Skip to main content

Fallible

ostd::mm::io

Struct Fallible 

Source 
pub struct Fallible {}
Expand description

Marker type indicating that VM I/O operations may fail (e.g., user-space access).

Trait Implementations§

Source§

impl<'a> FallibleVmRead<Fallible> for VmReader<'a, Fallible>

Source§

exec fn read_fallible( &mut self, writer: &mut VmWriter<'_, Fallible>, ) -> r : Result<usize, (Error, usize)>

requires
old(self).inv(),
old(writer).inv(),
ensures
final(self).end == old(self).end,
final(self).id == old(self).id,
final(self).cursor.range == old(self).cursor.range,
final(writer).end == old(writer).end,
final(writer).id == old(writer).id,
final(writer).cursor.range == old(writer).cursor.range,
final(self).inv(),
final(writer).inv(),
match r {
    Ok(n) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + n
        &&& final(writer).cursor.vaddr == old(writer).cursor.vaddr + n
        &&& n <= old(self).remain_spec()
        &&& n <= old(writer).avail_spec()

    ),
    Err((_, copied_len)) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + copied_len
        &&& final(writer).cursor.vaddr == old(writer).cursor.vaddr + copied_len
        &&& copied_len <= old(self).remain_spec()
        &&& copied_len <= old(writer).avail_spec()

    ),
},
Source§

impl<'a> FallibleVmRead<Fallible> for VmReader<'a, Infallible>

Source§

exec fn read_fallible( &mut self, writer: &mut VmWriter<'_, Fallible>, ) -> r : Result<usize, (Error, usize)>

requires
old(self).inv(),
old(writer).inv(),
ensures
final(self).end == old(self).end,
final(self).id == old(self).id,
final(self).cursor.range == old(self).cursor.range,
final(writer).end == old(writer).end,
final(writer).id == old(writer).id,
final(writer).cursor.range == old(writer).cursor.range,
final(self).inv(),
final(writer).inv(),
match r {
    Ok(n) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + n
        &&& final(writer).cursor.vaddr == old(writer).cursor.vaddr + n
        &&& n <= old(self).remain_spec()
        &&& n <= old(writer).avail_spec()

    ),
    Err((_, copied_len)) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + copied_len
        &&& final(writer).cursor.vaddr == old(writer).cursor.vaddr + copied_len
        &&& copied_len <= old(self).remain_spec()
        &&& copied_len <= old(writer).avail_spec()

    ),
},
Source§

impl<'a> FallibleVmWrite<Fallible> for VmWriter<'a, Fallible>

Source§

exec fn write_fallible( &mut self, reader: &mut VmReader<'_, Fallible>, ) -> r : Result<usize, (Error, usize)>

requires
old(self).inv(),
old(reader).inv(),
ensures
final(self).end == old(self).end,
final(self).id == old(self).id,
final(self).cursor.range == old(self).cursor.range,
final(reader).end == old(reader).end,
final(reader).id == old(reader).id,
final(reader).cursor.range == old(reader).cursor.range,
final(self).inv(),
final(reader).inv(),
match r {
    Ok(n) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + n
        &&& final(reader).cursor.vaddr == old(reader).cursor.vaddr + n
        &&& n <= old(self).avail_spec()
        &&& n <= old(reader).remain_spec()

    ),
    Err((_, copied_len)) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + copied_len
        &&& final(reader).cursor.vaddr == old(reader).cursor.vaddr + copied_len
        &&& copied_len <= old(self).avail_spec()
        &&& copied_len <= old(reader).remain_spec()

    ),
},
Source§

impl<'a> FallibleVmWrite<Fallible> for VmWriter<'a, Infallible>

Source§

exec fn write_fallible( &mut self, reader: &mut VmReader<'_, Fallible>, ) -> r : Result<usize, (Error, usize)>

requires
old(self).inv(),
old(reader).inv(),
ensures
final(self).end == old(self).end,
final(self).id == old(self).id,
final(self).cursor.range == old(self).cursor.range,
final(reader).end == old(reader).end,
final(reader).id == old(reader).id,
final(reader).cursor.range == old(reader).cursor.range,
final(self).inv(),
final(reader).inv(),
match r {
    Ok(n) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + n
        &&& final(reader).cursor.vaddr == old(reader).cursor.vaddr + n
        &&& n <= old(self).avail_spec()
        &&& n <= old(reader).remain_spec()

    ),
    Err((_, copied_len)) => (
        &&& final(self).cursor.vaddr == old(self).cursor.vaddr + copied_len
        &&& final(reader).cursor.vaddr == old(reader).cursor.vaddr + copied_len
        &&& copied_len <= old(self).avail_spec()
        &&& copied_len <= old(reader).remain_spec()

    ),
},

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>