hax is a tool for high assurance translations that translates a large subset of Rust into formal languages such as F* or Coq. This extends the scope of the hacspec project, which was previously a DSL embedded in Rust, to a usable tool for verifying Rust programs.
So what is hacspec now?
hacspec is the functional subset of Rust that can be used, together with a hacspec standard library, to write succinct, executable, and verifiable specifications in Rust. These specifications can be translated into formal languages with hax.
Hax is a cargo subcommand.
The command cargo hax accepts the following subcommands:
into(cargo hax into BACKEND): translate a Rust crate to the backendBACKEND(e.g.fstar,coq).json(cargo hax json): extract the typed AST of your crate as a JSON file.
Note:
BACKENDcan befstar,coqoreasycrypt.cargo hax into --helpgives the full list of supported backends.- The subcommands
cargo hax,cargo hax intoandcargo hax into <BACKEND>takes options. For instance, you cancargo hax into fstar --z3rlimit 100. Use--helpon those subcommands to list all options.
Manual installation
- Make sure to have the following installed on your system:
- Clone this repo:
git clone git@github.com:hacspec/hax.git && cd hax - Run the setup.sh script:
./setup.sh. - Run
cargo-hax --help
Nix
This should work on Linux, MacOS and Windows.
Prerequisites: Nix package manager (with flakes enabled)
- Either using the Determinate Nix Installer, with the following bash one-liner:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
- or following those steps.
-
Run hax on a crate directly to get F*/Coq/... (assuming you are in the crate's folder):
nix run github:hacspec/hax -- into fstarextracts F*.
-
Install hax:
nix profile install github:hacspec/hax, then runcargo hax --helpanywhere -
Note: in any of the Nix commands above, replace
github:hacspec/haxby./dirto compile a local checkout of hax that lives in./some-dir -
Setup binary cache: using Cachix, just
cachix use hax
Using Docker
- Clone this repo:
git clone git@github.com:hacspec/hax.git && cd hax - Build the docker image:
docker build -f .docker/Dockerfile . -t hax - Get a shell:
docker run -it --rm -v /some/dir/with/a/crate:/work hax bash - You can now run
cargo-hax --help(notice here we usecargo-haxinstead ofcargo hax)
Hax indenteds to support full Rust, with the two following exceptions, promoting a functional style:
- no
unsafecode (see hacspec#417); - mutable references (aka
&mut T) on return types or when aliasing (see hacspec#420).
Each unsupported Rust feature is documented as an issue labeled unsupported-rust. When the issue is labeled wontfix-v1, that means we don't plan on supporting that feature soon.
Quicklinks:
There's a set of examples that show what hax can do for you. Please check out the examples directory.
Just clone & cd into the repo, then run nix develop ..
You can also just use direnv, with editor integration.
rust-frontend/: Rust library that hooks in the rust compiler and extract its internal typed abstract syntax tree THIR as JSON.engine/: the simplication and elaboration engine that translate programs from the Rust language to various backends (seeengine/backends/).cli/: thehaxsubcommand for Cargo.
You can use the .utils/rebuild.sh script (which is available automatically as the command rebuild when using the Nix devshell):
rebuild: rebuild the Rust then the OCaml part;rebuild TARGET: rebuild theTARGETpart (TARGETis eitherrustorocaml).
Before starting any work please join the Zulip chat, start a discussion on Github, or file an issue to discuss your contribution.
Zulip graciously provides the hacspec & hax community with a "Zulip Cloud Standard" tier.