Structured Proofs for Adversarial Cyber-Physical Systems

Many cyber-physical systems (CPS) are safety-critical, so it is important to formally verify them, e.g. in formal logics that show a model’s correctness specification always holds. Constructive Differential Game Logic (CdGL) is such a logic for (constructive) hybrid games, including hybrid systems. To overcome undecidability, the user first writes a proof, for which we present a proof-checking tool. We introduce Kaisar, the first language and tool for CdGL proofs, which until now could only be written by hand with a low-level proof calculus. Kaisar’s structured proofs simplify challenging CPS proof tasks, especially by using programming language principles and high-level stateful reasoning. Kaisar exploits CdGL’s constructivity and refinement relations to build proofs around models of game strategies. The evaluation reproduces and extends existing case studies on 1D and 2D driving. Proof metrics are compared and reported experiences are discussed for the original studies and their reproductions.

[1]  Thomas A. Henzinger,et al.  Rectangular Hybrid Games , 1999, CONCUR.

[2]  Sorin Lerner,et al.  Formal Verification of Stability Properties of Cyber-physical Systems , 2015 .

[3]  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[4]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[5]  André Platzer,et al.  A Complete Uniform Substitution Calculus for Differential Dynamic Logic , 2016, Journal of Automated Reasoning.

[6]  F. Pfenning,et al.  Thesis Proposal Practical End-to-End Verification of Cyber-Physical Systems , 2019 .

[7]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[8]  Stefan Mitsch,et al.  Pegasus: sound continuous invariant generation , 2020, ArXiv.

[9]  Makarius Wenzel Isabelle/Isar — a Generic Framework for Human-Readable Proof Documents , 2007 .

[10]  André Platzer,et al.  Differential Refinement Logic* , 2016, 2016 31st Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[11]  Adam Naumowicz,et al.  Mizar in a Nutshell , 2010, J. Formaliz. Reason..

[12]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[13]  B. F. Caviness,et al.  Quantifier Elimination and Cylindrical Algebraic Decomposition , 2004, Texts and Monographs in Symbolic Computation.

[14]  André Platzer Uniform Substitution At One Fell Swoop , 2019, CADE.

[15]  Cliff B. Jones,et al.  Systematic software development using VDM (2. ed.) , 1990, Prentice Hall International Series in Computer Science.

[16]  Georg Struth,et al.  Kleene Algebra with Tests and Demonic Refinement Algebras , 2014, Arch. Formal Proofs.

[17]  Ashish Tiwari,et al.  Switching logic synthesis for reachability , 2010, EMSOFT '10.

[18]  Nathan Fulton,et al.  Bellerophon: Tactical Theorem Proving for Hybrid Systems , 2017, ITP.

[19]  G. Malecha,et al.  Rtac: A Fully Reflective Tactic Language , 2014 .

[20]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[21]  David Delahaye,et al.  A Tactic Language for the System Coq , 2000, LPAR.

[22]  Antoine Girard,et al.  SpaceEx: Scalable Verification of Hybrid Systems , 2011, CAV.

[23]  Mark N. Wegman,et al.  Efficiently computing static single assignment form and the control dependence graph , 1991, TOPL.

[24]  André Platzer,et al.  VeriPhy: verified controller executables from verified cyber-physical system models , 2018, PLDI.

[25]  Lui Sha,et al.  The Simplex architecture for safe online control system upgrades , 1998, Proceedings of the 1998 American Control Conference. ACC (IEEE Cat. No.98CH36207).

[26]  Viktor Vafeiadis,et al.  Mtac: a monad for typed tactic programming in Coq , 2013, ICFP.

[27]  André Platzer,et al.  Logical Foundations of Cyber-Physical Systems , 2018, Springer International Publishing.

[28]  André Platzer,et al.  Formal verification of obstacle avoidance and navigation of ground robots , 2016, Int. J. Robotics Res..

[29]  Stefan Mitsch,et al.  A Formal Safety Net for Waypoint-Following in Ground Robots , 2019, IEEE Robotics and Automation Letters.

[30]  Valentin Goranko The Basic Algebra of Game Equivalences , 2003, Stud Logica.

[31]  J. Lygeros,et al.  A game theoretic approach to controller design for hybrid systems , 2000, Proceedings of the IEEE.

[32]  Yong Kiam Tan,et al.  Differential Equation Invariance Axiomatization , 2019, J. ACM.

[33]  Gopalan Nadathur,et al.  Uniform Proofs as a Foundation for Logic Programming , 1991, Ann. Pure Appl. Log..

[34]  Susan S. Owicki,et al.  Axiomatic Proof Techniques for Parallel Programs , 1975, Outstanding Dissertations in the Computer Sciences.

[35]  Xin Chen,et al.  Flow*: An Analyzer for Non-linear Hybrid Systems , 2013, CAV.

[36]  Sarah Grebing User Interaction in Deductive Interactive Program Verification , 2019 .

[37]  A. Tarski A Decision Method for Elementary Algebra and Geometry , 2023 .

[38]  Frank S. de Boer,et al.  Verification of Sequential and Concurrent Programs , 1997, Texts and Monographs in Computer Science.