A Component-Based Hybrid Systems Verification and Implementation Tool in KeYmaera X (Tool Demonstration)

Safety-critical cyber-physical systems (CPS) should be analyzed using formal verification techniques in order to gain insight into and obtain rigorous safety guarantees about their behavior. For practical purposes, methods are needed to split modeling and verification effort into manageable pieces and link formal artifacts and techniques with implementation. In this paper we present a tool chain that supports component-based modeling and verification of CPS, generation of monitors, and systematic (but unverified) translation of models and monitors into executable code. A running example demonstrates how to model a system in a component-based fashion in differential dynamic logic (dL), how to represent and structure these models in the syntax of the hybrid systems theorem prover KeYmaera X (which implements dL), and how to prove properties in KeYmaera X. The verified components are the source for translation into executable C code, which can be run on controlled components (e.g., a robot). Additionally, we demonstrate how to generate monitors that validate the behavior of uncontrolled components (e.g., validate the assumptions made about obstacles).

[1]  Edward A. Lee,et al.  Taming heterogeneity - the Ptolemy approach , 2003, Proc. IEEE.

[2]  André Platzer,et al.  Differential Refinement Logic* , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[3]  André Platzer,et al.  Formally verified differential dynamic logic , 2017, CPP.

[4]  Gabor Karsai,et al.  Component-based modeling of dynamic systems using heterogeneous composition , 2012, MPM '12.

[5]  André Platzer,et al.  The KeYmaera X Proof IDE - Concepts on Usability in Hybrid Systems Theorem Proving , 2017, F-IDE@FM.

[6]  André Platzer,et al.  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[7]  André Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2014, Formal Methods in System Design.

[8]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[9]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[10]  Sergiy Bogomolov,et al.  Hybrid automata: from verification to implementation , 2017, International Journal on Software Tools for Technology Transfer.

[11]  Werner Retschitzegger,et al.  Tactical contract composition for hybrid system component verification , 2018, International Journal on Software Tools for Technology Transfer.

[12]  A. Platzer,et al.  ModelPlex: verified runtime validation of verified cyber-physical system models , 2016, Formal Methods Syst. Des..

[13]  Yu Jiang,et al.  Verifying Simulink Stateflow model: Timed automata approach , 2016, 2016 31st IEEE/ACM International Conference on Automated Software Engineering (ASE).

[14]  André Platzer,et al.  Logical Foundations of Cyber-Physical Systems , 2018, Springer International Publishing.

[15]  Gabor Karsai,et al.  Semantic Translation of Simulink/Stateflow Models to Hybrid Automata Using Graph Transformations , 2004, GT-VMT@ETAPS.

[16]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[17]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[18]  Nathan Fulton,et al.  Bellerophon: Tactical Theorem Proving for Hybrid Systems , 2017, ITP.

[19]  Peter Fritzson,et al.  Modelica - A Unified Object-Oriented Language for System Modelling and Simulation , 1998, ECOOP.