ESBMC in the
verify-rust-std Project
We won the Tool Applications track of the AWS-sponsored Rust standard library verification contest. ESBMC (via the GOTO Transcoder) is now one of four verification tools listed in the model-checking/verify-rust-std book, alongside Kani, VeriFast and Flux.
1 of 4
Verification tools listed in the model-checking/verify-rust-std book (Kani, GOTO Transcoder, VeriFast, Flux)
>90%
Rust-based products and services that depend on the Rust standard library (per AWS Open Source Blog)
~70%
C programs in which ESBMC reported potential vulnerabilities pre-transpilation (per SafeTrans, Farrukh et al., 2026)
CI
GOTO Transcoder runs in the verify-rust-std project's CI workflow
Context
Rust is increasingly adopted as a memory-safe systems-programming language, but most
Rust applications still rely on a thin layer of unverified
unsafe code in
the standard library. As the AWS Open Source Blog notes, "over 90% of Rust-based
products/services depend on the Rust standard library, with virtually every Rust
application depending on the core library" — so any soundness gap in the
standard library propagates everywhere.
AWS and the Rust Foundation launched a community effort — model-checking/verify-rust-std — to formally verify the standard library, structured as a challenge-based contest with a Tool Applications track that opened the project to additional verification backends.
Approach
Our team led the development of the GOTO Transcoder — described by the Rust Foundation as a compatibility layer originally built as a PhD research project to formalise and unify the internal representations of the CPROVER toolchain. It is released as part of the open-source ESBMC project. It lets ESBMC consume the GOTO program files that Kani already produces, so the existing Rust verification workflow can be retargeted to ESBMC's SMT-based bounded model checking engine without changes to the Rust compiler toolchain. We submitted this work through the Tool Applications track of the AWS-sponsored verification contest, which we won.
ESBMC has also been adopted as an upstream tool in the SafeTrans framework (Farrukh, Coskun, Palit and Polychronakis, ReCode '26 / arXiv 2505.10708, 2026). SafeTrans is an LLM-assisted C-to-Rust transpilation pipeline developed by researchers at Stony Brook, UC Davis and AWS that uses ESBMC to identify potential vulnerabilities in the C source before translation. Cyber-Reasoning Consultancy (CRC) is not an author of SafeTrans; the paper itself states that "this work does not relate to Baris Coskun's position at Amazon."
Results
ESBMC (via the GOTO Transcoder) is one of four verification tools listed in the verify-rust-std book, alongside Kani, VeriFast and Flux (per the project SUMMARY).
GOTO Transcoder runs in the verify-rust-std project's CI workflow, applying ESBMC verification to the standard-library components covered by the project's accepted challenges (per the Rust Foundation post and the accepted tool proposal #108).
In an independent SafeTrans evaluation (Farrukh et al., ReCode '26): "approximately 70% of the programs failed verification" — i.e., ESBMC reported potential vulnerabilities in roughly 70% of the 2,653 C programs evaluated before transpilation, totalling 10,375 reported issues across all categories.
References
- Rust Foundation. Expanding the Rust Formal Verification Ecosystem: Welcoming ESBMC. rustfoundation.org/media/expanding-the-rust-formal-verification-ecosystem-welcoming-esbmc
- AWS Open Source Blog. Verify the Safety of the Rust Standard Library. aws.amazon.com/blogs/opensource/verify-the-safety-of-the-rust-standard-library
- Muhammad Farrukh, Baris Coskun (Amazon Web Services), Tapti Palit, Michalis Polychronakis. SafeTrans: LLM-assisted Transpilation from C to Rust. ReCode '26 (1st Workshop on Code Translation, Transformation, and Modernization). arxiv.org/abs/2505.10708 — "This work does not relate to Baris Coskun's position at Amazon."
- model-checking/verify-rust-std — book SUMMARY listing the four Verification Tools (Kani, GOTO Transcoder, VeriFast, Flux). model-checking.github.io/verify-rust-std
Note. This page describes a published research engagement. The Tool Applications track submission and the resulting Approved Tools listing in the model-checking/verify-rust-std book are credited to the University of Manchester research group of which CRC's founder Lucas Cordeiro is a member; CRC Ltd is not in a commercial partnership with the Rust Foundation or AWS. SafeTrans is an independent paper by researchers at Stony Brook University, UC Davis and AWS that adopts ESBMC as a verification tool; CRC is not an author, and the SafeTrans paper itself states that "this work does not relate to Baris Coskun's position at Amazon." The verify-rust-std CI workflow is hosted under the model-checking GitHub organisation, not Amazon's internal infrastructure.