The Kani Rust Verifier is a bit-precise model checker for Rust.
Kani is useful for checking both safety and correctness of Rust code.
unwrap() on None), arithmetic overflows, and custom correctness properties, either in the form of assertions (assert!(...)) or function contracts.To install the latest version of Kani (Rust 1.58+; Linux or Mac), run:
cargo install --locked kani-verifier cargo kani setup
See the installation guide for more details.
Similar to testing, you write a harness, but with Kani you can check all possible values using kani::any():
use my_crate::{function_under_test, meets_specification};
#[kani::proof]
fn check_my_property() {
// Create a nondeterministic input
let input: u8 = kani::any();
// Call the function under verification
let output = function_under_test(input);
// Check that it meets the specification
assert!(meets_specification(input, output));
}
Kani will try to prove that all valid inputs produce outputs that satisfy the specification, without panicking or exhibiting unexpected behavior. This example is simple; we highly recommend following the tutorial to learn more about how to use Kani.
Use Kani in your CI with model-checking/kani-github-action@VERSION. See the GitHub Action section in the Kani book for details.
See SECURITY for more information.
If you are interested in contributing to Kani, please take a look at the developer documentation.
Kani is distributed under the terms of both the MIT license and the Apache License (Version 2.0).
See LICENSE-APACHE and LICENSE-MIT for details.
Kani contains code from the Rust project. Rust is primarily distributed under the terms of both the MIT license and the Apache License (Version 2.0), with portions covered by various BSD-like licenses.
See the Rust repository for details.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4