Skip to content

Commit 8013417

Browse files
tautschnigtautschnig
committed
Try to use Invariant
1 parent 3cab463 commit 8013417

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

library/core/src/alloc/layout.rs

+10-5
Original file line numberDiff line numberDiff line change
@@ -166,7 +166,6 @@ impl Layout {
166166
without modifying the layout"]
167167
#[inline]
168168
#[rustc_allow_const_fn_unstable(ptr_alignment_type)]
169-
#[ensures(|result| result.is_power_of_two())]
170169
pub const fn align(&self) -> usize {
171170
self.align.as_usize()
172171
}
@@ -176,7 +175,6 @@ impl Layout {
176175
#[rustc_const_stable(feature = "alloc_layout_const_new", since = "1.42.0")]
177176
#[must_use]
178177
#[inline]
179-
#[requires(mem::align_of::<T>().is_power_of_two())]
180178
#[ensures(|result| result.size() == mem::size_of::<T>())]
181179
#[ensures(|result| result.align() == mem::align_of::<T>())]
182180
pub const fn new<T>() -> Self {
@@ -235,7 +233,8 @@ impl Layout {
235233
// TODO: we should try to capture the above constraints on T in a `requires` clause, and the
236234
// metadata helpers from https://github.com/model-checking/verify-rust-std/pull/37 may be able
237235
// to accomplish this.
238-
#[ensures(|result| result.align().is_power_of_two())]
236+
#[cfg_attr(not(kani), ensures(|result| result.align().is_power_of_two()))]
237+
#[cfg_attr(kani, ensures(|result| result.is_safe()))]
239238
pub const unsafe fn for_value_raw<T: ?Sized>(t: *const T) -> Self {
240239
// SAFETY: we pass along the prerequisites of these functions to the caller
241240
let (size, align) = unsafe { (mem::size_of_val_raw(t), mem::align_of_val_raw(t)) };
@@ -581,6 +580,12 @@ mod verify {
581580
}
582581
}
583582

583+
impl kani::Invariant for Layout {
584+
fn is_safe(&self) -> bool {
585+
self.align.as_usize().is_power_of_two()
586+
}
587+
}
588+
584589
// pub const fn from_size_align(size: usize, align: usize) -> Result<Self, LayoutError>
585590
#[kani::proof_for_contract(Layout::from_size_align)]
586591
pub fn check_from_size_align() {
@@ -612,10 +617,10 @@ mod verify {
612617
}
613618

614619
// pub const fn align(&self) -> usize
615-
#[kani::proof_for_contract(Layout::align)]
620+
#[kani::proof]
616621
pub fn check_align() {
617622
let layout = kani::any::<Layout>();
618-
let _ = layout.align();
623+
assert!(layout.align().is_power_of_two());
619624
}
620625

621626
// pub const fn new<T>() -> Self

0 commit comments

Comments
 (0)