logical foundations of cyber physical systems
play

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr - PowerPoint PPT Presentation

Nov 17, 2023 •256 likes •1.53k views

13: Differential Invariants & Proof Theory Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/13: Differential Invariants & Proof

  1. Propositional Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is a propositional tautology then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. ∗ [:=] Q ⊢ [ x ′ := f ( x )]( F ) ′ F ↔ G propositionally equivalent, so ( F ) ′ ↔ ( G ) ′ propositionally equivalent G ⊢ [ x ′ = f ( x )& Q ] G dI since ( F 1 ∧ F 2 ) ′ ≡ ( F 1 ) ′ ∧ ( F 2 ) ′ . . . MR,cut F ⊢ [ x ′ = f ( x )& Q ] F Can use any propositional normal form André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

  2. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  3. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  4. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  5. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. ⊢ 0 ≤ − x ∧− x ≤ 0 [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  6. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. not valid ⊢ 0 ≤ − x ∧− x ≤ 0 [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  7. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. not valid ⊢ 0 ≤ − x ∧− x ≤ 0 [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) dI x 2 ≤ 5 2 ⊢ [ x ′ = − x ] x 2 ≤ 5 2 arithmetic equivalence − 5 ≤ x ∧ x ≤ 5 ↔ x 2 ≤ 5 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  8. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. not valid ⊢ 0 ≤ − x ∧− x ≤ 0 [:=] [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) ⊢ [ x ′ := − x ] 2 xx ′ ≤ 0 dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) dI x 2 ≤ 5 2 ⊢ [ x ′ = − x ] x 2 ≤ 5 2 arithmetic equivalence − 5 ≤ x ∧ x ≤ 5 ↔ x 2 ≤ 5 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  9. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. not valid R ⊢ 0 ≤ − x ∧− x ≤ 0 ⊢ − x 2 x ≤ 0 [:=] [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) ⊢ [ x ′ := − x ] 2 xx ′ ≤ 0 dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) dI x 2 ≤ 5 2 ⊢ [ x ′ = − x ] x 2 ≤ 5 2 arithmetic equivalence − 5 ≤ x ∧ x ≤ 5 ↔ x 2 ≤ 5 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  10. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. ∗ not valid R ⊢ 0 ≤ − x ∧− x ≤ 0 ⊢ − x 2 x ≤ 0 [:=] [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) ⊢ [ x ′ := − x ] 2 xx ′ ≤ 0 dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) dI x 2 ≤ 5 2 ⊢ [ x ′ = − x ] x 2 ≤ 5 2 arithmetic equivalence − 5 ≤ x ∧ x ≤ 5 ↔ x 2 ≤ 5 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  11. Arithmetic Equivalences of Differential Invariants Lemma (Differential invariants and propositional logic) If F ↔ G is real-arithmetic equivalence then F differential invariant of x ′ = f ( x )& Q G differential invariant of x ′ = f ( x )& Q iff Proof. ∗ not valid R ⊢ 0 ≤ − x ∧− x ≤ 0 ⊢ − x 2 x ≤ 0 [:=] [:=] ⊢ [ x ′ := − x ]( 0 ≤ x ′ ∧ x ′ ≤ 0 ) ⊢ [ x ′ := − x ] 2 xx ′ ≤ 0 dI − 5 ≤ x ∧ x ≤ 5 ⊢ [ x ′ = − x ]( − 5 ≤ x ∧ x ≤ 5 ) dI x 2 ≤ 5 2 ⊢ [ x ′ = − x ] x 2 ≤ 5 2 Despite arithmetic equivalence − 5 ≤ x ∧ x ≤ 5 ↔ x 2 ≤ 5 2 Differential structure matters! Higher degree helps here André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

  12. Different Differential Structure for Equivalent Solutions ≥ 0 p � p 8 15 6 4 10 2 4 x � 3 � 2 � 1 1 2 3 5 � 2 � 4 4 x � 3 � 2 � 1 1 2 3 � 6 p p � 4000 3000 3000 2000 1000 2000 4 x � 3 � 2 � 1 1 2 3 1000 � 1000 � 2000 4 x � 3 � 2 � 1 1 2 3 p � p 30 20 25 10 20 15 6 x � 2 2 4 10 � 10 5 6 x � 2 2 4 � 20 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

  13. Different Differential Structure for Equivalent Solutions ≥ 0 Same p ≥ 0. p � p 8 15 But different p ′ ≥ 0. 6 4 10 2 4 x � 3 � 2 � 1 1 2 3 5 � 2 � 4 4 x � 3 � 2 � 1 1 2 3 � 6 p p � 4000 3000 3000 2000 1000 2000 4 x � 3 � 2 � 1 1 2 3 1000 � 1000 � 2000 4 x � 3 � 2 � 1 1 2 3 p � p 30 20 25 10 20 15 6 x � 2 2 4 10 � 10 5 6 x � 2 2 4 � 20 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

  14. Different Differential Structure for Equivalent Solutions ≥ 0 Same p ≥ 0. p � p 8 15 But different p ′ ≥ 0. 6 4 10 2 Can still normalize 4 x � 3 � 2 � 1 1 2 3 5 � 2 atomic formulas to � 4 4 x e = 0 , e ≥ 0 , e > 0 � 3 � 2 � 1 1 2 3 � 6 p p � 4000 3000 3000 2000 1000 2000 4 x � 3 � 2 � 1 1 2 3 1000 � 1000 � 2000 4 x � 3 � 2 � 1 1 2 3 p � p 30 20 25 10 20 15 6 x � 2 2 4 10 � 10 5 6 x � 2 2 4 � 20 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

  15. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = DI = , ∧ , ∨ Proof core. Full: [6, 2]. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  16. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  17. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 e 1 = e 2 ∧ k 1 = k 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  18. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  19. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  20. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  21. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  22. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  23. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 ( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ � [ x ′ := f ( x )] � André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  24. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 ( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ � [ x ′ := f ( x )] � (( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 ) ′ = 0 So [ x ′ := f ( x )] � � ≡ [ x ′ := f ( x )] 2 ( e 1 − e 2 )(( e 1 ) ′ − ( e 2 ) ′ )+ 2 ( k 1 − k 2 )(( k 1 ) ′ − ( k 2 ) ′ )= 0 � � André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  25. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 ( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ � [ x ′ := f ( x )] � (( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 ) ′ = 0 So [ x ′ := f ( x )] � � ≡ [ x ′ := f ( x )] 2 ( e 1 − e 2 )(( e 1 ) ′ − ( e 2 ) ′ )+ 2 ( k 1 − k 2 )(( k 1 ) ′ − ( k 2 ) ′ )= 0 � � André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  26. Differential Invariant Equations Proposition (Equational deductive power [6, 2]) DI = ≡ DI = , ∧ , ∨ atomic equations are enough: Proof core. Full: [6, 2]. e 1 = e 2 ∨ k 1 = k 2 ↔ ( e 1 − e 2 )( k 1 − k 2 ) = 0 [ x ′ := f ( x )](( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ ) So [ x ′ := f ( x )](( e 1 − e 2 )( k 1 − k 2 )) ′ = 0 (( e 1 ) ′ − ( e 2 ) ′ )( k 1 − k 2 )+( e 1 − e 2 )(( k 1 ) ′ − ( k 2 ) ′ ) = 0 ≡ [ x ′ := f ( x )] � � e 1 = e 2 ∧ k 1 = k 2 ↔ ( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 = 0 ( e 1 ) ′ = ( e 2 ) ′ ∧ ( k 1 ) ′ = ( k 2 ) ′ � [ x ′ := f ( x )] � (( e 1 − e 2 ) 2 +( k 1 − k 2 ) 2 ) ′ = 0 So [ x ′ := f ( x )] � � ≡ [ x ′ := f ( x )] 2 ( e 1 − e 2 )(( e 1 ) ′ − ( e 2 ) ′ )+ 2 ( k 1 − k 2 )(( k 1 ) ′ − ( k 2 ) ′ )= 0 � � André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

  27. Equational Proposition (Equational [2]) DI = ≡ DI = , ∧ , ∨ DI DI ≥ DI = Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  28. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  29. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  30. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  31. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  32. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = R ⊢ 5 ≥ 0 ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  33. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ∗ R ⊢ 5 ≥ 0 ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

  34. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 1 2 4 a c e b d f Example (Vector Spaces Isomorphic or Not) y ′ y x ′ x André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  35. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 1 2 4 a c e b d f Example (Vector Spaces Isomorphic or Not) y ′ y x ′ x André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  36. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 5 1 2 4 1 2 3 4 6 a c e a c e b d f b d Example (Vector Spaces Isomorphic or Not) y ′ y x ′ x André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  37. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 5 1 2 4 1 2 3 4 6 a c e a c e b d f b d criterion: cardinality |{ 1 ,..., 6 }| = 6 � = |{ a , b , c , d , e }| = 5 Need an indirect criterion especially if these sets are infinite Example (Vector Spaces Isomorphic or Not) y ′ y x ′ x André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  38. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 5 1 2 4 1 2 3 4 6 a c e a c e b d f b d criterion: cardinality |{ 1 ,..., 6 }| = 6 � = |{ a , b , c , d , e }| = 5 Need an indirect criterion especially if these sets are infinite Example (Vector Spaces Isomorphic or Not) y ′ y x ′ x André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  39. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 5 1 2 4 1 2 3 4 6 a c e a c e b d f b d criterion: cardinality |{ 1 ,..., 6 }| = 6 � = |{ a , b , c , d , e }| = 5 Need an indirect criterion especially if these sets are infinite Example (Vector Spaces Isomorphic or Not) y ′ y ′ y y x ′ x ′ x x z André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  40. Proving Differences in Set Theory & Linear Algebra Example (Sets Bijective or Not) 3 5 6 5 1 2 4 1 2 3 4 6 a c e a c e b d f b d criterion: cardinality |{ 1 ,..., 6 }| = 6 � = |{ a , b , c , d , e }| = 5 Need an indirect criterion especially if these sets are infinite Example (Vector Spaces Isomorphic or Not) y ′ y ′ y y x ′ x ′ x x criterion: dimension 3 � = 2 z André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

  41. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ∗ R ⊢ 5 ≥ 0 ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  42. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ∗ R ⊢ 5 ≥ 0 ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 cut,MR André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  43. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ∗ R ⊢ 5 ≥ 0 p ( x ) = 0 ⊢ [ x ′ = 5 ] p ( x ) = 0 dI ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 cut,MR André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  44. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ∗ ⊢ [ x ′ := 5 ]( p ( x )) ′ = 0 R ⊢ 5 ≥ 0 p ( x ) = 0 ⊢ [ x ′ = 5 ] p ( x ) = 0 dI ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 cut,MR André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  45. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ??? ∗ ⊢ [ x ′ := 5 ]( p ( x )) ′ = 0 R ⊢ 5 ≥ 0 p ( x ) = 0 ⊢ [ x ′ = 5 ] p ( x ) = 0 dI ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 cut,MR André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  46. Equational Incompleteness Proposition (Equational incompleteness [2]) DI = ≡ DI = , ∧ , ∨ < DI since DI ≥ �≤ DI = Equations are not enough: Proof core. Provable with DI ≥ Unprovable with DI = ??? ∗ ⊢ [ x ′ := 5 ]( p ( x )) ′ = 0 R ⊢ 5 ≥ 0 p ( x ) = 0 ⊢ [ x ′ = 5 ] p ( x ) = 0 dI ⊢ [ x ′ := 5 ] x ′ ≥ 0 [:=] x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 dI x ≥ 0 ⊢ [ x ′ = 5 ] x ≥ 0 cut,MR Univariate polynomial p ( x ) is 0 if 0 on all x ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

  47. Strict Inequality Proposition (Strict barrier ) DI > DI DI = DI > Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  48. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  49. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  50. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  51. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  52. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > R ⊢ 2 vw + 2 w ( − v ) = 0 ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  53. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > ∗ R ⊢ 2 vw + 2 w ( − v ) = 0 ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  54. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > ∗ e > 0 is open set. R ⊢ 2 vw + 2 w ( − v ) = 0 ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 v 2 + w 2 = c 2 is a closed set closed v 2 + w 2 ≤ 1 open v 2 + w 2 < 1 with full boundary without boundary André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  55. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > ∗ e > 0 is open set. R ⊢ 2 vw + 2 w ( − v ) = 0 Only true / false are ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] both dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 v 2 + w 2 = c 2 is a closed set closed v 2 + w 2 ≤ 1 open v 2 + w 2 < 1 with full boundary without boundary André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  56. Strict Inequality Incompleteness Proposition (Strict barrier incompleteness) DI > < DI because DI = �≤ DI > Strict inequalities are not enough: Proof core. Provable with DI = Unprovable with DI > ∗ e > 0 is open set. R ⊢ 2 vw + 2 w ( − v ) = 0 Only true / false are ⊢ [ v ′ := w ][ w ′ := − v ] 2 vv ′ + 2 ww ′ = 0 [:=] both dI v 2 + w 2 = c 2 ⊢ [ v ′ = w , w ′ = − v ] v 2 + w 2 = c 2 but don’t help proof v 2 + w 2 = c 2 is a closed set closed v 2 + w 2 ≤ 1 open v 2 + w 2 < 1 with full boundary without boundary André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

  57. Differential Invariant Equations to Inequalities Proposition (Equational ) DI = , ∧ , ∨ DI ≥ Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  58. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  59. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  60. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  61. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ Q ⊢ [ x ′ := f ( x )]( e ) ′ = 0 dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  62. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ ∗ Q ⊢ [ x ′ := f ( x )]( e ) ′ = 0 dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  63. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ ∗ Q ⊢ [ x ′ := f ( x )]( e ) ′ = 0 dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 dI − e 2 ≥ 0 ⊢ [ x ′ = f ( x )& Q ]( − e 2 ≥ 0 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  64. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ ∗ Q ⊢ [ x ′ := f ( x )]( e ) ′ = 0 Q ⊢ [ x ′ := f ( x )] − 2 e ( e ) ′ ≥ 0 dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 dI − e 2 ≥ 0 ⊢ [ x ′ = f ( x )& Q ]( − e 2 ≥ 0 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  65. Differential Invariant Equations to Inequalities Proposition (Equational definability) DI = , ∧ , ∨ ≤ DI ≥ Equations are definable by weak inequalities: Proof core. Provable with DI = Provable with DI ≥ ∗ ∗ Q ⊢ [ x ′ := f ( x )]( e ) ′ = 0 Q ⊢ [ x ′ := f ( x )] − 2 e ( e ) ′ ≥ 0 dI e = 0 ⊢ [ x ′ = f ( x )& Q ] e = 0 dI − e 2 ≥ 0 ⊢ [ x ′ = f ( x )& Q ]( − e 2 ≥ 0 ) Local view of logic on differentials is crucial for this proof. Degree increases André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

  66. Differential Invariant Atoms Theorem (Atomic ) DI ≥ DI ≥ , ∧ , ∨ and DI > DI >, ∧ , ∨ Proof idea. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  67. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  68. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. Provable with DI ≥ , ∧ , ∨ Unprovable with DI ≥ André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  69. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. Provable with DI ≥ , ∧ , ∨ Unprovable with DI ≥ ∗ ⊢ 5 ≥ 0 ∧ y 2 ≥ 0 R [:=] ⊢ [ x ′ := 5 ][ y ′ := y 2 ]( x ′ ≥ 0 ∧ y ′ ≥ 0 ) dI x ≥ 0 ∧ y ≥ 0 ⊢ [ x ′ = 5 , y ′ = y 2 ]( x ≥ 0 ∧ y ≥ 0 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  70. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. Provable with DI ≥ , ∧ , ∨ Unprovable with DI ≥ p ( x , y ) ≥ 0 ↔ x ≥ 0 ∧ y ≥ 0 impossible since this implies ∗ p ( x , 0 ) ≥ 0 ↔ x ≥ 0 ⊢ 5 ≥ 0 ∧ y 2 ≥ 0 R so p ( x , 0 ) is 0 [:=] ⊢ [ x ′ := 5 ][ y ′ := y 2 ]( x ′ ≥ 0 ∧ y ′ ≥ 0 ) dI x ≥ 0 ∧ y ≥ 0 ⊢ [ x ′ = 5 , y ′ = y 2 ]( x ≥ 0 ∧ y ≥ 0 ) André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  71. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. Provable with DI ≥ , ∧ , ∨ Unprovable with DI ≥ p ( x , y ) ≥ 0 ↔ x ≥ 0 ∧ y ≥ 0 impossible since this implies ∗ p ( x , 0 ) ≥ 0 ↔ x ≥ 0 ⊢ 5 ≥ 0 ∧ y 2 ≥ 0 R so p ( x , 0 ) is 0 [:=] ⊢ [ x ′ := 5 ][ y ′ := y 2 ]( x ′ ≥ 0 ∧ y ′ ≥ 0 ) dI x ≥ 0 ∧ y ≥ 0 ⊢ [ x ′ = 5 , y ′ = y 2 ]( x ≥ 0 ∧ y ≥ 0 ) Substantial remaining parts of the proof shown elsewhere [2]. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  72. Differential Invariant Atoms Theorem (Atomic incompleteness) DI ≥ < DI ≥ , ∧ , ∨ and DI > < DI >, ∧ , ∨ Atomic inequalities not enough: Proof idea. Provable with DI ≥ , ∧ , ∨ Unprovable with DI ≥ p ( x , y ) ≥ 0 ↔ x ≥ 0 ∧ y ≥ 0 impossible since this implies ∗ p ( x , 0 ) ≥ 0 ↔ x ≥ 0 ⊢ 5 ≥ 0 ∧ y 2 ≥ 0 R so p ( x , 0 ) is 0 [:=] ⊢ [ x ′ := 5 ][ y ′ := y 2 ]( x ′ ≥ 0 ∧ y ′ ≥ 0 ) dI x ≥ 0 ∧ y ≥ 0 ⊢ [ x ′ = 5 , y ′ = y 2 ]( x ≥ 0 ∧ y ≥ 0 ) Substantial remaining parts of the proof shown elsewhere [2]. dC still possible here but more involved argument separates. André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  73. Outline Learning Objectives 1 Recap: Proofs for Differential Equations 2 3 Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms Differential Cut Power & Differential Ghost Power 4 5 Curves Playing with Norms and Degrees Summary 6 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

  74. Deductive Power of Differential Cuts & Differential Ghosts Theorem (Gentzen’s Cut Elimination) (1935) A ⊢ B ∨ C A ∧ C ⊢ B cut can be eliminated A ⊢ B Theorem (No Differential Cut Elimination) (LMCS 2012) Deductive power with differential cuts exceeds deductive power without. DI + DC > DI Theorem (Auxiliary Differential Variables) (LMCS 2012) Deductive power with differential ghosts exceeds power without. DI + DC + DG > DI + DC André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 17 / 23

  75. Ex: The Need for Differential Cuts dI x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

  76. Ex: The Need for Differential Cuts ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 3 x 2 x ′ ≥ 0 [:=] dI x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

  77. Ex: The Need for Differential Cuts ⊢ 3 x 2 (( x − 2 ) 4 + y 5 ) ≥ 0 ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 3 x 2 x ′ ≥ 0 [:=] dI x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

  78. Ex: The Need for Differential Cuts not valid ⊢ 3 x 2 (( x − 2 ) 4 + y 5 ) ≥ 0 ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 3 x 2 x ′ ≥ 0 [:=] dI x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

  79. Ex: The Need for Differential Cuts not valid ⊢ 3 x 2 (( x − 2 ) 4 + y 5 ) ≥ 0 ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 3 x 2 x ′ ≥ 0 [:=] dI x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 Have to know something about y 5 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

  80. Ex: Differential Cuts dC x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

  81. Ex: Differential Cuts dC x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 dI y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] y 5 ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

  82. Ex: Differential Cuts dC x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 5 y 4 y ′ ≥ 0 [:=] dI y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] y 5 ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

  83. Ex: Differential Cuts dC x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 ⊢ 5 y 4 y 2 ≥ 0 R ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 5 y 4 y ′ ≥ 0 [:=] dI y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] y 5 ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

  84. Ex: Differential Cuts dC x 3 ≥ − 1 ∧ y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] x 3 ≥ − 1 ∗ ⊢ 5 y 4 y 2 ≥ 0 R ⊢ [ x ′ :=( x − 2 ) 4 + y 5 ][ y ′ := y 2 ] 5 y 4 y ′ ≥ 0 [:=] dI y 5 ≥ 0 ⊢ [ x ′ = ( x − 2 ) 4 + y 5 , y ′ = y 2 ] y 5 ≥ 0 André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma

Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma

Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma December 10, 2018 1 / 10 Goal Develop a focused version of Differential Dynamic Logic(d L ) [3], with the intent that it serve as a basis for

260 views • 10 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06:

06: Truth &amp; Proof Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06: Truth &amp; Proof LFCPS/06 1 / 23 Outline Learning Objectives

1.77k views • 145 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/09:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/09:

09: Reactions &amp; Delays Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/09: Reactions &amp; Delays LFCPS/09 1 / 17 Outline Learning

799 views • 59 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/08:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/08:

08: Events &amp; Responses Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/08: Events &amp; Responses LFCPS/08 1 / 20 Outline Learning

719 views • 56 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/04:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/04:

04: Safety &amp; Contracts Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/04: Safety &amp; Contracts LFCPS/04 1 / 16 Outline Learning

1.12k views • 80 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/01:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/01:

Logical Foundations of Cyber-Physical Systems 01: Cyber-Physical Systems: Overview Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/01: Overview LFCPS/01 1 / 28 Outline CPS:

934 views • 49 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/21:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/21:

21: Virtual Substitution &amp; Real Arithmetic Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/21: Virtual Substitution &amp; Real

865 views • 84 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/14:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/14:

14: Hybrid Systems &amp; Games Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/14: Hybrid Systems &amp; Games LFCPS/14 1 / 24 Outline

1.07k views • 102 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/10:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/10:

10: Differential Equations &amp; Differential Invariants Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/10: Differential Equations &amp;

1.02k views • 86 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/20:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/20:

20: Virtual Substitution &amp; Real Equations Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/20: Virtual Substitution &amp; Real Equations

3.49k views • 114 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/17:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/17:

17: Game Proofs &amp; Separations Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/17: Game Proofs &amp; Separations LFCPS/17 1 / 25

1.26k views • 96 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/02:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/02:

02: Differential Equations &amp; Domains Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/02: Differential Equations &amp; Domains LFCPS/02

788 views • 78 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/11:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/11:

11: Differential Equations &amp; Proofs Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/11: Differential Equations &amp; Proofs LFCPS/11

1.49k views • 111 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/07:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/07:

07: Control Loops &amp; Invariants Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/07: Control Loops &amp; Invariants LFCPS/07 1 / 16

1.45k views • 118 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/15:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/15:

15: Winning Strategies &amp; Regions Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/15: Winning Strategies &amp; Regions LFCPS/15 1 / 23

1.02k views • 101 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/18:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/18:

18: Axioms &amp; Uniform Substitutions Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/18: Axioms &amp; Uniform Substitutions LFCPS/18 1

1.96k views • 170 slides
Quaternions Alan Pryde 24/11/11 1 . Introduction The set H of quaternions was first described by

Quaternions Alan Pryde 24/11/11 1 . Introduction The set H of quaternions was first described by

Quaternions Alan Pryde 24/11/11 1 . Introduction The set H of quaternions was first described by William Hamilton in 1843. It is defined to be the associative algebra over the reals generated by the four elements 1, i , j , k with the relations i 2

340 views • 4 slides
On computing quadrature-based bounds for the A -norm of the error in conjugate gradients Petr

On computing quadrature-based bounds for the A -norm of the error in conjugate gradients Petr

On computing quadrature-based bounds for the A -norm of the error in conjugate gradients Petr Tich joint work with Gerard Meurant and Zdenk Strako Institute of Computer Science, Academy of Sciences of the Czech Republic September 13,

1.07k views • 29 slides
Optimal Left and Right Additive Schwarz Preconditioning for Minimal Residual Methods with

Optimal Left and Right Additive Schwarz Preconditioning for Minimal Residual Methods with

Optimal Left and Right Additive Schwarz Preconditioning for Minimal Residual Methods with Euclidean and Energy Norms Marcus Sarkis Worcester Polytechnic Inst., Mass. and IMPA, Rio de Janeiro and Daniel B. Szyld Temple University,

321 views • 28 slides
Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer

Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer

Approximating a tensor as a sum of rank-one components Petros Drineas Petros Drineas Rensselaer Polytechnic Institute Computer Science Department To access my web page: drineas Research interests in my group Algorithmic tools (Randomized,

340 views • 32 slides
The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar

The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar

Motivation Preliminaries Rigidity in infinite frameworks Euclidean and polyhedral normed spaces Questions? The Rigidity of Infinite Frameworks in Euclidean and Polyhedral Normed Spaces Sean Dewar Lancaster University, Department of

616 views • 40 slides
Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh

Learning Regularizers From Data Venkat Chandrasekaran Caltech Joint work with Yong Sheng Soh Variational Perspective on Inference o Loss ensures fidelity to observed data o Based on the specific inverse problem one wishes to solve o Regularizer

580 views • 31 slides
CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The

Assignment #5 CISC 323 (Week 11) Due Date: Thursday, April 7, 2005 (3:00pm) Architectural Styles The only task: Write a complete CD catalog program with editing features, following your design from Assignment 4. You may re-use any

168 views • 6 slides
10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and

SwarmCreativity &amp; COINs 10. Knowledge Flow Optimization 9/22/2005 Peter Gloor pgloor@mit.edu Aligning process and organization by knowledge flow Communication flow Business process (Relationships) Org. structure Department Manager +

440 views • 22 slides

More recommend