foundations of cyber physical systems
play

Foundations of Cyber-Physical Systems Andr e Platzer - PowerPoint PPT Presentation

Feb 03, 2024 •221 likes •1.94k views

Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e Platzer (CMU) Foundations of

  1. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m x ′ = v , v ′ = a a := − b assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  2. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m x ′ = v , v ′ = a ( if (SB( x , m )) a := − b ) test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  3. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) [ α ] φ φ α seq. compose ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  4. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) [ α ] φ φ α seq. nondet. compose repeat � ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  5. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m �� ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m � �� � post 0.5 a 6 v x all runs 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  6. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m �� ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  7. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α nondet. x � = m choice �� (? ¬ SB( x , m ) ∪ a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  8. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α nondet. x � = m test choice �� (? ¬ SB( x , m ) ∪ a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 10 / 40

  9. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far cls x � = m brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 11 / 40

  10. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 11 / 40

  11. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 11 / 40

  12. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk Not fsa Compositional far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 11 / 40

  13. Differential Dynamic Logic d L : Syntax Definition (Hybrid program a ) x := f ( x ) | ? Q | x ′ = f ( x ) & Q | a ∪ b | a ; b | a ∗ Definition (d L Formula P ) e 1 ≥ e 2 | ¬ P | P ∧ Q | ∀ x P | ∃ x P | [ a ] P | � a � P Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 12 / 40

  14. Differential Dynamic Logic d L : Syntax Discrete Differential Seq. Nondet. Test Nondet. Assign Equation Compose Repeat Condition Choice Definition (Hybrid program a ) x := f ( x ) | ? Q | x ′ = f ( x ) & Q | a ∪ b | a ; b | a ∗ Definition (d L Formula P ) e 1 ≥ e 2 | ¬ P | P ∧ Q | ∀ x P | ∃ x P | [ a ] P | � a � P All Some All Some Reals Reals Runs Runs Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 12 / 40

  15. Differential Dynamic Logic d L : Semantics Definition (Hybrid program semantics) ([ [ · ] ] : HP → ℘ ( S × S )) [ [ x := f ( x )] ] = { ( v , w ) : w = v except [ [ x ] ] w = [ [ f ( x )] ] v } [ [? Q ] ] = { ( v , v ) : v ∈ [ [ Q ] ] } [ x ′ = f ( x )] = x ′ = f ( x ) for some duration r } [ ] = { ( ϕ (0) , ϕ ( r )) : ϕ | [ [ a ∪ b ] ] = [ [ a ] ] ∪ [ [ b ] ] [ [ a ; b ] ] = [ [ a ] ] ◦ [ [ b ] ] � [ a n ] [ a ∗ ] [ ] = [ ] n ∈ N Definition (d L semantics) ([ [ · ] ] : Fml → ℘ ( S )) [ [ e 1 ≥ e 2 ] ] = { v : [ [ e 1 ] ] v ≥ [ [ e 2 ] ] v } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � a � P ] ] = [ [ a ] ] ◦ [ [ P ] ] = { v : w ∈ [ [ P ] ] for some w ( v , w ) ∈ [ [ a ] ] } [ [[ a ] P ] ] = [ [ ¬� a �¬ P ] ] = { v : w ∈ [ [ P ] ] for all w ( v , w ) ∈ [ [ a ] ] } ] = { v : v r [ [ ∃ x P ] x ∈ [ [ P ] ] for some r ∈ R } Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 13 / 40

  16. Differential Dynamic Logic d L : Transition Semantics x w if w ( x ) = [ [ f ( x )] ] v x := f ( x ) and w ( z ) = v ( z ) for z � = x v w v t 0 x ϕ ( t ) x ′ = f ( x ) & Q w v w Q v t r 0 x ′ = f ( x ) & Q x ? Q v no change if v ∈ [ [ Q ] ] if v ∈ [ [ Q ] ] otherwise no transition v t 0 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 14 / 40

  17. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w w v a t b a ∗ x w v v v 1 v 2 w a a a t Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 14 / 40

  18. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w v w a t b a ∗ x w v v v 1 v 2 w a a a t Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 14 / 40

  19. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w v w a t b ( a ; b ) ∗ x w v v v 1 v 2 w t a b a b a b Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 14 / 40

  20. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) P v P [ a ] P P Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  21. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) v P � a � P Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  22. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P a -span v Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  23. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P a -span v � b � P b -span Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  24. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P � b � [ a ]-span a -span v � b � P b -span Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  25. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P � b � [ a ]-span a -span v � b � P b -span compositional semantics ⇒ compositional proofs! Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 15 / 40

  26. Ex: Car Control Accelerate condition ? H Example ( Single car car s ) � ((? H ; a := A ) ∪ a := − b ); x ′ = v , v ′ = a & v ≥ 0 � ∗ 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 16 / 40

  27. Ex: Car Control Properties time-triggered H ≡ 2 b ( m − x ) ≥ v 2 + � �� A ε 2 + 2 ε v � A + b Example (Single car car ε time-triggered) � ((? H ; a := A ) ∪ a := − b ); t := 0; x ′ = v , v ′ = a , t ′ = 1 & v ≥ 0 ∧ t ≤ ε � ∗ Example ( Safely stays before traffic light m ) v 2 ≤ 2 b ( m − x ) ∧ A ≥ 0 ∧ b > 0 → [ car ε ] x ≤ m 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 17 / 40

  28. Ex: Car Control Properties time-triggered H ≡ 2 b ( m − x ) ≥ v 2 + � �� A ε 2 + 2 ε v � A + b Example (Single car car ε time-triggered) � ((? H ; a := A ) ∪ a := − b ); t := 0; x ′ = v , v ′ = a , t ′ = 1 & v ≥ 0 ∧ t ≤ ε � ∗ Example ( Live, can move everywhere) ε > 0 ∧ A > 0 ∧ b > 0 → ∀ p ∃ m � car ε � x ≥ p 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 17 / 40

  29. Outline CPS are Multi-Dynamical Systems 1 Hybrid Systems Hybrid Games Dynamic Logic of Dynamical Systems 2 Syntax Semantics Example: Car Control Design Proofs for CPS 3 Compositional Proof Calculus Example: Safe Car Control Theory of CPS 4 Soundness and Completeness Differential Invariants Example: Elementary Differential Invariants Differential Axioms Applications 5 Summary 6 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 17 / 40

  30. Differential Dynamic Logic: Axioms [:=] [ x := f ] p ( x ) ↔ p ( f ) [?] [? q ] p ↔ ( q → p ) [ ∪ ] [ a ∪ b ] p ( x ) ↔ [ a ] p ( x ) ∧ [ b ] p ( x ) [;] [ a ; b ] p ( x ) ↔ [ a ][ b ] p ( x ) [ ∗ ] [ a ∗ ] p ( x ) ↔ p ( x ) ∧ [ a ][ a ∗ ] p ( x ) K [ a ]( p ( x ) → q ( x )) → ([ a ] p ( x ) → [ a ] q ( x )) I [ a ∗ ]( p ( x ) → [ a ] p ( x )) → ( p ( x ) → [ a ∗ ] p ( x )) V p → [ a ] p [ x ′ = f ] p ( x ) ↔ ∀ t ≥ 0 [ x := x + ft ] p ( x ) DS LICS’12,CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 18 / 40

  31. Proofs for Hybrid Systems compositional semantics ⇒ compositional rules! Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 19 / 40

  32. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 19 / 40

  33. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) a ; b [ a ][ b ] p ( x ) v s w [ a ; b ] p ( x ) a b [ a ][ b ] p ( x ) [ b ] p ( x ) p ( x ) Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 19 / 40

  34. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) a ; b [ a ][ b ] p ( x ) v s w [ a ; b ] p ( x ) a b [ a ][ b ] p ( x ) [ b ] p ( x ) p ( x ) a ∗ p ( x ) p ( x ) → [ a ] p ( x ) p ( x ) p ( x ) p ( x ) → [ a ] p ( x ) [ a ∗ ] p ( x ) v w a a a Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 19 / 40

  35. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  36. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  37. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  38. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  39. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  40. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m J ( x , v ) → v 2 ≤ 2 b ( m − x ) 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  41. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m J ( x , v ) → v 2 ≤ 2 b ( m − x ) 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  42. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  43. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  44. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  45. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  46. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  47. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  48. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  49. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  50. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m J ( x , v ) →¬ SB → ( A ε + v ) 2 ≤ 2 b ( m − A 2 ε 2 − v ε − x ) QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  51. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m J ( x , v ) →¬ SB → ( A ε + v ) 2 ≤ 2 b ( m − A 2 ε 2 − v ε − x ) QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  52. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  53. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  54. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  55. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  56. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m previous proofs for braking and acceleration J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  57. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m previous proofs for braking and acceleration J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ 1 Proof is essentially deterministic “follow your nose” 2 Synthesize invariant J ( , ) and parameter constraint SB 3 J ( x , v ) is a predicate symbol to prove only once and instantiate later CADE’15 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  58. Outline CPS are Multi-Dynamical Systems 1 Hybrid Systems Hybrid Games Dynamic Logic of Dynamical Systems 2 Syntax Semantics Example: Car Control Design Proofs for CPS 3 Compositional Proof Calculus Example: Safe Car Control Theory of CPS 4 Soundness and Completeness Differential Invariants Example: Elementary Differential Invariants Differential Axioms Applications 5 Summary 6 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 20 / 40

  59. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 21 / 40

  60. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete Hybrid Continuous Discrete System JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 21 / 40

  61. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete Discrete Contin. Hybrid Theory Theory Theory Hybrid Continuous Discrete System JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 21 / 40

  62. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  63. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  64. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  65. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  66. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  67. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  68. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  69. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  70. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost y ′ = g ( x , y ) x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  71. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost y ′ = g ( x , y ) x inv x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 22 / 40

  72. Differential Invariants for Differential Equations Differential Invariant H → [ x ′ := f ( x )] F ′ F → [ x ′ = f ( x ) & H ] F Differential Cut F → [ x ′ = f ( x )] C F → [ x ′ = f ( x ) & C ] F F → [ x ′ = f ( x )] F y ′ = g ( x, y ) Differential Ghost G → [ x ′ = f ( x ) , y ′ = g ( x , y ) & H ] G F ↔ ∃ y G x inv F → [ x ′ = f ( x ) & H ] F x ′ = f ( x ) 0 t if new y ′ = g ( x , y ) has a global solution Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 23 / 40

  73. Differential Invariants for Differential Equations Differential Invariant H → [ x ′ := f ( x )] F ′ F → [ x ′ = f ( x ) & H ] F Differential Cut F → [ x ′ = f ( x ) & H ] C F → [ x ′ = f ( x ) & H ∧ C ] F F → [ x ′ = f ( x ) & H ] F y ′ = g ( x, y ) Differential Ghost G → [ x ′ = f ( x ) , y ′ = g ( x , y ) & H ] G F ↔ ∃ y G x inv F → [ x ′ = f ( x ) & H ] F x ′ = f ( x ) 0 t if new y ′ = g ( x , y ) has a global solution Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 23 / 40

  74. Differential Invariants for Differential Equations ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 24 / 40

  75. Differential Invariants for Differential Equations ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 24 / 40

  76. Differential Invariants for Differential Equations ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 24 / 40

  77. Differential Invariants for Differential Equations ∗ ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 24 / 40

  78. Differential Invariants for Differential Equations ∗ ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Foundations of Cyber-Physical Systems AVACS 24 / 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

22: Axioms &amp; Uniform Substitutions 15-424: Foundations of Cyber-Physical Systems Andr e

22: Axioms &amp; Uniform Substitutions 15-424: Foundations of Cyber-Physical Systems Andr e

22: Axioms &amp; Uniform Substitutions 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA The Secret for Simpler Sound Hybrid Systems

1.99k views • 181 slides
20: Virtual Substitution &amp; Real Equations 15-424: Foundations of Cyber-Physical Systems

20: Virtual Substitution &amp; Real Equations 15-424: Foundations of Cyber-Physical Systems

20: Virtual Substitution &amp; Real Equations 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6

1.48k views • 112 slides
21: Virtual Substitution &amp; Real Arithmetic 15-424: Foundations of Cyber-Physical Systems

21: Virtual Substitution &amp; Real Arithmetic 15-424: Foundations of Cyber-Physical Systems

21: Virtual Substitution &amp; Real Arithmetic 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6

1.05k views • 76 slides
Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical

Micro-Architectural Attacks on Cyber-Physical Systems 07/24/2019 Heechul Yun University of Kansas 1 Modern Cyber-Physical Systems Cyber Physical Systems (CPS) Cyber (Computer) + Physical (Plant) Real-time Control physical

310 views • 29 slides
02: Differential Equations &amp; Domains 15-424: Foundations of Cyber-Physical Systems Andr e

02: Differential Equations &amp; Domains 15-424: Foundations of Cyber-Physical Systems Andr e

02: Differential Equations &amp; Domains 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4

817 views • 52 slides
06: Truth &amp; Proof 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

06: Truth &amp; Proof 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

06: Truth &amp; Proof 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

642 views • 41 slides
09: Reactions &amp; Delays 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

09: Reactions &amp; Delays 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

09: Reactions &amp; Delays 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

786 views • 62 slides
08: Events &amp; Responses 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

08: Events &amp; Responses 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

08: Events &amp; Responses 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

825 views • 55 slides
04: Safety &amp; Contracts 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

04: Safety &amp; Contracts 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

04: Safety &amp; Contracts 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

695 views • 26 slides
03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

03: Choice &amp; Control 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e

847 views • 27 slides
Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j

Differential Refinement Logic Sarah M. Loos and Andr Platzer Computer Science Department Carnegie Mellon University 1 Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j p x k x i

1.97k views • 179 slides
Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models,

Important Examples of Cyber-Physical Systems Cyber-Physical Systems under Attack Models, Fundamental Limitations, and Monitor Design Fabio Pasqualetti Florian D orfler Francesco Bullo Center for Control, Dynamical systems and Computation

994 views • 11 slides
19: Game Proofs &amp; Separations 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

19: Game Proofs &amp; Separations 15-424: Foundations of Cyber-Physical Systems Andr e Platzer

19: Game Proofs &amp; Separations 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2

893 views • 78 slides
Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma

Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma

Focusing for d L 15-824 Logical Foundations of Cyber-Physical Systems Fall 2018 Klaas Pruiksma December 10, 2018 1 / 10 Goal Develop a focused version of Differential Dynamic Logic(d L ) [3], with the intent that it serve as a basis for

260 views • 10 slides
Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06:

Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06:

06: Truth &amp; Proof Logical Foundations of Cyber-Physical Systems Andr Platzer Logical Foundations of Cyber-Physical Systems Andr Platzer Andr Platzer (CMU) LFCPS/06: Truth &amp; Proof LFCPS/06 1 / 23 Outline Learning Objectives

1.77k views • 145 slides
Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner,

Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner,

Formal Verification of Cyber-Physical Systems Matthew Chan , Daniel Ricketts, Sorin Lerner, Gregory Malecha University of California, San Diego veridrone.ucsd.edu Cyber-Physical Systems Cyber-Physical Systems Cyber-Physical Systems

1.04k views • 90 slides
POST-LOCKDOWN LABOUR LAW LITIGATION ISSUES JANE RUSSELL AND MUBARAK WASEEM essexcourt.com

POST-LOCKDOWN LABOUR LAW LITIGATION ISSUES JANE RUSSELL AND MUBARAK WASEEM essexcourt.com

POST-LOCKDOWN LABOUR LAW LITIGATION ISSUES JANE RUSSELL AND MUBARAK WASEEM essexcourt.com essexcourt.com RECENT DEVELOPMENTS The Governments Plan to Rebuild Working Safely During Coronavirus Covid Security essexcourt.com CORE

400 views • 26 slides
Supporting material for Model checking Jean Pichon-Pharabod that provides the value. This

Supporting material for Model checking Jean Pichon-Pharabod that provides the value. This

Supporting material for Model checking Jean Pichon-Pharabod that provides the value. This diagram gives a very static, top-down picture, but it is the feedback checker model expert human in temporal logic temporal model M artefact desired

624 views • 40 slides
Todays Human Federal Aviation Administration Factors Challenges, Tomorrows Vision Optics

Todays Human Federal Aviation Administration Factors Challenges, Tomorrows Vision Optics

Todays Human Federal Aviation Administration Factors Challenges, Tomorrows Vision Optics Workshop: Human Factors in Aviation Safety Kathy H. Abbott, PhD, FRAeS Federal Aviation Administration 3 July 2014 Flightpath 2050 Societal

512 views • 25 slides
Thursday 16 September 2010 Oliver McCann Employment Partner Taylors Solicitors 1. THE LEGAL

Thursday 16 September 2010 Oliver McCann Employment Partner Taylors Solicitors 1. THE LEGAL

Thursday 16 September 2010 Oliver McCann Employment Partner Taylors Solicitors 1. THE LEGAL SYSTEM UK legislation European Directives UK case law Employment Tribunals, EAT, Court of Appeal and Supreme Court ECJ 2.

259 views • 23 slides
Exploratory Steps Toward Formal Analysis Methods for Knowledge Networks A Socio Technical

Exploratory Steps Toward Formal Analysis Methods for Knowledge Networks A Socio Technical

Exploratory Steps Toward Formal Analysis Methods for Knowledge Networks A Socio Technical Networks, A Socio Technical Perspective Paola Di Maio Modelling and Analysis of Networked and Distributed Systems A SICSA Workshop 17th June 2010,

526 views • 40 slides
Presenters The End of CJRS, Remote Working and Redundancies: What's in store for the months

Presenters The End of CJRS, Remote Working and Redundancies: What's in store for the months

The End of CJRS, Remote Working &amp; Redundancies 7th November 2020 Presenters The End of CJRS, Remote Working and Redundancies: What's in store for the months ahead? Karen Bennett Rachel Hynes Head of Sales and Senior Marketing The

165 views • 14 slides
Working together to support communities Emily van de Venter Associate Director of Public Health

Working together to support communities Emily van de Venter Associate Director of Public Health

NHS Test &amp; Trace: Working together to support communities Emily van de Venter Associate Director of Public Health Agenda Meeting guidelines for maximum engagement Welcome &amp; introduction of Chair &amp; keynote speaker and

383 views • 15 slides
Reversible Computation and Principal Types in ! -calculus F .Alessi, A.Ciaffaglione, P .Di

Reversible Computation and Principal Types in ! -calculus F .Alessi, A.Ciaffaglione, P .Di

Reversible Computation and Principal Types in ! -calculus F .Alessi, A.Ciaffaglione, P .Di Gianantonio, F .Honsell, M.Lenisa, I.Scagnetto Department of Mathematics, Computer Science, and Physics University of Udine Logic Colloquium 2018

518 views • 34 slides

More recommend