Feature request: detect when Rustc hides UB (undefined behavior) when generating MIR

[danielsn]

RMC operates at the MIR level. It is possible that the MIR generated by Rustc may make implementation decisions that hide UB.

Likelihood:

We do not have data on how often this occurs.

Mitigation:

We can disable some Rust optimizations on the command-line. We should test whether we get the same result given different optimization levels. By default, we should operate with all optimizations off.

Path to soundness:

Work with the compiler team to

• document any cases where this can happen
• develop a compiler mode to generate MIR that as purely reflects

Documentation:

[zhassan-aws]

Mitigate by documenting that Kani results are with respect to a specific compiler version and remove the soundness label.