Uniform Substitution for Differential Game Logic Andr e Platzer - PowerPoint PPT Presentation

Uniform Substitution for Differential Game Logic Andr´ e Platzer 0.5 0.4 0.3 0.2 0.1 1.0 0.8 0.6 0.4 0.2 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 1 / 20

Outline Motivation 1 Game Proofs Hybrid Games Differential Game Logic 2 Syntax Example: Robot Soccer Denotational Semantics Uniform Substitution 3 Mechanism Axioms Example Static Semantics 4 Axiomatization 5 Summary 6 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 1 / 20

Uniform Substitution is Fundamental but Crucial Q: How to build a prover with a small soundness-critical core? A: Uniform substitution [Church] Q: Impact on hybrid systems prover core? A: 65 989 ց 1 651 LOC (2.5%) [KeYmaera X] Q: Impact on hybrid games prover core? A: months ց minutes (+10 LOC) [KeYmaera X] Q: How to prove soundness? A: Uniform substitution enables modular soundness [Modularity] Q: Biggest challenges for uniform substitution on games? A: State transition relation impossible for games [Complications] A: Transfinite induction for least fixpoint of loops >ω ω A: Conservative extension of formulas, not of axioms Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 2 / 20

KeYmaera X Small Kernel for Soundness 1 700 LOC 100,000 75,000 50,000 25,000 1,652 0 X a Y l L e q t r r x a * l 2 r h a e e w r r E r e p R o e e a e u g V v o e o t K u P C R r a P i A l C a o N L c l e m a F e / H d S a a e t L r e P p m Y H C l O l M S e e y Y H b K H e a K s I Disclaimer: Self-reported estimates of the soundness-critical lines of code + rules Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 3 / 20

CPS Analysis: Robot Control Challenge (Hybrid Systems) Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations) a 1.0 v p 0.2 8 0.8 10 t 2 4 6 8 6 0.6 � 0.2 p x 4 0.4 � 0.4 � 0.6 0.2 2 p y � 0.8 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 4 / 20

CPS Analysis: Robot Control Challenge (Hybrid Systems) Fixed rule describing state evolution with both Discrete dynamics (control decisions) Continuous dynamics (differential equations) a d Ω 1.0 d x 0.2 0.5 10 t 2 4 6 8 0.5 10 t 2 4 6 8 � 0.2 � 0.5 10 t � 0.4 2 4 6 8 d y � 0.6 � 1.0 � 0.5 � 0.8 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 4 / 20

CPS Analysis: Robot Control Challenge (Games) Game rules describing play evolution with both Angelic choices (player ⋄ Angel) Demonic choices (player ⋄ Demon) 8 rmbl0skZ 0,0 7 ZpZ0ZpZ0 6 0Zpo0ZpZ ⋄ \ ⋄ Tr Pl 5 o0ZPo0Zp 2,1 4 PZPZPZ0O Trash 1,2 0,0 3 Z0Z0ZPZ0 1,2 Plant 0,0 2,1 2 0O0J0ZPZ 1 SNAQZBMR 3,1 a b c d e f g h Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 5 / 20

CPS Analysis: Robot Control Challenge (Hybrid Games) Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon ⋄ ) a 1.2 v 7 p 0.4 6 1.0 0.2 5 0.8 10 t 4 2 4 6 8 0.6 p x � 0.2 3 0.4 � 0.4 2 0.2 1 � 0.6 p y 10 t 10 t 2 4 6 8 2 4 6 8 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 6 / 20

CPS Analysis: Robot Control Challenge (Hybrid Games) Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon ⋄ ) a d Ω 1.0 d x 0.4 0.5 0.2 0.5 10 t 10 t d y 2 4 6 8 2 4 6 8 � 0.2 � 0.5 10 t 2 4 6 8 � 0.4 � 1.0 � 0.6 � 0.5 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 6 / 20

CPS Analysis: RoboCup Soccer Challenge (Hybrid Games) Game rules describing play evolution with Discrete dynamics (control decisions) Continuous dynamics (differential equations) Adversarial dynamics (Angel ⋄ vs. Demon ⋄ ) a d Ω 1.0 d x 0.4 0.5 0.2 0.5 10 t 10 t d y 2 4 6 8 2 4 6 8 � 0.2 � 0.5 10 t 2 4 6 8 � 0.4 � 1.0 � 0.6 � 0.5 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 7 / 20

Differential Game Logic: Syntax Definition (Hybrid game α ) a | x := θ | ? q | x ′ = θ | α ∪ β | α ; β | α ∗ | α d Definition (dGL Formula φ ) p ( θ 1 , . . . , θ n ) | θ ≥ η | ¬ φ | φ ∧ ψ | ∀ x φ | ∃ x φ | � α � φ | [ α ] φ TOCL’15 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 8 / 20

Differential Game Logic: Syntax Discrete Differential Test Choice Seq. Repeat Assign Equation Game Game Game Game Definition (Hybrid game α ) a | x := θ | ? q | x ′ = θ | α ∪ β | α ; β | α ∗ | α d Definition (dGL Formula φ ) p ( θ 1 , . . . , θ n ) | θ ≥ η | ¬ φ | φ ∧ ψ | ∀ x φ | ∃ x φ | � α � φ | [ α ] φ All Some Reals Reals TOCL’15 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 8 / 20

Differential Game Logic: Syntax Game Discrete Differential Test Choice Seq. Repeat Dual Symb. Assign Equation Game Game Game Game Game Definition (Hybrid game α ) a | x := θ | ? q | x ′ = θ | α ∪ β | α ; β | α ∗ | α d Definition (dGL Formula φ ) p ( θ 1 , . . . , θ n ) | θ ≥ η | ¬ φ | φ ∧ ψ | ∀ x φ | ∃ x φ | � α � φ | [ α ] φ All Some Reals Reals TOCL’15 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 8 / 20

Differential Game Logic: Syntax Game Discrete Differential Test Choice Seq. Repeat Dual Symb. Assign Equation Game Game Game Game Game Definition (Hybrid game α ) a | x := θ | ? q | x ′ = θ | α ∪ β | α ; β | α ∗ | α d Definition (dGL Formula φ ) p ( θ 1 , . . . , θ n ) | θ ≥ η | ¬ φ | φ ∧ ψ | ∀ x φ | ∃ x φ | � α � φ | [ α ] φ All Some Angel Demon Reals Reals Wins Wins TOCL’15 Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 8 / 20

Example: Goalie in Robot Soccer y , g g ( x , y ) x x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Example: Goalie in Robot Soccer y , g ( v , + w ) g ( x , y ) x x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Example: Goalie in Robot Soccer y , g ( v , + w ) g ( x , y ) x ( v , − w ) x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Example: Goalie in Robot Soccer y , g ( v , + w ) + u g ( x , y ) x ( v , − w ) x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Example: Goalie in Robot Soccer y , g ( v , + w ) + u g ( x , y ) x − u ( v , − w ) x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Example: Goalie in Robot Soccer y , g ( v , + w ) + u g ( x , y ) Goalie’s x − u Secret ( v , − w ) � x � 2 ( u − w ) 2 ≤ 1 ∧ v x < 0 ∧ v > 0 ∧ y = g → � ( w := + w ∩ w := − w ); ( u := + u ∪ u := − u ); { x ′ = v , y ′ = w , g ′ = u } x 2 + ( y − g ) 2 ≤ 1 � ∗ � � Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 9 / 20

Differential Game Logic: Denotational Semantics Definition (Hybrid game α ) [ [ · ] ] : HG → ( ℘ ( S ) → ℘ ( S )) ]( X ) = { ω ∈ S : ω ω [ [ θ ] ] [ [ x := θ ] ∈ X } x [ x ′ = θ ] ]( X ) = { ϕ (0) ∈ S : ϕ ( r ) ∈ X , d ϕ ( t )( x ) ] for all ζ } [ ( ζ ) = ϕ ( ζ )[ [ θ ] d t [ [? q ] ]( X ) = [ [ q ] ] ∩ X [ α ∪ β ] ]( X ) ∪ [ [ ]( X ) = [ [ α ] [ β ] ]( X ) [ [ α ; β ] ]( X ) = [ [ α ] ]([ [ β ] ]( X )) [ α ∗ ] ]( X ) = � { Z ⊆ S : X ∪ [ [ [ α ] ]( Z ) ⊆ Z } ]( X ∁ )) ∁ [ α d ] [ ]( X ) = ([ [ α ] Definition (dGL Formula φ ) [ [ · ] ] : Fml → ℘ ( S ) [ [ θ ≥ η ] ] = { ω ∈ S : ω [ [ θ ] ] ≥ ω [ [ η ] ] } ]) ∁ [ [ ¬ φ ] ] = ([ [ φ ] [ [ φ ∧ ψ ] ] = [ [ φ ] ] ∩ [ [ ψ ] ] [ � α � φ ] [ ] = [ [ α ] ]([ [ φ ] ]) ] ∁ ) ∁ [ [[ α ] φ ] ] = [ [ α ] ]([ [ φ ] Andr´ e Platzer (CMU) Uniform Substitution for Differential Game Logic IJCAR’18 10 / 20