Emerging
May 28, 20261
50%
Creusot: A Deductive Verifier for Proving Rust Code Correctness
Creusot is an open-source deductive verifier for Rust that automatically proves code safety against panics, overflows, and assertion failures, and can verify functional correctness through annotations. It works by translating Rust to Coma, an intermediate language in the Why3 Platform, enabling automated verification condition discharge.
Quick Facts
Who
Creusot development team
What
Verifies Rust code safety from panics, overflows, and assertion failures
When
2026-05-28
Where
GitHub repository (creusot-rs/creusot)
- Verifies Rust code safety from panics, overflows, and assertion failures
- Translates Rust code to Coma intermediate verification language
- Leverages Why3 Platform for verification condition discharge
- Allows functional correctness verification through code annotations
- Includes examples like vector operations, binary search, and sorting
Creusot is a deductive verification tool designed to help developers prove the correctness and safety of Rust code. The tool automatically verifies that code is protected against common runtime errors including panics, overflows, and assertion failures. By incorporating annotations into their code, developers can extend verification capabilities to confirm that their implementations perform the intended operations correctly.
The tool functions by translating Rust code into Coma, an intermediate verification language used within the Why3 Platform. This translation enables developers to leverage Why3's comprehensive verification capabilities to automatically or semi-automatically resolve verification conditions. The architecture and technical implementation details are documented in the project's ARCHITECTURE.md file.
Creusot includes several illustrative examples demonstrating its verification capabilities, such as vector zeroing, binary search implementation, vector sorting, iterator mutation, and expression normalization. A notable real-world application is CreuSAT, a fully verified SAT solver written in Rust that was verified using Creusot, demonstrating the tool's practical viability for complex projects.
The tool is open source and available on GitHub. Installation requires Rust (via rustup), OCaml's package manager (opam), and the Creusot repository. Users can access support through a discussions forum and Zulip chat community. The project was presented at ICFEM'22, providing a peer-reviewed academic reference for those wishing to cite the work in scholarly contexts.
Topics
Why This Matters
Creusot addresses a critical challenge in systems programming: automatically proving that Rust code is safe and correct. For developers building safety-critical or high-assurance software, this tool eliminates entire classes of bugs at compile time, reducing runtime failures and verification costs. The successful application to CreuSAT—a fully verified SAT solver—demonstrates practical viability beyond academic examples, making formal verification accessible to production systems without sacrificing development velocity.
Timeline & Sources
Jan 1, 2022
WireCreusot research presented at ICFEM'22
May 28, 2026
WireCreusot announcement on Hacker News