Logical Foundations of Cyber-Physical Systems Andr Platzer Andr - PowerPoint PPT Presentation

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) ς α d ( X ) = ( ς α ( X ∁ )) ∁ ς α d ( X ) X ∁ X ς α ( X ∁ ) ∁ ς α ( X ∁ ) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 6 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ x := e ( X ) = X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x δ x := e ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ x ′ = f ( x )& Q ( X ) = x ′ = f ( x ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) = x ′ = f ( x ) ∧ Q } δ x ′ = f ( x )& Q ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for all r with ϕ | δ x ′ = f ( x ) ( X ) x ′ = f ( x ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ ? Q ( X ) = [ [ Q ] ] X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) ] ∁ ∪ X δ ? Q ( X ) = [ [ Q ] δ ? Q ( X ) [ [ Q ] ] X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α ∪ β ( X ) = δ α ( X ) X ) ( X δ β André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α ∪ β ( X ) = δ α ( X ) ∩ δ β ( X ) δ α ( X ) δ α ∪ β ( X ) X ) ( X δ β André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α ; β ( X ) = X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α ; β ( X ) = δ α ( δ β ( X )) δ α ; β ( X ) δ α ( δ β ( X )) δ β ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α d ( X ) = X ∁ X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α : denotational semantics) δ α d ( X ) = ( δ α ( X ∁ )) ∁ δ α d ( X ) X ∁ X δ α ( X ∁ ) ∁ δ α ( X ∁ ) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 7 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S ) ) ς x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x = x ′ = f ( x ) } ς x ′ = f ( x ) ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for some r ≥ 0 and ϕ | ς ? Q ( X ) = [ [ Q ] ] ∩ X ς α ∪ β ( X ) = ς α ( X ) ∪ ς β ( X ) ς α ; β ( X ) = ς α ( ς β ( X )) ς α ∗ ( X ) = ς α d ( X ) = ( ς α ( X ∁ )) ∁ [ [ · ] ] : Fml → ℘ ( S ) Definition (dGL Formula P ) [ [ e 1 ≥ e 2 ] ] = { ω ∈ S : ω [ [ e 1 ] ] ≥ ω [ [ e 2 ] ] } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � α � P ] ] = ς α ([ [ P ] ]) [ [[ α ] P ] ] = δ α ([ [ P ] ]) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 8 / 23

Monotonicity Lemma (Monotonicity) ς α ( X ) ⊆ ς α ( Y ) and δ α ( X ) ⊆ δ α ( Y ) for all X ⊆ Y ς α ( Y ) Y ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 9 / 23

Monotonicity Lemma (Monotonicity) ς α ( X ) ⊆ ς α ( Y ) and δ α ( X ) ⊆ δ α ( Y ) for all X ⊆ Y Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S ) ) ς x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x = x ′ = f ( x ) } ς x ′ = f ( x ) ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for some r ≥ 0 and ϕ | ς ? Q ( X ) = [ [ Q ] ] ∩ X ς α ∪ β ( X ) = ς α ( X ) ∪ ς β ( X ) ς α ( Y ) Y ς α ; β ( X ) = ς α ( ς β ( X )) ς α ∗ ( X ) = ς α ( X ) X ς α d ( X ) = ( ς α ( X ∁ )) ∁ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 9 / 23

Outline Learning Objectives 1 Denotational Semantics 2 Differential Game Logic Semantics Hybrid Game Semantics 3 Semantics of Repetition Repetition with Advance Notice Infinite Iterations and Inflationary Semantics Ordinals Inflationary Semantics of Repetitions Implicit Definitions vs. Explicit Constructions +1 Argument Fixpoints and Pre-fixpoints Comparing Fixpoints Characterizing Winning Repetitions Implicitly Summary 4 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 9 / 23

Filibusters & The Significance of Finitude X repeat stop X X 0 1 repeat repeat stop stop � ( x := 0 ∩ x := 1 ) ∗ � x = 0 0 0 1 1 ⋄ ⋄ wfd � false unless x = 0 0 1 0 1 r e p ⋄ p o e t s a t 0 0 ⋄ 0 1 ⋄ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 10 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 11 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � n ∈ N ς α n ( X ) where α n + 1 ≡ α n ; α α 0 ≡ ? true [ α ∗ ] [ α n ] [ ] = � n ∈ N [ ] for HP α André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 11 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � n ∈ N ς α n ( X ) 11 11 repeat stop . . . 0 1 2 3 4 11 11 11 11 11 11 11 ⋄ ⋄ 10 01 10 01 10 01 10 01 10 01 r r ⋄ e e ⋄ p p p p o o e e t t s s a a t t 10 10 01 01 00 00 10 01 00 00 10 01 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 10 01 00 00 00 00 00 00 10 01 00 00 00 00 00 00 10 01 repeat ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ stop ⋄ 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 x = 1 ∧ a = 1 → � (( x := a ; a := 0 ) ∩ x := 0 ) ∗ � x � = 1 ⋄ ⋄ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 11 / 23

Semantics of Repetition Advance Notice Semantics Definition (Hybrid game α ) ς α ∗ ( X ) = � n ∈ N ς α n ( X ) advance notice semantics? 11 11 repeat stop . . . 0 1 2 3 4 11 11 11 11 11 11 11 ⋄ ⋄ 10 01 10 01 10 01 10 01 10 01 r r ⋄ e e ⋄ p p p p o o e e t t s s a a t t 10 10 01 01 00 00 10 01 00 00 10 01 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 10 01 00 00 00 00 00 00 10 01 00 00 00 00 00 00 10 01 repeat ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ stop ⋄ 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 x = 1 ∧ a = 1 → � (( x := a ; a := 0 ) ∩ x := 0 ) ∗ � x � = 1 ⋄ ⋄ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 11 / 23

Semantics of Repetition Advance Notice Semantics Definition (Hybrid game α ) ς α ∗ ( X ) = � n ∈ N ς α n ( X ) too hard to predict all iterations! 11 11 repeat stop . . . 0 1 2 3 4 11 11 11 11 11 11 11 ⋄ ⋄ 10 01 10 01 10 01 10 01 10 01 r r ⋄ e e ⋄ p p p p o o e e t t s s a a t t 10 10 01 01 00 00 10 01 00 00 10 01 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 10 01 00 00 00 00 00 00 10 01 00 00 00 00 00 00 10 01 repeat ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ stop ⋄ 10 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ ⋄ 00 00 x = 1 ∧ a = 1 → � (( x := a ; a := 0 ) ∩ x := 0 ) ∗ � x � = 1 ⋄ ⋄ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 11 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) Since ς α ( Y ) is just one more round away from Y . 0 / ς α ( Y ) \ ς α ∗ ( X ) ς α ∗ ( X ) ς α ( Y ) Y André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 12 / 23

Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α ς 2 α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) n outside the game so Demon won’t know def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α Example � ( x := 1 ; x ′ = 1 d ∪ x := x − 1 ) ∗ � ( 0 ≤ x < 1 ) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α Example � ( x := 1 ; x ′ = 1 d ∪ x := x − 1 ) ∗ � ( 0 ≤ x < 1 ) ς n α ([ 0 , 1 )) = [ 0 , n + 1 ) � = R André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) ω -semantics def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α def ς λ � ς κ α ( X ) = α ( X ) λ � = 0 a limit ordinal κ < λ Example � ( x := 1 ; x ′ = 1 d ∪ x := x − 1 ) ∗ � ( 0 ≤ x < 1 ) ς n α ([ 0 , 1 )) = [ 0 , n + 1 ) � = R ς ω n ∈ N ς n α ([ 0 , 1 )) = � α ([ 0 , 1 )) = [ 0 , ∞ ) � = R André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) ω -semantics def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α def ς λ � ς κ α ( X ) = α ( X ) λ � = 0 a limit ordinal κ < λ Example � ( x := 1 ; x ′ = 1 d ∪ x := x − 1 ) ∗ � ( 0 ≤ x < 1 ) ς n α ([ 0 , 1 )) = [ 0 , n + 1 ) � = R ς ω + 1 ς ω n ∈ N ς n ([ 0 , 1 )) = ς α ([ 0 , ∞ )) = R α ([ 0 , 1 )) = � α ([ 0 , 1 )) = [ 0 , ∞ ) � = R α André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

ω -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) ω -semantics def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α def ς λ � ς κ α ( X ) = α ( X ) λ � = 0 a limit ordinal κ < λ ς ω ς 3 α ( X ) ς 2 α ( X ) ··· α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

( ω + 1 ) -Semantics Semantics of Repetition Definition (Hybrid game α ) n ∈ N ς n ς α ∗ ( X ) = � α ( X ) missing winning strategies def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α def ς λ � ς κ α ( X ) = α ( X ) λ � = 0 a limit ordinal κ < λ ς ω + 1 ( X ) ς ω ς 3 α ( X ) ς 2 α ( X ) ··· α ( X ) ς α ( X ) X α André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 13 / 23

≥ ω CK Strategic Closure Ordinal 1 Theorem Hybrid game closure ordinal > ω ω André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 14 / 23

Expedition: Ordinal Arithmetic ι + 0 = ι ι +( κ + 1 ) = ( ι + κ )+ 1 successor κ + 1 � ι + λ = ι + κ limit λ κ < λ ι · 0 = 0 ι · ( κ + 1 ) = ( ι · κ )+ ι successor κ + 1 � ι · λ = ι · κ limit λ κ < λ ι 0 = 1 ι κ + 1 = ι κ · ι successor κ + 1 ι λ = ι κ � limit λ κ < λ 2 · ω = 4 · ω � = ω · 2 < ω · 4 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 15 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) def ς 0 α ( X ) = X def ς κ + 1 = X ∪ ς α ( ς κ ( X ) α ( X )) α def ς λ � ς κ α ( X ) = α ( X ) λ � = 0 a limit ordinal κ < λ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) ς 2 α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

Semantics of Repetition Inflationary Semantics Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) requires transfinite patience ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 16 / 23

The Power of Implicit Definitions Implicit Definitions The advantages of implicit definition over construction are roughly those of theft over honest toil. — Bertrand Russell André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 17 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) Since ς α ( Y ) is just one more round away from Y . 0 / ς α ( Y ) \ ς α ∗ ( X ) ς α ∗ ( X ) ς α ( Y ) Y André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z Which Z with ς α ( Z ) ⊆ Z is the right one? Are there multiple such Z ? Does such a Z exist? André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z Which Z with ς α ( Z ) ⊆ Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = / 0 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z Which Z with ς α ( Z ) ⊆ Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = / 0 ] ∁ �⊆ / 0 ∁ ) ∁ = ([ ] ∩ S ) ∁ = [ No wait, dual tests: ς ? Q d ( / 0 ) = ς ? Q ( / [ Q ] [ Q ] 0 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z Which Z with ς α ( Z ) ⊆ Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = / 0 ] ∁ �⊆ / 0 ∁ ) ∁ = ([ ] ∩ S ) ∁ = [ No wait, dual tests: ς ? Q d ( / 0 ) = ς ? Q ( / [ Q ] [ Q ] 0 ] ∁ ) ∁ = ([ ]) ∁ = [ Then: ς ? Q d ([ [ ¬ Q ] ]) = ς ? Q ([ [ ¬ Q ] [ Q ] ] ∩ [ [ Q ] [ ¬ Q ] ] ⊆ [ [ ¬ Q ] ] André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

+1 Argument Note (+1 argument) Y ⊆ ς α ∗ ( X ) then ς α ( Y ) ⊆ ς α ∗ ( X ) def = ς α ∗ ( X ) then ς α ( Z ) ⊆ ς α ∗ ( X ) = Z Z Which Z with ς α ( Z ) ⊆ Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = / 0 ] ∁ �⊆ / 0 ∁ ) ∁ = ([ ] ∩ S ) ∁ = [ No wait, dual tests: ς ? Q d ( / 0 ) = ς ? Q ( / [ Q ] [ Q ] 0 ] ∁ ) ∁ = ([ ]) ∁ = [ Then: ς ? Q d ([ [ ¬ Q ] ]) = ς ? Q ([ [ ¬ Q ] [ Q ] ] ∩ [ [ Q ] [ ¬ Q ] ] ⊆ [ [ ¬ Q ] ] Still too small: X ⊆ Z since Angel may decide not to repeat André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 18 / 23

Fixpoints and Pre-Fixpoints Definition (Pre-fixpoint) def X ∪ ς α ( Z ) ⊆ Z = ς α ∗ ( X ) for the winning region Z 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) α ( X ) ··· ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X ς ∞ André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 19 / 23

Fixpoints and Pre-Fixpoints Definition (Pre-fixpoint) def X ∪ ς α ( Z ) ⊆ Z = ς α ∗ ( X ) for the winning region Z 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) α ( X ) ··· ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X ς ∞ Which Z is the right one? Are there multiple such Z ? Does such a Z exist? André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 19 / 23

Fixpoints and Pre-Fixpoints Definition (Pre-fixpoint) def X ∪ ς α ( Z ) ⊆ Z = ς α ∗ ( X ) for the winning region Z 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) α ( X ) ··· ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X ς ∞ Which Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = S André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 19 / 23

Fixpoints and Pre-Fixpoints Definition (Pre-fixpoint) def X ∪ ς α ( Z ) ⊆ Z = ς α ∗ ( X ) for the winning region Z 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) α ( X ) ··· ς 3 α ( X ) ς 2 α ( X ) ς α ( X ) X ς ∞ Which Z is the right one? Are there multiple such Z ? Does such a Z exist? Existence: Z = S but that’s too big and independent of α André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 19 / 23

Comparing (Pre-)Fixpoints Lemma ( ) X ∪ ς α ( Y ) ⊆ Y X ∪ ς α ( Z ) ⊆ Z are pre-fixpoints, then André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 20 / 23

Comparing (Pre-)Fixpoints Lemma (Intersection closure) X ∪ ς α ( Y ) ⊆ Y X ∪ ς α ( Z ) ⊆ Z are pre-fixpoints, then Y ∩ Z is a smaller pre-fixpoint. André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 20 / 23

Comparing (Pre-)Fixpoints Lemma (Intersection closure) X ∪ ς α ( Y ) ⊆ Y X ∪ ς α ( Z ) ⊆ Z are pre-fixpoints, then Y ∩ Z is a smaller pre-fixpoint. Proof. mon above X ∪ ς α ( Y ∩ Z ) ⊆ X ∪ ( ς α ( Y ) ∩ ς α ( Z )) ⊆ Y ∩ Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 20 / 23

Comparing (Pre-)Fixpoints Lemma (Intersection closure) X ∪ ς α ( Y ) ⊆ Y X ∪ ς α ( Z ) ⊆ Z are pre-fixpoints, then Y ∩ Z is a smaller pre-fixpoint. Proof. mon above X ∪ ς α ( Y ∩ Z ) ⊆ X ∪ ( ς α ( Y ) ∩ ς α ( Z )) ⊆ Y ∩ Z Even: The intersection of any family of pre-fixpoints is a pre-fixpoint! André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 20 / 23

Comparing (Pre-)Fixpoints Lemma (Intersection closure) X ∪ ς α ( Y ) ⊆ Y X ∪ ς α ( Z ) ⊆ Z are pre-fixpoints, then Y ∩ Z is a smaller pre-fixpoint. Proof. mon above X ∪ ς α ( Y ∩ Z ) ⊆ X ∪ ( ς α ( Y ) ∩ ς α ( Z )) ⊆ Y ∩ Z Even: The intersection of any family of pre-fixpoints is a pre-fixpoint! So: repetition semantics is the smallest pre-fixpoint (well-founded) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 20 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z ς α ( Z ) ⊆ ς α ( ς α ∗ ( X )) by mon since Z ⊆ ς α ∗ ( X ) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) ς α ∗ ( X ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z since ς α ∗ ( X ) smallest such Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) ς α ∗ ( X ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z since ς α ∗ ( X ) smallest such Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) ς α ∗ ( X ) = X ∪ ς α ( ς α ∗ ( X )) = Z since ς α ∗ ( X ) smallest such Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) = Z } 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) ς α ∗ ( X ) = X ∪ ς α ( ς α ∗ ( X )) = Z since ς α ∗ ( X ) smallest such Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Semantics of Repetition Definition (Hybrid game α ) κ < ∞ ς κ ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) = Z } = � α ( X ) by Knaster-Tarski 0 / ς α ( ς α ∗ ( X )) \ ς α ∗ ( X ) ς α ∗ ( X ) ς 3 α ( X ) ς 2 ς ∞ α ( X ) ··· α ( X ) ς α ( X ) X def = X ∪ ς α ( ς α ∗ ( X )) ⊆ ς α ∗ ( X ) ς α ∗ ( X ) intersection of solutions Z X ∪ ς α ( Z ) ⊆ X ∪ ς α ( ς α ∗ ( X )) = Z by mon since Z ⊆ ς α ∗ ( X ) ς α ∗ ( X ) = X ∪ ς α ( ς α ∗ ( X )) = Z since ς α ∗ ( X ) smallest such Z André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Outline Learning Objectives 1 Denotational Semantics 2 Differential Game Logic Semantics Hybrid Game Semantics 3 Semantics of Repetition Repetition with Advance Notice Infinite Iterations and Inflationary Semantics Ordinals Inflationary Semantics of Repetitions Implicit Definitions vs. Explicit Constructions +1 Argument Fixpoints and Pre-fixpoints Comparing Fixpoints Characterizing Winning Repetitions Implicitly Summary 4 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 21 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S ) ) ς x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x = x ′ = f ( x ) } ς x ′ = f ( x ) ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for some r ≥ 0 and ϕ | ς ? Q ( X ) = [ [ Q ] ] ∩ X ς α ∪ β ( X ) = ς α ( X ) ∪ ς β ( X ) ς α ; β ( X ) = ς α ( ς β ( X )) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) ς α d ( X ) = ( ς α ( X ∁ )) ∁ [ [ · ] ] : Fml → ℘ ( S ) Definition (dGL Formula P ) [ [ e 1 ≥ e 2 ] ] = { ω ∈ S : ω [ [ e 1 ] ] ≥ ω [ [ e 2 ] ] } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � α � P ] ] = ς α ([ [ P ] ]) [ [[ α ] P ] ] = δ α ([ [ P ] ]) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 22 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S ) ) ς x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x = x ′ = f ( x ) } ς x ′ = f ( x ) ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for some r ≥ 0 and ϕ | ς ? Q ( X ) = [ [ Q ] ] ∩ X ς α ∪ β ( X ) = ς α ( X ) ∪ ς β ( X ) ς α ; β ( X ) = ς α ( ς β ( X )) κ < ∞ ς κ ς α ∗ ( X ) = � α ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } ς α d ( X ) = ( ς α ( X ∁ )) ∁ [ [ · ] ] : Fml → ℘ ( S ) Definition (dGL Formula P ) [ [ e 1 ≥ e 2 ] ] = { ω ∈ S : ω [ [ e 1 ] ] ≥ ω [ [ e 2 ] ] } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � α � P ] ] = ς α ([ [ P ] ]) [ [[ α ] P ] ] = δ α ([ [ P ] ]) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 22 / 23

Differential Game Logic: Denotational Semantics Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S ) ) ς x := e ( X ) = { ω ∈ S : ω ω [ [ e ] ] ∈ X } x = x ′ = f ( x ) } ς x ′ = f ( x ) ( X ) = { ϕ ( 0 ) ∈ S : ϕ ( r ) ∈ X for some r ≥ 0 and ϕ | ς ? Q ( X ) = [ [ Q ] ] ∩ X ς α ∪ β ( X ) = ς α ( X ) ∪ ς β ( X ) ς α ; β ( X ) = ς α ( ς β ( X )) ς α ∗ ( X ) = � { Z ⊆ S : X ∪ ς α ( Z ) ⊆ Z } ς α d ( X ) = ( ς α ( X ∁ )) ∁ [ [ · ] ] : Fml → ℘ ( S ) Definition (dGL Formula P ) [ [ e 1 ≥ e 2 ] ] = { ω ∈ S : ω [ [ e 1 ] ] ≥ ω [ [ e 2 ] ] } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � α � P ] ] = ς α ([ [ P ] ]) [ [[ α ] P ] ] = δ α ([ [ P ] ]) André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 22 / 23

Summary differential game logic � α � ϕ dGL = GL + HG = dL + d ϕ Semantics for differential game logic e o n t c t e i n r u c Simple compositional denotational semantics s o i u d s Meaning is a simple function of its pieces Outlier: repetition is subtle higher-ordinal iteration Better: repetition means least fixpoint l a stochastic i r a Next chapter s nondet r e v Axiomatics d 1 a How to win and prove hybrid games 2 André Platzer (CMU) LFCPS/15: Winning Strategies & Regions LFCPS/15 23 / 23