The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving

  title={The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving},
  author={Stefan Mitsch and Andr{\'e} Platzer},
Hybrid systems verification is quite important for developing correct controllers for physical systems, but is also challenging. Verification engineers, thus, need to be empowered with ways of guiding hybrid systems verification while receiving as much help from automation as possible. Due to undecidability, verification tools need sufficient means for intervening during the verification and need to allow verification engineers to provide system design insights. This paper presents the design… 

Figures from this paper

A Component-Based Hybrid Systems Verification and Implementation Tool in KeYmaera X (Tool Demonstration)

A tool chain that supports component-based modeling and verification of CPS, generation of monitors, and systematic (but unverified) translation of models and monitors into executable code is presented.

Seamless Interactive Program Verification

A novel user interaction concept that allows the user to interact with the verification system on different abstraction levels and on different verification/proof artifacts.

Implicit and Explicit Proof Management in KeYmaera X

  • Stefan Mitsch
  • Computer Science, Mathematics
    Electronic Proceedings in Theoretical Computer Science
  • 2021
Modeling and proof management techniques are presented that are built on top of the soundness-critical core of KeYmaera X to enable expanding definitions, parametric proofs, lemmas, and other useful proof techniques in hybrid systems proofs.

Improving the Proof Experience

Improvements to the hybrid system verification tool KeYmaera X are presented to facilitate better modes of user interaction and enable more effective proof construction and better proof introspection.

A Service-Oriented Approach for Decomposing and Verifying Hybrid System Models

This work provides hybrid contracts, which formally define the interface behavior of hybrid system components in differential dynamic logic, and provides a decomposition technique, which enables compositional verification of Simulink models with interacting components.

Adding Text-Based Interaction to a Direct Manipulation Interface for Program Verification – Lessons Learned*

This paper has combined a direct manipulation program verification system with a text-based interface to leverage the advantages of both interaction paradigms, and adapted well-known interaction concepts from the field of software debugging for the proof process.

Deductive Verification of Hybrid Control Systems Modeled in Simulink with KeYmaera X

An approach to map the informally defined execution semantics of hybrid Simulink models into the formally well-defined semantics of differential dynamic logic ( Open image in new window ); in doing so, this work provides a formal foundation for Simulinks, and enables deductive formal verification of hybridSimulinks models with an interactive theorem prover for hybrid systems.

Bellerophon: Tactical Theorem Proving for Hybrid Systems

This work presents a tactics language and library for hybrid systems verification, named Bellerophon, that provides a way to convey insights by programming hybrid systems proofs.

Interactive Theorem Proving

The metaprogramming language currently in use in Lean, a new open source theorem prover that is designed to bridge the gap between interactive use and automation, is described and evidence is provided to show that the implementation is performant, and that it provides a convenient and flexible way of writing not only small-scale interactive tactics, but also more substantial kinds of automation.



How to model and prove hybrid systems with KeYmaera: a tutorial on safety

It is shown how the interactive features of KeYmaera can help users understand their system designs better and prove complex properties for which the automatic prover of Keymaera still takes an impractical amount of time.

The Dafny Integrated Development Environment

This paper presents an integrated development environment for Dafny-a programming language, verifier, and proof assistant-that addresses issues present in most state-of-the-art verifiers: low responsiveness and lack of support for understanding non-obvious verification failures.

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description)

This work integrates real quantifier elimination following an iterative background closure strategy to overcome the complexity of real arithmetic and implements a generalized free-variable sequent calculus and automatic proof strategies that decompose the hybrid system specification symbolically.

An empirical evaluation of two user interfaces of an interactive program verifier

This paper juxtapose two different user interfaces of the interactive verifier KeY: the traditional one which focuses on proof objects and a more recent one that provides a view akin to an interactive debugger.

The interactive verification debugger: Effective understanding of interactive proof attempts

It can be experimentally demonstrated that the IVD is more effective in understanding proof attempts than a conventional prover user interface.

Evaluation of a Semi-Automated Theorem Prover ( Part II )

The results tentatively indicate that Barnacle does facilitate user interaction with Clam to avoid unproductive proof steps and shows the potential benefits of providing interactivity to fully-automated theorem provers via an effective interface.

A Usability Evaluation of Interactive Theorem Provers Using Focus Groups

The effectiveness of interactive theorem provers increased such that the bottleneck in the proof process shifted from effectiveness to efficiency, and the impact of the gap between the user’s model of the proof and the actual proof performed by the provers’ strategies was evaluated.

The KeY Platform for Verification and Analysis of Java Programs

It is shown that deductive technology that has been developed for full functional verification can be used as a basis and framework for other purposes than pure functional verification.

The KeY tool

KeY is a tool that provides facilities for formal specification and verification of programs within a commercial platform for UML based software development and provides a state-of-the-art theorem prover for interactive and automated verification.