Integration in PVS: Tables, types, and model checking

  • Sam Owre
  • John Rushby
  • Natarajan Shankar
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1217)


We have argued previously that the effectiveness of a verification system derives not only from the power of its individual features for expression and deduction, but from the extent to which these capabilities are integrated: the whole is more than the sum of its parts [19,21]. Here, we illustrate this thesis by describing a simple construct for tabular specifications that was recently added to PVS. Because this construct integrates with other capabilities of PVS, such as typechecker-generated proof obligations, dependent typing, higher-order functions, model checking, and general theorem proving, it can be used for a surprising variety of purposes. We demonstrate this with examples drawn from hardware division algorithms and requirements specifications.


Model Check Theorem Prove Transition Relation Space Shuttle Decision Table 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Joanne M. Atlee and John Gannon. State-based model checking of event-driven system requirements. In SIGSOFT '91: Software for Critical Systems, pages 16–28, New Orleans, LA, December 1991. Published as ACM SIGSOFT Engineering Notes, Volume 16, Number 5.Google Scholar
  2. 2.
    Judith Crow and Ben L. Di Vito. Formalizing space shuttle software requirements: Four case studies. Submitted for publication, 1997.Google Scholar
  3. 3.
    Mats P. E. Heimdahl. Experiences and lessons from the analysis of TCAS II. In Steven J. Zeil, editor, International Symposium on Software Testing and Analysis (ISSTA), pages 79–83, San Diego, CA, January 1996. Association for Computing Machinery.Google Scholar
  4. 4.
    Mats P. E. Heimdahl and Barbara J. Czerny. Using PVS to analyze hierarchical state-based requirements for completeness and consistency. In IEEE High-Assurance Systems Engineering Workshop (HASE '96), Niagara on the Lake, Canada, October 1996.Google Scholar
  5. 5.
    Mats P. E. Heimdahl and Nancy G. Leveson. Completeness and consistency analysis of state-based requirements. In 17th International Conference on Software Engineering, pages 3–14, Seattle, WA, April 1995. IEEE Computer Society.Google Scholar
  6. 6.
    Constance Heitmeyer, Alan Bull, Carolyn Gasarch, and Bruce Labaw. SCR*: A toolset for specifying and analyzing requirements. In COMPASS [9], pages 109–122.Google Scholar
  7. 7.
    Constance Heitmeyer, Bruce Labaw, and Daniel Kiskis. Consistency checking of SCR-style requirements specifications. In International Symposium on Requirements Engineering, York, England, March 1995. IEEE Computer Society.Google Scholar
  8. 8.
    D. N. Hoover and Zewei Chen. Tablewise, a decision table tool. In COMPASS [9], pages 97–108.Google Scholar
  9. 9.
    COMPASS '95 (Proceedings of the Tenth Annual Conference on Computer Assurance), Gaithersburg, MD, June 1995. IEEE Washington Section.Google Scholar
  10. 10.
    Nancy G. Leveson, Mats Per Erik Heimdahl, Holly Hildreth, and Jon Damon Reese. Requirements specification for process-control systems. IEEE Transactions on Software Engineering, 20(9):684–707, September 1994.Google Scholar
  11. 11.
    Paul S. Miner and James F. Leathrum, Jr. Verification of IEEE compliant subtractive division algorithms. In Mandayam Srivas and Albert Camilleri, editors, Formal Methods in Computer-Aided Design (FMCAD '96), volume 1166 of Lecture Notes in Computer Science, pages 64–78, Palo Alto, CA, November 1996. Springer-Verlag.Google Scholar
  12. 12.
    Sam Owre, John Rushby, and Natarajan Shankar. Analyzing tabular and statetransition specifications in PVS. Technical Report SRI-CSL-95-12, Computer Science Laboratory, SRI International, Menlo Park, CA, July 1995. Available, with specification files, from Scholar
  13. 13.
    Sam Owre, John Rushby, Natarajan Shankar, and Friedrich von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107–125, February 1995.Google Scholar
  14. 14.
    David Lorge Parnas. Tabular representation of relations. Technical Report CRL Report 260, Telecommunications Research Institute of Ontario (TRIO), Faculty of Engineering, McMaster University, Hamilton, Ontario, Canada, October 1992.Google Scholar
  15. 15.
    Vaughan Pratt. Anatomy of the Pentium bug. In TAPSOFT '95: Theory and Practice of Software Development, volume 915 of Lecture Notes in Computer Science, pages 97–107, Aarhus, Denmark, May 1995. Springer-Verlag.Google Scholar
  16. 16.
    S. Rajan, N. Shankar, and M.K. Srivas. An integration, of model-checking with automated proof checking. In Pierre Wolper, editor, Computer-Aided Verification, CAV '95, volume 939 of Lecture Notes in Computer Science, pages 84–97, Liege, Belgium, June 1995. Springer-Verlag.Google Scholar
  17. 17.
    Larry W. Roberts and Mike Beims. Using formal methods to assist in the requirements analysis of the Space Shuttle HAC Change Request (CR 90960E). Technical Report JSC-27599, NASA Johnson Space Center, Houston, TX, September 1996.Google Scholar
  18. 18.
    H. Rueß, N. Shankar, and M. K. Srivas. Modular verification of SRT division. In Rajeev Alur and Thomas A. Henzinger, editors, Computer-Aided Verification, CAV '96, volume 1102 of Lecture Notes in Computer Science, pages 123–134, New Brunswick, NJ, July/August 1996. Springer-Verlag.Google Scholar
  19. 19.
    John Rushby. Mechanizing formal methods: Opportunities and challenges. In Jonathan P. Bowen and Michael G. Hinchey, editors, ZUM '95: The Z Formal Specification Notation; 9th International Conference of Z Users, volume 967 of Lecture Notes in Computer Science, pages 105–113, Limerick, Ireland, September 1995. Springer-Verlag.Google Scholar
  20. 20.
    N. Shankar and Sam Owre. PVS Semantics. Computer Science Laboratory, SRI International, Menlo Park, CA, 1996. Draft available at URL http://www.csl. Scholar
  21. 21.
    Natarajan Shankar. Unifying verification paradigms. In Bengt Jonsson and Joachim Parrow, editors, Formal Techniques in Real-Time and Fault-Tolerant Systems, volume 1135 of Lecture Notes in Computer Science, pages 22–39, Uppsala, Sweden, September 1996. Springer-Verlag.Google Scholar
  22. 22.
    Lance Sherry. A structured approach to requirements specification for softwarebased systems using operational procedures. In 13th AIAA/IEEE Digital Avionics Systems Conference, pages 64–69, Phoenix, AZ, October 1994.Google Scholar
  23. 23.
    Tirumale Sreemani and Joanne M. Atlee. Feasibility of model checking software requirements. In COMPASS '96 (Proceedings of the Eleventh Annual Conference on Computer Assurance), pages 77–88, Gaithersburg, MD, June 1996. IEEE Washington Section.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1997

Authors and Affiliations

  • Sam Owre
    • 1
  • John Rushby
    • 1
  • Natarajan Shankar
    • 1
  1. 1.Computer Science LaboratorySRI InternationalMenlo ParkUSA

Personalised recommendations