A Component-Based Approach to Hybrid Systems Safety Verification

  • Andreas MüllerEmail author
  • Stefan Mitsch
  • Werner Retschitzegger
  • Wieland Schwinger
  • André Platzer
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9681)


We study a component-based approach to simplify the challenges of verifying large-scale hybrid systems. Component-based modeling can be used to split large models into partial models to reduce modeling complexity. Yet, verification results also need to transfer from components to composites. In this paper, we propose a component-based hybrid system verification approach that combines the advantages of component-based modeling (e.g., reduced model complexity) with the advantages of formal verification (e.g., guaranteed contract compliance). Our strategy is to decompose the system into components, verify their local safety individually and compose them to form an overall system that provably satisfies a global contract, without proving the whole system. We introduce the necessary formalism to define the structure and behavior of components and a technique how to compose components such that safety properties provably emerge from component safety.


Component-based development Hybrid systems Formal verification 


  1. 1.
    de Alfaro, L., Henzinger, T.A.: Interface theories for component-based design. In: Henzinger, T.A., Kirsch, C.M. (eds.) EMSOFT 2001. LNCS, vol. 2211, pp. 148–165. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Alur, R., Courcoubetis, C., Henzinger, T.A., Ho, P.: Hybrid automata: an algorithmic approach to the specification and verification of hybrid systems. In: Grossman, R.L., Nerode, A., Ravn, A.P., Rischel, H. (eds.) Hybrid Systems. LNCS, vol. 736, pp. 209–229. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  3. 3.
    Bauer, S.S., David, A., Hennicker, R., Larsen, K.G., Legay, A., Nyman, U., Wasowski, A.: Moving from specifications to contracts in component-based design. In: de Lara, J., Zisman, A. (eds.) FASE 2012. LNCS, vol. 7212, pp. 43–58. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  4. 4.
    Benvenuti, L., Bresolin, D., Collins, P., Ferrari, A., Geretti, L., Villa, T.: Assume-guarantee verification of nonlinear hybrid systems with Ariadne. Int. J. Robust Nonlinear Control 24(4), 699–724 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Damm, W., Dierks, H., Oehlerking, J., Pnueli, A.: Towards component based design of hybrid systems: safety and stability. In: Manna, Z., Peled, D.A. (eds.) Time for Verification. LNCS, vol. 6200, pp. 96–143. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  6. 6.
    Felty, A.P., Middeldorp, A. (eds.): CADE-25. LNCS, vol. 9195. Springer, Switzerland (2015)zbMATHGoogle Scholar
  7. 7.
    Frehse, G., Han, Z., Krogh, B.: Assume-guarantee reasoning for hybrid i/o-automata by over-approximation of continuous interaction. In: 43rd IEEE Conference on Decision and Control, CDC, vol. 1, pp. 479–484, December 2004Google Scholar
  8. 8.
    Fulton, N., Mitsch, S., Quesel, J., Völp, M., Platzer, A.: KeYmaera X: an axiomatic tactical theorem prover for hybrid systems. In: Felty and Middeldorp [6], pp. 527–538Google Scholar
  9. 9.
    Graf, S., Passerone, R., Quinton, S.: Contract-based reasoning for component systems with rich interactions. In: Sangiovanni-Vincentelli, A., Zeng, H., Di Natale, M., Marwedel, P. (eds.) Embedded Systems Development, vol. 20, pp. 139–154. Springer, New York (2014)CrossRefGoogle Scholar
  10. 10.
    Henzinger, T.A., Minea, M., Prabhu, V.S.: Assume-guarantee reasoning for hierarchical hybrid systems. In: Di Benedetto, M.D., Sangiovanni-Vincentelli, A.L. (eds.) HSCC 2001. LNCS, vol. 2034, pp. 275–290. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Kurki-Suonio, R.: Component and interface refinement in closed-system specifications. In: Wing, J.M., Woodcock, J., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 134–154. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Larsen, K.G., Pettersson, P., Yi, W.: UPPAAL in a nutshell. STTT 1(1–2), 134–152 (1997)CrossRefzbMATHGoogle Scholar
  13. 13.
    Loos, S.M., Platzer, A., Nistor, L.: Adaptive cruise control: hybrid, distributed, and now formally verified. In: Butler, M., Schulte, W. (eds.) FM 2011. LNCS, vol. 6664, pp. 42–56. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  14. 14.
    Lynch, N.A., Segala, R., Vaandrager, F.W.: Hybrid I/O automata. Inf. Comput. 185(1), 105–157 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Madl, G., Abdelwahed, S., Karsai, G.: Automatic verification of component-based real-time CORBA applications. In: Proceedings of the 25th IEEE Real-Time Systems Symposium (RTSS), 5–8 December 2004, pp. 231–240. IEEE Computer Society (2004)Google Scholar
  16. 16.
    Mitsch, S., Ghorbal, K., Platzer, A.: On provably safe obstacle avoidance for autonomous robotic ground vehicles. In: Newman, P., Fox, D., Hsu, D. (eds.) Robotics: Science and Systems IX, Technische Universität Berlin, 24–28 June 2013Google Scholar
  17. 17.
    Mitsch, S., Loos, S.M., Platzer, A.: Towards formal verification of freeway traffic control. In: ICCPS, pp. 171–180. IEEE/ACM (2012)Google Scholar
  18. 18.
    Müller, A., Mitsch, S., Platzer, A.: Verified traffic networks: component-based verification of cyber-physical flow systems. In: 18th IEEE Intelligent Transportation Systems Conference (ITSC), pp. 757–764. IEEE (2015)Google Scholar
  19. 19.
    Müller, A., Mitsch, S., Retschitzegger, W., Schwinger, W., Platzer, A.: A component-based approach to hybrid systems safety verification. Technical report CMU-CS-16-100, Carnegie Mellon (2016)Google Scholar
  20. 20.
    Cuijpers, P.J.L., Reniers, M.A.: Hybrid process algebra. J. Log. Algebr. Program. 62(2), 191–245 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Platzer, A.: Differential-algebraic dynamic logic for differential-algebraic programs. J. Log. Comput. 20(1), 309–352 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Platzer, A.: The complete proof theory of hybrid systems. In: Proceedings of the 27th Annual IEEE Symposium on Logic in Computer Science, LICS, 25–28 June 2012, pp. 541–550. IEEE Computer Society (2012)Google Scholar
  23. 23.
    Platzer, A.: A uniform substitution calculus for differential dynamic logic. In: Felty and Middeldorp [6], pp. 467–481Google Scholar
  24. 24.
    Schiffelers, R.R.H., van Beek, D.A., Man, K.L., Reniers, M.A., Rooda, J.E.: Formal semantics of hybrid chi. In: Larsen, K.G., Niebert, P. (eds.) FORMATS 2003. LNCS, vol. 2791, pp. 151–165. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  25. 25.
    Ringert, J.O., Rumpe, B., Wortmann, A.: From software architecture structure and behavior modeling to implementations of cyber-physical systems. In: Wagner, S., Lichter, H. (eds.) Software Engineering 2013 - Workshopband. LNI, vol. 215, 26 February – 1 March, 2013, pp. 155–170. GI (2013)Google Scholar
  26. 26.
    Ruchkin, I., Schmerl, B.R., Garlan, D.: Architectural abstractions for hybrid programs. In: Kruchten, P., Becker, S., Schneider, J. (eds.) Proceedings of the 18th International ACM SIGSOFT Symposium on Component-Based Software Engineering, CBSE 2015, 4–8 May 2015, pp. 65–74. ACM (2015)Google Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Andreas Müller
    • 1
    Email author
  • Stefan Mitsch
    • 1
  • Werner Retschitzegger
    • 1
  • Wieland Schwinger
    • 1
  • André Platzer
    • 2
  1. 1.Department of Cooperative Information SystemsJohannes Kepler UniversityLinzAustria
  2. 2.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations