Prepare an existing Cargo project to use Creusot formal verification
npx skills add https://github.com/AI-native-Systems-Research/ai-native-storage-certus --skill tools-creusot-initこのコマンドをClaude Codeにコピー&ペーストしてスキルをインストール
Add Coq 8.20 as an additional prover to an existing Creusot installation, for verification conditions that SMT solvers cannot discharge
Install the Creusot Rust verification tool
Synchronize Spin/Promela models with current source code and re-verify
Create a new Spin/Promela formal verification model for a system property
Measure system performance of this platform using
Create a new version of a component
| name | tools-creusot-init |
| description | Prepare an existing Cargo project to use Creusot formal verification |
| argument-hint | <project-directory> (e.g. components/extent-manager) |
This skill takes a cargo project directory and configures it for Creusot verification.
The user must provide the target project directory as an argument (e.g. /tools-init-creusot components/dispatch-map).
If no argument is provided, show the hint and stop.
cargo creusot version should succeed)tools-install-creusot skill first, then stopVerify the target directory contains a Cargo.toml. If not, inform the user and stop.
Check that Creusot is installed by running cargo creusot version. If it fails, tell the user to run /tools-install-creusot first and stop.
Modify Cargo.toml:
creusot-std = "0.12.0-dev" under [dependencies] (if not already present)[patch.crates-io] section pointing to the local creusot-std (use a relative path from the project to the certus repo's tools/creusot/creusot/creusot-std, or use ~ notation for shell expansion):
[patch.crates-io]
creusot-std = { path = "<relative-path-to>/tools/creusot/creusot/creusot-std" }
certus/tools/creusot/creusot/creusot-std.cfg(creusot) lint configuration under [lints.rust]:
[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(creusot)'] }
[workspace] tableCreate why3find.json in the project root (if not already present):
{
"fast": 0.2,
"time": 1,
"depth": 6,
"packages": [ "creusot" ],
"provers": [ "alt-ergo", "z3", "cvc5", "cvc4" ],
"tactics": [ "compute_specified", "split_vc" ],
"drivers": [],
"warnoff": [ "unused_variable", "axiom_abstract" ]
}
Add use creusot_std::prelude::*; to src/lib.rs or src/main.rs (if not already present). If the file has existing functions, add a commented example showing how to annotate:
// Example Creusot annotations:
// #[requires(precondition)]
// #[ensures(postcondition)]
// pub fn verified_function(...) { ... }
Run cargo clean to remove any stale build artifacts that would block Creusot's translation pass.
Verify the setup works by running:
export PATH="$HOME/.local/share/creusot/bin:$PATH"
cargo creusot --only coma
This should compile without errors. If there are no annotated functions yet, it will produce no .coma files — that's expected.
Report success and tell the user:
#[requires(...)] and #[ensures(...)] annotations to functions they want to verifycargo creusot to build and provewhy3find prove verif/<crate_name>_rlib/*.coma to prove individual filescertus/tools/creusot/creusot-test-example/src/lib.rs for annotation examplescargo clean before the first cargo creusot if the project was previously built with plain cargo build[patch.crates-io] section assumes Creusot was cloned to certus/tools/creusot/creusot per the install skilledition = "2024", it works with Creusot's required nightly toolchain