Automated Deduction and Proof Certification for the B Method. (Déduction Automatique et Certification de Preuve pour la Méthode B)

The B Method is a formal method heavily used in the railway industry to specify and develop safety-critical software. It allows the development of correct-by-construction programs, thanks to a refinement process from an abstract specification to a deterministic implementation of the program. The soundness of the refinement steps depends on the validity of logical formulas called proof obligations, expressed in a specific typed set theory. Typical industrial projects using the B Method generate thousands of proof obligations, thereby relying on automated tools to discharge as many as possible proof obligations. A specific tool, called Atelier B, designed to implement the B Method and provided with a theorem prover, helps users verify the validity of proof obligations, automatically or interactively. Improving the automated verification of proof obligations is a crucial task for the speed and ease of development. The solution developed in our work is to use Zenon, a first-order logic automated theorem prover based on the tableaux method. The particular feature of Zenon is to generate proof certificates, i.e. proof objects that can be verified by external tools. The B Method is based on first-order logic and a specific typed set theory. To improve automated theorem proving in this theory, we extend the proof-search algorithm of Zenon to polymorphism and deduction modulo theory, leading to a new tool called Zenon Modulo which is the main contribution of our work. The extension to polymorphism allows us to deal with problems combining several sorts, like booleans and integers, and generic axioms, like B set theory axioms, without relying on encodings. Deduction modulo theory is an extension of first-order logic with rewriting both on terms and propositions. It is well suited for proof search in axiomatic theories, as it turns axioms into rewrite rules. This way, we turn proof search among axioms into computations, avoiding unnecessary combinatorial explosion, and reducing the size of proofs by recording only their meaningful steps. To certify Zenon Modulo proofs, we choose to rely on Dedukti, a proof-checker used as a universal backend to verify proofs coming from different theorem provers, and based on deduction modulo theory. This work is part of a larger project called BWare, which gathers academic entities and industrial companies around automated theorem proving for the B Method. These industrial partners provide to BWare a large benchmark of proof obligations coming from real industrial projects using the B Method and allowing us to test our tool Zenon Modulo. The experimental results obtained on this benchmark are particularly conclusive since Zenon Modulo proves more proof obligations than state-of-the-art first-order provers. In addition, all the proof certificates produced by Zenon Modulo on this benchmark are well checked by Dedukti, increasing our confidence in the soundness of our work.

[1]  Hendrik Pieter Barendregt,et al.  Autarkic Computations in Formal Proofs , 2002, Journal of Automated Reasoning.

[2]  Pierre Halmagrand,et al.  Implementing Polymorphism in Zenon , 2015, IWIL@LPAR.

[3]  Rajeev Goré,et al.  Tableau Methods for Modal and Temporal Logics , 1999 .

[4]  Damien Doligez,et al.  Automated Deduction in the B Set Theory using Typed Proof Search and Deduction Modulo , 2015, LPAR.

[5]  Gilles Dowek,et al.  Dedukti : a Logical Framework based on the λ Π-Calculus Modulo Theory , 2016 .

[6]  Guillaume Burel,et al.  Translating HOL to Dedukti , 2015, PxTP@CADE.

[7]  Andrei Paskevich,et al.  TFF1: The TPTP Typed First-Order Form with Rank-1 Polymorphism , 2013, CADE.

[8]  Guillaume Burel,et al.  CoqInE: Translating the Calculus of Inductive Constructions into the λΠ-calculus Modulo , 2012, PxTP.

[9]  Paul Benoit,et al.  Météor: A Successful Application of B in a Large Project , 1999, World Congress on Formal Methods.

[10]  Gilles Dowek,et al.  Cut elimination for Zermelo set theory , 2023, ArXiv.

[11]  Guillaume Burel,et al.  A Shallow Embedding of Resolution and Superposition Proofs into the λΠ-Calculus Modulo , 2013, PxTP@CADE.

[12]  Claude Kirchner,et al.  Theorem Proving Modulo , 2003, Journal of Automated Reasoning.

[13]  François Bobot,et al.  Why3: Shepherd Your Herd of Provers , 2011 .

[14]  David Delahaye,et al.  Tableaux Modulo Theories Using Superdeduction , 2015, ArXiv.

[15]  Simon Cruanes,et al.  Extending Superposition with Integer Arithmetic, Structural Induction, and Beyond. (Extensions de la Superposition pour l'Arithmétique Linéaire Entière, l'Induction Structurelle, et bien plus encore) , 2015 .

[16]  Daniel Wand,et al.  Polymorphic+Typeclass Superposition , 2014, PAAR@IJCAR.

[17]  Geoff Sutcliffe The TPTP Problem Library and Associated Infrastructure , 2017, Journal of Automated Reasoning.

[18]  Andrei Popescu,et al.  Encoding Monomorphic and Polymorphic Types , 2013, TACAS.

[19]  Pierre Halmagrand Soundly Proving B Method Formulæ Using Typed Sequent Calculus , 2016, ICTAC.

[20]  Claude Marché,et al.  The BWare Project: Building a Proof Platform for the Automated Verification of B Proof Obligations , 2014, ABZ.

[21]  Christoph Weidenbach,et al.  SPASS: Combining Superposition, Sorts and Splitting , 2000 .

[22]  Richard Statman,et al.  Lambda Calculus with Types , 2013, Perspectives in logic.

[23]  Evert W. Beth,et al.  Semantic Entailment And Formal Derivability , 1955 .

[24]  Guillaume Burel Experimenting with Deduction Modulo , 2011, CADE.

[25]  Damien Doligez,et al.  Proof Certification in Zenon Modulo: When Achilles Uses Deduction Modulo to Outrun the Tortoise with Shorter Steps , 2013 .

[26]  Damien Doligez,et al.  Zenon Modulo: When Achilles Outruns the Tortoise Using Deduction Modulo , 2013, LPAR.

[27]  C. Favre,et al.  Fly-by-wire for commercial aircraft: the Airbus experience , 1994 .

[28]  Christopher Strachey,et al.  Fundamental Concepts in Programming Languages , 2000, High. Order Symb. Comput..

[29]  Martin Giese,et al.  Hilbert's epsilon-Terms in Automated Theorem Proving , 1999, TABLEAUX.

[30]  Ronan Saillard,et al.  Typechecking in the lambda-Pi-Calculus Modulo : Theory and Practice. (Vérification de typage pour le lambda-Pi-Calcul Modulo : théorie et pratique) , 2015 .

[31]  G. Gentzen Untersuchungen über das logische Schließen. I , 1935 .

[32]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[33]  Sascha Böhme,et al.  Semi-intelligible Isar Proofs from Machine-Generated Proofs , 2015, Journal of Automated Reasoning.

[34]  Pierre Halmagrand,et al.  Checking Zenon Modulo Proofs in Dedukti , 2015, PxTP@CADE.

[35]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[36]  Claude Kirchner,et al.  Principles of Superdeduction , 2007, 22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007).

[37]  Geoff Sutcliffe The CADE ATP System Competition - CASC , 2016, AI Mag..

[38]  David Delahaye,et al.  Integrating Simplex with Tableaux , 2015, TABLEAUX.