Executing Formal Semantics with the � Tool David L AZAR 1 Andrei A RUSOAIE 2 , ERB ˘ , ˘ A 1,2 Traian S ANUT Chucky E LLISON 1 Radu M EREUTA 2 Dorel L UCANU 2 , U 1,2 Grigore R OS 1 University of Illinois at Urbana-Champaign 2 University Alexandru Ioan Cuza of Ias , i FM 2012 David L AZAR , et al Executing Formal Semantics with the � Tool 1 / 16
S EMANTICS - BASED T OOLS Interpreter Big-step semantics Equivalence proofs Small-step Axiomatic semantics semantics State-space explorer Veri fi er De fi nedness checker David L AZAR , et al Executing Formal Semantics with the � Tool 2 / 16
T HE G OAL : M ANY T OOLS , O NE S EMANTICS Interpreter State-space explorer De fi nedness checker one Model checker semantics Debugger Veri fi er ??? David L AZAR , et al Executing Formal Semantics with the � Tool 3 / 16
A S OLUTION : T HE � F RAMEWORK Interpreter State-space explorer De fi nedness checker Model checker Debugger Veri fi er ??? David L AZAR , et al Executing Formal Semantics with the � Tool 4 / 16
W E W ILL F OCUS ON ... Interpreter State-space explorer De fi nedness checker Model checker Debugger Veri fi er ??? David L AZAR , et al Executing Formal Semantics with the � Tool 5 / 16
T HE EXP L ANGUAGE I NTEGER A RITHMETIC 5 + 3/2 V ARIABLES x + y for simplicity, variable lookup only R EADING FROM STDIN read W RITING TO STDOUT print(x) David L AZAR , et al Executing Formal Semantics with the � Tool 6 / 16
T HE EXP L ANGUAGE I NTEGER A RITHMETIC 5 + 3/2 V ARIABLES x + y for simplicity, variable lookup only R EADING FROM STDIN read W RITING TO STDOUT print(x) T HE � D EFINITION OF EXP 5 rules, one for each construct above David L AZAR , et al Executing Formal Semantics with the � Tool 6 / 16
MODULE EXP CONFIGURATION � $ PGM � � $ STATE � k state � � · � � · � � in out streams KResult ::= Int SYNTAX K ::= K + K [strict] SYNTAX | K / K [strict] I 1 + I 2 ⇒ I 1 + Int I 2 RULE I 1 / I 2 ⇒ I 1 ÷ Int I 2 when I 2 � = Int 0 RULE K ::= Id SYNTAX � X ···� k �··· X �→ I ···� state RULE I K ::= read SYNTAX | print K [strict] � read ···� k � I ···� in RULE · I · � print I ···� k �··· � out RULE I I END MODULE David L AZAR , et al Executing Formal Semantics with the � Tool 7 / 16
I NTERPRETER average.exp print((read + read + read) / 3) David L AZAR , et al Executing Formal Semantics with the � Tool 8 / 16
I NTERPRETER average.exp print((read + read + read) / 3) R UNNING THE P ROGRAM $ echo "3 14 15" | krun average.exp 10 David L AZAR , et al Executing Formal Semantics with the � Tool 8 / 16
D EFINEDNESS C HECKER div.exp print(42 / read) David L AZAR , et al Executing Formal Semantics with the � Tool 9 / 16
D EFINEDNESS C HECKER div.exp print(42 / read) D EFINED E XECUTION $ echo "2" | krun div.exp 21 David L AZAR , et al Executing Formal Semantics with the � Tool 9 / 16
D EFINEDNESS C HECKER div.exp print(42 / read) D EFINED E XECUTION $ echo "2" | krun div.exp 21 U NDEFINED E XECUTION $ echo "0" | krun div.exp <k> 42 / 0 ∼ > print � </k> David L AZAR , et al Executing Formal Semantics with the � Tool 9 / 16
S TATE - SPACE E XPLORER div-nondet.exp print(read / read) David L AZAR , et al Executing Formal Semantics with the � Tool 10 / 16
S TATE - SPACE E XPLORER div-nondet.exp print(read / read) N OTE Evaluation order of / is nondeterministic! David L AZAR , et al Executing Formal Semantics with the � Tool 10 / 16
S TATE - SPACE E XPLORER div-nondet.exp print(read / read) R UN IT N ORMALLY $ echo "7 0" | krun div-nondet.exp 0 Right-to-left evaluation order picked arbitrarily! David L AZAR , et al Executing Formal Semantics with the � Tool 10 / 16
S TATE - SPACE E XPLORER div-nondet.exp print(read / read) S EARCH FOR ALL P OSSIBILITIES $ echo "7 0" | krun div-nondet.exp --search Search results: Solution 1, state 2: Solution 2, state 3: <k> <k> 0 7 / 0 ∼ > print � </k> </k> David L AZAR , et al Executing Formal Semantics with the � Tool 10 / 16
C, S CHEME , LLVM, J AVA S CRIPT , OC AML , P YTHON , H ASKELL , ... David L AZAR , et al Executing Formal Semantics with the � Tool 11 / 16
11 T HE � D EFINITION OF C ◮ 1200 rules ◮ kcc , similar to krun but feels like gcc ◮ http://c-semantics.googlecode.com David L AZAR , et al Executing Formal Semantics with the � Tool 12 / 16
T INY C P ROGRAM eval_order.c int denominator = 5; int setDenominator(int d) { return denominator = d; } int main(void) { return setDenominator(0) + (7 / denominator); } David L AZAR , et al Executing Formal Semantics with the � Tool 13 / 16
B UGS ARE L OOMING $ clang -O0 eval_order.c && ./a.out Floating point exception $ clang -O2 eval_order.c && ./a.out $ David L AZAR , et al Executing Formal Semantics with the � Tool 14 / 16
F IND B UGS USING S EARCH $ kcc eval_order.c $ SEARCH=1 ./a.out David L AZAR , et al Executing Formal Semantics with the � Tool 15 / 16
F IND B UGS USING S EARCH $ kcc eval_order.c $ SEARCH=1 ./a.out 2 solutions found ------------------------------------------------------------- Solution 1 Program got stuck File: eval_order.c Line: 8 Description: Division by 0. ------------------------------------------------------------- Solution 2 Program completed successfully Return value: 1 David L AZAR , et al Executing Formal Semantics with the � Tool 15 / 16
expressive modular concurrent practical easy http://k-framework.org scalable executable analyzable David L AZAR , et al Executing Formal Semantics with the � Tool 16 / 16
Recommend
More recommend
