differential refinement logic - carnegie mellon …sloos/loosproposalslides.pdf1 sarah m. loos csd,...
TRANSCRIPT
![Page 1: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/1.jpg)
1
Sarah M. Loos
CSD, Carnegie Mellon University
Differential Refinement Logic Thesis Proposal
Thesis Committee: André Platzer (chair) Frank Pfenning Bruce Krogh George Pappas (UPenn) Dexter Kozen (Cornell)
![Page 2: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/2.jpg)
2
Challenge: Cyber-Physical Systems
![Page 3: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/3.jpg)
3
Verified Cyber-Physical Systems
[FM11]
![Page 4: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/4.jpg)
4
x!i"
x! j"
p x!k"
x!l"
x!m"
Verified Cyber-Physical Systems
[FM11, HSCC13]
![Page 5: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/5.jpg)
5
x!i"
x! j"
p x!k"
x!l"
x!m"
Verified Cyber-Physical Systems
[FM11, ITSC11, ICCPS12, HSCC13]
![Page 6: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/6.jpg)
6
We observed that if only we had direct proof support for relating systems, our proofs could be greatly simplified. In this thesis, we propose to develop proof support for directly comparing cyber-physical systems.
Verified Cyber-Physical Systems
![Page 7: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/7.jpg)
7
Proof support for relating two hybrid programs can help in four ways:
![Page 8: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/8.jpg)
8
Proof support for relating two hybrid programs can help in four ways:
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 9: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/9.jpg)
9
Proof support for relating two hybrid programs can help in four ways:
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 10: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/10.jpg)
10
Distributed Car Control
Sensor limits on actual cars are always local.
![Page 11: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/11.jpg)
11
Sometimes a maneuver may look safe locally… Sensor limits on actual cars are always local.
Distributed Car Control
![Page 12: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/12.jpg)
12
!
But is a terrible idea when implemented globally. Sometimes a maneuver may look safe locally… Sensor limits on actual cars are always local.
Distributed Car Control
![Page 13: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/13.jpg)
13
Car Control: Proof Sketch
Local Lane Control • 2 vehicles • 1 lane • no lane change
[FM11]
![Page 14: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/14.jpg)
14
Car Control: Proof Sketch
Local Lane Control • 2 vehicles • 1 lane • no lane change
[FM11]
(a := ✓;x00 = a)⇤
![Page 15: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/15.jpg)
15
Car Control: Proof Sketch
Local Lane Control • 2 vehicles • 1 lane • no lane change
[FM11]
![Page 16: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/16.jpg)
16
Car Control: Proof Sketch
Local Lane Control • 2 vehicles • 1 lane • no lane change
[FM11]
Global Lane Control • n vehicles • 1 lane • no lane change
![Page 17: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/17.jpg)
17
Car Control: Proof Sketch
Local Lane Control • 2 vehicles • 1 lane • no lane change
[FM11]
Global Lane Control • n vehicles • 1 lane • no lane change
⌘8i : C
⇣8i, j : C ji
![Page 18: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/18.jpg)
18
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
[FM11]
![Page 19: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/19.jpg)
19
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
[FM11]
![Page 20: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/20.jpg)
20
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
[FM11]
⌘⇤⇣⇣delete⇤; create⇤;
![Page 21: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/21.jpg)
21
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
[FM11]
![Page 22: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/22.jpg)
22
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
Global Highway Control
[FM11]
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
• n vehicles • m lanes • lane changes
![Page 23: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/23.jpg)
23
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
Global Highway Control
[FM11]
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
• n vehicles • m lanes • lane changes
⌘8l : L
⇣
![Page 24: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/24.jpg)
24
Car Control: Proof Sketch
Local Lane Control
Global Lane Control
Local Highway Control
Global Highway Control
[FM11]
• 2 vehicles • 1 lane • no lane change
• n vehicles • 1 lane • no lane change
• n vehicles • 1 lane • lane changes
• n vehicles • m lanes • lane changes
![Page 25: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/25.jpg)
25
Car Control: Proof
[FM11]
![Page 26: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/26.jpg)
26
Car Control: Proof
[FM11]
![Page 27: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/27.jpg)
27
Car Control: Proof
[FM11]
![Page 28: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/28.jpg)
28
Car Control: Proof
[FM11]
⇣delete⇤; create⇤;
![Page 29: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/29.jpg)
29
Car Control: Proof
[FM11]
![Page 30: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/30.jpg)
30
Car Control: Proof
![Page 31: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/31.jpg)
31
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 32: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/32.jpg)
32
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 33: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/33.jpg)
33
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 34: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/34.jpg)
34
• Each aircraft is associated with a buffer disc. • The discs should never come within p of each other. • Discs follow aircraft when not in collision avoidance. • Each aircraft circles its stationary disc when in collision avoidance.
Distributed Aircraft Control
[PallottinoSBF07, LoosRP13]
xHiLxH jLp xHkL
xHlL
xHmL
![Page 35: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/35.jpg)
35
Modular Proof for Distributed Aircraft
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
[LoosRP13]
To Prove: Safe separation of aircraft.
8i 6= j : A
kx(i) � x(j)k � p
![Page 36: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/36.jpg)
36
Modular Proof for Distributed Aircraft
To Prove: Safe separation of aircraft.
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmLdHiL
dH jLp =)
xHiLxH jLp xHkL
xHiL
xHmL =)^
^
[LoosRP13]
8i : Akx(i) � d(i)k = r
8i 6= j : A
kd(i) � d(j)k � 2r + p
8i 6= j : A
kx(i) � x(j)k � p
![Page 37: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/37.jpg)
37
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL[LoosRP13]
![Page 38: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/38.jpg)
38
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
[LoosRP13]
![Page 39: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/39.jpg)
39
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
Proved in KeYmaeraD
Proved in KeYmaeraD
[LoosRP13]
![Page 40: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/40.jpg)
40
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
But these proofs are hard. Could we simplify them by changing the model in a sound way?
Proved in KeYmaeraD
Proved in KeYmaeraD
![Page 41: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/41.jpg)
41
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
![Page 42: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/42.jpg)
42
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
![Page 43: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/43.jpg)
43
Modular Proof for Distributed Aircraft
Safety Property
Model
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
![Page 44: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/44.jpg)
44
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 45: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/45.jpg)
45
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 46: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/46.jpg)
46
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 47: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/47.jpg)
47
Abstracting implementation-specific design
Implicit vs. Explicit control Explicit control sets the control variable to a specific
value, in this case θ.#
[a := ✓;x00 = a]x s a := ✓
![Page 48: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/48.jpg)
48
Abstracting implementation-specific design
Implicit vs. Explicit control Explicit control sets the control variable to a specific
value, in this case θ.#
[a := ✓;x00 = a]x s
Implicit control can set the control variable nondeterministically to any value… #
[a := ⇤; x00 = a]x s
a := ⇤blah
a := ✓
![Page 49: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/49.jpg)
49
Abstracting implementation-specific design
Implicit vs. Explicit control Explicit control sets the control variable to a specific
value, in this case θ.#
[a := ✓;x00 = a]x s
Implicit control can set the control variable nondeterministically to any value… #
[a := ⇤; x00 = a]x s
[a := ⇤; ? (a); x00 = a]x s
… or to a range of values that satisfy some formula, in this case # (a)
? (a)
a := ⇤blah
a := ✓
![Page 50: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/50.jpg)
50
? (a)
a := ✓
a := ⇤blah
Abstracting implementation-specific design
Implicit vs. Explicit control Explicit control sets the control variable to a specific
value, in this case θ.#
[a := ✓;x00 = a]x s
Implicit control can set the control variable nondeterministically to any value… #
[a := ⇤; x00 = a]x s
… or to a range of values that satisfy some formula, in this case # (a)
[a := ⇤; ? (a); x00 = a]x s
![Page 51: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/51.jpg)
51
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 52: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/52.jpg)
52
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 53: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/53.jpg)
53
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 54: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/54.jpg)
54
Iterative system design
α"
β"
γ"
![Page 55: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/55.jpg)
55
Iterative system design
[a := ⇤; ? ;x00 = a]x sα"
β"
γ"
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x s
![Page 56: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/56.jpg)
56
Iterative system design
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x sα"
β"
γ"
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x s
![Page 57: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/57.jpg)
57
Iterative system design
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x sα"
β"
γ"
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x s
[a := ⇤; ? ;x00 = a]x s
[a := ⇤; ? ;x00 = a]x s
![Page 58: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/58.jpg)
58
Iterative system design
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x sα"
β"
γ"
[a := ⇤; ?�[x00 = a]x s
�;x00 = a]x s
[a := ⇤; ? ;x00 = a]x s
[a := ⇤; ? ;x00 = a]x s
[a := ✓;x00 = a]x s
[a := ⇤; ? ;x00 = a]x s
![Page 59: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/59.jpg)
59
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
![Page 60: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/60.jpg)
60
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
α"β"Abstraction
Break the system into parts Modular proof structure
These four benefits are the motivation for
Differential Refinement Logic (dRL)
![Page 61: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/61.jpg)
61
Refinement Relation
↵ �
![Page 62: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/62.jpg)
62
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤ �
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
![Page 63: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/63.jpg)
63
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
![Page 64: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/64.jpg)
64
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
![Page 65: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/65.jpg)
65
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
![Page 66: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/66.jpg)
66
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
↵ � ↵ �
![Page 67: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/67.jpg)
67
Refinement Relation
↵ �
�(?�; a := ⇤ [ a := �B);x00 = a
�⇤
�(?�; a := ✓ [ a := �B);x00 = a &
�⇤
↵ �
![Page 68: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/68.jpg)
68
So, what does dRL look like exactly?
Syntax of a dRL formula:
![Page 69: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/69.jpg)
69
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
![Page 70: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/70.jpg)
70
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �FOLR
![Page 71: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/71.jpg)
71
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
![Page 72: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/72.jpg)
72
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ � + dL
![Page 73: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/73.jpg)
73
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
![Page 74: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/74.jpg)
74
So, what does dRL look like exactly?
Syntax of a dRL formula:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ � + refinement
![Page 75: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/75.jpg)
75
So, what does dRL look like exactly?
Syntax of a dRL formula:
Syntax of a hybrid program:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
![Page 76: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/76.jpg)
76
So, what does dRL look like exactly?
Syntax of a dRL formula:
Syntax of a hybrid program:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
↵,� ::= x := ✓ | x0 = ✓ & | ? | ↵ [ � | ↵;� | ↵⇤↵,� ::= x := ✓ | x0 = ✓ & | ? | ↵ [ � | ↵;� | ↵⇤
[Platzer08]
![Page 77: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/77.jpg)
77
So, what does dRL look like exactly?
Syntax of a dRL formula:
Syntax of a hybrid program:
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
�, ::= ✓1 ✓2 | ¬� | � ^ | 8x� | [↵]� | h↵i� | ↵ �
↵,� ::= x := ✓ | x0 = ✓ & | ? | ↵ [ � | ↵;� | ↵⇤↵,� ::= x := ✓ | x0 = ✓ & | ? | ↵ [ � | ↵;� | ↵⇤
dRL extends dL by adding refinement directly into the grammar of formulas
![Page 78: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/78.jpg)
78
Hybrid Programs are what we use to model cyber-physical systems, just as in differential dynamic logic (dL).
[Platzer08]
v w↵
Semantics of hybrid programs
⇢(↵) = {(v, w) : when starting in state and then following transitions of , state can be reached.
v↵
w }
![Page 79: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/79.jpg)
79
Semantics of hybrid programs
[Platzer08]
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
![Page 80: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/80.jpg)
80
Semantics of hybrid programs
[Platzer08]
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
![Page 81: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/81.jpg)
81
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
![Page 82: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/82.jpg)
82
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
![Page 83: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/83.jpg)
83
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
![Page 84: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/84.jpg)
84
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v ? ?
![Page 85: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/85.jpg)
85
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v ? ? Iff holds in state v |= v
![Page 86: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/86.jpg)
86
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
![Page 87: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/87.jpg)
87
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
⇢(? ) = {(v, v) : v |= }
![Page 88: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/88.jpg)
88
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
⇢(? ) = {(v, v) : v |= }⇢(? ) = {(v, v) : v |= }
![Page 89: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/89.jpg)
89
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
v wx
0 = ✓
⇢(? ) = {(v, v) : v |= }⇢(? ) = {(v, v) : v |= }
![Page 90: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/90.jpg)
90
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
v wx
0 = ✓
⇢(? ) = {(v, v) : v |= }⇢(? ) = {(v, v) : v |= }
If solves y(t) x
0 = ✓
![Page 91: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/91.jpg)
91
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
v wx
0 = ✓
x := y(t)
⇢(? ) = {(v, v) : v |= }⇢(? ) = {(v, v) : v |= }
If solves y(t) x
0 = ✓
![Page 92: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/92.jpg)
92
Semantics of hybrid programs
[Platzer08]
⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}iff except for the value of
v = w⇢(x := ✓) = {(v, w) : w = v except [[x]]w = [[✓]]v}
v? Iff holds in state v |= v
v wx
0 = ✓
x := y(t)
⇢(x
0= ✓) = {('(0),'(t)) : '(s) |= x
0= ✓ for all 0 s t}
⇢(? ) = {(v, v) : v |= }⇢(? ) = {(v, v) : v |= }
If solves y(t) x
0 = ✓
![Page 93: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/93.jpg)
93
Semantics of hybrid programs
[Platzer08]
v wu↵ �
↵;�
![Page 94: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/94.jpg)
94
Semantics of hybrid programs
[Platzer08]
v wu↵ �
↵;�
⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}
![Page 95: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/95.jpg)
95
Semantics of hybrid programs
[Platzer08]
v wu↵ �
↵;�
⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}
![Page 96: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/96.jpg)
96
Semantics of hybrid programs
[Platzer08]
v wu↵ �
↵;�
⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}
![Page 97: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/97.jpg)
97
Semantics of hybrid programs
[Platzer08]
v wu↵ �
↵;�
⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}⇢(↵;�) = {(v, w) : (v, u) 2 ⇢(↵), (u,w) 2 ⇢(�)}
Etc…
![Page 98: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/98.jpg)
98
Semantics of box modality
[Platzer08]
v |= [↵]�
Box Modality:
![Page 99: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/99.jpg)
99
Semantics of box modality
[Platzer08]
v ↵↵
↵
w1
w2
w3
v |= [↵]�
Box Modality: �
![Page 100: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/100.jpg)
100
Semantics of box modality
[Platzer08]
v ↵↵
↵
w1
w2
w3
v |= [↵]�
Box Modality: �
�
![Page 101: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/101.jpg)
101
Semantics of box modality
[Platzer08]
v ↵↵
↵
w1
w2
w3
v |= [↵]�
Box Modality: �
�
�
![Page 102: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/102.jpg)
102
Semantics of box modality
[Platzer08]
v ↵↵
↵
w1
w2
w3
v |= [↵]�
Box Modality: �
�
�
Iff
![Page 103: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/103.jpg)
103
Semantics of box modality
[Platzer08]
v ↵↵
↵
w1
w2
w3
v |= [↵]�
Box Modality: �
�
�
w |= � for all w with (v, w) 2 ⇢(↵)
Iff
![Page 104: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/104.jpg)
104
Semantics of refinement
Refinement Relation:
v |= ↵ �
![Page 105: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/105.jpg)
105
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
v |= ↵ � ↵
↵
![Page 106: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/106.jpg)
106
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
v |= ↵ �
v |= ↵ �v |= ↵ �
v |= ↵ �
![Page 107: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/107.jpg)
107
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
v |= ↵ �
v |= ↵ �v |= ↵ �
v |= ↵ �↵
↵
![Page 108: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/108.jpg)
108
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
Iff
v |= ↵ �
v |= ↵ �v |= ↵ �
v |= ↵ �
↵
↵
{w : (v, w) 2 ⇢(↵)} ✓ {w : (v, w) 2 ⇢(�)}
![Page 109: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/109.jpg)
109
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
Iff
v |= ↵ �
v |= ↵ �v |= ↵ �
v |= ↵ �
↵
↵
{w : (v, w) 2 ⇢(↵)} ✓ {w : (v, w) 2 ⇢(�)}
![Page 110: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/110.jpg)
110
Semantics of refinement
v
w1
w2
w3
Refinement Relation:
Iff
v |= ↵ �
v |= ↵ �v |= ↵ �
v |= ↵ �
↵
↵
{w : (v, w) 2 ⇢(↵)} ✓ {w : (v, w) 2 ⇢(�)}
![Page 111: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/111.jpg)
111
dRL proof rules
Combining refinement and box modality:
![Page 112: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/112.jpg)
112
dRL proof rules
Combining refinement and box modality:
To Prove:
![Page 113: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/113.jpg)
113
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
To Prove:
![Page 114: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/114.jpg)
114
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
↵
↵
To Prove:
![Page 115: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/115.jpg)
115
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
↵
↵
�
�
To Prove:
![Page 116: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/116.jpg)
116
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
We Know:
![Page 117: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/117.jpg)
117
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
↵
↵
We Know:
![Page 118: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/118.jpg)
118
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
v |= ↵ �v |= ↵ �
v |= ↵ �↵
↵
We Know:
![Page 119: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/119.jpg)
119
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
v |= ↵ �v |= ↵ �
v |= ↵ �↵
↵
We Know:
![Page 120: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/120.jpg)
120
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
v |= ↵ �v |= ↵ �
v |= ↵ �↵
↵
�
�
�
We Know:
![Page 121: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/121.jpg)
121
dRL proof rules
Combining refinement and box modality:
v
w1
w2
w3
v |= ↵ �v |= ↵ �
v |= ↵ �↵
↵
�
�
�
![Page 122: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/122.jpg)
122
A note on diamond modality
![Page 123: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/123.jpg)
123
A note on diamond modality
![Page 124: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/124.jpg)
124
A note on diamond modality
We can continue using the proof logic for dL to handle box and diamond modalities.
![Page 125: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/125.jpg)
125
A note on diamond modality
But we need to add proof rules to handle refinements.
![Page 126: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/126.jpg)
126
dRL Proof Rules: Partial Order
Reflexive: Transitive:
Antisymmetric:
![Page 127: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/127.jpg)
127
dRL Proof Rules: Partial Order
Reflexive: Transitive:
Antisymmetric: This rule is by definition, since is syntactically defined as
![Page 128: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/128.jpg)
128
dRL Proof Rules: KAT style
[Kozen97]
![Page 129: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/129.jpg)
129
dRL Proof Rules: KAT style
[Kozen97]
![Page 130: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/130.jpg)
130
dRL Proof Rules: KAT style
[Kozen97]
![Page 131: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/131.jpg)
131
dRL Proof Rules: KAT style
[Kozen97]
![Page 132: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/132.jpg)
132
dRL Proof Rules: KAT style
[Kozen97]
![Page 133: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/133.jpg)
133
dRL Proof Rules
![Page 134: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/134.jpg)
134
dRL Proof Rules: Structural
![Page 135: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/135.jpg)
135
dRL Proof Rules: Differential Equations
Differential Refinement:
![Page 136: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/136.jpg)
136
dRL Proof Rules: Differential Equations
Differential Refinement:
But that isn’t the end of the story…
![Page 137: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/137.jpg)
137
dRL Proof Rules: Differential Equations
Differential Refinement:
But that isn’t the end of the story… ?
(x0 = 1) (x0 = 9)
![Page 138: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/138.jpg)
138
dRL Proof Rules: Differential Equations
Differential Refinement:
But that isn’t the end of the story…
(x0 = 1) = (x0 = 9)?
![Page 139: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/139.jpg)
139
dRL Proof Rules: Differential Equations
Differential Refinement:
But that isn’t the end of the story…
(x0 = 1) = (x0 = 9)
![Page 140: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/140.jpg)
140
We have proved that the refinement relation can be embedded in dL. As a result, dL and dRL are equivalent in terms of expressibility and provability.
Comparing dRL and dL
We plan to analyze dRL on familiar (challenging) case studies. We can consider:
• Number of proof steps • Computation time • Qualitative difficulty to complete proof • Proof structure
![Page 141: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/141.jpg)
141
Analyzing dRL
Break the system into parts Modular proof structure
Iterative system design
γ"β"α"
xHiLxH jLp xHkL
xHiL
xHmL
dHiLdH jLp
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
xHiLxH jLp xHkL
xHiL
xHmL
αβAbstraction
To analyze whether dRL can ease the complexity of proving tasks for hybrid systems, we can start with these four categories:
![Page 142: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/142.jpg)
142
Designing proof search heuristics that exploit refinement to automatically create more hierarchical proof structures.
Shifting the proof responsibility completely to determining refinement.
Code synthesis – verifying that refinement relation is satisfied with each transformation step.
Additional dRL applications
![Page 143: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/143.jpg)
143
Timeline
![Page 144: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/144.jpg)
144
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
Timeline
Completed"
![Page 145: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/145.jpg)
145
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
Timeline
Completed"
Completed"
![Page 146: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/146.jpg)
146
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
Timeline
In Progress"
Completed"
Completed"
![Page 147: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/147.jpg)
147
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
Timeline
Completed"
Completed"
Feb 2015"
![Page 148: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/148.jpg)
148
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
We will show that refinement makes proofs easier by revisiting familiar and challenging case studies.
Timeline
Next Step"
Feb 2015"
Completed"
Completed"
![Page 149: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/149.jpg)
149
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
We will show that refinement makes proofs easier by revisiting familiar and challenging case studies.
Timeline
May 2015"
Feb 2015"
Completed"
Completed"
![Page 150: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/150.jpg)
150
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
We will show that refinement makes proofs easier by revisiting familiar and challenging case studies.
As a stretch goal, we will examine additional applications of dRL.
Timeline
Stretch Goal"
May 2015"
Feb 2015"
Completed"
Completed"
![Page 151: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/151.jpg)
151
Completed work indicates that building complex hybrid programs from simpler ones is a good idea.
We aim to add rigor to this approach by introducing a refinement relation to differential dynamic logic.
We then need to show how refinement integrates with dL by creating a proof calculus for dRL.
We will show that refinement makes proofs easier by revisiting familiar and challenging case studies.
As a stretch goal, we will examine additional applications of dRL (e.g. synthesis and proof search)
Thesis defense.
Timeline
Aug 2015"
May 2015"
Feb 2015"
Completed"
Completed"
Stretch Goal"
![Page 152: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/152.jpg)
152
Appendix
![Page 153: Differential Refinement Logic - Carnegie Mellon …sloos/LoosProposalSlides.pdf1 Sarah M. Loos CSD, Carnegie Mellon University Differential Refinement Logic Thesis Proposal Thesis](https://reader031.vdocuments.mx/reader031/viewer/2022020416/5cc86bd488c993103f8d6d0f/html5/thumbnails/153.jpg)
153
Table of Case Studies
x!i"
x! j"
p x!k"
x!l"
x!m"
safety envelopes