Skip to main content

StoreCommitter

creusot_std::std::sync::atomic_relacq

Struct StoreCommitter 

Source 
pub struct StoreCommitter<T, C: Container<Value = FMap<Timestamp, (T, SyncView)>>>(/* private fields */);
Expand description

Wrapper around a single atomic operation, where multiple ghost steps can be performed.

Implementations§

Source§

impl<T, C: Container<Value = FMap<Timestamp, (T, SyncView)>> + HasTimestamp> StoreCommitter<T, C>

Source

pub fn shot(self) -> bool

Status of the committer

logic(opaque)

Source

pub fn ward(self) -> C

Identity of the committer

This is used so that we can only use the committer with the right [AtomicOwn].

logic(opaque)

Source

pub fn val(self) -> T

Value held by the [AtomicOwn], before the [shoot].

logic(opaque)

Source

pub fn shoot(&mut self, own: &mut Perm<C>, view: &mut SyncView) -> Timestamp

‘Shoot’ the committer

This does the write on the atomic in ghost code, and can only be called once.

requires 

!(*self).shot()

requires 

self.ward() == *(*own).ward()

ensures 

(^self).shot()

ensures 

(*self).ward() == (^self).ward() && (*self).val() == (^self).val()

ensures 

(*own).ward() == (^own).ward()

ensures 

(*view).le_log(^view)

ensures 

(*self).ward().get_timestamp(*view) < result

ensures 

result <= (*self).ward().get_timestamp(^view)

ensures 

(*own).val().get(result) == None

ensures 

*(^own).val() == (*own).val().insert(result, ((*self).val(), (*view)))

terminates

ghost

Auto Trait Implementations§

§

impl<T, C> Freeze for StoreCommitter<T, C>

§

impl<T, C> Objective for StoreCommitter<T, C>
where T: Objective, C: Objective,

§

impl<T, C> RefUnwindSafe for StoreCommitter<T, C>
where T: RefUnwindSafe, C: RefUnwindSafe,

§

impl<T, C> Send for StoreCommitter<T, C>
where T: Send, C: Send,

§

impl<T, C> Sync for StoreCommitter<T, C>
where T: Sync, C: Sync,

§

impl<T, C> Unpin for StoreCommitter<T, C>
where T: Unpin, C: Unpin,

§

impl<T, C> UnsafeUnpin for StoreCommitter<T, C>

§

impl<T, C> UnwindSafe for StoreCommitter<T, C>
where T: UnwindSafe, C: UnwindSafe,

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.