On the Verification of VDM Specification and Refinement with PVS - Automated Software Engineering, 1997. Proceedings., 12th IEEE International Conference

Although the formal method VDM has been in existence since the 1970S, there are still no satisfactory tools to support verqkation in VDM. This paper deals with one possible means of approaching this problem by using the PVS theorem-prover It describes a translation of a VDM-SL speciJication into the PVS specification language using, essentially, the very transparent translation methods described in [ I ] . PVS was used to typecheck the spec$ication and to prove Some non-trivial validation conditions. Next, a more abstract specification of the same system was also expressed in PVS, and the original specification was shown to be a rejinement of this one. The drawbacks of the translation are that it must be done manually (though automation may be possible), and that the “shallow embedding” technique which is used does not accurately capture the proof rules of VDM-SL. The benejits come from the facts that the portion of VDM-SL which can be represented is substantial and that it is a great advantage to be able to use the powerful PVS proofchecker: