Hybrid systems are models for complex physical systems and are defined as dynamical systems with interacting discrete transitions and continuous evolutions along differential equations. With the goal of developing a theoretical and practical foundation for deductive verification of hybrid systems, we introduce differential dynamic logic as a new logic with which correctness properties of hybrid systems with parameterized system dynamics can be specified and verified naturally. As a verification technique that is suitable for automation, we introduce a free variable proof calculus with a novel combination of real-valued free variables and Skolemisation for lifting quantifier elimination for real arithmetic to dynamic logic. The calculus is compositional, i.e., it reduces properties of hybrid systems successively to properties of their parts. Our main result proves that this calculus axiomatises the transition behaviour of hybrid systems completely relative to differential equations.
Systematically, we develop automated theorem proving techniques for our calculus and present proof procedures to tackle the complexities of integrating decision procedures for real arithmetic. For our logic, we further complement discrete induction with differential induction as a new continuous generalization of induction, with which hybrid systems can be verified by exploiting their differential constraints algebraically without having to solve them. Finally, we develop a fixedpoint algorithm for computing the differential invariants required for differential induction, and we introduce a differential saturation procedure that refines the system dynamics successively with differential invariants until correctness becomes provable. As a systematic combination of logic-based techniques, we obtain a sound verification procedure that is particularly suitable for parametric hybrid systems.
We demonstrate our approch by verifying safety, controllability, liveness, and collision avoidance properties in case studies ranging from train control applications in the European Train Control System to air traffic control, where we prove collision avoidance in aircraft roundabout maneuvers.
[1]
Bernhard Beckert,et al.
Dynamic logic with non-rigid functions a basis for object-oriented program verification
,
2006
.
[2]
André Platzer,et al.
Towards a Hybrid Dynamic Logic for Hybrid Dynamic Systems
,
2007,
HyLo@FLoC.
[3]
Edmund M. Clarke,et al.
Computing differential invariants of hybrid systems as fixedpoints
,
2008,
Formal Methods Syst. Des..
[4]
André Platzer,et al.
Differential Dynamic Logic for Hybrid Systems
,
2008,
Journal of Automated Reasoning.
[5]
Alberto Bemporad,et al.
Hybrid systems : computation and control : 10th International Conference, HSCC 2007, Pisa, Italy, April 3-5, 2007 : proceedings
,
2007
.
[6]
Edmund M. Clarke,et al.
The Image Computation Problem in Hybrid Systems Model Checking
,
2007,
HSCC.
[7]
André Platzer,et al.
Logical Verification and Systematic Parametric Analysis in Train Control
,
2008,
HSCC.
[8]
André Platzer,et al.
Combining Deduction and Algebraic Constraints for Hybrid System Analysis
,
2007,
VERIFY.
[9]
André Platzer,et al.
Differential Dynamic Logic for Verifying Parametric Hybrid Systems
,
2007,
TABLEAUX.
[10]
Ernst-Rüdiger Olderog,et al.
Automating Verification of Cooperation, Control, and Design in Traffic Applications
,
2007,
Formal Methods and Hybrid Real-Time Systems.
[11]
André Platzer,et al.
SAT-based Abstraction Refinement for Real-time Systems
,
2007,
FACS.
[12]
André Platzer,et al.
Differential-algebraic Dynamic Logic for Differential-algebraic Programs
,
2010,
J. Log. Comput..
[13]
André Platzer,et al.
A Temporal Dynamic Logic for Verifying Hybrid System Invariants
,
2007,
LFCS.
[14]
André Platzer.
Automated Theorem Proving for Hybrid Systems
,
2010
.
[15]
André Platzer,et al.
Differential Logic for Reasoning About Hybrid Systems
,
2007,
HSCC.