Results 1 
8 of
8
Differential Dynamic Logic for Hybrid Systems
, 2007
"... Hybrid systems are models for complex physical systems and are defined as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive verification of hybrid systems, ..."
Abstract

Cited by 41 (30 self)
 Add to MetaCart
Hybrid systems are models for complex physical systems and are defined as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive verification of hybrid systems, we introduce a dynamic logic for hybrid programs, which is a program notation for hybrid systems. As a verification technique that is suitable for automation, we introduce a free variable proof calculus with a novel combination of realvalued free variables and Skolemisation for lifting quantifier elimination for real arithmetic to dynamic logic. The calculus is compositional, i.e., it reduces properties of hybrid programs to properties of their parts. Our main result proves that this calculus axiomatises the transition behaviour of hybrid systems completely relative to differential equations. In a case study with cooperating traffic agents of the European Train Control System, we further show that our calculus is wellsuited for verifying realistic hybrid systems with parametric system dynamics.
A generic tableau prover and its integration with Isabelle
 Journal of Universal Computer Science
, 1999
"... Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ne ..."
Abstract

Cited by 39 (10 self)
 Add to MetaCart
Abstract: A generic tableau prover has been implemented and integrated with Isabelle [Paulson, 1994]. Compared with classical rstorder logic provers, it has numerous extensions that allow it to reason with any supplied set of tableau rules. It has a higherorder syntax in order to support userde ned binding operators, such as those of set theory. The uni cation algorithm is rstorder instead of higherorder, but it includes modi cations to handle bound variables. The proof, when found, is returned to Isabelle as a list of tactics. Because Isabelle veri es the proof, the prover can cut corners for e ciency's sake without compromising soundness. For example, the prover can use type information to guide the search without storing type information in full. Categories: F.4, I.1
An improved method for adding equality to free variable semantic tableaux
 11th International Conference on Automated Deduction (CADE), volume 607 of Lecture Notes in Artificial Intelligence
, 1992
"... Abstract. Tableau–Based theorem provers can be extended to cover many of the nonclassical logics currently used in AI research. For both, classical and nonclassical first–order logic, equality is a crucial feature to increase expressivity of the object language. Unfortunately, all so far existing at ..."
Abstract

Cited by 30 (10 self)
 Add to MetaCart
Abstract. Tableau–Based theorem provers can be extended to cover many of the nonclassical logics currently used in AI research. For both, classical and nonclassical first–order logic, equality is a crucial feature to increase expressivity of the object language. Unfortunately, all so far existing attempts of adding equality to semantic tableaux have been more or less experimental and turn out to be useless in practice. In the present work we introduce an approach that leads much further and sets the stage for more advanced developments. We identify the problems that stem specifically from choosing semantic tableaux as a framework and state soundness and completeness results for our method.
The even more liberalized δrule in free variable semantic tableaux
 Proceedings, 3rd Kurt Gödel Colloquium (KGC), Brno, Czech Republic, LNCS 713
, 1993
"... Abstract. In this paper we have a closer look at one of the rules of the tableau calculus presented in [3], called the δ–rule, and the modification of this rule, that has been proved to be sound and complete in [6], called the δ + –rule, which uses fewer free variables. We show that an even more lib ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Abstract. In this paper we have a closer look at one of the rules of the tableau calculus presented in [3], called the δ–rule, and the modification of this rule, that has been proved to be sound and complete in [6], called the δ + –rule, which uses fewer free variables. We show that an even more liberalized version, the δ ++ –rule, that in addition reduces the number of different Skolem–function symbols that have to be used, is also sound and complete. Examples show the relevance of this modification for building tableau–based theorem provers.
A COMPLETE AXIOMATIZATION OF QUANTIFIED DIFFERENTIAL DYNAMIC LOGIC FOR DISTRIBUTED HYBRID SYSTEMS
"... Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where n ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where neither structure nor dimension stay the same while the system follows hybrid dynamics, i.e., mixed discrete and continuous dynamics. We provide the logical foundations for closing this analytic gap. We develop a formal model for distributed hybrid systems. It combines quantified differential equations with quantified assignments and dynamic dimensionalitychanges. We introduce a dynamic logic for verifying distributed hybrid systems and present a proof calculus for this logic. This is the first formal verification approach for distributed hybrid systems. We prove that our calculus is a sound and complete axiomatization of the behavior of distributed hybrid systems relative to quantified differential equations. In our calculus we have proven collision freedom in distributed car control even when an unbounded number of new cars may appear dynamically on the road. 1.
On the complexity of proof deskolemization
 J. Symbolic Logic
"... Abstract. We consider the following problem: Given a proof of the Skolemization of a formula F, what is the length of the shortest proof of F? For the restriction of this question to cutfree proofs we prove corresponding exponential upper and lower bounds. §1. Introduction. The Skolemization of for ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
Abstract. We consider the following problem: Given a proof of the Skolemization of a formula F, what is the length of the shortest proof of F? For the restriction of this question to cutfree proofs we prove corresponding exponential upper and lower bounds. §1. Introduction. The Skolemization of formulas is a standard technique in logic. It consists of replacing existential quantifiers by new function symbols whose arguments reflect the dependencies of the quantifier. The Skolemization of a formula is satisfiabilityequivalent to the original formula. This transformation has a number of applications, it is for example crucial for automated theorem
Hilbert’s ɛTerms in Automated Theorem Proving
"... Abstract. ɛterms, introduced by David Hilbert [8], have the form ɛx.φ, where x is a variable and φ is a formula. Their syntactical structure is thus similar to that of a quantified formulae, but they are terms, denoting ‘an element for which φ holds, if there is any’. The topic of this paper is an ..."
Abstract
 Add to MetaCart
Abstract. ɛterms, introduced by David Hilbert [8], have the form ɛx.φ, where x is a variable and φ is a formula. Their syntactical structure is thus similar to that of a quantified formulae, but they are terms, denoting ‘an element for which φ holds, if there is any’. The topic of this paper is an investigation into the possibilities and limits of using ɛterms for automated theorem proving. We discuss the relationship between ɛterms and Skolem terms (which both can be used alternatively for the purpose of ∃quantifier elimination), in particular with respect to efficiency and intuition. We also discuss the consequences of allowing ɛterms in theorems (and cuts). This leads to a distinction between (essentially two) semantics and corresponding calculi, one enabling efficient automated proof search, and the other one requiring human guidance but enabling a very intuitive (i.e. semantic) treatment of ɛterms. We give a theoretical foundation of the usage of both variants in a single framework. Finally, we argue that these two approaches to ɛ are just the extremes of a range of ɛtreatments, corresponding to a range of different possible Skolemization variants. 1
The tableaubased theorem prover 3TAP for multiplevalued logics
 IN PROCEEDINGS, CADE 11, ALBANY/NY, LNCS
, 1992
"... 3TAP is an acronym for 3–valued tableau–based theorem prover. It is based on the method of analytic tableaux. 3TAP has been developed at the University of Karlsruhe in cooperation with the Institute for Knowledge Based Systems of IBM Germany in Heidelberg. Despite its name 3TAP is able to deal with ..."
Abstract
 Add to MetaCart
3TAP is an acronym for 3–valued tableau–based theorem prover. It is based on the method of analytic tableaux. 3TAP has been developed at the University of Karlsruhe in cooperation with the Institute for Knowledge Based Systems of IBM Germany in Heidelberg. Despite its name 3TAP is able to deal with “classical” — i.e. two– valued — first–order predicate logic as well as with any finite–valued first–order logic, provided the semantics is specified by truth–tables. Currently implemented versions are working for two–valued and for a certain three–valued first–order predicate logic, which is a variant of the strong Kleene logic, see [3]. The multiple–valued version implements the concept of generalized signs. These may be seen as sets of ordinary tableau signs or prefixes, see [6] and [7] for details. Without generalized signs one has to build a separate tableau for each non–designated sign to refute a formula. 3TAP needs to close only one tableau using generalized signs. The system has been implemented in Quintus Prolog and is running on SUN and IBM PS/2. The use of Prolog and the modular design makes it easy to extend or modify the prover. 3T A P’s input is given by a set of axioms and theorems contained in a database file,