Giters

formal-land / coq-of-rust

Check 100% of execution cases of Rust programs πŸ¦€ to make applications with no bugs! ✈️ πŸš€ βš•οΈ 🏦 Formal verification

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

coqformal-verificationproofrust

logo coq-of-rust

Formal verification for Rust πŸ¦€ by translation to the proof system Coq πŸ“

⚠️ Still a work in progress! ⚠️

Table of Contents

Rationale

Formal verification allows to prevent all bugs in critical software. This is used in aerospace industry for example πŸ§‘β€πŸš€.

The type system of Rust already offers strong guarantees to avoid bugs that exist in C or Python. We still need to write tests to verify the business rules or the absence of panic. Testing is incomplete as it cannot cover all execution cases.

With formal verification we cover all cases (code 100% bug-free!). We replace the tests by mathematical reasoning on code. You can view it as an extension of the type system, but without restrictions on the expressivity.

This tool coq-of-rust translates Rust programs to the formal verification language Coq to make Rust programs 100% safe πŸŒ™.

Prerequisites

  • Rust (latest stable version)
  • Coq (version 8.14 or newer)

Details

The translation works at the level of the HIR intermediate representation of Rust.

From the root of this repository, run:

cargo install --path lib/

Then in any Rust project, to generate a Crate.v file with the Coq translation of the crate:

cargo coq-of-rust

Translate the test files (but show the error/warning messages):

cargo run --bin coq-of-rust -- translate --path examples

Update the snapshots of the translations of the test files, including the error messages:

python run_tests.py

Compile the Coq files:

cd CoqOfRust
./configure.sh
make

Features

Note that we are still developing support for most of language constructs of Rust.

  • translation of a single Rust file to Coq
  • translation of a whole crate project

Limitations

This project is still early stage. We focus for now on the translation of a purely functional subset of Rust, and then will add a monadic system to support memory mutations.

Alternative Projects

Here are other projects working on formal verification for Rust:

  • Aeneas: Translation from MIR to purely functional Coq/F* code
  • Hacspec v2: Translation from THIR to Coq/F* code
  • Creusot: Translation from MIR to Why3 (and then SMT solvers)
  • Kani: Model-checking with CBMC

Contributing

Open pull-requests or issues to contribute to this project. All contributions are welcome! This project is open-source under license AGPL for the Rust code (the translator) and MIT for the Coq libraries. There is a bit of code taken from the Creusot project, to make the Cargo command coq-of-rust and run the translation in the same context as Cargo.

About

Check 100% of execution cases of Rust programs πŸ¦€ to make applications with no bugs! ✈️ πŸš€ βš•οΈ 🏦 Formal verification

coqformal-verificationproofrust

License:GNU Affero General Public License v3.0

Languages

Language:Coq 99.6%Language:Rust 0.3%Language:Python 0.0%Language:Shell 0.0%Language:Makefile 0.0%