crucible
kani
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
crucible
-
Kani Rust Verifier – a bit-precise model-checker for Rust
Nice, I just would have liked to get all these different verification tools combined under the same interface, just being different backends as drafted by the rust verification tools work of project oak: have "cargo verify" as common command and use common test annotations, allowing the same test to be verified with different backends or just fuzzed/proptested.
The model checking approach seems to be a bit limited regarding loops. There are also abstract interpreters, such as https://github.com/facebookexperimental/MIRAI, and symbolic executers, such as https://github.com/dwrensha/seer or https://github.com/GaloisInc/crucible.
Overall I believe this space would benefit from more coordination and focus on developing something that has the theoretical foundations to cover as many needs as possible and then make a user-friendly tool out of it that is endorsed by the Rust project similar to how Rust analyzer is the one language server to come.
-
Type Theory Forall Podcast #13 - C/C++, Emacs, Haskell, and Coq. The Journey (John Wiegley)
When we talk about formal methods being used in the industry I honestly think Galois' approach is the future. The main idea is to symbolically execute llvm code and run a SAT solver on the desired properties. See Crucible and SAW.
kani
-
The C Bounded Model Checker: Criminally Underused
This is also the backend for Kani - Amazon's formal verification tool for Rust.
- Boletín AWS Open Source, Christmas Edition
-
The Wizardry Frontier
Nice read! Rust has pushed, and will continue to push, the limits of practical, bare metal, memory safe languages. And it's interesting to think about what's next, maybe eventually there will be some form of practical theorem proving "for the masses". Lean 4 looks great and has potential, but it's still mostly a language for mathematicians. There has been some research on AI constructed proofs, which could be the best of both worlds because then the type checker can verify that the AI generated code/proof is indeed correct. Tools like Kani are also a step forward in program correctness.
-
CVE-2023-4863: Heap buffer overflow in WebP (Chrome)
> those applications need the proof for correctness so that more dangerous code---say, what would need `unsafe` in Rust---can be safely added
There are actually already tools built for this very purpose in Rust (see Kani [1] for instance).
Formal verification has a serious scaling problem, so forming programs in such a way that there are a few performance-critical areas that use unsafe routines seems like the best route. I feel like Rust leans into this paradigm with `unsafe` blocks.
- Formal verification for unsafe code?
-
Unsafe Rust
You can also use Kani to check unsafe code. https://github.com/model-checking/kani
- This Week in Rust 499
-
Kani 0.28.0 has been released!
Here's a summary of what's new in version 0.28.0:
-
Kani 0.27.0 has been released!
However, there may be more down the line since we don't have (1) for now. If you're interested, would you mind commenting to this issue?
We're excited to announce the release of Kani Rust Verifier v0.27.0! Kani is a bit-precise model checker for Rust, and this new release comes with exciting changes and improvements.
What are some alternatives?
prusti-dev - A static verifier for Rust, based on the Viper verification infrastructure.
awesome-rust-formalized-reasoning - An exhaustive list of all Rust resources regarding automated or semi-automated formalization efforts in any area, constructive mathematics, formal algorithms, and program verification.
MIRAI - Rust mid-level IR Abstract Interpreter
gdbstub - An ergonomic, featureful, and easy-to-integrate implementation of the GDB Remote Serial Protocol in Rust (with no-compromises #![no_std] support)
rmc - Kani Rust Verifier [Moved to: https://github.com/model-checking/kani]
watt - Runtime for executing procedural macros as WebAssembly
rustig - A tool to detect code paths leading to Rust's panic handler
seer - symbolic execution engine for Rust
paxakos - Rust implementation of Paxos consensus algorithm
macro_railroad_ext - Display syntax-diagrams for Rust-macros on docs.rs and doc.rust-lang.org
saw-script - The SAW scripting language.
coq-of-ocaml - Formal verification for OCaml