Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

https://github.com/formal-land/coq-of-rust

Check 100% of execution cases of Rust programs 🦀 to make applications with no bugs! ✈️ 🚀 ⚕️ 🏦 Formal verification
https://github.com/formal-land/coq-of-rust

coq formal-verification proof rust

Last synced: about 2 months ago
JSON representation

Check 100% of execution cases of Rust programs 🦀 to make applications with no bugs! ✈️ 🚀 ⚕️ 🏦 Formal verification

Host: GitHub
URL: https://github.com/formal-land/coq-of-rust
Owner: formal-land
License: agpl-3.0
Created: 2022-12-28T13:46:19.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-04-12T08:00:17.000Z (3 months ago)
Last Synced: 2024-04-12T15:11:42.404Z (3 months ago)
Topics: coq, formal-verification, proof, rust
Language: Coq
Homepage:
Size: 17.6 MB
Stars: 124
Watchers: 7
Forks: 4
Open Issues: 29
Metadata Files:
- Readme: README.md
- Funding: .github/FUNDING.yml
- License: LICENSE

Lists

awesome-rust-formalized-reasoning - coq-of-rust - formal verification for Rust. (Projects / Verification)

README

        #  coq-of-rust

> Formal verification tool for Rust 🦀

Made with [🌲 Formal Land](https://formal.land/)

Formal verification enables the making of software without bugs by showing that it follows a precise specification and covers all execution cases.

See our blog post [Verifying an ERC-20 smart contract in Rust](https://formal.land/blog/2023/12/13/rust-verify-erc-20-smart-contract) to have an example of formally verified Rust code using `coq-of-rust`.

The development of `coq-of-rust` was mainly funded by the crypto-currency [Aleph Zero](https://alephzero.org/), for the development of safer smart contracts, that we thanks for the support.

## Table of Contents

- [Example](#example)

- [Rationale](#rationale)

- [Prerequisites](#prerequisites)

- [Installation and User Guide](#installation-and-user-guide)

- [Features](#language-features)

- [Contact](#contact)

- [Alternative Projects](#alternative-projects)

- [Contributing](#contributing)

## Example

At the heart of `coq-of-rust` is the translation of Rust programs to the [proof system Coq 🐓](https://coq.inria.fr/). Once some Rust code is translated to Coq, it can then be verified using standard proof techniques.

Here is an example of a Rust function:

```rust

fn add_one(x: u32) -> u32 {

    x + 1

}

```

Running `coq-of-rust`, it translates in Coq to:

```coq

Definition add_one (x : u32.t) : M u32.t :=

  let* x := M.alloc x in

  let* α0 : u32.t := M.read x in

  BinOp.Panic.add α0 ((Integer.of_Z 1) : u32.t).

```

Functions such as `BinOp.Panic.add` are part standard library for Rust in Coq that we provide. We can then express and verify specifications on the code in Coq.

## Rationale

Formal verification allows the prevention of all bugs in critical software. This is used in the aerospace industry, for example 🧑‍🚀.

The type system of Rust already offers strong guarantees to avoid bugs that exist in C or Python. We still need to write tests to verify the business rules or the absence of `panic`. Testing is incomplete as it cannot cover all execution cases.

With formal verification, we cover all cases (code 100% bug-free!). We replace the tests with mathematical reasoning on code. You can view it as an extension of the type system but without restrictions on the expressivity.

The tool `coq-of-rust` translates Rust programs to the battle-tested formal verification system Coq to make Rust programs 100% safe 🚀.

## Prerequisites

- Rust

- Coq (see [coq-of-rust.opam](./CoqOfRust/coq-of-rust.opam))

## Installation and User Guide

The [build tutorial](./docs/BUILD.md) provides detailed instructions on building and installing `coq-of-rust`, while the [user tutorial](./docs/GUIDE.md) provides an introduction to the `coq-of-rust` command line interface and the list of supported options.

## Language features

The translation works at the level of the [THIR](https://rustc-dev-guide.rust-lang.org/thir.html) intermediate representation of Rust.

We support 80% of the Rust examples from the [Rust Book by Examples](https://doc.rust-lang.org/rust-by-example/). This includes:

- basic control structures (like `if` and `match`)

- loops (`while` and `for`)

- references and mutability (`&` and `&mut`)

- closures

- panics

- user types (with `struct` and `enum`)

- the definition of traits

- the implementation keyword `impl` for traits or user types

## Contact

For formal verification services on your Rust code base, contact us at [[email protected]](mailto:[email protected]). Formal verification can apply to smart contracts, database engines, or any critical Rust project. This provides the highest confidence level in the absence of bugs compared to other techniques, such as manual reviews or testing.

## Alternative Projects

Here are other projects working on formal verification for Rust:

- [Aeneas](https://github.com/AeneasVerif/aeneas): Translation from MIR to purely functional Coq/F* code. Automatically put the code in a functional form. See their paper [Aeneas: Rust verification by functional translation](https://dl.acm.org/doi/abs/10.1145/3547647).

- [Hacspec v2](https://github.com/hacspec/hacspec-v2): Translation from THIR to Coq/F* code

- [Creusot](https://github.com/xldenis/creusot): Translation from MIR to Why3 (and then SMT solvers)

- [Kani](https://github.com/model-checking/kani): Model-checking with [CBMC](https://github.com/diffblue/cbmc)

## Contributing

This is all open-source software.

Open some pull requests or issues to contribute to this project. All contributions are welcome! This project is open-source under license AGPL for the Rust code (the translator) and MIT for the Coq libraries. There is a bit of code taken from the [Creusot](https://github.com/xldenis/creusot) project to make the Cargo command `coq-of-rust` and run the translation in the same context as Cargo.