Crucible is a library for symbolic simulation of imperative programs
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
crucible-c Flesh out SV-COMP API somewhat Sep 18, 2018
crucible-jvm Update what4 and crucible packages to make use of the new Sep 17, 2018
crucible-llvm Remove trailing whitespace. Sep 13, 2018
crucible-saw Remove the `BVTrunc` constructor from crucible-saw and what4-abc. Sep 11, 2018
crucible Add and option to `crucibler` to simulate programs with profiling Sep 17, 2018
scripts Fetch saw-core-what4 from Aug 16, 2018
what4-blt Update what4 and crucible packages to make use of the new Sep 17, 2018
what4 Merge branch 'floating-point' Sep 18, 2018
.gitignore Update .gitignore Apr 24, 2017
.gitmodules commandline app for simulating JAVA with Crucible Aug 6, 2018 fix md formatting Jul 10, 2018
cabal.project Add saw-core-what4 to Cabal project file Aug 7, 2018
stack-travis.yaml Metadata updates. Typos, update copyright dates, etc. Apr 30, 2018


Crucible is a language-agnostic library for performing forward symbolic execution of imperative programs. It provides a collection of data-structures and APIs for expressing programs as control-flow graphs. Programs expressed as CFGs in this way can be automatically explored by the symbolic execution engine. In addition, new data types and operations can be added to the symbolic simulator by implementing fresh primitives directly in Haskell. Crucible relies on an underlying library called What4 that provides formula representations, and connections to a variety of SAT and SMT solvers that can be used to perform verification and find counterexamples to logical conditions computed from program simulation.

Crucible has been designed as a set of Haskell packages organized so that Crucible itself has a minimal number of external dependencies, and functionality independent of crucible can be separated into sub-libraries.

Currently, the repository consists of the following Haskell packages:

  • what4 provides a library for formula representation and communications with satisfiability and SMT solvers (e.g., Yices and Z3).

  • what4-abc provides additional solver support for the ABC circuit synthesis library, which has strong support for equality and satisfiability queries involving boolean circuits.

  • what4-blt provides additional solver support for the BLT solver, which specializes in bounded integer linear problems.

  • crucible provides the core Crucible definitions, including the symbolic simulator and control-flow-graph program representations.

  • crucible-llvm provides translation and runtime support for executing LLVM assembly programs in the Crucible symbolic simulator.

  • crucible-jvm provides translation and runtime support for executing JVM bytecode programs in the Crucible symbolic simulator.

  • crucible-saw provides functionality for generating SAW Core terms from Crucible Control-Flow-Graphs.

In addition, there are the following library/executable packages:

  • crucible-c, a standalone frontend for executing C programs in the crucible symbolic simulator. The front-end invokes clang to produce LLVM bitcode, and runs the resulting programs using the crucible-llvm language frontend. Programs interact directly with the symbolic simulator using the protocol established for the SV-COMP competition.
  • crucible-server, a standalone process that allows constructing and symbolically executing Crucible programs via Protocol Buffers. The crucible-server directory also contains a Java API for connecting to and working with the crucible-server.

The development of major features and additions to crucible is done in separate branches of the repository, all of which are based off master and merge back into it when completed. Minor features and bug fixes are done in the master branch. Naming of feature branches is free-form.

Each library is BSD-licensed (see the LICENSE file in a project directory for details).

Quick start

Crucible is mainly intended to be used as a library for other downstream projects. As such, the build system infrastructure in this repository is relatively minimal. Downstream projects are expected to do the primary work of tracking dependencies, and maintaining a coherent working set of git submodules, etc.

However, for convenience, we provide here some basic support for building crucible in place.

To fetch all the latest git versions of immediate dependencies of libraries in this repository, use the scripts/ shell script. You will find it most convenient to setup public-key login for GitHub before you perform this step.

Now, you may use either stack or cabal new-build to compile the libraries, as you prefer.

stack setup
stack build
cabal update
cabal new-configure
cabal new-build all

If you wish to build crucible-server (which will be built if you build all packages, as above), then the build depends on having hpb in your path. After fetching the dependencies, this can be arranged by entering dependencies/hpb/ and running the following commands:

cabal sandbox init
cabal install --dependencies-only
cabal install
cp ./cabal-sandbox/bin/hpb ⟨EXE_PATH⟩

where ⟨EXE_PATH⟩ is a directory on your $PATH.