Struct Frac Ghost Resource &nbsp; Copy item path

impl<T, const TOTAL: u64> FracGhostResource<T, TOTAL>

pub open spec fn wf(self) -> bool

{
    &&& TOTAL > 0
    &&& 0 <= self.frac() <= TOTAL

}

Type invariant.

pub open spec fn is_empty(self) -> bool

{ self.frac() == 0 }

Whether this FracGhostResource is empty, i.e., has no fraction.

pub open spec fn not_empty(self) -> bool

{ !self.is_empty() }

Whether the fraction stored in this FracGhostResource is less than TOTAL.

pub open spec fn is_full(self) -> bool

{ self.frac() == TOTAL }

Whether this FracGhostResource has the full fraction, i.e., TOTAL.

pub closed spec fn storage(self) -> FracGhost<T, TOTAL>

Returns the FracGhost<T,TOTAL> stored in this FracGhostResource.

pub closed spec fn view(self) -> T

Returns the value of type T stored in this FracGhostResource.

pub closed spec fn frac(self) -> int

The fractions stored in this FracGhostResource.

pub closed spec fn id(self) -> Loc

Returns the unique identifier.

pub proof fn arbitrary() -> tracked res : Self

requires

TOTAL > 0,

Create an arbitrary FracGhostResource. Useful as a placeholder.

pub proof fn alloc(value: T) -> tracked res : Self

requires

TOTAL > 0,

ensures

res.not_empty(),

res.is_full(),

res@ == value,

res.wf(),

Allocates a new FracGhostResource with the full fraction and the given value.

pub proof fn split_one(tracked &mut self) -> tracked res : FracGhost<T, TOTAL>

requires

old(self).not_empty(),

ensures

self.id() == old(self).id(),

self.frac() + 1 == old(self).frac(),

self@ == old(self)@,

res.frac() == 1,

res.id() == self.id(),

res@ == self@,

old(self).frac() == 1 ==> self.is_empty(),

self.wf(),

Splits a FracGhost with fraction 1.

pub proof fn split(tracked &mut self, n: int) -> tracked res : FracGhost<T, TOTAL>

requires

1 <= n <= old(self).frac(),

ensures

self.id() == old(self).id(),

self.frac() + n == old(self).frac(),

self@ == old(self)@,

res.frac() == n,

res.id() == self.id(),

res@ == self@,

old(self).frac() == n ==> self.is_empty(),

self.wf(),

Splits a FracGhost with the given fraction.

pub proof fn combine(tracked &mut self, tracked other: FracGhost<T, TOTAL>)

requires

old(self).id() == other.id(),

other@ == old(self)@,

ensures

old(self).frac() + other.frac() > TOTAL ==> false,

old(self).frac() + other.frac() <= TOTAL
    ==> {
        &&& self.id() == old(self).id()
        &&& self@ == old(self)@
        &&& self.frac() == old(self).frac() + other.frac()
        &&& self.wf()

    },

Combines a FracGhost.

pub proof fn validate(tracked &self)

ensures

self.wf(),

FracGhostResource satisfies the type invariant.

pub proof fn validate_full(tracked &self)

requires

self.is_full(),

ensures

self.not_empty(),

self.frac() == TOTAL,

self.wf(),

pub proof fn update(tracked &mut self, value: T)

requires

old(self).is_full(),

ensures

self.is_full(),

self@ == value,

self.id() == old(self).id(),

self.wf(),

Updates the value stored in this FracGhostResource. The fraction must be full before the update.

Auto Trait Implementations§

impl<T, const TOTAL: u64> Freeze for FracGhostResource<T, TOTAL>
where T: Freeze,

impl<T, const TOTAL: u64> RefUnwindSafe for FracGhostResource<T, TOTAL>
where T: RefUnwindSafe,

impl<T, const TOTAL: u64> UnwindSafe for FracGhostResource<T, TOTAL>
where T: UnwindSafe,

Blanket Implementations§

impl<T> Any for T
where T: 'static + ?Sized,

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more

impl<T> Borrow<T> for T
where T: ?Sized,

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more

impl<T> BorrowMut<T> for T
where T: ?Sized,

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more

impl<T> From<T> for T

fn from(t: T) -> T

Returns the argument unchanged.

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

fn obeys_from_spec() -> bool

fn from_spec(v: T) -> VERUS_SPEC__A

impl<T, U> Into for T
where U: From<T>,

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

fn obeys_into_spec() -> bool

fn into_spec(self) -> T

impl<T, U> IntoSpecImpl for T
where U: From<T>,

fn obeys_into_spec() -> bool

fn into_spec(self) -> U

impl<T, U> TryFrom for T
where U: Into<T>,

type Error = Infallible

The type returned in the event of a conversion error.

fn try_from(value: U) -> Result<T, <T as TryFrom>::Error>

Performs the conversion.

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

fn obeys_try_from_spec() -> bool

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

impl<T, U> TryInto for T
where U: TryFrom<T>,

type Error = >::Error

The type returned in the event of a conversion error.

fn try_into(self) -> Result<U, >::Error>

Performs the conversion.

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

fn obeys_try_into_spec() -> bool

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

impl<T, U> TryIntoSpecImpl for T
where U: TryFrom<T>,

fn obeys_try_into_spec() -> bool