fixed formatting

AlexLB99 · AlexLB99 · commit ab94cc1d5c3f · 2025-06-18T17:43:03.000-04:00
diff --git a/library/core/src/slice/mod.rs b/library/core/src/slice/mod.rs
@@ -6,19 +6,19 @@
 
 #![stable(feature = "rust1", since = "1.0.0")]
 
+use safety::{ensures, requires};
+
 use crate::cmp::Ordering::{self, Equal, Greater, Less};
 use crate::intrinsics::{exact_div, unchecked_sub};
+#[cfg(kani)]
+use crate::kani;
 use crate::mem::{self, MaybeUninit, SizedTypeProperties};
 use crate::num::NonZero;
 use crate::ops::{OneSidedRange, OneSidedRangeBound, Range, RangeBounds, RangeInclusive};
 use crate::panic::const_panic;
 use crate::simd::{self, Simd};
 use crate::ub_checks::assert_unsafe_precondition;
-use crate::{fmt, hint, ptr, range, slice, ub_checks};
-
-use safety::{ensures, requires};
-#[cfg(kani)]
-use crate::kani;
+use crate::{fmt, hint, ptr, range, slice};
 
 #[unstable(
     feature = "slice_internals",
@@ -5346,46 +5346,14 @@ mod verify {
             mod $mod_name {
                 use super::*;
 
-                proof_of_contract_for_align_to!(
-                    align_to_u8,
-                    $src_type,
-                    u8
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_u16,
-                    $src_type,
-                    u16
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_u32,
-                    $src_type,
-                    u32
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_u64,
-                    $src_type,
-                    u64
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_u128,
-                    $src_type,
-                    u128
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_bool,
-                    $src_type,
-                    bool
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_char,
-                    $src_type,
-                    char
-                );
-                proof_of_contract_for_align_to!(
-                    align_to_unit,
-                    $src_type,
-                    ()
-                );
+                proof_of_contract_for_align_to!(align_to_u8, $src_type, u8);
+                proof_of_contract_for_align_to!(align_to_u16, $src_type, u16);
+                proof_of_contract_for_align_to!(align_to_u32, $src_type, u32);
+                proof_of_contract_for_align_to!(align_to_u64, $src_type, u64);
+                proof_of_contract_for_align_to!(align_to_u128, $src_type, u128);
+                proof_of_contract_for_align_to!(align_to_bool, $src_type, bool);
+                proof_of_contract_for_align_to!(align_to_char, $src_type, char);
+                proof_of_contract_for_align_to!(align_to_unit, $src_type, ());
             }
         };
     }
@@ -5405,40 +5373,39 @@ mod verify {
 
     //We write this as an impl so that we can refer to "self"
     impl<T> wrap_align_to_mut<T> for [T] {
-		//We need the following wrapper because it is not currently possible to write
-		//contracts for functions that return mut refs to input arguments
-		//see https://github.com/model-checking/kani/issues/3764
-		//----------------------------
-		//Checks if the part that will be transmuted from type T to U is valid for type U
-		//reuses most function logic up to use of from_raw_parts,
-		//where the potentially unsafe transmute occurs
-		#[requires(
-			U::IS_ZST || T::IS_ZST || {
-				let ptr = self.as_ptr();
-				let offset = crate::ptr::align_offset(ptr, align_of::<U>());
-				offset > self.len() || {
-					let (_, rest) = self.split_at(offset);
-					let (us_len, _) = rest.align_to_offsets::<U>();
-					let middle = crate::ptr::slice_from_raw_parts(rest.as_ptr() as *const U, us_len
-	);
-					ub_checks::can_dereference(middle)
-				}
-			}
-		)]
-		//The following two ensures clauses guarantee that middle is of maximum size within self
-		#[ensures(|(prefix, _, _): &(*const [T], *const [U], *const [T])| prefix.len() * size_of::<T>() < align_of::<U>())]
-		#[ensures(|(_, _, suffix): &(*const [T], *const [U], *const [T])| suffix.len() * size_of::<T>() < size_of::<U>())]
-		//Either align_to just returns self in the prefix, or the 3 returned slices
-		//should be sequential, contiguous, and have same total length as self
-		#[ensures(|(prefix, middle, suffix): &(*const [T], *const [U], *const [T])|
-			prefix.as_ptr() == self.as_ptr() &&
-			(prefix.len() == self.len() ||  (
-				((prefix.as_ptr()).add(prefix.len()) as *const u8 == middle.as_ptr() as *const u8) &&
-				((middle.as_ptr()).add(middle.len()) as *const u8 == suffix.as_ptr() as *const u8) &&
-				((suffix.as_ptr()).add(suffix.len()) == (self.as_ptr()).add(self.len())) )
-			)
-		)]
-		unsafe fn align_to_mut_wrapper<U>(&mut self) -> (*const [T], *const [U], *const [T]) {
+        //We need the following wrapper because it is not currently possible to write
+        //contracts for functions that return mut refs to input arguments
+        //see https://github.com/model-checking/kani/issues/3764
+        //----------------------------
+        //Checks if the part that will be transmuted from type T to U is valid for type U
+        //reuses most function logic up to use of from_raw_parts,
+        //where the potentially unsafe transmute occurs
+        #[requires(
+            U::IS_ZST || T::IS_ZST || {
+                let ptr = self.as_ptr();
+                let offset = crate::ptr::align_offset(ptr, align_of::<U>());
+                offset > self.len() || {
+                    let (_, rest) = self.split_at(offset);
+                    let (us_len, _) = rest.align_to_offsets::<U>();
+                    let middle = crate::ptr::slice_from_raw_parts(rest.as_ptr() as *const U, us_len);
+                    ub_checks::can_dereference(middle)
+                }
+            }
+        )]
+        //The following two ensures clauses guarantee that middle is of maximum size within self
+        #[ensures(|(prefix, _, _): &(*const [T], *const [U], *const [T])| prefix.len() * size_of::<T>() < align_of::<U>())]
+        #[ensures(|(_, _, suffix): &(*const [T], *const [U], *const [T])| suffix.len() * size_of::<T>() < size_of::<U>())]
+        //Either align_to just returns self in the prefix, or the 3 returned slices
+        //should be sequential, contiguous, and have same total length as self
+        #[ensures(|(prefix, middle, suffix): &(*const [T], *const [U], *const [T])|
+            prefix.as_ptr() == self.as_ptr() &&
+            (prefix.len() == self.len() ||  (
+                ((prefix.as_ptr()).add(prefix.len()) as *const u8 == middle.as_ptr() as *const u8) &&
+                ((middle.as_ptr()).add(middle.len()) as *const u8 == suffix.as_ptr() as *const u8) &&
+                ((suffix.as_ptr()).add(suffix.len()) == (self.as_ptr()).add(self.len())) )
+            )
+        )]
+        unsafe fn align_to_mut_wrapper<U>(&mut self) -> (*const [T], *const [U], *const [T]) {
             let (prefix_mut, mid_mut, suffix_mut) = self.align_to_mut::<U>();
             (prefix_mut as *const [T], mid_mut as *const [U], suffix_mut as *const [T])
         }
@@ -5461,46 +5428,14 @@ mod verify {
             mod $mod_name {
                 use super::*;
 
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_u8,
-                    $src_type,
-                    u8
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_u16,
-                    $src_type,
-                    u16
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_u32,
-                    $src_type,
-                    u32
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_u64,
-                    $src_type,
-                    u64
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_u128,
-                    $src_type,
-                    u128
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_bool,
-                    $src_type,
-                    bool
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_char,
-                    $src_type,
-                    char
-                );
-                proof_of_contract_for_align_to_mut!(
-                    align_to_mut_unit,
-                    $src_type,
-                    ()
-                );
+                proof_of_contract_for_align_to_mut!(align_to_mut_u8, $src_type, u8);
+                proof_of_contract_for_align_to_mut!(align_to_mut_u16, $src_type, u16);
+                proof_of_contract_for_align_to_mut!(align_to_mut_u32, $src_type, u32);
+                proof_of_contract_for_align_to_mut!(align_to_mut_u64, $src_type, u64);
+                proof_of_contract_for_align_to_mut!(align_to_mut_u128, $src_type, u128);
+                proof_of_contract_for_align_to_mut!(align_to_mut_bool, $src_type, bool);
+                proof_of_contract_for_align_to_mut!(align_to_mut_char, $src_type, char);
+                proof_of_contract_for_align_to_mut!(align_to_mut_unit, $src_type, ());
             }
         };
     }
