Existing formal semantic models for Rust fail to precisely capture ownership and borrowing rules—particularly for composite types, function signatures, and cyclic data structures. To address this, we propose Place Capability Graphs (PCG), the first computable, fully expressive formal semantics for Rust, grounded directly in the compiler’s HIR and MIR. PCG uniformly represents memory locations and their associated capabilities (e.g., ownership, mutability, aliasing permissions) as a directed graph, enabling precise static reasoning and fine-grained alias analysis. We have integrated PCG into the Flowistry and Prusti verification toolchains; it covers over 98% of functions across widely used crates. This integration significantly improves both verification coverage and precision. PCG thus establishes the first scalable, high-fidelity, industrially viable unified semantic foundation for formal verification of Rust programs.

Rust's novel type system has proved an attractive target for verification and program analysis tools, due to the rich guarantees it provides for controlling aliasing and mutability. However, fully understanding, extracting and exploiting these guarantees is subtle and challenging: existing models for Rust's type checking either support a smaller idealised language disconnected from real-world Rust code, or come with severe limitations in terms of precise modelling of Rust borrows, composite types storing them, function signatures and loops. In this paper, we present a novel model of Rust's type-checking called Place Capability Graphs, which lifts these limitations, and which can be directly calculated from the Rust compiler's own programmatic representations and analyses. We demonstrate that our model supports over 98% of Rust functions in the most popular public crates, and show its suitability as a general-purpose basis for verification and program analysis tools by developing promising new prototype versions of the existing Flowistry and Prusti tools.