@@ -502,8 +502,14 @@ impl<T: ?Sized> NonNull<T> {
502502 #[ cfg_attr( miri, track_caller) ] // even without panics, this helps for Miri backtraces
503503 #[ stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
504504 #[ rustc_const_stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
505- // TODO: add a require to check whether two pointer points to the same allocated object with `same_allocation`
506- #[ ensures( |result: & Self | {
505+ #[ kani:: requires(
506+ if ( count >= 0 ) {
507+ kani:: mem:: same_allocation( self . as_ptr( ) as * const ( ) , self . as_ptr( ) . byte_add( count as usize ) as * const ( ) )
508+ } else {
509+ kani:: mem:: same_allocation( self . as_ptr( ) as * const ( ) , self . as_ptr( ) . byte_sub( -count as usize ) as * const ( ) )
510+ }
511+ ) ]
512+ #[ kani:: ensures( |result: & Self | {
507513 if ( count >= 0 ) {
508514 let offset_ptr = self . as_ptr( ) . byte_add( count as usize ) as * mut T ;
509515 result. as_ptr( ) == offset_ptr
@@ -589,8 +595,11 @@ impl<T: ?Sized> NonNull<T> {
589595 #[ rustc_allow_const_fn_unstable( set_ptr_value) ]
590596 #[ stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
591597 #[ rustc_const_stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
592- // TODO: add a require to check whether two pointer points to the same allocated object with `same_allocation`
593- #[ ensures(
598+ #[ kani:: requires( kani:: mem:: same_allocation(
599+ self . as_ptr( ) as * const ( ) ,
600+ ( ( self . as_ptr( ) as * const ( ) as usize ) + count) as * const ( )
601+ ) ) ]
602+ #[ kani:: ensures(
594603 |result: & NonNull <T >|
595604 ( result. as_ptr( ) as * const ( ) as usize ) == ( ( self . as_ptr( ) as * const ( ) as usize ) + count)
596605 ) ]
@@ -798,8 +807,8 @@ impl<T: ?Sized> NonNull<T> {
798807 #[ cfg_attr( miri, track_caller) ] // even without panics, this helps for Miri backtraces
799808 #[ stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
800809 #[ rustc_const_stable( feature = "non_null_convenience" , since = "1.80.0" ) ]
801- // TODO: add a require to check whether two pointer points to the same allocated object with `same_allocation`
802- #[ ensures(
810+ # [ kani :: requires ( kani :: mem :: same_allocation ( self . as_ptr ( ) as * const ( ) , origin . as_ptr ( ) as * const ( ) ) ) ]
811+ #[ kani :: ensures(
803812 |result: & isize |
804813 * result == ( self . as_ptr( ) as * const u8 ) . offset_from( origin. as_ptr( ) as * const u8 )
805814 ) ]
@@ -1837,7 +1846,6 @@ mod verify {
18371846 kani:: assume ( count < usize:: MAX ) ;
18381847 kani:: assume ( count. checked_mul ( mem:: size_of :: < i32 > ( ) ) . is_some ( ) ) ;
18391848 kani:: assume ( count * mem:: size_of :: < i32 > ( ) <= ( isize:: MAX as usize ) ) ;
1840- kani:: assume ( count < ARR_SIZE - offset) ;
18411849
18421850 unsafe {
18431851 let result = ptr. byte_add ( count) ;
@@ -1857,8 +1865,6 @@ mod verify {
18571865 kani:: assume ( count <= isize:: MAX ) ;
18581866 kani:: assume ( count. checked_mul ( mem:: size_of :: < i32 > ( ) as isize ) . is_some ( ) ) ;
18591867 kani:: assume ( count * ( mem:: size_of :: < i32 > ( ) as isize ) <= ( isize:: MAX as isize ) ) ;
1860- kani:: assume ( ( offset as isize + count) < ( ARR_SIZE as isize ) ) ;
1861-
18621868 unsafe {
18631869 let result = ptr. byte_offset ( count) ;
18641870 }
0 commit comments