CursorMut

ostd::mm::frame::linked_list

Struct CursorMut 

Source 
pub struct CursorMut<M: AnyFrameMeta + Repr<MetaSlot>> {
    pub list: PPtr<LinkedList<M>>,
    pub current: Option<ReprPtr<MetaSlot, Link<M>>>,
}
Expand description

A cursor that can mutate the linked list links.

The cursor points to either a frame or the “ghost” non-element. It points to the “ghost” non-element when the cursor surpasses the back of the list.

Fields§

§list: PPtr<LinkedList<M>>§current: Option<ReprPtr<MetaSlot, Link<M>>>

Implementations§

Source§

impl<M: AnyFrameMeta + Repr<MetaSlot>> CursorMut<M>

Source

pub exec fn move_next(&mut self)

with
Tracked(owner): Tracked <CursorOwner <M>>,
requires
owner.inv(),
old(self).wf(owner),
ensures
self.model(owner.move_next_owner_spec()) == old(self).model(owner).move_next_spec(),
owner.move_next_owner_spec().inv(),
self.wf(owner.move_next_owner_spec()),

Moves the cursor to the next frame towards the back.

If the cursor is pointing to the “ghost” non-element then this will move it to the first element of the LinkedList. If it is pointing to the last element of the LinkedList then this will move it to the “ghost” non-element.

Source

pub exec fn move_prev(&mut self)

with
Tracked(owner): Tracked <CursorOwner <M>>,
requires
owner.inv(),
old(self).wf(owner),
ensures
self.model(owner.move_prev_owner_spec()) == old(self).model(owner).move_prev_spec(),
owner.move_prev_owner_spec().inv(),
self.wf(owner.move_prev_owner_spec()),

Moves the cursor to the previous frame towards the front.

If the cursor is pointing to the “ghost” non-element then this will move it to the last element of the LinkedList. If it is pointing to the first element of the LinkedList then this will move it to the “ghost” non-element.

Source

pub exec fn take_current( &mut self, ) -> res : Option<(UniqueFrame<Link<M>>, Tracked<UniqueFrameOwner<Link<M>>>)>

with
Tracked(regions): Tracked <& mut MetaRegionOwners>,
Tracked(owner): Tracked <& mut CursorOwner <M>>,
requires
old(self).wf(*old(owner)),
old(owner).inv(),
old(regions).inv(),
old(owner).length() > 0
    ==> old(regions)
        .slots
        .contains_key(frame_to_index(old(self).current.unwrap().addr())),
ensures
old(owner).length() == 0 ==> res.is_none(),
res.is_some()
    ==> res.unwrap().0.model(res.unwrap().1@).meta
        == old(owner).list_own.list[old(owner).index]@,
res.is_some() ==> self.model(*owner) == old(self).model(*old(owner)).remove(),
res.is_some() ==> res.unwrap().1@.frame_link_inv(),

Takes the current pointing frame out of the linked list.

If successful, the frame is returned and the cursor is moved to the next frame. If the cursor is pointing to the back of the list then it is moved to the “ghost” non-element.

Source

pub exec fn insert_before(&mut self, frame: UniqueFrame<Link<M>>)

with
Tracked(regions): Tracked <& mut MetaRegionOwners>,
Tracked(owner): Tracked <& mut CursorOwner <M>>,
Tracked(frame_own): Tracked <& mut UniqueFrameOwner <Link <M>>>,
requires
old(self).wf(*old(owner)),
old(owner).inv(),
old(owner).list_own.list_id != 0,
old(frame_own).inv(),
old(frame_own).global_inv(*old(regions)),
frame.wf(*old(frame_own)),
old(owner).length() < usize::MAX,
old(regions).inv(),
old(regions).slots.contains_key(old(frame_own).slot_index),
old(regions)
    .slot_owners[old(frame_own).slot_index]
    .in_list
    .is_for(old(regions).slots[old(frame_own).slot_index].value().in_list),
old(frame_own).meta_perm.addr() == frame.ptr.addr(),
old(frame_own).frame_link_inv(),
ensures
self.model(*owner) == old(self).model(*old(owner)).insert(frame_own.meta_own@),
self.wf(*owner),
owner.inv(),

Inserts a frame before the current frame.

If the cursor is pointing at the “ghost” non-element then the new element is inserted at the back of the LinkedList.

Source

pub exec fn as_list(&self) -> PPtr<LinkedList<M>>

Provides a reference to the linked list.

Trait Implementations§

Source§

impl<M: AnyFrameMeta + Repr<MetaSlot>> ModelOf for CursorMut<M>

§

fn model(self, owner: Self::Owner) -> <Self::Owner as View>::V

Source§

impl<M: AnyFrameMeta + Repr<MetaSlot>> OwnerOf for CursorMut<M>

Source§

open spec fn wf(self, owner: Self::Owner) -> bool

{
    &&& 0 <= owner.index < owner.length()
        ==> self.current.is_some()
            && self.current.unwrap().addr() == owner.list_own.list[owner.index].paddr
            && owner.list_own.perms[owner.index].pptr() == self.current.unwrap()
    &&& owner.index == owner.list_own.list.len() ==> self.current.is_none()
    &&& owner.list_perm.pptr() == self.list
    &&& owner.list_perm.is_init()
    &&& owner.list_perm.mem_contents().value().wf(owner.list_own)

}
Source§

type Owner = CursorOwner<M>

The owner of the concrete type. The Owner must implement Inv, indicating that it must has a consistent state.

Auto Trait Implementations§

§

impl<M> Freeze for CursorMut<M>

§

impl<M> !RefUnwindSafe for CursorMut<M>

§

impl<M> Send for CursorMut<M>
where M: Send,

§

impl<M> Sync for CursorMut<M>
where M: Sync,

§

impl<M> Unpin for CursorMut<M>
where M: Unpin,

§

impl<M> UnwindSafe for CursorMut<M>
where M: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>