Refactoring, Refinement, and Reasoning

A Logical Characterization for Hybrid Systems
  • Stefan Mitsch
  • Jan-David Quesel
  • André Platzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8442)


Refactoring of code is a common device in software engineering. As cyber-physical systems (CPS) become ever more complex, similar engineering practices become more common in CPS development. Proper safe developments of CPS designs are accompanied by a proof of correctness. Since the inherent complexities of CPS practically mandate iterative development, frequent changes of models are standard practice, but require reverification of the resulting models after every change.

To overcome this issue, we develop proof-aware refactorings for CPS. That is, we study model transformations on CPS and show how they correspond to relations on correctness proofs. As the main technical device, we show how the impact of model transformations on correctness can be characterized by different notions of refinement in differential dynamic logic. Furthermore, we demonstrate the application of refinements on a series of safety-preserving and liveness-preserving refactorings. For some of these we can give strong results by proving on a meta-level that they are correct. Where this is impossible, we construct proof obligations for showing that the refactoring respects the refinement relation.


Hybrid System Reachable State Dynamic Logic Proof Obligation Continuous Dynamic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abrial, J.R., Butler, M.J., Hallerstede, S., Hoang, T.S., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. STTT 12(6) (2010)Google Scholar
  2. 2.
    Alur, R.: Can we verify cyber-physical systems?: technical perspective. Commun. ACM 56(10), 96 (2013)CrossRefMathSciNetGoogle Scholar
  3. 3.
    Alur, R., Grosu, R., Lee, I., Sokolsky, O.: Compositional modeling and refinement for hierarchical hybrid systems. J. Log. Algebr. Program. 68(1-2), 105–128 (2006)CrossRefzbMATHMathSciNetGoogle Scholar
  4. 4.
    Börger, E.: The ASM refinement method. Formal Aspects of Computing 15(2-3), 237–257 (2003)CrossRefzbMATHGoogle Scholar
  5. 5.
    Clarke, E.M., Fehnker, A., Han, Z., Krogh, B.H., Ouaknine, J., Stursberg, O., Theobald, M.: Abstraction and counterexample-guided refinement in model checking of hybrid systems. Int. J. Found. Comput. Sci. 14(4), 583–604 (2003)CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. J. ACM 50(5), 752–794 (2003)CrossRefMathSciNetGoogle Scholar
  7. 7.
    Doyen, L., Henzinger, T.A., Raskin, J.-F.: Automatic rectangular refinement of affine hybrid systems. In: Pettersson, P., Yi, W. (eds.) FORMATS 2005. LNCS, vol. 3829, pp. 144–161. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Fowler, M., Beck, K., Brant, J., Opdyke, W., Roberts, D.: Refactoring—Improving the Design of Existing Code. Addison-Wesley (1999)Google Scholar
  9. 9.
    Hoare, C.A.R.: Communicating sequential processes. Prentice-Hall, Inc., Upper Saddle River (1985)zbMATHGoogle Scholar
  10. 10.
    Kopetz, H.: Event-triggered versus time-triggered real-time systems. In: Karshmer, A.I., Nehmer, J. (eds.) Dagstuhl Seminar 1991. LNCS, vol. 563, pp. 86–101. Springer, Heidelberg (1991)CrossRefGoogle Scholar
  11. 11.
    Kouskoulas, Y., Platzer, A., Kazanzides, P.: Formal methods for robotic system control software. Tech. Rep. 2, Johns Hopkins University APL (2013)Google Scholar
  12. 12.
    Kouskoulas, Y., Renshaw, D., Platzer, A., Kazanzides, P.: Certifying the safe design of a virtual fixture control algorithm for a surgical robot. In: Belta, C., Ivancic, F. (eds.) HSCC. ACM (2013)Google Scholar
  13. 13.
    Mitsch, S., Ghorbal, K., Platzer, A.: On provably safe obstacle avoidance for autonomous robotic ground vehicles. In: Robotics: Science and Systems (2013)Google Scholar
  14. 14.
    Mitsch, S., Loos, S.M., Platzer, A.: Towards formal verification of freeway traffic control. In: Lu, C. (ed.) ICCPS, pp. 171–180. IEEE (2012)Google Scholar
  15. 15.
    Mitsch, S., Passmore, G.O., Platzer, A.: A vision of collaborative verification-driven engineering of hybrid systems. In: Kerber, M., Lange, C., Rowat, C. (eds.) Do-Form, pp. 8–17. AISB (2013)Google Scholar
  16. 16.
    Mitsch, S., Quesel, J.D., Platzer, A.: Refactoring, refinement, and reasoning: A logical characterization for hybrid systems. Tech. Rep. CMU-CS-14-103, Carnegie Mellon (2014)Google Scholar
  17. 17.
    Opdyke, W.F.: Refactoring Object-oriented Frameworks. Ph.D. thesis, Champaign, IL, USA, uMI Order No. GAX93-05645 (1992)Google Scholar
  18. 18.
    Platzer, A.: Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  19. 19.
    Platzer, A.: A complete axiomatization of quantified differential dynamic logic for distributed hybrid systems. Logical Methods in Computer Science 8(4), 1–44 (2012) (special issue for selected papers from CSL 2010)Google Scholar
  20. 20.
    Platzer, A.: Logics of dynamical systems. In: LICS, pp. 13–24. IEEE (2012)Google Scholar
  21. 21.
    Platzer, A.: The structure of differential invariants and differential cut elimination. Logical Methods in Computer Science 8(4), 1–38 (2012)Google Scholar
  22. 22.
    Platzer, A., Quesel, J.-D.: KeYmaera: A hybrid theorem prover for hybrid systems (System description). In: Armando, A., Baumgartner, P., Dowek, G. (eds.) IJCAR 2008. LNCS (LNAI), vol. 5195, pp. 171–178. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Platzer, A., Quesel, J.-D.: European Train Control System: A Case Study in Formal Verification. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 246–265. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  24. 24.
    Quesel, J.-D., Platzer, A.: Playing hybrid games with KeYmaera. In: Gramlich, B., Miller, D., Sattler, U. (eds.) IJCAR 2012. LNCS, vol. 7364, pp. 439–453. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  25. 25.
    Schneider, S., Treharne, H., Wehrheim, H.: The behavioural semantics of Event-B refinement. Formal Aspects of Computing, 1–30 (2012)Google Scholar
  26. 26.
    Tabuada, P.: Verification and Control of Hybrid Systems: A Symbolic Approach. Springer (2009)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Stefan Mitsch
    • 1
  • Jan-David Quesel
    • 1
  • André Platzer
    • 1
  1. 1.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations