I don't have the answers to these questions, but hopefully my work will help getting closer to an answer.
I will keep you posted on my progress (or lack thereof), probably on a weekly or bi-weekly basis.
-**Update.** I realized I should probably expand on the parenthetical remark about specifying MIR rather than specifying Rust.
+**Update:** I realized I should probably expand on the parenthetical remark about specifying MIR rather than specifying Rust.
What we are planning to do here is to specify Rust by specifying (a) how Rust code translates to MIR, and (b) specifying MIR.
This has two advantages.
First of all, part (a) actually is already done and implemented in the Rust compiler!
It just means that the way I imagine a specification of Rust to look like is as consisting of two parts: The Rust-to-MIR translation, and a specification for MIR.
If another compiler uses a different implementation strategy, it can still be compliant with the specification; it just has to ensure that Rust programs behave as specified.
This is a common approach that can also be found, e.g., in the specification of CPU instruction sets: The specification describes the behavior of a complex instruction as a series of commands in some lower-level language. The CPU does not actually use that language as part of its implementation, but *it behaves as if it would*, and that's the only part that matters.
+**/Update**
I also benefited a lot from countless discussions with the Rust community at large, and with Aaron and Niko in particular.
You guys rock!
-**Update**: I have changed the link to point to the [final version of the paper](https://plv.mpi-sws.org/rustbelt/popl18/).
+**Update:** I have changed the link to point to the [final version of the paper](https://plv.mpi-sws.org/rustbelt/popl18/). **/Update**
-**Update**: The conference talk is now available [on YouTube](https://www.youtube.com/watch?v=Cy9NUVaiYUg).
+**Update:** The conference talk is now available [on YouTube](https://www.youtube.com/watch?v=Cy9NUVaiYUg). **/Update**
As always, please [comment](https://internals.rust-lang.org/t/https-www-ralfj-de-blog-2017-08-11-types-as-contracts-evaluation-html/5753) with your thoughts on the topic.
I am particularly curious about what kind of test cases you are throwing at miri, and how it is doing!
-**Update**: I added a proposal for how to fix the `Arc` problem.
+**Update:** I added a proposal for how to fix the `Arc` problem. **/Update**