N. Shankar and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....as model checking, cannot be directly applied before implementation details are xed, because they cannot deal with systems with unbounded numbers of states. The most widely used tools for formal veri cation of high level system descriptions are interactive theorem provers, such as HOL or PVS [7, 12], or even manual proof. However, even with steady improvement in interactive theorem provers, proofs can be very tedious. This research was supported by GSRC contract DABT63 96 C 0097 P00005, by National Science Foundation CCR 0121403, and by King Fahd University of Petroleum and Minerals, ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357-406, Odense, Denmark, April 1993.

....) for i 6= j, theorems. In the Software Engineering Research Group at McMaster University, a graduate student, Ms. Min Jing, is working on the development of a tool, named CTT (Checking Table Tool) which from a given table, generates automatically such theorems and tries to prove them using PVS [5, 10, 29, 30, 31, 32, 39, 40, 42, 43]. Now we go back to our illustrative example of the vector relation table of Checkout e , presented in Tables 2 and 3, to prove the disjoint domains theorem. According to the claim (18) if we prove the following list of theorems, then we have the disjoint domains theorem. i = M = ....

....them into two tables with the same headers. Second, it is able to work out, from these transformed tables, the table representing their union or their demonic meet if it exists. Our future work will aim at building such a tool. John Rushby and Mandayam Srivas showed in [39] the capability of PVS [5, 10, 29, 30, 31, 32, 39, 40, 42, 43] to verify theorems similar to those that we need to verify. This tool will be annexed to the Table Tool System. Some points in this report need to be detailed. For example, the procedure (22) and the procedure (23) need to be detailed in such a way that their interpretation will be without any ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357406, Odense, Denmark, April 1993.

....that can be used as optimizations by these alternative simulation methods. Finally, we validate the process folding [29] process flattening, and signal collapsing optimizations to demonstrate its utility in CAD tool optimization. Chapter 3 Overview of PVS Prototype Verification System (PVS) [14,15,36 39,45 48] is an integrated environment for the development and the analysis of formal specifications, that supports the creation, analysis, and modification of theories and proofs. PVS uses GNU emacs as its interface by extending emacs with pre defined lisp functions and other packages. Graphical ....

Shankar, N., Owre, S., and Rushby, J. M. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....of properties of the asynchronous part of the Link layer. This paper describes the first step in this direction, namely the formalization of the Link layer protocol. To achieve mechanical support, the formalization is given in the specification language of the Prototype Verification System (PVS) [7, 8]. PVS 1 is a specification language integrated with support tools and a theorem prover. The specification language of PVS is a higher order typed logic with many predefined types, including booleans, integers, sets, sequences, etc. New types may be constructed using, for example, functions, ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

...., id g : type expr The var clause does not declare any new object by itself; it only tells the parser that if a bound variable (e.g. in a function definition) has an ambiguous type, then the type specified in the var section must be used. A similar construction is used in PVS theorem prover [SOR93], and I find it very convenient in practice. if, case, let, and with clauses. The first three constructs are slightly different from their ML counterparts. Their formal syntax is: if expr : if expr then expr f elsif expr then expr g else expr endif case expr : case expr of ....

....3 Out Of Order Execution Algorithms. We start with formalizing the approach of Burch and Dill [BD94] in a way suitable for a theorem prover, extend it with several new techniques, and discuss an encoding of some parts of it in SyMP. Originally we have used PVS [SOR93] to handle the theorem proving part and SMV [McM93] for the hardest model checking part. Although using two separate tools turned out to be tedious, we were able to accomplish our main goal of verifying the design completely. We expect that with SyMP this process will be easier. We formally proved ....

[Article contains additional citation context not shown here]

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, 1993. Also appears in Tutorial Notes, Formal Methods Europe'93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....PVS. This requirements capture process is discussed in detail. All of the PVS language features that are used are explained thoroughly to make the paper self contained. More detailed information about PVS can be obtained from [9, 8, 14] Also, several tutorial introductions to PVS are available [6, 3, 16, 4, 11, 15]. 2 Example Application The techniques of formal specification and verification of an avionics subsystem will be demonstrated on a very simplified example of a mode control panel. An informal, English language specification of the mode control panel representative of what software developers ....

....function. This definition must be complete; i.e. it must provide a next state for all possible events and all possible states. Thus, the first step is to elaborate all possible events and the content of the state of the machine. The system will be specified using the PVS specification language [12, 16, 14, 8]. 2.3 Events The pilot interacts with the mode control panel by pressing the mode buttons and by dialing preselected values into the display. The pilot actions of pressing one of the four buttons will be named as follows: pressattcws, presscaseng, pressalteng, and pressfpasel. The actions of ....

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....own explanation with the same meanings. A proof is a sequence of deduction steps that leads us from a set of axioms or theorems to a theorem. 3.4 Specification and Verification Examples in PVS We illustrate here three examples from arithmetic. The first two examples are taken from the tutorial [SOR93b] The last example illustrates the use of a general purpose strategy to automatically prove a theorem of arithmetic. The first example is the sum of natural numbers up to some arbitrary finite number n is equal to n (n 1) 2 . The specification is encapsulated in the sum THEORY. Following ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....Director System (AFDS) and (5) military and commercial Global Positioning (GPS) Systems. The first phase of the project consisted of the formal specification of the AAMP5 instruction set and microarchitecture using SRI s PVS [98, 97, 125] Several tutorial introductions to PVS are available [30, 11, 129, 16, 101, 128]. While formally specifying the microprocessor, two design errors were discovered in the microcode. These errors were uncovered as a result of questions raised by the formal methods researchers at Collins and SRI while seeking to formally specify the behavior of the microprocessor[82, 133] The ....

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....Flight Director System (AFDS) 5. military and commercial Global Positioning (GPS) Systems. The first phase of the project consisted of the formal specification of the AAMP5 instruction set and microarchitecture using SRI s PVS [85, 84, 108] Several tutorial introductions to PVS are available [26, 11, 112, 16, 87, 111]. While formally specifying the microprocessor, two design errors were discovered in the microcode. These errors were uncovered as a result of questions raised by the formal methods researchers at Collins and SRI while seeking to formally specify the behavior of the microprocessor[72, 115] The ....

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....Boeing 777 Flight Control Backdrive, 4) Boeing 757,767 Autopilot Flight Director System (AFDS) and (5) military and commercial Global Positioning (GPS) Systems. The first phase of the project consisted of the formal specification of the AAMP5 instruction set and microarchitecture using SRI s PVS [22, 23] While formally specifying the microprocessor, two design errors were discovered in the microcode. These errors were uncovered as a result of questions raised by the formal methods researchers at Collins and SRI while seeking to formally specify the behavior of the microprocessor[24] The Collins ....

Natarajan Shankar, Sam Owre, and John Rushby, PVS Tutorial, Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993, Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....simplifies the problem of checking equivalence between terms we simply compare the references. We propose to use symbolic model checking techniques [BCM92, McM93] to perform the actual symbolic execution of the circuit. The correctness of the method has been proven in the PVS theorem prover [SOR93] Recently there has been done a lot of work on the verification of superscalar microprocessors both with and without OOO execution. Burch and Dill [BD94] use the notion of uninterpreted functions to represent data and instructions symbolically. Interpreting these symbols results in a particular ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, 1993. Also appears in Tutorial Notes, Formal Methods Europe'93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....to eliminate sensor chatter. In the function de nitions, f PressTripS1 and PREV play corresponding roles as the arguments for the previous value of the state variable computed by the function. The veri cation is performed using SRI s Prototype Veri cation System (PVS) automated proof assistant [7, 10] to handle typechecking and proof details. Figure 5 also contains the supporting type, constant and abstraction function de nitions for the veri cation block. The abstraction function posreal2AItype models the A D conversion of the sensor values by taking the integer part of its input using the ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357-406, Odense, Denmark, April 1993.

....3. The proof is done completely in Maude, but since Maude is not intended to be a theorem prover, we actually have to generate the proof obligations by hand. However, the proof obligations below could be automatically generated by a proof assistant like Kumo [7] or a theorem prover like PVS [23] 8 . Theorem 1. For any trace T and any formula X, T = X iff T X. Proof. The proof of this theorem is not trivial; we do it by induction, both on traces and formulae. We first need to prove two lemmas, namely that the following two equations hold in the context of both ....

Natarajan Shankar, Sam Owre, and John M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....or some other encoded object, a formal model must explicitly account for these interpretations. For example, if bv is a bitvector, a function, say bv2nat, must be applied to bv in order to convert it to a natural number, i.e. bv2nat(bv) The bitvectors library has been developed for PVS [1, 2, 3, 4, 5, 6] with several goals in mind: ffl All of the common functions that interpret and operate on bitvectors should be defined in a manner that is simple and reusable. ffl The library should not introduce new axioms. In this way the library will be consistent if PVS is consistent. ffl The library ....

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

No context found.

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

No context found.

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

....or some other encoded object, a formal model must explicitly account for these interpretations. For example, if bv is a bitvector, a function, say bv2nat, must be applied to bv in order to convert it to a natural number, i.e. bv2nat(bv) The bitvectors library has been developed for PVS [1, 2, 3, 4, 5, 6] with several goals in mind: ffl All of the common functions that interpret and operate on bitvectors should be defined in a manner that is simple and reusable. ffl The library should not introduce new axioms. In this way the library will be consistent if PVS is consistent. ffl The library ....

Shankar, Natarajan; Owre, Sam; and Rushby, John: PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

.... PVS was started in late 1990 as an SRI funded research program to prototype ideas for an interactive prover for Ehdm and the design of a next generation verification system (hence its original name Prototype Verification System ) SRI made the first version of PVS freely available in 1993 [38] and it proved so popular that we have continued to develop it ever since (first with SRI IR D funds, and later with additional support from NASA, NRL, AFOSR, ARPA, and NSF) Documentation and Availability PVS is freely available under license from SRI. Information, examples, papers, ....

N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

No context found.

N. Shankar and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, Feb. 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357--406, Odense, Denmark, April 1993.

No context found.

SOR93. N. Shankar, S. Owre, and J. M. Rushby. PVS Tutorial. Computer Science Laboratory, SRI International, Menlo Park, CA, February 1993. Also appears in Tutorial Notes, Formal Methods Europe '93: Industrial-Strength Formal Methods, pages 357-406, Odense, Denmark, April 1993.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC