Refinements of Hybrid Dynamical Systems Logic

Hybrid dynamical systems describe the mixed discrete dynamics and continuous dynamics of cyber-physical systems such as aircraft, cars, trains, and robots. To justify correctness of their safety-critical controls for their physical models, differential dynamic logic (dL) provides deductive specification and verification techniques implemented in the theorem prover KeYmaera X. The logic dL is useful for proving, e.g., that all runs of a hybrid dynamical system are safe ([alpha]phi), or that there is a run of the hybrid dynamical system ultimately reaching the desired goal (<alpha>phi). Combinations of dL's operators naturally represent safety, liveness, stability and other properties. Variations of dL serve additional purposes. Differential refinement logic (dRL) adds an operator alpha <= ss expressing that hybrid system a refines hybrid system ss, which is useful, e.g., for relating concrete system implementations to their abstract verification models. Just like dL, dRL is a logic closed under all operators, which opens up systematic ways of simultaneously relating systems and their properties, of reducing system properties to system relations or, vice versa, reducing system relations to system properties. Differential game logic (dGL) adds the ability of referring to winning strategies of players in hybrid games, which is useful for establishing correctness properties of systems where the actions of different agents may interfere. dL and its variations have been used in KeYmaera X for verifying ground robot obstacle avoidance, the Next-Generation Airborne Collision Avoidance System ACAS X, and the kinematics of train control in the Federal Railroad Administration model with track terrain influence and air pressure brake propagation.