Crux, a Precise Verifier for Rust and Other Languages (2410.18280v1)

Abstract: We present Crux, a cross-language verification tool for Rust and C/LLVM. Crux targets bounded, intricate pieces of code that are difficult for humans to get right: for example, cryptographic modules and serializer / deserializer pairs. Crux builds on the same framework as the mature SAW-Cryptol toolchain, but Crux provides an interface where proofs are phrased as symbolic unit tests. Crux is designed for use in production environments, and has already seen use in industry. In this paper, we focus on Crux-MIR, our verification tool for Rust. Crux-MIR provides a bit-precise model of safe and unsafe Rust which can be used to check both inline properties about Rust code, and extensional equality to executable specifications written in Cryptol or in the hacspec dialect of Rust. Notably, Crux-MIR supports compositional reasoning, which is necessary to scale to even moderately complex proofs. We demonstrate Crux-MIR by verifying the Ring library implementations of SHA1 and SHA2 against pre-existing functional specifications. Crux is available at https://crux.galois.com.

• The paper introduces Crux, a novel formal verifier that frames proofs as symbolic unit tests for Rust and C/LLVM.
• It leverages compositional symbolic simulation and a MIR frontend to verify both safe and unsafe code while ensuring extensional equality with executable specs.
• Case studies, including cryptographic modules and deserialization code, demonstrate Crux’s efficiency by delivering proofs in minutes on consumer-grade hardware.

Overview of Crux: A Precise Verifier for Rust and Other Languages

Crux represents a significant development in formal verification tools, particularly targeting intricate and bounded code in languages such as Rust and C/LLVM. Developed by a team with roots in the SAW-Cryptol toolchain, Crux introduces an interface where proofs are framed as symbolic unit tests, enhancing accessibility for domain engineers.

Crux, and specifically its instantiation as Crux-MIR for Rust, focuses on verifying both safe and unsafe Rust code, providing a bit-precise model to check inline properties and extensional equality against executable specifications. This tool is notable for its support of compositional reasoning, crucial for handling even moderately complex proofs in cryptographic modules and similar domains.

Core Methodology

Crux leverages compositional symbolic simulation, a proven technique encapsulated in the SAW-Cryptol toolchain. This involves:

• Symbolic Execution: Conducted by the Software Analysis Workbench (SAW) to express production code as mathematical terms.
• Verification of Extensional Equality: Ensures code and specification produce equivalent outputs without undefined behavior.
• Compositional Reasoning: Simplifies proof tasks by allowing complex functions to be overridden by simpler specifications, enabling scalability.

The methodology is well-suited for bounded code, where static loop bounds and allocated data structures are prevalent, especially in cryptography.

Contributions and Implementations

The primary contribution of the paper is the introduction of Crux itself, emphasizing its Rust frontend, Crux-MIR. Through a detailed explanation of Crux-MIR's architecture, from extracting a mid-level IR (MIR) to compiling into Crucible, the paper illustrates how Crux enhances Rust code verification without significant modifications to the original code.

The paper provides practical examples, such as the verification of the Ring library's implementations of SHA1 and SHA2 against Cryptol specifications. These examples demonstrate Crux's capabilities, highlighting the tool's potential to verify production-ready code efficiently and comprehensively.

Numerical Results and Claims

The paper discusses two case studies: AWS's use of Crux-MIR for Shardstore's deserialization code and the verification of cryptographic primitives in the Ring library. These demonstrate Crux's industrial applicability, addressing security-critical components with precision and without inducing runtime changes. The Rust code proofs, taking mere minutes on consumer-grade hardware, underline the practical efficiency of Crux-MIR in real-world settings.

Implications and Future Prospects

Crux's implications extend beyond cryptographic code verification. By reducing the learning curve associated with traditional formal verification methods and offering a unified interface compatible with multiple languages, Crux promises to broaden formal verification adoption in various industrial domains.

Future developments could focus on expanding Crux's applicability to more complex Rust code and other languages, enhancing cross-language verification capabilities. By building on the strengths of the SAW-Cryptol toolchain and the Crucible library, Crux remains poised to influence the evolution of automated verification tools, providing robust solutions for industry-specific challenges.

In conclusion, Crux represents a notable advancement in formal verification tools, with its methodology and architecture offering efficient solutions for verifying intricate, performance-critical code. As the field progresses, Crux is likely to inspire further innovations and applications in the domain of automated software verification.