Certi ed Programs and Proofs, 21 Jan 2020

The Poincare-Bendixson Theorem inIsabelle/HOL

Fabian Immler and Yong Kiam Tan

Carnegie Mellon University

Certified Programs and Proofs, 21 Jan 2020

Outline

Background: The Poincare-Bendixson Theorem

Formalization Challenges

The Monotonicity Lemma

Conclusion and Outlook

2 / 22

Outline

3 / 22

Recap: Ordinary Differential Equations (ODEs)

Ordinary differential equations (ODEs) provide mathematicalmodels of real world phenomena.

ODE model:x = v , v = −g

ODE solution:

x(t) = x0 + v0t −g

v(t) = v0 − gt

Properties of the ball’s falling motioncan be deduced from these solutions.

A model of glycolysis:

x = −x + ay + x2y

y = b − ay − x2y

ODE solution: ???

How can we deduce properties withoutknowing the closed-form solution?

4 / 22

Recap: Ordinary Differential Equations (ODEs)

Ordinary differential equations (ODEs) provide mathematicalmodels of real world phenomena.

ODE model:x = v , v = −g

ODE solution:

x(t) = x0 + v0t −g

v(t) = v0 − gt

Properties of the ball’s falling motioncan be deduced from these solutions.

x = −x + ay + x2y

y = b − ay − x2y

ODE solution: ???

How can we deduce properties withoutknowing the closed-form solution?

4 / 22

(Planar) ODEs and Dynamical Systems

0 1 2 x

x = −x + ay + x2y

y = b − ay − x2y

Fundamental Idea (Poincare):

ODEs describe dynamical systemswhose qualitative properties can bededuced directly from the equations.

5 / 22

0 1 2 x

x = −x + ay + x2y

y = b − ay − x2y

5 / 22

0 1 2 x

x = −x + ay + x2y

y = b − ay − x2y

5 / 22

0 1 2 x

x = −x + ay + x2y

y = b − ay − x2y

5 / 22

The Poincare-Bendixson Theorem

0 1 2 x

Theorem (Poincare-Bendixson)

(Under mild assumptions) trajectories of planar dynamical systemsare either periodic or tend towards a periodic trajectory.

6 / 22

The Poincare-Bendixson Theorem

In our paper/formalization:

6 / 22

Outline

7 / 22

Formalization Challenges (the “easy” ones)

Our Claim: the Poincare-Bendixson theorem is an interestingbenchmark for formalized mathematics.

1. Has substantial prerequisite formalized mathematics, e.g.:the Jordan curve theorem, (real) analysis, ODEs.

XIsabelle/HOL and the Archive of Formal Proofs (AFP) meetthese prerequisites.

2. Needs formalization of key dynamical systems concepts, e.g.:limit sets of trajectories, periodic orbits.

XMostly involves formalizing of (real) analysis-type argumentsfollowing standard presentations in textbooks.

8 / 22

Formalization Challenges (this talk)

3. Textbook proofs rely heavily on sketches, especially for a keylemma that is fundamental to the plane.

This Talk: our answers to these formalization challenges, focusingon the key monotonicity lemma used in the proof.

9 / 22

Chicone:

9 / 22

Hartman:

9 / 22

Palis & de Melo:

9 / 22

Perko:

9 / 22

Wiggins:

9 / 22

Teschl:

9 / 22

? How can we formalize these sketches in a proof assistant?

9 / 22

? How can we formalize these sketches in a proof assistant?

4. Textbook proofs argue by symmetry and present only one ofthe (several) cases required.

? How can we effectively formalize these symmetries in orderto minimize duplicated proof effort?

9 / 22

Outline

10 / 22

The Monotonicity Lemma (Textbook Proof)

Lemma (Monotonicity)

Successive intersections of a trajectory with a transversal segmentare ordered increasingly (or decreasingly) along the segment.

Definition (Transversal Segment)

A transversal segment is a (closed) 2D line segment where theRHS of the ODE is nowhere zero along the segment.

11 / 22

Proof.

Suppose trajectory from x1 on the transversal touches thetransversal again at x2:

12 / 22

Proof.

Construct the Jordan curve J formed by the trajectory and thesegment between x1, x2:

12 / 22

Proof.

By the Jordan curve theorem, J separates the plane into an insideI and outside O:

12 / 22

Proof.

Any further intersection at x3 must happen inside by construction,so the intersections are ordered x1 ≤ x2 ≤ x3:

12 / 22

Proof.

Any further intersection at x3 must happen inside by construction,so the intersections are ordered x1 ≤ x2 ≤ x3:

12 / 22

Proof.

Not quite done! There are several other cases, but the argumentfor them is symmetric:

12 / 22

Proof.

Not quite done! There are several other cases, but the argumentfor them is symmetric:

12 / 22

The Monotonicity Lemma (Formal Proof)

(Recall) Formalization Challenge:

Subtle Claim: these are the only possibilities that can occur for J.

13 / 22

Three pieces of information are needed for the (Left) case:

Symmetrically for (Right) case, e.g., flow always crosses frominside to outside between x1 to x2.

14 / 22

Obvious Problem: Naive case splitting yields 8 cases.

15 / 22

Not-so-obvious Problem: It is unclear how to finish the prooffrom the impossible cases.

15 / 22

Key Idea: Construct flow regions r1, r2 that must lie on oppositesides and case split to deduce the three pieces of information.

16 / 22

Key Idea: reverse flows to obtain other cases by symmetry.

17 / 22

Formalized using Isabelle/HOL’s (sub-)locales:

ODE f : Rn → Rn

Flow: φ, Thm: P(φ(x0, t)) (≈760 line proof for monotonicity)

rev.ODE −f : Rn → Rn

Flow: φ−f , rev.Thm: P(φ−f (x0, t)) (automatically generated)

⇓export and rewrite φ−f (x0, t) = φ(x0,−t) (≈30 line boilerplate)⇓Flow: φ, Thm: P(φ(x0,−t)) (symmetric lemma proved!)

17 / 22

ODE f : Rn → Rn

17 / 22

ODE f : Rn → Rn

⇓export and rewrite φ−f (x0, t) = φ(x0,−t) (≈30 line boilerplate)⇓

Flow: φ, Thm: P(φ(x0,−t)) (symmetric lemma proved!)

17 / 22

ODE f : Rn → Rn

17 / 22

Outline

18 / 22

XWe give the first (as far as we know*) fully rigorousargument for this step, that is amenable to formalization.

XUse Isabelle/HOL’s locale system to formally reverse flows.

19 / 22

* While preparing these slides, we came across a proof in Croninbased on indexes but we have not attempted to formalize it.

Cronin (on the Poincare-Bendixson theorem):

. . . part of the difficulty in proving thetheorem lies in the fact that all theconsiderations take place in the Euclideanplane and distinguishing between intuitiveand rigorous arguments in the plane issometimes difficult.

20 / 22

? But our proof is rather different from the textbook sketches.Is this unavoidable? Are there cleaner or more abstract proofs?

XUse Isabelle/HOL’s locale system to formally reverse flows.

21 / 22

Conclusion

0 1 2 x

Future Directions:

1. Formalize other tools for the analysis of planar dynamicalsystems, e.g., Lienard’s theorem, Dulac’s criterion.

2. Generalize beyond planar ODEs, e.g., Poincare-Bendixsontheorem for ODEs defined on the sphere or 2-manifolds.

22 / 22

The (Left) case of our flow region construction, is sketched here:

Key Idea: Construct flow regions r1, r2 that must lie on oppositesides and case split to deduce the three pieces of information.

Glycolysis Example Proof

0 1 2 x

Certi ed Programs and Proofs, 21 Jan 2020

Documents

Transcript of Certi ed Programs and Proofs, 21 Jan 2020

Exterior and Interior WALL MANUAL - Cedar Shake &Shingle · 1 CERTI-LABEL WESTERN CEDAR PRODUCTS CERTI-LABEL WESTERN CEDAR SHAKES Certi-Split® Handsplit Shakes Certi-Split® Tapersplit

2013 Instructions for Form 1040NR-EZ · Page 1 of 35 12:13 - 6-Jan-2014 The type and rule above prints on all proofs including departmental reproduction proofs. MUST be removed before

2009 Publication 537 · Page 2 of 19 of Publication 537 10:52 - 14-JAN-2010 The type and rule above prints on all proofs including departmental reproduction proofs. MUST be removed

1. PROOFS 1. PROOFS - evangelicalbible.com

Certi cation of Termination Proofs for Term RewritingAdam.Koprowski/pres/color-icis-08.pdf · Termination of rewriting Termination of rewriting: Is undecidable. Is an important topic

eatures • niersal input 8-30AC...UL60950-1 certi ed IEC/EN60950-1 certi ed UL62368-1 pending IEC/EN62368-1 certi ed EN61558-1 certi ed EN61558-2-16 certi ed CB report E196683 R E

2 U.S. PAGER/SGMLGovernmentPage 2 of 11 of Publication 516 15:28 - 7-JAN-2009 The type and rule above prints on all proofs including departmental reproduction proofs. MUST be removed

NISM Certi cation Examinations (in years) · A certi cate can also be revalidated by passing the relevant NISM certi cation examination before the expiry of the existing certi cate.

Certi˜cate Change Transmittal Form - University of …fora.aa.ufl.edu/docs/47//20Nov12//UCC_12Nov20_ProfCert...Certi˜cate Change Transmittal Form Department Name and Number Certi˜cation

Accreditation certi

Participants certi template

2015 Form 1040-ES · 2020-02-17 · Page 1 of 7 11:01 - 21-Jan-2015 The type and rule above prints on all proofs including departmental reproduction proofs. MUST be removed before

ADVANCE TECHNICIAN CERTI.

Formal Certification of Game-Based Cryptographic Proofssoftware.imdea.org/~szanella/Zanella.2010.PhD.slides.pdfFormal Certi cation of Game-Based Cryptographic Proofs Santiago Zanella

Deductions Page 1 of 24 12:04 - 8-Jan-2013 Miscellaneous · Page 1 of 24 12:04 - 8-Jan-2013 The type and rule above prints on all proofs including departmental reproduction proofs.

Non-Uniformly Sound Certi cates with Applications to ... · random oracle can produce proofs for exponentially many false statements! The same happens for other SNARG constructions

Certi cate of Attendance€¦ · Comerç Internacional / Kenwerzh Etrebroadel Certi cation Date February 2017 Certi cate of Attendance This certi cate is awarded to In recognition

Publication 555 (Rev. January 2013)Page 1 of 14 14:45 - 29-Jan-2013 The type and rule above prints on all proofs including departmental reproduction proofs. MUST be removed before

Introduction to Proofs - WordPress.com...3 Proofs: Essential Questions Pre-Assessment 5 Proof Exploration 7 Two Column Proofs 8 Flow Chart Proofs 9 Paragraph Proofs 10 Favorite Style

software Certi