summary refs log tree commit diff
path: root/tests/ui/contracts/contract-const-fn.rs
blob: 733a06ae5709010f297f77433e5b1c22f9fb6c8d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
//! Check if we can annotate a constant function with contracts.
//!
//! The contract is only checked at runtime, and it will not fail if evaluated statically.
//! This is an existing limitation due to the existing architecture and the lack of constant
//! closures.
//!
//@ revisions: all_pass runtime_fail_pre runtime_fail_post
//
//@ [all_pass] run-pass
//
//@ [runtime_fail_pre] run-fail
//@ [runtime_fail_post] run-fail
//
//@ [all_pass] compile-flags: -Zcontract-checks=yes
//@ [runtime_fail_pre] compile-flags: -Zcontract-checks=yes
//@ [runtime_fail_post] compile-flags: -Zcontract-checks=yes
#![feature(contracts)]
//~^ WARN the feature `contracts` is incomplete and may not be safe to use and/or cause compiler crashes [incomplete_features]

extern crate core;
use core::contracts::*;

#[requires(x < 100)]
const fn less_than_100(x: u8) -> u8 {
    x
}

// This is wrong on purpose.
#[ensures(|ret| *ret)]
const fn always_true(b: bool) -> bool {
    b
}

const ZERO: u8 = less_than_100(0);
// This is no-op because the contract cannot be checked at compilation time.
const TWO_HUNDRED: u8 = less_than_100(200);

/// Example from <https://github.com/rust-lang/rust/issues/136925>.
#[ensures(move |ret: &u32| *ret > x)]
const fn broken_sum(x: u32, y: u32) -> u32 {
    x + y
}

fn main() {
    assert_eq!(ZERO, 0);
    assert_eq!(TWO_HUNDRED, 200);
    assert_eq!(broken_sum(0, 1), 1);
    assert_eq!(always_true(true), true);

    #[cfg(runtime_fail_post)]
    let _ok = always_true(false);

    // Runtime check should fail.
    #[cfg(runtime_fail_pre)]
    let _200 = less_than_100(200);
}