Skip to content

Commit 6a6bd64

Browse files
tautschnigtautschnig
committed
Add some ensures clauses
1 parent 617ba54 commit 6a6bd64

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

library/core/src/alloc/layout.rs

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
// collections, resulting in having to optimize down excess IR multiple times.
55
// Your performance intuition is useless. Run perf.
66

7-
use safety::requires;
7+
use safety::{ensures, requires};
88
use crate::cmp;
99
use crate::error::Error;
1010
use crate::fmt;
@@ -71,6 +71,7 @@ impl Layout {
7171
#[rustc_const_stable(feature = "const_alloc_layout_size_align", since = "1.50.0")]
7272
#[inline]
7373
#[rustc_allow_const_fn_unstable(ptr_alignment_type)]
74+
#[ensures(|result| result.is_err() || align.is_power_of_two())]
7475
pub const fn from_size_align(size: usize, align: usize) -> Result<Self, LayoutError> {
7576
if !align.is_power_of_two() {
7677
return Err(LayoutError);
@@ -145,6 +146,7 @@ impl Layout {
145146
without modifying the layout"]
146147
#[inline]
147148
#[rustc_allow_const_fn_unstable(ptr_alignment_type)]
149+
#[ensures(|result| result.is_power_of_two())]
148150
pub const fn align(&self) -> usize {
149151
self.align.as_usize()
150152
}
@@ -154,6 +156,7 @@ impl Layout {
154156
#[rustc_const_stable(feature = "alloc_layout_const_new", since = "1.42.0")]
155157
#[must_use]
156158
#[inline]
159+
#[ensures(|result| result.align().is_power_of_two())]
157160
pub const fn new<T>() -> Self {
158161
let (size, align) = size_align::<T>();
159162
// SAFETY: if the type is instantiated, rustc already ensures that its
@@ -169,6 +172,7 @@ impl Layout {
169172
#[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
170173
#[must_use]
171174
#[inline]
175+
#[ensures(|result| result.align().is_power_of_two())]
172176
pub const fn for_value<T: ?Sized>(t: &T) -> Self {
173177
let (size, align) = (mem::size_of_val(t), mem::align_of_val(t));
174178
// SAFETY: see rationale in `new` for why this is using the unsafe variant
@@ -203,6 +207,7 @@ impl Layout {
203207
#[unstable(feature = "layout_for_ptr", issue = "69835")]
204208
#[rustc_const_unstable(feature = "const_alloc_layout", issue = "67521")]
205209
#[must_use]
210+
#[ensures(|result| result.align().is_power_of_two())]
206211
pub const unsafe fn for_value_raw<T: ?Sized>(t: *const T) -> Self {
207212
// SAFETY: we pass along the prerequisites of these functions to the caller
208213
let (size, align) = unsafe { (mem::size_of_val_raw(t), mem::align_of_val_raw(t)) };
@@ -220,6 +225,7 @@ impl Layout {
220225
#[rustc_const_unstable(feature = "alloc_layout_extra", issue = "55724")]
221226
#[must_use]
222227
#[inline]
228+
#[ensures(|result| result.is_aligned())]
223229
pub const fn dangling(&self) -> NonNull<u8> {
224230
// SAFETY: align is guaranteed to be non-zero
225231
unsafe { NonNull::new_unchecked(crate::ptr::without_provenance_mut::<u8>(self.align())) }
@@ -241,6 +247,7 @@ impl Layout {
241247
/// `align` violates the conditions listed in [`Layout::from_size_align`].
242248
#[stable(feature = "alloc_layout_manipulation", since = "1.44.0")]
243249
#[inline]
250+
#[ensures(|result| result.is_err() || result.unwrap().is_aligned())]
244251
pub fn align_to(&self, align: usize) -> Result<Self, LayoutError> {
245252
Layout::from_size_align(self.size(), cmp::max(self.align(), align))
246253
}
@@ -532,7 +539,7 @@ mod verify {
532539
}
533540

534541
// pub const fn size(&self) -> usize
535-
#[kani::proof_for_contract(Layout::size)]
542+
#[kani::proof]
536543
pub fn check_size() {
537544
let s = kani::any::<usize>();
538545
let a = kani::any::<usize>();

0 commit comments

Comments
 (0)