Struct creusot_contracts::ghost::GhostBox

source · 
pub struct GhostBox<T>(/* private fields */)
where
    T: ?Sized;
Expand description

A type that can be used in ghost context.

This type may be used to make more complicated proofs possible. In particular, some proof may need a notion of non-duplicable token to carry around.

Conceptually, a GhostBox<T> is a pointer to an item of type T that resides in a special “ghost” heap. This heap is inaccessible from normal code, and GhostBox values cannot be used to influence the behavior of normal code.

This box can be dereferenced in a ghost block:

let b: GhostBox<i32> = GhostBox::new(1);
ghost! {
    let value: i32 = *b;
    // use value here
}
let value: i32 = *b; // compile error !

Implementations§

source§

impl<T: ?Sized> GhostBox<T>

source

pub fn borrow(&self) -> GhostBox<&T>

Transforms a &GhostBox<T> into GhostBox<&T>.

pure

ensures 

*result.0 == &*self.0

source

pub fn borrow_mut(&mut self) -> GhostBox<&mut T>

Transforms a &mut GhostBox<T> into a GhostBox<&mut T>.

pure

ensures 

*result.0 == &mut *self.0

source

pub fn conjure() -> Self

Conjures a GhostBox<T> out of thin air. This would be unsound in verified code, hence the false precondition. This function is nevertheless useful to create a GhostBox in “trusted” contexts, when axiomatizing an API that is believed to be sound for external reasons.

requires 

false

source§

impl<T> GhostBox<T>

source

pub fn new(x: T) -> Self

Creates a new ghost variable.

This function can only be called in ghost! code.

pure

ensures 

*result.0 == x

source

pub fn into_inner(self) -> T

Returns the inner value of the GhostBox.

This function can only be called in ghost! context.

pure

ensures 

result == *self.0

source

pub fn inner_logic(self) -> T

Returns the inner value of the GhostBox.

You should prefer the dereference operator * instead.

logic 

*self.0

Trait Implementations§

source§

impl<T: ?Sized + Clone> Clone for GhostBox<T>

source§

fn clone(&self) -> Self

ensures 

result == *self

1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl<T: ?Sized> Deref for GhostBox<T>

source§

fn deref(&self) -> &Self::Target

This function can only be called in ghost! context

pure

ensures 

*(*self).0 == *result

§

type Target = T

The resulting type after dereferencing.
source§

impl<T: ?Sized> DerefMut for GhostBox<T>

source§

fn deref_mut(&mut self) -> &mut Self::Target

This function can only be called in ghost! context

pure

ensures 

result == &mut *self.0

source§

impl<T: ?Sized> Resolve for GhostBox<T>

source§

fn resolve(self) -> bool

logic(prophetic) 

resolve(&self.0)

source§

fn resolve_coherence(&self)

logic(prophetic)

requires 

structural_resolve(&self)

ensures 

(*self).resolve()

source§

impl<T: View + ?Sized> View for GhostBox<T>

source§

fn view(self) -> Self::ViewTy

logic 

self.0.view()

§

type ViewTy = <T as View>::ViewTy

Auto Trait Implementations§

§

impl<T> Freeze for GhostBox<T>
where T: ?Sized,

§

impl<T> !RefUnwindSafe for GhostBox<T>

§

impl<T> !Send for GhostBox<T>

§

impl<T> !Sync for GhostBox<T>

§

impl<T> Unpin for GhostBox<T>
where T: ?Sized,

§

impl<T> !UnwindSafe for GhostBox<T>

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> CloneToUninit for T
where T: Clone,

source§

default unsafe fn clone_to_uninit(&self, dst: *mut T)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dst. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<T> MakeSized for T
where T: ?Sized,

source§

fn make_sized(&self) -> Box<T>

logic

ensures 

*result == *self

source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.