Distributed Theorem Proving for Distributed Hybrid Systems

Distributed hybrid systems present extraordinarily challenging problems for verification. On top of the notorious difficulties associated with distributed systems, they also exhibit continuous dynamics described by quantified differential equations. All serious proofs rely on decision procedures for real arithmetic, which can be extremely expensive. Quantified Differential Dynamic Logic (QdL) has been identified as a promising approach for getting a handle in this domain. QdL has been proved to be complete relative to quantified differential equations. But important questions remain as to how best to translate this theoretical result into practice: how do we succinctly specify a proof search strategy, and how do we control the computational cost? We address the problem of automated theorem proving for distributed hybrid systems. We identify a simple mode of use of QdL that cuts down on the enormous number of choices that it otherwise allows during proof search. We have designed a powerful strategy and tactics language for directing proof search. With these techniques, we have implemented a new automated theorem prover called KeYmaeraD. To overcome the high computational complexity of distributed hybrid systems verification, KeYmaeraD uses a distributed proving backend. We have experimentally observed that calls to the real arithmetic decision procedure can effectively be made in parallel. In this paper, we demonstrate these findings through an extended case study where we prove absence of collisions in a distributed car control system with a varying number of arbitrarily many cars.

[1]  Joao P. Hespanha,et al.  Hybrid systems : computation and control : 9th International Workshop, HSCC 2006, Santa Barbara, CA, USA, March 29-31, 2006 : proceedings , 2006 .

[2]  Masayoshi Tomizuka,et al.  Vehicle Lane Change Maneuver In Automated Highway Systems , 1994 .

[3]  André Platzer,et al.  Quantified Differential Dynamic Logic for Distributed Hybrid Systems , 2010, CSL.

[4]  Elias B. Kosmatopoulos,et al.  Collision avoidance analysis for lane changing and merging , 1999, IEEE Trans. Veh. Technol..

[5]  Thomas A. Henzinger,et al.  Hybrid Systems: Computation and Control , 1998, Lecture Notes in Computer Science.

[6]  Markus Wenzel,et al.  Efficient parallel programming in Poly/ML and Isabelle/ML , 2010, DAMP '10.

[7]  Thanh-Son Dao,et al.  Optimized Lane Assignment Using Inter-Vehicle Communication , 2007, 2007 IEEE Intelligent Vehicles Symposium.

[8]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[9]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[10]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[11]  Insup Lee,et al.  R-Charon, a Modeling Language for Reconfigurable Hybrid Systems , 2006, HSCC.

[12]  Olaf Stursberg,et al.  Verification of a Cruise Control System using Counterexample-Guided Search , 2004 .

[13]  Alex K. Simpson,et al.  Computational Adequacy in an Elementary Topos , 1998, CSL.

[14]  Goran Frehse PHAVer: Algorithmic Verification of Hybrid Systems Past HyTech , 2005, HSCC.

[15]  Rajesh Subramanian,et al.  CICAS-V research on comprehensive costs of intersection crashes , 2007 .

[16]  André Platzer,et al.  Differential-algebraic Dynamic Logic for Differential-algebraic Programs , 2010, J. Log. Comput..

[17]  Larry Wos,et al.  What Is Automated Reasoning? , 1987, J. Autom. Reason..

[18]  Matthias Althoff,et al.  Safety verification of autonomous vehicles for coordinated evasive maneuvers , 2010, 2010 IEEE Intelligent Vehicles Symposium.

[19]  Wolfram Schulte,et al.  FM 2011: Formal Methods - 17th International Symposium on Formal Methods, Limerick, Ireland, June 20-24, 2011. Proceedings , 2011, FM.

[20]  Ka Lok Man,et al.  Syntax and consistent equation semantics of hybrid Chi , 2006, J. Log. Algebraic Methods Program..

[21]  Henny B. Sipma,et al.  Deductive Verification of Hybrid Systems Using STeP , 1998, HSCC.

[22]  André Platzer,et al.  KeYmaera: A Hybrid Theorem Prover for Hybrid Systems (System Description) , 2008, IJCAR.

[23]  André Platzer,et al.  Adaptive Cruise Control: Hybrid, Distributed, and Now Formally Verified , 2011, FM.

[24]  José Meseguer,et al.  Specification and Analysis of Distributed Object-Based Stochastic Hybrid Systems , 2006, HSCC.

[25]  André Platzer,et al.  Differential Dynamic Logic for Hybrid Systems , 2008, Journal of Automated Reasoning.

[26]  André Platzer,et al.  Quantified differential invariants , 2011, HSCC '11.

[27]  Randolph W. Hall,et al.  Vehicle Sorting for Platoon Formation: Impacts on Highway Entry and Throughput , 2005 .

[28]  Douglas James Howe Automating reasoning in an implementation of constructive type theory , 1988 .

[29]  Nancy A. Lynch,et al.  Strings of Vehicles: Modeling and Safety Conditions , 1998, HSCC.

[30]  Pravin Varaiya,et al.  SHIFT: A Formalism and a Programming Language for Dynamic Networks of Hybrid Automata , 1996, Hybrid Systems.

[31]  William C. Rounds,et al.  A Spatial Logic for the Hybrid p-Calculus , 2004, HSCC.

[32]  Lawrence C. Paulson,et al.  The foundation of a generic theorem prover , 1989, Journal of Automated Reasoning.

[33]  Hardi Hungar,et al.  Verification of cooperating traffic agents , 2006 .