06/15/22 Rewriting Logic and Maude 1 Rewriting Logic and Maude Language Samira Tasharofi University of Tehran May 2007
Dec 26, 2015
04/19/23 Rewriting Logic and Maude 1
Rewriting Logic and Maude Language
Samira Tasharofi
University of Tehran
May 2007
04/19/23 Rewriting Logic and Maude 2
Rewriting Logic
Rewriting logic Was studied since the 80s A logical framework in which other logics can be
represented Semantic framework for the specification of
languages and systems Based on simple deduction rules
04/19/23 Rewriting Logic and Maude 3
Rewriting Logic (Cont.) Basic axioms are rewrite rules
t ->t’ with t and t expressions in a given language
The logic of concurrent action and change
04/19/23 Rewriting Logic and Maude 4
Rewriting Logic (Cont.) There are two complementary readings of
a rewrite rule t->t’ Computational
Local transition in a concurrent system t and t’ describe patterns for fragments of the
distributed state of a system The rule explains how a local concurrent transition
can take place Logical
The rewrite rule t->t’ is interpreted as an inference rule so that we can infer formulas of t’ form t
04/19/23 Rewriting Logic and Maude 5
Computational, Rewriting, Logical Elements
The computational and logical viewpoints are not exclusive they complement each other
StructurenalPropositioStructureAlgebraicStructuredDistibrute
DeductionRewritingTransition
nPropositioTermState
04/19/23 Rewriting Logic and Maude 6
Rewriting Logic A signature in rewriting logic is an equational theory (, E) where
is an equational signature and E is a set of -equations
Rewriting will operate on equivalence classes of terms modulo E Free rewriting from the syntactic constraints of a term representation and
gain a much greater flexibility
Given a signature (, E), sentences of rewriting logic are sequents of the Form
where t and t’ are -terms possibly involving some variables and [t]E denotes the equivalence class of the term t modulo the equations E
Terms Variables, Constants, Operators
EE tt ]'[][
04/19/23 Rewriting Logic and Maude 7
Rewrite Theory 4-tuple: (, E, L, R)
(, E) : the equational theory modulo which we rewrite
: equational signature E: a set of -equations
L: a set of labels R: a set of labeled rules (may be conditional)
04/19/23 Rewriting Logic and Maude 8
Rewrite Theory: Rules of Deduction
04/19/23 Rewriting Logic and Maude 9
Rewrite Theory: Rules of Deduction
04/19/23 Rewriting Logic and Maude 11
Example I: Transition Systems
04/19/23 Rewriting Logic and Maude 12
Example II: Context-free Grammars
04/19/23 Rewriting Logic and Maude 13
Rewriting Logic Applications Semantic Framework Applications
Models of computations: Petri-net, Labeled transition systems Semantics of programming languages: CCS the pi-calculus Distributed Architectures and Components: CORBA, SOAP Specification and Analysis of Communication Protocols
Logical Framework Applications Representing Mapping and Reasoning about Logics : equational
logic, Hoare Logic, …. Specifying and Building Formal Tools: Full Maude tool, …
Language Implementations Maude
04/19/23 Rewriting Logic and Maude 14
The Maude Rewriting Language Developed at SRI in Menlo Park California
Maximizes Simplicity
Only equations and rules Performance
Extensive use of advanced semi-compilation techniques
Expressiveness Equational pattern matching, User-definable syntax
and data
04/19/23 Rewriting Logic and Maude 15
Maude Maude 2.0 is a powerful language based on Rewriting Logic
(RwL) and Equational Logic See: http://maude.cs.uiuc.edu
Maude is available for Unix-based operating systems: Linux, Mac OSX
Features Executability High performance engine Modularity and parameterization Builtins -- booleans, number hierarchy, strings Reflection -- using descent and ascent functions Search and model-checking
04/19/23 Rewriting Logic and Maude 16
Maude (Cont.) Modules: the basic units of programming and
specification Functional modules: equational logic System modules: specify general rewrite theories Object-oriented modules: provide syntactic sugar for
object-oriented rewrite theories
04/19/23 Rewriting Logic and Maude 17
Maude(Cont.) Maude is available in two versions:
Core Maude Provides all the basic functionalities
the interpreter : written in C++. the basic libraries the libraries implementing the model checking tool
Full Maude more precisely, it is an extension of Maude:
Is written in Maude itself (exploiting Maude as a meta-language) Contains Core Maude as a sublanguage Provides support for object-oriented programming (by means of
a specific notation) Some additional features for reflection
04/19/23 Rewriting Logic and Maude 18
Running Maude Core Maude: maude-linux/bin$ maude-linux Full Maude: > maude.linux full-maude.maud Maude> load myList.maude
04/19/23 Rewriting Logic and Maude 19
Core Maude
04/19/23 Rewriting Logic and Maude 20
Core Maude: Foundations A Maude specification has two parts
An equational part describing structure and properties of system states (and ADT)
Functional module fmod NAME is … endfm
A rules part specifying how the system might change over time
System module mod NAME is … endm
04/19/23 Rewriting Logic and Maude 21
Abstract Data Type (ADT) ADTs are specified in Maude using functional
modules
Data type: elements + operations on these elements
fmod <modname> is<imports> *** reuse, modularity<sorts> *** data types and subtyping<opdecls> *** names/and arities of operations<eqns> *** how to compute functions
endfm
04/19/23 Rewriting Logic and Maude 22
Sort Kinds
sort Animal . subsort Dog < Animal .
sorts Terrier Hound Toy Sporting . subsorts Terrier Hound Toy Sporting < Dog .
There can be more than one topmost sort
04/19/23 Rewriting Logic and Maude 23
Example: Natural Numbersfmod <NAME> PEANO-NAT-EXTRA is
<imports> *** reuse, modularity
<sorts> *** data types and subtypingsort Nat .
<opdecls> *** names/and arities of operations
<eqns> *** how to compute functions
endfm
04/19/23 Rewriting Logic and Maude 24
Operator Declaration An operation can be thought of as a pathway between sorts
op <opname> : <argSorts> -> <resultSort> [<attributes>] .
attributes assoc, comm, id: <term>, ctor
04/19/23 Rewriting Logic and Maude 25
Operator Declaration (Cont.) Operator name
Prefix op + : Nat Nat -> Nat . => +(x, y) ops + * : Nat Nat -> Nat . => +*(x, y)
Mixfix op _+_ : Nat Nat -> Nat . => x+y ops _+_ _*_ : Nat Nat -> Nat . op _OccursIn_ : Nat List -> Bool .
2 OccursIn list1 .
04/19/23 Rewriting Logic and Maude 26
Operator Declaration(Cont.) Constructors and Operator Attributes
To designate a function as a constructor, one adds “[ctor]”
Can play the role of constants (ground terms) Maude variables do not carry or store values
op _ _ : Set Set -> Set [ctor assoc comm id: none] .
op _ _ : List List -> List [ctor assoc id: nil] .
04/19/23 Rewriting Logic and Maude 27
Example: Natural Numbers
fmod PEANO-NAT-EXTRA is sort Nat .
<opdecls> *** names/and arities of operationsop 0 : -> Nat [ctor] .op s : Nat -> Nat [ctor] .op _+_ : Nat Nat -> Nat .
<eqns> *** how to compute functionsendfm
The numbers can represented as 0, s(0), s(s(0)), . . . can write 0, s(0), and s(0) + s(s(0))
04/19/23 Rewriting Logic and Maude 28
Equations Provide the Maude interpreter with certain
rules to simplify an expression
Syntax uses the key word eq, followed by two expressions separated by the key symbol =, and then a period
Examples eq s(M) + N = s(M + N) .
04/19/23 Rewriting Logic and Maude 29
Equations
The equations should be Terminating: no infinite computation
possible
Confluent: same result no matter how/which equations are applied
04/19/23 Rewriting Logic and Maude 30
Example I: Natural Numbers
fmod PEANO-NAT-EXTRA issort Nat .op 0 : -> Nat [ctor] .op s : Nat -> Nat [ctor] .op _+_ : Nat Nat -> Nat .
<eqns> *** how to compute functions
vars M N : Nat .eq 0 + M = M .eq s(M) + N = s(M + N) .
endfm
04/19/23 Rewriting Logic and Maude 31
The Maude Environment: Reduce Command
Maude’s red(uce) command computes the “value” of a term by using the equations from left to right until no equational can be applied Maude> load PEANO-NAT-EXTRA .maude Maude> red s(0) + s(s(0)) . result Nat: s(s(s(0)))
04/19/23 Rewriting Logic and Maude 32
The Maude Environment: Reduce Command
To change the current module Maude> red in PEANO-NAT-EXTRA : s(0) +
s(s(0)) .
Seeing step by step reduction by Maude interpreter Maude> set trace on .
04/19/23 Rewriting Logic and Maude 33
Built-in Modules Maude has a library (albeit small) of common modules to
import if needed
Common Supplied Modules: NAT, INT, FLOAT, and RAT QID: Quoted IDentifier STRING:
handles strings of characters and provides useful functions for searching and determining length.
BOOL with sort Bool Sort “Bool”
Constants: true , false Operators: ==, =/=, and, or, not (automatically imported)
Built-in modules in file prelude.maude
04/19/23 Rewriting Logic and Maude 34
Import Modules A module M can import other modules
(submodules) in three different modes: protecting
Only using without altering extending
Only extending constructors including
Altering behaviors of ADT and deduction rules
04/19/23 Rewriting Logic and Maude 35
Example: Natural Numbersfmod PEANO-NAT-MULT is
protecting PEANO-NAT-EXTRA . op _*_ : Nat Nat -> Nat . vars M N : Nat . eq N * 0 = 0 . eq N * s(M) = N + (N * M) .
endfm
Maude> red s(0) * s(s(0)) . Result Nat: s(s(0))
Maude> red s(s(0)) * s(s(s(0))) . result Nat: s(s(s(s(s(s(0)))))) .
04/19/23 Rewriting Logic and Maude 36
Example II: List of Natural Numbersfmod LIST is protecting NAT .
sort List . subsort Nat < List .op nil : -> List [ctor] .op _++_ : List List -> List [ctor assoc id: nil] .op length : List -> Nat .var L : List . var N : Nat .eq length(nil) = 0 .eq length(L ++ N) = 1 + length(L) .
endfm Constructors: nil and _++_ (append)
04/19/23 Rewriting Logic and Maude 37
Exercise Extend the module LIST with a function
op rev : List -> List .
which reverses a list
Test your function
04/19/23 Rewriting Logic and Maude 38
Conditional Equations Conditional equation will execute a reduction
only if its condition reduces to true
Examples ceq N – M = 0 if M > N . eq max( M , N ) = if N > M then N else M fi .
04/19/23 Rewriting Logic and Maude 39
Exercises In module LIST define a function
op _occursIn_ : Nat List -> Bool .which checks whether a number occurs in a list
Quick-sort:1. choose any element from a list as the pivot element2. recursively quicksort all elements smaller than pivot3. recursively sort all elements larger than pivot4. the sorted list is the result of (2), concatenated with all
elements equal to pivot, concatenated with result of (3)
04/19/23 Rewriting Logic and Maude 40
Overloaded operators op _+_ : Integer Integer -> Integer . op _+_ : Nat Nat -> Nat . op _+_ : Wrong Wrong -> Right .
04/19/23 Rewriting Logic and Maude 41
Summary Maude has many more features Maude assumes that equations terminating
and confluent Maude does not check it Termination and confluence are undecidable Undecidable whether t reduces to t’
04/19/23 Rewriting Logic and Maude 42
Core Maude: System Modules System dynamics are specified in system modules using rewrite
rules
mod <modname> is*** functional part<imports> *** reuse, modularity<sorts> *** data types and subtyping<opdecls> *** names/and arities of operations<eqns> *** how to compute functions***
<rules>endfm
A system module defines a set of computations over the ADT specified by the functional part
04/19/23 Rewriting Logic and Maude 43
Core Maude: System Modules A rewrite law declares the relationship
between the states and the transitions between them.
The most important characteristic of rewrite laws is their irreversibility. It’s a one-way street
04/19/23 Rewriting Logic and Maude 44
Rule Declaration The <rules> part of a system module consists of rule
declarations having one of the forms rl[<id>]: <lhs> => <rhs> . crl[<id>]: <lhs> => <rhs> if <cond> . <lhs>, <rhs>, <cond> are terms, possibly containing variables
A rule applies to a term T if there is a substitution S (mapping variables to terms) such that S<lhs> is a subterm of T (<lhs> matches a subterm of T) and S <cond> rewrites to true.
In this case T can be rewritten by replacing the matched subterm by the matching instance of <rhs> (S <rhs>).
04/19/23 Rewriting Logic and Maude 46
Petri-net Example: Vending Machine
An apple: 3 quarters A cake: 1 $
04/19/23 Rewriting Logic and Maude 47
Petri-net Example: Vending Machine
mod VENDING-MACHINE issort Marking .
ops null $ c a q: -> Marking [ctor] .
op __ : Marking Marking -> Marking
[assoc comm id: null] .
rl[buy-c]: $ => c .
rl[buy-a]: $ => a q .
rl[change]: q q q q => $ .
endm
04/19/23 Rewriting Logic and Maude 48
Rewriting Command Can simulate max n steps of one possible
behavior from initial state t: Maude> rew [n] t . Can omit ’[n]’ if terminating system
04/19/23 Rewriting Logic and Maude 49
Search Command search [n] t =>* t’ such that cond . Search for up to n states reachable from t which
match t’ and satisfy cond Can omit ‘[n]’ and/or ‘such that cond’ cond is a semantic condition The arrow =>! searches for terminated
states/deadlocks Can show the path to a state
Show path …
04/19/23 Rewriting Logic and Maude 50
Vending Machine: Maude Commands What is one way to use 3 $s?
Maude> rew $ $ $ . result Marking: q a c c
How can I get 2 apples with 3 $s?Maude> search $ $ $ =>! a a M:Marking .Solution 1 (state 8)M:Marking --> q q c
Solution 2 (state 9)M:Marking --> q q q a
No more solutions.states: 10 rewrites: 12
04/19/23 Rewriting Logic and Maude 51
Vending Machine: Maude Commands
Show path command
04/19/23 Rewriting Logic and Maude 52
Example: Gamemod GAME is protecting NAT .
protecting STRING .sort Game .op _-_ _:_ : String String Nat Nat -> Game .vars HOME AWAY : String .vars M N : Nat .rl [home-goal] :HOME - AWAY M : N => HOME - AWAY M + 1 : N .rl [away-goal] :HOME - AWAY M : N => HOME - AWAY M : N + 1 .
endm
04/19/23 Rewriting Logic and Maude 53
Example: GameMaude> rew [5] "Italy" - "Brazil" 0 : 0 .result Game: "Italy" - "Brazil" 3 : 2
Maude> search [1]"Malmo FF" - "Fluminense" 0 : 0 =>* "Malmo FF" - "Fluminense" 5 : 1 .
Solution 1 (state 22)empty substitution
Maude> show path 22 .state 0, Game: "Malmo FF" - "Fluminense" 0 : 0===[ rl ... home-goal ]===>state 1, Game: "Malmo FF" - "Fluminense" 1 : 0...===[ rl ... away-goal ]===>state 22, Game: "Malmo FF" - "Fluminense" 5 : 1
04/19/23 Rewriting Logic and Maude 54
Example: GameMaude> search [2] "Brazil" - "Italy" 0 : 0 =>* "Brazil" - "Italy" M:Nat :
N:Nat such that M:Nat > N:Nat + 4 .
Solution 1 (state 15)M --> 5N --> 0
Solution 2 (state 21)M --> 6N --> 0
04/19/23 Rewriting Logic and Maude 56
Full Maude and Object-Oriented Modules
04/19/23 Rewriting Logic and Maude 57
Object-Oriented Systems A state (or configuration) of a distributed
object system is seen a multiset of objects messages traveling between objects
04/19/23 Rewriting Logic and Maude 58
Full Maude Full Maude supports object-oriented
specification in object-oriented modules (omod ... endom) special syntax for classes, objects all modules and commands enclosed in
parentheses
04/19/23 Rewriting Logic and Maude 59
Full Maude: Configuration Module The predefined module CONFIGURATION
provides basic sorts and constructors for modeling object-based systems.
mod CONFIGURATION is*** basic object system sorts
sorts Object Msg Configuration .
*** construction of configurations
subsort Object Msg < Configuration .
op none : -> Configuration [ctor] .
op __ : Configuration Configuration -> Configuration
[ctor config assoc comm id: none] .
endm
04/19/23 Rewriting Logic and Maude 60
Full Maude: Configuration Module classes ~ bigger versions of sorts objects ~ bigger versions of variables messages ~ bigger versions of operations
04/19/23 Rewriting Logic and Maude 61
Object and Class An object can be represented as a term
< O: C | att1:val1, …, attn: valn > O is the object identifier of sort Oid C is the class of the object att1 to attn are the attributes of the object val1 to valn are their current values
Example: < "Peter" : Person | age : 35, status : single >
Class declarations: class Person | age : Nat, status : Status .
04/19/23 Rewriting Logic and Maude 62
Object and Class : Inheritance
class TABLE | occupied : Bool , chairs : Nat .
class OutDoorTABLE | next2heater : Bool . subclass OutDoorTABLE < TABLE .
< A : OutDoorTABLE | occupied : O , chairs : N , next2heater : H >
04/19/23 Rewriting Logic and Maude 63
Example: Objectsvar X : String . var N : Nat .
crl [birthday] :
< X : Person | age : N >
=>
< X : Person | age : N + 1 > if N < 1000 .
A state can be e.g.< "Peter" : Person | age : 35, status : single >
< "Ronaldo" : Person | age : 27, status : single >
< "Lizzie" : Person | age : 32, status : single >
04/19/23 Rewriting Logic and Maude 64
Messages Messages are defined as terms of sort Msg:
msgs marry? yes no : Oid Oid -> Msg .
Message transmission modeled abstractly since we have multisets:
Send a marry? message:crl [propose] : < X : Person | age : N, status : single >=>< X : Person | status : waitFor(Y) >marry?(Y, X)if N > 15 .
04/19/23 Rewriting Logic and Maude 65
Messages (Example)crl [accept] :marry?(Y, X)< Y : Person | age : N, status : single >=>< Y : Person | status : engaged(X) >yes(X, Y)if N > 15 .
rl [yes] :yes(X, Y)< X : Person | status : waitFor(Y) >=> < X : Person | status : engaged(Y) > .
04/19/23 Rewriting Logic and Maude 66
Communication Example of asynchronous communication1. "Peter" sends marry? message2. "Lizzie" sends yes (or no) response3. "Peter" reads responsethings can happen in-between
Synchronous communication: both objects together:rl [wedding] :< X : Person | status : engaged(Y) >< Y : Person | status : engaged(X) >=>< X : Person | status : married(Y) >< Y : Person | status : married(X) > .
04/19/23 Rewriting Logic and Maude 67
Case Study I: Dining Philosophers
04/19/23 Rewriting Logic and Maude 68
Modeling the Chopsticks< i : Chopstick | > .
sort Chopstick .
op chopstick : Nat -> Chopstick [ctor] .
subsort Chopstick < Configuration .
msg chopstick : Nat -> Msg .
04/19/23 Rewriting Logic and Maude 69
Philosophers< i : Philosopher | state : s, noOfSticks : j , noOfEats :
k >class Philosopher | state : State, noOfSticks : Nat, noOfEats :
Nat .
subsort Nat < Oid . *** Object names are numbers!
sort State .
ops thinking hungry eating : -> State [ctor] .
04/19/23 Rewriting Logic and Maude 70
Rewrite Rulesvars I J K : Nat .
rl [hungry] : < I : Philosopher | state : thinking > =>< I : Philosopher | state : hungry > .
crl [grabFirst] : chopstick(J)< I : Philosopher | state : hungry, noOfSticks : 0 > =>< I : Philosopher | state : hungry, noOfSticks : 1 >if I can use stick J .
op right : Nat -> Nat . *** The ‘‘right’’ chopstick index.eq right(I) = if I == 5 then 1 else I + 1 fi .op _can‘use‘stick_ : Nat Nat -> Bool .eq I can use stick J = (I == J) or (J == right(I)) .
04/19/23 Rewriting Logic and Maude 71
Rewrite Rulescrl [grabSecond] : chopstick(J)
< I : Philosopher | noOfSticks : 1, noOfEats : K > =>
< I : Philosopher | state : eating, noOfSticks : 2,
noOfEats : K + 1 >
if I can use stick J .
rl [stopEating] : < I : Philosopher | state : eating > =>
< I : Philosopher | state : thinking, noOfSticks : 0 >
chopstick(I) chopstick(right(I)) .
04/19/23 Rewriting Logic and Maude 72
Executionop initState : -> Configuration .eq initState =chopstick(1) chopstick(2) chopstick(3) chopstick(4) chopstick(5)< 1 : Philosopher | state : thinking, noOfSticks : 0, noOfEats : 0 >< 2 : Philosopher | state : thinking, noOfSticks : 0, noOfEats : 0 >< 3 : Philosopher | state : thinking, noOfSticks : 0, noOfEats : 0 >< 4 : Philosopher | state : thinking, noOfSticks : 0, noOfEats : 0 >< 5 : Philosopher | state : thinking, noOfSticks : 0, noOfEats : 0
> .
04/19/23 Rewriting Logic and Maude 73
Deadlock and Livelock Deadlock: The system is stuck and nothing can
happen in the system because no process can proceed until it gets a shared resource which is controlled by another process.
Livelock (also known as starvation): one philosopher could starve to death because she can never get hold of both chopsticks, while at the same time the other philosophers could feast merrily.
04/19/23 Rewriting Logic and Maude 74
Exercises Execute the dining philosophers system using Full Maude’s
rew and frew commands. Do all philosophers get to eat sufficiently often?
Use Full Maude’s search command to show that there could be a deadlock in the system
Show a scenario (a “run”) which results in a deadlock
Propose a deadlock-free solution and show Explain there cannot be a deadlock in this specification.
04/19/23 Rewriting Logic and Maude 75
Case Study II: Needham-Schroeder Public-KeyAuthentication Protocol
Protocol Specification Message 1. A→B : A.B.{Na .A}PK(B) Message 2. B →A : B.A.{Na .Nb}PK(A) Message 3. A→B : A.B.{Nb}PK(B)
04/19/23 Rewriting Logic and Maude 76
Modeling Nonces and Keys(omod NSPK is
protecting NAT .
sort Nonce .
op nonce : Oid Nat -> Nonce [ctor] .
sort Key .
op pubKey : Oid -> Key [ctor] .
04/19/23 Rewriting Logic and Maude 77
Modeling the Messagessort MsgContent .op _;_ : Nonce Oid -> MsgContent [ctor] . *** Message
kind "1"op _;_ : Nonce Nonce -> MsgContent [ctor] . ***
Message kind "2"subsort Nonce < MsgContent . *** Message kind "3“
sort EncrMsgContent .
op encrypt_with_ : MsgContent Key -> EncrMsgContent [ctor] .
msg msg_from_to_ : EncrMsgContent Oid Oid -> Msg .
04/19/23 Rewriting Logic and Maude 78
Modeling the Initiatorsclass Initiator | initSessions : InitSessions, nonceCtr : Nat .
sorts Sessions InitSessions .subsort Sessions < InitSessions .op emptySession : -> Sessions [ctor] .op __ : InitSessions InitSessions -> InitSessions[ctor assoc comm id: emptySession] .
op __ : Sessions Sessions -> Sessions [ctor assoc comm id: emptySession] .
op notInitiated : Oid -> InitSessions [ctor] .op initiated : Oid Nonce -> InitSessions [ctor] .op trustedConnection : Oid -> Sessions [ctor] .
04/19/23 Rewriting Logic and Maude 79
Modeling the Initiatorsvars A B : Oid .
vars M N : Nat .
vars NONCE NONCE’ : Nonce .
var IS : InitSessions .
04/19/23 Rewriting Logic and Maude 80
Modeling the Initiators: Rulesrl [start-send-1] :< A : Initiator | initSessions : notInitiated(B) IS, nonceCtr : N >=>< A : Initiator | initSessions : initiated(B, nonce(A, N)) IS,nonceCtr : N + 1 >msg (encrypt (nonce(A, N) ; A) with pubKey(B)) from A to B .
rl [read-2-send-3] :(msg (encrypt (NONCE ; NONCE’) with pubKey(A)) from B to A)< A : Initiator | initSessions : initiated(B, NONCE) IS >=>< A : Initiator | initSessions : trustedConnection(B) IS >msg (encrypt NONCE’ with pubKey(B)) from A to B .
04/19/23 Rewriting Logic and Maude 81
Modeling the Respondersclass Responder | respSessions : RespSessions, nonceCtr : Nat .
sort RespSessions .
subsort Sessions < RespSessions .
op __ : RespSessions RespSessions -> RespSessions
[ctor assoc comm id: emptySession] .
op responded : Oid Nonce -> RespSessions [ctor] .
var RS : RespSessions .
04/19/23 Rewriting Logic and Maude 82
Modeling the Responderscrl [read-1-send-2] :(msg (encrypt (NONCE ; A) with pubKey(B)) from A
to B)< B : Responder | respSessions : RS, nonceCtr : N >=>< B : Responder | respSessions : responded(A,
nonce(B, N)) RS,nonceCtr : N + 1 >msg (encrypt (NONCE ; nonce(B, N)) with
pubKey(A)) from B to Aif not A inSession RS .
04/19/23 Rewriting Logic and Maude 83
Modeling the Respondersop _inSession_ : Oid RespSessions -> Bool .eq A inSession emptySession = false .eq A inSession (trustedConnection(B) RS) = (A == B) or (A inSession
RS) .eq A inSession (responded(B, NONCE) RS) = (A == B) or (A inSession
RS) .
rl [read-3] :(msg (encrypt NONCE with pubKey(B)) from A to B)< B : Responder | respSessions : responded(A, NONCE) RS >=>< B : Responder | respSessions : trustedConnection(A) RS > .
04/19/23 Rewriting Logic and Maude 84
Modeling Initiator and Responders
class InitiatorAndResponder .
subclass InitiatorAndResponder < Initiator Responder .
endom)
04/19/23 Rewriting Logic and Maude 85
Executing the NSPK Specification(omod TEST-NSPK is
including NSPK .
including STRING .
subsort String < Oid .
op init : -> Configuration .
eq init =
< "a" : Initiator | initSessions : notInitiated("b"), nonceCtr : 1 >
< "b" : Responder | respSessions : emptySession, nonceCtr : 1 > .
04/19/23 Rewriting Logic and Maude 86
Executing the NSPK Specificationop init2 : -> Configuration .
eq init2 =
< "a" : InitiatorAndResponder | initSessions : notInitiated("c"),
respSessions : emptySession,
nonceCtr : 1 >
< "Bank" : Responder | respSessions : emptySession, nonceCtr : 1 >
< "c" : InitiatorAndResponder | initSessions :
notInitiated("Bank") notInitiated("a"),
respSessions : emptySession,
nonceCtr : 1 > .
endom)
04/19/23 Rewriting Logic and Maude 87
Executing the NSPK SpecificationMaude> (rew init .)result Configuration :< "a" : Initiator | nonceCtr : 2, initSessions : trustedConnection("b") >< "b" : Responder | nonceCtr : 2, respSessions : trustedConnection("a")
>
Maude> (search init =>! C:Configuration .)Solution 1C:Configuration <-< "a" : Initiator | nonceCtr : 2, initSessions : trustedConnection("b") >< "b" : Responder | nonceCtr : 2, respSessions : trustedConnection("a")
>No more solutions.
04/19/23 Rewriting Logic and Maude 88
Executing the NSPK SpecificationMaude> (search init2 =>! C:Configuration .)Solution 1C:Configuration <-< "Bank" : Responder | nonceCtr : 2, respSessions : trustedConnection("c") >
< "a" : InitiatorAndResponder | nonceCtr : 3,initSessions : trustedConnection("c"),respSessions : trustedConnection("c") >
< "c" : InitiatorAndResponder | nonceCtr : 4, initSessions : (trustedConnection("Bank") trustedConnection("a")),respSessions : trustedConnection("a") >
No more solutions.