{"id":47115451,"url":"https://github.com/pulseengine/synth","last_synced_at":"2026-05-30T07:01:18.812Z","repository":{"id":339530274,"uuid":"1097775144","full_name":"pulseengine/synth","owner":"pulseengine","description":"Synth — WebAssembly component synthesizer for ARM Cortex-M and RISC-V. Part of the PulseEngine toolchain.","archived":false,"fork":false,"pushed_at":"2026-03-01T10:38:08.000Z","size":1948,"stargazers_count":0,"open_issues_count":8,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-03-01T11:19:23.742Z","etag":null,"topics":["arm","bazel","compiler","embedded","formal-verification","rocq","webassembly"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pulseengine.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"ROADMAP.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-11-16T19:57:17.000Z","updated_at":"2026-03-01T10:38:11.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/pulseengine/synth","commit_stats":null,"previous_names":["pulseengine/synth"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/pulseengine/synth","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulseengine%2Fsynth","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulseengine%2Fsynth/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulseengine%2Fsynth/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulseengine%2Fsynth/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pulseengine","download_url":"https://codeload.github.com/pulseengine/synth/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pulseengine%2Fsynth/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30439122,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-12T14:34:45.044Z","status":"ssl_error","status_checked_at":"2026-03-12T14:09:33.793Z","response_time":114,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["arm","bazel","compiler","embedded","formal-verification","rocq","webassembly"],"created_at":"2026-03-12T18:58:26.718Z","updated_at":"2026-05-30T07:01:18.782Z","avatar_url":"https://github.com/pulseengine.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cdiv align=\"center\"\u003e\n\n# Synth\n\n\u003csup\u003eWebAssembly-to-ARM/RISC-V AOT compiler with mechanized correctness proofs\u003c/sup\u003e\n\n\u0026nbsp;\n\n[![CI](https://github.com/pulseengine/synth/actions/workflows/ci.yml/badge.svg)](https://github.com/pulseengine/synth/actions/workflows/ci.yml)\n[![codecov](https://codecov.io/gh/pulseengine/synth/graph/badge.svg)](https://codecov.io/gh/pulseengine/synth)\n![Rust](https://img.shields.io/badge/Rust-CE422B?style=flat-square\u0026logo=rust\u0026logoColor=white\u0026labelColor=1a1b27)\n![WebAssembly](https://img.shields.io/badge/WebAssembly-654FF0?style=flat-square\u0026logo=webassembly\u0026logoColor=white\u0026labelColor=1a1b27)\n![License: Apache-2.0](https://img.shields.io/badge/License-Apache--2.0-blue?style=flat-square\u0026labelColor=1a1b27)\n\n\u0026nbsp;\n\n\u003ch6\u003e\n  \u003ca href=\"https://github.com/pulseengine/meld\"\u003eMeld\u003c/a\u003e\n  \u0026middot;\n  \u003ca href=\"https://github.com/pulseengine/loom\"\u003eLoom\u003c/a\u003e\n  \u0026middot;\n  \u003ca href=\"https://github.com/pulseengine/synth\"\u003eSynth\u003c/a\u003e\n  \u0026middot;\n  \u003ca href=\"https://github.com/pulseengine/kiln\"\u003eKiln\u003c/a\u003e\n  \u0026middot;\n  \u003ca href=\"https://github.com/pulseengine/sigil\"\u003eSigil\u003c/a\u003e\n\u003c/h6\u003e\n\n\u003c/div\u003e\n\n\u0026nbsp;\n\nSynth is an ahead-of-time compiler from WebAssembly to ARM Cortex-M machine code. It produces bare-metal ELF binaries targeting embedded microcontrollers. The compiler handles i32, i64 (via register pairs), f32 (via VFP), control flow, and memory operations. Mechanized correctness proofs in [Rocq](https://rocq-prover.org/) cover the i32 instruction selection; i64/float/SIMD proofs are not yet done.\n\n**This is pre-release software.** It has not been tested on real hardware. The generated ARM code passes unit tests and compiles 227/257 WebAssembly spec test files, but execution on Cortex-M silicon is unverified. Use at your own risk.\n\nPart of [PulseEngine](https://github.com/pulseengine) -- a WebAssembly toolchain for safety-critical embedded systems:\n\n| Project | Role |\n|---------|------|\n| [**Synth**](https://github.com/pulseengine/synth) | WASM-to-ARM AOT compiler with Rocq proofs |\n| [**Loom**](https://github.com/pulseengine/loom) | WASM optimizer with Z3 verification |\n| [**Meld**](https://github.com/pulseengine/meld) | WASM Component Model static fuser |\n| [**Kiln**](https://github.com/pulseengine/kiln) | WASM runtime for safety-critical systems |\n| [**Sigil**](https://github.com/pulseengine/sigil) | Supply chain attestation and signing |\n\n## Customer narrative\n\nSynth's pitch is that **functional safety is a certification problem, not a\nprocessor problem**: the right unit of evidence is verifiable code\ngeneration from a small, well-defined source language (WASM) to a small,\nwell-defined target ISA (Thumb-2 / RV32), not a verified silicon core. That\nframing has external academic validation in\n[Andreasyan et al., 2026](https://arxiv.org/abs/2604.17391) — *\"RISC-V\nFunctional Safety for Autonomous Automotive Systems: An Analytical Framework\nand Research Roadmap for ML-Assisted Certification\"* — which argues that\n\"the strongest outcome is not a faster core, but an ASIL-D-ready\ncertifiable RISC-V platform,\" and positions the certification workflow\n(diagnostic coverage, ISO 26262 / ISO 21448 / ISO/SAE 21434 alignment) as\nthe primary deliverable. Synth contributes the codegen half of that\nworkflow: a compiler whose lowering steps come with mechanized proofs and\nan explicit\n[Spectre / speculative-execution policy](docs/spectre-policy.md) per\nlowering rule.\n\n## Installation\n\n### From source (Cargo)\n\nRequires Rust 1.88+ (edition 2024).\n\n```bash\ngit clone https://github.com/pulseengine/synth.git\ncd synth\ncargo build --release -p synth-cli\n```\n\nThe binary is at `target/release/synth`. Add it to your PATH or invoke directly.\n\n### With Bazel\n\nBazel 8.x builds Rust, Rocq proofs, and Renode emulation tests hermetically via Nix.\n\n```bash\nbazel build //crates:synth\n```\n\n## Quick Start\n\n```bash\n# Compile a WAT file to a Cortex-M ELF binary\nsynth compile examples/wat/simple_add.wat --cortex-m -o firmware.elf\n\n# Disassemble the result\nsynth disasm firmware.elf\n```\n\nTo use Z3 translation validation, rebuild with the `verify` feature (requires Z3 on your system):\n\n```bash\ncargo build --release -p synth-cli --features verify\nsynth verify examples/wat/simple_add.wat firmware.elf\n```\n\n## Features\n\n| Category | Status | Notes |\n|----------|--------|-------|\n| i32 arithmetic, bitwise, comparison, shift/rotate | **Tested** | Full Rocq T1 proofs, Renode execution tests |\n| i64 arithmetic (register pairs) | **Tested** | ADDS/ADC, SUBS/SBC, UMULL; unit tests only |\n| f32 via VFP | Implemented | Requires FPU-equipped target (M4F, M7); Rocq T2 existence proofs |\n| f64 via VFP | Not implemented | Decoded but rejected by instruction selector |\n| WASM SIMD via ARM Helium MVE | Experimental | Cortex-M55 only; encoding untested on hardware |\n| Control flow (block, loop, if/else, br, br_table) | **Tested** | Renode execution tests, complex test suite |\n| Function calls (direct, indirect) | Implemented | Unit tests; inter-function calls not Renode-tested |\n| Memory (load/store, sub-word, size/grow) | Implemented | memory.grow returns -1 on embedded (fixed memory) |\n| Globals, select | Implemented | R9-based globals; unit tests only |\n| ELF output with vector table | Implemented | Thumb bit set on symbols; not linked on real hardware |\n| Linker scripts (STM32, nRF52840, generic) | Implemented | Generated, not tested with real boards |\n| Cross-compilation (`--link` flag) | Implemented | Requires `arm-none-eabi-gcc` in PATH; not CI-tested |\n| Rocq mechanized proofs | 233 Qed / 10 Admitted | i32 T1 proofs; division/constant proofs re-admitted for trap guard alignment |\n| Z3 translation validation | 53 tests passing | Covers i32 arithmetic and comparison rules |\n| WebAssembly spec test suite | 227/257 compile | Compilation only — not executed on emulator |\n\n### What doesn't work yet\n\n- **No real hardware testing** — all testing is unit tests and Renode emulation\n- **No multi-memory** — fused components from meld need single-memory mode\n- **No WASI on embedded** — kiln-builtins crate doesn't exist yet\n- **No component model execution** — components compile but can't run without kiln-builtins + cabi_realloc\n- **Register allocator is naive** — wrapping allocation with reserved register exclusion, no graph coloring\n- **No tail call optimization** — return_call compiles but doesn't optimize the call frame\n- **SIMD/Helium is untested** — MVE instruction encoding implemented but never run on M55 silicon or emulator\n\n## Usage\n\n### Compile WASM/WAT to ARM ELF\n\n```bash\n# Compile a WAT file to an ARM ELF binary\nsynth compile examples/wat/simple_add.wat -o add.elf\n\n# Compile with a built-in demo (add, mul, calc, calc-ext)\nsynth compile --demo add -o demo.elf\n\n# Compile a complete Cortex-M binary (vector table, startup code)\nsynth compile examples/wat/simple_add.wat --cortex-m -o firmware.elf\n\n# Compile all exported functions\nsynth compile input.wat --all-exports -o multi.elf\n\n# Compile and formally verify the translation\nsynth compile input.wat --verify -o verified.elf\n```\n\n### Disassemble\n\n```bash\nsynth disasm add.elf\n```\n\n### Translation validation\n\n```bash\n# Standalone verification: check that an ELF faithfully preserves WASM semantics\nsynth verify input.wat output.elf\n```\n\n### List backends\n\n```bash\nsynth backends\n```\n\n## Compilation Pipeline\n\n```mermaid\ngraph LR\n    A[\"WAT / WASM\"] --\u003e B[\"Parse \u0026\u003cbr/\u003eDecode\"]\n    B --\u003e C[\"Instruction\u003cbr/\u003eSelection\"]\n    C --\u003e D[\"Peephole\u003cbr/\u003eOptimizer\"]\n    D --\u003e E[\"ARM\u003cbr/\u003eEncoder\"]\n    E --\u003e F[\"ELF\u003cbr/\u003eBuilder\"]\n    F --\u003e G[\"ARM ELF\u003cbr/\u003eBinary\"]\n\n    style A fill:#654FF0,color:#fff\n    style G fill:#CE422B,color:#fff\n```\n\n**Pipeline stages:**\n\n1. **Parse** -- decode WASM binary or WAT text via `wasmparser`/`wat` crates\n2. **Instruction selection** -- pattern-match WASM ops to ARM instruction sequences (i32, i64, f32, f64, SIMD)\n3. **Peephole optimization** -- redundant-op elimination, NOP removal, instruction fusion, constant propagation (0-25% code reduction)\n4. **ARM encoding** -- emit 32-bit ARM / Thumb-2 machine code\n5. **ELF builder** -- produce ELF32 with `.text`, `.isr_vector`, `.data`, `.bss`, symbol table; optional vector table and reset handler for Cortex-M\n\n## Formal Verification\n\n### Verification status\n\nPer the [PulseEngine Verification Guide](https://pulseengine.eu/guides/VERIFICATION-GUIDE.md), projects target multi-track verification. Current status:\n\n| Track | Status | Coverage |\n|-------|--------|----------|\n| **Rocq** | Partial | 233 Qed / 10 Admitted — division proofs re-admitted for trap guard alignment |\n| **Kani** | Starting | 18 bounded model checking harnesses for ARM encoder |\n| **Verus** | Starting | 8 spec functions in `synth-synthesis/src/contracts.rs`; Bazel integration via `rules_verus` |\n| **Lean** | Not started | — |\n\nSee `artifacts/verification-gaps.yaml` for the detailed gap analysis (VG-001 through VG-008).\n\n### Rocq proof suite\n\nMechanized proofs in Rocq 9 show that `compile_wasm_to_arm` preserves WASM semantics for each operation. The proof suite lives in `coq/Synth/` and covers ARM instruction semantics, WASM stack-machine semantics, and per-operation correctness theorems.\n\n```\n233 Qed  /  10 Admitted\n  T1: 35 result-correspondence (ARM output = WASM result)  — i32 only\n  T2: 142 existence-only (ARM execution succeeds, no result claim)\n  T3: 10 admitted (4 division trap guards, 1 constant encoding, 2 examples,\n                    2 ArmRefinement Sail, 1 Integers.v Rocq 9 migration)\n  Infrastructure: 56 (integer properties, state lemmas, flag lemmas, semantics helpers)\n```\n\nOnly i32 arithmetic/bitwise operations have full T1 (result-correspondence) proofs. Division proofs were re-admitted after updating Compilation.v to emit trap guard sequences (CMP+BCondOffset+UDF) matching the actual compiler — the sequential exec_program model needs PC-relative branching support to verify these. The i64, f32, f64, and SIMD instruction selection has T2 existence proofs but not T1 result-correspondence.\n\nBuild the proofs:\n\n```bash\n# Hermetic build via Bazel + Nix\nbazel test //coq:verify_proofs\n\n# Or locally with Rocq 9\ncd coq \u0026\u0026 make proofs\n```\n\nSee [coq/STATUS.md](coq/STATUS.md) for the per-file coverage matrix.\n\n### Z3 SMT translation validation\n\nThe `synth-verify` crate encodes WASM and ARM semantics as Z3 formulas and checks per-rule equivalence. The `--verify` CLI flag invokes this after compilation; `synth verify` provides standalone validation. 53 Z3 verification tests pass in CI.\n\n## Crate Map\n\n| Crate | Purpose |\n|-------|---------|\n| `synth-cli` | CLI entry point (`synth compile`, `synth verify`, `synth disasm`) |\n| `synth-core` | Shared types, error handling, `Backend` trait, WASM decoder |\n| `synth-frontend` | WASM Component Model parser and validator |\n| `synth-backend` | ARM Thumb-2 encoder, ELF builder, vector table, linker scripts, MPU |\n| `synth-backend-awsm` | aWsm backend integration (WASM-to-native via aWsm) |\n| `synth-backend-wasker` | Wasker backend integration (WASM-to-Rust transpiler) |\n| `synth-synthesis` | WASM-to-ARM instruction selection, peephole optimizer, pattern matcher |\n| `synth-cfg` | Control flow graph construction and analysis |\n| `synth-opt` | IR-level optimization passes (CSE, constant folding, DCE) |\n| `synth-verify` | Z3 SMT translation validation |\n| `synth-analysis` | SSA, control flow analysis, call graph |\n| `synth-abi` | WebAssembly Component Model ABI (lift/lower) |\n| `synth-memory` | Portable memory abstraction (Zephyr, Linux, bare-metal) |\n| `synth-qemu` | QEMU integration for testing |\n| `synth-test` | WAST-to-Robot Framework test generator for Renode |\n| `synth-wit` | WIT (WebAssembly Interface Types) parser |\n\n## Testing\n\n```bash\n# Run all Rust tests (895 tests across workspace)\ncargo test --workspace\n\n# Lint\ncargo clippy --workspace --all-targets -- -D warnings\ncargo fmt --check\n\n# Bazel: Rocq proofs + Renode ARM Cortex-M4 emulation tests\nbazel test //coq:verify_proofs\nbazel test //tests/...\n```\n\n## Documentation\n\n- [Architecture](ARCHITECTURE.md) -- compilation pipeline, ARM instruction mapping, benchmarks\n- [Architecture Vision](docs/architecture/ARCHITECTURE_VISION.md) -- full system design and roadmap\n- [Synth \u0026 Loom](docs/architecture/SYNTH_LOOM_RELATIONSHIP.md) -- two-tier architecture\n- [Feature Matrix](docs/status/FEATURE_MATRIX.md) -- what works, what doesn't\n- [Requirements](docs/requirements/REQUIREMENTS.md) -- functional and non-functional requirements\n- [Research](docs/research/) -- literature review, formal methods, Sail/ARM analysis\n- [Roadmap](ROADMAP.md) -- development phases\n- [Changelog](CHANGELOG.md) -- version history\n- [Contributing](CONTRIBUTING.md) -- how to contribute\n\n## License\n\nApache-2.0 -- see [LICENSE](LICENSE).\n\n---\n\n\u003cdiv align=\"center\"\u003e\n\n\u003csub\u003ePart of \u003ca href=\"https://github.com/pulseengine\"\u003ePulseEngine\u003c/a\u003e \u0026mdash; WebAssembly toolchain for safety-critical systems\u003c/sub\u003e\n\n\u003c/div\u003e\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulseengine%2Fsynth","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpulseengine%2Fsynth","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpulseengine%2Fsynth/lists"}