A Rewriting Logic Approach to Defining Type Systems

We show how programming language semantics and definitions of their corresponding type systems can both be written in a single framework amenable to proofs of soundness. The framework is based on full rewriting logic (not to be confused with context reduction or term rewriting), where rules can match anywhere in a term (or configuration). We present an extension of the syntactic approach to proving type system soundness presented by Wright and Felleisen [1994] that works in the above described semantics-based domain. As before, the properties of preservation and progress are crucial. We use an abstraction function to relate semantic configurations in the language domain to semantic configurations in the type domain, and then proceed to use the preservation and progress properties as usual. We also develop an abstract type system, which is a type system modulo certain structural characteristics. To demonstrate the method, we give examples of five languages and corresponding type systems. They include two imperative languages and three functional languages, and three type checkers and two type inferencers. We then proceed to prove that preservation holds for each.unpublishednot peer reviewe

An Executable Formal Semantics of C with Applications: Technical Report

This paper describes an executable formal semantics of C. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes 770 of 776 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, state space search tool, and model checker "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior.unpublishednot peer reviewe

On Compiling Rewriting Logic Language Definitions into Competitive Interpreters

This paper describes a completely automated method for generating efficient and competitive interpreters from formal semantics expressed in Rewriting Logic. The semantics are compiled into OCaml code, which then acts as the interpreter for the language being defined. This automatic translation is tested on the semantics of an imperative as well as a functional language, and these generated interpreters are then benchmarked across a number of programs. In all cases the compiled interpreter is faster than directly executing the definition in a Rewriting system with improvements of several orders of magnitude.unpublishednot peer reviewe

A Rewriting Logic Approach to Type Inference

Meseguer and Rosu proposed rewriting logic semantics (RLS) as a programming language definitional framework that unifies operational and algebraic denotational semantics. Once a language is defined as an RLS theory, many generic tools are immediately available for use with no additional cost to the designer. These include a formal inductive theorem proving environment, an efficient interpreter, a state space explorer, and even a model checker. RLS has already been used to define a series of didactic and real languages, but its benefits in connection with defining and reasoning about type systems have not been fully investigated yet. This paper shows how the same RLS style employed for giving formal definitions of languages can be used to define type systems. The same term-rewriting mechanism used to execute RLS language definitions can now be used to execute type systems, giving type checkers or type inferencers. Since both the language and its type system are defined uniformly as theories in the same logic, one can use the standard RLS proof theory to prove properties about languages and type systems for those languages. The proposed approach is exemplified by defining Milner's polymorphic type inferencer W as a rewrite logic theory and using the definition: (1) to prove its soundness using Wright and Felleisen's standard preservation and progress methodology, and (2) to obtain a type inferencer by executing the definition in the Maude rewrite engine. The inferencer obtained "for free" was tested against implementations used in some current functional languages. It was found to be quite competitive---for example, it outperformed SML's type inferencer in all experiments. To show that the proposed rewriting approach and the resulting type inferencers scale, Milner's simple language is extended with multiple-binding let and letrec, with lists, and with references and side effects. The resulting type inferencer, able to detect weak polymorphism, is only slightly slower than the one for Milner's simpler language. No proofs are given for the extended type system

From Rewriting Logic Executable Semantics to Matching Logic Program Verification

Rewriting logic semantics (RLS) is a definitional framework in which a programming language is defined as a rewrite theory: the algebraic signature defines the program configurations, the equations define structural identities on configurations, and the rewrite rules define the irreversible computational steps. RLS language definitions are efficiently executable using conventional rewrite engines, yielding interpreters for the defined languages for free. Matching logic is a program verification logic inspired by RLS. Matching logic specifications are particular first-order formulae with constrained algebraic structure, called patterns. Configurations satisfy patterns iff they match their algebraic structure and satisfy their constraints. Patterns can naturally specify data separation and require no special support from the underlying logic. Using HIMP, a C-like language with dynamic memory allocation/deallocation and pointer arithmetic, this paper shows how one can derive an executable matching logic verifier from HIMP???s RLS. It is shown that the derived verifier is sound, that is every verified formula holds in the original, complementary RLS of HIMP, and complete, that is every verified formula is provable using HIMP???s sound matching logic proof system. In passing, this paper also shows that, for the restriction of HIMP without a heap called IMP for which one can give a conventional Hoare logic proof system, a restricted use of the matching logic proof system is equivalent to the Hoare logic proof system, in that any proof derived using any of the proof systems can be turned into a proof using the other. The encoding from Hoare logic into matching logic is generic and should work for any Hoare logic proof system. A matching logic verifier, called MatchC, has been built on top of the Maude rewrite system. A nontrivial MatchC case study is discussed, namely the verification of the partial correctness of the Schorr-Waite algorithm (with graphs). The verifier automatically generated and proved all 227 paths in 16 seconds.unpublishednot peer reviewe

Defining the Undefinedness of C

This paper investigates undefined behavior in C and offers a few simple techniques for operationally specifying such behavior formally. A semantics-based undefinedness checker for C is developed using these techniques, as well as a test suite of undefined programs. The tool is evaluated against other popular analysis tools, using the new test suite in addition to a third-party test suite. The semantics-based tool performs at least as well or better than the other tools tested.unpublishednot peer reviewe

A Formal Semantics of C with Applications: Technical Report

This paper describes an executable formal semantics of C expressed using a formalism based on term rewriting. Being executable, the semantics has been thoroughly tested against the GCC torture test suite and successfully passes over 96% of 715 test programs. It is the most complete and thoroughly tested formal definition of C to date. The semantics yields an interpreter, debugger, and state space search tool "for free". The semantics is shown capable of automatically finding program errors, both statically and at runtime. It is also used to enumerate nondeterministic behavior. These techniques together allow the tool to identify undefined programs.unpublishednot peer reviewe