RustMC: Automated Verification of Real-World Concurrent Rust

Ollie Pearce; Julien Lange; Dan O'Keeffe

RustMC: Automated Verification of Real-World Concurrent Rust

Research output: Contribution to conference › Paper › peer-review

2 Downloads (Pure)

Abstract

RustMC is a stateless model checker that targets push-button verification of unmodified concurrent Rust programs. As both Rust and C/C++ compile to LLVM IR, RustMC builds on GenMC which provides a verification framework for LLVM IR. This allows verification of Rust code and any foreign function dependencies. In this tool paper we present key implementation challenges, use-cases, and an empirical evaluation of RustMC. The challenges include intercepting threading operations, promoting memory intrinsics, and handling uninitialised accesses, all stemming from Rust’s unique compilation strategy. Case studies adapted from real-world programs show RustMC finds concurrency bugs in unsafe Rust code, FFI calls to C/C++, and atomic operations. We evaluate our tool’s functionality on the Loom model checker test suite and a set of production-level Rust concurrent data structures.

Original language	English
Publication status	Accepted/In press - 24 Mar 2026
Event	International Conference on Formal Techniques for Distributed Objects, Components, and Systems - Urbino, Italy Duration: 8 Jun 2026 → 12 Jun 2026

Conference

Conference	International Conference on Formal Techniques for Distributed Objects, Components, and Systems
Abbreviated title	FORTE
Country/Territory	Italy
City	Urbino
Period	8/06/26 → 12/06/26

Keywords

Model Checking
Rust
LLVM

Embargoed Document

Accepted Manuscript
Accepted author manuscript, 1.07 MB

Cite this

@conference{aa3fa69f08d34472a1dd064786209fbf,

title = "RustMC: Automated Verification of Real-World Concurrent Rust",

abstract = "RustMC is a stateless model checker that targets push-button verification of unmodified concurrent Rust programs. As both Rust and C/C++ compile to LLVM IR, RustMC builds on GenMC which provides a verification framework for LLVM IR. This allows verification of Rust code and any foreign function dependencies. In this tool paper we present key implementation challenges, use-cases, and an empirical evaluation of RustMC. The challenges include intercepting threading operations, promoting memory intrinsics, and handling uninitialised accesses, all stemming from Rust{\textquoteright}s unique compilation strategy. Case studies adapted from real-world programs show RustMC finds concurrency bugs in unsafe Rust code, FFI calls to C/C++, and atomic operations. We evaluate our tool{\textquoteright}s functionality on the Loom model checker test suite and a set of production-level Rust concurrent data structures.",

keywords = "Model Checking, Rust, LLVM",

author = "Ollie Pearce and Julien Lange and Dan O'Keeffe",

year = "2026",

month = mar,

day = "24",

language = "English",

note = "International Conference on Formal Techniques for Distributed Objects, Components, and Systems, FORTE ; Conference date: 08-06-2026 Through 12-06-2026",

}

TY - CONF

T1 - RustMC: Automated Verification of Real-World Concurrent Rust

AU - Pearce, Ollie

AU - Lange, Julien

AU - O'Keeffe, Dan

PY - 2026/3/24

Y1 - 2026/3/24

N2 - RustMC is a stateless model checker that targets push-button verification of unmodified concurrent Rust programs. As both Rust and C/C++ compile to LLVM IR, RustMC builds on GenMC which provides a verification framework for LLVM IR. This allows verification of Rust code and any foreign function dependencies. In this tool paper we present key implementation challenges, use-cases, and an empirical evaluation of RustMC. The challenges include intercepting threading operations, promoting memory intrinsics, and handling uninitialised accesses, all stemming from Rust’s unique compilation strategy. Case studies adapted from real-world programs show RustMC finds concurrency bugs in unsafe Rust code, FFI calls to C/C++, and atomic operations. We evaluate our tool’s functionality on the Loom model checker test suite and a set of production-level Rust concurrent data structures.

AB - RustMC is a stateless model checker that targets push-button verification of unmodified concurrent Rust programs. As both Rust and C/C++ compile to LLVM IR, RustMC builds on GenMC which provides a verification framework for LLVM IR. This allows verification of Rust code and any foreign function dependencies. In this tool paper we present key implementation challenges, use-cases, and an empirical evaluation of RustMC. The challenges include intercepting threading operations, promoting memory intrinsics, and handling uninitialised accesses, all stemming from Rust’s unique compilation strategy. Case studies adapted from real-world programs show RustMC finds concurrency bugs in unsafe Rust code, FFI calls to C/C++, and atomic operations. We evaluate our tool’s functionality on the Loom model checker test suite and a set of production-level Rust concurrent data structures.

KW - Model Checking

KW - Rust

KW - LLVM

M3 - Paper

T2 - International Conference on Formal Techniques for Distributed Objects, Components, and Systems

Y2 - 8 June 2026 through 12 June 2026

ER -