pub struct LinkedListOwner<M: AnyFrameMeta + Repr<MetaSlot>> {
pub list: Seq<LinkOwner>,
pub perms: Map<int, PointsTo<MetaSlot, Link<M>>>,
pub list_id: u64,
}Fields§
§list: Seq<LinkOwner>§perms: Map<int, PointsTo<MetaSlot, Link<M>>>§list_id: u64Implementations§
Source§impl<M: AnyFrameMeta + Repr<MetaSlot>> LinkedListOwner<M>
impl<M: AnyFrameMeta + Repr<MetaSlot>> LinkedListOwner<M>
Sourcepub open spec fn inv_at(self, i: int) -> bool
pub open spec fn inv_at(self, i: int) -> bool
{
&&& self.perms.contains_key(i)
&&& self.perms[i].addr() == self.list[i].paddr
&&& self.perms[i].points_to.addr() == self.list[i].paddr
&&& self.perms[i].wf()
&&& self.perms[i].addr() % META_SLOT_SIZE() == 0
&&& FRAME_METADATA_RANGE().start <= self.perms[i].addr()
< FRAME_METADATA_RANGE().start + MAX_NR_PAGES() * META_SLOT_SIZE()
&&& self.perms[i].is_init()
&&& self.perms[i].value().wf(self.list[i])
&&& i == 0 <==> self.perms[i].mem_contents().value().prev is None
&&& i == self.list.len() - 1 <==> self.perms[i].value().next is None
&&& 0 < i
==> self.perms[i].value().prev is Some
&& self.perms[i].value().prev.unwrap() == self.perms[i - 1].pptr()
&&& i < self.list.len() - 1
==> self.perms[i].value().next is Some
&& self.perms[i].value().next.unwrap() == self.perms[i + 1].pptr()
&&& self.list[i].inv()
&&& self.list[i].in_list == self.list_id
}Sourcepub open spec fn view_helper(owners: Seq<LinkOwner>) -> Seq<LinkModel>
pub open spec fn view_helper(owners: Seq<LinkOwner>) -> Seq<LinkModel>
{
if owners.len() == 0 {
Seq::<LinkModel>::empty()
} else {
seq![owners[0].view()].add(Self::view_helper(owners.remove(0)))
}
}Sourcepub proof fn view_preserves_len(owners: Seq<LinkOwner>)
pub proof fn view_preserves_len(owners: Seq<LinkOwner>)
ensures
Self::view_helper(owners).len() == owners.len(),Trait Implementations§
Source§impl<M: AnyFrameMeta + Repr<MetaSlot>> Inv for LinkedListOwner<M>
impl<M: AnyFrameMeta + Repr<MetaSlot>> Inv for LinkedListOwner<M>
Source§impl<M: AnyFrameMeta + Repr<MetaSlot>> InvView for LinkedListOwner<M>
impl<M: AnyFrameMeta + Repr<MetaSlot>> InvView for LinkedListOwner<M>
Source§proof fn view_preserves_inv(self)
proof fn view_preserves_inv(self)
Source§impl<M: AnyFrameMeta + Repr<MetaSlot>> View for LinkedListOwner<M>
impl<M: AnyFrameMeta + Repr<MetaSlot>> View for LinkedListOwner<M>
Auto Trait Implementations§
impl<M> Freeze for LinkedListOwner<M>
impl<M> !RefUnwindSafe for LinkedListOwner<M>
impl<M> Send for LinkedListOwner<M>where
M: Send,
impl<M> Sync for LinkedListOwner<M>where
M: Sync,
impl<M> Unpin for LinkedListOwner<M>where
M: Unpin,
impl<M> UnwindSafe for LinkedListOwner<M>where
M: UnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more