Christiano Braga

Modular Rewriting Semantics of Programming Languages

We present a general method to achieve modularity of semantic definitions of programming languages specified as rewrite theories. This provides modularity for a language specification method that combines and extends the best features of both SOS and algebraic semantics. The relationship to Mosses’ modular operational semantics (MSOS) is explored in detail, yielding a semantics-preserving translation that could support execution and analysis of MSOS specifications in Maude.

Maude MSOS Tool

Modular structural operational semantics (MSOS) is a new framework that allows structural operational semantics (SOS) specifications to be made modular in the sense of not imposing the redefinition of transition rules, which is the case in SOS specifications, when an extension is made. Maude MSOS tool (MMT) is an executable environment for MSOS implemented in Full Maude as a realization of a semantics-preserving mapping between MSOS and rewriting logic (RWL). The modular SOS definition formalism (MSDF) is the specification language supported by MMT. MSDF syntax is quite close to MSOS mathematical notation and user-friendly by allowing several syntactic components to be left implicit. MMT joins the support for modularity with a user-friendly syntax together with the efficient execution and analysis of the Maude engine. We have used MMT in several different examples from programming languages semantics and concurrent systems. This paper reports on the development of MMT and its application to these two classes of specifications.

Mapping modular SOS to rewriting logic

Modular SOS (MSOS) is a framework created to improve the modularity of structural operational semantics specifications, a formalism frequently used in the fields of programming languages semantics and process algebras. With the objective of defining formal tools to support the execution and verification of MSOS specifications, we have defined a mapping, named MtoR, from MSOS to rewriting logic (RWL), a logic which has been proposed as a logical and semantic framework. We have proven the correctness of M to R and implemented it as a prototype, the MSOS-SL Interpreter, in the Maude system, a high-performance implementation of RWL. In this paper we characterize the M to R mapping and the MSOS-SL Interpreter. The reader is assumed to have some basic knowledge of structural operational semantics and object-oriented concepts.

Modular Rewriting Semantics in Practice

We present a general method to achieve modularity of semantic definitions of programming languages specified as rewrite theories, so that semantic rules do not have to be redefined in language extensions. We illustrate the practical use of this method by means of two language case studies: two different semantics for CCS, and three different semantics for the GNU bc language.

Maude Action Tool: Using Reflection to Map Action Semantics to Rewriting Logic

Action semantics (AS) is a framework for specifying the semantics of programming languages, in a very modular and readable way. Recently, the operational semantics of action notation (action semanticss specification language) has been rewritten using Modular SOS (MSOS), a new modular approach for specifying operational semantics. The new modular specification of action notation facilitates the creation of extensions to action semantics, to deal with new concepts, such as components. The Maude Action Tool uses the reflective capabilities of rewriting logic, implemented on the Maude system, to create an executable environment for action semantics and its potential extensions. This is achieved by a mapping between the MSOS and rewriting logic formalisms which, when applied to the MSOS semantics of each facet of action notation, yields a corresponding rewrite theory. Such rewrite theories are executed on action programs, that is, on the action notation translation of a given program P in a language L, according to Ls action semantics.

Modeling norms in multi-agent systems with NormML

Norms in multi-agent systems are a mechanism used to restrict the behavior of agents by defining what agents are obligated, permitted or prohibited to do and by stating stimulus to their fulfillment by defining rewards and discouraging their violation by pointing out punishments. In this paper we propose a normative modeling language called NormML that makes possible the modeling of the main properties and characteristics of the norms. In addition, we also propose a mechanism to validate the norms at design time, i.e., to check if the norms respect the constraints defined by the language and also their possible conflicts.

A Rewriting Semantics for a Software Architecture Description Language

Distributed and concurrent application invariably have coordination requirements. The design of those applications, composed by several (possibly distributed) components, has to consider coordination requirements comprising inter-component interaction styles, and intra-component concurrency and synchronization aspects. In our approach coordination aspects are treated in the software architecture level and can be specified in high-level contracts in CBabel ADL. A rewriting logic semantics for the software architecture description language CBabel is given, revisiting and extending previous work by some of the authors, which now includes a revision of the previous semantics and the addition of new features covering all the language. The CBabel tool is also presented. The CBabel tool is a prototype executable environment for CBabel, that implements the given CBabels rewriting logic semantics and allows the execution and verification of CBabel descriptions in the Maude system, an implementation of rewriting logic. In this way, software architectures describing complex applications can be formally verified regarding properties such as deadlock and synchronization consistency in the software architecture design phase of its life cycle.

Towards a Rewriting Semantics for a Software Architecture Description Language

Abstract Software architecture description languages (ADL) allow a software designer to focus on high- level aspects of an application by abstracting from the details of the components that compose an architecture. It is precisely this abstraction that makes ADLs suitable for verification using model checking techniques. ADLs are, in a way, domain-specific languages for aspects such as coordination, distribution and quality-of-service. The CBabel ADL defines the concept of contracts that precisely captures these architecture-level aspects. In this paper we propose a rewriting semantics for CBabel, that is, a formal semantics for CBabel specified in rewriting logic, a unifying formalism for concurrency models that has interesting properties as a logic and semantic framework due to its unified view of computation and proof. Using the Maude system, a high-performance implementation of rewriting logic, we formally verify the producer-consumer-buffer problem using model checking and state search.

A transformation contract to generate aspects from access control policies

Access control is an important security issue. It has been addressed since the late 1960s in the early time-sharing computer systems. Many access control models have been proposed since than but of particular interest is Ferraiolo and Khun’s role-based access control model (RBAC). It is a simple and yet general model which has been deeply studied and applied both in industry and in academia. A variety of industrial standards have been proposed based on this model. Generating code for an access control policy is an interesting challenge. Understanding access control as a non-functional concern that cross-cuts the functional part of a system raises difficulties quite suitable for a solution based on aspect-oriented programming. In this paper, we address the problems of specification and validation of code generation for access control policies targeting an aspect-based infra-structure. We propose an MDA approach. The code generator is a transformation from SecureUML, an RBAC-based modeling language, to the language Aspects for Access Control (AAC), an aspect-oriented modeling language proposed in this paper. Metamodels are used to represent the languages and to specify the transformation. A metamodel is used to represent the abstract syntax of a language and the constraints that a given instance model of the metamodel must fulfill. We also use a metamodel to specify the code generator. This transformation metamodel, together with all the constraints, that is, from both languages and those constraints regarding the merge of the two languages, we call a transformation contract. It merges and conservatively extends the source and target metamodels of the model transformation it represents. In the context of code-generation for access control policies, the transformation contract specifies the relationships between the abstract syntaxes of SecureUML and AAC and constrains the two languages. The validation of the code generator also uses the transformation contract. For a given access control policy and aspect, represented as instances of the appropriate metamodels, with aspects produced by the code generator, the constraints of the transformation contract must hold. We have prototyped a transformer from SecureUML to aspects on top of ITP/OCL, an OCL interpreter that automatically validates the generated aspect code by applying the constraints of the transformation contract.

On the specification, verification and implementation of model transformations with transformation contracts

Model transformations are first-class artifacts in a model-driven development process. As such, their verification and validation is an important task. We have been developing a technique to specify, verify, validate and implement model transformations. Our technique is based on the concept of transformation contracts, a specification that relates two modeling languages and declares properties that must be fulfilled in such a relation. A transformation contract is essentially a transformation model that allows for the verification and validation of a model transformation using the same techniques one uses to verify and validate any given model. This paper describes our technique, discusses consistency of model transformations and reports on its application to a model transformation from access control models to Java security.