Closed
Description
We presently do not do any validation of rmctool attributes in the rmc compiler.
Presently, we only have rmctool::proof, so the only real missing validations are:
- Check to ensure there aren't multiple proof attributes on the function.
- Check there's no parameters to proof (
#[rmc::proof(stuff, here)]) - Check the function being annotated to ensure it has no parameters. (Initially: in the future, we might try to handle parameters as
nondet. But this is something to design to handle the assumptions problem...)
When we add more attributes, those need validation too.
Possibly we should do this at the proc_macro level, instead of in the rmc backend of the compiler?