Teaching CPS Foundations With Contracts Andr e Platzer - - PowerPoint PPT Presentation

Teaching CPS Foundations With Contracts

Andr´ e Platzer

aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA

http://symbolaris.com/course/fcps13.html

0.2 0.4 0.6 0.8 1.0

0.1 0.2 0.3 0.4 0.5

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 1 / 8

Can you trust a computer to control physics?

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 2 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Accelerate / brake (discrete dynamics) 1D motion (continuous dynamics)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.3 0.2 0.1 0.1 0.2a 2 4 6 8 10 t 0.2 0.4 0.6 0.8

v

2 4 6 8 10 t 0.5 1.0 1.5 2.0 2.5

p

px py Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 3 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Accelerate / brake (discrete dynamics) 1D motion (continuous dynamics)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.3 0.2 0.1 0.1 0.2a 2 4 6 8 10 t 0.00002 0.00004 0.00006 0.00008

Ω

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0

d

dx dy Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 3 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Accel / brake / steer (discrete dynamics) 2D motion (continuous dynamics)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2

a

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0v 2 4 6 8 10 t 2 4 6 8

p

px py Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 4 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Accel / brake / steer (discrete dynamics) 2D motion (continuous dynamics)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.8 0.6 0.4 0.2 0.2

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 4 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Dynamic obstacles (other agents) Avoid collisions (define safety)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 4 3 2 1

a

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0v 2 4 6 8 10 t 1 2 3 4

p

px py Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 5 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Dynamic obstacles (other agents) Avoid collisions (define safety)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 4 3 2 1

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 5 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Control robot (respect delays) Environment interaction (obstacles, agents, uncertainty)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4

a

2 4 6 8 10 t 0.2 0.4 0.6 0.8 1.0 1.2v 2 4 6 8 10 t 1 2 3 4 5 6 7p

px py Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 6 / 8

CPS Analysis & Design: Robot Lab

Challenge (Hybrid Systems)

Design & verify controller for a robot avoiding obstacles Control robot (respect delays) Environment interaction (obstacles, agents, uncertainty)

1 2 3 4 5 6 0.0 0.5 1.0 1.5 2.0 2.5 3.0 3.5

2 4 6 8 10 t 0.6 0.4 0.2 0.2 0.4

a

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 6 / 8

CPS Design & CPS Contracts in Programs

HP Reveal in layers Contracts Reason about CPS @requires ( vˆ2 <= 2∗b∗(m −x )) @requires ( v>=0 & A>=0 & b>0) @ensures ( x<= m) { i f ( vˆ2 <= 2∗b∗(m −x ) − (A+b )∗(A+2∗v )) { a := A; } else { a := −b ; } t := 0; {x’=v , v’=a , t ’=1 , v>=0 & t<=1} }∗ @invariant ( vˆ2 <= 2∗b∗(m −x )) CPS Simulate for intuition CT Design-by-invariant

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 7 / 8

Teaching CPS Foundations With Contracts

differential dynamic logic

dL = DL + HP [α]φ φ α Develop CPS models Express CPS contracts Intuition for operation Reason rigorously about CPS Focus on core principles CPS programs + contracts KeYmaera

d i s c r e t e c

• n

t i n u

• u

s nondet stochastic a d v e r s a r i a l

2 4 6 8 10 t 1.0 0.5 0.5

Ω

2 4 6 8 10 t 0.5 0.5 1.0

d

dx dy

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 8 / 8

CPS Foundations Learning Objectives

Computational Thinking

specs & properties abstraction & archi- tectures pre / post- conditions design-by- invariant rigorous reasoning verification

Modeling & Control

core principles develop dynamical aspects

CPS skills

semantics

• perational

effects model- predictive control

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 1 / 4

Successful Hybrid Systems Proofs

far neg cor rec fsa

x y c

 

c

• x

e n t r y e x i t

• y

c

• x1

x2 y1 y2 d ω e ¯ ϑ ̟

c

• x
• y
• z

x Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 2 / 4

Successful Hybrid Systems Proofs

ey fy xb (lx, ly) ex fx (rx, ry) (vx, vy)

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 2 / 4

Successful Hybrid Systems Proofs

c x y z

2minri

m i n r

• i
• di

xi disci xi xj p xk xl xm

d D Virtual fixture boundary

5 10 15 20 0.3 0.2 0.1 0.1 0.2 0.3

0.2 0.4 0.6 0.8 1.0 1 1

• 0.3

0.2 0.1 0.0 0.1 0.2 0.3 Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 2 / 4

Logic for Hybrid Systems

differential dynamic logic

dL = FOLR z v M v2 ≤ 2b(M − z)

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 3 / 4

Logic for Hybrid Systems

differential dynamic logic

dL = FOLR + DL + HP v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a

• hybrid program

] v2 ≤ 2b

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 3 / 4

Logic for Hybrid Systems

differential dynamic logic

dL = FOLR + DL + HP v2 ≤ 2b v2 ≤ 2b v2 ≤ 2b C → [ if(z > SB) a := −b; z′′ = a

• hybrid program

] v2 ≤ 2b Initial condition System dynamics Post condition

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 3 / 4

Differential Dynamic Logic: Axiomatization

[:=] [x := θ][(x)]φx ↔ [(x)]φθ [?] [?H]φ ↔ (H → φ) [′] [x′ = f (x)]φ ↔ ∀t≥0 [x := y(t)]φ (y′(t) = f (y)) [∪] [α ∪ β]φ ↔ [α]φ ∧ [β]φ [;] [α; β]φ ↔ [α][β]φ [∗] [α∗]φ ↔ φ ∧ [α][α∗]φ K [α](φ → ψ) → ([α]φ → [α]ψ) I [α∗](φ → [α]φ) → (φ → [α∗]φ) C [α∗]∀v>0 (ϕ(v) → αϕ(v − 1)) → ∀v (ϕ(v) → α∗∃v≤0 ϕ(v))

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 4 / 4

Andr´ e Platzer. Differential dynamic logic for hybrid systems.

• J. Autom. Reas., 41(2):143–189, 2008.

Andr´ e Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg, 2010. Andr´ e Platzer. Logics of dynamical systems. In LICS, pages 13–24. IEEE, 2012. Andr´ e Platzer and Jan-David Quesel. KeYmaera: A hybrid theorem prover for hybrid systems. In Alessandro Armando, Peter Baumgartner, and Gilles Dowek, editors, IJCAR, volume 5195 of LNCS, pages 171–178. Springer, 2008.

Andr´ e Platzer (CMU) Teaching CPS Foundations With Contracts CPS-Ed 4 / 4