Results 1  10
of
13
On the Verification of VDM Specification and Refinement with PVS
 Proof in VDM: Case Studies, FACIT (Formal Approaches to Computing and Information Technology) , chapter 6
, 1997
"... Although the formal method VDM has been in existence since the 1970's, there are still no satisfactory tools to support verification in VDM. This paper deals with one possible means of approaching this problem by using the PVS theoremprover. It describes a translation of a VDMSL specification ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Although the formal method VDM has been in existence since the 1970's, there are still no satisfactory tools to support verification in VDM. This paper deals with one possible means of approaching this problem by using the PVS theoremprover. It describes a translation of a VDMSL specification into the PVS specification language using, essentially, the very transparent translation methods described in [1]. PVS was used to typecheck the specification and to prove some nontrivial validation conditions. Next, a more abstract specification of the same system was also expressed in PVS, and the original specification was shown to be a refinement of this one. The drawbacks of the translation are that it must be done manually (though automation may be possible), and that the "shallow embedding" technique which is used does not accurately capture the proof rules of VDMSL. The benefits come from the facts that the portion of VDMSL which can be represented is substantial and that it is a grea...
Treating partiality in a logic of total functions
 THE COMPUTER JOURNAL
, 1997
"... The need to use partial functions arises frequently in formal descriptions of computer systems. However, most proof assistants are based on logics of total functions. One way to address this mismatch is to invent and mechanize a new logic. Another is to develop practical workarounds in existing sett ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The need to use partial functions arises frequently in formal descriptions of computer systems. However, most proof assistants are based on logics of total functions. One way to address this mismatch is to invent and mechanize a new logic. Another is to develop practical workarounds in existing settings. In this paper we take the latter course: we survey and compare methods used to support partiality in a mechanization of a higher order logic featuring only total functions. The techniques we discuss are generally applicable and are illustrated by relatively large examples.
Interactive Proof Critics
, 1999
"... . The key to a successful proof often lies within the analysis of failed proof attempts. Motivated by this observation we have developed and evaluated an interface to an inductive theorem prover which supports a collaborative style of failure analysis. Our work builds upon an automatic proof patchin ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
. The key to a successful proof often lies within the analysis of failed proof attempts. Motivated by this observation we have developed and evaluated an interface to an inductive theorem prover which supports a collaborative style of failure analysis. Our work builds upon an automatic proof patching mechanism and extends the capabilities of an existing theorem proving interface. Our approach is multidisciplinary, we draw upon work from both the automated theorem proving and human computer interaction communities. 1. Introduction The benefits of theorem proving are recognized by formal methods practitioners [AF97] and have borne fruit within niche markets [CW96]: "Theorem provers are increasingly being used today in the mechanical verification of safetycritical properties of hardware and software designs." General purpose theorem provers remain, however, primarily the tool of the academic researcher. This is particularly true of provers which support inductive proof [BM88, KM97, B...
A Proof Obligation Generator for VDMSL
 In FME'97, LNCS 1313
, 1997
"... . In this paper an extension of the IFAD VDMSL Toolbox with a proof obligation generator is described. Static type checking in VDM is undecidable in general and therefore the type checker must be incomplete. Hence, for the "difficult" parts introducing undecidability, it is up to the user ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
(Show Context)
. In this paper an extension of the IFAD VDMSL Toolbox with a proof obligation generator is described. Static type checking in VDM is undecidable in general and therefore the type checker must be incomplete. Hence, for the "difficult" parts introducing undecidability, it is up to the user to verify the consistency of a specification. Instead of providing error messages and warnings, the approach of generating proof obligations for the consistency of VDMSL specifications is taken. The overall goal of this work is to automate the generation of proof obligations for VDMSL. Proof obligation generation has already been carried out for a number of related notations, but VDMSL contains a number of challenging constructs (e.g. patterns, nondisjoint union types, and operations) for which new research is presented in this paper. 1 Introduction During the last few years the interest in formal software development has been growing rapidly. One of the main reasons for this is the availability...
STRUCTURAL EMBEDDINGS: MECHANIZATION WITH METHOD
, 1999
"... The most powerful tools for analysis of formal specifications are generalpurpose theorem provers and model checkers, but these tools provide scant methodological support. Conversely, those approaches that do provide a welldeveloped method generally have less powerful automation. It is natural, the ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
The most powerful tools for analysis of formal specifications are generalpurpose theorem provers and model checkers, but these tools provide scant methodological support. Conversely, those approaches that do provide a welldeveloped method generally have less powerful automation. It is natural, therefore, to try to combine the betterdeveloped methods with the more powerful generalpurpose tools. An obstacle is that the methods and the tools often employ very different logics. We argue that methods are separable from their logics and are largely concerned with the structure and organization of specifications. We propose a technique called structural embedding that allows the structural elements of a method to be supported by a generalpurpose tool, while substituting the logic of the tool for that of the method. We have found this technique quite e ective and we provide some examples of its application. We also suggest how generalpurpose systems could be restructured to support this activity better.
Towards an Integrated CASE and Theorem Proving Tool for VDMSL
 In FME'97, SpringerVerlag LNCS
, 1997
"... . While CASE tools for formal methods have been relatively successful in industry, the uptake of the theorem proving technology has been quite slow. This suggests that more focus should be put on specification notations and pragmatic features of existing CASE tools in building proof support tools. ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
. While CASE tools for formal methods have been relatively successful in industry, the uptake of the theorem proving technology has been quite slow. This suggests that more focus should be put on specification notations and pragmatic features of existing CASE tools in building proof support tools. This paper presents a prototype integrated CASE/TP tool which combines the benefits of a generalpurpose theorem prover called Isabelle with those of a commercial CASE tool for the VDMSL formal specification languagethe IFAD VDMSL Toolbox. The integrated tool supports pragmatic test and rigorous proof at the same time. Moreover, the tool supports proofs in the notation of the CASE tool by handling "difficult" constructs such as patterns and cases expressions in an untraditional way using reversible transformations. 1 Introduction CASE tools for formal software development support the validation of specifications through static checks and animation. Proofs can add rigor to the software ...
On the Integration of Formal Methods: Events and Scenarios in PVS and VDM
, 1999
"... Tool support is known to be one of the success factors in formal specification based analysis andprogram development. This paper investigates tool support in the context of a case study where a wide range of tool features is required: For an access control, C++ code has to be developed based on t ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Tool support is known to be one of the success factors in formal specification based analysis andprogram development. This paper investigates tool support in the context of a case study where a wide range of tool features is required: For an access control, C++ code has to be developed based on the user's requirements expressed in natural language. The access control has been classified a mixed datacontrol problem. This paper discusses (1) why VDMTools and PVS have been selected and (2) how they can be used together. Another aspect is the use of VDM as a framework for modeling event based systems. In our approach to tool integration, two specifications are considered to share a common part. For the present application this part consists of the scenario of all possible events. 1 Introduction 1.1 An Access Control as a Case Study CSS is a security system which has been developed by ARCS (the Austrian Research Center at Seibersdorf [32]). CSS includes features from digital vi...
Simulating TermRewriting in LPF and in Display Logic
, 1997
"... . We show how the convenience and power of termrewriting can sometimes be obtained in logical systems which do not explicitly have this capability. We consider the Logic of Partial Functions, and show how an undefined term can often be rewritten to a defined term. Although LPF and Display Logic are ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
. We show how the convenience and power of termrewriting can sometimes be obtained in logical systems which do not explicitly have this capability. We consider the Logic of Partial Functions, and show how an undefined term can often be rewritten to a defined term. Although LPF and Display Logic are unrelated, we also show how Display Logic effectively allows rewritestyle simplifications, although the logic has no axiom or rule permitting this (or indeed any notion of equality). We then describe how these "rewrite" procedures are implemented in Isabelle, using HOLstyle conversionals. Keywords: term rewriting, logic of partial functions, undefined terms, display logic 1 Introduction The convenience of proof by termrewriting is demonstrated by the theorem provers which rely wholly or primarily upon it (eg Larch [13]), and by the prominent place that rewriting tactics have in provers such as Isabelle [18] and HOL [9]. The Logic of Partial Functions (LPF) handles undefined terms, and i...
Added entries UNIVERSITY OF NEWCASTLE UPON TYNE
, 1099
"... This report contains proceedings of the Fourth International Workshop of the Overture group (www.overturetool.org) whose aim is to develop the next generation of tools supporting the Vienna Development Method (VDM) and related formal techniques. Contributed papers describe the rCOS technique and too ..."
Abstract
 Add to MetaCart
(Show Context)
This report contains proceedings of the Fourth International Workshop of the Overture group (www.overturetool.org) whose aim is to develop the next generation of tools supporting the Vienna Development Method (VDM) and related formal techniques. Contributed papers describe the rCOS technique and tools, the relationship between VDM and complementary formalisms including Colored Petri Nets and JML; support for automated test generation; proof support using HOL; and future directions for VDM extensions for modelling embedded and distributed systems. The workshop took place as part of the 15th International Symposium on