Abstract. Formal semantic definitions of concurrent languages, when specified in a well-suited semantic framework and supported by generic and efficient formal tools, can be the basis of powerful software analysis tools. Such tools can be obtained for free from the semantic definitions; in our experience in just the few weeks required to define a language’s semantics even for large languages like Java. By combining, yet distinguishing, both equations and rules, rewriting logic semantic definitions unify both the semantic equations of equational semantics (in their higher-order denotational version or their first-order algebraic counterpart) and the semantic rules of SOS. Several limitations of both SOS and equational semantics are thus overcome within this unified framework. By using a high-performance implementation of rewriting logic such as Maude, a language’s formal specification can be automatically transformed into an efficient interpreter. Furthermore, by using Maude’s breadth first search command, we also obtain for free a semi-decision procedure for finding failures of safety properties; and by using Maude’s LTL model checker, we obtain, also for free, a decision procedure for LTL properties of finite-state programs. These possibilities, and the competitive performance of the analysis tools thus obtained, are illustrated by means of a concurrent Caml-like language; similar experience with Java (source and JVM) programs is also summarized. 1

Rewriting logic is a flexible and expressive logical framework that unifies denotational semantics and SOS in a novel way, avoiding their respective limitations and allowing very succinct semantic definitions. The fact that a rewrite theory’s axioms include both equations and rewrite rules provides a very useful “abstraction knob” to find the right balance between abstraction and observability in semantic definitions. Such semantic definitions are directly executable as interpreters in a rewriting logic language such as Maude, whose generic formal tools can be used to endow those interpreters with powerful program analysis capabilities.

Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the minimal quotient system together with a set of proof obligations that guarantee its executability and can be discharged with tools such as those in the Maude formal environment.

Abstract. Real-Time Maude is a language and tool supporting the formal specification and analysis of real-time and hybrid systems. The specification formalism is based on rewriting logic, emphasizes generality and ease of specification, and is particularly suitable to specify objectoriented real-time systems. The tool offers a wide range of analysis techniques, including timed rewriting for simulation purposes, search, and time-bounded linear temporal logic model checking. It has been used to model and analyze sophisticated communication protocols and scheduling algorithms. Real-Time Maude is an extension of Maude and a major redesign of an earlier prototype. Tools based on timed and linear hybrid automata, such as Uppaal [1], HyTech [2], and Kronos [3], have been successful in modeling and analyzing an impressive collection of real-time systems. While their restrictive specification formalism ensures that interesting properties are decidable, such finite-control automata do not support well the specification of larger systems with different

Abstract. Computational systems are often represented by means of Kripke structures, and related using simulations. We propose rewriting logic as a flexible and executable framework in which to formally specify these mathematical models, and introduce a particular and elegant way of representing simulations in it: theoroidal maps. A categorical viewpoint is very natural in the study of these structures and we show how to organize Kripke structures in categories that afterwards are lifted to the rewriting logic’s level. We illustrate the use of theoroidal maps with two applications: predicate abstraction and the study of fairness constraints. 1

A model checker typically supports two different levels of specification: (1) a system specification level, in which the concurrent system to be analyzed is formalized; and (2) a property specification level, in which the properties to be model checked -- for example, temporal logic formulae -- are specified. The Maude LTL model checker has been designed with the goal of combining a very expressive and general system specification language (Maude [1]) with an LTL model checking engine that benefits from some of the most recent advances in on-the-fly explicit-state model checking techniques. Specifically, Maude specifications are executable logical theories in rewriting logic [2], a logic that is a flexible logical framework for expressing a very wide range of concurrency models and distributed systems [2]. A rewrite theory is a triple R = (Σ, E, R), with (Σ, E) an equational theory specifying a system's distributed state structure (for example, a multiset of processes and...

One can distinguish two specification levels: a system specification level, in which the computational system of interest is specified; and a property specification level, in which the relevant properties are specified. These lectures present an approach to executable system specification based on equational logic for deterministic systems and on rewriting logic for concurrent systems that is seamlessly integrated with a property specification level using first-order, inductive, and temporal logics. This integration is directly supported by formal verification tools in the formal environment of the Maude rewriting logic language. We show how this approach and the supporting tools can be applied to the specification and verification of a wide variety of programs, that can be either declarative or imperative, and either deterministic or concurrent.

PLAN is a language designed for programming active networks, and can more generally be regarded as a model of mobile computation. PLAN generalizes the paradigm of imperative functional programming in an elegant way that allows for recursive, remote function calls, and it provides a clear mechanism for the interaction between host and mobile code. Techniques for specifying and reasoning about such languages are of growing importance. In this paper we describe our specification of PLAN in the rewriting logic language Maude. We show how techniques for specifying the operational semantics of imperative functional programs (syntax-based semantics) and for formalizing variable binding constructs and mobile environments (CINNI calculus) are used in combination with the natural representation of concurrency and distribution provided by rewriting logic to develop a faithful description of the informal PLAN semantics. We also illustrate the wide-spectrum approach to formal modeling supported by Maude: executing PLAN programs; analyzing PLAN programs using search and model-checking; proving properties of particular PLAN programs; and proving general properties of the PLAN language.

Abstract. There is a growing need to explicitly represent the behavioral semantics of Modeling Languages in a precise way, something especially important in industrial environments in which simulation and verification are critical issues. Graph transformation provides one way to specify the semantics of Domain Specific Visual Languages (DSVLs), with the advantage of being intuitive and easy to use for the system designer. Even though its theory has been extensively developed during the last 30 years, it has some limitations concerning specific analysis capabilities. On the contrary, Maude is a rewriting logic-based language with very good formal analysis support, but which requires specialized knowledge. In this paper we show how a mapping between graph transformation-based specifications of DSVL semantics and Maude is possible. This allows performing simulation, reachability and model-checking analysis on the models, using the tools and techniques that Maude provides. 1

Abstract: This paper presents a modular rewriting semantics (MRS) specification for Reppy’s Concurrent ML (CML), based on Peter Mosses ’ modular structural operational semantics specification for CML. A modular rewriting semantics specification for a programming language is a rewrite theory in rewriting logic written using techniques that support the modular development of the specification in the precise sense that every module extension is conservative. We show that the MRS of CML can be used to interpret CML programs using the rewrite engine of the Maude system, a highperformance implementation of rewriting logic, and to verify CML programs using Maude’s built-in LTL model checker. It is assumed that the reader is familiar with basic concepts of structural operational semantics and algebraic specifications.