RustHorn: CHC-based Verification for Rust Programs

• Published in: ACM transactions on programming languages and systems Vol. 43; no. 4; pp. 1 - 54
• Main Authors: Matsushita, Yusuke, Tsukada, Takeshi, Kobayashi, Naoki
• Format: Journal Article
• Language: English
• Published: 01.12.2021
• ISSN: 0164-0925; 1558-4593
• DOI: 10.1145/3462205

Reduction to satisfiability of constrained Horn clauses (CHCs) is a widely studied approach to automated program verification. Current CHC-based methods, however, do not work very well for pointer-manipulating programs, especially those with dynamic memory allocation. This article presents a novel reduction of pointer-manipulating Rust programs into CHCs, which clears away pointers and memory states by leveraging Rust’s guarantees on permission. We formalize our reduction for a simplified core of Rust and prove its soundness and completeness. We have implemented a prototype verifier for a subset of Rust and confirmed the effectiveness of our method.