Skip to content
KreMLin is a tool for extracting low-level F* programs to readable C code
Branch: master
Clone or download
protz Ensure simplify2 is run after static initializer collection, as these…
… are almost always guaranteed to require hoisting, etc. Settle on just unused variable elimination to optimistically simplify globals.
Latest commit 5acc2a9 Apr 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
book Minor manual update Sep 11, 2018
kremlib Keep strings for exceptional aborts Apr 17, 2019
lib Help debug Windows libcrt expansion Dec 20, 2018
misc Make AR overridable Mar 7, 2019
parser A series of improvements for bundling. Nov 29, 2018
runtime Kremlin support for extracting the eq_mask functions into libkremlib Aug 27, 2018
test Fix error on Linux only but not OSX Apr 17, 2019
.clang-format Finish implementation of FStar_Bytes Nov 20, 2017
.gitignore Check in the introduction for the tutorial Apr 24, 2018
.merlin Add required package Feb 1, 2017
.travis.yml Fix an error message + encrypted (fresh) slack token Nov 29, 2018 A response file mechanism Mar 25, 2019
LICENSE Nits about license Oct 13, 2016
Makefile The joys of Windows. See #103 Jul 16, 2018
_tags Prototype of in-memory struct allocation for the WASM backend... curr… Jun 9, 2017


Build Status

KreMLin is a tool that extracts an F* program to readable C code. If the F* program verifies against a low-level memory model that talks about the stack and the heap; if it is first-order; if it obeys certain restrictions (e.g. non-recursive data types) then KreMLin will turn it into C.

The best way to learn about KreMLin is its work-in-progress tutorial. Pull requests and feedback are welcome!

  • has a technical overview of the different transformation passes performed by KreMLin, and is slightly out of date.

This work has been formalized on paper. We state that the compilation of such F* programs to C preserves semantics. We start from Low*, a subset of F*, and relate its semantics to CompCert's Clight.

  • the ICFP 2017 Paper provides an overview of KreMLin as well as a paper formalization of our compilation toolchain

We have written 20,000 lines of low-level F* code, implementing the TLS 1.3 record layer. As such, KreMLin is a key component of Project Everest.

  • HACL*, our High Assurance Crypto Library, provides numerous cryptographic primitives written in F*; these primitives enjoy memory safety, functional correctness, and some degree of side-channel resistance -- they extract to C via KreMLin.

Trying out KreMLin

KreMLin requires OCaml (> 4.04.0), OPAM, and a recent version of GNU make.

Regarding GNU make: On OSX, this may require you to install a recent GNU make via homebrew, and invoke gmake instead of make.

Regarding OCaml: Install OPAM via your package manager, then:

$ opam install ppx_deriving_yojson zarith pprint menhir ulex process fix wasm visitors

Next, make sure you have an up-to-date F*, and that you ran make in the ulib/ml directory of F*. The fstar.exe executable should be on your PATH and FSTAR_HOME should point to the directory where F* is installed.

To build just run make from this directory.

Note: on OSX, KreMLin is happier if you have greadlink installed (brew install coreutils).

If you have the right version of F* and fstar.exe is in your PATH then you can run the KreMLin test suite by doing make test.

File a bug if things don't work!


The --help flag contains a substantial amount of information.

$ ./krml --help


Kremlin is released under the Apache 2.0 license; see LICENSE for more details.

You can’t perform that action at this time.