Skip to content

Commit 55b6115

Browse files
bordumbbordumb
authored
Merge pull request #42 from bordumb/dev-leanProof
feat: add formal verification — Lean 4 soundness proofs + proptest for permission lattice
2 parents a50a503 + babe129 commit 55b6115

23 files changed

Lines changed: 1399 additions & 2 deletions

.github/workflows/ci.yml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,20 @@ jobs:
5454
components: rustfmt
5555
- run: cargo fmt --check --all
5656

57+
lean-proofs:
58+
name: Lean 4 Proofs
59+
runs-on: ubuntu-latest
60+
steps:
61+
- uses: actions/checkout@v4
62+
- name: Install elan
63+
run: |
64+
curl -sSf https://raw.githubusercontent.com/leanprover/elan/master/elan-init.sh | sh -s -- -y --default-toolchain none
65+
echo "$HOME/.elan/bin" >> "$GITHUB_PATH"
66+
- name: Regenerate Perm.lean from perms.toml
67+
run: python3 proofs/scripts/gen_perm.py
68+
- name: Build and verify proofs
69+
run: cd proofs && lake build
70+
5771
capsec-audit:
5872
name: Capability Audit
5973
runs-on: ubuntu-latest

Cargo.lock

Lines changed: 183 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ members = [
88
"crates/cargo-capsec",
99
"crates/capsec-tokio",
1010
"crates/capsec-tests",
11+
"crates/capsec-proof",
1112
]
1213
exclude = [
1314
"crates/capsec-example-db",

crates/capsec-proof/Cargo.toml

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,14 @@
1+
[package]
2+
name = "capsec-proof"
3+
version.workspace = true
4+
edition.workspace = true
5+
license.workspace = true
6+
publish = false
7+
description = "Formal verification and property tests for capsec's permission lattice"
8+
9+
[dependencies]
10+
toml = { workspace = true }
11+
12+
[dev-dependencies]
13+
proptest = "1"
14+
toml = { workspace = true }

0 commit comments

Comments
 (0)