-
Notifications
You must be signed in to change notification settings - Fork 78
/
Copy patheven_cell.rs
52 lines (40 loc) · 1.27 KB
/
even_cell.rs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
use vstd::prelude::*;
use vstd::invariant::*;
use vstd::cell::*;
verus!{
ghost struct EvenCell { }
impl InvariantPredicate<CellId, PointsTo<u8>> for EvenCell {
open spec fn inv(cell_id: CellId, points_to: PointsTo<u8>) -> bool {
points_to.id() == cell_id
&& (match points_to.opt_value() {
None => false,
Some(x) => x % 2 == 0,
})
}
}
fn add_2(cell: &PCell<u8>, Tracked(inv): Tracked<&LocalInvariant<CellId, PointsTo<u8>, EvenCell>>)
requires inv.constant() == cell.id(),
{
open_local_invariant!(inv => points_to => {
assert(points_to.is_init());
assert(points_to.value() % 2 == 0);
let x = cell.take(Tracked(&mut points_to));
assert(x % 2 == 0);
// Add 2 (wrap around if necessary)
let x_plus_2 = if x == 254 { 0 } else { x + 2 };
cell.put(Tracked(&mut points_to), x_plus_2);
assert(points_to.is_init());
assert(points_to.value() % 2 == 0);
});
}
fn main() {
let (cell, Tracked(points_to)) = PCell::new(4);
let tracked inv = LocalInvariant::new(
cell.id(),
points_to,
1337 /* arbitrary namespace */);
add_2(&cell, Tracked(&inv));
add_2(&cell, Tracked(&inv));
add_2(&cell, Tracked(&inv));
}
}