Plugging external provers into the Rodin platform Laurent Voisin (Systerel)
Rodin and Event-B • An open platform for Event-B modelling and proving • Designed to model reactive discrete systems by engineers (no PhD required) • Based on the Eclipse IDE • Contains an open proving framework for both automated and interactive proof • see http://www.event-b.org
The Event-B mathematical language • Formally defined • Based on classical first-order predicate calculus with equality, typed set- theory and integer arithmetic • Extensible: • inductive datatypes (e.g., List) • (recursively) defined operators (e.g., sequence, append) • axiomatic types (e.g., Real numbers) • axiomatic operators (e.g., Real addition) • Proof system defined using sequent calculus
Proving framework • From the model, the platform generates proof obligations (aka VC) • Each PO must be discharged • A proof is a tree where each node carries a sequent • The root carries the sequent corresponding to the PO • The platform maintains the proof tree
Reasoners • Inference rules are produced by reasoners • Inference rules can be forward or backward • A terminating rule has no antecedent (e.g., H, P |- P) • Some reasoners are integrated into the platform (e.g., normalizers and specialized reasoners) • Some reasoners are provided by external provers
A word about safety • The platform trusts the external reasoners • It is not skeptical • Practical trade-off • There is more chance that the model is wrong • Rather than the reasoner you use produces an invalid rule • You can check each rule with another reasoner to increase confidence
External provers • Need to translate from Event-B to the language/ logic of the external prover • Would need to translate back from the external prover • This is easy for terminating rules • Not attempted for other kinds of rules • Important note: want minimal rules to facilitate reuse
Examples • Atelier B provers (translates to classical B) • SMT solvers (translates to SMT-LIB, uses unsat core) • TPTP provers (translates to TPTP) • Isabelle (experimental, translates to a shallow embedding in HOL).
Recommend
More recommend