Skip to main content
SpringerLink
Log in

TAME: Using PVS strategies for special-purpose theorem proving

  • Published:
Annals of Mathematics and Artificial Intelligence Aims and scope Submit manuscript

Abstract

TAME (Timed Automata Modeling Environment), an interface to the theorem proving system PVS, is designed for proving properties of three classes of automata: I/O automata, Lynch–Vaandrager timed automata, and SCR automata. TAME provides templates for specifying these automata, a set of auxiliary theories, and a set of specialized PVS strategies that rely on these theories and on the structure of automata defined using the templates. Use of the TAME strategies simplifies the process of proving automaton properties, particularly state and transition invariants. TAME provides two types of strategies: strategies for “automatic” proof and strategies designed to implement “natural” proof steps, i.e., proof steps that mimic the high-level steps in typical natural language proofs. TAME's “natural” proof steps can be used both to mechanically check hand proofs in a straightforward way and to create proof scripts that can be understood without executing them in the PVS proof checker. Several new PVS features can be used to obtain better control and efficiency in user-defined strategies such as those used in TAME. This paper describes the TAME strategies, their use, and how their implementation exploits the structure of specifications and various PVS features. It also describes several features, currently unsupported in PVS, that would either allow additional “natural” proof steps in TAME or allow existing TAME proof steps to be improved. Lessons learned from TAME relevant to the development of similar specialized interfaces to PVS or other theorem provers are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. A. Alborghetti, A. Gargantini and A. Morzenti, Providing automated support to deductive analysis of time critical systems, in: Proc. 6th European Software Engineering Conference (ESEC/FSE'97), Lecture Notes in Computer Science (Springer, Berlin, 1997) pp. 211–226.

    Google Scholar 

  2. T.A. Alspaugh, S.R. Faulk, K.H. Britton, R.A. Parker, D.L. Parnas and J.E. Shore, Software requirements for the A7-E aircraft, Technical Report NRL-9194, Naval Research Laboratory, Washington, DC (1992).

    Google Scholar 

  3. M. Archer, Tools for simplifying proofs of properties of timed automata: The TAME template, theories, and strategies, Technical Report NRL/MR/5540-99-8359, NRL, Washington, DC (1999).

    Google Scholar 

  4. M. Archer and C. Heitmeyer, Mechanical verification of timed automata: A case study, in: Proc. 1996 IEEE Real-Time Technology and Applications Symp. (RTAS'96) (IEEE Computer Society Press, 1996) pp. 192–203.

  5. M. Archer and C. Heitmeyer, Human-style theorem proving using PVS, in: Theorem Proving in Higher Order Logics (TPHOLs'97), eds. E.L. Gunter and A. Felty, Lecture Notes in Computer Science, Vol. 1275(Springer, Berlin, 1997) pp. 33–48.

    Google Scholar 

  6. M. Archer and C. Heitmeyer, Verifying hybrid systems modeled as timed automata: A case study, in: Hybrid and Real-Time Systems (HART'97), Lecture Notes in Computer Science, Vol. 1201(Springer, Berlin, 1997) pp. 171–185.

    Google Scholar 

  7. M. Archer, C. Heitmeyer and E. Riccobene, Using TAME to prove invariants of automata models: Case studies, in: Proc. 2000 ACM SIGSOFT Workshop on Formal Methods in Software Practice (FMSP'00) (August 2000).

  8. M. Archer, C. Heitmeyer and S. Sims, TAME: A PVS interface to simplify proofs for automata models, in: Proc. User Interfaces for Theorem Provers 1998 (UITP' 98), Eindhoven, Netherlands (July 1998).

    Google Scholar 

  9. N. Bjorner, Z. Manna, H.B. Sipma and T.E. Uribe, Deductive verification of real-time systems using STeP, in: Proceedings of ARTS'97, Lecture Notes in Computer Science, Vol. 1231(Springer, Berlin, 1997) pp. 22–43.

    Google Scholar 

  10. R. Boulton, A. Bundy, K. Slind and M. Gordon, An interface between CLAM and HOL, in: Proceedings of the 11th International Conference on Theorem Proving in Higher Order Logics (TPHOLs'98), eds. J. Grundy and M. Newey, Lecture Notes in Computer Science, Vol. 1479(Springer, Berlin, 1998) pp. 67–86.

    Google Scholar 

  11. A. Bundy, The use of proof plans for normalization, in: Automated Reasoning: Essays in Honor of Woody Bledsoe, ed. R.S. Boyer, Automated Reasoning Series, Vol. 7(Kluwer, 1991) pp. 149–166.

  12. T. Cant, K. Eastaughffe, J. Grundy, M. Ozols et al., Dove User Manual, Trusted Computer Systems Group, Defence Science and Technology Organisation, Salisbury, Australia (October 31, 1998).

    Google Scholar 

  13. O. Cheiner, Carnegie-Mellon University, Private communication (February 1999).

  14. M. Devillers, Verification of a tree-identity protocol, http://www.cs.kun.nl/_marcod/ 1394.html (1997).

  15. M. Devillers, D. Griffioen, J. Romijn and F. Vaandrager, Verification of a leader election protocol – formal methods applied to IEEE 1394, Formal Methods in System Design 16(3) (2000) 307–320.

    Article  Google Scholar 

  16. S. Easterbrook and J. Callahan, Formal methods for verification and validation of partial specifications: A case study, J. Syst. Software (1997).

  17. S.R. Faulk, J. Brackett, P.Ward and J. Kirby, Jr., The CoRE method for real-time requirements, IEEE Software 9(5) (1992) 22–33.

    Article  Google Scholar 

  18. A. Fekete, N. Lynch and A. Shvartsman, Specifying and using a partitionable group communication service, in: Proc. Sixteenth Ann. ACM Symp. on Principles of Distributed Computing (PODC'97), Santa Barbara, CA (August 1997) pp. 53–62.

    Google Scholar 

  19. S.J. Garland and N.A. Lynch, The IOA language and toolset: Support for mathematics-based distributed programming, submitted for publication.

  20. C. Heitmeyer, A. Bull, C. Gasarch and B. Labaw, SCR*: A toolset for specifying and analyzing requirements, in: Proc. 10th Annual Conf. on Computer Assurance (COMPASS'95, Gaithersburg, MD, June 1995(IEEE Computer Society Press, 1995).

  21. C. Heitmeyer, J. Kirby, B. Labaw, M. Archer and R. Bharadwaj, Using abstraction and model checking to detect safety violations in requirements specifications, IEEE Trans. Software Engrg. 24(11) (1998) 927–948.

    Article  Google Scholar 

  22. C. Heitmeyer, J. Kirby, B. Labaw and R. Bharadwaj, SCR*: A toolset for specifying and analyzing software requirements, in: 10th Intl. Conf. on Computer Aided Verification (CAV'98), Lecture Notes in Computer Science (Springer, Berlin, 1998) pp. 526–531.

    Google Scholar 

  23. C. Heitmeyer and N. Lynch, The Generalized Railroad Crossing: A case study in formal verification of real-time systems, in: Proc. of Real-Time Systems Symp., San Juan, Puerto Rico (December 1994).

  24. C. Heitmeyer and N. Lynch, The Generalized Railroad Crossing: A case study in formal verification of real-time systems, Technical Report MIT/LCS/TM-51, Laboratory for Computer Science, MIT, Cambridge, MA (1994); also: Technical Report 7619, NRL,Washington, DC (1994).

    Google Scholar 

  25. C.L. Heitmeyer, R.D. Jeffords and B.G. Labaw, Automated consistency checking of requirements specifications, ACM Trans. Software Engrg. Method. 5(3) (1996) 231–261.

    Article  Google Scholar 

  26. K. Heninger, D.L. Parnas, J.E. Shore and J.W. Kallander, Software requirements for the A-7E aircraft, Technical Report 3876, Naval Research Laboratory, Washington, DC (1978).

    Google Scholar 

  27. D. Hutter, Annotated reasoning, in: Proceedings of the FLoC'99Workshop on Strategies in Automated Deduction (STRATEGIES'99), eds. B. Gramlich, H. Kirchner and F. Pfenning, Trento, Italy (July 1999) pp. 37–50.

  28. J. Kirby, Jr., M. Archer and C. Heitmeyer, Applying formal methods to an information security device: An experience report, in: Proc. 4th IEEE International Symposium on High Assurance Systems Engineering (HASE' 99) (IEEE Computer Society Press, 1999).

  29. J. Kirby, Jr., M. Archer and C. Heitmeyer, SCR: A practical approach to building a high assurance COMSEC system, in: Proc. 15th Annual Computer Security Applications Conference (ACSAC' 99) (IEEE Computer Society Press, 1999).

  30. R. Jeffords, Private communication, NRL (1998).

  31. R. Jeffords and C. Heitmeyer, Automatic generation of state invariants from requirements specifications, in: Proc. 6th International Symposium on the Foundations of Software Engineering (FSE-6), Orlando, FL (November 1998).

  32. S. Kalvala, Annotations in formal specifications and proofs, Formal Methods Syst. Design 5(1/2) (1994).

  33. P. KelloMaki, Mechanical verification of invariant properties of DisCo specifications, Ph.D. thesis, Tampere University of Technology, Finland (November 1997).

    Google Scholar 

  34. L. Lamport, How to write a proof, Technical Report, Research Report 94, Digital Equipment Corp., System Research Center (February 1993).

  35. G. Leeb and N. Lynch, Proving safety properties of the Steam Boiler Controller: Formal methods for industrial applications: A case study, in: Formal Methods for Industrial Applications: Specifying and Programming the Steam Boiler Control, eds. J.-R. Abrial et al., Lecture Notes in Computer Science, Vol. 1165(Springer, Berlin, 1996).

    Google Scholar 

  36. P. Lincoln, Private communication (July 1998).

  37. V. Luchangco, Using simulation techniques to prove timing properties, Master's thesis, Massachusetts Institute of Technology (June 1995).

  38. R.R. Lutz and H.-Y. Shaw, Applying the SCR* requirements toolset to DS-1 fault protection, Technical Report JPL-D15198, Jet Propulsion Laboratory, Pasadena, CA (December 1997).

    Google Scholar 

  39. N. Lynch and M. Tuttle, An introduction to Input/Output automata, CWI-Quarterly 2(3) (1989) 219–246.

    MATH  MathSciNet  Google Scholar 

  40. N. Lynch and F. Vaandrager, Forward and backward simulations – Part II: Timing-based systems, Inform. Comput. 128(1) (1996) 1–25.

    Article  MATH  MathSciNet  Google Scholar 

  41. S. Miller, Specifying the mode logic of a flight guidance system in CoRE and SCR, in: Proc. 2nd Workshop on Formal Methods in Software Practice (FMSP'98) (1998).

  42. O. Mueller, A verification environment for I/O automata based on formalized meta-theory, Ph.D. thesis, Technische Universitaet Muenchen (September 1998).

  43. D.L. Parnas, G. Asmis and J. Madey, Assessment of safety-critical software in nuclear power plants, Nuclear Safety 32(2) (1991) 189–198.

    Google Scholar 

  44. E. Riccobene, M. Archer and C. Heitmeyer, Applying TAME to I/O automata: A user's perspective, Technical Report NRL/MR/5540-00-8448, NRL, Washington, DC (2000).

    Google Scholar 

  45. J. Richardson and A. Bundy, Proof planning methods as schemas, J. Symbolic Comput. 11(1999).

  46. J. Romijn, Tackling the RPC-memory specification problem with I/O automata, Addendum, URL http://www.cwi.nl/_judi/papers/dagstuhl_proofs.ps.gz.

  47. J. Romijn, Tackling the RPC-memory specification problem with I/O automata, in: Formal Systems Specification – The RPC-Memory Specification Case, eds. M. Broy, S. Merz and K. Spies, Lecture Notes in Computer Science, Vol. 1169(Springer, Berlin, 1996) pp. 437–476.

    Google Scholar 

  48. N. Shankar, S. Owre and J. Rushby, The PVS proof checker: A reference manual, Technical Report, Computer Science Laboratory, SRI Intl., Menlo Park, CA (1993).

    Google Scholar 

  49. J. Skakkebaek and N. Shankar, Towards a duration calculus proof assistant in PVS, in: Third Intern. School and Symp. on Formal Techniques in Real Time and Fault Tolerant Systems, Lecture Notes in Computer Science, Vol. 863(Springer, Berlin, 1994).

    Google Scholar 

  50. H.B. Weinberg, Correctness of vehicle control systems: A case study, Master's thesis, Massachusetts Institute of Technology (February 1996).

Download references

Author information

Authors and Affiliations

  1. Code 5546, Naval Research Laboratory, Washington, DC, 20375, USA E-mail

    Myla Archer

Authors
  1. Myla Archer
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Archer, M. TAME: Using PVS strategies for special-purpose theorem proving. Annals of Mathematics and Artificial Intelligence 29, 139–181 (2000). https://doi.org/10.1023/A:1018913028597

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/A:1018913028597

Search

Navigation