Analyzing Tabular and State-Transition Requirements Specifications in PVS

\_' (lescribe PVS's capabilities for representing tabular specifications of the kind advocated t)y Parnas and others, and show how PVS's Type Correctness Conditions (TCCs) are used to ensure certain well-formedness properties. We then show how these and other capabilities of PVS can be used to represent the AND/OR tables of Leveson and the Decision Tables of Sherry, and we demonstrate how PVS_s TCCs can expose and help isolate errors in the latter. We extend this approach to represent the mode transition tables of the Software Cost Reduction (SCR) method in an attractive rammer. We show how PVS can check these tables for well-formedness, and how PVS's model checking capalfilities can he used to verify invariants and reaehability properties of SCR requirelnents specifications, and inclusion relations between the behaviors of different specifications. These exalnples demonstrate how sew_ral capabilities of the PVS language and verification system can be used in combination to provide customized support for specific methodologies for documellting and analyzing requirements. Because they use only the standard capabilities of PVS, users can adapt and extend these customizations to suit their own needs. Those developing dedicated tools for individual methodologies may find these constructions in PVS helpful for prototyping purposes. or as a useful adjunct to a dedicated tool when the capabilities of a flfll theorem prover are required. The examples also illustrate the power and utility of an integrated generalpurpose system such as PVS. For example, there was no need to adapt or extend the PVS model checker to make it work with SCR specifications (lescribed using the PVS TABLE construct: the model checker is applicable to any transition relation, independently of the PVS language constructs used in its definition. PVS specification files for several of the examples used here can be downloa(led from http://www, csl. sri. com/pvs/examples/tables; PVS itself is available at http ://www. csi. sr±. com/pvs, html.