Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Call
check_proof_attribute
for contract harnesses (#3522)
Kani enforces that `[kani::proof]` attribute is not applied to generic functions. We do not currently enforce this restriction on contract harnesses. When the compiler [searches for harnesses to verify](https://github.com/model-checking/kani/blob/dba8f3926a61025f5078de787ebd8d21278333ca/kani-compiler/src/kani_middle/codegen_units.rs#L63), it only looks at monomorphized functions. Thus, currently a user can write this code: ```rust #[kani::requires(true)] fn foo() {} #[kani::proof_for_contract(foo)] fn check_foo<T>() { foo() } ``` and get "No proof harnesses (functions with #[kani::proof]) were found to verify." In the case where a user is running many harnesses, they may not notice that Kani skipped the harness. For example, we currently have [this harness](https://github.com/model-checking/verify-rust-std/blob/149f6dd5409fac01a983d7b98c51d51666c74e45/library/core/src/ptr/unique.rs#L288) in the standard library, which doesn't actually run. (PR to fix is [here](model-checking/verify-rust-std#86)). After this PR merges, the code snippet above would instead error with: ```rust error: the '#[kani::proof_for_contract]' attribute cannot be applied to generic functions --> src/lib.rs:4:1 | 4 | #[kani::proof_for_contract(foo)] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | = note: this error originates in the attribute macro `kani::proof_for_contract` (in Nightly builds, run with -Z macro-backtrace for more info) error: aborting due to 1 previous error ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.
- Loading branch information