Most active commenters
  • nsomani(5)

Show HN: Cuq – Formal Verification of Rust GPU Kernels

(github.com)
51 points nsomani | 36 comments | 22 Oct 25 19:38 UTC | HN request time: 1.47s | source | bottom
1. nsomani ◴[22 Oct 25 19:39 UTC] No.45674137[source]
Hi all, this is a small research prototype I built that connects Rust's MIR (Mid-level IR) to Coq, the proof assistant used for formal verification.

cuq takes the MIR dump of a Rust CUDA kernel and translates it into a minimal Coq semantics that emits memory events, which are then lined up with the PTX memory model formalized by Lustig et al., ASPLOS 2019.

Right now it supports:

* a simple saxpy kernel (no atomics)

* an atomic flag kernel using acquire/release semantics

* a "negative" kernel that fails type/order checking

The goal isn't a full verified compiler yet. It's a first step toward formally checking the safety of GPU kernels written in Rust (e.g. correct use of atomics, barriers, and memory scopes).

Happy to hear thoughts from folks working in Rust verification, GPU compilers, or Coq tooling.

replies(1): >>45675310 #
2. Hexigonz ◴[22 Oct 25 20:48 UTC] No.45674955[source]
This is pretty cool! Are you sure about the name...
replies(5): >>45675054 #>>45675074 #>>45675129 #>>45675214 #>>45677737 #
3. NitpickLawyer ◴[22 Oct 25 20:57 UTC] No.45675054[source]
It's a system where a 3rd party library (aptly named Coq) gets to throughly verify your kernel, and you get to watch it do its thing? I think the name is fitting.
replies(1): >>45675481 #
4. CaptainOfCoit ◴[22 Oct 25 20:59 UTC] No.45675074[source]
I'm getting a ԃҽʝα ʋυ
5. hnuser123456 ◴[22 Oct 25 21:05 UTC] No.45675129[source]
Bonus points if it runs on UNIX
6. skrrtww ◴[22 Oct 25 21:20 UTC] No.45675292[source]
This might be the worst named project of all time. Not funny and demonstrates an absolutely terrible impulse on the part of the author. Probably the worst way possible to advertise your project.

edit: According to the author in a reply, the double entendre was in fact not intentional.

replies(7): >>45675351 #>>45675482 #>>45675644 #>>45675679 #>>45675741 #>>45676302 #>>45676382 #
7. gaogao ◴[22 Oct 25 21:22 UTC] No.45675310[source]
Do you think it might be easier to target cuTile instead of PTX? (Probably not, since it has a less formalized model?)
replies(1): >>45675657 #
8. Dilettante_ ◴[22 Oct 25 21:25 UTC] No.45675351[source]
Maybe this surprises you, but some people have different sensibilities than you do.
9. bitwize ◴[22 Oct 25 21:37 UTC] No.45675481{3}[source]
It's called Rocq now—for this reason.
replies(1): >>45675801 #
10. webdevver ◴[22 Oct 25 21:37 UTC] No.45675482[source]
not at all - its perfectly logical

you are cucking the betabuxxed bugs in your kernels with your BFV (Big Formal Verifier)

11. nsomani ◴[22 Oct 25 21:54 UTC] No.45675644[source]
Oh wow, honestly this caught me off guard - I've been pronouncing it "kook" in my head the whole time.
replies(2): >>45675784 #>>45676972 #
12. nsomani ◴[22 Oct 25 21:55 UTC] No.45675657{3}[source]
That instinct is right. cuTile would be easier to parse but harder to reason about formally.
13. thrownawaysz ◴[22 Oct 25 21:56 UTC] No.45675666[source]
'Yer a cuq, Harry
14. OneDeuxTriSeiGo ◴[22 Oct 25 21:58 UTC] No.45675679[source]
That's not what the name is based on. The name is cu- (as in CUDA kernels) -q (as in coq/rocq). Pronounced Cuke like cucumber.
replies(3): >>45675767 #>>45676270 #>>45676842 #
15. lacker ◴[22 Oct 25 22:05 UTC] No.45675741[source]
They're renaming Coq, too, for the obvious reason.

Just go ahead and rename this project to "Rocuda", save everyone a lot of time arguing about what names are appropriate or not.

16. webdevver ◴[22 Oct 25 22:08 UTC] No.45675767{3}[source]
cuke - it's heaven in a can!
replies(1): >>45677342 #
17. skrrtww ◴[22 Oct 25 22:09 UTC] No.45675784{3}[source]
If this was genuinely unintentional on your part, then bless your heart and I'm sorry for assuming the worst. You might be the least morally corrupted internet user alive today.
replies(1): >>45675866 #
18. sayrer ◴[22 Oct 25 22:10 UTC] No.45675801{4}[source]
Yeah, "coq" is a grade school joke in French class. It just means "rooster" or something in French, but it sounds ridiculous in English. This one has the same problem.

A company with that in the name made the French national team jersey for a while.

https://en.wikipedia.org/wiki/Le_Coq_Sportif

It's Nike now, but it still has a rooster on it.

replies(1): >>45676777 #
19. nsomani ◴[22 Oct 25 22:17 UTC] No.45675866{4}[source]
I think I've just spent too much time reading the word "CUDA" that I read "cu" as "koo", lol.
20. ironmagma ◴[22 Oct 25 23:04 UTC] No.45676270{3}[source]
There is a reason they renamed Coq to Rocq.
replies(1): >>45677848 #
21. kurtis_reed ◴[22 Oct 25 23:08 UTC] No.45676302[source]
What's so bad about it?
replies(1): >>45676764 #
22. antonvs ◴[22 Oct 25 23:19 UTC] No.45676382[source]
You know you're spending too much time on dubious sites when ...
replies(1): >>45676616 #
23. nvader ◴[22 Oct 25 23:52 UTC] No.45676616{3}[source]
Not really, unfortunately the word hovers in the comment sections of mainstream American political discourse.
replies(1): >>45677366 #
24. kelseyfrog ◴[23 Oct 25 00:14 UTC] No.45676764{3}[source]
Take a seat in the chair
25. ModernMech ◴[23 Oct 25 00:16 UTC] No.45676778[source]
Two step guide to naming programming languages.

Step 1: Make sure no other programming language has the name you want.

Step 2: Make sure the name you want isn't a slur or rude word in all the languages your audience will write in. Be sure to check misspellings and homophones.

Optional 3rd step is to make sure the name lends itself to a cute animal mascot. For this project, I dunno maybe a corner chair is the mascot.

26. OneDeuxTriSeiGo ◴[23 Oct 25 00:16 UTC] No.45676777{5}[source]
To be entirely fair cock (which surprisingly isn't actually derived from french but from english's germanic roots) also means rooster in english as well.
27. Aloisius ◴[23 Oct 25 00:26 UTC] No.45676842{3}[source]
I think I must pronounce cucumber differently than you.

I'd expect cuke, if pronounced like cucumber would be queueck or cuck depending on which cu in cucumber you're using.

However I pronounce CUDA koo-da so cuq would be pronounced perhaps like kook.

28. skavi ◴[23 Oct 25 00:49 UTC] No.45676972{3}[source]
It's your project, but with the current name I'd expect this thread to be duplicated any time the project is discussed.
29. spartanatreyu ◴[23 Oct 25 01:55 UTC] No.45677342{4}[source]
For anyone who doesn't understand the reference, it's from the IT Crowd and the entire episode is on youtube: https://www.youtube.com/watch?v=VuTMphDrc4A
30. antonvs ◴[23 Oct 25 01:58 UTC] No.45677366{4}[source]
I suppose it depends on one's definition of "dubious sites".
31. ahallock ◴[23 Oct 25 03:00 UTC] No.45677737[source]
Aren't we more mature than this? Granted, it's the first thing I thought of as well
32. bigstrat2003 ◴[23 Oct 25 03:23 UTC] No.45677848{4}[source]
Yeah, because people are overly sensitive and can't bear the thought that someone might make some harmless naughty jokes. It's a completely ridiculous name change.
replies(2): >>45677864 #>>45677959 #
33. ironmagma ◴[23 Oct 25 03:26 UTC] No.45677864{5}[source]
No. Conversions about it were being avoided due to being in a work context and in general. The same goes for coc (vim plugin) by the way.
34. nickpsecurity ◴[23 Oct 25 03:45 UTC] No.45677959{5}[source]
One of my coworkers uses Siri to say what they want to search for. I'm definitely not saying: "Hey, Siri, show me examples of using Coq."

Then, users of search engines will add "training," "in the workplace," "visual guide," "positions," "freelance work with," etc. Everything people use with programming languages or book titles becomes inappropriate with that name.

Maybe if I worked on a chicken farm it would be OK. I'm in the hotel and retail industries doing a mix of hands-on work and customer service. You'll never hear me tell my bosses I was using that on the job. Or spending hours alone with Isabelle for that matter. HOL4 & HOL Light it is!

35. orliesaurus ◴[23 Oct 25 03:55 UTC] No.45678023[source]
Reading through this thread, it seems the naming debate is taking up most of the oxygen, but the underlying technical goal behind the project is worth highlighting. Formal verification for GPU kernels could make massively parallel Rust code safer and more reliable as more workloads move onto GPUs. Race conditions and undefined behaviors in GPU programming are notoriously tricky to reason about;

HOWEVER, I'm curious whether a proof‑driven approach like this can scale beyond toy examples or specific hardware assumptions. If so, it might set a precedent for bringing formal methods to other low‑level domains too......