## A proof environment for a subset of SDL (1991)

Citations: | 2 - 2 self |

### BibTeX

@MISC{Méry91aproof,

author = {Dominique Méry and Abdelillah Mokkedem},

title = {A proof environment for a subset of SDL},

year = {1991}

}

### OpenURL

### Abstract

This paper presents a formal study of the operational semantics of the specification and description language SDL and a proof system allowing the derivation of invariance and eventuality properties based on this semantics. The SDL language is not fully used but only a subset of it. This subset is integrated into the Concerto environment and the proof system is implemented under Isabelle theorem prover. Experiments using this new environment tend to demonstrate that a rigorous approach for building SDL specifications is feasible and that sufficiently interesting problems can be treated using this system. This work is partially supported by the CNET under grant number 89-58 00 790 92 45/PAA. 1. INTRODUCTION The description and design of protocols (or systems) using the CCITT Specification and Description Language (SDL) [2] state problems of verification. Although SDL is a specification language, we need to develop formal methods to prove SDL specifications. Since the terms "specificatio...

### Citations

1442 |
A Discipline of Programming
- Dijkstra
- 1997
(Show Context)
Citation Context ...time references in statements. Invariance and eventuality properties are expressible in the underlying logical language. The key properties are transition properties that are based on the wp calculus =-=[5, 6]-=-, which is in turn based on operational semantics. Our system is used as follows. The user annotates the CROCOS program and tries to prove a given property using axioms and inference rules. This appro... |

1421 | An Axiomatic Basis for Computer Programming
- Hoare
- 1969
(Show Context)
Citation Context ...=q j=1 (k:S):val j =i:var j )] Comment. The wp based semantics is an intermediate version towards a formula based semantics which is a better for a proof system deriving. According to the Hoare logic =-=[8]-=-, the assignment axiom is wp based and we use a general rule allowing to infer our required axioms. Yet, control formulae have properties relatively to the wp operators. In the syntax of DECISION, the... |

1309 | A Structural Approach to Operational Semantics
- Plotkin
- 1981
(Show Context)
Citation Context ...rties of SDL like programs. There are two complementary but closely related models to define semantics of programs. A first one is the structured operational (or inferential) model defined by Plotkin =-=[14]-=-, and the other is the wp model proposed by Dijsktra [5, 6]. The wp model seems to us not only helpful in justifying the semantic completeness of our system, but also in allowing a natural translation... |

322 |
An Axiomatic Proof Technique for Parallel Programs
- Owicki, Gries
- 1976
(Show Context)
Citation Context ...ches have been developed in order to derive methods for proving invariance and eventuality properties on concurrent programs among which we can quote the GHL logic [9, 10] and the Owicki-Gries method =-=[12]-=-. However, none of these methods has been applied to SDL programs. Our current objective is to get sound SDL specifications with respect to submitted informal properties. It means that only a part of ... |

55 |
Mathematical Theory of Programming Correctness
- Bakker
- 1980
(Show Context)
Citation Context ...ntics is expressed in an inferential style that gives the schemas of rules. 8 The formal reasoning tools for CROCOS are adapted from the FEPS's logic [11] and from the Dijkstra's programming calculus =-=[1, 5, 6]-=-. The formulae language of the proof system is as expressible as possible and we suppose that it can express any set of states. A good candidate is the powerset of states but we must recall the reader... |

39 |
The "Hoare logic" of concurrent programs
- LAMPORT
- 1980
(Show Context)
Citation Context ...ved for SDL programs. Several approaches have been developed in order to derive methods for proving invariance and eventuality properties on concurrent programs among which we can quote the GHL logic =-=[9, 10]-=- and the Owicki-Gries method [12]. However, none of these methods has been applied to SDL programs. Our current objective is to get sound SDL specifications with respect to submitted informal properti... |

22 | The “Hoare logic” of CSP, and all that
- Lamport, Schneider
- 1984
(Show Context)
Citation Context ...ved for SDL programs. Several approaches have been developed in order to derive methods for proving invariance and eventuality properties on concurrent programs among which we can quote the GHL logic =-=[9, 10]-=- and the Owicki-Gries method [12]. However, none of these methods has been applied to SDL programs. Our current objective is to get sound SDL specifications with respect to submitted informal properti... |

20 |
Recommendation Z.100: Specification and Description Language SDL, Blue Book
- CCITT
- 1992
(Show Context)
Citation Context ...ally supported by the CNET under grant number 89-58 00 790 92 45/PAA. 1. INTRODUCTION The description and design of protocols (or systems) using the CCITT Specification and Description Language (SDL) =-=[2] state problems of v-=-erification. Although SDL is a specification language, we need to develop formal methods to prove SDL specifications. Since the terms "specifications" and "programs" have the same ... |

12 |
Predicate calculus and program semantics. Texts and monographs in computer science
- Dijkstra, Scholten
- 1990
(Show Context)
Citation Context ...time references in statements. Invariance and eventuality properties are expressible in the underlying logical language. The key properties are transition properties that are based on the wp calculus =-=[5, 6]-=-, which is in turn based on operational semantics. Our system is used as follows. The user annotates the CROCOS program and tries to prove a given property using axioms and inference rules. This appro... |

5 |
Fondements des méthodes de preuve d’invariance et de fatalité de programmes parallèles (in French), Institut National Polytechnique de
- COUSOT
(Show Context)
Citation Context ...p ) i; i \Gamma! i; i ) q Inv(p; q) (I1) This rule is sufficient to proof invariance properties and is semantically complete. An extensive study can be found in the work of P. Cousot and R. Cousot in =-=[3, 4]-=-. Examples of critical invariance properties are partial correctness, deadlock freedom, etc. 4.2.3. Eventuality formulae Finally, eventuality properties as accessibility to some given point need to be... |

3 |
Reasoning about program invariance proof methods, Centre de Recherche en Informatique de Nancy
- COUSOT
- 1980
(Show Context)
Citation Context ...p ) i; i \Gamma! i; i ) q Inv(p; q) (I1) This rule is sufficient to proof invariance properties and is semantically complete. An extensive study can be found in the work of P. Cousot and R. Cousot in =-=[3, 4]-=-. Examples of critical invariance properties are partial correctness, deadlock freedom, etc. 4.2.3. Eventuality formulae Finally, eventuality properties as accessibility to some given point need to be... |

1 |
M'ethode axiomatique pour les propri'et'es de fatalit'e des programmes parall`eles
- MERY
- 1987
(Show Context)
Citation Context ...re expressed using an inferential style so as to be able to prove that the temporal proof system is sound. The proof system is derived from the standard FEPS system developed by one of the authors in =-=[11]-=-. Since it integrates the nondeterministic assignment, it can be improved to take into account time references in statements. Invariance and eventuality properties are expressible in the underlying lo... |

1 |
A preliminary users's manual for isabelle
- PAULSON
- 1988
(Show Context)
Citation Context ... is used as follows. The user annotates the CROCOS program and tries to prove a given property using axioms and inference rules. This approach is made easier by the use of the Isabelle theorem prover =-=[13]-=- which provides an implementation framework for the proof system. The proof system is semi-automatic, it requires indeed user interaction. While a proof is being developed, the user's intervention may... |