A formulation of an induction principle for diamond-free directed complete partial orders is proposed. This principle may be useful for speci cation and veri cation of non-discrete systems using interactive proof assistant software.
Inductive proofs and recursive de nitions are very useful tools in software speci cation and veri cation. In particular, they are frequently used in formalizations of algorithms in proof assistants such as Isabelle and Coq. This leads to a question of whether certain analogous proof methods and corresponding definition methods may be useful in the case of speci cation and veri cation of cyber-physical systems, in particular, using proof assistants. Since in this case one is expected to deal with formalization of properties which involve continuous variables, investigation of generalized inductive proof methods and recursive de nitions which use a continuous parameter is relevant.
Proof principles that allow one to prove a property of real numbers by an argument that is in some sense similar to mathematical induction may be called real or continuous induction principles [1{3]. An overview, literature references and applications related to this topic can be found in [1, 2].
Recently, real induction was used in di erential equation invariance axiomatization [4, 5] which extends a logic (di erential dynamic logic [4]) intended for veri cation of hybrid systems (which may be used as mathematical models of behaviors of cyber-physical systems).
The real induction principle referenced in [4] is given in [2, Theorem 2]. It
states that a subset S [a; b] (a < b are real numbers) is inductive if and only if
S = [a; b]. Here a subset S [a; b] is called inductive, if it satis es the following
properties [2]: (
A more general theorem which characterizes Dedekind-complete total orders is also given in [2].
Copyright © 2020 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0).
A discussion of a question about generalization of a slightly di erent theorem for total orders to an induction principle for partial orders and a formulation of an induction principle for complete lattices can be found at [6].
However, in formal methods and veri cation, some posets of interest do not form lattices. One example is the set of partial trajectories of a nondeterministic (possibly hybrid) dynamical system, de ned on time intervals of the forms [0; t), [0; t], ordered by the extension relation (s1 s2, if s2 extends s1), where diverging trajectories (incomparable elements) have no joins.
But in this example and in some other, a poset of interest belongs to the class of diamond-free posets, i.e. posets such that there is no tuple (a; b; c; d) in which a b d, a c d, and b; c are incomparable.
In this paper we will argue that Raoult's open induction principle [7] can be used to obtain an induction principle for diamond-free directed complete partial orders (dcpos) which extends the real induction principle. 2
{ < is the strict order which corresponds to ; { [a; b] is the set fx 2 X j a x ^ x bg; { [a; b) is the set fx 2 X j a x ^ x < bg; { x = sup A denotes that x is the least upper bound of A in (X; ).
3
Theorem 1 (Converse open induction principle). Let (X; ) be a poset.
Assume that X is the only directed open subset S X which satis es the
following condition:
(
Then (X; ) is a dcpo.
Proof. Suppose that (X; ) is not directed complete (so (X; ) is not chain
complete). Then there exists a nonempty -chain C X which has no supremum
in (X; ). Let C0 be the directed closure of C. Let S = XnC0. Let us show that
S satis es the condition (
Let x 2 X. Assume that 8y 2 X(x < y ) y 2 S) holds. Suppose that x 2= S. Then x 2 C0. The set fsup C00 j C00 C; C00 6= ;; and C00 has a supremumg is directed closed. Then x = sup C00 for some nonempty -chain C00 C. Let us show that C and C00 are co nal. Let c 2 C. Suppose that for each c00 2 C00, c < c00 does not hold. Since C00 C, each element of C00 is comparable with c. Then c is an upper bound of C00. Then x c. The relation x < c cannot hold, because it implies c 2 S = XnC0, but c 2 C C0. Hence x = c 2 C. Then each y 2 C such that x < y belongs to S. This implies that x is the largest element of C. Then x = sup C. This contradicts the assumption that C has no supremum. Thus there exists c00 2 C00 such that c < c00 holds. Since c 2 C is arbitrary, we conclude that C and C00 are co nal. Then x = sup C and we get a contradiction with the assumption that C has no supremum. Thus x 2 S.
Then S satis es the condition (
Thus (X; ) is directed complete. tu Theorem 2 (Induction principle for diamond-free dcpos).
Let (X; ) be a diamond-free poset. Then (X; ) is directed complete if and
only if the only subset S X which satis es the conditions (
Proof. \If". Assume that X is the only subset of X which satis es (
Let us show that each directed open set S satis es the condition (
Thus X is the only directed open subset of X which satis es the condition
(
\Only if". Assume that (X; ) is a diamond-free dcpo. Obviously, S = X satis es 1-2. Let S X be a set which satis es 1-2. Let us show that S = X.
Firstly, let us show that S is a directed open set.
Let C be a nonempty -chain such that sup C = z 2 S.
Let us show that C \ S 6= ;. Without loss of generality, assume that z 2= C. Let x be some element of C. Note that x < z.
Let C1 = fy 2 C j x yg. Then C1 is a nonempty -chain. Moreover, C and C1 are co nal, so sup C1 = z. Since z 2= C, we have C1 [x; z).
Let y 2 [x; z). Since sup C1 = z, y is not an upper bound of C1. Then exists c 2 C1 such that c y does not hold. Note that c and y are not incomparable, since c; y 2 [x; z] and (X; ) is diamond-free. Then y < c.
Since y is arbitrary, C1 and [x; z) are co nal. Then sup [x; z) = z.
Then from the condition (
Since C is arbitrary, this implies that S is a directed open set in (X; ).
From the condition (
Then S = X by the open induction principle [7].
Similarly to the case of the real induction principle, the conditions (
The condition (
The condition (
Theorem 2 is applicable to total orders (which are diamond-free). In the
special case when X is the real interval [0; 1] and is a restriction of the order,
opposite to the standard order on real numbers, (X; ) is directed complete and
the \only if" part of the statement of the theorem reduces to the statement
that [0; 1] is the only subset S [0; 1] which satis es (
Theorem 2 can also be applied to sets of partial trajectories of nondeterministic continuous-time dynamical systems, de ned on time intervals of the form [0; t), [0; t], ordered by the extension relation (s1 s2, if s2 extends s1), or the opposite of this relation (with the dual completeness requirement), assuming that a partial trajectory cannot extend two incomparable partial trajectories (since their domains are -comparable). 5
We have proposed an induction principle for diamond-free directed complete partial orders. It can be considered as an extension of the real induction principle for a real interval.