[PPT] - (Belief) Dynamic Doxastic Differential Dynamic Logic (d4L) for PowerPoint Presentation

SLIDE 1

Dynamic Doxastic Differential Dynamic Logic (d4L) for Belief-Aware Cyber Physical Systems

João G. Martins1,2, André Platzer2, João Leite1

1

(Belief)

1 2

SLIDE 2

Discrete control Continuous movement

2

Cyber-Physical Systems (CPS)

SLIDE 3

Belief-aware Cyber-Physical Systems

3

altitude Control Action

SLIDE 4

Belief-aware Cyber-Physical Systems

Sensors are noisy
Incomplete information
Imperfect information

4

Information Control Action

SLIDE 5

First principles approach

5

1. Real arithmetic
2. World change
3. Beliefs
4. Belief change
5. Sequent calculus

Belief-aware Cyber-Physical Systems

SLIDE 6

6

bs; btctrl; phys

ctrl; phys

What we want

Belief-aware Cyber-Physical Systems

SLIDE 7

Belief-aware CPS Logic

Foundations: first order real arithmetic

Arithmetic operators: +, -, ✕, ÷ Propositions: <, ≤, >, ≥, = Connectives: ∧, ∨, →, ¬ Quantifiers: ∀, ∃

7

SLIDE 8

Belief-aware CPS Logic

Changing World Semantics

F G G G model m

d

e l model

Syntax

F → [model] G

8

SLIDE 9

Belief-aware CPS Logic

Changing World

9

Syntax

x’ = f(x) ?F α* x := Θ α; β α ∪ β

SLIDE 10

Belief-aware CPS Logic

Changing World

10

Syntax

autopilot := 1 x’ = f(x) ?F α* α; β α ∪ β

SLIDE 11

Belief-aware CPS Logic

Changing World

11

Syntax

alt’ = yvel ?F α* x := Θ α; β α ∪ β

SLIDE 12

Belief-aware CPS Logic

Changing World

12

Syntax

x’ = f(x) yvel := 1; alt’ = yvel ?F α* x := Θ α ∪ β

SLIDE 13

Belief-aware CPS Logic

Changing World Syntax

13

x’ = f(x) yvel := 1 ∪ yvel := -1 ?F α* x := Θ α; β

SLIDE 14

Belief-aware CPS Logic

Changing World Syntax

14

x’ = f(x) ?yvel < 1 α* x := Θ α; β α ∪ β

SLIDE 15

Belief-aware CPS Logic

Changing World Syntax

15

x := Θ x’ = f(x) α; β ?F (autopilot := 1 - autopilot)* α ∪ β

SLIDE 16

Belief-aware CPS Logic

Belief: possible world semantics

16

B(Low)

L H L L

L L

¬P(High) P(High) ¬B(Low) draw arrows between worlds, also maybe add forall and exists

SLIDE 17

Belief-aware CPS Logic

Modalities: overview

17

Universal Existential

draw arrows between worlds, also maybe add forall and exists

Logical Dynamic Doxastic

∀ ∃ ♢ P ⃞ B

Universe Reals Transitions Possible worlds

SLIDE 18

Belief-aware CPS Logic

Belief-triggered control

18

?alt > 10; yinput := -1 ?B(alt > 10); yinput := -1

SLIDE 19

Belief-aware CPS Logic

Belief: guiding principles

19

How to learn new information?

SLIDE 20

Belief-aware CPS Logic

Learning operator

20

L(α) x := Θ x’ = f(x) α; β ?F α ∪ β α* Learning as a program “Unified” language of change xp := Θ α; β ?F α ∪ β

SLIDE 21

Belief-aware CPS Logic

Learning operator

21

Observable action α or β: but which? α; L(α)

Suspect α happened
All outcomes of α possible
World does not change

L(α ∪ β) L(α)

SLIDE 22

Belief-aware CPS Logic

Learning operator

22

Transition-based change Doxastic change A A A A A A

L(A)

Physical world Possible worlds A L(A)

SLIDE 23

Belief-aware CPS Logic

Learning new information

23

B A B A A B

Multiple possible worlds

Execute at each world
All transition
All outcomes indistinguishable

[L(A ∪ B)] F

SLIDE 24

Belief-aware CPS Logic

Doxastic variables

State variable: alt Real world Possible worlds Perception

24

Belief-aware CPS Logic

Doxastic variable: altp Belief: B(altp > 10)

SLIDE 25

Belief-aware CPS Logic

Learning and sensors

25

Perfect sensor L(?altp = alt) Imperfect sensor L(?|altp - alt| < ε) L(altp := alt)

SLIDE 26

Belief-aware CPS Logic

Calculus for belief change

26

Proof rules for learned programs

xp := Θ α ; β α ∪ β ?F

SLIDE 27

C ⊢ [L(xp := Θ)] F(xp) C ⊢ F(Θ) Sound rule

27

Belief-aware CPS Logic

Calculus for belief change: assignment

Syntactic substitution = semantic substitution
Under admissibility
Technically complex

SLIDE 28

C ⊢ [L(α ; β)] F C ⊢ [L(α) ; L(β)] F Sound rule

28

Belief-aware CPS Logic

Calculus for belief change: sequential composition

Reduced to non-learned sequential composition

SLIDE 29

C ⊢ [L(?F)]G C ⊢ B(F) → G Sound rule CB, CP, CR ⊢ [L(?F)]G CB, CR ⊢ B(F) → G Sound rule

29

Belief-aware CPS Logic

Possibility Learned Context Current

Calculus for belief change: test

SLIDE 30

Belief-aware CPS Logic

Calculus for belief change: choice

30

L(?high ∪ ?low) L(?high) ∪ L(?low) L(α ∪ β) ≠ L(α) ∪ L(β)

SLIDE 31

31

Belief-aware CPS Logic

C ⊢ [α ∪ β] F C ⊢ [α] F ∧ [β] F

Calculus for belief change: choice

Traditional choice rules C ⊢ ⟨α ∪ β⟩ F C ⊢ ⟨α⟩ F ∨ ⟨β⟩ F No longer work Need case distinction

SLIDE 32

Sound rules

32

Belief-aware CPS Logic

C ⊢ [L(α ∪ β)] B(F) C ⊢ [L(α)] B(F) ∧ [L(β)] B(F) C ⊢ ⟨L(α ∪ β)⟩ P(F) C ⊢ ⟨L(α)⟩ P(F) ∨ ⟨L(β)⟩ P(F)

Calculus for belief change: choice

Most conservative of:

Dynamic modality
Doxastic modality

[]B, []P, ⟨⟩B ⟨⟩P

SLIDE 33

Belief-aware CPS Logic

Calculus for belief change

33

Theorem: the calculus for belief change is sound. Theorem: the calculus for world change is sound. [1]

[1] Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reas. 41(2), 143–189 (2008)

SLIDE 34

Case study: altitude control

Overview

34

Desired altitude

real altitude perceived altitude

= 0

SLIDE 35

Case study: altitude control

A new standard pattern Safety

pre → [(obs; btctrl; phys)*] safe

35

SLIDE 36

Case study: altitude control

Full model

36

T > 0 ∧ alt > 0 ∧ ε > 0 → [( L(?altp - alt < ε); ?B(altp - T - ε > 0); yv := -1 ∪ ?P(altp - T - ε ≤ 0); yv := 1 t := 0; t’ = 1, alt’ = yv & t < T )*] alt > 0

bs

btctrl phys

✓ verified

SLIDE 37

Devil’s advocate: modeling trick

37

Case study: altitude control

T > 0 ∧ alt > 0 ∧ ε > 0 → [( L(?altp - alt < ε); ?B(altp - T - ε > 0); yv := -1 ∪ ?P(altp - T - ε ≤ 0); yv := 1 t := 0; t’ = 1, alt’ = yv & t < T )*] alt > 0

bs

btctrl phys

SLIDE 38

38

Relies on modal resolution of nondeterminism

Only for safety ⃞, not liveness ♢

Changes arithmetic

?P(altp - T - ε > A) becomes ?altp - T + ε > A
Obscures doxastic intuitions
Quickly becomes complex

Modeling trick: limitations

Case study: altitude control

SLIDE 39

d4L: a logic for verifying belief-aware CPS

Theoretical

Semantics for changing belief in a changing world
General learning operator
Sequent calculus in the reals

Practical

Belief-triggered controllers
First principles verification for belief-aware CPS

39

Conclusion

SLIDE 40

40

Thank you

Questions?

SLIDE 41

41

Appendix

Test, possibility & completeness
Beliefs about beliefs
Repeated contraction of possible worlds
Learning in uncountable domains
Doxastic assignment, xp := Θ vs x := Θ
Learning operator semantics

Possibility & completeness

42

Appendix

CB, CP, CR ⊢ [L(?F)]G CB, CR ⊢ B(F) → G Hard to know which P to keep

¬F P F F P ¬F

VS

SLIDE 43

Belief: requirements

43

Appendix

Ba(F) → [Lb(α)] Ba(F) Desired axiom Impossible in Kripke models No calculus, but easy semantics

SLIDE 44

Belief: contraction of possible worlds

44

Appendix

x := * ≡ x’ =1; x’ = -1 Nondeterministic assignment Nondeterministic doxastic assignment xp := * L(xp := *; ?F(xp))

SLIDE 45

Learning in uncountable domains

45

Appendix

Action model/Epistemic actions [A,e]G ↔ ⋀eRf [A,f]G Conjunction of all possible worlds

Impossible for reals

SLIDE 46

Doxastic assignment vs regular assignment

46

Appendix

C ⊢ [L(x := Θ; β(x))] F C ⊢ [L(x := Θ) ; L(β(x))] F Unsound proof rule C ⊢ [L(x := Θ; β(x))] F C ⊢ [L(x := Θ) ; L(β(xp))] F Still unsound proof rule

SLIDE 47

Learning operator semantics

47