pub struct Metadata<M: AnyFrameMeta> {
pub metadata: M,
pub ref_count: u64,
pub vtable_ptr: MemContents<usize>,
pub in_list: u64,
}Fields§
§metadata: M§ref_count: u64§vtable_ptr: MemContents<usize>§in_list: u64Implementations§
Source§impl<M: AnyFrameMeta + Repr<MetaSlotStorage>> Metadata<M>
impl<M: AnyFrameMeta + Repr<MetaSlotStorage>> Metadata<M>
Sourcepub uninterp fn metadata_from_inner_perms(perm: PointsTo<MetaSlotStorage>) -> M
pub uninterp fn metadata_from_inner_perms(perm: PointsTo<MetaSlotStorage>) -> M
The metadata value is an abstract function of the inner permissions,
since extracting M from MetaSlotStorage requires M::Perm which
is not stored in MetadataInnerPerms.
Sourcepub uninterp fn inner_perms_from_metadata(
m: M,
base: PointsTo<MetaSlotStorage>,
) -> PointsTo<MetaSlotStorage>
pub uninterp fn inner_perms_from_metadata( m: M, base: PointsTo<MetaSlotStorage>, ) -> PointsTo<MetaSlotStorage>
Inverse of [metadata_from_inner_perms]: given an M and a base
storage permission, produce a new permission with the same cell id
whose metadata_from_inner_perms interpretation yields m.
Sourcepub proof fn metadata_perms_inverse(m: M, base: PointsTo<MetaSlotStorage>)
pub proof fn metadata_perms_inverse(m: M, base: PointsTo<MetaSlotStorage>)
ensures
Self::metadata_from_inner_perms(Self::inner_perms_from_metadata(m, base)) == m,Self::inner_perms_from_metadata(m, base).id() == base.id(),Axiomatic roundtrip laws for the metadata ↔ storage-perm pair. The
conversion is a transmute / reinterpret at exec level, so these laws
live at the cast_ptr trust boundary.
Sourcepub proof fn inner_perms_from_metadata_roundtrip(perm: PointsTo<MetaSlotStorage>)
pub proof fn inner_perms_from_metadata_roundtrip(perm: PointsTo<MetaSlotStorage>)
ensures
Self::inner_perms_from_metadata(Self::metadata_from_inner_perms(perm), perm) == perm,Trait Implementations§
Source§impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> From<Metadata<Link<M>>> for MetadataAsLink<M>
impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> From<Metadata<Link<M>>> for MetadataAsLink<M>
Source§impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> From<MetadataAsLink<M>> for Metadata<Link<M>>
impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> From<MetadataAsLink<M>> for Metadata<Link<M>>
Source§exec fn from(m: MetadataAsLink<M>) -> Self
exec fn from(m: MetadataAsLink<M>) -> Self
Source§impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> FromSpecImpl<Metadata<Link<M>>> for MetadataAsLink<M>
impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> FromSpecImpl<Metadata<Link<M>>> for MetadataAsLink<M>
Source§open spec fn obeys_from_spec() -> bool
open spec fn obeys_from_spec() -> bool
{ true }Source§open spec fn from_spec(m: Metadata<Link<M>>) -> MetadataAsLink<M>
open spec fn from_spec(m: Metadata<Link<M>>) -> MetadataAsLink<M>
{
MetadataAsLink {
metadata: m.metadata.meta,
next: match m.metadata.next {
Some(repr_ptr) => Some(repr_ptr.ptr),
None => None,
},
prev: match m.metadata.prev {
Some(repr_ptr) => Some(repr_ptr.ptr),
None => None,
},
ref_count: m.ref_count,
vtable_ptr: m.vtable_ptr,
in_list: m.in_list,
}
}Source§impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> FromSpecImpl<MetadataAsLink<M>> for Metadata<Link<M>>
impl<M: AnyFrameMeta + Repr<MetaSlotSmall>> FromSpecImpl<MetadataAsLink<M>> for Metadata<Link<M>>
Source§open spec fn obeys_from_spec() -> bool
open spec fn obeys_from_spec() -> bool
{ true }Source§open spec fn from_spec(m: MetadataAsLink<M>) -> Metadata<Link<M>>
open spec fn from_spec(m: MetadataAsLink<M>) -> Metadata<Link<M>>
{
Metadata {
metadata: Link {
next: match m.next {
Some(pptr) => {
Some(ReprPtr {
ptr: pptr,
_T: PhantomData,
})
}
None => None,
},
prev: match m.prev {
Some(pptr) => {
Some(ReprPtr {
ptr: pptr,
_T: PhantomData,
})
}
None => None,
},
meta: m.metadata,
},
ref_count: m.ref_count,
vtable_ptr: m.vtable_ptr,
in_list: m.in_list,
}
}Source§impl<M: AnyFrameMeta + Repr<MetaSlotStorage>> Repr<MetaSlot> for Metadata<M>
impl<M: AnyFrameMeta + Repr<MetaSlotStorage>> Repr<MetaSlot> for Metadata<M>
Source§open spec fn wf(r: MetaSlot, perm: MetadataInnerPerms) -> bool
open spec fn wf(r: MetaSlot, perm: MetadataInnerPerms) -> bool
{
&&& perm.storage.id() == r.storage.id()
&&& perm.ref_count.id() == r.ref_count.id()
&&& perm.vtable_ptr.pptr() == r.vtable_ptr
&&& perm.in_list.id() == r.in_list.id()
}Source§open spec fn to_repr_spec(
self,
perm: MetadataInnerPerms,
) -> (MetaSlot, MetadataInnerPerms)
open spec fn to_repr_spec( self, perm: MetadataInnerPerms, ) -> (MetaSlot, MetadataInnerPerms)
{
let new_perm = MetadataInnerPerms {
storage: Self::inner_perms_from_metadata(self.metadata, perm.storage),
ref_count: perm_u64_with(perm.ref_count, self.ref_count),
vtable_ptr: pptr_usize_with(perm.vtable_ptr, self.vtable_ptr),
in_list: perm_u64_with(perm.in_list, self.in_list),
};
(meta_slot_from_perm(new_perm), new_perm)
}Source§exec fn to_repr(self, Tracked(perm): Tracked<&mut MetadataInnerPerms>) -> MetaSlot
exec fn to_repr(self, Tracked(perm): Tracked<&mut MetadataInnerPerms>) -> MetaSlot
Source§open spec fn from_repr_spec(r: MetaSlot, perm: MetadataInnerPerms) -> Self
open spec fn from_repr_spec(r: MetaSlot, perm: MetadataInnerPerms) -> Self
{
Metadata {
metadata: Self::metadata_from_inner_perms(perm.storage),
ref_count: perm.ref_count.value(),
vtable_ptr: perm.vtable_ptr.mem_contents(),
in_list: perm.in_list.value(),
}
}Source§exec fn from_repr(r: MetaSlot, Tracked(perm): Tracked<&MetadataInnerPerms>) -> Self
exec fn from_repr(r: MetaSlot, Tracked(perm): Tracked<&MetadataInnerPerms>) -> Self
Source§exec fn from_borrowed<'a>(
r: &'a MetaSlot,
verus_tmp_perm: Tracked<&'a MetadataInnerPerms>,
) -> &'a Self
exec fn from_borrowed<'a>( r: &'a MetaSlot, verus_tmp_perm: Tracked<&'a MetadataInnerPerms>, ) -> &'a Self
Source§proof fn from_to_repr(self, perm: MetadataInnerPerms)
proof fn from_to_repr(self, perm: MetadataInnerPerms)
Source§proof fn to_from_repr(r: MetaSlot, perm: MetadataInnerPerms)
proof fn to_from_repr(r: MetaSlot, perm: MetadataInnerPerms)
Source§proof fn to_repr_wf(self, perm: MetadataInnerPerms)
proof fn to_repr_wf(self, perm: MetadataInnerPerms)
Source§type Perm = MetadataInnerPerms
type Perm = MetadataInnerPerms
If the underlying representation contains cells, the translation may require permission objects that access them.
Auto Trait Implementations§
impl<M> Freeze for Metadata<M>where
M: Freeze,
impl<M> RefUnwindSafe for Metadata<M>where
M: RefUnwindSafe,
impl<M> Send for Metadata<M>where
M: Send,
impl<M> Sync for Metadata<M>where
M: Sync,
impl<M> Unpin for Metadata<M>where
M: Unpin,
impl<M> UnsafeUnpin for Metadata<M>where
M: UnsafeUnpin,
impl<M> UnwindSafe for Metadata<M>where
M: UnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more