Content uploaded by Dominik Klumpp
Author content
All content in this area was uploaded by Dominik Klumpp on May 05, 2020
Content may be subject to copyright.
Vision
programming
language
semantics
K
Kiv
specification
Kiv
One-Path
Reachability
proof
automation
[1]
[1] Grigore Roşu and Traian Florin Şerbănuţă. “An Overview of the K Semantic
Framework”. In: Journal of Logic and Algebraic Programming 79.6 (2010), pp. 397–434,
(http://kframework.org).
Dominik Klumpp, Philip Lenzen Kand Kiv 3
Vision
programming
language
semantics
K
Kiv
specification
Kiv
One-Path
Reachability
proof
automation
[3]
[3] Roşu, Grigore and Ştefănescu, Andrei and Ciobâcă, Ştefan and Moore, Brandon M.
“One-Path Reachability Logic”. In: Proceedings of the 28th Symposium on Logic in
Computer Science (LICS’13). IEEE, 2013, pp. 358–367.
Dominik Klumpp, Philip Lenzen Kand Kiv 3
KLanguage Definitions: Syntax
module EXAMPLE
syntax Stmt ::= Id "=" Int
| "while" "(" Id ")" "{" Stmt "}"
| Id "*=" Id
| Id "--"
| Stmt Stmt
...
endmodule
Translated to algebraic specification defining one data type K
Productions become constructors :Stmt_=_(id: K, int: K)
Type safety by subsort predicates:isId(k: K), isInt(k: K)
Dominik Klumpp, Philip Lenzen Kand Kiv 5
KLanguage Definitions: Syntax
module EXAMPLE
syntax Stmt ::= Id "=" Int
| "while" "(" Id ")" "{" Stmt "}"
| Id "*=" Id
| Id "--"
| Stmt Stmt
...
endmodule
Translated to algebraic specification defining one data type K
Productions become constructors :Stmt_=_(id: K, int: K)
Type safety by subsort predicates:isId(k: K), isInt(k: K)
Dominik Klumpp, Philip Lenzen Kand Kiv 5
KLanguage Definitions: Syntax
module EXAMPLE
syntax Stmt ::= Id "=" Int
| "while" "(" Id ")" "{" Stmt "}"
| Id "*=" Id
| Id "--"
| Stmt Stmt
...
endmodule
Translated to algebraic specification defining one data type K
Productions become constructors :Stmt_=_(id: K, int: K)
Type safety by subsort predicates:isId(k: K), isInt(k: K)
Dominik Klumpp, Philip Lenzen Kand Kiv 5
KLanguage Definitions: Rules
Rewrite rules define small-step operational semantics:
rule kS1:Stmt S2:Stmt
S1 yS2
“followed by” operator
computational tasks are
“executed” sequentially
Actually, rules are defined on patterns of configurations:
rule
kwhile (X) { S }
S while (X) { S }
state
X7→I:Int
requires
I =/=Int 0
Dominik Klumpp, Philip Lenzen Kand Kiv 7
KLanguage Definitions: Rules
Rewrite rules define small-step operational semantics:
rule kS1:Stmt S2:Stmt
S1 yS2
“followed by” operator
computational tasks are
“executed” sequentially
Actually, rules are defined on patterns of configurations:
rule
kwhile (X) { S }
S while (X) { S }
state
X7→I:Int
requires
I =/=Int 0
Dominik Klumpp, Philip Lenzen Kand Kiv 7
KLanguage Definitions: Rules
Rewrite rules define small-step operational semantics:
rule kS1:Stmt S2:Stmt
S1 yS2
“followed by” operator
computational tasks are
“executed” sequentially
Actually, rules are defined on patterns of configurations:
rule
kwhile (X) { S }
S while (X) { S }
state
X7→I:Int
requires
I =/=Int 0
Dominik Klumpp, Philip Lenzen Kand Kiv 7
KLanguage Definitions: Rule Translation
Rules defined in language semantics Sinduce transition relation
→S:TCell ×TCell
Each rule is translated to an axiom:
rule
kX:Id --
.
state X7→I
X7→I−Int 1
legal((x7→i)⊕m)`
TCell(KCell(Stmt--(x).toSeq ~>ks ), StateCell((x7→i)⊕m))
→S
TCell(KCell(ks ), StateCell((x7→i-1)⊕m))
Dominik Klumpp, Philip Lenzen Kand Kiv 8
KLanguage Definitions: Rule Translation
Rules defined in language semantics Sinduce transition relation
→S:TCell ×TCell
Each rule is translated to an axiom:
rule
kX:Id --
.
state X7→I
X7→I−Int 1
legal((x7→i)⊕m)`
TCell(KCell(Stmt--(x).toSeq ~>ks ), StateCell((x7→i)⊕m))
→S
TCell(KCell(ks ), StateCell((x7→i-1)⊕m))
Dominik Klumpp, Philip Lenzen Kand Kiv 8
KLanguage Definitions: Rule Translation
Rules defined in language semantics Sinduce transition relation
→S:TCell ×TCell
Each rule is translated to an axiom:
rule
kX:Id --
.
state X7→I
X7→I−Int 1
legal((x7→i)⊕m)`
TCell(KCell(Stmt--(x).toSeq ~>ks ), StateCell((x7→i)⊕m))
→S
TCell(KCell(ks ), StateCell((x7→i-1)⊕m))
Dominik Klumpp, Philip Lenzen Kand Kiv 8
Programs
// lemma: ...
x = KIV.input(I)
f=1
// invariant: ...
whi l e ( x ) {
f *= x
x - -
}
translated to function fact(I) in Kiv specification
Kiv Input
logical variables
Lemma
reachability property
initialConfig(fact(I))
where I≥0h →Si∃.f7→ I!
∃X,F.
where I! = F∗X!and F>0 and X≥0
while (x){...} f7→ F,x7→ X
Dominik Klumpp, Philip Lenzen Kand Kiv 18
Programs
// lemma: ...
x = KIV.input(I)
f=1
// invariant: ...
whi l e ( x ) {
f *= x
x - -
}
translated to function fact(I) in Kiv specification
Kiv Input
logical variables
Lemma
reachability property
initialConfig(fact(I))
where I≥0h →Si∃.f7→ I!
∃X,F.
where I! = F∗X!and F>0 and X≥0
while (x){...} f7→ F,x7→ X
Kiv Function
also usable in program
Dominik Klumpp, Philip Lenzen Kand Kiv 18
Programs
// lemma: ...
x = KIV.input(I)
f=1
// invariant: ...
whi l e ( x ) {
f *= x
x - -
}
translated to function fact(I) in Kiv specification
Kiv Input
logical variables
Lemma
reachability property
initialConfig(fact(I))
where I≥0h →Si∃.f7→ I!
∃X,F.
where I! = F∗X!and F>0 and X≥0
while (x){...} f7→ F,x7→ X
Kiv Function
also usable in program
Annotation
used for automation
Dominik Klumpp, Philip Lenzen Kand Kiv 18