Skill-Based Verification of Cyber-Physical Systems

Cyber-physical systems are ubiquitous nowadays. However, as automation increases, modeling and verifying them becomes increasingly difficult due to the inherently complex physical environment. Skill graphs are a means to model complex cyber-physical systems (e.g., vehicle automation systems) by distributing complex behaviors among skills with interfaces between them. We identified that skill graphs have a high potential to be amenable to scalable verification approaches in the early software development process. In this work, we suggest combining skill graphs with hybrid programs. Hybrid programs constitute a program notation for hybrid systems enabling the verification of cyber-physical systems. We provide the first formalization of skill graphs including a notion of compositionality and propose Skeditor, an integrated framework for modeling and verifying them. Skeditor is coupled with the theorem prover KeYmaera X, which is specialized in the verification of hybrid programs. In an experiment exhibiting the follow mode of a vehicle, we evaluate our skill-based methodology with respect to savings in verification effort and potential to find modeling defects at design time. Compared to non-compositional verification, the initial verification effort needed is reduced by more than 53%.

[1]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[2]  Don Batory,et al.  Scaling Step-Wise Refinement , 2004, IEEE Trans. Software Eng..

[3]  Gary T. Leavens,et al.  Behavioral interface specification languages , 2012, CSUR.

[4]  Jan Lunze,et al.  Handbook of hybrid systems control : theory, tools, applications , 2009 .

[5]  D. L. Parnas,et al.  On the criteria to be used in decomposing systems into modules , 1972, Software Pioneers.

[6]  Markus Maurer,et al.  Ability and skill graphs for system modeling, online monitoring, and decision support for vehicle guidance systems , 2015, 2015 IEEE Intelligent Vehicles Symposium (IV).

[7]  Bernhard Beckert,et al.  Deductive Software Verification – The KeY Book , 2016, Lecture Notes in Computer Science.

[8]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[9]  Rajeev Alur,et al.  Formal verification of hybrid systems , 2011, 2011 Proceedings of the Ninth ACM International Conference on Embedded Software (EMSOFT).

[10]  Oded Maler,et al.  Algorithmic Verification of Continuous and Hybrid Systems , 2014, INFINITY.

[11]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[12]  Diego Marmsoler,et al.  Formal methods in dependable systems engineering: a survey of professionals from Europe and North America , 2018, Empirical Software Engineering.

[13]  Ashutosh Trivedi,et al.  Hybrid Automata for Formal Modeling and Verification of Cyber-Physical Systems , 2013, ArXiv.

[14]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[15]  Thomas A. Henzinger,et al.  Hybrid systems III : verification and control , 1996 .

[16]  Andreas Reschka Fertigkeiten- und Fähigkeitengraphen als Grundlage des sicheren Betriebs von automatisierten Fahrzeugen im öffentlichen Straßenverkehr in städtischer Umgebung , 2017 .

[17]  Werner Retschitzegger,et al.  Tactical contract composition for hybrid system component verification , 2018, International Journal on Software Tools for Technology Transfer.

[18]  Markus Maurer,et al.  Towards a skill- and ability-based development process for self-aware automated road vehicles , 2017, 2017 IEEE 20th International Conference on Intelligent Transportation Systems (ITSC).

[19]  Paulo Tabuada,et al.  Verification and Control of Hybrid Systems , 2009 .

[20]  Stanley M. Sutton,et al.  N degrees of separation: multi-dimensional separation of concerns , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[21]  Michael D. Ernst,et al.  An overview of JML tools and applications , 2003, International Journal on Software Tools for Technology Transfer.

[22]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[23]  T. Henzinger The theory of hybrid automata , 1996, LICS 1996.

[24]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..

[25]  Michel A. Reniers,et al.  Hybrid process algebra , 2005, J. Log. Algebraic Methods Program..

[26]  Susanne Ernst,et al.  Towards a Functional System Architecture for Automated Vehicles , 2017, ArXiv.

[27]  André Platzer,et al.  The Complete Proof Theory of Hybrid Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[28]  K. Rustan M. Leino,et al.  Specification and verification , 2011, Commun. ACM.

[29]  Johann Schumann,et al.  Automated Theorem Proving in Software Engineering , 2001, Springer Berlin Heidelberg.

[30]  Manfred Broy Yesterday, Today, and Tomorrow: 50 Years of Software Engineering , 2018, IEEE Software.

[31]  Simon Foster,et al.  New Opportunities for Integrated Formal Methods , 2018, ACM Comput. Surv..

[32]  Anil Nerode,et al.  Models for Hybrid Systems: Automata, Topologies, Controllability, Observability , 1992, Hybrid Systems.

[33]  Carlos José Pereira de Lucena,et al.  Separation of Concerns in Multi-agent Systems: An Empirical Study , 2003, SELMAS.

[34]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[35]  Thomas A. Henzinger,et al.  Hybrid Systems III , 1995, Lecture Notes in Computer Science.

[36]  Paulo Tabuada,et al.  Verification and Control of Hybrid Systems - A Symbolic Approach , 2009 .