Configurable Proof Obligations in the Frog Toolkit

In model based formal methods, incompatible tools for different techniques is the norm. However, greater applicability to industrial scale systems increasingly requires combining the strengths of different techniques, in line with the Verification Grand Challenge. The Frog tool embodies a construct-based specification syntax, and its meta-language Frog-CCL allows the generic configuration of both a construct’s syntax and its proof obligations. For a specific system, Frog generates the system’s verification conditions mechanically from the generic ones. Relationships between systems such as refinement and retrenchment can be configured. An example retrenchment between two simple systems illustrates the technique