Skip to main content

BorrowDebt

ostd::specs::mm::frame::frame_specs

Struct BorrowDebt 

Source 
pub struct BorrowDebt {
    pub frame_index: usize,
    pub raw_count_at_issue: usize,
}
Expand description

A tracked obligation token issued when from_raw is called without the bookkeeping precondition (raw_count == 1). The holder must ensure that the resulting Frame is wrapped in ManuallyDrop::new (which increments raw_count to 1) before the Frame could be dropped.

The token is linear: Verus requires every tracked value to be consumed, so the caller is forced to account for it.

Fields§

§frame_index: usize

Index of the frame slot this debt applies to.

§raw_count_at_issue: usize

The raw_count that was observed when from_raw was called.

Implementations§

Source§

impl BorrowDebt

Source

pub proof fn discharge_bookkeeping(tracked self)

requires
self.raw_count_at_issue == 1,

Discharge the debt when the bookkeeping precondition was already met (raw_count was 1 at the time of from_raw). This is the zero-cost path for normal from_raw callers.

Source

pub proof fn discharge_with_manual_drop(tracked self, regions: &MetaRegionOwners)

requires
regions.slot_owners.contains_key(self.frame_index),
regions.slot_owners[self.frame_index].raw_count == 1,

Discharge the debt after the Frame has been wrapped in ManuallyDrop::new, which increments raw_count to 1. This is the path used by borrow_paddr.

Source

pub proof fn discharge_in_lemma(tracked self, regions: &MetaRegionOwners)

requires
regions.slot_owners.contains_key(self.frame_index),
regions.slot_owners[self.frame_index].raw_count == 0,

Discharge the debt in the proof of lemma_from_raw_manuallydrop_general, where the state observed is the immediate post-from_raw state (raw_count == 0). The lemma itself proves that the subsequent ManuallyDrop::new restores the bookkeeping, so consuming the debt here is sound.

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>