A Control Flow Graph Based Approach to Make the Verification of Cyber-Physical Systems Using KeYmaera Easier

KeYmaera is an interactive theorem prover and is used to verify safety properties of cyber-physical systems (CPSs). It implements a Dynamic Logic for Hybrid Programs (HPs), while a HP models a CPS very precisely. Verifying properties of a given system in KeYmaera can become a challenge for a user since the proof is authored in a classical sequent calculus framework and a successful proof requires from the user intimate knowledge of the available calculus rules. Another barrier for widespread application of KeYmaera is the purely textual representation of current proof goals, what requires from the user very good training, experience, and patience. In this paper, we present an alternative verification approach based on KeYmaera, which drastically improves usability and minimizes user interaction. The main idea is to let the user annotate invariants and contracts to states of the hybrid automaton. Thus, the user can employ the graphical representation of the modelled system and is not bound to the purely textual form of hybrid programs as in KeYmaera. Based on the user-provided contracts, one can generate proof obligations, which are much simpler than the original proof goal in KeYmaera. The article is published in the authors’ wording.

CPS, KeYmaera, proof contracts, verification, hybrid systems, usability, interactive provers

1. Baudin P. et al., ACSL: ANSI/ISO C Specification Language. Version 1.12, https:// frama-c.com/download/acsl_1.12.pdf.

2. Spin: Promela reference. float - floating point numbers, http://spinroot.com/spin/Man/ float.html.

3. Alur R. et al., \Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems", Hybrid Systems, Lecture Notes in Computer Science, 736, 1993, 209-229, https://doi.org/10.1007/3-540-57318-6_30.

4. Behrmann G. et al., "A tutorial on uppaal", Formal methods for the design of real-time systems, Springer, 2004, 200-236.

5. Booch G. et al., The unified modeling language user guide - covers UML 2.0, Second Edition, Addison Wesley object technology series, Addison-Wesley, 2005.

6. David A. et al., "Uppaal SMC tutorial", International Journal on Software Tools for Technology Transfer, 17:4 (2015), 397-415.

7. Floyd R.W., "Assigning Meanings to Programs", Proceedings of Symposium on Applied Mathematics, 19 (1967), 19-32.

8. Hybrid Systems, Lecture Notes in Computer Science, 736, ed. Robert L. Grossman et al., 1993.

9. Henzinger Thomas A., "The Theory of Hybrid Automata", Proceedings 11th Annual IEEE Symposium on Logic in Computer Science, 1996, 278-292.

10. Kirchner F. et al., "Frama-C: A software analysis perspective", Formal Aspects of Computing, 27:3 (2015), 573-609.

11. Nuzzo P. et al., "A platform-based design methodology with contracts and related tools for the design of cyber-physical systems", Proceedings of the IEEE, 103:11 (2015), 2104-2132.

12. Platzer A., Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics, Springer, Heidelberg, 2010.

13. Platzer A., "Logic and Compositional Verification of Hybrid Systems (Invited Tutorial)", Computer Aided Verification, 23rd International Conference, Lecture Notes in Computer Science, 6806, 2011, 28-43.

14. Quesel J.-D. et al., "How to Model and Prove Hybrid Systemswith KeYmaera:A Tutorial on Safety", STTT, 18:1 (2016), 67-91.

15. Rümmer Ph., Princess Homepage, http://www.philipp.ruemmer.org/princess.shtml.