08: Events & Responses Logical Foundations of Cyber-Physical Systems André Platzer Logical Foundations of Cyber-Physical Systems André Platzer André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 1 / 20
Outline Learning Objectives 1 The Need for Control 2 Events in Control Cartesian Demon Event Detection 3 Event-Triggered Control Evolution Domains Detect Events Non-negotiability of Physics Dividing Up the World Event Firing Physics vs. Control Event-Triggered Verification Summary 4 André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 2 / 20
Outline Learning Objectives 1 The Need for Control 2 Events in Control Cartesian Demon Event Detection 3 Event-Triggered Control Evolution Domains Detect Events Non-negotiability of Physics Dividing Up the World Event Firing Physics vs. Control Event-Triggered Verification Summary 4 André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 2 / 20
Learning Objectives Events & Responses using loop invariants design event-triggered control CT M&C CPS modeling CPS semantics of event-triggered control event-triggered control operational effects continuous sensing model-predictive control feedback mechanisms control vs. physics André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 3 / 20
Outline Learning Objectives 1 The Need for Control 2 Events in Control Cartesian Demon Event Detection 3 Event-Triggered Control Evolution Domains Detect Events Non-negotiability of Physics Dividing Up the World Event Firing Physics vs. Control Event-Triggered Verification Summary 4 André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 3 / 20
Quantum the Safely Bored Bouncing Ball Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ;(? x = 0 ; v := − cv ∪ ? x � = 0 ) � ∗ ]( 0 ≤ x ∧ x ≤ H ) � [ André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 4 / 20
Quantum the Safely Bored Bouncing Ball Can be improved. . . Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 = c → { x ′ = v , v ′ = − g & x ≥ 0 } ;(? x = 0 ; v := − cv ∪ ? x � = 0 ) � ∗ ]( 0 ≤ x ∧ x ≤ H ) � [ @invariant ( 2 gx = 2 gH − v 2 ∧ x ≥ 0 ) Proof André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 4 / 20
Quantum the Safely Bored Bouncing Ball Can be improved. . . Proposition (Quantum can bounce around safely) 0 ≤ x ∧ x = H ∧ v = 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ;(? x = 0 ; v := − cv ∪ ? x � = 0 ) � ∗ ]( 0 ≤ x ∧ x ≤ H ) � [ André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 4 / 20
Quantum the Daring Ping-Pong Ball Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? x � = 0 ) ( 0 ≤ x ≤ 5 ) André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 5 / 20
Quantum the Daring Ping-Pong Ball Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? 4 ≤ x ≤ 5 ; v := − fv ∪ ? x � = 0 ) ( 0 ≤ x ≤ 5 ) Ask René Descartes Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 5 / 20
Cartesian Doubt: Descartes’s Cartesian Demon 1641 Outwit the Cartesian Demon Skeptical about the truth of all beliefs until justification has been found. André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 6 / 20
Quantum the Daring Ping-Pong Ball Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? 4 ≤ x ≤ 5 ; v := − fv ∪ ? x � = 0 ) ( 0 ≤ x ≤ 5 ) Ask René Descartes Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 7 / 20
Quantum the Daring Ping-Pong Ball Could run instead of control Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? 4 ≤ x ≤ 5 ; v := − fv ∪ ? x � = 0 ) ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 7 / 20
Quantum the Daring Ping-Pong Ball No bounce nor event Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? 4 ≤ x ≤ 5 ; v := − fv ∪ ? x � = 0 ∧ x < 4 ∨ x > 5 ) ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 7 / 20
Quantum the Daring Ping-Pong Ball Could miss this event Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → { x ′ = v , v ′ = − g & x ≥ 0 } ; �� � ∗ � (? x = 0 ; v := − cv ∪ ? 4 ≤ x ≤ 5 ; v := − fv ∪ ? x � = 0 ∧ x < 4 ∨ x > 5 ) ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 7 / 20
Quantum the Deterministically Daring Ping-Pong Ball Rewrite as if-then-else Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 8 / 20
Quantum the Deterministically Daring Ping-Pong Ball Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 8 / 20
Quantum the Deterministically Daring Ping-Pong Ball Could also miss if-then event Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 8 / 20
Outline Learning Objectives 1 The Need for Control 2 Events in Control Cartesian Demon Event Detection 3 Event-Triggered Control Evolution Domains Detect Events Non-negotiability of Physics Dividing Up the World Event Firing Physics vs. Control Event-Triggered Verification Summary 4 André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 8 / 20
Evolution Domains Detect Events Evolution domains detect events x ′ = f ( x )& Q Evolution domain Q of a differential equation is responsible for detecting events. Q can stop physics whenever an event happens on which the control wants to take action. x w Q u t r 0 x ′ = f ( x ) & Q André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 9 / 20
Quantum the Deterministically Daring Ping-Pong Ball Could also miss if-then event Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 10 / 20
Quantum the Deterministically Daring Ping-Pong Ball Domain as event trap? Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 ∧ 4 ≤ x ≤ 5 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 10 / 20
Quantum the Deterministically Daring Ping-Pong Ball Broken physics: Always event Conjecture (Quantum can play ping-pong safely) 0 ≤ x ∧ x ≤ 5 ∧ v ≤ 0 ∧ g > 0 ∧ 1 ≥ c ≥ 0 ∧ f ≥ 0 → ( { x ′ = v , v ′ = − g & x ≥ 0 ∧ 4 ≤ x ≤ 5 } ); �� � ∗ � if ( x = 0 ) v := − cv elseif ( 4 ≤ x ≤ 5 ) v := − fv ( 0 ≤ x ≤ 5 ) Ask René Descartes who says no! Proof? André Platzer (CMU) LFCPS/08: Events & Responses LFCPS/08 10 / 20
Recommend
More recommend
