Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Quantified Differential Dynamic Logicfor
Distributed Hybrid Systems
Andre Platzer
Carnegie Mellon University, Pittsburgh, PA
0.20.4
0.60.8
1.00.1
0.2
0.3
0.4
0.5
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 1 / 16
Outline
1 Motivation
2 Quantified Differential Dynamic Logic QdLDesignSyntaxSemantics
3 Proof Calculus for Distributed Hybrid SystemsCompositional Verification CalculusDeduction Modulo with Free Variables & SkolemizationActual Existence and CreationSoundness and Completeness
4 Conclusions
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 1 / 16
Complex Physical Systems:
Hybrid Systems
Q: I want to verify my car
A: Hybrid systems Q: But there’s a lot of cars!
Challenge
(Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 2 / 16
Complex Physical Systems: Hybrid Systems
Q: I want to verify my car A: Hybrid systems
Q: But there’s a lot of cars!
Challenge (Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
1 2 3 4t
-2
-1
1
2a
1 2 3 4t
0.5
1.0
1.5
2.0
2.5
3.0v
1 2 3 4t
1
2
3
4
5
6z
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 2 / 16
Complex Physical Systems: Hybrid Systems
Q: I want to verify my car A: Hybrid systems Q: But there’s a lot of cars!
Challenge (Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
1 2 3 4t
-2
-1
1
2a
1 2 3 4t
0.5
1.0
1.5
2.0
2.5
3.0v
1 2 3 4t
1
2
3
4
5
6z
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 2 / 16
Complex Physical Systems:
Distributed Systems
Q: I want to verify a lot of cars
A: Distributed systems Q: But they move!
Challenge
(Distributed Systems)
Local computation(finite state automaton)
Remote communication(network graph)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 3 / 16
Complex Physical Systems: Distributed Systems
Q: I want to verify a lot of cars A: Distributed systems
Q: But they move!
Challenge (Distributed Systems)
Local computation(finite state automaton)
Remote communication(network graph)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 3 / 16
Complex Physical Systems: Distributed Systems
Q: I want to verify a lot of cars A: Distributed systems Q: But they move!
Challenge (Distributed Systems)
Local computation(finite state automaton)
Remote communication(network graph)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 3 / 16
Complex Physical Systems:
Distributed Hybrid Systems
Q: I want to verify lots of moving cars
A: Distributed hybrid systems Q: How?
Challenge
(Distributed Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Structural dynamics(remote communication)
Dimensional dynamics(appearance)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 4 / 16
Complex Physical Systems: Distributed Hybrid Systems
Q: I want to verify lots of moving cars A: Distributed hybrid systems
Q: How?
Challenge (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Structural dynamics(remote communication)
Dimensional dynamics(appearance)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 4 / 16
Complex Physical Systems: Distributed Hybrid Systems
Q: I want to verify lots of moving cars A: Distributed hybrid systems
Q: How?
Challenge (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Structural dynamics(remote communication)
Dimensional dynamics(appearance)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 4 / 16
Complex Physical Systems: Distributed Hybrid Systems
Q: I want to verify lots of moving cars A: Distributed hybrid systems Q: How?
Challenge (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Structural dynamics(remote communication)
Dimensional dynamics(appearance)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 4 / 16
State of the Art:
Modeling and Simulation
No formal verification of distributed hybrid systems
Shift [DGV96] The Hybrid SystemSimulation ProgrammingLanguage
R-Charon [KSPL06] ModelingLanguage for ReconfigurableHybrid Systems
Hybrid CSP [CJR95] Semantics inExtended Duration Calculus
HyPA [CR05] Translate fragmentinto normal form.
χ process algebra [vBMR+06]Simulation, translation offragments to PHAVER, UPPAAL
Φ-calculus [Rou04] Semantics in richset theory
ACPsrths [BM05] Modeling languageproposal
OBSHS [MS06] Partial randomsimulation of objects
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 5 / 16
State of the Art: Modeling and Simulation
No formal verification of distributed hybrid systems
Shift [DGV96] The Hybrid SystemSimulation ProgrammingLanguage
R-Charon [KSPL06] ModelingLanguage for ReconfigurableHybrid Systems
Hybrid CSP [CJR95] Semantics inExtended Duration Calculus
HyPA [CR05] Translate fragmentinto normal form.
χ process algebra [vBMR+06]Simulation, translation offragments to PHAVER, UPPAAL
Φ-calculus [Rou04] Semantics in richset theory
ACPsrths [BM05] Modeling languageproposal
OBSHS [MS06] Partial randomsimulation of objects
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 5 / 16
State of the Art: Modeling and Simulation
No formal verification of distributed hybrid systems
Shift [DGV96] The Hybrid SystemSimulation ProgrammingLanguage
R-Charon [KSPL06] ModelingLanguage for ReconfigurableHybrid Systems
Hybrid CSP [CJR95] Semantics inExtended Duration Calculus
HyPA [CR05] Translate fragmentinto normal form.
χ process algebra [vBMR+06]Simulation, translation offragments to PHAVER, UPPAAL
Φ-calculus [Rou04] Semantics in richset theory
ACPsrths [BM05] Modeling languageproposal
OBSHS [MS06] Partial randomsimulation of objects
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 5 / 16
Contributions
1 System model and semantics for distributed hybrid systems: QHP
2 Specification and verification logic: QdL3 Proof calculus for QdL4 First verification approach for distributed hybrid systems
5 Sound and complete axiomatization relative to differential equations
6 Prove collision freedom in a (simple) distributed car control system,where new cars may appear dynamically on the road
7 Logical foundation for analysis of distributed hybrid systems
8 Fundamental extension: first-order x(i) versus primitive x
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 6 / 16
Outline
1 Motivation
2 Quantified Differential Dynamic Logic QdLDesignSyntaxSemantics
3 Proof Calculus for Distributed Hybrid SystemsCompositional Verification CalculusDeduction Modulo with Free Variables & SkolemizationActual Existence and CreationSoundness and Completeness
4 Conclusions
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 6 / 16
Outline (Conceptual Approach)
1 Motivation
2 Quantified Differential Dynamic Logic QdLDesignSyntaxSemantics
3 Proof Calculus for Distributed Hybrid SystemsCompositional Verification CalculusDeduction Modulo with Free Variables & SkolemizationActual Existence and CreationSoundness and Completeness
4 Conclusions
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 6 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
Discrete dynamics(control decisions)
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
x ′′ = a
Discrete dynamics(control decisions)
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
x ′′ = a
Discrete dynamics(control decisions)
a := if .. thenA else−b
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
x ′′ = a
Discrete dynamics(control decisions)
a := if .. thenA else−b
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
x ′′ = a
Discrete dynamics(control decisions)
a := if .. thenA else−b
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
(4) (4) (3) (3) (2) (2) (1) (1)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)
∀i
x(i)′′ = a(i)
Discrete dynamics(control decisions)
∀i
a(i) := if .. thenA else−b
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
(4) (4) (3) (3) (2) (2) (1) (1)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)∀i x(i)′′ = a(i)
Discrete dynamics(control decisions)
∀i a(i) := if .. thenA else−b
Structural dynamics(communication/coupling)
Dimensional dynamics(appearance)
n := newCar
(4) (4) (3) (3) (2) (2) (1) (1)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems
A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)∀i x(i)′′ = a(i)
Discrete dynamics(control decisions)
∀i a(i) := if .. thenA else−b
Structural dynamics(communication/coupling)
`(i) := carInFrontOf(i)
Dimensional dynamics(appearance)
n := newCar
(4) (4) (3) (3) (2) (2) (1) (1)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)∀i x(i)′′ = a(i)
Discrete dynamics(control decisions)
∀i a(i) := if .. thenA else−b
Structural dynamics(communication/coupling)
`(i) := carInFrontOf(i)
Dimensional dynamics(appearance)
n := newCar
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Model for Distributed Hybrid Systems
Q: How to model distributed hybrid systems A: Quantified Hybrid Programs
Model (Distributed Hybrid Systems)
Continuous dynamics(differential equations)∀i x(i)′′ = a(i)
Discrete dynamics(control decisions)
∀i a(i) := if .. thenA else−b
Structural dynamics(communication/coupling)
`(i) := carInFrontOf(i)
Dimensional dynamics(appearance)
n := newCarAndre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 7 / 16
Quantified Differential Dynamic Logic QdL: Syntax
Definition (Quantified hybrid program α)
∀i : C x(s)′ = θ (quantified ODE)∀i : C x(s) := θ (quantified assignment)
}jump & test?χ (conditional execution)
α;β (seq. composition) }Kleene algebraα ∪ β (nondet. choice)
α∗ (nondet. repetition)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 8 / 16
Quantified Differential Dynamic Logic QdL: Syntax
Definition (Quantified hybrid program α)
∀i : C x(s)′ = θ (quantified ODE)∀i : C x(s) := θ (quantified assignment)
}jump & test?χ (conditional execution)
α;β (seq. composition) }Kleene algebraα ∪ β (nondet. choice)
α∗ (nondet. repetition)
DCCS ≡ (ctrl ; drive)∗
appear ≡ n := newC ; ?(∀j : C far(j , n))
ctrl ≡ ∀i : C a(i) := if∀j : C far(i , j) thenA else−b
drive ≡ ∀i : C x(i)′′ = a(i)
newC is definable!
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 8 / 16
Quantified Differential Dynamic Logic QdL: Syntax
Definition (Quantified hybrid program α)
∀i : C x(s)′ = θ (quantified ODE)∀i : C x(s) := θ (quantified assignment)
}jump & test?χ (conditional execution)
α;β (seq. composition) }Kleene algebraα ∪ β (nondet. choice)
α∗ (nondet. repetition)
DCCS ≡ (appear ; ctrl ; drive)∗
appear ≡ n := newC ; ?(∀j : C far(j , n))
ctrl ≡ ∀i : C a(i) := if∀j : C far(i , j) thenA else−b
drive ≡ ∀i : C x(i)′′ = a(i)
newC is definable!
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 8 / 16
Quantified Differential Dynamic Logic QdL: Syntax
Definition (Quantified hybrid program α)
∀i : C x(s)′ = θ (quantified ODE)∀i : C x(s) := θ (quantified assignment)
}jump & test?χ (conditional execution)
α;β (seq. composition) }Kleene algebraα ∪ β (nondet. choice)
α∗ (nondet. repetition)
DCCS ≡ (appear ; ctrl ; drive)∗
appear ≡ n := newC ; ?(∀j : C far(j , n))
ctrl ≡ ∀i : C a(i) := if∀j : C far(i , j) thenA else−b
drive ≡ ∀i : C x(i)′′ = a(i)
newC is definable!
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 8 / 16
Quantified Differential Dynamic Logic QdL: Syntax
Definition (QdL Formula φ)
¬,∧,∨,→, ∀x ,∃x , =,≤, +, · (R-first-order part)[α]φ, 〈α〉φ (dynamic part)
∀i , j : C far(i , j)→ [(appear ; ctrl ; drive)∗] ∀i 6=j : C x(i) 6= x(j)
far(i , j) ≡ i 6= j → x(i) < x(j) ∧ v(i) ≤ v(j) ∧ a(i) ≤ a(j)
∨ x(i) > x(j) ∧ v(i) ≥ v(j) ∧ a(i) ≥ a(j) . . .
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 8 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v w∀i : C x(s) := θ
Details
t
x
0
v
wif w(x)(v e
i [[s]]) = v ei [[θ]] (for all e)
and otherwise unchanged
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v w∀i : C x(s)′ = θ
∧ χ
Details
t
x
χ
w
v
ϕ(t)
∀i x(s)′ = θ
dϕ(t)ei [[x(s)]]
dt(ζ) = ϕ(ζ)ei [[θ]] (for all e)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v s w
α;β
α β
Details
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v s w
α;β
α β
Details
t
x
s
v w
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v s w
α;β
α β
Details
t
x
s
v w
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v s1 s2 sn w
α∗
α α α
Details
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v s1 s2 sn w
α∗
α α α
Details
t
xv
w
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v
w1
w2
α
β
α ∪ β
Details
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v
w1
w2
α
β
α ∪ β
Details
t
xv w1
w2
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v
?χ
if v |= χ
if v 6|= χ
Details
t
x
0
v no change if v |= χotherwise no transition
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (Quantified hybrid program α: transition semantics)
v
?χ
if v |= χ
if v 6|= χ
Details
t
x
0
v no change if v |= χotherwise no transition
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 9 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v[α]φ
φ
φ
φ
α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v〈α〉φ
φ
α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Quantified Differential Dynamic Logic QdL: Semantics
Definition (QdL Formula φ)
v α-span
[α]φ
〈β〉φ
β-span
〈β〉[α
]-sp
an
Details
compositional semantics ⇒ compositional calculus!
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Outline (Verification Approach)
1 Motivation
2 Quantified Differential Dynamic Logic QdLDesignSyntaxSemantics
3 Proof Calculus for Distributed Hybrid SystemsCompositional Verification CalculusDeduction Modulo with Free Variables & SkolemizationActual Existence and CreationSoundness and Completeness
4 Conclusions
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 10 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = u then∀i (s = u → φ(θ)) elseφ(x(u))
φ([∀i x(s) := θ︸ ︷︷ ︸]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = u then∀i (s = u → φ(θ)) elseφ(x(u))
φ([∀i x(s) := θ︸ ︷︷ ︸]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = u then∀i (s = u → φ(θ)) elseφ(x(u))
φ([∀i x(s) := θ︸ ︷︷ ︸]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = u then∀i (s = u → φ(θ)) elseφ(x(u))
φ([∀i x(s) := θ︸ ︷︷ ︸]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = [A]u then∀i (s = [A]u → φ(θ)) elseφ(x([A]u))
φ([∀i x(s) := θ︸ ︷︷ ︸A
]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = [A]u then∀i (s = [A]u → φ(θ)) elseφ(x([A]u))
φ([∀i x(s) := θ︸ ︷︷ ︸A
]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ
∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
if ∃i s = [A]u then∀i (s = [A]u → φ(θ)) elseφ(x([A]u))
φ([∀i x(s) := θ︸ ︷︷ ︸A
]x(u))
v w∀i x(s) := θ
φ
∃t≥0 〈∀i S(t)〉φ〈∀i x(s)′ = θ〉φ
v w∀i x(s)′ = θ
φ∀i S(t)
∃t≥0 (χ ∧ 〈x := yx(t)〉φ)
〈x ′ = f (x)〉φ
v wx ′ = f (x)
φ
x := yx(t)x := yx (s)
χ
χ ≡ ∀0≤s≤t 〈x := yx(s)〉χ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 11 / 16
Proof Calculus for Quantified Differential Dynamic Logic
compositional semantics ⇒ compositional rules!
[α]φ ∧ [β]φ
[α ∪ β]φv
w1
w2
αφ
βφ
α ∪ β
[α][β]φ
[α;β]φv s w
α;β
[α][β]φα
[β]φβ
φ
φ (φ→ [α]φ)
[α∗]φ v w
α∗
φ
α
φ→ [α]φ
α α
φ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 12 / 16
Proof Calculus for Quantified Differential Dynamic Logic
[α]φ ∧ [β]φ
[α ∪ β]φv
w1
w2
αφ
βφ
α ∪ β
[α][β]φ
[α;β]φv s w
α;β
[α][β]φα
[β]φβ
φ
φ (φ→ [α]φ)
[α∗]φ v w
α∗
φ
α
φ→ [α]φ
α α
φ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 12 / 16
Proof Calculus for Quantified Differential Dynamic Logic
[α]φ ∧ [β]φ
[α ∪ β]φv
w1
w2
αφ
βφ
α ∪ β
[α][β]φ
[α;β]φv s w
α;β
[α][β]φα
[β]φβ
φ
φ (φ→ [α]φ)
[α∗]φ v w
α∗
φ
α
φ→ [α]φ
α α
φ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 12 / 16
Proof Calculus for Quantified Differential Dynamic Logic
[α]φ ∧ [β]φ
[α ∪ β]φv
w1
w2
αφ
βφ
α ∪ β
[α][β]φ
[α;β]φv s w
α;β
[α][β]φα
[β]φβ
φ
φ (φ→ [α]φ)
[α∗]φ v w
α∗
φ
α
φ→ [α]φ
α α
φ
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 12 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k
QE
∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k QE∀s≥0(−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀i 6=j x(i)6=x(j) →∀j 6=k (x(j)≤x(k)∧v(j)≤v(k) ∨ x(j)≥x(k)∧v(j)≥v(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀X ,Y ,V ,W (X 6=Y → X≤Y∧V≤W ∨ X≥Y∧V≥W )
∀i 6=j x(i)6=x(j) →∀j 6=k (x(j)≤x(k)∧v(j)≤v(k) ∨ x(j)≥x(k)∧v(j)≥v(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Deduction Modulo with Free Variables & Skolemization
∀X ,Y ,V ,W (X 6=Y → X≤Y∧V≤W ∨ X≥Y∧V≥W )
∀i 6=j x(i)6=x(j) →∀j 6=k (x(j)≤x(k)∧v(j)≤v(k) ∨ x(j)≥x(k)∧v(j)≥v(k))
∀i 6=j x(i)6=x(j),s≥0 →∀j 6=k (−b2 s2 + v(j)s + x(j) 6= −b
2 s2 + v(k)s + x(k))
∀i 6=j x(i)6=x(j),s≥0 →[∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j) 6=x(k)
∀i 6=j x(i)6=x(j) →s≥0→ [∀i x(i) :=−b2 s2 + v(i)s + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →∀t≥0 [∀i x(i) :=−b2 t2 + v(i)t + x(i)]∀j 6=k x(j)6=x(k)
∀i 6=j x(i)6=x(j) →[∀i x(i)′ = v(i), v(i)′ = −b] ∀j 6=k x(j) 6=x(k)
∀i 6=j x(i) 6=x(j)→ [∀i x(i)′′ = −b]∀j 6=k x(j)6=x(k)
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 13 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j);
?(
∃
(n) = 0);
∃
(n) := 1
]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j);
?(
∃
(n) = 0);
∃
(n) := 1
]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j);
?(
∃
(n) = 0);
∃
(n) := 1
]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j); ?(
∃
(n) = 0);
∃
(n) := 1
]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j); ?(
∃
(n) = 0);
∃
(n) := 1]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ
( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Actual Existence and Creation
Actual Existence Function
∃
(·)
∃
(i) =
{0 if i denotes a possible object
1 if i denotes an actively existing objects
[(∀j : C n := j); ?(
∃
(n) = 0);
∃
(n) := 1]φ
[n := newC ]φ
∀i : C ! φ ≡ ∀i : C (
∃
(i) = 1→ φ)
∀i : C ! f (s) := θ ≡ ∀i : C f (s) := (if
∃
(i) = 1 then θ else f (s))
∀i : C ! f (s)′ = θ ≡ ∀i : C f (s)′ =
∃
(i)θ ( ) ( )
(2) (2) (1) (1) (3) (3) (4) (4)
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 14 / 16
Soundness and Completeness
Theorem (Relative Completeness)
QdL calculus is a sound & complete axiomatisation of distributed hybridsystems relative to quantified differential equations. Proof 16p.
Corollary (Proof-theoretical Alignment)
proving distributed hybrid systems = proving dynamical systems!
Corollary (Yes, we can!)
distributed hybrid systems can be verified by recursive decomposition
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 15 / 16
Soundness and Completeness
Theorem (Relative Completeness)
QdL calculus is a sound & complete axiomatisation of distributed hybridsystems relative to quantified differential equations. Proof 16p.
Corollary (Proof-theoretical Alignment)
proving distributed hybrid systems = proving dynamical systems!
Corollary (Yes, we can!)
distributed hybrid systems can be verified by recursive decomposition
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 15 / 16
Soundness and Completeness
Theorem (Relative Completeness)
QdL calculus is a sound & complete axiomatisation of distributed hybridsystems relative to quantified differential equations. Proof 16p.
Corollary (Proof-theoretical Alignment)
proving distributed hybrid systems = proving dynamical systems!
Corollary (Yes, we can!)
distributed hybrid systems can be verified by recursive decomposition
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 15 / 16
Outline
1 Motivation
2 Quantified Differential Dynamic Logic QdLDesignSyntaxSemantics
3 Proof Calculus for Distributed Hybrid SystemsCompositional Verification CalculusDeduction Modulo with Free Variables & SkolemizationActual Existence and CreationSoundness and Completeness
4 Conclusions
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 15 / 16
Conclusions
quantified differential dynamic logic
QdL = FOL + DL + QHP[α]φ φ
α
Distributed hybrid systems everywhere
System model and semantics
Logic for distributed hybrid systems
Compositional proof calculus
First verification approach
Sound & complete / diff. eqn.
Simple distributed car control verified
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 16 / 16
Conclusions
quantified differential dynamic logic
QdL = FOL + DL + QHP[α]φ φ
α
Distributed hybrid systems everywhere
System model and semantics
Logic for distributed hybrid systems
Compositional proof calculus
First verification approach
Sound & complete / diff. eqn.
Simple distributed car control verified
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 16 / 16
Jan A. Bergstra and C. A. Middelburg.Process algebra for hybrid systems.Theor. Comput. Sci., 335(2-3):215–280, 2005.
Zhou Chaochen, Wang Ji, and Anders P. Ravn.A formal description of hybrid systems.In Rajeev Alur, Thomas A. Henzinger, and Eduardo D. Sontag,editors, Hybrid Systems, volume 1066 of LNCS, pages 511–530.Springer, 1995.
Pieter J. L. Cuijpers and Michel A. Reniers.Hybrid process algebra.J. Log. Algebr. Program., 62(2):191–245, 2005.
Akash Deshpande, Aleks Gollu, and Pravin Varaiya.SHIFT: A formalism and a programming language for dynamicnetworks of hybrid automata.In Panos J. Antsaklis, Wolf Kohn, Anil Nerode, and Shankar Sastry,editors, Hybrid Systems, volume 1273 of LNCS, pages 113–133.Springer, 1996.
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 16 / A
Joao P. Hespanha and Ashish Tiwari, editors.Hybrid Systems: Computation and Control, 9th InternationalWorkshop, HSCC 2006, Santa Barbara, CA, USA, March 29-31, 2006,Proceedings, volume 3927 of LNCS. Springer, 2006.
Fabian Kratz, Oleg Sokolsky, George J. Pappas, and Insup Lee.R-Charon, a modeling language for reconfigurable hybrid systems.In Hespanha and Tiwari [HT06], pages 392–406.
Jose Meseguer and Raman Sharykin.Specification and analysis of distributed object-based stochastic hybridsystems.In Hespanha and Tiwari [HT06], pages 460–475.
Andre Platzer.Quantified differential dynamic logic for distributed hybrid systems.In Anuj Dawar and Helmut Veith, editors, CSL, volume 6247 of LNCS,pages 469–483. Springer, 2010.
Andre Platzer.
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 16 / A
A complete axiomatization of quantified differential dynamic logic fordistributed hybrid systems.Logical Methods in Computer Science, 2012.Special issue for selected papers from CSL’10.
William C. Rounds.A spatial logic for the hybrid π-calculus.In Rajeev Alur and George J. Pappas, editors, HSCC, volume 2993 ofLNCS, pages 508–522. Springer, 2004.
D. A. van Beek, Ka L. Man, Michel A. Reniers, J. E. Rooda, andRamon R. H. Schiffelers.Syntax and consistent equation semantics of hybrid Chi.J. Log. Algebr. Program., 68(1-2):129–210, 2006.
Andre Platzer (CMU) Quantified Differential Dynamic Logic for Distributed Hybrid Systems CSL’10 16 / A