{"title":"Hybrid dynamical systems logic and its refinements","authors":"André Platzer","doi":"10.1016/j.scico.2024.103179","DOIUrl":null,"url":null,"abstract":"<div><p>Hybrid dynamical systems describe the mixed discrete dynamics and continuous dynamics of cyber-physical systems such as aircraft, cars, trains, and robots. To justify correctness properties of the safety-critical control algorithms for their physical models, <em>differential dynamic logic</em> (<figure><img></figure>) provides deductive specification and verification techniques implemented in the theorem prover <figure><img></figure>. The logic <figure><img></figure> is useful for proving, e.g., that all runs of a hybrid dynamical system <em>α</em> satisfy safety property <em>φ</em> (i.e., <figure><img></figure>), or that there is a run of the hybrid dynamical system <em>α</em> ultimately reaching the desired goal <em>φ</em> (i.e., <figure><img></figure>). Logical combinations of <figure><img></figure>'s operators naturally represent safety, liveness, stability and other properties. Variations of <figure><img></figure> serve additional purposes. <em>Differential refinement logic</em> (<figure><img></figure>) adds an operator <span><math><mi>α</mi><mo>≤</mo><mi>β</mi></math></span> expressing that hybrid system <em>α</em> refines hybrid system <em>β</em>, which is useful, e.g., for relating concrete system implementations <em>α</em> to their abstract verification models <em>β</em>. Just like <figure><img></figure>, <figure><img></figure> is a logic closed under all operators, which opens up systematic ways of simultaneously relating systems and their properties, of reducing system properties to system relations or, vice versa, reducing system relations to system properties. A second variant of <figure><img></figure>, <em>differential game logic</em> (<figure><img></figure>), adds the ability of referring to winning strategies of players in hybrid games, which is useful for establishing correctness properties where the actions of different agents may interfere either because they literally compete with one another or because they may interact accidentally. In the theorem prover <figure><img></figure>, <figure><img></figure> and its variations have been used for verifying ground robot obstacle avoidance, the Federal Aviation Administration's Next-Generation Airborne Collision Avoidance System ACAS X, and the Federal Railroad Administration's train control model.</p></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"239 ","pages":"Article 103179"},"PeriodicalIF":1.5000,"publicationDate":"2024-07-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://www.sciencedirect.com/science/article/pii/S0167642324001023/pdfft?md5=34f140cc3ba2a330ad2477f9b1ee80cf&pid=1-s2.0-S0167642324001023-main.pdf","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Science of Computer Programming","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167642324001023","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}
引用次数: 0
Abstract
Hybrid dynamical systems describe the mixed discrete dynamics and continuous dynamics of cyber-physical systems such as aircraft, cars, trains, and robots. To justify correctness properties of the safety-critical control algorithms for their physical models, differential dynamic logic () provides deductive specification and verification techniques implemented in the theorem prover . The logic is useful for proving, e.g., that all runs of a hybrid dynamical system α satisfy safety property φ (i.e., ), or that there is a run of the hybrid dynamical system α ultimately reaching the desired goal φ (i.e., ). Logical combinations of 's operators naturally represent safety, liveness, stability and other properties. Variations of serve additional purposes. Differential refinement logic () adds an operator expressing that hybrid system α refines hybrid system β, which is useful, e.g., for relating concrete system implementations α to their abstract verification models β. Just like , is a logic closed under all operators, which opens up systematic ways of simultaneously relating systems and their properties, of reducing system properties to system relations or, vice versa, reducing system relations to system properties. A second variant of , differential game logic (), adds the ability of referring to winning strategies of players in hybrid games, which is useful for establishing correctness properties where the actions of different agents may interfere either because they literally compete with one another or because they may interact accidentally. In the theorem prover , and its variations have been used for verifying ground robot obstacle avoidance, the Federal Aviation Administration's Next-Generation Airborne Collision Avoidance System ACAS X, and the Federal Railroad Administration's train control model.
期刊介绍:
Science of Computer Programming is dedicated to the distribution of research results in the areas of software systems development, use and maintenance, including the software aspects of hardware design.
The journal has a wide scope ranging from the many facets of methodological foundations to the details of technical issues andthe aspects of industrial practice.
The subjects of interest to SCP cover the entire spectrum of methods for the entire life cycle of software systems, including
• Requirements, specification, design, validation, verification, coding, testing, maintenance, metrics and renovation of software;
• Design, implementation and evaluation of programming languages;
• Programming environments, development tools, visualisation and animation;
• Management of the development process;
• Human factors in software, software for social interaction, software for social computing;
• Cyber physical systems, and software for the interaction between the physical and the machine;
• Software aspects of infrastructure services, system administration, and network management.