Executing Formal Semantics with the Tool David L AZAR 1 Andrei A - - PowerPoint PPT Presentation

▶

Sep 28, 2023 165 likes •419 views

Executing Formal Semantics with the Tool David L AZAR 1 Andrei A RUSOAIE 2 , ERB , A 1,2 Traian S ANUT Chucky E LLISON 1 Radu M EREUTA 2 Dorel L UCANU 2 , U 1,2 Grigore R OS 1 University of Illinois at Urbana-Champaign 2 University

SLIDE 1

Executing Formal Semantics with the Tool

David LAZAR1 Andrei ARUSOAIE2 Traian S

, ERB ˘

ANUT

, ˘

A1,2

Chucky ELLISON1 Radu MEREUTA2 Dorel LUCANU2 Grigore ROS

, U1,2

1University of Illinois at Urbana-Champaign 2University Alexandru Ioan Cuza of Ias

FM 2012

David LAZAR, et al Executing Formal Semantics with the Tool 1 / 16

SLIDE 2

SEMANTICS-BASED TOOLS

Interpreter State-space explorer Definedness checker Verifier Big-step semantics Axiomatic semantics Small-step semantics

Equivalence proofs

David LAZAR, et al Executing Formal Semantics with the Tool 2 / 16

SLIDE 3

THE GOAL: MANY TOOLS, ONE SEMANTICS

Interpreter State-space explorer Definedness checker Model checker Debugger Verifier ???

semantics

David LAZAR, et al Executing Formal Semantics with the Tool 3 / 16

SLIDE 4

A SOLUTION: THE FRAMEWORK

Interpreter State-space explorer Definedness checker Model checker Debugger Verifier ???

David LAZAR, et al Executing Formal Semantics with the Tool 4 / 16

SLIDE 5

WE WILL FOCUS ON ...

Interpreter State-space explorer Definedness checker Model checker Debugger Verifier ???

David LAZAR, et al Executing Formal Semantics with the Tool 5 / 16

SLIDE 6

THE EXP LANGUAGE

INTEGER ARITHMETIC

5 + 3/2

VARIABLES

x + y

for simplicity, variable lookup only

READING FROM STDIN

read

WRITING TO STDOUT

print(x)

David LAZAR, et al Executing Formal Semantics with the Tool 6 / 16

SLIDE 7

THE EXP LANGUAGE

INTEGER ARITHMETIC

5 + 3/2

VARIABLES

x + y

for simplicity, variable lookup only

READING FROM STDIN

read

WRITING TO STDOUT

print(x)

THE DEFINITION OF EXP

5 rules, one for each construct above

David LAZAR, et al Executing Formal Semantics with the Tool 6 / 16

SLIDE 8

MODULE EXP CONFIGURATION

$PGM
k
$STATE
state

·

ut
streams

SYNTAX

KResult ::= Int

SYNTAX

K ::= K + K [strict] | K / K [strict]

RULE

I1 + I2 ⇒ I1 +Int I2

RULE

I1 / I2 ⇒ I1 ÷Int I2 when I2 =Int 0

SYNTAX

K ::= Id

RULE

X I ···k ··· X → I ···state

SYNTAX

K ::= read | print K [strict]

RULE

read I ···k I · ···in

RULE

print I I ···k ··· · I

END MODULE David LAZAR, et al Executing Formal Semantics with the Tool 7 / 16

SLIDE 9

INTERPRETER

average.exp

print((read + read + read) / 3)

David LAZAR, et al Executing Formal Semantics with the Tool 8 / 16

SLIDE 10

INTERPRETER

average.exp

print((read + read + read) / 3)

RUNNING THE PROGRAM

$ echo "3 14 15" | krun average.exp 10

David LAZAR, et al Executing Formal Semantics with the Tool 8 / 16

SLIDE 11

DEFINEDNESS CHECKER

div.exp

print(42 / read)

David LAZAR, et al Executing Formal Semantics with the Tool 9 / 16

SLIDE 12

DEFINEDNESS CHECKER

div.exp

print(42 / read)

DEFINED EXECUTION

$ echo "2" | krun div.exp 21

David LAZAR, et al Executing Formal Semantics with the Tool 9 / 16

SLIDE 13

DEFINEDNESS CHECKER

div.exp

print(42 / read)

DEFINED EXECUTION

$ echo "2" | krun div.exp 21

UNDEFINED EXECUTION

$ echo "0" | krun div.exp <k> 42 / 0 ∼> print </k>

David LAZAR, et al Executing Formal Semantics with the Tool 9 / 16

SLIDE 14

STATE-SPACE EXPLORER

div-nondet.exp

print(read / read)

David LAZAR, et al Executing Formal Semantics with the Tool 10 / 16

SLIDE 15

STATE-SPACE EXPLORER

div-nondet.exp

print(read / read)

NOTE

Evaluation order of / is nondeterministic!

David LAZAR, et al Executing Formal Semantics with the Tool 10 / 16

SLIDE 16

STATE-SPACE EXPLORER

div-nondet.exp

print(read / read)

RUN IT NORMALLY

$ echo "7 0" | krun div-nondet.exp

Right-to-left evaluation order picked arbitrarily!

David LAZAR, et al Executing Formal Semantics with the Tool 10 / 16

SLIDE 17

STATE-SPACE EXPLORER

div-nondet.exp

print(read / read)

SEARCH FOR ALL POSSIBILITIES

$ echo "7 0" | krun div-nondet.exp --search Search results: Solution 1, state 2: <k> </k> Solution 2, state 3: <k> 7 / 0 ∼> print </k>

David LAZAR, et al Executing Formal Semantics with the Tool 10 / 16

SLIDE 18

C, SCHEME, LLVM, JAVASCRIPT, OCAML, PYTHON, HASKELL, ...

David LAZAR, et al Executing Formal Semantics with the Tool 11 / 16

SLIDE 19

11 THE DEFINITION OF C

◮ 1200 rules ◮ kcc, similar to krun but feels like gcc ◮ http://c-semantics.googlecode.com

David LAZAR, et al Executing Formal Semantics with the Tool 12 / 16

SLIDE 20

TINY C PROGRAM

eval_order.c

int denominator = 5; int setDenominator(int d) { return denominator = d; } int main(void) { return setDenominator(0) + (7 / denominator); }

David LAZAR, et al Executing Formal Semantics with the Tool 13 / 16

SLIDE 21

BUGS ARE LOOMING $ clang -O0 eval_order.c && ./a.out Floating point exception $ clang -O2 eval_order.c && ./a.out $

David LAZAR, et al Executing Formal Semantics with the Tool 14 / 16

SLIDE 22

FIND BUGS USING SEARCH

$ kcc eval_order.c $ SEARCH=1 ./a.out

David LAZAR, et al Executing Formal Semantics with the Tool 15 / 16

SLIDE 23

FIND BUGS USING SEARCH

$ kcc eval_order.c $ SEARCH=1 ./a.out 2 solutions found

Solution 1

Program got stuck File: eval_order.c Line: 8 Description: Division by 0.

Solution 2

Program completed successfully Return value: 1

David LAZAR, et al Executing Formal Semantics with the Tool 15 / 16

SLIDE 24

easy modular expressive concurrent executable analyzable scalable practical

http://k-framework.org

David LAZAR, et al Executing Formal Semantics with the Tool 16 / 16