Comments (10)
@zhassan-aws you might be interested in this
from aeneas.
@msprotz @R1kM I'm interested in your feedback.
from aeneas.
I will read in more detail later but for now my feedback is that this needs to remain a modular, type-based analysis, so an attribute on the function seems like a nice way for the user to indicate that a more direct translation is in order, and will allow generating correct code from the caller's perspective without having to inspect the body of the callee.
For traits, this might require an attribute on the trait definition itself.
Thoughts?
from aeneas.
Using attributes to indicate the effect is indeed a general, modular way of directing the translation.
And I agree with the idea of annotating trait definitions, or rather trait methods.
For now I'm really hesitating between triggering the simplification with attributes only, or giving the possibility (for instance with a CLI option) of always simplifying when possible.
from aeneas.
triggering the simplification with attributes only
One difficulty here would be for functions in external dependencies, which would not be possible/easy to annotate.
from aeneas.
What happens if the simplification criterion gets improved and starts detecting more functions? Would this break proofs that depended on the previous behavior?
from aeneas.
I like the idea of using attributes, as this also paves the way towards more expressive "effects".
Regarding your idea of simplifying through micro-passes in the pure model, wouldn't you need a whole-program analysis to do this? In this case, considering for now the single-crate case, could a first part of the analysis be performed during the SymbolicToPure translation (i.e., annotating functions with the can/cannot_fail attribute), to later be simplified in a modular fashion?
from aeneas.
triggering the simplification with attributes only
One difficulty here would be for functions in external dependencies, which would not be possible/easy to annotate.
Yes, that's an issue. But I was thinking that we could provide a file which describes the effects of the external dependencies, a bit like what we're doing today (though the behavior is hardcoded in ExtractBuiltin.ml
at this point).
from aeneas.
I like the idea of using attributes, as this also paves the way towards more expressive "effects". Regarding your idea of simplifying through micro-passes in the pure model, wouldn't you need a whole-program analysis to do this? In this case, considering for now the single-crate case, could a first part of the analysis be performed during the SymbolicToPure translation (i.e., annotating functions with the can/cannot_fail attribute), to later be simplified in a modular fashion?
This is likely what would happen if we're using attributes.
But I'd rather not do too many analyses in SymbolicToPure because this file became a lot more complex than what I had expected, and is not really modular. There are actually severao simplifications which happen there that I would like to move to the micro-passes for this reason.
from aeneas.
What happens if the simplification criterion gets improved and starts detecting more functions? Would this break proofs that depended on the previous behavior?
Yes, it will likely break proofs. But how badly would it break the proofs, I'm not sure. On the other hand, if we (allow the user to) control the simplification with attributes, I think it's ok.
from aeneas.
Related Issues (20)
- `menhir` installation required/`ocamlformat` not found? HOT 1
- Make test in aeneas repository does not work HOT 1
- Add Negative Tests HOT 1
- Add support for mutually recursive trait declarations
- Structure which leads to one inductive constructors are not structures in Lean HOT 1
- `progress ... with` require a context hypothesis to proceed in some cases
- Add support for nested borrows in function signatures
- Make the test suite standalone
- Generate projectors for recursive structs during Lean extraction HOT 1
- Add a micro-pass to simplify array updates
- Print the name pattern in the error message when a declaration has to be ignored because of an error HOT 1
- Add a test with matches over integers
- Hide rustc hash in paths HOT 2
- Add test for recursive structs projectors
- Test the different approaches to statefulness HOT 1
- Add an issue template
- Add headers to the copied Primitives.{fst,v} files HOT 1
- Check charon pin in CI
- Cleanup remaining tests
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aeneas.