|
4 | 4 | // collections, resulting in having to optimize down excess IR multiple times. |
5 | 5 | // Your performance intuition is useless. Run perf. |
6 | 6 |
|
| 7 | +use safety::requires; |
7 | 8 | use crate::cmp; |
8 | 9 | use crate::error::Error; |
9 | 10 | use crate::fmt; |
10 | 11 | use crate::mem; |
11 | 12 | use crate::ptr::{Alignment, NonNull}; |
12 | 13 |
|
| 14 | +#[cfg(kani)] |
| 15 | +use crate::kani; |
| 16 | + |
13 | 17 | // While this function is used in one place and its implementation |
14 | 18 | // could be inlined, the previous attempts to do so made rustc |
15 | 19 | // slower: |
@@ -117,6 +121,7 @@ impl Layout { |
117 | 121 | #[must_use] |
118 | 122 | #[inline] |
119 | 123 | #[rustc_allow_const_fn_unstable(ptr_alignment_type)] |
| 124 | + #[requires(Layout::from_size_align(size, align).is_ok())] |
120 | 125 | pub const unsafe fn from_size_align_unchecked(size: usize, align: usize) -> Self { |
121 | 126 | // SAFETY: the caller is required to uphold the preconditions. |
122 | 127 | unsafe { Layout { size, align: Alignment::new_unchecked(align) } } |
@@ -492,3 +497,21 @@ impl fmt::Display for LayoutError { |
492 | 497 | f.write_str("invalid parameters to Layout::from_size_align") |
493 | 498 | } |
494 | 499 | } |
| 500 | + |
| 501 | +#[cfg(kani)] |
| 502 | +#[unstable(feature="kani", issue="none")] |
| 503 | +mod verify { |
| 504 | + use super::*; |
| 505 | + |
| 506 | + #[kani::proof_for_contract(Layout::from_size_align_unchecked)] |
| 507 | + pub fn check_from_size_align_unchecked() { |
| 508 | + let s = kani::any::<usize>(); |
| 509 | + let a = kani::any::<usize>(); |
| 510 | + |
| 511 | + unsafe { |
| 512 | + let layout = Layout::from_size_align_unchecked(s, a); |
| 513 | + assert_eq!(layout.size(), s); |
| 514 | + assert_eq!(layout.align(), a); |
| 515 | + } |
| 516 | + } |
| 517 | +} |
0 commit comments