Refining Constructive Hybrid Games Brandon Bohrer and Andr e Platzer - PowerPoint PPT Presentation

Refining Constructive Hybrid Games Brandon Bohrer and Andr´ e Platzer Logical Systems Lab Computer Science Department Carnegie Mellon University FSCD’20 1 / 11

Why Refine Constructive Hybrid Games? 2 / 11

Why Refine Constructive Hybrid Games? 2 / 11

Why Refine Constructive Hybrid Games? 2 / 11

Why Refine Constructive Hybrid Games? 2 / 11

Why Refine Constructive Hybrid Games? 2 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) PP ≡ {{ vd := − 1 ∪ vd := 1 } ; { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ 3 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) Either speed PP ≡ {{ vd := − 1 ∪ vd := 1 } ; { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ 3 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) Either speed Limits PP ≡ {{ vd := − 1 ∪ vd := 1 } ; Speed Switch { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ 3 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) Either speed Limits PP ≡ {{ vd := − 1 ∪ vd := 1 } ; Speed Switch { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ Physics Constraint 3 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) Either speed Limits PP ≡ {{ vd := − 1 ∪ vd := 1 } ; Speed Switch { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ Loop Physics Constraint 3 / 11

Constructive Hybrid Game: Push-pull safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) Either speed Limits � PP ≡ {{ vd := − 1 ∪ vd := 1 } ; α PP = {{ vd := − 1; va := 1 } ; Mirror Speed Switch { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; ∪{ vd := 1; va := − 1 }} ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ x := ∗ ; x ′ := vd + va ; ? x = x 0 � ∗ Loop Physics Constraint 3 / 11

Types Give Constructive Semantics � P � : (state ⇒ type ) � � ? Q � P � s = � Q � s * � P � s Prove test � [? Q ] P � s = � Q � s ⇒ � P � s Assume test 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � � α ∪ β � P � s = � � α � P � s + � � β � P � s Choose branch � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x � [ α ∪ β ] P � s = � [ α ] P � s * � [ β ] P � s Can’t choose 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � � α ∪ β � P � s = � � α � P � s + � � β � P � s Choose branch � � α d � P � s = � [ α ] P � s Switch � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x � [ α ∪ β ] P � s = � [ α ] P � s * � [ β ] P � s Can’t choose � [ α d ] P � s = � � α � P � s Switch 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � � α ∪ β � P � s = � � α � P � s + � � β � P � s Choose branch � � α d � P � s = � [ α ] P � s Switch � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x � [ α ∪ β ] P � s = � [ α ] P � s * � [ β ] P � s Can’t choose � [ α d ] P � s = � � α � P � s Switch � α ≤ [ ] β � s � � [ α ] P � s ⇒ � [ β ] P � s � �� = Π P : (state ⇒ type ) . 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type i +1 ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � � α ∪ β � P � s = � � α � P � s + � � β � P � s Choose branch � � α d � P � s = � [ α ] P � s Switch � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x � [ α ∪ β ] P � s = � [ α ] P � s * � [ β ] P � s Can’t choose � [ α d ] P � s = � � α � P � s Switch [ ] β � s � � [ α ] P � s ⇒ � [ β ] P � s � α ≤ i � �� = Π P : (state ⇒ type i ) . 4 / 11

Types Give Constructive Semantics � P � : (state ⇒ type i +1 ) � � ? Q � P � s = � Q � s * � P � s Prove test � � x := ∗� P � s = Σ v : R . � P � (set s x v ) Choose x � � α ∪ β � P � s = � � α � P � s + � � β � P � s Choose branch � � α d � P � s = � [ α ] P � s Switch � [? Q ] P � s = � Q � s ⇒ � P � s Assume test � [ x := ∗ ] P � s = Π v : R . � P � (set s x v ) Receive x � [ α ∪ β ] P � s = � [ α ] P � s * � [ β ] P � s Can’t choose � [ α d ] P � s = � � α � P � s Switch [ ] β � s � � [ α ] P � s ⇒ � [ β ] P � s � α ≤ i � �� = Π P : (state ⇒ type i ) . Γ ⊢ α ≤ i Γ ⊢ α ≤ i Γ ⊢ [ α ] P Γ ⊢ � α � P [ ] β �� β 0 0 R[ · ] R �·� Γ ⊢ [ β ] P Γ ⊢ � β � P 4 / 11

Refinements Subsume Game Algebra Γ ⊢ α ≤ [ ] β Γ ⊢ β ≤ [ ] γ trans refl Γ ⊢ α ≤ [ ] α Γ ⊢ α ≤ [ ] γ Γ ⊢ { α ∪ β } ∪ γ ∼ Γ ⊢ α ∪ β ∼ ∪ A = α ∪ { β ∪ γ } ∪ c = β ∪ α Γ ⊢ { α ∪ β } ; γ ∼ ;d r = { α ; γ } ∪ { β ; γ } 5 / 11

Refinements Resolve Strategic Choice Γ ⊢ α d ≤ [ ] { α ∪ β } d Γ ⊢ β d ≤ [ ] { α ∪ β } d [ ∪ ]L1 [ ∪ ]L2 Γ ⊢ { x := f } d ≤ [ ] { x := ∗} d [: ∗ ] · ⊢ α 1 ≤ [ ] α 2 · ⊢ β 1 ≤ [ ] β 2 ;G · ⊢ α 1 ; β 1 ≤ [ ] α 2 ; β 2 6 / 11

Refinements Resolve Strategic Choice Γ ⊢ α d ≤ [ ] { α ∪ β } d Γ ⊢ β d ≤ [ ] { α ∪ β } d [ ∪ ]L1 [ ∪ ]L2 Γ ⊢ { x := f } d ≤ [ ] { x := ∗} d [: ∗ ] · ⊢ α 1 ≤ [ ] α 2 · ⊢ β 1 ≤ [ ] β 2 ;G · ⊢ α 1 ; β 1 ≤ [ ] α 2 ; β 2 Γ ⊢ α 1 ≤ [ ] α 2 Γ ⊢ [ α 1 ] β 1 ≤ [ ] β 2 1 ;S Γ ⊢ α 1 ; β 1 ≤ [ ] α 2 ; β 2 1 α 1 is a hybrid system 6 / 11

Assignment ODEs are Solved or Abstracted ODE Γ ⊢ t = 0 ∧ d ≥ 0 Γ ⊢ [ t := ∗ ; ?0 ≤ t ≤ d ; x := sol ] Q 1 solve Γ ⊢ { t := d ; x := sol ; t ′ := 1; x ′ := f } ≤ [ ] { t ′ = 1 , x ′ = f & Q } d Γ ⊢ [ x ′ = f & P ] Q DC Γ ⊢ { x ′ = f & P } ∼ = { x ′ = f & P ∧ Q } Γ ⊢ { x := ∗ ; x ′ := f ; ? Q } ≤ [ ] { x ′ = f & Q } DW 1 sol solves ODE, { t , t ′ , x , x ′ } not free in d 7 / 11

Game Proofs are Reified as Systems (Proof of [ α ] P or � α � P ) � System First IH α � := � I Γ( x 0 ) , x = f x 0 � : ∗� I Γ( x 0 ) , x = f x 0 ⊢ P ⊢ P x x Γ( x ) ⊢ � x := f � P � x := f ; α Γ( x ) ⊢ � x := ∗� P � x := f ; α Γ( x 0 ) , Q ⊢ P � x := ∗ ; x ′ := f ; ? Q ; α dw Γ( x ) ⊢ [ x ′ = f & Q ] P dc Γ ⊢ [ x ′ = f & Q ] R Γ ⊢ [ x ′ = f & Q ∧ R ] P � β Second IH β Γ ⊢ [ x ′ = f & Q ] P 8 / 11

Cart Proof Reifies Strategy safe ≡ x l < x 0 = x < x r → [PP]( x = x 0 ) PP ≡ {{ vd := − 1 ∪ vd := 1 } ; � α PP = {{ vd := − 1; va := 1 } ; { va := ∗ ; ?( − 1 ≤ va ≤ 1) } d ; ∪{ vd := 1; va := − 1 }} ; { x ′ = vd + va & x l ≤ x ≤ x r }} ∗ x := ∗ ; x ′ := vd + va ; ? x = x 0 � ∗ Let A be standard mirroring strategy for PP , then A � α PP 9 / 11

Theory Let A be a proof of (Γ ⊢ [ α ] P ) and let A � α . 1 Theorem (Systemhood) α is a system, i.e., it does not contain dualities. Theorem (Reification transfer) Γ ⊢ [ α ] P is provable. Theorem (Reification refinement) Γ ⊢ α ≤ [ ] α is provable. 1 Recursively assume Γ free of duals β d 10 / 11

Conclusion 11 / 11