FracResource

vstd_extra::resource::ghost_resource::tokens

Struct FracResource 

Source 
pub struct FracResource<T, const TOTAL: u64> { /* private fields */ }
Expand description

A struct that stores and dispatches Frac<T>. Unlike Frac, it provides an empty state.

Implementations§

Source§

impl<T, const TOTAL: u64> FracResource<T, TOTAL>

Source

pub closed spec fn type_inv(self) -> bool

Source

pub closed spec fn storage(self) -> Frac<T, TOTAL>

Returns the Frac<T,TOTAL> stored in this FracResource.

Source

pub open spec fn wf(self) -> bool

{
    &&& TOTAL > 0
    &&& 0 <= self.frac() <= TOTAL
    &&& self.type_inv()

}

Type invariant.

Source

pub open spec fn is_empty(self) -> bool

{ self.frac() == 0 }

Whether this FracResource is empty, i.e., has no fraction.

Source

pub open spec fn not_empty(self) -> bool

{ !self.is_empty() }

Whether the fraction stored in this FracResource is less than TOTAL.

Source

pub open spec fn is_full(self) -> bool

{ self.frac() == TOTAL }

Whether this FracResource has the full fraction, i.e., TOTAL.

Source

pub closed spec fn resource(self) -> T

Returns the value of type T stored in this FracResource.

Source

pub open spec fn view(self) -> T

{ self.resource() }

Returns the value of type T stored in this FracResource. It is an alias of Self::resource.

Source

pub closed spec fn frac(self) -> int

The fractions stored in this FracResource.

Source

pub closed spec fn id(self) -> Loc

Returns the unique identifier.

Source

pub proof fn arbitrary() -> tracked res : Self

requires
TOTAL > 0,

Create an arbitrary FracResource. Useful as a placeholder.

Source

pub proof fn alloc(tracked value: T) -> tracked res : Self

requires
TOTAL > 0,
ensures
res.not_empty(),
res.is_full(),
res@ == value,
res.wf(),

Allocates a new FracResource with the given tracked object.

Source

pub proof fn alloc_from_empty(tracked empty: Empty<T, TOTAL>, tracked value: T) -> tracked res : Self

requires
TOTAL > 0,
ensures
res.is_full(),
res.id() == empty.id(),
res.view() == value,
res.wf(),

Allocates a new FracResource from an Empty<T,TOTAL> with the given tracked object.

Source

pub proof fn split_one(tracked &mut self) -> tracked res : Frac<T, TOTAL>

requires
old(self).not_empty(),
ensures
self.id() == old(self).id(),
self.frac() + 1 == old(self).frac(),
old(self).frac() > 1 ==> self@ == old(self)@,
res.frac() == 1,
res.id() == self.id(),
res.resource() == old(self)@,
old(self).frac() == 1 ==> self.is_empty(),
self.wf(),

Splits a Frac with fraction 1.

Source

pub proof fn split(tracked &mut self, n: int) -> tracked res : Frac<T, TOTAL>

requires
1 <= n <= old(self).frac(),
ensures
self.id() == old(self).id(),
self.frac() + n == old(self).frac(),
old(self).frac() > n ==> self@ == old(self)@,
res.frac() == n,
res.id() == self.id(),
res.resource() == old(self)@,
old(self).frac() == n ==> self.is_empty(),
self.wf(),

Splits a Frac with the given fraction.

Source

pub proof fn combine(tracked &mut self, tracked other: Frac<T, TOTAL>)

requires
old(self).id() == other.id(),
ensures
old(self).frac() + other.frac() > TOTAL ==> false,
old(self).frac() + other.frac() <= TOTAL
    ==> {
        &&& self.id() == old(self).id()
        &&& self.resource() == other.resource()
        &&& self.frac() == old(self).frac() + other.frac()
        &&& self.wf()
        &&& old(self).frac() > 0 ==> self@ == old(self)@

    },

Combines a Frac.

Source

pub proof fn validate(tracked &self)

ensures
self.wf(),

FracResource satisfies the type invariant.

Source

pub proof fn validate_full(tracked &self)

requires
self.is_full(),
ensures
self.not_empty(),
self.frac() == TOTAL,
self.wf(),
Source

pub proof fn validate_with_frac(tracked &self, tracked frac: &Frac<T, TOTAL>)

requires
self.id() == frac.id(),
self.frac() > 0,
ensures
self.resource() == frac.resource(),
Source

pub proof fn take_resource(tracked self) -> tracked (T, Empty<T, TOTAL>)

requires
self.is_full(),
ensures
res == self@,
empty.id() == self.id(),

Consumes the token and takes out the resource.

Source

pub proof fn update(tracked &mut self, tracked value: T) -> tracked res : T

requires
old(self).is_full(),
ensures
self.is_full(),
res == old(self)@,
self.id() == old(self).id(),
self.wf(),

Updates the resource stored in this FracResource and retunrs the old resource if it exists. The fraction must be full before the update.

Auto Trait Implementations§

§

impl<T, const TOTAL: u64> Freeze for FracResource<T, TOTAL>

§

impl<T, const TOTAL: u64> RefUnwindSafe for FracResource<T, TOTAL>
where T: RefUnwindSafe,

§

impl<T, const TOTAL: u64> Send for FracResource<T, TOTAL>
where T: Send + Sync,

§

impl<T, const TOTAL: u64> Sync for FracResource<T, TOTAL>
where T: Sync + Send,

§

impl<T, const TOTAL: u64> Unpin for FracResource<T, TOTAL>
where T: Unpin,

§

impl<T, const TOTAL: u64> UnwindSafe for FracResource<T, TOTAL>
where T: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

§

fn obeys_from_spec() -> bool

§

fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> T

§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

§

fn obeys_into_spec() -> bool

§

fn into_spec(self) -> U

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

§

fn obeys_try_from_spec() -> bool

§

fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

§

fn obeys_try_into_spec() -> bool

§

fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>