In mlkem-native and mldsa-native, we would like to be able to claim that we check termination of loops except for a small number of loops which only probabilistically terminate. Of course, we can point at the individual decreases clauses and ask a consumer to grep-validate our claims, but this is inconvenient.
Could CBMC offer a flag which, if set, makes CBMC fail upon encountering a loop for which no termination argument is given (or can be synthesized, if this is something that CBMC does in places)?
In mlkem-native and mldsa-native, we would like to be able to claim that we check termination of loops except for a small number of loops which only probabilistically terminate. Of course, we can point at the individual
decreasesclauses and ask a consumer togrep-validate our claims, but this is inconvenient.Could CBMC offer a flag which, if set, makes CBMC fail upon encountering a loop for which no termination argument is given (or can be synthesized, if this is something that CBMC does in places)?