Expand description
Specification language for CVL (Certora Verification Language) in Rust.
This module provides a framework for writing specifications with preconditions (requires) and postconditions (ensures) that can be used for formal verification.
§Core Concepts
§Boolean Expressions
The CvlrFormula trait represents boolean expressions that can be:
- Evaluated to a boolean value
- Asserted (checked for correctness)
- Assumed (taken as preconditions)
§Composing Expressions
Boolean expressions can be composed using:
- [
cvlr_and] - Logical AND - [
cvlr_impl] - Logical implication (A → B) cvlr_true- Constant true expression
§State Pairs
Postconditions use eval_with_states to evaluate
over both pre-state and post-state contexts, allowing you to express postconditions
that compare states before and after operations.
§Specifications
The CvlrSpec trait represents a complete specification with:
- Preconditions (requires) - conditions that must hold before an operation (assumed by the verifier)
- Postconditions (ensures) - conditions that hold after an operation (asserted by the verifier)
Use [cvlr_spec] to create a specification from requires and ensures clauses,
or [cvlr_invar_spec] for specifications with invariants.
§Lemmas
The CvlrLemma trait represents a lemma: a logical statement where if the
preconditions (requires) hold, then the postconditions (ensures) must also hold.
Use cvlr_lemma! to define lemmas, or cvlr_predicate! to create anonymous
predicates for use in lemmas.
§Examples
use cvlr_spec::{cvlr_spec, cvlr_true};
struct Counter {
value: i32,
}
// Define a simple spec - cvlr_true uses eval_with_states for ensures
let spec = cvlr_spec(cvlr_true::<Counter>(), cvlr_true::<Counter>());Re-exports§
pub use spec::cvlr_invar_spec;pub use spec::cvlr_spec;pub use spec::CvlrInvarSpec;pub use spec::CvlrPropImpl;pub use spec::CvlrSpec;
Modules§
- spec
- Specification types and traits.
Macros§
- cvlr_
and - Creates a boolean expression representing the logical AND of two or more expressions.
- cvlr_
def_ predicate - Defines a predicate (boolean expression) over a context type.
- cvlr_
def_ predicates - Defines multiple predicates in a single macro invocation.
- cvlr_
def_ states_ predicate - Defines a predicate that evaluates over two states.
- cvlr_
def_ states_ predicates - Defines multiple state predicates in a single macro invocation.
- cvlr_
implies - Creates a boolean expression representing logical implication (A → B).
- cvlr_
invar_ spec - Creates an invariant specification from an assumption and an invariant.
- cvlr_
invariant_ rules - Defines multiple rules for an invariant specification across multiple base functions.
- cvlr_
lemma - Defines a lemma with preconditions (requires) and postconditions (ensures).
- cvlr_
pif_ and - Creates a boolean expression representing the logical AND of two or more predicate functions.
- cvlr_
predicate - Creates an anonymous predicate (boolean expression) over a context type.
- cvlr_
rules - Defines multiple rules for a specification across multiple base functions.
- cvlr_
spec - Creates a specification from preconditions (requires) and postconditions (ensures).
Structs§
- CvlrAnd
- A boolean expression representing the logical AND of two expressions.
- Cvlr
Implies - A boolean expression representing logical implication (A → B).
Traits§
- Cvlr
Formula - A Boolean expression that can be evaluated, assumed, or asserted.
- Cvlr
Predicate
Functions§
- cvlr_
and - Combines two boolean expressions with logical AND.
- cvlr_
implies - Creates a boolean expression representing logical implication (A → B).
- cvlr_
true