Skip to content

Commit 7162c25

Browse files
tautschnigtautschnig
committed
Revert "Use autoharness for num::<impl *>::wrapping_sh{l,r}"
This reverts commit 0c1b5c3.
1 parent dcc1959 commit 7162c25

File tree

2 files changed

+62
-12
lines changed

2 files changed

+62
-12
lines changed

.github/workflows/kani.yml

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -82,18 +82,6 @@ jobs:
8282
--include-pattern alloc::layout::Layout::from_size_align \
8383
--include-pattern ascii::ascii_char::AsciiChar::from_u8 \
8484
--include-pattern char::convert::from_u32_unchecked \
85-
--include-pattern "num::<impl i8>::wrapping_sh" \
86-
--include-pattern "num::<impl i16>::wrapping_sh" \
87-
--include-pattern "num::<impl i32>::wrapping_sh" \
88-
--include-pattern "num::<impl i64>::wrapping_sh" \
89-
--include-pattern "num::<impl i128>::wrapping_sh" \
90-
--include-pattern "num::<impl isize>::wrapping_sh" \
91-
--include-pattern "num::<impl u8>::wrapping_sh" \
92-
--include-pattern "num::<impl u16>::wrapping_sh" \
93-
--include-pattern "num::<impl u32>::wrapping_sh" \
94-
--include-pattern "num::<impl u64>::wrapping_sh" \
95-
--include-pattern "num::<impl u128>::wrapping_sh" \
96-
--include-pattern "num::<impl usize>::wrapping_sh" \
9785
--include-pattern "num::nonzero::NonZero::<i8>::count_ones" \
9886
--include-pattern "num::nonzero::NonZero::<i16>::count_ones" \
9987
--include-pattern "num::nonzero::NonZero::<i32>::count_ones" \

library/core/src/num/mod.rs

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1752,6 +1752,19 @@ mod verify {
17521752
}
17531753
}
17541754

1755+
// Verify `wrapping_{shl, shr}` which internally uses `unchecked_{shl,shr}`
1756+
macro_rules! generate_wrapping_shift_harness {
1757+
($type:ty, $method:ident, $harness_name:ident) => {
1758+
#[kani::proof_for_contract($type::$method)]
1759+
pub fn $harness_name() {
1760+
let num1: $type = kani::any::<$type>();
1761+
let num2: u32 = kani::any::<u32>();
1762+
1763+
let _ = num1.$method(num2);
1764+
}
1765+
};
1766+
}
1767+
17551768
// Part 3: Float to Integer Conversion function Harness Generation Macro
17561769
macro_rules! generate_to_int_unchecked_harness {
17571770
($floatType:ty, $($intType:ty, $harness_name:ident),+) => {
@@ -2129,6 +2142,55 @@ mod verify {
21292142
(u64::MAX / 2) + 10u64
21302143
);
21312144

2145+
// Part_2 `wrapping_shl` proofs
2146+
//
2147+
// Target types:
2148+
// i{8,16,32,64,128,size} and u{8,16,32,64,128,size} -- 12 types in total
2149+
//
2150+
// Target contracts:
2151+
// #[ensures(|result| *result == self << (rhs & (Self::BITS - 1)))]
2152+
//
2153+
// Target function:
2154+
// pub const fn wrapping_shl(self, rhs: u32) -> Self
2155+
//
2156+
// This function performs an panic-free bitwise left shift operation.
2157+
generate_wrapping_shift_harness!(i8, wrapping_shl, checked_wrapping_shl_i8);
2158+
generate_wrapping_shift_harness!(i16, wrapping_shl, checked_wrapping_shl_i16);
2159+
generate_wrapping_shift_harness!(i32, wrapping_shl, checked_wrapping_shl_i32);
2160+
generate_wrapping_shift_harness!(i64, wrapping_shl, checked_wrapping_shl_i64);
2161+
generate_wrapping_shift_harness!(i128, wrapping_shl, checked_wrapping_shl_i128);
2162+
generate_wrapping_shift_harness!(isize, wrapping_shl, checked_wrapping_shl_isize);
2163+
generate_wrapping_shift_harness!(u8, wrapping_shl, checked_wrapping_shl_u8);
2164+
generate_wrapping_shift_harness!(u16, wrapping_shl, checked_wrapping_shl_u16);
2165+
generate_wrapping_shift_harness!(u32, wrapping_shl, checked_wrapping_shl_u32);
2166+
generate_wrapping_shift_harness!(u64, wrapping_shl, checked_wrapping_shl_u64);
2167+
generate_wrapping_shift_harness!(u128, wrapping_shl, checked_wrapping_shl_u128);
2168+
generate_wrapping_shift_harness!(usize, wrapping_shl, checked_wrapping_shl_usize);
2169+
2170+
// Part_2 `wrapping_shr` proofs
2171+
//
2172+
// Target types:
2173+
// i{8,16,32,64,128,size} and u{8,16,32,64,128,size} -- 12 types in total
2174+
//
2175+
// Target contracts:
2176+
// #[ensures(|result| *result == self >> (rhs & (Self::BITS - 1)))]
2177+
// Target function:
2178+
// pub const fn wrapping_shr(self, rhs: u32) -> Self {
2179+
//
2180+
// This function performs an panic-free bitwise right shift operation.
2181+
generate_wrapping_shift_harness!(i8, wrapping_shr, checked_wrapping_shr_i8);
2182+
generate_wrapping_shift_harness!(i16, wrapping_shr, checked_wrapping_shr_i16);
2183+
generate_wrapping_shift_harness!(i32, wrapping_shr, checked_wrapping_shr_i32);
2184+
generate_wrapping_shift_harness!(i64, wrapping_shr, checked_wrapping_shr_i64);
2185+
generate_wrapping_shift_harness!(i128, wrapping_shr, checked_wrapping_shr_i128);
2186+
generate_wrapping_shift_harness!(isize, wrapping_shr, checked_wrapping_shr_isize);
2187+
generate_wrapping_shift_harness!(u8, wrapping_shr, checked_wrapping_shr_u8);
2188+
generate_wrapping_shift_harness!(u16, wrapping_shr, checked_wrapping_shr_u16);
2189+
generate_wrapping_shift_harness!(u32, wrapping_shr, checked_wrapping_shr_u32);
2190+
generate_wrapping_shift_harness!(u64, wrapping_shr, checked_wrapping_shr_u64);
2191+
generate_wrapping_shift_harness!(u128, wrapping_shr, checked_wrapping_shr_u128);
2192+
generate_wrapping_shift_harness!(usize, wrapping_shr, checked_wrapping_shr_usize);
2193+
21322194
// `f{16,32,64,128}::to_int_unchecked` proofs
21332195
//
21342196
// Target integer types:

0 commit comments

Comments
 (0)