A logic of proofs for differential dynamic logic: toward independently checkable proof certificates for dynamic logics

Differential dynamic logic is a logic for specifying and verifying safety, liveness, and other properties about models of cyber-physical systems. Theorem provers based on differential dynamic logic have been used to verify safety properties for models of self-driving cars and collision avoidance protocols for aircraft. Unfortunately, these theorem provers do not have explicit proof terms, which makes the implementation of a number of important features unnecessarily complicated without soundness-critical and extra-logical extensions to the theorem prover. Examples include: an unambiguous separation between proof checking and proof search, the ability to extract program traces corresponding to counter-examples, and synthesis of surely-live deterministic programs from liveness proofs for nondeterministic programs. This paper presents a differential dynamic logic with such an explicit representation of proofs. The resulting logic extends both the syntax and semantics of differential dynamic logic with proof terms -- syntactic representations of logical deductions. To support axiomatic theorem proving, the logic allows equivalence rewriting deep within formulas and supports both uniform renaming and uniform substitutions.

[1]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[2]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[3]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[4]  Nicola Olivetti,et al.  Nested Sequent Calculi for Conditional Logics , 2012, JELIA.

[5]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[6]  Sergei N. Artemovy Operational Modal Logic , 1995 .

[7]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[8]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[9]  S. Shelah,et al.  Annals of Pure and Applied Logic , 1991 .

[10]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[11]  Melvin Fitting,et al.  The logic of proofs, semantically , 2005, Ann. Pure Appl. Log..

[12]  I. Antipolis,et al.  Programming and certifying the CAD algorithm inside the Coq system , 2006 .

[13]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[14]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[15]  V. Svejdar On provability logic , 1999 .

[16]  John Harrison,et al.  HOL Light: A Tutorial Introduction , 1996, FMCAD.

[17]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[18]  Bruno Woltzenlogel Paleo,et al.  Contextual Natural Deduction , 2013, LFCS.

[19]  Jeremy Avigad,et al.  The Lean Theorem Prover (System Description) , 2015, CADE.

[20]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[21]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[22]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[23]  Karl Crary,et al.  Towards a mechanized metatheory of standard ML , 2007, POPL '07.

[24]  Brigitte Pientka,et al.  Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) , 2010, IJCAR.

[25]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[26]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[27]  André Platzer,et al.  Differential Dynamic Logic for Verifying Parametric Hybrid Systems , 2007, TABLEAUX.

[28]  André Platzer,et al.  Real World Verification , 2009, CADE.

[29]  Jean-Baptiste Jeannin,et al.  A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System , 2015, TACAS.

[30]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[31]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.