Compositional proofs in differential dynamic logic dL

International audienceModularity and composability are essential properties to facilitate and scale the design of cyber-physical systems from the specification of hybrid, discrete and continuous, components. Modularity is essential to break down a system model into comprehensible and manageable component specifications. Composability is essential to design a system from component models while preserving their verified properties, expressed as assume-guarantee contracts. In this paper, we address the specification of hybrid system using Platzer's differential dynamic logic (dL). Our contribution is threefold: (1) We define a new composition operator in dL and prove that it is associative and commutative (AC). Prior notions of composition in dL were not associative. (2) We provide a theorem which characterizes necessary conditions to automate the proof that composed components satisfy the composition of their individual contracts, enabling modular and compositional verification. (3) We case-study our AC composition operator by considering the modular and detailed specification of a cruise controller in KeYmaera X, the latest implementation of dL, to demonstrate the proof automation capability of our contribution and exemplify a compositional design methodology

Refinement and Continuous Behaviour

Refinement Calculus is a formal framework for the development of provably correct software. It is also used in the development of Action Systems, which is a predicate transformer based framework for constructing distributed and reactive software systems. Recently, Action Systems were extended with a new action called the differential action. It allows the modelling of continuous behaviour. Along with the differential action we may use Action Systems also to model hybrid systems. In this paper we investigate how the use of di erential action in Action Systems ts to the refinement ideology. As the main result we show that simple laws can be used for proving a refinement step involving continuous behaviour within the Refinement Calculus

Refinement and Continuous Behaviour

Refinement Calculus is a formal framework for the development of provably correct software. It is used by Action Systems, a predicate transformer based framework for constructing distributed and reactive systems. Recently, Action Systems were extended with a new action called the differential action. It allows the modelling of continuous behaviour, such that Action Systems may model hybrid systems. In this paper we investigate how the differential action fits into the refinement framework. As the main result we develop simple laws for proving a refinement step involving continuous behaviour within the Refinement Calculus. Keywords: actions, action systems, continuous behaviour, hybrid systems, refinement TUCS Research Group Programming Methodology Research Group 1 Introduction Action Systems, originally proposed by Back and Kurki-Suonio [2], are predicate transformer based systems for modelling discrete computations. They have been extensively used in the development of reactive an..