Thanks for contributing to Verus! Verus is an Open Source project and welcomes contributions. Please report issues or start discussions here on GitHub.
We use GitHub discussions for feature requests and more open-ended conversations about upcoming features, and we reserve GitHub issues for actionable issues (bugs) with existing features. Don't worry though: if we think an issue should be a discussion (or viceversa) we can always move it later.
Before committing any changes to the source code,
make sure that it conforms to the rustfmt
and verusfmt
tool's guidelines.
We are using the default rustfmt
settings from the Rust repository
(which also apply to the verusfmt
formatting for the vstd
).
If you are working on vstd
, you will need to set up verusfmt
, which ensures
verus! { ... }
code has consistent formatting. You can ensures you are on the latest release of verusfmt
by following the installation instructions.
To check the Verus and vendored dependencies' source code, and vstd
's formatting,
type the following from the source
directory:
vargo fmt -- --check
If the source code follows the guidelines, vargo fmt -- --check
will only produce
vargo info [0]: formatting <item>
lines.
Otherwise, it will report suggestions on how to reformat the source code, and will
output a non-zero status code.
To automatically apply these suggestions to the source code, type:
vargo fmt
If you want to use VS Code with rust-analyzer
to edit the source code of Verus, copy
.vscode/settings.json.template
to .vscode/settings.json
and then
edit that file to customize it for your local setup. For instance,
delete [.exe]
if you're not using Windows and change it to .exe
if
you are.
Make sure you are in source
or one of its subdirectories
(verusfmt picks up the configuration in source/rustfmt.toml
), and run:
# To format a specific file
verusfmt <file>.rs
# To format all of vstd at once (on *nix)
find vstd -name \*.rs -print0 | xargs -0 -n1 verusfmt
# To format all of vstd at once (on Windows Powershell)
Get-ChildItem -Path .\vstd -Filter *.rs -Recurse | ForEach-Object { verusfmt $_.FullName }
The CI publishes some user facing documentation, including the "verusdoc" (modified rustdoc) of vstd
, as well as a tutorial guide.
To manually build the vstd
documentation, run,
cd source
./tools/docs.sh
The output of the command will tell you where the HTML is generated.
Meanwhile, the tutorial guide can be found in source/docs/guide/
. From that directory, run mdbook serve
to run a local webserver to render the guide as HTML.
Commenting the code is strongly encouraged. Use ///
to create comments
that rustdoc
can
automatically extract into HTML documentation.
You can compile the current documentation by running (in the source
directory)
RUSTC_BOOTSTRAP=1 cargo doc
which will produce documentation files, e.g., ./target/doc/rust_verify/index.html
vargo test
will run the tests for rust_verify_test
,
vargo test -p rust_verify_test
You can run a single test file and a specific test within with the following:
vargo test -p rust_verify_test --test <test file> <test name>
vargo nextest run
is also supported. To install nextest
, see https://nexte.st/book/installation.html.
See the cargo help for more info on the test flags.
If you need to pass additional command-line arguments to the verifier in tests, for example to print the
erased rust ast, you can use the VERUS_EXTRA_ARGS
environment variable, like this:
VERUS_EXTRA_ARGS="--print-erased-spec" vargo test -p rust_verify_test --test refs -- --nocapture test_ref_0
It can be useful to inspect the intermediate representations used by Verus (VIR, AIR, SMTLIB); you can log the VIR, AIR, and SMTLIB for a test with:
VERUS_EXTRA_ARGS="--log-all" vargo test -p rust_verify_test --test refs -- --nocapture --exact test_ref_0
This will output the log files in rust_verify_test/.verus-log
. Only run one test at
a time when using this flag, so that the logs are not overwritten by other tests.
You may find that every time you run a test it takes minutes to start because
all of Verus is getting rebuilt. This shouldn't happen. If it does, it's
likely because you're running an IDE that uses rust-analyzer
in the
background, and it's invalidating the build cache. To prevent this, you need
to configure your IDE for Verus development. See above for how to do
this for VS Code.
If you're contributing to the standard library, you should also test the standalone build of that library with
cd source/vstd
cargo build
A common error you'll find at this stage is that imports of specific
identifiers with use
(as opposed to blanket imports using *
) don't work
when building the standalone exec-only version of vstd
. To rectify this error,
make sure every such import is prefixed by #[cfg(verus_keep_ghost)]
, as
in the following example:
#[cfg(verus_keep_ghost)]
use crate::arithmetic::internals::general_internals::is_le;
You may sometimes want to verify vstd
outside of the vargo
build process: To do so,
build Verus first following the instructions above (with vargo build --release
) and then
run, from the project root:
cd source/vstd
../target-verus/release/verus --crate-type=lib --no-vstd vstd.rs
Inside vstd
:
- We add a
lemma_
prefix to the name of a lemma (i.e., aproof fn
) to make its purpose explicit. - We try to make lemmas associated functions when possible, e.g.,
my_map.lemma_remove_keys_len(keys)
, notlemma_remove_keys_len(my_map, keys)
.
You can use --vstd-no-verify
to skip verification of the vstd
library. This is pretty useful if you're building or running tests a lot. Note that it will still build vstd
—it just skips the SMT step. For example:
# for building
vargo build --vstd-no-verify
# for tests
vargo test --vstd-no-verify -p rust_verify_test --test <test file> <test name>
If you have a large file that produces some sort of error in Verus, you can automatically minimize it to a smaller/simpler file that produces the same error. See source/tools/minimizers/README.md for more details.