Skip to content

Add kmir tool description and CI workflow #310

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

Add kmir tool description and CI workflow #310

Changes from 1 commit
Commits
Show all changes
36 commits
Select commit Hold shift + click to select a range
14ee0f2
add KMIR to the docs using prepared tool template text
jberthold Apr 1, 2025
39bbca7
add kmir workflow and proof claim files + source. WIP README.mds need…
jberthold Apr 1, 2025
4082f8a
remove stray quotes
jberthold Apr 1, 2025
572425b
New README.md for the KMIR proof top directory
jberthold Apr 1, 2025
ca8f7e7
Adjust README for maximum-example-proof
jberthold Apr 1, 2025
822f8ec
adjust steps in maximum proof, give an example of the configuration
jberthold Apr 1, 2025
8d9de92
use demon container in workflow
jberthold Apr 1, 2025
a6c1708
Do not set a default shell in the CI workflow
jberthold Apr 2, 2025
5ce3c31
Do not set uid, do not bind-mount (copy kmir-proofs directory)
jberthold Apr 2, 2025
c6de927
do not write proof kcfg in CI (works around a permission problem)
jberthold Apr 2, 2025
ab015de
Merge branch 'main' into add-kmir-tool
jberthold Apr 2, 2025
89d8f06
Update CI Image w/ new environment controls
F-WRunTime Apr 2, 2025
347fd4c
Adding back in proof generation on container
F-WRunTime Apr 2, 2025
b346e03
Revert previous change to workflow. Further investigation needed betw…
F-WRunTime Apr 2, 2025
fc9eecf
Merge branch 'main' into add-kmir-tool
jberthold Apr 4, 2025
5746c4d
Format Markdown files to 80-column line breaks (content unchanged)
jberthold Apr 5, 2025
3acce27
Edits round 1, see related issue
jberthold Apr 5, 2025
90c2df2
Usage instructions list current build steps only
dkcumming Apr 6, 2025
ef14668
added missing link to proofs
dkcumming Apr 6, 2025
08de801
removed speculation about kup integration
dkcumming Apr 6, 2025
d68fec5
Added quote of what K Framewwork is
dkcumming Apr 6, 2025
9feeb14
break new text at column 80, remove trailing whitespace
jberthold Apr 7, 2025
2e0bfd8
Rewrite usage section, delete CI and Versioning parts, move Licensing
jberthold Apr 7, 2025
e62f890
expand K framework explanation to explain reachability proofs
jberthold Apr 7, 2025
d7306a9
Merge branch 'main' into add-kmir-tool
jberthold Apr 7, 2025
f73b9a2
Merge branch 'main' into add-kmir-tool
jberthold Apr 9, 2025
b7d54d9
add a section explaining how loops and recursion can be addressed by K
jberthold Apr 15, 2025
3818143
Merge branch 'main' into add-kmir-tool
jberthold Apr 15, 2025
7b857e9
Update kmir.md
gregorymakodzeba Apr 18, 2025
bc50f5a
Update kmir-proofs/maximum-example-proof/README.md
dkcumming Apr 28, 2025
8f2a189
Merge branch 'main' into add-kmir-tool
jberthold May 6, 2025
e3572db
Merge remote-tracking branch 'upstream/main' into add-kmir-tool
jberthold May 9, 2025
75e80c0
update unchecked_arithmetic proofs (new runner, new test code, new wo…
jberthold May 9, 2025
0ce0bbb
remove maximum-example-proof (outdated)
jberthold May 9, 2025
3a1044d
rewrite description of proofs in kmir-proofs
jberthold May 9, 2025
d06457a
Adjust kmir.md description to updated software
jberthold May 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions doc/src/tools/kmir.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,23 @@ Using the K semantics of Stable MIR, the KMIR execution of an entire Rust
program represented as Stable MIR breaks down to a series of configuration
rewrites that compute data held in local variables, and the program may either
terminate normally or reach an exception or construct with undefined behaviour,
which terminates the execution abnormally. Programs modelled in K Framework can
be executed _symbolically_, i.e., operating on abstract input which is not fully
specified but characterised by _path conditions_ (e.g., that an integer variable
holds an unknown but non-negative value).
which terminates the execution abnormally. KMIR is designed to provide sound
assurances about undefined behavior (UB) in Rust’s MIR. Rather than statically
over‑approximating or flagging UB at every unsafe block, KMIR models the full
MIR semantics, including UB transitions, use a **refusal-to-execute** strategy.
This means that if symbolic execution reaches a MIR instruction and cannot prove
that executing it would not result in UB (e.g., an out-of-bounds pointer dereference
or an unchecked arithmetic overflow), execution halts in a `UB DETECTED` state.
This state cannot be unified with a valid target state in the proof, so the proof
fails. KMIR systematically explores all feasible paths under the user-supplied
preconditions. Only when **every** path terminates without hitting UB *and*
satisfies the target property does KMIR declare the program UB-free (and correct
for the property). This ensures that any “no UB” claim holds under the sole assumption
that KMIR’s implementation is correct.

Programs modelled in K Framework can be executed _symbolically_, i.e., operating
on abstract input which is not fully specified but characterized by _path conditions_
(e.g., that an integer variable holds an unknown but non-negative value).

K (and thus KMIR) verifies program correctness by performing an
_all-path-reachability proof_ using the symbolic execution engine and verifier
Expand Down
Loading