1 / 24

An Introduction to PVS

An Introduction to PVS. Judy Crow, Sam Owre , John Rushby , Natarajan Shankar, Mandayam Srivas Computer Science Laboratory, SRI International. Table of Contents. Introduction A brief tour of PVS PVS language More examples References. Introduction .

quynh
Télécharger la présentation

An Introduction to PVS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An Introduction to PVS Judy Crow, Sam Owre, John Rushby, Natarajan Shankar, MandayamSrivas Computer Science Laboratory, SRI International

  2. Table of Contents • Introduction • A brief tour of PVS • PVS language • More examples • References

  3. Introduction • PVS stands for “Prototype Verification System” • PVS • consists of a specification language integrated with support tools and theorem prover • is both interactive and highly mechanized: the user chooses each proving step and PVS performs it, displays the result, and then waits for the next command • The goal of PVS • PVS is designed to help in the detection of errors as well as in the confirmation of correctness

  4. Table of Contents • Introduction • A brief tour of PVS • PVS language • More examples • References

  5. A brief tour of PVS • PVS has three steps to prove target specifications • Creating a specification • Typechecking • Proving

  6. A brief tour of PVS • Creating a specification • Use M-x new-pvs-file command to create a new PVS file, and type a name of the file • or you can simply load a existing PVS file using M-x find-pvs-file command

  7. A brief tour of PVS • Create a sum.pvs file • specification for summation of the first n natural numbers • sum : THEORY • BEGIN • n : VAR nat • sum (n) : RECURSIVE nat = • (IF n = 0 THEN 0 ELSE n + sum(n-1) ENDIF) • MEASURE (LAMBDA n: n) • closed_form: THEOREM sum(n) = (n * (n+1) ) / 2 • END sum used to show that the definition terminates

  8. A brief tour of PVS • Typechecking • M-x typecheck command to typecheck • M-x show-tccs command to see TCCs • M-x typecheck-prove to prove TCCs • TCC • Type Correctness Condition • TCCs must be proved in order to show that the theory is type correct • The proofs of the TCCs may be postponed indefinately

  9. A brief tour of PVS • Typechecking • TCCs • sum takes an argument of type nat, but the type of the argument in the recursive call to sum is integer, since nat is not closed under subtraction • Since sum is recursive form, we need to ensure this function terminates • % Subtype TCC generated (line 7) for n-1 • % unchecked • sum_TCC1 : OBLIGATION (FORALL (n: nat): NOT n=0 IMPLIES n-1 >= 0) • % Termination TCC generated (line 7) for sum • % unchecked • sum_TCC2 : OBLIGATION (FORALL (n: nat): NOT n=0 IMPLIES n-1 < n)

  10. A brief tour of PVS • Proving • Place the cursor on the line containing the theorem, and type M-x prove • A new buffer will pop up, the formula will be displayed, and the cursor will appear at the Rule? prompt, indicating that users can interact with the prover • The proving process is completed if there are no more unproven subgoals

  11. A brief tour of PVS • Proving • Prove formula by induction on n Generate 2 subgoals base case inductive step

  12. A brief tour of PVS • Proving simplifies the formula send the proof to the PVS decision procedure

  13. A brief tour of PVS • Proving • To eliminate the FORALL quantifier • skolem! command • Provide new constants for the bound variables • flatten command • break up the succedent into a new antecedent and consequent antecedent consequent

  14. A brief tour of PVS • Proving

  15. Table of Contents • Introduction • A brief tour of PVS • PVS language • More examples • References

  16. PVS language • A simple example : the rational numbers • predicate subtype • rats : THEORY • BEGIN • rat : TYPE • zero : rat • / : [rat, rat  rat] • * : [rat, rat  rat] • x, y : VAR rat • left_canclelation : AXIOM x * (y/x) = y • zero_times : AXIOM zero * x = zero • END rats We need to consider divide by zero

  17. PVS language • A simple example : the rational numbers • predicate subtypes • rats : THEORY • BEGIN • rat : TYPE • zero : rat • nonzero : TYPE = { x | x /= zero } • / : [rat, nonzero  rat] • * : [rat, rat  rat] • x, y : VAR rat • left_canclelation : AXIOM x /= zero IMPLIES x * (y/x) = y • zero_times : AXIOM zero * x = zero • END rats predicate subtype

  18. PVS language • Example : Stacks • Generic type • stacks [t : TYPE] : THEORY • BEGIN • stack : TYPE • empty : stack • s : VAR stack • x : VAR t • push : [t, stack  stack] • pop : [stack  stack] • top : [stack  t] • pop_push : AXIOM pop(push(x, s)) = s • top_push : AXIOM top(push(x, s)) = x • END stacks Generic type

  19. PVS language • Example : factorial • Recursive • The MEASURE function is used to show that the definition terminates, by generating an obligation that the MEASURE decreases with each call • factorial : THEORY • BEGIN • fac(x: nat) : RECURSIVE nat = • IF x = 0 THEN 1 ELSE x * fac(x-1) ENDIF • MEASURE (LAMBDA (x: nat): x) • END factorial

  20. Table of Contents • Introduction • A brief tour of PVS • PVS language • More examples • References

  21. More examples • Quantifier Proof • Original goal : FORALL x : P(x) AND Q(x)  (FORALL x : P(x)) AND (FORALL x : Q(x)) • After split command • Subgoal 1 : FORALL x : P(x) AND Q(x)  (FORALL x : P(x)) • Subgoal 2 : FORALL x : P(x) AND Q(x)  (FORALL x : Q(x)) • predicate : THEORY • BEGIN • T : TYPE • x, y, z : VAR T • P, Q : [T  bool] • pred_calc : THEOREM • (FORALL x : P(x) AND Q(x)) • IMPLIES (FORALL x : P(x)) AND (FORALL x : Q(x)) • END predicate

  22. More examples • Decision Procedures • i + 8 can be expressed as 3*m + 5*n • i + 8 + 1 = 3*m’ + 5*n’ • case n=0 • i + 8 + 1 = 3*(m-3) + 5*2  subgoal 2.1 • case n>0 • i + 8 + 1 = 3*(m+2) + 5(n-1)  subgoal 2.2 • stamps : THEORY • BEGIN • i, three, five : VAR nat • stamps : THEOREM ( FORALL i : (EXISTS three, five : i+8 = 3 * three + 5 * five )) • END stamps

  23. Table of Contents • Introduction • A brief tour of PVS • PVS language • More examples • References

  24. References • A Tutorial Introduction to PVS by Judy Crow, Sam Owre, John Rushby, Natarajan Shankar and MandayamSrivas, WIFT ‘95

More Related