Packages

package root

KeYmaera X is a theorem prover for differential dynamic logic (dL), a logic for specifying and verifying properties of hybrid systems with mixed discrete and continuous dynamics.

KeYmaera X: An aXiomatic Tactical Theorem Prover

KeYmaera X is a theorem prover for differential dynamic logic (dL), a logic for specifying and verifying properties of hybrid systems with mixed discrete and continuous dynamics. Reasoning about complicated hybrid systems requires support for sophisticated proof techniques, efficient computation, and a user interface that crystallizes salient properties of the system. KeYmaera X allows users to specify custom proof search techniques as tactics, execute tactics in parallel, and interface with partial proofs via an extensible user interface.

http://keymaeraX.org/

Concrete syntax for input language Differential Dynamic Logic

Package Structure

Main documentation entry points for KeYmaera X API:

edu.cmu.cs.ls.keymaerax.core - KeYmaera X kernel, proof certificates, main data structures
- Expression - Differential dynamic logic expressions: Term, Formula, Program
- Sequent - Sequents of formulas
- Provable - Proof certificates transformed by rules/axioms
- Rule - Proof rules as well as USubstOne for (one-pass) uniform substitutions and renaming.
- StaticSemantics - Static semantics with free and bound variable analysis
- Instead of constructing dL expressions from constructors, it is easier to use the KeYmaeraXParser.
edu.cmu.cs.ls.keymaerax.parser - Parser and pretty printer with concrete syntax and notation for differential dynamic logic.
- Concrete syntax for input language Differential Dynamic Logic
- KeYmaeraXPrettyPrinter - Pretty printer producing concrete KeYmaera X syntax
- KeYmaeraXParser - Parser reading concrete KeYmaera X syntax
- KeYmaeraXArchiveParser - Parser reading KeYmaera X model and proof archive .kyx files
- DLParser - Combinator parser reading concrete KeYmaera X syntax
- DLArchiveParser - Combinator parser reading KeYmaera X model and proof archive .kyx files
edu.cmu.cs.ls.keymaerax.infrastruct - Prover infrastructure outside the kernel
- UnificationMatch - Unification algorithm
- RenUSubst - Renaming Uniform Substitution quickly combining kernel's renaming and substitution.
- Context - Representation for contexts of formulas in which they occur.
- Augmentors - Augmenting formula and expression data structures with additional functionality
- ExpressionTraversal - Generic traversal functionality for expressions
edu.cmu.cs.ls.keymaerax.bellerophon - Bellerophon tactic language and tactic interpreter
- BelleExpr - Tactic language expressions
- SequentialInterpreter - Sequential tactic interpreter for Bellerophon tactics
edu.cmu.cs.ls.keymaerax.btactics - Bellerophon tactic library for conducting proofs.
- TactixLibrary - Main KeYmaera X tactic library including many proof tactics.
- HilbertCalculus - Hilbert Calculus for differential dynamic logic
- SequentCalculus - Sequent Calculus for propositional and first-order logic
- HybridProgramCalculus - Hybrid Program Calculus for differential dynamic logic
- DifferentialEquationCalculus - Differential Equation Calculus for differential dynamic logic
- UnifyUSCalculus - Unification-based uniform substitution calculus underlying the other calculi
- [edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardTactic ForwardTactic] - Forward tactic framework for conducting proofs from premises to conclusions
edu.cmu.cs.ls.keymaerax.lemma - Lemma mechanism
- Lemma - Lemmas are Provables stored under a name, e.g., in files.
- LemmaDB - Lemma database stored in files or database etc.
edu.cmu.cs.ls.keymaerax.tools.qe - Real arithmetic back-end solvers
- MathematicaQETool - Mathematica interface for real arithmetic.
- Z3QETool - Z3 interface for real arithmetic.
edu.cmu.cs.ls.keymaerax.tools.ext - Extended back-ends for noncritical ODE solving, counterexamples, algebra, simplifiers, etc.
- Mathematica - Mathematica interface for ODE solving, algebra, simplification, invariant generation, etc.
- Z3 - Z3 interface for real arithmetic including simplifiers.

Entry Points

Additional entry points and usage points for KeYmaera X API:

edu.cmu.cs.ls.keymaerax.launcher.KeYmaeraX - Command-line launcher for KeYmaera X supports command-line argument -help to obtain usage information
edu.cmu.cs.ls.keymaerax.btactics.AxIndex - Axiom indexing data structures with keys and recursors for canonical proof strategies.
edu.cmu.cs.ls.keymaerax.btactics.DerivationInfo - Meta-information on all derivation steps (axioms, derived axioms, proof rules, tactics) with user-interface info.
edu.cmu.cs.ls.keymaerax.bellerophon.UIIndex - Index determining which canonical reasoning steps to display on the KeYmaera X User Interface.
edu.cmu.cs.ls.keymaerax.btactics.Ax - Registry for derived axioms and axiomatic proof rules that are proved from the core.

References

Full references on KeYmaera X are provided at http://keymaeraX.org/. The main references are the following:

1. André Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219-265, 2017.

2. Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp and André Platzer. KeYmaera X: An axiomatic tactical theorem prover for hybrid systems. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, volume 9195 of LNCS, pp. 527-538. Springer, 2015.

3. André Platzer. Logical Foundations of Cyber-Physical Systems. Springer, 2018. Videos

Definition Classes: root

package edu

Definition Classes: root

package cmu

Definition Classes: edu

package cs

Definition Classes: cmu

package ls

Definition Classes: cs

package keymaerax

Definition Classes: ls

package btactics

Tactic library in the Bellerophon tactic language.

edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary Main tactic library consisting of:
- HilbertCalculus Hilbert Calculus for differential dynamic logic
- SequentCalculus Sequent Calculus for propositional and first-order logic
- HybridProgramCalculus Hybrid Program Calculus for differential dynamic logic
- DifferentialEquationCalculus Differential Equation Calculus for differential dynamic logic
- UnifyUSCalculus Unification-based Uniform Substitution Calculus
Tactic tools
- AxIndex]: Axiom Indexing data structures for canonical proof strategies.
- DerivationInfo: Meta-information for derivation steps such as axioms for user interface etc.

All tactics are implemented in the Bellerophon tactic language, including its dependent tactics, which ultimately produce edu.cmu.cs.ls.keymaerax.core.Provable proof certificates by the Bellerophon interpreter. The Provables that tactics produce can be extracted, for example, with edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.proveBy().

Proof Styles

KeYmaera X supports many different proof styles, including flexible combinations of the following styles:

Explicit proof certificates directly program the proof rules from the core.

2. Explicit proofs use tactics to describe a proof directly mentioning all or most proof steps.

3. Proof by search relies mainly on proof search with occasional additional guidance.

4. Proof by pointing points out facts and where to use them.

5. Proof by congruence is based on equivalence or equality or implicational rewriting within a context.

6. Proof by chase is based on chasing away operators at an indicated position.

Explicit Proof Certificates

The most explicit types of proofs can be constructed directly using the edu.cmu.cs.ls.keymaerax.core.Provable certificates in KeYmaera X's kernel without using any tactics. Also see edu.cmu.cs.ls.keymaerax.core.

import edu.cmu.cs.ls.keymaerax.core._
// explicit proof certificate construction of |- !!p() <-> p()
val proof = (Provable.startProof(
  "!!p() <-> p()".asFormula)
  (EquivRight(SuccPos(0)), 0)
  // right branch
    (NotRight(SuccPos(0)), 1)
    (NotLeft(AntePos(1)), 1)
    (Close(AntePos(0),SuccPos(0)), 1)
  // left branch
    (NotLeft(AntePos(0)), 0)
    (NotRight(SuccPos(1)), 0)
    (Close(AntePos(0),SuccPos(0)), 0)
)

Explicit Proofs

Explicit proofs construct similarly explicit proof steps, just with explicit tactics from TactixLibrary: The only actual difference is the order of the branches, which is fixed to be from left to right in tactic branching. Tactics also use more elegant signed integers to refer to antecedent positions (negative) or succedent positions (positive).

import TactixLibrary._
// Explicit proof tactic for |- !!p() <-> p()
val proof = TactixLibrary.proveBy("!!p() <-> p()".asFormula,
   equivR(1) & <(
     (notL(-1) &
       notR(2) &
       closeId)
     ,
     (notR(1) &
       notL(-2) &
       closeId)
     )
 )

Proof by Search

Proof by search primarily relies on proof search procedures to conduct a proof. That gives very short proofs but, of course, they are not always entirely informative about how the proof worked. It is easiest to see in simple situations where propositional logic proof search will find a proof but works well in more general situations, too.

import TactixLibrary._
// Proof by search of |- (p() & q()) & r() <-> p() & (q() & r())
val proof = TactixLibrary.proveBy("(p() & q()) & r() <-> p() & (q() & r())".asFormula,
   prop
)

Common tactics for proof by search include edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.prop(), edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.auto() and the like.

Proof by Pointing

Proof by pointing emphasizes the facts to use and is implicit about the details on how to use them exactly. Proof by pointing works by pointing to a position in the sequent and using a given fact at that position. For example, for proving

⟨v:=2*v+1;⟩v!=0 <-> 2*v+1!=0

it is enough to point to the highlighted position using the Ax.diamond axiom fact ![a;]!p(||) <-> ⟨a;⟩p(||) at the highlighted position to reduce the proof to a proof of

![v:=2*v+1;]!(v!=0) <-> 2*v+1!=0

which is, in turn, easy to prove by pointing to the highlighted position using the Ax.assignbAxiom axiom [x:=t();]p(x) <-> p(t()) at the highlighted position to reduce the proof to

!!(2*v+1!=0) <-> 2*v+1!=0

Finally, using double negation !!p() <-> p() at the highlighted position yields the following

2*v+1!=0 <-> 2*v+1!=0

which easily proves by reflexivity p() <-> p().

Proof by pointing matches the highlighted position against the highlighted position in the fact and does what it takes to use that knowledge. There are multiple variations of proof by pointing in edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.useAt and edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.byUS, which are also imported into edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary. The above proof by pointing implements directly in KeYmaera X:

import TactixLibrary._
// Proof by pointing of  |- <v:=2*v+1;>v!=0 <-> 2*v+1!=0
val proof = TactixLibrary.proveBy("<v:=2*v+1;>q(v) <-> q(2*v+1)".asFormula,
  // use Ax.diamond axiom backwards at the indicated position on
  // |- __<v:=2*v+1;>q(v)__ <-> q(2*v+1)
  useExpansionAt(Ax.diamond)(1, 0::Nil) &
  // use Ax.assignbAxiom axiom forward at the indicated position on
  // |- !__[v:=2*v+1;]!q(v)__ <-> q(2*v+1)
  useAt(Ax.assignbAxiom(1, 0::0::Nil) &
  // use double negation at the indicated position on
  // |- __!!q(2*v+1)__ <-> q(2*v+1)
  useAt(Ax.doubleNegation)(1, 0::Nil) &
  // close by (an instance of) reflexivity |- p() <-> p()
  // |- q(2*v+1) <-> q(2*v+1)
  byUS(Ax.equivReflexive)
)

Another example is:

import TactixLibrary._
// Proof by pointing of  |- <a;++b;>p(x) <-> (<a;>p(x) | <b;>p(x))
val proof = TactixLibrary.proveBy("<a;++b;>p(x) <-> (<a;>p(x) | <b;>p(x))".asFormula,
  // use Ax.diamond axiom backwards at the indicated position on
  // |- __<a;++b;>p(x)__  <->  <a;>p(x) | <b;>p(x)
  useExpansionAt(Ax.diamond)(1, 0::Nil) &
  // use Ax.choiceb axiom forward at the indicated position on
  // |- !__[a;++b;]!p(x)__  <->  <a;>p(x) | <b;>p(x)
  useAt(Ax.choiceb)(1, 0::0::Nil) &
  // use Ax.diamond axiom forward at the indicated position on
  // |- !([a;]!p(x) & [b;]!p(x))  <->  __<a;>p(x)__ | <b;>p(x)
  useExpansionAt(Ax.diamond)(1, 1::0::Nil) &
  // use Ax.diamond axiom forward at the indicated position on
  // |- !([a;]!p(x) & [b;]!p(x))  <->  ![a;]!p(x) | __<b;>p(x)__
  useExpansionAt(Ax.diamond)(1, 1::1::Nil) &
  // use propositional logic to show
  // |- !([a;]!p(x) & [b;]!p(x))  <->  ![a;]!p(x) | ![b;]!p(x)
  prop
)

edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.stepAt also uses proof by pointing but figures out the appropriate fact to use on its own. Here's a similar proof:

import TactixLibrary._
// Proof by pointing with steps of  |- ⟨a++b⟩p(x) <-> (⟨a⟩p(x) | ⟨b⟩p(x))
val proof = TactixLibrary.proveBy("p(x) <-> (p(x) | p(x))".asFormula,
  // use Ax.diamond axiom backwards at the indicated position on
  // |- __⟨a++b⟩p(x)__  <->  ⟨a⟩p(x) | ⟨b⟩p(x)
  useExpansionAt(Ax.diamond)(1, 0::Nil) &
  // |- !__[a;++b;]!p(x)__  <->  ⟨a⟩p(x) | ⟨b⟩p(x)
  // step Ax.choiceb axiom forward at the indicated position
  stepAt(1, 0::0::Nil) &
  // |- __!([a;]!p(x) & [b;]!p(x))__  <-> ⟨a⟩p(x) | ⟨b⟩p(x)
  // step deMorgan forward at the indicated position
  stepAt(1, 0::Nil) &
  // |- __![a;]!p(x)__ | ![b;]!p(x)  <-> ⟨a⟩p(x) | ⟨b⟩p(x)
  // step Ax.diamond forward at the indicated position
  stepAt(1, 0::0::Nil) &
  // |- ⟨a⟩p(x) | __![b;]!p(x)__  <-> ⟨a⟩p(x) | ⟨b⟩p(x)
  // step Ax.diamond forward at the indicated position
  stepAt(1, 0::1::Nil) &
  // |- ⟨a⟩p(x) | ⟨b⟩p(x)  <-> ⟨a⟩p(x) | ⟨b⟩p(x)
  byUS(Ax.equivReflexive)
)

Likewise, for proving

x>5 |- !([x:=x+1; ++ x:=0;]x>=6) | x<2

it is enough to point to the highlighted position

x>5 |- !([x:=x+1; ++ x:=0;]x>=6) | x<2

and using the Ax.choiceb axiom fact [a;++b;]p(||) <-> [a;]p(||) & [b;]p(||) to reduce the proof to a proof of

x>5 |- !([x:=x+1;]x>6 & [x:=0;]x>=6) | x<2

which is, in turn, easy to prove by pointing to the assignments using Ax.assignbAxiom axioms and ultimately asking propositional logic.

More proofs by pointing are shown in edu.cmu.cs.ls.keymaerax.btactics.Ax source code.

Proof by Congruence

Proof by congruence is based on equivalence or equality or implicational rewriting within a context. This proof style can make quite quick inferences leading to significant progress using the CE, CQ, CT congruence proof rules or combinations thereof.

import TactixLibrary._
// |- x*(x+1)>=0 -> [y:=0;x:=__x^2+x__;]x>=y
val proof = TactixLibrary.proveBy("x*(x+1)>=0 -> [y:=0;x:=x^2+x;]x>=y".asFormula,
  CEat(proveBy("x*(x+1)=x^2+x".asFormula, QE)) (1, 1::0::1::1::Nil) &
  // |- x*(x+1)>=0 -> [y:=0;x:=__x*(x+1)__;]x>=y by CE/CQ using x*(x+1)=x^2+x at the indicated position
  // step uses top-level operator [;]
  stepAt(1, 1::Nil) &
  // |- x*(x+1)>=0 -> [y:=0;][x:=x*(x+1);]x>=y
  // step uses top-level operator [:=]
  stepAt(1, 1::Nil) &
  // |- x*(x+1)>=0 -> [x:=x*(x+1);]x>=0
  // step uses top-level [:=]
  stepAt(1, 1::Nil) &
  // |- x*(x+1)>=0 -> x*(x+1)>=0
  prop
)

Proof by congruence can also make use of a fact in multiple places at once by defining an appropriate context C:

import TactixLibrary._
val C = Context("x<5 & ⎵ -> [{x' = 5*x & ⎵}](⎵ & x>=1)".asFormula)
// |- x<5 & __x^2<4__ -> [{x' = 5*x & __x^2<4__}](__x^2<4__ & x>=1)
val proof = TactixLibrary.proveBy("x<5 & x^2<4 -> [{x' = 5*x & x^2<4}](x^2<4 & x>=1)".asFormula,
  CEat(proveBy("-2x^2<4".asFormula, QE), C) (1))
)
// |- x<5 & (__-2 [{x' = 5*x & __-2=1) by CE
println(proof.subgoals)

Proof by Chase

Proof by chase chases the expression at the indicated position forward until it is chased away or can't be chased further without critical choices. The canonical examples use edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.chase() to chase away differential forms:

import TactixLibrary._
val proof = TactixLibrary.proveBy("[{x'=22}](2*x+x*y>=5)'".asFormula,
 // chase the differential prime away in the postcondition
 chase(1, 1 :: Nil)
 // |- [{x'=22}]2*x'+(x'*y+x*y')>=0
)
// Remaining subgoals: |- [{x'=22}]2*x'+(x'*y+x*y')>=0
println(proof.subgoals)

import TactixLibrary._
val proof = TactixLibrary.proveBy("[{x'=22}](2*x+x*y>=5)' <-> [{x'=22}]2*x'+(x'*y+x*y')>=0".asFormula,
  // chase the differential prime away in the left postcondition
  chase(1, 0:: 1 :: Nil) &
  // |- [{x'=22}]2*x'+(x'*y+x*y')>=0 <-> [{x'=22}]2*x'+(x'*y+x*y')>=0
  byUS(Ax.equivReflexive)
)

Yet edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.chase() is also useful to chase away other operators, say, modalities:

import TactixLibrary._
// proof by chase of |- [?x>0;x:=x+1;x:=2*x; ++ ?x=0;x:=1;]x>=1
val proof = TactixLibrary.proveBy(
  "[?x>0;x:=x+1;x:=2*x; ++ ?x=0;x:=1;]x>=1".asFormula,
  // chase the box in the succedent away
  chase(1,Nil) &
  // |- (x>0->2*(x+1)>=1)&(x=0->1>=1)
  QE
)

Additional Mechanisms

Tactic framework for Hilbert-style Forward Tactics: Tactics are functions Provable=>Provable
- edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardTactic: Forward Hilbert-style tactics Provable=>Provable
- edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardPositionTactic: Positional forward Hilbert-style tactics Position=>(Provable=>Provable)
- edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus: Forward Hilbert-style tactic combinators.

Definition Classes: keymaerax
To do: Expand descriptions
See also: Andre Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219-266, 2017.
edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary
edu.cmu.cs.ls.keymaerax.btactics.HilbertCalculus
edu.cmu.cs.ls.keymaerax.btactics.SequentCalculus
edu.cmu.cs.ls.keymaerax.btactics.HybridProgramCalculus
edu.cmu.cs.ls.keymaerax.btactics.DifferentialEquationCalculus
edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus

package arithmetic

Definition Classes: btactics

package cexsearch

Definition Classes: btactics

package coasterx

Definition Classes: btactics

package components

Definition Classes: btactics

package dRL

Definition Classes: btactics

package helpers

Helper functions for implementing tactics.

Helper functions for implementing tactics. Note that these are **not** themselves tactics.

Definition Classes: btactics
See also: helpers.DifferentialHelper Differential Equation-specific program helpers.
helpers.ProgramHelpers Hybrid Program helpers that are not specific to Differential Equations.

package macros

Definition Classes: btactics

package robustify

Definition Classes: btactics

AnonymousLemmas

Approximator

ArithmeticLibrary

ArithmeticSimplification

AxIndex

AxiomaticODESolver

BelleLabels

BelleREPL

Bifurcation

Case

ConfigurableGenerator

DebuggingTactics

DefaultTacticIndex

DerivationInfoRegistry

Derive

DifferentialDecisionProcedures

DifferentialEquationCalculus

DifferentialSaturation

FOQuantifierTactics

FixedGenerator

Generator

HilbertCalculus

HybridProgramCalculus

Idioms

ImplicitAx

Integrator

IntegratorODESolverTool

IntervalArithmeticV2

InvGenTool

InvariantGenerator

InvariantProvers

IsabelleSyntax

Kaisar

MathematicaToolProvider

ModelPlex

ModelPlexConjecture

ModelPlexTrait

MonomialOrders

MultiToolProvider

NanoTimer

NoTimer

NoneToolProvider

ODEInvariance

ODELiveness

ODEStability

PolynomialArith

PolynomialArithV2

PolynomialArithV2Helpers

PolynomialRing

PreferredToolProvider

RicattiEquation

RicattiSystem

SOSSolve

SequentCalculus

Simplifier

SimplifierV2

SimplifierV3

SwitchedSystems

TacticFactory

TacticHelper

TacticIndex

TactixInit

TactixLibrary

TaylorModelArith

TaylorModelOptions

TaylorModelTactics

TimeStepOptions

Timer

ToolProvider

Transitivity

TwoThreeTreePolynomialRing

UnifyUSCalculus

WolframEngineToolProvider

WolframScriptToolProvider

WolframToolProvider

Z3ToolProvider

edu.cmu.cs.ls.keymaerax.btactics

SwitchedSystems

object SwitchedSystems

Provides support for generating switched system models under various switching mechanisms.

Also provides proof automation for stability proofs

Linear Supertypes

AnyRef, Any

Ordering

Alphabetic
By Inheritance

Inherited

SwitchedSystems
AnyRef
Any

Hide All
Show All

Visibility

Public
All

Type Members

case class Controlled(initopt: Option[Program], modes: List[(String, ODESystem, List[(String, Program)])], u: Variable) extends SwitchedSystem with Product with Serializable
Controlled switching models
Controlled switching models
initopt
optional initialization program
modes
list of modes, each mode consisting of: name: String (representing constant function name()) ode: ODESystem (continuous dynamics) transitions : List[(String,Program)] (transitions p->q where program a is executed along the transition, e.g., a guard and/or reset map)
u
the mode control variable u
case class Guarded(modes: List[(String, ODESystem, List[(String, Formula)])], u: Variable) extends SwitchedSystem with Product with Serializable
case class StateDependent(odes: List[ODESystem]) extends SwitchedSystem with Product with Serializable
State dependent switching Switching between a list of ODEs (with domains)
sealed trait SwitchedSystem extends AnyRef
case class Timed(modes: List[(String, DifferentialProgram, Option[Term], List[(String, Option[Term])])], u: Variable, timer: Variable) extends SwitchedSystem with Product with Serializable

Value Members

final def !=(arg0: Any): Boolean

Definition Classes
AnyRef → Any
final def ##(): Int

Definition Classes
AnyRef → Any
final def ==(arg0: Any): Boolean

Definition Classes
AnyRef → Any
final def asInstanceOf[T0]: T0

Definition Classes
Any
def attractivitySpec(ss: SwitchedSystem): Formula
def clone(): AnyRef

Attributes
protected[java.lang]
Definition Classes
AnyRef
Annotations
@native() @throws( ... )
def controlledFromProgram(p: Program, topt: Option[Variable]): Controlled
final def eq(arg0: AnyRef): Boolean

Definition Classes
AnyRef
def equals(arg0: Any): Boolean

Definition Classes
AnyRef → Any
def finalize(): Unit

Attributes
protected[java.lang]
Definition Classes
AnyRef
Annotations
@throws( classOf[java.lang.Throwable] )
final def getClass(): Class[_]

Definition Classes
AnyRef → Any
Annotations
@native()
def guardedFromProgram(p: Program, topt: Option[Variable]): Guarded
def guardedTransitionMap(ss: SwitchedSystem): List[(Int, Int, Formula)]
Extract an underlying indexed transition map suitable for MLF generation
Extract an underlying indexed transition map suitable for MLF generation
ss
the switched system under consideration
def hashCode(): Int

Definition Classes
AnyRef → Any
Annotations
@native()
final def isInstanceOf[T0]: Boolean

Definition Classes
Any
final def ne(arg0: AnyRef): Boolean

Definition Classes
AnyRef
final def notify(): Unit

Definition Classes
AnyRef
Annotations
@native()
final def notifyAll(): Unit

Definition Classes
AnyRef
Annotations
@native()
def odeActive(sys: ODESystem, dom: Formula): Option[(String, Map[NamedSymbol, Expression])]
Check that ODE's domain includes points that are about to locally exit or enter it under the dynamics of the ODE
Check that ODE's domain includes points that are about to locally exit or enter it under the dynamics of the ODE
sys
the ODE under consideration
dom
the "global" domain of points to be considered

Note
for closed domains, this is automatically true
,
returns an option with string and counterexample if it manages to find one
def proveAttractivityCLF(V: Term): DependentPositionTactic
def proveAttractivityCLF(V: Option[Term]): DependentPositionWithAppliedInputTactic

Annotations
@Tactic( x$13 , x$14 , x$15 , x$16 , x$17 , x$19 , x$20 , x$18 , x$21 , x$22 , x$23 , x$24 )
def proveAttractivityStateMLF(Vp: List[Term]): DependentPositionWithAppliedInputTactic

Annotations
@Tactic( x$37 , x$38 , x$39 , x$40 , x$41 , x$43 , x$44 , x$42 , x$45 , x$46 , x$47 , x$48 )
def proveAttractivityTimeMLF(Vp: List[Term], Lp: List[Formula], rate: Term): DependentPositionWithAppliedInputTactic

Annotations
@Tactic( "attractivityTimeMLF" , "attractivityTimeMLF" , ... , "Γ |- Vp' <= Lp*Vp, rate > 0" , ... , macros.this.Tactic.<init>$default$6 , macros.this.Tactic.<init>$default$7 , macros.this.Tactic.<init>$default$8 , macros.this.Tactic.<init>$default$9 , ... , ... , ... )
def proveStabilityCLF(V: Term): DependentPositionTactic
def proveStabilityCLF(V: Option[Term]): DependentPositionWithAppliedInputTactic

Annotations
@Tactic( x$1 , x$2 , x$3 , x$4 , x$5 , x$7 , x$8 , x$6 , x$9 , x$10 , x$11 , x$12 )
def proveStabilityStateMLF(Vp: List[Term]): DependentPositionWithAppliedInputTactic

Annotations
@Tactic( x$25 , x$26 , x$27 , x$28 , x$29 , x$31 , x$32 , x$30 , x$33 , x$34 , x$35 , x$36 )
def proveStabilityTimeMLF(Vp: List[Term], Lp: List[Formula]): DependentPositionWithAppliedInputTactic
MLF tactic for time-dependent
MLF tactic for time-dependent
Vp
list of Lyapunov functions V_p
Lp
list of lambdas such that V_p' <= -lambda V_p note: lambdas is provided as a list of Formulas expected to have shape lambda_p <= 0 or lambda_p > 0 This is to support parametric lambda (where the sign is not necessarily known)
returns
Tactic proving stability for the Timed switched system at a given position

Annotations
@Tactic( "stabilityTimeMLF" , "stabilityTimeMLF" , ... , "Γ |- Vp' <= Lp*Vp" , ... , macros.this.Tactic.<init>$default$6 , macros.this.Tactic.<init>$default$7 , macros.this.Tactic.<init>$default$8 , macros.this.Tactic.<init>$default$9 , ... , ... , ... )
def proveStable(lyap: Term, prog: Program, varsopt: Option[List[Variable]] = None, restr: Option[Formula] = None): DependentPositionTactic
Prove stability specification at the given top-level position using the given Lyapunov function V V must satisfy the "basic" properties: V(0) = 0, V > 0 away from the origin
Prove stability specification at the given top-level position using the given Lyapunov function V V must satisfy the "basic" properties: V(0) = 0, V > 0 away from the origin
Additionally, V must be a "throughout" invariant of the hybrid program
lyap
the (common) Lyapunov function
prog
?
varsopt
?
restr
?
returns
stability tactic
def slowSwitch(odes: List[ODESystem], dwell: Term, s: Variable = "s_".asVariable, u: Variable = "u_".asVariable, topt: Option[BaseVariable] = None): Program
Standard slow switching model Each ODE is indexed 0,...,n-1
Standard slow switching model Each ODE is indexed 0,...,n-1
odes
ODEs in the family
dwell
the (global) minimum dwell time
returns
a hybrid program modeling slow switching between the ODEs
def stabilitySpec(ss: SwitchedSystem): Formula
def stableOrigin(prog: Program, varsopt: Option[List[(Variable, Term)]] = None, restr: Option[Formula] = None): Formula
Stability of the origin for a given hybrid program \forall eps > 0 \exists del > 0 \forall x ( ||x|| < del -> [ a ] ||x|| < eps )
Stability of the origin for a given hybrid program \forall eps > 0 \exists del > 0 \forall x ( ||x|| < del -> [ a ] ||x|| < eps )
prog
the hybrid program a to specify stability
varsopt
Optional list of variables to quantify and perturb. By default None will pick non-differential freeVars(a) \cap boundVars(a)
restr
an optional additional restriction on the initial perturbation With the additional options, we can write down slightly more nuanced specifications \forall eps > 0 \exists del > 0 \forall x ( ||x|| < del -> [ a ] ||x|| < eps )
def stateDependentFromProgram(p: Program, topt: Option[Variable]): StateDependent
def stateSwitchActive(odes: List[ODESystem], dom: Formula = True): Option[(String, Map[NamedSymbol, Expression])]
Check that all states can locally evolve under at least one ODE
Check that all states can locally evolve under at least one ODE
odes
ODEs in the family
dom
the expected domain of the overall system (defaults: the entire state space)
final def synchronized[T0](arg0: ⇒ T0): T0

Definition Classes
AnyRef
def timeSwitch(odes: List[(ODESystem, Option[Term])], transitions: List[List[(Int, Term)]], s: Variable = "s_".asVariable, u: Variable = "u_".asVariable, topt: Option[BaseVariable] = None): Program
General time dependent switching model Each ODE is indexed 0,...,n-1 Each index i can be associated with an (optional) positive time bound t <= T_i for the maximum dwell time Each pair (i,j) can be associated with a positive time tau_{ij} <= t for minimum dwell time before transition
General time dependent switching model Each ODE is indexed 0,...,n-1 Each index i can be associated with an (optional) positive time bound t <= T_i for the maximum dwell time Each pair (i,j) can be associated with a positive time tau_{ij} <= t for minimum dwell time before transition
odes
ODEs in the family with their time bounds
transitions
for each ODE i, an associated list of pairs (j,tau_{ij})
returns
a hybrid program modeling time-dependent switching between the ODEs
def timedFromProgram(p: Program, topt: Option[Variable]): Timed
def toString(): String

Definition Classes
AnyRef → Any
final def wait(): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long, arg1: Int): Unit

Definition Classes
AnyRef
Annotations
@throws( ... )
final def wait(arg0: Long): Unit

Definition Classes
AnyRef
Annotations
@native() @throws( ... )

Packages

KeYmaera X: An aXiomatic Tactical Theorem Prover

Package Structure

Entry Points

References

Proof Styles

Explicit Proof Certificates

Explicit Proofs

Proof by Search

Proof by Pointing

Proof by Congruence

Proof by Chase

Additional Mechanisms

SwitchedSystems

object SwitchedSystems

Type Members

Value Members

Inherited from AnyRef

Inherited from Any

Ungrouped

Packages

KeYmaera X: An aXiomatic Tactical Theorem Prover

Package Structure

Entry Points

References

Proof Styles

Explicit Proof Certificates

Explicit Proofs

Proof by Search

Proof by Pointing

Proof by Congruence

Proof by Chase

Additional Mechanisms

SwitchedSystems 

object SwitchedSystems

Type Members

Value Members

Inherited from AnyRef

Inherited from Any

Ungrouped

SwitchedSystems