The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving

Hybrid systems verification is quite important for developing correct controllers for physical systems, but is also challenging. Verification engineers, thus, need to be empowered with ways of guiding hybrid systems verification while receiving as much help from automation as possible. Due to undecidability, verification tools need sufficient means for intervening during the verification and need to allow verification engineers to provide system design insights. This paper presents the design ideas behind the user interface for the hybrid systems theorem prover KeYmaera X. We discuss how they make it easier to prove hybrid systems as well as help learn how to conduct proofs in the first place. Unsurprisingly, the most difficult user interface challenges come from the desire to integrate automation and human guidance. We also share thoughts how the success of such a user interface design could be evaluated and anecdotal observations about it.

[1]  Muffy Calder,et al.  Interactive Theorem Proving: An Empirical Study of User Activity , 1998, J. Symb. Comput..

[2]  K. Rustan M. Leino,et al.  Developing verified programs with Dafny , 2013, 2013 35th International Conference on Software Engineering (ICSE).

[3]  Andrei Voronkov,et al.  First-Order Theorem Proving and Vampire , 2013, CAV.

[4]  James H. Davenport,et al.  Real Quantifier Elimination is Doubly Exponential , 1988, J. Symb. Comput..

[5]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[6]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[7]  Christoph Lüth,et al.  Proof General meets IsaWin: Combining Text-Based And Graphical User Interfaces , 2004, Electron. Notes Theor. Comput. Sci..

[8]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[9]  Maria Kutar,et al.  Cognitive Dimensions of Notations: Design Tools for Cognitive Technology , 2001, Cognitive Technology.

[10]  Christel Baier,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2015, Lecture Notes in Computer Science.

[11]  Bernhard Beckert,et al.  A Usability Evaluation of Interactive Theorem Provers Using Focus Groups , 2014, SEFM Workshops.

[12]  Bernhard Beckert,et al.  The KeY Platform for Verification and Analysis of Java Programs , 2014, VSTTE.

[13]  Bernhard Beckert,et al.  Evaluating the Usability of Interactive Verification Systems , 2012, COMPARE.

[14]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[15]  Reiner Hähnle,et al.  An empirical evaluation of two user interfaces of an interactive program verifier , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[16]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[17]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[18]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[19]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[20]  K. Rustan M. Leino Developing verified programs with dafny , 2013, ICSE 2013.

[21]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[22]  Christoph Lüth,et al.  A Framework for Interactive Proof , 2007, Calculemus/MKM.

[23]  Dan Diaper,et al.  Desirable features of educational theorem provers - a cognitive dimensions viewpoint , 1999, PPIG.

[24]  K. Rustan M. Leino,et al.  The Dafny Integrated Development Environment , 2014, F-IDE.

[25]  Reiner Hähnle,et al.  The interactive verification debugger: Effective understanding of interactive proof attempts , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[26]  Claes Wohlin,et al.  Experimentation in Software Engineering , 2000, The Kluwer International Series in Software Engineering.

[27]  Michael J Jackson Evaluation of a Semi-Automated Theorem Prover ( Part II ) , 1997 .

[28]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[29]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[30]  Sarfraz Khurshid,et al.  Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering , 2016, ASE.

[31]  Nadia Polikarpova,et al.  AutoProof: auto-active functional verification of object-oriented programs , 2015, International Journal on Software Tools for Technology Transfer.

[32]  Markus Wenzel Isabelle/jEdit - A Prover IDE within the PIDE Framework , 2012, AISC/MKM/Calculemus.

[33]  Sandra Rebholz,et al.  Understanding the Learners' Actions when using Mathematics Learning Tools , 2012 .

[34]  Tobias Nipkow,et al.  Structured Proofs in Isar/HOL , 2002, TYPES.

[35]  André Platzer,et al.  Teaching CPS Foundations With Contracts , 2013 .