hax is a tool for high assurance translations of a large subset of Rust into formal languages such as Lean, F* or Rocq.
| General purpose proof assistants | Cryptography & protocols | |||
|
(via Aeneas) |
F* |
|
|
ProVerif |
| π active dev. | π’ stable | π‘ partial | π‘ partial | π PoC |
Here are some resources for learning more about hax:
- Manual (work in progress)
- Examples: the examples directory contains a set of examples that show what hax can do for you.
- Other specifications of cryptographic protocols.
Questions? Join us on Zulip or open a GitHub Discussion. For bugs, file an Issue.
Hax is a cargo subcommand.
The command cargo hax accepts the following subcommands:
into(cargo hax into BACKEND): translate a Rust crate to the backendBACKEND.json(cargo hax json): extract the typed AST of your crate as a JSON file.
| Backend | Command | Description |
|---|---|---|
| Lean (via Aeneas) | cargo hax into aeneas-lean |
Recommended for Lean. Uses charon + aeneas. |
| F* | cargo hax into fstar |
Stable. |
| Rocq/Coq | cargo hax into coq |
|
| Lean (legacy) | cargo hax into lean |
Uses the hax engine directly. Prefer aeneas-lean. |
| SSProve | cargo hax into ssprove |
|
| ProVerif | cargo hax into pro-verif |
Use --help on any subcommand for options (e.g. cargo hax into fstar --z3rlimit 100).
Manual installation
- Make sure to have the following installed on your system:
- Clone this repo:
git clone git@github.com:cryspen/hax.git && cd hax - Create (or use an existing) opam switch by running
opam switch create hax 5.1.1 - Run the setup.sh script:
./setup.sh. This installs hax and the aeneas/charon binaries by default. Pass--no-aeneasto skip the aeneas/charon installation. - Run
cargo-hax --help
Nix
This should work on Linux, MacOS and Windows.
Prerequisites: Nix package manager (with flakes enabled)
- Either using the Determinate Nix Installer, with the following bash one-liner:
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
- or following those steps.
-
Run hax on a crate directly to get F*/Coq/Lean/... (assuming you are in the crate's folder):
nix run github:hacspec/hax -- into fstarextracts F*.
-
Install hax:
nix profile install github:hacspec/hax, then runcargo hax --helpanywhere -
Note: in any of the Nix commands above, replace
github:hacspec/haxby./dirto compile a local checkout of hax that lives in./some-dir -
Setup binary cache: using Cachix, just
cachix use hax
Note: Nix does not yet include aeneas and charon.
After installing, run ./install-aeneas.sh from a hax checkout to
add the aeneas-lean backend.
Using Docker
- Clone this repo:
git clone git@github.com:hacspec/hax.git && cd hax - Build the docker image:
docker build -f .docker/Dockerfile . -t hax - Get a shell:
docker run -it --rm -v /some/dir/with/a/crate:/work hax bash - You can now run
cargo-hax --help(notice here we usecargo-haxinstead ofcargo hax)
Note: Please make sure that $HOME/.cargo/bin is in your $PATH, as
that is where setup.sh will install hax.
Note: Docker does not yet include aeneas and charon.
Run ./install-aeneas.sh inside the container to add the aeneas-lean backend.
Aeneas and Charon (standalone)
The aeneas-lean backend (cargo hax into aeneas-lean) uses the
charon +
aeneas pipeline instead of
the hax engine. It requires the aeneas and charon binaries.
If you already have hax installed and just need the aeneas/charon binaries (e.g. after a Nix or Docker install), run:
./install-aeneas.shThis downloads pre-built binaries (at the versions pinned by this
repository) to ~/.cargo/bin/.
You can also build or install aeneas and charon yourself (e.g.
from source) and either place them in your PATH or point to them
with the HAX_AENEAS_BINARY and HAX_CHARON_BINARY environment
variables.
Hax intends to support full Rust, with the one exception, promoting a functional style: mutable references (aka &mut T) on return types or when aliasing (see #420) are forbidden.
Each unsupported Rust feature is documented as an issue labeled unsupported-rust. When the issue is labeled wontfix-v1, that means we don't plan on supporting that feature soon.
Quicklinks:
The documentation of the internal crate of hax and its engine can be found here for the engine and here for the frontend.
Just clone & cd into the repo, then run nix develop ..
You can also just use direnv, with editor integration.
rust-frontend/: Rust library that hooks in the rust compiler and extract its internal typed abstract syntax tree THIR as JSON.engine/: the simplification and elaboration engine that translates programs from the Rust language to various backends (seeengine/backends/). Written in OCaml.rust-engine/: an on-going rewrite of our engine from OCaml to Rust.cli/: thehaxsubcommand for Cargo.
We use the just command runner. If you use
Nix, the dev shell provides it automatically, if you don't use Nix,
please install just on
your system.
Anywhere within the repository, you can build and install in PATH (1)
the Rust parts with just rust, (2) the OCaml parts with just ocaml
or (3) both with just build. More commands (e.g. just fmt to
format) are available, please run just or just --list to get all
the commands.
- π Last yard
- π A Verified Pipeline from a Specification Language to Optimized, Safe Rust at CoqPL'22
- π Hax - Enabling High Assurance Cryptographic Software at RustVerify24
- π A formal security analysis of Blockchain voting at CoqPL'24
- π Specifying Smart Contract with Hax and ConCert at CoqPL'24
Before starting any work please join the Zulip chat, start a discussion on Github, or file an issue to discuss your contribution.
Zulip graciously provides the hacspec & hax community with a "Zulip Cloud Standard" tier.