From Rewriting Logic Executable Semantics to Matching Logic Program Verification
- From Rewriting Logic Executable Semantics to Matching Logic Program Verification
- Grigore Rosu, Chucky Ellison and Wolfram Schulte
- Technical Report http://hdl.handle.net/2142/13159, July 2009
- Abstract. Rewriting logic semantics (RLS) is a definitional framework in which a programming language is defined as a rewrite theory: the algebraic signature defines the program configurations, the equations define structural identities on configurations, and the rewrite rules define the irreversible computational steps. RLS language definitions are efficiently executable using conventional rewrite engines, yielding interpreters for the defined languages for free. Matching logic is a program verification logic inspired by RLS. Matching logic specifications are particular first-order formulae with constrained algebraic structure, called patterns. Configurations satisfy patterns iff they match their algebraic structure and satisfy their constraints. Patterns can naturally specify data separation and require no special support from the underlying logic. Using HIMP, a C-like language with dynamic memory allocation/deallocation and pointer arithmetic, this paper shows how one can derive an executable matching logic verifier from HIMP's RLS. It is shown that the derived verifier is sound, that is every verified formula holds in the original, complementary RLS of HIMP, and complete, that is every verified formula is provable using HIMP's sound matching logic proof system. In passing, this paper also shows that, for the restriction of HIMP without a heap called IMP for which one can give a conventional Hoare logic proof system, a restricted use of the matching logic proof system is equivalent to the Hoare logic proof system, in that any proof derived using any of the proof systems can be turned into a proof using the other. The encoding from Hoare logic into matching logic is generic and should work for any Hoare logic proof system. A matching logic verifier, called MatchC, has been built on top of the Maude rewrite system. A nontrivial MatchC case study is discussed, namely the verification of the partial correctness of the Schorr-Waite algorithm (with graphs). The verifier automatically generated and proved all 227 paths in 16 seconds.