The integral is one of the most important foundations for modeling dynamical systems. The gauge integral is a generalization of the Riemann integral and the Lebesgue integral and applies to a much wider class of functions. In this paper, we formalize the operational properties which contain the linearity, monotonicity, integration by parts, the Cauchy-type integrability criterion, and other important theorems of the gauge integral in higher-order logic 4 (HOL4) and then use them to verify an inverting integrator. The formalized theorem library has been accepted by the HOL4 authority and will appear in HOL4 Kananaskis-9.
In the recent years, hardware and software systems are widely used in safety critical applications like car, highway and air control systems, medical instruments, and so on. The cost of a failure in these systems is unacceptably high, thus making it important to make sure of the correctness of the functions in design. The traditional verification methods, which include simulation and testing, are not sufficient to validate confidence. Formal methods can be helpful in proving the correctness of systems. Theorem proving is one method for performing verification on formal specifications of system models [
The integral is a mathematical tool to solve many practical problems in geometry, physics, economics, electrical systems, and so on. In order to formalize dynamic systems, some theorem provers have already formalized integral theorem library. The Isabelle/Isar theorem prover has the formalization of the Lebesgue integral [
This paper presents the formalization of the complete gauge integral theory in HOL4 [
Some HOL4 notations and their semantics.
Meaning | HOL notations | Standard notations |
---|---|---|
Truth |
|
|
Falsity |
|
|
Negation | ~ |
¬ |
Disjunction |
|
|
Conjunction |
|
|
Implication |
|
|
Equality |
|
|
|
! |
|
|
? |
|
Lambda |
|
|
The rest of the paper is organized as follows. In Section
There are many ways of formally defining an integral, not all of which are equivalent. The differences exist mostly to deal with differing special cases which may not be integrable under other definitions. The definitions include the Newton integral, the Riemann integral, the Lebesgue integral, and the gauge integral, which had been proposed in different senses. The gauge integral proposed by Kurzweil and Henstock is a generalization of the Riemann integral and the Lebesgue integral, and it is suitable for wider situations [
For any function
So, the above reasoning shows that a derivative
Let
Definition ! Dint ! ? ! abs
where division division tdiv dsize
tdiv
The gauge
and fine means as follows:
dsize
In sum, “Dint
Function
Definition
integrable
A function’s integral value is formalized as follows:
integral
The relations between the definitions are described in Theorems
One has
Consider
Then, we formalizes the operational properties of the gauge integral [
In this subsection, the formalizations of the linear properties are presented after the respective mathematical expressions.
The integral of a constant function is computed by:
The formalization is as follows:
The integral of zero is zero:
The formalization is as follows:
The integral is negated when the function is negated:
The formalization is as follows:
The integral of the product of a function multiplied by a constant equals the product of the constant and the integral of the function:
The formalization is as follows:
The integral of the sum of two functions is the sum of the integrals of the two functions:
The formalization is as follows:
The integral of the difference of two functions is the difference of the integrals of the two functions:
The formalization is as follows:
The integral is linear:
The formalization is as follows:
These theorems are proven based on the definition of the gauge integral.
The three inequalities are formalized in this subsection.
An integrable function
The formalization is as follows: INTEGRAL_MVT_LE: (!
If
The formalization is as follows: INTEGRAL_LE: (! integral DINT_LE: (!
If
The formalization is as follows: DINT_TRIANGLE: abs
This theorem could be proved by Theorem
The integral of the delta function, which equals 1 only at one certain point otherwise keeps zero, is zero:
The formalization is as follows:
The two functions which are equal except at a certain point have same integrals:
The formalization is as follows: Dint
This shows that if one changes a function at one point, then its integral does not change.
For all
The formalization is as follows: INTEGRABLE_SUBINTERVAL:
In order to prove Theorem INTEGRABLE_SPLIT_SIDES ! tdiv tdiv abs (rsum INTEGRABLE_SUBINTERVAL_LEFT = INTEGRABLE_SUBINTERVAL_RIGHT =
The INTEGRABLE_SPLIT_SIDES is used to prove INTEGRABLE_SUBINTERVAL_LEFT and INTEGRABLE_SUBINTERVAL_RIGHT, then the theorem INTEGRABLE_SUBINTERVAL can be proved by the transitivity of real number.
If
The formalization is as follows: INTEGRAL_COMBINE: (integral
The proof of Theorem
The lemmas proving Theorem
Name of lemma | Description in HOL4 |
---|---|
DIVISION_LE_SUC |
|
DIVISION_MONO_LE |
|
DIVISION_MONO_LE_SUC |
|
DIVISION_INTERMEDIATE |
|
DIVISION_DSIZE_LE |
|
DIVISION_DSIZE_GE |
|
DIVISION_DSIZE_EQ |
|
DIVISION_DSIZE_EQ_ALT |
|
The proof is branched based on
In case
The proof goal transfers by using the fourth lemma:
This lemma is proven with two cases based on
The goal is rewritten by
Let
For abs
Let
The formalization is as follows: INTEGRABLE_CAUCHY: integrable ! ? ! tdiv abs (rsum
The Cauchy criterion indicates that an integrable function is always convergent for any division on the interval.
First of all, we should prove that a function for any gauge over the set is (! ? gauge !
Let
The formalization is as follows: INTEGRABLE_LIMIT: (! ? integrable
In order to make the proof easier, we proved the RSUM_DIFF_BOUND at first: tdiv (!
If
The formalization is as follows: INTEGRABLE_CONTINUOUS:
To prove Theorem
If CONT_UNIFORM: ! ? ! abs
In order to illustrate the usefulness of the proposed approach, we use our formalization to analyze a summing integrator. Integration circuits are widely used in electronic circuits; they are often used for waveform transformation, amplifier offset voltage elimination, integral compensation in feedback control, and so on. In this section, we use the formalization above to verify a summing inverting integrator. Figure
The summing inverting circuit.
The relation between output and input voltage can be present as the following formula:
We assumed the integral constant
When
Formula ( SUMMING_INTEGRATOR:
The detailed formalization and proof are shown in Algorithm
val SUMMING_INTEGRATOR = store_thm(“SUMMING_INTEGRATOR”, “! RW_TAC std_ss SELECT_ELIM_TAC THEN CONJ_TAC THENL
ASM_SIMP_TAC arith_ss
RW_TAC std_ss MAP_EVERY EXISTS_TAC “( ASM_REWRITE_TAC CONJ_TAC THENL
RW_TAC std_ss SUBGOAL_THEN“cos 0 − cos
HO_MATCH_MP_TAC FTC1 THEN ASM_SIMP_TAC std_ss
In this proof, we employ the linear property of integral DINT_LINEAR to divide the integral of the addition of two functions into the addition of two integrals of the two functions; then we prove the two integrals, respectively. For instantiating the input variable val DIFF_NEG_COS = store_thm(“DIFF_NEG_COS”), “! GEN_TAC THEN SUBGOAL_THEN“ [REWRITE_TAC[REAL_NEGNEG],ALL_TAC] THEN ONCE_ASM_REWRITE_TAC MATCH_MP_TAC DIFF_NEG THEN REWRITE_TAC[DIFF_COS]).
In this paper, we presented a higher-order logic formalization of the gauge integral. The major properties of the gauge integral, including the linearity, boundedness, monotonicity, integration by parts, and Cauchy-type integrability criterion, were formalized and proven in HOL4, and then a formal proving of an inverting integrator was presented. The proposed integral theorem library has been accepted by HOL4 authority and will appear in HOL4 Kananaskis-9.
The authors thank Professor Jin Shengzhen and Dr. John Harrison for their helpful suggestions and thank Dr. Michael Norrish for reviewing their gauge integral theorem library. This work was supported by the International Cooperation Program on Science and Technology (2010DFB10930 and 2011DFG13000), the National Natural Science Foundation of China (60873006, 61070049, 61170304, and 61104035), the Natural Science Foundation of the City of Beijing (4122017), the S&R Key Program of the Beijing Municipal Education Commission (KZ201210028036), the Open Project Program of State Key Laboratory of Computer Architecture, and the Open Project Program of Guangxi Key Laboratory of Trusted Software.