Rewriting logic with Maude Lars Tveito June 1, 2015 Introduction - - PowerPoint PPT Presentation

Rewriting logic with Maude

Lars Tveito June 1, 2015

Introduction

Maude is a system for writing system specifications.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties. A model-checker is provided.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties. A model-checker is provided. Rewriting logic is reflective; this allows for meta-modeling.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties. A model-checker is provided. Rewriting logic is reflective; this allows for meta-modeling. This greatly enhances it’s expressive power (for instance, LTL can be modeled in maude, which is done in its model-checker).

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties. A model-checker is provided. Rewriting logic is reflective; this allows for meta-modeling. This greatly enhances it’s expressive power (for instance, LTL can be modeled in maude, which is done in its model-checker). Additional tools, like confluence checker, completeness checker and a theorem prover can be acquired.

Introduction

Maude is a system for writing system specifications. Systems are modeled using equational and rewriting logic. Maude has tools for exploring the state space for properties. A model-checker is provided. Rewriting logic is reflective; this allows for meta-modeling. This greatly enhances it’s expressive power (for instance, LTL can be modeled in maude, which is done in its model-checker). Additional tools, like confluence checker, completeness checker and a theorem prover can be acquired. A LTLR model checker exits; this could be interesting for this talk, but is not examined further here.

Signatures

A signature consists of a set of sorts, and a set of function symbol declarations.

Signatures

A signature consists of a set of sorts, and a set of function symbol declarations. Definition[4]: A many-sorted signature (S, Σ) consists of a set S, whose elements are sorts, and an S∗ × S-sorted family {Σw,s|w ∈ S∗, s ∈ S} of function symbols. Σw,s is the set of function symbols with arity w and value of sort s. We can write f : w → s ∈ Σ for Σw,s. If w is the empty word, then f is often called a constant of sort s.

Ground terms

We can express ground terms using only constants and function symbols.

Ground terms

We can express ground terms using only constants and function symbols. Definition[4]: Given a many-sorted signature (S, Σ), we can define a S-sorted set of ground terms TΣ = {TΣ,s|s ∈ S} inductively: Σǫ,s ⊆ TΣ,s. Every constant of sort s is a ground term of sort s. If f ∈ Σs1,...,sn,s and t1 ∈ TΣ,s1, ..., tn ∈ TΣ,sn and 1 ≥ n, then f (t1, ..., tn) ∈ TΣ,s. A function applied to ground terms of the right sort are also ground terms. Each set TΣ,s is the smallest set that satisfies the above conditions.

Variables

Variables are placeholders for terms.

Variables

Variables are placeholders for terms. Definition[4]: Given a many-sorted signature (S, Σ), a variable set X is a S-sorted family X = {Xs|s ∈ S} of pairwise disjoint sets, also disjoint from Σ.

Variables

Variables are placeholders for terms. Definition[4]: Given a many-sorted signature (S, Σ), a variable set X is a S-sorted family X = {Xs|s ∈ S} of pairwise disjoint sets, also disjoint from Σ. Note that: The definition implies that no variable have different sorts, so Xs ∩ Xs′ = ∅ should hold. Also, the definition implies that a variable cannot be a function-symbol, so Xs ∩ Σ = ∅.

Terms

Terms are just like ground terms, that can also contain free variables.

Terms

Terms are just like ground terms, that can also contain free variables. Definition[4]: Given a many-sorted signature (S, Σ), and a variable set X = {Xs|s ∈ S}, the S-sorted set of terms TΣ(X) = {TΣ,s(X)|s ∈ S} can be defined inductively: Xs ⊆ TΣ,s(X) for s ∈ S; a variable of sort s is also a term of sort s. Σǫ,s ⊆ TΣ,s(X) for s ∈ S; a constant of sort s is also a term of sort s. f (t1, ...tn) ∈ TΣ,s(X) if f ∈ Σs1...sn,s and ti ∈ TΣ,si(X) for each 1 ≤ i ≤ n. TΣ(X) is the smallest S-sorted set satisfying the above conditions.

Rewriting

Typically a an equational theory (Σ, E) represents the static part of a system (things that don’t change)[3].

Rewriting

Typically a an equational theory (Σ, E) represents the static part of a system (things that don’t change)[3]. A rewrite theory R = (Σ, E, R) the dynamic part of a system (where things do change).

Rewriting

Typically a an equational theory (Σ, E) represents the static part of a system (things that don’t change)[3]. A rewrite theory R = (Σ, E, R) the dynamic part of a system (where things do change). The strengths of rewriting comes from naturally being able to express systems that are:

Non-deterministic (or non-confluent) Concurrent Distributed

Rewriting

Typically a an equational theory (Σ, E) represents the static part of a system (things that don’t change)[3]. A rewrite theory R = (Σ, E, R) the dynamic part of a system (where things do change). The strengths of rewriting comes from naturally being able to express systems that are:

Non-deterministic (or non-confluent) Concurrent Distributed

In other words; we need rewriting rules to model state change.

Substitution

Substitution is a mapping from a variables to terms[4][1].

Substitution

Substitution is a mapping from a variables to terms[4][1]. Substitutions are functions on the form: {x1 → t1, ..., xn → tn}

Substitution

Substitution is a mapping from a variables to terms[4][1]. Substitutions are functions on the form: {x1 → t1, ..., xn → tn} It is a function σ : X → TΣ(Y ), where X is a set of variables and TΣ(Y) is a set of terms.

Substitution

Substitution is a mapping from a variables to terms[4][1]. Substitutions are functions on the form: {x1 → t1, ..., xn → tn} It is a function σ : X → TΣ(Y ), where X is a set of variables and TΣ(Y) is a set of terms. σ is extended to σ : TΣ(X) → TΣ(Y ), which takes a term and simultaneously replaces each variable in a term t according to the substitution.

Substitution

Substitution is a mapping from a variables to terms[4][1]. Substitutions are functions on the form: {x1 → t1, ..., xn → tn} It is a function σ : X → TΣ(Y ), where X is a set of variables and TΣ(Y) is a set of terms. σ is extended to σ : TΣ(X) → TΣ(Y ), which takes a term and simultaneously replaces each variable in a term t according to the substitution. Example Given a substitution σ = {x → a, y → f (b)} and a term t = g(x, f (y)) then σt is g(a, f (f (b))).

Matching

Definition[4]: Given a term t and a term u, then t matches u if there is a substitution such that σt = u.

Matching

Definition[4]: Given a term t and a term u, then t matches u if there is a substitution such that σt = u. Example Given a term t = g(x, f (y)) and a term u = g(a, f (f (b))), then t matches u because σg(x, f (y)) = g(a, f (f (b))) where σ is the substitution σ = {x → a, y → f (b)}.

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′.

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently.

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently. An equation is just a rewrite rule with a few underlying assumptions.

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently. An equation is just a rewrite rule with a few underlying assumptions. An equation is symmetric (so t = t′ and t′ = t ).

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently. An equation is just a rewrite rule with a few underlying assumptions. An equation is symmetric (so t = t′ and t′ = t ). A set of equations should be

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently. An equation is just a rewrite rule with a few underlying assumptions. An equation is symmetric (so t = t′ and t′ = t ). A set of equations should be

terminating, ie. that that there should not exist an infinite reduction of a given term t

Equations and rewrite rules

A rewrite rule consists of a label, a left-hand side term t and a right-hand side t′. The semantics of a rewrite rule is that a term t may become t′; rules can (conceptually) be applied concurrently. An equation is just a rewrite rule with a few underlying assumptions. An equation is symmetric (so t = t′ and t′ = t ). A set of equations should be

terminating, ie. that that there should not exist an infinite reduction of a given term t confluent, ie. if a term matches more than one equation (non-determinism), applying the term to either equation should reduce to the same canonical form.

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!)

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!) One should (not required) have a separate system specification and property specification.

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!) One should (not required) have a separate system specification and property specification. Maude can represent infinite data-structures (which is uncommon for modeling languages), which can lead to infinite state space.

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!) One should (not required) have a separate system specification and property specification. Maude can represent infinite data-structures (which is uncommon for modeling languages), which can lead to infinite state space. Only reachable states will be checked; the modeler must ensure the state space is finite.

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!) One should (not required) have a separate system specification and property specification. Maude can represent infinite data-structures (which is uncommon for modeling languages), which can lead to infinite state space. Only reachable states will be checked; the modeler must ensure the state space is finite. To model check a specification one must make a property specification and provide some initial state(s).

LTL in Maude[2]

Maude provides a model-checker (that is written in Maude!) One should (not required) have a separate system specification and property specification. Maude can represent infinite data-structures (which is uncommon for modeling languages), which can lead to infinite state space. Only reachable states will be checked; the modeler must ensure the state space is finite. To model check a specification one must make a property specification and provide some initial state(s). Example!

References I

Franz Baader and Tobias Nipkow. Term rewriting and all that. Cambridge University Press, 1998. ISBN: 978-0-521-45520-6. Manuel Clavel et al., eds. All About Maude - A High-Performance Logical Framework, How to Specify, Program and Verify Systems in Rewriting Logic. Vol. 4350. Lecture Notes in Computer Science. Springer, 2007. ISBN: 978-3-540-71940-3. José Meseguer. “Twenty Years of Rewriting Logic”. English. In: Rewriting Logic and Its Applications. Ed. by PeterCsaba Ölveczky. Vol. 6381. Lecture Notes in Computer

• Science. Springer Berlin Heidelberg, 2010, pp. 15–17. ISBN:

978-3-642-16309-8. DOI: 10.1007/978-3-642-16310-4_2. URL: http://dx.doi.org/10.1007/978-3-642-16310-4_2.

References II

Peter Csaba Ölveczky. Formal Modeling and Analysis of Distributed Systems. Springer, 2015. ISBN: 978-1-4471-6687-0.