Add contracts for all functions in Alignment

Uses the contracts syntax introduced in #128045.

Author: tautschnig

library/core/src/lib.rs

@@ -108,6 +108,7 @@
 //
 // Library features:
 // tidy-alphabetical-start
+#![cfg_attr(not(bootstrap), feature(contracts))]
 #![feature(array_ptr_get)]
 #![feature(asm_experimental_arch)]
 #![feature(bigint_helper_methods)]

library/core/src/ptr/alignment.rs

@@ -43,6 +43,10 @@ impl Alignment {
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
     #[must_use]
+    #[cfg_attr(not(bootstrap), core::contracts::requires(
+            mem::align_of::<T>().is_power_of_two()))]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &Alignment| result.as_usize().is_power_of_two()))]
     pub const fn of<T>() -> Self {
         // This can't actually panic since type alignment is always a power of two.
         const { Alignment::new(mem::align_of::<T>()).unwrap() }
@@ -54,6 +58,9 @@ impl Alignment {
     /// Note that `0` is not a power of two, nor a valid alignment.
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &Option<Alignment>| align.is_power_of_two() == result.is_some() &&
+            (result.is_none() || result.unwrap().as_usize() == align)))]
     pub const fn new(align: usize) -> Option<Self> {
         if align.is_power_of_two() {
             // SAFETY: Just checked it only has one bit set
@@ -73,6 +80,10 @@ impl Alignment {
     /// It must *not* be zero.
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::requires(align > 0 && (align & (align - 1)) == 0))]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &Alignment| result.as_usize() == align &&
+            result.as_usize().is_power_of_two()))]
     pub const unsafe fn new_unchecked(align: usize) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
@@ -88,13 +99,18 @@ impl Alignment {
     /// Returns the alignment as a [`usize`].
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &usize| result.is_power_of_two()))]
     pub const fn as_usize(self) -> usize {
         self.0 as usize
     }
 
     /// Returns the alignment as a <code>[NonZero]<[usize]></code>.
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &NonZero<usize>| result.get().is_power_of_two() &&
+            result.get() == self.as_usize()))]
     pub const fn as_nonzero(self) -> NonZero<usize> {
         // This transmutes directly to avoid the UbCheck in `NonZero::new_unchecked`
         // since there's no way for the user to trip that check anyway -- the
@@ -120,6 +136,10 @@ impl Alignment {
     /// ```
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::requires(self.as_usize().is_power_of_two()))]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &u32| (*result as usize) < mem::size_of::<usize>() * 8 &&
+            (1usize << *result) == self.as_usize()))]
     pub const fn log2(self) -> u32 {
         self.as_nonzero().trailing_zeros()
     }
@@ -149,6 +169,10 @@ impl Alignment {
     /// ```
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[cfg_attr(not(bootstrap), core::contracts::ensures(
+            |result: &usize| *result > 0 &&
+            *result == !(self.as_usize() -1) &&
+            self.as_usize() & *result == self.as_usize()))]
     pub const fn mask(self) -> usize {
         // SAFETY: The alignment is always nonzero, and therefore decrementing won't overflow.
         !(unsafe { self.as_usize().unchecked_sub(1) })