Q2. What have the authors stated for future works in "A verified compcert front-end for a memory model supporting pointer arithmetic and uninitialised data" ?
As future work, the authors shall study how to adapt the back-end of CompCert. In spite of the remaining difficulties, the authors believe that the full CompCert compiler can be ported to their novel memory model. This would improve further the confidence in the generated code.
Q3. Why does the simulation require that the program have defined semantics in SClight?
Because the memory is infinite is CClight, this program has defined semantics and the simulation the authors are trying to prove requires that this program have defined semantics in SClight as well.
Q4. How does the proof accommodate for the size of the variables?
Note that to accommodate for alignment and padding the stack frame might allocate more bytes than the size of the variables themselves.
Q5. What is the solution to normalise symbolic values?
The solution is to normalise symbolic values in a more eager manner i.e. before any write into memory or into a register, and only keep symbolic values when the normalisation fails.
Q6. How do the authors decode a list of smemvals?
This is done by converting each smemval into a symbolic value, and then concatenating those symbolic values: the concat function recovers the 64-bit bitvector that represents the original symbolic value, and the decode function applies the from_bits function to the result of concat with the appropriate chunk.
Q7. What is the meaning of normalising a symbolic value into a pointer?
Algorithm 2 explains how the authors normalise symbolic values into pointers, and is based on the fact that a symbolic value sv can only have ptr(b, o) as normalisation if b appears syntactically in sv.
Q8. What is the function that checks that all the blocks fit in memory?
The algorithm checks that all the blocks fit in memory by running the function fresh_addr which constructs as witness a valid concrete memory cm and returns the first fresh address addr.
Q9. Why does the function is_aligned simplify to 3 == 0?
Because of the alignment constraints on the block b, this symbolic value simplifies to 3 == 0, which in turn evaluates to int(0).
Q10. Why are certain undefined behaviours introduced in C?
certain undefined behaviours of C were introduced on purpose to ease either the portability of the language across platforms or the development of efficient compilers.
Q11. what is the motivation of the current handling of bit-fields in compcert?
Another motivation is illustrated by the current handling of bit-fields in CompCert: they are emulated in terms of bit-level operations by an elaboration pass preceding the formally-verified front-end.