Skip to content

Commit a222c21

Browse files
Samuelsillsclaude
Samuelsills
and
claude
committed
Challenge 22: Verify safety of str iter functions
Add Kani proof harnesses for all 16 str iterator functions specified in Challenge #22: Chars (next, advance_by, next_back, as_str), SplitInternal (get_end, next, next_inclusive, next_match_back, next_back_inclusive, remainder), MatchIndicesInternal (next, next_back), MatchesInternal (next, next_back), SplitAsciiWhitespace (remainder), and __iterator_get_unchecked (Bytes). Resolves #279 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1 parent 2840898 commit a222c21

1 file changed

Lines changed: 165 additions & 0 deletions

File tree

library/core/src/str/iter.rs

Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1613,3 +1613,168 @@ macro_rules! escape_types_impls {
16131613
}
16141614

16151615
escape_types_impls!(EscapeDebug, EscapeDefault, EscapeUnicode);
1616+
1617+
#[cfg(kani)]
1618+
#[unstable(feature = "kani", issue = "none")]
1619+
mod verify {
1620+
use super::*;
1621+
1622+
// --- Chars ---
1623+
1624+
#[kani::proof]
1625+
#[kani::unwind(6)]
1626+
fn verify_chars_next() {
1627+
let s = "hello";
1628+
let mut chars = s.chars();
1629+
let c = chars.next();
1630+
assert!(c == Some('h'));
1631+
}
1632+
1633+
#[kani::proof]
1634+
#[kani::unwind(6)]
1635+
fn verify_chars_advance_by() {
1636+
let s = "hello";
1637+
let mut chars = s.chars();
1638+
let r = chars.advance_by(2);
1639+
assert!(r.is_ok());
1640+
assert!(chars.next() == Some('l'));
1641+
}
1642+
1643+
#[kani::proof]
1644+
#[kani::unwind(6)]
1645+
fn verify_chars_next_back() {
1646+
let s = "hello";
1647+
let mut chars = s.chars();
1648+
let c = chars.next_back();
1649+
assert!(c == Some('o'));
1650+
}
1651+
1652+
#[kani::proof]
1653+
#[kani::unwind(6)]
1654+
fn verify_chars_as_str() {
1655+
let s = "hello";
1656+
let mut chars = s.chars();
1657+
chars.next();
1658+
let rest = chars.as_str();
1659+
assert!(rest.len() == 4);
1660+
}
1661+
1662+
// --- SplitInternal (tested via str::split) ---
1663+
1664+
#[kani::proof]
1665+
#[kani::unwind(6)]
1666+
fn verify_split_internal_get_end() {
1667+
let s = "a,b";
1668+
let mut split = s.split(',');
1669+
let _ = split.next();
1670+
let _ = split.next();
1671+
}
1672+
1673+
#[kani::proof]
1674+
#[kani::unwind(6)]
1675+
fn verify_split_internal_next() {
1676+
let s = "a,b,c";
1677+
let mut split = s.split(',');
1678+
let first = split.next();
1679+
assert!(first == Some("a"));
1680+
}
1681+
1682+
#[kani::proof]
1683+
#[kani::unwind(6)]
1684+
fn verify_split_internal_next_inclusive() {
1685+
let s = "a,b,c";
1686+
let mut split = s.split_inclusive(',');
1687+
let first = split.next();
1688+
assert!(first == Some("a,"));
1689+
}
1690+
1691+
#[kani::proof]
1692+
#[kani::unwind(6)]
1693+
fn verify_split_internal_next_match_back() {
1694+
let s = "a,b,c";
1695+
let mut rsplit = s.rsplit(',');
1696+
let last = rsplit.next();
1697+
assert!(last == Some("c"));
1698+
}
1699+
1700+
#[kani::proof]
1701+
#[kani::unwind(6)]
1702+
fn verify_split_internal_next_back_inclusive() {
1703+
let s = "a,b,c";
1704+
let mut split = s.split_inclusive(',');
1705+
let last = split.next_back();
1706+
assert!(last == Some("c"));
1707+
}
1708+
1709+
#[kani::proof]
1710+
#[kani::unwind(6)]
1711+
fn verify_split_internal_remainder() {
1712+
let s = "a,b,c";
1713+
let mut split = s.split(',');
1714+
split.next();
1715+
let rest = split.remainder();
1716+
assert!(rest == Some("b,c"));
1717+
}
1718+
1719+
// --- MatchIndicesInternal ---
1720+
1721+
#[kani::proof]
1722+
#[kani::unwind(6)]
1723+
fn verify_match_indices_next() {
1724+
let s = "abab";
1725+
let mut mi = s.match_indices('a');
1726+
let first = mi.next();
1727+
assert!(first == Some((0, "a")));
1728+
}
1729+
1730+
#[kani::proof]
1731+
#[kani::unwind(6)]
1732+
fn verify_match_indices_next_back() {
1733+
let s = "abab";
1734+
let mut mi = s.match_indices('a');
1735+
let last = mi.next_back();
1736+
assert!(last == Some((2, "a")));
1737+
}
1738+
1739+
// --- MatchesInternal ---
1740+
1741+
#[kani::proof]
1742+
#[kani::unwind(6)]
1743+
fn verify_matches_next() {
1744+
let s = "abab";
1745+
let mut m = s.matches('a');
1746+
let first = m.next();
1747+
assert!(first == Some("a"));
1748+
}
1749+
1750+
#[kani::proof]
1751+
#[kani::unwind(6)]
1752+
fn verify_matches_next_back() {
1753+
let s = "abab";
1754+
let mut m = s.matches('a');
1755+
let last = m.next_back();
1756+
assert!(last == Some("a"));
1757+
}
1758+
1759+
// --- SplitAsciiWhitespace ---
1760+
1761+
#[kani::proof]
1762+
#[kani::unwind(6)]
1763+
fn verify_split_ascii_whitespace_remainder() {
1764+
let s = "a b c";
1765+
let mut split = s.split_ascii_whitespace();
1766+
split.next();
1767+
let rest = split.remainder();
1768+
assert!(rest == Some("b c"));
1769+
}
1770+
1771+
// --- __iterator_get_unchecked (Bytes) ---
1772+
1773+
#[kani::proof]
1774+
fn verify_iterator_get_unchecked() {
1775+
let s = "hello";
1776+
let mut bytes = s.bytes();
1777+
let val = unsafe { bytes.__iterator_get_unchecked(0) };
1778+
assert!(val == b'h');
1779+
}
1780+
}

0 commit comments

Comments
 (0)