-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for common proof options #600
Comments
Will look at this. |
We had an exciting discussion about this today (cc @karkhaz ). Let's assume for a moment that we have an annotation like
Now, let's discuss their usefulness:
The But execution paths in the context of verification work differently: conditions will split them, potentially generating multiple failures for a program. So we should consider a set of messages, instead of a single one. Now, should we consider a string message? That's also not clear to me. Character strings aren't reliable in general. In principle, we've identified three levels of granularity for this feature:
Note that (2) talks about a property/check, while (3) is talking about the line of code where it comes from. Even if we had some classification for the different errors you can get from Kani (which I'll be proposing in a new output format), I'm not clear on the best way to use it here (because of the first problem). In principle, we could do (1) and decide how to extend the functionality later depending on other output-related issues we have at the moment. |
Requested feature: We would like to allow users to customize rmc behavior for specific proof harnesses by adding attributes to the harnesses themselves. Today, users have to change how they invoke RMC.
Use case:
Proposal: We should create macro attributes in our
rmc_macros
crate that allows the user to specify unwind values as well as proof expectations. Our compiler component will any proof harness attribute and dump it to the metadata file introduced in this PR: #668. Then we will use those values to control CBMC (for unwind) and the output results (for expect_failure).If the user provides
--unwind <value>
argument, it should have precedence over the attribute.Tasks breakdown:
rmc::unwind
.rmc::expect_failure
.The text was updated successfully, but these errors were encountered: