values such as
/// numbers, this can be thought of as a simple binary search, and this is how
/// the `ValueTree` state machine is defined.
///
/// The `ValueTree` state machine notionally has three fields: low, current,
/// and high. Initially, low is the "minimally complex" value for the type, and
/// high and current are both the initially chosen value. It can be queried for
/// its current state. When shrinking, the controlling code tries simplifying
/// the value one step. If the test failure still happens with the simplified
/// value, further simplification occurs. Otherwise, the code steps back up
/// towards the prior complexity.
///
/// The main invariants here are that the "high" value always corresponds to a
/// failing test case, and that repeated calls to `complicate()` will return
/// `false` only once the "current" value has returned to what it was before
/// the last call to `simplify()`.
///
/// While it would be possible for default do-nothing implementations of
/// `simplify()` and `complicate()` to be provided, this was not done
/// deliberately since the majority of strategies will want to define their own
/// shrinking anyway, and the minority that do not must call it out explicitly
/// by their own implementation.
pub trait ValueTree {
/// The type of the value produced by this `ValueTree`.
type Value: fmt::Debug;
/// Returns the current value.
fn current(&self) -> Self::Value;
/// Attempts to simplify the current value. Notionally, this sets the
/// "high" value to the current value, and the current value to a "halfway
/// point" between high and low, rounding towards low.
///
/// Returns whether any state changed as a result of this call. This does
/// not necessarily imply that the value of `current()` has changed, since
/// in the most general case, it is not possible for an implementation to
/// determine this.
///
/// This call needs to correctly handle being called even immediately after
/// it had been called previously and returned `false`.
fn simplify(&mut self) -> bool;
/// Attempts to partially undo the last simplification. Notionally, this
/// sets the "low" value to one plus the current value, and the current
/// value to a "halfway point" between high and the new low, rounding
/// towards low.
///
/// Returns whether any state changed as a result of this call. This does
/// not necessarily imply that the value of `current()` has changed, since
/// in the most general case, it is not possible for an implementation to
/// determine this.
///
/// It is usually expected that, immediately after a call to `simplify()`
/// which returns true, this call will itself return true. However, this is
/// not always the case; in some strategies, particularly those that use
/// some form of rejection sampling, the act of trying to simplify may
/// change the state such that `simplify()` returns true, yet ultimately
/// left the resulting value unchanged, in which case there is nothing left
/// to complicate.
///
/// This call does not need to gracefully handle being called before
/// `simplify()` was ever called, but does need to correctly handle being
/// called even immediately after it had been called previously and
/// returned `false`.
fn complicate(&mut self) -> bool;
}
//==============================================================================
// NoShrink
//==============================================================================
/// Wraps a `Strategy` or `ValueTree` to suppress shrinking of generated
/// values.
///
/// See `Strategy::no_shrink()` for more details.
#[derive(Clone, Copy, Debug)]
#[must_use = "strategies do nothing unless used"]
pub struct NoShrink<T>(T);
impl<T: Strategy> Strategy for NoShrink<T> {
type Tree = NoShrink<T::Tree>;
type Value = T::Value;
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self> {
self.0.new_tree(runner).map(NoShrink)
}
}
impl<T: ValueTree> ValueTree for NoShrink<T> {
type Value = T::Value;
fn current(&self) -> T::Value {
self.0.current()
}
fn simplify(&mut self) -> bool {
false
}
fn complicate(&mut self) -> bool {
false
}
}
//==============================================================================
// Trait objects
//==============================================================================
macro_rules! proxy_strategy {
($typ:ty $(, $lt:tt)*) => {
impl<$($lt,)* S : Strategy + ?Sized> Strategy for $typ {
type Tree = S::Tree;
type Value = S::Value;
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self> {
(**self).new_tree(runner)
}
}
};
}
proxy_strategy!(Box<S>);
proxy_strategy!(&'a S, 'a);
proxy_strategy!(&'a mut S, 'a);
proxy_strategy!(Rc<S>);
proxy_strategy!(Arc<S>);
impl<T: ValueTree + ?Sized> ValueTree for Box<T> {
type Value = T::Value;
fn current(&self) -> Self::Value {
(**self).current()
}
fn simplify(&mut self) -> bool {
(**self).simplify()
}
fn complicate(&mut self) -> bool {
(**self).complicate()
}
}
/// A boxed `ValueTree`.
type BoxedVT<T> = Box<dyn ValueTree<Value = T>>;
/// A boxed `Strategy` trait object as produced by `Strategy::boxed()`.
///
/// Strategies of this type afford cheap shallow cloning via reference
/// counting by using an `Arc` internally.
#[derive(Debug)]
#[must_use = "strategies do nothing unless used"]
pub struct BoxedStrategy<T>(Arc<dyn Strategy<Value = T, Tree = BoxedVT<T>>>);
/// A boxed `Strategy` trait object which is also `Sync` and
/// `Send`, as produced by `Strategy::sboxed()`.
///
/// Strategies of this type afford cheap shallow cloning via reference
/// counting by using an `Arc` internally.
#[derive(Debug)]
#[must_use = "strategies do nothing unless used"]
pub struct SBoxedStrategy<T>(
Arc<dyn Strategy<Value = T, Tree = BoxedVT<T>> + Sync + Send>,
);
impl<T> Clone for BoxedStrategy<T> {
fn clone(&self) -> Self {
BoxedStrategy(Arc::clone(&self.0))
}
}
impl<T> Clone for SBoxedStrategy<T> {
fn clone(&self) -> Self {
SBoxedStrategy(Arc::clone(&self.0))
}
}
impl<T: fmt::Debug> Strategy for BoxedStrategy<T> {
type Tree = BoxedVT<T>;
type Value = T;
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self> {
self.0.new_tree(runner)
}
// Optimization: Don't rebox the strategy.
fn boxed(self) -> BoxedStrategy<Self::Value>
where
Self: Sized + 'static,
{
self
}
}
impl<T: fmt::Debug> Strategy for SBoxedStrategy<T> {
type Tree = BoxedVT<T>;
type Value = T;
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self> {
self.0.new_tree(runner)
}
// Optimization: Don't rebox the strategy.
fn sboxed(self) -> SBoxedStrategy<Self::Value>
where
Self: Sized + Send + Sync + 'static,
{
self
}
fn boxed(self) -> BoxedStrategy<Self::Value>
where
Self: Sized + 'static,
{
BoxedStrategy(self.0)
}
}
#[derive(Debug)]
struct BoxedStrategyWrapper<T>(T);
impl<T: Strategy> Strategy for BoxedStrategyWrapper<T>
where
T::Tree: 'static,
{
type Tree = Box<dyn ValueTree<Value = T::Value>>;
type Value = T::Value;
fn new_tree(&self, runner: &mut TestRunner) -> NewTree<Self> {
Ok(Box::new(self.0.new_tree(runner)?))
}
}
//==============================================================================
// Sanity checking
//==============================================================================
/// Options passed to `check_strategy_sanity()`.
#[derive(Clone, Copy, Debug)]
pub struct CheckStrategySanityOptions {
/// If true (the default), require that `complicate()` return `true` at
/// least once after any call to `simplify()` which itself returns once.
///
/// This property is not required by contract, but many strategies are
/// designed in a way that this is expected to hold.
pub strict_complicate_after_simplify: bool,
/// If true, cause local rejects to return an error instead of retrying.
/// Defaults to false. Useful for testing behaviors around error handling.
pub error_on_local_rejects: bool,
// Needs to be public for FRU syntax.
#[allow(missing_docs)]
#[doc(hidden)]
pub _non_exhaustive: (),
}
impl Default for CheckStrategySanityOptions {
fn default() -> Self {
CheckStrategySanityOptions {
strict_complicate_after_simplify: true,
error_on_local_rejects: false,
_non_exhaustive: (),
}
}
}
/// Run some tests on the given `Strategy` to ensure that it upholds the
/// simplify/complicate contracts.
///
/// This is used to internally test proptest, but is made generally available
/// for external implementations to use as well.
///
/// `options` can be passed to configure the test; if `None`, the defaults are
/// used. Note that the defaults check for certain properties which are **not**
/// actually required by the `Strategy` and `ValueTree` contracts; if you think
/// your code is right but it fails the test, consider whether a non-default
/// configuration is necessary.
///
/// This can work with fallible strategies, but limits how many times it will
/// retry failures.
pub fn check_strategy_sanity<S: Strategy>(
strategy: S,
options: Option<CheckStrategySanityOptions>,
) where
S::Tree: Clone + fmt::Debug,
S::Value: cmp::PartialEq,
{
// Like assert_eq!, but also pass if both values do not equal themselves.
// This allows the test to work correctly with things like NaN.
macro_rules! assert_same {
($a:expr, $b:expr, $($stuff:tt)*) => { {
let a = $a;
let b = $b;
if a == a || b == b {
assert_eq!(a, b, $($stuff)*);
}
} }
}
let options = options.unwrap_or_else(CheckStrategySanityOptions::default);
let mut config = Config::default();
if options.error_on_local_rejects {
config.max_local_rejects = 0;
}
let mut runner = TestRunner::new(config);
for _ in 0..1024 {
let mut gen_tries = 0;
let mut state;
loop {
let err = match strategy.new_tree(&mut runner) {
Ok(s) => {
state = s;
break;
}
Err(e) => e,
};
gen_tries += 1;
if gen_tries > 100 {
panic!(
"Strategy passed to check_strategy_sanity failed \
to generate a value over 100 times in a row; \
last failure reason: {}",
err
);
}
}
{
let mut state = state.clone();
let mut count = 0;
while state.simplify() || state.complicate() {
count += 1;
if count > 65536 {
panic!(
"Failed to converge on any value. State:\n{:#?}",
state
);
}
}
}
let mut num_simplifies = 0;
let mut before_simplified;
loop {
before_simplified = state.clone();
if !state.simplify() {
break;
}
let mut complicated = state.clone();
let before_complicated = state.clone();
if options.strict_complicate_after_simplify {
assert!(
complicated.complicate(),
"complicate() returned false immediately after \
simplify() returned true. internal state after \
{} calls to simplify():\n\
{:#?}\n\
simplified to:\n\
{:#?}\n\
complicated to:\n\
{:#?}",
num_simplifies,
before_simplified,
state,
complicated
);
}
let mut prev_complicated = complicated.clone();
let mut num_complications = 0;
loop {
if !complicated.complicate() {
break;
}
prev_complicated = complicated.clone();
num_complications += 1;
if num_complications > 65_536 {
panic!(
"complicate() returned true over 65536 times in a \
row; aborting due to possible infinite loop. \
If this is not an infinite loop, it may be \
necessary to reconsider how shrinking is \
implemented or use a simpler test strategy. \
Internal state:\n{:#?}",
state
);
}
}
assert_same!(
before_simplified.current(),
complicated.current(),
"Calling simplify(), then complicate() until it \
returned false, did not return to the value before \
simplify. Expected:\n\
{:#?}\n\
Actual:\n\
{:#?}\n\
Internal state after {} calls to simplify():\n\
{:#?}\n\
Internal state after another call to simplify():\n\
{:#?}\n\
Internal state after {} subsequent calls to \
complicate():\n\
{:#?}",
before_simplified.current(),
complicated.current(),
num_simplifies,
before_simplified,
before_complicated,
num_complications + 1,
complicated
);
for iter in 1..16 {
assert_same!(
prev_complicated.current(),
complicated.current(),
"complicate() returned false but changed the output \
value anyway.\n\
Old value:\n\
{:#?}\n\
New value:\n\
{:#?}\n\
Old internal state:\n\
{:#?}\n\
New internal state after {} calls to complicate()\
including the :\n\
{:#?}",
prev_complicated.current(),
complicated.current(),
prev_complicated,
iter,
complicated
);
assert!(
!complicated.complicate(),
"complicate() returned true after having returned \
false;\n\
Internal state before:\n{:#?}\n\
Internal state after calling complicate() {} times:\n\
{:#?}",
prev_complicated,
iter + 1,
complicated
);
}
num_simplifies += 1;
if num_simplifies > 65_536 {
panic!(
"simplify() returned true over 65536 times in a row, \
aborting due to possible infinite loop. If this is not \
an infinite loop, it may be necessary to reconsider \
how shrinking is implemented or use a simpler test \
strategy. Internal state:\n{:#?}",
state
);
}
}
for iter in 0..16 {
assert_same!(
before_simplified.current(),
state.current(),
"simplify() returned false but changed the output \
value anyway.\n\
Old value:\n\
{:#?}\n\
New value:\n\
{:#?}\n\
Previous internal state:\n\
{:#?}\n\
New internal state after calling simplify() {} times:\n\
{:#?}",
before_simplified.current(),
state.current(),
before_simplified,
iter,
state
);
if state.simplify() {
panic!(
"simplify() returned true after having returned false. \
Previous internal state:\n\
{:#?}\n\
New internal state after calling simplify() {} times:\n\
{:#?}",
before_simplified,
iter + 1,
state
);
}
}
}
}