Results 1  10
of
75
Computing differential invariants of hybrid systems as fixedpoints
, 2008
"... Abstract. We introduce a fixedpoint algorithm for verifying safety properties of hybrid systems with differential equations whose righthand sides are polynomials in the state variables. In order to verify nontrivial systems without solving their differential equations and without numerical errors, ..."
Abstract

Cited by 57 (20 self)
 Add to MetaCart
Abstract. We introduce a fixedpoint algorithm for verifying safety properties of hybrid systems with differential equations whose righthand sides are polynomials in the state variables. In order to verify nontrivial systems without solving their differential equations and without numerical errors, we use a continuous generalization of induction, for which our algorithm computes the required differential invariants. As a means for combining local differential invariants into global system invariants in a sound way, our fixedpoint algorithm works with a compositional verification logic for hybrid systems. To improve the verification power, we further introduce a saturation procedure that refines the system dynamics successively with differential invariants until safety becomes provable. By complementing our symbolic verification algorithm with a robust version of numerical falsification, we obtain a fast and sound verification procedure. We verify roundabout maneuvers in air traffic management and collision avoidance in train control.
KeYmaera: A hybrid theorem prover for hybrid systems
 IJCAR. VOLUME 5195 OF LNCS
, 2008
"... KeYmaera is a hybrid verification tool for hybrid systems that combines deductive, real algebraic, and computer algebraic prover technologies. It is an automated and interactive theorem prover for a natural specification and verification logic for hybrid systems. KeYmaera supports differential dyn ..."
Abstract

Cited by 55 (23 self)
 Add to MetaCart
(Show Context)
KeYmaera is a hybrid verification tool for hybrid systems that combines deductive, real algebraic, and computer algebraic prover technologies. It is an automated and interactive theorem prover for a natural specification and verification logic for hybrid systems. KeYmaera supports differential dynamic logic, which is a realvalued firstorder dynamic logic for hybrid programs, a program notation for hybrid automata. For automating the verification process, KeYmaera implements a generalized freevariable sequent calculus and automatic proof strategies that decompose the hybrid system specification symbolically. To overcome the complexity of real arithmetic, we integrate real quantifier elimination following an iterative background closure strategy. Our tool is particularly suitable for verifying parametric hybrid systems and has been used successfully for verifying collision avoidance in case studies from train control and air traffic management.
DifferentialAlgebraic Dynamic Logic for DifferentialAlgebraic Programs
"... Abstract. We generalise dynamic logic to a logic for differentialalgebraic programs, i.e., discrete programs augmented with firstorder differentialalgebraic formulas as continuous evolution constraints in addition to firstorder discrete jump formulas. These programs characterise interacting discr ..."
Abstract

Cited by 41 (27 self)
 Add to MetaCart
(Show Context)
Abstract. We generalise dynamic logic to a logic for differentialalgebraic programs, i.e., discrete programs augmented with firstorder differentialalgebraic formulas as continuous evolution constraints in addition to firstorder discrete jump formulas. These programs characterise interacting discrete and continuous dynamics of hybrid systems elegantly and uniformly. For our logic, we introduce a calculus over real arithmetic with discrete induction and a new differential induction with which differentialalgebraic programs can be verified by exploiting their differential constraints algebraically without having to solve them. We develop the theory of differential induction and differential refinement and analyse their deductive power. As a case study, we present parametric tangential roundabout maneuvers in air traffic control and prove collision avoidance in our calculus.
Formal verification of hybrid systems
, 2011
"... In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines th ..."
Abstract

Cited by 32 (0 self)
 Add to MetaCart
(Show Context)
In formal verification, a designer first constructs a model, with mathematically precise semantics, of the system under design, and performs extensive analysis with respect to correctness requirements. The appropriate mathematical model for embedded control systems is hybrid systems that combines the traditional statemachine based models for discrete control with classical differentialequations based models for continuously evolving physical activities. In this article, we briefly review selected existing approaches to formal verification of hybrid systems, along with directions for future research.
Formal Verification of Curved Flight Collision Avoidance Maneuvers: A Case Study
, 2009
"... under contracts no. 2008TJ1860, and by the Air Force (University of Vanderbilt) under contract no. 18727S3. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of any sponsoring ..."
Abstract

Cited by 29 (13 self)
 Add to MetaCart
(Show Context)
under contracts no. 2008TJ1860, and by the Air Force (University of Vanderbilt) under contract no. 18727S3. The views and conclusions contained in this document are those of the author and should not be interpreted as representing the official policies, either expressed or implied, of any sponsoring institution or government. Keywords: formal verification of hybrid systems, deduction, air traffic control, logic for hybrid Aircraft collision avoidance maneuvers are important and complex applications. Curved flight exhibits nontrivial continuous behavior. In combination with the control choices during air traffic maneuvers, this yields hybrid systems with challenging interactions of discrete and continuous dynamics. As a case study illustrating the use of a new proof assistant for a logic for nonlinear hybrid systems, we analyze collision freedom of roundabout maneuvers in air traffic control, where appropriate curved flight, good timing, and compatible maneuvering are crucial for guaranteeing safe spatial separation of aircraft throughout their flight. We show that formal verification of hybrid systems can scale to curved flight maneuvers required in aircraft control applications. We introduce a fully flyable variant of the roundabout collision avoidance maneuver and verify safety properties
A Constraint Sequent Calculus for FirstOrder Logic with Linear Integer Arithmetic
"... Firstorder logic modulo the theory of integer arithmetic is the basis for reasoning in many areas, including deductive software verification and software model checking. While satisfiability checking for ground formulae in this logic is well understood, it is still an open question how the general ..."
Abstract

Cited by 25 (1 self)
 Add to MetaCart
Firstorder logic modulo the theory of integer arithmetic is the basis for reasoning in many areas, including deductive software verification and software model checking. While satisfiability checking for ground formulae in this logic is well understood, it is still an open question how the general case of quantified formulae can be handled in an efficient and systematic way. As a possible answer, we introduce a sequent calculus that combines ideas from freevariable constraint tableaux with the Omega quantifier elimination procedure. The calculus is complete for theorems of firstorder logic (without functions, but with arbitrary uninterpreted predicates), can decide Presburger arithmetic, and is complete for a substantial fragment of the combination of both.
European Train Control System: A Case Study in Formal Verification
, 2009
"... Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For its free paramet ..."
Abstract

Cited by 22 (10 self)
 Add to MetaCart
(Show Context)
Complex physical systems have several degrees of freedom. They only work correctly when their control parameters obey corresponding constraints. Based on the informal specification of the European Train Control System (ETCS), we design a controller for its cooperation protocol. For its free parameters, we successively identify constraints that are required to ensure collision freedom. We formally prove the parameter constraints to be sharp by characterizing them equivalently in terms of reachability properties of the hybrid system dynamics. Using our deductive verification tool KeYmaera, we formally verify controllability, safety, liveness, and reactivity properties of the ETCS protocol that entail collision freedom. We prove that the ETCS protocol remains correct even in the presence of perturbation by disturbances in the dynamics. We verify that safety is preserved when a PI controlled speed supervision is used.
Quantified Differential Dynamic Logic for Distributed Hybrid Systems
, 2010
"... We address a fundamental mismatch between the combinations of dynamics that occur in complex physical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic networks, where neither structure nor ..."
Abstract

Cited by 21 (15 self)
 Add to MetaCart
(Show Context)
We address a fundamental mismatch between the combinations of dynamics that occur in complex physical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic networks, where neither structure nor dimension stay the same while the system follows mixed discrete and continuous dynamics. We provide the logical foundations for closing this analytic gap. We develop a system model for distributed hybrid systems that combines quantified differential equations with quantified assignments and dynamic dimensionalitychanges. We introduce a dynamic logic for verifying distributed hybrid systems and present a proof calculus for it. We prove that this calculus is a sound and complete axiomatization of the behavior of distributed hybrid systems relative to quantified differential equations. In our calculus we have proven collision freedom in distributed car control even when new cars may appear dynamically on the road.
Real World Verification
"... Abstract. Scalable handling of real arithmetic is a crucial part of the verification of hybrid systems, mathematical algorithms, and mixed analog/digital circuits. Despite substantial advances in verification technology, complexity issues with classical decision procedures are still a major obstacle ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
Abstract. Scalable handling of real arithmetic is a crucial part of the verification of hybrid systems, mathematical algorithms, and mixed analog/digital circuits. Despite substantial advances in verification technology, complexity issues with classical decision procedures are still a major obstacle for formal verification of realworld applications, e.g., in automotive and avionic industries. To identify strengths and weaknesses, we examine state of the art symbolic techniques and implementations for the universal fragment of realclosed fields: approaches based on quantifier elimination, Gröbner Bases, and semidefinite programming for the Positivstellensatz. Within a uniform context of the verification tool KeYmaera, we compare these approaches qualitatively and quantitatively on verification benchmarks from hybrid systems, textbook algorithms, and on geometric problems. Finally, we introduce a new decision procedure combining Gröbner Bases and semidefinite programming for the real Nullstellensatz that outperforms the individual approaches on an interesting set of problems.
The Complete Proof Theory of Hybrid Systems
, 2011
"... as representing the official policies, either expressed or implied, of any sponsoring institution or government. Keywords: proof theory; hybrid dynamical systems; differential dynamic logic; axiomatization; Hybrid systems are a fusion of continuous dynamical systems and discrete dynamical systems. T ..."
Abstract

Cited by 17 (12 self)
 Add to MetaCart
as representing the official policies, either expressed or implied, of any sponsoring institution or government. Keywords: proof theory; hybrid dynamical systems; differential dynamic logic; axiomatization; Hybrid systems are a fusion of continuous dynamical systems and discrete dynamical systems. They freely combine dynamical features from both worlds. For that reason, it has often been claimed that hybrid systems are more challenging than continuous dynamical systems and than discrete systems. We now show that, prooftheoretically, this is not the case. We present a complete prooftheoretical alignment that interreduces the discrete dynamics and continuous dynamics of hybrid systems. We give a sound and complete axiomatization of hybrid systems relative to continuous dynamical systems and a sound and complete axiomatization of hybrid systems relative to discrete dynamical systems. Thanks to our axiomatization, proving properties of hybrid systems is exactly the same as proving properties of continuous dynamical systems and again, exactly the same as proving properties of discrete dynamical systems. This fundamental cornerstone sheds light on the nature of hybridness and enables flexible and provably perfect combinations of discrete reasoning with continuous reasoning that lift to all aspects of hybrid systems and their fragments. 1