Le marteau-pilon, forges et aciéries de Saint-Chamond, Joseph-Fortuné LAYRAUD, 1889

About

Creusot is a deductive verifier for Rust code. It verifies your code is safe from panics, overflows, and assertion failures. By adding annotations you can take it further and verify your code does the correct thing.

Creusot works by translating Rust code to WhyML, the verification and specification language of Why3. Users can then leverage the full power of Why3 to (semi)-automatically discharge the verification conditions!

See ARCHITECTURE.md for technical details.

Help and Discussions

If you need help using Creusot or would like to discuss, you can post on the discussions forum or join our Zulip chat!

Citing Creusot

If you would like to cite Creusot in academic contexts, we encourage you to use our ICFEM'22 publication.

Examples of Verification

To get an idea of what verifying a program with Creusot looks like, we encourage you to take a look at some of our test suite:

• Zeroing out a vector
• Binary search on Vectors
• Sorting a vector
• IterMut
• Normalizing If-Then-Else Expressions

More examples are found in creusot/tests/should_succeed.

Projects built with Creusot

• CreuSAT is a verified SAT solver written in Rust and verified with Creusot. It really pushes the tool to its limits and gives an idea of what 'use in anger' looks like.
• Another big project is in the works :)

Installing Creusot as a user

1. Install rustup, to get the suitable Rust toolchain
2. Get opam, the package manager for OCaml
3. Clone the creusot repository, then move into the creusot directory for the rest of the setup.

   $ git clone https://github.com/creusot-rs/creusot
   $ cd creusot

4. Set up Why3. Create a local opam switch with why3:

   $ opam switch create -y . ocaml.4.14.1
   $ eval $(opam env)

   This will build why3 and its ocaml dependencies in a local _opam directory.

5. Build Creusot:

   $ cargo install --path creusot-rustc
   $ cargo install --path cargo-creusot

   this will build the cargo-creusot and creusot-rustc executables and place them in ~/.cargo/bin.

6. Set up Creusot:

   $ cargo creusot setup install

   this will download additional solvers (Alt-Ergo, Z3, CVC4, CVC5) and configure Why3 to use them.

Upgrading Creusot

1. Enter the cloned Creusot git repository used previously to install Creusot
2. Update Creusot's sources:

   $ git pull

3. Upgrade Why3 if needed:

   $ eval $(opam env)
   $ opam update
   $ opam pin . -y

4. Rebuild and reinstall Creusot:

   $ cargo install --path creusot-rustc
   $ cargo install --path cargo-creusot

5. Re-run Creusot's setup:

   $ cargo creusot setup install

Verifying with Creusot and Why3

See the guide.

Hacking on Creusot

See HACKING.md for information on the developer workflow for hacking on the Creusot codebase.