(Belief) Dynamic Doxastic Differential Dynamic Logic (d4L) for - PowerPoint PPT Presentation

(Belief) Dynamic Doxastic Differential Dynamic Logic (d4L) for Belief-Aware Cyber Physical Systems João G. Martins 1,2 , André Platzer 2 , João Leite 1 1 2 1

Cyber-Physical Systems (CPS) Continuous movement Discrete control 2

Belief-aware Cyber-Physical Systems Control altitude 3 Action

Belief-aware Cyber-Physical Systems Control Information ● Sensors are noisy ● Incomplete information ● Imperfect information 4 Action

Belief-aware Cyber-Physical Systems First principles approach 1. Real arithmetic 2. World change 3. Beliefs 4. Belief change 5. Sequent calculus 5

Belief-aware Cyber-Physical Systems What we want ctrl; phys obs ; bt ctrl; phys 6

Belief-aware CPS Logic Foundations: first order real arithmetic Arithmetic operators: +, -, ✕ , ÷ Propositions: <, ≤, >, ≥, = Connectives: ∧ , ∨ , → , ¬ Quantifiers: ∀ , ∃ 7

Belief-aware CPS Logic Changing World Syntax Semantics F → [model] G G l e d o m F G model model G 8

Belief-aware CPS Logic Changing World Syntax x := Θ x’ = f(x) α; β α ∪ β ?F α* 9

Belief-aware CPS Logic Changing World Syntax autopilot := 1 x’ = f(x) α; β α ∪ β ?F α* 10

Belief-aware CPS Logic Changing World Syntax x := Θ alt’ = yvel α; β α ∪ β ?F α* 11

Belief-aware CPS Logic Changing World Syntax x := Θ x’ = f(x) yvel := 1; alt’ = yvel α ∪ β ?F α* 12

Belief-aware CPS Logic Changing World Syntax x := Θ x’ = f(x) α; β yvel := 1 ∪ yvel := -1 ?F α* 13

Belief-aware CPS Logic Changing World Syntax x := Θ x’ = f(x) α; β α ∪ β ?yvel < 1 α* 14

Belief-aware CPS Logic Changing World Syntax x := Θ x’ = f(x) α; β α ∪ β ?F (autopilot := 1 - autopilot)* 15

Belief-aware CPS Logic Belief: possible world semantics B(Low) ¬B(Low) ¬P(High) P(High) L L L L L H 16 draw arrows between worlds, also maybe add forall and exists

⃞ Belief-aware CPS Logic Modalities: overview Universal Existential Universe Logical Reals ∀ ∃ Dynamic Transitions ♢ Doxastic B P Possible worlds 17 draw arrows between worlds, also maybe add forall and exists

Belief-aware CPS Logic Belief-triggered control ?alt > 10 ; yinput := -1 ?B(alt > 10) ; yinput := -1 18

Belief-aware CPS Logic Belief: guiding principles How to learn new information? 19

Belief-aware CPS Logic Learning operator x := Θ Learning as a program x’ = f(x) “Unified” language of change α; β α ∪ β ?F x p := Θ α* α; β L(α) α ∪ β ?F 20

Belief-aware CPS Logic Learning operator α; L(α) L(α) Observable action Suspect α happened ● All outcomes of α possible ● World does not change ● L(α ∪ β) α or β: but which? 21

Belief-aware CPS Logic Learning operator A A Physical world Transition-based change A A Doxastic change A L(A) Possible world s A L(A) A 22

Belief-aware CPS Logic Learning new information [L(A ∪ B)] F A B Multiple possible worlds B Execute at each world ● All transition ● All outcomes indistinguishable ● A A B 23

Belief-aware CPS Logic Belief-aware CPS Logic Doxastic variables Real world State variable: alt Doxastic variable: alt p Possible worlds Belief: B(alt p > 10) Perception 24

Belief-aware CPS Logic Learning and sensors Perfect sensor L(?alt p = alt) L(alt p := alt) Imperfect sensor L(?|alt p - alt| < ε) 25

Belief-aware CPS Logic Calculus for belief change Proof rules for learned programs x p := Θ α ; β α ∪ β ?F 26

Belief-aware CPS Logic Calculus for belief change: assignment Sound rule Syntactic substitution = semantic substitution C ⊢ F(Θ) ● Under admissibility ● C ⊢ [L(x p := Θ)] F(x p ) Technically complex ● 27

Belief-aware CPS Logic Calculus for belief change: sequential composition Sound rule Reduced to non-learned sequential composition C ⊢ [L(α) ; L(β)] F ● C ⊢ [L(α ; β)] F 28

Belief-aware CPS Logic Calculus for belief change: test Sound rule Sound rule C B , C R ⊢ B(F) → G C ⊢ B(F) → G C ⊢ [L(?F)]G C B , C P , C R ⊢ [L(?F)]G Learned Context Current Possibility 29

Belief-aware CPS Logic Calculus for belief change: choice L(?high ∪ ?low) L(?high) ∪ L(?low) L(α ∪ β) ≠ L(α) ∪ L(β) 30

Belief-aware CPS Logic Calculus for belief change: choice Traditional choice rules C ⊢ [α] F ∧ [β] F No longer work C ⊢ [α ∪ β] F Need case distinction C ⊢ ⟨ α ⟩ F ∨ ⟨ β ⟩ F C ⊢ ⟨ α ∪ β ⟩ F 31

Belief-aware CPS Logic Calculus for belief change: choice Sound rules C ⊢ [L(α)] B(F) ∧ [L(β)] B(F) []B, []P, ⟨⟩ B Most conservative of: C ⊢ [L(α ∪ β)] B(F) - Dynamic modality - Doxastic modality C ⊢ ⟨ L(α) ⟩ P(F) ∨ ⟨ L(β) ⟩ P(F) ⟨⟩ P C ⊢ ⟨ L(α ∪ β) ⟩ P(F) 32

Belief-aware CPS Logic Calculus for belief change Theorem: the calculus for world change is sound. [1] Theorem: the calculus for belief change is sound. [1] Platzer, A.: Differential dynamic logic for hybrid systems. J. Autom. Reas. 41(2), 143–189 (2008) 33

Case study: altitude control Overview perceived altitude real altitude Desired altitude = 0 34

Case study: altitude control A new standard pattern Safety pre → [( obs ; btctrl; phys)*] safe 35

Case study: altitude control Full model T > 0 ∧ alt > 0 ∧ ε > 0 → [( obs L(?alt p - alt < ε); btctrl ?B(alt p - T - ε > 0); yv := -1 ∪ ?P(alt p - T - ε ≤ 0); yv := 1 phys t := 0; t’ = 1, alt’ = yv & t < T ✓ verified )*] alt > 0 36

Case study: altitude control Devil’s advocate: modeling trick T > 0 ∧ alt > 0 ∧ ε > 0 → [( obs L(?alt p - alt < ε); btctrl ?B(alt p - T - ε > 0); yv := -1 ∪ ?P(alt p - T - ε ≤ 0); yv := 1 phys t := 0; t’ = 1, alt’ = yv & t < T )*] alt > 0 37

Case study: altitude control Modeling trick: limitations Relies on modal resolution of nondeterminism Only for safety ⃞ , not liveness ♢ ● Changes arithmetic ?P(alt p - T - ε > A) becomes ?alt p - T + ε > A ● Obscures doxastic intuitions ● Quickly becomes complex ● 38

Conclusion d4L: a logic for verifying belief-aware CPS Theoretical Semantics for changing belief in a changing world ● General learning operator ● Sequent calculus in the reals ● Practical Belief-triggered controllers ● First principles verification for belief-aware CPS ● 39

Thank you Questions? 40

Appendix Suggested questions ;) Test, possibility & completeness ● Beliefs about beliefs ● Repeated contraction of possible worlds ● Learning in uncountable domains ● Doxastic assignment, x p := Θ vs x := Θ ● Learning operator semantics ● 41

Appendix Possibility & completeness C B , C R ⊢ B(F) → G C B , C P , C R ⊢ [L(?F)]G ¬F F P P VS Hard to know F ¬F which P to keep 42

Appendix Belief: requirements Desired axiom Impossible in Kripke models B a (F) → [L b (α)] B a (F) No calculus, but easy semantics 43

Appendix Belief: contraction of possible worlds Nondeterministic assignment Nondeterministic doxastic assignment x := * ≡ x’ =1; x’ = -1 x p := * L(x p := *; ?F(x p )) 44

Appendix Learning in uncountable domains Action model/Epistemic actions [ A , e ] G ↔ ⋀ eRf [ A , f ] G Conjunction of all possible worlds Impossible for reals ● 45

Appendix Doxastic assignment vs regular assignment Unsound proof rule Still unsound proof rule C ⊢ [L(x := Θ) ; L(β(x))] F C ⊢ [L(x := Θ) ; L(β(x p ))] F C ⊢ [L(x := Θ; β(x))] F C ⊢ [L(x := Θ; β(x))] F 46

Appendix Learning operator semantics 47