Pernsteiner, S., Diatchki, I. S., Dockins, R., Dodds, M., Hendrix, J., Ravich, T., Redmond, P., Scott, R., & Tomb, A. (2024). Crux, a Precise Verifier for Rust and Other Languages. arXiv preprint arXiv:2410.18280.
This paper introduces Crux, a new cross-language verification tool, focusing on its application in verifying Rust code (Crux-MIR). The authors aim to demonstrate Crux's capabilities in verifying intricate, bounded code against executable specifications, particularly in the context of cryptographic libraries and similar applications.
The paper presents Crux's architecture, highlighting its key components: MIR-JSON for extracting Rust's mid-level intermediate representation (MIR), a compilation process to translate MIR into Crucible (a symbolic execution library), and the use of SMT solvers for verification. The authors illustrate Crux's functionality through examples, including vector clock verification and analysis of the ChaCha20 cryptographic primitive. They also discuss Crux-MIR's compositional reasoning capabilities, cross-language support, and practical considerations like handling MIR version changes.
Crux presents a practical and effective approach to verifying the correctness of complex, bounded codebases, particularly in security-critical domains like cryptography. Its symbolic testing interface, compositional reasoning capabilities, and cross-language support make it a valuable tool for both research and industrial applications.
Crux contributes to the advancement of formal verification techniques for real-world software, particularly in the context of Rust, a language gaining increasing popularity for its safety and performance guarantees. Its ability to handle intricate code and support executable specifications addresses a crucial need in ensuring the reliability and security of critical software systems.
The paper acknowledges limitations in Crux-MIR's memory model, which restricts its ability to handle certain types of unsafe Rust code. Future work could focus on expanding the memory model to encompass a wider range of unsafe code patterns. Additionally, integrating features like SAW-Core term rewriting could further enhance Crux's capabilities in handling complex verification goals.
إلى لغة أخرى
من محتوى المصدر
arxiv.org
الرؤى الأساسية المستخلصة من
by Stuart Perns... في arxiv.org 10-25-2024
https://arxiv.org/pdf/2410.18280.pdfاستفسارات أعمق