kotaroyamame/formal-methods-guide
skills/formal-methods-guide/SKILL.md
Provide reference knowledge on VDM-SL and formal methods. Triggered by "VDM-SL syntax", "how to write types", "what is a pre-condition", "what is an invariant", "meaning of proof obligations", "what are formal methods", or "formal specification". Also responds to Japanese: 「VDM-SLの文法」「事前条件とは」「形式手法とは」等。 Referenced as background knowledge by other skills (define-contract, verify-spec).
$ install --global
skillsauthnpx skillsauth add kotaroyamame/formal-agent-contracts formal-methods-guideInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 4:28 PM8.3s3 files scanned
SKILL.md
- name:
- formal-methods-guide
- description:
- >
- Also responds to Japanese:
- 「VDM-SLの文法」「事前条件とは」「形式手法とは」等。
- version:
- 0.1.0
Formal Methods Guide
Answer questions about formal methods and VDM-SL in developer-friendly language. Always accompany technical terminology with plain explanations.
形式手法やVDM-SLに関する質問に、開発者が理解しやすい言葉で説明する。 専門用語を使う場合は必ず平易な説明を添える。
Three Pillars of Formal Methods
Formal methods are broadly divided into three areas:
形式手法は大きく3つの分野に分かれる:
- Formal Specification (形式的仕様記述) — Mathematically describe system behavior (VDM-SL, TLA+, B-Method, Z)
- Model Checking (モデル検査) — Exhaustively explore state spaces to verify properties (SPIN, NuSMV, TLA+)
- Theorem Proving (定理証明) — Prove properties through logical reasoning (Coq, Isabelle/HOL, Lean)
This plugin focuses on Formal Specification, specifically VDM-SL.
本プラグインは形式的仕様記述、特にVDM-SLを中心に扱う。
VDM-SL Core Concepts
Types
The VDM-SL type system is the foundation for rigorously defining "what is exchanged" in inter-agent contracts.
VDM-SLの型システムは、エージェント間の契約で「何を受け渡すか」を厳密に定義する基盤。
Basic types:
nat— natural numbers ≥ 0,nat1— natural numbers ≥ 1int— integers,real— real numbersbool— boolean,char— character,token— abstract token
Compound types:
seq of T— sequence (list) of T,seq1 of T— non-empty sequenceset of T— set of Tmap K to V— map from K to V (dictionary)- Record type —
T :: field1 : Type1 field2 : Type2defines a struct
Invariants (不変条件)
Declare conditions that "must always hold" for a type or state.
型や状態に対して「常に成り立つべき条件」を宣言する。
types
Age = nat
inv a == a <= 150;
This means "age must be between 0 and 150". This constraint is automatically included in verification targets wherever the type is used.
「年齢は0以上150以下」という制約。型を使うすべての箇所で自動的に検証対象になる。
Pre-conditions and Post-conditions (事前条件と事後条件)
Define "caller's responsibility" and "implementation's guarantee" for functions and operations.
関数や操作に対して「呼び出し側の責任」と「実装側の保証」を定義する。
functions
divide: real * real -> real
divide(a, b) == a / b
pre b <> 0
post RESULT * b = a;
pre— condition the caller must satisfy (b is not zero)post— condition the result must satisfy (result × b = a)
State (状態)
Define mutable state that operations read and write.
操作が読み書きする可変状態を定義する。
state SystemState of
users : map UserId to User
nextId : UserId
inv mk_SystemState(users, nextId) == nextId not in set dom users
init s == s = mk_SystemState({|->}, 1)
end
Proof Obligation (PO) Types (証明責務の種類)
Major PO types generated by VDMJ with developer-friendly explanations:
VDMJが生成する主要なPO種別と開発者向けの平易な説明:
| PO Type | Japanese | Meaning | Developer Explanation | |---------|----------|---------|----------------------| | subtype | 部分型義務 | Value conforms to type constraints | "Does this value really fit this type?" | | invariant satisfiability | 不変条件充足 | A value satisfying the constraint can exist | "Is this constraint so strict that nothing can satisfy it?" | | map apply | 写像適用義務 | Key exists in the map | "Is it guaranteed we can look up this key?" | | total function | 全域関数義務 | Pre/post/invariant conditions evaluate correctly | "Can this condition itself cause an error?" | | func post condition | 関数事後条件 | Function satisfies its post-condition | "Does this function return what it promised?" | | operation postcondition | 操作事後条件 | Operation satisfies its post-condition | "Does this operation change state as promised?" | | state invariant | 状態不変条件 | State invariant maintained after operation | "Is system consistency preserved after the operation?" | | map compatible | 写像互換性 | Duplicate key values match when merging maps | "When merging two maps, do same keys have different values?" |
Role of Formal Methods in Multi-Agent Development
Formally defining inter-agent contracts provides:
エージェント間の契約を形式的に定義することで:
- Eliminate ambiguity (曖昧さの排除) — Instead of "returns user info", explicitly specify types, constraints, and conditions
- Automated verification (自動検証) — Detect contract violations before execution (PO generation → verification)
- Clear responsibilities (責任の明確化) — Pre-condition = caller's responsibility, Post-condition = implementation's guarantee
- Stepwise refinement (段階的詳細化) — From abstract spec to concrete implementation, ensuring consistency at each stage
Detailed References
For more detailed information, see the references/ directory:
より詳しい内容は references/ ディレクトリを参照:
references/vdm-sl-syntax.md— Complete VDM-SL syntax reference / VDM-SL構文リファレンスreferences/po-types-detail.md— Detailed explanation of all PO types / PO種別の詳細解説
Related Skills
kotaroyamame/verify-spec
testing
VerifiedTrustedCommunity
VDM-SL仕様の型チェック、構文検証、証明責務生成を実行するスキル
1SKILL.mdUpdated Apr 16, 2026
kotaroyamame/smt-verify
testing
VerifiedTrustedCommunity
Convert VDM-SL proof obligations (POs) to SMT-LIB and verify them with the Z3 solver. Triggered by "prove POs", "verify with SMT", "check with Z3", "auto-verify proof obligations", "prove the spec is correct", or "find counterexamples". Also responds to Japanese: 「POを証明して」「SMTで検証して」「Z3で確認して」等。 Used as the next step after PO generation with verify-spec, or for end-to-end PO generation + SMT verification.
1SKILL.mdUpdated Apr 16, 2026
kotaroyamame/reverse-workflow
development
VerifiedTrustedCommunity
Orchestrate the full reverse engineering pipeline: Extract provisional spec from existing code, refine through dialogue to uncover the true spec, then reconcile code with the confirmed spec. Optionally connects to the forward pipeline (verify → prove → generate → test). Triggered by: "reverse workflow", "extract and refine spec from code", "formalize existing code", "reverse engineer the specification", 「リバースワークフローで」「既存コードから仕様を起こして」「コードの仕様を明確にしたい」 「このプロジェクトを形式仕様で整理したい」「既存コードをリバースエンジニアリングして」
1SKILL.mdUpdated Apr 16, 2026
kotaroyamame/refine-spec
testing
VerifiedTrustedCommunity
Refine a provisional VDM-SL specification through dialogue with the user, uncovering the true specification that exists in the user's mind. The provisional spec (from extract-spec) serves as a scaffold for questions. Triggered by: "refine the spec", "review the provisional spec", 「仕様を磨きたい」「仮仕様をレビューして」「コードの意図を確認したい」「仕様を確認して」
1SKILL.mdUpdated Apr 16, 2026