Abstract
Rust is a fairly recent programming language for system programming, bringing static guarantees of memory safety through a strict ownership policy. The strong guarantees brought by this feature opens promising progress for deductive verification, which aims at proving the conformity of Rust code with respect to a specification of its intended behavior. We present the foundations of Creusot, a tool for the formal specification and deductive verification of Rust code. A first originality comes from Creusot’s specification language, which features a notion of prophecy to reason about memory mutation, working in harmony with Rust’s ownership system. A second originality is how Creusot builds upon Rust trait system to provide several advanced abstraction features.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Le Creusot is an industrial town in the eastern France, whose economy is dominated by metallurgical companies, cf. https://en.wikipedia.org/wiki/Le_Creusot.
- 2.
Pearlite is a structure occurring in common grades of steels, cf https://en.wikipedia.org/wiki/Pearlite.
References
Astrauskas, V., Müller, P., Poli, F., Summers, A.J.: Leveraging rust types for modular specification and verification. Proc. ACM Program. Lang. 3, 147:1–147:30 (2019). https://doi.org/10.1145/3360573
Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14
Baudin, P., et al.: ACSL: ANSI/ISO C Specification Language, version 1.16 (2020), https://frama-c.com/html/acsl.html
Bobot, F., Filliâtre, J.-C., Marché, C., Paskevich, A.: Let’s verify this with Why3. Int. J. Softw. Tools Technol. Transfer 17(6), 709–727 (2014). https://doi.org/10.1007/s10009-014-0314-5
Cok, D.R.: OpenJML: software verification for java 7 using JML, OpenJDK, and Eclipse. Formal Integr. Dev. Env. 149, 79–92 (2014). https://doi.org/10.4204/EPTCS.149.8
Conchon, S., Coquereau, A., Iguernlala, M., Mebsout, A.: Alt-Ergo 2.2. In: Satisfiability Modulo Theories (2018). https://hal.inria.fr/hal-01960203
Dailler, S., Marché, C., Moy, Y.: Lightweight interactive proving inside an automatic program verifier. In: Formal Integrated Development Environment (2018). https://doi.org/10.4204/EPTCS.284.1
Denis, X., Jourdan, J.H., Marché, C.: The Creusot environment for the deductive verification of rust programs. Research report 9448, Inria Saclay - Île de France (2021). https://hal.inria.fr/hal-03526634
Filliâtre, J.C., Gondelman, L., Paskevich, A.: A pragmatic type system for deductive verification. Research report, Université Paris Sud (2016). https://hal.archives-ouvertes.fr/hal-01256434v3
Hatcliff, J., Leavens, G.T., Leino, K.R.M., Müller, P., Parkinson, M.: Behavioral interface specification languages. ACM Comput. Surv. 44(3), 1–58 (2012). https://doi.org/10.1145/2187671.2187678
Ho, S., Protzenko, J.: Aeneas: rust verification by functional translation (2022). https://doi.org/10.48550/ARXIV.2206.07185
Hubert, T., Marché, C.: Separation analysis for deductive verification. In: Heap Analysis and Verification, pp. 81–93 (2007). https://hal.inria.fr/hal-03630177
Jaloyan, G.-A., Dross, C., Maalej, M., Moy, Y., Paskevich, A.: Verification of programs with pointers in SPARK. In: Lin, S.-W., Hou, Z., Mahony, B. (eds.) ICFEM 2020. LNCS, vol. 12531, pp. 55–72. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63406-3_4
Leino, K.R.M., Moskal, M.: VACID-0: verification of ample correctness of invariants of data-structures, edition 0. In: Verified Software, Tools, Techniques and Experiments (2010)
Matsushita, Y., Denis, X., Jacques-Henri, J., Dreyer, D.: RustHornBelt: a semantic foundation for functional verification of rust programs with unsafe code. In: Programming Language Design and Implementation (2022). https://doi.org/10.1145/3519939.3523704
Matsushita, Y., Tsukada, T., Kobayashi, N.: RustHorn: CHC-based verification for rust programs. ACM Trans. Progr. Lang. Syst. 43(4), 15:1–15:54 (2021). https://doi.org/10.1145/3462205
McCormick, J.W., Chapin, P.C.: Building High Integrity Applications with SPARK. Cambridge University Press, Cambridge (2015)
Mol, M., other contributors: The Rosetta Code chrestomathy of programs, https://rosettacode.org
de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78800-3_24
Smans, J., Jacobs, B., Piessens, F.: Implicit dynamic frames: combining dynamic frames and separation logic. In: Drossopoulou, S. (ed.) ECOOP 2009. LNCS, vol. 5653, pp. 148–172. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03013-0_8
The rust community: The std::cmp::Ord trait of Rust. https://doc.rust-lang.org/std/cmp/trait.Ord.html
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Denis, X., Jourdan, JH., Marché, C. (2022). Creusot: A Foundry for the Deductive Verification of Rust Programs. In: Riesco, A., Zhang, M. (eds) Formal Methods and Software Engineering. ICFEM 2022. Lecture Notes in Computer Science, vol 13478. Springer, Cham. https://doi.org/10.1007/978-3-031-17244-1_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-17244-1_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17243-4
Online ISBN: 978-3-031-17244-1
eBook Packages: Computer ScienceComputer Science (R0)