ABSTRACTPVSio is a conservative extension to the PVS prelude library that provides basic in-put/output capabilities to the PVS ground evaluator. It supports rapid prototypingin PVS by enhancing the specification language with built-in constructs for stringmanipulation, floating point arithmetic, and input/output operations. 1 INTRODUCTIONPVS [6] is a verification system based on a typed classical higher-order logic enriched withpredicate subtyping and dependent records [7]. The system is widely known by its expressivespecification language and its powerful theorem prover. The ground evaluator, which wasoriginally announced as an experimental feature in PVS Release 2.3 [10], is a less knownfeature of PVS that allows for the animation of functional specifications: it extracts efficientCommon Lisp code for a large set of PVS constructs [8].The ground evaluator is a fundamental mechanism for rapid prototyping in PVS. How-ever, it does not provide typical features of programming languages such as input/outputfunctionality or floating-point arithmetic. For instance, a ground expression like sqrt(2),where sqrt is defined as in the NASA reals library [1], is not handled by the ground evaluator.This lack of capabilities greatly limits the usefulness of the evaluator.AnotherexperimentalfeatureofPVS,evenlessknownthanthegroundevaluator, iscalledsemantic attachments [4]. Semantic attachments are user-defined Common Lisp functionsthat the ground evaluator calls during the evaluation of PVS expressions. For instance,given an appropriate semantic attachment, the expression sqrt(2) can be evaluated as theCommon Lisp expression (sqrt 2). Semantic attachments must be handled with care.Indeed, the ground evaluator does not enforce type correctness of semantic attachments nordoes it check that semantic attachments respect the intended semantics of the correspondingPVS expressions. Hence, semantic attachments may break the ground evaluator. However,since neither the ground evaluator nor the semantic attachments are integrated into thelogical framework of PVS, the soundness of the theorem prover is not compromised.PVSio is a prelude library extension implemented on top of semantic attachments thatrelieves PVS users from all the burden and technical details of Common Lisp programming ofsemantic attachments. PVSio enhances the specification language with built-in constructsfor string manipulation, floating-point arithmetic, and input/output operations. From alogical point of view, PVSio is a conservative extension to the PVS prelude library.
[1]
Hugo Herbelin,et al.
The Coq proof assistant : reference manual, version 6.1
,
1997
.
[2]
Victor Carreño,et al.
Formal verification of conflict detection algorithms
,
2001,
International Journal on Software Tools for Technology Transfer.
[3]
Natarajan Shankar,et al.
PVS: A Prototype Verification System
,
1992,
CADE.
[4]
Victor Carreño,et al.
Formal Verification of Conflict Detection Algorithms
,
2001,
CHARME.
[5]
Natarajan Shankar,et al.
Evaluating, Testing, and Animating PVS Specications
,
2001
.
[6]
Shankar Natarajan,et al.
The Formal Semantics of PVS
,
1999
.
[7]
Munoz Cesar,et al.
Tactical conflict detection and resolution in a 3-d airspace
,
2001
.
[8]
Paul S. Miner,et al.
Specification of the ieee-854 floating-point standard in hol and pvs
,
1995
.