research-article

Open access

Structured Proofs for Adversarial Cyber-Physical Systems

Authors:

André PlatzerAuthors Info & Claims

ACM Transactions on Embedded Computing Systems (TECS), Volume 20, Issue 5s

Article No.: 93, Pages 1 - 26

https://doi.org/10.1145/3477024

Published: 22 September 2021 Publication History

All formats PDF

Abstract

Many cyber-physical systems (CPS) are safety-critical, so it is important to formally verify them, e.g. in formal logics that show a model’s correctness specification always holds. Constructive Differential Game Logic (CdGL) is such a logic for (constructive) hybrid games, including hybrid systems. To overcome undecidability, the user first writes a proof, for which we present a proof-checking tool.

We introduce Kaisar, the first language and tool for CdGL proofs, which until now could only be written by hand with a low-level proof calculus. Kaisar’s structured proofs simplify challenging CPS proof tasks, especially by using programming language principles and high-level stateful reasoning. Kaisar exploits CdGL’s constructivity and refinement relations to build proofs around models of game strategies. The evaluation reproduces and extends existing case studies on 1D and 2D driving. Proof metrics are compared and reported experiences are discussed for the original studies and their reproductions.

References

[1]

Krzysztof Apt, Frank S De Boer, and Ernst-Rüdiger Olderog. 2010. Verification of sequential and concurrent programs.

[2]

Alasdair Armstrong, Victor B. F. Gomes, and Georg Struth. 2014. Kleene algebra with tests and demonic refinement algebras. Arch. Formal Proofs 2014 (2014). https://www.isa-afp.org/entries/KAT_and_DRA.shtml.

[3]

Rose Bohrer. 2021. Practical End-to-End Verification of Cyber-Physical Systems. Ph.D. Dissertation. Computer Science Department, School of Computer Science, Carnegie Mellon University.

[4]

Rose Bohrer and André Platzer. 2020. Constructive hybrid games. In IJCAR(LNCS, Vol. 12166), Nicolas Peltier and Viorica Sofronie-Stokkermans (Eds.). Springer, 454–473. https://doi.org/10.1007/978-3-030-51074-9_26

Digital Library

[5]

Rose Bohrer and André Platzer. 2020. Refining constructive hybrid games. In FSCD(LIPIcs, Vol. 167), Zena M. Ariola (Ed.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 14.1–14.19. https://doi.org/10.4230/LIPIcs.FSCD.2020.14

[6]

Rose Bohrer, Yong Kiam Tan, Stefan Mitsch, Magnus O. Myreen, and André Platzer. 2018. VeriPhy: Verified controller executables from verified cyber-physical system models. In PLDI, Dan Grossman (Ed.). ACM. https://doi.org/10.1145/3192366.3192406

Digital Library

[7]

Rose Bohrer, Yong Kiam Tan, Stefan Mitsch, Andrew Sogokon, and André Platzer. 2019. A formal safety net for waypoint following in ground robots. IEEE Robotics and Automation Letters 4, 3 (2019), 2910–2917. https://doi.org/10.1109/LRA.2019.2923099

[8]

Matthew Chan, Daniel Ricketts, Sorin Lerner, and Gregory Malecha. 2016. Formal verification of stability properties of cyber-physical systems. In CoqPL.

[9]

Xin Chen, Erika Ábrahám, and Sriram Sankaranarayanan. 2013. Flow*: An analyzer for non-linear hybrid systems. In CAV(LNCS, Vol. 8044), Natasha Sharygina and Helmut Veith (Eds.). Springer. https://doi.org/10.1007/978-3-642-39799-8_18

[10]

Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. 1991. Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13, 4 (1991). https://doi.org/10.1145/115372.115320

Digital Library

[11]

David Delahaye. 2000. A tactic language for the system Coq. In LPAR (Reunion Island, France) (LNCS, Vol. 1955). Springer-Verlag.

[12]

Goran Frehse, Colas Le Guernic, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In CAV(LNCS, Vol. 6806). https://doi.org/10.1007/978-3-642-22110-1_30

Digital Library

[13]

Nathan Fulton, Stefan Mitsch, Rose Bohrer, and André Platzer. 2017. Bellerophon: Tactical theorem proving for hybrid systems. In ITP(LNCS, Vol. 10499), Mauricio Ayala-Rincón and César A. Muñoz (Eds.). Springer, 207–224. https://doi.org/10.1007/978-3-319-66107-0_14

Digital Library

[14]

Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp, and André Platzer. 2015. KeYmaera X: An axiomatic tactical theorem prover for hybrid systems. In CADE(LNCS, Vol. 9195), Amy Felty and Aart Middeldorp (Eds.). https://doi.org/10.1007/978-3-319-21401-6_36

[15]

Valentin Goranko. 2003. The basic algebra of game equivalences. Studia Logica (2003). https://doi.org/10.1023/A:1027311011342

[16]

Adam Grabowski, Artur Kornilowicz, and Adam Naumowicz. 2010. Mizar in a Nutshell. J. Formaliz. Reason. 3, 2 (2010), 153–245. https://doi.org/10.6092/issn.1972-5787/1980

[17]

Sarah Grebing. 2019. User Interaction in Deductive Interactive Program Verification. Ph.D. Dissertation. Karlsruhe Institute of Technology, Germany. https://nbn-resolving.org/urn:nbn:de:101:1-2019103003584227760922.

[18]

Thomas A. Henzinger, Benjamin Horowitz, and Rupak Majumdar. 1999. Rectangular hybrid games. In CONCUR(LNCS, Vol. 1664), Jos C. M. Baeten and Sjouke Mauw (Eds.). Springer, 320–335. https://doi.org/10.1007/3-540-48320-9_23

[19]

Clifford B. Jones. 1991. Systematic software development using VDM (2. ed.). Prentice Hall.

[20]

K. Rustan M. Leino. 1998. Extended static checking. In PROCOMET, David Gries and Willem P. de Roever (Eds.). Chapman & Hall.

[21]

Henri Lombardi. 2021. Théories géométriques pour l’algèbre constructive. (4 April 2021). http://hlombardi.free.fr/Theories-geometriques.pdf. Accessed: April 8, 2021. Unpublished draft (in French).

[22]

Sarah M. Loos. 2016. Differential Refinement Logic. Ph.D. Dissertation. Computer Science Department, School of Computer Science, Carnegie Mellon University.

[23]

Gregory Malecha and Jesper Bengtson. 2015. Rtac: A fully reflective tactic language. In CoqPL.

[24]

Dale Miller, Gopalan Nadathur, Frank Pfenning, and Andre Scedrov. 1991. Uniform proofs as a foundation for logic programming. Ann. Pure Appl. Log. 51, 1–2 (1991), 125–157. https://doi.org/10.1016/0168-0072(91)90068-W

[25]

Stefan Mitsch, Khalil Ghorbal, David Vogelbacher, and André Platzer. 2017. Formal verification of obstacle avoidance and navigation of ground robots. I. J. Robotics Res. 36, 12 (2017), 1312–1340. https://doi.org/10.1177/0278364917733549

Digital Library

[26]

Susan Owicki. 1975. Axiomatic Proof Techniques for Parallel Programs. Garland Publishing, New York.

[27]

André Platzer. 2008. Differential dynamic logic for hybrid systems. J. Autom. Reas. 41, 2 (2008), 143–189. https://doi.org/10.1007/s10817-008-9103-8

Digital Library

[28]

André Platzer. 2015. Differential game logic. ACM Trans. Comput. Log. 17, 1 (2015), 1:1–1:51. https://doi.org/10.1145/2817824

Digital Library

[29]

André Platzer. 2017. A complete uniform substitution calculus for differential dynamic logic. J. Autom. Reas. 59, 2 (2017), 219–265. https://doi.org/10.1007/s10817-016-9385-1

Digital Library

[30]

André Platzer. 2018. Logical Foundations of Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-63588-0

Digital Library

[31]

André Platzer. 2019. Uniform substitution at one fell swoop. In CADE(LNCS, Vol. 11716), Pascal Fontaine (Ed.). Springer, 425–441. https://doi.org/10.1007/978-3-030-29436-6_25

Digital Library

[32]

André Platzer and Yong Kiam Tan. 2020. Differential equation invariance axiomatization. J. ACM 67, 1 (2020), 6:1–6:66. https://doi.org/10.1145/3380825

Digital Library

[33]

D. Seto, B. Krogh, L. Sha, and A. Chutinan. 1998. The SIMPLEX architecture for safe on-line control system upgrades. In American Control Conference. https://doi.org/10.1109/ACC.1998.703255

[34]

Andrew Sogokon, Stefan Mitsch, Yong Kiam Tan, Katherine Cordwell, and André Platzer. 2021. Pegasus: Sound continuous invariant generation. Form. Methods Syst. Des. (2021). https://doi.org/10.1007/s10703-020-00355-zSpecial issue for selected papers from FM’19.

[35]

Ankur Taly and Ashish Tiwari. 2010. Switching logic synthesis for reachability. In EMSOFT. ACM. https://doi.org/10.1145/1879021.1879025

Digital Library

[36]

Alfred Tarski. 1951. A decision method for elementary algebra and geometry. In Quantifier Elimination and Cylindrical Algebraic Decomposition, Bob F. Caviness and Jeremy R. Johnson (Eds.). Springer, Vienna.

[37]

Claire J Tomlin, John Lygeros, and S Shankar Sastry. 2000. A game theoretic approach to controller design for hybrid systems. Proc. IEEE 88, 7 (2000), 949–970.

[38]

Makarius Wenzel. 2007. Isabelle/Isar – a generic framework for human-readable proof documents. From Insight to Proof—Festschrift in Honour of Andrzej Trybulec 10, 23 (2007), 277–298. Special issue of Studies in Logic, Grammar, and Rhetoric.

[39]

Beta Ziliani, Derek Dreyer, Neelakantan R. Krishnaswami, Aleksandar Nanevski, and Viktor Vafeiadis. 2013. Mtac: A monad for typed tactic programming in Coq. SIGPLAN Not. 48, 9 (September 2013), 87–100. https://doi.org/10.1145/2544174.2500579

Digital Library

Cited By

Platzer A(2025)Hybrid dynamical systems logic and its refinementsScience of Computer Programming10.1016/j.scico.2024.103179239(103179)Online publication date: Jan-2025
https://doi.org/10.1016/j.scico.2024.103179
Platzer A(2023)Refinements of Hybrid Dynamical Systems LogicRigorous State-Based Methods10.1007/978-3-031-33163-3_1(3-14)Online publication date: 30-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-33163-3_1
Huisman MMonti R(2022)Teaching Design by Contract Using Snap!The Logic of Software. A Tasting Menu of Formal Methods10.1007/978-3-031-08166-8_12(243-263)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-08166-8_12
Show More Cited By

Index Terms

Structured Proofs for Adversarial Cyber-Physical Systems
1. Computer systems organization
  1. Embedded and cyber-physical systems
2. Theory of computation
  1. Logic
    1. Logic and verification

Recommendations

Differential Game Logic

Differential game logic (dGL) is a logic for specifying and verifying properties of hybrid games, i.e., games that combine discrete, continuous, and adversarial dynamics. Unlike hybrid systems, hybrid games allow choices in the system dynamics to be ...
A logic of proofs for differential dynamic logic: toward independently checkable proof certificates for dynamic logics
CPP 2016: Proceedings of the 5th ACM SIGPLAN Conference on Certified Programs and Proofs

Differential dynamic logic is a logic for specifying and verifying safety, liveness, and other properties about models of cyber-physical systems. Theorem provers based on differential dynamic logic have been used to verify safety properties for models ...
Logic & Proofs for Cyber-Physical Systems
Proceedings of the 8th International Joint Conference on Automated Reasoning - Volume 9706

Cyber-physical systems CPS combine cyber aspects such as communication and computer control with physical aspects such as movement in space, which arise frequently in many safety-critical application domains, including aviation, automotive, railway, and ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems

ACM Transactions on Embedded Computing Systems Volume 20, Issue 5s

Special Issue ESWEEK 2021, CASES 2021, CODES+ISSS 2021 and EMSOFT 2021

October 2021

1367 pages

ISSN:1539-9087

EISSN:1558-3465

DOI:10.1145/3481713

Editor:
Tulika Mitra
National University of Singapore, Singapore

Issue’s Table of Contents

Copyright © 2021 Association for Computing Machinery.

This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

ACM Journals for the Design of Smart and Connected Systems

Publication History

Published: 22 September 2021

Accepted: 01 July 2021

Revised: 01 June 2021

Received: 01 April 2021

Published in TECS Volume 20, Issue 5s

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Refereed

Funding Sources

Alexander von Humboldt Foundation
NDSEG Fellowship
Siebel Scholarship
AFOSR

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

4
Total Citations
View Citations
415
Total Downloads

Downloads (Last 12 months)127
Downloads (Last 6 weeks)17

Reflects downloads up to 12 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Platzer A(2025)Hybrid dynamical systems logic and its refinementsScience of Computer Programming10.1016/j.scico.2024.103179239(103179)Online publication date: Jan-2025
https://doi.org/10.1016/j.scico.2024.103179
Platzer A(2023)Refinements of Hybrid Dynamical Systems LogicRigorous State-Based Methods10.1007/978-3-031-33163-3_1(3-14)Online publication date: 30-May-2023
https://dl.acm.org/doi/10.1007/978-3-031-33163-3_1
Huisman MMonti R(2022)Teaching Design by Contract Using Snap!The Logic of Software. A Tasting Menu of Formal Methods10.1007/978-3-031-08166-8_12(243-263)Online publication date: 4-Jul-2022
https://doi.org/10.1007/978-3-031-08166-8_12
Sreevallabh Chivukula AYang XLiu BLiu WZhou WSreevallabh Chivukula AYang XLiu BLiu WZhou W(2022)Game Theoretical Adversarial Deep LearningAdversarial Machine Learning10.1007/978-3-030-99772-4_4(73-149)Online publication date: 26-Aug-2022
https://doi.org/10.1007/978-3-030-99772-4_4

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents