Module vstd::raw_ptr

Tools and reasoning principles for raw pointers. The tools here are meant to address “real Rust pointers, including all their subtleties on the Rust Abstract Machine, to the largest extent that is reasonable.”

For a gentler introduction to some of the concepts here, see PPtr, which uses a much-simplified pointer model.

Pointer model

A pointer consists of an address (ptr.addr() or ptr as usize), a provenance ptr@.provenance, and a ptr@.metadata (which is trivial except for pointers to non-sized types). Note that in spec code, pointer equality requires all 3 to be equal, whereas runtime equality (eq) only compares addresses and metadata.

*mut T vs. *const T doesn’t have any semantic different and Verus treats them as the same; they can be seamlessly cast to and fro.

Structs

• Dealloc
  Permission to perform a deallocation with the global allocator
• DeallocData
• DynMetadata
• IsExposed
• PointsTo
  Permission to access possibly-initialized, typed memory.
• PointsToData
• PointsToRaw
  PointsToRaw Variable-sized uninitialized memory.
• Provenance
• PtrData
  Model of a pointer *mut T or *const T in Rust’s abstract machine

Enums

• MemContents
  Represents (typed) contents of memory.
• Metadata
  Metadata

Functions

• allocate
• axiom_ptr_mut_from_data
• cast_array_ptr_to_slice_ptr
• cast_ptr_to_thin_ptr
• cast_ptr_to_usize
• deallocate
• ex_ptr_null
• ex_ptr_null_mut
• expose_provenance
• group_raw_ptr_axioms
• ptr_from_data
• ptr_mut_from_data
• ptr_mut_read
• ptr_mut_write
• ptr_null
• ptr_null_mut
• ptr_ref
• ptrs_mut_eq
• spec_cast_array_ptr_to_slice_ptr
• spec_cast_ptr_to_thin_ptr
• spec_cast_ptr_to_usize
• with_exposed_provenance