A Component-Based Hybrid Systems Verification and Implementation Tool in KeYmaera X (Tool Demonstration)

  • Andreas MüllerEmail author
  • Stefan Mitsch
  • Wieland Schwinger
  • André Platzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11615)


Safety-critical cyber-physical systems (CPS) should be analyzed using formal verification techniques in order to gain insight into and obtain rigorous safety guarantees about their behavior. For practical purposes, methods are needed to split modeling and verification effort into manageable pieces and link formal artifacts and techniques with implementation. In this paper we present a tool chain that supports component-based modeling and verification of CPS, generation of monitors, and systematic (but unverified) translation of models and monitors into executable code. A running example demonstrates how to model a system in a component-based fashion in differential dynamic logic (dL), how to represent and structure these models in the syntax of the hybrid systems theorem prover KeYmaera X (which implements dL), and how to prove properties in KeYmaera X. The verified components are the source for translation into executable C code, which can be run on controlled components (e.g., a robot). Additionally, we demonstrate how to generate monitors that validate the behavior of uncontrolled components (e.g., validate the assumptions made about obstacles).


  1. 1.
    Agrawal, A., Simon, G., Karsai, G.: Semantic translation of Simulink/Stateflow models to hybrid automata using graph transformations. Electr. Notes Theor. Comput. Sci. 109, 43–56 (2004)CrossRefGoogle Scholar
  2. 2.
    Bak, S., Beg, O.A., Bogomolov, S., Johnson, T.T., Nguyen, L.V., Schilling, C.: Hybrid automata: from verification to implementation. STTT (2017)Google Scholar
  3. 3.
    Bohrer, B., Rahli, V., Vukotic, I., Völp, M., Platzer, A.: Formally verified differential dynamic logic. In: Bertot, Y., Vafeiadis, V. (eds.) Certified Programs and Proofs - 6th ACM SIGPLAN Conference, CPP 2017, pp. 208–221. ACM, New York (2017)Google Scholar
  4. 4.
    Bohrer, B., Tan, Y.K., Mitsch, S., Myreen, M.O., Platzer, A.: VeriPhy: verified controller executables from verified cyber-physical system models. In: Grossman, D. (ed.) Proceedings of the 39th ACM SIGPLAN Conference on Programming Language Design and Implementation, PLDI 2018. pp. 617–630. ACM (2018)Google Scholar
  5. 5.
    Eker, J., et al.: Taming heterogeneity - the Ptolemy approach. Proc. IEEE 91(1), 127–144 (2003)CrossRefGoogle Scholar
  6. 6.
    Frehse, G., et al.: SpaceEx: scalable verification of hybrid systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 379–395. Springer, Heidelberg (2011). Scholar
  7. 7.
    Fritzson, P., Engelson, V.: Modelica—a unified object-oriented language for system modeling and simulation. In: Jul, E. (ed.) ECOOP 1998. LNCS, vol. 1445, pp. 67–90. Springer, Heidelberg (1998). Scholar
  8. 8.
    Fulton, N., Mitsch, S., Bohrer, B., Platzer, A.: Bellerophon: tactical theorem proving for hybrid systems. In: Ayala-Rincón, M., Muñoz, C.A. (eds.) ITP 2017. LNCS, vol. 10499, pp. 207–224. Springer, Cham (2017). Scholar
  9. 9.
    Fulton, N., Mitsch, S., Quesel, J.-D., Völp, M., Platzer, A.: KeYmaera X: an axiomatic tactical theorem prover for hybrid systems. In: Felty, A.P., Middeldorp, A. (eds.) CADE 2015. LNCS (LNAI), vol. 9195, pp. 527–538. Springer, Cham (2015). Scholar
  10. 10.
    Lattmann, Z., Nagel, A., Levendovszky, T., Bapty, T., Neema, S., Karsai, G.: Component-based modeling of dynamic systems using heterogeneous composition. In: Hardebolle, C., Syriani, E., Sprinkle, J., Mészáros, T. (eds.) Proceedings of the 6th International Workshop on Multi-Paradigm Modeling, MPM@MoDELS 2012, pp. 73–78. ACM (2012)Google Scholar
  11. 11.
    Loos, S.M., Platzer, A.: Differential refinement logic. In: Grohe, M., Koskinen, E., Shankar, N. (eds.) LICS, pp. 505–514. ACM, New York (2016)CrossRefGoogle Scholar
  12. 12.
    Mitsch, S., Platzer, A.: The KeYmaera X proof IDE: concepts on usability in hybrid systems theorem proving. In: Dubois, C., Mery, D., Masci, P. (eds.) 3rd Workshop on Formal Integrated Development Environment, EPTCS, vol. 240, pp. 67–81. Open Publishing Association (2016)Google Scholar
  13. 13.
    Mitsch, S., Platzer, A.: ModelPlex: verified runtime validation of verified cyber-physical system models. Form. Methods Syst. Des. 49(12), 33–74 (2016). Special issue of selected papers from RV 2014CrossRefGoogle Scholar
  14. 14.
    Müller, A., Mitsch, S., Retschitzegger, W., Schwinger, W., Platzer, A.: Tactical contract composition for hybrid system component verification. STTT 20, 615–643 (2018). special issue for selected papers from FASE 2017CrossRefGoogle Scholar
  15. 15.
    Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reas. 41(2), 143–189 (2008)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Platzer, A.: A complete uniform substitution calculus for differential dynamic logic. J. Autom. Reas. 59(2), 219–265 (2017)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Platzer, A.: Logical Foundations of Cyber-Physical Systems. Springer, Switzerland (2018). Scholar
  18. 18.
    Yang, Y., Jiang, Y., Gu, M., Sun, J.: Verifying Simulink stateflow model: timed automata approach. In: Lo, D., Apel, S., Khurshid, S. (eds.) Proceedings of the 31st IEEE/ACM International Conference on Automated Software Engineering, ASE 2016, pp. 852–857. ACM (2016)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Department of Cooperative Information SystemsJohannes Kepler UniversityLinzAustria
  2. 2.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations