While recent years have been witness to a large body of work on efficient and automated verification of safe Rust code, enabled by the rich guarantees of the Rust type system, much less progress has been made on reasoning about unsafe code due to its unique complexities. We propose a hybrid approach to end-to-end Rust verification in which powerful automated verification of safe Rust is combined with targeted semi-automated verification of unsafe~Rust. To this end, we present Gillian-Rust, a proof-of-concept semi-automated verification tool that is able to reason about type safety and functional correctness of unsafe~code. Built on top of the Gillian parametric compositional verification platform, Gillian-Rust automates a rich separation logic for real-world Rust, embedding the lifetime logic of RustBelt and the parametric propheciees of RustHornBelt. Using the unique extensibility of Gillian, our novel encoding of these features is fine-tuned to maximise automation and exposes a user-friendly API, allowing for low-effort verification of unsafe code. We link Gillian-Rust with Creusot, a state-of-the-art verifier for safe Rust, by providing a systematic encoding of unsafe code specifications that Creusot may use but not verify, demonstrating the feasibility of our hybrid~approach.

中文翻译：

---

半自动 Rust 验证的混合方法

尽管近年来在 Rust 类型系统的丰富保证的支持下，我们在安全 Rust 代码的高效和自动化验证方面开展了大量工作，但由于其独特的复杂性，在推理不安全代码方面取得的进展要少得多。我们提出了一种端到端 Rust 验证的混合方法，其中安全 Rust 的强大自动验证与不安全~Rust 的有针对性的半自动验证相结合。为此，我们提出了 Gillian-Rust，一种概念验证的半自动验证工具，能够推断不安全代码的类型安全性和功能正确性。 Gillian-Rust 建立在 Gillian 参数化成分验证平台之上，为现实世界的 Rust 自动执行丰富的分离逻辑，嵌入 RustBelt 的生命周期逻辑和 RustHornBelt 的参数化预言。利用 Gillian 独特的可扩展性，我们对这些功能的新颖编码进行了微调，以最大限度地提高自动化程度，并公开用户友好的 API，从而轻松验证不安全代码。我们通过提供 Creusot 可以使用但不验证的不安全代码规范的系统编码，将 Gillian-Rust 与 Creusot（最先进的安全 Rust 验证器）联系起来，证明了我们的混合方法的可行性。