Formally verified differential dynamic logic

We formalize the soundness theorem for differential dynamic logic, a logic for verifying hybrid systems. To increase confidence in the formalization, we present two versions: one in Isabelle/HOL and one in Coq. We extend the metatheory to include features used in practice, such as systems of differential equations and functions of multiple arguments. We demonstrate the viability of constructing a verified kernel for the hybrid systems theorem prover KeYmaera X by embedding proof checkers for differential dynamic logic in Coq and Isabelle. We discuss how different provers and libraries influence the design of the formalization.

[1]  Guillaume Melquiond,et al.  Coquelicot: A User-Friendly Library of Real Analysis for Coq , 2015, Math. Comput. Sci..

[2]  Ross A. Knepper,et al.  ROSCoq: Robots Powered by Constructive Reals , 2015, ITP.

[3]  Magnus O. Myreen,et al.  The Reflective Milawa Theorem Prover is Sound (Down to the Machine Code that Runs it) , 2015, Journal of Automated Reasoning.

[4]  Mark Bickford,et al.  Innovations in computational type theory using Nuprl , 2006, J. Appl. Log..

[5]  Ramana Kumar,et al.  Steps towards Verified Implementations of HOL Light , 2013, ITP.

[6]  Andrew M. Pitts,et al.  A First Order Theory of Names and Binding , 2001 .

[7]  Mark Bickford,et al.  A nominal exploration of intuitionism , 2016, CPP.

[8]  Chung-Kil Hur Heq: a Coq library for Heterogeneous Equality , 2009 .

[9]  Nathan Fulton,et al.  A logic of proofs for differential dynamic logic: toward independently checkable proof certificates for dynamic logics , 2016, CPP.

[10]  David A. Basin,et al.  Some Normalization Properties of Martin-Löf's Type Theory, and Applications , 1991, TACS.

[11]  Rance Cleaveland,et al.  Implementing mathematics with the Nuprl proof development system , 1986 .

[12]  Alonzo Church,et al.  Introduction to Mathematical Logic , 1991 .

[13]  Amy P. Felty,et al.  Automated Deduction - CADE-25 , 2015, Lecture Notes in Computer Science.

[14]  André Platzer,et al.  Real World Verification , 2009, CADE.

[15]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[16]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[17]  Fabian Immler,et al.  Verified Reachability Analysis of Continuous Systems , 2015, TACAS.

[18]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[19]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[20]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[21]  Fabian Immler,et al.  The Flow of ODEs , 2016, ITP.

[22]  Magnus O. Myreen,et al.  Self-Formalisation of Higher-Order Logic , 2016, Journal of Automated Reasoning.

[23]  Erika Ábrahám,et al.  Verification of hybrid systems: formalization and proof rules in PVS , 2001, Proceedings Seventh IEEE International Conference on Engineering of Complex Computer Systems.

[24]  Leslie Lamport,et al.  Hybrid Systems in TLA+ , 1992, Hybrid Systems.

[25]  Norbert Völker Towards a HOL Framework for the Deductive Analysis of Hybrid Control Systems , 2000 .

[26]  Cezary Kaliszyk,et al.  Computing with Classical Real Numbers , 2009, J. Formaliz. Reason..

[27]  Ramana Kumar,et al.  CakeML: a verified implementation of ML , 2014, POPL.

[28]  Sayan Mitra,et al.  StarL: Towards a Unified Framework for Programming, Simulating and Verifying Distributed Robotic Systems , 2015, LCTES.

[29]  Benjamin WernerINRIA-Rocquencourt Coq in Coq , 1997 .

[30]  Jean-Baptiste Jeannin,et al.  A formally verified hybrid system for safe advisories in the next-generation airborne collision avoidance system , 2016, International Journal on Software Tools for Technology Transfer.

[31]  Abhishek Anand,et al.  Towards a Formally Verified Proof Assistant , 2014, ITP.

[32]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[33]  Sorin Lerner,et al.  Towards verification of hybrid systems in a foundational proof assistant , 2015, 2015 ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMOCODE).

[34]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[35]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[36]  Bas Spitters,et al.  Type classes for efficient exact real arithmetic in Coq , 2011, Log. Methods Comput. Sci..

[37]  Johannes Hölzl,et al.  Type Classes and Filters for Mathematical Analysis in Isabelle/HOL , 2013, ITP.

[38]  Lawrence C. Paulson,et al.  Isabelle - A Generic Theorem Prover (with a contribution by T. Nipkow) , 1994, Lecture Notes in Computer Science.

[39]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[40]  John Harrison,et al.  Towards Self-verification of HOL Light , 2006, IJCAR.

[41]  Ramana Kumar,et al.  Self-Formalisation of Higher-Order Logic - Semantics, Soundness, and a Verified Implementation , 2016, J. Autom. Reason..