Task 3.4: "Deductive Proofs of Data-flow Programs"
Abstract of deliverable 3.4.3
Approach:
This task aims at providing methods and tools for applying deductive tools to synchronous programs that cannot be model-checked. As examples, the chosen synchronous language was Lustre and the deductive proof tool was PVS . In the course of the project, the Irisa team working on Signal joined the task and proposed another instanciation, based on Signal and the proof assistant tool Coq
There was also some work on deductive proofs performed by the team at
Linköping, using NP-Tools by Prover.
This work was integrated in the study
on hybrid systems under work package 7. However, some reference to
the work is made here for the sake of completeness.
Achieved Results:
At the end of the project, we come up with two approaches: the Lustre-PVS one and the Signal-Coq one, which seem to operate quite satisfactorily. Unfortunately, we have not been able to make comparisons between them and this remains to be done, both theoretically and from the efficiency point of view.
Also, the question of scalability has to be better investigated. One possibility could be to study some refinement-based design method, adapted to the synchronous programming context. Another possibility could consist of investigating the cooperation between model checkers and theorem provers.
Application in the hybrid system area needs to combine the proofs on the controller with some continuous analysis, in our case using MatrixX simulation models.
Annexes: