Kokichi Futatsugi

Principles of OBJ2

0~12 is a functional programming language with an underlying formal semantics that is based upon equational logic, and an oprtationnl semantics that is based upon rewrite rules. Four clsssrs of design principles for 01352 ate discussed briefly in this inttoduct,ion, and then in mote detail brlnw: (1) motlulntizntion and patnmcteriantion; (2) subsorts; (3) implcmcntnt.ion IcBchniquc>s; and (4) inlrtaction and flexibility. WC also lrace C)II.l history, current shtus, and future plans, and give n fairly comp1rl.c OnJ bibliography. blast rxnmplc codr hns n-ct,unlly bcbcn run on out currclnt OI%.JZ intcrprc,t (‘r.

CafeOBJ report : the language, proof techniques, and methodologies for object-oriented algebraic specification

Basic specifications - signatures models sentences satisfaction proof system structuring specifications - fundamental semantics concepts module imports views parameterized modules module expressions built-in modules proof technologies - rewriting induction coinduction methodologies - nondeterminism concurrent object composition dynamic systems of objects applications in rewriting logic general small methodological advises.

Logical foundations of CafeOBJ

This paper surveys the logical and mathematical foundations of CafeOBJ, which is a successor of the famous algebraic specification language OBJ but adds to it several new primitive paradigms such as behavioural concurrent specification and rewriting logic.We first give a concise overview of CafeOBJ. Then we focus on the actual logical foundations of the language at two different levels: basic specification and structured specification, including also the definition of the CafeOBJ institution. We survey some novel or more classical theoretical concepts supporting the logical foundations of CafeOBJ, pointing out the main results but without giving proofs and without discussing all mathematical details. Novel theoretical concepts include the coherent hidden algebra formalism and its combination with rewriting logic, and Grothendieck (or fibred) institutions. However, for proofs and for some of the mathematical details not discussed here we give pointers to relevant publications.The logical foundations of CafeOBJ are structured by the concept of institution. Moreover, the design of CafeOBJ emerged from its logical foundations, and institution concepts played a crucial role in structuring the language design.

An overview of CAFE specification environment-an algebraic approach for creating, verifying, and maintaining formal specifications over networks

CAFE is the name of a network based environment now under development for supporting systematic creation, checking, verification, and maintenance of formal specifications. CAFE has an algebraic specification language called CafeOBJ as its main specification language, and adopts an algebraic specification paradigm as its foundation. CafeOBJ is a successor of the OBJ language, and has important new features for concurrency and behavioral specifications. Concurrency and behavior are specified based on rewriting logic and behavioral (hidden sorted) algebra respectively. These new features make it possible to provide powerful language constructs for formal object oriented specifications. CAFE is designed to be a network based environment. For sharing specification documents systematically over networks, a new document formatting language called Forsdonnet (FORmal Specification Document ON NETwork) is designed by extending HTML. Forsdonnet includes constructs for formal and informal specifications, commands for executing (prototyping) and cheeking/verifying CafeOBJ specifications, etc. Forsdonnet is designed to be based on already established standard network infrastructure components like HTML and Netscape Navigator. The paper gives an overview and design considerations of the CAFE environment, featuring mainly CafeOBJ and Forsdonnet languages.

Proof Scores in the OTS/CafeOBJ Method

A way to write proof scores showing that distributed systems have invariant properties in algebraic specification languages is described, which has been devised through several case studies. The way makes it possible to divide a formula stating an invariant property under discussion into reasonably small ones, each of which is proved by writing proof scores individually. This relieves the load to reduce logical formulas and can decrease the number of subcases into which the case is split in case analysis.

Some Tips on Writing Proof Scores in the OTS/CafeOBJ Method

The OTS/CafeOBJ method is an instance of the proof score approach to systems analysis, which has been mainly devoted by researchers in the OBJ community. We describe some tips on writing proof scores in the OTS/CafeOBJ method and use a mutual exclusion protocol to exemplify the tips. We also argue soundness of proof scores in the OTS/CafeOBJ method.

Equational Approach to Formal Analysis of TLS

TLS has been formally analyzed with the OTS/CafeOBJ method. In the method, distributed systems are modeled as transition systems, which are written in terms of equations, and it is verified that the models have properties by means of equational reasoning. TLS is the latest version, or the successor of SSL, which is probably the most widely deployed security protocol. Among the results of the analysis are that pre-master secrets cannot be leaked, when a client has negotiated a cipher suite and security parameters with a server, the server has really agreed on them, and client cannot be identified if they do not send their certificates to servers

Verifying Specifications with Proof Scores in CafeOBJ

Verifying specifications is still one of the most important undeveloped research topics in software engineering. It is important because quite a few critical bugs are caused at the level of domains, requirements, and/or designs. It is also important for the cases where no program codes are generated and specifications are analyzed and verified only for justifying models of problems in real world. This paper gives a survey of our research activities in verifying specifications with proof scores in CafeOBJ. After explaining fundamental issues and importance of verifying specifications, an overview of CafeOBJ language, the proof score approach in CafeOBJ including its applications to several areas are given. This paper is based on our already published books or papers (Diaconescu and Futatsugi, 1998; Futatsugi et al., 2005), and refers to many of our related publications. Interested readers are invited to look into them

Component-Based Algebraic Specification and Verification in CafeOBJ

We present a formal method for component-based system specification and verification which is based on the new algebraic specification language CafeOBJ, which is a modern successor of OBJ incorporating several new developments in algebraic specification theory and practice. We first give an overview of the main features of CafeOBJ, including its logical foundations, and then we focus on the behavioural specification paradigm in CafeOBJ, surveying the object-oriented CafeOBJ specification and verification methodology based on behavioural abstraction. The last part of this paper further focuses on a component-based behavioural specification and verification methodology which features high reusability of both specification code and verification proof scores. This methodology constitutes the basis for an industrial strength formal method around CafeOBJ.

Principles of proof scores in CafeOBJ

This paper describes the theoretical principles of a verification method with proof scores in the CafeOBJ algebraic specification language. The verification method focuses on specifications with conditional equations and realizes systematic theorem proving (or interactive verification). The method is explained using a simple but instructive example, and the necessary theoretical foundations, which justify every step of the verification, are described with precise mathematical definitions. Some important theorems that result from the definitions are also presented.