Abstract:Deductive verification of hybrid systems (HSs) increasingly attracts more attention in recent years because of its power and scalability, where a powerful specification logic for HSs is the cornerstone. Often, HSs are naturally modelled by concurrent processes that communicate with each other. However, existing specification logics cannot easily handle such models. In this paper, we present a specification logic and proof system for Hybrid Communicating Sequential Processes (HCSP), that extends CSP with ordinary differential equations (ODE) and interrupts to model interactions between continuous and discrete evolution. Because it includes a rich set of algebraic operators, complicated hybrid systems can be easily modelled in an algebra-like compositional way in HCSP. Our logic can be seen as a generalization and simplification of existing hybrid Hoare logics (HHL) based on duration calculus (DC), as well as a conservative extension of existing Hoare logics for concurrent programs. Its assertion logic is the first-order theory of differential equations (FOD), together with assertions about traces recording communications, readiness, and continuous evolution. We prove continuous relative completeness of the logic w.r.t. FOD, as well as discrete relative completeness in the sense that continuous behaviour can be arbitrarily approximated by discretization. Finally, we implement the above logic in Isabelle/HOL, and apply it to verify two case studies to illustrate the power and scalability of our logic.
What problem does this paper attempt to address?
The main problem that this paper attempts to solve is the deficiencies of existing formal verification methods in dealing with hybrid systems (HSs), especially the interaction between continuous and discrete behaviors in these systems and the complexity of concurrent communication. Specifically, the paper points out:
1. **Existing formal verification methods**: Most existing formal verification methods are based on automaton models, such as hybrid automata (HA). However, these methods are usually undecidable when dealing with the reachability problems of most systems, except for some special linear and nonlinear systems. Therefore, in practical applications, people mainly focus on how to approximate the reachable set through different geometric objects, but this leads to the imprecision and scalability problems of the methods.
2. **Existing logical systems**: Although there are some formal systems (such as differential dynamic logic dL and hybrid Hoare logic HHL) that can be used to reason about hybrid systems, these systems have limitations in dealing with concurrency and communication. For example, dL does not provide explicit concurrency and communication operators, and the method of HHL based on duration calculus (DC) is too complex to handle general continuous behaviors and lacks a logical foundation, such as relative completeness.
To overcome these limitations, the paper proposes a new formal system - generalized hybrid Hoare logic (GHHL). The main contributions of GHHL include:
- **Introduction of the concept of trace**: By introducing the concept of trace, which records the communication history, ready state, and continuous behavior, concurrency and communication can be processed in a combined way.
- **Relative completeness of the logic**: It is proved that GHHL has relative completeness in continuous and discrete aspects, which provides a theoretical basis for verifying complex hybrid systems.
- **Implementation and application**: This logical system is implemented in Isabelle/HOL and applied to two case studies to verify a simplified lunar lander control system and a scheduling control task system.
In conclusion, this paper aims to solve the deficiencies of existing methods in dealing with concurrent communication and continuous - behavior interaction in hybrid systems by proposing a new formal system GHHL, and improve the efficiency and accuracy of formal verification.