Add contracts for all functions in Alignment

Uses the contracts syntax introduced in rust-lang#128045.

Author: tautschnig

library/core/src/lib.rs

@@ -106,6 +106,7 @@
 #![feature(const_cmp)]
 #![feature(const_destruct)]
 #![feature(const_eval_select)]
+#![feature(contracts)]
 #![feature(core_intrinsics)]
 #![feature(coverage_attribute)]
 #![feature(disjoint_bitor)]

library/core/src/mem/mod.rs

@@ -506,6 +506,8 @@ pub const fn align_of<T>() -> usize {
 #[must_use]
 #[stable(feature = "rust1", since = "1.0.0")]
 #[rustc_const_stable(feature = "const_align_of_val", since = "1.85.0")]
+#[rustc_allow_const_fn_unstable(contracts)]
+#[core::contracts::ensures(|result: &usize| result.is_power_of_two())]
 pub const fn align_of_val<T: ?Sized>(val: &T) -> usize {
     // SAFETY: val is a reference, so it's a valid raw pointer
     unsafe { intrinsics::align_of_val(val) }

library/core/src/ptr/alignment.rs

@@ -45,6 +45,8 @@ impl Alignment {
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
     #[must_use]
+    #[rustc_allow_const_fn_unstable(contracts)]
+    #[core::contracts::ensures(|result: &Alignment| result.as_usize().is_power_of_two())]
     pub const fn of<T>() -> Self {
         // This can't actually panic since type alignment is always a power of two.
         const { Alignment::new(align_of::<T>()).unwrap() }
@@ -56,6 +58,11 @@ impl Alignment {
     /// Note that `0` is not a power of two, nor a valid alignment.
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[rustc_allow_const_fn_unstable(contracts)]
+    #[core::contracts::ensures(
+        move |result: &Option<Alignment>|
+        align.is_power_of_two() == result.is_some() &&
+        (result.is_none() || result.unwrap().as_usize() == align))]
     pub const fn new(align: usize) -> Option<Self> {
         if align.is_power_of_two() {
             // SAFETY: Just checked it only has one bit set
@@ -76,6 +83,12 @@ impl Alignment {
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
     #[track_caller]
+    #[rustc_allow_const_fn_unstable(contracts)]
+    #[allow(unused_parens)]
+    #[core::contracts::requires(align.is_power_of_two())]
+    #[core::contracts::ensures(
+        move |result: &Alignment|
+        result.as_usize() == align && result.as_usize().is_power_of_two())]
     pub const unsafe fn new_unchecked(align: usize) -> Self {
         assert_unsafe_precondition!(
             check_language_ub,
@@ -91,13 +104,19 @@ impl Alignment {
     /// Returns the alignment as a [`usize`].
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[rustc_allow_const_fn_unstable(contracts)]
+    #[core::contracts::ensures(|result: &usize| result.is_power_of_two())]
     pub const fn as_usize(self) -> usize {
         self.0 as usize
     }
 
     /// Returns the alignment as a <code>[NonZero]<[usize]></code>.
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[rustc_allow_const_fn_unstable(contracts)]
+    #[core::contracts::ensures(
+        move |result: &NonZero<usize>|
+        result.get().is_power_of_two() && result.get() == self.as_usize())]
     pub const fn as_nonzero(self) -> NonZero<usize> {
         // This transmutes directly to avoid the UbCheck in `NonZero::new_unchecked`
         // since there's no way for the user to trip that check anyway -- the
@@ -123,6 +142,12 @@ impl Alignment {
     /// ```
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[rustc_const_unstable(feature = "contracts", issue = "128044")]
+    #[allow(unused_parens)]
+    #[core::contracts::requires(self.as_usize().is_power_of_two())]
+    #[core::contracts::ensures(
+        move |result: &u32|
+        *result < usize::BITS && (1usize << *result) == self.as_usize())]
     pub const fn log2(self) -> u32 {
         self.as_nonzero().trailing_zeros()
     }
@@ -152,6 +177,11 @@ impl Alignment {
     /// ```
     #[unstable(feature = "ptr_alignment_type", issue = "102070")]
     #[inline]
+    #[rustc_const_unstable(feature = "contracts", issue = "128044")]
+    #[core::contracts::ensures(
+        move |result: &usize|
+        *result > 0 && *result == !(self.as_usize() -1) &&
+        self.as_usize() & *result == self.as_usize())]
     pub const fn mask(self) -> usize {
         // SAFETY: The alignment is always nonzero, and therefore decrementing won't overflow.
         !(unsafe { self.as_usize().unchecked_sub(1) })