In industrial-sized cyber-physical systems, ensuring fulfillment of requirements gets increasingly more costly as the number of components increases. To make the task feasible, compositional verification has been suggested as a scalable solution. Such techniques allow verification by divide-and-conquer, often using assume-guarantee contracts. Although previous research has focused mostly on the non-probabilistic setting, in the real world, probabilities often arise due to random hardware failures, stochastic communication delays, sensor ghost objects, machine learning components, rounding errors caused by finite-precision arithmetic, human behavior, and probabilistic algorithms. Therefore, for contract theories to be practically relevant to cyber-physical systems, there is a need to support probabilistic reasoning, for instance regarding safety and reliability. To this end, we propose a completely trace-based probabilistic contract theory, supporting general probability measures, continuous time, and continuous state spaces. To verify decompositions of such contracts, we also present a deductive system, which is illustrated on an industrially inspired automatic emergency braking example.

According to the principles of compositional verification, verifying that lower-level components satisfy their specification ensures that the whole system satisfies its top-level specification. The key step is to ensure that the lower-level specifications constitute a correct decomposition of the top-level specification. In a non-stochastic context, such decomposition can be analyzed using techniques of theorem proving. In industrial applications, especially in safety-critical systems, specifications are often of stochastic nature, for example, giving a bound on the probability that a system failure will occur before a given time. A decomposition of such a specification requires techniques beyond traditional theorem proving. The first contribution of the paper is a theoretical framework that allows the representation of, and reasoning about, stochastic and timed behavior of systems as well as specifications for such behavior. The framework is based on traces that describe the continuous-time evolution of a system, and specifications are formulated using timed automata combined with probabilistic acceptance conditions. The second contribution is a novel approach to verifying decompositions of such specifications by reducing the problem to checking emptiness of the solution space for a system of linear inequalities.

Compositional verification allows a system to be verified indirectly by verifying the individual components of the system. The keystep is to ensure that the decomposition of the system specification intocomponent specifications is correct. That is, it needs to be verified thatthe composition of the component specifications refines the system specification. In many cyber-physical systems, specifications are probabilisticin nature. For instance, a specification might state that the probabilityof reaching an unsafe state within 10.000 hours shall be less than 0.05.Verifying refinement under such assumptions requires techniques beyondtraditional theorem proving. This paper presents a solution where specifications are built up by probabilistic contracts based upon timed automata. In particular, the main contribution is an algorithm for verifyingrefinement between such specifications. The algorithm utilizes a reduction to the language emptiness problem, making the algorithm terminateafter a finite number of computations

Compositional verification allows a system to be verified indirectly by verifying the individual components of the system. The key step is to ensure that the decomposition of the system specification into component specifications is correct. That is, it needs to be verified that the composition of the component specifications refines the system specification. In many cyber-physical systems, specifications are probabilistic in nature. For instance, a specification might state that the probability of reaching an unsafe state within 10.000 h shall be less than 0.05. Verifying refinement under such assumptions requires techniques beyond traditional theorem proving. This paper presents a solution where specifications are built up by probabilistic contracts based upon timed automata. In particular, the main contribution is an algorithm for verifying refinement between such specifications. The algorithm utilizes a reduction to the language emptiness problem, making the algorithm terminate after a finite number of computations.

Although commonly used in industry, a major drawback of Stateflow is that it lacks support for stochastic properties; properties that are often needed to build accurate models of real-world systems. In order to solve this problem, as the first contribution, Stochastic Stateflow (SSF) is presented as a stochastic extension of a subset of Stateflow models. As the second contribution, the tool SMP-tool is updated with support for SSF models specified in Stateflow. Finally, as the third contribution, an industrial case study is presented.  

According to the principles of compositional verification, verifying that lower-level components satisfy their specification will ensure that the whole system satisfies its top-level specification. The key step is to ensure that the lower-level specifications constitute a correct decomposition of the top-level specification. In a non-stochastic context, such decomposition can be analyzed using techniques of theorem proving. In industrial applications, especially for safety-critical systems, specifications are often of stochastic nature, for example giving a bound on the probability that system failure will occur before a given time. A decomposition of such a specification requires techniques beyond traditional theorem proving. The first contribution of the paper is a theoretical framework that allows the representation of, and reasoning about, stochastic and timed behavior of systems as well as specifications for such behaviors. The framework is based on traces that describe the continuoustime evolution of a system, and specifications are formulated using timed automata combined with probabilistic acceptance conditions. The second contribution is a novel approach to verifying decomposition of such specifications by reducing the problem to checking emptiness of the solution space for a system of linear inequalities.