Skip to content

Commit 08d6f58

Browse files
tautschnigtautschnig
committed
Fix syntax errors, add ensures
1 parent 6a6bd64 commit 08d6f58

File tree

1 file changed

+13
-8
lines changed

1 file changed

+13
-8
lines changed

library/core/src/alloc/layout.rs

Lines changed: 13 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -156,7 +156,6 @@ impl Layout {
156156
#[rustc_const_stable(feature = "alloc_layout_const_new", since = "1.42.0")]
157157
#[must_use]
158158
#[inline]
159-
#[ensures(|result| result.align().is_power_of_two())]
160159
pub const fn new<T>() -> Self {
161160
let (size, align) = size_align::<T>();
162161
// SAFETY: if the type is instantiated, rustc already ensures that its
@@ -247,7 +246,7 @@ impl Layout {
247246
/// `align` violates the conditions listed in [`Layout::from_size_align`].
248247
#[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
249248
#[inline]
250-
#[ensures(|result| result.is_err() || result.unwrap().is_aligned())]
249+
#[ensures(|result| result.is_err() || result.as_ref().unwrap().align() >= align)]
251250
pub fn align_to(&self, align: usize) -> Result<Self, LayoutError> {
252251
Layout::from_size_align(self.size(), cmp::max(self.align(), align))
253252
}
@@ -273,6 +272,7 @@ impl Layout {
273272
#[must_use = "this returns the padding needed, \
274273
without modifying the `Layout`"]
275274
#[inline]
275+
#[ensures(|result| *result <= align)]
276276
pub const fn padding_needed_for(&self, align: usize) -> usize {
277277
let len = self.size();
278278

@@ -309,6 +309,7 @@ impl Layout {
309309
#[must_use = "this returns a new `Layout`, \
310310
without modifying the original"]
311311
#[inline]
312+
#[ensures(|result| result.size() % result.align() == 0)]
312313
pub const fn pad_to_align(&self) -> Layout {
313314
let pad = self.padding_needed_for(self.align());
314315
// This cannot overflow. Quoting from the invariant of Layout:
@@ -331,6 +332,7 @@ impl Layout {
331332
/// On arithmetic overflow, returns `LayoutError`.
332333
#[unstable(feature = "alloc_layout_extra", issue = "55724")]
333334
#[inline]
335+
#[ensures(|result| result.is_err() || result.as_ref().unwrap().1 % n == 0)]
334336
pub fn repeat(&self, n: usize) -> Result<(Self, usize), LayoutError> {
335337
// This cannot overflow. Quoting from the invariant of Layout:
336338
// > `size`, when rounded up to the nearest multiple of `align`,
@@ -391,6 +393,7 @@ impl Layout {
391393
/// ```
392394
#[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
393395
#[inline]
396+
#[ensures(|result| result.is_err() || result.as_ref().unwrap().1 <= result.as_ref().unwrap().0.size())]
394397
pub fn extend(&self, next: Self) -> Result<(Self, usize), LayoutError> {
395398
let new_align = cmp::max(self.align, next.align);
396399
let pad = self.padding_needed_for(next.align());
@@ -417,6 +420,7 @@ impl Layout {
417420
/// On arithmetic overflow, returns `LayoutError`.
418421
#[unstable(feature = "alloc_layout_extra", issue = "55724")]
419422
#[inline]
423+
#[ensures(|result| result.is_err() || result.as_ref().unwrap().size() % n == 0)]
420424
pub fn repeat_packed(&self, n: usize) -> Result<Self, LayoutError> {
421425
let size = self.size().checked_mul(n).ok_or(LayoutError)?;
422426
// The safe constructor is called here to enforce the isize size limit.
@@ -431,6 +435,7 @@ impl Layout {
431435
/// On arithmetic overflow, returns `LayoutError`.
432436
#[unstable(feature = "alloc_layout_extra", issue = "55724")]
433437
#[inline]
438+
#[ensures(|result| result.is_err() || result.as_ref().unwrap().size() <= next.size())]
434439
pub fn extend_packed(&self, next: Self) -> Result<Self, LayoutError> {
435440
let new_size = self.size().checked_add(next.size()).ok_or(LayoutError)?;
436441
// The safe constructor is called here to enforce the isize size limit.
@@ -563,23 +568,23 @@ mod verify {
563568
}
564569

565570
// pub const fn new<T>() -> Self
566-
#[kani::proof_for_contract(Layout::new<i32>)]
571+
#[kani::proof]
567572
pub fn check_new_i32() {
568573
let layout = Layout::new::<i32>();
569574
assert_eq!(layout.size(), 4);
570575
assert!(layout.align().is_power_of_two());
571576
}
572577

573578
// pub const fn for_value<T: ?Sized>(t: &T) -> Self
574-
#[kani::proof_for_contract(Layout::for_value<i32>)]
579+
#[kani::proof_for_contract(Layout::for_value)]
575580
pub fn check_for_value_i32() {
576581
let array : [i32; 2] = [1, 2];
577582
let layout = Layout::for_value::<[i32]>(&array[1 .. 1]);
578583
assert!(layout.align().is_power_of_two());
579584
}
580585

581586
// pub const unsafe fn for_value_raw<T: ?Sized>(t: *const T) -> Self
582-
#[kani::proof_for_contract(Layout::for_value_raw<i32>)]
587+
#[kani::proof_for_contract(Layout::for_value_raw)]
583588
pub fn check_for_value_raw_i32() {
584589
unsafe {
585590
let layout = Layout::for_value_raw::<[i32]>(&[] as *const [i32]);
@@ -654,9 +659,9 @@ mod verify {
654659
unsafe {
655660
let layout = Layout::from_size_align_unchecked(s, a);
656661
let n = kani::any::<usize>();
657-
if let Ok((layout2, padding)) = layout.repeat(n) {
662+
if let Ok((layout2, padded_size)) = layout.repeat(n) {
658663
assert!(n == 0 || layout2.size() >= s);
659-
assert!(n == 0 || padding < a);
664+
assert_eq!(layout2.size(), n * padded_size);
660665
}
661666
}
662667
}
@@ -715,7 +720,7 @@ mod verify {
715720
}
716721

717722
// pub const fn array<T>(n: usize) -> Result<Self, LayoutError>
718-
#[kani::proof_for_contract(Layout::array<i32>)]
723+
#[kani::proof]
719724
pub fn check_array_i32() {
720725
let n = kani::any::<usize>();
721726
if let Ok(layout) = Layout::array::<i32>(n) {

0 commit comments

Comments
 (0)