vstd_extra/external/
deref.rs

1use core::hint::spin_loop;
2use core::mem::ManuallyDrop;
3use core::ops::Deref;
4use vstd::prelude::*;
5
6// Assumptions about external functions
7
8verus! {
9
10/// This is a workaround to add an uninterpreted specification of Deref trait, as Deref is included in Verus but does not have spec functions.
11/// It is currently not used, and we do not recommend using it, as it adds assumptions about the core of Rust's deref semantics, which may cause soundness issues if not used carefully.
12/// It may change if Verus adds native support for spec functions in the Deref trait.
13pub trait DerefSpec: Deref {
14    spec fn deref_spec(&self) -> &<Self as Deref>::Target;
15
16    proof fn deref_spec_eq(&self)
17        ensures
18            forall|output|
19                call_ensures(Self::deref, (self,), output) ==> self.deref_spec() == output,
20    ;
21}
22
23impl<T: Deref> DerefSpec for T {
24    uninterp spec fn deref_spec(&self) -> &<Self as Deref>::Target;
25
26    axiom fn deref_spec_eq(&self);
27}
28
29// Special Cases
30pub broadcast axiom fn ref_deref_spec<T>(r: &T)
31    ensures
32        #[trigger] *(r.deref_spec()) == *r,
33;
34
35pub broadcast axiom fn box_deref_spec<T>(b: Box<T>)
36    ensures
37        #[trigger] *(b.deref_spec()) == *b,
38;
39
40pub broadcast axiom fn rc_deref_spec<T>(r: std::rc::Rc<T>)
41    ensures
42        #[trigger] *(r.deref_spec()) == *r,
43;
44
45pub broadcast axiom fn arc_deref_spec<T>(a: std::sync::Arc<T>)
46    ensures
47        #[trigger] *(a.deref_spec()) == *a,
48;
49
50pub broadcast group group_deref_spec {
51    ref_deref_spec,
52    box_deref_spec,
53    rc_deref_spec,
54    arc_deref_spec,
55}
56
57} // verus!
vstd_extra/external/deref.rs

vstd_extra/external/
deref.rs
