RAISE Tool User Guide -- 11.3 Declarations

11.2 Activating the PVS translator

11 PVS translator

11.4 Class expressions

11.3 Declarations

11.3 Declarations

A declaration translates to one or more theory, type, constant, or function declarations as described below for the various kinds of declarations.

Note that PVS has a define before use rule. This means that the order of type and value declarations in PVS may differ from that in RSL.

11.3.1 Scheme declarations

Apart from the top level module (which is translated as if it were an object), schemes are only translated when they are instantiated as objects. So a scheme that is instantiated several times will therefore be translated several times.

There is an exception to this for non-parameterized schemes used in class scope expressions, as we see in section 11.7.29.

11.3.2 Object declarations

An object translates as its translated declarations in a THEORY of the same name as the object.

Theories in PVS cannot be nested. So nested object declarations are "flattened". For example, consider the following RSL scheme definition:

scheme S =

class

object A :

class

object B : class b_body end

a_body

end

s_body

end

This translates to:

B : THEORY

BEGIN

TheoryPart_B

END B

A : THEORY

BEGIN

IMPORTING B

TheoryPart_A

END A

S : THEORY

BEGIN

IMPORTING A

TheoryPart_S

END S

This means that we do not accept object classes that reference entities in their context. For example a_body cannot refer to anything in s_body.

An object definition with a formal array parameter is not accepted: object arrays are normally only used in imperative or concurrent specifications.

11.3.3 Type declarations

Type declarations are translated according to their constituent definitions.

Mutually recursive type definitions are not accepted.

Sort definitions

Sort definitions are translated into uninterpreted type definitions in PVS.

However PVS distinguishes between empty (defined with the reserved word TYPE) and nonempty types (defined with the reserved word TYPE+). This syntactic distinction does not exist in RSL and can be important in the transformation since the PVS type checker will generate an existence TCC for every function declared if it can not determine if the result type of the function is a nonempty type. This is so since PVS considers inconsistent the existence of a function with possibly empty result type. (In RSL such a function with parameters from non-empty types would be evidence of the non-emptiness of the result type.)

So we translate every RSL sort into a PVS nonempty type (TYPE+). But this extends somewhat the transformation since it is like adding in RSL:

axiom ∃ t: T • true

This is unlikely to cause any problems in extending the RSL theory since the declaration of a value of type T or a total function with non-empty domain type and result type T would also imply it. Since it avoids getting extra TCCs we adopt it.

Variant definitions

Variant types in RSL translate directly into PVS DATATYPEs.

PVS DATATYPEs are very similar to RSL variant types, except that:

PVS includes recognizers, boolean functions that return true if their argument is in the corresponding variant. These are added to the translation, given names formed by appending "?" to the constructor name.
All components in PVS need accessors corresponding to RSL's destructors. In RSL these are optional: the translator generates missing ones with names of the form acc_n_, where n is an integer used to make unique names, and warns the user that they have been generated.
PVS does not include RSL's optional reconstructors, so when these are included they are added by defining them explicitly as functions in PVS.
RSL allows wildcard constructors. These are not accepted by the translator.

For example, the following RSL variant type definition:

type

V ==

Vconst |

Vint(Int) |

Vrec(d1Vrec: Int ↔ r1Vrec, d2Vrec: V)

generates the following PVS definitions:

  V: DATATYPE
  BEGIN
    Vconst: Vconst?
    Vint(acc_1_: int): Vint?
    Vrec(d1Vrec: int, d2Vrec: V): Vrec?
  END V

  r1Vrec(z_: int, x_: {x_: V | Vrec?(x_)}): V = 
    LET x1_ = d1Vrec(x_), x2_ = d2Vrec(x_)
    IN Vrec(z_, x2_);

Short record definitions

Records in RSL are translated as PVS DATATYPEs with single components.

Abbreviation definitions

An abbreviation definition translates to a PVS type definition.

Union Definitions

Union definitions are not accepted.

11.3.4 Value declarations

Typings

Typings are translated to PVS constant declarations.

Explicit value definitions

An explicit value definition translates to a PVS constant declaration.

Implicit value definitions

An explicit value definition translates to a PVS constant declaration plus an axiom.

Explicit function definitions

A non-recursive explicit function definition translates to a PVS function definition.

If the function has a precondition this is translated into a subtype for the last parameter. For example, the RSL definition

value

diff : Nat × Nat -~-> Nat

diff(x, y) ≡ x - y

pre x ≥ y

translates to

  diff(x: nat, y: {y: nat | x >= y}): nat = x - y;

Access descriptors are not accepted. The kind of function arrow (→ or -~->) does not matter.

It is not required that the number of parameters matches the number of components in the domain of the function's type expression. For example, the following are all accepted:

type

U = Int × Bool

value

f1: Int × Bool → Bool

f1(x, y) ≡ ...,

f2: (Int × Bool) → Bool

f2(x, y) ≡ ...,

f3: U → Bool

f3(x, y) ≡ ...,

f4: U × Int → Bool

f4(x, y) ≡ ...,

f5: (Int × Bool) × Int → Bool

f5(x, y) ≡ ...,

f6: (Int × Bool) × Int → Bool

f6(x) ≡ ...,

f7: Int × Bool → Bool

f7(x) ≡ ...,

f8: (Int × Bool) → Bool

f8(x) ≡ ...,

f9: U → Bool

f9(x) ≡ ...,

f10: U × Int → Bool

f10((x, y), z) ≡ ...,

f11: (Int × Bool) × Bool → Bool

f11((x, y), z) ≡ ...

Recursive functions need MEASUREs in PVS to show that they terminate. Generating measures automatically is not possible in general, so the translation is to a constant declaration giving the function signature plus an axiom defining the function body. Preconditions are dealt with as for non-recursive functions.

11.3 Declarations

11.2 Activating the PVS translator

11 PVS translator

11.4 Class expressions

11.3 Declarations

11.3.1 Scheme declarations

11.3.2 Object declarations

11.3.3 Type declarations

Sort definitions

Variant definitions

Short record definitions

Abbreviation definitions

Union Definitions

11.3.4 Value declarations

Typings

Explicit value definitions

Implicit value definitions

Explicit function definitions

Implicit function definitions

11.3.5 Variable declarations

11.3.6 Channel declarations

11.3.7 Axiom declarations