vstd_extra/external/
deref.rs

1#![deprecated(
2    note = "If you can, do not use this module as it adds assumptions about the core of Rust's deref semantics."
3)]
4
5use core::hint::spin_loop;
6use core::mem::ManuallyDrop;
7use core::ops::Deref;
8use vstd::prelude::*;
9// Assumptions about external functions
10
11verus! {
12
13/// This is a workaround to add an uninterpreted specification of Deref trait, as Deref is included in Verus but does not have spec functions.
14/// It is currently not used, and we do not recommend using it, as it adds assumptions about the core of Rust's deref semantics, which may cause soundness issues if not used carefully.
15/// It may change if Verus adds native support for spec functions in the Deref trait.
16pub trait DerefSpec: Deref {
17    spec fn deref_spec(&self) -> &<Self as Deref>::Target;
18
19    proof fn deref_spec_eq(&self)
20        ensures
21            forall|output|
22                call_ensures(Self::deref, (self,), output) ==> self.deref_spec() == output,
23    ;
24}
25
26impl<T: Deref> DerefSpec for T {
27    uninterp spec fn deref_spec(&self) -> &<Self as Deref>::Target;
28
29    axiom fn deref_spec_eq(&self);
30}
31
32// Special Cases
33pub broadcast axiom fn ref_deref_spec<T>(r: &T)
34    ensures
35        #[trigger] *(r.deref_spec()) == *r,
36;
37
38pub broadcast axiom fn box_deref_spec<T>(b: Box<T>)
39    ensures
40        #[trigger] *(b.deref_spec()) == *b,
41;
42
43pub broadcast axiom fn rc_deref_spec<T>(r: std::rc::Rc<T>)
44    ensures
45        #[trigger] *(r.deref_spec()) == *r,
46;
47
48pub broadcast axiom fn arc_deref_spec<T>(a: std::sync::Arc<T>)
49    ensures
50        #[trigger] *(a.deref_spec()) == *a,
51;
52
53pub broadcast group group_deref_spec {
54    ref_deref_spec,
55    box_deref_spec,
56    rc_deref_spec,
57    arc_deref_spec,
58}
59
60} // verus!
vstd_extra/external/deref.rs

vstd_extra/external/
deref.rs
