Outline Motivation 1 Differential Dynamic Logic d L 2 Axiomatization 3 Differential Cuts, Differential Ghosts & Differential Invariants 4 Differential Invariants Differential Cuts Differential Ghosts Survey 5 Applications 6 Ground Robots Summary 7 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 10 / 39
Proofs for Hybrid Systems φ θ φ φ θ x x x := θ v w [ x := θ ] φ Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 11 / 39
Proofs for Hybrid Systems φ θ φ φ θ x x x := θ v w [ x := θ ] φ x ′ = f ( x ) v w ∀ t ≥ 0 [ x := y x ( t )] φ [ x ′ = f ( x )] φ φ Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 11 / 39
Proofs for Hybrid Systems φ θ φ φ θ x x x := θ v w [ x := θ ] φ x ′ = f ( x ) v w ∀ t ≥ 0 [ x := y x ( t )] φ [ x ′ = f ( x )] φ φ x := y x ( t ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 11 / 39
Proofs for Hybrid Systems compositional semantics ⇒ compositional rules! Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Proofs for Hybrid Systems w 1 φ α [ α ] φ ∧ [ β ] φ v α ∪ β [ α ∪ β ] φ β w 2 φ Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Proofs for Hybrid Systems w 1 φ α [ α ] φ ∧ [ β ] φ v α ∪ β [ α ∪ β ] φ β w 2 φ α ; β [ α ][ β ] φ v s w [ α ; β ] φ α β [ α ][ β ] φ [ β ] φ φ Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Proofs for Hybrid Systems w 1 φ α [ α ] φ ∧ [ β ] φ v α ∪ β [ α ∪ β ] φ β w 2 φ α ; β [ α ][ β ] φ v s w [ α ; β ] φ α β [ α ][ β ] φ [ β ] φ φ α ∗ φ ( φ → [ α ] φ ) φ φ φ → [ α ] φ [ α ∗ ] φ v w α α α Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Outline Motivation 1 Differential Dynamic Logic d L 2 Axiomatization 3 Differential Cuts, Differential Ghosts & Differential Invariants 4 Differential Invariants Differential Cuts Differential Ghosts Survey 5 Applications 6 Ground Robots Summary 7 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Differential Cuts, Differential Ghosts & Differential Invariants CUT! Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 12 / 39
Air Traffic Control Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control Verification? looks correct Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control Verification? looks correct NO! Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control ς y 2 ̺ ω e x 2 d x 1 y 1 x ′ 1 = − v 1 + v 2 cos ϑ + ω x 2 x ′ 2 = v 2 sin ϑ − ω x 1 ϑ ′ = ̟ − ω Verification? looks correct NO! Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control ς y 2 ̺ ω e x 2 d x 1 y 1 x ′ 1 = − v 1 + v 2 cos ϑ + ω x 2 x ′ 2 = v 2 sin ϑ − ω x 1 ϑ ′ = ̟ − ω Example (“Solving” differential equations) 1 � x 1 ( t ) = x 1 ω̟ cos t ω − v 2 ω cos t ω sin ϑ + v 2 ω cos t ω cos t ̟ sin ϑ − v 1 ̟ sin t ω ω̟ � 1 − sin ϑ 2 sin t ω + x 2 ω̟ sin t ω − v 2 ω cos ϑ cos t ̟ sin t ω − v 2 ω � + v 2 ω cos ϑ cos t ω sin t ̟ + v 2 ω sin ϑ sin t ω sin t ̟ . . . Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
Air Traffic Control ς y 2 ̺ ω e x 2 d x 1 y 1 x ′ 1 = − v 1 + v 2 cos ϑ + ω x 2 x ′ 2 = v 2 sin ϑ − ω x 1 ϑ ′ = ̟ − ω Example (“Solving” differential equations) 1 � ∀ t ≥ 0 x 1 ω̟ cos t ω − v 2 ω cos t ω sin ϑ + v 2 ω cos t ω cos t ̟ sin ϑ − v 1 ̟ sin t ω ω̟ � 1 − sin ϑ 2 sin t ω + x 2 ω̟ sin t ω − v 2 ω cos ϑ cos t ̟ sin t ω − v 2 ω � + v 2 ω cos ϑ cos t ω sin t ̟ + v 2 ω sin ϑ sin t ω sin t ̟ . . . Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 13 / 39
\forall R ts2. ( 0 <= ts2 & ts2 <= t2_0 -> ( (om_1)^-1 * (omb_1)^-1 * ( om_1 * omb_1 * x1 * Cos(om_1 * ts2) + om_1 * v2 * Cos(om_1 * ts2) * (1 + -1 * (Cos(u))^2)^(1 / 2) + -1 * omb_1 * v1 * Sin(om_1 * ts2) + om_1 * omb_1 * x2 * Sin(om_1 * ts2) + om_1 * v2 * Cos(u) * Sin(om_1 * ts2) + -1 * om_1 * v2 * Cos(omb_1 * ts2) * Cos(u) * Sin(om_1 * ts2) + om_1 * v2 * Cos(om_1 * ts2) * Cos(u) * Sin(omb_1 * ts2) + om_1 * v2 * Cos(om_1 * ts2) * Cos(omb_1 * ts2) * Sin(u) + om_1 * v2 * Sin(om_1 * ts2) * Sin(omb_1 * ts2) * Sin(u))) ^2 + ( (om_1)^-1 * (omb_1)^-1 * ( -1 * omb_1 * v1 * Cos(om_1 * ts2) + om_1 * omb_1 * x2 * Cos(om_1 * ts2) + omb_1 * v1 * (Cos(om_1 * ts2))^2 + om_1 * v2 * Cos(om_1 * ts2) * Cos(u) + -1 * om_1 * v2 * Cos(om_1 * ts2) * Cos(omb_1 * ts2) * Cos(u) + -1 * om_1 * omb_1 * x1 * Sin(om_1 * ts2) + -1 * om_1 * v2 * (1 + -1 * (Cos(u))^2)^(1 / 2) * Sin(om_1 * ts2) + omb_1 * v1 * (Sin(om_1 * ts2))^2 + -1 * om_1 * v2 * Cos(u) * Sin(om_1 * ts2) * Sin(omb_1 * ts2) + -1 * om_1 * v2 * Cos(omb_1 * ts2) * Sin(om_1 * ts2) * Sin(u) + om_1 * v2 * Cos(om_1 * ts2) * Sin(omb_1 * ts2) * Sin(u))) ^2 >= (p)^2), t2_0 >= 0, x1^2 + x2^2 >= (p)^2 ==> Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
\forall R t7. ( t7 >= 0 -> ( (om_3)^-1 * ( om_3 * ( (om_1)^-1 * (omb_1)^-1 * ( om_1 * omb_1 * x1 * Cos(om_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * (1 + -1 * (Cos(u))^2)^(1 / 2) + -1 * omb_1 * v1 * Sin(om_1 * t2_0) + om_1 * omb_1 * x2 * Sin(om_1 * t2_0) + om_1 * v2 * Cos(u) * Sin(om_1 * t2_0) + -1 * om_1 * v2 * Cos(omb_1 * t2_0) * Cos(u) * Sin(om_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * Cos(u) * Sin(omb_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * Cos(omb_1 * t2_0) * Sin(u) + om_1 * v2 * Sin(om_1 * t2_0) * Sin(omb_1 * t2_0) * Sin(u))) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
* Cos(om_3 * t5) + v2 * Cos(om_3 * t5) * ( 1 + -1 * (Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4))^2) ^(1 / 2) + -1 * v1 * Sin(om_3 * t5) + om_3 * ( (om_1)^-1 * (omb_1)^-1 * ( -1 * omb_1 * v1 * Cos(om_1 * t2_0) + om_1 * omb_1 * x2 * Cos(om_1 * t2_0) + omb_1 * v1 * (Cos(om_1 * t2_0))^2 + om_1 * v2 * Cos(om_1 * t2_0) * Cos(u) + -1 * om_1 * v2 * Cos(om_1 * t2_0) * Cos(omb_1 * t2_0) * Cos(u) + -1 * om_1 * omb_1 * x1 * Sin(om_1 * t2_0) + -1 * om_1 * v2 * (1 + -1 * (Cos(u))^2)^(1 / 2) * Sin(om_1 * t2_0) + omb_1 * v1 * (Sin(om_1 * t2_0))^2 + -1 * om_1 * v2 * Cos(u) * Sin(om_1 * t2_0) * Sin(omb_1 * t2_0) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
+ -1 * om_1 * v2 * Cos(omb_1 * t2_0) * Sin(om_1 * t2_0) * Sin(u) + om_1 * v2 * Cos(om_1 * t2_0) * Sin(omb_1 * t2_0) * Sin(u))) * Sin(om_3 * t5) + v2 * Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4) * Sin(om_3 * t5) + v2 * (Cos(om_3 * t5))^2 * Sin(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4) + v2 * (Sin(om_3 * t5))^2 * Sin(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4))) ^2 + ( (om_3)^-1 * ( -1 * v1 * Cos(om_3 * t5) + om_3 * ( (om_1)^-1 * (omb_1)^-1 * ( -1 * omb_1 * v1 * Cos(om_1 * t2_0) + om_1 * omb_1 * x2 * Cos(om_1 * t2_0) + omb_1 * v1 * (Cos(om_1 * t2_0))^2 + om_1 * v2 * Cos(om_1 * t2_0) * Cos(u) + -1 * om_1 * v2 * Cos(om_1 * t2_0) * Cos(omb_1 * t2_0) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39 * Cos(u)
+ -1 * om_1 * omb_1 * x1 * Sin(om_1 * t2_0) + -1 * om_1 * v2 * (1 + -1 * (Cos(u))^2)^(1 / 2) * Sin(om_1 * t2_0) + omb_1 * v1 * (Sin(om_1 * t2_0))^2 + -1 * om_1 * v2 * Cos(u) * Sin(om_1 * t2_0) * Sin(omb_1 * t2_0) + -1 * om_1 * v2 * Cos(omb_1 * t2_0) * Sin(om_1 * t2_0) * Sin(u) + om_1 * v2 * Cos(om_1 * t2_0) * Sin(omb_1 * t2_0) * Sin(u))) * Cos(om_3 * t5) + v1 * (Cos(om_3 * t5))^2 + v2 * Cos(om_3 * t5) * Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4) + -1 * v2 * (Cos(om_3 * t5))^2 * Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
+ -1 * om_3 * ( (om_1)^-1 * (omb_1)^-1 * ( om_1 * omb_1 * x1 * Cos(om_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * (1 + -1 * (Cos(u))^2)^(1 / 2) + -1 * omb_1 * v1 * Sin(om_1 * t2_0) + om_1 * omb_1 * x2 * Sin(om_1 * t2_0) + om_1 * v2 * Cos(u) * Sin(om_1 * t2_0) + -1 * om_1 * v2 * Cos(omb_1 * t2_0) * Cos(u) * Sin(om_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * Cos(u) * Sin(omb_1 * t2_0) + om_1 * v2 * Cos(om_1 * t2_0) * Cos(omb_1 * t2_0) * Sin(u) + om_1 * v2 * Sin(om_1 * t2_0) * Sin(omb_1 * t2_0) * Sin(u))) * Sin(om_3 * t5) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
+ -1 * v2 * ( 1 + -1 * (Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4))^2) ^(1 / 2) * Sin(om_3 * t5) + v1 * (Sin(om_3 * t5))^2 + -1 * v2 * Cos(-1 * om_1 * t2_0 + omb_1 * t2_0 + u + Pi / 4) * (Sin(om_3 * t5))^2)) ^2 >= (p)^2) This is just one branch to prove for aircraft . . . Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 14 / 39
Differential Invariants for Differential Equations “Definition” (Differential Invariant) “Formula that remains true in the direction of the dynamics” Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 15 / 39
Differential Invariants for Differential Equations “Definition” (Differential Invariant) “Formula that remains true in the direction of the dynamics” Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 15 / 39
Differential Invariants for Differential Equations “Definition” (Differential Invariant) “Formula that remains true in the direction of the dynamics” Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 15 / 39
Differential Invariants: Local Dynamics w/o Solutions Definition (Differential Invariant) (J.Log.Comput. 2010) F closed under total differentiation with respect to differential constraints Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 16 / 39
Differential Invariants: Local Dynamics w/o Solutions Definition (Differential Invariant) (J.Log.Comput. 2010) F closed under total differentiation with respect to differential constraints F ¬ F ¬ F ( χ → F ′ ) χ → F → [ x ′ = θ & χ ] F F → [ α ] F F → [ α ∗ ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 16 / 39
Differential Invariants: Local Dynamics w/o Solutions Definition (Differential Invariant) (J.Log.Comput. 2010) F closed under total differentiation with respect to differential constraints F ¬ χ F ¬ F F ( χ → F ′ ) χ → F → [ x ′ = θ & χ ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 16 / 39
Differential Invariants: Local Dynamics w/o Solutions Definition (Differential Invariant) (J.Log.Comput. 2010) F closed under total differentiation with respect to differential constraints F ¬ χ F ¬ F F ( χ → F ′ ) ( ¬ F ∧ χ → F ′ ≫ ) χ → F → [ x ′ = θ & χ ] F [ x ′ = θ & ¬ F ] χ →� x ′ = θ & χ � F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 16 / 39
Differential Invariants: Local Dynamics w/o Solutions Definition (Differential Invariant) (J.Log.Comput. 2010) F closed under total differentiation with respect to differential constraints F ¬ χ F ¬ F F ( χ → F ′ ) ( ¬ F ∧ χ → F ′ ≫ ) χ → F → [ x ′ = θ & χ ] F [ x ′ = θ & ¬ F ] χ →� x ′ = θ & χ � F Total differential F ′ of formulas ? Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 16 / 39
Differential Invariants for Aircraft Roundabouts 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y c x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts ∂ � x − y � 2 1 + ∂ � x − y � 2 1 + ∂ � x − y � 2 2 + ∂ � x − y � 2 2 ≥ ∂ p 2 x ′ y ′ x ′ y ′ ∂ x 1 x ′ 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y c x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts ∂ � x − y � 2 1 + ∂ � x − y � 2 1 + ∂ � x − y � 2 2 + ∂ � x − y � 2 2 ≥ ∂ p 2 x ′ y ′ x ′ y ′ ∂ x 1 x ′ 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y c x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y c x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y c x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d ∂ ( d 1 − e 1 ) 1 + ∂ ( d 1 − e 1 ) 1 = − ∂ω ( x 2 − y 2 ) 2 − ∂ω ( x 2 − y 2 ) d ′ e ′ x ′ y ′ 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d ∂ ( d 1 − e 1 ) 1 + ∂ ( d 1 − e 1 ) 1 = − ∂ω ( x 2 − y 2 ) 2 − ∂ω ( x 2 − y 2 ) d ′ e ′ x ′ y ′ 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d ∂ ( d 1 − e 1 ) ( − ω d 2 ) + ∂ ( d 1 − e 1 ) ( − ω e 2 ) = − ∂ω ( x 2 − y 2 ) d 2 − ∂ω ( x 2 − y 2 ) e 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants for Aircraft Roundabouts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ y e y − c x e x d − e d − ω d 2 + ω e 2 = − ω ( d 2 − e 2 ) ∂ ( d 1 − e 1 ) ( − ω d 2 ) + ∂ ( d 1 − e 1 ) ( − ω e 2 ) = − ∂ω ( x 2 − y 2 ) d 2 − ∂ω ( x 2 − y 2 ) e 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants & Differential Cuts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ Proposition (Differential cut saturation) C differential invariant of [ x ′ = θ & H ] φ , then [ x ′ = θ & H ] φ [ x ′ = θ & H ∧ C ] φ iff − ω d 2 + ω e 2 = − ω ( d 2 − e 2 ) ∂ ( d 1 − e 1 ) ( − ω d 2 ) + ∂ ( d 1 − e 1 ) ( − ω e 2 ) = − ∂ω ( x 2 − y 2 ) d 2 − ∂ω ( x 2 − y 2 ) e 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
Differential Invariants & Differential Cuts 2( x 1 − y 1 )( − ω ( x 2 − y 2 )) + 2( x 2 − y 2 ) ω ( x 1 − y 1 ) ≥ 0 2( x 1 − y 1 )( d 1 − e 1 ) + 2( x 2 − y 2 )( d 2 − e 2 ) ≥ 0 ∂ � x − y � 2 d 1 + ∂ � x − y � 2 e 1 + ∂ � x − y � 2 d 2 + ∂ � x − y � 2 e 2 ≥ ∂ p 2 ∂ x 1 d 1 . . . ∂ x 1 ∂ y 1 ∂ x 2 ∂ y 2 2 = ω d 1 , .. ]( x 1 − y 1 ) 2 + ( x 2 − y 2 ) 2 ≥ p 2 [ x ′ 1 = d 1 , d ′ 1 = − ω d 2 , x ′ 2 = d 2 , d ′ refine dynamics by differential cut − ω d 2 + ω e 2 = − ω ( d 2 − e 2 ) ∂ ( d 1 − e 1 ) ( − ω d 2 ) + ∂ ( d 1 − e 1 ) ( − ω e 2 ) = − ∂ω ( x 2 − y 2 ) d 2 − ∂ω ( x 2 − y 2 ) e 2 ∂ d 1 ∂ e 1 ∂ x 2 ∂ y 2 .. → [ d ′ 1 = − ω d 2 , e ′ 1 = − ω e 2 , x ′ 2 = d 2 , d ′ 2 = ω d 1 , .. ] d 1 − e 1 = − ω ( x 2 − y 2 ) Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 17 / 39
The Structure of Differential Invariants Theorem (Closure properties of differential invariants) (LMCS 2012) Closed under conjunction, differentiation, and propositional equivalences. Theorem (Differential Invariance Chart) (LMCS 2012) DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ DI = , ∧ , ∨ DI = DI DI >, ∧ , ∨ DI >, = , ∧ , ∨ DI > Theorem (Structure of invariant equations / differential cuts)(ITP’12) Differential invariants and invariants form chain of differential ideals. Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 18 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 19 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Theorem (Gentzen’s Cut Elimination) (1935) A → B ∨ C A ∧ C → B cut can be eliminated A → B Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Cuts: Change Dynamics, Not System F → [ x ′ = θ & H ] C F → [ x ′ = θ & ( H ∧ C )] F F → [ x ′ = θ & H ] F Theorem (Gentzen’s Cut Elimination) (1935) A → B ∨ C A ∧ C → B cut can be eliminated A → B Theorem (No Differential Cut Elimination) (LMCS 2012) Deductive power with differential cut exceeds deductive power without. DCI > DI Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 20 / 39
Differential Auxiliaries: Prove in Extra Dimensions ψ → [ x ′ = θ, y ′ = ϑ & H ] ψ φ ↔ ∃ y ψ φ → [ x ′ = θ & H ] φ if y ′ = ϑ has solution y : [0 , ∞ ) → R n Theorem (Auxiliary Differential Variables) (LMCS 2012) Deductive power with differential auxiliaries exceeds power without. DCI + DA > DCI x x ′ = θ 0 t Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 21 / 39
Differential Auxiliaries: Prove in Extra Dimensions ψ → [ x ′ = θ, y ′ = ϑ & H ] ψ φ ↔ ∃ y ψ φ → [ x ′ = θ & H ] φ if y ′ = ϑ has solution y : [0 , ∞ ) → R n Theorem (Auxiliary Differential Variables) (LMCS 2012) Deductive power with differential auxiliaries exceeds power without. DCI + DA > DCI y ′ = ϑ x x ′ = θ 0 t Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 21 / 39
Differential Auxiliaries: Prove in Extra Dimensions ψ → [ x ′ = θ, y ′ = ϑ & H ] ψ φ ↔ ∃ y ψ φ → [ x ′ = θ & H ] φ if y ′ = ϑ has solution y : [0 , ∞ ) → R n Theorem (Auxiliary Differential Variables) (LMCS 2012) Deductive power with differential auxiliaries exceeds power without. DCI + DA > DCI y ′ = ϑ x ψ x ′ = θ 0 t Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 21 / 39
Outline Motivation 1 Differential Dynamic Logic d L 2 Axiomatization 3 Differential Cuts, Differential Ghosts & Differential Invariants 4 Differential Invariants Differential Cuts Differential Ghosts Survey 5 Applications 6 Ground Robots Summary 7 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 21 / 39
Family of Differential Dynamic Logics e o n c t t e i n r c u s o i u d s l a stochastic i r a s r nondet e v d a Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 22 / 39
Family of Differential Dynamic Logics differential dynamic logic [ α ] φ φ d L = DL + HP α e o n c t t e i n r c u s o i u d s differential game logic stochastic differential DL dG L = GL + HG Sd L = DL + SHP l a stochastic i r a s r nondet e v d � α � φ � α � φ a φ φ quantified differential DL Qd L = FOL + DL + QHP Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 22 / 39
F ¬ χ F [ α ] � φ ¬ F φ α F � α � P φ P ( φ ) ψ → [ α ] φ ψ → [ α ] φ ψ → [ α ] φ ψ → [ α ] φ KeYmaera Prover Solvers Input File Strategy Mathematica Rule QEPCAD Rule Engine Proof base Orbital 16 ψ → [ α ] φ 16 16 16 8 8 8 ∗ 4 4 4 � ∗ 2 2 2 1 1 � c � Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 23 / 39 ∪
Successful Hybrid Systems Proofs 0 * [SB := ((amax / b + 1) * ep * v + (v ^ 2 - d ^ 2) / (2 * b) + ((amax / b + 1) * amax * ep ^ 2) / 2)] far 1 [do := d] [state := brake] [?v <= vdes] [?v >= vdes] 2 10 13 neg [mo := m] 8 [a := *] [a := *] 3 11 14 [m := *] [?a >= 0 & a <= amax] [?a <= 0 & a >= -b] 4 12 15 [d := *] cor 5 24 [vdes := *] [?m - z <= SB | state = brake] [?m - z >= SB & state != brake] * 6 17 [?d >= 0 & do ^ 2 - d ^ 2 <= 2 * b * (m - mo) & vdes >= 0] [a := -b] 19 7 18 17 28 [t := 0] rec fsa 21 [{z‘ = v, v‘ = a, t‘ = 1, v >= 0 & t <= ep}] 22 31 � � y t i x e c c c � � � e n t � r y x x y � z ¯ ϑ y 2 y � ̟ ω e x c x 2 � d x x 1 y 1 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 24 / 39
Successful Hybrid Systems Proofs ( r x , r y ) f y ( v x , v y ) e y x b ( l x , l y ) e x f x Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 24 / 39
Successful Hybrid Systems Proofs � z x � i � d � i � x � l � y � 2 minr � i � � � i r n x � j � i m p x � k � disc � i � x � i � c � x � m � x 3.5 3.5 3.0 3.0 2.5 2.5 2.0 2.0 1.5 1.5 1.0 1.0 0.5 0.5 0.0 0.0 0 1 2 3 4 5 6 0 1 2 3 4 5 6 0.3 0.2 1 0.3 0.2 0.1 0.2 0.4 0.6 0.8 1.0 0.1 - 1 0.0 5 10 15 20 � 0.1 � 0.1 � 0.2 � 0.3 � 0.2 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 24 / 39 � 0.3
Outline Motivation 1 Differential Dynamic Logic d L 2 Axiomatization 3 Differential Cuts, Differential Ghosts & Differential Invariants 4 Differential Invariants Differential Cuts Differential Ghosts Survey 5 Applications 6 Ground Robots Summary 7 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 24 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 0.2 a v p 2.5 p x 0.8 0.1 2.0 10 t 0.6 2 4 6 8 1.5 0.4 � 0.1 1.0 p y � 0.2 0.2 0.5 � 0.3 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 25 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 0.2 a d Ω 1.0 d x 0.00008 0.1 0.8 0.00006 10 t 0.6 2 4 6 8 0.00004 � 0.1 0.4 0.00002 � 0.2 0.2 10 t 2 4 6 8 � 0.3 d y 10 t 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 25 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a 1.0 v p 0.2 8 0.8 10 t 2 4 6 8 6 0.6 � 0.2 p x 4 0.4 � 0.4 � 0.6 0.2 2 p y � 0.8 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 26 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a d Ω 1.0 d x 0.2 0.5 10 t 2 4 6 8 0.5 10 t 2 4 6 8 � 0.2 � 0.5 10 t � 0.4 2 4 6 8 d y � 0.6 � 1.0 � 0.5 � 0.8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 26 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a 1.0 v p 10 t p x 2 4 6 8 4 0.8 � 1 3 0.6 � 2 2 0.4 � 3 1 0.2 p y 10 t � 4 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 27 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a d Ω 10 t 1.0 2 4 6 8 d x 0.5 � 1 0.5 10 t 2 4 6 8 � 2 10 t � 0.5 2 4 6 8 � 3 d y � 1.0 � 0.5 � 4 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 27 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a 1.2 v 7 p 0.4 6 1.0 0.2 5 0.8 10 t 4 2 4 6 8 0.6 p x � 0.2 3 0.4 � 0.4 2 0.2 1 � 0.6 p y 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 28 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 a d Ω 1.0 d x 0.4 0.5 0.2 0.5 10 t 10 t d y 2 4 6 8 2 4 6 8 � 0.2 � 0.5 10 t 2 4 6 8 � 0.4 � 1.0 � 0.6 � 0.5 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 28 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 0.2 a v p 2.5 p x 0.8 0.1 2.0 10 t 0.6 2 4 6 8 1.5 0.4 � 0.1 1.0 p y � 0.2 0.2 0.5 � 0.3 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 29 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) Fixed rule describing state 3.5 evolution with both 3.0 2.5 Discrete dynamics 2.0 (control decisions) 1.5 1.0 Continuous dynamics 0.5 (differential equations) 0.0 0 1 2 3 4 5 6 0.2 a d Ω 1.0 d x 0.00008 0.1 0.8 0.00006 10 t 0.6 2 4 6 8 0.00004 � 0.1 0.4 0.00002 � 0.2 0.2 10 t 2 4 6 8 � 0.3 d y 10 t 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 29 / 39
Hybrid Systems Analysis Challenge (Hybrid Systems) a r := − b 3.5 3.0 ∪ ( a r := ∗ ; ? − b ≤ a r ≤ A ) 2.5 2.0 1.5 1.0 0.5 0.0 0 1 2 3 4 5 6 0.2 a v p 2.5 p x 0.8 0.1 2.0 10 t 0.6 2 4 6 8 1.5 0.4 � 0.1 1.0 p y � 0.2 0.2 0.5 � 0.3 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) How to Explain Cyber-Physical Systems to Your Verifier VSTTE’13 30 / 39
Recommend
More recommend
![Verified Cyber-Physical Systems [FM11] 2 Verified Cyber-Physical Systems x l x j](https://c.sambuz.com/1033063/verified-cyber-physical-systems-s.jpg)
