Proving autonomous vehicle and advanced driver assistance systems safety : final research report.

The main objective of this project was to provide technology for answering crucial safety and correctness questions about verification of autonomous vehicle and advanced driver assistance systems based on logic. In synergistic activities, we have significantly improved tooling for cyberphysical systems (CPS) verification, including the development of the completely new theorem prover KeYmaera X [7] based on a uniform substitution calculus for differential dynamic logic. This project saw a substantial advance in the foundation of proof certificates by developing the logic of proof for differential dynamic logic (LPdL) [8] as a foundation for CPS safety certificates. This report briefly explains the key benefits of KeYmaera X over existing systems that are relevant for the goals of this project and discusses the advances that LPdL bring in detail. LPdL answers the key question of safety evidence for autonomous vehicles and driver assistance safety technology or other cyber-physical systems: What counts as undeniable mathematical evidence in support of a safety claim for an autonomous vehicle or advanced safetycritical driver assistance technology? Without any doubt mathematical evidence for safety claims of these systems will differ from classical mathematical evidence, because the safety argument somehow has to take both the relevant features of the computer control into account together with an analysis of its impact on the motion of the vehicle. Such safety evidence is inherently about dynamics not about static situations. LPdL gives first-class access to safety properties and their safety certificates as proof terms. It extends both the syntax and semantics of differential dynamic logic (dL), the logic for hybrid system models of cyberphysical systems, with proof terms as syntactic representations of logical deductions that serve as theoretically well-founded evidence or certificates for the truth of the safety claim they prove. To support axiomatic theorem proving, the logic allows equivalence rewriting deep within formulas and supports both uniform renaming and uniform substitutions. In addition

[1]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[2]  Sergei N. Artemovy Operational Modal Logic , 1995 .

[3]  André Platzer,et al.  Differential Game Logic , 2014, ACM Trans. Comput. Log..

[4]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[5]  Karl Crary,et al.  Towards a mechanized metatheory of standard ML , 2007, POPL '07.

[6]  André Platzer,et al.  A Uniform Substitution Calculus for Differential Dynamic Logic , 2015, CADE.

[7]  Melvin Fitting,et al.  The logic of proofs, semantically , 2005, Ann. Pure Appl. Log..

[8]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[9]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[10]  André Platzer,et al.  European Train Control System: A Case Study in Formal Verification , 2009, ICFEM.

[11]  Jean-Baptiste Jeannin,et al.  A Formally Verified Hybrid System for the Next-Generation Airborne Collision Avoidance System , 2015, TACAS.

[12]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[13]  Nathan Fulton,et al.  KeYmaera X: An Axiomatic Tactical Theorem Prover for Hybrid Systems , 2015, CADE.

[14]  Edmund M. Clarke,et al.  Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study , 2009, FM.

[15]  Jeremy Avigad,et al.  The Lean Theorem Prover (System Description) , 2015, CADE.

[16]  Bruno Woltzenlogel Paleo,et al.  Contextual Natural Deduction , 2013, LFCS.

[17]  Nathan Fulton,et al.  A logic of proofs for differential dynamic logic: toward independently checkable proof certificates for dynamic logics , 2016, CPP.

[18]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[19]  André Platzer,et al.  Formal verification of distributed aircraft controllers , 2013, HSCC '13.

[20]  V. Svejdar On provability logic , 1999 .

[21]  Brigitte Pientka,et al.  Beluga: A Framework for Programming and Reasoning with Deductive Systems (System Description) , 2010, IJCAR.

[22]  Tobias Nipkow,et al.  A Proof Assistant for Higher-Order Logic , 2002 .

[23]  André Platzer,et al.  Logics of Dynamical Systems , 2012, 2012 27th Annual IEEE Symposium on Logic in Computer Science.

[24]  André Platzer,et al.  How to model and prove hybrid systems with KeYmaera: a tutorial on safety , 2015, International Journal on Software Tools for Technology Transfer.

[25]  Thomas A. Henzinger,et al.  Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems , 1992, Hybrid Systems.

[26]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[27]  Nicola Olivetti,et al.  Nested Sequent Calculi for Conditional Logics , 2012, JELIA.

[28]  I. Antipolis,et al.  Programming and certifying the CAD algorithm inside the Coq system , 2006 .

[29]  John Harrison,et al.  HOL Light: A Tutorial Introduction , 1996, FMCAD.

[30]  André Platzer,et al.  Differential Dynamic Logic for Verifying Parametric Hybrid Systems , 2007, TABLEAUX.

[31]  André Platzer,et al.  Real World Verification , 2009, CADE.