pub struct GhostISingleton<T> { /* private fields */ }Expand description
A resource that has client ownership of a singleton
The existence of a GhostISingleton implies that:
- The value will remain in the set;
- All other
GhostISubset/GhostISingletonare disjoint subsets of the domain
Implementations§
Source§impl<T> GhostISingleton<T>
impl<T> GhostISingleton<T>
Sourcepub proof fn agree(tracked self: &GhostISingleton<T>, tracked auth: &GhostISetAuth<T>)
pub proof fn agree(tracked self: &GhostISingleton<T>, tracked auth: &GhostISetAuth<T>)
self.id() == auth.id(),ensuresauth@.contains(self@),Agreement between a GhostISingleton and a corresponding GhostISetAuth
Verus might not have full context of the GhostISetAuth and a corresponding GhostISingleton.
However, whenever we know that they refer to the same resource (i.e., have matching ids) we
can assert that the GhostISingleton is a subset of the GhostISetAuth.
proof fn test(tracked &auth: GhostISetAuth<int>, tracked &pt: GhostISingleton<int>)
requires
auth.id() == sub.id(),
pt@ == 1int
ensures
auth@.contains(1int)
{
pt.agree(auth);
assert(auth@.contains(1int));
}Sourcepub proof fn combine(tracked self, tracked other: GhostISingleton<T>) -> tracked r : GhostISubset<T>
pub proof fn combine(tracked self, tracked other: GhostISingleton<T>) -> tracked r : GhostISubset<T>
self.id() == other.id(),ensuresr.id() == self.id(),r@ == iset![self @, other @],self@ != other@,We can combine two GhostISingletons into a GhostISubset
We also learn that they were disjoint.
Sourcepub proof fn disjoint(tracked &mut self, tracked other: &GhostISingleton<T>)
pub proof fn disjoint(tracked &mut self, tracked other: &GhostISingleton<T>)
old(self).id() == other.id(),ensuresfinal(self).id() == old(self).id(),final(self)@ == old(self)@,final(self)@ != other@,Shows that if a two GhostISingletons are not owning the same value
Sourcepub proof fn disjoint_persistent(tracked &mut self, tracked other: &GhostPersistentISingleton<T>)
pub proof fn disjoint_persistent(tracked &mut self, tracked other: &GhostPersistentISingleton<T>)
old(self).id() == other.id(),ensuresfinal(self).id() == old(self).id(),final(self)@ == old(self)@,final(self)@ != other@,Shows that if a GhostISingleton and a GhostPersistentISingleton are not owning the same value
Sourcepub proof fn disjoint_subset(tracked &mut self, tracked other: &GhostISubset<T>)
pub proof fn disjoint_subset(tracked &mut self, tracked other: &GhostISubset<T>)
old(self).id() == other.id(),ensuresfinal(self).id() == old(self).id(),final(self)@ == old(self)@,!other@.contains(final(self)@),Shows that if a GhostISingleton and a GhostISubset are not owning the same value
Sourcepub proof fn disjoint_persistent_subset(tracked &mut self, tracked other: &GhostPersistentISubset<T>)
pub proof fn disjoint_persistent_subset(tracked &mut self, tracked other: &GhostPersistentISubset<T>)
old(self).id() == other.id(),ensuresfinal(self).id() == old(self).id(),final(self)@ == old(self)@,!other@.contains(final(self)@),Shows that if a GhostISingleton and a GhostPersistentISubset are not owning the same value
Sourcepub proof fn subset(tracked self) -> tracked r : GhostISubset<T>
pub proof fn subset(tracked self) -> tracked r : GhostISubset<T>
r.id() == self.id(),r@ == iset![self @],Convert the GhostISingleton a GhostISubset
Sourcepub proof fn persist(tracked self) -> tracked r : GhostPersistentISingleton<T>
pub proof fn persist(tracked self) -> tracked r : GhostPersistentISingleton<T>
self@ == r@,self.id() == r.id(),Converting a GhostISingleton into a GhostPersistentISingleton
Auto Trait Implementations§
impl<T> Freeze for GhostISingleton<T>
impl<T> RefUnwindSafe for GhostISingleton<T>where
T: RefUnwindSafe,
impl<T> Send for GhostISingleton<T>where
T: Send,
impl<T> Sync for GhostISingleton<T>where
T: Sync,
impl<T> Unpin for GhostISingleton<T>where
T: Unpin,
impl<T> UnsafeUnpin for GhostISingleton<T>
impl<T> UnwindSafe for GhostISingleton<T>where
T: UnwindSafe,
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Source§impl<T, U> IntoSpecImpl<U> for Twhere
U: From<T>,
impl<T, U> IntoSpecImpl<U> for Twhere
U: From<T>,
Source§impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__Awhere
VERUS_SPEC__A: TryFrom<T>,
impl<T, VERUS_SPEC__A> TryFromSpec<T> for VERUS_SPEC__Awhere
VERUS_SPEC__A: TryFrom<T>,
Source§exec fn obeys_try_from_spec() -> bool
exec fn obeys_try_from_spec() -> bool
Source§impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__Awhere
VERUS_SPEC__A: TryInto<T>,
impl<T, VERUS_SPEC__A> TryIntoSpec<T> for VERUS_SPEC__Awhere
VERUS_SPEC__A: TryInto<T>,
Source§exec fn obeys_try_into_spec() -> bool
exec fn obeys_try_into_spec() -> bool
Source§impl<T, U> TryIntoSpecImpl<U> for Twhere
U: TryFrom<T>,
impl<T, U> TryIntoSpecImpl<U> for Twhere
U: TryFrom<T>,
Source§open spec fn obeys_try_into_spec() -> bool
open spec fn obeys_try_into_spec() -> bool
{ <U as TryFromSpec<Self>>::obeys_try_from_spec() }