Hax

hax is a tool for high assurance translations of a large subset of Rust into formal languages such as F* or Rocq.

Supported Backends

General purpose proof assistants	Cryptography & protocols
F*				ProVerif
🟢 stable	🟡 partial	🚀 active dev.	🟡 partial	🟠 PoC

Learn more

Here are some resources for learning more about hax:

• Manual (work in progress)

  • Quick start: F*, Lean

  • Tutorial: F*, Lean

• Examples: the examples directory contains a set of examples that show what hax can do for you.

• Other specifications of cryptographic protocols.

Questions? Join us on Zulip or open a GitHub Discussion. For bugs, file an Issue.

Usage

Hax is a cargo subcommand. The command cargo hax accepts the following subcommands:

• into (cargo hax into BACKEND): translate a Rust crate to the backend BACKEND (e.g. fstar, coq, lean).

• json (cargo hax json): extract the typed AST of your crate as a JSON file.

Note:

• BACKEND can be fstar, lean, coq, easycrypt or pro-verif. cargo hax into --help gives the full list of supported backends.

• The subcommands cargo hax, cargo hax into and cargo hax into <BACKEND> takes options. For instance, you can cargo hax into fstar --z3rlimit 100. Use --help on those subcommands to list all options.

Installation

Manual installation

1. Make sure to have the following installed on your system:

• opam (opam switch create 5.1.1)

• rustup

• nodejs

• jq

1. Clone this repo: git clone git@github.com:cryspen/hax.git && cd hax

2. Run the setup.sh script: ./setup.sh.

3. Run cargo-hax --help

Nix

This should work on Linux, MacOS and Windows.

Prerequisites: Nix package manager (with flakes enabled)

• Either using the Determinate Nix Installer, with the following bash one-liner:

curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install

• or following those steps.

• Run hax on a crate directly to get F*/Coq/Lean/... (assuming you are in the crate's folder):

  • nix run github:hacspec/hax -- into fstar extracts F*.

• Install hax: nix profile install github:hacspec/hax, then run cargo hax --help anywhere

• Note: in any of the Nix commands above, replace github:hacspec/hax by ./dir to compile a local checkout of hax that lives in ./some-dir

• Setup binary cache: using Cachix, just cachix use hax

Using Docker

1. Clone this repo: git clone git@github.com:hacspec/hax.git && cd hax

2. Build the docker image: docker build -f .docker/Dockerfile . -t hax

3. Get a shell: docker run -it --rm -v /some/dir/with/a/crate:/work hax bash

4. You can now run cargo-hax --help (notice here we use cargo-hax instead of cargo hax)

Note: Please make sure that $HOME/.cargo/bin is in your $PATH, as that is where setup.sh will install hax.

Supported Subset of the Rust Language

Hax intends to support full Rust, with the one exception, promoting a functional style: mutable references (aka &mut T) on return types or when aliasing (see #420) are forbidden.

Each unsupported Rust feature is documented as an issue labeled unsupported-rust. When the issue is labeled wontfix-v1, that means we don't plan on supporting that feature soon.

Quicklinks:

• 🔨 Rejected rust we want to support;

• 💭 Rejected rust we don't plan to support in v1.

Hacking on Hax

The documentation of the internal crate of hax and its engine can be found here for the engine and here for the frontend.

Edit the sources (Nix)

Just clone & cd into the repo, then run nix develop .. You can also just use direnv, with editor integration.

Structure of this repository

• rust-frontend/: Rust library that hooks in the rust compiler and extract its internal typed abstract syntax tree THIR as JSON.

• engine/: the simplification and elaboration engine that translates programs from the Rust language to various backends (see engine/backends/). Written in OCaml.

• rust-engine/: an on-going rewrite of our engine from OCaml to Rust.

• cli/: the hax subcommand for Cargo.

Compiling, formatting, and more

We use the just command runner. If you use Nix, the dev shell provides it automatically, if you don't use Nix, please install just on your system.

Anywhere within the repository, you can build and install in PATH (1) the Rust parts with just rust, (2) the OCaml parts with just ocaml or (3) both with just build. More commands (e.g. just fmt to format) are available, please run just or just --list to get all the commands.

Publications & Other material

• 📕 Tech report

• 📕 HACSpec: A gateway to high-assurance cryptography

• 📕 Original hacspec paper

Secondary literature, using hacspec:

• 📕 Last yard

• 📕 A Verified Pipeline from a Specification Language to Optimized, Safe Rust at CoqPL'22

• 📕 Hax - Enabling High Assurance Cryptographic Software at RustVerify24

• 📕 A formal security analysis of Blockchain voting at CoqPL'24

• 📕 Specifying Smart Contract with Hax and ConCert at CoqPL'24

Contributing

Before starting any work please join the Zulip chat, start a discussion on Github, or file an issue to discuss your contribution.

Acknowledgements

Zulip graciously provides the hacspec & hax community with a "Zulip Cloud Standard" tier.