Cyber-Physical Systems Verification with KeYmaera X Andr Platzer - PowerPoint PPT Presentation

Cyber-Physical Systems Verification with KeYmaera X André Platzer André Platzer Logical Foundations of Cyber-Physical Systems André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 1 / 25

Outline Cyber-Physical Systems 1 Foundation: Differential Dynamic Logic 2 ModelPlex: Model Safety Transfer 3 VeriPhy: Executable Proof Transfer 4 5 Applications Airborne Collision Avoidance System Safe Learning in CPS Summary 6 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 1 / 25

Outline Cyber-Physical Systems 1 Foundation: Differential Dynamic Logic 2 ModelPlex: Model Safety Transfer 3 VeriPhy: Executable Proof Transfer 4 5 Applications Airborne Collision Avoidance System Safe Learning in CPS Summary 6 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 1 / 25

Cyber-Physical Systems Safety Prospects: Safety & Efficiency (Autonomous) cars Pilot support Robots near humans Cyber-Physical Systems CPSs combine cyber capabilities with physical capabilities to solve problems that neither part could solve alone. André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Cyber-Physical Systems Safety Prospects: Safety & Efficiency (Autonomous) cars Pilot support Robots near humans Cyber-Physical Systems CPSs combine cyber capabilities with physical capabilities to solve problems that neither part could solve alone. André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Cyber-Physical Systems Safety Prospects: Safety & Efficiency (Autonomous) cars Pilot support Robots near humans Cyber-Physical Systems CPSs combine cyber capabilities with physical capabilities to solve problems that neither part could solve alone. André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Cyber-Physical Systems Safety Prospects: Safety & Efficiency (Autonomous) cars Pilot support Robots near humans Cyber-Physical Systems CPSs combine cyber capabilities with physical capabilities to solve problems that neither part could solve alone. André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Cyber-Physical Systems Safety Prospects: Safety & Efficiency (Autonomous) cars Pilot support Robots near humans Cyber-Physical Systems CPSs combine cyber capabilities with physical capabilities to solve problems that neither part could solve alone. André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Outline Cyber-Physical Systems 1 Foundation: Differential Dynamic Logic 2 ModelPlex: Model Safety Transfer 3 VeriPhy: Executable Proof Transfer 4 5 Applications Airborne Collision Avoidance System Safe Learning in CPS Summary 6 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 2 / 25

Approach: Proofs for Cyber-Physical Systems CPS Monitor transfers safety ModelPlex proof synthesizes Compliance Monitor KeYmaera X Model actions: { acc , brake } motion: x ′′ = a generates proofs Model Safety Proof and invariant search André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 3 / 25

CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m ϕ [ α ] ϕ [ ] x � = m α x � = m 6 v x 0.5 a 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 1 2 3 4 5 6 � 2.0 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 4 / 25

CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m ϕ [ α ] ϕ [ ] x � = m α x � = m a := − b ) ; x ′ = v , v ′ = a �� � ∗ � ( if ( SB ( x , m )) x � = m � �� � post all runs 6 v x 0.5 a 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 1 2 3 4 5 6 � 2.0 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 4 / 25

CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m ϕ [ α ] ϕ [ ] x � = m α x � = m a := − b ) ; x ′ = v , v ′ = a �� � ∗ � x � = m ∧ b > 0 → ( if ( SB ( x , m )) x � = m � �� � � �� � init post all runs 6 v x 0.5 a 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 1 2 3 4 5 6 � 2.0 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 4 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P P → [ α ] Q dL Hoare { P } α { Q } André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P All Some All Some Imply Not And Or reals real runs runs André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P P ω P P André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P P ω P [ α ] P P P → [ α ] Q dL Hoare { P } α { Q } André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P ω P � α � P André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P [ α ] P P ω α -span P P André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P [ α ] P P ω α -span � β � P P P β -span André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25

Differential Dynamic Logic dL Definition (Hybrid program) α , β ::= x := e | ? Q | x ′ = f ( x )& Q | α ∪ β | α ; β | α ∗ α ∗ x ′ = f ( x ) x α ; β α ν 1 µ ω α ∪ β ω ν ω ω 1 ω 2 ν Q α α α α β ν 2 β z r 0 ′ Definition (Differential dynamic logic) P , Q ::= e ≥ ˜ e | ¬ P | P ∧ Q | P ∨ Q | P → Q | ∀ x P | ∃ x P | [ α ] P | � α � P � β � [ α ] -span [ α ] P P ω α -span � β � P P P β -span André Platzer (CMU) Cyber-Physical Systems Verification with KeYmaera X LFCS’20 5 / 25