Hybrid Systems Verification and Robotics Andr e Platzer - - PowerPoint PPT Presentation
Hybrid Systems Verification and Robotics Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA http://symbolaris.com/ 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e Platzer
Andr´ e Platzer
aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA
http://symbolaris.com/
0.2 0.4 0.6 0.8 1.0
0.1 0.2 0.3 0.4 0.5
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 1 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 1 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 2 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 2 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.3 0.2 0.1 0.1 0.2a 2 4 6 8 10 t 0.2 0.4 0.6 0.8
v
2 4 6 8 10 t 0.5 1.0 1.5 2.0 2.5
p
px py Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 3 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.3 0.2 0.1 0.1 0.2a 2 4 6 8 10 t 0.00002 0.00004 0.00006 0.00008
Ω
2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0
d
dx dy Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 3 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2
a
2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0v 2 4 6 8 10 t 2 4 6 8
p
px py Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 4 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2
a
2 4 6 8 10 t 1.0 0.5 0.5
Ω
2 4 6 8 10 t 0.5 0.5 1.0
d
dx dy Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 4 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 4 3 2 1
a
2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0v 2 4 6 8 10 t 1 2 3 4
p
px py Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 5 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 4 3 2 1
a
2 4 6 8 10 t 1.0 0.5 0.5
Ω
2 4 6 8 10 t 0.5 0.5 1.0
d
dx dy Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 5 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4
a
2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0 1.2v 2 4 6 8 10 t 1 2 3 4 5 6 7p
px py Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 6 / 25
Challenge (Hybrid Systems)
Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4
a
2 4 6 8 10 t 1.0 0.5 0.5
Ω
2 4 6 8 10 t 0.5 0.5 1.0
d
dx dy Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 6 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 6 / 25
differential dynamic logic
dL = DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5z v M v2 ≤ 2b(M − z)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5z v M v ≤ 1
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5z v M v ≤ 1 ∧ v2 ≤ 2b(M − z)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5z v M v ≤ 1 ∨ v2 ≤ 2b(M − z)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5∀M ∃SB . . . ∀t≥0 . . . z v M v ≤ 1 ∨ v2 ≤ 2b(M − z)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR +
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + ML
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b [ ] v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b [z′′ = a] v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b [if(z > SB) a := −b; z′′ = a] v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b [ if(z > SB) a := −b; z′′ = a
] v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a
] v2 ≤ 2b
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a
] v2 ≤ 2b Initial condition
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a
] v2 ≤ 2b Initial condition System dynamics
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
differential dynamic logic
dL = FOLR + DL + HP
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a
] v2 ≤ 2b Initial condition System dynamics Post condition
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 7 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 8 / 25
Definition (Model Checking Problem)
Given initial states Q0 ⊆ Q and bad states B ⊆ Q for a transition system, check whether there is a trace from some q0 ∈ Q0 to some qb ∈ B. B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Model Checking Problem)
Given initial states Q0 ⊆ Q and bad states B ⊆ Q for a transition system, check whether there is a trace from some q0 ∈ Q0 to some qb ∈ B. B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} B Q0
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} B Q0 Q1 = PostA(Q0) PostA(Q0)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} B Q0 Q1 = PostA(Q0) PostA(Q0) Q2 = Post2
A(Q0)
PostA(Q1)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} B Q0 Q1 = PostA(Q0) PostA(Q0) Q2 = Post2
A(Q0)
PostA(Q1) Q3 = Post3
A(Q0)
PostA(Q2)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Definition (Image Computation)
PostA(Y ) := {q+ ∈ Q : q
a
− → q+ for some q ∈ Y , a ∈ A} Post∗
A(Y ) :=
Postn
A(Y ) = µZ.(Y ∪ Z ∪ PostA(Z))
B Q0 Q1 = PostA(Q0) PostA(Q0) Q2 = Post2
A(Q0)
PostA(Q1) Q3 = Post3
A(Q0)
PostA(Q2)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 9 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 10 / 25
I Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits Representation of regions in state space Numerical versus symbolic algorithms 1.421 ∈ Q versus x2 + 2xy term computations
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 11 / 25
I H Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits Representation of regions in state space Numerical versus symbolic algorithms 1.421 ∈ Q versus x2 + 2xy term computations
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 11 / 25
I H H Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits Representation of regions in state space Numerical versus symbolic algorithms 1.421 ∈ Q versus x2 + 2xy term computations
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 11 / 25
I H H B Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits Representation of regions in state space Numerical versus symbolic algorithms 1.421 ∈ Q versus x2 + 2xy term computations
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 11 / 25
I H H B Image Computation Model Checking Analyse image computation problem in hybrid systems Approximation refinement techniques and their limits Representation of regions in state space Numerical versus symbolic algorithms 1.421 ∈ Q versus x2 + 2xy term computations
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 11 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I H B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I H A B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I H A +ǫ B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I H A +ǫ B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
I H A +ǫ B
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
Proposition (Semialgebraic images) (HSCC’07)
check and blur can be implemented for I and B semialgebraic (propositional combinations of p ≥ 0) A with polynomial flows over R +Piecewise definitions +Rational extensions (e.g. multivariate rational splines)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
AMC(B reachable from I in H):
1 A := approx(H) uniformly 2 blur by uniform approximation error +ǫ 3 check(B reachable from I in A + ǫ) 4 B not reachable ⇒ H safe
Proposition (Existence of approximations) (HSCC’07)
approx exists for all uniform errors ǫ > 0 when using polynomials to build A Flows ϕ ∈ C (D, Rn) of H D ⊂ R × Rn compact closure of an open set
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 12 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 13 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 14 / 25
Image computation in hybrid systems model checking HSCC’07
1
approx uniformly
2
blur by uniform error
3
check for B
flows approx / image computation
continuous uniform approx exists, but. . . smooth undecidable by evaluation bounded by b decidable bound probabilities probabilistically decidable ODE ℓ-Lipschitz decidable Combine numerical algorithms with symbolic analysis Roundabout maneuver unsafe
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 15 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 15 / 25
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 16 / 25
[:=] [x := θ][(x)]φx ↔ [(x)]φθ [?] [?H]φ ↔ (H → φ) [′] [x′ = f (x)]φ ↔ ∀t≥0 [x := y(t)]φ (y′(t) = f (y)) [∪] [α ∪ β]φ ↔ [α]φ ∧ [β]φ [;] [α; β]φ ↔ [α][β]φ [∗] [α∗]φ ↔ φ ∧ [α][α∗]φ K [α](φ → ψ) → ([α]φ → [α]ψ) I [α∗](φ → [α]φ) → (φ → [α∗]φ) C [α∗]∀v>0 (ϕ(v) → αϕ(v − 1)) → ∀v (ϕ(v) → α∗∃v≤0 ϕ(v))
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 17 / 25
φθ
x
[x := θ]φ v w φθ
x
x := θ φ
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 18 / 25
φθ
x
[x := θ]φ v w φθ
x
x := θ φ ∀t≥0 [x := yx(t)]φ [x′ = f (x)]φ v w x′ = f (x) φ
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 18 / 25
φθ
x
[x := θ]φ v w φθ
x
x := θ φ ∀t≥0 [x := yx(t)]φ [x′ = f (x)]φ v w x′ = f (x) φ x := yx(t)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 18 / 25
compositional semantics ⇒ compositional rules!
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 19 / 25
[α]φ ∧ [β]φ [α ∪ β]φ v w1 w2 α φ β φ α ∪ β
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 19 / 25
[α]φ ∧ [β]φ [α ∪ β]φ v w1 w2 α φ β φ α ∪ β [α][β]φ [α; β]φ v s w α; β [α][β]φ α [β]φ β φ
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 19 / 25
[α]φ ∧ [β]φ [α ∪ β]φ v w1 w2 α φ β φ α ∪ β [α][β]φ [α; β]φ v s w α; β [α][β]φ α [β]φ β φ φ (φ → [α]φ) [α∗]φ v w α∗ φ α φ → [α]φ α α φ
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 19 / 25
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
v ≥ 0, z < m →T≥0 v ≥ 0, z < m →− b
2T 2 + vT + z > m
v ≥ 0, z < m →z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →T ≥ 0 ∧ z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
v ≥ 0, z < m → ∃T (. . . T≥0 ∧ − b
2T 2 + vT + z > m)
v ≥ 0, z < m →T≥0 v ≥ 0, z < m →− b
2T 2 + vT + z > m
v ≥ 0, z < m →z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →T ≥ 0 ∧ z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
v ≥ 0, z < m →QE
2T 2 + vT + z > m)
v ≥ 0, z < m →− b
2T 2 + vT + z > m
v ≥ 0, z < m →z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →T ≥ 0 ∧ z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
v ≥ 0, z < m →v2 > 2b(m − z) v ≥ 0, z < m →T≥0 v ≥ 0, z < m →− b
2T 2 + vT + z > m
v ≥ 0, z < m →z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →T ≥ 0 ∧ z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
For requantification, not for unification v ≥ 0, z < m →QE
2T 2 + vT + z > m)
v ≥ 0, z < m →− b
2T 2 + vT + z > m
v ≥ 0, z < m →z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →T ≥ 0 ∧ z := − b
2T 2 + vT + zz > m
v ≥ 0, z < m →∃t≥0 z := − b
2t2 + vt + zz>m
v ≥ 0, z < m →z′ = v, v′ = −bz > m v ≥ 0 ∧ z < m → z′ = v, v′ = −bz > m
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 20 / 25
Theorem (Continuous Relative Completeness) (J.Autom.Reas. 2008)
dL calculus is a sound & complete axiomatization of hybrid systems relative to differential equations.
Proof 15pp Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
Theorem (Continuous Relative Completeness) (J.Autom.Reas. 2008)
dL calculus is a sound & complete axiomatization of hybrid systems relative to differential equations.
Proof 15pp
Theorem (Discrete Relative Completeness) (LICS’12)
dL calculus is a sound & complete axiomatization of hybrid systems relative to discrete dynamics.
Proof +10pp Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
Theorem (Continuous Relative Completeness) (J.Autom.Reas. 2008)
dL calculus is a sound & complete axiomatization of hybrid systems relative to differential equations.
Proof 15pp
Theorem (Discrete Relative Completeness) (LICS’12)
dL calculus is a sound & complete axiomatization of hybrid systems relative to discrete dynamics.
Proof +10pp
System Continuous Discrete Hybrid
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
Theorem (Continuous Relative Completeness) (J.Autom.Reas. 2008)
dL calculus is a sound & complete axiomatization of hybrid systems relative to differential equations.
Proof 15pp
Theorem (Discrete Relative Completeness) (LICS’12)
dL calculus is a sound & complete axiomatization of hybrid systems relative to discrete dynamics.
Proof +10pp
System Continuous Discrete Hybrid Hybrid Theory Discrete Theory Contin. Theory
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
Theorem (Continuous Relative Completeness) (J.Autom.Reas. 2008)
dL calculus is a sound & complete axiomatization of hybrid systems relative to differential equations.
Proof 15pp
Theorem (Discrete Relative Completeness) (LICS’12)
dL calculus is a sound & complete axiomatization of hybrid systems relative to discrete dynamics.
Proof +10pp
Corollary (Relative Decidability)
Verification & synthesis decidable relative to differential equations.
Corollary (Relative Extension)
All research on differential equations extends to hybrid systems.
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 21 / 25
F F χ
F
[α]φ φ α αPφ P(φ)
ψ → [α]φ ψ → [α]φ ψ → [α]φ ψ → [α]φ ψ → [α]φ
Strategy Rule Engine Proof Input File Rule base Mathematica QEPCAD Orbital KeYmaera Prover Solvers
1 2 2 4 4 8 8 16 16 16 ∗ ∗16 8 4 2 1
c
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 22 / 25
far neg cor rec fsa
* 1 [SB := ((amax / b + 1) * ep * v + (v ^ 2 - d ^ 2) / (2 * b) + ((amax / b + 1) * amax * ep ^ 2) / 2)] 7 17 6 [?d >= 0 & do ^ 2 - d ^ 2 <= 2 * b * (m - mo) & vdes >= 0] 5 [vdes := *] 4 [d := *] 3 [m := *] 2 [mo := m] [do := d] 8 [state := brake] 10 [?v <= vdes] 13 [?v >= vdes] 22 31 21 [{z‘ = v, v‘ = a, t‘ = 1, v >= 0 & t <= ep}] 18 28 17 [a := -b] 12 24 11 [?a >= 0 & a <= amax] [a := *] 15 14 [?a <= 0 & a >= -b] [a := *] 19 [t := 0] * [?m - z <= SB | state = brake] [?m - z >= SB & state != brake]x y c
c
e n t r y e x i t
c
x2 y1 y2 d ω e ¯ ϑ ̟
c
x Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 23 / 25
ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy)
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 23 / 25
2minri
m i n r
xi disci xi xj p xk xl xm
1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5 1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5
5 10 15 20 0.3 0.2 0.1 0.1 0.2 0.3
0.2 0.4 0.6 0.8 1.0 1 1
0.2 0.1 0.0 0.1 0.2 0.3 Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 23 / 25
1
Hybrid Systems Applications
2
Logic for Hybrid Systems
3
Model Checking Successive Image Computation Image Computation in Hybrid Systems Approximation Refinement Model Checking Summary
4
Proofs for Hybrid Systems Proof Rules Soundness and Completeness
5
Survey
6
Summary
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 23 / 25
Hybrid system models Discrete dynamics Continuous dynamics Correctness properties Safety, liveness . . . [α]φ φ α Model checking Logic & proofs Cyber-physical systems Differential invariants KeYmaera
d i s c r e t e c
t i n u
s nondet stochastic a d v e r s a r i a l
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 24 / 25
Logical Foundations
Cyber-Physical Systems
Logic
Model Checking Theorem Proving Proof Theory Modal Logic
Algebra
Computer Algebra Algebraic Geometry Differential Algebra Lie Algebra
Analysis
Differential Equations Dynamical Systems Differ- entiation Limit Processes
Stochastics
Stochastic Differential Equations Differential Generators Dynkin’s Infinitesimal Generators Doob’s Super- martingales
Numerics
Error Analysis Numerical Quadrature Hermite Interpolation Weierstraß Approx- imation
Algorithms
Decision Procedures Proof Search Fixpoints & Lattices Closure Ordinals
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25
Logical Foundations
Cyber-Physical Systems
Logic
Model Checking Theorem Proving Proof Theory Modal Logic
Algebra
Computer Algebra Algebraic Geometry Differential Algebra Lie Algebra
Analysis
Differential Equations Dynamical Systems Differ- entiation Limit Processes
Stochastics
Stochastic Differential Equations Differential Generators Dynkin’s Infinitesimal Generators Doob’s Super- martingales
Numerics
Error Analysis Numerical Quadrature Hermite Interpolation Weierstraß Approx- imation
Algorithms
Decision Procedures Proof Search Fixpoints & Lattices Closure Ordinals
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25
Thomas A. Henzinger. The theory of hybrid automata. In LICS, pages 278–292, Los Alamitos, 1996. IEEE Computer Society. Rajeev Alur. Formal verification of hybrid systems. In Samarjit Chakraborty, Ahmed Jerraya, Sanjoy K. Baruah, and Sebastian Fischmeister, editors, EMSOFT, pages 273–278. ACM, 2011. Andr´ e Platzer. Logics of dynamical systems. In LICS, pages 13–24. IEEE, 2012. Andr´ e Platzer. Differential dynamic logic for hybrid systems.
Andr´ e Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics.
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25
Springer, Heidelberg, 2010. Andr´ e Platzer and Jan-David Quesel. KeYmaera: A hybrid theorem prover for hybrid systems. In Alessandro Armando, Peter Baumgartner, and Gilles Dowek, editors, IJCAR, volume 5195 of LNCS, pages 171–178. Springer, 2008. Ian M. Mitchell and Jeremy A. Templeton. A toolbox of Hamilton-Jacobi solvers for analysis of nondeterministic continuous and hybrid systems. In Manfred Morari and Lothar Thiele, editors, HSCC, volume 3414 of LNCS, pages 480–494. Springer, 2005. Stefan Ratschan and Zhikun She. Safety verification of hybrid systems by constraint propagation-based abstraction refinement.
Goran Frehse, Colas Le Guernic, Alexandre Donz´ e, Scott Cotton, Rajarshi Ray, Olivier Lebeltel, Rodolfo Ripado, Antoine Girard, Thao Dang, and Oded Maler.
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25
SpaceEx: Scalable verification of hybrid systems. In Ganesh Gopalakrishnan and Shaz Qadeer, editors, CAV, volume 6806 of LNCS, pages 379–395. Springer, 2011. Goran Frehse. PHAVer: algorithmic verification of hybrid systems past HyTech. STTT, 10(3):263–279, 2008. Andr´ e Platzer and Edmund M. Clarke. The image computation problem in hybrid systems model checking. In Alberto Bemporad, Antonio Bicchi, and Giorgio Buttazzo, editors, HSCC, volume 4416 of LNCS, pages 473–486. Springer, 2007. Pieter Collins. Optimal semicomputable approximations to reachable and invariant sets. Theory Comput. Syst., 41(1):33–48, 2007. Edmund M. Clarke, Ansgar Fehnker, Zhi Han, Bruce H. Krogh, Jo¨ el Ouaknine, Olaf Stursberg, and Michael Theobald.
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25
Abstraction and counterexample-guided refinement in model checking
Alongkrit Chutinan and Bruce H. Krogh. Computational techniques for hybrid system verification. IEEE T. Automat. Contr., 48(1):64–75, 2003. Carla Piazza, Marco Antoniotti, Venkatesh Mysore, Alberto Policriti, Franz Winkler, and Bud Mishra. Algorithmic algebraic model checking I: Challenges from systems biology. In Kousha Etessami and Sriram K. Rajamani, editors, CAV, volume 3576 of LNCS, pages 5–19. Springer, 2005.
Andr´ e Platzer (CMU) Hybrid Systems Verification and Robotics RSS-FMRA 25 / 25