Allow specifying the scheduling strategy in #[kani_proof] for async functions

[fzaiser]

Description of changes:

Instead of having to manually wrap the code in kani::spawnable_block_on as in #1659, this PR allows #[kani::proof] to be applied to harnesses that use spawn as well. For this to happen, the user has to specify a scheduling strategy.

Resolved issues:

Resolves #ISSUE-NUMBER

Call-outs:

Testing:

• How is this change tested? Additional regression test.

• Is this a refactor change? No

Checklist

• Each commit message has a non-empty body, explaining why the change was made
• Methods or procedures are documented
• Regression or unit tests are included, or existing tests cover the modified code
• My PR is restricted to a single feature or bugfix

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 and MIT licenses.

[fzaiser]

With #1659 merged, this is no longer blocked! I've rebased and updated this PR, but there seem to be issues with concrete playback that I don't understand (the script-based-pre exec tests are failing). Before I try to figure that out, I wanted to check that the changes of this PR are still desired. What do you think, @celinval @adpaco-aws?

[fzaiser]

Huh, seems that the tests pass in CI (not sure why they failed locally). In that case, this PR is ready for review.

[celinval]

Thanks @fzaiser.

Does verifying an async harnesses require the unstable flag to be passed? Is there any documentation to how an async harness is verified? What happens if no argument is passed?

[fzaiser]

Does verifying an async harnesses require the unstable flag to be passed?

Yes, it requires -Z async-lib.

Is there any documentation to how an async harness is verified?

There is some documentation here: https://model-checking.github.io/kani/crates/doc/kani/attr.proof.html. I just added additional information regarding spawn to the documentation of the proof macro in this PR.

What happens if no argument is passed?

If no argument is passed, it uses block_on (instead of block_on_with_spawn). If the harness code tries to call kani::spawn, it will hit this panic here. I changed this from an .expect() call to an explicit panic!() because Kani provides better location information that way. So verification will fail with the following output:

Check 53: kani::spawn::<[async block@tests/kani/AsyncAwait/spawn.rs:20:30: 22:6]>.assertion.1
         - Status: FAILURE
         - Description: "This is a placeholder message; Kani doesn't support message formatted at runtime"
         - Location: library/kani/src/futures.rs:189:13 in function kani::spawn::<[async block@tests/kani/AsyncAwait/spawn.rs:20:30: 22:6]>

[celinval]

Can you please add the following ui tests please?

• Wrong attribute argument
• No unstable flag provided

Thanks!

[fzaiser]

@celinval I added the requested tests. This should be ready to merge.