CiMPG+F: A Proof Generator and Fixer-Upper for CafeOBJ Specifications

Riesco, Adrián; Ogata, Kôichi

doi:10.1007/978-3-030-64276-1_4

Cited by 5 publications

(5 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From a CafeOBJ specification and an invariant property, while CiMPG requires the complete proof score of the property to generate the corresponding proof script, CiMPG+F ( Riesco & Ogata, 2020 ) (CafeInMaude Proof Generator & Fixer-upper), which is another tool implemented on top of CafeInMaude, can infer proof scripts even some proof fragments in the input proof scores are missing. Precisely, CiMPG+F can (i) generate complete proof scripts from scratch and (ii) fix incomplete proof scores.…”

Section: Related Workmentioning

confidence: 99%

“…Thus, we can say that CiMPG+F handles the mechanical work while leaving human users to resolve the creative tasks. The article ( Riesco & Ogata, 2020 ) has reported experiments with several protocols, such as NSLPK ( Lowe, 1995 ), showing that CiMPG+F can completely generate proof scripts for all case studies. TLS case study, whose formal specification is more complicated than all case studies used in the article, has not been tackled.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Transport Layer Security 1.0 handshake protocol formal verification case study: How to use a proof script generator for existing large proof scores

Tran¹,

Mon²,

Ogata³

2023

PeerJ Computer Science

View full text Add to dashboard Cite

The Transport Layer Security (TLS) 1.0 protocol has been formally verified with CafeInMaude Proof Generator (CiMPG) and Proof Assistant (CiMPA), where CafeInMaude is the second major implementation of CafeOBJ, a direct successor of OBJ3, a canonical algebraic specification language. The properties concerned are the secrecy property of pre-master secrets and the correspondence (or authentication) property from both server and client points of view. We need to use several lemmas to formally verify that TLS 1.0 enjoys the properties. CiMPG takes proof scores written in CafeOBJ and infers proof scripts that can be checked by CiMPA. Proof scores are prone to human errors and CiMPG can be regarded as a proof score checker in that if the proof scripts inferred by CiMPG from proof scores are successfully executed with CiMPA, it is guaranteed that no human error is lurking in the proof scores. We have used the existing proof scores to show that TLS 1.0 enjoys the two properties. We needed to revise the proof scores so that CiMPG can handle them. Through the revision process, we discovered that one additional lemma is required for the revised proof scores. There are about 20 proof scores and each proof score is large. It is not reasonable to handle all proof scores at the same time with CiMPG. Thus, we handled each proof score one by one with CiMPG. There is one proof score that it took a long time to handle with CiMPG. For that proof score, we handled each induction case one by one to reduce the time taken. We describe how to revise the existing proof scores, how to find the new lemma, the lemma, how to handle each proof score one by one, and how to handle each induction case one by one as tips on checking existing large proof scores with CiMPG and CiMPA.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Transport Layer Security 1.0 handshake protocol formal verification case study: How to use a proof script generator for existing large proof scores

Tran¹,

Mon²,

Ogata³

2023

PeerJ Computer Science

View full text Add to dashboard Cite

show abstract

“…The proof scores for the verification conditions of invariant properties (Fact 15 (INV1) (INV2)) on OTS specifications are well studied from the early age of CafeOBJ [26]. Quite a few significant cases are developed as basic proof scores [9][10][11], and fairly non-trivial automatic proofs with CITP ( [23,27]) are achieved [28,29].…”

Section: Observational Transition Systems (Ots)mentioning

confidence: 99%

“…This kind of fully automated theorem provers can be used to discharge a sub-goal in a PTcalc proof tree. [27,29] reported a system CiMPA/CiMPG that fully automated some proof scores for OTS's invariant properties. CiMPA/CiMPG plus SAT/SMT have a potential to automate the PTcalc+WFI proof scores in a significant way.…”

Section: Qlock/tsp: System Specification Of Qlock In Tspmentioning

confidence: 99%

“…(2) Besides, the possible commands, e.g., commands defined in 04:-18:, can be constructed systematically once the set of fresh constants, e.g., 6.1.2-19:,32:, is fixed. [29] reported a system that fully automated proofs of invariant properties on OTS based on (1) and ( 2). The techniques that make the system possible could be applied for automatically generating effective advanced proof scores (see 4), e.g., 01:-29:.…”

mentioning

confidence: 99%

See 1 more Smart Citation

Advances of Proof Scores in CafeOBJ

Futatsugi¹

2021

Preprint

View full text Add to dashboard Cite

Critical flaws continue to exist at the level of domain, requirement, and/or design specification, and specification verification (i.e., to check whether a specification has desirable properties) is still one of the most important challenges in software/system engineering. CafeOBJ is an executable algebraic specification language system and domain/requirement/design engineers can write proof scores for improving quality of specifications by the specification verification. This paper describes advances of the proof scores for the specification verification in CafeOBJ.

show abstract

Verifying Safe Memory Reclamation in Concurrent Programs with CafeOBJ

Tran,

Ogata

2024

Lecture Notes in Computer Science

View full text Add to dashboard Cite

CiMPG+F: A Proof Generator and Fixer-Upper for CafeOBJ Specifications

Cited by 5 publications

References 15 publications

Transport Layer Security 1.0 handshake protocol formal verification case study: How to use a proof script generator for existing large proof scores

Transport Layer Security 1.0 handshake protocol formal verification case study: How to use a proof script generator for existing large proof scores

Advances of Proof Scores in CafeOBJ

Verifying Safe Memory Reclamation in Concurrent Programs with CafeOBJ

Contact Info

Product

Resources

About