Tutorial Making PVS Do What You Want Abstract

Download PDF
2 downloads 0 Views 113KB Size Report
Comment
Tutorial. Making PVS Do What You Want. Myla Archer. Center for High Assurance Computer Systems. Naval Research Laboratory. Washington, DC 20375.
Tutorial Making PVS Do What You Want Myla Archer Center for High Assurance Computer Systems Naval Research Laboratory Washington, DC 20375 [email protected]

Abstract One barrier to the more widespread use of a general purpose theorem prover such as PVS [3] in verifying systems is a result of the very generality of the prover. To verify a system using the prover directly, a user must first decide how best to specify a system model in the prover, and then must prove properties of the model using the general purpose proof steps provided by the prover. When several systems with a similar structure are to be verified, the specification effort can be reduced by reusing specification patterns, and better, by following specification templates that capture the commonalities between systems. When several properties are to be proved, even if they are properties of a single system, the proof effort can similarly be reduced by finding common proof patterns and capturing them in the tactic or strategy language provided by the prover.

for reasoning about invariant and abstraction properties has been developed that allows a user to create PVS proofs that match human-style reasoning.

References [1] M. Archer. TAME: Using PVS strategies for special-purpose theorem proving. Annals of Mathematics and Artificial Intelligence, 29(1-4):139–181, 2000. Published Feb., 2001. [2] M. Archer, C. Heitmeyer, and E. Riccobene. Proving invariants of I/O automata with TAME. Automated Software Engineering, 9(3):201–232, 2002. [3] N. Shankar, S. Owre, J. M. Rushby, and D. W. J. StringerCalvert. PVS Prover Guide, Version 2.4. Technical report, Comp. Sci. Lab., SRI Intl., Menlo Park, CA, Nov. 2001.

After a brief comparison of PVS with other general purpose theorem provers, this talk will focus on how to capture common specification and proof patterns in PVS in order to tailor PVS for the verification of a particular class of systems. The use of specification templates can simplify the development of PVS strategies that correspond to proof steps that recur in proofs of specific classes of system properties. In addition, several other techniques can help a PVS user in capturing proof patterns: auxiliary PVS theories can be used in various ways; PVS strategy-building commands for sequencing, branching, and backtracking can be used to control proof structure and proof search; computations based on the current proof state can be used in computing details of the proof step that comes next; finally, appropriate use of comments and labels can make both proofs in progress and saved proofs more understandable. These techniques will be illustrated by examples. Many of the examples will be drawn from TAME (Timed Automata Modeling Environment) [1, 2], in which a set of proof steps

0-7803-9227-2/05/$20.00 ©2005 IEEE

3

ii