Skip to Content.
Sympa Menu

k-user - Re: [K-user] Matching Logic Program Verification Question

k-user AT

Subject: K-user mailing list

List archive

Re: [K-user] Matching Logic Program Verification Question

Chronological Thread 
  • From: Andrei Stefanescu <andreistef AT>
  • To: Björn Engelmann <bjoern.engelmann AT>
  • Cc: "k-user AT" <k-user AT>
  • Subject: Re: [K-user] Matching Logic Program Verification Question
  • Date: Wed, 29 Apr 2015 02:02:58 -0500
  • List-archive: <>
  • List-id: <>

Hi Bjorn,

Thank you for you interest in K and Matching Logic. There are two separate issues.

1. The specification rule has the [trusted] tag, which means the verifier does not attempt to prove it, but may use it in proving other rules. I used that tag for debugging purposes, and I forgot to remove it. Thank you for noticing!

2. There was indeed a bug in the translation of the ensures clauses in internal data structures, which has been fixed in the meantime. I suggest you use the latest version of K. You can get it from github (, the master branch) or from the download page (, under latest). Please let us know if you have any more questions.


On Tue, Apr 28, 2015 at 8:51 AM, Björn Engelmann <bjoern.engelmann AT> wrote:

I was curious about this new program verification feature and wanted to
try it, but stumbled upon the following situation:

1) I took the kernelc-bubble-sort example from the samples directory,
kompiled it for the java backend and kran it with --prove
bubble_sort_spec.k and all the options listed in the config.xml file in
that directory. => everything seemed to work fine and I got


Which I interpreted as "verification successful, specification holds."

2) Curious as I am, I replaced the postcondition in bubble_sort_spec.k
by "false", expecting things to fail, but when I kran with --prove
again, it again replied


3) When I am not mistaken, then under the partial correctness
interpretation, non-terminating programs are allowed to have a {false}
postcondition, so I kran bubble-sort.c without the --prove option, and
got a final state, which AFAIK means it terminated...

Now I am pretty much stuck as I don't know if
a) the initial specification does not hold and the "true [] true"
actually indicates just that or
b) my postcondition "false" does not mean what I intended it to mean or
c) there is a bug in the verifier allowing it to derive a false
postcondition for a terminating program.

I packaged up all files necessary (case.tar.bz2), along with a
shell-script ( that reproduces the case on my machine.

kompile --version output:

K framework version 3.5.1
Git revision: c41270a
Git branch: UNKNOWN
Build date: Thu Jan 29 23:40:05 CET 2015

could someone either:
- explain what I misunderstood or
- see if there is a bug, please?

Thanks in advance,
  Björn Engelmann

k-user mailing list
k-user AT

Archive powered by MHonArc 2.6.16.

Top of Page