An axiomatic approach to existence and liveness for differential equations

Abstract

This article presents an axiomatic approach for deductiveverification of existence and liveness for ordinary differentialequations (ODEs) with differential dynamic logic (dL). The approachyields proofs that the solution of a given ODE exists long enough toreach a given target region without leaving a given evolutiondomain. Numerous subtleties complicate the generalization ofdiscrete liveness verification techniques, such as loop variants, tothe continuous setting. For example, ODE solutions may blow up infinite time or their progress towards the goal may converge to zero.These subtleties are handled in dL by successively refining ODEliveness properties using ODE invariance properties which have acomplete axiomatization. This approach is widely applicable: severalliveness arguments from the literature are surveyed and derived asspecial instances of axiomatic refinement in dL. These derivationsalso correct several soundness errors in the surveyed literature,which further highlights the subtlety of ODE liveness reasoning andthe utility of an axiomatic approach. An important special case ofthis approach deduces (global) existence properties of ODEs, whichare a fundamental part of every ODE liveness argument. Thus, allgeneralizations of existence properties and their proofs immediatelylead to corresponding generalizations of ODE liveness arguments.Overall, the resulting library of common refinement steps enablesboth the sound development and justification of new ODE existenceand of liveness proof rules from dL axioms. These insights are putinto practice through an implementation of ODE liveness proofs inthe KeYmaera X theorem prover for hybrid systems.