summaryrefslogtreecommitdiff
path: root/README.md
diff options
context:
space:
mode:
authorSidney Congard2022-06-30 14:54:15 +0200
committerSidney Congard2022-06-30 14:54:15 +0200
commitfdbbb82ff89b1d5141ec63bc2385936da3de3616 (patch)
treed48e3fa933280e8a275d2cfdab8f126e920e5f13 /README.md
parent47691de8fe3dc32a29663d4d8343eb415ce1d81e (diff)
parent4f33892c81cdaf6aefaad9b7cef1456dcfead67c (diff)
Merge branch 'main' of github.com:Kachoc/aeneas into constants-v2
Complete the constants extraction by making all functions fail
Diffstat (limited to '')
-rw-r--r--README.md21
1 files changed, 9 insertions, 12 deletions
diff --git a/README.md b/README.md
index f31ae3b0..c7b98b5e 100644
--- a/README.md
+++ b/README.md
@@ -11,10 +11,10 @@ Wall in Pompei, digital image from Michael Lahanis.
# Aeneas
-Aeneas is a compiler from LLBC, a language inspired by Rust's MIR, to pure lambda calculus.
-It is intended to be used in combination with [Charon](https://github.com/Kachoc/charon),
-which compiles Rust programs to LLBC, to allow the verification of Rust programs in
-proof assistants. It currently has a backend for the [F\*](https://www.fstar-lang.org)
+Aeneas is a verification toolchain for Rust programs. It relies on a translation from Rusts's MIR
+internal language to a pure lamdba calculus. It is intended to be used in combination with
+[Charon](https://github.com/Kachoc/charon), which compiles Rust programs to an intermediate
+representation called LLBC. It currently has a backend for the [F\*](https://www.fstar-lang.org)
theorem prover, and we intend to add backends for other provers such as
[Coq](https://coq.inria.fr/), [HOL4](https://hol-theorem-prover.org/) or
[LEAN](https://leanprover.github.io/).
@@ -73,14 +73,11 @@ We have the following limitations, that we plan to address one by one:
issue. We intend to quickly address the issue for types (i.e., allow `Option<&mut T>`),
and later address it for functions (i.e., allow `f<&mut T>` - we consider this to
be less urgent).
-- **no nested borrows in function signatures**. See the paper for a detailed
- discussion. We might allow nested borrows while forbiding what we call
- "borrow overwrites" (see the paper) as a first step towards supporting this feature.
+- **no nested borrows in function signatures**: ongoing work.
- **no interior mutability**: long-term effort. Interior mutability introduces
- true aliasing: we will probably have to combine our pure lambda calculus
- with separation logic to address this.
- Note that interior mutability is mostly anecdotal in sequential execution,
- but necessary for concurrent execution (it is exploited by the synchronisation
- primitives).
+ true aliasing: we will probably have to use a low-level memory model to address
+ this issue.
+ Note that interior mutability is truely necessary for concurrent execution (it
+ is exploited to implement the synchronisation primitives).
- **no concurrent execution**: long-term effort. We plan to address coarse-grained
parallelism as a long-term goal.