1. Verus overview
  3. Getting started
  4. Getting started
    1. ... on the command line
    2. ... with VSCode
  6. Tutorial: Fundamentals
  7. Using Verus within Rust
  8. Basic specifications
    1. assert, requires, ensures, ghost code
    2. Expressions and operators for specifications
    3. Integers and arithmetic
    4. Equality
  9. Specification code, proof code, executable code
    1. spec functions
    2. proof functions, proof blocks, assert-by
    3. spec functions vs. proof functions, recommends
    4. Ghost code vs. exec code
    5. const declarations
    6. Putting it all together
  10. Recursion and loops
    1. Recursive spec functions, decreases, fuel
    2. Recursive exec and proof functions, proofs by induction
      1. Lightweight termination checking
    3. Loops and invariants
      1. Loops with break
      2. For Loops
    4. Lexicographic decreases clauses and mutual recursion
  11. Datatypes: struct and enum
    1. Struct
    2. Enum
  12. Libraries
    1. Specification libraries: Seq, Set, Map
    2. Executable libraries: Vec
  13. Spec closures
  15. Tutorial: Understanding the prover
  16. Developing proofs
    1. Using assert and assume
    2. Devising loop invariants
    3. Proving absence of overflow
  17. Quantifiers
    1. forall and triggers
    2. Multiple variables, multiple triggers, matching loops
    3. exists and choose
    4. Proofs about forall and exists
    5. Example: binary search
    6. Ambient (broadcast) lemmas
  18. SMT solving, automation, and where automation fails
    1. What's decidable, what's undecidable, what's fast, what's slow
    2. Integers and nonlinear arithmetic
    3. Bit vectors and bitwise operations
    4. forall and exists: writing and using triggers, inline functions
    5. Recursive functions
    6. Extensional equality
    7. Libraries: incomplete axioms for Seq, Set, Map
  19. Managing proof performance and why it's critical
    1. Measuring verification performance
    2. Quantifier profiling
    3. Modules, hiding, opaque, reveal
    4. Hiding local proofs with assert (...) by { ... }
    5. Structured proofs by calculation
    6. Proof by computation
    7. Spinning off separate SMT queries
    8. Breaking proofs into smaller pieces
  20. Checklist: what to do when proofs go wrong
  22. Tutorial: Verification and Rust
  23. Mutation, references, and borrowing
    1. Requires and ensures with mutable references
    2. Assertions about mutable references
  24. Traits
  25. Higher-order executable functions
    1. Passing functions as values
    2. Closures
  26. Ghost and tracked variables
  27. Strings
  28. Macros
  29. Unsafe code & complex ownership
    1. Cells / interior mutability
    2. Pointers
    3. Concurrency
  30. Verifying a container library: Binary Search Tree
    1. First draft
    2. Encapsulating well-formedness with type invariants
    3. Making it generic
    4. Implementing Clone
    5. Full source for the examples
  31. Interacting with unverified code
    1. Calling unverified code from verified code
    2. Calling verified code from unverified code
  32. Understanding the guarantees of a verified program
    1. Assumptions and trusted components
    2. Memory safety is conditional on verification
    3. Calling verified code from unverified code
  34. Installation, configuration, and tooling
  35. Installation and setup
    1. IDE Support
    2. Installing and configuring Singular
  36. Project setup and development
    1. Working with crates
    2. Invoking Verus code from Rust
    3. Documentation with Rustdoc
    4. Ghost Erasure
  38. Reference
  39. Supported and unsupported Rust features
  40. Verus syntax by example
  41. Modes
    1. Function modes
    2. Variable modes
  42. Contributed Extensions
    1. Automatic spec to exec functions
    2. Spec and proof attributes for exec functions
      1. Automatic exec to spec functions
  43. Spec expressions
    1. Rust subset
    2. Operator Precedence
    3. Arithmetic
    4. Bit operators
    5. Coercion with as
    6. Spec equality (==)
    7. Extensional equality (=~=, =~~=)
    8. Prefix and/or (&&& and |||)
    9. Chained operators
    10. Implication (==>, <==, and <==>)
    11. Quantifiers (forall, exists)
    12. Such that (choose)
    13. Trigger annotations
    14. The view function @
    15. Spec index operator []
    16. decreases_to!
  44. Proof features
    1. assert and assume
    2. assert ... by
    3. assert forall ... by
    4. assert ... by(bit_vector)
    5. assert ... by(nonlinear_arith)
    6. assert ... by(compute) / by(compute_only)
    7. reveal, reveal_with_fuel, hide
  45. Function specifications
    1. Function Signatures
      1. Exec fn signature
      2. Proof fn signature
      3. Spec fn signature
    2. Signature clauses
      1. requires / ensures
      2. returns
      3. opens_invariants
      4. no_unwind
      5. recommends
    3. Traits and signature inheritance
    4. Specifications on FnOnce
  46. External trait specifications
  47. Loop specifications
    1. invariant
    2. invariant_except_break / ensures
  48. Recursion and termination
    1. decreases ... when ... via ...
    2. Datatype ordering
    3. Cyclic definitions
  49. Type invariants
  50. Attribute list
  51. Directives
    1. assume_specification
    2. global
  52. Misc. Rust features
    1. Statics
    2. char
    3. Unions
    4. Pointers and cells
  53. Command line
    1. --record
  54. Planned future work