Preliminary explorations in specifying and validating entity-relationship models in PVS

Entity-Relationship (ER) diagrams are an established way of doing data modeling. In this paper, we report our experience with exploring the use of PVS to formally specify and reason with ER data models. Working with a text-book example, we rely on PVS's theory interpretation mechanism to verify the correctness of the mapping across various levels of abstraction. Entities and relationships are specified as user defined types, while constraints are expressed as axioms. We demonstrate how the correctness of the mapping from the abstract to a conceptual ER model and from the conceptual ER model to a schema model is formally established by using typechecking. The verification involves proving the type correctness conditions automatically generated by the PVS type checker. The proofs of most of the type correctness conditions are fairly small (four steps or less). This holds out promise for complete automatic formal verification of data models.

[1]  Jean-Christophe Filliâtre,et al.  Semi-persistent Data Structures , 2008, ESOP.

[2]  Bernhard Thalheim,et al.  Entity-relationship modeling - foundations of database technology , 2010 .

[3]  Thomas A. Henzinger,et al.  Interface Compatibility Checking for Software Modules , 2002, CAV.

[4]  K. Rustan M. Leino,et al.  Loop Invariants on Demand , 2005, APLAS.

[5]  Emin Gün Sirer,et al.  Using production grammars in software testing , 1999, DSL '99.

[6]  Wilson A. Sutherland,et al.  Introduction to Metric and Topological Spaces , 1975 .

[7]  Steve King,et al.  Is Proof More Cost-Effective Than Testing? , 2000, IEEE Trans. Software Eng..

[8]  Joe Hurd,et al.  Formal verification of probabilistic algorithms , 2003 .

[9]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[10]  Akinori Yonezawa,et al.  Formal Verification of the Heap Manager of an Operating System Using Separation Logic , 2006, ICFEM.

[11]  Peter W. O'Hearn,et al.  Smallfoot: Modular Automatic Assertion Checking with Separation Logic , 2005, FMCO.

[12]  Jim Waldo Remote procedure calls and Java Remote Method Invocation , 1998, IEEE Concurr..

[13]  Chris George The NDB database specified in the RAISE specification language , 2005, Formal Aspects of Computing.

[14]  Serge Abiteboul,et al.  IFO: a formal semantic database model , 1987, TODS.

[15]  Norbert Schirmer,et al.  A Verification Environment for Sequential Imperative Programs in Isabelle/HOL , 2005, LPAR.

[16]  Pavol Cerný,et al.  Synthesis of interface specifications for Java classes , 2005, POPL '05.

[17]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[18]  Cliff B. Jones,et al.  Modularizing the Formal Description of a Database System , 1990, VDM Europe.

[19]  Jim Woodcock,et al.  Verified software: a grand challenge , 2006, Computer.

[20]  Péter Krémer,et al.  Framework and Model for Automated Interoperability Test and Its Application to ROHC , 2003, TestCom.

[21]  Myungchul Kim,et al.  Interoperability Testing Based on a Fault Model for a System of Communicating FSMs , 2003, TestCom.

[22]  Samson Abramsky,et al.  Domain theory , 1995, LICS 1995.

[23]  E. F. Codd,et al.  A relational model of data for large shared data banks , 1970, CACM.

[24]  Peter M. Maurer,et al.  The design and implementation of a grammar‐based data generator , 1992, Softw. Pract. Exp..

[25]  Joseph E. Stoy,et al.  Denotational Semantics: The Scott-Strachey Approach to Programming Language Theory , 1981 .

[26]  Warren A. Hunt,et al.  Linear and Nonlinear Arithmetic in ACL2 , 2003, CHARME.

[27]  David Lee,et al.  Conformance testing of protocols specified as communicating FSMs , 1993, IEEE INFOCOM '93 The Conference on Computer Communications, Proceedings.

[28]  E. Clarke,et al.  Inferring Invariants in Separation Logic for Imperative List-processing Programs , 2005 .

[29]  E. F. Codd,et al.  A Relational Model for Large Shared Data Banks , 1970 .

[30]  Bernhard Rumpe,et al.  Towards a Formalization of the Unified Modeling Language , 1997, ECOOP.

[31]  A. Bundy,et al.  Turning eureka steps into calculations in automatic program synthesis , 1990 .

[32]  Letizia Tanca,et al.  Logic Programming and Databases , 1990, Surveys in Computer Science.

[33]  Shengchao Qin,et al.  Automated Verification of Shape and Size Properties Via Separation Logic , 2007, VMCAI.

[34]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[35]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[36]  K. F. Riley,et al.  Mathematical Methods for Physics and Engineering , 1998 .

[37]  Leonardo Mendonça de Moura,et al.  Generating efficient test sets with a model checker , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[38]  Andrew Ireland,et al.  Towards Automatic Assertion Refinement for Separation Logic , 2006, 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06).

[39]  P ? ? ? ? ? ? ? % ? ? ? ? , 1991 .

[40]  Paul C. Miller,et al.  Interoperability: What is it and why should I want it? Ariadne 24 , 2000 .

[41]  Herman H. Goldstine,et al.  Planning and coding of problems for an Electronic Computing Instrument , 1947 .

[42]  Tevfik Bultan,et al.  Verifiable concurrent programming using concurrency controllers , 2004, Proceedings. 19th International Conference on Automated Software Engineering, 2004..

[43]  Bernhard PlattnerComputer,et al.  Conformance and Interoperability a Critical Assessment , 2007 .

[44]  Myungchul Kim,et al.  Fully automated interoperability test suite derivation for communication protocols , 2003, Comput. Networks.

[45]  John Nicholls,et al.  Z notation , 1994 .

[46]  Michael J. C. Gordon,et al.  The Denotational Description of Programming Languages , 1979, Springer New York.

[47]  Viktor Vafeiadis,et al.  Modular Safety Checking for Fine-Grained Concurrency , 2007, SAS.

[48]  Leonardo de Moura,et al.  Automated Test Generation with SAL , 2005 .

[49]  Orna Kupferman,et al.  µ-Calculus Synthesis , 2000, MFCS.

[50]  César Viho,et al.  Formalizing Interoperability Testing: Quiescence Management and Test Generation , 2005, FORTE.

[51]  Venkatesh Choppella,et al.  Constructing and Validating Entity-Relationship Data Models in the PVS Specification Language : A case study using a text-book example , 2006 .

[52]  Jean-François Couchot,et al.  Handling Polymorphism in Automated Deduction , 2007, CADE.

[53]  Jack Minker,et al.  Logic and Databases: A Deductive Approach , 1984, CSUR.

[54]  Tevfik Bultan,et al.  Interface Grammars for Modular Software Model Checking , 2007, IEEE Transactions on Software Engineering.

[55]  Pascal Fradet,et al.  Shape types , 1997, POPL '97.

[56]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[57]  H. Piaggio Mathematical Analysis , 1955, Nature.

[58]  Gustaf Neumann,et al.  Reasoning About ER Models in a Deductive Environment , 1996, Data Knowl. Eng..

[59]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[60]  Alan Bundy Cooperating Reasoning Processes: More than Just the Sum of Their Parts , 2007, IJCAI.

[61]  David Walker,et al.  PADS/ML: a functional data description language , 2007, POPL '07.

[62]  Jennifer Widom,et al.  A First Course in Database Systems , 1997 .

[63]  David Toman,et al.  Logics for Databases and Information Systems , 1998 .

[64]  Carl-Johan H. Seger,et al.  An industrially effective environment for formal hardware verification , 2005, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[65]  Harald Ganzinger,et al.  New directions in instantiation-based theorem proving , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[66]  Martin Gogolla,et al.  Conceptual modelling of database applications using extended ER model , 1992, Data Knowl. Eng..

[67]  David Chenho Kung,et al.  Conceptual Modeling in the Context of Development , 1989, IEEE Transactions on Software Engineering.

[68]  Loe M. G. Feijs Norman's Database Modularised in COLD-K , 1989, Algebraic Methods.

[69]  A. G. Duncan,et al.  Using attributed grammars to test designs and implementations , 1981, ICSE '81.

[70]  Alan Bundy,et al.  The Use of Explicit Plans to Guide Inductive Proofs , 1988, CADE.

[71]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[72]  Pablo A. Parrilo,et al.  Semidefinite programming relaxations for semialgebraic problems , 2003, Math. Program..

[73]  Jozef Hooman,et al.  Formalizing UML Models and OCL Constraints in PVS , 2004, SFEDL@ETAPS.

[74]  David Lee,et al.  Principles and methods of testing finite state machines-a survey , 1996, Proc. IEEE.

[75]  Greg Nelson,et al.  Extended static checking for Java , 2002, PLDI '02.

[76]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[77]  Khaled El-Fakih,et al.  FSM Based Interoperability Testing Methods for Multi Stimuli Model , 2004, TestCom.

[78]  Jacques D. Fleuriot,et al.  IsaPlanner: A Prototype Proof Planner in Isabelle , 2003, CADE.

[79]  Orna Kupferman,et al.  Synthesizing Distributed Systems , 2001, LICS.

[80]  Alan Bundy,et al.  Automatic verification of functions with accumulating parameters , 1999, Journal of Functional Programming.

[81]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[82]  Laurian M. Chirica,et al.  The entity-relationship model: toward a unified view of data , 1975, SIGF.

[83]  Laura Kovács,et al.  An algorithm for automated generation of invariants for loops with conditionals , 2005, Seventh International Symposium on Symbolic and Numeric Algorithms for Scientific Computing (SYNASC'05).

[84]  Dieter Fensel,et al.  Formal specification languages in knowledge and software engineering , 1995, The Knowledge Engineering Review.

[85]  J. C. Filliatre Preuve de programmes imperatifs en theorie des types , 1999 .

[86]  Igor Walukiewicz,et al.  Distributed Games , 2003, FSTTCS.

[87]  Sarfraz Khurshid,et al.  Test input generation with java PathFinder , 2004, ISSTA '04.

[88]  Peter W. O'Hearn,et al.  Symbolic Execution with Separation Logic , 2005, APLAS.

[89]  Józef Bia las The σ-additive Measure Theory , 1990 .

[90]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, TOPL.

[91]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[92]  Andrew Ireland,et al.  The Use of Planning Critics in Mechanizing Inductive Proofs , 1992, LPAR.

[93]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[94]  Gustaf Neumann,et al.  An EER Prototyping Environment and its Implemetation in a Datalog Language , 1992, ER.

[95]  Robert E. Shostak,et al.  Deciding Combinations of Theories , 1982, JACM.

[96]  Natarajan Shankar,et al.  The SAL Language Manual , 2003 .

[97]  Andrew Ireland,et al.  Productive use of failure in inductive proof , 1996, Journal of Automated Reasoning.

[98]  Andrew Ireland,et al.  An Integrated Approach to High Integrity Software Verification , 2006, Journal of Automated Reasoning.

[99]  Greg Nelson,et al.  Simplification by Cooperating Decision Procedures , 1979, TOPL.

[100]  J. W. de Bakker,et al.  Mathematical theory of program correctness , 1980, Prentice-Hall international series in computer science.

[101]  Ali Esmaili,et al.  Probability and Random Processes , 2005, Technometrics.

[102]  Maurizio Lenzerini,et al.  Deductive Entity-Relationship Modeling , 1993, IEEE Trans. Knowl. Data Eng..

[103]  Martin Gogolla,et al.  On Constraints and Queries in UML , 1997, UML Workshop.

[104]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[105]  Orna Kupferman,et al.  Safraless decision procedures , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[106]  Orna Kupfermant,et al.  Synthesis with Incomplete Informatio , 2000 .

[107]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[108]  Owre Sam,et al.  Theory Interpretations in PVS , 2001 .

[109]  Andrew Ireland,et al.  Proof planning for strategy development , 2001, Annals of Mathematics and Artificial Intelligence.

[110]  Albert L. Baker,et al.  Preliminary design of JML: a behavioral interface specification language for java , 2006, SOEN.

[111]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[112]  Manfred Broy,et al.  Model-Based Testing of Reactive Systems, Advanced Lectures , 2005 .

[113]  John C. Reynolds,et al.  Separation logic: a logic for shared mutable data structures , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[114]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[115]  Brian A. Davey,et al.  An Introduction to Lattices and Order , 1989 .

[116]  Myungchul Kim,et al.  Interoperability Test Generation for Communication Protocols based on Multiple Stimuli Principle , 2002, TestCom.

[117]  David Jordan,et al.  The Object Database Standard: ODMG 2.0 , 1997 .

[118]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[119]  Frank van Harmelen,et al.  Validation and Verification of Conceptual Models of Diagnosis , 1997, EUROVAV.

[120]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[121]  Ashish Tiwari,et al.  An Algebraic Approach for the Unsatisfiability of Nonlinear Constraints , 2005, CSL.

[122]  Richard J. Boulton,et al.  System Description: An Interface Between CLAM and HOL , 1998, CADE.

[123]  Frank van Harmelen,et al.  Experiments with proof plans for induction , 2004, Journal of Automated Reasoning.

[124]  Andrzej Ne ' dzusiak Fields and Probability , 1990 .

[125]  Johann Schumann,et al.  An Empirical Evaluation of Automated Theorem Provers in Software Certification , 2013, Int. J. Artif. Intell. Tools.

[126]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[127]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[128]  Sharad Malik,et al.  The Quest for Efficient Boolean Satisfiability Solvers , 2002, CAV.

[129]  Viorel Preoteasa,et al.  Mechanical Verification of Recursive Procedures Manipulating Pointers Using Separation Logic , 2006, FM.

[130]  L'ubor Sesera,et al.  Analysis Patterns , 2000, SOFSEM.

[131]  Henny B. Sipma,et al.  Non-linear loop invariant generation using Gröbner bases , 2004, POPL.

[132]  Jean-Christophe Filliâtre,et al.  Verification of non-functional programs using interpretations in type theory , 2003, J. Funct. Program..

[133]  Michael Stonebraker,et al.  Object-Relational DBMSs: The Next Great Wave , 1995 .

[134]  Thomas F. Melham,et al.  PROSPER - An Investigation into Software Architecture for Embedded Proof Engines , 2002, FroCoS.

[135]  Mark Minas Specifying Diagram Languages by Means of Hypergraph Grammars , 2002, Diagrammatic Representation and Reasoning.

[136]  Anneke Kleppe,et al.  The object constraint language: precise modeling with UML , 1998 .

[137]  John G. P. Barnes,et al.  High Integrity Software - The SPARK Approach to Safety and Security , 2003 .

[138]  Peter W. O'Hearn,et al.  Shape Analysis for Composite Data Structures , 2007, CAV.

[139]  Srihari Sukumaran,et al.  A Rigorous Approach to Requirements Validation , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[140]  Andrew Ireland,et al.  A Cooperative Approach to Loop Invariant Discovery for Pointer Programs , 2022 .

[141]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[142]  Peter W. O'Hearn,et al.  Local Reasoning about Programs that Alter Data Structures , 2001, CSL.

[143]  Nicholas Ayache,et al.  Combining the Coq Proof Assistant with First - Order Decision Procedures , 2006 .

[144]  John C. Shepherdson,et al.  Computability of Recursive Functions , 1963, JACM.

[145]  Jin Song Dong,et al.  Verifying OWL and ORL Ontologies in PVS , 2004, ICTAC.

[146]  Monica S. Lam,et al.  Automatic extraction of object-oriented component interfaces , 2002, ISSTA '02.

[147]  Arthur H. M. ter Hofstede,et al.  How to formalize it?: Formalization principles for information system development methods , 1997, Inf. Softw. Technol..

[148]  A. J. Weir Lebesgue Integration and Measure , 1973 .

[149]  Bernd Finkbeiner,et al.  Uniform distributed synthesis , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[150]  Cliff B. Jones,et al.  Case studies in systematic software development , 1990 .

[151]  Józef Bia Properties of Caratheodor ’ s Measure , 1992 .

[152]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[153]  Jean-Christophe Filliâtre,et al.  Type-safe modular hash-consing , 2006, ML '06.

[154]  Anthony Hall,et al.  Correctness by Construction: Developing a Commercial Secure System , 2002, IEEE Softw..

[155]  J. Foran Fundamentals of Real Analysis , 1991 .

[156]  John M. Rushby,et al.  Harnessing Disruptive Innovation in Formal Verification , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[157]  Peter M. Maurer,et al.  Generating test data with enhanced context-free grammars , 1990, IEEE Software.

[158]  Tjark Weber Towards Mechanized Program Verification with Separation Logic , 2004, CSL.

[159]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[160]  Ben Wegbreit,et al.  The synthesis of loop predicates , 1974, CACM.