Rodin: an open toolset for modelling and reasoning in Event-B

Event-B is a formal method for system-level modelling and analysis. Key features of Event-B are the use of set theory as a modelling notation, the use of refinement to represent systems at different abstraction levels and the use of mathematical proof to verify consistency between refinement levels. In this article we present the Rodin modelling tool that seamlessly integrates modelling and proving. We outline how the Event-B language was designed to facilitate proof and how the tool has been designed to support changes to models while minimising the impact of changes on existing proofs. We outline the important features of the prover architecture and explain how well-definedness is treated. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods

An open extensible tool environment for Event-B

Abstract. We consider modelling indispensable for the development of complex systems. Modelling must be carried out in a formal notation to reason and make meaningful conjectures about a model. But formal modelling of complex systems is a difficult task. Even when theorem provers improve further and get more powerful, modelling will remain difficult. The reason for this that modelling is an exploratory activity that requires ingenuity in order to arrive at a meaningful model. We are aware that automated theorem provers can discharge most of the onerous trivial proof obligations that appear when modelling systems. In this article we present a modelling tool that seamlessly integrates modelling and proving similar to what is offered today in modern integrated development environments for programming. The tool is extensible and configurable so that it can be adapted more easily to different application domains and development methods.

Valid extensions of introspective systems: a foundation for reflective theorem provers

Introspective systems have been proved ueful in several applications, especially in the area of automated reasoning. In this paper we propose to use structured algebraic specifications to describe the embedded account of introspective systems. Our main result is that extending such an introspective system in a valid manner can be reduced to development of correct software. Since sound extension of automated reasoning systems again can be reduced to valid extension of introspective systems, our work can be seen as a foundation for extensible introspective reasoning systems, and in particular for reflective provers. We prove correctness of our mechanism and report on first experiences we have made with its realization in the KIV system (Karlsruhe Interactive Verifier)

Verification of a Prolog compiler - first steps with KIV

This paper describes the first steps of the formal verification of a Prolog compiler with the KIV system. We build upon the mathematical definitions given by Boerger and Rosenzweig in [BR95]. There an operational semantics of Prolog is defined using the formalism of Evolving Algebras, and then transformed in several systematic steps to the Warren Abstract Machine (WAM). To verify these transformation steps formally in KIV, a translation of deterministic Evolving Algebras to Dynamic Logic is defined, which may also be of general interest. With this translation, correctness of transformation steps becomes a problem of program equivalence in Dynamic Logic. We define a proof technique for verifying such problems, which corresponds to the use of proof maps in Evolving Algebras. Although the transfor- mation steps are small enough for a mathematical analysis, this is not sufficient for a successful formal correctness proof. Such a proof requires to explicitly state a lot of facts, which were only impli- citly assumed in the analysis. We will argue that these assumptions cannot be guessed in a first proof attempt, but have to be filled in incrementally. We report on our experience with this `evolutionary\u27 verification process for the first transformation step, and the support KIV offers to do such incremental correctness proofs

Smart matching

One of the most annoying aspects in the formalization of mathematics is the need of transforming notions to match a given, existing result. This kind of transformations, often based on a conspicuous background knowledge in the given scientific domain (mostly expressed in the form of equalities or isomorphisms), are usually implicit in the mathematical discourse, and it would be highly desirable to obtain a similar behavior in interactive provers. The paper describes the superposition-based implementation of this feature inside the Matita interactive theorem prover, focusing in particular on the so called smart application tactic, supporting smart matching between a goal and a given result.Comment: To appear in The 9th International Conference on Mathematical Knowledge Management: MKM 201

A new logical framework for deductive planning

In this paper we present a logical framework for defining consistent axiomatizations of planning domains. A language to define basic actions and structured plans is embedded in a logic. This allows general properties of a whole planning scenario to be proved as well as plans to be formed deductively. In particular, frame assertions and domain constraints as invariants of the basic actions can be formulated and proved. Even for complex plans most frame assertions are obtained by purely syntactic analysis. In such cases the formal proof can be generated in a uniform way. The formalism we introduce is especially useful when treating recursive plans. A tactical theorem prover, the Karlsruhe Interactive Verifier KIV is used to implement this logical framework