PVS Strategies for Proving Abstraction Properties of Automata

Abstractions are important in specifying and proving properties of complex systems. To prove that a given automaton implements an abstract specification automaton, one must first find the correct abstraction relation between the states of the automata, and then show that this relation is preserved by all corresponding action sequences of the two automata. This paper describes tool support based on the PVS theorem prover that can help users accomplish the second task, in other words, in proving a candidate abstraction relation correct. This tool support relies on a clean and uniform technique for defining abstraction properties relating automata that uses library theories for defining abstraction relations and templates for specifying automata and abstraction theorems. The paper then describes how the templates and theories allow development of generic, high level PVS strategies that aid in the mechanization of abstraction proofs. These strategies first set up the standard subgoals for the abstraction proofs and then execute the standard initial proof steps for these subgoals, thus making the process of proving abstraction properties in PVS more automated. With suitable supplementary strategies to implement the “natural” proof steps needed to complete the proofs of any of the standard subgoals remaining to be proved, the abstraction proof strategies can form part of a set of mechanized proof steps that can be used interactively to translate high level proof sketches into PVS proofs. Using timed I/O automata examples taken from the literature, this paper illustrates use of the templates, theories, and strategies described to specify and prove two types of abstraction property: refinement and forward simulation.

[1]  Nancy A. Lynch,et al.  Forward and backward simulations, part II: timing-based systems , 1993 .

[2]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[3]  Frits W. Vaandrager,et al.  Verification of a Leader Election Protocol: Formal Methods Applied to IEEE 1394 , 2000, Formal Methods Syst. Des..

[4]  Olaf Müller,et al.  A verification environment for I-O-automata based on formalized meta-theory , 1998 .

[5]  Myla Archer,et al.  TAME: Using PVS strategies for special-purpose theorem proving , 2001, Annals of Mathematics and Artificial Intelligence.

[6]  Dennis M. Bushnell,et al.  Real automation in the field , 2001 .

[7]  Judi Romijn,et al.  Tackling the RPC-Memory Specification Problem with I/O Automata , 1994, Formal Systems Specification.

[8]  Michael Merritt,et al.  Time-Constrained Automata (Extended Abstract) , 1991, CONCUR.

[9]  Nancy A. Lynch,et al.  The Theory of Timed I/o Automata , 2003 .

[10]  Ben L. Di Vito A PVS Prover Strategy Package for Common Manipulations , 2002 .

[11]  Nancy A. Lynch,et al.  Specifying and Proving Timing Properties with TIOA Tools , 2006 .

[12]  Sayan Mitra,et al.  Developing Strategies for Specialized Theorem Proving about Untimed, Timed, and Hybrid I/O Automata , 2003 .

[13]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[14]  Elvinia Riccobene,et al.  Proving Invariants of I/O Automata with TAME , 2004, Automated Software Engineering.

[15]  Owre Sam,et al.  Theory Interpretations in PVS , 2001 .

[16]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[17]  Nancy A. Lynch,et al.  Forward and Backward Simulations, II: Timing-Based Systems , 1996, Inf. Comput..

[18]  Nancy A. Lynch,et al.  Timed I/O automata: a mathematical framework for modeling and analyzing real-time systems , 2003, RTSS 2003. 24th IEEE Real-Time Systems Symposium, 2003.