Using theorem provers to guarantee closed-loop system properties

This paper presents a new approach for leveraging the power of theorem provers for formal verification to provide sufficient conditions that can be checked on embedded control designs. Theorem provers are often most efficient when using generic models that abstract away many of the controller details, but with these abstract models very general conditions can be verified under which desirable properties such as safety can be guaranteed for the closed-loop system. We propose an approach in which these sufficient conditions are static conditions that can be checked for the specific controller design, without having to include the dynamics of the plant. We demonstrate this approach using the KeYmaera theorem prover for differential dynamic logic for two examples: an intelligent cruise controller and a cooperative intersection collision avoidance system (CICAS) for left-turn assist. In each case, safety of the closed-loop system proved using KeYmaera provides static sufficient conditions that are checked for the controller design.

[1]  Egon Börger,et al.  Formal methods for industrial applications : specifying and programming the steam boiler control , 1996 .

[2]  Howard Falk,et al.  Formal Verification of Timed Systems: A Survey and Perspective , 2004, Proc. IEEE.

[3]  Joël Ouaknine,et al.  Abstraction and Counterexample-Guided Refinement in Model Checking of Hybrid Systems , 2003, Int. J. Found. Comput. Sci..

[4]  Mark R. Greenstreet,et al.  Formal verification in hardware design: a survey , 1999, TODE.

[5]  Stefan Ratschan,et al.  Safety Verification of Hybrid Systems by Constraint Propagation Based Abstraction Refinement , 2005, HSCC.

[6]  Christoph Grimm,et al.  Refinement of Hybrid Systems , 2004 .

[7]  Egon Börger,et al.  Formal Methods for Industrial Applications , 1996, Lecture Notes in Computer Science.

[8]  Sofiène Tahar,et al.  Formal verification of analog and mixed signal designs: A survey , 2008, Microelectron. J..

[9]  Jean-Raymond Abrial,et al.  The B-book - assigning programs to meanings , 1996 .

[10]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[11]  Goran Frehse PHAVer: Algorithmic Verification of Hybrid Systems Past HyTech , 2005, HSCC.

[12]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[13]  Insup Lee,et al.  Compositional Refinement for Hierarchical Hybrid Systems , 2001, HSCC.

[14]  James A Misener Cooperative Intersection Collision Avoidance System (CICAS): Signalized Left Turn Assist and Traffic Signal Adaptation , 2010 .

[15]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[16]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[17]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[18]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.