Syntax-driven Incremental Program Verification of Matching Logic Properties
Pith reviewed 2026-06-27 17:41 UTC · model grok-4.3
The pith
Expressing KernelC syntax as an operator precedence grammar and semantics as a synthesized attribute schema allows re-verification of only the program parts affected by a change.
A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.
Core claim
By representing the language syntax through an operator precedence grammar and formalizing its semantics through a synthesized attribute schema, verification of matching logic properties can be performed on isolated code chunks so that a change triggers re-processing solely of the semantically affected fragment.
What carries the argument
Operator precedence grammar paired with synthesized attribute schema, which computes semantic information bottom-up to determine which program fragments must be re-verified after an edit.
If this is right
- Verification cost scales with the size of the changed semantic region rather than the whole program
- Continuous re-verification after each edit becomes feasible for long-lived systems
- Performance gains appear when changes are local and annotations are present in the affected region
- The same matching logic properties are checked as in non-incremental verification
Where Pith is reading between the lines
- The same isolation technique could be applied to other languages whose syntax admits an operator precedence grammar
- Integration with development environments could deliver verification results immediately after small edits
- Savings would grow with program size provided the grammar and attribute schema remain complete
Load-bearing premise
That any change to a program fragment affects only a localized semantic region that the attribute schema can isolate without missing or over-including other parts.
What would settle it
An experiment on a changed program in which verification results for an unrelated distant fragment differ from the results obtained before the change.
Figures
read the original abstract
Incrementality is a fundamental design principle to master the complexity of large, long-lived software systems. This principle has been embraced by agile development processes and it lays at the base of continuous software evolution. A major challenge in this context is to incrementally re-verify the correctness of software artifacts after every change, focusing the verification efforts only on the parts affected by the change. We present an approach to the incremental verification of programs written in KernelC, annotated with properties expressed in matching logic. The approach is based on a syntactic-semantic framework that enables analyzing code chunks in isolation so that, after a change to a program fragment, only the part whose semantics is affected by the change is re-processed. This property is obtained by expressing the language syntax through an operator precedence grammar and by formalizing its semantics through a synthesized attribute schema. We have implemented our technique in a prototype tool and experimentally evaluated its effectiveness. The results show that our approach does not penalize the efficiency of formal verification and can outperform program re-verification after changes, depending on the presence and type of annotations, as well as the position of the change and the program structure.
Editorial analysis
A structured set of objections, weighed in public.
Referee Report
Summary. The paper presents a syntax-driven framework for incremental verification of matching logic properties on KernelC programs. Syntax is captured via an operator precedence grammar and semantics via a synthesized attribute schema; this combination is claimed to permit isolating code chunks so that only semantically affected fragments are re-processed after a change. A prototype implementation is described and experimentally evaluated, with the abstract asserting that the approach incurs no efficiency penalty relative to full re-verification and can outperform it depending on annotation presence, change location, and program structure.
Significance. If the isolation property is shown to hold for realistic changes and the experimental claims are substantiated with concrete benchmarks and metrics, the work would contribute a lightweight, syntax-based route to incremental verification that re-uses standard grammar and attribute machinery. The explicit grounding in operator-precedence grammars and synthesized attributes is a strength, as it avoids ad-hoc incremental machinery and makes the isolation argument derivable from the grammar definition.
major comments (1)
- [Experimental Evaluation] Experimental Evaluation (or equivalent section containing the reported results): the abstract asserts that the prototype 'does not penalize the efficiency of formal verification and can outperform program re-verification after changes' yet supplies no benchmark programs, change scenarios, annotation types, measured metrics (time, memory, number of re-verified fragments), or baseline comparison. Without these data the central empirical claim that the approach is practically viable remains unsupported.
Simulated Author's Rebuttal
We thank the referee for the review and for highlighting the need for concrete experimental details. We respond to the single major comment below.
read point-by-point responses
-
Referee: [Experimental Evaluation] Experimental Evaluation (or equivalent section containing the reported results): the abstract asserts that the prototype 'does not penalize the efficiency of formal verification and can outperform program re-verification after changes' yet supplies no benchmark programs, change scenarios, annotation types, measured metrics (time, memory, number of re-verified fragments), or baseline comparison. Without these data the central empirical claim that the approach is practically viable remains unsupported.
Authors: We agree with the referee that the current manuscript states experimental results at a high level in the abstract and introduction but does not supply the requested concrete details (specific KernelC benchmark programs, change scenarios, annotation types, quantitative metrics, or baseline comparisons). This omission leaves the central empirical claim unsupported. We will revise the paper by adding (or substantially expanding) an Experimental Evaluation section that reports the prototype's benchmarks, the change scenarios considered, the annotation types used, measured metrics (verification time, memory, number of re-verified fragments), and direct comparisons against full re-verification. The revised section will also discuss how results vary with annotation presence, change location, and program structure. revision: yes
Circularity Check
No significant circularity; direct application of standard grammar/attribute concepts
full rationale
The paper's central claim rests on expressing KernelC syntax via an operator precedence grammar and semantics via a synthesized attribute schema to enable isolation of affected code fragments for incremental re-verification. No equations, fitted parameters, predictions, or self-citations appear in the abstract or description that reduce any result to its own inputs by construction. The approach is presented as a straightforward formalization using established syntactic-semantic techniques without self-referential definitions or load-bearing prior-author uniqueness theorems. This is the most common honest non-finding for framework papers that apply known formalisms to a new domain.
Axiom & Free-Parameter Ledger
axioms (2)
- domain assumption The syntax of KernelC can be expressed through an operator precedence grammar that enables isolation of code chunks.
- domain assumption The semantics of KernelC can be formalized through a synthesized attribute schema that localizes effects of changes.
Reference graph
Works this paper leans on
-
[1]
Alessandro Barenghi, Stefano Crespi Reghizzi, Dino Mandrioli, Federica Panella, and Matteo Pradella. 2015. Parallel Parsing Made Practical. Science of Computer Programming 112, P3 (Nov. 2015), 195–226. DOI:http://dx.doi.org/10.1016/ j.scico.2015.09.002
2015
-
[2]
Martin Steve Mellor, Ken Schwaber, Jeff Sutherland, and Dave Thomas
Kent Beck, Mike Beedle, Arie van Bennekum, Alistair Cockburn, Ward Cunningham, Martin Fowler, James Grenning, Jim Highsmith, Andrew Hunt, Ron Jeffries, Jon Kern, Brian Marick, Robert C. Martin Steve Mellor, Ken Schwaber, Jeff Sutherland, and Dave Thomas. 2001. Manifesto for Agile Software Development. http://agilemanifesto.org/. (2001)
2001
-
[3]
Domenico Bianculli, Antonio Filieri, Carlo Ghezzi, and Dino Mandrioli. 2013. A Syntactic-Semantic Approach to Incremental Verification. (2013). http://arxiv.org/abs/1304.8034
Pith/arXiv arXiv 2013
-
[4]
Domenico Bianculli, Antonio Filieri, Carlo Ghezzi, and Dino Mandrioli. 2014. Incremental Syntactic-semantic Reliability Analysis of Evolving Structured Workflows. InPart I of the Proceedings of the 6th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation. Technologies for Mastering Change, ISoLA’14 (Lecture Not...
2014
-
[5]
Domenico Bianculli, Antonio Filieri, Carlo Ghezzi, and Dino Mandrioli. 2015a. Syntactic-semantic Incrementality for Agile Verification. Science of Computer Programming 97 (2015), 47–54. DOI:http://dx.doi.org/10.1016/j.scico.2013.11.026
-
[6]
Domenico Bianculli, Antonio Filieri, Carlo Ghezzi, Dino Mandrioli, and Alessandro Maria Rizzi. 2015b. Syntax-driven Program Verification of Matching Logic Properties. In Proceedings of the 3rd IEEE/ACM FME Workshop on Formal Methods in Software Engineering (FORMALISE’15). IEEE Computer Society Press, Los Alamitos, CA, USA, 68–74. DOI: http://dx.doi.org/10...
-
[7]
Geoff Birch, Bernd Fischer, and Michael R. Poppleton. 2015. Fast Model-Based Fault Localisation with Test Suites . Springer-Verlag, Berlin, Heidelberg, 38–57. DOI:http://dx.doi.org/10.1007/978-3-319-21215-9_3
-
[8]
Roderick Bloem, Rolf Drechsler, Görschwin Fey, Alexander Finder, Georg Hofferek, Robert Könighofer, Jaan Raik, Urmas Repinski, and André Sülflow. 2013. FoREnSiC– An Automatic Debugging Environment for C Programs . Springer- Verlag, Berlin, Heidelberg, 260–265. DOI:http://dx.doi.org/10.1007/978-3-642-39611-3_24
-
[9]
Cristiano Calcagno, Dino Distefano, Peter W. O’Hearn, and Hongseok Yang. 2011. Compositional Shape Analysis by Means of Bi-Abduction. J. ACM 58, 6, Article 26 (Dec. 2011), 66 pages. DOI:http://dx.doi.org/10.1145/2049697.2049700
-
[10]
Clarke, Alex Groce, Somesh Jha, and Helmut Veith
Sagar Chaki, Edmund M. Clarke, Alex Groce, Somesh Jha, and Helmut Veith. 2004. Modular Verification of Software Components in C. IEEE Trans. Softw. Eng. 30, 6 (June 2004), 388–402. DOI:http://dx.doi.org/10.1109/TSE.2004.22
-
[11]
Sagar Chaki, Arie Gurfinkel, and Ofer Strichman. 2012. Regression Verification for Multi-threaded Programs. In Verification, Model Checking, and Abstract Interpretation (Lecture Notes in Computer Science) , Vol. 7148. Springer-Verlag, Berlin, Heidelberg, 119–135
2012
-
[12]
Manuel Clavel, Francisco Durán, Steven Eker, Patrick Lincoln, Narciso Martí-Oliet, José Meseguer, and Carolyn Talcott
-
[13]
Springer-Verlag, Berlin, Heidelberg
All About Maude - a High-performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic. Springer-Verlag, Berlin, Heidelberg
-
[14]
Cobleigh, Dimitra Giannakopoulou, and Corina S
Jamieson M. Cobleigh, Dimitra Giannakopoulou, and Corina S. Păsăreanu. 2003. Learning Assumptions for Compo- sitional Verification. In Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’03). Springer-Verlag, Berlin, Heidelberg, 331–346. http://dl.acm.org/citation.cfm?id= 1765871.1765903
arXiv 2003
-
[15]
Christopher L. Conway, Kedar S. Namjoshi, Dennis Dams, and Stephen A. Edwards. 2005. Incremental Algorithms for Inter-procedural Analysis of Safety Properties. In Proceedings of the 17th International Conference on Computer Aided Verification (CA V’05). Springer-Verlag, Berlin, Heidelberg, 449–461. DOI:http://dx.doi.org/10.1007/11513988_45
-
[16]
Cormen, Charles E
Thomas H. Cormen, Charles E. Leiserson, Ronald L. Rivest, and Clifford Stein. 2009. Introduction to Algorithms (3. ed.) . MIT Press, Cambridge MA. http://mitpress.mit.edu/books/introduction-algorithms , Vol. 1, No. 1, Article . Publication date: June 2026. :50 Domenico Bianculli, Antonio Filieri, Carlo Ghezzi, Dino Mandrioli, and Alessandro M. Rizzi
2009
-
[17]
Andrei Ştefănescu. 2014. MatchC: A Matching Logic Reachability Verifier Using the K Framework. Electronic Notes in Theoretical Computer Science 304 (2014), 183–198. DOI:http://dx.doi.org/10.1016/j.entcs.2014.05.010
-
[18]
C. Daws. 2005. Symbolic and Parametric Model Checking of Discrete-Time Markov chains. In Proc. of ICTAC 2004 (LNCS), Vol. 3407. Springer, Berlin, Heidelberg, 280–294
2005
-
[19]
Koen de Bosschere. 1996. An Operator Precedence Parser for Standard Prolog Text. Software: Practice and Experience 26, 7 (July 1996), 763–779. DOI:http://dx.doi.org/10.1002/(SICI)1097-024X(199607)26:7<763::AID-SPE33>3.3.CO;2-C
-
[20]
Leonardo De Moura and Nikolaj Bjørner. 2008. Z3: An Efficient SMT Solver. In Proceedings of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’08/ETAPS’08). Springer-Verlag, Berlin, Heidelberg, 337–340. http://dl.acm.org/citation.cfm?id=1792734.1792766
arXiv 2008
-
[21]
Grigory Fedyukovich, Ondrej Sery, and Natasha Sharygina. 2013. eVolCheck: Incremental Upgrade Checker for C. In Proceedings of the 19th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’13). Springer-Verlag, Berlin, Heidelberg, 292–307. DOI:http://dx.doi.org/10.1007/978-3-642-36742-7_21
-
[22]
Antonio Filieri and Carlo Ghezzi. 2012. Further steps towards efficient runtime verification: Handling probabilistic cost models. In Proc. of FormSERA. IEEE Computer Society, Los Alamitos, CA, USA, 2–8
2012
-
[23]
Antonio Filieri, Carlo Ghezzi, and Giordano Tamburrelli. 2011. Run-time efficient probabilistic model checking. In Proc. of ICSE 2011 . ACM, New York, NY, USA, 341–350
2011
-
[24]
Michael J. Fischer. 1969. Some Properties of Precedence Languages. In Proceedings of the 1st Annual ACM Symposium on Theory of Computing (STOC’69). ACM, New York, NY, USA, 181–190. DOI:http://dx.doi.org/10.1145/800169.805432
-
[25]
Robert W. Floyd. 1963. Syntactic Analysis and Operator Precedence. J. ACM 10, 3 (July 1963), 316–333. DOI: http://dx.doi.org/10.1145/321172.321179
-
[26]
Carlo Ghezzi. 2012. Evolution, Adaptation, and the Quest for Incrementality. In Proceedings of the 17th Monterey Conference on Large-Scale Complex IT Systems: Development, Operation and Management . Springer-Verlag, Berlin, Heidelberg, 369–379. DOI:http://dx.doi.org/10.1007/978-3-642-34059-8_19
-
[27]
Carlo Ghezzi and Dino Mandrioli. 1979. Incremental Parsing. ACM Transactions on Programming Languages and Systems 1, 1 (Jan. 1979), 58–70. DOI:http://dx.doi.org/10.1145/357062.357066
-
[28]
Benny Godlin and Ofer Strichman. 2012. Regression Verification: Proving the Equivalence of Similar Programs. STVR 23, 3 (2012), 241–258
2012
-
[29]
Dick Grune and Ceriel J. H. Jacobs. 2008. Parsing Techniques: A Practical Guide (Second Edition) . Springer-Verlag, Berlin, Heidelberg
2008
-
[30]
Shengjian Guo, Markus Kusano, and Chao Wang. 2016. Conc-iSE: Incremental Symbolic Execution of Concurrent Software. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016) . ACM, New York, NY, USA, 531–542. DOI:http://dx.doi.org/10.1145/2970276.2970332
-
[31]
ErnstMoritz Hahn, Holger Hermanns, Björn Wachter, and Lijun Zhang. 2010. PARAM: A Model Checker for Parametric Markov Models. In Proc. of CA V 2010. LNCS, Vol. 6174. Springer, Berlin, Heidelberg, 660–664
2010
-
[32]
Henzinger, Ranjit Jhala, Rupak Majumdar, and Marco A
Thomas A. Henzinger, Ranjit Jhala, Rupak Majumdar, and Marco A. A. Sanvido. 2003. Extreme Model Checking. In Verification: Theory and Practice, Essays Dedicated to Zohar Manna on the Occasion of His 64th Birthday (Lecture Notes in Computer Science), Vol. 2772. Springer-Verlag, Berlin, Heidelberg, 332–358
2003
-
[33]
Fahimeh Jalili. 1985. A General Incremental Evaluator for Attribute Grammars. Science of Computer Programming 5, 1 (1985), 83–96. DOI:http://dx.doi.org/10.1016/0167-6423(85)90005-X
-
[34]
Cliff B. Jones. 1983. Tentative Steps Toward a Development Method for Interfering Programs. ACM Transactions on Programming Languages and Systems 5, 4 (Oct. 1983), 596–619. DOI:http://dx.doi.org/10.1145/69575.69577
-
[35]
Donald E. Knuth. 1968. Semantics of Context-Free Languages. Mathematical Systems Theory 2, 2 (1968), 127–145. DOI: http://dx.doi.org/10.1007/BF01692511
-
[36]
Robert Könighofer, Ronald Toegl, and Roderick Bloem. 2014. Automatic Error Localization for Software Using Deductive Verification. Springer Berlin Heidelberg, Berlin, Heidelberg, 92–98. DOI:http://dx.doi.org/10.1007/978-3-319-13338-6_8
-
[37]
Marta Kwiatkowska, Gethin Norman, David Parker, and Hongyang Qu. 2010. Assume-Guarantee Verification for Probabilistic Systems. In Proceedings of the 16th International Conference on Tools and Algorithms for the Construc- tion and Analysis of Systems (TACAS’10). Springer-Verlag, Berlin, Heidelberg, 23–37. DOI:http://dx.doi.org/10.1007/ 978-3-642-12002-2_3
2010
-
[38]
Craig Larman and Victor R. Basili. 2003. Iterative and Incremental Development: A Brief History. Computer 36, 6 (June 2003), 47–56. DOI:http://dx.doi.org/10.1109/MC.2003.1204375
-
[39]
Steven Lauterburg, Ahmed Sobeih, Darko Marinov, and Mahesh Viswanathan. 2008. Incremental State-space Explo- ration for Programs with Dynamically Allocated Data. In Proceedings of the 30th International Conference on Software Engineering (ICSE’08). ACM, New York, NY, USA, 291–300. DOI:http://dx.doi.org/10.1145/1368088.1368128
-
[40]
K. Rustan M. Leino and Valentin Wüstholz. 2015. Fine-Grained Caching of Verification Results. In Part I of the Proceedings of the 27th International Conference on Computer Aided Verification, CA V’15 (Lecture Notes in Computer Science), Vol. 9206. Springer-Verlag, Berlin, Heidelberg, 380–397. DOI:http://dx.doi.org/10.1007/978-3-319-21690-4_22 , Vol. 1, No...
-
[41]
John Levine and Levine John. 2009. Flex & Bison (1st ed.). O’Reilly Media, Inc., Sebastopol, CA, USA
2009
-
[42]
G. S. Makanin. 1977. The problem of the solvability of equations in a free semigroup. Matematicheskii Sbornik 103(145), 2 (1977), 147–236, 319
1977
-
[43]
John McCarthy. 1962. Towards a Mathematical Science of Computation. In IFIP Congress. Springer Netherlands, Dordrecht, 21–28
1962
-
[44]
Lambert G. L. T. Meertens and Johannes C. van Vliet. 1981.An Operator-Priority Grammar For Algol 68+. CWI Technical Report IW 173/81. Stichting Mathematisch Centrum. 1–24 pages
1981
-
[45]
Design by Contract
Bertrand Meyer. 1992. Applying “Design by Contract”. Computer 25, 10 (Oct. 1992), 40–51. DOI:http://dx.doi.org/10. 1109/2.161279
1992
-
[46]
Kivanç Muşlu, Yuriy Brun, Michael D. Ernst, and David Notkin. 2013. Making Offline Analyses Continuous. In Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering (ESEC/FSE 2013) . ACM, New York, NY, USA, 323–333. DOI:http://dx.doi.org/10.1145/2491411.2491460
-
[47]
Derek C. Oppen. 1980. Reasoning About Recursively Defined Data Structures. J. ACM 27, 3 (July 1980), 403–411. DOI: http://dx.doi.org/10.1145/322203.322204
-
[48]
David Lorge Parnas. 1972. On the Criteria to Be Used in Decomposing Systems into Modules. Commun. ACM 15, 12 (Dec. 1972), 1053–1058. DOI:http://dx.doi.org/10.1145/361598.361623
-
[49]
Suzette Person, Guowei Yang, Neha Rungta, and Sarfraz Khurshid. 2011. Directed Incremental Symbolic Execution. ACM SIGPLAN Notices 46, 6 (June 2011), 504–515. DOI:http://dx.doi.org/10.1145/1993316.1993558
-
[50]
Grigore Roşu and Traian-Florin Şerbănuţă. 2010. An Overview of the K Semantic Framework.Journal of Logic and Algebraic Programming 79, 6 (2010), 397–434. DOI:http://dx.doi.org/10.1016/j.jlap.2010.03.012
-
[51]
Grigore Roşu and Andrei Ştefănescu. 2012. Checking Reachability Using Matching Logic. ACM SIGPLAN Notices 47, 10 (Oct. 2012), 555–574. DOI:http://dx.doi.org/10.1145/2398857.2384656
-
[52]
Grigore Roşu, Chucky Ellison, and Wolfram Schulte. 2011. Matching Logic: An Alternative to Hoare/Floyd Logic. In Proceedings of the 13th International Conference on Algebraic Methodology and Software Technology (AMAST’10) . Springer-Verlag, Berlin, Heidelberg, 142–162. http://dl.acm.org/citation.cfm?id=1946031.1946042
arXiv 2011
-
[53]
Neha Rungta, Joshua Branchaud, and Suzette Person. 2012. A Change Impact Analysis to Characterize Evolving Program Behaviors. In Proceedings of the 28th IEEE International Conference on Software Maintenance (ICSM’12) . IEEE Computer Society Press, Los Alamitos, CA, USA, 109–118. DOI:http://dx.doi.org/10.1109/ICSM.2012.6405261
-
[54]
David Saff and Michael D. Ernst. 2004. An Experimental Evaluation of Continuous Testing During Development. ACM SIGSOFT Software Engineering Notes 29, 4 (July 2004), 76–85. DOI:http://dx.doi.org/10.1145/1013886.1007523
-
[55]
Arto Salomaa. 1987. Formal Languages. Academic Press Professional, Inc., Cambridge, Massachusetts
1987
-
[56]
Natasha Sharygina, Sagar Chaki, Edmund Clarke, and Nishant Sinha. 2005. Dynamic Component Substitutability Analysis. In Proceedings of the 2005 International Conference on Formal Methods (FM’05) . Springer-Verlag, Berlin, Heidelberg, 512–528. DOI:http://dx.doi.org/10.1007/11526841_34
-
[57]
Prasad Sistla. 1996. Hybrid and Incremental Model Checking Techniques. Comput. Surveys 28, 4es (Dec. 1996), 125. DOI:http://dx.doi.org/10.1145/242224.242384
-
[58]
Tamás Szabó, Sebastian Erdweg, and Markus Voelter. 2016. IncA: A DSL for the Definition of Incremental Program Analyses. In Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering (ASE 2016) . ACM, New York, NY, USA, 320–331. DOI:http://dx.doi.org/10.1145/2970276.2970298
-
[59]
Guowei Yang, Matthew B. Dwyer, and Gregg Rothermel. 2009. Regression Model Checking. In Proceedings of the 25th IEEE International Conference on Software Maintenance (ICSM’09). IEEE Computer Society, Los Alamitos, CA, USA, 115–124. DOI:http://dx.doi.org/10.1109/ICSM.2009.5306334 APPENDICES In these appendices we first provide various details about the for...
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.