PointsTo

vstd_extra::array_ptr

Struct PointsTo 

Source 
pub struct PointsTo<V, const N: usize> { /* private fields */ }
Expand description

Permission to access an array of values

Implementations§

Source§

impl<V, const N: usize> PointsTo<V, N>

Source

pub closed spec fn addr(self) -> usize

Spec: cast the permission to an integer

Source

pub open spec fn is_pptr(self, ptr: ArrayPtr<V, N>) -> bool

{ ptr.addr == self.addr() }

Spec: cast the permission to a pointer

Source

pub closed spec fn wf(self) -> bool

Spec: invariants for the ArrayPtr permissions TODO: uncomment the below if “external_type_specification: Const params not yet supported” is fixed #[verifier::type_invariant]

Source

pub closed spec fn points_to(self) -> PointsToArray<V, N>

Source

pub open spec fn opt_value(self) -> [MemContents<V>; N]

{ self.points_to().opt_value() }
Source

pub open spec fn value(self) -> Seq<V>

recommends
self.is_init_all(),
{ self.points_to().value() }
Source

pub open spec fn is_init(self, index: int) -> bool

{ self.points_to().is_init(index) }
Source

pub open spec fn is_uninit(self, index: int) -> bool

{ !self.points_to().is_init(index) }
Source

pub open spec fn is_init_all(self) -> bool

{ self.points_to().is_init_all() }
Source

pub open spec fn is_uninit_all(self) -> bool

{ self.points_to().is_uninit_all() }
Source

pub proof fn is_nonnull(tracked self)

requires
self.wf(),
ensures
self.addr() != 0,
Source

pub proof fn leak_contents(tracked &mut self, index: int)

requires
old(self).wf(),
ensures
self.wf(),
self.addr() == old(self).addr(),
self.is_uninit(index),
forall |i: int| {
    0 <= i < N && i != index ==> self.opt_value()[i] == old(self).opt_value()[i]
},
Source

pub proof fn is_disjoint<S, const M: usize>(&self, other: &PointsTo<S, M>)

ensures
self.addr() + layout::size_of::<[V; N]>() <= other.addr()
    || other.addr() + layout::size_of::<[S; M]>() <= self.addr(),
Source

pub proof fn is_distinct<S, const M: usize>(&self, other: &PointsTo<S, M>)

requires
layout::size_of::<[V; N]>() != 0,
layout::size_of::<[S; M]>() != 0,
ensures
self.addr() != other.addr(),

Auto Trait Implementations§

§

impl<V, const N: usize> Freeze for PointsTo<V, N>

§

impl<V, const N: usize> RefUnwindSafe for PointsTo<V, N>
where V: RefUnwindSafe,

§

impl<V, const N: usize> Send for PointsTo<V, N>
where V: Send,

§

impl<V, const N: usize> Sync for PointsTo<V, N>
where V: Sync,

§

impl<V, const N: usize> Unpin for PointsTo<V, N>
where V: Unpin,

§

impl<V, const N: usize> UnwindSafe for PointsTo<V, N>
where V: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>