Implicit and Explicit Proof Management in KeYmaera X

Hybrid systems theorem proving provides strong correctness guarantees about the interacting discrete and continuous dynamics of cyber-physical systems. The trustworthiness of proofs rests on the soundness of the proof calculus and its correct implementation in a theorem prover. Correctness is easier to achieve with a soundness-critical core that is stripped to the bare minimum, but, as a consequence, proof convenience has to be regained outside the soundness-critical core with proof management techniques. We present modeling and proof management techniques that are built on top of the soundness-critical core of KeYmaera X to enable expanding definitions, parametric proofs, lemmas, and other useful proof techniques in hybrid systems proofs. Our techniques steer the uniform substitution implementation of the differential dynamic logic proof calculus in KeYmaera X to allow users choose when and how in a proof abstract formulas, terms, or programs become expanded to their concrete definitions, and when and how lemmas and sub-proofs are combined to a full proof. The same techniques are exploited in implicit sub-proofs (without making such sub-proofs explicit to the user) to provide proof features, such as temporarily hiding formulas, which are notoriously difficult to get right when implemented in the prover core, but become trustworthy as proof management techniques outside the core. We illustrate our approach with several useful proof techniques and discuss their presentation on the KeYmaera X user interface.

[1]  Tobias Nipkow,et al.  Isabelle/HOL , 2002, Lecture Notes in Computer Science.

[2]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[3]  André Platzer,et al.  Distributed Theorem Proving for Distributed Hybrid Systems , 2011, ICFEM.

[4]  Yong Kiam Tan,et al.  Deductive Stability Proofs for Ordinary Differential Equations , 2020, TACAS.

[5]  Jasmin Christian Blanchette,et al.  Three years of experience with Sledgehammer, a Practical Link Between Automatic and Interactive Theorem Provers , 2012, IWIL@LPAR.

[6]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[7]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[8]  Liang Zou,et al.  An Improved HHL Prover: An Interactive Theorem Prover for Hybrid Systems , 2015, ICFEM.

[9]  Nathan Fulton,et al.  Bellerophon: Tactical Theorem Proving for Hybrid Systems , 2017, ITP.

[10]  Tobias Nipkow,et al.  Structured Proofs in Isar/HOL , 2002, TYPES.

[11]  Larry Wos,et al.  The problem of definition expansion and contraction , 1987, Journal of Automated Reasoning.

[12]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[13]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[14]  Naijun Zhan,et al.  Computing semi-algebraic invariants for polynomial dynamical systems , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[15]  Sandra Rebholz,et al.  Understanding the Learners' Actions when using Mathematics Learning Tools , 2012 .

[16]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[17]  André Platzer,et al.  Logical Foundations of Cyber-Physical Systems , 2018, Springer International Publishing.

[18]  André Platzer,et al.  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[19]  K. Rustan M. Leino,et al.  The Dafny Integrated Development Environment , 2014, F-IDE.

[20]  Yong Kiam Tan,et al.  Differential Equation Invariance Axiomatization , 2019, J. ACM.

[21]  André Platzer,et al.  A Retrospective on Developing Hybrid System Provers in the KeYmaera Family - A Tale of Three Provers , 2020, 20 Years of KeY.

[22]  Christel Baier,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2015, Lecture Notes in Computer Science.

[23]  Stefan Mitsch,et al.  Pegasus: sound continuous invariant generation , 2020, ArXiv.

[24]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[25]  André Platzer,et al.  The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving , 2017, F-IDE@FM.

[26]  Werner Retschitzegger,et al.  Tactical contract composition for hybrid system component verification , 2018, International Journal on Software Tools for Technology Transfer.

[27]  A. Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2016, Formal Methods Syst. Des..

[28]  K. Rustan M. Leino Developing verified programs with dafny , 2013, ICSE 2013.