small fixes

AlexLB99 · AlexLB99 · commit 036b50455982 · 2024-11-29T17:30:33.000-05:00
diff --git a/library/core/src/intrinsics.rs b/library/core/src/intrinsics.rs
@@ -3756,11 +3756,10 @@ pub(crate) const fn miri_promise_symbolic_alignment(ptr: *const (), align: usize
     const_eval_select((ptr, align), compiletime, runtime);
 }
 
-use crate::any;
 #[requires(crate::mem::size_of::<T>() >= crate::mem::size_of::<U>())] //U cannot be larger than T
 #[ensures(|ret: &U| (ret as *const U as usize) % crate::mem::align_of::<U>() == 0)] //check that the output has expected alignment
 pub unsafe fn transmute_unchecked_wrapper<T,U>(input: T) -> U {    
-    transmute_unchecked(input)
+    unsafe { transmute_unchecked(input) }
 }
 
 //This requires means [output is char implies input is valid unicode value]
@@ -3770,7 +3769,7 @@ pub unsafe fn transmute_unchecked_from_u32<T,U>(input: T) -> U
 where
     T: crate::ops::BitAnd<Output = T> + PartialEq + From<u32> + Copy + PartialOrd,
 {
-    transmute_unchecked(input)
+    unsafe { transmute_unchecked(input) }
 }
 
 //This requires means [output is bool implies input is 0 or 1]
@@ -3780,7 +3779,7 @@ pub unsafe fn transmute_unchecked_from_u8<T,U>(input: T) -> U
 where
     T: crate::ops::BitAnd<Output = T> + PartialEq + From<u8> + Copy + PartialOrd,
 {
-    transmute_unchecked(input)
+    unsafe { transmute_unchecked(input) }
 }
 
 #[cfg(kani)]
@@ -3842,9 +3841,8 @@ mod verify {
         assert!((c as u32 <= 0xD7FF) || (c as u32 >= 0xE000 && c as u32 <= 0x10FFFF))
     }
 
-    //Note: this doesn't actually panic, because violating char's
-    //type invariants is not something that transmute checks for
     #[kani::proof]
+    #[kani::stub_verified(transmute_unchecked_from_u32)]
     #[kani::should_panic]
     fn transmute_invalid_u32_to_char() {
         let num: u32 = kani::any();
@@ -3860,9 +3858,8 @@ mod verify {
         assert!(b == (num == 1));
     }
 
-    //Note: this doesn't actually panic, because violating bool's
-    //type invariants is not something that transmute checks for.
     #[kani::proof]
+    #[kani::stub_verified(transmute_unchecked_from_u8)]
     #[kani::should_panic]
     fn transmute_invalid_u8_to_bool() {
         let num: u8 = kani::any();

Original file line number	Diff line number	Diff line change
`@@ -3756,11 +3756,10 @@ pub(crate) const fn miri_promise_symbolic_alignment(ptr: *const (), align: usize`
`3756`	`3756`	`const_eval_select((ptr, align), compiletime, runtime);`
`3757`	`3757`	`}`
`3758`	`3758`
`3759`		`-use crate::any;`
`3760`	`3759`	`#[requires(crate::mem::size_of::<T>() >= crate::mem::size_of::<U>())] //U cannot be larger than T`
`3761`	`3760`	`#[ensures(\|ret: &U\| (ret as *const U as usize) % crate::mem::align_of::<U>() == 0)] //check that the output has expected alignment`
`3762`	`3761`	`pub unsafe fn transmute_unchecked_wrapper<T,U>(input: T) -> U {`
`3763`		`- transmute_unchecked(input)`
	`3762`	`+ unsafe { transmute_unchecked(input) }`
`3764`	`3763`	`}`
`3765`	`3764`
`3766`	`3765`	`//This requires means [output is char implies input is valid unicode value]`
`@@ -3770,7 +3769,7 @@ pub unsafe fn transmute_unchecked_from_u32<T,U>(input: T) -> U`
`3770`	`3769`	`where`
`3771`	`3770`	`T: crate::ops::BitAnd<Output = T> + PartialEq + From<u32> + Copy + PartialOrd,`
`3772`	`3771`	`{`
`3773`		`- transmute_unchecked(input)`
	`3772`	`+ unsafe { transmute_unchecked(input) }`
`3774`	`3773`	`}`
`3775`	`3774`
`3776`	`3775`	`//This requires means [output is bool implies input is 0 or 1]`
`@@ -3780,7 +3779,7 @@ pub unsafe fn transmute_unchecked_from_u8<T,U>(input: T) -> U`
`3780`	`3779`	`where`
`3781`	`3780`	`T: crate::ops::BitAnd<Output = T> + PartialEq + From<u8> + Copy + PartialOrd,`
`3782`	`3781`	`{`
`3783`		`- transmute_unchecked(input)`
	`3782`	`+ unsafe { transmute_unchecked(input) }`
`3784`	`3783`	`}`
`3785`	`3784`
`3786`	`3785`	`#[cfg(kani)]`
`@@ -3842,9 +3841,8 @@ mod verify {`
`3842`	`3841`	`assert!((c as u32 <= 0xD7FF) \|\| (c as u32 >= 0xE000 && c as u32 <= 0x10FFFF))`
`3843`	`3842`	`}`
`3844`	`3843`
`3845`		`- //Note: this doesn't actually panic, because violating char's`
`3846`		`- //type invariants is not something that transmute checks for`
`3847`	`3844`	`#[kani::proof]`
	`3845`	`+ #[kani::stub_verified(transmute_unchecked_from_u32)]`
`3848`	`3846`	`#[kani::should_panic]`
`3849`	`3847`	`fn transmute_invalid_u32_to_char() {`
`3850`	`3848`	`let num: u32 = kani::any();`
`@@ -3860,9 +3858,8 @@ mod verify {`
`3860`	`3858`	`assert!(b == (num == 1));`
`3861`	`3859`	`}`
`3862`	`3860`
`3863`		`- //Note: this doesn't actually panic, because violating bool's`
`3864`		`- //type invariants is not something that transmute checks for.`
`3865`	`3861`	`#[kani::proof]`
	`3862`	`+ #[kani::stub_verified(transmute_unchecked_from_u8)]`
`3866`	`3863`	`#[kani::should_panic]`
`3867`	`3864`	`fn transmute_invalid_u8_to_bool() {`
`3868`	`3865`	`let num: u8 = kani::any();`