Unification and antiunification are essential algorithms used by symbolic execution engines and verification tools. Complex frameworks for defining programming languages, such as K, aim to generate various tools (e.g., interpreters, symbolic execution engines, deductive verifiers, etc.) using only the formal definition of a language. K is the best effort implementation of Matching Logic, a logical framework for defining languages. When used at an industrial scale, a tool like the K framework is constantly updated, and in the same time it is required to be trustworthy. Ensuring the correctness of such a framework is practically impossible. A solution is to generate proof objects as correctness certificates that can be checked by an external trusted checker. In K, symbolic execution makes intensive use of unification and antiunification algorithms to handle conjunctions and disjunctions of term patterns. Conjunctions and disjunctions of formulae have to be automatically normalised and the generation of proof objects needs to take such normalisations into account. The executions of these algorithms can be seen as parameters of the symbolic execution steps and they have to provide proof objects that are used then to generate the proof object for the program execution step. We show in this paper that Plotkin's antiunification can be used to normalise disjunctions and to generate the corresponding proof objects. We provide a prototype implementation of our proof object generation technique and a checker for certifying the generated objects.
翻译:符号执行引擎和核查工具使用的基本算法; 定义语言的复杂框架,例如K, 目的是生成各种工具(例如,口译员、符号执行引擎、扣减校验器等),仅使用一种语言的正式定义。 K是匹配逻辑的最佳实施,这是定义语言的逻辑框架。 当在工业规模使用时,K框架这样的工具会不断更新,同时它必须具有可信赖性。 确保这种框架的正确性实际上是不可能的。 一种解决办法是生成证据对象,作为正确性证书,可由外部信任的检查器加以检查。 K, 象征性执行会大量使用统一和反统一算法处理连结和术语模式的脱钩。 公式的搭配和脱钩必须自动正常化, 生成证明对象需要将这种正常化考虑在内。 这些算法的执行可以被视为象征性执行步骤的参数, 并且它们必须提供证据对象,然后用来生成正常的校验对象, 用于程序执行步骤。 我们用此方法来提供一个反校验的原型。