08: Events & Responses 15-424: Foundations of Cyber-Physical - PowerPoint PPT Presentation

08: Events & Responses 15-424: Foundations of Cyber-Physical Systems Andr´ e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 1 / 20

Outline Learning Objectives 1 The Need for Control 2 Quantum the Ping Pong Ball Cartesian Demon Determinizing Ping Pong Balls Event-triggered Control 3 Evolution Domains Detect Events Non-negotiability of Physics Splitting and Connecting Evolution Domains Firing of Events Physics vs. Control Proof 4 Loop Invariants Summary 5 Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 2 / 20

Outline Learning Objectives 1 The Need for Control 2 Quantum the Ping Pong Ball Cartesian Demon Determinizing Ping Pong Balls Event-triggered Control 3 Evolution Domains Detect Events Non-negotiability of Physics Splitting and Connecting Evolution Domains Firing of Events Physics vs. Control Proof 4 Loop Invariants Summary 5 Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 2 / 20

Learning Objectives Events & Responses using loop invariants design event-triggered control CT M&C CPS modeling CPS semantics of event-triggered control event-triggered control operational effects continuous sensing model-predictive control feedback mechanisms control vs. physics Cartesian Demons Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 3 / 20

Outline Learning Objectives 1 The Need for Control 2 Quantum the Ping Pong Ball Cartesian Demon Determinizing Ping Pong Balls Event-triggered Control 3 Evolution Domains Detect Events Non-negotiability of Physics Splitting and Connecting Evolution Domains Firing of Events Physics vs. Control Proof 4 Loop Invariants Summary 5 Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 3 / 20

Quantum the Safely Bored Bouncing Ball Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; (? x =0; v := − cv ∪ ? x � =0) � ∗ ](0 ≤ x ∧ x ≤ H ) � [ @invariant (2 gx = 2 gH − v 2 ∧ x ≥ 0) Proof Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 4 / 20

Quantum the Safely Bored Bouncing Ball Can be improved. . . Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 = c → x ′ = v , v ′ = − g & x ≥ 0; (? x =0; v := − cv ∪ ? x � =0) � ∗ ](0 ≤ x ∧ x ≤ H ) � [ @invariant (2 gx = 2 gH − v 2 ∧ x ≥ 0) Proof Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 4 / 20

Quantum the Safely Bored Bouncing Ball Can be improved. . . Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; (? x =0; v := − cv ∪ ? x � =0) � ∗ ](0 ≤ x ∧ x ≤ H ) � [ @invariant (2 gx = 2 gH − v 2 ∧ x ≥ 0) Proof Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 4 / 20

Quantum the Daring Ping Pong Ball Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ? x � =0) (0 ≤ x ≤ 5) Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 5 / 20

Quantum the Daring Ping Pong Ball Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ?4 ≤ x ≤ 5; v := − fv ∪ ? x � =0) (0 ≤ x ≤ 5) Ask Ren´ e Descartes Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 5 / 20

Cartesian Doubt: Ren´ e Descartes’s Cartesian Demon 1641 Outwit the Cartesian Demon Skeptical about the truth of all beliefs until justification has been found. Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 6 / 20

Quantum the Daring Ping Pong Ball Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ?4 ≤ x ≤ 5; v := − fv ∪ ? x � =0) (0 ≤ x ≤ 5) Ask Ren´ e Descartes Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 7 / 20

Quantum the Daring Ping Pong Ball Could run instead of control Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ?4 ≤ x ≤ 5; v := − fv ∪ ? x � =0) (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 7 / 20

Quantum the Daring Ping Pong Ball No bounce at event Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ?4 ≤ x ≤ 5; v := − fv ∪ ? x � =0 ∧ x < 4 ∨ x > 5) (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 7 / 20

Quantum the Daring Ping Pong Ball Could miss this event Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → x ′ = v , v ′ = − g & x ≥ 0; �� � ∗ � (? x =0; v := − cv ∪ ?4 ≤ x ≤ 5; v := − fv ∪ ? x � =0 ∧ x < 4 ∨ x > 5) (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 7 / 20

Quantum the Deterministically Daring Ping Pong Ball Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 8 / 20

Quantum the Deterministically Daring Ping Pong Ball Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 8 / 20

Quantum the Deterministically Daring Ping Pong Ball Could also miss if-then event Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 8 / 20

Outline Learning Objectives 1 The Need for Control 2 Quantum the Ping Pong Ball Cartesian Demon Determinizing Ping Pong Balls Event-triggered Control 3 Evolution Domains Detect Events Non-negotiability of Physics Splitting and Connecting Evolution Domains Firing of Events Physics vs. Control Proof 4 Loop Invariants Summary 5 Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 8 / 20

Evolution Domains Detect Events Evolution domains detect events x ′ = f ( x ) & Q Evolution domain Q of a differential equation is responsible for detecting events. Q can stop physics whenever an event happens on which the control wants to take action. x w Q u t r 0 x ′ = f ( x ) & Q Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 9 / 20

Quantum the Deterministically Daring Ping Pong Ball Could also miss if-then event Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 10 / 20

Quantum the Deterministically Daring Ping Pong Ball Domain as event trap? Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 ∧ 4 ≤ x ≤ 5 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 10 / 20

Quantum the Deterministically Daring Ping Pong Ball Broken physics: Always event Conjecture (Quantum can play ping pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 ∧ 4 ≤ x ≤ 5 } ; �� � ∗ � if ( x =0) v := − cv else if (4 ≤ x ≤ 5) v := − fv (0 ≤ x ≤ 5) Ask Ren´ e Descartes who says no! Proof? Andr´ e Platzer (CMU) FCPS / 08: Events & Responses 10 / 20