04: Safety & Contracts 15-424: Foundations of Cyber-Physical - - PowerPoint PPT Presentation

04 safety contracts
SMART_READER_LITE
LIVE PREVIEW

04: Safety & Contracts 15-424: Foundations of Cyber-Physical - - PowerPoint PPT Presentation

Feb 21, 2024 423 likes •701 views

04: Safety & Contracts 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

slide-1
SLIDE 1

04: Safety & Contracts

15-424: Foundations of Cyber-Physical Systems Andr´ e Platzer

aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA

0.2 0.4 0.6 0.8 1.0

0.1 0.2 0.3 0.4 0.5

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 1 / 7

slide-2
SLIDE 2

Outline

1

Learning Objectives

2

Quantum the Acrophobic Bouncing Ball

3

Contracts for CPS Safety of Robots Safety of Bouncing Balls

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 2 / 7

slide-3
SLIDE 3

Outline

1

Learning Objectives

2

Quantum the Acrophobic Bouncing Ball

3

Contracts for CPS Safety of Robots Safety of Bouncing Balls

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 2 / 7

slide-4
SLIDE 4

Learning Objectives: Safety & Contracts

CT M&C CPS rigorous specification contracts preconditions postconditions differential dynamic logic discrete+continuous analytic reasoning model semantics reasoning principles

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 3 / 7

slide-5
SLIDE 5

Outline

1

Learning Objectives

2

Quantum the Acrophobic Bouncing Ball

3

Contracts for CPS Safety of Robots Safety of Bouncing Balls

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 3 / 7

slide-6
SLIDE 6

Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-7
SLIDE 7

Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

x′ = v, v′ = −g & x ≥ 0

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-8
SLIDE 8

Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

x′ = v, v′ = −g & x ≥ 0; if(x = 0) v := −cv

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-9
SLIDE 9

Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-10
SLIDE 10

Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-11
SLIDE 11

Quantum Discovered a Crack in the Fabric of Time

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-12
SLIDE 12

Quantum Discovered a Crack in the Fabric of Time

t x j 2 4 6 8 10 12 t0 t1 t2 t3 t4 t5 t6

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-13
SLIDE 13

Quantum Discovered a Crack in the Fabric of Time

t x j 2 4 6 8 10 12 t0 t1 t2 t3 t4 t5 t6

t j 1 2 3 4 5 6 7 8 9 10 11 12 t0 t1 t2 t3 t4 t5 t6

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-14
SLIDE 14

Outline

1

Learning Objectives

2

Quantum the Acrophobic Bouncing Ball

3

Contracts for CPS Safety of Robots Safety of Bouncing Balls

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

slide-15
SLIDE 15

Safety of Robots

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

slide-16
SLIDE 16

Safety of Robots

Three Laws of Robotics Isaac Asimov

1 A robot may not injure a human being or, through inaction, allow a

human being to come to harm.

2 A robot must obey the orders given to it by human beings, except

where such orders would conflict with the First Law.

3 A robot must protect its own existence as long as such protection

does not conflict with the First or Second Law.

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

slide-17
SLIDE 17

Safety of Robots

Three Laws of Robotics Isaac Asimov

1 A robot may not injure a human being or, through inaction, allow a

human being to come to harm.

2 A robot must obey the orders given to it by human beings, except

where such orders would conflict with the First Law.

3 A robot must protect its own existence as long as such protection

does not conflict with the First or Second Law.

Three Laws of Robotics are not the answer. They are the inspiration!

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

slide-18
SLIDE 18

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-19
SLIDE 19

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@ensures(0 ≤ x)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-20
SLIDE 20

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@ensures(0 ≤ x) @ensures(x ≤ H)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-21
SLIDE 21

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@requires(x = H) @ensures(0 ≤ x) @ensures(x ≤ H)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-22
SLIDE 22

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@requires(x = H) @requires(0 ≤ H) @ensures(0 ≤ x) @ensures(x ≤ H)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-23
SLIDE 23

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@requires(x = H) @requires(0 ≤ H) @ensures(0 ≤ x) @ensures(x ≤ H)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗@invariant(x ≥ 0)

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-24
SLIDE 24

Contracts for Quantum the Acrophobic Bouncing Ball

Example (Quantum the Bouncing Ball)

@requires(x = H) @requires(0 ≤ H) @ensures(0 ≤ x) @ensures(x ≤ H)

  • x′ = v, v′ = −g & x ≥ 0;

if(x = 0) v := −cv ∗@invariant(x ≥ 0)

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

slide-25
SLIDE 25

Developed on the board:

1 Differential dynamic logic dL as a precise specification language for

CPS

2 Translation of contracts for bouncing ball to logical formula in dL 3 Syntax and semantics of dL

See lecture notes for details [1].

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 7 / 7

slide-26
SLIDE 26

Andr´ e Platzer. Foundations of cyber-physical systems. Lecture Notes 15-424/624, Carnegie Mellon University, 2016. URL: http://www.cs.cmu.edu/~aplatzer/course/fcps16.html. Andr´ e Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg, 2010. doi:10.1007/978-3-642-14509-4.

Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 7 / 7