Using PVS to Prove a Z Refinement: A Case Study

The development of critical systems often places undue trust in the software tools used. This is especially true of compilers, which are a weak link between the source code produced and the object code which is executed. Stepney [23] advocates a method for the production of trusted compilers (i.e. those which are guaranteed to produce object code that is a correct renement of the source code) by developing a proof of a small, but non trivial compiler by hand in the Z specication language. This approach is quick, but the type system of Z is too weak to ensure that partial functions are correctly applied. Here, we present a re{working of that development using the PVS specication and verication system. We describe the problems involved in translating from the partial set theory of Z to the total, higher order logic of the PVS system and the strengths and weaknesses of this approach.