## Alloy Analyzer+PVS in the Analysis and Verification of Alloy Specifications

Citations: | 3 - 1 self |

### BibTeX

@MISC{Frias_alloyanalyzer+pvs,

author = {Marcelo F. Frias and Carlos G. Lopez Pombo and Mariano M. Moscato},

title = {Alloy Analyzer+PVS in the Analysis and Verification of Alloy Specifications},

year = {}

}

### OpenURL

### Abstract

Abstract. This article contains two main contributions. On the theoretical side, it presents a novel complete proof calculus for Alloy. On the applied side we present Dynamite, a tool that combines the semiautomatic theorem prover PVS with the Alloy Analyzer. Dynamite allows one to prove an Alloy assertion from an Alloy specification using PVS, while using the Alloy Analyzer for the automated analysis of hypotheses introduced during the proof process. As a means to assess the usability of the tool, we present a complex case-study based on Zave’s Alloy model of addressing for interoperating networks. 1

### Citations

102 |
A Micromodularity Mechanism
- Jackson
- 2001
(Show Context)
Citation Context ...d during the proof process. As a means to assess the usability of the tool, we present a complex case-study based on Zave’s Alloy model of addressing for interoperating networks. 1 Introduction Alloy =-=[6]-=- is a formal modeling language with a simple syntax based on notations ubiquitous in object orientation, and semantics based on relations. Part of its appeal comes from the existence of the Alloy Anal... |

64 | Pair-dense relation algebras - Maddux - 1991 |

26 | Combining Theorem Proving and Model Checking through Symbolic Analysis. in CONCUR'00: Concurrency Theory. 2000
- Shankar
(Show Context)
Citation Context ... the authors use model checking in order to look for counterexamples before (and during) the theorem proving process. This covers part (but not all) of our intentions when combining Alloy and PVS. In =-=[10]-=-, alternative and more ambitious ways of combining model checking and theorem proving are presented. Model checkers and theorem provers interact using the latter for local deductions and propagation o... |

20 | Integrating Model-Checking and Theorem Proving for Relational Reasoning
- Arkoudas, Khurshid, et al.
- 2003
(Show Context)
Citation Context ...t it is clearly a road that we will explore in the near future. There are two approaches that we are aware of in what respects to theorem proving of Alloy assertions. One is the theorem prover Prioni =-=[2]-=-. Prioni translates Alloy specifications to first-order formulas characterizing their first-order semantics, and then the first-order logic theorem prover Athena [1] is used in order to prove the resu... |

19 | Sankappanavar H.P., A Course in Universal Algebra, Graduate Texts - Burris - 1981 |

13 |
Fork Algebras
- Frias
(Show Context)
Citation Context ... Department of Computer Science FCEyN - Universidad de Buenos Aires Argentina mmoscato@dc.uba.ar to a close relational language based on binary relations (the calculus for omega closure fork algebras =-=[4]-=-). Since the resulting framework has a complete equational calculus, Alloy was supplied with a complete equational calculus, too. The translation process involved two main differences from the source ... |

9 |
A Finite Axiomatization for Fork Algebras
- Frias, Haeberer, et al.
- 1997
(Show Context)
Citation Context ...e for reflexivetransitive closure 1 : ⊢ iden ≤ y x i ≤ y ⊢ x i+1 ≤ y (Ω Rule) ⊢ ∗x ≤ y The axioms and rules given above define a class of models. Proper omega closure fork algebras satisfy the axioms =-=[5]-=-, and therefore belong to this class. It could be the case that there are models for the axioms that are not proper omega closure fork algebras. Fortunately, as was proved in [5], [4, Thm. 4.2], if a ... |

6 |
n.d.c, Type-ω DPLs
- Arkoudas
(Show Context)
Citation Context .... One is the theorem prover Prioni [2]. Prioni translates Alloy specifications to first-order formulas characterizing their first-order semantics, and then the first-order logic theorem prover Athena =-=[1]-=- is used in order to prove the resulting theorem. While the procedure is sound, it is not completely amenable to Alloy users. Switching from a relational to a non relational language poses an overhead... |

6 |
A Formal Model of Addressing for Interoperating Networks
- Zave
- 2005
(Show Context)
Citation Context ...porates the previously enumerated features. 3. We give a brief description of a case study where we prove several assertions introduced in Zave’s Alloy model of addressing for interoperating networks =-=[11]-=-, and present some conclusions regarding the usability and limitations of Dynamite. The article is organized as follows. In Section 2 we present the Alloy modeling language by means of an example, as ... |

5 | N.: An equational calculus for Alloy
- Frias, Pombo, et al.
(Show Context)
Citation Context ...cedure is sound, it is not completely amenable to Alloy users. Switching from a relational to a non relational language poses an overhead on the user. The other theorem prover is the one presented in =-=[6]-=-. This theorem prover translates Alloy specifications Mariano M. Moscato Department of Computer Science FCEyN - Universidad de Buenos Aires Argentina mmoscato@dc.uba.ar to a close relational language ... |

1 |
A Lightweight Integration of Theorem Proving and Model Checking for System Verification
- Seino, Futatsugi
(Show Context)
Citation Context ...ed as a lightweight combination of a counterexample extractor with a semi-automatic theorem prover. This topic has been addressed by several researchers. Among the most relevant contributions we cite =-=[7]-=-. In [7], rather than focusing on providing theoremproving capabilities to a lightweight formal method, the authors use model checking in order to look for counterexamples before (and during) the theo... |