RustHorn: CHC-Based Verification for Rust Programs

@article{Matsushita2020RustHornCV,
  title={RustHorn: CHC-Based Verification for Rust Programs},
  author={Yusuke Matsushita and Takeshi Tsukada and Naoki Kobayashi},
  journal={Programming Languages and Systems},
  year={2020},
  volume={12075},
  pages={484 - 514}
}
Reduction to satisfiability of constrained Horn clauses (CHCs) is a widely studied approach to automated program verification. Current CHC-based methods, however, do not work very well for pointer-manipulating programs, especially those with dynamic memory allocation. This article presents a novel reduction of pointer-manipulating Rust programs into CHCs, which clears away pointers and memory states by leveraging Rust’s guarantees on permission. We formalize our reduction for a simplified core… 

ConSORT: Context- and Flow-Sensitive Ownership Refinement Types for Imperative Programs

The ConSORT type system is presented, a type system for safety verification in the presence of mutability and aliasing, and a prototype, fully automated inference tool is implemented.

Recursive Data Structures in SPARK

This paper presents a recent extension of the SPARK language and toolset to support pointers, based on an ownership policy inspired by Rust to enforce non-aliasing through a move semantics of assignment.

Safe Systems Programming in Rust: The Promise and the Challenge

The proof technique of semantic type soundness, together with advances in separation logic and machine-checked proof, has enabled us to begin building rigorous formal foundations for Rust as part of the RustBelt project.

Creusot: A Foundry for the Deductive Verification of Rust Programs

The foundations of Creusot are presented, a tool for the formal specification and deductive veri-cation of Rust code and how it builds upon Rust trait system to provide several advanced abstraction features.

RustHornBelt: a semantic foundation for functional verification of Rust programs with unsafe code

RustHornBelt is presented, the first machine-checked proof of soundness for RustHorn-style verification which supports giving FOL specs to safe APIs implemented with unsafe code.

Flux: Liquid Types for Rust

The crucial dependency upon Rust ’s strong aliasing guarantees is formalized by exploiting the stacked borrows aliasing model to prove that “well-borrowed evaluations of well-typed programs do not get stuck”.

Aeneas: Rust verification by functional translation

Aeneas, a new verification toolchain for Rust programs based on a lightweight functional translation, establishes a new point in the design space of Rust verification toolchains, one that aims to verify Rust programs simply, and at scale.

Modular Formal Verification of Rust Programs with Unsafe Blocks

This text outlines the approach to verify soundness of Rust unsafe code applying the Modular Symbolic Execution algorithm, and the progress that has been made so far.

LiquidRust: Refinement Types for Imperative Languages with Ownership

Software correctness is a central goal for software development. One way to improve correctness is using strong and descriptive types, that express correctness properties as types, and verifying

Internship proposal: Formal verification of Rust programs

  • Computer Science
  • 2022
Rust is indeed a perfect target for program verification, as its static ownership discipline strikes a good balance between a fine-grained, expressive control of memory, making it a language of choice for system programming, and strong memory guarantees, which can be leveraged to ease program verification.

References

SHOWING 1-10 OF 140 REFERENCES

Leveraging rust types for modular specification and verification

This paper presents a novel verification technique that leverages Rust's type system to greatly simplify the specification and verification of system software written in Rust, and enables a new kind of verification tool, with the potential to impact a wide audience and allow the Rust community to benefit from state-of-the-art verification techniques.

JayHorn: A Framework for Verifying Java programs

Building a competitive program verifiers is becoming cheaper. On the front-end side, openly available compiler infrastructure and optimization frameworks take care of hairy problems such as alias

Crust: A Bounded Verifier for Rust (N)

CRUST, a tool combining exhaustive test generation and bounded model checking to detect memory safety errors, as well as violations of Rust's pointer aliasing invariants within unsafe library code, is presented.

CRUST : A Bounded Verifier for Rust

This work presents CRUST, a tool combining exhaustive test generation and bounded model checking to detect memory safety errors, as well as violations of Rust’s pointer aliasing invariants within unsafe library code.

No Panic! Verification of Rust Programs by Symbolic Execution

This paper takes the approach of symbolic execution and proposes a generic contract based verification process for programs written in Rust that implies further performance improvements as code for runtime verification can be safely dropped.

Verifying Rust Programs with SMACK

This work presents the experience extending the SMACK verifier to enable its usage on Rust programs, and evaluates SMACK on a set of Rust programs to demonstrate a wide spectrum of language features it supports.

VCC: A Practical System for Verifying Concurrent C

This paper motivates VCC, describes the verification methodology, the architecture of VCC is described, and the experience using VCC to verify the Microsoft Hyper-V hypervisor is reported on.

RustBelt: securing the foundations of the rust programming language

This paper gives the first formal (and machine-checked) safety proof for a language representing a realistic subset of Rust, and is extensible in the sense that, for each new Rust library that uses unsafe features, it can say what verification condition it must satisfy in order to be deemed a safe extension to the language.

Iris: Monoids and Invariants as an Orthogonal Basis for Concurrent Reasoning

Iris, a concurrent separation logic with a simple premise: monoids and invariants are all you need, supports the encoding of *logically atomic specifications*, i.e., Hoare-style specs that permit the client of an operation to treat the operation essentially as if it were atomic, even if it is not.

The future is ours: prophecy variables in separation logic

This paper presents the first account of prophecy variables in a Hoare-style program logic that is flexible enough to verify logical atomicity (a relative of linearizability) for classic examples from the concurrency literature like RDCSS and the Herlihy-Wing queue.
...