package btactics
Tactic library in the Bellerophon tactic language.
edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary
Main tactic libraryedu.cmu.cs.ls.keymaerax.btactics.HilbertCalculus
Hilbert Calculus for differential dynamic logicedu.cmu.cs.ls.keymaerax.btactics.SequentCalculus
Sequent Calculus for propositional and firstorder logicedu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus
Unificationbased Uniform Substitution Calculus Tactic tools
 edu.cmu.cs.ls.keymaerax.bellerophon.Position: Tactic positioning types.
 edu.cmu.cs.ls.keymaerax.bellerophon.UnificationMatch: Unification and matchers.
 edu.cmu.cs.ls.keymaerax.bellerophon.RenUSubst: Renaming uniform substitutions, combining uniform renaming with uniform substitution.
 edu.cmu.cs.ls.keymaerax.btactics.Augmentors: Implicit convenience additions of helper functions to formulas, terms, programs, sequents.
 edu.cmu.cs.ls.keymaerax.btactics.Context: Convenience representation of formulas used as contexts that provide ways of substituting expressions in.
 edu.cmu.cs.ls.keymaerax.btactics.AxiomIndex: Axiom Indexing data structures for canonical proof strategies.
 edu.cmu.cs.ls.keymaerax.btactics.DerivationInfo: Metainformation for derivation steps such as axioms for user interface etc.
All tactics are implemented in the Bellerophon tactic language, including its dependent tactics, which ultimately produce edu.cmu.cs.ls.keymaerax.core.Provable proof certificates by the Bellerophon interpreter. The Provables that tactics produce can be extracted, for example, with edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.proveBy().
Proof Styles
KeYmaera X supports many different proof styles, including flexible combinations of the following styles:
 Explicit proof certificates directly program the proof rules from the core.
2. Explicit proofs use tactics to describe a proof directly mentioning all or most proof steps.
3. Proof by search relies mainly on proof search with occasional additional guidance.
4. Proof by pointing points out facts and where to use them.
5. Proof by congruence is based on equivalence or equality or implicational rewriting within a context.
6. Proof by chase is based on chasing away operators at an indicated position.
Explicit Proof Certificates
The most explicit types of proofs can be constructed directly using the edu.cmu.cs.ls.keymaerax.core.Provable certificates in KeYmaera X's kernel without using any tactics. Also see edu.cmu.cs.ls.keymaerax.core.
import edu.cmu.cs.ls.keymaerax.core._ // explicit proof certificate construction of  !!p() <> p() val proof = (Provable.startProof( Sequent(IndexedSeq(), IndexedSeq("!!p() <> p()".asFormula))) (EquivRight(SuccPos(0)), 0) // right branch (NotRight(SuccPos(0)), 1) (NotLeft(AntePos(1)), 1) (Close(AntePos(0),SuccPos(0)), 1) // left branch (NotLeft(AntePos(0)), 0) (NotRight(SuccPos(1)), 0) (Close(AntePos(0),SuccPos(0)), 0) )
Explicit Proofs
Explicit proofs construct similarly explicit proof steps, just with explicit tactics from TactixLibrary: The only actual difference is the order of the branches, which is fixed to be from left to right in tactic branching. Tactics also use more elegant signed integers to refer to antecedent positions (negative) or succedent positions (positive).
import TactixLibrary._ // Explicit proof tactic for  !!p() <> p() val proof = TactixLibrary.proveBy("!!p() <> p()".asFormula, equivR(1) & <( (notL(1) & notR(2) & closeId) , (notR(1) & notL(2) & closeId) ) )
Proof by Search
Proof by search primarily relies on proof search procedures to conduct a proof. That gives very short proofs but, of course, they are not always entirely informative about how the proof worked. It is easiest to see in simple situations where propositional logic proof search will find a proof but works well in more general situations, too.
import TactixLibrary._ // Proof by search of  (p() & q()) & r() <> p() & (q() & r()) val proof = TactixLibrary.proveBy("(p() & q()) & r() <> p() & (q() & r())".asFormula, prop )
Common tactics for proof by search include edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.prop(), edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.master() and the like.
Proof by Pointing
Proof by pointing emphasizes the facts to use and is implicit about the details on how to use them exactly. Proof by pointing works by pointing to a position in the sequent and using a given fact at that position. For example, for proving
⟨v:=2*v+1;⟩v!=0 <> 2*v+1!=0
it is enough to point to the highlighted position
using the "<> diamond" axiom fact
![a;]!p() <> ⟨a;⟩p()
at the highlighted position to reduce the proof to a proof of
![v:=2*v+1;]!(v!=0) <> 2*v+1!=0
which is, in turn, easy to prove by pointing to the highlighted position using the "[:=] assign" axiom
[x:=t();]p(x) <> p(t())
at the highlighted position to reduce the proof to
!!(2*v+1!=0) <> 2*v+1!=0
Finally, using double negation !!p() <> p()
at the highlighted position yields the following
2*v+1!=0 <> 2*v+1!=0
which easily proves by reflexivity p() <> p()
.
Proof by pointing matches the highlighted position against the highlighted position in the fact and does what it takes to use that knowledge. There are multiple variations of proof by pointing in edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.useAt and edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.byUS, which are also imported into edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary. The above proof by pointing implements directly in KeYmaera X:
import TactixLibrary._ // Proof by pointing of  <v:=2*v+1;>v!=0 <> 2*v+1!=0 val proof = TactixLibrary.proveBy("<v:=2*v+1;>q(v) <> q(2*v+1)".asFormula, // use "<> diamond" axiom backwards at the indicated position on //  __<v:=2*v+1;>q(v)__ <> q(2*v+1) useExpansionAt("<> diamond")(1, 0::Nil) & // use "[:=] assign" axiom forward at the indicated position on //  !__[v:=2*v+1;]!q(v)__ <> q(2*v+1) useAt("[:=] assign")(1, 0::0::Nil) & // use double negation at the indicated position on //  __!!q(2*v+1)__ <> q(2*v+1) useAt("!! double negation")(1, 0::Nil) & // close by (an instance of) reflexivity  p() <> p() //  q(2*v+1) <> q(2*v+1) byUS("<> reflexive") )
Another example is:
import TactixLibrary._ // Proof by pointing of  <a;++b;>p(x) <> (<a;>p(x)  <b;>p(x)) val proof = TactixLibrary.proveBy("<a;++b;>p(x) <> (<a;>p(x)  <b;>p(x))".asFormula, // use "<> diamond" axiom backwards at the indicated position on //  __<a;++b;>p(x)__ <> <a;>p(x)  <b;>p(x) useExpansionAt("<> diamond")(1, 0::Nil) & // use "[++] choice" axiom forward at the indicated position on //  !__[a;++b;]!p(x)__ <> <a;>p(x)  <b;>p(x) useAt("[++] choice")(1, 0::0::Nil) & // use "<> diamond" axiom forward at the indicated position on //  !([a;]!p(x) & [b;]!p(x)) <> __<a;>p(x)__  <b;>p(x) useExpansionAt("<> diamond")(1, 1::0::Nil) & // use "<> diamond" axiom forward at the indicated position on //  !([a;]!p(x) & [b;]!p(x)) <> ![a;]!p(x)  __<b;>p(x)__ useExpansionAt("<> diamond")(1, 1::1::Nil) & // use propositional logic to show //  !([a;]!p(x) & [b;]!p(x)) <> ![a;]!p(x)  ![b;]!p(x) prop )
edu.cmu.cs.ls.keymaerax.btactics.TactixLibrary.stepAt also uses proof by pointing but figures out the appropriate fact to use on its own. Here's a similar proof:
import TactixLibrary._ // Proof by pointing with steps of  ⟨a++b⟩p(x) <> (⟨a⟩p(x)  ⟨b⟩p(x)) val proof = TactixLibrary.proveBy("p(x) <> (p(x)  p(x))".asFormula, // use "<> diamond" axiom backwards at the indicated position on //  __⟨a++b⟩p(x)__ <> ⟨a⟩p(x)  ⟨b⟩p(x) useExpansionAt("<> diamond")(1, 0::Nil) & //  !__[a;++b;]!p(x)__ <> ⟨a⟩p(x)  ⟨b⟩p(x) // step "[++] choice" axiom forward at the indicated position stepAt(1, 0::0::Nil) & //  __!([a;]!p(x) & [b;]!p(x))__ <> ⟨a⟩p(x)  ⟨b⟩p(x) // step deMorgan forward at the indicated position stepAt(1, 0::Nil) & //  __![a;]!p(x)__  ![b;]!p(x) <> ⟨a⟩p(x)  ⟨b⟩p(x) // step "<> diamond" forward at the indicated position stepAt(1, 0::0::Nil) & //  ⟨a⟩p(x)  __![b;]!p(x)__ <> ⟨a⟩p(x)  ⟨b⟩p(x) // step "<> diamond" forward at the indicated position stepAt(1, 0::1::Nil) & //  ⟨a⟩p(x)  ⟨b⟩p(x) <> ⟨a⟩p(x)  ⟨b⟩p(x) byUS("<> reflexive") )
Likewise, for proving
x>5  !([x:=x+1; ++ x:=0;]x>=6)  x<2
it is enough to point to the highlighted position
x>5  !([x:=x+1; ++ x:=0;]x>=6)  x<2
and using the "[++] choice" axiom fact
[a;++b;]p() <> [a;]p() & [b;]p()
to reduce the proof to a proof of
x>5  !([x:=x+1;]x>6 & [x:=0;]x>=6)  x<2
which is, in turn, easy to prove by pointing to the assignments using "[:=] assign" axioms and ultimately asking propositional logic.
More proofs by pointing are shown in edu.cmu.cs.ls.keymaerax.btactics.DerivedAxioms source code.
Proof by Congruence
Proof by congruence is based on equivalence or equality or implicational rewriting within a context. This proof style can make quite quick inferences leading to significant progress using the CE, CQ, CT congruence proof rules or combinations thereof.
import TactixLibrary._ //  x*(x+1)>=0 > [y:=0;x:=__x^2+x__;]x>=y val proof = TactixLibrary.proveBy("x*(x+1)>=0 > [y:=0;x:=x^2+x;]x>=y".asFormula, CEat(proveBy("x*(x+1)=x^2+x".asFormula, QE)) (1, 1::0::1::1::Nil) & //  x*(x+1)>=0 > [y:=0;x:=__x*(x+1)__;]x>=y by CE/CQ using x*(x+1)=x^2+x at the indicated position // step uses toplevel operator [;] stepAt(1, 1::Nil) & //  x*(x+1)>=0 > [y:=0;][x:=x*(x+1);]x>=y // step uses toplevel operator [:=] stepAt(1, 1::Nil) & //  x*(x+1)>=0 > [x:=x*(x+1);]x>=0 // step uses toplevel [:=] stepAt(1, 1::Nil) & //  x*(x+1)>=0 > x*(x+1)>=0 prop )
Proof by congruence can also make use of a fact in multiple places at once by defining an appropriate context C:
import TactixLibrary._ val C = Context("x<5 & ⎵ > [{x' = 5*x & ⎵}](⎵ & x>=1)".asFormula) //  x<5 & __x^2<4__ > [{x' = 5*x & __x^2<4__}](__x^2<4__ & x>=1) val proof = TactixLibrary.proveBy("x<5 & x^2<4 > [{x' = 5*x & x^2<4}](x^2<4 & x>=1)".asFormula, CEat(proveBy("2x^2<4" .asFormula, QE), C) (1)) ) //  x<5 & (__2[{x' = 5*x & __2 println(proof.subgoals)=1) by CE
Proof by Chase
Proof by chase chases the expression at the indicated position forward until it is chased away or can't be chased further without critical choices. The canonical examples use edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.chase() to chase away differential forms:
import TactixLibrary._ val proof = TactixLibrary.proveBy("[{x'=22}](2*x+x*y>=5)'".asFormula, // chase the differential prime away in the postcondition chase(1, 1 :: Nil) //  [{x'=22}]2*x'+(x'*y+x*y')>=0 ) // Remaining subgoals:  [{x'=22}]2*x'+(x'*y+x*y')>=0 println(proof.subgoals)
import TactixLibrary._ val proof = TactixLibrary.proveBy("[{x'=22}](2*x+x*y>=5)' <> [{x'=22}]2*x'+(x'*y+x*y')>=0".asFormula, // chase the differential prime away in the left postcondition chase(1, 0:: 1 :: Nil) & //  [{x'=22}]2*x'+(x'*y+x*y')>=0 <> [{x'=22}]2*x'+(x'*y+x*y')>=0 byUS("<> reflexive") )
Yet edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.chase() is also useful to chase away other operators, say, modalities:
import TactixLibrary._ // proof by chase of  [?x>0;x:=x+1;x:=2*x; ++ ?x=0;x:=1;]x>=1 val proof = TactixLibrary.proveBy( Sequent(IndexedSeq(), IndexedSeq("[?x>0;x:=x+1;x:=2*x; ++ ?x=0;x:=1;]x>=1".asFormula)), // chase the box in the succedent away chase(1,Nil) & //  (x>0>2*(x+1)>=1)&(x=0>1>=1) QE )
Additional Mechanisms
 Tactic framework for Hilbertstyle Forward Tactics: Tactics are functions
Provable=>Provable
 edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardTactic: Forward Hilbertstyle tactics
Provable=>Provable
 edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardPositionTactic: Positional forward Hilbertstyle tactics
Position=>(Provable=>Provable)
 edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus: Forward Hilbertstyle tactic combinators.
 edu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus.ForwardTactic: Forward Hilbertstyle tactics
 To do
Expand descriptions
 See also
 Alphabetic
 By Inheritance
 btactics
 AnyRef
 Any
 Hide All
 Show All
 Public
 All
Type Members
 sealed trait ArgInfo extends AnyRef
 case class AxiomDisplayInfo(names: SimpleDisplayInfo, displayFormula: String) extends DisplayInfo with Product with Serializable

trait
AxiomInfo extends ProvableInfo
MetaInformation for an axiom or derived axiom

case class
AxiomaticRuleInfo(canonicalName: String, display: DisplayInfo, codeName: String) extends ProvableInfo with Product with Serializable
Information for an axiomatic rule

class
BelleREPL extends AnyRef
Created by bbohrer on 12/19/16.
 case class Case(fml: Formula, simplify: Boolean = true) extends Product with Serializable

class
ConfigurableGenerator[A] extends btactics.Generator.Generator[A]
Mapbased generator providing output according to the fixed map
products
according to its program or whole formula. 
sealed
trait
Context[+T <: Expression] extends (Expression) ⇒ Formula
Convenience wrapper around contexts such as f(.) or p(.) or C{_} to make it easy to instantiate their arguments.
Convenience wrapper around contexts such as f(.) or p(.) or C{_} to make it easy to instantiate their arguments.
 T
the type/kind of expression that this context is representing.
Split a formula at a position into subformula and its context, then instantiate this context with other subformulas:
val parser = KeYmaeraXParser val f = parser("x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]x>=1") // split f into context ctx and subformula g such that f is ctx{g} val (ctx,g) = Context.at(f, PosInExpr(1::1::Nil)) println(f + " is the same as " + ctx(g)) // put another formula h in in place of g val h = parser("x^2>y") // x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]x^2>y) val result = ctx(h) println(result)
Example: 
case class
CoreAxiomInfo(canonicalName: String, display: DisplayInfo, codeName: String, expr: (Unit) ⇒ DependentPositionTactic) extends AxiomInfo with Product with Serializable
MetaInformation for an axiom from the prover core
 class DefaultTacticIndex extends TacticIndex

sealed
trait
DerivationInfo extends AnyRef
Metainformation on a derivation step, which is an axiom, derived axiom, proof rule, or tactic.

case class
DerivedAxiomInfo(canonicalName: String, display: DisplayInfo, codeName: String, expr: (Unit) ⇒ DependentPositionTactic) extends AxiomInfo with StorableInfo with Product with Serializable
Information for a derived axiom proved from the core

case class
DerivedRuleInfo(canonicalName: String, display: DisplayInfo, codeName: String, expr: (Unit) ⇒ Any) extends ProvableInfo with StorableInfo with Product with Serializable
Information for a derived rule proved from the core

sealed
trait
DisplayInfo extends AnyRef
UI display information on how to show an axiom, rule, or tactic application
 case class ExpressionArg(name: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable

case class
FixedGenerator[A](list: List[A]) extends btactics.Generator.Generator[A] with Product with Serializable
Generator always providing a fixed list as output.
 case class FormulaArg(name: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable

trait
HilbertCalculus extends UnifyUSCalculus
Hilbert Calculus for differential dynamic logic.
Hilbert Calculus for differential dynamic logic.
Provides the axioms and axiomatic proof rules from Figure 2 and Figure 3 in: Andre Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 2016.
 See also
edu.cmu.cs.ls.keymaerax.core.AxiomBase
HilbertCalculus.derive()
HilbertCalculus.stepAt()
Andre Platzer. The complete proof theory of hybrid systems. ACM/IEEE Symposium on Logic in Computer Science, LICS 2012, June 25–28, 2012, Dubrovnik, Croatia, pages 541550. IEEE 2012
Andre Platzer. Logics of dynamical systems. ACM/IEEE Symposium on Logic in Computer Science, LICS 2012, June 25–28, 2012, Dubrovnik, Croatia, pages 1324. IEEE 2012
Andre Platzer. Differential game logic. ACM Trans. Comput. Log. 17(1), 2015. arXiv 1408.1980
Andre Platzer. A uniform substitution calculus for differential dynamic logic. arXiv 1503.01981, 2015.
Andre Platzer. A uniform substitution calculus for differential dynamic logic. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, LNCS. Springer, 2015.
Andre Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219266, 2017.
 case class InputAxiomDisplayInfo(names: SimpleDisplayInfo, displayFormula: String, input: List[ArgInfo]) extends DisplayInfo with Product with Serializable
 case class InputPositionTacticInfo(codeName: String, display: DisplayInfo, inputs: List[ArgInfo], expr: (Unit) ⇒ TypedFunc[_, _], needsTool: Boolean = false, needsGenerator: Boolean = false) extends TacticInfo with Product with Serializable
 case class InputTacticInfo(codeName: String, display: DisplayInfo, inputs: List[ArgInfo], expr: (Unit) ⇒ TypedFunc[_, _], needsTool: Boolean = false, needsGenerator: Boolean = false) extends TacticInfo with Product with Serializable
 case class InputTwoPositionTacticInfo(codeName: String, display: DisplayInfo, inputs: List[ArgInfo], expr: (Unit) ⇒ TypedFunc[_, _], needsTool: Boolean = false, needsGenerator: Boolean = false) extends TacticInfo with Product with Serializable
 class IntegratorODESolverTool extends ToolBase with ODESolverTool

trait
InvGenTool extends AnyRef
Continuous invariant generation tool.
Continuous invariant generation tool.

class
MathematicaToolProvider extends PreferredToolProvider[Mathematica]
A tool provider that initializes tools to Mathematica.

class
MathematicaZ3ToolProvider extends PreferredToolProvider[ToolBase with ToolOperationManagement with QETool]
A tool provider that provides all Mathematica tools, but favors Z3 for QE unless specifically asked to provide Mathematica.

trait
ModelPlexTrait extends (List[Variable], Symbol) ⇒ (Formula) ⇒ Formula
ModelPlex: Verified runtime validation of verified cyberphysical system models.
ModelPlex: Verified runtime validation of verified cyberphysical system models.
 See also
Stefan Mitsch and André Platzer. ModelPlex: Verified runtime validation of verified cyberphysical system models. In Borzoo Bonakdarpour and Scott A. Smolka, editors, Runtime Verification  5th International Conference, RV 2014, Toronto, ON, Canada, September 2225, 2014. Proceedings, volume 8734 of LNCS, pages 199214. Springer, 2014.
Stefan Mitsch and André Platzer. ModelPlex: Verified runtime validation of verified cyberphysical system models. Formal Methods in System Design, 42 pp. 2016. Special issue for selected papers from RV'14.

class
NoneToolProvider extends ToolProvider
A tool provider without tools.
 case class OptionArg(arg: ArgInfo) extends ArgInfo with Product with Serializable

class
PolyaToolProvider extends PreferredToolProvider[Polya]
A tool provider that provides Polya as a QE tools, everything else is None.
 case class PositionTacticInfo(codeName: String, display: DisplayInfo, expr: (Unit) ⇒ Any, needsTool: Boolean = false, needsGenerator: Boolean = false) extends TacticInfo with Product with Serializable

class
PreferredToolProvider[T <: Tool] extends ToolProvider
A tool provider that picks appropriate special tools from the list of preferences, i.e., if multiple tools with the same trait appear in
toolPreferences
, the first will be picked for that trait. 
trait
ProvableInfo extends DerivationInfo
MetaInformation for a (derived) axiom or (derived) axiomatic rule
 case class RuleDisplayInfo(names: SimpleDisplayInfo, conclusion: SequentDisplay, premises: List[SequentDisplay]) extends DisplayInfo with Product with Serializable

trait
SequentCalculus extends AnyRef
Sequent Calculus for propositional and firstorder logic.
Sequent Calculus for propositional and firstorder logic.
 See also
Andre Platzer. Differential dynamic logic for hybrid systems. Journal of Automated Reasoning, 41(2), pages 143189, 2008.
 case class SequentDisplay(ante: List[String], succ: List[String], isClosed: Boolean = false) extends Product with Serializable
 case class SimpleDisplayInfo(name: String, asciiName: String) extends DisplayInfo with Product with Serializable

trait
StorableInfo extends DerivationInfo
Storable items (e.g., as lemmas)
 case class StringArg(name: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable
 class SubstitutionHelper extends AnyRef
 trait TacticIndex extends AnyRef

class
TacticInfo extends DerivationInfo
Metainformation on a tactic performing a proof step (or more)
 case class TermArg(name: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable

trait
ToolProvider extends AnyRef
A tool factory creates various arithmetic and simulation tools.
A tool factory creates various arithmetic and simulation tools.
 case class TwoPositionTacticInfo(codeName: String, display: DisplayInfo, expr: (Unit) ⇒ Any, needsTool: Boolean = false, needsGenerator: Boolean = false) extends TacticInfo with Product with Serializable

abstract
class
TypedFunc[A, +R] extends (A) ⇒ R
Typed functions to circumvent type erasure of arguments and return types.

trait
UnifyUSCalculus extends AnyRef
Automatic unificationbased Uniform Substitution Calculus with indexing.
Automatic unificationbased Uniform Substitution Calculus with indexing. Provides a tactic framework for automatically applying axioms and axiomatic rules by matching inputs against them by unification according to the axiom's AxiomIndex.
 See also
Andre Platzer. A uniform substitution calculus for differential dynamic logic. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, LNCS. Springer, 2015.
Andre Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219266, 2017. arXiv:1601.06183
 case class VariableArg(name: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable

class
Z3ToolProvider extends PreferredToolProvider[ToolBase with ToolInterface]
A tool provider that provides Z3 as QE tool and KeYmaera's own bundled diff.
A tool provider that provides Z3 as QE tool and KeYmaera's own bundled diff. solution tool, everything else is None.

case class
ListArg(name: String, elementSort: String, allowsFresh: List[String] = Nil) extends ArgInfo with Product with Serializable
 Annotations
 @deprecated
 Deprecated
(Since version 4.2b1) Until lists are actually added to the concrete syntax of Bellerophon.
Value Members

object
AnonymousLemmas
Stores lemmas without userdefined name.

object
Approximator extends Logging
Approximations
Approximations
 To do
More Ideas:
 Allow approximations at nontoplevel.
 Preprocessing  add time var w/ t_0=0, etc.
 Postprocessing  after reducing the arithmetic, hide all approximate terms except the last one. It might even be possible to do this during the tactic by remving all but the most recent <= and >=, but I'm not sure if that's true for any/all expansions.
 Generalized tactics. Not sure this makes much sense though.
 Add an (efficient) tactic that tries to close the proof using successively longer approximations. Maybe also a tactic that looks at an entire formula and tries to deduce how far to go based on pre/postconditions and statements in discrete fragments for programs or in ev dom constraints.

object
ArithmeticLibrary
Tactics for real arithmetic.

object
ArithmeticSimplification
Tactics for simplifying arithmetic subgoals.

object
Augmentors
If imported, automatically augments core data structures with convenience wrappers for tactic purposes such as subexpression positioning, context splitting, and replacements.
If imported, automatically augments core data structures with convenience wrappers for tactic purposes such as subexpression positioning, context splitting, and replacements.
To use this implicit augmentation automatically, import it via
import edu.cmu.cs.ls.keymaerax.btactics.Augmentors._
Then use it as if its methods were part of the data structures
val parser = KeYmaeraXParser val f = parser("x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]x>=1") // will obtain the x>=1 part val someSub = f.sub(PosInExpr(1::1::Nil)) println(someSub) // construct x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]x^2>y val other = f.replaceAt(PosInExpr(1::1::Nil), parser("x^2>y")) println(other)
 See also
Example: 
object
AxiomIndex extends Logging
Axiom Indexing data structures for canonical proof strategies.
Axiom Indexing data structures for canonical proof strategies.
 Note
Could be generated automatically, yet better in a precomputation fashion, not on the fly.
 See also
edu.cmu.cs.ls.keymaerax.core.AxiomBase
Andre Platzer. A uniform substitution calculus for differential dynamic logic. arXiv 1503.01981, 2015.
Andre Platzer. A uniform substitution calculus for differential dynamic logic. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, LNCS. Springer, 2015.
 object AxiomInfo

object
AxiomaticODESolver
An Axiomatic ODE solver.
An Axiomatic ODE solver. Current limitations:  No support for explicitform diamond ODEs/box ODEs in context: <{x'=0*x+1}>P, ![{x'=0*x+1}]P
 See also
Page 25 in http://arxiv.org/abs/1503.01981 for a highlevel sketch.

object
BelleLabels
Default labels used by the KeYmaera X tactics.
Default labels used by the KeYmaera X tactics. Other labels can be used by the user, but this list of labels makes it easier to match.

object
Bifurcation
Implements a bifurcationbased proof search technique for the dynamic logic of ODEs.

object
Context
Context management, position splitting, and extraction tools.
Context management, position splitting, and extraction tools. Useful for splitting a formula at a position into the subexpression at that position and the remaining context around it. Or for replacing a subexpression by another subexpression at all cost. Or for splitting a position into a formula position and a term position.
Split a formula at a position into subformula and its context
val parser = KeYmaeraXParser val f = parser("x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]x>=1") // split f into context ctx and subformula g such that f is ctx{g} val (ctx,g) = Context.at(f, PosInExpr(1::1::Nil)) // x^2>=0 & x<44 > [x:=2;{x'=1&x<=10}]_ println(ctx) // x>=1 println(f) println(f + " is the same as " + ctx(g))
 See also
Example:  object DebuggingTactics

object
DependencyAnalysis
Dependency Analysis For a set of output variables, determine the set of input variables across a hybrid program that could affect their values

object
DerivationInfo
Central list of all derivation steps (axioms, derived axioms, proof rules, tactics) with meta information of relevant names and display names and visualizations for the user interface.
 object DerivedAxiomInfo extends Serializable

object
DerivedAxioms extends Logging
Database of Derived Axioms.
Database of Derived Axioms.
 Note
Derived axioms use the Provable facts of other derived axioms in order to avoid initialization cycles with AxiomInfo's contract checking.
,Lemmas are lazy vals, since their proofs may need a fully setup prover with QE
,To simplify bootstrap and avoid dependency management, the proofs of the derived axioms are written with explicit reference to other scalaobjects representing provables (which will be proved on demand) as opposed to by referring to the names, which needs a map canonicalName>tacticOnDemand.
 See also
edu.cmu.cs.ls.keymaerax.core.AxiomBase
 object DerivedRuleInfo extends Serializable

object
DifferentialDecisionProcedures
Decision procedures for various classes of differential equations.

object
DifferentialSaturation extends Logging
Differential Saturation (Fig 6.3, Logical Analysis of Hybrid Systems) Considers a sequent of the form Gamma  [ODE & Q]p All of Gamma, Q and p are assumed to be FOL_R only Does NOT construct proofs along the way

object
ExpressionTraversal
Created by jdq on 3/17/14.

object
FOQuantifierTactics
Implementation: FOQuantifierTactics provides tactics for instantiating quantifiers.
Implementation: FOQuantifierTactics provides tactics for instantiating quantifiers.
 Attributes
 protected

object
FormulaTools extends Logging
Tactic tools for formula manipulation and extraction.

object
Generator
Invariant generator

object
HilbertCalculus extends HilbertCalculus
Hilbert Calculus for differential dynamic logic.
Hilbert Calculus for differential dynamic logic.
 See also
 object Idioms

object
Integrator extends Logging
Solves the initial value problem for systems of differential equations.

object
IntervalArithmetic extends Logging
Tactics for introducing interval arithmetic.

object
InvariantGenerator extends Logging
Invariant generators and differential invariant generators.
Invariant generators and differential invariant generators.
 See also
Andre Platzer and Edmund M. Clarke. Computing differential invariants of hybrid systems as fixedpoints. Formal Methods in System Design, 35(1), pp. 98120, 2009
Andre Platzer. A differential operator approach to equational differential invariants. In Lennart Beringer and Amy Felty, editors, Interactive Theorem Proving, International Conference, ITP 2012, August 1315, Princeton, USA, Proceedings, volume 7406 of LNCS, pages 2848. Springer, 2012.

object
InvariantProvers
Created by aplatzer on 5/17/18.

object
IsabelleSyntax
Tactics for converting a ModelPlex formula to Isabelle/HOL (no need for interval arithmetic)

object
Kaisar
Created by bbohrer on 12/2/16.

object
ModelPlex extends ModelPlexTrait with Logging
ModelPlex: Verified runtime validation of verified cyberphysical system models.
ModelPlex: Verified runtime validation of verified cyberphysical system models.
 See also
Stefan Mitsch and André Platzer. ModelPlex: Verified runtime validation of verified cyberphysical system models. In Borzoo Bonakdarpour and Scott A. Smolka, editors, Runtime Verification  5th International Conference, RV 2014, Toronto, ON, Canada, September 2225, 2014. Proceedings, volume 8734 of LNCS, pages 199214. Springer, 2014.
Stefan Mitsch and André Platzer. ModelPlex: Verified runtime validation of verified cyberphysical system models. Formal Methods in System Design, 42 pp. 2016. Special issue for selected papers from RV'14.

object
ODEInvariance
Implements ODE tactics based on the differential equation axiomatization.
Implements ODE tactics based on the differential equation axiomatization.
Created by yongkiat on 05/14/18.
 See also
Andre Platzer and Yong Kiam Tan. Differential equation axiomatization: The impressive power of differential ghosts. In Anuj Dawar and Erich Grädel, editors, Proceedings of the 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS'18, ACM 2018.

object
PolynomialArith extends Logging
Created by yongkiat on 11/27/16.
 object ProvableInfo

object
RicattiEquation
Decision procedure for a single Ricatti equation.

object
RicattiSystem
Decision procedure for a system of Ricatti differential equations.

object
SequentCalculus extends SequentCalculus
Sequent Calculus for propositional and firstorder logic.
Sequent Calculus for propositional and firstorder logic.
 See also

object
Simplifier
Tactic Simplifier.simp performs term simplification everywhere within a formula, as many times as possible.
Tactic Simplifier.simp performs term simplification everywhere within a formula, as many times as possible. Simplification is parameterized over a list of simplification steps. The default set of simplifications is guaranteed to terminate (using the number of constructors in the term as a termination metric), and an optional set of rules is provided for which termination is less clear. Any set of simplifications is allowed, as long as they terminate (the termination metric need not be the number of constructors in the term). Created by bbohrer on 5/21/16.

object
SimplifierV2
Created by yongkiat on 9/29/16.

object
SimplifierV3
Note: this is meant to be a watered down version of SimplifierV2 Goals: Faster, more predictable and customizable
Note: this is meant to be a watered down version of SimplifierV2 Goals: Faster, more predictable and customizable
Given a list of rewriting axioms, this traverses a term/formula bottom up and exhaustively tries the list of axioms at each step
The rewriting axioms must have the form  t = t'  f > t = t' or similarly for formulas and <>
Created by yongkiat on 12/19/16.

object
StaticSemanticsTools
Additional tools read off from the static semantics for the tactics.
Additional tools read off from the static semantics for the tactics.

object
SubstitutionHelper
Created by smitsch on 2/19/15.
Created by smitsch on 2/19/15.
 To do
generalize to replacing formula by formula, too.

object
TacticFactory
Creates tactic objects
 object TacticHelper

object
TacticIndex
Tactic indexing data structures for canonical proof strategies.
Tactic indexing data structures for canonical proof strategies.
 object TacticInfo

object
TactixLibrary extends HilbertCalculus with SequentCalculus
Tactix: Main tactic library with simple interface.
Tactix: Main tactic library with simple interface. This library features all main tactics for the most common cases.
For tactics implementing builtin rules such as sequent proof rules, elaborate documentation can be found in the prover kernel.
Main search tactics that combine numerous other tactics for automation purposes include:
 TactixLibrary.master automatic proof search
 TactixLibrary.auto automatic proof search if that successfully proves the given property
 TactixLibrary.normalize normalize to sequent normal form
 TactixLibrary.unfoldProgramNormalize normalize to sequent normal form, avoiding unnecessary branching
 TactixLibrary.prop propositional logic proving
 TactixLibrary.QE prove real arithmetic
 TactixLibrary.ODE proving properties of differential equations
 TactixLibrary.step performs one canonical simplifying proof step
 TactixLibrary.chase chase the given formula away by automatic reduction proofs
The tactic library also includes individual proof calculi:
 HilbertCalculus: Hilbert Calculus for differential dynamic logic.
 SequentCalculus: Sequent Calculus for propositional and firstorder logic.
 UnifyUSCalculus: Automatic unificationbased Uniform Substitution Calculus with indexing.
 See also
Andre Platzer. A uniform substitution calculus for differential dynamic logic. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, LNCS. Springer, 2015.
Andre Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219266, 2017.

object
ToolProvider extends ToolProvider
Central repository providing access to arithmetic tools.
Central repository providing access to arithmetic tools.
 Note
Do especially not keep references in singletons, the tool provider will hand out nulls until properly initialized.
,Never keep references to the tools, the tool provider may decide to shutdown/switch out tools and thereby render all tool references invalid.
 See also

object
Transitivity
Proves goals of the form a>=b,b>=c  a >= c with arbitrarily many intermediate (in)equalities.
Proves goals of the form a>=b,b>=c  a >= c with arbitrarily many intermediate (in)equalities.
These goals ought to close by QE, but often don't (e.g., when function symbols are involved).
 To do
There's a bug  this function might find the string of inequalities a >= b >= c and claim it's a proof for a>c. The fix for this bug is to check in search() that the result contains at least one strict inequalities if the goal() has form a > c.

object
TreeForm
Represent terms as recursive lists of logical symbols.
Represent terms as recursive lists of logical symbols. This simplified structure is useful for certain analyses that treat all the operators in a relatively uniform way. This representation flattens the term's structure as much as possible (e.g. turning a+(b+c) into (a+b+c)), to make analyses that consider the depth of a term more meaningful. Created by bbohrer on 10/23/15.

object
TypedFunc
Creates TypedFunc implicitly, e.g., by ((x: String) => x.length): TypedFunc[String, Int]
KeYmaera X: An aXiomatic Tactical Theorem Prover
KeYmaera X is a theorem prover for differential dynamic logic (dL), a logic for specifying and verifying properties of hybrid systems with mixed discrete and continuous dynamics. Reasoning about complicated hybrid systems requires support for sophisticated proof techniques, efficient computation, and a user interface that crystallizes salient properties of the system. KeYmaera X allows users to specify custom proof search techniques as tactics, execute tactics in parallel, and interface with partial proofs via an extensible user interface.
http://keymaeraX.org/
Concrete syntax for input language Differential Dynamic Logic
Package Structure
Main documentation entry points for KeYmaera X API:
edu.cmu.cs.ls.keymaerax.core
 KeYmaera X kernel, proof certificates, main data structuresedu.cmu.cs.ls.keymaerax.core.Expression
 Differential dynamic logic expressionsedu.cmu.cs.ls.keymaerax.core.Sequent
 Sequents of formulasedu.cmu.cs.ls.keymaerax.core.Rule
 Proof rulesedu.cmu.cs.ls.keymaerax.core.Provable
 Proof certificateedu.cmu.cs.ls.keymaerax.btactics
 Tactic language libraryedu.cmu.cs.ls.keymaerax.btactics.TactixLibrary
 Main tactic libraryedu.cmu.cs.ls.keymaerax.btactics.HilbertCalculus
 Hilbert Calculus for differential dynamic logicedu.cmu.cs.ls.keymaerax.btactics.SequentCalculus
 Sequent Calculus for propositional and firstorder logicedu.cmu.cs.ls.keymaerax.btactics.UnifyUSCalculus
 Unificationbased Uniform Substitution Calculusedu.cmu.cs.ls.keymaerax.bellerophon
 Bellerophon tactic language and tactic interpreteredu.cmu.cs.ls.keymaerax.bellerophon.BelleExpr
 Tactic language expressionsedu.cmu.cs.ls.keymaerax.bellerophon.SequentialInterpreter
 Sequential tactic interpreteredu.cmu.cs.ls.keymaerax.parser
 Parser and pretty printer with concrete syntax and notation for differential dynamic logic.edu.cmu.cs.ls.keymaerax.parser.KeYmaeraXParser
 Parser for concrete KeYmaera X syntaxedu.cmu.cs.ls.keymaerax.parser.KeYmaeraXPrettyPrinter
 Pretty printer for concrete KeYmaera X syntaxedu.cmu.cs.ls.keymaerax.parser.KeYmaeraXProblemParser
 Parser for KeYmaera X problem files.kyx
edu.cmu.cs.ls.keymaerax.lemma
 Lemma mechanismedu.cmu.cs.ls.keymaerax.lemma.FileLemmaDB
 Lemma database stored in filesedu.cmu.cs.ls.keymaerax.tools
 Arithmetic backendsedu.cmu.cs.ls.keymaerax.tools.Mathematica
 Mathematica interface for real arithmetic and ODE solver etc.edu.cmu.cs.ls.keymaerax.tools.Z3
 Z3 interface for real arithmetic.edu.cmu.cs.ls.keymaerax.tools.Polya
 Polya interface for real arithmetic.Additional entry points and usage points for KeYmaera X API:
edu.cmu.cs.ls.keymaerax.launcher.KeYmaeraX
 Commandline launcher for KeYmaera X supports commandline argumenthelp
to obtain usage informationedu.cmu.cs.ls.keymaerax.btactics.DerivationInfo
 Metainformation on all derivation steps (axioms, derived axioms, proof rules, tactics) with userinterface info.References
Full references are provided elsewhere http://keymaeraX.org/, the main references are the following:
1. André Platzer. A complete uniform substitution calculus for differential dynamic logic. Journal of Automated Reasoning, 59(2), pp. 219265, 2017.
2. Nathan Fulton, Stefan Mitsch, JanDavid Quesel, Marcus Völp and André Platzer. KeYmaera X: An axiomatic tactical theorem prover for hybrid systems. In Amy P. Felty and Aart Middeldorp, editors, International Conference on Automated Deduction, CADE'15, Berlin, Germany, Proceedings, LNCS. Springer, 2015.
3. André Platzer. Logical Foundations of CyberPhysical Systems. Springer, 2018.