Struct vstd::raw_ptr::PointsTo

source · 
pub struct PointsTo<T> { /* private fields */ }
Expand description

Permission to access possibly-initialized, typed memory.

Implementations§

source§

impl<T> PointsTo<T>

source

pub open spec fn ptr(&self) -> *mut T

{ self.view().ptr }
source

pub open spec fn opt_value(&self) -> MemContents<T>

{ self.view().opt_value }
source

pub open spec fn is_init(&self) -> bool

{ self.opt_value().is_init() }
source

pub open spec fn is_uninit(&self) -> bool

{ self.opt_value().is_uninit() }
source

pub open spec fn value(&self) -> T

{ self.opt_value().value() }
source

pub proof fn is_nonnull(tracked &self)

requires
size_of::<T>() != 0,
ensures
self@.ptr@.addr != 0,

Guarantee that the PointsTo for any non-zero-sized type points to a non-null address.

source

pub proof fn leak_contents(tracked &mut self)

ensures
self.ptr() == old(self).ptr(),
self.is_uninit(),

“Forgets” about the value stored behind the pointer. Updates the PointsTo value to MemContents::Uninit. Note that this is a proof function, i.e., it is operationally a no-op in executable code, even on the Rust Abstract Machine. Only the proof-code representation changes.

source

pub proof fn is_disjoint<S>(&mut self, other: &PointsTo<S>)

ensures
*old(self) == *self,
self.ptr() as int + size_of::<T>() <= other.ptr() as int
    || other.ptr() as int + size_of::<S>() <= self.ptr() as int,

Note: If both S and T are non-zero-sized, then this implies the pointers have distinct addresses.

source§

impl<V> PointsTo<V>

source

pub proof fn into_raw(tracked self) -> tracked points_to_raw : PointsToRaw

requires
self.is_uninit(),
ensures
points_to_raw.is_range(self.ptr().addr() as int, size_of::<V>() as int),
points_to_raw.provenance() == self.ptr()@.provenance,
is_sized::<V>(),

Trait Implementations§

source§

impl<T> View for PointsTo<T>

source§

spec fn view(&self) -> Self::V

§

type V = PointsToData<T>

Auto Trait Implementations§

§

impl<T> Freeze for PointsTo<T>

§

impl<T> RefUnwindSafe for PointsTo<T>
where T: RefUnwindSafe,

§

impl<T> Send for PointsTo<T>
where T: Send,

§

impl<T> Sync for PointsTo<T>
where T: Sync,

§

impl<T> Unpin for PointsTo<T>
where T: Unpin,

§

impl<T> UnwindSafe for PointsTo<T>
where T: UnwindSafe,

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.