├── dependencies ├── syn │ ├── rustfmt.toml │ ├── .github │ │ └── FUNDING.yml │ ├── .gitignore │ ├── fuzz │ │ ├── .gitignore │ │ ├── fuzz_targets │ │ │ ├── parse_file.rs │ │ │ ├── parse_literal.rs │ │ │ └── create_token_buffer.rs │ │ └── Cargo.toml │ ├── dev │ │ ├── main.rs │ │ ├── import.sh │ │ ├── README.md │ │ ├── parse.rs │ │ └── Cargo.toml │ ├── src │ │ ├── sealed.rs │ │ └── print.rs │ ├── .gitattributes │ ├── tests │ │ ├── regression │ │ │ ├── issue1108.rs │ │ │ └── issue1235.rs │ │ ├── regression.rs │ │ ├── common │ │ │ └── mod.rs │ │ ├── macros │ │ │ └── mod.rs │ │ ├── features │ │ │ ├── Cargo.toml │ │ │ └── lib.rs │ │ ├── test_token_trees.rs │ │ ├── repo │ │ │ └── progress.rs │ │ ├── test_asyncness.rs │ │ └── zzz_stable.rs │ ├── examples │ │ ├── heapsize │ │ │ ├── example │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── main.rs │ │ │ ├── heapsize │ │ │ │ └── Cargo.toml │ │ │ └── heapsize_derive │ │ │ │ └── Cargo.toml │ │ ├── trace-var │ │ │ ├── example │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── main.rs │ │ │ └── trace-var │ │ │ │ └── Cargo.toml │ │ ├── lazy-static │ │ │ ├── example │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── main.rs │ │ │ └── lazy-static │ │ │ │ └── Cargo.toml │ │ ├── dump-syntax │ │ │ ├── Cargo.toml │ │ │ └── README.md │ │ └── README.md │ ├── codegen │ │ ├── src │ │ │ ├── workspace_path.rs │ │ │ ├── lookup.rs │ │ │ ├── json.rs │ │ │ ├── version.rs │ │ │ ├── file.rs │ │ │ └── operand.rs │ │ ├── README.md │ │ └── Cargo.toml │ ├── LICENSE-MIT │ └── json │ │ └── Cargo.toml └── prettyplease │ ├── examples │ ├── .tokeignore │ └── update │ │ └── Cargo.toml │ ├── .github │ └── FUNDING.yml │ ├── .gitignore │ ├── fuzz │ ├── .gitignore │ ├── fuzz_targets │ │ └── round_trip.rs │ └── Cargo.toml │ ├── .gitattributes │ ├── src │ ├── lifetime.rs │ ├── file.rs │ └── iter.rs │ ├── cargo-expand │ └── update │ │ ├── Cargo.toml │ │ └── update.rs │ ├── LICENSE-MIT │ └── build.rs ├── tools ├── vargo │ ├── .gitignore │ ├── .cargo │ │ └── config.toml │ └── Cargo.toml ├── veritas │ ├── .gitignore │ ├── verus-lang_verus-base-1.88.0.dockerfile │ ├── run_configuration_vstd.toml │ ├── container-entrypoint.sh │ ├── setup_container │ ├── build_verus.sh │ ├── push_images.sh │ ├── Cargo.toml │ ├── verus-lang_verus-deps.dockerfile │ ├── get-z3.sh │ ├── run_configuration_page_table.toml │ ├── build_images.sh │ ├── verus-lang_veritas-1.88.0.dockerfile │ └── run.sh ├── activate.bat ├── activate.ps1 ├── shell.nix ├── common │ └── consts.rs ├── activate.fish ├── development │ ├── releases-fetch.py │ ├── issues-render-adopt-an-issue.py │ └── issues-fetch.py └── activate ├── source ├── .envrc ├── docs │ ├── guide │ │ ├── .gitignore │ │ ├── src │ │ │ ├── pointers.md │ │ │ ├── reference-recommends.md │ │ │ ├── spec-equality.md │ │ │ ├── graphics │ │ │ │ ├── verusdoc-example.png │ │ │ │ └── verus-analyzer-error-example.png │ │ │ ├── spec-choose.md │ │ │ ├── higher-order-fns.md │ │ │ ├── syntax.md │ │ │ ├── develop_proofs.md │ │ │ ├── prefix-and-or.md │ │ │ ├── spec-expressions.md │ │ │ ├── datatypes.md │ │ │ ├── ref-extensional-equality.md │ │ │ ├── contributed.md │ │ │ ├── spec-quantifiers.md │ │ │ ├── reference-chained-op.md │ │ │ ├── datatypes_struct.md │ │ │ ├── interacting-with-unverified-code.md │ │ │ ├── container_bst.md │ │ │ ├── reference-at-sign.md │ │ │ ├── reference-implication.md │ │ │ ├── complex_ownership.md │ │ │ ├── guarantees.md │ │ │ ├── vstd.md │ │ │ ├── concurrency.md │ │ │ ├── reference-assert-by.md │ │ │ ├── reference-pointers-cells.md │ │ │ ├── getting_started.md │ │ │ ├── performance.md │ │ │ ├── specs.md │ │ │ ├── recursion_loops.md │ │ │ ├── exec_termination.md │ │ │ ├── container_bst_all_source.md │ │ │ ├── reference-flag-record.md │ │ │ ├── for.md │ │ │ ├── reference-assert-by-nonlinear.md │ │ │ ├── assert-mut-ref.md │ │ │ ├── reference-spec-index.md │ │ │ ├── smt_perf_overview.md │ │ │ ├── reference-returns.md │ │ │ ├── static.md │ │ │ ├── char.md │ │ │ ├── reference-opens-invariants.md │ │ │ ├── reference-assert-forall-by.md │ │ │ └── reference-reveal-hide.md │ │ ├── book.toml │ │ └── README.md │ ├── verus │ │ ├── .gitignore │ │ ├── assets │ │ │ ├── verus-color.png │ │ │ ├── verus-gray.png │ │ │ ├── verus-text-light.svg │ │ │ └── verus-text-dark.svg │ │ ├── Gemfile │ │ ├── _config.yml │ │ ├── jekyll-serve-docker.sh │ │ ├── _layouts │ │ │ └── default.html │ │ └── css │ │ │ └── base.css │ ├── state_machines │ │ ├── .gitignore │ │ ├── src │ │ │ ├── operations.md │ │ │ ├── examples │ │ │ │ ├── hash-table.md │ │ │ │ ├── rwlock.md │ │ │ │ ├── refcount.md │ │ │ │ ├── counting-to-n-again.md │ │ │ │ ├── src-rc.md │ │ │ │ ├── src-counting-to-2.md │ │ │ │ ├── src-counting-to-n.md │ │ │ │ ├── rust-rc.md │ │ │ │ ├── rust-counting-to-2.md │ │ │ │ ├── rust-counting-to-n.md │ │ │ │ ├── src-producer-consumer-queue.md │ │ │ │ └── rust-producer-consumer-queue.md │ │ │ ├── tokenization-reference.md │ │ │ ├── tokenized-overview.md │ │ │ ├── tokenized.md │ │ │ ├── macro-generated-reference.md │ │ │ ├── refinements-reference.md │ │ │ ├── state-machine-reference.md │ │ │ ├── macro-high-level-reference.md │ │ │ ├── graphics │ │ │ │ ├── fifo-head-tail.png │ │ │ │ ├── rc-ghost-diagram.png │ │ │ │ ├── counting-to-n-diagram.png │ │ │ │ ├── fifo-protocol-perspective.png │ │ │ │ ├── rc-ghost-diagram-ghost-only.png │ │ │ │ └── strategy-reference-examples.png │ │ │ ├── tutorial-by-example.md │ │ │ ├── token-exchanges-as-transitions.md │ │ │ └── high-level-idea.md │ │ └── book.toml │ ├── publications-and-projects │ │ ├── .gitignore │ │ ├── award.jpg │ │ ├── Makefile │ │ ├── _projects │ │ │ ├── mimalloc.md │ │ │ ├── nr.md │ │ │ ├── rag-verus.md │ │ │ ├── verified-ostd.md │ │ │ ├── llm-mainstream.md │ │ │ ├── atmosphere-kisv.md │ │ │ ├── atmosphere-sosp.md │ │ │ ├── persistent-storage.md │ │ │ ├── ironfleet-kv.md │ │ │ ├── safe-array.md │ │ │ ├── beyond-isolation.md │ │ │ ├── hance-thesis.md │ │ │ ├── verified-pagetable.md │ │ │ ├── owlc.md │ │ │ ├── cazamariposas.md │ │ │ ├── vest.md │ │ │ ├── alpha-verus.md │ │ │ ├── safe-verus.md │ │ │ ├── verismo.md │ │ │ ├── leaf.md │ │ │ ├── verdict.md │ │ │ ├── proof-plumber.md │ │ │ ├── ghost-linear.md │ │ │ ├── power.md │ │ │ ├── anvil.md │ │ │ ├── auto-verus.md │ │ │ ├── corten-mm.md │ │ │ └── practical-foundation.md │ │ ├── _config.yml │ │ ├── _layouts │ │ │ └── default.html │ │ └── css │ │ │ └── base.css │ ├── verus-demo.png │ ├── vscode-demo.gif │ ├── internal │ │ ├── wiki-archive │ │ │ ├── Home.md │ │ │ └── README.md │ │ ├── record-history.md │ │ └── version-bumping.md │ └── zulip-icon-circle.svg ├── lifetime_generate_works.txt ├── tools │ ├── line_count │ │ ├── .gitignore │ │ ├── .cargo │ │ │ └── config.toml │ │ └── Cargo.toml │ ├── qi-graph │ │ ├── .gitignore │ │ ├── Cargo.lock │ │ └── Cargo.toml │ ├── minimizers │ │ ├── .gitignore │ │ ├── panicked_in.sh │ │ ├── time_exceeded.sh │ │ └── rlimit_exceeded.sh │ ├── run-tests.sh │ ├── internals_interface │ │ └── Cargo.toml │ ├── render-verus-log-call-graphs.sh │ ├── bump_crate_versions │ │ └── Cargo.toml │ ├── get-cvc5.ps1 │ ├── get-z3.ps1 │ ├── get-cvc5.sh │ ├── build-run-log.sh │ └── get-z3.sh ├── rust_verify_build_macros │ └── src │ │ └── bin │ │ └── build_vstd.rs ├── rust_verify_test │ ├── tests │ │ ├── cargo-tests │ │ │ ├── .gitignore │ │ │ ├── unverified │ │ │ │ ├── consume_vstd │ │ │ │ │ ├── src │ │ │ │ │ │ └── lib.rs │ │ │ │ │ └── Cargo.toml │ │ │ │ ├── consume_machines │ │ │ │ │ ├── src │ │ │ │ │ │ └── lib.rs │ │ │ │ │ └── Cargo.toml │ │ │ │ ├── spec_use │ │ │ │ │ ├── src │ │ │ │ │ │ └── lib.rs │ │ │ │ │ └── Cargo.toml │ │ │ │ ├── consume_basic_verified_lib │ │ │ │ │ ├── src │ │ │ │ │ │ └── main.rs │ │ │ │ │ └── Cargo.toml │ │ │ │ └── structural │ │ │ │ │ ├── Cargo.toml │ │ │ │ │ └── src │ │ │ │ │ └── main.rs │ │ │ └── verified │ │ │ │ ├── transitive1 │ │ │ │ ├── src │ │ │ │ │ └── lib.rs │ │ │ │ └── Cargo.toml │ │ │ │ ├── basic_verified_lib_consumer_verified │ │ │ │ ├── src │ │ │ │ │ └── main.rs │ │ │ │ └── Cargo.toml │ │ │ │ ├── transitive2 │ │ │ │ ├── src │ │ │ │ │ └── lib.rs │ │ │ │ └── Cargo.toml │ │ │ │ ├── transitive3 │ │ │ │ ├── src │ │ │ │ │ └── lib.rs │ │ │ │ └── Cargo.toml │ │ │ │ ├── spec_def │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── lib.rs │ │ │ │ ├── basic_verified_lib │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── lib.rs │ │ │ │ ├── vstd_macro_usage │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── lib.rs │ │ │ │ ├── big_rlimit │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── lib.rs │ │ │ │ ├── spec_use │ │ │ │ ├── Cargo.toml │ │ │ │ └── src │ │ │ │ │ └── lib.rs │ │ │ │ └── state_machine_macro_usage │ │ │ │ └── Cargo.toml │ │ ├── errors.rs │ │ ├── unsafe.rs │ │ ├── option.rs │ │ ├── erase.rs │ │ ├── partial_eq.rs │ │ ├── nested_items.rs │ │ └── ui.rs │ └── Cargo.toml ├── .gitignore ├── vstd │ ├── contrib │ │ └── mod.rs │ ├── arithmetic │ │ ├── mod.rs │ │ └── internals │ │ │ └── mod.rs │ ├── build.rs │ ├── SOURCES.md │ ├── std_specs │ │ ├── alloc.rs │ │ └── mod.rs │ ├── modes.rs │ └── compute.rs ├── air │ ├── src │ │ ├── util.rs │ │ ├── lib.rs │ │ └── def.rs │ └── Cargo.toml ├── vstd_build │ └── Cargo.toml ├── rustc_mir_build │ ├── Cargo.toml │ ├── src │ │ └── thir │ │ │ └── mod.rs │ └── LICENSE-MIT ├── rustfmt.toml ├── builtin_macros │ ├── src │ │ └── fndecl.rs │ └── Cargo.toml ├── rust_verify │ ├── src │ │ ├── file_loader.rs │ │ └── def.rs │ ├── NOTES.md │ └── Cargo.toml ├── cargo-verus │ ├── build.rs │ ├── tests │ │ └── README.md │ └── Cargo.toml ├── rust_verify_test_macros │ ├── Cargo.toml │ └── src │ │ ├── rust_code.rs │ │ └── lib.rs ├── verusdoc │ └── Cargo.toml ├── vir_macros │ └── Cargo.toml ├── Cargo.toml ├── verus │ └── Cargo.toml ├── vir │ ├── Cargo.toml │ └── src │ │ └── unicode.rs ├── builtin │ └── Cargo.toml ├── state_machines_macros │ └── Cargo.toml └── rustc_hir_typeck │ └── LICENSE-MIT ├── examples ├── experimental_new_mut_ref │ └── README.md ├── state_machines │ ├── tutorial │ │ └── unverified_counting_to_n │ ├── adder_generic.rs │ └── adder.rs ├── cargo-verus │ ├── library │ │ ├── src │ │ │ └── lib.rs │ │ └── Cargo.toml │ ├── test │ │ ├── src │ │ │ └── main.rs │ │ └── Cargo.toml │ └── run.sh ├── std_test │ ├── template.rs │ ├── vec_test.rs │ └── chars_iterator.rs ├── pcm │ └── main.rs ├── test.rs ├── prelude.rs ├── external.rs ├── guide │ ├── pervasive_example.rs │ ├── getting_started.rs │ ├── requires_ensures.rs │ ├── opaque.rs │ ├── exec_spec.rs │ ├── calc.rs │ ├── equality.rs │ └── overflow.rs ├── cells.rs ├── trait_for_fn.rs ├── assertions.rs ├── basic_failure.rs ├── adts_eq.rs ├── structural.rs ├── modules.rs ├── fun_ext.rs ├── thread.rs ├── playground.rs ├── calc.rs ├── invariants.rs ├── README.md └── statements.rs ├── .gitignore ├── rust-toolchain.toml ├── .github ├── pull_request_template.md ├── workflows │ └── get-z3.sh └── ISSUE_TEMPLATE │ └── bug_report.md ├── .git-blame-ignore-revs ├── .vscode ├── tasks.json.template └── settings.json.template └── LICENSE /dependencies/syn/rustfmt.toml: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tools/vargo/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | -------------------------------------------------------------------------------- /source/.envrc: -------------------------------------------------------------------------------- 1 | source ../tools/activate 2 | -------------------------------------------------------------------------------- /source/docs/guide/.gitignore: -------------------------------------------------------------------------------- 1 | book 2 | *.swp 3 | -------------------------------------------------------------------------------- /source/lifetime_generate_works.txt: -------------------------------------------------------------------------------- 1 | 42305cc9 2 | -------------------------------------------------------------------------------- /source/tools/line_count/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | -------------------------------------------------------------------------------- /source/tools/qi-graph/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | -------------------------------------------------------------------------------- /source/docs/verus/.gitignore: -------------------------------------------------------------------------------- 1 | /_site/ 2 | /vendor/ 3 | -------------------------------------------------------------------------------- /source/rust_verify_build_macros/src/bin/build_vstd.rs: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /tools/veritas/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | /output/ 3 | -------------------------------------------------------------------------------- /dependencies/prettyplease/examples/.tokeignore: -------------------------------------------------------------------------------- 1 | *.rs 2 | -------------------------------------------------------------------------------- /dependencies/syn/.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: dtolnay 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/.gitignore: -------------------------------------------------------------------------------- 1 | book 2 | *.swp 3 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/.gitignore: -------------------------------------------------------------------------------- 1 | _site/ 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/operations.md: -------------------------------------------------------------------------------- 1 | # Operations 2 | -------------------------------------------------------------------------------- /dependencies/prettyplease/.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: dtolnay 2 | -------------------------------------------------------------------------------- /dependencies/prettyplease/.gitignore: -------------------------------------------------------------------------------- 1 | /target/ 2 | /Cargo.lock 3 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/.gitignore: -------------------------------------------------------------------------------- 1 | Cargo.lock 2 | -------------------------------------------------------------------------------- /source/tools/minimizers/.gitignore: -------------------------------------------------------------------------------- 1 | foo.rs 2 | foo.rs.orig 3 | stderr 4 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/hash-table.md: -------------------------------------------------------------------------------- 1 | # Hash table (TODO) 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/tokenization-reference.md: -------------------------------------------------------------------------------- 1 | # Tokenization 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/tokenized-overview.md: -------------------------------------------------------------------------------- 1 | # Overview (TODO) 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/tokenized.md: -------------------------------------------------------------------------------- 1 | # Tokenized State Machines 2 | -------------------------------------------------------------------------------- /source/docs/guide/src/pointers.md: -------------------------------------------------------------------------------- 1 | {{#include ./reference-pointers-cells.md}} 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/rwlock.md: -------------------------------------------------------------------------------- 1 | # Reader-writer lock (TODO) 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/macro-generated-reference.md: -------------------------------------------------------------------------------- 1 | # Macro-generated code 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/refinements-reference.md: -------------------------------------------------------------------------------- 1 | # State Machine Refinements 2 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/state-machine-reference.md: -------------------------------------------------------------------------------- 1 | # State Machine Basics 2 | -------------------------------------------------------------------------------- /source/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | /z3 3 | /cvc5 4 | /.verus-log/ 5 | doc/ 6 | /target-verus/ 7 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/refcount.md: -------------------------------------------------------------------------------- 1 | # Reference-counted memory (TODO) 2 | -------------------------------------------------------------------------------- /dependencies/syn/.gitignore: -------------------------------------------------------------------------------- 1 | target/ 2 | Cargo.lock 3 | /tests/rust/* 4 | /tests/*.pending-snap 5 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/counting-to-n-again.md: -------------------------------------------------------------------------------- 1 | # Counting to n (again) (TODO) 2 | -------------------------------------------------------------------------------- /source/vstd/contrib/mod.rs: -------------------------------------------------------------------------------- 1 | pub use verus_builtin_macros::auto_spec; 2 | pub mod exec_spec; 3 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/macro-high-level-reference.md: -------------------------------------------------------------------------------- 1 | # State Machine Macro Syntax (TODO) 2 | -------------------------------------------------------------------------------- /source/tools/run-tests.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | 5 | ./tools/cargo.sh nextest run "$@" 6 | -------------------------------------------------------------------------------- /dependencies/syn/fuzz/.gitignore: -------------------------------------------------------------------------------- 1 | /artifacts/ 2 | /corpus/ 3 | /coverage/ 4 | /target/ 5 | /Cargo.lock 6 | -------------------------------------------------------------------------------- /source/docs/verus-demo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/verus-demo.png -------------------------------------------------------------------------------- /source/docs/vscode-demo.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/vscode-demo.gif -------------------------------------------------------------------------------- /dependencies/prettyplease/fuzz/.gitignore: -------------------------------------------------------------------------------- 1 | /artifacts/ 2 | /corpus/ 3 | /coverage/ 4 | /target/ 5 | /Cargo.lock 6 | -------------------------------------------------------------------------------- /examples/experimental_new_mut_ref/README.md: -------------------------------------------------------------------------------- 1 | Examples that work under the experimental `-V new-mut-ref` feature. 2 | -------------------------------------------------------------------------------- /dependencies/prettyplease/.gitattributes: -------------------------------------------------------------------------------- 1 | /cargo-expand/*.rs linguist-generated 2 | /examples/*.rs linguist-generated 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /rust 2 | *.swp 3 | *.exe 4 | *.pdb 5 | /.vscode/settings.json 6 | /.vscode/launch.json 7 | /.vscode/tasks.json 8 | -------------------------------------------------------------------------------- /dependencies/syn/dev/main.rs: -------------------------------------------------------------------------------- 1 | syn_dev::r#mod! { 2 | // Write Rust code here and run `cargo check` to have Syn parse it. 3 | } 4 | -------------------------------------------------------------------------------- /dependencies/syn/src/sealed.rs: -------------------------------------------------------------------------------- 1 | #[cfg(feature = "parsing")] 2 | pub(crate) mod lookahead { 3 | pub trait Sealed: Copy {} 4 | } 5 | -------------------------------------------------------------------------------- /source/docs/verus/assets/verus-color.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/verus/assets/verus-color.png -------------------------------------------------------------------------------- /source/docs/verus/assets/verus-gray.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/verus/assets/verus-gray.png -------------------------------------------------------------------------------- /dependencies/syn/.gitattributes: -------------------------------------------------------------------------------- 1 | /src/gen/** linguist-generated 2 | /syn.json linguist-generated 3 | /tests/debug/gen.rs linguist-generated 4 | -------------------------------------------------------------------------------- /rust-toolchain.toml: -------------------------------------------------------------------------------- 1 | [toolchain] 2 | channel = "1.91.0" 3 | components = [ "rustc", "rust-std", "cargo", "rustfmt", "rustc-dev", "llvm-tools" ] 4 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/award.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/publications-and-projects/award.jpg -------------------------------------------------------------------------------- /tools/veritas/verus-lang_verus-base-1.88.0.dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 verus-deps 2 | 3 | RUN /root/.cargo/bin/rustup install 1.88.0 4 | -------------------------------------------------------------------------------- /source/air/src/util.rs: -------------------------------------------------------------------------------- 1 | pub(crate) fn vec_map B>(v: &Vec, f: F) -> Vec { 2 | v.iter().map(f).collect::>() 3 | } 4 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-recommends.md: -------------------------------------------------------------------------------- 1 | # recommends 2 | 3 | See [this guide page](./spec_vs_proof.md#recommends) for motivation and overview. 4 | -------------------------------------------------------------------------------- /source/docs/guide/src/spec-equality.md: -------------------------------------------------------------------------------- 1 | # Spec equality (`==`) 2 | 3 | The spec equality operator `==` is explained in [Equality](./equality.md). 4 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/Makefile: -------------------------------------------------------------------------------- 1 | all: build 2 | jekyll serve 3 | 4 | build: 5 | jekyll build 6 | 7 | clean: 8 | rm -rf _site/ 9 | -------------------------------------------------------------------------------- /source/docs/verus/Gemfile: -------------------------------------------------------------------------------- 1 | source "https://rubygems.org" 2 | gem 'jekyll' 3 | gem 'kramdown' 4 | gem 'rouge' 5 | gem 'jekyll-feed' 6 | gem 'webrick' 7 | -------------------------------------------------------------------------------- /source/vstd_build/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "vstd_build" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | [dependencies] 7 | yansi = "0.5" 8 | -------------------------------------------------------------------------------- /source/docs/guide/src/graphics/verusdoc-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/guide/src/graphics/verusdoc-example.png -------------------------------------------------------------------------------- /source/docs/guide/src/spec-choose.md: -------------------------------------------------------------------------------- 1 | # Such that (`choose`) 2 | 3 | The such-that operator (`choose`) is explained in [exists and choose](exists.md). 4 | -------------------------------------------------------------------------------- /source/docs/internal/wiki-archive/Home.md: -------------------------------------------------------------------------------- 1 | ## Design and project goals: [[Goals]] 2 | 3 | ## Status 4 | 5 | [[Status: currently supported Rust features]] 6 | -------------------------------------------------------------------------------- /source/tools/line_count/.cargo/config.toml: -------------------------------------------------------------------------------- 1 | [build] 2 | rustflags = "--cfg proc_macro_span --cfg span_locations" 3 | 4 | [env] 5 | RUSTC_BOOTSTRAP = "1" 6 | -------------------------------------------------------------------------------- /dependencies/syn/tests/regression/issue1108.rs: -------------------------------------------------------------------------------- 1 | #[test] 2 | fn issue1108() { 3 | let data = "impl>::x for"; 4 | let _ = syn::parse_file(data); 5 | } 6 | -------------------------------------------------------------------------------- /examples/state_machines/tutorial/unverified_counting_to_n: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/examples/state_machines/tutorial/unverified_counting_to_n -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/fifo-head-tail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/fifo-head-tail.png -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/rc-ghost-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/rc-ghost-diagram.png -------------------------------------------------------------------------------- /tools/veritas/run_configuration_vstd.toml: -------------------------------------------------------------------------------- 1 | verus_git_url = "https://github.com/verus-lang/verus.git" 2 | verus_revspec = "main" 3 | verus_features = ["singular"] 4 | 5 | -------------------------------------------------------------------------------- /source/docs/guide/src/graphics/verus-analyzer-error-example.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/guide/src/graphics/verus-analyzer-error-example.png -------------------------------------------------------------------------------- /source/docs/internal/wiki-archive/README.md: -------------------------------------------------------------------------------- 1 | This is an archive of the outdated files from the Wiki. 2 | 3 | This content is either out-of-date or has been moved elsewhere. 4 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_vstd/src/lib.rs: -------------------------------------------------------------------------------- 1 | 2 | pub fn foo(x: u64, y: u64, z: u64) { 3 | vstd_macro_usage::do_something(x, y, z); 4 | } 5 | -------------------------------------------------------------------------------- /source/vstd/arithmetic/mod.rs: -------------------------------------------------------------------------------- 1 | mod internals; 2 | 3 | pub mod div_mod; 4 | pub mod logarithm; 5 | pub mod mul; 6 | pub mod overflow; 7 | pub mod power; 8 | pub mod power2; 9 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/counting-to-n-diagram.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/counting-to-n-diagram.png -------------------------------------------------------------------------------- /dependencies/syn/tests/regression.rs: -------------------------------------------------------------------------------- 1 | #![allow(clippy::let_underscore_untyped, clippy::uninlined_format_args)] 2 | 3 | mod regression { 4 | automod::dir!("tests/regression"); 5 | } 6 | -------------------------------------------------------------------------------- /source/docs/guide/src/higher-order-fns.md: -------------------------------------------------------------------------------- 1 | # Higher-order executable functions 2 | 3 | Here we discuss the use of higher order functions via closures and other function types in Rust. 4 | -------------------------------------------------------------------------------- /source/docs/verus/_config.yml: -------------------------------------------------------------------------------- 1 | title: "Verus" 2 | lsi: false 3 | safe: true 4 | source: . 5 | incremental: false 6 | gist: 7 | noscript: false 8 | exclude: [jekyll-serve-docker.sh] 9 | -------------------------------------------------------------------------------- /tools/veritas/container-entrypoint.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | . /root/.cargo/env 4 | 5 | export VERUS_SINGULAR_PATH=/usr/bin/Singular 6 | 7 | # cargo run --release -- $@ 8 | cargo run -- $@ -------------------------------------------------------------------------------- /dependencies/syn/tests/common/mod.rs: -------------------------------------------------------------------------------- 1 | #![allow(dead_code)] 2 | #![allow(clippy::module_name_repetitions, clippy::shadow_unrelated)] 3 | 4 | pub mod eq; 5 | pub mod parse; 6 | pub mod visit; 7 | -------------------------------------------------------------------------------- /source/docs/guide/src/syntax.md: -------------------------------------------------------------------------------- 1 | # Verus Syntax 2 | 3 | The code below illustrates a large swath of Verus' syntax. 4 | 5 | ```rust 6 | {{#include ../../../../examples/syntax.rs}} 7 | ``` 8 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/fifo-protocol-perspective.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/fifo-protocol-perspective.png -------------------------------------------------------------------------------- /source/docs/guide/src/develop_proofs.md: -------------------------------------------------------------------------------- 1 | # Developing Proofs 2 | 3 | In this chapter, we present several examples showing useful techniques for developing proofs 4 | about your code in Verus. 5 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/rc-ghost-diagram-ghost-only.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/rc-ghost-diagram-ghost-only.png -------------------------------------------------------------------------------- /source/docs/state_machines/src/graphics/strategy-reference-examples.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/verus-lang/verus/HEAD/source/docs/state_machines/src/graphics/strategy-reference-examples.png -------------------------------------------------------------------------------- /source/tools/minimizers/panicked_in.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" 4 | exec ${DIR}/_common_string_search.sh ./foo.rs "panicked at" 5 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_machines/src/lib.rs: -------------------------------------------------------------------------------- 1 | 2 | pub fn foo(g: state_machine_macro_usage::Global) { 3 | let _f = state_machine_macro_usage::Global { ..g }; 4 | } 5 | -------------------------------------------------------------------------------- /source/tools/minimizers/time_exceeded.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" 4 | exec ${DIR}/_common_string_search.sh ./foo.rs "has been running for" 5 | -------------------------------------------------------------------------------- /tools/vargo/.cargo/config.toml: -------------------------------------------------------------------------------- 1 | # Set target directory in case it was overridden by the environment 2 | # https://doc.rust-lang.org/cargo/reference/config.html 3 | 4 | [build] 5 | target-dir = "target" 6 | -------------------------------------------------------------------------------- /examples/cargo-verus/library/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | pub fn f() -> (r: u8) 6 | ensures 7 | r == 4, 8 | { 9 | 2 + 2 10 | } 11 | 12 | } // verus! 13 | -------------------------------------------------------------------------------- /source/docs/guide/src/prefix-and-or.md: -------------------------------------------------------------------------------- 1 | # Prefix and/or (`&&&` and `|||`) 2 | 3 | The prefix and/or operators (`&&&` and `|||`) are explained in [Expressions and operators for specifications](operators.md). 4 | -------------------------------------------------------------------------------- /source/docs/guide/src/spec-expressions.md: -------------------------------------------------------------------------------- 1 | # Spec expressions 2 | 3 | Many built-in operators are in spec mode, i.e., they can be used in 4 | specification expressions. This section discusses those operators. 5 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/src-rc.md: -------------------------------------------------------------------------------- 1 | # Reference-counted smart pointer, verified source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/rc.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/tools/qi-graph/Cargo.lock: -------------------------------------------------------------------------------- 1 | # This file is automatically @generated by Cargo. 2 | # It is not intended for manual editing. 3 | version = 3 4 | 5 | [[package]] 6 | name = "qi-graph" 7 | version = "0.1.0" 8 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/src-counting-to-2.md: -------------------------------------------------------------------------------- 1 | # Counting to 2, verified source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/counting_to_2.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/src-counting-to-n.md: -------------------------------------------------------------------------------- 1 | # Counting to _n_, verified source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/counting_to_n.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/tools/minimizers/rlimit_exceeded.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" 4 | exec ${DIR}/_common_string_search.sh ./foo.rs 'Resource limit (rlimit) exceeded' 5 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | By submitting this pull request, I confirm that my contribution is made under the terms of the [MIT license](https://github.com/verus-lang/verus/blob/main/LICENSE). 4 | -------------------------------------------------------------------------------- /source/docs/guide/src/datatypes.md: -------------------------------------------------------------------------------- 1 | # Datatypes: Structs and Enums 2 | 3 | Datatypes, in both executable code and specifications, are 4 | defined via Rust's [`struct`](datatypes_struct.md) and [`enum`](datatypes_enum.md). 5 | -------------------------------------------------------------------------------- /source/docs/guide/src/ref-extensional-equality.md: -------------------------------------------------------------------------------- 1 | # Extensional equality (`=~=` and `=~~=`) 2 | 3 | The extensional equality operators `=~=` and `=~~=` are explained in 4 | [Extensional equality](extensional_equality.md). 5 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/rust-rc.md: -------------------------------------------------------------------------------- 1 | # Reference-counted smart pointer, unverified Rust source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/unverified_rc.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/spec_use/src/lib.rs: -------------------------------------------------------------------------------- 1 | use spec_use::*; 2 | 3 | pub fn test_calling(x: u16) { 4 | let y = concrete_b(x); 5 | let z = concrete_caller(y); 6 | println!("{}", z); 7 | } 8 | -------------------------------------------------------------------------------- /source/tools/internals_interface/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "internals_interface" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | serde = { version = "1", features = ["derive", "rc"] } 8 | bincode = "1.0.1" -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/rust-counting-to-2.md: -------------------------------------------------------------------------------- 1 | # Counting to 2, unverified Rust source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/unverified_counting_to_2.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/rust-counting-to-n.md: -------------------------------------------------------------------------------- 1 | # Counting to _n_, unverified Rust source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/unverified_counting_to_n.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /dependencies/syn/tests/macros/mod.rs: -------------------------------------------------------------------------------- 1 | macro_rules! errorf { 2 | ($($tt:tt)*) => {{ 3 | use ::std::io::Write; 4 | let stderr = ::std::io::stderr(); 5 | write!(stderr.lock(), $($tt)*).unwrap(); 6 | }}; 7 | } 8 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/src-producer-consumer-queue.md: -------------------------------------------------------------------------------- 1 | # Single-Producer, Single-Consumer queue, example source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/fifo.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /tools/veritas/setup_container: -------------------------------------------------------------------------------- 1 | export REPOS_CACHE_PATH=/root/repos-cache/ 2 | export Z3_CACHE_PATH=/root/z3-cache/ 3 | export WORKDIR_PATH=/root/work/ 4 | export OUTPUT_PATH=/root/output/ 5 | 6 | export VERUS_SINGULAR_PATH=/usr/bin/Singular -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive1/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | pub open spec fn test1() -> bool { true } 6 | 7 | #[inline(never)] 8 | pub fn c() {} 9 | 10 | } // verus! 11 | -------------------------------------------------------------------------------- /examples/std_test/template.rs: -------------------------------------------------------------------------------- 1 | use vstd::pervasive::runtime_assert; 2 | use vstd::prelude::*; 3 | 4 | verus! { 5 | 6 | fn a_test() { 7 | let a = 2; 8 | let b = 3; 9 | runtime_assert(a + b == 5); 10 | } 11 | 12 | } // verus! 13 | -------------------------------------------------------------------------------- /.github/workflows/get-z3.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | z3_version="4.12.5" 3 | 4 | filename=z3-$z3_version-x64-glibc-2.31 5 | wget https://github.com/Z3Prover/z3/releases/download/z3-$z3_version/$filename.zip 6 | unzip $filename.zip 7 | cp $filename/bin/z3 . 8 | 9 | -------------------------------------------------------------------------------- /source/rustc_mir_build/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rustc_mir_build" 3 | version = "0.0.0" 4 | edition = "2024" 5 | 6 | [dependencies] 7 | # tidy-alphabetical-start 8 | itertools = "0.12" 9 | tracing = "0.1" 10 | # tidy-alphabetical-end 11 | -------------------------------------------------------------------------------- /tools/activate.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | 3 | rem Get the script's directory 4 | for %%i in (%0) do set SCRIPT_DIR=%%~dpi 5 | 6 | pushd "%SCRIPT_DIR%\vargo" 7 | cargo build --release 8 | popd 9 | 10 | set PATH=%SCRIPT_DIR%vargo\target\release;%PATH% 11 | -------------------------------------------------------------------------------- /source/docs/state_machines/book.toml: -------------------------------------------------------------------------------- 1 | [book] 2 | language = "en" 3 | multilingual = false 4 | src = "src" 5 | title = "Verus Transition Systems" 6 | 7 | [output.html] 8 | curly-quotes = true 9 | 10 | [output.html.playground] 11 | runnable = false 12 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/examples/rust-producer-consumer-queue.md: -------------------------------------------------------------------------------- 1 | # Single-Producer, Single-Consumer queue, unverified Rust source 2 | 3 | ```rust,ignore 4 | {{#include ../../../../../examples/state_machines/tutorial/unverified_fifo.rs:full}} 5 | ``` 6 | -------------------------------------------------------------------------------- /source/vstd/arithmetic/internals/mod.rs: -------------------------------------------------------------------------------- 1 | pub mod div_internals_nonlinear; 2 | pub mod general_internals; 3 | pub mod mod_internals_nonlinear; 4 | pub mod mul_internals_nonlinear; 5 | 6 | pub mod div_internals; 7 | pub mod mod_internals; 8 | pub mod mul_internals; 9 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/tutorial-by-example.md: -------------------------------------------------------------------------------- 1 | # Tutorial by example 2 | 3 | In this section, we will walk through a series of increasingly complex examples to illustrate how to use Verus's `tokenized_state_machine!` framework to verify concurrent programs. 4 | -------------------------------------------------------------------------------- /source/docs/verus/jekyll-serve-docker.sh: -------------------------------------------------------------------------------- 1 | docker run --rm \ 2 | --volume="$PWD:/srv/jekyll:Z" \ 3 | --volume="$PWD/vendor/bundle:/usr/local/bundle:Z" \ 4 | --publish [::1]:4000:4000 \ 5 | jekyll/jekyll \ 6 | jekyll serve \ 7 | --force_polling 8 | -------------------------------------------------------------------------------- /dependencies/prettyplease/src/lifetime.rs: -------------------------------------------------------------------------------- 1 | use crate::algorithm::Printer; 2 | use verus_syn::Lifetime; 3 | 4 | impl Printer { 5 | pub fn lifetime(&mut self, lifetime: &Lifetime) { 6 | self.word("'"); 7 | self.ident(&lifetime.ident); 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_basic_verified_lib/src/main.rs: -------------------------------------------------------------------------------- 1 | use basic_verified_lib::*; 2 | 3 | fn main() { 4 | let u: u16 = 21; 5 | let dbl = double(u); 6 | println!("\n\nThe result is definitely going to be 42:\t{}\n\n", dbl); 7 | } 8 | -------------------------------------------------------------------------------- /tools/activate.ps1: -------------------------------------------------------------------------------- 1 | $ScriptDir = Split-Path -Parent -Path $MyInvocation.MyCommand.Definition 2 | 3 | Push-Location -Path (Join-Path -Path $ScriptDir -ChildPath "vargo") 4 | cargo build --release 5 | Pop-Location 6 | 7 | $env:PATH = "$ScriptDir\vargo\target\release;$env:PATH" 8 | -------------------------------------------------------------------------------- /dependencies/syn/examples/heapsize/example/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "heapsize_example" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [dependencies] 9 | heapsize = { path = "../heapsize" } 10 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/basic_verified_lib_consumer_verified/src/main.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | use basic_verified_lib::*; 3 | 4 | verus! { 5 | 6 | fn main() { 7 | let x = double(42); 8 | assert(x == 84); 9 | } 10 | 11 | } // verus! 12 | -------------------------------------------------------------------------------- /dependencies/syn/examples/heapsize/heapsize/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "heapsize" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [dependencies] 9 | heapsize_derive = { path = "../heapsize_derive" } 10 | -------------------------------------------------------------------------------- /dependencies/syn/examples/trace-var/example/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "trace-var-example" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [dependencies] 9 | trace-var = { path = "../trace-var" } 10 | -------------------------------------------------------------------------------- /source/docs/guide/src/contributed.md: -------------------------------------------------------------------------------- 1 | # Contributed Extensions 2 | 3 | The Verus community has contributed a number of extensions. Some of these extensions 4 | are not complete, in the sense that they will not work for all Verus code, but when 5 | they apply, they can be quite handy. 6 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/structural/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "structural" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | 9 | [package.metadata.verus] 10 | 11 | [workspace] 12 | -------------------------------------------------------------------------------- /source/docs/guide/book.toml: -------------------------------------------------------------------------------- 1 | [book] 2 | language = "en" 3 | multilingual = false 4 | src = "src" 5 | title = "Verus Tutorial and Reference" 6 | 7 | [rust] 8 | edition = "2018" 9 | 10 | [output.html] 11 | curly-quotes = true 12 | 13 | [output.html.playground] 14 | runnable = false 15 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive2/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | use transitive1::*; 3 | 4 | verus! { 5 | 6 | pub fn test2() 7 | requires test1() 8 | { } 9 | 10 | #[inline(never)] 11 | pub fn b() { 12 | c(); 13 | } 14 | 15 | } // verus! 16 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive3/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | use transitive2::*; 3 | 4 | verus! { 5 | 6 | fn test3() { 7 | test2(); 8 | } 9 | 10 | #[inline(never)] 11 | fn a() { 12 | b(); 13 | //c(); 14 | } 15 | 16 | } // verus! 17 | -------------------------------------------------------------------------------- /tools/vargo/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "vargo" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | serde = { version = "1", features = ["derive"] } 8 | serde_json = "1" 9 | regex = "1" 10 | yansi = "0.5" 11 | toml = "0.7" 12 | walkdir = "2.2" 13 | filetime = "0.2.9" -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/structural/src/main.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | #[derive(Structural, Debug, Copy, Clone, PartialEq)] 4 | struct A(u8); 5 | 6 | verus! { 7 | 8 | fn main() { 9 | let _a = A(5); 10 | assert(1 == 0 + 1); 11 | } 12 | 13 | } 14 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/spec_def/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "spec_def" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | 9 | [package.metadata.verus] 10 | verify = true 11 | 12 | [workspace] 13 | -------------------------------------------------------------------------------- /source/rustfmt.toml: -------------------------------------------------------------------------------- 1 | # Copied from Rust compiler's rustfmt.toml settings 2 | 3 | # Run rustfmt with this config (it should be picked up automatically). 4 | # unstable_features=true # provided by vargo 5 | # version=Two # provided by vargo 6 | use_small_heuristics = "Max" 7 | merge_derives = false 8 | -------------------------------------------------------------------------------- /source/tools/render-verus-log-call-graphs.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | set -e 4 | 5 | for file in `ls .verus-log/*.dot`; do 6 | from=$file 7 | to="${file%.*}.pdf" 8 | set -x 9 | dot -Tpdf $from > $to 10 | set +x 11 | echo -e "$from -> \033[1;94m$to\033[0m" 12 | done 13 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/mimalloc.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "A Concurrent Memory Allocator" 3 | date: 2024-05-01 4 | type: project 5 | code: https://github.com/verus-lang/verified-memory-allocator 6 | --- 7 | A memory allocator based on [mimalloc](https://github.com/microsoft/mimalloc). 8 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/spec_use/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "spec_use_unverified" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | spec_use = { path = "../../verified/spec_use" } 8 | 9 | [package.metadata.verus] 10 | 11 | [workspace] 12 | -------------------------------------------------------------------------------- /source/builtin_macros/src/fndecl.rs: -------------------------------------------------------------------------------- 1 | use proc_macro2::TokenStream; 2 | use quote::quote; 3 | 4 | #[inline(always)] 5 | pub fn fndecl(input: TokenStream) -> TokenStream { 6 | quote! { 7 | #[verifier::spec] #[verifier::external_body] /* vattr */ #input { unimplemented!() } 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive1/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "transitive1" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | 9 | [package.metadata.verus] 10 | verify = true 11 | 12 | [workspace] 13 | -------------------------------------------------------------------------------- /dependencies/syn/examples/lazy-static/example/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "lazy-static-example" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [dependencies] 9 | lazy_static = { path = "../lazy-static" } 10 | regex = "1" 11 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/nr.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "A Node Replication (NR) Library" 3 | date: 2024-05-01 4 | type: project 5 | code: https://github.com/verus-lang/verified-node-replication 6 | --- 7 | Creates a linearizable NUMA-aware concurrent data structure from a black-box sequential one 8 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_vstd/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "consume_vstd" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd_macro_usage = { path = "../../verified/vstd_macro_usage" } 8 | 9 | [package.metadata.verus] 10 | 11 | [workspace] 12 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/workspace_path.rs: -------------------------------------------------------------------------------- 1 | use std::path::{Path, PathBuf}; 2 | 3 | pub fn get(relative_to_workspace_root: impl AsRef) -> PathBuf { 4 | let mut path = PathBuf::from(env!("CARGO_MANIFEST_DIR")); 5 | assert!(path.pop()); 6 | path.push(relative_to_workspace_root); 7 | path 8 | } 9 | -------------------------------------------------------------------------------- /examples/pcm/main.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | use verus_builtin::*; 3 | use verus_builtin_macros::*; 4 | use vstd::prelude::*; 5 | 6 | pub mod agreement; 7 | pub mod log; 8 | pub mod monotonic_counter; 9 | pub mod oneshot; 10 | 11 | verus! { 12 | 13 | pub fn main() { 14 | } 15 | 16 | } // verus! 17 | -------------------------------------------------------------------------------- /source/docs/guide/src/spec-quantifiers.md: -------------------------------------------------------------------------------- 1 | # Spec quantifiers (`forall`, `exists`) 2 | 3 | Quantifiers are explained in the [Quantifiers](quants.md) part of the 4 | tutorial. Specifically, `forall` is explained in [forall and 5 | triggers](forall.md) and `exists` is explained in [exists and 6 | choose](exists.md). 7 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/basic_verified_lib/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "basic_verified_lib" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | 9 | [package.metadata.verus] 10 | verify = true 11 | 12 | [workspace] 13 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/vstd_macro_usage/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "vstd_macro_usage" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd/" } 8 | 9 | [package.metadata.verus] 10 | verify = true 11 | 12 | [workspace] 13 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/lookup.rs: -------------------------------------------------------------------------------- 1 | use syn_codegen::{Definitions, Node}; 2 | 3 | pub fn node<'a>(defs: &'a Definitions, name: &str) -> &'a Node { 4 | for node in &defs.types { 5 | if node.ident == name { 6 | return node; 7 | } 8 | } 9 | panic!("not found: {}", name) 10 | } 11 | -------------------------------------------------------------------------------- /source/rust_verify/src/file_loader.rs: -------------------------------------------------------------------------------- 1 | pub use rustc_span::source_map::RealFileLoader; 2 | 3 | pub trait FileLoaderClone { 4 | fn clone(&self) -> Self; 5 | } 6 | 7 | impl FileLoaderClone for RealFileLoader { 8 | fn clone(&self) -> Self { 9 | rustc_span::source_map::RealFileLoader 10 | } 11 | } 12 | -------------------------------------------------------------------------------- /examples/test.rs: -------------------------------------------------------------------------------- 1 | use verus_builtin::*; 2 | use verus_builtin_macros::*; 3 | 4 | verus! { 5 | 6 | pub fn foo(a: u64) -> u64 7 | requires 8 | a < 100, 9 | { 10 | a + 1 11 | } 12 | 13 | fn main() { 14 | let c = 1; 15 | let mut b = 3; 16 | b = 4; 17 | b = foo(c); 18 | } 19 | 20 | } // verus! 21 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/big_rlimit/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "big_rlimit" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | 9 | [package.metadata.verus] 10 | verify = true 11 | test_args = "--rlimit 15" 12 | 13 | [workspace] 14 | -------------------------------------------------------------------------------- /dependencies/syn/examples/trace-var/example/src/main.rs: -------------------------------------------------------------------------------- 1 | use trace_var::trace_var; 2 | 3 | fn main() { 4 | println!("{}", factorial(8)); 5 | } 6 | 7 | #[trace_var(p, n)] 8 | fn factorial(mut n: u64) -> u64 { 9 | let mut p = 1; 10 | while n > 1 { 11 | p *= n; 12 | n -= 1; 13 | } 14 | p 15 | } 16 | -------------------------------------------------------------------------------- /dependencies/syn/fuzz/fuzz_targets/parse_file.rs: -------------------------------------------------------------------------------- 1 | #![no_main] 2 | 3 | use libfuzzer_sys::fuzz_target; 4 | use std::str; 5 | 6 | fuzz_target!(|data: &[u8]| { 7 | if data.len() < 300 { 8 | if let Ok(string) = str::from_utf8(data) { 9 | let _ = syn::parse_file(string); 10 | } 11 | } 12 | }); 13 | -------------------------------------------------------------------------------- /dependencies/syn/tests/features/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "syn-test-suite" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [lib] 9 | path = "lib.rs" 10 | 11 | [dependencies] 12 | build-alert = "0.1" 13 | 14 | [features] 15 | all-features = [] 16 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_basic_verified_lib/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "unverified_crate" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | basic_verified_lib = { path = "../../verified/basic_verified_lib" } 8 | 9 | [package.metadata.verus] 10 | 11 | [workspace] 12 | -------------------------------------------------------------------------------- /examples/prelude.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | use vstd::prelude::*; 6 | 7 | verus! { 8 | 9 | proof fn lemma() { 10 | let a: Seq = seq![1, 2, 3]; 11 | assert(a[1] == 2); 12 | } 13 | 14 | fn main() { 15 | } 16 | 17 | } // verus! 18 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/unverified/consume_machines/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "consume_machines" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | state_machine_macro_usage = { path = "../../verified/state_machine_macro_usage" } 8 | 9 | [package.metadata.verus] 10 | 11 | [workspace] 12 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/spec_use/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "spec_use" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | spec_def = { path = "../spec_def" } 9 | 10 | [package.metadata.verus] 11 | verify = true 12 | 13 | [workspace] 14 | -------------------------------------------------------------------------------- /examples/cargo-verus/test/src/main.rs: -------------------------------------------------------------------------------- 1 | use vstd::{prelude::*, string::*}; 2 | 3 | verus! { 4 | 5 | #[verifier::external_body] 6 | fn print_result(value: u32) { 7 | println!("{value}"); 8 | } 9 | 10 | fn main() { 11 | let x = library::f(); 12 | assert(x == 4); 13 | print_result(x as u32); 14 | } 15 | 16 | } // verus! 17 | -------------------------------------------------------------------------------- /dependencies/syn/fuzz/fuzz_targets/parse_literal.rs: -------------------------------------------------------------------------------- 1 | #![no_main] 2 | 3 | use libfuzzer_sys::fuzz_target; 4 | use std::str; 5 | 6 | fuzz_target!(|data: &[u8]| { 7 | if data.len() < 24 { 8 | if let Ok(string) = str::from_utf8(data) { 9 | let _ = syn::Lit::from_str_for_fuzzing(string); 10 | } 11 | } 12 | }); 13 | -------------------------------------------------------------------------------- /examples/external.rs: -------------------------------------------------------------------------------- 1 | use verus_builtin::*; 2 | use verus_builtin_macros::*; 3 | 4 | verus! { 5 | 6 | #[verifier::external_body] 7 | fn test(n: u64, s: Ghost) 8 | requires 9 | n > 10 && s@ >= n, 10 | { 11 | println!("hello {}", n); 12 | } 13 | 14 | fn main() { 15 | test(15, Ghost(200)); 16 | } 17 | 18 | } // verus! 19 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive2/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "transitive2" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | transitive1 = { path = "../transitive1" } 9 | 10 | [package.metadata.verus] 11 | verify = true 12 | 13 | [workspace] 14 | -------------------------------------------------------------------------------- /tools/veritas/build_verus.sh: -------------------------------------------------------------------------------- 1 | set -e 2 | set -x 3 | 4 | unset RUSTUP_TOOLCHAIN 5 | cd source 6 | 7 | # TODO restore once line_count is fixed 8 | # pushd tools/line_count 9 | # cargo build --release 10 | # popd 11 | 12 | . ../tools/activate 13 | # ./tools/get-z3.sh 14 | echo $RUSTUP_TOOLCHAIN 15 | vargo build --release $VERUS_FEATURES_ARGS 16 | -------------------------------------------------------------------------------- /dependencies/syn/examples/heapsize/heapsize_derive/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "heapsize_derive" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [lib] 9 | proc-macro = true 10 | 11 | [dependencies] 12 | proc-macro2 = "1" 13 | quote = "1" 14 | syn = { path = "../../.." } 15 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-chained-op.md: -------------------------------------------------------------------------------- 1 | # Chained operators 2 | 3 | In spec code, equality and inequality operators can be chained. For example, 4 | `a <= b < c` 5 | is equivalent to 6 | `a <= b && b < c`. 7 | 8 | Chained inequalities support `<`, `<=`, `>`, `>=`, and `==`, and support sequences of chained 9 | operators of arbitrary length. 10 | -------------------------------------------------------------------------------- /source/docs/verus/assets/verus-text-light.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 8 | 9 | Verus 10 | 11 | -------------------------------------------------------------------------------- /dependencies/syn/dev/import.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ ! -f "$1" ]; then 4 | echo "Usage: dev/import.sh tests/rust/path/to/mod.rs" >&2 5 | exit 1 6 | fi 7 | 8 | set -eu 9 | 10 | main=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)/main.rs 11 | echo -n "syn_dev::r#mod! {" > "$main" 12 | cat "$1" >> "$main" 13 | echo "}" >> "$main" 14 | -------------------------------------------------------------------------------- /source/cargo-verus/build.rs: -------------------------------------------------------------------------------- 1 | // 2 | // Copyright (c) 2024 The Verus Contributors 3 | // 4 | // SPDX-License-Identifier: MIT 5 | // 6 | 7 | fn main() { 8 | rustc_tools_util::setup_version_info!(); 9 | 10 | // See https://doc.rust-lang.org/cargo/reference/build-scripts.html#rerun-if-changed 11 | println!("cargo:rerun-if-changed=build.rs"); 12 | } 13 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/rag-verus.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "RAG-Verus: Repository-Level Program Verification with LLMs using Retrieval Augmented Generation" 3 | authors: "Sicheng Zhong, Jiading Zhu, Yifang Tian, and Xujie Si" 4 | venue: "arXiv" 5 | date: 2025-02-07 6 | type: external 7 | pdf: https://arxiv.org/pdf/2502.05344 8 | 9 | --- 10 | -------------------------------------------------------------------------------- /source/tools/bump_crate_versions/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "bump_crate_versions" 3 | version = "0.1.0" 4 | edition = "2024" 5 | 6 | [dependencies] 7 | chrono = "0.4.41" 8 | regex = "1.11.1" 9 | toml_edit = "0.23.3" 10 | clap = { version = "4.5.26", features = ["derive"] } 11 | petgraph = "0.8.3" 12 | crates_io_api = "0.12.0" 13 | 14 | [workspace] 15 | -------------------------------------------------------------------------------- /source/rust_verify_test_macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rust_verify_test_macros" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [lib] 9 | proc-macro = true 10 | 11 | [dependencies] 12 | quote = "*" 13 | syn = "*" 14 | proc-macro2 = "*" 15 | 16 | -------------------------------------------------------------------------------- /tools/veritas/push_images.sh: -------------------------------------------------------------------------------- 1 | 2 | set -e 3 | set -x 4 | 5 | if [ "$(dirname "$0")" != "." ]; then 6 | echo "Please run the script from its directory." 7 | exit 1 8 | fi 9 | 10 | docker push ghcr.io/utaal/verus-lang/verus-deps 11 | docker push ghcr.io/utaal/verus-lang/verus-base:rust-1.82.0 12 | docker push ghcr.io/utaal/verus-lang/veritas:rust-1.82.0 13 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/transitive3/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "transitive3" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | transitive2 = { path = "../transitive2" } 9 | 10 | [package.metadata.verus] 11 | verify = true 12 | test_ignore = true 13 | 14 | [workspace] 15 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/verified-ostd.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Asterinas OSTD (Operating System Standard Library)" 3 | date: 2025-06-03 4 | type: project 5 | code: https://github.com/asterinas/vostd 6 | --- 7 | 8 | The `vostd` project provides a formally-verified version of OSTD, the (unofficial) standard library for OS development in safe Rust. 9 | 10 | -------------------------------------------------------------------------------- /source/docs/verus/assets/verus-text-dark.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 9 | 10 | Verus 11 | 12 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/llm-mainstream.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Can LLMs Enable Verification in Mainstream Programming?" 3 | authors: "Aleksandr Shefer, Igor Engel, Stanislav Alekseev, Daniil Berezun, Ekaterina Verbitskaia, and Anton Podkopaev" 4 | venue: "arXiv" 5 | date: 2025-03-18 6 | type: external 7 | pdf: https://arxiv.org/pdf/2503.14183 8 | 9 | --- 10 | -------------------------------------------------------------------------------- /tools/veritas/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "veritas-runner" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | git2 = "0.18" 8 | chrono = "0.4" 9 | yansi = "1.0" 10 | sha2 = "0.10" 11 | base64 = "0.22" 12 | serde = { version = "1.0", features = ["std", "derive"] } 13 | getopts = "0.2" 14 | toml = "0.8" 15 | regex = "1.10.4" 16 | serde_json = "1.0.116" 17 | -------------------------------------------------------------------------------- /tools/veritas/verus-lang_verus-deps.dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 ubuntu:24.04 2 | 3 | RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get install -y \ 4 | build-essential curl wget singular git unzip openssh-client pkg-config libssl-dev 5 | 6 | RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile minimal --default-toolchain none 7 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/spec_def/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | 6 | // Spec function for use in verified functions 7 | pub open spec fn double(x: u16) -> (z: int) 8 | { 9 | x + x 10 | } 11 | 12 | pub fn concrete_a(x: u16) -> u16 13 | requires double(x) < 100, 14 | { 15 | x 16 | } 17 | 18 | 19 | } // verus! 20 | -------------------------------------------------------------------------------- /source/verusdoc/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verusdoc" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | walkdir = "2.3.2" 10 | kuchiki = "0.8.1" 11 | serde_json = "1.0" 12 | serde = { version = "1.0", features = ["derive"] } 13 | html5ever = "0.25.2" 14 | -------------------------------------------------------------------------------- /source/docs/guide/README.md: -------------------------------------------------------------------------------- 1 | # Requirements 2 | 3 | To build the guide locally, you will need to install [mdBook](https://rust-lang.github.io/mdBook/). 4 | The simplest approach is often to run `cargo install mdbook`. 5 | 6 | # Building 7 | 8 | To build the guide, run `mdbook serve`. This will render the guide 9 | and start a local webserver where you can view your updated guide. 10 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/spec_use/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | use spec_def::*; 3 | 4 | verus! { 5 | 6 | 7 | pub fn concrete_b(x: u16) -> u16 8 | requires double(x) < 100, 9 | { 10 | x 11 | } 12 | 13 | 14 | pub fn concrete_caller(x: u16) -> u16 15 | requires double(x) < 100, 16 | { 17 | concrete_a(x) 18 | } 19 | 20 | } // verus! 21 | -------------------------------------------------------------------------------- /dependencies/syn/dev/README.md: -------------------------------------------------------------------------------- 1 | A little project skeleton for troubleshooting Syn's parsers during development, 2 | especially when adding support for new Rust syntax. 3 | 4 | Place a sample of the syntax you are working on into main.rs and then run `cargo 5 | check` to try parsing it, revealing the resulting syntax tree or else showing 6 | the position and error message if the input fails to parse. 7 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_config.yml: -------------------------------------------------------------------------------- 1 | title: "Verus — Publications and Projects" 2 | lsi: false 3 | safe: true 4 | source: . 5 | incremental: false 6 | highlighter: rouge 7 | collections: 8 | - projects 9 | gist: 10 | noscript: false 11 | kramdown: 12 | math_engine: mathjax 13 | syntax_highlighter: rouge 14 | exclude: [Makefile] 15 | pubtypes: ["internal", "external"] 16 | -------------------------------------------------------------------------------- /tools/shell.nix: -------------------------------------------------------------------------------- 1 | # Minimal set of build requirements for Verus 2 | # 3 | # Open a shell which has access to nothing but these requirements using 4 | # nix-shell --pure tools/shell.nix 5 | # from the root of the repository. 6 | 7 | { pkgs ? import {} }: 8 | pkgs.mkShell { 9 | nativeBuildInputs = with pkgs; [ 10 | rustup 11 | unzip 12 | wget 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /tools/common/consts.rs: -------------------------------------------------------------------------------- 1 | pub const EXPECTED_Z3_VERSION: &str = "4.12.5"; 2 | pub const EXPECTED_CVC5_VERSION: &str = "1.1.2"; 3 | #[allow(dead_code)] // actually used in `rust_verify/util.rs`, but missed by the dead code checker, possibly due to the use of `#[path(...)]` for this file 4 | pub const VERUS_GITHUB_BUG_REPORT_URL: &str = 5 | "https://github.com/verus-lang/verus/issues/new?template=bug_report.md"; 6 | -------------------------------------------------------------------------------- /dependencies/syn/examples/lazy-static/lazy-static/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "lazy_static" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [lib] 9 | proc-macro = true 10 | 11 | [dependencies] 12 | proc-macro2 = { version = "1", features = ["nightly"] } 13 | quote = "1" 14 | syn = { path = "../../../", features = ["full"] } 15 | -------------------------------------------------------------------------------- /dependencies/syn/examples/trace-var/trace-var/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "trace-var" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [lib] 9 | proc-macro = true 10 | 11 | [dependencies] 12 | proc-macro2 = { version = "1", features = ["nightly"] } 13 | quote = "1" 14 | syn = { path = "../../../", features = ["fold", "full"] } 15 | -------------------------------------------------------------------------------- /source/docs/guide/src/datatypes_struct.md: -------------------------------------------------------------------------------- 1 | ## Struct 2 | 3 | In Verus, just as in Rust, you can use `struct` to define a datatype that 4 | collects a set of fields together: 5 | ```rust 6 | {{#include ../../../../examples/guide/datatypes.rs:point}} 7 | ``` 8 | 9 | Spec and exec code can refer to `struct` fields: 10 | ```rust 11 | {{#include ../../../../examples/guide/datatypes.rs:point-impl}} 12 | ``` 13 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/atmosphere-kisv.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Atmosphere: Towards Practical Verified Kernels in Rust" 3 | authors: "Xiangdong Chen, Zhaofeng Li, Lukas Mesicek, Vikram Narayanan, Anton Burtsev" 4 | venue: "Proceedings of the Workshop on Kernel Isolation, Safety and Verification (KISV)" 5 | date: 2023-10-23 6 | type: external 7 | pdf: https://doi.org/10.1145/3625275.3625401 8 | --- 9 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/basic_verified_lib_consumer_verified/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "basic_verified_lib_consumer_verified" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd" } 8 | basic_verified_lib = { path = "../basic_verified_lib" } 9 | 10 | [package.metadata.verus] 11 | verify = true 12 | 13 | [workspace] 14 | -------------------------------------------------------------------------------- /source/docs/guide/src/interacting-with-unverified-code.md: -------------------------------------------------------------------------------- 1 | # Interacting with unverified code 2 | 3 | We typically only verify a portion of a Rust code base. This chapter discusses 4 | how to [call unverified code from verified 5 | code](./calling-unverified-from-verified.md), as well as some caveats and 6 | strategies for safely allowing [unverified code to call verified 7 | code](./calling-verified-from-unverified.md) 8 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/atmosphere-sosp.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Atmosphere: Practical Verified Kernels with Rust and Verus" 3 | authors: "Xiangdong Chen, Zhaofeng Li, Jerry Zhang, Vikram Narayanan, Anton Burtsev" 4 | venue: "Proceedings of the ACM Symposium on Operating Systems Principles (SOSP)" 5 | date: 2025-10-16 6 | type: external 7 | pdf: https://dl.acm.org/doi/10.1145/3731569.3764821 8 | --- 9 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/persistent-storage.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Persistent Memory Storage Systems" 3 | date: 2024-05-01 4 | type: project 5 | code: https://github.com/microsoft/verified-storage.git 6 | --- 7 | Verified storage systems for persistent memory, including a key-value store and several append-only log implementations. The systems have verified crash consistency and corruption detection. 8 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/state_machine_macro_usage/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "state_machine_macro_usage" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../../../vstd/" } 8 | verus_state_machines_macros = { path = "../../../../../state_machines_macros/" } 9 | 10 | [package.metadata.verus] 11 | verify = true 12 | 13 | [workspace] 14 | -------------------------------------------------------------------------------- /source/docs/guide/src/container_bst.md: -------------------------------------------------------------------------------- 1 | # Verifying a container library 2 | 3 | In this section, we'll learn how to verify a simple container library, specifically, 4 | via an example of a _map_ data structure implemented using a binary search tree. 5 | In the case study, we'll explore various considerations for 6 | writing a modular specification 7 | that encapsulates verification details as well as implementation details. 8 | -------------------------------------------------------------------------------- /examples/cargo-verus/test/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "test" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../source/vstd" } 8 | builtin = { path = "../../../source/builtin" } 9 | builtin_macros = { path = "../../../source/builtin_macros" } 10 | library = { path = "../library", features = ["explicit-verus-deps"] } 11 | 12 | [package.metadata.verus] 13 | verify = true 14 | -------------------------------------------------------------------------------- /examples/guide/pervasive_example.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | use vstd::seq::*; 6 | 7 | verus! { 8 | 9 | fn main() { 10 | proof { 11 | let s: Seq = seq![0, 10, 20, 30, 40]; 12 | assert(s.len() == 5); 13 | assert(s[2] == 20); 14 | assert(s[3] == 30); 15 | } 16 | } 17 | 18 | } // verus! 19 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/ironfleet-kv.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "A Distributed Key-Value Store" 3 | date: 2024-05-01 4 | type: project 5 | code: https://github.com/verus-lang/verified-ironkv 6 | --- 7 | 8 | A port of the IronKV system from [IronFleet](https://github.com/microsoft/Ironclad/tree/main/ironfleet) to Verus. IronKV uses distribution for improved throughput by moving "hot" keys to dedicated machines. 9 | -------------------------------------------------------------------------------- /tools/veritas/get-z3.sh: -------------------------------------------------------------------------------- 1 | set -e 2 | set -x 3 | 4 | z3_version=$1 5 | destination=$2 6 | 7 | if [ ! `uname` == "Linux" ]; then 8 | echo "unexpected OS" 9 | exit 1 10 | fi 11 | 12 | filename=z3-$z3_version-x64-glibc-2.31 13 | 14 | wget https://github.com/Z3Prover/z3/releases/download/z3-$z3_version/$filename.zip 15 | unzip $filename.zip 16 | 17 | cp $filename/bin/z3 $destination 18 | rm -r $filename 19 | rm $filename.zip -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/safe-array.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "A Verified Thread-Safe Array in Rust" 3 | authors: "Sasha Pak, Fabian Muehlboeck, and Alex Potanin" 4 | venue: "International Workshop on Aliasing, Capabilities and Ownership (IWACO)" 5 | date: 2025-10-14 6 | type: external 7 | pdf: https://conf.researchr.org/details/icfp-splash-2025/iwaco-2025-papers/5/A-Verified-Thread-Safe-Array-in-Rust 8 | 9 | --- 10 | -------------------------------------------------------------------------------- /tools/veritas/run_configuration_page_table.toml: -------------------------------------------------------------------------------- 1 | verus_git_url = "https://github.com/verus-lang/verus.git" 2 | verus_revspec = "main" 3 | verus_features = ["singular"] 4 | verus_verify_vstd = false 5 | 6 | [[project]] 7 | name = "page-table" 8 | git_url = "https://github.com/utaal/verified-nrkernel.git" 9 | revspec = "main" 10 | crate_root = "page-table/src/lib.rs" 11 | extra_args = ["--crate-type=lib", "--rlimit", "60"] 12 | 13 | -------------------------------------------------------------------------------- /dependencies/syn/examples/dump-syntax/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "dump-syntax" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [dependencies] 9 | colored = "3" 10 | proc-macro2 = { version = "1", features = ["span-locations"] } 11 | 12 | [dependencies.syn] 13 | default-features = false 14 | features = ["extra-traits", "full", "parsing"] 15 | path = "../.." 16 | -------------------------------------------------------------------------------- /source/rustc_mir_build/src/thir/mod.rs: -------------------------------------------------------------------------------- 1 | //! The MIR is built from some typed high-level IR 2 | //! (THIR). This section defines the THIR along with a trait for 3 | //! accessing it. The intention is to allow MIR construction to be 4 | //! unit-tested and separated from the Rust source and compiler data 5 | //! structures. 6 | 7 | pub(crate) mod constant; 8 | pub(crate) mod cx; 9 | pub(crate) mod pattern; 10 | pub mod print; 11 | mod util; 12 | -------------------------------------------------------------------------------- /source/vir_macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "vir-macros" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | # Note: do not add any dependencies on rustc -- VIR deliberately abstracts away from rustc's internals 9 | [dependencies] 10 | synstructure = "0.13" 11 | proc-macro2 = "*" 12 | syn = "^2" 13 | 14 | [lib] 15 | proc-macro = true 16 | -------------------------------------------------------------------------------- /examples/cells.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | use verus_builtin_macros::*; 4 | use vstd::{cell::*, *}; 5 | 6 | verus! { 7 | 8 | struct X { 9 | pub i: u64, 10 | } 11 | 12 | fn main() { 13 | let x = X { i: 5 }; 14 | let (pcell, Tracked(mut token)) = PCell::empty(); 15 | pcell.put(Tracked(&mut token), x); 16 | assert(token.mem_contents() === MemContents::Init(X { i: 5 })); 17 | } 18 | 19 | } // verus! 20 | -------------------------------------------------------------------------------- /source/tools/get-cvc5.ps1: -------------------------------------------------------------------------------- 1 | $cvc5_version = "1.1.2" 2 | $filename = "cvc5-Win64-static" 3 | 4 | $download_url = "https://github.com/cvc5/cvc5/releases/download/cvc5-$cvc5_version/$filename.zip" 5 | Invoke-WebRequest -Uri $download_url -OutFile "$filename.zip" 6 | Expand-Archive -Path "$filename.zip" -DestinationPath "." 7 | Copy-Item "$filename/bin/cvc5.exe" -Destination "." 8 | Remove-Item -Recurse -Force "$filename" 9 | Remove-Item "$filename.zip" 10 | -------------------------------------------------------------------------------- /source/tools/get-z3.ps1: -------------------------------------------------------------------------------- 1 | $z3_version = "4.12.5" 2 | $filename = "z3-$z3_version-x64-win" 3 | 4 | $download_url = "https://github.com/Z3Prover/z3/releases/download/z3-$z3_version/$filename.zip" 5 | Invoke-WebRequest -Uri $download_url -OutFile "$filename.zip" 6 | Expand-Archive -Path "$filename.zip" -DestinationPath "." 7 | Copy-Item "$filename/bin/z3.exe" -Destination "." 8 | Remove-Item -Recurse -Force "$filename" 9 | Remove-Item "$filename.zip" 10 | -------------------------------------------------------------------------------- /dependencies/prettyplease/fuzz/fuzz_targets/round_trip.rs: -------------------------------------------------------------------------------- 1 | #![no_main] 2 | 3 | use libfuzzer_sys::fuzz_target; 4 | use std::str; 5 | 6 | fuzz_target!(|data: &[u8]| { 7 | let ..=299 = data.len() else { return }; 8 | let Ok(string) = str::from_utf8(data) else { 9 | return; 10 | }; 11 | let Ok(syntax_tree) = syn::parse_file(string) else { 12 | return; 13 | }; 14 | let _ = prettyplease::unparse(&syntax_tree); 15 | }); 16 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-at-sign.md: -------------------------------------------------------------------------------- 1 | # The view function `@` 2 | 3 | The expression `expr@` is a shorthand for `expr.view()`. The `view()` function is a Verus 4 | convention for the abstraction of an exec-mode object, usually [defined by the `View` trait](https://verus-lang.github.io/verus/verusdoc/vstd/view/trait.View.html). 5 | However, the expansion of the `@` syntax is purely syntactic, so it does not necessarily 6 | correspond to the trait function. 7 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-implication.md: -------------------------------------------------------------------------------- 1 | # Implication (==>, <==, and <==>) 2 | 3 | The operator `P ==> Q`, read _P implies Q_, is equivalent to `!P || Q`. 4 | 5 | This can also be written backwards: `Q <== P` is equivalent to `P ==> Q`. 6 | 7 | Finally, `P <==> Q` is equivalent to `P == Q`. It is sometimes useful for readability, 8 | and because `<==>` has the same syntactic precedence as `==>` 9 | rather than the precedence of `==`. 10 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/beyond-isolation.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Beyond Isolation: OS Verification as a Foundation for Correct Applications," 3 | authors: "Matthias Brun, Reto Achermann, Tej Chajed, Jon Howell, Gerd Zellweger, Andrea Lattuada" 4 | venue: "Proceedings of the Workshop on Hot Topics in Operating Systems (HotOS)" 5 | date: 2023-06-22 6 | type: external 7 | pdf: https://andrea.lattuada.me/assets/hotos23-beyond-isolation.pdf 8 | --- 9 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/hance-thesis.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Verifying Concurrent Systems Code" 3 | authors: "Travis Hance" 4 | venue: "PhD Thesis, Carnegie Mellon University" 5 | date: 2024-08-07 6 | type: internal 7 | category: "Language and Verification" 8 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/hance_thesis.pdf 9 | award: Honorable Mention for the CMU School of Computer Science Dissertation Award 10 | 11 | --- 12 | 13 | -------------------------------------------------------------------------------- /examples/trait_for_fn.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | trait IntFn { 6 | spec fn call_int(&self, x: int) -> int; 7 | } 8 | 9 | impl IntFn for spec_fn(int) -> int { 10 | spec fn call_int(&self, x: int) -> int { 11 | self(x) 12 | } 13 | } 14 | 15 | proof fn use_IntFn() { 16 | let f: spec_fn(int) -> int = |x: int| x + 1; 17 | assert(f.call_int(2) == 3); 18 | } 19 | 20 | fn main() { 21 | } 22 | 23 | } // verus! 24 | -------------------------------------------------------------------------------- /source/docs/guide/src/complex_ownership.md: -------------------------------------------------------------------------------- 1 | # Unsafe code & complex ownership 2 | 3 | Here we discuss the handling of more complex patterns relating to Rust ownership including: 4 | 5 | * Interior mutability, where Rust allows you to mutate data even through a shared reference `&T` 6 | * Raw pointers, which require proper ownership handling in order to uphold safety contracts 7 | * Concurrency, where objects owned across different threads may need to coordinate. 8 | -------------------------------------------------------------------------------- /source/docs/guide/src/guarantees.md: -------------------------------------------------------------------------------- 1 | # Understanding the guarantees of a verified program 2 | 3 | A persistent challenge with verified software is understanding what, exactly, is being verified and what guarantees are being given. Verified code doesn't run in a vacuum; verified code ofter interacts with unverified code, possibly in either direction. This chapter documents technical information need to properly understand how verified code might interact with unverified code. 4 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/verified-pagetable.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "An OS Page Table Management Implementation and OS Model" 3 | date: 2024-08-15 4 | type: project 5 | code: https://github.com/utaal/verified-nrkernel 6 | --- 7 | 8 | A verified implementation of an OS' page table management code, and proofs that it behaves according to a userspace process' expectations when combined with a model of the hardware's memory management (memory translation) subsystem. 9 | -------------------------------------------------------------------------------- /dependencies/syn/dev/parse.rs: -------------------------------------------------------------------------------- 1 | use proc_macro::TokenStream; 2 | use quote::quote; 3 | use verus_syn::File; 4 | 5 | #[proc_macro] 6 | pub fn r#mod(input: TokenStream) -> TokenStream { 7 | let compile_error = verus_syn::parse::(input) 8 | .map(|file| println!("{:#?}", file)) 9 | .map_err(|err| err.to_compile_error()) 10 | .err(); 11 | 12 | TokenStream::from(quote! { 13 | #compile_error 14 | fn main() {} 15 | }) 16 | } 17 | -------------------------------------------------------------------------------- /source/tools/qi-graph/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "qi-graph" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | serde = { version = "1", features = ["derive", "rc"] } 10 | bincode = "1.3" 11 | getopts = "*" 12 | petgraph = "0.5.1" 13 | serde_json = { version = "1", features = ["preserve_order"] } 14 | internals_interface = { path = "../internals_interface" } -------------------------------------------------------------------------------- /tools/veritas/build_images.sh: -------------------------------------------------------------------------------- 1 | 2 | set -e 3 | set -x 4 | 5 | RUST_VERSION=1.88.0 6 | 7 | if [ "$(dirname "$0")" != "." ]; then 8 | echo "Please run the script from its directory." 9 | exit 1 10 | fi 11 | 12 | docker build -f verus-lang_verus-deps.dockerfile -t verus-deps . 13 | docker build -f verus-lang_verus-base-$RUST_VERSION.dockerfile -t verus-base:rust-$RUST_VERSION . 14 | docker build -f verus-lang_veritas-$RUST_VERSION.dockerfile -t veritas:rust-$RUST_VERSION . 15 | -------------------------------------------------------------------------------- /dependencies/syn/src/print.rs: -------------------------------------------------------------------------------- 1 | use proc_macro2::TokenStream; 2 | use quote::ToTokens; 3 | 4 | pub(crate) struct TokensOrDefault<'a, T: 'a>(pub &'a Option); 5 | 6 | impl<'a, T> ToTokens for TokensOrDefault<'a, T> 7 | where 8 | T: ToTokens + Default, 9 | { 10 | fn to_tokens(&self, tokens: &mut TokenStream) { 11 | match self.0 { 12 | Some(t) => t.to_tokens(tokens), 13 | None => T::default().to_tokens(tokens), 14 | } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/owlc.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "OwlC: Compiling Security Protocols to Verified, Secure, High-Performance Libraries" 3 | authors: "Pratap Singh, Joshua Gancher, and Bryan Parno" 4 | venue: "Proceedings of the USENIX Security Symposium" 5 | date: 2025-08-13 6 | type: external 7 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/owlc.pdf 8 | code: https://github.com/secure-foundations/owl 9 | award: Distinguished Artifact Award 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/errors.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] test_387_discussioncomment_6202136 verus_code! { 8 | fn bar(v: Vec) { 9 | let bytes: &[u8] = &v[3 as usize .. 9 as usize]; 10 | } 11 | } => Err(err) => { 12 | assert_eq!(err.errors.len(), 1); 13 | assert!(err.errors[0].rendered.contains("Range")); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /examples/cargo-verus/library/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "library" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | vstd = { path = "../../../source/vstd", optional = true } 8 | builtin = { path = "../../../source/builtin", optional = true } 9 | builtin_macros = { path = "../../../source/builtin_macros", optional = true } 10 | 11 | [features] 12 | explicit-verus-deps = ["vstd", "builtin", "builtin_macros"] 13 | 14 | [package.metadata.verus] 15 | verify = true 16 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/cazamariposas.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Cazamariposas: Automated Instability Debugging in SMT-based Program Verification" 3 | authors: "Yi Zhou, Amar Shah, Zhengyao Lin, Marijn Heule, and Bryan Parno" 4 | venue: "Proceedings of the Conference on Automated Deduction (CADE)" 5 | date: 2025-07-28 6 | type: external 7 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/cazamariposas.pdf 8 | code: https://github.com/secure-foundations/mariposa 9 | 10 | --- 11 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/vest.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Vest: Verified, Secure, High-Performance Parsing and Serialization for Rust" 3 | authors: "Yi Cai, Pratap Singh, Zhengyao Lin, Jay Bosamiya, Joshua Gancher, Milijana Surbatovich, and Bryan Parno" 4 | venue: "Proceedings of the USENIX Security Symposium" 5 | date: 2025-08-13 6 | type: external 7 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/vest.pdf 8 | code: https://github.com/secure-foundations/vest 9 | 10 | --- 11 | -------------------------------------------------------------------------------- /dependencies/prettyplease/src/file.rs: -------------------------------------------------------------------------------- 1 | use crate::algorithm::Printer; 2 | use verus_syn::File; 3 | 4 | impl Printer { 5 | pub fn file(&mut self, file: &File) { 6 | self.cbox(0); 7 | if let Some(shebang) = &file.shebang { 8 | self.word(shebang.clone()); 9 | self.hardbreak(); 10 | } 11 | self.inner_attrs(&file.attrs); 12 | for item in &file.items { 13 | self.item(item); 14 | } 15 | self.end(); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/json.rs: -------------------------------------------------------------------------------- 1 | use crate::workspace_path; 2 | use anyhow::Result; 3 | use std::fs; 4 | use syn_codegen::Definitions; 5 | 6 | pub fn generate(defs: &Definitions) -> Result<()> { 7 | let mut j = serde_json::to_string_pretty(&defs)?; 8 | j.push('\n'); 9 | 10 | let check: Definitions = serde_json::from_str(&j)?; 11 | assert_eq!(*defs, check); 12 | 13 | let json_path = workspace_path::get("syn.json"); 14 | fs::write(json_path, j)?; 15 | 16 | Ok(()) 17 | } 18 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/alpha-verus.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "AlphaVerus: Bootstrapping Formally Verified Code Generation through Self-Improving Translation and Treefinement" 3 | authors: "Pranjal Aggarwal, Bryan Parno, Sean Welleck" 4 | venue: "Proceedings of the International Conference on Machine Learning (ICML)" 5 | date: 2025-07-14 6 | type: external 7 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/alpha-verus.pdf 8 | code: https://github.com/cmu-l3/alphaverus 9 | 10 | --- 11 | -------------------------------------------------------------------------------- /source/docs/guide/src/vstd.md: -------------------------------------------------------------------------------- 1 | # Libraries 2 | 3 | The Verus standard library, `vstd`, comes with a variety of utilities and 4 | datatypes for proofs, as well as runtime functionality with specifications. 5 | Most Verus programs will start with `use vstd::prelude::*;`, which pulls 6 | in a default set of definitions that we find generally useful. This chapter 7 | will introduce a few of them, but you can find more complete descriptions 8 | in the [vstd documentation](https://verus-lang.github.io/verus/verusdoc/vstd/). 9 | -------------------------------------------------------------------------------- /tools/veritas/verus-lang_veritas-1.88.0.dockerfile: -------------------------------------------------------------------------------- 1 | FROM --platform=linux/amd64 verus-base:rust-1.88.0 2 | 3 | VOLUME /root/veritas 4 | 5 | VOLUME /root/repos-cache 6 | VOLUME /root/z3-cache 7 | VOLUME /root/work 8 | VOLUME /root/output 9 | VOLUME /root/.rustup 10 | 11 | ENV REPOS_CACHE_PATH=/root/repos-cache/ 12 | ENV Z3_CACHE_PATH=/root/z3-cache/ 13 | ENV WORKDIR_PATH=/root/work/ 14 | ENV OUTPUT_PATH=/root/output/ 15 | 16 | WORKDIR /root/veritas 17 | ENTRYPOINT ["/bin/bash", "container-entrypoint.sh"] 18 | -------------------------------------------------------------------------------- /dependencies/syn/dev/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "syn-dev" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [lib] 9 | path = "parse.rs" 10 | proc-macro = true 11 | 12 | [[bin]] 13 | path = "main.rs" 14 | name = "syn-dev" 15 | 16 | [dependencies] 17 | quote = "1" 18 | 19 | [dependencies.syn_verus] 20 | default-features = false 21 | features = ["extra-traits", "full", "parsing", "proc-macro", "clone-impls", "printing"] 22 | path = ".." 23 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/safe-verus.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Automated Proof Generation for Rust Code via Self-Evolution" 3 | authors: "Tianyu Chen, Shuai Lu, Shan Lu, Yeyun Gong, Chenyuan Yang, Xuheng Li, Md Rakib Hossain Misu, Hao Yu, Nan Duan, Peng Cheng, Fan Yang, Shuvendu K Lahiri, Tao Xie, and Lidong Zhou" 4 | venue: "Proceedings of the International Conference on Learning Representations (ICLR)" 5 | date: 2025-04-24 6 | type: external 7 | pdf: https://arxiv.org/pdf/2410.15756 8 | 9 | --- 10 | -------------------------------------------------------------------------------- /source/docs/guide/src/concurrency.md: -------------------------------------------------------------------------------- 1 | # Concurrency 2 | 3 | Verus provides the _VerusSync framework_ 4 | for verifing programs that require a nontrivial ownership discipline. 5 | This includes *multi-threaded concurrent code*, and frequently it is also needed for nontrivial 6 | applications of unsafe features (such as pointers or unsafe cells). 7 | 8 | The topic is sufficiently complex that we cover it in a 9 | [separate tutorial and reference book](https://verus-lang.github.io/verus/state_machines/intro.html). 10 | 11 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/verismo.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "VeriSMo: A Verified Security Module for Confidential VMs" 3 | authors: "Ziqiao Zhou, Anjali, Weiteng Chen, Sishuai Gong, Chris Hawblitzel, Weidong Cui" 4 | venue: "Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI)" 5 | date: 2024-07-11 6 | type: external 7 | pdf: https://www.usenix.org/conference/osdi24/presentation/zhou 8 | code: https://github.com/microsoft/verismo 9 | award: Best Paper Award 10 | --- 11 | -------------------------------------------------------------------------------- /source/rust_verify/NOTES.md: -------------------------------------------------------------------------------- 1 | 2 | For lang items, consider using 3 | https://doc.rust-lang.org/nightly/nightly-rustc/rustc_middle/ty/context/struct.TyCtxt.html#method.require_lang_item 4 | 5 | For structural equality, consider 6 | https://doc.rust-lang.org/nightly/nightly-rustc/rustc_middle/ty/struct.TyS.html#method.is_structural_eq_shallow 7 | and using a type visitor. 8 | 9 | For field indices, consider 10 | https://doc.rust-lang.org/nightly/nightly-rustc/rustc_middle/ty/struct.TyCtxt.html#method.find_field_index 11 | -------------------------------------------------------------------------------- /examples/assertions.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs expect-failures 2 | use verus_builtin::*; 3 | use verus_builtin_macros::*; 4 | use vstd::*; 5 | 6 | verus! { 7 | 8 | fn main() { 9 | } 10 | 11 | fn test(b: bool) { 12 | assert(b); 13 | } 14 | 15 | fn has_expectations(b: bool) { 16 | requires(b); 17 | } 18 | 19 | fn fails_expectations() { 20 | has_expectations(false); 21 | } 22 | 23 | fn fails_post() 24 | ensures 25 | false, 26 | { 27 | let x = 5; 28 | let y = 7; 29 | } 30 | 31 | } // verus! 32 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/leaf.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Leaf: Modularity for Temporary Sharing in Separation Logic" 3 | authors: "Travis Hance, Jon Howell, Oded Padon, and Bryan Parno" 4 | venue: "Proceedings of the ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA)" 5 | date: 2023-12-01 6 | type: internal 7 | category: "Language and Verification" 8 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/leaf.pdf 9 | code: https://github.com/secure-foundations/leaf 10 | --- 11 | 12 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/verdict.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Towards Practical, End-to-End Formally Verified X.509 Certificate Validators with Verdict" 3 | authors: "Zhengyao Lin, Michael McLoughlin, Pratap Singh, Rory Brennan-Jones, Paul Hitchcox, Joshua Gancher, and Bryan Parno" 4 | venue: "Proceedings of the USENIX Security Symposium" 5 | date: 2025-08-13 6 | type: external 7 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/verdict-x509.pdf 8 | code: https://github.com/secure-foundations/verdict 9 | 10 | --- 11 | -------------------------------------------------------------------------------- /examples/basic_failure.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs expect-failures 2 | #![allow(unused_imports)] 3 | use verus_builtin::*; 4 | use verus_builtin_macros::*; 5 | use vstd::prelude::*; 6 | 7 | verus! { 8 | fn fail_a_post_expr() -> (r: u64) 9 | ensures r == 1 10 | { 11 | 0 12 | } 13 | 14 | fn fail_a_post_stmt(r: &mut u64) 15 | ensures *r == 1 16 | { 17 | *r = 0; 18 | } 19 | 20 | proof fn external_span(s: Seq) { 21 | assert(s[0] == 0); 22 | } 23 | 24 | } -------------------------------------------------------------------------------- /examples/guide/getting_started.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | spec fn min(x: int, y: int) -> int { 6 | if x <= y { 7 | x 8 | } else { 9 | y 10 | } 11 | } 12 | 13 | fn main() { 14 | assert(min(10, 20) == 10); 15 | assert(min(-10, -20) == -20); 16 | assert(forall|i: int, j: int| min(i, j) <= i && min(i, j) <= j); 17 | assert(forall|i: int, j: int| min(i, j) == i || min(i, j) == j); 18 | assert(forall|i: int, j: int| min(i, j) == min(j, i)); 19 | } 20 | 21 | } // verus! 22 | -------------------------------------------------------------------------------- /source/air/src/lib.rs: -------------------------------------------------------------------------------- 1 | pub mod ast; 2 | pub mod ast_util; 3 | pub mod context; 4 | pub mod emitter; 5 | pub mod focus; 6 | pub mod messages; 7 | pub mod model; 8 | pub mod parser; 9 | pub mod profiler; 10 | pub mod scope_map; 11 | pub mod smt_process; 12 | 13 | #[macro_use] 14 | pub mod printer; 15 | 16 | mod block_to_assert; 17 | mod closure; 18 | mod def; 19 | mod smt_verify; 20 | mod tests; 21 | mod typecheck; 22 | mod util; 23 | mod var_to_const; 24 | mod visitor; 25 | 26 | #[cfg(feature = "singular")] 27 | pub mod singular_manager; 28 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-assert-by.md: -------------------------------------------------------------------------------- 1 | # assert ... by 2 | 3 | The `assert ... by` statement is used to encapsulate a proof. For a boolean `spec` expression, `P`, one writes: 4 | 5 | ```rust 6 | assert(P) by { 7 | // ... proof here 8 | } 9 | // ... remainder 10 | ``` 11 | 12 | Verus will validate the proof and then attempt to use it to prove the P. 13 | The contents of the proof, however, will not be included in the context used to 14 | prove the remainder. 15 | Only `P` will be introduced into the context for the remainder. 16 | -------------------------------------------------------------------------------- /dependencies/prettyplease/examples/update/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "prettyplease-update-examples" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [[bin]] 9 | name = "prettyplease-update-examples" 10 | path = "update-examples.rs" 11 | 12 | [dependencies] 13 | anyhow = "1.0" 14 | prettyplease = { path = "../../" } 15 | quote = { version = "1.0", default-features = false } 16 | syn = { version = "2.0", default-features = false, features = ["parsing", "printing"] } 17 | -------------------------------------------------------------------------------- /dependencies/syn/fuzz/fuzz_targets/create_token_buffer.rs: -------------------------------------------------------------------------------- 1 | #![no_main] 2 | 3 | use libfuzzer_sys::fuzz_target; 4 | use proc_macro2::Span; 5 | use std::str; 6 | use syn::parse::{ParseStream, Parser}; 7 | 8 | fn immediate_fail(_input: ParseStream) -> syn::Result<()> { 9 | Err(syn::Error::new(Span::call_site(), "")) 10 | } 11 | 12 | fuzz_target!(|data: &[u8]| { 13 | if data.len() < 300 { 14 | if let Ok(string) = str::from_utf8(data) { 15 | let _ = immediate_fail.parse_str(string); 16 | } 17 | } 18 | }); 19 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-pointers-cells.md: -------------------------------------------------------------------------------- 1 | # Pointers and cells 2 | 3 | See the vstd documentation for more information on handling these features. 4 | 5 | - For cells, see [`PCell`](https://verus-lang.github.io/verus/verusdoc/vstd/cell/struct.PCell.html) 6 | - For pointers to fixed-sized heap allocations, see [`PPtr`](https://verus-lang.github.io/verus/verusdoc/vstd/simple_pptr/struct.PPtr.html). 7 | - For general support for `*mut T` and `*const T`, see [`vstd::raw_ptr`](https://verus-lang.github.io/verus/verusdoc/vstd/raw_ptr/index.html) 8 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/proof-plumber.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "A Framework for Debugging Automated Program Verification Proofs via Proof Actions" 3 | authors: "Chanhee Cho, Yi Zhou, Jay Bosamiya, and Bryan Parno" 4 | venue: "Proceedings of the Conference on Computer Aided Verification (CAV)" 5 | date: 2024-07-01 6 | type: internal 7 | category: "Tooling" 8 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/proof-plumber.pdf 9 | code: https://github.com/verus-lang/verus-analyzer 10 | award: Distinguished Paper Award 11 | --- 12 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/basic_verified_lib/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | 6 | // Library function for use in verified and unverified functions 7 | pub fn double(x: u16) -> (z: u32) 8 | ensures z == x * 2, 9 | { 10 | x as u32 + x as u32 11 | } 12 | 13 | // Some corner cases that have been problematic for cargo-verus in the past 14 | 15 | trait Trait: View {} 16 | 17 | impl Trait for Option {} 18 | 19 | fn test(f:spec_fn(nat) -> nat) { 20 | } 21 | 22 | } // verus! 23 | -------------------------------------------------------------------------------- /source/vstd/build.rs: -------------------------------------------------------------------------------- 1 | use std::env; 2 | 3 | const RUST_MIN_STACK_ENV: &str = "RUST_MIN_STACK"; 4 | 5 | const RUST_MIN_STACK_DEFAULT: u64 = 10 * 1024 * 1024; 6 | 7 | fn main() { 8 | let already_specified = match env::var_os(RUST_MIN_STACK_ENV) { 9 | None => false, 10 | Some(s) => !s.is_empty(), 11 | }; 12 | 13 | if !already_specified { 14 | println!("cargo:rustc-env={RUST_MIN_STACK_ENV}={RUST_MIN_STACK_DEFAULT}"); 15 | } 16 | 17 | println!("cargo:rerun-if-env-changed={RUST_MIN_STACK_ENV}"); 18 | } 19 | -------------------------------------------------------------------------------- /dependencies/prettyplease/cargo-expand/update/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "prettyplease-update" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [[bin]] 9 | name = "prettyplease-update" 10 | path = "update.rs" 11 | 12 | [dependencies] 13 | anyhow = "1.0" 14 | prettyplease = { path = "../../", features = ["verbatim"] } 15 | proc-macro2 = { version = "1.0", features = ["span-locations"] } 16 | syn = { version = "2.0", default-features = false, features = ["parsing", "printing"] } 17 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/README.md: -------------------------------------------------------------------------------- 1 | # syn_codegen 2 | 3 | This is an internal (not published on crates.io) crate which is used to generate 4 | the files in the `gen/` directory of `syn`. It is used to ensure that the 5 | implementations for `Fold`, `Visit`, and `VisitMut` remain in sync with the 6 | actual AST. 7 | 8 | To run this program, run `cargo run` in this directory, and the `gen/` folder 9 | will be re-generated. 10 | 11 | This program is slow, and is therefore not run when building `syn` as part of 12 | the build script to save on compile time. 13 | -------------------------------------------------------------------------------- /source/docs/guide/src/getting_started.md: -------------------------------------------------------------------------------- 1 | # Getting Started 2 | 3 | In this chapter, we'll walk you through setting up Verus and running it on a sample program. 4 | You can either: 5 | 6 | * [Install Verus and run it from the command line](./getting_started_cmd_line.md) 7 | * [Install Verus and run it from within VSCode](./getting_started_vscode.md) 8 | 9 | If you don't want to install Verus yet, but just want to experiment with it or follow 10 | along the tutorial, you can also run Verus through [the Verus playground](https://play.verus-lang.org/) in your browser. 11 | -------------------------------------------------------------------------------- /source/Cargo.toml: -------------------------------------------------------------------------------- 1 | [workspace] 2 | resolver = "2" 3 | members = [ 4 | "air", 5 | "builtin", 6 | "builtin_macros", 7 | "cargo-verus", 8 | "vir", 9 | "vir_macros", 10 | "rust_verify", 11 | "verus", 12 | "rust_verify_test", 13 | "rust_verify_test_macros", 14 | "state_machines_macros", 15 | "verusdoc", 16 | "vstd_build", 17 | "tools/internals_interface", 18 | "tools/line_count", 19 | "tools/qi-graph", 20 | ] 21 | exclude = [ 22 | "vstd", 23 | ] 24 | 25 | # do not modify the following two lines 26 | [workspace.metadata.vargo] 27 | tag = "workspace" 28 | -------------------------------------------------------------------------------- /tools/activate.fish: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env fish 2 | 3 | functions --erase cargo 4 | 5 | # Get the script's directory 6 | set SCRIPT_DIR (realpath (dirname (status -f))) 7 | 8 | echo "building vargo" 9 | pushd $SCRIPT_DIR/vargo 10 | cargo build --release 11 | popd 12 | 13 | set -x PATH $SCRIPT_DIR/vargo/target/release $PATH 14 | 15 | function cargo 16 | echo "when working on Verus do not use cargo directly, use vargo instead" 1>&2 17 | echo "if you need to, you can still access cargo directly by starting a new shell without running the activate command" 1>&2 18 | return 1 19 | end 20 | -------------------------------------------------------------------------------- /dependencies/prettyplease/fuzz/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "prettyplease-fuzz" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [package.metadata] 9 | cargo-fuzz = true 10 | 11 | [dependencies] 12 | libfuzzer-sys = "0.4" 13 | prettyplease = { path = "..", features = ["verbatim"] } 14 | syn = { version = "2", default-features = false, features = ["full", "parsing"] } 15 | 16 | [[bin]] 17 | name = "round_trip" 18 | path = "fuzz_targets/round_trip.rs" 19 | test = false 20 | doc = false 21 | 22 | [workspace] 23 | -------------------------------------------------------------------------------- /source/docs/guide/src/performance.md: -------------------------------------------------------------------------------- 1 | # Meausuring verification performance 2 | 3 | To see a more detailed breakdown of where Verus is spending time, you can pass 4 | `--time` on the command line. For even more details, try `--time-expanded`. 5 | For a machine-readable output, add `--output-json`. These flags will also 6 | report on the SMT resources (rlimit) used. SMT resources are an advanced topic; 7 | they give a *very rough* estimate of how hard the SMT solver worked on the provided 8 | query (or queries). 9 | 10 | See `verus --help` for more information about these options. 11 | -------------------------------------------------------------------------------- /examples/adts_eq.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | use verus_builtin_macros::*; 3 | use vstd::*; 4 | 5 | verus! { 6 | 7 | #[derive(PartialEq, Eq)] 8 | struct Thing {} 9 | 10 | #[derive(PartialEq, Eq)] 11 | struct Car { 12 | thing: Thing, 13 | four_doors: bool, 14 | } 15 | 16 | fn one() { 17 | let c1 = Car { thing: Thing { }, four_doors: true }; 18 | let c2 = Car { thing: Thing { }, four_doors: true }; 19 | assert(c1 == c2); 20 | let t1 = Thing { }; 21 | let t2 = Thing { }; 22 | assert(t1 == t2); 23 | } 24 | 25 | fn main() { 26 | } 27 | 28 | } // verus! 29 | -------------------------------------------------------------------------------- /source/docs/verus/_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Verus — Projects 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 |
15 | {{ content }} 16 |
17 |
18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /examples/guide/requires_ensures.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | #[verifier::external_body] 6 | fn print_two_digit_number(i: i8) 7 | requires 8 | -99 <= i < 100, 9 | { 10 | println!("The answer is {}", i); 11 | } 12 | 13 | fn octuple(x1: i8) -> (x8: i8) 14 | requires 15 | -16 <= x1 < 16, 16 | ensures 17 | x8 == 8 * x1, 18 | { 19 | let x2 = x1 + x1; 20 | let x4 = x2 + x2; 21 | x4 + x4 22 | } 23 | 24 | fn main() { 25 | let n = octuple(10); 26 | assert(n == 80); 27 | print_two_digit_number(n); 28 | } 29 | 30 | } // verus! 31 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/ghost-linear.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Verus: Verifying Rust Programs using Linear Ghost Types" 3 | authors: "Andrea Lattuada, Travis Hance, Chanhee Cho, Matthias Brun, Isitha Subasinghe, Yi Zhou, Jon Howell, Bryan Parno, Chris Hawblitzel" 4 | venue: "Proceedings of the ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA)" 5 | date: 2023-12-01 6 | type: internal 7 | category: "Language and Verification" 8 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/verus-ghost.pdf 9 | code: https://github.com/verus-lang/verus 10 | 11 | --- 12 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/power.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "PoWER Never Corrupts: Tool-Agnostic Verification of Crash Consistency and Corruption Detection" 3 | authors: "Hayley LeBlanc, Jay Lorch, Chris Hawblitzel, Cheng Huang, Yiheng Tao, Nickolai Zeldovich, Vijay Chidambaram" 4 | venue: "Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI)" 5 | date: 2025-07-09 6 | type: external 7 | pdf: https://www.usenix.org/conference/osdi25/presentation/leblanc 8 | code: https://github.com/microsoft/verified-storage 9 | award: Distinguished Artifact Award 10 | --- 11 | 12 | -------------------------------------------------------------------------------- /.git-blame-ignore-revs: -------------------------------------------------------------------------------- 1 | # Format vstd with `verusfmt` version 0.2.3 2 | c5965bbf6f4a0493bb26b4b0df0ebb62af609f81 3 | # Format vstd with `verusfmt` version 0.2.7 4 | # With CI checks enabled, hopefully this is last of the ignored verusfmt 5 | 548664657ef279cbc2f7c0dc08d136c4475653ac 6 | # Format vstd with `verusfmt` version 0.2.7 7 | # now using source/rustfmt.toml settings 8 | c86127ac23fa8e7ad82bf9df44e77df3b886ff72 9 | # Format `calc!` statements 10 | eb89e2b8672ed2723e225529f8ca752aa67e0209 11 | # Rename examples directory (rename source/rust_verify/example to examples) 12 | 8707ef26789e8b734c2d5bfe6d866356314bd859 -------------------------------------------------------------------------------- /source/vstd/SOURCES.md: -------------------------------------------------------------------------------- 1 | Many of the definitions and lemmas in `seq_lib.rs`, `set_lib.rs`, `map_lib.rs`, and `multiset.rs` were adapted from the [Dafny standard libraries](https://github.com/dafny-lang/libraries/tree/master/src/Collections), which in turn were assembled from [Ironclad Apps](https://github.com/microsoft/Ironclad/tree/main/ironclad-apps), [IronFleet](https://github.com/microsoft/Ironclad/tree/main/ironfleet), [Vale](https://github.com/project-everest/vale/tree/legacy_dafny), [Verified BetrFS](https://github.com/vmware-labs/verified-betrfs), and [Verifying OpenTitan](https://github.com/secure-foundations/veri-titan). -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_layouts/default.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Verus — Projects 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 |
15 | {{ content }} 16 |
17 |
18 | 19 | 20 | 21 | 22 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/anvil.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Anvil: Verifying Liveness of Cluster Management Controllers" 3 | authors: "Xudong Sun, Wenjie Ma, Jiawei Tyler Gu, Zicheng Ma, Tej Chajed, Jon Howell, Andrea Lattuada, Oded Padon, Lalith Suresh, Adriana Szekeres, Tianyin Xu" 4 | venue: "Proceedings of the USENIX Symposium on Operating Systems Design and Implementation (OSDI)" 5 | date: 2024-07-11 6 | type: external 7 | pdf: https://www.usenix.org/conference/osdi24/presentation/sun-xudong 8 | code: https://github.com/vmware-research/verifiable-controllers 9 | award: Best Paper Award 10 | --- 11 | 12 | -------------------------------------------------------------------------------- /tools/veritas/run.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | RUST_VERSION=1.88.0 4 | 5 | if [ "$(dirname "$0")" != "." ]; then 6 | echo "Please run the script from its directory." 7 | exit 1 8 | fi 9 | 10 | docker run --platform=linux/amd64 \ 11 | -v verus-veritas-repo-cache:/root/repos-cache \ 12 | -v $(pwd):/root/veritas \ 13 | -v /root/work \ 14 | -v verus-veritas-cargo-$RUST_VERSION-cache:/root/.cargo \ 15 | -v verus-veritas-z3-cache:/root/z3-cache \ 16 | -v verus-veritas-rustup-$RUST_VERSION:/root/.rustup \ 17 | -v $(pwd)/output:/root/output \ 18 | --rm \ 19 | veritas:rust-$RUST_VERSION $@ 20 | -------------------------------------------------------------------------------- /source/vstd/std_specs/alloc.rs: -------------------------------------------------------------------------------- 1 | use super::super::prelude::*; 2 | 3 | verus! { 4 | 5 | // this is a bit of a hack; verus treats Global specially already, 6 | // but putting this here helps Verus pick up all the trait impls for Global 7 | #[cfg(feature = "alloc")] 8 | #[verifier::external_type_specification] 9 | #[verifier::external_body] 10 | pub struct ExGlobal(alloc::alloc::Global); 11 | 12 | #[cfg(feature = "alloc")] 13 | #[feature(liballoc_internals)] 14 | pub assume_specification[ alloc::boxed::box_new ](x: T) -> (result: alloc::boxed::Box) 15 | ensures 16 | *result == x, 17 | ; 18 | 19 | } // verus! 20 | -------------------------------------------------------------------------------- /dependencies/syn/examples/lazy-static/example/src/main.rs: -------------------------------------------------------------------------------- 1 | use lazy_static::lazy_static; 2 | use regex::Regex; 3 | 4 | lazy_static! { 5 | static ref USERNAME: Regex = { 6 | println!("Compiling username regex..."); 7 | Regex::new("^[a-z0-9_-]{3,16}$").unwrap() 8 | }; 9 | } 10 | 11 | fn main() { 12 | println!("Let's validate some usernames."); 13 | validate("fergie"); 14 | validate("will.i.am"); 15 | } 16 | 17 | fn validate(name: &str) { 18 | // The USERNAME regex is compiled lazily the first time its value is accessed. 19 | println!("is_match({:?}): {}", name, USERNAME.is_match(name)); 20 | } 21 | -------------------------------------------------------------------------------- /dependencies/syn/tests/features/lib.rs: -------------------------------------------------------------------------------- 1 | #[cfg(debug_assertions)] 2 | build_alert::yellow! {" 3 | NOTE: use --release 4 | Syn's test suite has some tests that run on every source file 5 | and test case in the rust-lang/rust repo, which can be pretty 6 | slow in debug mode. Consider running cargo test with `--release` 7 | to speed things up. 8 | "} 9 | 10 | #[cfg(not(feature = "all-features"))] 11 | build_alert::red! {" 12 | ERROR: use --all-features 13 | Syn's test suite normally only works with all-features enabled. 14 | Run again with `--all-features`, or run with `--features test` 15 | to bypass this check. 16 | "} 17 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/auto-verus.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "AutoVerus: Automated Proof Generation for Rust Code" 3 | authors: "Chenyuan Yang, Xuheng Li, Md Rakib Hossain Misu, Jianan Yao, Weidong Cui, Yeyun Gong, Chris Hawblitzel, Shuvendu Lahiri, Jacob R. Lorch, Shuai Lu, Fan Yang, Ziqiao Zhou, and Shan Lu" 4 | venue: "Proceedings of the ACM Conference on Object-Oriented Programming Systems, Languages, and Applications (OOPSLA)" 5 | date: 2025-10-18 6 | type: external 7 | pdf: https://arxiv.org/pdf/2409.13082 8 | code: https://github.com/microsoft/verus-proof-synthesis 9 | award: Distinguished Artifact Award 10 | --- 11 | -------------------------------------------------------------------------------- /source/verus/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verus" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | [dependencies] 7 | toml = "0.7.4" 8 | zip = "0.6.6" 9 | chrono = "0.4.26" 10 | yansi = "0.5" 11 | serde_json = "1.0" 12 | regex = "1" 13 | git2 = { version = "0.18", optional = true, default-features = false, features = [] } 14 | is-terminal = { version = "0.4.9", optional = true } 15 | rand = { version = "0.8.0", optional = true } 16 | 17 | [features] 18 | default = [] 19 | record-history = ["git2", "is-terminal", "rand"] 20 | 21 | [target."cfg(windows)".dependencies] 22 | win32job = "1" 23 | 24 | [build-dependencies] 25 | regex = "1" 26 | -------------------------------------------------------------------------------- /examples/structural.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | use verus_builtin_macros::*; 3 | 4 | verus! { 5 | 6 | #[derive(PartialEq, Eq, Structural)] 7 | struct Thing {} 8 | 9 | #[derive(PartialEq, Eq, Structural)] 10 | struct Car { 11 | passengers: T, 12 | four_doors: bool, 13 | } 14 | 15 | fn one() { 16 | let c1 = Car { passengers: Thing { }, four_doors: true }; 17 | let c2 = Car { passengers: Thing { }, four_doors: true }; 18 | assert(c1 == c2); 19 | } 20 | 21 | fn two(c1: Car, c2: Car) { 22 | if c1 == c2 { 23 | assert(c1 == c2); 24 | } 25 | } 26 | 27 | fn main() { 28 | } 29 | 30 | } // verus! 31 | -------------------------------------------------------------------------------- /source/docs/guide/src/specs.md: -------------------------------------------------------------------------------- 1 | # Basic specifications 2 | 3 | Verus programs contain *specifications* to describe the 4 | intended behavior of the code. 5 | These specifications include preconditions, postconditions, assertions, and loop invariants. 6 | Specifications are one form of *ghost code* --- code that appears in the Rust source code for verification's sake, 7 | but does not appear in the compiled executable. 8 | 9 | This chapter will walk through some basic examples of preconditions, postconditions, 10 | and assertions, showing the syntax for writing these specifications 11 | and discussing integer arithmetic and equality in specifications. 12 | -------------------------------------------------------------------------------- /source/rust_verify_test/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rust_verify_test" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | air = { path = "../air" } 10 | vir = { path = "../vir" } 11 | 12 | [dev-dependencies] 13 | rust_verify_test_macros = { path = "../rust_verify_test_macros" } 14 | regex = "1" 15 | serde = "1" 16 | serde_json = "1" 17 | tempfile = "3.23.0" 18 | toml = "0.9.8" 19 | yansi = "0.5" 20 | 21 | [features] 22 | singular = ["vir/singular", "air/singular"] 23 | 24 | [package.metadata.rust-analyzer] 25 | rustc_private = true -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/corten-mm.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "CortenMM: Efficient Memory Management with Strong Correctness Guarantees" 3 | authors: "Junyang Zhang, Xiangcan Xu, Yonghao Zou, Zhe Tang, Xinyi Wan, Kang Hu, Siyuan Wang, Wenbo Xu, Di Wang, Hao Chen, Lin Huang, Shoumeng Yan, Yuval Tamir, Yingwei Luo, Xiaolin Wang, Huashan Yu, Zhenlin Wang, Hongliang Tian, Diyu Zhou" 4 | venue: "Proceedings of the ACM Symposium on Operating Systems Principles (SOSP)" 5 | date: 2025-10-14 6 | type: external 7 | pdf: https://dl.acm.org/doi/10.1145/3731569.3764836 8 | code: https://github.com/TELOS-syslab/CortenMM-Artifact 9 | award: Best Paper Award 10 | --- -------------------------------------------------------------------------------- /source/rust_verify/src/def.rs: -------------------------------------------------------------------------------- 1 | use std::sync::Arc; 2 | 3 | use crate::context::Context; 4 | 5 | pub const IS_VARIANT_PREFIX: &str = "is"; 6 | pub const GET_VARIANT_PREFIX: &str = "get"; 7 | 8 | pub(crate) fn path_to_well_known_item( 9 | ctxt: &Context, 10 | ) -> Arc> { 11 | Arc::new( 12 | vec![( 13 | ctxt.tcx.lang_items().drop_trait().expect("drop trait lang item"), 14 | vir::ast::WellKnownItem::DropTrait, 15 | )] 16 | .into_iter() 17 | .map(|(did, wii)| (ctxt.def_id_to_vir_path(did), wii)) 18 | .collect(), 19 | ) 20 | } 21 | -------------------------------------------------------------------------------- /.vscode/tasks.json.template: -------------------------------------------------------------------------------- 1 | { 2 | "version": "2.0.0", 3 | "tasks": [ 4 | { 5 | "label": "build", 6 | "type": "shell", 7 | "command": "bash -c 'cd source; . ../tools/activate && vargo build'", 8 | "problemMatcher": [], 9 | "group": { 10 | "kind": "build", 11 | "isDefault": true 12 | } 13 | }, 14 | { 15 | "label": "build-no-vstd", 16 | "type": "shell", 17 | "command": "bash -c 'cd source; . ../tools/activate && vargo build --exclude vstd'", 18 | "problemMatcher": [], 19 | "group": { 20 | "kind": "build", 21 | "isDefault": true 22 | } 23 | } 24 | ] 25 | } 26 | -------------------------------------------------------------------------------- /source/cargo-verus/tests/README.md: -------------------------------------------------------------------------------- 1 | # Integration Tests for `cargo verus` 2 | 3 | These tests are meant to confirm integration between `cargo-verus` and `cargo` itself, without actually running any of the heavy machinery. This is where the helper `fake-cargo` binary comes in: it allows capturing the args and env vars that `cargo-verus` passes to `cargo`, but without actually running `cargo` or `verus` in any serious capacity. It only ever invokes `cargo metadata` which does not need network access, because the test fixtures are set up to be entirely local using `path` deps, etc. 4 | 5 | ## How to Run 6 | 7 | ``` 8 | cargo test -p cargo-verus --features integration-tests 9 | ``` 10 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/unsafe.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] unsafe_fns_ok verus_code! { 8 | unsafe fn f() { 9 | } 10 | 11 | #[verifier::external] 12 | unsafe fn g() { 13 | } 14 | 15 | #[verifier::external_body] 16 | unsafe fn h() { 17 | } 18 | } => Ok(()) 19 | } 20 | 21 | test_verify_one_file! { 22 | #[test] unsafe_proof_fn_fail verus_code! { 23 | unsafe proof fn j() { 24 | } 25 | } => Err(err) => assert_vir_error_msg(err, "'unsafe' only makes sense on exec-mode functions") 26 | } 27 | -------------------------------------------------------------------------------- /source/docs/guide/src/recursion_loops.md: -------------------------------------------------------------------------------- 1 | # Recursion and loops 2 | 3 | Suppose we want to compute the nth 4 | [triangular number](https://en.wikipedia.org/wiki/Triangular_number): 5 | 6 | ``` 7 | triangle(n) = 0 + 1 + 2 + ... + (n - 1) + n 8 | ``` 9 | 10 | We can express this as a simple recursive funciton: 11 | 12 | ```rust 13 | {{#include ../../../../examples/guide/recursion.rs:spec}} 14 | ``` 15 | 16 | This chapter discusses how to define and use recursive functions, 17 | including writing `decreases` clauses and using fuel. 18 | It then explores a series of verified implementations of `triangle`, 19 | starting with a basic recursive implementation and ending with a while loop. 20 | -------------------------------------------------------------------------------- /source/vir/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "vir" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | # Note: do not add any dependencies on rustc -- VIR deliberately abstracts away from rustc's internals 9 | [dependencies] 10 | air = { path = "../air" } 11 | vir-macros = { path = "../vir_macros" } 12 | sise = "0.6.0" 13 | num-bigint = { version = "0.4.4", features = ["serde"] } 14 | num-traits= "0.2.16" 15 | im = "15.1.0" 16 | sha2 = "0.10.2" 17 | serde = { version = "1", features = ["derive", "rc"] } 18 | indexmap = { version = "1" } 19 | 20 | [features] 21 | singular = ["air/singular"] 22 | -------------------------------------------------------------------------------- /examples/modules.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | 6 | verus! { 7 | 8 | fn main() { 9 | } 10 | 11 | mod M1 { 12 | use verus_builtin::*; 13 | 14 | spec fn f1(i: int) -> int { 15 | i + 1 16 | } 17 | 18 | pub closed spec fn f2(i: int) -> int { 19 | f1(i) + 1 20 | } 21 | 22 | } 23 | 24 | mod M2 { 25 | use crate::M1::f2; 26 | #[allow(unused_imports)] 27 | use verus_builtin::*; 28 | 29 | proof fn P() { 30 | // assert(f2(10) == 12); // FAILS, since f2 is closed (abstract) 31 | assert(f2(10) == f2(10)); 32 | } 33 | 34 | } 35 | 36 | } // verus! 37 | -------------------------------------------------------------------------------- /source/docs/guide/src/exec_termination.md: -------------------------------------------------------------------------------- 1 | # Lightweight termination checking 2 | 3 | While recursive `spec` functions and `proof` functions must always terminate and therefore must always contain a decreases clause, nontermination is allowed for exec functions. Nevertheless, by default, Verus still requires that recursive `exec` functions and loops in `exec` mode have a `decreases` clause. This only guarantees that the present function will terminate, on the assumption that all the callees also terminate so it should be treated as a lint, not a complete guarantee of termination. 4 | 5 | The attribute #![verifier::exec_allows_no_decreases_clause] can be used to disable this check for a function, module, or crate. -------------------------------------------------------------------------------- /examples/guide/opaque.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | 6 | verus! { 7 | 8 | /* 9 | // ANCHOR: opaque 10 | mod M1 { 11 | use verus_builtin::*; 12 | 13 | #[verifier::opaque] 14 | spec fn min(x: int, y: int) -> int { 15 | if x <= y { 16 | x 17 | } else { 18 | y 19 | } 20 | } 21 | 22 | fn test() { 23 | assert(min(10, 20) == min(10, 20)); // succeeds 24 | assert(min(10, 20) == 10); // FAILS 25 | reveal(min); 26 | assert(min(10, 20) <= 10); // succeeds 27 | } 28 | 29 | } 30 | // ANCHOR_END: opaque 31 | */ 32 | 33 | } 34 | 35 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/_projects/practical-foundation.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: "Verus: A Practical Foundation for Systems Verification" 3 | authors: "Andrea Lattuada, Travis Hance, Jay Bosamiya, Matthias Brun, Chanhee Cho, Hayley LeBlanc, Pranav Srinivasan, Reto Achermann, Tej Chajed, Chris Hawblitzel, Jon Howell, Jay Lorch, Oded Padon, and Bryan Parno" 4 | venue: "Proceedings of the ACM Symposium on Operating Systems Principles (SOSP)" 5 | date: 2024-11-05 6 | type: internal 7 | category: "Language and Verification" 8 | pdf: https://www.andrew.cmu.edu/user/bparno/papers/verus-sys.pdf 9 | code: https://verus-lang.github.io/paper-sosp24-artifact/ 10 | award: Distinguished Artifact Award 11 | 12 | --- 13 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/version.rs: -------------------------------------------------------------------------------- 1 | use crate::workspace_path; 2 | use anyhow::{Context as _, Result}; 3 | use semver::Version; 4 | use std::fs; 5 | use toml::Table; 6 | 7 | pub fn get() -> Result { 8 | let syn_cargo_toml = workspace_path::get("Cargo.toml"); 9 | let content = fs::read_to_string(syn_cargo_toml)?; 10 | let manifest: Table = toml::from_str(&content)?; 11 | manifest 12 | .get("package") 13 | .context("[package] not found in Cargo.toml")? 14 | .get("version") 15 | .and_then(toml::Value::as_str) 16 | .context("package version not found in Cargo.toml")? 17 | .parse() 18 | .context("failed to parse package version") 19 | } 20 | -------------------------------------------------------------------------------- /source/tools/get-cvc5.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash -eu 2 | 3 | cvc5_version="1.1.2" 4 | 5 | if [ `uname` == "Darwin" ]; then 6 | if [[ $(uname -m) == 'arm64' ]]; then 7 | filename="cvc5-macOS-arm64-static" 8 | else 9 | filename="cvc5-macOS-static" 10 | fi 11 | elif [ `uname` == "Linux" ]; then 12 | filename="cvc5-Linux-static" 13 | fi 14 | 15 | URL="https://github.com/cvc5/cvc5/releases/download/cvc5-$cvc5_version/$filename.zip" 16 | 17 | echo "Downloading: $URL" 18 | curl -L -o "$filename.zip" "$URL" 19 | unzip "$filename.zip" 20 | 21 | # delete the existing cvc5 because of caching issue on macs 22 | rm -f cvc5 23 | 24 | cp "$filename/bin/cvc5" . 25 | rm -r "$filename" 26 | rm "$filename.zip" 27 | -------------------------------------------------------------------------------- /source/docs/guide/src/container_bst_all_source.md: -------------------------------------------------------------------------------- 1 | # Full source for the examples 2 | 3 | * [First draft](#first-draft) 4 | * [Version with type invariants](#version-with-type-invariants) 5 | * [Version with generic key type and Clone implementation](#version-with-generic-key-type-and-clone-implementation) 6 | 7 | ## First draft 8 | 9 | ```rust 10 | {{#include ../../../../examples/guide/bst_map.rs:all}} 11 | ``` 12 | 13 | ## Version with type invariants 14 | 15 | ```rust 16 | {{#include ../../../../examples/guide/bst_map_type_invariant.rs:all}} 17 | ``` 18 | 19 | ## Version with generic key type and Clone implementation 20 | 21 | ```rust 22 | {{#include ../../../../examples/guide/bst_map_generic.rs:all}} 23 | ``` 24 | -------------------------------------------------------------------------------- /source/vstd/modes.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use super::pervasive::*; 3 | #[allow(unused_imports)] 4 | use super::prelude::*; 5 | 6 | verus! { 7 | 8 | pub axiom fn tracked_swap(tracked a: &mut V, tracked b: &mut V) 9 | ensures 10 | *a == *old(b), 11 | *b == *old(a), 12 | ; 13 | 14 | /// Make any tracked object permanently shared and get a reference to it. 15 | /// 16 | /// Tip: If you try to use this and run into problems relating to the introduction 17 | /// of a lifetime variable, you want to try [`Shared`](crate::shared::Shared) instead. 18 | pub axiom fn tracked_static_ref(tracked v: V) -> (tracked res: &'static V) 19 | ensures 20 | res == v, 21 | ; 22 | 23 | } // verus! 24 | -------------------------------------------------------------------------------- /dependencies/syn/examples/README.md: -------------------------------------------------------------------------------- 1 | ### [`dump-syntax`](dump-syntax) 2 | 3 | Little utility to parse a Rust source file into a `syn::File` and print out a 4 | debug representation of the syntax tree. 5 | 6 | ### [`heapsize`](heapsize) 7 | 8 | An example implementation of a derive macro that generates trait impls. 9 | 10 | ### [`lazy-static`](lazy-static) 11 | 12 | An example of parsing a custom syntax within a `functionlike!(...)` procedural 13 | macro. Demonstrates how to trigger custom warnings and error messages on 14 | individual tokens of the input. 15 | 16 | ### [`trace-var`](trace-var) 17 | 18 | An attribute procedural macro that uses a syntax tree traversal to transform 19 | certain syntax tree nodes in a function body. 20 | -------------------------------------------------------------------------------- /dependencies/syn/examples/dump-syntax/README.md: -------------------------------------------------------------------------------- 1 | Parse a Rust source file into a `syn::File` and print out a debug representation 2 | of the syntax tree. 3 | 4 | Use the following command from this directory to test this program by running it 5 | on its own source code: 6 | 7 | ``` 8 | cargo run -- src/main.rs 9 | ``` 10 | 11 | The output will begin with: 12 | 13 | ``` 14 | File { 15 | shebang: None, 16 | attrs: [ 17 | Attribute { 18 | pound_token: Pound, 19 | style: Inner( 20 | Bang 21 | ), 22 | bracket_token: Bracket, 23 | path: Path { 24 | leading_colon: None, 25 | segments: [ 26 | ... 27 | } 28 | ``` 29 | -------------------------------------------------------------------------------- /tools/development/releases-fetch.py: -------------------------------------------------------------------------------- 1 | 2 | import requests 3 | import json 4 | 5 | GITHUB_TOKEN = 'github_pat_...' 6 | REPO_OWNER = 'verus-lang' 7 | REPO_NAME = 'verus' 8 | 9 | def fetch_all_releases(): 10 | url = f'https://api.github.com/repos/{REPO_OWNER}/{REPO_NAME}/releases' 11 | headers = { 12 | 'Authorization': f'token {GITHUB_TOKEN}', 13 | 'Accept': 'application/vnd.github.v3+json' 14 | } 15 | response = requests.get(url, headers=headers) 16 | response.raise_for_status() 17 | return response.json() 18 | 19 | all_releases = fetch_all_releases() 20 | with open('releases.json', 'w') as file: 21 | json.dump(all_releases, file, indent=4) 22 | 23 | print(f'Saved {len(all_releases)} releases to releases.json') -------------------------------------------------------------------------------- /dependencies/syn/examples/heapsize/example/src/main.rs: -------------------------------------------------------------------------------- 1 | use heapsize::HeapSize; 2 | 3 | #[derive(HeapSize)] 4 | struct Demo<'a, T: ?Sized> { 5 | a: Box, 6 | b: u8, 7 | c: &'a str, 8 | d: String, 9 | } 10 | 11 | fn main() { 12 | let demo = Demo { 13 | a: b"bytestring".to_vec().into_boxed_slice(), 14 | b: 255, 15 | c: "&'static str", 16 | d: "String".to_owned(), 17 | }; 18 | 19 | // 10 + 0 + 0 + 6 = 16 20 | println!( 21 | "heap size = {} + {} + {} + {} = {}", 22 | demo.a.heap_size_of_children(), 23 | demo.b.heap_size_of_children(), 24 | demo.c.heap_size_of_children(), 25 | demo.d.heap_size_of_children(), 26 | demo.heap_size_of_children() 27 | ); 28 | } 29 | -------------------------------------------------------------------------------- /examples/std_test/vec_test.rs: -------------------------------------------------------------------------------- 1 | use std::vec::Vec; 2 | 3 | use vstd::pervasive::runtime_assert; 4 | use vstd::prelude::*; 5 | 6 | verus! { 7 | 8 | fn vec_extend_slice_test() { 9 | let mut a: Vec = vec![1, 2]; 10 | let b: Vec = vec![3, 4]; 11 | a.extend_from_slice(b.as_slice()); 12 | runtime_assert(a.len() == 4); 13 | runtime_assert(a[0] == 1); 14 | runtime_assert(a[1] == 2); 15 | runtime_assert(a[2] == 3); 16 | runtime_assert(a[3] == 4); 17 | runtime_assert(b.len() == 2); 18 | } 19 | 20 | fn vec_is_empty_test() { 21 | let empty: Vec = vec![]; 22 | let non_empty: Vec = vec![1]; 23 | 24 | runtime_assert(empty.is_empty()); 25 | runtime_assert(!non_empty.is_empty()); 26 | } 27 | 28 | } // verus! 29 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-flag-record.md: -------------------------------------------------------------------------------- 1 | # Record flag 2 | 3 | Sometimes, you might wish to record an execution trace of Verus to share, along with all the necessary dependencies to reproduce an execution. 4 | This might be useful for either packaging up your verified project, or to report a Verus bug to the [issue tracker](https://github.com/verus-lang/verus/issues). 5 | 6 | The `--record` flag will do precisely this. In particular, to record an execution of Verus (say, `verus foo --bar --baz`), simply add the `--record` flag (for example, `verus foo --bar --baz --record`). This will re-run Verus, and package all the relevant source files, along with the execution output and version information into a zip file (`yyyy-mm-dd-hh-mm-ss.zip`) in your current directory. 7 | -------------------------------------------------------------------------------- /source/air/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "air" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | # Note: do not add any dependencies on rustc -- AIR deliberately abstracts away from rustc's internals 9 | [dependencies] 10 | sise = "0.6.0" 11 | getopts = { git = "https://github.com/utaal/getopts.git", branch = "parse-partial" } 12 | z3tracer = { git = "https://github.com/verus-lang/smt2utils.git", rev = "ec4c894d04d7cd39c9a8aa1eda51db71cc54fe61" } 13 | serde = { version = "1", features = ["derive", "rc"] } 14 | indexmap = { version = "1" } 15 | yansi = "0.5" 16 | 17 | [target.'cfg(windows)'.dependencies] 18 | win32job = "1" 19 | 20 | [features] 21 | singular = [] 22 | -------------------------------------------------------------------------------- /source/docs/zulip-icon-circle.svg: -------------------------------------------------------------------------------- 1 | -------------------------------------------------------------------------------- /source/tools/line_count/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "line_count" 3 | version = "0.1.0" 4 | edition = "2021" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | verus_syn = { version = "=0.0.0-2025-11-16-0050", path = "../../../dependencies/syn", features = ["full", "visit", "visit-mut", "extra-traits"] } 10 | verus_prettyplease = { version = "=0.0.0-2025-11-16-0050", path = "../../../dependencies/prettyplease" } 11 | getopts = "*" 12 | toml = "0.8" 13 | serde = { version = "1.0", features = ["std", "derive", "rc"] } 14 | proc-macro2 = { version = "1.0.39", default-features = false } 15 | tabled = "0.14.0" 16 | serde_json = { version = "1.0", features = ["preserve_order"] } 17 | regex = "1.10" 18 | -------------------------------------------------------------------------------- /source/vstd/std_specs/mod.rs: -------------------------------------------------------------------------------- 1 | #[cfg(feature = "alloc")] 2 | pub mod alloc; 3 | 4 | pub mod atomic; 5 | pub mod bits; 6 | pub mod borrow; 7 | pub mod clone; 8 | pub mod cmp; 9 | pub mod control_flow; 10 | pub mod convert; 11 | pub mod core; 12 | pub mod ops; 13 | 14 | #[cfg(all(feature = "alloc", feature = "std"))] 15 | pub mod hash; 16 | 17 | pub mod num; 18 | pub mod option; 19 | pub mod range; 20 | pub mod result; 21 | 22 | pub mod slice; 23 | 24 | #[cfg(feature = "alloc")] 25 | pub mod vec; 26 | 27 | #[cfg(feature = "alloc")] 28 | pub mod vecdeque; 29 | 30 | #[cfg(feature = "alloc")] 31 | pub mod smart_ptrs; 32 | 33 | // This struct is a hack that exists purely to create 34 | // a rustdoc page dedicated to 'assume_specification' specs 35 | pub struct VstdSpecsForRustStdLib; 36 | -------------------------------------------------------------------------------- /source/tools/build-run-log.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash 2 | 3 | color_blue="\x1B[1;94m" 4 | color_reset="\x1B[0m" 5 | 6 | if [ "$#" -ne 1 ]; then 7 | echo "$0" >&2 8 | echo " build on *nix, run the verifier on a single file with logging of air, vir, and smt to files in 'log/' in the same dire as the file" >&2 9 | echo "usage: $0 " >&2 10 | exit -1 11 | fi 12 | 13 | rs_file=$1 14 | rs_file_dir=`dirname "$rs_file"` 15 | rs_file_basename=`basename "$rs_file"` 16 | 17 | mkdir -p $rs_file_dir/log 18 | 19 | RUSTC=../rust/install/bin/rustc ../rust/install/bin/cargo build && \ 20 | ./tools/rust-verify.sh $rs_file \ 21 | --log-dir $rs_file_dir/log --log-all 22 | result=$? 23 | 24 | echo 25 | echo -e "${color_blue}logs${color_reset}" "$rs_file_dir/log" 26 | exit $? 27 | -------------------------------------------------------------------------------- /source/docs/guide/src/for.md: -------------------------------------------------------------------------------- 1 | # For Loops 2 | 3 | The previous section introduced a `while` loop implementation of `triangle`: 4 | 5 | ```rust 6 | {{#include ../../../../examples/guide/recursion.rs:loop}} 7 | ``` 8 | 9 | We can rewrite this as a `for` loop as follows: 10 | 11 | ```rust 12 | {{#include ../../../../examples/guide/recursion.rs:for_loop}} 13 | ``` 14 | 15 | The only difference between this `for` loop and the `while` loop 16 | is that `idx` is automatically incremented by 1 at the end of the 17 | each iteration. 18 | 19 | In addition, `iter.start`, `iter.cur`, `iter.end` reveal the start, current, and end 20 | for the iterator of range `0..n`. 21 | `iter@` records all the elements that the iterator has iterated so far. 22 | In the above example, if `idx=3`, `iter@ =~= seq![0,1,2]` 23 | -------------------------------------------------------------------------------- /examples/guide/exec_spec.rs: -------------------------------------------------------------------------------- 1 | // ANCHOR: example 2 | use vstd::prelude::*; 3 | use vstd::contrib::exec_spec::*; 4 | 5 | verus! { 6 | 7 | exec_spec! { 8 | 9 | struct Point { 10 | x: i64, 11 | y: i64, 12 | } 13 | 14 | spec fn on_line(points: Seq) -> bool { 15 | forall |i: usize| #![auto] 0 <= i < points.len() 16 | ==> points[i as int].y == points[i as int].x 17 | } 18 | 19 | } 20 | 21 | } 22 | // ANCHOR_END: example 23 | 24 | // ANCHOR: check 25 | verus! { 26 | fn main() { 27 | let p1 = ExecPoint { x: 1, y: 1 }; 28 | let p2 = ExecPoint { x: 2, y: 2 }; 29 | let points = vec![p1, p2]; 30 | assert(on_line(points.deep_view())); 31 | let b = exec_on_line(points.as_slice()); 32 | assert(b); 33 | } 34 | } 35 | // ANCHOR_END: check 36 | -------------------------------------------------------------------------------- /source/docs/internal/record-history.md: -------------------------------------------------------------------------------- 1 | The `record-history` feature records every invocation of Verus with the current source of the crate it was invoked on, and the Verus verification results and outputs. 2 | 3 | To enable, re-build vargo, then compile Verus with `--features record-history`: 4 | 5 | ``` 6 | vargo build --release --features record-history 7 | ``` 8 | 9 | Then you need a per-project opt-in. 10 | To opt-in place an empty directory named `.record-history` in the same directory as the file that acts as the crate root. That is, if you normally run Verus as 11 | 12 | ``` 13 | verus path/to/foo.rs 14 | ``` 15 | 16 | Add an empty folder named `path/to/.record-history`. 17 | 18 | The next time Verus is run, it will create `path/to/.record-history/git`, which will contain a bare repo with the recordings. -------------------------------------------------------------------------------- /source/rust_verify_test/tests/option.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] test_unwrap_expect verus_code! { 8 | use vstd::prelude::*; 9 | 10 | struct Err { 11 | error_code: int, 12 | } 13 | 14 | proof fn test_option() { 15 | let ok_option = Option::::Some(1); 16 | assert(ok_option is Some); 17 | assert(ok_option.unwrap() == 1); 18 | let ok_option2 = Option::::Some(1); 19 | assert(ok_option2 is Some); 20 | assert(ok_option2.expect("option was built with Some") == 1); 21 | let none_option = Option::::None; 22 | assert(none_option is None); 23 | } 24 | } => Ok(()) 25 | } 26 | -------------------------------------------------------------------------------- /examples/std_test/chars_iterator.rs: -------------------------------------------------------------------------------- 1 | use vstd::pervasive::runtime_assert; 2 | use vstd::prelude::*; 3 | 4 | verus! { 5 | #[verifier::loop_isolation(false)] 6 | fn test() { 7 | let s = "abca"; 8 | proof { 9 | reveal_strlit("abca"); 10 | } 11 | let mut chars_it = s.chars(); 12 | for c in it: chars_it 13 | { 14 | let is_expected_char = c == 'a' || c == 'b' || c == 'c'; 15 | runtime_assert(is_expected_char); 16 | } 17 | let mut it2 = s.chars(); 18 | let mut x = it2.next(); 19 | runtime_assert(x == Some('a')); 20 | x = it2.next(); 21 | runtime_assert(x == Some('b')); 22 | x = it2.next(); 23 | runtime_assert(x == Some('c')); 24 | x = it2.next(); 25 | runtime_assert(x == Some('a')); 26 | x = it2.next(); 27 | runtime_assert(x == None); 28 | } 29 | } -------------------------------------------------------------------------------- /source/builtin/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verus_builtin" 3 | version = "0.0.0-2025-12-14-0054" 4 | edition = "2018" 5 | license = "MIT" 6 | description = "Verus Builtins: Rust definitions for core constructs in Verus" 7 | documentation = "https://verus-lang.github.io/verus/verusdoc/vstd/pervasive" 8 | homepage = "https://github.com/verus-lang/verus" 9 | repository = "https://github.com/verus-lang/verus" 10 | readme = "../../README.md" 11 | keywords = ["verus", "verified-rust", "verification"] 12 | categories = ["development-tools"] 13 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 14 | 15 | [package.metadata.verus] 16 | is-builtin = true 17 | 18 | [lints.rust] 19 | unexpected_cfgs = { level = "warn", check-cfg = [ 20 | 'cfg(verus_keep_ghost)', 21 | 'cfg(verus_verify_core)', 22 | ] } 23 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-assert-by-nonlinear.md: -------------------------------------------------------------------------------- 1 | # assert ... by(nonlinear_arith) 2 | 3 | Invoke Z3's nonlinear solver to prove the given predicate. 4 | 5 | ``` 6 | assert(P) by(bit_vector); 7 | ``` 8 | 9 | ``` 10 | assert(P) by(bit_vector) 11 | requires Q; 12 | ``` 13 | 14 | The solver uses Z3's theory of nonlinear arithmetic. This can often solve problems 15 | that involve multiplication or division of symbolic values. For example, 16 | commutativity axioms like `a * b == b * a` are accessible in this mode. 17 | 18 | The prover does not have access to any prior context except that which is given in 19 | the `requires` clause, if provided. If the `requires` clause is provided, then the 20 | bit vector solver attempts to prove `Q ==> P`. Verus will also check (using its normal solver) 21 | that `Q` holds from the prior proof context. 22 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/erase.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] test_regression_78 verus_code! { 8 | use vstd::prelude::*; 9 | 10 | proof fn f1(t: Ghost>) { 11 | let x = t.view()->0; 12 | } 13 | 14 | spec fn f2() -> bool { 15 | let x: Option = Option::None; 16 | x is None 17 | } 18 | } => Ok(()) 19 | } 20 | 21 | test_verify_one_file! { 22 | #[test] test_regression_70 verus_code! { 23 | fn m(v: &mut u64) { } 24 | 25 | fn main() { 26 | let v = 6; 27 | m(&mut v); 28 | } 29 | } => Err(err) => assert_rust_error_msg(err, "cannot borrow `v` as mutable, as it is not declared as mutable") 30 | } 31 | -------------------------------------------------------------------------------- /examples/fun_ext.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | fn main() { 6 | } 7 | 8 | proof fn test_funext_specific_1(f1: spec_fn(u8) -> int, f2: spec_fn(u8) -> int) 9 | requires 10 | forall|x: u8| #[trigger] f1(x) == f2(x), 11 | ensures 12 | f1 == f2, 13 | { 14 | assert(f1 =~= f2); 15 | } 16 | 17 | proof fn test_funext_specific_1_alt(f1: spec_fn(u8) -> int, f2: spec_fn(u8) -> int) 18 | requires 19 | forall|x: u8| #[trigger] f1(x) == f2(x), 20 | ensures 21 | f1 == f2, 22 | { 23 | assert(f1 =~= f2); 24 | } 25 | 26 | proof fn test_funext_specific_2(f1: spec_fn(u8, u16) -> int, f2: spec_fn(u8, u16) -> int) 27 | requires 28 | forall|x, y| #[trigger] f1(x, y) == f2(x, y), 29 | ensures 30 | f1 == f2, 31 | { 32 | assert(f1 =~= f2); 33 | } 34 | 35 | } // verus! 36 | -------------------------------------------------------------------------------- /source/docs/guide/src/assert-mut-ref.md: -------------------------------------------------------------------------------- 1 | # Assertions about mutable references 2 | 3 | Assertions containing mutable references allow us to make statements about the *prior* (at the beginning of the function call) and *current* state of the piece of memory to which the mutable reference points. Consider the following example: 4 | 5 | ```rust 6 | {{#include ../../../../examples/guide/references.rs:asserts}} 7 | ``` 8 | 9 | In the `check_and_assert` function call, `*old(a)` refers to the dereferenced value of the mutable reference `a` at the *beginning* of the function call and `*a` refers to the *current* dereferenced value of the mutable reference `a`. 10 | 11 | Below is a slightly more complicated example involving both `assert`, `requires`, and `ensures`: 12 | 13 | ```rust 14 | {{#include ../../../../examples/guide/references.rs:complex}} 15 | ``` 16 | -------------------------------------------------------------------------------- /source/cargo-verus/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "cargo-verus" 3 | version = "0.1.0" 4 | edition = "2021" 5 | description = "A Cargo subcommand that enables verification of Rust code as part of the normal Cargo workflow." 6 | 7 | [features] 8 | integration-tests = [] 9 | 10 | [dependencies] 11 | cargo_metadata = "0.18.1" 12 | clap = { version = "4.5.53", features = ["derive"] } 13 | clap-cargo = "0.18.3" 14 | rustc_tools_util = "0.3.0" 15 | anyhow = "1.0" 16 | serde = { version = "1.0", features = ["derive"] } 17 | serde_json = "1.0" 18 | sha2 = "0.10.2" 19 | hex = "0.4.3" 20 | colored = "3.0.0" 21 | 22 | [build-dependencies] 23 | rustc_tools_util = "0.3.0" 24 | 25 | [dev-dependencies] 26 | assert_cmd = "2.0" 27 | tempfile = "3" 28 | 29 | [[bin]] 30 | name = "fake-cargo" 31 | path = "tests/src/fake_cargo.rs" 32 | required-features = ["integration-tests"] 33 | -------------------------------------------------------------------------------- /dependencies/syn/fuzz/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "syn-fuzz" 3 | version = "0.0.0" 4 | authors = ["David Tolnay "] 5 | edition = "2021" 6 | publish = false 7 | 8 | [package.metadata] 9 | cargo-fuzz = true 10 | 11 | [dependencies] 12 | libfuzzer-sys = "0.4" 13 | proc-macro2 = "1.0.52" 14 | syn = { path = "..", default-features = false, features = ["full", "parsing"] } 15 | 16 | [features] 17 | span-locations = ["proc-macro2/span-locations"] 18 | 19 | [[bin]] 20 | name = "create_token_buffer" 21 | path = "fuzz_targets/create_token_buffer.rs" 22 | test = false 23 | doc = false 24 | 25 | [[bin]] 26 | name = "parse_file" 27 | path = "fuzz_targets/parse_file.rs" 28 | test = false 29 | doc = false 30 | 31 | [[bin]] 32 | name = "parse_literal" 33 | path = "fuzz_targets/parse_literal.rs" 34 | test = false 35 | doc = false 36 | 37 | [workspace] 38 | -------------------------------------------------------------------------------- /examples/guide/calc.rs: -------------------------------------------------------------------------------- 1 | use vstd::calc_macro::*; 2 | use vstd::prelude::*; 3 | 4 | verus! { 5 | 6 | fn main() { 7 | } 8 | 9 | proof fn calc_example_simple() { 10 | // ANCHOR: simple 11 | let a: int = 2; 12 | calc! { 13 | (<=) 14 | a; {} 15 | a + 3; {} 16 | 5; 17 | } 18 | // ANCHOR_END: simple 19 | } 20 | 21 | #[verusfmt::skip] 22 | proof fn calc_example_transitive_relations() { 23 | // ANCHOR: transitive 24 | let x: int = 2; 25 | let y: int = 5; 26 | calc! { 27 | (<=) 28 | x; (==) {} 29 | 5 - 3; (<) {} 30 | 5int; {} // Notice that no intermediate relation 31 | // is specified here, so `calc!` will 32 | // use the top-level relation, here `<=`. 33 | y; 34 | } 35 | // ANCHOR_END: transitive 36 | } 37 | 38 | } // verus! 39 | -------------------------------------------------------------------------------- /tools/activate: -------------------------------------------------------------------------------- 1 | unset -f cargo 2>/dev/null || true 2 | 3 | # Determine the directory that this script is in 4 | if [ "$BASH_VERSION" ]; then 5 | SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" 6 | elif [ "$ZSH_VERSION" ]; then 7 | SCRIPT_DIR="$( cd "$( dirname "${(%):-%N}" )" >/dev/null 2>&1 && pwd )" 8 | else 9 | echo "Unknown shell; exiting." 10 | return 1 11 | fi 12 | 13 | echo "building vargo" 14 | ( 15 | cd "$SCRIPT_DIR/vargo" || exit 1 16 | cargo build --release || exit 1 17 | ) || return 1 18 | 19 | export PATH="$SCRIPT_DIR/vargo/target/release:$PATH" 20 | 21 | function cargo { 22 | echo "when working on Verus do not use cargo directly, use vargo instead" 1>&2 23 | echo "if you need to, you can still access cargo directly by starting a new shell without running the activate command" 1>&2 24 | return 1 25 | } 26 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/token-exchanges-as-transitions.md: -------------------------------------------------------------------------------- 1 | # Token exchanges as transitions 2 | 3 | The aim of the framework of tokenized state machines is to marry the power and ergonomics of general transition systems with the token-based approach to concurrency reasoning. 4 | 5 | To make this work, the developer has to do two special things when describing their transitions system: 6 | 7 | * First, they must annotate each field of their state datatype with what we call a _strategy_: the the strategy tells Verus how the state should break down into tokens. 8 | * Second, they must define their transitions using special commands so that the transitions can be interpretted simultaneously as [transitions on the state](./components.md) _and_ as [token exchange functions](./thinking-tokens.md). 9 | 10 | TODO write an explanation for why we need special transitions 11 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-spec-index.md: -------------------------------------------------------------------------------- 1 | # Spec index operator [] 2 | 3 | In spec expressions, the index operator is treated differently than 4 | in exec expressions, where it corresponds to the [usual Rust index operator](https://doc.rust-lang.org/std/ops/trait.Index.html). 5 | 6 | Specifically, in a spec expression, the expression `expr[i]` is a shorthand for 7 | `expr.spec_index(i)`. This is a purely syntactic transformation, and there is no 8 | particular trait. 9 | 10 | For example: 11 | 12 | * [`spec_index` for a Seq](https://verus-lang.github.io/verus/verusdoc/vstd/seq/struct.Seq.html#method.spec_index) 13 | * [`spec_index` for a Map](https://verus-lang.github.io/verus/verusdoc/vstd/map/struct.Map.html#method.spec_index) 14 | * [`spec_index` for a slice](https://verus-lang.github.io/verus/verusdoc/vstd/slice/trait.SliceAdditionalSpecFns.html#tymethod.spec_index) 15 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/partial_eq.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | // TODO: support floating point 8 | // NOTE (SOUNDNESS): need to make sure that executable code doesn't assume equality on NAN 9 | // (f32/f64 do not implement Structural) 10 | #[test] #[ignore] test_float_nan verus_code! { 11 | fn float_nan() { 12 | assert(f64::NAN == f64::NAN); // this should succeed (ghost equality) 13 | let n1 = f64::NAN; 14 | let n2 = f64::NAN; 15 | assert(n1 == n2); // this should succeed 16 | let b = (n1 == n2); // exec equality is not naive value equality; it's more complicated 17 | // this should fail: 18 | assert(b); // FAILS 19 | } 20 | } => Err(e) => assert_one_fails(e) 21 | } 22 | -------------------------------------------------------------------------------- /examples/thread.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | #[allow(unused_imports)] 3 | use verus_builtin::*; 4 | #[allow(unused_imports)] 5 | use verus_builtin_macros::*; 6 | use vstd::thread::*; 7 | 8 | verus! { 9 | 10 | fn test_calling_thread_id_twice_same_value() { 11 | let (tid1, Tracked(is1)) = thread_id(); 12 | let (tid2, Tracked(is2)) = thread_id(); 13 | proof { 14 | is1.agrees(is2); 15 | } 16 | assert(tid1 == tid2); 17 | } 18 | 19 | fn test_calling_thread_id_twice_diff_threads() { 20 | let (tid1, Tracked(is1)) = thread_id(); 21 | spawn( 22 | move || 23 | { 24 | let (tid2, Tracked(is2)) = thread_id(); 25 | // This isn't allowed: Send error 26 | /*proof { 27 | is1.agrees(is2); 28 | }*/ 29 | }, 30 | ); 31 | } 32 | 33 | } // verus! 34 | fn main() {} 35 | -------------------------------------------------------------------------------- /source/docs/guide/src/smt_perf_overview.md: -------------------------------------------------------------------------------- 1 | # Managing proof performance and why it's critical 2 | 3 | Sometimes your proof succeeds, but it takes too long. It's tempting to simply 4 | tolerate the longer verification time and move on. However, we urge you to 5 | take the time to improve the verification performance. Slow verification 6 | performance typically has an underlying cause. Diagnosing and fixing the cause 7 | is much easier to do as the problems arise; waiting until you have multiple 8 | performance problems compounds the challenges of diagnosis and repair. Plus, 9 | if the proof later breaks, you'll appreciate having a short code-prove 10 | development cycle. Keeping verification times short also makes it easier to 11 | check for regressions. 12 | 13 | This chapter describes various ways to measure the performance of your 14 | proofs and steps you can take to improve it. 15 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/nested_items.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] test_ignorable_items verus_code! { 8 | mod m { 9 | // Verus can ignore 'use' item 10 | use super::*; 11 | 12 | pub open spec fn test() -> bool { true } 13 | } 14 | 15 | fn test_use_item() { 16 | use m::test as test2; 17 | assert(test2()); 18 | } 19 | 20 | fn test_macro_item() { 21 | let mut x = 1; 22 | 23 | // Verus can ignore 'macro' item 24 | macro_rules! add_1 { 25 | () => { 26 | x = x + 1; 27 | } 28 | } 29 | 30 | add_1!(); 31 | 32 | assert(x == 2); 33 | } 34 | } => Ok(()) 35 | } 36 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/ui.rs: -------------------------------------------------------------------------------- 1 | #![feature(rustc_private)] 2 | #[macro_use] 3 | mod common; 4 | use common::*; 5 | 6 | test_verify_one_file! { 7 | #[test] regression_114_unrelated_precondition verus_code! { 8 | fn get_bool() -> (b: bool) 9 | ensures b == true 10 | { 11 | true 12 | } 13 | 14 | fn require_false() -> bool 15 | requires false // INCORRECT CONTEXT 16 | { 17 | false 18 | } 19 | 20 | fn test() { 21 | let x = 6; 22 | 23 | if !get_bool() { 24 | require_false(); 25 | } 26 | 27 | assert(x == 7); // FAILS 28 | } 29 | } => Err(e) => { 30 | assert!(e.errors.len() == 1); 31 | assert!(!e.errors[0].spans.iter().any(|x| x.text[0].text.contains("INCORRECT CONTEXT"))); 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-returns.md: -------------------------------------------------------------------------------- 1 | # returns 2 | 3 | The `returns` clause is syntactic sugar for an `ensures` clause of a certain form. 4 | The `returns` clause can be provided instead of or in addition to an `ensures` clause. 5 | 6 | The following: 7 | 8 | ```rust 9 | fn example() -> return_type 10 | returns $expr 11 | { 12 | ... 13 | } 14 | ``` 15 | 16 | is equivalent to: 17 | 18 | ```rust 19 | fn example() -> (return_name: return_type) 20 | ensures return_name == $expr 21 | { 22 | ... 23 | } 24 | ``` 25 | 26 | ## With the `#![verifier::allow_in_spec]` attribute 27 | 28 | The [`#![verifier::allow_in_spec]` attribute](./reference-attributes.md#verifierallowinspec) attribute can be applied to an executable function with a [`returns` clause](./reference-returns.md). This allows the function to be used in spec mode, where it is interpreted as equivalent to the specified return-value. 29 | -------------------------------------------------------------------------------- /examples/cargo-verus/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # This script demonstrates the flow enabled by integration with Cargo. 4 | # It requires cargo-verus to be in the current path 5 | # (usually either target-verus/debug or target-verus/release) 6 | 7 | # verify an example without codegen (like cargo check) and without applying rustc (like rust_verify 8 | # without --compile) 9 | cargo verus check --manifest-path test/Cargo.toml -p test 10 | 11 | # verify an example without codegen (like cargo check) 12 | cargo verus verify --manifest-path test/Cargo.toml -p test 13 | 14 | # build and verify an example with codegen (like cargo build) 15 | cargo verus build --manifest-path test/Cargo.toml -p test 16 | 17 | # clean with regular cargo 18 | cargo clean --manifest-path test/Cargo.toml 19 | 20 | # this time with an argument for verus 21 | cargo verus build --manifest-path test/Cargo.toml -p test -- --rlimit=60 22 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/big_rlimit/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | 3 | verus! { 4 | 5 | spec fn fib(x: nat) -> nat 6 | decreases x, 7 | { 8 | if x == 0 { 9 | 0 10 | } else if x == 1 { 11 | 1 12 | } else { 13 | fib((x - 1) as nat) + fib((x - 2) as nat) 14 | } 15 | } 16 | 17 | fn test() { 18 | // Find a setting that needs a larger than average rlimit (in debug mode) 19 | //assert(fib(15) == 610) by (compute_only); 20 | //assert(fib(20) == 6765) by (compute_only); 21 | //assert(fib(25) == 75025) by (compute_only); 22 | assert(fib(26) == 121393) by (compute_only); 23 | //assert(fib(27) == 196418) by (compute_only); 24 | //assert(fib(28) == 317811) by (compute_only); 25 | //assert(fib(30) == 832040) by (compute_only); 26 | //assert(fib(100) == 354224848179261915075) by (compute_only); 27 | } 28 | 29 | 30 | 31 | } // verus! 32 | -------------------------------------------------------------------------------- /source/air/src/def.rs: -------------------------------------------------------------------------------- 1 | use crate::ast::Ident; 2 | use std::sync::Arc; 3 | 4 | pub const PREFIX_LABEL: &str = "%%location_label%%"; 5 | pub const GLOBAL_PREFIX_LABEL: &str = "%%global_location_label%%"; 6 | const BREAK_LABEL: &str = "%%break_label%%"; 7 | pub const SWITCH_LABEL: &str = "%%switch_label%%"; 8 | pub const FUNCTION: &str = "%%Function%%"; 9 | pub const ARRAY: &str = "%%array%%"; 10 | pub const LAMBDA: &str = "%%lambda%%"; 11 | pub const CHOOSE: &str = "%%choose%%"; 12 | pub const HOLE: &str = "%%hole%%"; 13 | pub const APPLY: &str = "%%apply%%"; 14 | pub const TEMP: &str = "%%x%%"; 15 | pub const SKOLEM_ID_PREFIX: &str = "skolem"; 16 | pub const ARRAY_QID: &str = "__AIR_ARRAY_QID__"; 17 | 18 | pub fn mk_skolem_id(qid: &str) -> String { 19 | format!("{}_{}", crate::def::SKOLEM_ID_PREFIX, qid) 20 | } 21 | 22 | pub(crate) fn break_label(label: &Ident) -> Ident { 23 | Arc::new(format!("{}{}", BREAK_LABEL, label)) 24 | } 25 | -------------------------------------------------------------------------------- /examples/guide/equality.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | 6 | verus! { 7 | 8 | // ANCHOR: eq1 9 | fn equal1(x: u8, y: u8) { 10 | let eq1 = x == y; // means x.eq(y) in Rust 11 | let eq2 = y == x; // means y.eq(x) in Rust 12 | assert(eq1 ==> eq2); // succeeds 13 | } 14 | // ANCHOR_END: eq1 15 | 16 | /* 17 | // ANCHOR: eq2 18 | fn equal2(x: A, y: A) { 19 | let eq1 = x == y; // means x.eq(y) in Rust 20 | let eq2 = y == x; // means y.eq(x) in Rust 21 | assert(eq1 ==> eq2); // won't work; we can't be sure that A is an equivalence relation 22 | } 23 | // ANCHOR_END: eq2 24 | */ 25 | 26 | // ANCHOR: eq3 27 | fn equal3(x: u8, y: u8) { 28 | assert({ 29 | let eq1 = x == y; 30 | let eq2 = y == x; 31 | eq1 ==> eq2 32 | }); 33 | } 34 | // ANCHOR_END: eq3 35 | 36 | fn main() { 37 | } 38 | 39 | } // verus! 40 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/file.rs: -------------------------------------------------------------------------------- 1 | use crate::workspace_path; 2 | use anyhow::Result; 3 | use proc_macro2::TokenStream; 4 | use std::fs; 5 | use std::io::Write; 6 | use std::path::Path; 7 | 8 | pub fn write(relative_to_workspace_root: impl AsRef, content: TokenStream) -> Result<()> { 9 | let mut formatted = Vec::new(); 10 | writeln!( 11 | formatted, 12 | "// This file is @generated by syn-internal-codegen." 13 | )?; 14 | writeln!(formatted, "// It is not intended for manual editing.")?; 15 | writeln!(formatted)?; 16 | 17 | let syntax_tree: syn::File = syn::parse2(content).unwrap(); 18 | let pretty = prettyplease::unparse(&syntax_tree); 19 | write!(formatted, "{}", pretty)?; 20 | 21 | let path = workspace_path::get(relative_to_workspace_root); 22 | if path.is_file() && fs::read(&path)? == formatted { 23 | return Ok(()); 24 | } 25 | 26 | fs::write(path, formatted)?; 27 | Ok(()) 28 | } 29 | -------------------------------------------------------------------------------- /dependencies/syn/tests/test_token_trees.rs: -------------------------------------------------------------------------------- 1 | #![allow( 2 | clippy::elidable_lifetime_names, 3 | clippy::needless_lifetimes, 4 | clippy::uninlined_format_args 5 | )] 6 | 7 | #[macro_use] 8 | mod snapshot; 9 | 10 | mod debug; 11 | 12 | use proc_macro2::TokenStream; 13 | use quote::quote; 14 | use syn::Lit; 15 | 16 | #[test] 17 | fn test_struct() { 18 | let input = " 19 | #[derive(Debug, Clone)] 20 | pub struct Item { 21 | pub ident: Ident, 22 | pub attrs: Vec, 23 | } 24 | "; 25 | 26 | snapshot!(input as TokenStream, @r##" 27 | TokenStream( 28 | `# [derive (Debug , Clone)] pub struct Item { pub ident : Ident , pub attrs : Vec < Attribute >, }`, 29 | ) 30 | "##); 31 | } 32 | 33 | #[test] 34 | fn test_literal_mangling() { 35 | let code = "0_4"; 36 | let parsed: Lit = syn::parse_str(code).unwrap(); 37 | assert_eq!(code, quote!(#parsed).to_string()); 38 | } 39 | -------------------------------------------------------------------------------- /source/docs/guide/src/static.md: -------------------------------------------------------------------------------- 1 | # Static items 2 | 3 | Verus supports static items, similar to `const` items. Unlike `const` items, though, 4 | `static` items are only usable in `exec` mode. Note that this requires them to be 5 | _explicitly_ marked as `exec`: 6 | 7 | ``` 8 | exec static x: u64 = 0; 9 | ``` 10 | 11 | The reason for this is consistency with `const`; for `const` items, the default mode 12 | for an unmarked const item is the [dual `spec`-`exec` mode](./const.md). 13 | However, this mode is not supported for `static` items; therefore, static items 14 | need to be explicitly marked `exec`. 15 | 16 | Note there are some **limitations** to the current support for `static` items. 17 | Currently, a static item cannot be referenced from a spec expression. This means, for example, 18 | that you can't prove that two uses of the same static item give the same value 19 | if those uses are in different functions. We expect this limitation will be lifted 20 | in the future. 21 | -------------------------------------------------------------------------------- /tools/development/issues-render-adopt-an-issue.py: -------------------------------------------------------------------------------- 1 | import json 2 | import json 3 | import markdown 4 | 5 | with open('issues.json', 'r') as json_file: 6 | issues = json.load(json_file) 7 | 8 | md = "" 9 | 10 | for issue in issues: 11 | md += f"## [{issue['number']}]({issue['html_url']}) {issue['title']}\n" 12 | md += "\n" 13 | if len(issue['labels']) != 0: 14 | md += "**Labels**: " 15 | for label in issue['labels']: 16 | md += f"`{label['name']}` " 17 | md += "\n" 18 | if len(issue['assignees']) != 0: 19 | md += "**Assignees**: " 20 | for assignee in issue['assignees']: 21 | md += f"`{assignee['login']}` " 22 | md += "\n" 23 | md += "\n" 24 | md += "\n" 25 | md += "**Nominated as adoptable**: \n" 26 | md += "\n" 27 | md += "**Adopter**: \n" 28 | md += "\n" 29 | 30 | html = markdown.markdown(md) 31 | 32 | with open('issues.html', 'w') as file: 33 | file.write(html) -------------------------------------------------------------------------------- /dependencies/syn/codegen/src/operand.rs: -------------------------------------------------------------------------------- 1 | use proc_macro2::TokenStream; 2 | use quote::quote; 3 | 4 | pub enum Operand { 5 | Borrowed(TokenStream), 6 | Owned(TokenStream), 7 | } 8 | 9 | pub use self::Operand::{Borrowed, Owned}; 10 | 11 | impl Operand { 12 | pub fn tokens(&self) -> &TokenStream { 13 | match self { 14 | Borrowed(n) | Owned(n) => n, 15 | } 16 | } 17 | 18 | pub fn ref_tokens(&self) -> TokenStream { 19 | match self { 20 | Borrowed(n) => n.clone(), 21 | Owned(n) => quote!(&#n), 22 | } 23 | } 24 | 25 | pub fn ref_mut_tokens(&self) -> TokenStream { 26 | match self { 27 | Borrowed(n) => n.clone(), 28 | Owned(n) => quote!(&mut #n), 29 | } 30 | } 31 | 32 | pub fn owned_tokens(&self) -> TokenStream { 33 | match self { 34 | Borrowed(n) => quote!(*#n), 35 | Owned(n) => n.clone(), 36 | } 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /source/docs/guide/src/char.md: -------------------------------------------------------------------------------- 1 | # The `char` primitive 2 | 3 | Citing the [Rust documentation on `char`](https://doc.rust-lang.org/std/primitive.char.html): 4 | 5 | > A char is a ‘Unicode scalar value’, which is any ‘Unicode code point’ other than a surrogate code point. This has a fixed numerical definition: code points are in the range 0 to 0x10FFFF, inclusive. Surrogate code points, used by UTF-16, are in the range 0xD800 to 0xDFFF. 6 | 7 | Verus treats `char` similarly to bounded integer primitives like `u64` or `u32`: We represent 8 | `char` as an integer. A `char` always carries an invariant that it is in the prescribed set 9 | of allowed values: 10 | 11 | `[0, 0xD7ff] ∪ [0xE000, 0x10FFFF]` 12 | 13 | In spec code, chars can be [cast to and from other integer types using `as`](./reference-as.md). 14 | This is more 15 | permissive than exec code, which disallows many of these coercions. 16 | As with other coercions, the result may be undefined if the integer being coerced does not 17 | fit in the target range. 18 | -------------------------------------------------------------------------------- /examples/playground.rs: -------------------------------------------------------------------------------- 1 | use verus_builtin::*; 2 | use verus_builtin_macros::*; 3 | 4 | verus! { 5 | 6 | #[derive(PartialEq, Eq, Structural)] 7 | struct S { 8 | a: A, 9 | b: bool, 10 | } 11 | 12 | fn add1(a: &mut u32) 13 | requires 14 | *old(a) < 10, 15 | ensures 16 | *a == *old(a) + 1, 17 | { 18 | *a = *a + 1; 19 | } 20 | 21 | fn foo(s: S) { 22 | // let mut s = s; 23 | let mut s = S { a: 5, b: false }; 24 | add1(&mut s.a); 25 | assert(s.a == 6); 26 | assert(s.b == false); 27 | assert(s == S { a: 6u32, b: false }); 28 | } 29 | 30 | // The following causes a trigger loop (useful for testing rlimit-related features): 31 | // 32 | // spec fn f(x: nat, y: nat) -> bool; 33 | // 34 | // proof fn goodbye_z3() 35 | // requires forall|x: nat, y: nat| f(x + 1, 2 * y) && f(2 * x, y + x) || f(y, x) ==> (#[trigger] f(x, y)), 36 | // ensures forall|x: nat, y: nat| x > 2318 && y < 100 ==> f(x, y), 37 | // { 38 | // } 39 | fn main() { 40 | } 41 | 42 | } // verus! 43 | -------------------------------------------------------------------------------- /source/vir/src/unicode.rs: -------------------------------------------------------------------------------- 1 | use num_bigint::BigInt; 2 | use std::convert::TryFrom; 3 | 4 | // "A char is a 'Unicode scalar value', which is any 'Unicode code point' 5 | // other than a surrogate code point. This has a fixed numerical definition: 6 | // code points are in the range 0 to 0x10FFFF, inclusive. 7 | // Surrogate code points, used by UTF-16, are in the range 0xD800 to 0xDFFF." 8 | // 9 | // From https://doc.rust-lang.org/std/primitive.char.html 10 | 11 | pub const CHAR_RANGE_1_MIN: u32 = 0; 12 | pub const CHAR_RANGE_1_MAX: u32 = 0xD7FF; 13 | 14 | pub const CHAR_RANGE_2_MIN: u32 = 0xE000; 15 | pub const CHAR_RANGE_2_MAX: u32 = char::MAX as u32; 16 | 17 | fn valid_unicode_scalar(i: u32) -> bool { 18 | (CHAR_RANGE_1_MIN <= i && i <= CHAR_RANGE_1_MAX) 19 | || (CHAR_RANGE_2_MIN <= i && i <= CHAR_RANGE_2_MAX) 20 | } 21 | 22 | pub(crate) fn valid_unicode_scalar_bigint(i: &BigInt) -> bool { 23 | match u32::try_from(i) { 24 | Ok(x) => valid_unicode_scalar(x), 25 | Err(_) => false, 26 | } 27 | } 28 | -------------------------------------------------------------------------------- /dependencies/syn/codegen/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "syn-internal-codegen" 3 | version = "0.0.0" 4 | authors = ["David Tolnay ", "Nika Layzell "] 5 | edition = "2021" 6 | 7 | publish = false # this is an internal crate which should never be published 8 | 9 | [features] 10 | default = ["json"] 11 | json = ["syn-codegen/serde"] 12 | 13 | [dependencies] 14 | anyhow = "1" 15 | color-backtrace = "0.7" 16 | indexmap = { version = "2", features = ["serde"] } 17 | indoc = "2" 18 | inflections = "1.1" 19 | prettyplease = "0.2.3" 20 | proc-macro2 = { version = "1.0.20", features = ["span-locations"] } 21 | quote = "1" 22 | semver = { version = "1", features = ["serde"] } 23 | serde = "1.0.88" 24 | serde_json = "1.0.38" 25 | syn = { version = "2", features = ["derive", "full", "parsing", "printing"], default-features = false } 26 | syn-codegen = { path = "../json", default-features = false } 27 | toml = { version = "0.9", default-features = false, features = ["parse", "serde"] } 28 | 29 | [workspace] 30 | -------------------------------------------------------------------------------- /dependencies/syn/tests/repo/progress.rs: -------------------------------------------------------------------------------- 1 | use std::io::{Read, Result}; 2 | use std::time::{Duration, Instant}; 3 | 4 | pub struct Progress { 5 | bytes: usize, 6 | tick: Instant, 7 | stream: R, 8 | } 9 | 10 | impl Progress { 11 | pub fn new(stream: R) -> Self { 12 | Progress { 13 | bytes: 0, 14 | tick: Instant::now() + Duration::from_millis(2000), 15 | stream, 16 | } 17 | } 18 | } 19 | 20 | impl Read for Progress { 21 | fn read(&mut self, buf: &mut [u8]) -> Result { 22 | let num = self.stream.read(buf)?; 23 | self.bytes += num; 24 | let now = Instant::now(); 25 | if now > self.tick { 26 | self.tick = now + Duration::from_millis(500); 27 | errorf!("downloading... {} bytes\n", self.bytes); 28 | } 29 | Ok(num) 30 | } 31 | } 32 | 33 | impl Drop for Progress { 34 | fn drop(&mut self) { 35 | errorf!("done ({} bytes)\n", self.bytes); 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /source/docs/verus/css/base.css: -------------------------------------------------------------------------------- 1 | * { margin: 0; padding: 0;} 2 | 3 | body, html { height:100%; } 4 | body { 5 | padding-top: 20px; 6 | font-family: 'Open Sans', sans-serif; 7 | font-size: 11pt; 8 | } 9 | a { 10 | text-decoration: none; 11 | } 12 | a:hover { 13 | text-decoration: underline; 14 | } 15 | 16 | div.main { 17 | display: block; 18 | background-color: white; 19 | padding: 30px 10px 30px 10px; 20 | color: #222; 21 | border-bottom: 1px solid #999; 22 | } 23 | div.posts { 24 | display: block; 25 | flex-grow: 1; 26 | margin-left: 30px; 27 | margin-right: 30px; 28 | max-width: 500px; 29 | } 30 | div.posts .excerpt { 31 | text-align: justify; 32 | } 33 | div.main:first-child { 34 | margin-top: 20px; 35 | border-top: 1px solid #999; 36 | } 37 | div.main:last-child { 38 | margin-bottom: 40px; 39 | } 40 | div.main.highlight { 41 | background-color: #d0d0ff; 42 | } 43 | 44 | div.base_header { 45 | display: flex; 46 | justify-content: space-between; 47 | padding-left: 40px; 48 | padding-right: 40px; 49 | } 50 | -------------------------------------------------------------------------------- /examples/state_machines/adder_generic.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | #[allow(unused_imports)] 3 | use verus_builtin::*; 4 | use vstd::{pervasive::*, *}; 5 | 6 | use verus_state_machines_macros::state_machine; 7 | 8 | state_machine!( 9 | X { 10 | fields { 11 | pub number: int, 12 | pub t: T, 13 | } 14 | 15 | init!{ 16 | initialize(t: T) { 17 | init number = 0; 18 | init t = t; 19 | } 20 | } 21 | 22 | transition!{ 23 | add(n: int) { 24 | update number = pre.number + 2*n; 25 | } 26 | } 27 | 28 | #[invariant] 29 | pub fn is_even(&self) -> bool { 30 | self.number % 2 == 0 31 | } 32 | 33 | #[inductive(initialize)] 34 | fn init_preserves(post: Self, t: T) { 35 | } 36 | 37 | #[inductive(add)] 38 | fn add_preserves(pre: Self, post: Self, n: int) { 39 | } 40 | } 41 | ); 42 | 43 | fn main() {} 44 | -------------------------------------------------------------------------------- /source/docs/publications-and-projects/css/base.css: -------------------------------------------------------------------------------- 1 | * { margin: 0; padding: 0;} 2 | 3 | body, html { height:100%; } 4 | body { 5 | padding-top: 20px; 6 | font-family: 'Open Sans', sans-serif; 7 | font-size: 11pt; 8 | } 9 | a { 10 | text-decoration: none; 11 | } 12 | a:hover { 13 | text-decoration: underline; 14 | } 15 | 16 | div.main { 17 | display: block; 18 | background-color: white; 19 | padding: 30px 10px 30px 10px; 20 | color: #222; 21 | border-bottom: 1px solid #999; 22 | } 23 | div.posts { 24 | display: block; 25 | flex-grow: 1; 26 | margin-left: 30px; 27 | margin-right: 30px; 28 | max-width: 500px; 29 | } 30 | div.posts .excerpt { 31 | text-align: justify; 32 | } 33 | div.main:first-child { 34 | margin-top: 20px; 35 | border-top: 1px solid #999; 36 | } 37 | div.main:last-child { 38 | margin-bottom: 40px; 39 | } 40 | div.main.highlight { 41 | background-color: #d0d0ff; 42 | } 43 | 44 | div.base_header { 45 | display: flex; 46 | justify-content: space-between; 47 | padding-left: 40px; 48 | padding-right: 40px; 49 | } 50 | -------------------------------------------------------------------------------- /source/rust_verify_test/tests/cargo-tests/verified/vstd_macro_usage/src/lib.rs: -------------------------------------------------------------------------------- 1 | use vstd::prelude::*; 2 | use vstd::*; 3 | 4 | verus! { 5 | 6 | proof fn contradiction_test() { 7 | assert_by_contradiction!(1 == 0 + 1, { 8 | assert(false); 9 | }); 10 | } 11 | 12 | proof fn map_test() { 13 | let m1 = map![1nat => true, 2 => false]; 14 | let m2 = map![1nat => true, 2 => false]; 15 | assert_maps_equal!(m1, m2); 16 | } 17 | 18 | proof fn seq_test() { 19 | let s1 = seq![true, false]; 20 | let s2 = Seq::empty().push(true).push(false); 21 | assert_seqs_equal!(s1, s2); 22 | } 23 | 24 | proof fn calc_test(x: int, y: int, z: int) 25 | requires x + y == z, 26 | { 27 | calc! { 28 | (==) 29 | x + y; 30 | {} 31 | z; 32 | } 33 | } 34 | 35 | pub fn do_something(x: u64, y: u64, z: u64) -> (w: u64) 36 | requires x + y == z, 37 | { 38 | proof { 39 | calc_test(x as int, y as int, z as int); 40 | } 41 | if x < y { 42 | x 43 | } else { 44 | z 45 | } 46 | } 47 | 48 | 49 | } // verus! 50 | -------------------------------------------------------------------------------- /source/state_machines_macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verus_state_machines_macros" 3 | version = "0.0.0-2025-11-23-0053" 4 | edition = "2018" 5 | license = "MIT" 6 | description = "Verus State-Machine Macros: Various macros used by Verus to define and reason about atomic and sharded state machines" 7 | homepage = "https://github.com/verus-lang/verus" 8 | repository = "https://github.com/verus-lang/verus" 9 | documentation = "https://verus-lang.github.io/verus/state_machines/" 10 | readme = "../../README.md" 11 | keywords = ["verus", "verified-rust", "verification"] 12 | categories = ["development-tools"] 13 | 14 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 15 | 16 | [dependencies] 17 | verus_syn = { version= "=0.0.0-2025-11-16-0050", path="../../dependencies/syn", features = ["full", "visit", "visit-mut", "extra-traits"] } 18 | quote = "1.0" 19 | proc-macro2 = "1.0" 20 | indexmap = { version = "1" } 21 | 22 | [lib] 23 | proc-macro = true 24 | 25 | [lints.rust] 26 | unexpected_cfgs = { level = "warn", check-cfg = ['cfg(verus_keep_ghost)'] } 27 | -------------------------------------------------------------------------------- /dependencies/syn/tests/regression/issue1235.rs: -------------------------------------------------------------------------------- 1 | use proc_macro2::{Delimiter, Group}; 2 | use quote::quote; 3 | 4 | #[test] 5 | fn main() { 6 | // Okay. Rustc allows top-level `static` with no value syntactically, but 7 | // not semantically. Syn parses as Item::Verbatim. 8 | let tokens = quote! { 9 | pub static FOO: usize; 10 | pub static BAR: usize; 11 | }; 12 | let file = syn::parse2::(tokens).unwrap(); 13 | println!("{:#?}", file); 14 | 15 | // Okay. 16 | let inner = Group::new( 17 | Delimiter::None, 18 | quote!(static FOO: usize = 0; pub static BAR: usize = 0), 19 | ); 20 | let tokens = quote!(pub #inner;); 21 | let file = syn::parse2::(tokens).unwrap(); 22 | println!("{:#?}", file); 23 | 24 | // Formerly parser crash. 25 | let inner = Group::new( 26 | Delimiter::None, 27 | quote!(static FOO: usize; pub static BAR: usize), 28 | ); 29 | let tokens = quote!(pub #inner;); 30 | let file = syn::parse2::(tokens).unwrap(); 31 | println!("{:#?}", file); 32 | } 33 | -------------------------------------------------------------------------------- /tools/development/issues-fetch.py: -------------------------------------------------------------------------------- 1 | 2 | import requests 3 | import json 4 | 5 | # Replace with your personal access token 6 | GITHUB_TOKEN = 'github_pat_...' 7 | REPO_OWNER = 'verus-lang' 8 | REPO_NAME = 'verus' 9 | 10 | url = f'https://api.github.com/repos/{REPO_OWNER}/{REPO_NAME}/issues' 11 | url += '?state=open' 12 | 13 | headers = { 14 | 'Authorization': f'token {GITHUB_TOKEN}', 15 | 'Accept': 'application/vnd.github.v3+json' 16 | } 17 | 18 | def fetch_issues(url): 19 | issues = [] 20 | while url: 21 | response = requests.get(url, headers=headers) 22 | response_data = response.json() 23 | issues.extend(response_data) 24 | 25 | if 'next' in response.links: 26 | url = response.links['next']['url'] 27 | else: 28 | url = None 29 | return issues 30 | 31 | all_issues = fetch_issues(url) 32 | all_issues = [i for i in all_issues if 'pull_request' not in i] 33 | 34 | with open('issues.json', 'w') as file: 35 | json.dump(all_issues, file, indent=4) 36 | 37 | print(f'Saved {len(all_issues)} issues to issues.json') 38 | -------------------------------------------------------------------------------- /examples/calc.rs: -------------------------------------------------------------------------------- 1 | #[allow(unused_imports)] 2 | use verus_builtin::*; 3 | #[allow(unused_imports)] 4 | use verus_builtin_macros::*; 5 | 6 | #[allow(unused_imports)] 7 | use vstd::{calc_macro::*, prelude, seq::*, seq_lib::*}; 8 | 9 | verus! { 10 | 11 | fn main() { 12 | } 13 | 14 | proof fn calc_example_usage() { 15 | let a: Seq = seq![1u8, 2u8]; 16 | let b: Seq = seq![1u8]; 17 | let c: Seq = seq![2u8]; 18 | let d: Seq = seq![1u8, 2u8]; 19 | calc! { 20 | (==) 21 | a; (==) { 22 | assert_seqs_equal!(a == b + c); 23 | } 24 | b + c; { 25 | assert_seqs_equal!(b + c == d); 26 | } 27 | d; 28 | }; 29 | calc! { 30 | (<=) 31 | (2 as int); (==) {} 32 | 3 - 1; {} 33 | 5; 34 | }; 35 | calc! { 36 | (==>) 37 | (5 > 4); (==) {} 38 | (4 >= 4); (<==>) {} 39 | (2 > 1); (==>) {} 40 | (1 > 0); {} 41 | true; 42 | }; 43 | calc! { 44 | (==>) 45 | false; {} 46 | true; 47 | }; 48 | } 49 | 50 | } // verus! 51 | -------------------------------------------------------------------------------- /examples/state_machines/adder.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | #[allow(unused_imports)] 3 | use verus_builtin::*; 4 | use verus_builtin_macros::*; 5 | use vstd::{pervasive::*, *}; 6 | 7 | use verus_state_machines_macros::state_machine; 8 | 9 | verus! { 10 | 11 | state_machine!( 12 | X { 13 | fields { 14 | pub number: int, 15 | } 16 | 17 | init!{ 18 | initialize() { 19 | let x = 5 + 9; 20 | init number = 0; 21 | } 22 | } 23 | 24 | transition!{ 25 | add(n: int) { 26 | require n == 0; 27 | update number = pre.number + 2*n; 28 | } 29 | } 30 | 31 | #[invariant] 32 | pub fn is_even(&self) -> bool { 33 | self.number % 2 == 0 34 | } 35 | 36 | #[inductive(initialize)] 37 | fn initialize_inductive(post: Self) { } 38 | 39 | #[inductive(add)] 40 | fn add_inductive(pre: Self, post: Self, n: int) { 41 | } 42 | 43 | } 44 | ); 45 | 46 | } // verus! 47 | fn main() {} 48 | -------------------------------------------------------------------------------- /examples/invariants.rs: -------------------------------------------------------------------------------- 1 | #![allow(unused_imports)] 2 | 3 | use vstd::prelude::*; 4 | use vstd::invariant::*; 5 | 6 | verus! { 7 | 8 | struct ModPredicate {} 9 | 10 | impl InvariantPredicate for ModPredicate { 11 | closed spec fn inv(k: int, v: u32) -> bool { 12 | v as int % 2 == k 13 | } 14 | } 15 | 16 | pub fn main() { 17 | let tracked u: u32 = 5u32; 18 | let tracked i: AtomicInvariant = AtomicInvariant::new(1, u, 0); 19 | open_atomic_invariant!(&i => inner => { 20 | proof { 21 | if inner == 1u32 { 22 | inner = 3u32; 23 | } 24 | } 25 | }); 26 | let tracked j: AtomicInvariant = AtomicInvariant::new(1, 7u32, 1); 27 | open_atomic_invariant!(&i => inner_i => { 28 | open_atomic_invariant!(&j => inner_j => { 29 | proof { 30 | let tracked tmp = inner_i; 31 | inner_i = inner_j; 32 | inner_j = tmp; 33 | } 34 | }); 35 | }); 36 | let tracked j = i.into_inner(); 37 | assert(j % 2 == 1); 38 | } 39 | 40 | } // verus! 41 | -------------------------------------------------------------------------------- /dependencies/syn/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Permission is hereby granted, free of charge, to any 2 | person obtaining a copy of this software and associated 3 | documentation files (the "Software"), to deal in the 4 | Software without restriction, including without 5 | limitation the rights to use, copy, modify, merge, 6 | publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software 8 | is furnished to do so, subject to the following 9 | conditions: 10 | 11 | The above copyright notice and this permission notice 12 | shall be included in all copies or substantial portions 13 | of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 16 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 17 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 18 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 19 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 20 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 22 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 23 | DEALINGS IN THE SOFTWARE. 24 | -------------------------------------------------------------------------------- /source/rust_verify_test_macros/src/rust_code.rs: -------------------------------------------------------------------------------- 1 | // ACKNOWLEDGEMENT: adapted from Mara Bos' (@m_ou_se) https://blog.m-ou.se/writing-python-inside-rust-2/ 2 | 3 | use proc_macro::TokenStream; 4 | 5 | pub(crate) fn rust_code_core(input: TokenStream) -> String { 6 | let mut tokens = input.into_iter(); 7 | let mut span = tokens.next().unwrap().span(); 8 | while let Some(token) = tokens.next() { 9 | span = span.join(token.span()).unwrap(); 10 | } 11 | 12 | if let Some(src) = span.source_text() { 13 | let n = span.start().column() - 1; 14 | let original_src = src; 15 | let mut src = String::new(); 16 | let mut lines = original_src.lines(); 17 | src += lines.next().unwrap(); 18 | src += "\n"; 19 | for line in lines { 20 | let (indent, line) = line.split_at(n.min(line.len())); 21 | assert!(!indent.contains(|c| c != ' '), "Invalid indentation"); 22 | src += line; 23 | src += "\n"; 24 | } 25 | src 26 | } else { 27 | "panic!(\"source_text() returned None\")".to_string() 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /dependencies/syn/tests/test_asyncness.rs: -------------------------------------------------------------------------------- 1 | #![allow( 2 | clippy::elidable_lifetime_names, 3 | clippy::needless_lifetimes, 4 | clippy::uninlined_format_args 5 | )] 6 | 7 | #[macro_use] 8 | mod snapshot; 9 | 10 | mod debug; 11 | 12 | use syn::{Expr, Item}; 13 | 14 | #[test] 15 | fn test_async_fn() { 16 | let input = "async fn process() {}"; 17 | 18 | snapshot!(input as Item, @r#" 19 | Item::Fn { 20 | vis: Visibility::Inherited, 21 | sig: Signature { 22 | asyncness: Some, 23 | ident: "process", 24 | generics: Generics, 25 | output: ReturnType::Default, 26 | }, 27 | block: Block { 28 | stmts: [], 29 | }, 30 | } 31 | "#); 32 | } 33 | 34 | #[test] 35 | fn test_async_closure() { 36 | let input = "async || {}"; 37 | 38 | snapshot!(input as Expr, @r#" 39 | Expr::Closure { 40 | asyncness: Some, 41 | output: ReturnType::Default, 42 | body: Expr::Block { 43 | block: Block { 44 | stmts: [], 45 | }, 46 | }, 47 | } 48 | "#); 49 | } 50 | -------------------------------------------------------------------------------- /dependencies/prettyplease/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Permission is hereby granted, free of charge, to any 2 | person obtaining a copy of this software and associated 3 | documentation files (the "Software"), to deal in the 4 | Software without restriction, including without 5 | limitation the rights to use, copy, modify, merge, 6 | publish, distribute, sublicense, and/or sell copies of 7 | the Software, and to permit persons to whom the Software 8 | is furnished to do so, subject to the following 9 | conditions: 10 | 11 | The above copyright notice and this permission notice 12 | shall be included in all copies or substantial portions 13 | of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 16 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 17 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 18 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 19 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 20 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 21 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 22 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 23 | DEALINGS IN THE SOFTWARE. 24 | -------------------------------------------------------------------------------- /source/builtin_macros/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "verus_builtin_macros" 3 | version = "0.0.0-2025-12-07-0054" 4 | edition = "2018" 5 | license = "MIT" 6 | description = "Verus Builtin Macros: Various macros used by Verus" 7 | homepage = "https://github.com/verus-lang/verus" 8 | repository = "https://github.com/verus-lang/verus" 9 | readme = "../../README.md" 10 | keywords = ["verus", "verified-rust", "verification"] 11 | categories = ["development-tools"] 12 | 13 | [lib] 14 | proc-macro = true 15 | 16 | [dependencies] 17 | proc-macro2 = "1.0.39" 18 | quote = "1.0" 19 | synstructure = "0.13.2" 20 | syn = { version = "2.0", features = ["full", "visit", "visit-mut", "extra-traits"] } 21 | verus_syn = { version = "=0.0.0-2025-11-16-0050", path = "../../dependencies/syn", features = ["full", "visit", "visit-mut", "extra-traits"] } 22 | verus_prettyplease = { version = "=0.0.0-2025-11-16-0050", path = "../../dependencies/prettyplease" } 23 | 24 | [package.metadata.verus] 25 | is-builtin-macros = true 26 | 27 | [lints.rust] 28 | unexpected_cfgs = { level = "warn", check-cfg = ['cfg(verus_keep_ghost)'] } 29 | 30 | [features] 31 | vpanic = [] 32 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-opens-invariants.md: -------------------------------------------------------------------------------- 1 | # opens_invariants 2 | 3 | The `opens_invariants` clause may be applied to any `proof` or `exec` function. 4 | 5 | This indicates the set of _names_ of tracked invariants that may be opened by the function. 6 | At this time, it has three forms. See [the documentation for `open_local_invariant`](https://verus-lang.github.io/verus/verusdoc/vstd/macro.open_local_invariant.html#avoiding-reentrancy) for more information about why Verus enforces these restrictions. 7 | 8 | ``` 9 | fn example() 10 | opens_invariants any 11 | { 12 | // Any invariant may be opened here 13 | } 14 | ``` 15 | 16 | or: 17 | 18 | ``` 19 | fn example() 20 | opens_invariants none 21 | { 22 | // No invariant may be opened here 23 | } 24 | ``` 25 | 26 | or: 27 | 28 | ``` 29 | fn example() 30 | opens_invariants [ $EXPR1, $EXPR2, ... ] 31 | { 32 | // Only invariants with names in [ $EXPR1, $EXPR2, ... ] may be opened. 33 | } 34 | ``` 35 | 36 | ### Defaults 37 | 38 | For `exec` functions, the default is `opens_invariants any`. 39 | 40 | For `proof` functions, the default is `opens_invariants none`. 41 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 The Verus Contributors 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /dependencies/prettyplease/src/iter.rs: -------------------------------------------------------------------------------- 1 | use std::iter::Peekable; 2 | use std::ops::Deref; 3 | 4 | pub struct Delimited { 5 | is_first: bool, 6 | iter: Peekable, 7 | } 8 | 9 | pub trait IterDelimited: Iterator + Sized { 10 | fn delimited(self) -> Delimited { 11 | Delimited { 12 | is_first: true, 13 | iter: self.peekable(), 14 | } 15 | } 16 | } 17 | 18 | impl IterDelimited for I {} 19 | 20 | pub struct IteratorItem { 21 | value: T, 22 | pub is_first: bool, 23 | pub is_last: bool, 24 | } 25 | 26 | impl Iterator for Delimited { 27 | type Item = IteratorItem; 28 | 29 | fn next(&mut self) -> Option { 30 | let item = IteratorItem { 31 | value: self.iter.next()?, 32 | is_first: self.is_first, 33 | is_last: self.iter.peek().is_none(), 34 | }; 35 | self.is_first = false; 36 | Some(item) 37 | } 38 | } 39 | 40 | impl Deref for IteratorItem { 41 | type Target = T; 42 | 43 | fn deref(&self) -> &Self::Target { 44 | &self.value 45 | } 46 | } 47 | -------------------------------------------------------------------------------- /examples/guide/overflow.rs: -------------------------------------------------------------------------------- 1 | // rust_verify/tests/example.rs 2 | #[allow(unused_imports)] 3 | use verus_builtin::*; 4 | #[allow(unused_imports)] 5 | use verus_builtin_macros::*; 6 | use vstd::prelude::*; 7 | 8 | verus! { 9 | 10 | /* 11 | // ANCHOR: compute_sum_fails 12 | fn compute_sum_fails(x: u64, y: u64) -> (result: u64) 13 | ensures 14 | result == x + y, 15 | { 16 | x + y // error: possible arithmetic underflow/overflow 17 | } 18 | // ANCHOR_END: compute_sum_fails 19 | */ 20 | 21 | // ANCHOR: compute_sum_limited 22 | fn compute_sum_limited(x: u64, y: u64) -> (result: u64) 23 | requires 24 | x < 1000000, 25 | y < 1000000, 26 | ensures 27 | result == x + y, 28 | { 29 | x + y 30 | } 31 | // ANCHOR_END: compute_sum_limited 32 | 33 | // ANCHOR: compute_sum_runtime_check 34 | fn compute_sum_runtime_check(x: u64, y: u64) -> (result: Option) 35 | ensures 36 | match result { 37 | Some(z) => z == x + y, 38 | None => x + y > u64::MAX, 39 | }, 40 | { 41 | x.checked_add(y) 42 | } 43 | // ANCHOR: compute_sum_runtime_check 44 | 45 | fn main() { 46 | } 47 | 48 | } // verus! 49 | 50 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-assert-forall-by.md: -------------------------------------------------------------------------------- 1 | # assert forall ... by 2 | 3 | The `assert forall ... by` statement is used to write a proof of a `forall` expression 4 | while introducing the quantified variables into the context. 5 | 6 | ```rust 7 | assert forall |idents| P by { 8 | // ... proof here 9 | } 10 | // ... remainder 11 | ``` 12 | 13 | Much like an ordinary [`assert ... by`](./reference-assert-by.md) statement, the proof 14 | inside the body does not enter the context for the remainder of the proof. 15 | Only the `forall |idents| P` expression enters the context. 16 | Furthermore, within the proof body, the variables in the `idents` may be 17 | 18 | Note that the **parentheses _must_ be left off**, in contrast to other kinds of `assert` statements. 19 | 20 | For convenience, you can use `implies` to introduce a hypothesis automatically into 21 | the proof block: 22 | 23 | ```rust 24 | assert forall |idents| H implies P by { 25 | // ... proof here 26 | } 27 | // ... remainder 28 | ``` 29 | 30 | This will make `H` available in the proof block, so you only have to prove `P`. 31 | In the end, the predicate `forall |idents| H ==> P` will be proved. 32 | -------------------------------------------------------------------------------- /source/docs/state_machines/src/high-level-idea.md: -------------------------------------------------------------------------------- 1 | # High-Level Concepts 2 | 3 | The approach we follow for each of the examples follows roughly this high-level recipe: 4 | 5 | 1. Consider the program you want to verify. 6 | 2. Create an "abstraction" of the program as a tokenized state machine. 7 | 3. Verus will automatically produce for you a bunch of ghost "token types" that make up the 8 | tokenized state machine. 9 | 4. Implement a verified program using the token types 10 | 11 | That doesn't sound too bad, but there's a bit of an art to it, especially in step (2). 12 | To build a proper abstraction, one needs to choose an abstraction which is both abstract 13 | enough that it's easy to prove the relevant properties about, but still concrete enough 14 | that it can be properly connected back to the implementation in step (4). 15 | Choosing this abstraction requires one to identify which pieces of state need to be 16 | in the abstraction, as well as which "tokenization strategy" to use---that's a concept 17 | we'll be introducing soon. 18 | 19 | In the upcoming examples, we'll look at a variety of scenarios and the techniques 20 | we can use to tackle them. 21 | -------------------------------------------------------------------------------- /source/rustc_mir_build/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) The Rust Project Contributors 2 | 3 | Permission is hereby granted, free of charge, to any 4 | person obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without 7 | limitation the rights to use, copy, modify, merge, 8 | publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following 11 | conditions: 12 | 13 | The above copyright notice and this permission notice 14 | shall be included in all copies or substantial portions 15 | of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 18 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 19 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 20 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 21 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /source/rustc_hir_typeck/LICENSE-MIT: -------------------------------------------------------------------------------- 1 | Copyright (c) The Rust Project Contributors 2 | 3 | Permission is hereby granted, free of charge, to any 4 | person obtaining a copy of this software and associated 5 | documentation files (the "Software"), to deal in the 6 | Software without restriction, including without 7 | limitation the rights to use, copy, modify, merge, 8 | publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software 10 | is furnished to do so, subject to the following 11 | conditions: 12 | 13 | The above copyright notice and this permission notice 14 | shall be included in all copies or substantial portions 15 | of the Software. 16 | 17 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF 18 | ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 19 | TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 20 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT 21 | SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 22 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 23 | OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR 24 | IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 25 | DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /dependencies/syn/json/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "syn-codegen" 3 | version = "0.4.2" # also update html_root_url 4 | authors = ["David Tolnay "] 5 | categories = ["development-tools::procedural-macro-helpers"] 6 | description = "Syntax tree describing Syn's syntax tree" 7 | documentation = "https://docs.rs/syn-codegen" 8 | edition = "2021" 9 | keywords = ["syn"] 10 | license = "MIT OR Apache-2.0" 11 | repository = "https://github.com/dtolnay/syn" 12 | 13 | [features] 14 | default = ["serde"] 15 | serde = ["dep:serde", "dep:serde_derive", "indexmap/serde", "semver/serde"] 16 | 17 | [dependencies] 18 | indexmap = "2" 19 | semver = "1" 20 | serde = { version = "1.0.88", optional = true } 21 | serde_derive = { version = "1.0.88", optional = true } 22 | 23 | [dev-dependencies] 24 | serde_json = "1" 25 | 26 | [package.metadata.docs.rs] 27 | targets = ["x86_64-unknown-linux-gnu"] 28 | rustdoc-args = [ 29 | "--generate-link-to-definition", 30 | "--generate-macro-expansion", 31 | "--extern-html-root-url=core=https://doc.rust-lang.org", 32 | "--extern-html-root-url=alloc=https://doc.rust-lang.org", 33 | "--extern-html-root-url=std=https://doc.rust-lang.org", 34 | ] 35 | 36 | [workspace] 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve Verus 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | 21 | -------------------------------------------------------------------------------- /dependencies/prettyplease/build.rs: -------------------------------------------------------------------------------- 1 | use std::env; 2 | use std::ffi::OsString; 3 | use std::process; 4 | 5 | fn main() { 6 | println!("cargo:rerun-if-changed=build.rs"); 7 | 8 | println!("cargo:rustc-check-cfg=cfg(exhaustive)"); 9 | println!("cargo:rustc-check-cfg=cfg(prettyplease_debug)"); 10 | println!("cargo:rustc-check-cfg=cfg(prettyplease_debug_indent)"); 11 | 12 | let pkg_version = cargo_env_var("CARGO_PKG_VERSION"); 13 | println!("cargo:VERSION={}", pkg_version.to_str().unwrap()); 14 | 15 | // See https://github.com/verus-lang/verus/pull/1438 16 | /* 17 | let pkg_version_major = cargo_env_var("CARGO_PKG_VERSION_MAJOR"); 18 | let pkg_version_minor = cargo_env_var("CARGO_PKG_VERSION_MINOR"); 19 | let manifest_links = cargo_env_var("CARGO_MANIFEST_LINKS"); 20 | assert!( 21 | pkg_version_major == "0" 22 | && manifest_links == *format!("prettyplease0{}", pkg_version_minor.to_str().unwrap()) 23 | ); 24 | */ 25 | } 26 | 27 | fn cargo_env_var(key: &str) -> OsString { 28 | env::var_os(key).unwrap_or_else(|| { 29 | eprintln!("Environment variable ${key} is not set during execution of build script"); 30 | process::exit(1); 31 | }) 32 | } 33 | -------------------------------------------------------------------------------- /source/rust_verify/Cargo.toml: -------------------------------------------------------------------------------- 1 | [package] 2 | name = "rust_verify" 3 | version = "0.1.0" 4 | edition = "2018" 5 | 6 | # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html 7 | 8 | [dependencies] 9 | air = { path = "../air" } 10 | vir = { path = "../vir" } 11 | serde = "1" 12 | serde_json = { version = ">=1.0.95", features = ["preserve_order"] } 13 | bincode = "1.0.1" 14 | sha2 = "0.10.2" 15 | hex = "0.4.3" 16 | sise = "0.6.0" 17 | num-bigint = "0.4.4" 18 | num-format = "0.4.0" 19 | getopts = { git = "https://github.com/utaal/getopts.git", branch = "parse-partial" } 20 | regex = "1" 21 | internals_interface = { path = "../tools/internals_interface" } 22 | indicatif = "0.17.7" 23 | console = { version = "0.15", default-features = false, features = ["ansi-parsing"] } 24 | indexmap = { version = "1" } 25 | rustc_mir_build_verus = { path = "../rustc_mir_build", package = "rustc_mir_build" } 26 | 27 | [target.'cfg(windows)'.dependencies] 28 | win32job = "1" 29 | 30 | [dev-dependencies] 31 | rust_verify_test_macros = { path = "../rust_verify_test_macros" } 32 | 33 | [features] 34 | singular = ["vir/singular", "air/singular"] 35 | 36 | [package.metadata.rust-analyzer] 37 | rustc_private = true 38 | -------------------------------------------------------------------------------- /source/tools/get-z3.sh: -------------------------------------------------------------------------------- 1 | #! /bin/bash -eu 2 | 3 | z3_version="4.12.5" 4 | 5 | if [ `uname` == "Darwin" ]; then 6 | if [[ $(uname -m) == 'arm64' ]]; then 7 | filename="z3-$z3_version-arm64-osx-11.0" 8 | elif [[ $(uname -m) == 'x86_64' ]]; then 9 | filename="z3-$z3_version-x64-osx-11.7.10" 10 | else 11 | echo "Unsupported architecture $(uname -m)" 12 | exit -1 13 | fi 14 | elif [ `uname` == "Linux" ]; then 15 | if [[ $(uname -m) == 'aarch64' ]]; then 16 | filename="z3-$z3_version-arm64-glibc-2.35" 17 | elif [[ $(uname -m) == 'x86_64' ]]; then 18 | filename="z3-$z3_version-x64-glibc-2.31" 19 | else 20 | echo "Unsupported architecture $(uname -m)" 21 | exit -1 22 | fi 23 | elif [[ $(uname) == "MINGW64_NT"* ]]; then 24 | filename="z3-$z3_version-x64-win" 25 | fi 26 | 27 | URL="https://github.com/Z3Prover/z3/releases/download/z3-$z3_version/$filename.zip" 28 | 29 | echo "Downloading: $URL" 30 | curl -L -o "$filename.zip" "$URL" 31 | unzip "$filename.zip" 32 | 33 | # delete the existing z3 because of caching issue on macs 34 | rm -f z3 35 | 36 | cp "$filename/bin/z3" . 37 | echo "z3 located at $(pwd)" 38 | rm -r "$filename" 39 | rm "$filename.zip" 40 | -------------------------------------------------------------------------------- /.vscode/settings.json.template: -------------------------------------------------------------------------------- 1 | // Copy to .vscode/settings.json and adjust as necessary 2 | { 3 | "rust-analyzer.cargo.buildScripts.enable": true, 4 | "rust-analyzer.cargo.features": ["record-history"], 5 | "rust-analyzer.cargo.extraEnv": { 6 | "RUSTC_BOOTSTRAP": "1", 7 | // flags for verus 8 | "RUSTFLAGS": "--cfg proc_macro_span --cfg verus_keep_ghost --cfg span_locations" 9 | // flags for line_count 10 | // "RUSTFLAGS": "--cfg proc_macro_span --cfg span_locations" 11 | }, 12 | "rust-analyzer.runnableEnv": { 13 | "RUSTC_BOOTSTRAP": "1" 14 | }, 15 | // Use .exe extension for Windows, otherwise remove 16 | "rust-analyzer.runnables.command": "../tools/vargo/target/release/vargo[.exe]", 17 | "rust-analyzer.procMacro.enable": true, 18 | "rust-analyzer.rustc.source": "discover", 19 | "rust-analyzer.workspace.symbol.search.scope": "workspace_and_dependencies", 20 | "rust-analyzer.diagnostics.disabled": ["unresolved-extern-crate", "syntax-error"] 21 | } 22 | 23 | // if you're developing a tool that doesn't link with verus, use the following instead 24 | // { 25 | // "rust-analyzer.linkedProjects": [ 26 | // "tools/veritas/Cargo.toml" 27 | // ] 28 | // } -------------------------------------------------------------------------------- /dependencies/syn/tests/zzz_stable.rs: -------------------------------------------------------------------------------- 1 | #![cfg(syn_disable_nightly_tests)] 2 | 3 | use std::io::{self, Write}; 4 | use termcolor::{Color, ColorChoice, ColorSpec, StandardStream, WriteColor}; 5 | 6 | const MSG: &str = "\ 7 | ‖ 8 | ‖ WARNING: 9 | ‖ This is not a nightly compiler so not all tests were able to 10 | ‖ run. Syn includes tests that compare Syn's parser against the 11 | ‖ compiler's parser, which requires access to unstable librustc 12 | ‖ data structures and a nightly compiler. 13 | ‖ 14 | "; 15 | 16 | #[test] 17 | fn notice() -> io::Result<()> { 18 | let header = "WARNING"; 19 | let index_of_header = MSG.find(header).unwrap(); 20 | let before = &MSG[..index_of_header]; 21 | let after = &MSG[index_of_header + header.len()..]; 22 | 23 | let mut stderr = StandardStream::stderr(ColorChoice::Auto); 24 | stderr.set_color(ColorSpec::new().set_fg(Some(Color::Yellow)))?; 25 | write!(&mut stderr, "{}", before)?; 26 | stderr.set_color(ColorSpec::new().set_bold(true).set_fg(Some(Color::Yellow)))?; 27 | write!(&mut stderr, "{}", header)?; 28 | stderr.set_color(ColorSpec::new().set_fg(Some(Color::Yellow)))?; 29 | write!(&mut stderr, "{}", after)?; 30 | stderr.reset()?; 31 | 32 | Ok(()) 33 | } 34 | -------------------------------------------------------------------------------- /source/docs/guide/src/reference-reveal-hide.md: -------------------------------------------------------------------------------- 1 | # `reveal`, `reveal_with_fuel`, `hide` 2 | 3 | These attributes control whether and how Verus will unfold the definition of a spec function 4 | while solving. For a spec function `f`: 5 | 6 | - `reveal(f)` directs Verus to unfold the definition of `f` when it encounters a use of `f`. 7 | - `hide(f)` directs Verus to treat `f` as an uninterpreted function without reasoning 8 | about its definition. 9 | 10 | Technically speaking, Verus handles "function unfolding" by 11 | creating axioms of the form `forall |x| f(x) == (definition of f(x))`. 12 | Thus, `reveal(f)` makes this axiom accessible to the solver, 13 | while `hide(f)` makes this axiom inaccessible. 14 | 15 | By default, functions are always revealed when they are in scope. This can be changed 16 | by marking the function with the `#[verifier::opaque]` attribute. 17 | 18 | The `reveal_with_fuel(f, n)` directive is used for recursive functions. 19 | The integer `n` indicates how many times Verus should unfold a recursive function. 20 | Limiting the fuel to a finite amount is necessary to avoid 21 | [trigger loops](multitriggers.md#matching-loops-what-they-are-and-to-avoid-them). 22 | The default fuel (absent any `reveal_with_fuel` directive) is 1. 23 | -------------------------------------------------------------------------------- /examples/README.md: -------------------------------------------------------------------------------- 1 | This directory contains various example files of programs to verify. 2 | 3 | There is a test in `rust_verify_test/tests/examples.rs` that attempts to run the verify on all .rs files in `example`, unless tagged as "ignore". 4 | The test will check the verification outcome based on the mode specified in the tag. 5 | The tag is specified by adding the following as the *first line*: 6 | 7 | ``` 8 | // rust_verify/tests/example.rs [---] [optional comment] 9 | ``` 10 | 11 | where `` is one of: 12 | * `expect-success` (default) expects the verification to succeed, reporting zero verification failures, 13 | * `expect-errors` expects the compiler to fail, without reporting verification successes and failures, 14 | * `expect-failures` expects the compiler and verifier to run successfully, but reporting one or more verification failures, 15 | * `ignore` causes the test to skip this file. 16 | 17 | These checks are implemented with a regular expression that matches the expected verifier output. 18 | 19 | If no tag is specified on the first line, `expect-success` is assumed. 20 | 21 | The "optional comment" field is _required_ if `ignore` is used. 22 | 23 | It is recommended to include the optional comment if `expect-failures` is used. 24 | -------------------------------------------------------------------------------- /source/docs/internal/version-bumping.md: -------------------------------------------------------------------------------- 1 | ### Updating the code forked form rustc 2 | 3 | First, download the rust repository somewhere on your machine: 4 | 5 | ``` 6 | git clone https://github.com/rust-lang/rust/ 7 | ``` 8 | 9 | Now `cd` back go the Verus repository that you want to apply the changes to. For the next step, you'll need to know the rustc version you're updating from and to. Run: 10 | 11 | ``` 12 | ./source/tools/update-rustc-forks.sh /path/to/rust 13 | ``` 14 | 15 | Rust uses the version numbers as tags, so for example, if you're trying to update from 1.88.0 to 1.89.0, you can just do: 16 | 17 | ``` 18 | ./source/tools/update-rustc-forks.sh /path/to/rust 1.88.0 1.89.0 19 | ``` 20 | 21 | This script will create a diff of all the relevant code and fetch it into your repository. If the script is successful, you'll see output like: 22 | 23 | ``` 24 | Diff prepared. When you're ready to apply it, run: 25 | git cherry-pick 26 | ``` 27 | 28 | ### Tips for resolving any conflicts 29 | 30 | In our fork, all the dependencies from the `rustc_mir_build/Cargo.toml` file were moved to be `extern crate` lines in `rustc_mir_build/src/lib.rs` file. So if you see any conflicts in `Cargo.toml`, you may need to modify `lib.rs`. 31 | -------------------------------------------------------------------------------- /dependencies/prettyplease/cargo-expand/update/update.rs: -------------------------------------------------------------------------------- 1 | use anyhow::{bail, Result}; 2 | use std::ffi::OsStr; 3 | use std::fs; 4 | use std::path::Path; 5 | 6 | fn main() -> Result<()> { 7 | let manifest_dir = Path::new(env!("CARGO_MANIFEST_DIR")); 8 | let cargo_expand_dir = manifest_dir.join(".."); 9 | 10 | for entry in fs::read_dir(cargo_expand_dir)? { 11 | let entry = entry?; 12 | let file_type = entry.file_type()?; 13 | if !file_type.is_file() { 14 | continue; 15 | } 16 | 17 | let path = entry.path(); 18 | if path.extension() != Some(OsStr::new("rs")) { 19 | continue; 20 | } 21 | 22 | let input_contents = fs::read_to_string(&path)?; 23 | let syntax_tree = match syn::parse_file(&input_contents) { 24 | Ok(syntax_tree) => syntax_tree, 25 | Err(err) => { 26 | let path = path.canonicalize().unwrap_or(path); 27 | let span = err.span().start(); 28 | bail!("{}:{}:{}\n{}", path.display(), span.line, span.column, err); 29 | } 30 | }; 31 | let string = prettyplease::unparse(&syntax_tree); 32 | fs::write(&path, string)?; 33 | } 34 | 35 | Ok(()) 36 | } 37 | -------------------------------------------------------------------------------- /examples/statements.rs: -------------------------------------------------------------------------------- 1 | use verus_builtin::*; 2 | use verus_builtin_macros::*; 3 | 4 | verus! { 5 | 6 | fn main() { 7 | } 8 | 9 | fn test_if(b: bool) { 10 | let mut x: u32 = 0; 11 | if b { 12 | x = 10; 13 | } 14 | assert(b ==> x == 10); 15 | if b { 16 | x = x + 3; 17 | x = x + 4; 18 | } else { 19 | x = x + 2; 20 | } 21 | assert(b ==> x == 17); 22 | assert(!b ==> x == 2); 23 | assert(x == if b { 24 | 17int 25 | } else { 26 | 2 27 | }); 28 | if x == 0 { 29 | assert(false); 30 | } else if x == 1 { 31 | assert(false); 32 | } else if x == 2 { 33 | assert(!b); 34 | } else { 35 | assert(x == 17); 36 | } 37 | } 38 | 39 | fn test_loop() { 40 | let mut i: u64 = 10; 41 | let mut b1: u8 = 20; 42 | let mut b2: u8 = 200; 43 | let mut b3: u8 = 30; 44 | while i < 100 45 | invariant 46 | 10 <= i, 47 | i <= 100, 48 | b1 == i * 2, 49 | decreases 100 - i, 50 | { 51 | assert(b2 <= 255); 52 | i = i + 1; 53 | b1 = b1 + 2; 54 | b2 = b2 / 2; 55 | } 56 | assert(b1 == 200); 57 | assert(b3 == 30); 58 | } 59 | 60 | } // verus! 61 | -------------------------------------------------------------------------------- /source/rust_verify_test_macros/src/lib.rs: -------------------------------------------------------------------------------- 1 | #![feature(proc_macro_span)] 2 | 3 | mod examples; 4 | mod rust_code; 5 | 6 | use proc_macro::TokenStream; 7 | use quote::quote; 8 | 9 | #[proc_macro] 10 | pub fn code(input: TokenStream) -> TokenStream { 11 | let src = rust_code::rust_code_core(input); 12 | quote!(#src.to_string()).into() 13 | } 14 | 15 | #[proc_macro] 16 | pub fn verus_code(input: TokenStream) -> TokenStream { 17 | let src = 18 | "::verus_builtin_macros::verus!{\n".to_string() + &rust_code::rust_code_core(input) + "}\n"; 19 | quote!(#src.to_string()).into() 20 | } 21 | 22 | #[proc_macro] 23 | pub fn code_str(input: TokenStream) -> TokenStream { 24 | let src = rust_code::rust_code_core(input); 25 | quote!(#src).into() 26 | } 27 | 28 | #[proc_macro] 29 | pub fn verus_code_str(input: TokenStream) -> TokenStream { 30 | let src = 31 | "::verus_builtin_macros::verus!{\n".to_string() + &rust_code::rust_code_core(input) + "}\n"; 32 | quote!(#src).into() 33 | } 34 | 35 | #[proc_macro] 36 | pub fn examples_in_dir(input: TokenStream) -> TokenStream { 37 | examples::examples_in_dir(input) 38 | } 39 | 40 | #[proc_macro] 41 | pub fn cargo_examples(input: TokenStream) -> TokenStream { 42 | examples::cargo_examples(input) 43 | } 44 | -------------------------------------------------------------------------------- /source/vstd/compute.rs: -------------------------------------------------------------------------------- 1 | use super::prelude::*; 2 | use core::ops::Range; 3 | 4 | verus! { 5 | 6 | /// Simplify proofs-by-computation for ranges of values 7 | pub trait RangeAll where Self: Sized { 8 | /// Checks whether `p` holds for all values in this range. 9 | /// See the [Verus tutorial](https://verus-lang.github.io/verus/guide/assert_by_compute.html) for example usage. 10 | spec fn all_spec(self, p: spec_fn(int) -> bool) -> bool; 11 | } 12 | 13 | pub open spec fn range_all_spec_rec(r: Range, p: spec_fn(int) -> bool) -> bool 14 | decreases r.end - r.start, 15 | { 16 | if r.start >= r.end { 17 | true 18 | } else { 19 | p(r.start) && range_all_spec_rec(r.start + 1..r.end, p) 20 | } 21 | } 22 | 23 | impl RangeAll for Range { 24 | open spec fn all_spec(self, p: spec_fn(int) -> bool) -> bool { 25 | range_all_spec_rec(self, p) 26 | } 27 | } 28 | 29 | pub broadcast proof fn all_spec_ensures(r: Range, p: spec_fn(int) -> bool) 30 | ensures 31 | #[trigger] r.all_spec(p) ==> (forall|i| r.start <= i < r.end ==> #[trigger] p(i)), 32 | decreases r.end - r.start, 33 | { 34 | if r.start >= r.end { 35 | } else { 36 | all_spec_ensures(r.start + 1..r.end, p); 37 | } 38 | } 39 | 40 | } // verus! 41 | --------------------------------------------------------------------------------