https://github.com/eth-act/zisk-fv
Lean 4 formal verification of the ZisK zkVM against the Sail RISC-V specification (ZisK fork baseline + FV work in ai_plans/, docs/fv/, ZiskFv/, tools/zisk-pil-extract/).
https://github.com/eth-act/zisk-fv
Last synced: 17 days ago
JSON representation
Lean 4 formal verification of the ZisK zkVM against the Sail RISC-V specification (ZisK fork baseline + FV work in ai_plans/, docs/fv/, ZiskFv/, tools/zisk-pil-extract/).
- Host: GitHub
- URL: https://github.com/eth-act/zisk-fv
- Owner: eth-act
- Created: 2026-04-20T22:29:47.000Z (about 2 months ago)
- Default Branch: main
- Last Pushed: 2026-06-02T06:10:48.000Z (17 days ago)
- Last Synced: 2026-06-02T08:12:28.028Z (17 days ago)
- Language: Lean
- Size: 8.18 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- Codeowners: .github/CODEOWNERS
Awesome Lists containing this project
README
# zisk-fv
This repository is still undergoing quality control. Do not treat it as a
production claim that any released ZisK circuit correctly implements RV64IM.
`zisk-fv` is a Lean 4 formal-verification project for
[ZisK](https://github.com/0xPolygonHermez/zisk)'s zkVM circuit against the
[Sail RISC-V specification](https://github.com/riscv/sail-riscv), restricted
to RV64IM.
The current verification claim is:
```lean
ZiskFv.Compliance.zisk_riscv_compliant_program_bus
```
That theorem dispatches all 63 covered RV64IM opcode surfaces through
`ZiskFv/Compliance/Wrappers/.lean` to the canonical `equiv_` theorem
for each instruction. `lake build` typechecking is the formal check.
## Trust Boundary
All trust-boundary documentation and all machine-checked trust ledgers live in
[`trust/`](trust/README.md). The current source trust ledger contains 12
Lean axiom declarations. The global compliance theorem's transitive project
axiom closure contains 9 of those declarations, recorded in
[`trust/baseline-zisk-riscv-compliant.txt`](trust/baseline-zisk-riscv-compliant.txt).
The narrative trust ledger is
[`trust/trusted-base.md`](trust/trusted-base.md). The generated flat index is
[`trust/axiom-index.md`](trust/axiom-index.md).
## Build And Verify
After a fresh clone, populate the generated inputs:
```bash
nix run .#populate
```
Day to day:
```bash
lake build
trust/scripts/check-all.sh
trust/scripts/check-all-semantic.sh
```
The full repository test path is:
```bash
nix run .#test
```
## Layout
| Path | Purpose |
| --- | --- |
| `ZiskFv/` | Lean proofs, per-opcode equivalence theorems, compliance wrappers, and the global theorem. |
| `trust/` | The trust ledger, generated axiom indices, caller-burden baselines, and trust-gate scripts. |
| `build/` | Generated Sail-Lean, PIL extraction, and pilout artifacts. Gitignored; created by `nix run .#populate`. |
| `tools/pil-extract/` | Rust extractor from `.pilout` protobuf to Lean constraint files. |
| `tools/` | Auxiliary repository tooling, including trust-ledger index generation. |
| `docs/extraction/` | Non-trust notes for `pil-extract`, pilout structure, and AIR inventory. |
| `nix/`, `flake.nix`, `flake.lock` | Reproducible build definitions and pinned upstream inputs. |
| `zisk/` | ZisK source submodule used as a citation surface. The pilout is built from the flake-pinned input. |
## Pipeline
```text
flake.lock
|
v
nix run .#populate
|-- build/sail-lean/ Sail RV64 spec compiled to Lean
|-- build/zisk.pilout ZisK PIL2 constraints
`-- build/extraction/Extraction/*.lean
^
|
tools/pil-extract
lake build
|
v
ZiskFv.Compliance.zisk_riscv_compliant_program_bus
```
The Sail side comes from the flake-pinned Sail and sail-riscv sources. The ZisK
side comes from the flake-pinned pilout and generated Lean extraction, wrapped
by the human-readable AIR and circuit semantics under `ZiskFv/`.