an axiomatic approach to liveness for differential
play

An Axiomatic Approach to Liveness for Differential Equations Yong - PowerPoint PPT Presentation

Oct 22, 2023 •435 likes •1.09k views

An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1 Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete

  1. An Axiomatic Approach to Liveness for Differential Equations Yong Kiam Tan Andr´ e Platzer Computer Science Department, Carnegie Mellon University FM, 10th Oct 2019 1

  2. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 2

  3. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 3

  4. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise 4

  5. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise Continuous dynamics: x ′ = v , v ′ = a � �� � Ordinary Differential Equations (ODEs) 4

  6. Motivation : Cyber-Physical Systems (CPSs) Hybrid system models enable formal analysis of safety-critical CPSs: Discrete control: if (v > speed_limit) a := -1; //apply brakes else a := 0; //cruise Continuous dynamics: x ′ = v , v ′ = a � �� � ODEs need proofs too! 4

  7. Correctness Specifications for CPSs � Safely under speed limit 5

  8. Correctness Specifications for CPSs � Safely under speed limit � Safely under speed limit 5

  9. Correctness Specifications for CPSs � Safely under speed limit � Gets to destination System is safe and live � Safely under speed limit × Not moving at all! System is safe but not live 5

  10. ODEs and Domain Constraints Ordinary Differential Equation (ODE) � �� � x ′ = f ( x ) ODE : Models continuous physics of the system x' = f ( x ) Trains drive on tracks prescribed by the ODEs. 6

  11. ODEs and Domain Constraints ODE with domain Q � �� � x ′ = f ( x ) & Q Domain : Specifies the domain of definition for ODEs x' = f ( x ) Q There are no train tracks across the national park! 6

  12. ⨯⨯ ⨯ ✓ Safety & Liveness for ODEs ODE with domain Q � �� � x ′ = f ( x ) & Q ] P Safety: [ ���� Safe region ✓ ⨯ ✓ P ✓ Q � Trains stay in Porto ( P ) while driving on tracks. 7

  13. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q � Trains stay in Porto ( P ) while � Trains reach Porto ( P ) by driving driving on tracks. on tracks. 7

  14. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q Prior work: complete invariance � Trains reach Porto ( P ) by driving proofs for ODE safety [LICS’18] on tracks. 7

  15. Safety & Liveness for ODEs ODE with domain Q ODE with domain Q � �� � � �� � x ′ = f ( x ) & Q ] P x ′ = f ( x ) & Q � P Safety: [ Liveness: � ���� ���� Safe region ⨯⨯ Goal region ✓ ⨯ ⨯ ✓ P P ✓ ✓ Q Q Prior work: complete invariance This talk: proving ODE liveness in proofs for ODE safety [LICS’18] differential dynamic logic (dL) 7

  16. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Goals of surveyed paper Differential Variants [1] Liveness proofs for inequalities Bounded/Compact Eventuality [3, 4] Automatic SOS liveness proofs Set Lyapunov Functions [5] Finding basin of attraction Staging Sets + Progress [6] Indirect liveness proofs for P Eq. Differential Variants [7] Synthesizing switching logic Liveness arguments in the literature are used for a wide variety of purposes. 8

  17. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Without Domains With Domains Differential Variants [1] × Bounded/Compact Eventuality [3, 4] × × Set Lyapunov Functions [5] × × Staging Sets + Progress [6] Eq. Differential Variants [7] × × Several arguments have technical glitches, making them unsound ( × ). 8

  18. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � Our approach formalizes the underlying liveness arguments in a sound ( � ), foundational, and uniform framework. It also corrects ( × � � ) the technical glitches. 8

  19. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Understand the core principles behind ODE liveness proofs. Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � 8

  20. An Axiomatic Approach to Liveness for ODEs Why take a logical approach? Understand the core principles behind ODE liveness proofs. Surveyed Liveness Arguments Without Domains With Domains � × � � Differential Variants [1] × � � × � � Bounded/Compact Eventuality [3, 4] Set Lyapunov Functions [5] × � � × � � Staging Sets + Progress [6] � � Eq. Differential Variants [7] × � � × � � Yields generalizations of existing liveness arguments “for free”. New Liveness Arguments Without Domains With Domains - Higher Differential Variants � - [1] + [3, 4] + [6] � - [1] + [3, 4] + [6] + Higher Diff. Var. � 8

  21. Outline Motivation 1 Logical Approach to ODE Liveness 2 Concrete Example 3 More ODE Liveness Arguments 4 9

  22. A Simple Liveness Refinement Portugal Porto Trains that reach Porto also reach Portugal since Porto is part of Portugal. � x ′ = f ( x ) � Porto → � x ′ = f ( x ) � Portugal � 10

  23. A Simple Liveness Refinement Portugal Porto Braga Can train reach Porto if it reaches Braga? Not true for all trains. � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto ? 10

  24. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga → � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � 10

  25. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga → � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � � �� � � �� � Known liveness property Desired liveness property 10

  26. A Simple Liveness Refinement Portugal Porto Braga Must use specific properties of the ODE / train track. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 10

  27. A Simple Liveness Refinement Portugal Porto Braga Key Idea: Liveness arguments can and should be understood using liveness refinement steps. [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 10

  28. ⋀ Diamond Refinement Axioms [ x ′ = f ( x ) & ¬ Porto ] ¬ Braga � � x ′ = f ( x ) � Braga → � x ′ = f ( x ) � Porto � → � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 11

  29. ⋀ Diamond Refinement Axioms [ x ′ = f ( x ) & ¬ P ] ¬ B → � � x ′ = f ( x ) � B →� x ′ = f ( x ) � P � 11

  30. ⋀ Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P → B P B Q Q � �� � � �� � Known liveness property Desired liveness property 11

  31. Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P → → B B P B Q ⋀ ¬ P Q Q � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 11

  32. Diamond Refinement Axioms � � K � & � [ x ′ = f ( x ) & Q ∧ ¬ P ] ¬ B → � x ′ = f ( x ) & Q � B → � x ′ = f ( x ) & Q � P DR �·� [ x ′ = f ( x ) & R ] Q → � � x ′ = f ( x ) & R � P → � x ′ = f ( x ) & Q � P � R R R → → P P Q Q � �� � � �� � � �� � Need to show Known liveness property Desired liveness property 12

Recommend

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan

Deductive Safety and Liveness Verification for Ordinary Differential Equations Yong Kiam Tan Computer Science Department, Carnegie Mellon University INRIA, 30th Apr 2020 1 / 34 Motivation: Cyber-Physical Systems (CPSs) Cyber-Physical System:

1.14k views • 89 slides
Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness

Ch. 10 Avoiding Liveness Hazards J ESPER P EDERSEN N OTANDER Liveness and Safety A liveness property, something good eventually happens. e.g. program termination. A safety property, something bad never happens. e.g.

338 views • 16 slides
O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like

THE LEPTON SECTOR AS AN AXIOMATIC-LIKE CONSTRUCTION O. Kosmachev INTRODUCTION Necessity of conversion to axiomatics. What means axiomatic-like construction? Unique approach and unification of mathematical formalism. STABLE LEPTONS

164 views • 15 slides
An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a

An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a

ICALP01 Hers onisos, Crete, July 2001 An axiomatic approach to metareasoning on nominal algebras in HOAS Marino Miculan Universit` a di Udine, Italy miculan@dimi.uniud.it Joint work with Furio Honsell and Ivan Scagnetto Research

470 views • 25 slides
Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P .

Enforcement is a kind of Update Enforcement in Argumentation is a kind of Update an axiomatic approach of enforcement P . Bisquert, C. Cayrol, F . Dupin de Saint-Cyr, MC. Lagasquie IRIT, Toulouse University, France July 2013 F. Dupin de

752 views • 71 slides
The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek,

The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek,

The Manipulability of Centrality Measures An Axiomatic Approach Tomek Ws, Marcin Waniek, Talal Rahwan, Tomasz Michalak University of Warsaw, NYU Abu Dhabi Motivation Investigation of criminal networks Investigation of criminal networks

754 views • 56 slides
An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr

An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr

An Axiomatic Approach to Time-Dependent Shortest Paths Christos Zaroliagis zaro@ceid.upatras.gr Dept. of Computer Engineering & Informatics Computer Technology Institute & Press University of Patras, Greece Diophantus 1 / 36

1.18k views • 116 slides
9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses

9 Axiomatic semantics 9 .1 OVERVIEW As introduced in chapter 4, the axiomatic method expresses the semantics of a programming language by associating with the language a mathematical theory fo r p roving properties of programs written in

1.02k views • 98 slides
A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A.

A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A.

Introduction Previous methods The new approach Conclusion and prescriptive A New Approach for Formal Reduction of Singular Linear Differential Systems Using Eigenrings M.A. Barkatou, Joelle Saad , J-A. Weil XLIM, Universit de Limoges

881 views • 49 slides
An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh

An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh

Topos Theory Elementary ( , 1) -Topos An Axiomatic Approach to Algebraic Topology: A Theory of Elementary ( , 1)-Toposes Nima Rasekh Max-Planck-Institut f ur Mathematik July 8th, 2019 Nima Rasekh - MPIM A Theory of Elementary ( ,

444 views • 22 slides
Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille

Liveness Checking as Safety Checking FMICS, July 12 13, Malaga, Spain Armin Biere, Cyrille Artho, Viktor Schuppan http://www.inf.ethz.ch/schuppan/ Safety vs. Liveness 1 Safety Liveness Something bad will not Something good will

480 views • 31 slides
The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as

The manifestation of Hilberts Nullstellensatz in Lawveres Axiomatic Cohesion Mat as Menni Conicet and Universidad Nacional de La Plata - Argentina The Nullstellenzatz in Axiomatic Cohesion p. 1/17 A science of cohesion An

940 views • 59 slides
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and

Liveness of Randomised Parameterised Systems under Arbitrary Schedulers Anthony W. Lin and Philipp Ruemmer Summary of results Automatic method for proving liveness for randomised parameterised systems, e.g., Randomised Self-Stabilising

484 views • 45 slides
Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner

Generalized Counterexamples to Liveness Properties Gadi Aleksandrowicz Jason Baumgartner Alexander Ivrii Ziv Nevo IBM Outline Generalized counterexamples to liveness and why they are especially interesting How to detect that a

135 views • 12 slides
Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for

Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for

Characterisation Results COMSOC 2012 Characterisation Results COMSOC 2012 Computational Social Choice: Autumn 2012 Ulle Endriss Approach 1: Axiomatic Method Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss

190 views • 7 slides
Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness:

3/10/10 Proving Program Correctness The Axiomatic Approach What is Correctness? Correctness: partial correctness + termination Partial correctness: Program implements its specification 1 3/10/10 Proving Partial Correctness

420 views • 13 slides
COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties

Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation COMP31212: Concurrency Topic 5.3: Liveness and Topic 5.4 Fairness Topic 5.3: Liveness Properties Topic 5.4: Fairness and Starvation Outline Topic 5.3: Liveness Properties

509 views • 34 slides
An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi

An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi

Motivation and Aim Divisibility theory and unique generation Bezout monoids as an axiomatic divisibility theory Representation theo An axiomatic divisibility theory for commutative rings .c Pha .m Ngo Anh R enyi Institute, Hungary

527 views • 36 slides
Differential Designs: A Relevant Methodological Approach in the Cultural Adaptation Field 9 th

Differential Designs: A Relevant Methodological Approach in the Cultural Adaptation Field 9 th

Differential Designs: A Relevant Methodological Approach in the Cultural Adaptation Field 9 th Annual Conference on the Science of Dissemination and Implementation in Health Washington, D.C., December 2016 Rubn Parra-Cardona Michigan State

748 views • 42 slides
A new approach to control the global error of numerical methods for differential equations (SC

A new approach to control the global error of numerical methods for differential equations (SC

A new approach to control the global error of numerical methods for differential equations (SC 2011 presentation, Cagliari, Italy) G.Yu. Kulikov and R. Weiner CEMAT, Instituto Superior T ecnico, TU Lisbon, Av. Rovisco Pais, 1049-001 Lisboa,

1.23k views • 108 slides
A novel integral transform approach to solving partial differential equations in the curved

A novel integral transform approach to solving partial differential equations in the curved

A novel integral transform approach to solving partial differential equations in the curved space-times Karen Yagdjian University of Texas Rio Grande Valley Microlocal and Global Analysis, Interactions with Geometry Colloquium in honor of

692 views • 42 slides
Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see

Chair of Software Engineering Trusted Components Prof. Dr. Bertrand Meyer Lecture 2: Axiomatic semantics Reading assignment for next week Ariane paper and response (see course page) Axiomatic semantics chapter in Introduction to the

628 views • 30 slides
A Combinatorial Approach to the Analysis of Differential Gene Expression Data The Use of Graph

A Combinatorial Approach to the Analysis of Differential Gene Expression Data The Use of Graph

A Combinatorial Approach to the Analysis of Differential Gene Expression Data The Use of Graph Algorithms for Disease Prediction and Screening The Goal To classify patients based on expression profiles Presence of cancer Type of

488 views • 33 slides
Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin

Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin

UF overview Constructivism MLTT Homotopy hierarchy Constructive Axiomatic Method Constructive Axiomatic Method and Univalent Foundations of Mathematics Andrei Rodin (andrei@philomatica.org) Steklov Mathematical Institute, Saint-Petersburg,

582 views • 41 slides

More recommend