AtomicI32

creusot_std::std::sync

Struct AtomicI32 

Source 
pub struct AtomicI32(/* private fields */);
Expand description

Creusot wrapper around std::sync::atomic::AtomicI32

Implementations§

Source§

impl AtomicI32

Source

pub fn new(val: i32) -> (Self, Ghost<Box<Perm<AtomicI32>>>)

ensures 

*result.1.val() == val

ensures 

*result.1.ward() == result.0

terminates

Source

pub fn fetch_add<'a, A, F>(&'a self, val: i32, f: Ghost<F>) -> (i32, Ghost<A>)
where F: FnGhost + FnOnce(&'a mut Committer) -> A,

Wrapper for std::sync::atomic::AtomicI32::fetch_add.

The fetch and the store are always sequentially consistent.

requires

forall<c: &mut Committer> !c.shot() ==> c.ward() == *self ==> c.new_value() == val + c.old_value() ==>
        f.precondition((c,)) &&
        (forall<r> f.postcondition_once((c,), r) ==> (^c).shot())

ensures

exists<c: &mut Committer>
        !c.shot() && c.ward() == *self && c.new_value() == val + c.old_value() &&
        c.old_value() == result.0 &&
        f.postcondition_once((c,), *(result.1))
Source

pub fn store<'a, A, F>(&'a self, val: i32, f: Ghost<F>) -> Ghost<A>
where F: FnGhost + FnOnce(&'a mut Committer) -> A,

Wrapper for std::sync::atomic::AtomicI32::store.

The store is always sequentially consistent.

requires

forall<c: &mut Committer> !c.shot() ==> c.ward() == *self ==> c.new_value() == val ==>
        f.precondition((c,)) &&
        (forall<r> f.postcondition_once((c,), r) ==> (^c).shot())

ensures

exists<c: &mut Committer>
        !c.shot() && c.ward() == *self && c.new_value() == val &&
        f.postcondition_once((c,), *result)
Source

pub fn into_inner(self, own: Ghost<Box<Perm<AtomicI32>>>) -> i32

Wrapper for std::sync::atomic::AtomicI32::into_inner.

requires 

self == *own.ward()

ensures 

result == *own.val()

Trait Implementations§

Source§

impl Container for AtomicI32

Source§

fn is_disjoint(&self, _: &Self::Value, other: &Self, _: &Self::Value) -> bool

(open, inline) 

self != other

Source§

type Value = i32

Auto Trait Implementations§

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.