TY - JOUR
T1 - Tactical contract composition for hybrid system component verification
AU - Müller, Andreas
AU - Mitsch, Stefan
AU - Retschitzegger, Werner
AU - Schwinger, Wieland
AU - Platzer, André
N1 - Publisher Copyright:
© 2018, The Author(s).
PY - 2018/11/1
Y1 - 2018/11/1
N2 - We present an approach for hybrid systems that combines the advantages of component-based modeling (e.g., reduced model complexity) with the advantages of formal verification (e.g., guaranteed contract compliance). Component-based modeling can be used to split large models into multiple component models with local responsibilities to reduce modeling complexity. Yet, this only helps the analysis if verification proceeds one component at a time. In order to benefit from the decomposition of a system into components for both modeling and verification purposes, we prove that the safety of compatible components implies safety of the composed system. We implement our composition theorem as a tactic in the KeYmaera X theorem prover, allowing automatic generation of a KeYmaera X proof for the composite system from proofs for the components without soundness-critical changes to KeYmaera X. Our approach supports component contracts (i.e., input assumptions and output guarantees for each component) that characterize the magnitude and rate of change of values exchanged between components. These contracts can take into account what has changed between two components in a given amount of time since the last exchange of information.
AB - We present an approach for hybrid systems that combines the advantages of component-based modeling (e.g., reduced model complexity) with the advantages of formal verification (e.g., guaranteed contract compliance). Component-based modeling can be used to split large models into multiple component models with local responsibilities to reduce modeling complexity. Yet, this only helps the analysis if verification proceeds one component at a time. In order to benefit from the decomposition of a system into components for both modeling and verification purposes, we prove that the safety of compatible components implies safety of the composed system. We implement our composition theorem as a tactic in the KeYmaera X theorem prover, allowing automatic generation of a KeYmaera X proof for the composite system from proofs for the components without soundness-critical changes to KeYmaera X. Our approach supports component contracts (i.e., input assumptions and output guarantees for each component) that characterize the magnitude and rate of change of values exchanged between components. These contracts can take into account what has changed between two components in a given amount of time since the last exchange of information.
KW - Component-based development
KW - Component-based verification
KW - Hybrid systems
UR - http://www.scopus.com/inward/record.url?scp=85051718650&partnerID=8YFLogxK
U2 - 10.1007/s10009-018-0502-9
DO - 10.1007/s10009-018-0502-9
M3 - Article
SN - 1433-2779
VL - 20
SP - 615
EP - 643
JO - International Journal on Software Tools for Technology Transfer
JF - International Journal on Software Tools for Technology Transfer
IS - 6
M1 - 6
ER -