A Usage-Aware Sequent Calculus for Differential Dynamic Logic

Modeling languages like differential dynamic logic (dL) have proof calculi capable of proving guarantees for safety-critical applications. However, dL programmers may unintentionally over-specify assumptions and program statements, which results in overly constrained models, and consequently, weak or vacuous guarantees. In hybrid systems models, such constraints come from multiple places, ranging from initial conditions to domain constraints in the middle of differential equations, thereby making it nontrivial to consistently track the conglomerate. We present a novel sequent calculus for dL that tracks which constraints to weaken or remove while preserving correctness guarantees. When properties follow entirely from constraints uninfluenced by program statements, this analysis spots outright flaws in models. We prove soundness and completeness of our proof calculus.