@@ -502,6 +502,7 @@ impl Step for char {
502502 Some ( unsafe { char:: from_u32_unchecked ( res) } )
503503 }
504504
505+ #[ requires( ( start as u32 ) . checked_add( count as u32 ) . is_some( ) ) ]
505506 #[ inline]
506507 unsafe fn forward_unchecked ( start : char , count : usize ) -> char {
507508 let start = start as u32 ;
@@ -518,6 +519,7 @@ impl Step for char {
518519 unsafe { char:: from_u32_unchecked ( res) }
519520 }
520521
522+ #[ requires( ( start as u32 ) . checked_sub( count as u32 ) . is_some( ) ) ]
521523 #[ inline]
522524 unsafe fn backward_unchecked ( start : char , count : usize ) -> char {
523525 let start = start as u32 ;
@@ -556,6 +558,7 @@ impl Step for AsciiChar {
556558 Some ( unsafe { AsciiChar :: from_u8_unchecked ( end) } )
557559 }
558560
561+ #[ requires( ( start. to_u8( ) as u32 ) . checked_add( count as u32 ) . is_some( ) ) ]
559562 #[ inline]
560563 unsafe fn forward_unchecked ( start : AsciiChar , count : usize ) -> AsciiChar {
561564 // SAFETY: Caller asserts that result is a valid ASCII character,
@@ -566,6 +569,7 @@ impl Step for AsciiChar {
566569 unsafe { AsciiChar :: from_u8_unchecked ( end) }
567570 }
568571
572+ #[ requires( ( start. to_u8( ) as u32 ) . checked_sub( count as u32 ) . is_some( ) ) ]
569573 #[ inline]
570574 unsafe fn backward_unchecked ( start : AsciiChar , count : usize ) -> AsciiChar {
571575 // SAFETY: Caller asserts that result is a valid ASCII character,
@@ -594,13 +598,15 @@ impl Step for Ipv4Addr {
594598 u32:: backward_checked ( start. to_bits ( ) , count) . map ( Ipv4Addr :: from_bits)
595599 }
596600
601+ #[ requires( start. to_bits( ) . checked_add( count as u32 ) . is_some( ) ) ]
597602 #[ inline]
598603 unsafe fn forward_unchecked ( start : Ipv4Addr , count : usize ) -> Ipv4Addr {
599604 // SAFETY: Since u32 and Ipv4Addr are losslessly convertible,
600605 // this is as safe as the u32 version.
601606 Ipv4Addr :: from_bits ( unsafe { u32:: forward_unchecked ( start. to_bits ( ) , count) } )
602607 }
603608
609+ #[ requires( start. to_bits( ) . checked_sub( count as u32 ) . is_some( ) ) ]
604610 #[ inline]
605611 unsafe fn backward_unchecked ( start : Ipv4Addr , count : usize ) -> Ipv4Addr {
606612 // SAFETY: Since u32 and Ipv4Addr are losslessly convertible,
0 commit comments