proving hybrid systems
play

Proving Hybrid Systems Andr e Platzer aplatzer@cs.cmu.edu - PowerPoint PPT Presentation

May 11, 2023 •352 likes •2.07k views

Proving Hybrid Systems Andr e Platzer aplatzer@cs.cmu.edu Computer Science Department Carnegie Mellon University, Pittsburgh, PA 0.5 0.4 0.3 0.2 1.0 0.1 0.8 0.6 0.4 0.2 Andr e Platzer (CMU) Proving Hybrid Systems FMCAD 1 / 40

  1. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m x ′ = v , v ′ = a ( if (SB( x , m )) a := − b ) test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  2. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) [ α ] φ φ α seq. compose ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  3. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) [ α ] φ φ α seq. nondet. compose repeat � ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ test assign ODE 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  4. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m �� ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m � �� � post 0.5 a 6 v x all runs 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  5. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α x � = m �� ( if (SB( x , m )) a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  6. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α nondet. x � = m choice �� (? ¬ SB( x , m ) ∪ a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  7. CPS Analysis Concept (Differential Dynamic Logic) (JAR’08,LICS’12) x � = m x � = m [ α ] φ φ [ ] x � = m α nondet. x � = m test choice �� (? ¬ SB( x , m ) ∪ a := − b ) ; x ′ = v , v ′ = a � ∗ � x � = m ∧ b > 0 → x � = m � �� � � �� � post init 0.5 a 6 v x 10 m 7 t 0.0 1 2 3 4 5 6 8 4 � 0.5 6 � 1.0 2 4 � 1.5 2 7 t 0 � 2.0 1 2 3 4 5 6 7 t 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 10 / 40

  8. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far cls x � = m brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 11 / 40

  9. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 11 / 40

  10. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk fsa far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 11 / 40

  11. Hybrid Programs vs. Hybrid Automata Want: Compositional verification far x � = m cls cls brk Not fsa Compositional far ≡ x ′ = v , v ′ = A & ¬ SB( x , m ) brk ≡ x ′ = v , v ′ = − b & SB( x , m ) ∨ true cls ≡ x ′ = v , v ′ = . . . & . . . fsa ≡ x ′ = 0 , v ′ = 0 & v = 0 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 11 / 40

  12. Differential Dynamic Logic d L : Syntax Definition (Hybrid program a ) x := f ( x ) | ? Q | x ′ = f ( x ) & Q | a ∪ b | a ; b | a ∗ Definition (d L Formula P ) e 1 ≥ e 2 | ¬ P | P ∧ Q | ∀ x P | ∃ x P | [ a ] P | � a � P Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 12 / 40

  13. Differential Dynamic Logic d L : Syntax Discrete Differential Seq. Nondet. Test Nondet. Assign Equation Compose Repeat Condition Choice Definition (Hybrid program a ) x := f ( x ) | ? Q | x ′ = f ( x ) & Q | a ∪ b | a ; b | a ∗ Definition (d L Formula P ) e 1 ≥ e 2 | ¬ P | P ∧ Q | ∀ x P | ∃ x P | [ a ] P | � a � P All Some All Some Reals Reals Runs Runs Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 12 / 40

  14. Differential Dynamic Logic d L : Semantics Definition (Hybrid program semantics) ([ [ · ] ] : HP → ℘ ( S × S )) [ [ x := f ( x )] ] = { ( v , w ) : w = v except [ [ x ] ] w = [ [ f ( x )] ] v } [ [? Q ] ] = { ( v , v ) : v ∈ [ [ Q ] ] } [ x ′ = f ( x )] = x ′ = f ( x ) for some duration r } [ ] = { ( ϕ (0) , ϕ ( r )) : ϕ | [ [ a ∪ b ] ] = [ [ a ] ] ∪ [ [ b ] ] [ [ a ; b ] ] = [ [ a ] ] ◦ [ [ b ] ] � [ a n ] [ a ∗ ] [ ] = [ ] n ∈ N Definition (d L semantics) ([ [ · ] ] : Fml → ℘ ( S )) [ [ e 1 ≥ e 2 ] ] = { v : [ [ e 1 ] ] v ≥ [ [ e 2 ] ] v } ]) ∁ [ [ ¬ P ] ] = ([ [ P ] [ [ P ∧ Q ] ] = [ [ P ] ] ∩ [ [ Q ] ] [ [ � a � P ] ] = [ [ a ] ] ◦ [ [ P ] ] = { v : w ∈ [ [ P ] ] for some w ( v , w ) ∈ [ [ a ] ] } [ [[ a ] P ] ] = [ [ ¬� a �¬ P ] ] = { v : w ∈ [ [ P ] ] for all w ( v , w ) ∈ [ [ a ] ] } ] = { v : v r [ [ ∃ x P ] x ∈ [ [ P ] ] for some r ∈ R } Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 13 / 40

  15. Differential Dynamic Logic d L : Transition Semantics x w if w ( x ) = [ [ f ( x )] ] v x := f ( x ) and w ( z ) = v ( z ) for z � = x v w v t 0 x ϕ ( t ) x ′ = f ( x ) & Q w v w Q v t r 0 x ′ = f ( x ) & Q x ? Q v no change if v ∈ [ [ Q ] ] if v ∈ [ [ Q ] ] otherwise no transition v t 0 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 14 / 40

  16. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w w v a t b a ∗ x w v v v 1 v 2 w a a a t Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 14 / 40

  17. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w v w a t b a ∗ x w v v v 1 v 2 w a a a t Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 14 / 40

  18. Differential Dynamic Logic d L : Transition Semantics w 1 x v a w 1 v a ∪ b w 2 b t w 2 x a ; b s v s w v w a t b ( a ; b ) ∗ x w v v v 1 v 2 w t a b a b a b Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 14 / 40

  19. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) P v P [ a ] P P Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  20. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) v P � a � P Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  21. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P a -span v Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  22. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P a -span v � b � P b -span Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  23. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P � b � [ a ]-span a -span v � b � P b -span Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  24. Differential Dynamic Logic d L : Semantics Definition (d L Formulas) [ a ] P � b � [ a ]-span a -span v � b � P b -span compositional semantics ⇒ compositional proofs! Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 15 / 40

  25. Ex: Car Control Accelerate condition ? H Example ( Single car car s ) � ((? H ; a := A ) ∪ a := − b ); x ′ = v , v ′ = a & v ≥ 0 � ∗ 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 16 / 40

  26. Ex: Car Control Properties time-triggered H ≡ 2 b ( m − x ) ≥ v 2 + � �� A ε 2 + 2 ε v � A + b Example (Single car car ε time-triggered) � ((? H ; a := A ) ∪ a := − b ); t := 0; x ′ = v , v ′ = a , t ′ = 1 & v ≥ 0 ∧ t ≤ ε � ∗ Example ( Safely stays before traffic light m ) v 2 ≤ 2 b ( m − x ) ∧ A ≥ 0 ∧ b > 0 → [ car ε ] x ≤ m 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 17 / 40

  27. Ex: Car Control Properties time-triggered H ≡ 2 b ( m − x ) ≥ v 2 + � �� A ε 2 + 2 ε v � A + b Example (Single car car ε time-triggered) � ((? H ; a := A ) ∪ a := − b ); t := 0; x ′ = v , v ′ = a , t ′ = 1 & v ≥ 0 ∧ t ≤ ε � ∗ Example ( Live, can move everywhere) ε > 0 ∧ A > 0 ∧ b > 0 → ∀ p ∃ m � car ε � x ≥ p 6 v x 0.5 a 10 m 7 t 0.0 8 1 2 3 4 5 6 4 � 0.5 6 2 � 1.0 4 � 1.5 2 7 t 0 1 2 3 4 5 6 7 t � 2.0 0 1 2 3 4 5 6 � 2.5 � 2 � 2 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 17 / 40

  28. Outline CPS are Multi-Dynamical Systems 1 Hybrid Systems Hybrid Games Dynamic Logic of Dynamical Systems 2 Syntax Semantics Example: Car Control Design Proofs for CPS 3 Compositional Proof Calculus Example: Safe Car Control Theory of CPS 4 Soundness and Completeness Differential Invariants Example: Elementary Differential Invariants Differential Axioms Applications 5 Summary 6 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 17 / 40

  29. Differential Dynamic Logic: Axioms [:=] [ x := f ] p ( x ) ↔ p ( f ) [?] [? q ] p ↔ ( q → p ) [ ∪ ] [ a ∪ b ] p ( x ) ↔ [ a ] p ( x ) ∧ [ b ] p ( x ) [;] [ a ; b ] p ( x ) ↔ [ a ][ b ] p ( x ) [ ∗ ] [ a ∗ ] p ( x ) ↔ p ( x ) ∧ [ a ][ a ∗ ] p ( x ) K [ a ]( p ( x ) → q ( x )) → ([ a ] p ( x ) → [ a ] q ( x )) I [ a ∗ ]( p ( x ) → [ a ] p ( x )) → ( p ( x ) → [ a ∗ ] p ( x )) V p → [ a ] p [ x ′ = f ] p ( x ) ↔ ∀ t ≥ 0 [ x := x + ft ] p ( x ) DS LICS’12,CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 18 / 40

  30. Proofs for Hybrid Systems compositional semantics ⇒ compositional rules! Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 19 / 40

  31. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 19 / 40

  32. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) a ; b [ a ][ b ] p ( x ) v s w [ a ; b ] p ( x ) a b [ a ][ b ] p ( x ) [ b ] p ( x ) p ( x ) Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 19 / 40

  33. Proofs for Hybrid Systems w 1 p ( x ) a [ a ] p ( x ) ∧ [ b ] p ( x ) v a ∪ b [ a ∪ b ] p ( x ) b w 2 p ( x ) a ; b [ a ][ b ] p ( x ) v s w [ a ; b ] p ( x ) a b [ a ][ b ] p ( x ) [ b ] p ( x ) p ( x ) a ∗ p ( x ) p ( x ) → [ a ] p ( x ) p ( x ) p ( x ) p ( x ) → [ a ] p ( x ) [ a ∗ ] p ( x ) v w a a a Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 19 / 40

  34. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  35. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  36. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  37. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  38. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  39. Example Proof: Safe Driving J ( x , v ) ≡ x ≤ m J ( x , v ) → v 2 ≤ 2 b ( m − x ) 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  40. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m J ( x , v ) → v 2 ≤ 2 b ( m − x ) 2 t 2 + vt + x ≤ m ) QE J ( x , v ) →∀ t ≥ 0 ( − b 2 t 2 + vt + x ] J ( x , v ) [:=] J ( x , v ) →∀ t ≥ 0 [ x := − b [ ′ ] J ( x , v ) → [ x ′ = v , v ′ = − b ] J ( x , v ) [:=] J ( x , v ) → [ a := − b ][ x ′ = v , v ′ = a ] J ( x , v ) [;] J ( x , v ) → [ a := − b ; ( x ′ = v , v ′ = a )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  41. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  42. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  43. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  44. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  45. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  46. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  47. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  48. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  49. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v x m J ( x , v ) →¬ SB → ( A ε + v ) 2 ≤ 2 b ( m − A 2 ε 2 − v ε − x ) QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  50. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m J ( x , v ) →¬ SB → ( A ε + v ) 2 ≤ 2 b ( m − A 2 ε 2 − v ε − x ) QE J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → ( At + v ) 2 ≤ 2 b ( m − A 2 t 2 − vt − x )) 2 t 2 + vt + x , At + v )) J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → J ( A 2 t 2 + vt + x ] J ( x , v )) [:=] J ( x , v ) →¬ SB → ∀ t ≥ 0 ( t ≤ ε → [ x := A [ ′ ] J ( x , v ) →¬ SB → [ x ′ = v , v ′ = A , t ′ = 1 & t ≤ ε ] J ( x , v ) [:=] J ( x , v ) →¬ SB → [ a := A ][ x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) →¬ SB → [ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [?] J ( x , v ) → [? ¬ SB][ a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) [;] J ( x , v ) → [? ¬ SB; a := A ; ( x ′ = v , v ′ = a , t ′ = 1 & t ≤ ε )] J ( x , v ) CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  51. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  52. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  53. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  54. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  55. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m previous proofs for braking and acceleration J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  56. Example Proof: Safe Driving J ( x , v ) ≡ v 2 ≤ 2 b ( m − x ) v SB ≡ 2 b ( m − x ) < v 2 +( A + b )( A ε 2 +2 ε v ) x m previous proofs for braking and acceleration J ( x , v ) → [ a := − b ][ x ′′ = a . . ] J ( x , v ) ∧ [? ¬ SB; a := A ][ x ′′ = a . . ] J ( x , v ) [ ∪ ] J ( x , v ) → [ a := − b ∪ ? ¬ SB; a := A ][ x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) [;] J ( x , v ) → [( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε ] J ( x , v ) � ( a := − b ∪ ? ¬ SB; a := A ); x ′′ = a , t ′ = 1 & t ≤ ε � ∗ ] J ( x , v ) ind J ( x , v ) → [ 1 Proof is essentially deterministic “follow your nose” 2 Synthesize invariant J ( , ) and parameter constraint SB 3 J ( x , v ) is a predicate symbol to prove only once and instantiate later CADE’15 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  57. Outline CPS are Multi-Dynamical Systems 1 Hybrid Systems Hybrid Games Dynamic Logic of Dynamical Systems 2 Syntax Semantics Example: Car Control Design Proofs for CPS 3 Compositional Proof Calculus Example: Safe Car Control Theory of CPS 4 Soundness and Completeness Differential Invariants Example: Elementary Differential Invariants Differential Axioms Applications 5 Summary 6 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 20 / 40

  58. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 21 / 40

  59. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete Hybrid Continuous Discrete System JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 21 / 40

  60. Complete Proof Theory of Hybrid Systems Theorem (Sound & Complete) (J.Autom.Reas. 2008, LICS’12) d L calculus is a sound & complete axiomatization of hybrid systems relative to either differential equations or discrete dynamics. Proof 25pp Corollary (Complete Proof-theoretical Alignment & Bridging) proving continuous = proving hybrid = proving discrete Discrete Contin. Hybrid Theory Theory Theory Hybrid Continuous Discrete System JAutomReas’08,LICS’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 21 / 40

  61. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  62. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  63. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  64. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  65. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  66. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  67. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  68. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  69. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost y ′ = g ( x , y ) x x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  70. Differential Invariants for Differential Equations Differential Invariant Differential Cut Differential Ghost y ′ = g ( x , y ) x inv x ′ = f ( x ) 0 t DI ≥ DI ≥ , ∧ , ∨ DI ≥ , = , ∧ , ∨ Logic Math Character- DI = , ∧ , ∨ Provability DI = DI theory istic PDE DI > DI >, ∧ , ∨ DI >, = , ∧ , ∨ JLogComput’10,CAV’08,FMSD’09,LMCS’12,ITP’12 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 22 / 40

  71. Differential Invariants for Differential Equations Differential Invariant H → [ x ′ := f ( x )] F ′ F → [ x ′ = f ( x ) & H ] F Differential Cut F → [ x ′ = f ( x )] C F → [ x ′ = f ( x ) & C ] F F → [ x ′ = f ( x )] F y ′ = g ( x, y ) Differential Ghost G → [ x ′ = f ( x ) , y ′ = g ( x , y ) & H ] G F ↔ ∃ y G x inv F → [ x ′ = f ( x ) & H ] F x ′ = f ( x ) 0 t if new y ′ = g ( x , y ) has a global solution Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 23 / 40

  72. Differential Invariants for Differential Equations Differential Invariant H → [ x ′ := f ( x )] F ′ F → [ x ′ = f ( x ) & H ] F Differential Cut F → [ x ′ = f ( x ) & H ] C F → [ x ′ = f ( x ) & H ∧ C ] F F → [ x ′ = f ( x ) & H ] F y ′ = g ( x, y ) Differential Ghost G → [ x ′ = f ( x ) , y ′ = g ( x , y ) & H ] G F ↔ ∃ y G x inv F → [ x ′ = f ( x ) & H ] F x ′ = f ( x ) 0 t if new y ′ = g ( x , y ) has a global solution Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 23 / 40

  73. Differential Invariants for Differential Equations ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 24 / 40

  74. Differential Invariants for Differential Equations ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 24 / 40

  75. Differential Invariants for Differential Equations ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 24 / 40

  76. Differential Invariants for Differential Equations ∗ ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 24 / 40

  77. Differential Invariants for Differential Equations ∗ ω ≥ 0 ∧ d ≥ 0 → 2 ω 2 xy + 2 y ( − ω 2 x − 2 d ω y ) ≤ 0 ω ≥ 0 ∧ d ≥ 0 → [ x ′ := y ][ y ′ := − ω 2 x − 2 d ω y ]2 ω 2 xx ′ + 2 yy ′ ≤ 0 ω 2 x 2 + y 2 ≤ c 2 → [ x ′ = y , y ′ = − ω 2 x − 2 d ω y & ( ω ≥ 0 ∧ d ≥ 0)] ω 2 x 2 + y 2 ≤ c 2 1.0 x 0.5 1 2 3 4 5 6 y � 0.5 � 1.0 � 1.5 Andr´ e Platzer (CMU) Proving Hybrid Systems FMCAD 24 / 40

Recommend

Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon

Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon

Bellerophon: Tactical Theorem Proving for Hybrid Systems Nathan Fulton , Stefan Mitsch, Brandon Bohrer, Andr Platzer Carnegie Mellon University Cyber-Physical Systems Cyber-Physical Systems combine computation and control. Hybrid Systems

964 views • 68 slides
Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems Alessandro

Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems Alessandro

Proving and Explaining the Unfeasibility of Message Sequence Charts for Hybrid Systems Alessandro Cimatti Sergio Mover Stefano Tonetta Fondazione Bruno Kessler October 31, 2011 Sergio Mover (FBK) Unfeasibility and Explanations of MSC

893 views • 74 slides
KeYmaera X: Theorem Proving for Hybrid Systems Nathan Fulton Carnegie Mellon University May 6,

KeYmaera X: Theorem Proving for Hybrid Systems Nathan Fulton Carnegie Mellon University May 6,

KeYmaera X: Theorem Proving for Hybrid Systems Nathan Fulton Carnegie Mellon University May 6, 2016 1 Milieu Safety-critical control software is pervasive and increasingly complicated. 2 Milieu Safety-critical control software is

525 views • 34 slides
CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata Hao Zheng Department of Computer Science and Engineering University of South Florida Ref.: An Introduction to Hybrid Automata

623 views • 41 slides
1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid

1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid

1/31/2007 Massachusetts Institute of Technology Context Hybrid Systems Hybrid discrete-continuous models are convenient for many systems Active Estimation for Switching Failure-prone components (Funiak03, Dearden02) Piloted

418 views • 7 slides
Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector

Comparing Hybrid Peer-to-Peer Hybrid peer-to-peer systems Systems Beverly Yang and Hector Garcia-Molina Pure peer-to-peer systems are hard to scale Gnutella Look at hybrids between p2p and server-client Presented by Marco Barreno Servers

282 views • 6 slides
MODELING OF MODELING OF HYBRID SYSTEMS HYBRID SYSTEMS C. G. Cassandras C. G. Cassandras Dept.

MODELING OF MODELING OF HYBRID SYSTEMS HYBRID SYSTEMS C. G. Cassandras C. G. Cassandras Dept.

MODELING OF MODELING OF HYBRID SYSTEMS HYBRID SYSTEMS C. G. Cassandras C. G. Cassandras Dept. of Manufacturing Engineering and Center for Information and Systems Engineering (CISE) Boston University cgc@bu.edu http://vita.bu.edu/cgc CODES

448 views • 25 slides
Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems

Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems

Modeling Analysis and Design of Hybrid Control Systems Part I Zeno/Chatter-free Systems Joo P. Hespanha University of California at Santa Barbara Outline 1. Deterministic hybrid systems 2. Stochastic hybrid systems 3. Switched

617 views • 43 slides
Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be

Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be

Goal Goal Sometimes a hybrid model of the process (or of a part of it) cannot be derived manually from available knowledge. Identification of Hybrid Systems Identification of Hybrid Systems Therefore, a model must be either

151 views • 12 slides
Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 -

Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 -

Modeling and Analysis of Hybrid Systems Introduction Prof. Dr. Erika brahm Informatik 2 - Theory of Hybrid Systems RWTH Aachen University SS 2013 brahm - Hybrid Systems 1 / 28 Organizational Lecture: Tuesday 13:15-14:15 in 5056

1.36k views • 68 slides
Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of

Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of

Arvutiteaduse teooriapev Veebruar 2003 Verification of hybrid dynamical systems Jri Vain Tallinn Technical University/Institute of Cybernetics vain@ioc.ee Outline What are Hybrid Systems? Hybrid automata Verification of hybrid

479 views • 30 slides
AVERIST Algorithmic Verifier for Stability of Linear Hybrid Systems Miriam Garca Soto and

AVERIST Algorithmic Verifier for Stability of Linear Hybrid Systems Miriam Garca Soto and

AVERIST Algorithmic Verifier for Stability of Linear Hybrid Systems Miriam Garca Soto and Pavithra Prabhakar HSCC, April 2018 AVERIST Formal stability verification of hybrid systems Classes considered: polyhedral hybrid systems (

846 views • 38 slides
Stochastic Hybrid Systems: Modelling Prostate Cancer and Psoriasis Fedor Shmarov School of

Stochastic Hybrid Systems: Modelling Prostate Cancer and Psoriasis Fedor Shmarov School of

Stochastic Hybrid Systems: Modelling Prostate Cancer and Psoriasis Fedor Shmarov School of Computing Science Newcastle University, UK 1 / 28 Introduction We use hybrid systems for modelling and verifying systems biology models Hybrid

485 views • 37 slides
Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE

Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE

Algorithmic Analysis of Polygonal Hybrid Systems G ERARDO S CHNEIDER V ERIMAG G RENOBLE Algorithmic Analysis of Polygonal Hybrid Systems p.1/66 Hybrid Systems Hybrid Systems: interaction between discrete and continuous behaviors

1.72k views • 147 slides
Anders Gransson Klicka hr fr att ndra format Development of Hybrid drive concepts

Anders Gransson Klicka hr fr att ndra format Development of Hybrid drive concepts

Anders Gransson Klicka hr fr att ndra format Development of Hybrid drive concepts Electric drive axle for ExSAM hybrid systems for Mild hybrid systems for hybrid vehicle gearbox transmissions Diesel / petrol engines 2 Partners

300 views • 9 slides
HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid

HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid

1 + HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid Systems Systems are composed by continuous physical component and discrete control component The system state evoles over time

968 views • 51 slides
Verification of Hybrid Systems George Pappas University of Pennsylvania, USA

Verification of Hybrid Systems George Pappas University of Pennsylvania, USA

st 1 HYCON PhD School on Hybrid Systems www.ist-hycon.org www.unisi.it Verification of Hybrid Systems George Pappas University of Pennsylvania, USA pappasg@central.cis.upenn.edu scimanyd suounitnoc enibmoc smetsys dirbyH lacipyt (snoitauqe

526 views • 23 slides
Towards a Hybrid Dynamic Logic for Hybrid Dynamic Systems e Platzer 1 , 2 Andr 1 Carnegie

Towards a Hybrid Dynamic Logic for Hybrid Dynamic Systems e Platzer 1 , 2 Andr 1 Carnegie

Towards a Hybrid Dynamic Logic for Hybrid Dynamic Systems e Platzer 1 , 2 Andr 1 Carnegie Mellon University, Pittsburgh, PA, USA 2 University of Oldenburg, Department of Computing Science, Germany aplatzer@cs.cmu.edu LICS International

566 views • 37 slides
INTRODUCTION TO INTRODUCTION TO HYBRID SYSTEMS: HYBRID SYSTEMS: ORIGINS, EXAMPLES, APPLICATIONS

INTRODUCTION TO INTRODUCTION TO HYBRID SYSTEMS: HYBRID SYSTEMS: ORIGINS, EXAMPLES, APPLICATIONS

INTRODUCTION TO INTRODUCTION TO HYBRID SYSTEMS: HYBRID SYSTEMS: ORIGINS, EXAMPLES, APPLICATIONS ORIGINS, EXAMPLES, APPLICATIONS C. G. Cassandras C. G. Cassandras Dept. of Manufacturing Engineering and Center for Information and Systems

946 views • 33 slides
Human in the Loop Network Control Systems Mike McCourt University of Washington Tacoma Prio

Human in the Loop Network Control Systems Mike McCourt University of Washington Tacoma Prio

Human in the Loop Network Control Systems Mike McCourt University of Washington Tacoma Prio ior research Nonlinear analysis of hybrid systems Passivity, dissipativity, conic systems Hybrid systems: Switched systems, hybrid

814 views • 17 slides
KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel

KeYmaera: A Hybrid Theorem Prover for Hybrid Systems Andr e Platzer Jan-David Quesel University of Oldenburg, Department of Computing Science, Germany International Joint Conference on Automated Reasoning, Sydney 2008 Andr e Platzer,

533 views • 25 slides
Stability and Stabilization of Hybrid Systems Mikael Johansson KTH Stockholm, Sweden

Stability and Stabilization of Hybrid Systems Mikael Johansson KTH Stockholm, Sweden

st 1 HYCON PhD School on Hybrid Systems www.ist-hycon.org www.unisi.it Stability and Stabilization of Hybrid Systems Mikael Johansson KTH Stockholm, Sweden mikaelj@s3.kth.se scimanyd suounitnoc enibmoc smetsys dirbyH lacipyt (snoitauqe

451 views • 19 slides
A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer

A Hybrid, Dynamic Logic for Hybrid-Dynamic Information Flow Brandon Bohrer and Andr e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University LICS18 1 / 21 Outline: Hybrid { Dynamics, Logic, Power } Hybrid

353 views • 34 slides
Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems Abdullah Gharaibeh, Elizeu

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems Abdullah Gharaibeh, Elizeu

Efficient Large-Scale Graph Processing on Hybrid CPU and GPU Systems Abdullah Gharaibeh, Elizeu Santos-Neto, Lauro Costa and Matei Ripeanu Reviewer: Varun Gandhi (vg292) Computer Laboratory CPU-GPU Hybrid Systems One of the fastest desktop CPU

579 views • 14 slides

More recommend