an axiomatic approach to liveness for differential
play

An Axiomatic Approach to Liveness for Differential Equations Yong - PowerPoint PPT Presentation

Oct 22, 2023 •435 likes •1.09k views

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1 Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete

  1. An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr´ e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1

  2. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 2

  3. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 3

  4. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise 4

  5. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise Continuous dynamics: x ′ = v , v ′ = a � �� � Ordinary Differential Equations (ODEs) 4

  6. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise Continuous dynamics: x ′ = v , v ′ = a � �� � ODEs need proofs too! 4

  7. Correctness Specifications for CPSs � Safely under speed limit 5

  8. Correctness Specifications for CPSs � Safely under speed limit � Safely under speed limit 5

  9. Correctness Specifications for CPSs � Safely under speed limit � Gets to destination System is safe and live � Safely under speed limit × Not moving at all! System is safe but not live 5

  10. ODEs and Domain Constraints Ordinary Differential Equation (ODE) � �� � x ′ = f ( x ) ODE : Models continuous physics of the system x' = f ( x ) Trains drive on tracks prescribed by the ODEs. 6

  11. ODEs and Domain Constraints ODE with domain Q � �� � x ′ = f ( x ) & Q Domain : Specifies the domain of definition for ODEs x' = f ( x ) Q There are no train tracks across the national park! 6

  12. ⨯⨯ ⨯ ✓ Safety & Liveness for ODEs ODE with domain Q � �� � x ′ = f ( x ) & Q ] P Safety: [ ���� Safe region ✓ ⨯ ✓ P ✓ Q � Trains stay in Porto ( P ) while driving on tracks. 7

  13. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q � Trains stay in Porto ( P ) while � Trains reach Porto ( P ) by driving driving on tracks. on tracks. 7

  14. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q Prior work: complete invariance � Trains reach Porto ( P ) by driving proofs for ODE safety [LICS’18] on tracks. 7

  15. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q Prior work: complete invariance This talk: proving ODE liveness in proofs for ODE safety [LICS’18] differential dynamic logic (dL) 7

  16. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Goals of surveyed paper Differential Variants [1] Liveness proofs for inequalities Bounded/Compact Eventuality [3, 4] Automatic SOS liveness proofs Set Lyapunov Functions [5] Finding basin of attraction Staging Sets + Progress [6] Indirect liveness proofs for P Eq. Differential Variants [7] Synthesizing switching logic Liveness arguments in the literature are used for a wide variety of purposes. 8

  17. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Without Domains With Domains Differential Variants [1] × Bounded/Compact Eventuality [3, 4] × × Set Lyapunov Functions [5] × × Staging Sets + Progress [6] Eq. Differential Variants [7] × × Several arguments have technical glitches, making them unsound ( × ). 8

  18. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � Our approach formalizes the underlying liveness arguments in a sound ( � ), foundational, and uniform framework. It also corrects ( × � � ) the technical glitches. 8

  19. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Understand the core principles behind ODE liveness proofs. Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � 8

  20. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Understand the core principles behind ODE liveness proofs. Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � Yields generalizations of existing liveness arguments “for free”. New Liveness Arguments Without Domains With Domains - Higher Differential Variants � - [1] + [3, 4] + [6] � - [1] + [3, 4] + [6] + Higher Diff. Var. � 8

  21. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 9

  22. A Simple Liveness Refinement Portugal Porto Trains that reach Porto also reach Portugal since Porto is part of Portugal. � x ′ = f ( x ) � Porto → � x ′ = f ( x ) � Portugal � 10

  23. A Simple Liveness Refinement Portugal Porto Braga Can train reach Porto if it reaches Braga? Not true for all trains. � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto ? 10

  24. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga → � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � 10

  25. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga → � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � � �� � � �� � Known liveness property Desired liveness property 10

  26. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 10

  27. A Simple Liveness Refinement Portugal Porto Braga Key Idea: Liveness arguments can and should be understood using liveness refinement steps. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 10

  28. ⋀ Diamond Refinement Axioms [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 11

  29. ⋀ Diamond Refinement Axioms [ x ′ = f ( x ) & ¬ P ] ¬ B → � � x ′ = f ( x ) � B →� x ′ = f ( x ) � P � 11

  30. ⋀ Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P → B P B Q Q � �� � � �� � Known liveness property Desired liveness property 11

  31. Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P → → B B P B Q ⋀ ¬ P Q Q � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 11

  32. Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P DR �·� [ x ′ = f ( x ) & R ] Q → � � x ′ = f ( x ) & R � P → � x ′ = f ( x ) & Q � P � R R R → → P P Q Q � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 12

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan Computer Science Department, Carnegie Mellon University INRIA, 30th Apr 2020 1 / 34 Motivation: Cyber-Physical Systems (CPSs) Cyber-Physical System:

1.14k views • 89 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

THE LEPTON SECTOR AS AN AXIOMATIC-LIKE CONSTRUCTION O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like construction? Unique approach and unification of mathematical formalism. STABLE LEPTONS

164 views • 15 slides
An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a

An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a

ICALP01 Hers onisos, Crete, July 2001 An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a di Udine, Italy miculan@dimi.uniud.it Joint work with Furio Honsell and Ivan Scagnetto Research

470 views • 25 slides
Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement is a kind of Update Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P . Bisquert, C. Cayrol, F . Dupin de Saint-Cyr, MC. Lagasquie IRIT, Toulouse University, France July 2013 F. Dupin de

752 views • 71 slides
The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek,

The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek,

The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek, Talal Rahwan, Tomasz Michalak University of Warsaw, NYU Abu Dhabi Motivation Investigation of criminal networks Investigation of criminal networks

754 views • 56 slides
An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr

An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr

An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr Dept. of Computer Engineering & Informatics Computer Technology Institute & Press University of Patras, Greece Diophantus 1 / 36

1.18k views • 116 slides
9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses the semantics of a programming language by associating with the language a mathematical theory fo r p roving properties of programs written in

1.02k views • 98 slides
A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A.

A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A.

Introduction Previous methods The new approach Conclusion and prescriptive A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A. Barkatou, Joelle Saad , J-A. Weil XLIM, Universit de Limoges

881 views • 49 slides
An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh

An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh

Topos Theory Elementary ( , 1) -Topos An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh Max-Planck-Institut f ur Mathematik July 8th, 2019 Nima Rasekh - MPIM A Theory of Elementary ( ,

444 views • 22 slides
Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille Artho, Viktor Schuppan http://www.inf.ethz.ch/schuppan/ Safety vs. Liveness 1 Safety Liveness Something bad will not Something good will

480 views • 31 slides
The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as Menni Conicet and Universidad Nacional de La Plata - Argentina The Nullstellenzatz in Axiomatic Cohesion p. 1/17 A science of cohesion An

940 views • 59 slides
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and Philipp Ruemmer Summary of results Automatic method for proving liveness for randomised parameterised systems, e.g., Randomised Self-Stabilising

484 views • 45 slides
Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner Alexander Ivrii Ziv Nevo IBM Outline Generalized counterexamples to liveness and why they are especially interesting How to detect that a

135 views • 12 slides
Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for

Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for

Characterisation Results COMSOC 2012 Characterisation Results COMSOC 2012 Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss

190 views • 7 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan

Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan

Ghosts for Lists: from Axiomatic to Executable Specifications Frdric Loulergue Allan Blanchard Nikolai Kosmatov June 29, 2018 @ Tests & Proofs 2018 0/21 - F.Loulergue, A.Blanchard, N.Kosmatov - June 29, 2018 Contents 01.

749 views • 31 slides
JML Model Fields Christian Engel ITI, Universit at Karlsruhe 08. Juni 2005 Christian Engel

JML Model Fields Christian Engel ITI, Universit at Karlsruhe 08. Juni 2005 Christian Engel

JML What are model fields? Translation to JavaDL Demo JML Model Fields Christian Engel ITI, Universit at Karlsruhe 08. Juni 2005 Christian Engel JML Model Fields JML What are model fields? Translation to JavaDL Demo Outline JML 1

563 views • 29 slides
Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of

Justification Logic Who? Natalia Kotsani - based on the work of S. Artemov (The Logic of Justification, 2008) When? 28 November 2012 Table of contents 3.Basic Systems Justification Logic J 0 Logical Awareness Constants Specification Basic

293 views • 15 slides
Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right

These slides are based on Jonathan Jackys The Way of Z Forward Editor ch ? : CHAR Formal Specification with Z ch ? = right arrow Software Engineering Software Engineering right = Andreas Zeller Saarland University

417 views • 24 slides
Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software

Operational Semantics This course Why semantics? y := 1; precise specification of software and while ( x = 1) do ( y := x y ; x := x 1) hardware First we assign 1 to y , then we test whether facilitate reasoning about systems:

355 views • 10 slides
Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest

Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest

Programming Language Elements for Correctness Proofs Gergely Dvai ELTE University, Budapest Department of Programming Languages and Compilers Supervisor: Dr. Zoltn Csrnyei Motivation A considerable part of software products' life

204 views • 19 slides
Specifications and formal program development in-the-large What are specifications for? For

Specifications and formal program development in-the-large What are specifications for? For

Specifications and formal program development in-the-large What are specifications for? For the system user: specification captures the properties of the system the user can rely on. For the system developer: specification captures all the

297 views • 26 slides
F oundations of Soft w a re Engineering/Europ ean Soft w a re Engineering Conference,

F oundations of Soft w a re Engineering/Europ ean Soft w a re Engineering Conference,

F oundations of Soft w a re Engineering/Europ ean Soft w a re Engineering Conference, Zurich, Sep 97 Subt yp es fo r Sp ecications John Rushb y Computer Science Lab o rato ry SRI International Menlo P a rk,

480 views • 37 slides

More recommend