1 / 22

Introduction to Algebraic Specifications with CafeOBJ

Introduction to Algebraic Specifications with CafeOBJ. Lecture 2 21/11/2012 National Technical University of Athens. CafeOBJ Use Cases. TESLA Protocol Sensor Network Encryption Protocol MPEG-2 Encoding Algorithm  Social Networks Semantic Web DRM systems E-Government Systems

asta
Download Presentation

Introduction to Algebraic Specifications with CafeOBJ

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Algebraic Specifications with CafeOBJ Lecture 2 21/11/2012 National Technical University of Athens

  2. CafeOBJ Use Cases • TESLA Protocol • Sensor Network Encryption Protocol • MPEG-2 Encoding Algorithm  • Social Networks • Semantic Web • DRM systems • E-Government Systems • Many more…

  3. CafeOBJ Use Cases • Take it slow… • Systems: • DATA TYPES • ACTIONS ON DATA TYPES • Before we go into systems we must start simple: • Study the specification of simple data types (Natural numbers) • Learn how to verify

  4. Review of a Module ModuleName mod! NATplus { [Nat] op 0 : -> Nat ops_ : Nat -> Nat op _+_ : Nat Nat -> Nat vars M N : Nat eq 0 + N = N . eq (s M) + N = s(M + N) . } Sort Signature operations Variabledefinition equations

  5. Example Factorial • Define Factorial • What data types do we need?? • Which operations on these data types ???

  6. Example Factorial mod! FACT { pr(PNAT) op _! : Nat -> Nat var X : Nat ceq X ! = s(0) if X = 0 . eq s(X) ! = s(X) * (X !) . } NO SORT DECLARED!!!! We only import the module PNAT: This allows us to use everything defined in PNAT

  7. Example Factorial • Reduction: open FACT red 0 ! . red s(s(s(0))) ! . close

  8. Proofs – Example Associativity of + • Data types required?? • Operations on these data types???

  9. Proofs – Example Associativity of + mod! PNAT { [Nat] op 0 : -> Nat op s : Nat -> Nat op _+_ : Nat Nat -> Nat {prec: 30} op _*_ : Nat Nat -> Nat {prec: 29} op _=_ : Nat Nat -> Bool {comm} vars X Y : Nat -- _+_ eq 0 + Y = Y . eq s(X) + Y = s(X + Y) . -- _*_ eq 0 * Y = 0 . eq s(X) * Y = Y + (X * Y) . -- _=_ eq (X = X) = true . eq (0 = s(Y)) = false . eq (s(X) = s(Y)) = (X = Y) . }

  10. Proofs – Example Associativity of + mod THEOREM-PNAT { pr(PNAT) -- arbitrary values ops x y z : -> Nat . -- Names of Theorems op th1 : Nat NatNat -> Bool eq th1(X,Y,Z) = ((X + Y) + Z = X + (Y + Z)) . }

  11. Proofs – Example Associativity of + -- I. Base case. open THEOREM-PNAT reduce when X = 0 . close -- -- II. Induction case. open THEOREM-PNAT -- check if it holds for X then it should hold for S(X) (th1(X,Y,Z) implies th1(S(X),Y,Z) ) close

  12. Proofs – Example Commutativityof + • Previous proof was very easy • Minimum human interaction was required • Are all proofs this easy?? • 99.9% of the cases no. • Example Commutativityof +

  13. Commutativity of + • eq th2(X,Y) = (X + Y = Y + X) . • Open THEOREM-PNAT • red th2(0,Y) . close • CafeOBJ returns : (y = (y + 0)):Bool • Conclude it cannot reduce y + 0 to 0 • We must PROVE it

  14. Commutativity of + • eq th5(X) = (X + 0 = X) . open THEOREM-PNAT -- check red th5(0) . close -- -- II. Induction case. open THEOREM-PNAT -- check red th5(x) implies th5(s(x)) . close

  15. Commutativity of + • Use the New theorem to prove the base case of th2: open THEOREM-PNAT -- check red th5(y) implies th2(0,y) . close

  16. Commutativity of + • Inductive Step: • red th2(x,y) implies th2(s(x),y) . • CafeOBJ returns: • ((((x + y) = (y + x)) and (s((x + y)) = (y + s(x)))) xor (((x + y) = (y + x)) xor true)):Bool • No obvious Lemma: • SPLIT THE CASE

  17. Commutativity of + • Case Splitting is donned by: • Selecting a part of the returned term • Adding as assumptions that it is equal to true and false respectively • red th2(x,y) implies th2(s(x),y) . • eq (x + y = y + x) = false. • red th2(x,y) implies th2(s(x),y) . • eq (x + y = y + x) = true. • red th2(x,y) implies th2(s(x),y) .

  18. Commutativity of + • open THEOREM-PNAT -- assumptions eq (x + y = y + x) = false . -- check red th2(x,y) implies th2(s(x),y) . close

  19. Specification of a STACK pop push top

  20. Specification of a STACK mod! STACK (X :: ELEMENT) { [ EmptyStackNonEmptyStack < Stack ] op empty : -> EmptyStack op push : Element Stack -> NonEmptyStack op pop_ : NonEmptyStack -> Stack -- only applicable to NonEmptyStack op top_ : NonEmptyStack -> Element -- only applicable to NonEmptyStack eq top push (E:Element, S:Stack) = E . eq pop push (E:Element, S:Stack) = S . }

  21. Verification of a simple property • Prove that : • pop(pop(push(E1,(push(E2,S)))) = pop(pop(push(E2,(push(E1,S))))

  22. Homework • Associativity * • Commutativity *

More Related