@@ -68,11 +68,11 @@ impl [u8] {
6868 let mut a = self ;
6969 let mut b = other;
7070
71- #[ safety :: loop_invariant(
71+ #[ cfg_attr ( kani , kani :: loop_invariant(
7272 a. len( ) <= self . len( ) && b. len( ) <= other. len( ) &&
7373 ( a. len( ) == 0 || self . as_ptr( ) . wrapping_add( self . len( ) -a. len( ) ) == a. as_ptr( ) ) &&
7474 ( b. len( ) == 0 || other. as_ptr( ) . wrapping_add( other. len( ) -b. len( ) ) == b. as_ptr( ) )
75- ) ]
75+ ) ) ]
7676 while let ( [ first_a, rest_a @ ..] , [ first_b, rest_b @ ..] ) = ( a, b) {
7777 if first_a. eq_ignore_ascii_case ( & first_b) {
7878 a = rest_a;
@@ -165,10 +165,10 @@ impl [u8] {
165165 let mut bytes = self ;
166166 // Note: A pattern matching based approach (instead of indexing) allows
167167 // making the function const.
168- #[ safety :: loop_invariant(
168+ #[ cfg_attr ( kani , kani :: loop_invariant(
169169 bytes. len( ) <= self . len( ) &&
170170 ( bytes. len( ) == 0 || self . as_ptr( ) . wrapping_add( self . len( ) -bytes. len( ) ) == bytes. as_ptr( ) )
171- ) ]
171+ ) ) ]
172172 while let [ first, rest @ ..] = bytes {
173173 if first. is_ascii_whitespace ( ) {
174174 bytes = rest;
@@ -198,10 +198,10 @@ impl [u8] {
198198 let mut bytes = self ;
199199 // Note: A pattern matching based approach (instead of indexing) allows
200200 // making the function const.
201- #[ safety :: loop_invariant(
201+ #[ cfg_attr ( kani , kani :: loop_invariant(
202202 bytes. len( ) <= self . len( ) &&
203203 ( bytes. len( ) == 0 || self . as_ptr( ) == bytes. as_ptr( ) )
204- ) ]
204+ ) ) ]
205205 while let [ rest @ .., last] = bytes {
206206 if last. is_ascii_whitespace ( ) {
207207 bytes = rest;
@@ -353,10 +353,10 @@ impl<'a> fmt::Debug for EscapeAscii<'a> {
353353pub const fn is_ascii_simple ( mut bytes : & [ u8 ] ) -> bool {
354354 #[ cfg( kani) ]
355355 let on_entry_bytes = bytes;
356- #[ safety :: loop_invariant(
356+ #[ cfg_attr ( kani , kani :: loop_invariant(
357357 bytes. len( ) <= on_entry_bytes. len( ) &&
358358 ( bytes. len( ) == 0 || bytes. as_ptr( ) == on_entry_bytes. as_ptr( ) )
359- ) ]
359+ ) ) ]
360360 while let [ rest @ .., last] = bytes {
361361 if !last. is_ascii ( ) {
362362 break ;
@@ -445,10 +445,10 @@ const fn is_ascii(s: &[u8]) -> bool {
445445 // Read subsequent words until the last aligned word, excluding the last
446446 // aligned word by itself to be done in tail check later, to ensure that
447447 // tail is always one `usize` at most to extra branch `byte_pos == len`.
448- #[ safety :: loop_invariant( byte_pos <= len
448+ #[ cfg_attr ( kani , kani :: loop_invariant( byte_pos <= len
449449 && byte_pos >= offset_to_aligned
450450 && word_ptr. addr( ) >= start. addr( ) + offset_to_aligned
451- && byte_pos == word_ptr. addr( ) - start. addr( ) ) ]
451+ && byte_pos == word_ptr. addr( ) - start. addr( ) ) ) ]
452452 while byte_pos < len - USIZE_SIZE {
453453 // Sanity check that the read is in bounds
454454 debug_assert!( byte_pos + USIZE_SIZE <= len) ;
@@ -496,7 +496,7 @@ const fn is_ascii(bytes: &[u8]) -> bool {
496496
497497 let mut i = 0 ;
498498
499- #[ safety :: loop_invariant( i <= bytes. len( ) ) ]
499+ #[ cfg_attr ( kani , kani :: loop_invariant( i <= bytes. len( ) ) ) ]
500500 while i + CHUNK_SIZE <= bytes. len ( ) {
501501 let chunk_end = i + CHUNK_SIZE ;
502502
@@ -505,7 +505,7 @@ const fn is_ascii(bytes: &[u8]) -> bool {
505505 // ASCII bytes are less than 128 (0x80), so their most significant
506506 // bit is unset.
507507 let mut count = 0 ;
508- #[ safety :: loop_invariant( i <= chunk_end && chunk_end - i <= CHUNK_SIZE && i - ( chunk_end - CHUNK_SIZE ) >= count as usize ) ]
508+ #[ cfg_attr ( kani , kani :: loop_invariant( i <= chunk_end && chunk_end - i <= CHUNK_SIZE && i - ( chunk_end - CHUNK_SIZE ) >= count as usize ) ) ]
509509 while i < chunk_end {
510510 count += bytes[ i] . is_ascii ( ) as u8 ;
511511 i += 1 ;
@@ -519,7 +519,7 @@ const fn is_ascii(bytes: &[u8]) -> bool {
519519
520520 // Process the remaining `bytes.len() % N` bytes.
521521 let mut is_ascii = true ;
522- #[ safety :: loop_invariant( i <= bytes. len( ) ) ]
522+ #[ cfg_attr ( kani , kani :: loop_invariant( i <= bytes. len( ) ) ) ]
523523 while i < bytes. len ( ) {
524524 is_ascii &= bytes[ i] . is_ascii ( ) ;
525525 i += 1 ;
0 commit comments