Struct Count Ghost Resource &nbsp; Copy item path

impl<T, const TOTAL: u64> CountGhostResource<T, TOTAL>

pub open spec fn wf(self) -> bool

{
    &&& TOTAL > 0
    &&& 0 <= self.frac() <= TOTAL

}

Type invariant.

pub open spec fn is_empty(self) -> bool

{ self.frac() == 0 }

Whether this CountGhostResource is empty, i.e., has no fraction.

pub open spec fn not_empty(self) -> bool

{ !self.is_empty() }

Whether the fraction stored in this CountGhostResource is less than TOTAL.

pub open spec fn is_full(self) -> bool

{ self.frac() == TOTAL }

Whether this CountGhostResource has the full fraction, i.e., TOTAL.

pub closed spec fn storage(self) -> CountGhost<T, TOTAL>

Returns the CountGhost<T,TOTAL> stored in this CountGhostResource.

pub closed spec fn view(self) -> T

Returns the value of type T stored in this CountGhostResource.

pub closed spec fn frac(self) -> int

The fractions stored in this CountGhostResource.

pub closed spec fn id(self) -> Loc

Returns the unique identifier.

pub proof fn arbitrary() -> tracked res : Self

requires

TOTAL > 0,

Create an arbitrary CountGhostResource. Useful as a placeholder.

pub proof fn alloc(value: T) -> tracked res : Self

requires

TOTAL > 0,

ensures

res.not_empty(),

res.is_full(),

res@ == value,

res.wf(),

Allocates a new CountGhostResource with the full fraction and the given value.

pub proof fn split_one(tracked &mut self) -> tracked res : CountGhost<T, TOTAL>

requires

old(self).not_empty(),

ensures

final(self).id() == old(self).id(),

final(self).frac() + 1 == old(self).frac(),

final(self)@ == old(self)@,

res.frac() == 1,

res.id() == final(self).id(),

res@ == final(self)@,

old(self).frac() == 1 ==> final(self).is_empty(),

final(self).wf(),

Splits a CountGhost with fraction 1.

pub proof fn split(tracked &mut self, n: int) -> tracked res : CountGhost<T, TOTAL>

requires

1 <= n <= old(self).frac(),

ensures

final(self).id() == old(self).id(),

final(self).frac() + n == old(self).frac(),

final(self)@ == old(self)@,

res.frac() == n,

res.id() == final(self).id(),

res@ == final(self)@,

old(self).frac() == n ==> final(self).is_empty(),

final(self).wf(),

Splits a CountGhost with the given fraction.

pub proof fn combine(tracked &mut self, tracked other: CountGhost<T, TOTAL>)

requires

old(self).id() == other.id(),

other@ == old(self)@,

ensures

old(self).frac() + other.frac() > TOTAL ==> false,

old(self).frac() + other.frac() <= TOTAL
    ==> {
        &&& final(self).id() == old(self).id()
        &&& final(self)@ == old(self)@
        &&& final(self).frac() == old(self).frac() + other.frac()
        &&& final(self).wf()

    },

Combines a CountGhost.

pub proof fn validate(tracked &self)

ensures

self.wf(),

CountGhostResource satisfies the type invariant.

pub proof fn validate_full(tracked &self)

requires

self.is_full(),

ensures

self.not_empty(),

self.frac() == TOTAL,

self.wf(),

pub proof fn update(tracked &mut self, value: T)

requires

old(self).is_full(),

ensures

final(self).is_full(),

final(self)@ == value,

final(self).id() == old(self).id(),

final(self).wf(),

Updates the value stored in this CountGhostResource. The fraction must be full before the update.

Auto Trait Implementations§

impl<T, const TOTAL: u64> Freeze for CountGhostResource<T, TOTAL>
where T: Freeze,

impl<T, const TOTAL: u64> RefUnwindSafe for CountGhostResource<T, TOTAL>
where T: RefUnwindSafe,

impl<T, const TOTAL: u64> Send for CountGhostResource<T, TOTAL>
where T: Send,

impl<T, const TOTAL: u64> Sync for CountGhostResource<T, TOTAL>
where T: Sync,

impl<T, const TOTAL: u64> Unpin for CountGhostResource<T, TOTAL>
where T: Unpin,

impl<T, const TOTAL: u64> UnsafeUnpin for CountGhostResource<T, TOTAL>
where T: UnsafeUnpin,

impl<T, const TOTAL: u64> UnwindSafe for CountGhostResource<T, TOTAL>
where T: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

fn obeys_into_spec() -> bool

fn into_spec(self) -> T

impl<T, U> IntoSpecImpl for T
where U: From<T>,

fn obeys_into_spec() -> bool

fn into_spec(self) -> U

impl<T, U> TryFrom for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

fn obeys_try_from_spec() -> bool

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

impl<T, U> TryInto for T
where U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

fn obeys_try_into_spec() -> bool

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

impl<T, U> TryIntoSpecImpl for T
where U: TryFrom<T>,

fn obeys_try_into_spec() -> bool