Logical Foundations of Cyber-Physical Systems Andr Platzer Andr - - PowerPoint PPT Presentation

logical foundations of cyber physical systems
SMART_READER_LITE
LIVE PREVIEW

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr - - PowerPoint PPT Presentation

Nov 17, 2023 256 likes •1.54k views

13: Differential Invariants & Proof Theory Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/13: Differential Invariants & Proof

slide-1
SLIDE 1

13: Differential Invariants & Proof Theory

Logical Foundations of Cyber-Physical Systems

Logical Foundations of Cyber-Physical Systems

André Platzer

André Platzer

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 1 / 23

slide-2
SLIDE 2

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 2 / 23

slide-3
SLIDE 3

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 2 / 23

slide-4
SLIDE 4

Learning Objectives

Differential Invariants & Proof Theory

CT M&C CPS limits of computation proof theory for differential equations provability of differential equations nonprovability of differential equations proofs about proofs relativity theory of proofs inform differential invariant search intuition for differential equation proofs core argumentative principles tame analytic complexity improved analysis

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 3 / 23

slide-5
SLIDE 5

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 3 / 23

slide-6
SLIDE 6

Differential Invariants for Differential Equations

Differential Weakening Q ⊢ F P ⊢ [x′ = f(x)&Q]F

t x Q w u r x′ = f(x) & Q ¬Q

Differential Invariant Q ⊢ [x′ := f(x)](F)′ F ⊢ [x′ = f(x)&Q]F Differential Cut F ⊢ [x′ = f(x)&Q]C F ⊢ [x′ = f(x)&Q ∧ C]F F ⊢ [x′ = f(x)&Q]F DW [x′ = f(x)&Q]F ↔ [x′ = f(x)&Q](Q → F) DI [x′ = f(x)&Q]F ←

  • Q → F ∧[x′ = f(x)&Q](F)′

DC

  • [x′ = f(x)&Q]F ↔ [x′ = f(x)&Q ∧ C]F
  • ← [x′ = f(x)&Q]C

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 5 / 23

slide-7
SLIDE 7

Differential Invariants for Differential Equations

Differential Weakening Q ⊢ F P ⊢ [x′ = f(x)&Q]F

t x Q w u r x′ = f(x) & Q ¬Q

Differential Invariant Q ⊢ [x′ := f(x)](F)′ F ⊢ [x′ = f(x)&Q]F Differential Cut F ⊢ [x′ = f(x)&Q]C F ⊢ [x′ = f(x)&Q ∧ C]F F ⊢ [x′ = f(x)&Q]F DW [x′ = f(x)&Q]F ↔ [x′ = f(x)&Q](Q → F) DI [x′ = f(x)&Q]F ←

  • Q → F ∧[x′ = f(x)&Q](F)′

DC

  • [x′ = f(x)&Q]F ↔ [x′ = f(x)&Q ∧ C]F
  • ← [x′ = f(x)&Q]C

DE [x′ = f(x)&Q]F ↔ [x′ = f(x)&Q][x′ := f(x)]F

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 5 / 23

slide-8
SLIDE 8

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 5 / 23

slide-9
SLIDE 9

Relativity Theory of Proofs

Differential Invariant Q ⊢ [x′ := f(x)](F)′ F ⊢ [x′ = f(x)&Q]F But generalizations are helpful to find the right F in the first place:

cut,MR

A ⊢ F F ⊢ [x′ = f(x)&Q]F F ⊢ B A ⊢ [x′ = f(x)&Q]B

Compare Provability with Classes Ω of Differential Invariants DIΩ : properties provable with differential invariants in Ω⊆{≥,>,=,∧,∨} A ≤ B iff all properties provable with A are also provable somehow with B A ≤ B otherwise, i.e., some property can be proved with A but not with B A ≡ B iff A ≤ B and B ≤ A so same deductive power A < B iff A ≤ B and B ≤ A so A has strictly less deductive power

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 6 / 23

slide-10
SLIDE 10

Relativity Theory of Proofs

Differential Invariant Q ⊢ [x′ := f(x)](F)′ F ⊢ [x′ = f(x)&Q]F

DIe=k≡DIe=0 by considering (e − k) = 0

But generalizations are helpful to find the right F in the first place:

cut,MR

A ⊢ F F ⊢ [x′ = f(x)&Q]F F ⊢ B A ⊢ [x′ = f(x)&Q]B

Compare Provability with Classes Ω of Differential Invariants DIΩ : properties provable with differential invariants in Ω⊆{≥,>,=,∧,∨} A ≤ B iff all properties provable with A are also provable somehow with B A ≤ B otherwise, i.e., some property can be proved with A but not with B A ≡ B iff A ≤ B and B ≤ A so same deductive power A < B iff A ≤ B and B ≤ A so A has strictly less deductive power

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 6 / 23

slide-11
SLIDE 11

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-12
SLIDE 12

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

MR,cutF ⊢ [x′ = f(x)&Q]F

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-13
SLIDE 13

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

dI

G ⊢ [x′ = f(x)&Q]G

MR,cutF ⊢ [x′ = f(x)&Q]F

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-14
SLIDE 14

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

[:=] Q ⊢ [x′:=f(x)](G)′

dI

G ⊢ [x′ = f(x)&Q]G

MR,cutF ⊢ [x′ = f(x)&Q]F

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-15
SLIDE 15

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof. ∗

[:=] Q ⊢ [x′:=f(x)](F)′

dI

G ⊢ [x′ = f(x)&Q]G

MR,cutF ⊢ [x′ = f(x)&Q]F

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-16
SLIDE 16

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof. ∗

[:=] Q ⊢ [x′:=f(x)](F)′

dI

G ⊢ [x′ = f(x)&Q]G

MR,cutF ⊢ [x′ = f(x)&Q]F

F ↔ G propositionally equivalent, so

(F)′ ↔ (G)′ propositionally equivalent

Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-17
SLIDE 17

Propositional Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is a propositional tautology then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof. ∗

[:=] Q ⊢ [x′:=f(x)](F)′

dI

G ⊢ [x′ = f(x)&Q]G

MR,cutF ⊢ [x′ = f(x)&Q]F

F ↔ G propositionally equivalent, so

(F)′ ↔ (G)′ propositionally equivalent

since (F1 ∧ F2)′ ≡ (F1)′ ∧(F2)′ . . . Can use any propositional normal form

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 7 / 23

slide-18
SLIDE 18

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-19
SLIDE 19

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-20
SLIDE 20

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-21
SLIDE 21

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof. ⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-22
SLIDE 22

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-23
SLIDE 23

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5) dI x2≤52 ⊢ [x′ = −x]x2≤52

arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-24
SLIDE 24

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

[:=]

⊢ [x′:=−x]2xx′≤0

dI x2≤52 ⊢ [x′ = −x]x2≤52

arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-25
SLIDE 25

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

R

⊢ −x2x≤0

[:=]

⊢ [x′:=−x]2xx′≤0

dI x2≤52 ⊢ [x′ = −x]x2≤52

arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-26
SLIDE 26

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

R

⊢ −x2x≤0

[:=]

⊢ [x′:=−x]2xx′≤0

dI x2≤52 ⊢ [x′ = −x]x2≤52

arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-27
SLIDE 27

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

R

⊢ −x2x≤0

[:=]

⊢ [x′:=−x]2xx′≤0

dI x2≤52 ⊢ [x′ = −x]x2≤52

Despite arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52 Differential structure matters! Higher degree helps here

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 8 / 23

slide-28
SLIDE 28

Different Differential Structure for Equivalent Solutions ≥0

3 2 1 1 2 3 4 x 5 10 15 p 3 2 1 1 2 3 4 x 6 4 2 2 4 6 8 p 3 2 1 1 2 3 4 x 1000 2000 3000 4000 p 3 2 1 1 2 3 4 x 2000 1000 1000 2000 3000 p 2 2 4 6 x 5 10 15 20 25 30 p 2 2 4 6 x 20 10 10 20 p

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

slide-29
SLIDE 29

Different Differential Structure for Equivalent Solutions ≥0

3 2 1 1 2 3 4 x 5 10 15 p 3 2 1 1 2 3 4 x 6 4 2 2 4 6 8 p 3 2 1 1 2 3 4 x 1000 2000 3000 4000 p 3 2 1 1 2 3 4 x 2000 1000 1000 2000 3000 p 2 2 4 6 x 5 10 15 20 25 30 p 2 2 4 6 x 20 10 10 20 p

Same p ≥ 0. But different p′ ≥ 0.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

slide-30
SLIDE 30

Different Differential Structure for Equivalent Solutions ≥0

3 2 1 1 2 3 4 x 5 10 15 p 3 2 1 1 2 3 4 x 6 4 2 2 4 6 8 p 3 2 1 1 2 3 4 x 1000 2000 3000 4000 p 3 2 1 1 2 3 4 x 2000 1000 1000 2000 3000 p 2 2 4 6 x 5 10 15 20 25 30 p 2 2 4 6 x 20 10 10 20 p

Same p ≥ 0. But different p′ ≥ 0. Can still normalize atomic formulas to e = 0,e ≥ 0,e > 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 9 / 23

slide-31
SLIDE 31

Differential Invariant Equations

Proposition (Equational deductive power [6, 2]) DI= DI=,∧,∨ Proof core. Full: [6, 2].

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-32
SLIDE 32

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-33
SLIDE 33

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 e1 = e2 ∧ k1 = k2

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-34
SLIDE 34

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0 e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-35
SLIDE 35

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-36
SLIDE 36

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-37
SLIDE 37

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-38
SLIDE 38

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-39
SLIDE 39

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

[x′:=f(x)]

  • (e1)′ = (e2)′ ∧(k1)′ = (k2)′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-40
SLIDE 40

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

[x′:=f(x)]

  • (e1)′ = (e2)′ ∧(k1)′ = (k2)′

So [x′:=f(x)]

  • ((e1 − e2)2 +(k1 − k2)2)′=0
  • ≡ [x′:=f(x)]
  • 2(e1−e2)((e1)′−(e2)′)+ 2(k1−k2)((k1)′−(k2)′)=0
  • André Platzer (CMU)

LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-41
SLIDE 41

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

[x′:=f(x)]

  • (e1)′ = (e2)′ ∧(k1)′ = (k2)′

So [x′:=f(x)]

  • ((e1 − e2)2 +(k1 − k2)2)′=0
  • ≡ [x′:=f(x)]
  • 2(e1−e2)((e1)′−(e2)′)+ 2(k1−k2)((k1)′−(k2)′)=0
  • André Platzer (CMU)

LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-42
SLIDE 42

Differential Invariant Equations

Proposition (Equational deductive power [6, 2])

atomic equations are enough:

DI= ≡ DI=,∧,∨ Proof core. Full: [6, 2].

e1 = e2 ∨ k1 = k2 ↔ (e1 − e2)(k1 − k2) = 0

[x′:=f(x)]((e1)′ = (e2)′ ∧(k1)′ = (k2)′)

So [x′:=f(x)]((e1 − e2)(k1 − k2))′ = 0

≡[x′:=f(x)]

  • ((e1)′ −(e2)′)(k1 − k2)+(e1 − e2)((k1)′ −(k2)′) = 0
  • e1 = e2 ∧ k1 = k2 ↔ (e1 − e2)2 +(k1 − k2)2 = 0

[x′:=f(x)]

  • (e1)′ = (e2)′ ∧(k1)′ = (k2)′

So [x′:=f(x)]

  • ((e1 − e2)2 +(k1 − k2)2)′=0
  • ≡ [x′:=f(x)]
  • 2(e1−e2)((e1)′−(e2)′)+ 2(k1−k2)((k1)′−(k2)′)=0
  • André Platzer (CMU)

LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 10 / 23

slide-43
SLIDE 43

Equational

Proposition (Equational [2]) DI=≡DI=,∧,∨ DI DI≥ DI= Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-44
SLIDE 44

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-45
SLIDE 45

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥ Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-46
SLIDE 46

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-47
SLIDE 47

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-48
SLIDE 48

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-49
SLIDE 49

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 11 / 23

slide-50
SLIDE 50

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f

Example (Vector Spaces Isomorphic or Not)

x y x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-51
SLIDE 51

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f

Example (Vector Spaces Isomorphic or Not)

x y x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-52
SLIDE 52

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f 1 2 3 4 5 6 a b c d e

Example (Vector Spaces Isomorphic or Not)

x y x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-53
SLIDE 53

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f 1 2 3 4 5 6 a b c d e criterion: cardinality |{1,...,6}| = 6 = |{a,b,c,d,e}| = 5 Need an indirect criterion especially if these sets are infinite

Example (Vector Spaces Isomorphic or Not)

x y x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-54
SLIDE 54

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f 1 2 3 4 5 6 a b c d e criterion: cardinality |{1,...,6}| = 6 = |{a,b,c,d,e}| = 5 Need an indirect criterion especially if these sets are infinite

Example (Vector Spaces Isomorphic or Not)

x y x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-55
SLIDE 55

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f 1 2 3 4 5 6 a b c d e criterion: cardinality |{1,...,6}| = 6 = |{a,b,c,d,e}| = 5 Need an indirect criterion especially if these sets are infinite

Example (Vector Spaces Isomorphic or Not)

x y x′ y′ x y z x′ y′

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-56
SLIDE 56

Proving Differences in Set Theory & Linear Algebra

Example (Sets Bijective or Not)

1 2 3 4 5 6 a b c d e f 1 2 3 4 5 6 a b c d e criterion: cardinality |{1,...,6}| = 6 = |{a,b,c,d,e}| = 5 Need an indirect criterion especially if these sets are infinite

Example (Vector Spaces Isomorphic or Not)

x y x′ y′ x y z x′ y′ criterion: dimension 3 = 2

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 12 / 23

slide-57
SLIDE 57

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-58
SLIDE 58

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

cut,MR

x ≥ 0 ⊢ [x′ = 5]x ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-59
SLIDE 59

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

dI

p(x) = 0 ⊢ [x′ = 5]p(x) = 0

cut,MR

x ≥ 0 ⊢ [x′ = 5]x ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-60
SLIDE 60

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

⊢ [x′:=5](p(x))′ = 0

dI

p(x) = 0 ⊢ [x′ = 5]p(x) = 0

cut,MR

x ≥ 0 ⊢ [x′ = 5]x ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-61
SLIDE 61

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

??? ⊢ [x′:=5](p(x))′ = 0

dI

p(x) = 0 ⊢ [x′ = 5]p(x) = 0

cut,MR

x ≥ 0 ⊢ [x′ = 5]x ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-62
SLIDE 62

Equational Incompleteness

Proposition (Equational incompleteness [2])

Equations are not enough:

DI=≡DI=,∧,∨ < DI since DI≥ ≤ DI= Proof core.

Provable with DI≥

R

⊢ 5 ≥ 0

[:=]

⊢ [x′:=5]x′ ≥ 0

dI x ≥ 0 ⊢ [x′ = 5]x ≥ 0

Unprovable with DI=

??? ⊢ [x′:=5](p(x))′ = 0

dI

p(x) = 0 ⊢ [x′ = 5]p(x) = 0

cut,MR

x ≥ 0 ⊢ [x′ = 5]x ≥ 0 Univariate polynomial p(x) is 0 if 0 on all x≥0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 13 / 23

slide-63
SLIDE 63

Strict Inequality

Proposition (Strict barrier ) DI> DI DI= DI> Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-64
SLIDE 64

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-65
SLIDE 65

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI= Unprovable with DI>

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-66
SLIDE 66

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

Unprovable with DI>

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-67
SLIDE 67

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

Unprovable with DI>

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-68
SLIDE 68

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

R

⊢ 2vw + 2w(−v) = 0

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

Unprovable with DI>

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-69
SLIDE 69

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

R

⊢ 2vw + 2w(−v) = 0

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

Unprovable with DI>

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-70
SLIDE 70

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

R

⊢ 2vw + 2w(−v) = 0

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

v2+w2=c2 is a closed set Unprovable with DI> e > 0 is open set. closed v2+w2≤1 with full boundary

  • pen v2+w2<1

without boundary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-71
SLIDE 71

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

R

⊢ 2vw + 2w(−v) = 0

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

v2+w2=c2 is a closed set Unprovable with DI> e > 0 is open set. Only true/false are both closed v2+w2≤1 with full boundary

  • pen v2+w2<1

without boundary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-72
SLIDE 72

Strict Inequality Incompleteness

Proposition (Strict barrier incompleteness)

Strict inequalities are not enough:

DI> < DI because DI= ≤ DI> Proof core.

Provable with DI=

R

⊢ 2vw + 2w(−v) = 0

[:=]

⊢ [v′:=w][w′:=−v]2vv′ + 2ww′ = 0

dI v2+w2=c2 ⊢ [v′ = w,w′ = −v]v2+w2=c2

v2+w2=c2 is a closed set Unprovable with DI> e > 0 is open set. Only true/false are both but don’t help proof closed v2+w2≤1 with full boundary

  • pen v2+w2<1

without boundary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 14 / 23

slide-73
SLIDE 73

Differential Invariant Equations to Inequalities

Proposition (Equational ) DI=,∧,∨ DI≥ Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-74
SLIDE 74

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-75
SLIDE 75

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI= Provable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-76
SLIDE 76

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI=

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-77
SLIDE 77

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI= Q ⊢ [x′:=f(x)](e)′ = 0

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-78
SLIDE 78

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI=

Q ⊢ [x′:=f(x)](e)′ = 0

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-79
SLIDE 79

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI=

Q ⊢ [x′:=f(x)](e)′ = 0

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥

dI−e2 ≥ 0 ⊢ [x′ = f(x)&Q](−e2 ≥ 0)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-80
SLIDE 80

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI=

Q ⊢ [x′:=f(x)](e)′ = 0

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥ Q ⊢ [x′:=f(x)]− 2e(e)′ ≥ 0

dI−e2 ≥ 0 ⊢ [x′ = f(x)&Q](−e2 ≥ 0)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-81
SLIDE 81

Differential Invariant Equations to Inequalities

Proposition (Equational definability)

Equations are definable by weak inequalities:

DI=,∧,∨ ≤ DI≥ Proof core.

Provable with DI=

Q ⊢ [x′:=f(x)](e)′ = 0

dIe = 0 ⊢ [x′ = f(x)&Q]e = 0

Provable with DI≥

Q ⊢ [x′:=f(x)]− 2e(e)′ ≥ 0

dI−e2 ≥ 0 ⊢ [x′ = f(x)&Q](−e2 ≥ 0)

Local view of logic on differentials is crucial for this proof. Degree increases

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 15 / 23

slide-82
SLIDE 82

Differential Invariant Atoms

Theorem (Atomic ) DI≥ DI≥,∧,∨ and DI> DI>,∧,∨ Proof idea.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-83
SLIDE 83

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-84
SLIDE 84

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

Provable with DI≥,∧,∨ Unprovable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-85
SLIDE 85

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

Provable with DI≥,∧,∨

R

⊢ 5 ≥ 0∧ y2 ≥ 0

[:=]

⊢ [x′:=5][y′:=y2](x′≥0∧y′≥0)

dI x≥0∧y≥0 ⊢ [x′ = 5,y′ = y2](x≥0∧y≥0)

Unprovable with DI≥

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-86
SLIDE 86

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

Provable with DI≥,∧,∨

R

⊢ 5 ≥ 0∧ y2 ≥ 0

[:=]

⊢ [x′:=5][y′:=y2](x′≥0∧y′≥0)

dI x≥0∧y≥0 ⊢ [x′ = 5,y′ = y2](x≥0∧y≥0)

Unprovable with DI≥ p(x,y)≥0 ↔ x≥0∧y≥0 impossible since this implies p(x,0)≥0 ↔ x≥0 so p(x,0) is 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-87
SLIDE 87

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

Provable with DI≥,∧,∨

R

⊢ 5 ≥ 0∧ y2 ≥ 0

[:=]

⊢ [x′:=5][y′:=y2](x′≥0∧y′≥0)

dI x≥0∧y≥0 ⊢ [x′ = 5,y′ = y2](x≥0∧y≥0)

Unprovable with DI≥ p(x,y)≥0 ↔ x≥0∧y≥0 impossible since this implies p(x,0)≥0 ↔ x≥0 so p(x,0) is 0 Substantial remaining parts of the proof shown elsewhere [2].

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-88
SLIDE 88

Differential Invariant Atoms

Theorem (Atomic incompleteness)

Atomic inequalities not enough:

DI≥ < DI≥,∧,∨ and DI> < DI>,∧,∨ Proof idea.

Provable with DI≥,∧,∨

R

⊢ 5 ≥ 0∧ y2 ≥ 0

[:=]

⊢ [x′:=5][y′:=y2](x′≥0∧y′≥0)

dI x≥0∧y≥0 ⊢ [x′ = 5,y′ = y2](x≥0∧y≥0)

Unprovable with DI≥ p(x,y)≥0 ↔ x≥0∧y≥0 impossible since this implies p(x,0)≥0 ↔ x≥0 so p(x,0) is 0 Substantial remaining parts of the proof shown elsewhere [2]. dC still possible here but more involved argument separates.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-89
SLIDE 89

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 16 / 23

slide-90
SLIDE 90

Deductive Power of Differential Cuts & Differential Ghosts

Theorem (Gentzen’s Cut Elimination) (1935)

A ⊢ B ∨ C A∧ C ⊢ B A ⊢ B cut can be eliminated

Theorem (No Differential Cut Elimination) (LMCS 2012)

Deductive power with differential cuts exceeds deductive power without.

DI + DC > DI Theorem (Auxiliary Differential Variables) (LMCS 2012)

Deductive power with differential ghosts exceeds power without.

DI + DC+ DG > DI + DC

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 17 / 23

slide-91
SLIDE 91

Ex: The Need for Differential Cuts

dI x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

slide-92
SLIDE 92

Ex: The Need for Differential Cuts

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

slide-93
SLIDE 93

Ex: The Need for Differential Cuts

⊢ 3x2((x − 2)4 + y5) ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

slide-94
SLIDE 94

Ex: The Need for Differential Cuts

not valid

⊢ 3x2((x − 2)4 + y5) ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

slide-95
SLIDE 95

Ex: The Need for Differential Cuts

not valid

⊢ 3x2((x − 2)4 + y5) ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

Have to know something about y5

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 18 / 23

slide-96
SLIDE 96

Ex: Differential Cuts

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-97
SLIDE 97

Ex: Differential Cuts

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1 dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-98
SLIDE 98

Ex: Differential Cuts

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-99
SLIDE 99

Ex: Differential Cuts

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-100
SLIDE 100

Ex: Differential Cuts

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-101
SLIDE 101

Ex: Differential Cuts

dI

x3 ≥ −1 ⊢ [x′ = (x − 2)4 + y5,y′ = y2 &y5 ≥ 0]x3 ≥ −1 ⊲

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-102
SLIDE 102

Ex: Differential Cuts

[:=]

y5 ≥ 0 ⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI

x3 ≥ −1 ⊢ [x′ = (x − 2)4 + y5,y′ = y2 &y5 ≥ 0]x3 ≥ −1 ⊲

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-103
SLIDE 103

Ex: Differential Cuts

R

y5 ≥ 0 ⊢ 3x2((x − 2)4 + y5) ≥ 0

[:=]

y5 ≥ 0 ⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI

x3 ≥ −1 ⊢ [x′ = (x − 2)4 + y5,y′ = y2 &y5 ≥ 0]x3 ≥ −1 ⊲

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-104
SLIDE 104

Ex: Differential Cuts

R

y5 ≥ 0 ⊢ 3x2((x − 2)4 + y5) ≥ 0

[:=]

y5 ≥ 0 ⊢ [x′:=(x − 2)4 + y5][y′:=y2]3x2x′ ≥ 0

dI

x3 ≥ −1 ⊢ [x′ = (x − 2)4 + y5,y′ = y2 &y5 ≥ 0]x3 ≥ −1 ⊲

dC x3 ≥ −1∧ y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]x3 ≥ −1

R

⊢ 5y4y2 ≥ 0

[:=]

⊢ [x′:=(x − 2)4 + y5][y′:=y2]5y4y′ ≥ 0

dI y5 ≥ 0 ⊢ [x′ = (x − 2)4 + y5,y′ = y2]y5 ≥ 0

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-105
SLIDE 105

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 19 / 23

slide-106
SLIDE 106

Arithmetic Equivalences of Differential Invariants

Lemma (Differential invariants and propositional logic)

If F ↔ G is real-arithmetic equivalence then F differential invariant of x′ = f(x)&Q iff G differential invariant of x′ = f(x)&Q

Proof.

not valid

⊢ 0 ≤ −x ∧−x ≤ 0

[:=]

⊢ [x′:=−x](0≤x′∧x′≤0)

dI −5≤x∧x≤5 ⊢ [x′ = −x](−5≤x∧x≤5)

R

⊢ −x2x≤0

[:=]

⊢ [x′:=−x]2xx′≤0

dI x2≤52 ⊢ [x′ = −x]x2≤52

Despite arithmetic equivalence −5≤x∧x≤5 ↔ x2≤52 Differential structure matters! Higher degree helps here

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 20 / 23

slide-107
SLIDE 107

Curves Playing with Norms and Degrees

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-108
SLIDE 108

Curves Playing with Norms and Degrees

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-109
SLIDE 109

Curves Playing with Norms and Degrees

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-110
SLIDE 110

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-111
SLIDE 111

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-112
SLIDE 112

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-113
SLIDE 113

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)2 ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-114
SLIDE 114

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](2xx′ + 2yy′ ≤ 2tt′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)2 ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-115
SLIDE 115

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t v2+w2≤1 ⊢ 2xv + 2yw ≤ 2t1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](2xx′ + 2yy′ ≤ 2tt′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)2 ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-116
SLIDE 116

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t not valid v2+w2≤1 ⊢ 2xv + 2yw ≤ 2t1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](2xx′ + 2yy′ ≤ 2tt′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)2 ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-117
SLIDE 117

Curves Playing with Norms and Degrees

R v2+w2≤1 ⊢ −1 ≤ v ≤ 1∧−1 ≤ w ≤ 1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](−t′≤x′≤t′∧−t′≤y′≤t′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)∞ ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)∞ ≤ t

Lower degree helps here

not valid v2+w2≤1 ⊢ 2xv + 2yw ≤ 2t1

[:=]v2+w2≤1 ⊢ [x′:=v][y′:=w][v′:=ωw][w′:=−ωv][t′:=1](2xx′ + 2yy′ ≤ 2tt′)

dI ⊳

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1&v2+w2≤1](x,y)2 ≤ t

dC

A ⊢ [x′ = v,y′ = w,v′ = ωw,w′ = −ωv,t′ = 1](x,y)2 ≤ t A

def

≡ v2+w2≤1∧ x=y=t=0 (x,y)∞ ≤ t

def

≡ −t ≤ x ≤ t ∧−t ≤ y ≤ t

Supremum norm

(x,y)2 ≤ t

def

≡ x2 + y2 ≤ t2

Euclidean norm

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 21 / 23

slide-118
SLIDE 118

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-119
SLIDE 119

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

·2 ≤ 1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-120
SLIDE 120

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

·2 ≤ 1 ·∞ ≤ 1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-121
SLIDE 121

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

·∞ ≤

1

2

·2 ≤ 1 ·∞ ≤ 1

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-122
SLIDE 122

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

·∞ ≤

1

2

·2 ≤ 1 ·∞ ≤ 1 ·2 ≤ √

2

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-123
SLIDE 123

Interreducing Norms in Dimension n

∀x ∀y ((x,y)∞ ≤ (x,y)2 ≤ √

n(x,y)∞)

∀x ∀y ( 1 √

n(x,y)2 ≤ (x,y)∞ ≤ (x,y)2)

·∞ ≤

1

2

·2 ≤ 1 ·∞ ≤ 1 ·2 ≤ √

2 Benefit from norm relations but be mindful of approximation error factors

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-124
SLIDE 124

Outline

1

Learning Objectives

2

Recap: Proofs for Differential Equations

3

Differential Equation Proof Theory Propositional Equivalences Differential Invariants & Arithmetic Differential Structure Differential Invariant Equations Equational Incompleteness Strict Differential Invariant Inequalities Differential Invariant Equations to Differential Invariant Inequalities Differential Invariant Atoms

4

Differential Cut Power & Differential Ghost Power

5

Curves Playing with Norms and Degrees

6

Summary

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 22 / 23

slide-125
SLIDE 125

Summary: Differential Invariance Chart

Theorem (Differential Invariance Chart) DI= DI=,∧,∨ DI> DI>,∧,∨ DI≥ DI≥,∧,∨ DI DI≥,=,∧,∨ DI>,=,∧,∨

Rich theory and structure behind differential invariants Scrutinize what property can be proved with what invariant Use provability sanity checks like open/closed/univariate Real differential semialgebraic geometry Exploit differential cuts to obtain more knowledge

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 23 / 23

slide-126
SLIDE 126

André Platzer. Logical Foundations of Cyber-Physical Systems. Springer, Switzerland, 2018. URL: http://www.springer.com/978-3-319-63587-3,

doi:10.1007/978-3-319-63588-0.

André Platzer. The structure of differential invariants and differential cut elimination.

  • Log. Meth. Comput. Sci., 8(4:16):1–38, 2012.

doi:10.2168/LMCS-8(4:16)2012.

André Platzer. Foundations of cyber-physical systems. Lecture Notes 15-424/624/824, Carnegie Mellon University, 2017. URL: http://lfcps.org/course/fcps17.html. André Platzer. A complete uniform substitution calculus for differential dynamic logic.

  • J. Autom. Reas., 59(2):219–265, 2017.

doi:10.1007/s10817-016-9385-1.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 23 / 23

slide-127
SLIDE 127

André Platzer. A differential operator approach to equational differential invariants. In Lennart Beringer and Amy Felty, editors, ITP, volume 7406 of LNCS, pages 28–48, Berlin, 2012. Springer.

doi:10.1007/978-3-642-32347-8_3.

André Platzer. Differential-algebraic dynamic logic for differential-algebraic programs.

  • J. Log. Comput., 20(1):309–352, 2010.

doi:10.1093/logcom/exn070.

André Platzer (CMU) LFCPS/13: Differential Invariants & Proof Theory LFCPS/13 23 / 23