06: Truth & Proof 15-424: Foundations of Cyber-Physical Systems - - PowerPoint PPT Presentation

06 truth proof
SMART_READER_LITE
LIVE PREVIEW

06: Truth & Proof 15-424: Foundations of Cyber-Physical Systems - - PowerPoint PPT Presentation

Apr 05, 2023 227 likes •649 views

06: Truth & Proof 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

slide-1
SLIDE 1

06: Truth & Proof

15-424: Foundations of Cyber-Physical Systems Andr´ e Platzer

aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA

0.2 0.4 0.6 0.8 1.0

0.1 0.2 0.3 0.4 0.5

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 1 / 13

slide-2
SLIDE 2

Outline

1

Learning Objectives

2

Sequent Calculus Propositional Example Proof Dynamics Example Proof Taming Arithmetic

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 2 / 13

slide-3
SLIDE 3

Outline

1

Learning Objectives

2

Sequent Calculus Propositional Example Proof Dynamics Example Proof Taming Arithmetic

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 2 / 13

slide-4
SLIDE 4

Learning Objectives

Truth & Proof

CT M&C CPS systematic reasoning for CPS verifying CPS models at scale pragmatics: how to use axiomatics to justify truth structure of proofs and their arithmetic discrete+continuous relation with evolution domains analytic skills for CPS

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 3 / 13

slide-5
SLIDE 5

Logical Trinity with Extra Leg

Pragmatics Axiomatics Syntax Semantics Syntax defines the notation What problems are we allowed to write down? Semantics what carries meaning. What real or mathematical objects does the syntax stand for? Axiomatics internalizes semantic relations into universal syntactic transformations. Pragmatics how to use axiomatics to justify syntactic rendition of semantical concepts. How to do a proof?

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 4 / 13

slide-6
SLIDE 6

Outline

1

Learning Objectives

2

Sequent Calculus Propositional Example Proof Dynamics Example Proof Taming Arithmetic

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 4 / 13

slide-7
SLIDE 7

Sequent Calculus

Definition (Sequent)

Γ ⊢ ∆ has the same meaning as

P∈Γ P → Q∈∆ Q.

The antecedent Γ and succedent ∆ are finite sets of dL formulas.

Definition (Soundness of sequent calculus proof rules)

Γ1 ⊢ ∆1 . . . Γn ⊢ ∆n Γ ⊢ ∆ is sound iff validity of all premises implies validity of conclusion: If (Γ1 ⊢ ∆1) and . . . and (Γn ⊢ ∆n) then (Γ ⊢ ∆)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13

slide-8
SLIDE 8

Sequent Calculus

Definition (Sequent)

Γ ⊢ ∆ has the same meaning as

P∈Γ P → Q∈∆ Q.

The antecedent Γ and succedent ∆ are finite sets of dL formulas.

Definition (Soundness of sequent calculus proof rules)

construct proofs

    Γ1 ⊢ ∆1 . . . Γn ⊢ ∆n Γ ⊢ ∆ is sound iff validity of all premises implies validity of conclusion: If (Γ1 ⊢ ∆1) and . . . and (Γn ⊢ ∆n) then (Γ ⊢ ∆)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13

slide-9
SLIDE 9

Sequent Calculus

Definition (Sequent)

Γ ⊢ ∆ has the same meaning as

P∈Γ P → Q∈∆ Q.

The antecedent Γ and succedent ∆ are finite sets of dL formulas.

Definition (Soundness of sequent calculus proof rules)

construct proofs

    Γ1 ⊢ ∆1 . . . Γn ⊢ ∆n Γ ⊢ ∆     

  • validity transfers

is sound iff validity of all premises implies validity of conclusion: If (Γ1 ⊢ ∆1) and . . . and (Γn ⊢ ∆n) then (Γ ⊢ ∆)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 5 / 13

slide-10
SLIDE 10

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 6 / 13

slide-11
SLIDE 11

Simple Propositional Example Proof in Sequent Calculus

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-12
SLIDE 12

Simple Propositional Example Proof in Sequent Calculus

∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-13
SLIDE 13

Simple Propositional Example Proof in Sequent Calculus

∧Lv2≤10 ∧ b>0 ⊢ b>0 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-14
SLIDE 14

Simple Propositional Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-15
SLIDE 15

Simple Propositional Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-16
SLIDE 16

Simple Propositional Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ ¬(v≥0), v2≤10 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-17
SLIDE 17

Simple Propositional Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0 ?? v2≤10, b>0 ⊢ ¬(v≥0), v2≤10 ∧Lv2≤10 ∧ b>0 ⊢ ¬(v≥0), v2≤10 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-18
SLIDE 18

Simple Propositional Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0

?? v2≤10, b>0 ⊢ ¬(v≥0), v2≤10 ∧Lv2≤10 ∧ b>0 ⊢ ¬(v≥0), v2≤10 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 7 / 13

slide-19
SLIDE 19

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 8 / 13

slide-20
SLIDE 20

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 8 / 13

slide-21
SLIDE 21

Simple Dynamics Example Proof in Sequent Calculus

[;] ⊢ [a := −b; c := 10]

  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Andr´

e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-22
SLIDE 22

Simple Dynamics Example Proof in Sequent Calculus

[:=] ⊢ [a := −b][c := 10]

  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [;] ⊢ [a := −b; c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Andr´

e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-23
SLIDE 23

Simple Dynamics Example Proof in Sequent Calculus

[:=] ⊢ [c := 10]

  • v2≤10 ∧ −(−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [:=] ⊢ [a := −b][c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [;] ⊢ [a := −b; c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Andr´

e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-24
SLIDE 24

Simple Dynamics Example Proof in Sequent Calculus

⊢ v2≤10 ∧ − (−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

[:=] ⊢ [c := 10]

  • v2≤10 ∧ −(−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [:=] ⊢ [a := −b][c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [;] ⊢ [a := −b; c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Andr´

e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-25
SLIDE 25

Simple Dynamics Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0

?? v2≤10, b>0 ⊢ ¬(v≥0), v2≤10 ∧Lv2≤10 ∧ b>0 ⊢ ¬(v≥0), v2≤10 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10) ⊢ v2≤10 ∧ − (−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

[:=] ⊢ [c := 10]

  • v2≤10 ∧ −(−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [:=] ⊢ [a := −b][c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [;] ⊢ [a := −b; c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Andr´

e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-26
SLIDE 26

Simple Dynamics Example Proof in Sequent Calculus

?? v2≤10, b>0 ⊢ b>0 ∧Lv2≤10 ∧ b>0 ⊢ b>0

?? v2≤10, b>0 ⊢ ¬(v≥0), v2≤10 ∧Lv2≤10 ∧ b>0 ⊢ ¬(v≥0), v2≤10 ∨Rv2≤10 ∧ b>0 ⊢ ¬(v≥0) ∨ v2≤10 ∧R

v2≤10 ∧ b>0 ⊢ b>0 ∧ (¬(v≥0) ∨ v2≤10)

→R

⊢ v2≤10 ∧ b>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10) ⊢ v2≤10 ∧ − (−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤10)

[:=] ⊢ [c := 10]

  • v2≤10 ∧ −(−b)>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [:=] ⊢ [a := −b][c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • [;] ⊢ [a := −b; c := 10]
  • v2≤10 ∧ −a>0 → b>0 ∧ (¬(v≥0) ∨ v2≤c)
  • Need some real arithmetic

Here: to glue previous propositional proof with this dynamic proof

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 9 / 13

slide-27
SLIDE 27

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 10 / 13

slide-28
SLIDE 28

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 10 / 13

slide-29
SLIDE 29

Developed on the board:

1 Proof rules for propositional logic 2 Proofs with dynamics 3 Contextual equivalence rewriting / congruence 4 Quantifier proof rules 5 Real arithmetic 6 Structural proof rules

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 10 / 13

slide-30
SLIDE 30

Taming Arithmetic: Weakening

WR Γ ⊢ ∆ Γ ⊢ P, ∆ WL Γ ⊢ ∆ Γ, P ⊢ ∆ r≥0 ⊢ 0≤r≤r

WLA, r≥0 ⊢ 0≤r≤r

Throw arithmetic distraction A away by weakening since proof is independent of A. Occam’s assumption razor Think how hard it would be to prove a theorem with all the facts in all books of mathematics as assumptions. Compared to a proof from just the two facts that matter.

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 11 / 13

slide-31
SLIDE 31

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

[′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-32
SLIDE 32

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-33
SLIDE 33

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-34
SLIDE 34

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

→R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-35
SLIDE 35

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

∀L Γ, t≥0, ∀0≤s≤t [x := y(s)]Q ⊢ [x := y(t)]P →R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-36
SLIDE 36

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

→LΓ, t≥0, 0≤t≤t→[x := y(t)]Q ⊢ [x := y(t)]P ∀L Γ, t≥0, ∀0≤s≤t [x := y(s)]Q ⊢ [x := y(t)]P →R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-37
SLIDE 37

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

t≥0 ⊢ 0≤t≤t, [x := y(t)]P Γ, t≥0, [x := y(t)]Q ⊢ [x := y(t)]P

→LΓ, t≥0, 0≤t≤t→[x := y(t)]Q ⊢ [x := y(t)]P ∀L Γ, t≥0, ∀0≤s≤t [x := y(s)]Q ⊢ [x := y(t)]P →R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-38
SLIDE 38

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

∗ t≥0 ⊢ 0≤t≤t, [x := y(t)]P Γ, t≥0, [x := y(t)]Q ⊢ [x := y(t)]P

→LΓ, t≥0, 0≤t≤t→[x := y(t)]Q ⊢ [x := y(t)]P ∀L Γ, t≥0, ∀0≤s≤t [x := y(s)]Q ⊢ [x := y(t)]P →R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-39
SLIDE 39

Taming Arithmetic: Extreme Instantiation

∀R Γ ⊢ p(y), ∆ Γ ⊢ ∀x p(x), ∆(y ∈ Γ, ∆) ∀L Γ, p(e) ⊢ ∆ Γ, ∀x p(x) ⊢ ∆ ∃R Γ ⊢ p(e), ∆ Γ ⊢ ∃x p(x), ∆ ∃L Γ, p(y) ⊢ ∆ Γ, ∃x p(x) ⊢ ∆(y ∈ Γ, ∆)

∗ t≥0 ⊢ 0≤t≤t, [x := y(t)]P . . . Γ, t≥0, [x := y(t)]Q ⊢ [x := y(t)]P

→LΓ, t≥0, 0≤t≤t→[x := y(t)]Q ⊢ [x := y(t)]P ∀L Γ, t≥0, ∀0≤s≤t [x := y(s)]Q ⊢ [x := y(t)]P →R

Γ, t≥0 ⊢ (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P

→R

Γ ⊢ t≥0→

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • ∀R

Γ ⊢ ∀t≥0

  • (∀0≤s≤t [x := y(s)]Q)→[x := y(t)]P
  • [′]

Γ ⊢ [x′ = f (x) & Q]P

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 12 / 13

slide-40
SLIDE 40

Taming Arithmetic: Creative Cuts

=R Γ, x = e ⊢ p(e), ∆ Γ, x = e ⊢ p(x), ∆ =L Γ, x = e, p(e) ⊢ ∆ Γ, x = e, p(x) ⊢ ∆ ∗

R

(x−y)2≤0 ⊢ x = y

WR

(x−y)2≤0 ⊢ x = y, p(x)

WL(x−y)2≤0, p(y) ⊢ x = y, p(x)

??

p(y), x = y ⊢ p(y)

=R

p(y), x = y ⊢ p(x)

WL(x−y)2≤0, p(y), x = y ⊢ p(x) cut

(x−y)2≤0, p(y) ⊢ p(x)

∧L

(x−y)2≤0 ∧ p(y) ⊢ p(x)

→R

⊢ (x−y)2≤0 ∧ p(y) → p(x)

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 13 / 13

slide-41
SLIDE 41

Andr´ e Platzer. Foundations of cyber-physical systems. Lecture Notes 15-424/624, Carnegie Mellon University, 2016. URL: http://www.cs.cmu.edu/~aplatzer/course/fcps16.html. Andr´ e Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg, 2010. doi:10.1007/978-3-642-14509-4.

Andr´ e Platzer (CMU) FCPS / 06: Truth & Proof 13 / 13