What is Matching Logic?
For programming language semanticists:
Matching logic is a unifying logic for programming languages, specification, and verification. It serves as the foundation of the K framework: a formal language framework where all programming languages must have a formal semantics and all language tools are automatically generated by the framework from the semantics at no additional costs, in a correct-by-construction manner.
Traditionally, concrete behaviors of programs are defined by operational semantics, while the properties of them are specified and proved using axiomatic semantics, such as Hoare logic. Unfortunately, axiomatic semantics of real languages are rather complex, so correctness proofs are necessary in order to trust the proven properties. Moreover, such proofs have to be maintained as the language changes, which is generally perceived as a burden. Ideally, we would like to have one language semantics, with that semantics used both for deriving program behaviours and for verifying programs.
Matching logic allows us to regard a language through both operational and axiomatic lenses at the same time, making no distinction between the two. A programming language is given a semantics as a set of rewrite rules. A language-independent proof system can then be used to derive both operational behaviours and formal properties of a program. In other words, one matching logic semantics fulfils the roles of both operational and axiomatic semantics in a uniform manner. The state structure plays a crucial role in matching logic semantics. Program states are represented as algebraic datatypes called (concrete) configurations, while program state specifications are represented as configuration terms, with variables and constraints over them, called (configuration) patterns. A pattern specifies those configurations that match it.
Matching logic is a powerful extension of the classic modal logic with many-sorted universes, many-sorted modalities, first-order logic (FOL) quantifiers ∀ and ∃, and the least fixpoint μ-binder. Many logics/calculi/models, especially those important in the study of programming languages, can be defined as theories in matching logic.Here is a non-exhaustive list of the logics/calculi/models that are definable in matching logic:
- First-order logic (FOL) and its extension with least fixpoints;
- Modal logic variants and extensions, in particular, modal μ-logic and hybrid logic;
- Temporal logics such as linear temporal logic (LTL) and computation tree logic (CTL);
- Dynamic logic;
- Hoare logic, which is the foundation of most existing state-of-the-art program verifiers;
- Reachability logic, which is the foundation of language-independent program verification that is implemented by the K framework;
- Separation logic and its extension with recursive definitions;
- Equational and rewriting logic;
- Many-sorted and order-sorted algebras;
- Complex type structures such as polymorphic types, function types, and dependent types;
- Pure type systems;
The diagram above on the right depicts the relationship among these logics/calculi/models, where arrows mean "is subsumed by" or "can be defined in". The box labeled "Matching Logic" denotes ML (without fixpoints); the one labeled "Matching μ-logic" denotes MmL; the one labeled "Applicative Matching Logic" denotes AML. The node labeled "K" denotes the current implementation of K, which builds upon ML and automates a fragment of RL reasoning. The big bidirectional dotted arrow between K and AML means our ultimate goal to leverage K to the same level as MmL.
Matching logic is the result of a continuous 20-year effort in finding a foundation logic for formal language frameworks, such as K, and has led to dozens of research papers, listed in Publications. Here, we select some milestone papers for starters, discuss the ongoing projects and open problems, and review some earlier papers that compare matching logic with the classic Hoare-style program verification.
- A comprehensive in-depth survey paper of the mathematical foundations of matching logic. The paper discusses the motivation of matching logic and its usage in K, defines its syntax and semantics, shows that many logics can be defined as theories, including FOL, modal logic S5, and separation logic, and proposes a sound and complete proof system. Note that the paper only considers the fragment without the least fixpoint μ-binder, which we denote as ML to avoid confusion with the full matching logic with fixpoints.
- The canonical paper that proposes matching logic in its full generality that includes fixpoints, called matching μ-logic and denoted as MmL. The paper extends ML with the μ-binder, and shows that more logics can be defined in it as theories, including FOL with least fixpoints, modal μ-logic and its temporal/dynamic logic fragments, separation logic with recursive definitions (see the technical report version), and reachability logic. The paper also proposes a more general proof system for MmL.
- The technical report version of the above MmL paper, containing all proof details.
- An alternative presentation of MmL, but with a lot of simplification. This new presentation is called applicative matching logic, denoted as AML. AML eliminates the many-sorted universes and infrastructures from MmL, keeping only one binary symbol called application that applies its first argument to its second. AML is the result of our attempt in making the foundational logic of K minimal, without losing any expressive and reasoning power of MmL. The paper proposes an elegant way to deal with multiple sort universes and additionally shows that many-sorted and order-sorted algebras, λ-calculus, pure type systems, and K are all definable as theories.
See Open Problems.
Publications that compare with Hoare-style verification
The following set of papers discusses how the classic Hoare logic for program verification is subsumed by reachability logic (shortened RL) for language-independent verification. Since RL is proved to be subsumed in matching logic in the MmL paper, Hore-style verification is just a special instance of matching logic reasoning.
- A summary of the RL-style language-independent program verification and its use in practice
- A language-independent proof system for all-path reachability, with soundness and relative completeness proofs
- A language-independent proof system for one-path reachability which supports semantics given with conditional rules (big-step and small-step), with soundness and relative completeness proofs
- A language-independent program verification framework, including the MatchC verifier:
- The relationship to Hoare logic, including a mechanical translation of Hoare logic proofs into matching logic proofs:
See also the K and Matching Logic webpage at UIUC, which contains slides and an interview.
Download and Online Interface
We have implemented a proof-of-concept matching logic verifier for a fragment of C, called MatchC.
- --- This link provides an online interface to running MatchC
- Download --- We recommend to first try it online (see the link above)
We have formalized the proof system in Coq, including the soundness proof and applications. The Coq latest files are available here.
- The K framework webpage