Run format check in our CI and fix repo format (model-checking#205)

Changed the `check-rustc.sh` script to run the format check. Also added
a `--bless` mode to apply the changes locally.
This change also includes the result of running the script with the
`--bless` mode on.

Related to model-checking#38 

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 and MIT licenses.

---------

Co-authored-by: Zyad Hassan <88045115+zhassan-aws@users.noreply.github.com>
Co-authored-by: Carolyn Zech <cmzech@amazon.com>

Author: 3 people

.github/workflows/rustc.yml

@@ -19,7 +19,7 @@ defaults:
     shell: bash
 
 jobs:
-  build:
+  upstream_test:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
@@ -28,8 +28,8 @@ jobs:
     steps:
       - name: Checkout Library
         uses: actions/checkout@v4
-        with:
-          path: head
 
       - name: Run rustc script
-        run: bash ./head/scripts/check_rustc.sh ${{github.workspace}}/head
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: ./scripts/check_rustc.sh

library/alloc/src/collections/vec_deque/mod.rs

@@ -3087,6 +3087,7 @@ impl<T, const N: usize> From<[T; N]> for VecDeque<T> {
 #[unstable(feature = "kani", issue = "none")]
 mod verify {
     use core::kani;
+
     use crate::collections::VecDeque;
 
     #[kani::proof]
@@ -3120,5 +3121,4 @@ mod verify {
             assert!(deque[k] == arr[k]);
         }
     }
-
 }

library/alloc/src/vec/mod.rs

@@ -4037,15 +4037,15 @@ impl<T, A: Allocator, const N: usize> TryFrom<Vec<T, A>> for [T; N] {
 #[unstable(feature = "kani", issue = "none")]
 mod verify {
     use core::kani;
+
     use crate::vec::Vec;
-    
-    // Size chosen for testing the empty vector (0), middle element removal (1) 
-    // and last element removal (2) cases while keeping verification tractable 
+
+    // Size chosen for testing the empty vector (0), middle element removal (1)
+    // and last element removal (2) cases while keeping verification tractable
     const ARRAY_LEN: usize = 3;
 
     #[kani::proof]
     pub fn verify_swap_remove() {
-
         // Creating a vector directly from a fixed length arbitrary array
         let mut arr: [i32; ARRAY_LEN] = kani::Arbitrary::any_array();
         let mut vect = Vec::from(&arr);
@@ -4067,14 +4067,16 @@ mod verify {
 
         // Verifying that the removed index now contains the element originally at the vector's last index if applicable
         if index < original_len - 1 {
-            assert!(vect[index] == original_vec[original_len - 1], "Index should contain last element");
+            assert!(
+                vect[index] == original_vec[original_len - 1],
+                "Index should contain last element"
+            );
         }
 
         // Check that all other unaffected elements remain unchanged
         let k = kani::any_where(|&x: &usize| x < original_len - 1);
         if k != index {
             assert!(vect[k] == arr[k]);
         }
-
     }
 }

library/core/src/alloc/layout.rs

@@ -4,21 +4,20 @@
 // collections, resulting in having to optimize down excess IR multiple times.
 // Your performance intuition is useless. Run perf.
 
-use safety::{ensures, Invariant, requires};
+use safety::{Invariant, ensures, requires};
+
+#[cfg(kani)]
+use crate::cmp;
 use crate::error::Error;
 use crate::intrinsics::{unchecked_add, unchecked_mul, unchecked_sub};
-use crate::mem::SizedTypeProperties;
-use crate::ptr::{Alignment, NonNull};
-use crate::{assert_unsafe_precondition, fmt, mem};
-
 #[cfg(kani)]
 use crate::kani;
-#[cfg(kani)]
-use crate::cmp;
-
+use crate::mem::SizedTypeProperties;
+use crate::ptr::{Alignment, NonNull};
 // Used only for contract verification.
 #[allow(unused_imports)]
 use crate::ub_checks::Invariant;
+use crate::{assert_unsafe_precondition, fmt, mem};
 
 // While this function is used in one place and its implementation
 // could be inlined, the previous attempts to do so made rustc
@@ -624,14 +623,15 @@ impl fmt::Display for LayoutError {
 }
 
 #[cfg(kani)]
-#[unstable(feature="kani", issue="none")]
+#[unstable(feature = "kani", issue = "none")]
 mod verify {
     use super::*;
 
     impl kani::Arbitrary for Layout {
         fn any() -> Self {
             let align = kani::any::<Alignment>();
-            let size = kani::any_where(|s: &usize| *s <= isize::MAX as usize - (align.as_usize() - 1));
+            let size =
+                kani::any_where(|s: &usize| *s <= isize::MAX as usize - (align.as_usize() - 1));
             unsafe { Layout { size, align } }
         }
     }
@@ -684,8 +684,8 @@ mod verify {
     pub fn check_for_value_i32() {
         let x = kani::any::<i32>();
         let _ = Layout::for_value::<i32>(&x);
-        let array : [i32; 2] = [1, 2];
-        let _ = Layout::for_value::<[i32]>(&array[1 .. 1]);
+        let array: [i32; 2] = [1, 2];
+        let _ = Layout::for_value::<[i32]>(&array[1..1]);
         let trait_ref: &dyn core::fmt::Debug = &x;
         let _ = Layout::for_value::<dyn core::fmt::Debug>(trait_ref);
         // TODO: the case of an extern type as unsized tail is not yet covered
@@ -724,7 +724,7 @@ mod verify {
     pub fn check_padding_needed_for() {
         let layout = kani::any::<Layout>();
         let a2 = kani::any::<usize>();
-        if(a2.is_power_of_two() && a2 <= layout.align()) {
+        if (a2.is_power_of_two() && a2 <= layout.align()) {
             let _ = layout.padding_needed_for(a2);
         }
     }

library/core/src/ascii/ascii_char.rs

@@ -4,11 +4,11 @@
 //! helps with clarity as we're also referring to `char` intentionally in here.
 
 use safety::{ensures, requires};
-use crate::mem::transmute;
-use crate::{assert_unsafe_precondition, fmt};
 
 #[cfg(kani)]
 use crate::kani;
+use crate::mem::transmute;
+use crate::{assert_unsafe_precondition, fmt};
 
 /// One of the 128 Unicode characters from U+0000 through U+007F,
 /// often known as the [ASCII] subset.
@@ -623,11 +623,12 @@ impl fmt::Debug for AsciiChar {
 }
 
 #[cfg(kani)]
-#[unstable(feature="kani", issue="none")]
+#[unstable(feature = "kani", issue = "none")]
 mod verify {
-    use super::*;
     use AsciiChar;
 
+    use super::*;
+
     #[kani::proof_for_contract(AsciiChar::from_u8)]
     fn check_from_u8() {
         let b: u8 = kani::any();

library/core/src/char/convert.rs

@@ -1,16 +1,16 @@
 //! Character conversions.
 
-use safety::{requires, ensures};
+use safety::{ensures, requires};
+
 use crate::char::TryFromCharError;
 use crate::error::Error;
 use crate::fmt;
+#[cfg(kani)]
+use crate::kani;
 use crate::mem::transmute;
 use crate::str::FromStr;
 use crate::ub_checks::assert_unsafe_precondition;
 
-#[cfg(kani)]
-use crate::kani;
-
 /// Converts a `u32` to a `char`. See [`char::from_u32`].
 #[must_use]
 #[inline]
@@ -298,7 +298,7 @@ pub(super) const fn from_digit(num: u32, radix: u32) -> Option<char> {
 }
 
 #[cfg(kani)]
-#[unstable(feature="kani", issue="none")]
+#[unstable(feature = "kani", issue = "none")]
 mod verify {
     use super::*;
 

library/core/src/char/methods.rs

@@ -1,15 +1,14 @@
 //! impl char {}
 
 use super::*;
+#[cfg(kani)]
+use crate::kani;
 use crate::panic::const_panic;
 use crate::slice;
 use crate::str::from_utf8_unchecked_mut;
 use crate::unicode::printable::is_printable;
 use crate::unicode::{self, conversions};
 
-#[cfg(kani)]
-use crate::kani;
-
 impl char {
     /// The lowest valid code point a `char` can have, `'\0'`.
     ///
@@ -1871,19 +1870,20 @@ pub const fn encode_utf16_raw(mut code: u32, dst: &mut [u16]) -> &mut [u16] {
 }
 
 #[cfg(kani)]
-#[unstable(feature="kani", issue="none")]
+#[unstable(feature = "kani", issue = "none")]
 mod verify {
-    use super::*;
     use safety::ensures;
 
+    use super::*;
+
     #[ensures(|result| c.is_ascii() == (result.is_some() && (result.unwrap() as u8 as char == *c)))]
     fn as_ascii_clone(c: &char) -> Option<ascii::Char> {
         c.as_ascii()
     }
 
     #[kani::proof_for_contract(as_ascii_clone)]
     fn check_as_ascii_ascii_char() {
-        let ascii: char = kani::any_where(|c : &char| c.is_ascii());
+        let ascii: char = kani::any_where(|c: &char| c.is_ascii());
         as_ascii_clone(&ascii);
     }
 

library/core/src/ffi/c_str.rs

@@ -1,22 +1,21 @@
 //! [`CStr`] and its related types.
 
+use safety::{ensures, requires};
+
 use crate::cmp::Ordering;
 use crate::error::Error;
 use crate::ffi::c_char;
 use crate::intrinsics::const_eval_select;
 use crate::iter::FusedIterator;
+#[cfg(kani)]
+use crate::kani;
 use crate::marker::PhantomData;
 use crate::ptr::NonNull;
 use crate::slice::memchr;
-use crate::{fmt, ops, slice, str};
-use safety::{requires, ensures};
-
 use crate::ub_checks::Invariant;
 #[allow(unused_imports)]
 use crate::ub_checks::can_dereference;
-
-#[cfg(kani)]
-use crate::kani;
+use crate::{fmt, ops, slice, str};
 
 // FIXME: because this is doc(inline)d, we *have* to use intra-doc links because the actual link
 //   depends on where the item is being documented. however, since this is libcore, we can't
@@ -228,7 +227,7 @@ impl Invariant for &CStr {
         let bytes: &[c_char] = &self.inner;
         let len = bytes.len();
 
-        !bytes.is_empty() && bytes[len - 1] == 0 && !bytes[..len-1].contains(&0)
+        !bytes.is_empty() && bytes[len - 1] == 0 && !bytes[..len - 1].contains(&0)
     }
 }
 
@@ -887,7 +886,7 @@ impl FusedIterator for Bytes<'_> {}
 #[unstable(feature = "kani", issue = "none")]
 mod verify {
     use super::*;
-    
+
     // Helper function
     fn arbitrary_cstr(slice: &[u8]) -> &CStr {
         // At a minimum, the slice has a null terminator to form a valid CStr.
@@ -934,7 +933,7 @@ mod verify {
         let len = bytes.len();
         assert_eq!(bytes, &slice[..len]);
     }
-      
+
     // pub fn bytes(&self) -> Bytes<'_>
     #[kani::proof]
     #[kani::unwind(32)]
@@ -972,7 +971,7 @@ mod verify {
 
     // pub const fn as_ptr(&self) -> *const c_char
     #[kani::proof]
-    #[kani::unwind(33)] 
+    #[kani::unwind(33)]
     fn check_as_ptr() {
         const MAX_SIZE: usize = 32;
         let string: [u8; MAX_SIZE] = kani::any();
@@ -996,10 +995,10 @@ mod verify {
         }
         assert!(c_str.is_safe());
     }
-  
+
     // pub const fn from_bytes_with_nul(bytes: &[u8]) -> Result<&Self, FromBytesWithNulError>
     #[kani::proof]
-    #[kani::unwind(17)] 
+    #[kani::unwind(17)]
     fn check_from_bytes_with_nul() {
         const MAX_SIZE: usize = 16;
         let string: [u8; MAX_SIZE] = kani::any();
@@ -1017,10 +1016,10 @@ mod verify {
     fn check_count_bytes() {
         const MAX_SIZE: usize = 32;
         let mut bytes: [u8; MAX_SIZE] = kani::any();
-        
+
         // Non-deterministically generate a length within the valid range [0, MAX_SIZE]
         let mut len: usize = kani::any_where(|&x| x < MAX_SIZE);
-        
+
         // If a null byte exists before the generated length
         // adjust len to its position
         if let Some(pos) = bytes[..len].iter().position(|&x| x == 0) {
@@ -1029,7 +1028,7 @@ mod verify {
             // If no null byte, insert one at the chosen length
             bytes[len] = 0;
         }
-    
+
         let c_str = CStr::from_bytes_until_nul(&bytes).unwrap();
         // Verify that count_bytes matches the adjusted length
         assert_eq!(c_str.count_bytes(), len);
@@ -1076,7 +1075,9 @@ mod verify {
         let mut string: [u8; MAX_SIZE] = kani::any();
         let ptr = string.as_ptr() as *const c_char;
 
-        unsafe { super::strlen(ptr); }
+        unsafe {
+            super::strlen(ptr);
+        }
     }
 
     // pub const unsafe fn from_ptr<'a>(ptr: *const c_char) -> &'a CStr
@@ -1087,9 +1088,11 @@ mod verify {
         let string: [u8; MAX_SIZE] = kani::any();
         let ptr = string.as_ptr() as *const c_char;
 
-        unsafe { CStr::from_ptr(ptr); }
+        unsafe {
+            CStr::from_ptr(ptr);
+        }
     }
-  
+
     // pub const fn is_empty(&self) -> bool
     #[kani::proof]
     #[kani::unwind(33)]

library/core/src/mem/mod.rs

@@ -6,11 +6,10 @@
 #![stable(feature = "rust1", since = "1.0.0")]
 
 use crate::alloc::Layout;
-use crate::marker::DiscriminantKind;
-use crate::{clone, cmp, fmt, hash, intrinsics, ptr};
-
 #[cfg(kani)]
 use crate::kani;
+use crate::marker::DiscriminantKind;
+use crate::{clone, cmp, fmt, hash, intrinsics, ptr};
 
 mod manually_drop;
 #[stable(feature = "manually_drop", since = "1.20.0")]
@@ -1372,7 +1371,7 @@ pub macro offset_of($Container:ty, $($fields:expr)+ $(,)?) {
 }
 
 #[cfg(kani)]
-#[unstable(feature="kani", issue="none")]
+#[unstable(feature = "kani", issue = "none")]
 mod verify {
     use super::*;
     use crate::kani;