A Mechanically Verified Theory of Contracts

TL;DR

This paper presents a formal, verified theoretical framework for assume/guarantee contracts in cyber-physical systems, enabling sound modular verification of complex heterogeneous systems using proof assistant Coq.

Contribution

It introduces the first formal, mechanically verified assume/guarantee contract theory applicable to hybrid logics for CPS modeling.

Findings

Formalized contract theory in Coq with correctness proofs

Applicable to hybrid logics for complex CPS modeling

Enables sound modular verification of heterogeneous systems

Abstract

Cyber-physical systems (CPS) are assemblies of networked, heterogeneous, hardware, and software components sensing, evaluating, and actuating a physical environment. This heterogeneity induces complexity that makes CPSs challenging to model correctly. Since CPSs often have critical functions, it is however of utmost importance to formally verify them in order to provide the highest guarantees of safety. Faced with CPS complexity, model abstraction becomes paramount to make verification attainable. To this end, assume/guarantee contracts enable component model abstraction to support a sound, structured, and modular verification process. While abstractions of models by contracts are usually proved sound, none of the related contract frameworks themselves have, to the best of our knowledge, been formally proved correct so far. In this aim, we present the formalization of a generic assume/guarantee contract theory in the proof assistant Coq. We identify and prove theorems that ensure its correctness. Our theory is generic, or parametric, in that it can be instantiated and used with any given logic, in particular hybrid logics, in which highly complex cyber-physical systems can uniformly be described.