Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
skip to main content
research-article
Open access

Structured Proofs for Adversarial Cyber-Physical Systems

Published: 22 September 2021 Publication History

Abstract

Many cyber-physical systems (CPS) are safety-critical, so it is important to formally verify them, e.g. in formal logics that show a model’s correctness specification always holds. Constructive Differential Game Logic (CdGL) is such a logic for (constructive) hybrid games, including hybrid systems. To overcome undecidability, the user first writes a proof, for which we present a proof-checking tool.
We introduce Kaisar, the first language and tool for CdGL proofs, which until now could only be written by hand with a low-level proof calculus. Kaisar’s structured proofs simplify challenging CPS proof tasks, especially by using programming language principles and high-level stateful reasoning. Kaisar exploits CdGL’s constructivity and refinement relations to build proofs around models of game strategies. The evaluation reproduces and extends existing case studies on 1D and 2D driving. Proof metrics are compared and reported experiences are discussed for the original studies and their reproductions.

References

[1]
Krzysztof Apt, Frank S De Boer, and Ernst-Rüdiger Olderog. 2010. Verification of sequential and concurrent programs.
[2]
Alasdair Armstrong, Victor B. F. Gomes, and Georg Struth. 2014. Kleene algebra with tests and demonic refinement algebras. Arch. Formal Proofs 2014 (2014). https://www.isa-afp.org/entries/KAT_and_DRA.shtml.
[3]
Rose Bohrer. 2021. Practical End-to-End Verification of Cyber-Physical Systems. Ph.D. Dissertation. Computer Science Department, School of Computer Science, Carnegie Mellon University.
[4]
Rose Bohrer and André Platzer. 2020. Constructive hybrid games. In IJCAR(LNCS, Vol. 12166), Nicolas Peltier and Viorica Sofronie-Stokkermans (Eds.). Springer, 454–473. https://doi.org/10.1007/978-3-030-51074-9_26
[5]
Rose Bohrer and André Platzer. 2020. Refining constructive hybrid games. In FSCD(LIPIcs, Vol. 167), Zena M. Ariola (Ed.). Schloss Dagstuhl - Leibniz-Zentrum für Informatik, 14.1–14.19. https://doi.org/10.4230/LIPIcs.FSCD.2020.14
[6]
Rose Bohrer, Yong Kiam Tan, Stefan Mitsch, Magnus O. Myreen, and André Platzer. 2018. VeriPhy: Verified controller executables from verified cyber-physical system models. In PLDI, Dan Grossman (Ed.). ACM. https://doi.org/10.1145/3192366.3192406
[7]
Rose Bohrer, Yong Kiam Tan, Stefan Mitsch, Andrew Sogokon, and André Platzer. 2019. A formal safety net for waypoint following in ground robots. IEEE Robotics and Automation Letters 4, 3 (2019), 2910–2917. https://doi.org/10.1109/LRA.2019.2923099
[8]
Matthew Chan, Daniel Ricketts, Sorin Lerner, and Gregory Malecha. 2016. Formal verification of stability properties of cyber-physical systems. In CoqPL.
[9]
Xin Chen, Erika Ábrahám, and Sriram Sankaranarayanan. 2013. Flow*: An analyzer for non-linear hybrid systems. In CAV(LNCS, Vol. 8044), Natasha Sharygina and Helmut Veith (Eds.). Springer. https://doi.org/10.1007/978-3-642-39799-8_18
[10]
Ron Cytron, Jeanne Ferrante, Barry K. Rosen, Mark N. Wegman, and F. Kenneth Zadeck. 1991. Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Program. Lang. Syst. 13, 4 (1991). https://doi.org/10.1145/115372.115320
[11]
David Delahaye. 2000. A tactic language for the system Coq. In LPAR (Reunion Island, France) (LNCS, Vol. 1955). Springer-Verlag.
[12]
Goran Frehse, Colas Le Guernic, Alexandre Donzé, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler. 2011. SpaceEx: Scalable verification of hybrid systems. In CAV(LNCS, Vol. 6806). https://doi.org/10.1007/978-3-642-22110-1_30
[13]
Nathan Fulton, Stefan Mitsch, Rose Bohrer, and André Platzer. 2017. Bellerophon: Tactical theorem proving for hybrid systems. In ITP(LNCS, Vol. 10499), Mauricio Ayala-Rincón and César A. Muñoz (Eds.). Springer, 207–224. https://doi.org/10.1007/978-3-319-66107-0_14
[14]
Nathan Fulton, Stefan Mitsch, Jan-David Quesel, Marcus Völp, and André Platzer. 2015. KeYmaera X: An axiomatic tactical theorem prover for hybrid systems. In CADE(LNCS, Vol. 9195), Amy Felty and Aart Middeldorp (Eds.). https://doi.org/10.1007/978-3-319-21401-6_36
[15]
Valentin Goranko. 2003. The basic algebra of game equivalences. Studia Logica (2003). https://doi.org/10.1023/A:1027311011342
[16]
Adam Grabowski, Artur Kornilowicz, and Adam Naumowicz. 2010. Mizar in a Nutshell. J. Formaliz. Reason. 3, 2 (2010), 153–245. https://doi.org/10.6092/issn.1972-5787/1980
[17]
Sarah Grebing. 2019. User Interaction in Deductive Interactive Program Verification. Ph.D. Dissertation. Karlsruhe Institute of Technology, Germany. https://nbn-resolving.org/urn:nbn:de:101:1-2019103003584227760922.
[18]
Thomas A. Henzinger, Benjamin Horowitz, and Rupak Majumdar. 1999. Rectangular hybrid games. In CONCUR(LNCS, Vol. 1664), Jos C. M. Baeten and Sjouke Mauw (Eds.). Springer, 320–335. https://doi.org/10.1007/3-540-48320-9_23
[19]
Clifford B. Jones. 1991. Systematic software development using VDM (2. ed.). Prentice Hall.
[20]
K. Rustan M. Leino. 1998. Extended static checking. In PROCOMET, David Gries and Willem P. de Roever (Eds.). Chapman & Hall.
[21]
Henri Lombardi. 2021. Théories géométriques pour l’algèbre constructive. (4 April 2021). http://hlombardi.free.fr/Theories-geometriques.pdf. Accessed: April 8, 2021. Unpublished draft (in French).
[22]
Sarah M. Loos. 2016. Differential Refinement Logic. Ph.D. Dissertation. Computer Science Department, School of Computer Science, Carnegie Mellon University.
[23]
Gregory Malecha and Jesper Bengtson. 2015. Rtac: A fully reflective tactic language. In CoqPL.
[24]
Dale Miller, Gopalan Nadathur, Frank Pfenning, and Andre Scedrov. 1991. Uniform proofs as a foundation for logic programming. Ann. Pure Appl. Log. 51, 1–2 (1991), 125–157. https://doi.org/10.1016/0168-0072(91)90068-W
[25]
Stefan Mitsch, Khalil Ghorbal, David Vogelbacher, and André Platzer. 2017. Formal verification of obstacle avoidance and navigation of ground robots. I. J. Robotics Res. 36, 12 (2017), 1312–1340. https://doi.org/10.1177/0278364917733549
[26]
Susan Owicki. 1975. Axiomatic Proof Techniques for Parallel Programs. Garland Publishing, New York.
[27]
André Platzer. 2008. Differential dynamic logic for hybrid systems. J. Autom. Reas. 41, 2 (2008), 143–189. https://doi.org/10.1007/s10817-008-9103-8
[28]
André Platzer. 2015. Differential game logic. ACM Trans. Comput. Log. 17, 1 (2015), 1:1–1:51. https://doi.org/10.1145/2817824
[29]
André Platzer. 2017. A complete uniform substitution calculus for differential dynamic logic. J. Autom. Reas. 59, 2 (2017), 219–265. https://doi.org/10.1007/s10817-016-9385-1
[30]
André Platzer. 2018. Logical Foundations of Cyber-Physical Systems. Springer, Cham. https://doi.org/10.1007/978-3-319-63588-0
[31]
André Platzer. 2019. Uniform substitution at one fell swoop. In CADE(LNCS, Vol. 11716), Pascal Fontaine (Ed.). Springer, 425–441. https://doi.org/10.1007/978-3-030-29436-6_25
[32]
André Platzer and Yong Kiam Tan. 2020. Differential equation invariance axiomatization. J. ACM 67, 1 (2020), 6:1–6:66. https://doi.org/10.1145/3380825
[33]
D. Seto, B. Krogh, L. Sha, and A. Chutinan. 1998. The SIMPLEX architecture for safe on-line control system upgrades. In American Control Conference. https://doi.org/10.1109/ACC.1998.703255
[34]
Andrew Sogokon, Stefan Mitsch, Yong Kiam Tan, Katherine Cordwell, and André Platzer. 2021. Pegasus: Sound continuous invariant generation. Form. Methods Syst. Des. (2021). https://doi.org/10.1007/s10703-020-00355-zSpecial issue for selected papers from FM’19.
[35]
Ankur Taly and Ashish Tiwari. 2010. Switching logic synthesis for reachability. In EMSOFT. ACM. https://doi.org/10.1145/1879021.1879025
[36]
Alfred Tarski. 1951. A decision method for elementary algebra and geometry. In Quantifier Elimination and Cylindrical Algebraic Decomposition, Bob F. Caviness and Jeremy R. Johnson (Eds.). Springer, Vienna.
[37]
Claire J Tomlin, John Lygeros, and S Shankar Sastry. 2000. A game theoretic approach to controller design for hybrid systems. Proc. IEEE 88, 7 (2000), 949–970.
[38]
Makarius Wenzel. 2007. Isabelle/Isar – a generic framework for human-readable proof documents. From Insight to Proof—Festschrift in Honour of Andrzej Trybulec 10, 23 (2007), 277–298. Special issue of Studies in Logic, Grammar, and Rhetoric.
[39]
Beta Ziliani, Derek Dreyer, Neelakantan R. Krishnaswami, Aleksandar Nanevski, and Viktor Vafeiadis. 2013. Mtac: A monad for typed tactic programming in Coq. SIGPLAN Not. 48, 9 (September 2013), 87–100. https://doi.org/10.1145/2544174.2500579

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Embedded Computing Systems
ACM Transactions on Embedded Computing Systems  Volume 20, Issue 5s
Special Issue ESWEEK 2021, CASES 2021, CODES+ISSS 2021 and EMSOFT 2021
October 2021
1367 pages
ISSN:1539-9087
EISSN:1558-3465
DOI:10.1145/3481713
  • Editor:
  • Tulika Mitra
Issue’s Table of Contents
This work is licensed under a Creative Commons Attribution International 4.0 License.

Publisher

Association for Computing Machinery

New York, NY, United States

Journal Family

Publication History

Published: 22 September 2021
Accepted: 01 July 2021
Revised: 01 June 2021
Received: 01 April 2021
Published in TECS Volume 20, Issue 5s

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Cyber-physical systems
  2. hybrid games
  3. formal proof
  4. structured proofs

Qualifiers

  • Research-article
  • Refereed

Funding Sources

  • Alexander von Humboldt Foundation
  • NDSEG Fellowship
  • Siebel Scholarship
  • AFOSR

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)118
  • Downloads (Last 6 weeks)9
Reflects downloads up to 22 Dec 2024

Other Metrics

Citations

Cited By

View all
  • (2025)Hybrid dynamical systems logic and its refinementsScience of Computer Programming10.1016/j.scico.2024.103179239:COnline publication date: 1-Jan-2025
  • (2024)IsaVODEs: Interactive Verification of Cyber-Physical Systems at ScaleJournal of Automated Reasoning10.1007/s10817-024-09709-268:4Online publication date: 1-Dec-2024
  • (2023)Refinements of Hybrid Dynamical Systems LogicRigorous State-Based Methods10.1007/978-3-031-33163-3_1(3-14)Online publication date: 30-May-2023
  • (2022)Teaching Design by Contract Using Snap!The Logic of Software. A Tasting Menu of Formal Methods10.1007/978-3-031-08166-8_12(243-263)Online publication date: 4-Jul-2022
  • (2022)Game Theoretical Adversarial Deep LearningAdversarial Machine Learning10.1007/978-3-030-99772-4_4(73-149)Online publication date: 26-Aug-2022

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media