Uniform Substitution for Differential Refinement Logic

TL;DR

This work addresses sound refinement verification in hybrid systems by developing a uniform-substitution calculus for $dRL$, the differential refinement logic. It replaces axiom schemata with a finite, concrete axiom set and uses a one-pass uniform substitution rule to instantiate them soundly, yielding a Hilbert-style microkernel suitable for modular proof construction. A key contribution is establishing soundness results for uniform substitution and its applicability to rules, along with a decidability result for refinement within a fragment of hybrid programs, and implementing the core calculus in KeYmaera X. The approach enables precise refinement reasoning between concrete and abstract hybrid models with practical impact for verifying time-triggered versus event-triggered implementations and beyond.

Abstract

This paper introduces a uniform substitution calculus for differential refinement logic dRL. The logic dRL extends the differential dynamic logic dL such that one can simultaneously reason about properties of and relations between hybrid systems. Refinements are useful e.g. for simplifying proofs by relating a concrete hybrid system to an abstract one from which the property can be proved more easily. Uniform substitution is the key to parsimonious prover microkernels. It enables the verbatim use of single axiom formulas instead of axiom schemata with soundness-critical side conditions scattered across the proof calculus. The uniform substitution rule can then be used to instantiate all axioms soundly. Access to differential variables in dRL enables more control over the notion of refinement, which is shown to be decidable on a fragment of hybrid programs.