In computer science we speak of implementing a logic; this is done in a programming language, such as Lisp, called here the implementation language. We also reason about the logic, as in understanding how to search for proofs; these arguments are expressed in the metalanguage and conducted in the metalogic of the object language being implemented. We also reason about the implementation itself, say to know it is correct; this is done in a programming logic. How do all these logics relate? This paper considers that question and more. We show that by taking the view that the metalogic is primary, these other parts are related in standard ways. The metalogic should be suitably rich so that the object logic can be presented as an abstract data type, and it must be suitably computational (or constructive) so that an instance of that type is an implementation. The data type abstractly encodes all that is relevant for metareasoning, i.e., not only the term constructing functions but also the...

This paper explains the design and use of two equational proving tools, namely an inductive theorem prover -- to prove theorems about equational specifications with an initial algebra semantics -- and a Church-Rosser checker---to check whether such specifications satisfy the Church-Rosser property. These tools can be used to prove properties of order-sorted equational specifications in Cafe [11] and of membership equational logic specifications in Maude [7, 6]. The tools have been written entirely in Maude and are in fact executable specifications in rewriting logic of the formal inference systems that they implement.

This paper describes the application of the Real-Time Maude tool and the Maude formal methodology to the specification and analysis of the AER/NCA suite of active network multicast protocol components. Because of the time-sensitive and resource-sensitive behavior and the composability of its components, AER/NCA poses challenging new problems for its formal specification and analysis. Real-Time Maude is a natural extension of the Maude rewriting logic language and tool for the specification and analysis of real-time object-based distributed systems. It supports a wide spectrum of formal methods, including: executable specification; symbolic simulation; and infinite-state model checking of temporal logic formulas. These methods complement those offered by finite-state model checkers and general-purpose theorem provers. RealTime Maude has proved to be well-suited to meet the AER/NCA modeling challenges, and its methods have been effective in uncovering subtle and important errors in the informal use case specification.

We show how formal specifications can be integrated into one of the current pragmatic object-oriented software development methods. Jacobson’s “Object-Oriented Software Engineering ” (OOSE) process is combined with object-oriented algebraic specifications by extending object and interaction diagrams with formal annotations. The specifications are based on Meseguer’s rewriting logic and are written in a meta-level extension of the language Maude by process expressions. As a result any such diagram can be associated with a formal specification, proof obligations ensuring invariant properties can be automatically generated, and the refinement relations between documents at different abstraction levels can be formally stated and proved. 1

Category theory provides an excellent foundation for studying structured specifications and their composition. For example, theories can be structured together in a diagram, and their composition can be obtained as a colimit. There is, however, a growing awareness, both in theory and in specification practice, that structured theories should not be viewed just as the "scaffolding" used to build unstructured theories: they should become first-class citizens in the specification process. Given a logic formalized as an institution I, we therefore ask whether there is a good definition of the category of I-structured theories, and whether they can be naturally regarded as the ordinary theories of an appropriate institution S(I) generalizing the original institution I. We answer both question in the affirmative, and study good properties of the institution I inherited by S(I). We show that, under natural conditions, a number of important properties are indeed inherited, including cocompleteness of the category of theories, liberality, and extension of the basic framework by freeness constraints. The results presented here have been used as a foundation for the module algebra of the Maude language, and seem promising as a semantic basis for a generic module algebra that could be both specified and executed within the logical framework of rewriting logic. 1

2 Dedicated with affection to my beloved parents Cecilia and Miklós 3 4

One can distinguish two specification levels: a system specification level, in which the computational system of interest is specified; and a property specification level, in which the relevant properties are specified. These lectures present an approach to executable system specification based on equational logic for deterministic systems and on rewriting logic for concurrent systems that is seamlessly integrated with a property specification level using first-order, inductive, and temporal logics. This integration is directly supported by formal verification tools in the formal environment of the Maude rewriting logic language. We show how this approach and the supporting tools can be applied to the specification and verification of a wide variety of programs, that can be either declarative or imperative, and either deterministic or concurrent.

Abstract not found

This document explains the design and use of a termination checker tool and of a Knuth-Bendix completion tool. The termination checker tool checks whether an equational specication terminates, and the Knuth-Bendix completion tool tries to complete an equational speci- cation. These tools can be used to prove the termination or to complete order-sorted equational specications in Maude [7, 6, 4]. The tools have been written entirely in Maude and are in fact executable specications in rewriting logic [17] of the formal inference system that they implement. The fact that rewriting logic is reective [8, 3], and that Maude eciently supports reective rewriting logic computations [5, 4] is systematically exploited in the design of the tools. Contents 1

We show that the generalized variant of rewriting logic where the underlying equational specifications are membership equational theories, and where the rules are conditional and can have equations, memberships and rewrites in the conditions is reflective. We also show that membership equational logic, many-sorted equational logic, and Horn logic with equality are likewise reflective. These results provide logical foundations for reflective languages and tools based on these logics, and in particular for the Maude language itself. 1