Unifying Theories in ProofPower-Z [chapter]

Marcel Oliveira, Ana Cavalcanti, Jim Woodcock
2006 Lecture Notes in Computer Science  
The increasing interest in the combination of different computational paradigms is well represented by Hoare & He in the Unifying Theories of Programming (UTP). In this paper, we present a mechanisation of part of that work in a theorem prover, ProofPower-Z; the theories of alphabetised relations, designs, reactive and CSP processes are in the scope of this paper. Furthermore, the mechanisation of Circus, a language that combines Z, CSP, specification statements and Dijkstra's guarded command
more » ... nguage, is also presented here. We also present an account of how this mechanisation is achieved, and more interestingly, of what issues were raised, and of our decisions. We aim at providing tool support not only for CSP and Circus, but also for further explorations of Hoare & He's unification, and for the mechanisation of languages whose semantics is based on the UTP. Unifying Theories in ProofPower-Z 3 language that contains shared variables. The work that we present here provides mechanical support not only to Circus, but also to any language that has the UTP as its theoretical basis. The choice of the theorem prover for mechanising Circus and its refinement calculus was a major concern. ProofPower-Z is a higher-order tactic-based theorem prover implemented using New Jersey SML [Pau91]; it supports specifications and proofs in Z. It extends ProofPower-HOL [Art], which builds on ideas arising from research at the Universities of Cambridge [GM93] and Edinburgh [GMW79] . Some of the extensions provided by the New Jersey SML were used in ProofPower-Z, in order to achieve features such as a theory hierarchy, extension of the character set accepted by the metalanguage ML, and facilities for quotation of object language (Z or HOL) expressions, and for automatic pretty-printing of such expressions. Since it supports a powerful logic, ProofPower-Z has a lower level of automation than other theorem provers that support, for example, first-order logic. On the other hand, it has been successfully used in industry [KAW96, CCO05]. As it is an extension of ProofPower-HOL, definitions can be made using Z, HOL, and even SML, which is the input command language. ProofPower-Z also offers the possibility of defining proof tactics, which can be used to reduce and modularise proofs. Among other analysis support, it provides syntax and type checking, schema expansion, precondition calculation, domain checking, and general theorem proving. Using the subgoal package, goals can be split in simpler subgoals. The Z notation used into ProofPower-Z is almost the same as that of the Z standard [ISO02]; we explain the specificities of ProofPower-Z's notation as needed. ProofPower-Z also provides a theory hierarchy, in which each theory is fully populated with appropriate definitions and theorems. For instance, the theory z sets contains information about Z sets and the theory z relations inherits from z sets and adds operators over sets which are specific to sets of ordered pairs, such as dom and ran. In ProofPower-Z, the theory z library is recommended as the parent of any theory that the user creates to work on Z; hence, it is used as the parent of all theories presented in this paper. The large number of formally verified theories, including algebra, set theory, and many Z related theories, was one of the reasons for the choice of ProofPower-Z as the theorem prover used in the mechanisation of the Circus refinement calculus. Furthermore, by providing features like theory hierarchy and proof tactics, ProofPower-Z fosters the reuse of our results. The development of new theories in other theorem provers based on an axiomatisation of our results is yet another possibility of reuse. In Section 2, we discuss design issues and describe the hierarchy of theories that we created. Section 3 describes the mechanisation of the UTP relations, designs, reactive processes, and CSP. The proof of a theorem illustrates our approach. Circus and its mechanisation is presented in Section 4. Finally, in Section 5, we draw our conclusions and describe future work.
doi:10.1007/11768173_8 fatcat:ojcwog46h5apzk2vggv3lspmoq