Prepare an existing Cargo project to use Creusot formal verification
npx skills add https://github.com/AI-native-Systems-Research/ai-native-storage-certus --skill tools-creusot-init复制此命令并粘贴到 Claude Code 中以安装该技能
Add Coq 8.20 as an additional prover to an existing Creusot installation, for verification conditions that SMT solvers cannot discharge
Install the Creusot Rust verification tool
Synchronize Spin/Promela models with current source code and re-verify
Create a new Spin/Promela formal verification model for a system property
Measure system performance of this platform using
Create a new version of a component
| name | tools-creusot-init |
| description | Prepare an existing Cargo project to use Creusot formal verification |
| argument-hint | <project-directory> (e.g. components/extent-manager) |
This skill takes a cargo project directory and configures it for Creusot verification.
The user must provide the target project directory as an argument (e.g. /tools-init-creusot components/dispatch-map).
If no argument is provided, show the hint and stop.
cargo creusot version should succeed)tools-install-creusot skill first, then stopVerify the target directory contains a Cargo.toml. If not, inform the user and stop.
Check that Creusot is installed by running cargo creusot version. If it fails, tell the user to run /tools-install-creusot first and stop.
Modify Cargo.toml:
creusot-std = "0.12.0-dev" under [dependencies] (if not already present)[patch.crates-io] section pointing to the local creusot-std (use a relative path from the project to the certus repo's tools/creusot/creusot/creusot-std, or use ~ notation for shell expansion):
[patch.crates-io]
creusot-std = { path = "<relative-path-to>/tools/creusot/creusot/creusot-std" }
certus/tools/creusot/creusot/creusot-std.cfg(creusot) lint configuration under [lints.rust]:
[lints.rust]
unexpected_cfgs = { level = "warn", check-cfg = ['cfg(creusot)'] }
[workspace] tableCreate why3find.json in the project root (if not already present):
{
"fast": 0.2,
"time": 1,
"depth": 6,
"packages": [ "creusot" ],
"provers": [ "alt-ergo", "z3", "cvc5", "cvc4" ],
"tactics": [ "compute_specified", "split_vc" ],
"drivers": [],
"warnoff": [ "unused_variable", "axiom_abstract" ]
}
Add use creusot_std::prelude::*; to src/lib.rs or src/main.rs (if not already present). If the file has existing functions, add a commented example showing how to annotate:
// Example Creusot annotations:
// #[requires(precondition)]
// #[ensures(postcondition)]
// pub fn verified_function(...) { ... }
Run cargo clean to remove any stale build artifacts that would block Creusot's translation pass.
Verify the setup works by running:
export PATH="$HOME/.local/share/creusot/bin:$PATH"
cargo creusot --only coma
This should compile without errors. If there are no annotated functions yet, it will produce no .coma files — that's expected.
Report success and tell the user:
#[requires(...)] and #[ensures(...)] annotations to functions they want to verifycargo creusot to build and provewhy3find prove verif/<crate_name>_rlib/*.coma to prove individual filescertus/tools/creusot/creusot-test-example/src/lib.rs for annotation examplescargo clean before the first cargo creusot if the project was previously built with plain cargo build[patch.crates-io] section assumes Creusot was cloned to certus/tools/creusot/creusot per the install skilledition = "2024", it works with Creusot's required nightly toolchain