Logical Foundations of Cyber-Physical Systems Andr Platzer Andr - - PowerPoint PPT Presentation

14: Hybrid Systems & Games

Logical Foundations of Cyber-Physical Systems

Logical Foundations of Cyber-Physical Systems

André Platzer

André Platzer

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 1 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 2 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 2 / 24

Learning Objectives

Hybrid Systems & Games

CT M&C CPS fundamental principles of computational thinking logical extensions PL modularity principles compositional extensions differential game logic best/worst-case analysis models of alternating computation adversarial dynamics conflicting actions multi-agent systems angelic/demonic choice multi-agent state change CPS semantics reflections on choices

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 3 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 3 / 24

CPS Analysis: Robot Control

Challenge (Hybrid Systems)

Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)

2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2

a

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0v 2 4 6 8 10 t 2 4 6 8

p

px py

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 4 / 24

CPS Analysis: Robot Control

Challenge (Hybrid Systems)

Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations)

2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 4 / 24

CPS Analysis: Robot Control

Challenge (Games)

Game rules describing play evolution with both Angelic choices (player ⋄ Angel) Demonic choices (player

⋄

Demon) 0,0 2,1 1,2 3,1

⋄\ ⋄

Tr Pl Trash 1,2 0,0 Plant 0,0 2,1

8 rmbl0skZ 7 ZpZ0ZpZ0 6 0Zpo0ZpZ 5 o0ZPo0Zp 4 PZPZPZ0O 3 Z0Z0ZPZ0 2 0O0J0ZPZ 1 SNAQZBMR a b c d e f g h André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 5 / 24

CPS Analysis: Robot Control

Challenge (Hybrid Games)

Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon

⋄

)

2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4

a

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0 1.2v 2 4 6 8 10 t 1 2 3 4 5 6 7p

px py

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 6 / 24

CPS Analysis: Robot Control

Challenge (Hybrid Games)

Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon

⋄

)

2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 6 / 24

CPS Analysis: RoboCup Soccer

Challenge (Hybrid Games)

Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon

⋄

)

2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 7 / 24

CPSs are Multi-Dynamical Systems

d i s c r e t e c

• n

t i n u

• u

s nondet stochastic a d v e r s a r i a l

CPS Dynamics

CPS are characterized by multiple facets of dynamical systems.

CPS Compositions

CPS combines multiple simple dynamical effects. Descriptive simplification

Tame Parts

Exploiting compositionality tames CPS complexity. Analytic simplification

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 8 / 24

Dynamic Logics for Dynamical Systems

d i s c r e t e c

• n

t i n u

• u

s nondet stochastic a d v e r s a r i a l

differential dynamic logic

dL = DL+ HP [α]ϕ ϕ α

stochastic differential DL

SdL = DL+ SHP αϕ ϕ

differential game logic

dGL = GL+ HG αϕ ϕ

quantified differential DL

QdL = FOL+ DL+ QHP

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 9 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 9 / 24

Differential Dynamic Logic dL: Syntax

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Syntax

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Discrete Assign Test Condition Differential Equation Nondet. Choice Seq. Compose Nondet. Repeat All Reals Some Reals All Runs Some Runs

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Nondeterminism

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Nondet. Choice Nondeterminism during HP runs

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Nondeterminism

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Differential Equation Nondet. Choice Nondet. Repeat Nondeterminism during HP runs

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Nondeterminism

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Differential Equation Nondet. Choice Nondet. Repeat All Choices Some Choice

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Nondeterminism

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Differential Equation Nondet. Choice Nondet. Repeat All Choices Some Choice All choices resolved in one way Modality decides the mode: help/hurt

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Differential Dynamic Logic dL: Nondeterminism

Definition (Hybrid program α)

x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗

Definition (dL Formula P)

e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | [α]P | αP Differential Equation Nondet. Choice Nondet. Repeat All Choices Some Choice All choices resolved in one way Modality decides the mode: help/hurt

[α1]α2[α3]α4P

• nly fixed interaction depth

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 10 / 24

Control & Dual Control Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge Let Angel be one player

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Control & Dual Control Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge Let Angel be one player Let Demon be another player

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Control & Dual Control Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

Duality operator d passes control between players

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

Duality operator d passes control between players

8 0Z0Z0s0Z 7 o0Z0Z0j0 6 Po0o0ZpZ 5 Z0oPZ0Z0 4 0Z0Z0Znl 3 Z0Z0Z0Z0 2 0OPZ0OQZ 1 Z0Z0Z0ZB a b c d e f g h André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

Duality operator d passes control between players

8 0Z0Z0s0Z 7 o0Z0Z0j0 6 Po0o0ZpZ 5 Z0oPZ0Z0 4 0Z0Z0Znl 3 Z0Z0Z0Z0 2 0OPZ0OQZ 1 Z0Z0Z0ZB a b c d e f g h André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

Duality operator d passes control between players

8 0Z0Z0s0Z 7 o0Z0Z0j0 6 Po0o0ZpZ 5 Z0oPZ0Z0 4 0Z0Z0Znl 3 Z0Z0Z0Z0 2 0OPZ0OQZ 1 Z0Z0Z0ZB a b c d e f g h André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 11 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ while(Q)α ≡

α ∩β ≡ α× ≡ (x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡

α ∩β ≡ α× ≡ (x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ α× ≡ (x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ α× ≡ (x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

8 0Z0Z0s0Z 7 o0Z0Z0j0 6 Po0o0ZpZ 5 Z0oPZ0Z0 4 0Z0Z0Znl 3 Z0Z0Z0Z0 2 0OPZ0OQZ 1 Z0Z0Z0ZB a b c d e f g h

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ (αd ∪β d)d α× ≡ (x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

8 0Z0Z0s0Z 7 o0Z0Z0j0 6 Po0o0ZpZ 5 Z0oPZ0Z0 4 0Z0Z0Znl 3 Z0Z0Z0Z0 2 0OPZ0OQZ 1 Z0Z0Z0ZB a b c d e f g h

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ (αd ∪β d)d α× ≡ ((αd)

∗)d

(x′ = f(x)&Q)d

x′ = f(x)&Q

(x := e)d

x := e

?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ (αd ∪β d)d α× ≡ ((αd)

∗)d

(x′ = f(x)&Q)d ≡ x′ = f(x)&Q (x := e)d

x := e

?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ (αd ∪β d)d α× ≡ ((αd)

∗)d

(x′ = f(x)&Q)d ≡ x′ = f(x)&Q (x := e)d ≡ x := e ?Qd ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Definable Game Operators

⋄ Angel Ops ∪

choice

∗

repeat x′ = f(x) evolve

?Q

challenge

⋄ Demon Ops ∩

choice

×

repeat x′ = f(x)d evolve

?Qd

challenge

d d

if(Q)α elseβ ≡ (?Q;α)∪(?¬Q;β) while(Q)α ≡ (?Q;α)∗;?¬Q

α ∩β ≡ (αd ∪β d)d α× ≡ ((αd)

∗)d

(x′ = f(x)&Q)d ≡ x′ = f(x)&Q (x := e)d ≡ x := e ?Qd ≡ ?Q

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 12 / 24

Hybrid Games: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 13 / 24

Hybrid Games: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd

Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 13 / 24

Hybrid Games: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd

Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game Dual Game

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 13 / 24

Example: Push-around Cart

x v d a

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Example: Push-around Cart

x v d a

• (a:= 1∪ a:=−1);(d := 1∪ d :=−1)d;{x′ = v,v′ = a+ d}

∗

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Example: Push-around Cart

x v d a

• (a:= 1∪ a:=−1);(d := 1∪ d :=−1)d;{x′ = v,v′ = a+ d}

∗

• (d := 1∪ d :=−1)d;(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Example: Push-around Cart

x v d a

• (a:= 1∪ a:=−1);(d := 1∩ d :=−1);{x′ = v,v′ = a+ d}

∗

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Example: Push-around Cart

x v d a

• (a:= 1∪ a:=−1);(d := 1∩ d :=−1);{x′ = v,v′ = a+ d}

∗

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

HP

• (d := 1∪ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Example: Push-around Cart

x v d a

• (a:= 1∪ a:=−1);(d := 1∩ d :=−1);{x′ = v,v′ = a+ d}

∗

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

HP

• (d := 1∪ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

Hybrid systems can’t say that a is Angel’s choice and d is Demon’s

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 14 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game All Reals Some Reals

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game All Reals Some Reals Dual Game

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game All Reals Some Reals Dual Game Angel Wins

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game All Reals Some Reals Dual Game Angel Wins Demon Wins

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 15 / 24

Simple Examples

(x := x + 1;(x′ = 1)d ∪ x := x − 1)

∗(0 ≤ x < 1)

(x := x + 1;(x′ = 1)d ∪(x := x − 1∩ x := x − 2))

∗(0 ≤ x < 1)

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 16 / 24

Simple Examples

(x := x + 1;(x′ = 1)d ∪ x := x − 1)

∗(0 ≤ x < 1)

(x := x + 1;(x′ = 1)d ∪(x := x − 1∩ x := x − 2))

∗(0 ≤ x < 1)

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 16 / 24

Simple Examples

(x := x + 1;(x′ = 1)d ∪ x := x − 1)

∗(0 ≤ x < 1)

(x := x + 1;(x′ = 1)d ∪(x := x − 1∩ x := x − 2))

∗(0 ≤ x < 1)

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 16 / 24

Example: Push-around Cart

x v d a v ≥ 1 →

• (d := 1∪ d :=−1)d;(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0 x ≥ 0∧ v ≥ 0 →

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

x ≥ 0∧ v ≥ 0 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0 x ≥ 0

→

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

x ≥ 0 →

boring by skip

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• counterstrategy d :=−1
• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• counterstrategy d :=−1
• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 1∩ d :=−1); (a:= 2∪ a:=−2); {x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• counterstrategy d :=−1
• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 1∩ d :=−1); (a:= 2∪ a:=−2); {x′ = v,v′ = a+ d}

∗

x ≥ 0

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• counterstrategy d :=−1
• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 1∩ d :=−1); (a:= 2∪ a:=−2); {x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 2∩ d :=−2); (a:= 2∪ a:=−2);

t := 0; {x′ = v,v′ = a+ d,t′ = 1&t ≤ 1}

∗

x2 ≥ 100

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: Push-around Cart

x v d a

v ≥ 1 →

d before a can compensate

• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

v ≥ 0

• counterstrategy d :=−1
• (d := 1∩ d :=−1);(a:= 1∪ a:=−1);{x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 1∩ d :=−1); (a:= 2∪ a:=−2); {x′ = v,v′ = a+ d}

∗

x ≥ 0

• (d := 2∩ d :=−2); (a:= 2∪ a:=−2);

a := d then a := 2signv t := 0; {x′ = v,v′ = a+ d,t′ = 1&t ≤ 1}

∗

x2 ≥ 100

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 17 / 24

Example: WALL·E and EVE Robot Dance

1D planet w v u e f g

(w − e)2 ≤ 1∧ v = f →

• (u := 1∩ u :=−1);

(g := 1∪ g :=−1);

t := 0;

{w′ = v,v′ = u,e′ = f,f ′ = g,t′ = 1&t ≤ 1}d × (w − e)2 ≤ 1

EVE at e plays Angel’s part controlling g WALL·E at w plays Demon’s part controlling u

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 18 / 24

Example: WALL·E and EVE Robot Dance and the World

1D planet w v u e f g

(w − e)2 ≤ 1∧ v = f →

• (u := 1∩ u :=−1);

(g := 1∪ g :=−1);

t := 0;

{w′ = v,v′ = u,e′ = f,f ′ = g,t′ = 1&t ≤ 1}d × (w − e)2 ≤ 1

EVE at e plays Angel’s part controlling g WALL·E at w plays Demon’s part controlling u and world time

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 18 / 24

Example: WALL·E and EVE

1D planet w v u e f g

(w − e)2 ≤ 1∧ v = f →

• (u := 1∩ u :=−1);

(g := 1∪ g :=−1);

t := 0;

{w′ = v,v′ = u,e′ = f,f ′ = g,t′ = 1&t ≤ 1} × (w − e)2 > 1

WALL·E at w plays Demon’s part controlling u and world time EVE at e plays Angel’s part controlling g

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 19 / 24

Example: Goalie in Robot Soccer

x y,g

(x,y)

g x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Example: Goalie in Robot Soccer

x y,g

(v,+w) (x,y)

g x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Example: Goalie in Robot Soccer

x y,g

(v,+w) (v,−w) (x,y)

g x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Example: Goalie in Robot Soccer

x y,g

(v,+w) (v,−w) +u (x,y)

g x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Example: Goalie in Robot Soccer

x y,g

(v,+w) (v,−w) +u −u (x,y)

g x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Example: Goalie in Robot Soccer

x y,g

(v,+w) (v,−w) +u −u (x,y)

g

x

v

2 (u − w)2 ≤ 1∧

x < 0∧ v > 0∧ y = g →

• (w :=+w ∩ w :=−w);
• (u :=+u ∪ u :=−u);{x′ = v,y′ = w,g′ = u}

∗

x2 +(y − g)2 ≤ 1 Goalie’s Secret

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 20 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω

x := e

ωω[

[e] ]

x

x := e

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω

x′ = f(x)&Q

ϕ(r)

r

ϕ(t)

t

ϕ(0)

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω ?Q ω ?Q ω ∈ [ [Q] ]

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω α ∪β ω

tκ

β

tj

β

t1

β

r i g h t

ω

sλ

α

si

α

s1

α

l e f t

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω α;β

tλ rλ1

λ

β

r j

λ

β

r 1

λ

β α

ti rλi

i

β

r 1

i

β α

t1 rλ1

1

β

r j

1

β

r 1

1

β α

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω α∗ ω α α

r e p e a t stop

α α α

r e p e a t stop

α

repeat stop

α α α

r e p e a t stop

α α α

r e p e a t stop

α

repeat stop

α

repeat

ω

s t

• p

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Differential Game Logic: Operational Semantics

Definition (Hybrid game α: operational semantics) ω α

t0 tκ tj t1 s0 sλ si s1

ω αd

t0 tκ tj t1 s0 sλ si s1

d

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 21 / 24

Filibusters

(x := 0∩ x := 1)∗x = 0

X X 1 1 1 1

⋄

r e p e a t

⋄

s t

• p

repeat 1

⋄

stop 1

⋄

repeat

⋄

stop repeat X stop

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Filibusters & The Significance of Finitude

(x := 0∩ x := 1)∗x = 0

wfd

false unless x = 0

X X 1 1 1 1

⋄

r e p e a t

⋄

s t

• p

repeat 1

⋄

stop 1

⋄

repeat

⋄

stop repeat X stop

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Filibusters & The Significance of Finitude

(x := 0∩ x := 1)∗x = 0

wfd

false unless x = 0 (x := 0;x′ = 1d)∗x = 0 (x′ = 1d;x := 0)∗x = 0

X X 1 1 1 1

⋄

r e p e a t

⋄

s t

• p

repeat 1

⋄

stop 1

⋄

repeat

⋄

stop repeat X stop

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Filibusters & The Significance of Finitude

(x := 0∩ x := 1)∗x = 0

wfd

false unless x = 0 (x := 0;x′ = 1d)∗x = 0 (x′ = 1d;x := 0)∗x = 0

<∞

true

X X 1 1 1 1

⋄

r e p e a t

⋄

s t

• p

repeat 1

⋄

stop 1

⋄

repeat

⋄

stop repeat X stop

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Filibusters & The Significance of Finitude

(x := 0∩ x := 1)∗x = 0

wfd

false unless x = 0 (x := 0;x′ = 1d)∗x = 0 (x′ = 1d;x := 0)∗x = 0

<∞

true

X X 1 1 1 1

⋄

r e p e a t

⋄

s t

• p

repeat 1

⋄

stop 1

⋄

repeat

⋄

stop repeat X stop Well-defined games can’t be postponed forever

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Outline

1

Learning Objectives

2

Motivation

3

A Gradual Introduction to Hybrid Games Choices & Nondeterminism Control & Dual Control Demon’s Derived Controls

4

Differential Game Logic Syntax of Hybrid Games Syntax of Differential Game Logic Formulas Examples Push-around Cart Robot Dance Example: Robot Soccer

5

An Informal Operational Game Tree Semantics

6

Summary

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 22 / 24

Differential Game Logic: Syntax

Definition (Hybrid game α) α,β ::= x := e | ?Q | x′ = f(x)&Q | α ∪β | α;β | α∗ | αd Definition (dGL Formula P)

P,Q ::= e ≥ ˜ e | ¬P | P ∧ Q | ∀x P | ∃x P | αP | [α]P Discrete Assign Test Game Differential Equation Choice Game Seq. Game Repeat Game All Reals Some Reals Dual Game Angel Wins Demon Wins

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 23 / 24

Summary

differential game logic

dGL = GL+ HG = dL+ d αϕ ϕ Differential game logic Logic for hybrid games Compositional PL + logic Discrete + continuous + adversarial Operational semantics (informally) Next chapter

1

Formal semantics

d i s c r e t e c

• n

t i n u

• u

s nondet stochastic a d v e r s a r i a l

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 24 / 24

Outline

7

Example: Robot Factory

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 24 / 24

Example: Robot Factory Decentralized Automation

ey fy xb

(lx,ly)

ex fx

(rx,ry) Model (x,y) robot coordinates (vx,vy) velocities

conveyor belts may instantaneously increase robot’s velocity by (cx,cy)

Primary objectives of the robot

Leave within time ε Never leave outer

Challenges

Distributed, physical environment Possibly conflicting secondary objectives

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 25 / 24

Robot Factory Automation (RF)

Example (Robot-Demon vs. Angel-Factory Environment)

• (?true ∪(?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx; eff1 := 0)

// belt

∪(?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy; eff2 := 0) ); ∗

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy) André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 26 / 24

Robot Factory Automation (RF)

Example (Robot-Demon vs. Angel-Factory Environment)

• (?true ∪(?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx; eff1 := 0)

// belt

∪(?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy; eff2 := 0) ); (ax := ∗; ?(−A ≤ ax ≤ A);

ay := ∗; ?(−A ≤ ay ≤ A); // “independent” robot acceleration ts := 0 )d ;

∗

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy) André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 26 / 24

Robot Factory Automation (RF)

Example (Robot-Demon vs. Angel-Factory Environment)

• (?true ∪(?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx; eff1 := 0)

// belt

∪(?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy; eff2 := 0) ); (ax := ∗; ?(−A ≤ ax ≤ A);

ay := ∗; ?(−A ≤ ay ≤ A); // “independent” robot acceleration ts := 0 )d ;

(x′ = vx,y′ = vy,v′

x = ax,v′ y = ay,t′ = 1,t′ s = 1 & ts ≤ ε );

∗

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy) André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 26 / 24

Robot Factory Automation (RF)

Example (Robot-Demon vs. Angel-Factory Environment)

• (?true ∪(?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx; eff1 := 0)

// belt

∪(?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy; eff2 := 0) ); (ax := ∗; ?(−A ≤ ax ≤ A);

ay := ∗; ?(−A ≤ ay ≤ A); // “independent” robot acceleration ts := 0 )d ;

• (x′ = vx,y′ = vy,v′

x = ax,v′ y = ay,t′ = 1,t′ s = 1 & ts ≤ ε );

∩(?(axvx ≤ 0∧ ayvy ≤ 0)d;

// brake if vx = 0 then ax := 0 fi; // per direction: no time lock if vy = 0 then ay := 0 fi;

(x′ = vx,y′ = vy,v′

x = ax,v′ y = ay,t′ = 1,t′ s = 1

& ts ≤ ε ∧ axvx ≤ 0∧ ayvy ≤ 0)) ∗

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy) André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 26 / 24

Robot Factory Automation (RF)

Proposition (Robot stays in ) | = (x = y = 0∧ vx = vy = 0∧

Controllability Assumptions )

→ [RF](x ∈ [lx,rx]∧ y ∈ [ly,ry]) Proposition (Stays in and leaves

• n time)

RF|x: RF projected to the x-axis

| = (x = 0∧ vx = 0∧

Controllability Assumptions )

→ [RF|x](x ∈ [lx,rx]∧(t ≥ ε → x ≥ xb))

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy) André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 27 / 24

André Platzer. Logical Foundations of Cyber-Physical Systems. Springer, Switzerland, 2018. URL: http://www.springer.com/978-3-319-63587-3,

doi:10.1007/978-3-319-63588-0.

André Platzer. Differential game logic. ACM Trans. Comput. Log., 17(1):1:1–1:51, 2015.

doi:10.1145/2817824.

André Platzer. Logics of dynamical systems. In LICS [12], pages 13–24.

doi:10.1109/LICS.2012.13.

André Platzer. Logic & proofs for cyber-physical systems. In Nicola Olivetti and Ashish Tiwari, editors, IJCAR, volume 9706 of LNCS, pages 15–21, Berlin, 2016. Springer.

doi:10.1007/978-3-319-40229-1_3.

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 27 / 24

André Platzer. Differential dynamic logic for hybrid systems.

• J. Autom. Reas., 41(2):143–189, 2008.

doi:10.1007/s10817-008-9103-8.

André Platzer. A complete uniform substitution calculus for differential dynamic logic.

• J. Autom. Reas., 59(2):219–265, 2017.

doi:10.1007/s10817-016-9385-1.

André Platzer. Differential hybrid games. ACM Trans. Comput. Log., 18(3):19:1–19:44, 2017.

doi:10.1145/3091123.

André Platzer. The complete proof theory of hybrid systems. In LICS [12], pages 541–550.

doi:10.1109/LICS.2012.64.

André Platzer.

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 27 / 24

A complete axiomatization of quantified differential dynamic logic for distributed hybrid systems.

• Log. Meth. Comput. Sci., 8(4:17):1–44, 2012.

Special issue for selected papers from CSL ’10.

doi:10.2168/LMCS-8(4:17)2012.

André Platzer. Stochastic differential dynamic logic for stochastic hybrid programs. In Nikolaj Bjørner and Viorica Sofronie-Stokkermans, editors, CADE, volume 6803 of LNCS, pages 446–460, Berlin, 2011. Springer.

doi:10.1007/978-3-642-22438-6_34.

Jan-David Quesel and André Platzer. Playing hybrid games with KeYmaera. In Bernhard Gramlich, Dale Miller, and Ulrike Sattler, editors, IJCAR, volume 7364 of LNCS, pages 439–453, Berlin, 2012. Springer.

doi:10.1007/978-3-642-31365-3_34.

Logic in Computer Science (LICS), 2012 27th Annual IEEE Symposium

• n, Los Alamitos, 2012. IEEE.

André Platzer (CMU) LFCPS/14: Hybrid Systems & Games LFCPS/14 27 / 24