VeriFast

By Bart Jacobs*, Jan Smans*, and Frank Piessens*, with contributions by Pieter Agten*, Cedric Cuypers*, Lieven Desmet*, Jan Tobias Muehlberg*, Willem Penninckx*, Pieter Philippaerts*, Amin Timany*, Thomas Van Eyck*, Gijs Vanspauwen*, Frédéric Vogels*, and external contributors

* imec-DistriNet research group, Department of Computer Science, KU Leuven - University of Leuven, Belgium

VeriFast is a research prototype of a tool for modular formal verification of correctness properties of single-threaded and multithreaded C and Java programs annotated with preconditions and postconditions written in separation logic. To express rich specifications, the programmer can define inductive datatypes, primitive recursive pure functions over these datatypes, and abstract separation logic predicates. To verify these rich specifications, the programmer can write lemma functions, i.e., functions that serve only as proofs that their precondition implies their postcondition. The verifier checks that lemma functions terminate and do not have side-effects. Since neither VeriFast itself nor the underlying SMT solver need to do any significant search, verification time is predictable and low.

The VeriFast source code and binaries are released under the MIT license.

Binaries

Within an hour after each push to the master branch, binary packages become available here.

These "nightly" builds are very stable and are recommended. Still, named releases are available here. (An archive of older named releases is here.)

Simply extract the files from the archive to any location in your filesystem. All files in the archive are in a directory named verifast-COMMIT where COMMIT describes the Git commit. For example, on Linux:

tar xzf ~/Downloads/verifast-nightly.tar.gz
cd verifast-<TAB>  # Press Tab to autocomplete
bin/vfide examples/java/termination/Stack.jarsrc  # Launch the VeriFast IDE with the specified example
./test.sh  # Run the test suite (verifies all examples)

Note (macOS): To avoid GateKeeper issues, before opening the downloaded archive, remove the com.apple.quarantine attribute by running

sudo xattr -d com.apple.quarantine ~/Downloads/verifast-nightly-osx.tar.gz

Supply chain security: These binaries are signed using cosign, so that you can verify that they were generated by a GitHub Actions workflow triggered by a push to this repository. To do so, install cosign and run

cosign verify-blob verifast-21.04-145-g6e397220-linux.tar.gz \
  --bundle verifast-21.04-145-g6e397220-linux.tar.gz.signature \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity https://github.com/verifast/verifast/.github/workflows/build.yml@refs/heads/master

To check for a particular commit SHA, add --certificate-github-workflow-sha 6e39722068bc020dd8c7676ffd27a94f071591d7.

User interfaces

We offer the following user interfaces:

• The VeriFast IDE (at bin/vfide in the distribution)
• The VeriFast VS Code Extension
• The VeriFast command-line tool (at bin/verifast in the distribution)

Compiling

• Windows
• Linux
• macOS

Documentation

• The VeriFast Tutorial
• Featherweight VeriFast (Slides, handouts, Coq proof)
• Scientific papers on the various underlying ideas
• VeriFast Docs (under construction) with a nascent FAQ and a grammar for annotated C source files

Acknowledgements

Dependencies

We gratefully acknowledge the authors and contributors of the following software packages.

Bits that we ship in our binary packages

• OCaml
• OCaml-Num
• Lablgtk
• GTK+ and its dependencies (including GLib, Cairo, Pango, ATK, gdk-pixbuf, gettext, fontconfig, freetype, expat, libpng, zlib, Harfbuzz, and Graphite)
• GtkSourceView
• The excellent Z3 theorem prover by Leonardo de Moura and Nikolaj Bjorner at Microsoft Research, and co-authors

Software used at build time

• findlib, ocamlbuild, camlp4, valac
• Cygwin, Homebrew, Debian, Ubuntu
• The usual infrastructure: GNU/Linux, GNU make, gcc, etc.

Infrastructure

We gratefully acknowledge the following infrastructure providers.

• GitHub
• Travis CI
• AppVeyor CI

Funding

This work is supported in part by the Flemish Research Fund (FWO-Vlaanderen), by the EU FP7 projects SecureChange, STANCE, ADVENT, and VESSEDIA, by Microsoft Research Cambridge as part of the Verified Software Initiative, and by the Research Fund KU Leuven.

Mailing lists

To be notified whenever commits are pushed to this repository, join the verifast-commits Google Groups forum.

Third-Party Resources

• Kiwamu Okabe created a Google Groups forum on VeriFast
• Kiwamu Okabe translated the VeriFast Tutorial into Japanese. Thanks, Kiwamu!
• Joseph Benden created Ubuntu packages