Status of matita port of CompCert 1.6 C semantics
=================================================

Last seen working with matita svn r10890.

- Most of the memory model has been ported (common/Mem.v -> Mem.ma).
---|
The main exception is minor arithmetic results than were proven with
---|
omega, which we hope to prove using matita's automation at some
---|
point.

- The memory model is executable; some small tests can be found in
---|
test/memorymodel.ma. Note that the handling of integer values is
axiomatised, so conversions are not yet evaluated.

- The C syntax has been ported, minus a few lemmas that are not used by
---|
the semantics.

- Most of the small-step C semantics has been ported, although much of the
---|
underlying arithmetic and environment functions are only present as axioms,
---|
including the type of identifiers.

- Nonetheless, this is sufficient to show the semantics of a trivial C program
---|
in test/trivial.ma.

- A collection of definitions and lemmas that probably ought to be in
---|
matita's standard library can be found in extralib.ma.

- Some of the machine integers (i.e., integers modulo) results are
---|
given as axioms in Integers.ma. Implementing them should be routine now that
---|
we have a binary representation of integers. The CompCert version is given
---|
as a functor on the word size - we don't have an equivalent of this yet.

* Some experimental work on an executable semantics has been started in
---|
Cexec.ma. At present only a small subset of expressions and statements
---|
are handled.

* The patch in compcert-1.7.1-matita.patch adds a -dmatita option to
---|
output a matita file containing a definition for the C program.
---|
Note that there must be a "main" function. (This was made against
---|
1.7.1 for convenience - the Clight syntax is the same as 1.6.)

There is a more recent version of compcert available with a revised memory
---|
model that may be more closely suited to our needs.
---|

matita issues and workarounds
-----------------------------

No unfold tactic yet; use reduction or rewriting instead.

Normalization of term containing large definitions (such as some of the
Integers library) can be prohibitive. This is a particular problem because
---|
ndestruct currently normalizes the goal and every hypothesis that is rewritten.
---|
For ndestruct, getting rid of irrelevant information (e.g., replacing the goal
---|
with False) sometimes helps, an extra lemma can be used, or the definitions
---|
can make careful use of 'nlet rec' to prevent reduction.

Some of the pattern matching in the C syntax has had to be unfolded in
---|
a rather unpleasant way (where matching on pairs was used in the original).

The use of records in place of modules is a little delicate: large records
---|
tend to use a lot of memory and processor at the moment, and the names of the
---|
fields tend to clash a lot.

The lack of sections has been replaced by duplicating the variables in some
---|
places, and adding a record in others.

The meminj_no_overlap definition in Mem.ma uses the logical Or explicitly
---|
rather than the ∨ notation to regain reasonable performance. (This is
---|
presumably due to disambiguation - the notation is also used for booleans.)

There are a couple of places in Mem.ma where rewriting had to be done carefully
---|
to avoid assertions during unification; I'm not really sure what the problem
---|
is.

Detail per-file
---------------

AST.ma
---|

Program transformation sections left alone.

Coqlib.ma

Only essential parts:
---|
- align
---|
- some 2^n lemmas (which could go into the binary libraries)
---|
- option_map
---|
- parts of list disjointness and non-repetition
---|

Csem.ma

---|
The small step semantics have been ported. None of the big step semantics or
---|
the equivalence proof has been ported.

Csyntax.ma
---|

---|
Everything except for a few minor definitions / lemmas that are not required
---|
by the semantics.

Errors.ma
---|

---|
Only a basic definition without error messages.

Events.ma
---|

---|
Most of the definitions; haven't needed many of the lemmas yet.

Floats.ma
---|

---|
Axiomatised, but so was the original!

Globalenvs.ma
---|

---|
Basic definition only.

Integers.ma
---|

---|
Most of the operations have been ported, although some have been left as
---|
axioms because the underlying operation is not present. The use of the
---|
Coq module system to abstract over the word size has been left out for
---|
now.

Maps.ma
---|

---|
Only a basic definition.

Mem.ma
---|

---|
Everything except for omega in proofs.
---|

Smallstep.ma

---|
Ported definitions for multiple steps and program behaviour; left
---|
alternative definitions, some lemmas, plus simulations sections for later.

Values.ma
---|

---|
The definitions about values which don't rely on arithmetics operations that
---|
haven't been ported yet are done. The other definitions and most of the
---|
lemmas still remain to be done.


