VeruSAGE: A Study of Agent-Based Verification for Rust Systems
For developers of verified system software, this work demonstrates that LLMs can automate a significant portion of proof generation, potentially reducing manual verification effort.
The paper studies LLMs' ability to prove correctness of Rust system software, introducing a benchmark of 849 proof tasks. The best LLM-agent combination completes over 80% of benchmark tasks and over 90% of previously unsolved human-expert tasks.
Large language models (LLMs) have shown impressive capability to understand and develop code. However, their capability to rigorously reason about and prove code correctness remains in question. This paper offers a comprehensive study of LLMs' capability to develop correctness proofs for system software written in Rust. We curate a new system-verification benchmark suite, VeruSAGE-Bench, which consists of 849 proof tasks extracted from eight open-source Verus-verified Rust systems. Furthermore, we design different agent systems to match the strengths and weaknesses of different LLMs (o4-mini, GPT-5, Sonnet 4, and Sonnet 4.5). Our study shows that different tools and agent settings are needed to stimulate the system-verification capability of different types of LLMs. The best LLM-agent combination in our study completes over 80% of system-verification tasks in VeruSAGE-Bench. It also completes over 90% of a set of system proof tasks not part of VeruSAGE-Bench because they had not yet been finished by human experts. This result shows the great potential for LLM-assisted development of verified system software.