Using PVS for an Assertional Verification of the RPC-Memory Specification Problem

The RPC-Memory Speciication Problem has been speciied and veriied in an assertional method, supported by the veriication system PVS. Properties of the components are expressed in the higher-order logic of PVS and all implementations have been veriied by means of the interactive proof checker of PVS. A simpliication of the memory speciication-allowing multiple atomic reads-has been proved correct. Additionally, to increase the conndence in the speciication, an implementation-oriented speciication of the inner memory is shown to be equivalent to our original property-oriented formulation. 0 Introduction A solution of the RPC-Memory Speciication Problem is presented using an as-sertional method supported by the veriication system PVS 1 (Prototype Verii-cation System) ORS92]. The PVS speciication language is a higher-order typed logic, with many built-in types including booleans, integers, rationals, sequences, lists, and sets. Speciications can be structured into a hierarchy of parameterized theories. The tool contains an interactive proof checker with powerful commands for, e.g., inductive proofs, automatic rewriting, and the use of decision procedures for propositional and arithmetical simpliication. All components mentioned in the RPC-Memory Speciication Problem are speciied in the PVS speciication language. Events are used to model the occurrence of actions such as a procedure call, a return of a procedure, and an atomic read or write. Causality relations between events are represented by a partial order. Further we use the notation of event attributes from JPZ94] to express, for instance, the arguments and the timing of an action. Moreover, all implementations given in the formulation of the speciication problem are veriied by means of the PVS proof checker, using a compositional rule for parallel composition. This rule is taken from previous work, where a framework based on assumption/commitment pairs has been devised for the top-down design of distributed real-time systems. In Hoo94a], a mixed formalism in which programs and assumption/commitment based speciications are combined, has been deened in the PVS speciication language.