|
1 | 1 | // Original implementation taken from rust-memchr. |
2 | 2 | // Copyright 2015 Andrew Gallant, bluss and Nicolas Koch |
3 | 3 |
|
4 | | -use crate::intrinsics::const_eval_select; |
5 | 4 | #[cfg(kani)] |
6 | 5 | use crate::forall; |
| 6 | +use crate::intrinsics::const_eval_select; |
7 | 7 | #[cfg(kani)] |
8 | 8 | use crate::kani; |
9 | 9 |
|
@@ -40,7 +40,7 @@ const fn memchr_naive(x: u8, text: &[u8]) -> Option<usize> { |
40 | 40 | let mut i = 0; |
41 | 41 |
|
42 | 42 | // FIXME(const-hack): Replace with `text.iter().pos(|c| *c == x)`. |
43 | | - #[kani::loop_invariant(i <= text.len() && forall!(|j in (0,i)| unsafe {*text.as_ptr().wrapping_add(j)} != x))] |
| 43 | + #[cfg_attr(kani, kani::loop_invariant(i <= text.len() && forall!(|j in (0,i)| unsafe {*text.as_ptr().wrapping_add(j)} != x)))] |
44 | 44 | while i < text.len() { |
45 | 45 | if text[i] == x { |
46 | 46 | return Some(i); |
@@ -83,8 +83,8 @@ const fn memchr_aligned(x: u8, text: &[u8]) -> Option<usize> { |
83 | 83 |
|
84 | 84 | // search the body of the text |
85 | 85 | let repeated_x = usize::repeat_u8(x); |
86 | | - #[kani::loop_invariant(len >= 2 * USIZE_BYTES && offset <= len && |
87 | | - forall!(|j in (0,offset)| unsafe {*text.as_ptr().wrapping_add(j)} != x))] |
| 86 | + #[cfg_attr(kani, kani::loop_invariant(len >= 2 * USIZE_BYTES && offset <= len && |
| 87 | + forall!(|j in (0,offset)| unsafe {*text.as_ptr().wrapping_add(j)} != x)))] |
88 | 88 | while offset <= len - 2 * USIZE_BYTES { |
89 | 89 | // SAFETY: the while's predicate guarantees a distance of at least 2 * usize_bytes |
90 | 90 | // between the offset and the end of the slice. |
@@ -146,7 +146,7 @@ pub fn memrchr(x: u8, text: &[u8]) -> Option<usize> { |
146 | 146 | let repeated_x = usize::repeat_u8(x); |
147 | 147 | let chunk_bytes = size_of::<Chunk>(); |
148 | 148 |
|
149 | | - #[kani::loop_invariant(true)] |
| 149 | + #[cfg_attr(kani, kani::loop_invariant(true))] |
150 | 150 | while offset > min_aligned_offset { |
151 | 151 | // SAFETY: offset starts at len - suffix.len(), as long as it is greater than |
152 | 152 | // min_aligned_offset (prefix.len()) the remaining distance is at least 2 * chunk_bytes. |
|
0 commit comments