Limit shift

Author: tautschnig

library/core/src/alloc/layout.rs

@@ -507,11 +507,12 @@ mod verify {
 
     #[kani::proof_for_contract(Layout::from_size_align_unchecked)]
     pub fn check_from_size_align_unchecked() {
-        let s = kani::any::<usize>();
-        let shift_index = kani::any::<u8>();
+        let shift_index = kani::any::<usize>();
+        kani::assume(shift_index < core::mem::size_of::<usize>() * 8);
         let a : usize = 1 << shift_index;
-
         kani::assume(a > 0);
+
+        let s = kani::any::<usize>();
         kani::assume(s <= isize::MAX as usize - (a - 1));
 
         unsafe {