Tactical contract composition for hybrid system component verification

We present an approach for hybrid systems that combines the advantages of component-based modeling (e.g., reduced model complexity) with the advantages of formal verification (e.g., guaranteed contract compliance). Component-based modeling can be used to split large models into multiple component models with local responsibilities to reduce modeling complexity. Yet, this only helps the analysis if verification proceeds one component at a time. In order to benefit from the decomposition of a system into components for both modeling and verification purposes, we prove that the safety of compatible components implies safety of the composed system. We implement our composition theorem as a tactic in the KeYmaera X theorem prover, allowing automatic generation of a KeYmaera X proof for the composite system from proofs for the components without soundness-critical changes to KeYmaera X. Our approach supports component contracts (i.e., input assumptions and output guarantees for each component) that characterize the magnitude and rate of change of values exchanged between components. These contracts can take into account what has changed between two components in a given amount of time since the last exchange of information.

[1]  Amy P. Felty,et al.  Automated Deduction - CADE-25 , 2015, Lecture Notes in Computer Science.

[2]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[3]  Amir Pnueli,et al.  Towards Component Based Design of Hybrid Systems: Safety and Stability , 2010, Essays in Memory of Amir Pnueli.

[4]  Roberto Passerone,et al.  Multiple Viewpoint Contract-Based Specification and Design , 2008, FMCO.

[5]  Lacramioara Astefanoaei,et al.  A Compositional Approach to the Verification of Hybrid Systems , 2016, Theory and Practice of Formal Methods.

[6]  Peter Jonsson,et al.  Essential Convexity and Complexity of Semi-Algebraic Constraints , 2012, Log. Methods Comput. Sci..

[7]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[8]  Davide Bresolin,et al.  Assume–guarantee verification of nonlinear hybrid systems with Ariadne , 2014 .

[9]  André Platzer,et al.  The Complete Proof Theory of Hybrid Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[10]  André Platzer,et al.  Differential Refinement Logic* , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[11]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[12]  Xu Xin,et al.  Verification of Hybrid Chi Model for Cyber-physical Systems Using PHAVer , 2013, 2013 Seventh International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[13]  Joseph Sifakis,et al.  Composition for component-based modeling , 2005, Sci. Comput. Program..

[14]  Joseph Sifakis,et al.  On the Composition of Hybrid Systems , 1998, HSCC.

[15]  Thomas A. Henzinger,et al.  Assume-Guarantee Reasoning for Hierarchical Hybrid Systems , 2001, HSCC.

[16]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[17]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[18]  André Platzer,et al.  Formal verification of obstacle avoidance and navigation of ground robots , 2016, Int. J. Robotics Res..

[19]  André Platzer,et al.  Verified Traffic Networks: Component-Based Verification of Cyber-Physical Flow Systems , 2015, 2015 IEEE 18th International Conference on Intelligent Transportation Systems.

[20]  Werner Retschitzegger,et al.  Change and Delay Contracts for Hybrid System Component Verification , 2017, FASE.

[21]  Werner Retschitzegger,et al.  A Benchmark for Component-based Hybrid Systems Safety Verification , 2017, ARCH@CPSWeek.

[22]  Werner Retschitzegger,et al.  A Component-Based Approach to Hybrid Systems Safety Verification , 2016, IFM.

[23]  Davide Bresolin,et al.  Application of contract-based verification techniques for hybrid automata to surgical robotic systems , 2014, 2014 European Control Conference (ECC).

[24]  Nancy A. Lynch,et al.  Hybrid I/O automata , 1995, Inf. Comput..

[25]  Michel A. Reniers,et al.  Hybrid process algebra , 2005, J. Log. Algebraic Methods Program..

[26]  G. Frehse,et al.  Assume-guarantee reasoning for hybrid I/O-automata by over-approximation of continuous interaction , 2004, 2004 43rd IEEE Conference on Decision and Control (CDC) (IEEE Cat. No.04CH37601).

[27]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[28]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[29]  Joseph Sifakis,et al.  Composition for component-based modeling , 2002, Sci. Comput. Program..

[30]  Ka Lok Man,et al.  Formal Semantics of Hybrid Chi , 2003, FORMATS.

[31]  André Platzer,et al.  A Complete Axiomatization of Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2012, Log. Methods Comput. Sci..

[32]  Antoine Girard,et al.  Approximation Metrics for Discrete and Continuous Systems , 2006, IEEE Transactions on Automatic Control.

[33]  Hosung Song,et al.  SPHIN: A model checker for reconfigurable hybrid systems based on SPIN , 2006, Electron. Notes Theor. Comput. Sci..

[34]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[35]  André Platzer,et al.  The Structure of Differential Invariants and Differential Cut Elimination , 2011, Log. Methods Comput. Sci..

[36]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[37]  Hosung Song,et al.  The Phi-Calculus: A Language for Distributed Control of Reconfigurable Embedded Systems , 2003, HSCC.

[38]  Ka Lok Man,et al.  Case Studies in The Hybrid Process Algebra Hypa , 2005, Int. J. Softw. Eng. Knowl. Eng..

[39]  André Platzer,et al.  Differential Equation Axiomatization: The Impressive Power of Differential Ghosts , 2018, LICS.

[40]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[41]  Jean-Pierre Talpin,et al.  Compositional Proofs in Differential Dynamic Logic dL , 2017, 2017 17th International Conference on Application of Concurrency to System Design (ACSD).

[42]  Bradley R. Schmerl,et al.  Architectural abstractions for hybrid programs , 2015, 2015 18th International ACM SIGSOFT Symposium on Component-Based Software Engineering (CBSE).

[43]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[44]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[45]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.