04 safety contracts
play

04: Safety & Contracts 15-424: Foundations of Cyber-Physical - PowerPoint PPT Presentation

04: Safety & Contracts 15-424: Foundations of Cyber-Physical Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e


  1. 04: Safety & Contracts 15-424: Foundations of Cyber-Physical Systems Andr´ e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 1 / 7

  2. Outline Learning Objectives 1 Quantum the Acrophobic Bouncing Ball 2 Contracts for CPS 3 Safety of Robots Safety of Bouncing Balls Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 2 / 7

  3. Outline Learning Objectives 1 Quantum the Acrophobic Bouncing Ball 2 Contracts for CPS 3 Safety of Robots Safety of Bouncing Balls Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 2 / 7

  4. Learning Objectives: Safety & Contracts rigorous specification contracts preconditions postconditions differential dynamic logic CT M&C CPS discrete+continuous model semantics analytic reasoning reasoning principles Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 3 / 7

  5. Outline Learning Objectives 1 Quantum the Acrophobic Bouncing Ball 2 Contracts for CPS 3 Safety of Robots Safety of Bouncing Balls Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 3 / 7

  6. Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  7. Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0 Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  8. Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  9. Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  10. Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  11. Quantum Discovered a Crack in the Fabric of Time Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  12. Quantum Discovered a Crack in the Fabric of Time x j 12 10 8 6 4 2 t t 0 t 1 t 2 t 3 t 4 t 5 t 6 Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  13. Quantum Discovered a Crack in the Fabric of Time x j 12 11 j 10 9 12 8 10 7 6 8 5 6 4 3 4 2 2 1 t t t 0 t 1 t 2 t 3 t 4 t 5 t 6 t 0 t 1 t 2 t 3 t 4 t 5 t 6 Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  14. Outline Learning Objectives 1 Quantum the Acrophobic Bouncing Ball 2 Contracts for CPS 3 Safety of Robots Safety of Bouncing Balls Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 4 / 7

  15. Safety of Robots Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

  16. Safety of Robots Three Laws of Robotics Isaac Asimov 1 A robot may not injure a human being or, through inaction, allow a human being to come to harm. 2 A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law. 3 A robot must protect its own existence as long as such protection does not conflict with the First or Second Law. Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

  17. Safety of Robots Three Laws of Robotics Isaac Asimov 1 A robot may not injure a human being or, through inaction, allow a human being to come to harm. 2 A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law. 3 A robot must protect its own existence as long as such protection does not conflict with the First or Second Law. Three Laws of Robotics are not the answer. They are the inspiration! Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 5 / 7

  18. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  19. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @ensures (0 ≤ x ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  20. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @ensures (0 ≤ x ) @ensures ( x ≤ H ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  21. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @requires ( x = H ) @ensures (0 ≤ x ) @ensures ( x ≤ H ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  22. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @requires ( x = H ) @requires (0 ≤ H ) @ensures (0 ≤ x ) @ensures ( x ≤ H ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  23. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @requires ( x = H ) @requires (0 ≤ H ) @ensures (0 ≤ x ) @ensures ( x ≤ H ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ @invariant ( x ≥ 0) if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  24. Contracts for Quantum the Acrophobic Bouncing Ball Example (Quantum the Bouncing Ball) @requires ( x = H ) @requires (0 ≤ H ) @ensures (0 ≤ x ) @ensures ( x ≤ H ) x ′ = v , v ′ = − g & x ≥ 0; � � ∗ @invariant ( x ≥ 0) if ( x = 0) v := − cv Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 6 / 7

  25. Developed on the board: 1 Differential dynamic logic d L as a precise specification language for CPS 2 Translation of contracts for bouncing ball to logical formula in d L 3 Syntax and semantics of d L See lecture notes for details [1]. Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 7 / 7

  26. Andr´ e Platzer. Foundations of cyber-physical systems. Lecture Notes 15-424/624, Carnegie Mellon University, 2016. URL: http://www.cs.cmu.edu/~aplatzer/course/fcps16.html . Andr´ e Platzer. Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics . Springer, Heidelberg, 2010. doi:10.1007/978-3-642-14509-4 . Andr´ e Platzer (CMU) FCPS / 04: Safety & Contracts 7 / 7

Recommend


More recommend