A Retrospective on Developing Hybrid System Provers in the KeYmaera Family - A Tale of Three Provers

This chapter provides a retrospective on the developments of three theorem provers for hybrid systems. While all three theorem provers implement closely related logics of the family of differential dynamic logic, they pursue fundamentally different styles of theorem prover implementations. Since the three provers KeYmaera, KeYmaeraD, and KeYmaera X share a common core logic, yet no line of code, and differ vastly in prover implementation technology, their logical proximity yet technical distance enables us to draw conclusions about the various advantages and disadvantages of different prover implementation styles for different purposes, which we hope are of generalizable interest.

[1]  André Platzer Uniform Substitution for Differential Game Logic , 2018, IJCAR.

[2]  Tobias Nipkow,et al.  From LCF to Isabelle/HOL , 2019, Formal Aspects of Computing.

[3]  Muhammad Ali Shah,et al.  Proving Programs Incorrect Using a Sequent Calculus for Java Dynamic Logic , 2007, TAP.

[4]  André Platzer,et al.  A Complete Axiomatization of Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2012, Log. Methods Comput. Sci..

[5]  André Platzer,et al.  Formal verification of obstacle avoidance and navigation of ground robots , 2016, Int. J. Robotics Res..

[6]  André Platzer,et al.  ARCH-COMP18 Category Report: Hybrid Systems Theorem Proving , 2018, ARCH@ADHS.

[7]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[8]  Geoff Sutcliffe,et al.  Progress in the Development of Automated Theorem Proving for Higher-Order Logic , 2009, CADE.

[9]  André Platzer,et al.  On Provably Safe Obstacle Avoidance for Autonomous Robotic Ground Vehicles , 2013, Robotics: Science and Systems.

[10]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[11]  Bernhard Beckert Taclets: A New Paradigm for Constructing Interactive Theorem Provers , 2004 .

[12]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[13]  André Platzer,et al.  The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving , 2017, F-IDE@FM.

[14]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[15]  Alexandre M. Bayen,et al.  VERIFICATION OF HYBRID SYSTEMS , 2004 .

[16]  Hans Hermes,et al.  Introduction to mathematical logic , 1973, Universitext.

[17]  Michael Golm,et al.  Formal Verification of Train Control with Air Pressure Brakes , 2017, RSSRail.

[18]  Fabrice Kordon,et al.  TOOLympics 2019: An Overview of Competitions in Formal Methods , 2019, TACAS.

[19]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[20]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[21]  Stefan Mitsch,et al.  A Formal Safety Net for Waypoint-Following in Ground Robots , 2019, IEEE Robotics and Automation Letters.

[22]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[23]  André Platzer,et al.  Logical Foundations of Cyber-Physical Systems , 2018, Springer International Publishing.

[24]  Freek Wiedijk Comparing Mathematical Provers , 2003, MKM.

[25]  Yong Kiam Tan,et al.  Differential Equation Invariance Axiomatization , 2019, J. ACM.

[26]  Bernhard Beckert,et al.  The KeY tool , 2005, Software & Systems Modeling.

[27]  André Platzer,et al.  An Axiomatic Approach to Liveness for Differential Equations , 2019, FM.

[28]  Edmund M. Clarke,et al.  Computing differential invariants of hybrid systems as fixedpoints , 2008, Formal Methods Syst. Des..

[29]  André Platzer,et al.  Distributed Theorem Proving for Distributed Hybrid Systems , 2011, ICFEM.

[30]  André Platzer,et al.  Formally verified differential dynamic logic , 2017, CPP.

[31]  Peter Kazanzides,et al.  Certifying the safe design of a virtual fixture control algorithm for a surgical robot , 2013, HSCC '13.

[32]  Colin Rowat,et al.  A Qualitative Comparison of the Suitability of Four Theorem Provers for Basic Auction Theory , 2013, MKM/Calculemus/DML.

[33]  André Platzer,et al.  Collaborative Verification-Driven Engineering of Hybrid Systems , 2014, Math. Comput. Sci..

[34]  André Platzer,et al.  Differential Dynamic Logic for Verifying Parametric Hybrid Systems , 2007, TABLEAUX.

[35]  André Platzer,et al.  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[36]  André Platzer Uniform Substitution At One Fell Swoop , 2019, CADE.

[37]  Jean-Baptiste Jeannin,et al.  A formally verified hybrid system for safe advisories in the next-generation airborne collision avoidance system , 2016, International Journal on Software Tools for Technology Transfer.

[38]  Sarah Grebing User Interaction in Deductive Interactive Program Verification , 2019 .

[39]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[40]  André Platzer,et al.  The Complete Proof Theory of Hybrid Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[41]  André Platzer,et al.  Real World Verification , 2009, CADE.

[42]  Bohua Zhan,et al.  ARCH-COMP19 Category Report: Hybrid Systems Theorem Proving , 2019, ARCH@CPSIoTWeek.

[43]  Robin Milner,et al.  Logic for Computable Functions: description of a machine implementation. , 1972 .

[44]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[45]  Freek Wiedijk,et al.  A Comparison of Mizar and Isar , 2004, Journal of Automated Reasoning.

[46]  Jan-David Quesel,et al.  Similarity, Logic, and Games - Bridging Modeling Layers of Hybrid Systems , 2013, Berichte aus dem Department für Informatik / Universität Oldenburg / Fachbereich Informatik.

[47]  Nathan Fulton,et al.  Bellerophon: Tactical Theorem Proving for Hybrid Systems , 2017, ITP.

[48]  André Platzer,et al.  Playing Hybrid Games with KeYmaera , 2012, IJCAR.

[49]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[50]  Freek Wiedijk,et al.  The Seventeen Provers of the World, Foreword by Dana S. Scott , 2006, The Seventeen Provers of the World.

[51]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[52]  Nathan Fulton,et al.  Verifiably Safe Off-Model Reinforcement Learning , 2019, TACAS.

[53]  Jean-Baptiste Jeannin,et al.  A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System , 2015, TACAS.

[54]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[55]  Bernhard Beckert,et al.  Dynamic logic with non-rigid functions a basis for object-oriented program verification , 2006 .

[56]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[57]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[58]  André Platzer,et al.  Pegasus: A Framework for Sound Continuous Invariant Generation , 2019, FM.

[59]  Werner Retschitzegger,et al.  Tactical contract composition for hybrid system component verification , 2018, International Journal on Software Tools for Technology Transfer.

[60]  André Platzer,et al.  dLι: Definite Descriptions in Differential Dynamic Logic , 2019, CADE.

[61]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[62]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.