Analyzing Tabular and State-transition Requirements Speciications in Pvs 1

We describe PVS's capabilities for representing tabular speci cations of the kind advocated by Parnas and others, and show how PVS's Type Correctness Conditions (TCCs) are used to ensure certain well-formedness properties. We then show how these and other capabilities of PVS can be used to represent the AND/OR tables of Leveson and the Decision Tables of Sherry, and we demonstrate how PVS's TCCs can expose and help isolate errors in the latter. We extend this approach to represent the mode transition tables of the Software Cost Reduction (SCR) method in an attractive manner. We show how PVS can check these tables for well-formedness, and how PVS's model checking capabilities can be used to verify invariants and reachability properties of SCR requirements speci cations, and inclusion relations between the behaviors of di erent speci cations. These examples demonstrate how several capabilities of the PVS language and veri cation system can be used in combination to provide customized support for speci c methodologies for documenting and analyzing requirements. Because they use only the standard capabilities of PVS, users can adapt and extend these customizations to suit their own needs. Those developing dedicated tools for individual methodologies may nd these constructions in PVS helpful for prototyping purposes, or as a useful adjunct to a dedicated tool when the capabilities of a full theorem prover are required. The examples also illustrate the power and utility of an integrated generalpurpose system such as PVS. For example, there was no need to adapt or extend the PVS model checker to make it work with SCR speci cations described using the PVS TABLE construct: the model checker is applicable to any transition relation, independently of the PVS language constructs used in its de nition. PVS speci cation les for several of the examples used here can be downloaded from http://www.csl.sri.com/pvs/examples/tables; PVS itself is available at http://www.csl.sri.com/pvs.html. Note: this revised edition of the report di ers signi cantly from the draft issued in June 1995.