PCell

vstd::cell

Struct PCell 

Source 
pub struct PCell<V> { /* private fields */ }
👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
Expand description

Now deprecated See pcell::PCell or pcell_maybe_uninit::PCell instead

PCell<V> (which stands for “permissioned call”) is the primitive Verus Cell type.

Technically, it is a wrapper around core::cell::UnsafeCell<core::mem::MaybeUninit<V>>, and thus has the same runtime properties: there are no runtime checks (as there would be for Rust’s traditional core::cell::RefCell). Its data may be uninitialized.

Furthermore (and unlike both core::cell::Cell and core::cell::RefCell), a PCell<V> may be Sync (depending on V). Thanks to verification, Verus ensures that access to the cell is data-race-free.

PCell uses a ghost permission token similar to simple_pptr::PPtr – see the simple_pptr::PPtr documentation for the basics. For PCell, the associated type of the permission token is cell::PointsTo.

§Differences from PPtr.

The key difference is that, whereas simple_pptr::PPtr represents a fixed address in memory, a PCell has no fixed address because a PCell might be moved. As such, the pcell.id() does not correspond to a memory address; rather, it is a unique identifier that is fixed for a given cell, even when it is moved.

The arbitrary ID given by pcell.id() is of type CellId. Despite the fact that it is, in some ways, “like a pointer”, note that CellId does not support any meangingful arithmetic, has no concept of a “null ID”, and has no runtime representation.

Also note that the PCell might be dropped before the PointsTo token is dropped, although in that case it will no longer be possible to use the PointsTo in exec code to extract data from the cell.

Implementations§

Source§

impl<V> PCell<V>

Source

pub uninterp fn id(&self) -> CellId

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead

A unique ID for the cell.

Source

pub const exec fn empty() -> pt : (PCell<V>, Tracked<PointsTo<V>>)

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
ensures
pt.1@@ === pcell_points![pt.0.id() => MemContents::Uninit],

Return an empty (“uninitialized”) cell.

Source

pub const exec fn new(v: V) -> pt : (PCell<V>, Tracked<PointsTo<V>>)

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
ensures
pt.1@@ === pcell_points![pt.0.id() => MemContents::Init(v)],
Source

pub exec fn put(&self, Tracked(perm): Tracked<&mut PointsTo<V>>, v: V)

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
old(perm)@ === pcell_points![self.id() => MemContents::Uninit],
ensures
perm@ === pcell_points![self.id() => MemContents::Init(v)],
Source

pub exec fn take(&self, Tracked(perm): Tracked<&mut PointsTo<V>>) -> v : V

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
self.id() === old(perm)@.pcell,
old(perm).is_init(),
ensures
perm.id() === old(perm)@.pcell,
perm.mem_contents() === MemContents::Uninit,
v === old(perm).value(),
Source

pub exec fn replace(&self, Tracked(perm): Tracked<&mut PointsTo<V>>, in_v: V) -> out_v : V

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
self.id() === old(perm)@.pcell,
old(perm).is_init(),
ensures
perm.id() === old(perm)@.pcell,
perm.mem_contents() === MemContents::Init(in_v),
out_v === old(perm).value(),
Source

pub exec fn borrow<'a>(&'a self, Tracked(perm): Tracked<&'a PointsTo<V>>) -> v : &'a V

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
self.id() === perm@.pcell,
perm.is_init(),
ensures
*v === perm.value(),
Source

pub exec fn into_inner(self, Tracked(perm): Tracked<PointsTo<V>>) -> v : V

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
self.id() === perm@.pcell,
perm.is_init(),
ensures
v === perm.value(),
Source§

impl<V: Copy> PCell<V>

Source

pub exec fn write(&self, Tracked(perm): Tracked<&mut PointsTo<V>>, in_v: V)

👎Deprecated: use vstd::cell::pcell::PCell or vstd::cell::pcell_maybe_uninit::PCell instead
requires
self.id() === old(perm)@.pcell,
old(perm).is_init(),
ensures
perm.id() === old(perm)@.pcell,
perm.mem_contents() === MemContents::Init(in_v),

Trait Implementations§

Source§

impl<T> Send for PCell<T>

Source§

impl<T> Sync for PCell<T>

PCell is always safe to Send or Sync. Rather, it is the PointsTo object where Send and Sync matter. (It doesn’t matter if you move the bytes to another thread if you can’t access them.)

Auto Trait Implementations§

§

impl<V> !Freeze for PCell<V>

§

impl<V> !RefUnwindSafe for PCell<V>

§

impl<V> Unpin for PCell<V>
where V: Unpin,

§

impl<V> UnwindSafe for PCell<V>
where V: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, VERUS_SPEC__A> FromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: From<T>,

Source§

exec fn obeys_from_spec() -> bool

Source§

exec fn from_spec(v: T) -> VERUS_SPEC__A

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, VERUS_SPEC__A> IntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: Into<T>,

Source§

exec fn obeys_into_spec() -> bool

Source§

exec fn into_spec(self) -> T

Source§

impl<T, U> IntoSpecImpl<U> for T
where U: From<T>,

Source§

open spec fn obeys_into_spec() -> bool

{ <U as FromSpec<Self>>::obeys_from_spec() }
Source§

open spec fn into_spec(self) -> U

{ U::from_spec(self) }
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryFrom<T>,

Source§

exec fn obeys_try_from_spec() -> bool

Source§

exec fn try_from_spec( v: T, ) -> Result<VERUS_SPEC__A, <VERUS_SPEC__A as TryFrom<T>>::Error>

Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__A
where VERUS_SPEC__A: TryInto<T>,

Source§

exec fn obeys_try_into_spec() -> bool

Source§

exec fn try_into_spec(self) -> Result<T, <VERUS_SPEC__A as TryInto<T>>::Error>

Source§

impl<T, U> TryIntoSpecImpl<U> for T
where U: TryFrom<T>,

Source§

open spec fn obeys_try_into_spec() -> bool

{ <U as TryFromSpec<Self>>::obeys_try_from_spec() }
Source§

open spec fn try_into_spec(self) -> Result<U, <U as TryFrom<T>>::Error>

{ <U as TryFromSpec<Self>>::try_from_spec(self) }