If you install VST via opam, opam will take care of dependency versions.
Otherwise please check:
-
Make sure you have the right version of Coq.
grep ^COQVERSION Makefile
will tell you which versions are compatible.
-
Make sure you have the right version of CompCert. VST 2.6 uses CompCert 3.7 for Coq 8.11 or Coq 8.12
The recommended way to install any library for Coq (including VST) is via the Coq Platform, which is a set of scripts that will do an appropriate opam install for your operating system (Linux, MacOS, Windows). Follow the instructions there (that is, in README.md under Usage) to download the Coq Platform scripts and then follow the OS-specific instructions. After you install via the Coq Platform, you can still use opam commands to adjust your configuration, add more packages, et cetera.
If you install VST via opam, opam will try to install a suitable version of CompCert, Flocq and other dependencies.
opam install coq # best to install coq by opam instead of some other method
opam install coq-vst
AND/OR
opam install coq-vst-64
You can install both the 32 bit and the 64 bit versions of VST and CompCert in parallel. They will be installed in different folders. Please note that the 64 bit variants will be installed in non standard locations and must be included explicitly with -Q or -R options:
<opam-root>/lib/coq-variants/vst64/vst/
<opam-root>/lib/coq-variants/compcert64/compcert/
<opam-root>/variants/compcert64/bin/
<opam-root>/variants/compcert64/lib/
Please also note that some opam supplied versions of CompCert use a version of Flocq distributed with CompCert. This is problematic if you want to verify numerical code which uses tools like CoqInterval or Gappa which also use Flocq. The proofs these tools do might then not be compatible with VST and CompCert. For CompCert 3.7 there is an opam version called
coq-compcert.3.7~coq-platform
coq-compcert-64.3.7~coq-platform
which uses the opam supplied version of Flocq. There is also a version
coq-compcert.3.7~coq-platform~open-source
coq-compcert-64.3.7~coq-platform~open-source
which only contains the dual licensed open source part of CompCert. This is sufficient for learning VST using the example C programs provided. If you want to use VST for your own C code, you need at least clightgen, which is not free software. Please clarify the CompCert license conditions if you want to use clightgen. In case you want to use clightgen, please use this install command:
opam install coq-compcert.3.7~coq-platform coq-vst
AND/OR
opam install coq-compcert-64.3.7~coq-platform coq-vst-64
VST can work with various installations of CompCert and this sequence ensures you get the version you want. If you are an industrial user and want to learn CompCert and ensure you only install open source software, please use this install command:
opam install coq-compcert.3.7~coq-platform~open-source coq-vst
AND/OR
opam install coq-compcert-64.3.7~coq-platform~open-source coq-vst-64
Download the VST sources (by cloning the repo, or by unzipping a release .zip or .tar.gz file).
Then follow this procedure:
- Make sure CompCert and Flocq Coq
.vo
files are installed in<opam-root>/lib/coq/user-contrib/Flocq <opam-root>/lib/coq/user-contrib/compcert AND/OR <root>/lib/coq-variants/compcert64/compcert
This will happen automatically if you use the Coq Platform (or opam directly) to install CompCert.
-
Make sure CompCert clightgen is installed in
<opam-root>/bin AND/OR <opam-root>/variants/compcert64/bin
-
In the VST root source directory (the directory containing the file you are reading), execute this command:
make OR make BITSIZE=64
(or, if you have a multi-core computer,
make -j 16
). You may add the targetfloyd
to just build VST's core without examples and tests.
Please note that if you give options via the make command line, you should
not have a file CONFIGURE
in the VST root folder.
Download the VST sources (by cloning the repo, or by unzipping a release .zip or .tar.gz file).
All options described in this section can be given in 3 ways:
- on the command line of make via
<option>=<value>
- as an environment variable
- as an assignment in a file
CONFIGURE
in the VST root folder Please be sure that you don't mix these methods in unintended ways.
VST make supports the below options to control which CompCert is used:
COMPCERT=platform
: (default) choose 32 or 64 bit platform supplied x86 variant, dependent on BITSIZE, ARCH can be left empty or must be x86COMPCERT=bundled
: build and use bundled 32 or 64 x86 variant, dependent on BITSIZE, ARCH can be left empty or must be x86COMPCERT=bundled_new
: build and use bundled compcert_new 32 or 64 x86 variant, dependent on BITSIZE, ARCH can be left empty or must be x86COMPCERT=src_dir
: build and use in source folder COMPCERT_SRC_DIR the variant specified by ARCH and BITSIZECOMPCERT=inst_dir
: use prebuilt CompCert in COMPCERT_INST_DIR. BITSIZE and ARCH can be left empty or must match
The above settings for COMPCERT are keywords and not placeholders. If required additional information is given with these variables:
COMPCERT_SRC_DIR
: absolute or relative CompCert source pathCOMPCERT_INST_DIR
: usually absolute CompCert installation path or source path with in-place build
If CompCert is built from sources, make sure to give at least one of the following options to CompCert's ./configure script: -clightgen, or -install-coqdev, or -coqdevdir, so that CompCert's compcert.config file is produced for VST to read.
The below options can be given in addition in order to chose the architecture.
If CompCert is built from sources, this configures CompCert accordingly.
If COMPCERT=inst_dir
is chosen, the below options must match the specified
installation if they are given.
If COMPCERT=platform
is chosen, BITSIZE
can be specified, but the architecture
is ignored.
BITSIZE=32
(default)BITSIZE=64
ARCH=x86
: (default) Intel x86, 32 and 64 bitARCH=aarch64
: 64 bit ARM architectureARCH=powerpc
: 32 bit power PC architecture
In case you want to regenerate the clightgen Coq files for the examples, you need to specify an absolute path to a clightgen executable. This is useful in case you want to check the examples for non x86 architectures. Please take care that this matches the given architecture (this is not checked).
CLIGHTGEN=<absolute path for given architecture>/clightgen
The Verified Software Tool-chain is organized into separate sub-projects, each in a separate directory:
msl
- Mechanized Software Libraryexamples
- examples of how to use the msl (not ported to Coq 8.6)compcert
- front end of the CompCert compiler, specification of C lightzlist
- theory of concatenable sublists, and list theory solversepcomp
- the theory and practice of how to specify shared-memory interactionveric
- program logic (and soundness proof) for Verifiable Cfloyd
- tactics for applying the separation logicprogs
- sample programs, with their verifications
The dependencies are:
msl
: no dependency on other directoriesexamples
: mslcompcert
: no dependency on other directorieszlist
- no dependency on other directoriessepcomp
: compcertveric
: msl compcert sepcompfloyd
: msl sepcomp compcert vericprogs
: msl sepcomp compcert veric floyd
In general, we Import using -Q
(qualified) instead of -R
(recursive). This means modules need to be named using qualified names.
Thus, in veric/expr.v
we write Require Import msl.msl_standard
instead of Require Import msl_standard
. To make this work, the loadpaths
need to be set up properly; the file _CoqProject
(built by make _CoqProject
)
shows what -I includes to use.
To use either of these interactive development environments you will need to have the right load path. This can be done by command-line arguments to coqide or coqtop. The precise command-line arguments to use when running CoqIDE or coqc are constructed automatically when when you do "make", in the following files:
_CoqProject-export
: For VST users, running the IDE outside the VST directory_CoqProject
: For VST developers, running the IDE in the VST directory
From the VST root directory, run ./coqide
to run coqide with recommended options.
(Read the script for more info.)
Use the _CoqProject
file generated by the Makefile
(Yes, we know, normally it's the other way 'round, normally one generates
a Makefile from the _CoqProject
.)
If you add a new directory, you will probably want to augment the loadpath
so that qualified names work right. Edit the OTHERDIRS
or VSTDIRS
lines of
the Makefile
.
The VST imports from the CompCert verified C compiler, the definition
of C light syntax and operational semantics. For the convenience of
VST users, the VST/compcert
directory is a copy (with permission) of
the front-end portions of compcert.
You may choose to ignore the VST/compcert
directory and have
the VST import from a build of compcert that you have installed in
another directory, for example, ../CompCert
.
This has not been tested recently, as of August 2017.
To do this, create a file CONFIGURE
containing a definition such as,
COMPCERT=../CompCert
Make sure that you have the right version of CompCert! Check
the file VST/compcert/VERSION
to be sure.
Starting in July 2018, for a limited period of (we hope) only a few months, there is an experimental alternate CompCert basis in compcert_new. To use this, define a CONFIGURE file containing COMPCERT=compcert_new, and make sure to do a "make depend" and "make clean" before (re)building. WARNING: When using compcert_new, the file veric/Clight_core.v is not active; instead concurrency/shim/Clight_core.v is bound to the module path VST.veric.Clight_core.