. This paper describes the theorem proving component of a larger software development environment for the ISO standardized specification language VDM-SL. This component is constructed as an instantiation of the generic theorem prover Isabelle with a VDM-SL variant of the Logic of Partial Functions (LPF). We describe the development of this instantiation, focusing on both the embedding of syntax and the automation of proof support, which is a challenge due to the three-valued nature of LPF. 1 Introduction This paper is about mechanizing proof support for VDM-SL, which is a formal notation for writing model-oriented specifications of software systems [13]. The history of VDM-SL dates back to the late 70's, and it is now one of the most widely used specification languages in industry and academia [15, 8]. Moreover, it has an ISO standard [16] and is supported by a tool, the IFAD VDM-SL Toolbox [9, 12], which is essential for the industrial adoption of a formal method. Currently the VDM-S...

Although the formal method VDM has been in existence since the 1970's, there are still no satisfactory tools to support verification in VDM. This paper deals with one possible means of approaching this problem by using the PVS theorem-prover. It describes a translation of a VDM-SL specification into the PVS specification language using, essentially, the very transparent translation methods described in [1]. PVS was used to typecheck the specification and to prove some non-trivial validation conditions. Next, a more abstract specification of the same system was also expressed in PVS, and the original specification was shown to be a refinement of this one. The drawbacks of the translation are that it must be done manually (though automation may be possible), and that the "shallow embedding" technique which is used does not accurately capture the proof rules of VDM-SL. The benefits come from the facts that the portion of VDM-SL which can be represented is substantial and that it is a grea...

. In this paper an extension of the IFAD VDM-SL Toolbox with a proof obligation generator is described. Static type checking in VDM is undecidable in general and therefore the type checker must be incomplete. Hence, for the "difficult" parts introducing undecidability, it is up to the user to verify the consistency of a specification. Instead of providing error messages and warnings, the approach of generating proof obligations for the consistency of VDM-SL specifications is taken. The overall goal of this work is to automate the generation of proof obligations for VDM-SL. Proof obligation generation has already been carried out for a number of related notations, but VDM-SL contains a number of challenging constructs (e.g. patterns, non-disjoint union types, and operations) for which new research is presented in this paper. 1 Introduction During the last few years the interest in formal software development has been growing rapidly. One of the main reasons for this is the availability...