diff --git a/library/core/src/ffi/c_str.rs b/library/core/src/ffi/c_str.rs index 05506aa4fb19d..2e4fcbcafe6cf 100644 --- a/library/core/src/ffi/c_str.rs +++ b/library/core/src/ffi/c_str.rs @@ -859,6 +859,15 @@ impl FusedIterator for Bytes<'_> {} #[unstable(feature = "kani", issue = "none")] mod verify { use super::*; + + // Helper function + fn arbitrary_cstr(slice: &[u8]) -> &CStr { + let result = CStr::from_bytes_until_nul(&slice); + kani::assume(result.is_ok()); + let c_str = result.unwrap(); + assert!(c_str.is_safe()); + c_str + } // pub const fn from_bytes_until_nul(bytes: &[u8]) -> Result<&CStr, FromBytesUntilNulError> #[kani::proof] @@ -875,7 +884,8 @@ mod verify { assert!(c_str.is_safe()); } } - + + // pub const fn count_bytes(&self) -> usize #[kani::proof] #[kani::unwind(32)] fn check_count_bytes() { @@ -897,5 +907,38 @@ mod verify { let c_str = CStr::from_bytes_until_nul(&bytes).unwrap(); // Verify that count_bytes matches the adjusted length assert_eq!(c_str.count_bytes(), len); + assert!(c_str.is_safe()); + } + + // pub const fn to_bytes(&self) -> &[u8] + #[kani::proof] + #[kani::unwind(32)] + fn check_to_bytes() { + const MAX_SIZE: usize = 32; + let string: [u8; MAX_SIZE] = kani::any(); + let slice = kani::slice::any_slice_of_array(&string); + let c_str = arbitrary_cstr(slice); + + let bytes = c_str.to_bytes(); + let end_idx = bytes.len(); + // Comparison does not include the null byte + assert_eq!(bytes, &slice[..end_idx]); + assert!(c_str.is_safe()); + } + + // pub const fn to_bytes_with_nul(&self) -> &[u8] + #[kani::proof] + #[kani::unwind(33)] + fn check_to_bytes_with_nul() { + const MAX_SIZE: usize = 32; + let string: [u8; MAX_SIZE] = kani::any(); + let slice = kani::slice::any_slice_of_array(&string); + let c_str = arbitrary_cstr(slice); + + let bytes = c_str.to_bytes_with_nul(); + let end_idx = bytes.len(); + // Comparison includes the null byte + assert_eq!(bytes, &slice[..end_idx]); + assert!(c_str.is_safe()); } } \ No newline at end of file