Core Hybrid Event-B III: Fundamentals of a Reasoning Framework

The Hybrid Event-B framework was introduced to add continuously varying behaviour to the discrete changes of state characteristic of the well established Event-B method. This is made necessary by the needs of verifying the hybrid and cyber-physical systems that are increasingly prevalent today. The semantic foundation of Hybrid Event-B rests on piecewise absolutely continuous functions of time. This enables unproblematic modelling of all classical physical phenomena, as well as the specification of conventional discrete changes of state, regardless of whether these arise in the physical arena or as abstractions of computational behaviour. In this paper, the large gap between arbitrary piecewise absolutely continuous functions, and what can be reasoned about mechanically/symbolically, is addressed. First, piecewise absolutely continuous real functions are restricted to piecewise complex analytic functions, real and without singularities on a semi-infinite portion of the real axis. This class has good properties with respect to symbolic manipulation and thus provides a good foundation for an approach to system verification that avoids dealing with the interleaved quantifiers of mathematical analysis, thus reducing the verification of the proof obligations of Hybrid Event-B to calculational checks. The individual proof obligations, whose discharge assures the correctness of a Hybrid Event-B machine, are examined, and results establishing sufficient conditions for their successful discharge via calculation are given. A small scale case study illustrates the verification process in this setting.