Vector and Matrix Support
zstone1 opened this issue · 5 comments
Is there any plan for syntactic support for vectors and matrices in KeYmaera?
I've got a non-trivial matlab algorithm that I want to encode in a hybrid program. It uses lots of vector operations (dot products, cross products, read/write to the nth element). I happen to know all the lengths of the vector statically, so I can flatten to a bunch of reals. However, that will make all the proofs rather nasty. Is there a trick here, or do I have to do this the hard way?
Depending on how hard it would be, I might be able to attempt adding such support myself. But that would depend on having a suitable design already agreed on.
Yeah, there's no silver bullet as I suspected. I had thought about the dependent typing issues, and it's not nice. Is there even a decision procedure for vector arithmetic? Certainly for statically known lengths it's easy to convert to standard real QE, so at least in my case there is hope.
I'm already making heavy use of function symbols. But to make that feature really nice, being able to import a library of functions (and function symbols + assertions) would be really important. For example, I'm adding sin cos
and pi
symbols, and then assuming
some properties about them. I'd love to do this once, and then import a file. Does anything like this exist?
Tuples are an interesting suggestion that would help a lot with readability. Unfortunately, all of the arithmetic like plus
have RBinaryCompositeTerm
, which requires its arguments to be Real
sort. So I'd also have to add plus1, plus2, plus3
, losing the readability benefit. A naive idea is to define a notion for sorts of "recursively real", and assert that both sorts are equal, and recursively real. The Assign class is already does this kind of equality check in its insist
block. Extending ODE and Assign with this behavior would be provide a fairly complete tuples feature in the syntax. I have no idea how that would affect the tactics...
To simulate tuples, I was considering "encoding" a vector as a real by adding uninterpreted function symbols length : (encoded R) -> nat, read : (encoded R) -> nat -> R, write : (encoded R) -> nat -> R -> (encoded R)
(where nat
and (encoded R) are of course just R
) then assuming the lens laws. I'd have to add uninterpreted plus, dot, cross, ect
forall of these as well. Good news about this approach is assignment magically works out. Bad news is ODEs do not work at all.
For a bit of context, I'm writing a Scala program to translate simulink/matlab models into hyrbid programs, so features without UI should be fine. But I'm a tad unsure how to setup an interactive theorem proving environment for KeYmaera without the UI. I've got lots of experience with Coq using vscoq, but I don't see an analogous feature here. All I really need is something to apply a tactic and pretty print the new context. Is there a doc for this?
Let me add that these translations can be quite impactful between rigorous verification tools such as KeYmaera X and modeling tools used in engineering practice such as SF/SL. I wish you all the best in your research and encourage you to get in touch with us via email and keep us up to date.
BTW, in theory the relationship of single reals to vectors is perfectly definable by bijection in differential dynamic logic [JAR'08,TOCL'17]. In practice, however, vectors should be done much more pragmatically.