Differential Refinement Logic*

We introduce differential refinement logic (dRℒ), a logic with first-class support for refinement relations on hybrid systems, and a proof calculus for verifying such relations. dRℒ simultaneously solves several seemingly different challenges common in theorem proving for hybrid systems: 1. When hybrid systems are complicated, it is useful to prove properties about simpler and related sub-systems before tackling the system as a whole. 2. Some models of hybrid systems can be implementation-specific. Verification can be aided by abstracting the system down to the core components necessary for safety, but only if the relations between the abstraction and the original system can be guaranteed. 3. One approach to taming the complexities of hybrid systems is to start with a simplified version of the system and iteratively expand it. However, this approach can be costly, since every iteration has to be proved safe from scratch, unless refinement relations can be leveraged in the proof. 4. When proofs become large, it is di cult to maintain a modular or comprehensible proof structure. By using a refinement relation to arrange proofs hierarchically according to the structure of natural subsystems, we can increase the readability and modularity of the resulting proof. dRℒ extends an existing specification and verification language for hybrid systems (differential dynamic logic, dℒ) by adding a refinement relation to directly compare hybrid systems. This paper gives a syntax, semantics, and proof calculus for dRℒ. We demonstrate its usefulness with examples where using refinement results in easier and better-structured proofs.

[1]  W. Marsden I and J , 2012 .

[2]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[3]  Georg Struth,et al.  Kleene Modules , 2003, RelMiCS.

[4]  Taylor T. Johnson,et al.  Parametrized Verification of Distributed Cyber-Physical Systems: An Aircraft Landing Protocol Case Study , 2012, 2012 IEEE/ACM Third International Conference on Cyber-Physical Systems.

[5]  Randolph W. Hall,et al.  The Automated Highway System/Street Interface: Final Report , 2003 .

[6]  Bruce H. Krogh,et al.  Using theorem provers to guarantee closed-loop system properties , 2012, 2012 American Control Conference (ACC).

[7]  Peter Kazanzides,et al.  Certifying the safe design of a virtual fixture control algorithm for a surgical robot , 2013, HSCC '13.

[8]  Insup Lee,et al.  A Study on Run Time Assurance for Complex Cyber Physical Systems , 2013 .

[9]  Dexter Kozen,et al.  NetKAT - A Formal System for the Verification of Networks , 2014, APLAS.

[10]  Antonio Bicchi,et al.  On optimal cooperative conflict resolution for air traffic management systems , 2000, IEEE Trans. Intell. Transp. Syst..

[11]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[12]  Hermann Kopetz,et al.  Event-Triggered Versus Time-Triggered Real-Time Systems , 1991, Operating Systems of the 90s and Beyond.

[13]  André Platzer,et al.  Differential Dynamic Logic for Verifying Parametric Hybrid Systems , 2007, TABLEAUX.

[14]  Maria Domenica Di Benedetto,et al.  Approximations of maximal controlled safe sets for hybrid systems , 2003 .

[15]  Elias B. Kosmatopoulos,et al.  Collision avoidance analysis for lane changing and merging , 1999, IEEE Trans. Veh. Technol..

[16]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[17]  Calin Belta,et al.  Proceedings of the 16th international conference on Hybrid systems: computation and control , 2013 .

[18]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[19]  Randolph W. Hall,et al.  Vehicle Sorting for Platoon Formation: Impacts on Highway Entry and Throughput , 2005 .

[20]  Andrew G. Lamperski,et al.  Periodically Controlled Hybrid Systems Verifying A Controller for An Autonomous Vehicle , 2008 .

[21]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[22]  César A. Muñoz,et al.  Formal Verification of an Optimal Air Traffic Conflict Resolution and Recovery Algorithm , 2007, WoLLIC.

[23]  George J. Pappas,et al.  2 1/2 D conflict resolution maneuvers for ATMS , 1998, Proceedings of the 37th IEEE Conference on Decision and Control (Cat. No.98CH36171).

[24]  Ajinkya Bhave,et al.  Using parameters in architectural views to support heterogeneous design and verification , 2011, IEEE Conference on Decision and Control and European Control Conference.

[25]  Michael J. Butler,et al.  Modelling and Refining Hybrid Systems in Event-B and Rodin , 2016, From Action Systems to Distributed Systems.

[26]  Maria Domenica Di Benedetto,et al.  Nonlinear and Hybrid Systems in Automotive Control , 2002 .

[27]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[28]  Fabian Scheler,et al.  Time-Triggered vs. Event-Triggered: A matter of configuration? , 2006 .

[29]  Rajesh Subramanian,et al.  CICAS-V research on comprehensive costs of intersection crashes , 2007 .

[30]  Antoine Girard,et al.  Approximate Bisimulation: A Bridge Between Computer Science and Control Theory , 2011, Eur. J. Control.

[31]  Richard Banach,et al.  Continuous KAOS, ASM, and formal control system design across the continuous/discrete modeling interface: a simple train stopping application , 2012, Formal Aspects of Computing.

[32]  Antoine Girard,et al.  Approximate Simulation Relations for Hybrid Systems , 2008, Discret. Event Dyn. Syst..

[33]  André Platzer,et al.  Efficiency analysis of formally verified adaptive cruise controllers , 2013, 16th International IEEE Conference on Intelligent Transportation Systems (ITSC 2013).

[34]  André Platzer,et al.  Refactoring, Refinement, and Reasoning - A Logical Characterization for Hybrid Systems , 2014, FM.

[35]  Hardi Hungar,et al.  On the Verification of Cooperating Traffic Agents , 2003, FMCO.

[36]  Don Roberts,et al.  Refactoring , 2015, IEEE Softw..

[37]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[38]  S. Shankar Sastry,et al.  Conflict resolution for air traffic management: a study in multiagent hybrid systems , 1998, IEEE Trans. Autom. Control..

[39]  Rajeev Alur,et al.  Formal verification of hybrid systems , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[40]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[41]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[42]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[43]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[44]  Dexter Kozen,et al.  Kleene algebra with tests , 1997, TOPL.

[45]  Alexandra Silva,et al.  A Coalgebraic Decision Procedure for NetKAT , 2015, POPL.

[46]  Steven E Shladover,et al.  Effects of Traffic Density on Communication Requirements for Cooperative Intersection Collision Avoidance Systems (CICAS) , 2005 .

[47]  Georg Struth,et al.  Kleene algebra with domain , 2003, TOCL.

[48]  Joakim von Wright,et al.  Towards a refinement algebra , 2004, Sci. Comput. Program..

[49]  Nancy A. Lynch,et al.  Proving Safety Properties of an Aircraft Landing Protocol Using I/O Automata and the PVS Theorem Prover: A Case Study , 2006, FM.

[50]  Nancy A. Lynch,et al.  Safety Verification of an Aircraft Landing Protocol: A Refinement Approach , 2007, HSCC.

[51]  S. Shankar Sastry,et al.  Probabilistic safety analysis in three dimensional aircraft flight , 2003, 42nd IEEE International Conference on Decision and Control (IEEE Cat. No.03CH37475).

[52]  Thanh-Son Dao,et al.  Optimized Lane Assignment Using Inter-Vehicle Communication , 2007, 2007 IEEE Intelligent Vehicles Symposium.

[53]  Bruce M. McMillin,et al.  Automated Highway Systems , 2010 .

[54]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[55]  Matthias Althoff,et al.  Safety verification of autonomous vehicles for coordinated evasive maneuvers , 2010, 2010 IEEE Intelligent Vehicles Symposium.

[56]  Ralph-Johan Back,et al.  Refinement Calculus: A Systematic Introduction , 1998 .

[57]  André Platzer,et al.  Safe intersections: At the crossing of hybrid systems and verification , 2011, 2011 14th International IEEE Conference on Intelligent Transportation Systems (ITSC).

[58]  Chin-Woo Tan,et al.  An Efficient Lane Change Maneuver for Platoons of Vehicles in an Automated Highway System , 2003 .

[59]  Wolfgang Walter First Order Systems. Equations of Higher Order , 1998 .

[60]  Pravin Varaiya,et al.  Smart cars on smart roads: problems of control , 1991, IEEE Trans. Autom. Control..

[61]  Olaf Stursberg,et al.  Verification of a Cruise Control System using Counterexample-Guided Search , 2004 .

[62]  Inseok Hwang,et al.  Protocol-Based Conflict Resolution for Air Traffic Control , 2007 .

[63]  Gilles Dowek,et al.  Provably Safe Coordinated Strategy for Distributed Conflict Resolution , 2005 .

[64]  Masayoshi Tomizuka,et al.  Vehicle Lane Change Maneuver In Automated Highway Systems , 1994 .

[65]  Insup Lee,et al.  Compositional modeling and refinement for hierarchical hybrid systems , 2006, J. Log. Algebraic Methods Program..

[66]  Antonio Bicchi,et al.  Decentralized Cooperative Policy for Conflict Resolution in Multivehicle Systems , 2007, IEEE Transactions on Robotics.

[67]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[68]  Thai Son Hoang,et al.  Rodin: an open toolset for modelling and reasoning in Event-B , 2010, International Journal on Software Tools for Technology Transfer.

[69]  C.M. Clark,et al.  Distributed platoon assignment and lane selection for traffic flow optimization , 2008, 2008 IEEE Intelligent Vehicles Symposium.

[70]  Sonia R. Sachs,et al.  Design Of Platoon Maneuver Protocols For IVHS , 1991 .

[71]  Jeffrey D. Smith,et al.  Design and Analysis of Algorithms , 2009, Lecture Notes in Computer Science.