KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems

  • Nathan Fulton
  • Stefan Mitsch
  • Jan-David Quesel
  • Marcus Völp
  • André Platzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9195)

Abstract

KeYmaera X is a theorem prover for differential dynamic logic (
), a logic for specifying and verifying properties of hybrid systems. Reasoning about complicated hybrid systems models requires support for sophisticated proof techniques, efficient computation, and a user interface that crystallizes salient properties of the system. KeYmaera X allows users to specify custom proof search techniques as tactics, execute these tactics in parallel, and interface with partial proofs via an extensible user interface.
Advanced proof search features—and user-defined tactics in particular—are difficult to check for soundness. To admit extension and experimentation in proof search without reducing trust in the prover, KeYmaera X is built up from a small trusted kernel. The prover kernel contains a list of sound
axioms that are instantiated using a uniform substitution proof rule. Isolating all soundness-critical reasoning to this prover kernel obviates the intractable task of ensuring that each new proof search algorithm is implemented correctly. Preliminary experiments suggest that a single layer of tactics on top of the prover kernel provides a rich language for implementing novel and sophisticated proof search techniques.

References

  1. 1.
    Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Softw. Syst. Model. 4(1), 32–54 (2005)CrossRefGoogle Scholar
  2. 2.
    Alur, R., Courcoubetis, C., Henzinger, T.A., Ho, P.-H.: Hybrid automata: an algorithmic approach to the specification and verification of hybrid systems. In: Grossman, R.L., Ravn, A.P., Rischel, H., Nerode, A. (eds.) HS 1991 and HS 1992. LNCS, vol. 736, pp. 209–229. Springer, Heidelberg (1993) CrossRefGoogle Scholar
  3. 3.
    Beckert, B., Hähnle, R., Schmitt, P.H. (eds.): Verification of Object-Oriented Software. LNCS (LNAI), vol. 4334, pp. 453–479. Springer, Heidelberg (2007) Google Scholar
  4. 4.
    Bowen, J., Stavridou, V.: Safety-critical systems, formal methods and standards. Softw. Eng. J. 8(4), 189–209 (1993)CrossRefGoogle Scholar
  5. 5.
    Felty, A., Howe, D.: Tactic theorem proving with refinement-tree proofs and metavariables. In: Bundy, A. (ed.) CADE 1994. LNCS, vol. 814, pp. 605–619. Springer, Heidelberg (1994) CrossRefGoogle Scholar
  6. 6.
    Heisel, M., Reif, W., Stephan, W.: Tactical theorem proving in program verification. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 117–131. Springer, Heidelberg (1990) CrossRefGoogle Scholar
  7. 7.
    The Coq development team: The Coq proof assistant reference manual. LogiCal project, version 8.0 (2004). http://coq.inria.fr
  8. 8.
    Mitsch, S., Platzer, A.: ModelPlex: verified runtime validation of verified cyber-physical system models. In: Bonakdarpour, B., Smolka, S.A. (eds.) RV 2014. LNCS, vol. 8734, pp. 199–214. Springer, Heidelberg (2014) Google Scholar
  9. 9.
    Nipkow, T., Paulson, L.C., Wenzel, M. (eds.): Isabelle/HOL: A Proof Assistant for Higher-Order Logic. LNCS, vol. 2283. Springer, Heidelberg (2002) Google Scholar
  10. 10.
    Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reas. 41(2), 143–189 (2008)MathSciNetCrossRefMATHGoogle Scholar
  11. 11.
    Platzer, A.: Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Platzer, A.: Logics of Dynamical Systems. In: LICS, pp. 13–24. IEEE (2012)Google Scholar
  13. 13.
    Platzer, A.: Differential Game Logic. CoRR abs/1408.1980 (2014)Google Scholar
  14. 14.
    Platzer, A.: A uniform substitution calculus for differential dynamic logic. In: Felty, A.P., Middeldorp, A. (eds.) CADE-25. LNCS, vol. 9195, pp. xx–yy. Springer, Heidelberg (2015)Google Scholar
  15. 15.
    Platzer, A., Quesel, J.-D.: KeYmaera: a hybrid theorem prover for hybrid systems (system description). In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 171–178. Springer, Heidelberg (2008) CrossRefGoogle Scholar
  16. 16.
    Quesel, J.D., Mitsch, S., Loos, S., Aréchiga, N., Platzer, A.: How to model and prove hybrid systems with KeYmaera: a tutorial on safety. STTT (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2015

Authors and Affiliations

  • Nathan Fulton
    • 1
  • Stefan Mitsch
    • 1
  • Jan-David Quesel
    • 1
  • Marcus Völp
    • 1
    • 2
  • André Platzer
    • 1
  1. 1.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA
  2. 2.Technische Universität DresdenDresdenGermany

Personalised recommendations