A formal language ccsl is introduced for describing specifications of classes in object-oriented languages. We show how class specifications in ccsl can be translated into higher order logic. This allows us to reason about these specifications. In particular, it allows us (1) to describe (various) implementations of a particular class specification, (2) to develop the logical theory of a specific class specification, and (3) to establish refinements between two class specifications. We use the (dependently typed) higher order logic of the proof-assistant pvs, so that we have extensive tool support for reasoning about class specifications. Moreover, we describe our own front-end tool to pvs, which generates from ccsl class specifications appropriate pvs theories and proofs of some elementary results.

Although the formal method VDM has been in existence since the 1970's, there are still no satisfactory tools to support verification in VDM. This paper deals with one possible means of approaching this problem by using the PVS theorem-prover. It describes a translation of a VDM-SL specification into the PVS specification language using, essentially, the very transparent translation methods described in [1]. PVS was used to typecheck the specification and to prove some non-trivial validation conditions. Next, a more abstract specification of the same system was also expressed in PVS, and the original specification was shown to be a refinement of this one. The drawbacks of the translation are that it must be done manually (though automation may be possible), and that the "shallow embedding" technique which is used does not accurately capture the proof rules of VDM-SL. The benefits come from the facts that the portion of VDM-SL which can be represented is substantial and that it is a grea...

. The most powerful tools for analysis of formal specifications are general-purpose theorem provers and model checkers, but these tools provide scant methodological support. Conversely, those approaches that do provide a well-developed method generally have less powerful automation. It is natural, therefore, to try to combine the better-developed methods with the more powerful general-purpose tools. An obstacle is that the methods and the tools often employ very different logics. We argue that methods are separable from their logics and are largely concerned with the structure and organization of specifications. We propose a technique called structural embedding that allows the structural elements of a method to be supported by a general-purpose tool, while substituting the logic of the tool for that of the method. We have found this technique quite effective and we provide some examples of its application. We also suggest how general-purpose systems could be restructured ...

Machine Notation in Type Theory C'esar Mu~noz Computer Science Laboratory SRI International 333 Ravenswood Avenue Menlo Park, CA 94025, USA Email: munoz@csl.sri.com Tel: +1 (650) 859-2784, Fax: +1 (650) 859-2844 Abstract The B-method is a state-oriented formal method for software development. It provides a uniform language, namely the Abstract Machine Notation, to specify, design, and implement systems. The underlying logic of the method is a set theory with a first-order predicate calculus. On the other hand, PVS is a specification language integrated with a theorem prover. The logical framework of PVS is a higherorder logic with a type system. PVS does not come with a particular built-in software construction methodology. In this paper we show how the abstract machine notation can be embedded in PVS. The contributions of this work point in two directions. In one sense, the PVS system is enhanced with a methodology for software development and a notation for specifications (those ...

We formalize the generalized substitution mechanism of the B-method in the higher-order logic of Coq and PVS. Thanks to the dependent type feature of Coq and PVS, our encoding is compact and highly integrated with the logic supported by the theorem provers. In addition, we describe a tool that mechanizes, at the user level, most of the effort of the encoding. 1

s and compressed postscript files are available via http://svrc.it.uq.edu.au Approaches to proof in Z -- or -- Why effective proof tool support for Z is hard Andrew Martin Abstract Various attempts at supporting proof in Z are described in the literature. This paper presents a survey of these approaches, and the underlying semantic issues which make proof in Z a non-trivial task. The draft Z Standard is used as a normative reference. Special care is given to an account of the peculiarities of Z schemas. The proof tools surveyed divide into two groups: custom-made implementations for supporting Z, and encodings of a Z logic within some other logical framework. The latter are further subdivided into `deep' and `shallow' embeddings. The broad conclusion is that none of these approaches is a clear winner at present, but that each may be able to benefit from the others. Keywords formal proof, semantics, proof tools, Z notation, schemas 1 Introduction In the software engin...