CertiRocq is a compiler for Gallina, the specification language of the Rocq Prover. CertiRocq targets WebAssembly and Clight, a subset of the C language that can be compiled with any C compiler, including the CompCert verified compiler.
Large parts of the CertiRocq compiler have been verified whereas others are in the process of being verified.
The CertiRocq Wiki has instructions for using the CertiRocq plugin to compile Gallina to C and interfacing with the generated C code.
You can also find some demos here and here.
See INSTALL.md for installation instructions.
Yannick Forster, Joomy Korkut, Zoe Paraskevopoulou, and Matthieu Sozeau.
Andrew Appel, Abhishek Anand, Anvay Grover, John Li, Greg Morrisett, Randy Pollack, Olivier Savary Belanger, Matthew Weaver
CertiRocq is open source and distributed under the MIT license.
theories/contains the sources of the compilerplugin/contains the CertiRocq plugin for Rocqbenchmarks/contains the benchmark suiteglue/contains the glue code generatorbootstrap/contains the bootstrapped CertiRocq plugin for Rocq and a CertiRocq-compiled variant of MetaRocq's safe type checker.
Structure of the theories directory:
theories/common: contains common code utilitiestheories/Compiler: contains the toplevel CertiRocq pipelinetheories/LambdaBoxMut: mutual inductive version of MetaRocq's LambdaBox erased languagetheories/LambdaBoxLocal: variant where deBruijn indices are represented usingNinstead ofnat. The transformation from LambdaBoxMut let-binds the definitions in the environment to produce a closed term.theories/LambdaANFcontains the λANF pipeline (and conversions -- direct and LambdaANF -- to λANF)theories/Codegencontains the C code generator.theories/CodegenWasmcontains the Wasm code generator.
We use github's issue tracker to keep track of bugs and feature requests.