a higher-order temporal logic for dynamical...

84
A higher-order temporal logic for dynamical systems David I. Spivak * and Patrick Schultz Mathematics Department Massachusetts Institute of Technology AMS Fall Sectional, Riverside CA November 4, 2017 0 / 26

Upload: others

Post on 01-Jun-2020

4 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

A higher-order temporal logicfor dynamical systems

David I. Spivak∗ and Patrick Schultz

Mathematics DepartmentMassachusetts Institute of Technology

AMS Fall Sectional, Riverside CANovember 4, 2017

0 / 26

Page 2: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction

Outline

1 IntroductionThe National Airspace SystemRelations in a toposSummary: motivation and plan

2 The topos B of behavior types

3 Temporal type theory

4 Application to the NAS

5 Conclusion

Temporal Type Theory, https://arxiv.org/abs/1710.10258

0 / 26

Page 3: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction The National Airspace System

An example system

The National Airspace System (NAS).Goals of NextGen:

Double the number of airplanes in the sky;Remain extremely safe.

Safe separation problem:Planes need to remain at a safe distance.Can’t generally communicate directly.Use radars, pilots, ground control, radios, and TCAS.1

Systems of systems:A great variety of interconnected systems.Work in concert to enforce global property: safe separation.

1Traffic Collision Avoidance System.1 / 26

Page 4: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction The National Airspace System

An example system

The National Airspace System (NAS).Goals of NextGen:

Double the number of airplanes in the sky;Remain extremely safe.

Safe separation problem:Planes need to remain at a safe distance.Can’t generally communicate directly.Use radars, pilots, ground control, radios, and TCAS.1

Systems of systems:A great variety of interconnected systems.Work in concert to enforce global property: safe separation.

1Traffic Collision Avoidance System.1 / 26

Page 5: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction The National Airspace System

An example system

The National Airspace System (NAS).Goals of NextGen:

Double the number of airplanes in the sky;Remain extremely safe.

Safe separation problem:Planes need to remain at a safe distance.Can’t generally communicate directly.Use radars, pilots, ground control, radios, and TCAS.1

Systems of systems:A great variety of interconnected systems.Work in concert to enforce global property: safe separation.

1Traffic Collision Avoidance System.1 / 26

Page 6: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction The National Airspace System

Systems of interacting systems in the NAS

plane 1 plane 2

radar satellite

National Airspace System

1-TCAS

2-TCAS

2-altitude1-altitude radarsignal

onboardTCAS pilot jets&wings

plane 1their TCAScommand

radar signal

our TCAS command

yoke & throttle altitude

2 / 26

Page 7: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction The National Airspace System

Systems of interacting systems in the NAS

plane 1 plane 2

radar satellite

National Airspace System

1-TCAS

2-TCAS

2-altitude1-altitude radarsignal

onboardTCAS pilot jets&wings

plane 1their TCAScommand

radar signal

our TCAS command

yoke & throttle altitude

2 / 26

Page 8: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

A hypergraph category

plane 1 plane 2

radar satellite

What are these pictures?Wires with arrows indicate “signal passing”.

Drop the arrows for “variable sharing” perspective (Willems)Either way, the planes and the radars are constraints.“If I know you’re close below me, I’ll move up”.

What are these pictures formally?Composition diagrams in a hypergraph category.Example of a hypergraph category: relations.

where each wire is a set,and each box is a relation R ⊆ A1 × · · · × An.

3 / 26

Page 9: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

A hypergraph category

plane 1 plane 2

radar satellite

What are these pictures?Wires with arrows indicate “signal passing”.Drop the arrows for “variable sharing” perspective (Willems)Either way, the planes and the radars are constraints.“If I know you’re close below me, I’ll move up”.

What are these pictures formally?Composition diagrams in a hypergraph category.Example of a hypergraph category: relations.

where each wire is a set,and each box is a relation R ⊆ A1 × · · · × An.

3 / 26

Page 10: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

A hypergraph category

What are these pictures?Wires with arrows indicate “signal passing”.Drop the arrows for “variable sharing” perspective (Willems)Either way, the planes and the radars are constraints.“If I know you’re close below me, I’ll move up”.

What are these pictures formally?Composition diagrams in a hypergraph category.Example of a hypergraph category: relations.

where each wire is a set,and each box is a relation R ⊆ A1 × · · · × An.

3 / 26

Page 11: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

Relations in a topos

plane 1 plane 2

radar satellite

Relations form a hypergraph category in any topos E.

We talked about relations in E Set.Idea generalizes to arbitrary toposes.Every topos E has a subobject classifier ΩRelations on A A1 × · · · × An are morphisms A→ Ω.

So... what’s the topos for the National Airspace System?More generally, where do all these behaviors live?They live in time.Goal: a good topos for studying behaviors (hence time).

4 / 26

Page 12: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

Relations in a topos

plane 1 plane 2

radar satellite

Relations form a hypergraph category in any topos E.We talked about relations in E Set.Idea generalizes to arbitrary toposes.Every topos E has a subobject classifier ΩRelations on A A1 × · · · × An are morphisms A→ Ω.

So... what’s the topos for the National Airspace System?More generally, where do all these behaviors live?They live in time.Goal: a good topos for studying behaviors (hence time).

4 / 26

Page 13: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

Relations in a topos

plane 1 plane 2

radar satellite

Relations form a hypergraph category in any topos E.We talked about relations in E Set.Idea generalizes to arbitrary toposes.Every topos E has a subobject classifier ΩRelations on A A1 × · · · × An are morphisms A→ Ω.

So... what’s the topos for the National Airspace System?More generally, where do all these behaviors live?

They live in time.Goal: a good topos for studying behaviors (hence time).

4 / 26

Page 14: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Relations in a topos

Relations in a topos

plane 1 plane 2

radar satellite

Relations form a hypergraph category in any topos E.We talked about relations in E Set.Idea generalizes to arbitrary toposes.Every topos E has a subobject classifier ΩRelations on A A1 × · · · × An are morphisms A→ Ω.

So... what’s the topos for the National Airspace System?More generally, where do all these behaviors live?They live in time.Goal: a good topos for studying behaviors (hence time).

4 / 26

Page 15: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Summary: motivation and plan

NAS use-case as guide

What’s the topos for the National Airspace System?This question was a major guide for our work.Need to combine many common frameworks into a “big tent”.

Differential equations, continuous dynamical systems.Labeled transition systems, discrete dynamical systems.Delays, non-instantaneous rules.

Need a logic in which to prove safety of the combined system.

Relationship to toposes:Toposes have an associated internal language and logic.Can use formal methods (proof assistants) to prove properties of NAS.

5 / 26

Page 16: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Summary: motivation and plan

NAS use-case as guide

What’s the topos for the National Airspace System?This question was a major guide for our work.Need to combine many common frameworks into a “big tent”.

Differential equations, continuous dynamical systems.Labeled transition systems, discrete dynamical systems.Delays, non-instantaneous rules.

Need a logic in which to prove safety of the combined system.

Relationship to toposes:Toposes have an associated internal language and logic.Can use formal methods (proof assistants) to prove properties of NAS.

5 / 26

Page 17: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Summary: motivation and plan

NAS use-case as guide

What’s the topos for the National Airspace System?This question was a major guide for our work.Need to combine many common frameworks into a “big tent”.

Differential equations, continuous dynamical systems.Labeled transition systems, discrete dynamical systems.Delays, non-instantaneous rules.

Need a logic in which to prove safety of the combined system.

Relationship to toposes:Toposes have an associated internal language and logic.Can use formal methods (proof assistants) to prove properties of NAS.

5 / 26

Page 18: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Introduction Summary: motivation and plan

Plan of the talk

1. Define a topos B of behavior types.

2. Discuss temporal type theory, which is sound in B.

3. Return to our NAS use-case.

6 / 26

Page 19: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types

Outline

1 Introduction

2 The topos B of behavior typesChoosing a toposThe interval domain, IRTranslation-invariance: B Shv(IR/B)

3 Temporal type theory

4 Application to the NAS

5 Conclusion

Temporal Type Theory, https://arxiv.org/abs/1710.10258

6 / 26

Page 20: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

What is a topos and why?

Toposes—invented by Grothendieck—generalize topological spaces.Basic idea:

A topos tells you “what can live on a space”......rather than telling you “what the space is ”.The space is just the habitat, or “site”, where stuff appears.

Definition: a topos is the category of sheaves on a site.Two examples: topological spaces and databases.

Any topological space defines a site.What lives there: vector fields, scalar fields; “bundles” of stuff.

Any database schema S defines a site.What lives there: all S-instances.

Question: What’s a good site at which behaviors live?

7 / 26

Page 21: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

What is a topos and why?

Toposes—invented by Grothendieck—generalize topological spaces.Basic idea:

A topos tells you “what can live on a space”......rather than telling you “what the space is ”.The space is just the habitat, or “site”, where stuff appears.

Definition: a topos is the category of sheaves on a site.Two examples: topological spaces and databases.

Any topological space defines a site.What lives there: vector fields, scalar fields; “bundles” of stuff.

Any database schema S defines a site.What lives there: all S-instances.

Question: What’s a good site at which behaviors live?

7 / 26

Page 22: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

What is a topos and why?

Toposes—invented by Grothendieck—generalize topological spaces.Basic idea:

A topos tells you “what can live on a space”......rather than telling you “what the space is ”.The space is just the habitat, or “site”, where stuff appears.

Definition: a topos is the category of sheaves on a site.Two examples: topological spaces and databases.

Any topological space defines a site.What lives there: vector fields, scalar fields; “bundles” of stuff.

Any database schema S defines a site.What lives there: all S-instances.

Question: What’s a good site at which behaviors live?

7 / 26

Page 23: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

What is a topos and why?

Toposes—invented by Grothendieck—generalize topological spaces.Basic idea:

A topos tells you “what can live on a space”......rather than telling you “what the space is ”.The space is just the habitat, or “site”, where stuff appears.

Definition: a topos is the category of sheaves on a site.Two examples: topological spaces and databases.

Any topological space defines a site.What lives there: vector fields, scalar fields; “bundles” of stuff.

Any database schema S defines a site.What lives there: all S-instances.

Question: What’s a good site at which behaviors live?

7 / 26

Page 24: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

First guess: the space R

A first guess: the space R as the site for behaviors.

What would a behavior type B ∈ Shv(R) be?On objects:

For each open interval (a, b) ⊆ R, a set B(a, b)“The set of B-behaviors that can occur on (a, b).”

On morphisms:For each a ≤ a′ < b′ ≤ b, a function B(a, b) → B(a′, b′)“The B-way to restrict behaviors to subintervals.”

Compatibility:Restriction maps compose: B(a, b) → B(a′, b′) → B(a′′, b′′).

Gluing conditions:“Continuity”: B(a, b) lima<a′<b′<b B(a′, b′).“Composition”: B(a, b) B(a, b′) ×B(a′,b′) B(a′, b).

| | | |a a′ b′ b

8 / 26

Page 25: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

First guess: the space R

A first guess: the space R as the site for behaviors.What would a behavior type B ∈ Shv(R) be?

On objects:For each open interval (a, b) ⊆ R, a set B(a, b)“The set of B-behaviors that can occur on (a, b).”

On morphisms:For each a ≤ a′ < b′ ≤ b, a function B(a, b) → B(a′, b′)“The B-way to restrict behaviors to subintervals.”

Compatibility:Restriction maps compose: B(a, b) → B(a′, b′) → B(a′′, b′′).

Gluing conditions:“Continuity”: B(a, b) lima<a′<b′<b B(a′, b′).“Composition”: B(a, b) B(a, b′) ×B(a′,b′) B(a′, b).

| | | |a a′ b′ b

8 / 26

Page 26: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

First guess: the space R

A first guess: the space R as the site for behaviors.What would a behavior type B ∈ Shv(R) be?

On objects:For each open interval (a, b) ⊆ R, a set B(a, b)“The set of B-behaviors that can occur on (a, b).”

On morphisms:For each a ≤ a′ < b′ ≤ b, a function B(a, b) → B(a′, b′)“The B-way to restrict behaviors to subintervals.”

Compatibility:Restriction maps compose: B(a, b) → B(a′, b′) → B(a′′, b′′).

Gluing conditions:“Continuity”: B(a, b) lima<a′<b′<b B(a′, b′).“Composition”: B(a, b) B(a, b′) ×B(a′,b′) B(a′, b).

| | | |a a′ b′ b

8 / 26

Page 27: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

First guess: the space R

A first guess: the space R as the site for behaviors.What would a behavior type B ∈ Shv(R) be?

On objects:For each open interval (a, b) ⊆ R, a set B(a, b)“The set of B-behaviors that can occur on (a, b).”

On morphisms:For each a ≤ a′ < b′ ≤ b, a function B(a, b) → B(a′, b′)“The B-way to restrict behaviors to subintervals.”

Compatibility:Restriction maps compose: B(a, b) → B(a′, b′) → B(a′′, b′′).

Gluing conditions:“Continuity”: B(a, b) lima<a′<b′<b B(a′, b′).“Composition”: B(a, b) B(a, b′) ×B(a′,b′) B(a′, b).

| | | |a a′ b′ b

8 / 26

Page 28: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

First guess: the space R

A first guess: the space R as the site for behaviors.What would a behavior type B ∈ Shv(R) be?

On objects:For each open interval (a, b) ⊆ R, a set B(a, b)“The set of B-behaviors that can occur on (a, b).”

On morphisms:For each a ≤ a′ < b′ ≤ b, a function B(a, b) → B(a′, b′)“The B-way to restrict behaviors to subintervals.”

Compatibility:Restriction maps compose: B(a, b) → B(a′, b′) → B(a′′, b′′).

Gluing conditions:“Continuity”: B(a, b) lima<a′<b′<b B(a′, b′).“Composition”: B(a, b) B(a, b′) ×B(a′,b′) B(a′, b).

| | | |a a′ b′ b

8 / 26

Page 29: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

Why R is not preferable as the site

Two reasons not to use Shv(R) as our topos.Want behavior types with non-composable behaviors

“Roughly monotonic”: ∀(t1 , t2). t1 + 5 ≤ t2 ⇒ f (t1) ≤ f (t2).“Bounded distance”: ∀(t1 , t2).−5 < f (t1) − f (t2) < 5.Neither of these have the “composition gluing”.

Want to compare behavior across different time windows.Example: a delay is “the same behavior at different times.”Shv(R) sees no relation between B(0, 3) and B(2, 5).To fix this, replace interval (a, b) by duration b − a.“Translation invariance.”

We’ll discard composition gluing and add translation invariance.

9 / 26

Page 30: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

Why R is not preferable as the site

Two reasons not to use Shv(R) as our topos.Want behavior types with non-composable behaviors

“Roughly monotonic”: ∀(t1 , t2). t1 + 5 ≤ t2 ⇒ f (t1) ≤ f (t2).“Bounded distance”: ∀(t1 , t2).−5 < f (t1) − f (t2) < 5.Neither of these have the “composition gluing”.

Want to compare behavior across different time windows.Example: a delay is “the same behavior at different times.”Shv(R) sees no relation between B(0, 3) and B(2, 5).

To fix this, replace interval (a, b) by duration b − a.“Translation invariance.”

We’ll discard composition gluing and add translation invariance.

9 / 26

Page 31: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

Why R is not preferable as the site

Two reasons not to use Shv(R) as our topos.Want behavior types with non-composable behaviors

“Roughly monotonic”: ∀(t1 , t2). t1 + 5 ≤ t2 ⇒ f (t1) ≤ f (t2).“Bounded distance”: ∀(t1 , t2).−5 < f (t1) − f (t2) < 5.Neither of these have the “composition gluing”.

Want to compare behavior across different time windows.Example: a delay is “the same behavior at different times.”Shv(R) sees no relation between B(0, 3) and B(2, 5).To fix this, replace interval (a, b) by duration b − a.“Translation invariance.”

We’ll discard composition gluing and add translation invariance.

9 / 26

Page 32: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Choosing a topos

Why R is not preferable as the site

Two reasons not to use Shv(R) as our topos.Want behavior types with non-composable behaviors

“Roughly monotonic”: ∀(t1 , t2). t1 + 5 ≤ t2 ⇒ f (t1) ≤ f (t2).“Bounded distance”: ∀(t1 , t2).−5 < f (t1) − f (t2) < 5.Neither of these have the “composition gluing”.

Want to compare behavior across different time windows.Example: a delay is “the same behavior at different times.”Shv(R) sees no relation between B(0, 3) and B(2, 5).To fix this, replace interval (a, b) by duration b − a.“Translation invariance.”

We’ll discard composition gluing and add translation invariance.

9 / 26

Page 33: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

The interval domain IR

Discarding composition gluing, we have the site:Category: the poset of intervals (a, b) ⊆ R.Coverage: B(a, b) lima<a′<b′<b B(a′, b′).

This corresponds to what’s called the interval domain IR.It’s a topological space, not Hausdorff, but sober.Points: intervals [d , u] (down/up).Basis: open intervals (a, b), denoting [d , u] | a < d ≤ u < b.

Specialization order on points: [d , u] v [d ′, u′] means d ≤ d ′ ≤ u′ ≤ u.

10 / 26

Page 34: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

The interval domain IR

Discarding composition gluing, we have the site:Category: the poset of intervals (a, b) ⊆ R.Coverage: B(a, b) lima<a′<b′<b B(a′, b′).

This corresponds to what’s called the interval domain IR.It’s a topological space, not Hausdorff, but sober.Points: intervals [d , u] (down/up).Basis: open intervals (a, b), denoting [d , u] | a < d ≤ u < b.

Specialization order on points: [d , u] v [d ′, u′] means d ≤ d ′ ≤ u′ ≤ u.

10 / 26

Page 35: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

The interval domain IR

Discarding composition gluing, we have the site:Category: the poset of intervals (a, b) ⊆ R.Coverage: B(a, b) lima<a′<b′<b B(a′, b′).

This corresponds to what’s called the interval domain IR.It’s a topological space, not Hausdorff, but sober.Points: intervals [d , u] (down/up).Basis: open intervals (a, b), denoting [d , u] | a < d ≤ u < b.

Specialization order on points: [d , u] v [d ′, u′] means d ≤ d ′ ≤ u′ ≤ u.

10 / 26

Page 36: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

IR and the upper half-plane

We’ll visualize IR using the upper half-plane, H (x , y ) ∈ R2 | 0 ≤ y .

Idea: midpoint and radius.... Let’s replace variables.

There’s a continuous bijection H−→ IR.

Map forward: (m, r ) 7→ [m + r ,m − r ].Map backward: [d , u] 7→ (u+d2 , u−d2 ).

There’s a bijection, but H has more open sets.

11 / 26

Page 37: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

IR and the upper half-plane

We’ll visualize IR using the upper half-plane, H (m, r ) ∈ R2 | 0 ≤ r .

There’s a continuous bijection H−→ IR.

Map forward: (m, r ) 7→ [m + r ,m − r ].Map backward: [d , u] 7→ (u+d2 , u−d2 ).

There’s a bijection, but H has more open sets.

11 / 26

Page 38: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

IR and the upper half-plane

We’ll visualize IR using the upper half-plane, H (m, r ) ∈ R2 | 0 ≤ r .

There’s a continuous bijection H−→ IR.

Map forward: (m, r ) 7→ [m + r ,m − r ].Map backward: [d , u] 7→ (u+d2 , u−d2 ).

There’s a bijection, but H has more open sets.

11 / 26

Page 39: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

IR and the upper half-plane

We’ll visualize IR using the upper half-plane, H (m, r ) ∈ R2 | 0 ≤ r .

There’s a continuous bijection H−→ IR.

Map forward: (m, r ) 7→ [m + r ,m − r ].Map backward: [d , u] 7→ (u+d2 , u−d2 ).

There’s a bijection, but H has more open sets.

11 / 26

Page 40: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

Order and opens in IR, from the half-plane perspective

(m, r ) v (m′, r ′) is this sort of “cone” relationship

(m, r )

(m′ , r′)

The opens are in bijection with Lipschitz functions f : R→ R+.Here R+ B r ∈ R | r ≥ 0 ∪ ∞.Given such an f , the set of all (m, r ) with r < f (m) is open.

Here’s a picture of an open set:f

12 / 26

Page 41: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

Order and opens in IR, from the half-plane perspective

(m, r ) v (m′, r ′) is this sort of “cone” relationship

(m, r )

(m′ , r′)

The opens are in bijection with Lipschitz functions f : R→ R+.Here R+ B r ∈ R | r ≥ 0 ∪ ∞.Given such an f , the set of all (m, r ) with r < f (m) is open.

Here’s a picture of an open set:f

12 / 26

Page 42: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types The interval domain, I R

Order and opens in IR, from the half-plane perspective

(m, r ) v (m′, r ′) is this sort of “cone” relationship

(m, r )

(m′ , r′)

The opens are in bijection with Lipschitz functions f : R→ R+.Here R+ B r ∈ R | r ≥ 0 ∪ ∞.Given such an f , the set of all (m, r ) with r < f (m) is open.

Here’s a picture of an open set:f

12 / 26

Page 43: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Translation invariance

We want to compare behaviors from different time-windows.For example, a delay is “same behavior at different times”.How to do it?

Consider the translation action B : R × IR→ IR.(R, 0,+) is a group.It acts on IR by r B [d , u] [r + d , r + u].

Define IR/B to be the quotient of IR by this action.Call IR/B the site of translation-invariant intervals.

We’ll see that the associated topos has an object Time.We can use it to look at behaviors over different time-windows.

13 / 26

Page 44: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Translation invariance

We want to compare behaviors from different time-windows.For example, a delay is “same behavior at different times”.How to do it?

Consider the translation action B : R × IR→ IR.(R, 0,+) is a group.It acts on IR by r B [d , u] [r + d , r + u].

Define IR/B to be the quotient of IR by this action.Call IR/B the site of translation-invariant intervals.

We’ll see that the associated topos has an object Time.We can use it to look at behaviors over different time-windows.

13 / 26

Page 45: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Translation invariance

We want to compare behaviors from different time-windows.For example, a delay is “same behavior at different times”.How to do it?

Consider the translation action B : R × IR→ IR.(R, 0,+) is a group.It acts on IR by r B [d , u] [r + d , r + u].

Define IR/B to be the quotient of IR by this action.Call IR/B the site of translation-invariant intervals.

We’ll see that the associated topos has an object Time.We can use it to look at behaviors over different time-windows.

13 / 26

Page 46: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Translation invariance

We want to compare behaviors from different time-windows.For example, a delay is “same behavior at different times”.How to do it?

Consider the translation action B : R × IR→ IR.(R, 0,+) is a group.It acts on IR by r B [d , u] [r + d , r + u].

Define IR/B to be the quotient of IR by this action.Call IR/B the site of translation-invariant intervals.

We’ll see that the associated topos has an object Time.We can use it to look at behaviors over different time-windows.

13 / 26

Page 47: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Our choice of topos B

Equivalently, IR/B is the following site:Objects = ` ∈ R≥0.Hom(`′, `) 〈r , s〉 | r + `′ + s ` | | | |

0 r ` − s

0 `′

`

Coverage 〈r , s〉 : `′→ ` | r > 0, s > 0.When r , s > 0, write `′ `.2

The topos of behavior types: B Shv(IR/B).

A sheaf X assigns a set of possible behaviors to each `,And a restriction map to each included subinterval 〈r , s〉 : `′→ `,Such that X (`) → lim`′ ` X (`′) is iso.

Example Time ∈ B, the behavior type of a clock:Time(`) B (d , u) ∈ R2 | u − d `.For 〈r , s〉 : `′→ ` the restriction is (d , u)

〈r ,s〉 B (d + r , u − s).The required map is iso.

2Johnstone-Joyal’s notation in “Continuous categories and exponentiable toposes”.14 / 26

Page 48: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Our choice of topos B

Equivalently, IR/B is the following site:Objects = ` ∈ R≥0.Hom(`′, `) 〈r , s〉 | r + `′ + s ` | | | |

0 r ` − s

0 `′

`

Coverage 〈r , s〉 : `′→ ` | r > 0, s > 0.When r , s > 0, write `′ `.2

The topos of behavior types: B Shv(IR/B).A sheaf X assigns a set of possible behaviors to each `,And a restriction map to each included subinterval 〈r , s〉 : `′→ `,Such that X (`) → lim`′ ` X (`′) is iso.

Example Time ∈ B, the behavior type of a clock:Time(`) B (d , u) ∈ R2 | u − d `.For 〈r , s〉 : `′→ ` the restriction is (d , u)

〈r ,s〉 B (d + r , u − s).The required map is iso.

2Johnstone-Joyal’s notation in “Continuous categories and exponentiable toposes”.14 / 26

Page 49: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

The topos B of behavior types Translation-invariance: B Shv(I R/B)

Our choice of topos B

Equivalently, IR/B is the following site:Objects = ` ∈ R≥0.Hom(`′, `) 〈r , s〉 | r + `′ + s ` | | | |

0 r ` − s

0 `′

`

Coverage 〈r , s〉 : `′→ ` | r > 0, s > 0.When r , s > 0, write `′ `.2

The topos of behavior types: B Shv(IR/B).A sheaf X assigns a set of possible behaviors to each `,And a restriction map to each included subinterval 〈r , s〉 : `′→ `,Such that X (`) → lim`′ ` X (`′) is iso.

Example Time ∈ B, the behavior type of a clock:Time(`) B (d , u) ∈ R2 | u − d `.For 〈r , s〉 : `′→ ` the restriction is (d , u)

〈r ,s〉 B (d + r , u − s).The required map is iso.

2Johnstone-Joyal’s notation in “Continuous categories and exponentiable toposes”.14 / 26

Page 50: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory

Outline

1 Introduction

2 The topos B of behavior types

3 Temporal type theoryToposes, type theory, and logicType-theoretic presentationModalities and subtoposesThe derivative

4 Application to the NAS

5 Conclusion

Temporal Type Theory, https://arxiv.org/abs/1710.1025814 / 26

Page 51: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Types, terms, and axioms

Type theory is useful, e.g. in computer science.It’s basically a bunch of language rules.

E.g. simply-typed lambda calculus with sum types and quotient types.Start with atomic types and atomic terms.Build new types, terms, and propositions using constructors.

Types: N , Prop, products, arrows, sums, quotients.Terms: tupling, projection, lambda abstraction, evaluation, etc.Propositions: ∃, ∀,∧,∨,¬,⇒,>,⊥.

Add axioms, which are logical statements.

I thought this was dreadfully boring. Until I witnessed...

15 / 26

Page 52: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Types, terms, and axioms

Type theory is useful, e.g. in computer science.It’s basically a bunch of language rules.E.g. simply-typed lambda calculus with sum types and quotient types.

Start with atomic types and atomic terms.Build new types, terms, and propositions using constructors.

Types: N , Prop, products, arrows, sums, quotients.Terms: tupling, projection, lambda abstraction, evaluation, etc.Propositions: ∃, ∀,∧,∨,¬,⇒,>,⊥.

Add axioms, which are logical statements.

I thought this was dreadfully boring. Until I witnessed...

15 / 26

Page 53: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Types, terms, and axioms

Type theory is useful, e.g. in computer science.It’s basically a bunch of language rules.E.g. simply-typed lambda calculus with sum types and quotient types.

Start with atomic types and atomic terms.Build new types, terms, and propositions using constructors.

Types: N , Prop, products, arrows, sums, quotients.Terms: tupling, projection, lambda abstraction, evaluation, etc.Propositions: ∃, ∀,∧,∨,¬,⇒,>,⊥.

Add axioms, which are logical statements.

I thought this was dreadfully boring. Until I witnessed...

15 / 26

Page 54: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

The Kripke-Joyal semantics

The Kripke-Joyal semantics is pretty neat.Start with atomic types, terms, and axioms from your topos.Kripke-Joyal is a machine that turns logic into topos-proofs.

Suppose you have any expression in the type theory.It automatically has semantics in your topos.That is, it means something about sheaves X .∀(x : X ) – “for all restriction maps and sections x ...”∃(x : X ) – “there is a covering family and a section x in each...”Each connective ∧,∨,⇒, means something sheafy.

Statements and proofs are recursive, tree-like structures.Kripke-Joyal recurses over that structure.At each step, it unwinds the logic into restrictions, covers, sections.It manages all the topos stuff and lets you believe you’re in Set.

The Kripke-Joyal semantics: doing the heavy lifting.

16 / 26

Page 55: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

The Kripke-Joyal semantics

The Kripke-Joyal semantics is pretty neat.Start with atomic types, terms, and axioms from your topos.Kripke-Joyal is a machine that turns logic into topos-proofs.Suppose you have any expression in the type theory.

It automatically has semantics in your topos.That is, it means something about sheaves X .∀(x : X ) – “for all restriction maps and sections x ...”∃(x : X ) – “there is a covering family and a section x in each...”Each connective ∧,∨,⇒, means something sheafy.

Statements and proofs are recursive, tree-like structures.Kripke-Joyal recurses over that structure.At each step, it unwinds the logic into restrictions, covers, sections.It manages all the topos stuff and lets you believe you’re in Set.

The Kripke-Joyal semantics: doing the heavy lifting.

16 / 26

Page 56: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Dedekind numeric objects

One can define the real numbers in the type theory.

Follow Dedekind: a real is two subsets of Q .R B (δ, υ) : (Q → Prop) × (Q → Prop) | · · ·

Bounded: ∃(q : Q ). δq and ∃(q : Q ). υq,δ-Rounded: ∀(q : Q ). δq⇔ ∃(q′ : Q ). (q < q′) ∧ δq′,υ-Rounded: ∀(q : Q ). υq⇔ ∃(q′ : Q ). (q′ < q) ∧ υq′,Disjoint: ∀(q : Q ). (δq ∧ υq) ⇒ ⊥,Located: ∀(q1 , q2 : Q ). (q1 < q2) ⇒ (δq1 ∨ υq2) .

The sheaf R has a remarkably beautiful semantics.Use Kripke-Joyal to unwind what this is. Find:If E Shv(T ) for some topological space T , ...... R = sheaf of continuous real-valued functions on T .

Drop various axioms to get other interesting numeric objects.Drop “bounded” and you get unbounded reals.Drop “located” and you get intervals IR , internally.

17 / 26

Page 57: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Dedekind numeric objects

One can define the real numbers in the type theory.

Follow Dedekind: a real is two subsets of Q .R B (δ, υ) : (Q → Prop) × (Q → Prop) | · · ·Bounded: ∃(q : Q ). δq and ∃(q : Q ). υq,δ-Rounded: ∀(q : Q ). δq⇔ ∃(q′ : Q ). (q < q′) ∧ δq′,υ-Rounded: ∀(q : Q ). υq⇔ ∃(q′ : Q ). (q′ < q) ∧ υq′,Disjoint: ∀(q : Q ). (δq ∧ υq) ⇒ ⊥,Located: ∀(q1 , q2 : Q ). (q1 < q2) ⇒ (δq1 ∨ υq2) .

The sheaf R has a remarkably beautiful semantics.Use Kripke-Joyal to unwind what this is. Find:If E Shv(T ) for some topological space T , ...... R = sheaf of continuous real-valued functions on T .

Drop various axioms to get other interesting numeric objects.Drop “bounded” and you get unbounded reals.Drop “located” and you get intervals IR , internally.

17 / 26

Page 58: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Toposes, type theory, and logic

Dedekind numeric objects

One can define the real numbers in the type theory.

Follow Dedekind: a real is two subsets of Q .R B (δ, υ) : (Q → Prop) × (Q → Prop) | · · ·Bounded: ∃(q : Q ). δq and ∃(q : Q ). υq,δ-Rounded: ∀(q : Q ). δq⇔ ∃(q′ : Q ). (q < q′) ∧ δq′,υ-Rounded: ∀(q : Q ). υq⇔ ∃(q′ : Q ). (q′ < q) ∧ υq′,Disjoint: ∀(q : Q ). (δq ∧ υq) ⇒ ⊥,Located: ∀(q1 , q2 : Q ). (q1 < q2) ⇒ (δq1 ∨ υq2) .

The sheaf R has a remarkably beautiful semantics.Use Kripke-Joyal to unwind what this is. Find:If E Shv(T ) for some topological space T , ...... R = sheaf of continuous real-valued functions on T .

Drop various axioms to get other interesting numeric objects.Drop “bounded” and you get unbounded reals.Drop “located” and you get intervals IR , internally.

17 / 26

Page 59: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Type-theoretic presentation

One new type: Time

One atomic type: Time ⊆ IR .Example axiom: Time is an R -torsor:

∀(r : R)(t : Time). t + r ∈ Time.∀(t1 , t2 : Time). t1 − t2 ∈ R .

With it, we can make temporal logic statements∀(t1 , t2 : Time). (t1 + 5 ≤ t2) ⇒ f (t1) ≤ f (t2).“The function f is roughly monotonic.”Unwind it with Kripke-Joyal, and it has the expected semantics.

We can also define the real line as a subtopos.

Next up: using logic to define subtoposes.

18 / 26

Page 60: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Type-theoretic presentation

One new type: Time

One atomic type: Time ⊆ IR .Example axiom: Time is an R -torsor:

∀(r : R)(t : Time). t + r ∈ Time.∀(t1 , t2 : Time). t1 − t2 ∈ R .

With it, we can make temporal logic statements∀(t1 , t2 : Time). (t1 + 5 ≤ t2) ⇒ f (t1) ≤ f (t2).“The function f is roughly monotonic.”Unwind it with Kripke-Joyal, and it has the expected semantics.

We can also define the real line as a subtopos.

Next up: using logic to define subtoposes.

18 / 26

Page 61: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Type-theoretic presentation

One new type: Time

One atomic type: Time ⊆ IR .Example axiom: Time is an R -torsor:

∀(r : R)(t : Time). t + r ∈ Time.∀(t1 , t2 : Time). t1 − t2 ∈ R .

With it, we can make temporal logic statements∀(t1 , t2 : Time). (t1 + 5 ≤ t2) ⇒ f (t1) ≤ f (t2).“The function f is roughly monotonic.”Unwind it with Kripke-Joyal, and it has the expected semantics.

We can also define the real line as a subtopos.

Next up: using logic to define subtoposes.

18 / 26

Page 62: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Modalities and subtoposes

Modalities in general

We refer to Lawvere-Tierney topologies as modalities.3

j : Prop→ Prop with P ⇒ jP , jjP ⇒ jP, and either/both of:

j(P ∧ Q) ⇔ (jP ∧ jQ).(P ⇒ Q) ⇒ (jP ⇒ jQ).

The following are modalities for any U : Prop,open:l o

U(P) B U ⇒ P,

closed: cU(P) B U ∨ P,

quasi-closed: qU(P) B (P ⇒ U) ⇒ U.

Example: if U ⊥ then quasi-closed is double-negation.

3We call them modalities because we’re working type-theoretically.19 / 26

Page 63: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Modalities and subtoposes

Modalities in general

We refer to Lawvere-Tierney topologies as modalities.3

j : Prop→ Prop with P ⇒ jP , jjP ⇒ jP, and either/both of:j(P ∧ Q) ⇔ (jP ∧ jQ).(P ⇒ Q) ⇒ (jP ⇒ jQ).

The following are modalities for any U : Prop,open:l o

U(P) B U ⇒ P,

closed: cU(P) B U ∨ P,

quasi-closed: qU(P) B (P ⇒ U) ⇒ U.

Example: if U ⊥ then quasi-closed is double-negation.

3We call them modalities because we’re working type-theoretically.19 / 26

Page 64: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Modalities and subtoposes

Modalities in general

We refer to Lawvere-Tierney topologies as modalities.3

j : Prop→ Prop with P ⇒ jP , jjP ⇒ jP, and either/both of:j(P ∧ Q) ⇔ (jP ∧ jQ).(P ⇒ Q) ⇒ (jP ⇒ jQ).

The following are modalities for any U : Prop,open:l o

U(P) B U ⇒ P,

closed: cU(P) B U ∨ P,

quasi-closed: qU(P) B (P ⇒ U) ⇒ U.

Example: if U ⊥ then quasi-closed is double-negation.

3We call them modalities because we’re working type-theoretically.19 / 26

Page 65: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Modalities and subtoposes

Modalities in our setting

j : Prop→ Prop with P ⇒ jP , jjP ⇒ jP, j(P ⇒ Q) ⇒ (jP ⇒ jQ).

Example 1: “t is not not 0”: @0P B (P ⇒ t # 0) ⇒ t # 0.

The topos of @t0 sheaves is an internal copy of Set.

R@0 is semantically the skypscraper sheaf R at 0.

Example 2: “Seeing 0, P”: ↓0P B (t # 0) ∨ P.

Example 3: πP B ∀(t : Time).@0P.

The topos of π-sheaves is an internal copy of Shv(R).Rπ is semantically the usual continuous real-valued functions.

20 / 26

Page 66: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory Modalities and subtoposes

Modalities in our setting

j : Prop→ Prop with P ⇒ jP , jjP ⇒ jP, j(P ⇒ Q) ⇒ (jP ⇒ jQ).

Example 1: “t is not not 0”: @0P B (P ⇒ t # 0) ⇒ t # 0.

The topos of @t0 sheaves is an internal copy of Set.

R@0 is semantically the skypscraper sheaf R at 0.

Example 2: “Seeing 0, P”: ↓0P B (t # 0) ∨ P.

Example 3: πP B ∀(t : Time).@0P.

The topos of π-sheaves is an internal copy of Shv(R).Rπ is semantically the usual continuous real-valued functions.

20 / 26

Page 67: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory The derivative

The derivative

Internally define the derivative of x : Rπ.Approximate it with interval-valued functions y :Say y approximates the derivative of x if, for all r1 < r2 in R ,

y v x@(r2) − x@(r1)r2 − r1

.

Define Ûx to be the limit of such y .

It looks familiar, and it works.Internally: linear, d

dt (t) 1, Leibniz rule.Externally: it really is the derivative when derivative exists.

Even makes sense when derivative doesn’t exist, e.g. absolute value:

d

dt|t |

[−1,−1] if t < 0

[−1, 1] if t 0

[1, 1] if t > 0

| |−4 4

21 / 26

Page 68: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory The derivative

The derivative

Internally define the derivative of x : Rπ.Approximate it with interval-valued functions y :Say y approximates the derivative of x if, for all r1 < r2 in R ,

y v x@(r2) − x@(r1)r2 − r1

.

Define Ûx to be the limit of such y .It looks familiar, and it works.

Internally: linear, ddt (t) 1, Leibniz rule.

Externally: it really is the derivative when derivative exists.Even makes sense when derivative doesn’t exist, e.g. absolute value:

d

dt|t |

[−1,−1] if t < 0

[−1, 1] if t 0

[1, 1] if t > 0

| |−4 4

21 / 26

Page 69: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory The derivative

Differential equations

As a logical expression, derivatives work like anything else.Consider a differential equation, like

f (Ûx , Üx , a, b) 0.

Maybe a, b are continuous functions of time.Regardless, it’s an equation in the logic.

Use it with >,⊥,¬,∨,∧,⇒, ∃, ∀.Can be combined with other properties.

22 / 26

Page 70: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Temporal type theory The derivative

Differential equations

As a logical expression, derivatives work like anything else.Consider a differential equation, like

f (Ûx , Üx , a, b) 0.

Maybe a, b are continuous functions of time.Regardless, it’s an equation in the logic.

Use it with >,⊥,¬,∨,∧,⇒, ∃, ∀.Can be combined with other properties.

22 / 26

Page 71: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS

Outline

1 Introduction

2 The topos B of behavior types

3 Temporal type theory

4 Application to the NASA simplified case

5 Conclusion

Temporal Type Theory, https://arxiv.org/abs/1710.10258

22 / 26

Page 72: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

The problem: safe altitude

Simplifying the safe separation problem.Real problem: safe separation for pairs of planes.

Components: Radars, pilots, thrusters/actuators.Behavior types: Discrete signals, (continuous) diff-eqs, delays.

Our simplification: safe altitude for one plane.One radar, one pilot, one thruster.Same behavior types: discrete, continuous, delay.

Goal: combine disparate guarantees to prove useful result.

23 / 26

Page 73: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

The problem: safe altitude

Simplifying the safe separation problem.Real problem: safe separation for pairs of planes.

Components: Radars, pilots, thrusters/actuators.Behavior types: Discrete signals, (continuous) diff-eqs, delays.

Our simplification: safe altitude for one plane.One radar, one pilot, one thruster.Same behavior types: discrete, continuous, delay.

Goal: combine disparate guarantees to prove useful result.

23 / 26

Page 74: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

The problem: safe altitude

Simplifying the safe separation problem.Real problem: safe separation for pairs of planes.

Components: Radars, pilots, thrusters/actuators.Behavior types: Discrete signals, (continuous) diff-eqs, delays.

Our simplification: safe altitude for one plane.One radar, one pilot, one thruster.Same behavior types: discrete, continuous, delay.

Goal: combine disparate guarantees to prove useful result.

23 / 26

Page 75: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Setup

Variables to be used, and their types:

t : Time. T ,P : Cmnd. a : Rπ . safe, margin, del, rate : Q .

What these mean:

t : Time. time-line (a clock).a : Rπ. altitude (continuously changing).

T : Cmnd. TCAS command (occurs at discrete instants).

P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

24 / 26

Page 76: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Behavior contracts

t : Time. time-line (a clock).a : R π . altitude (continuously changing).T : Cmnd. TCAS command (occurs at discrete instants).P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

θ1 B (margin > 0) ∧ (a ≥ 0).

θ2 B (a > safe + margin⇒ T level).θ′2 B (a < safe + margin⇒ T climb).θ3 B (P level⇒ Ûa 0) ∧ (P climb⇒ Ûa rate).θ4 B is delayed(del,T ,P).

θ4 is an abbrevation for a longer logical condition.

Can prove safe separation

∀(t : Time). ↓0(t > del +safe

rate⇒ a ≥ safe).

25 / 26

Page 77: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Behavior contracts

t : Time. time-line (a clock).a : R π . altitude (continuously changing).T : Cmnd. TCAS command (occurs at discrete instants).P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

θ1 B (margin > 0) ∧ (a ≥ 0).θ2 B (a > safe + margin⇒ T level).θ′2 B (a < safe + margin⇒ T climb).

θ3 B (P level⇒ Ûa 0) ∧ (P climb⇒ Ûa rate).θ4 B is delayed(del,T ,P).

θ4 is an abbrevation for a longer logical condition.

Can prove safe separation

∀(t : Time). ↓0(t > del +safe

rate⇒ a ≥ safe).

25 / 26

Page 78: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Behavior contracts

t : Time. time-line (a clock).a : R π . altitude (continuously changing).T : Cmnd. TCAS command (occurs at discrete instants).P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

θ1 B (margin > 0) ∧ (a ≥ 0).θ2 B (a > safe + margin⇒ T level).θ′2 B (a < safe + margin⇒ T climb).θ3 B (P level⇒ Ûa 0) ∧ (P climb⇒ Ûa rate).

θ4 B is delayed(del,T ,P).θ4 is an abbrevation for a longer logical condition.

Can prove safe separation

∀(t : Time). ↓0(t > del +safe

rate⇒ a ≥ safe).

25 / 26

Page 79: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Behavior contracts

t : Time. time-line (a clock).a : R π . altitude (continuously changing).T : Cmnd. TCAS command (occurs at discrete instants).P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

θ1 B (margin > 0) ∧ (a ≥ 0).θ2 B (a > safe + margin⇒ T level).θ′2 B (a < safe + margin⇒ T climb).θ3 B (P level⇒ Ûa 0) ∧ (P climb⇒ Ûa rate).θ4 B is delayed(del,T ,P).

θ4 is an abbrevation for a longer logical condition.

Can prove safe separation

∀(t : Time). ↓0(t > del +safe

rate⇒ a ≥ safe).

25 / 26

Page 80: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Application to the NAS A simplified case

Behavior contracts

t : Time. time-line (a clock).a : R π . altitude (continuously changing).T : Cmnd. TCAS command (occurs at discrete instants).P : Cmnd. pilot’s command (occurs at discrete instants).safe : Q . safe altitude (constant).margin : Q . margin-of-error (constant).del : Q . pilot delay (constant).rate : Q . maximal ascent rate (constant).

θ1 B (margin > 0) ∧ (a ≥ 0).θ2 B (a > safe + margin⇒ T level).θ′2 B (a < safe + margin⇒ T climb).θ3 B (P level⇒ Ûa 0) ∧ (P climb⇒ Ûa rate).θ4 B is delayed(del,T ,P).

θ4 is an abbrevation for a longer logical condition.

Can prove safe separation

∀(t : Time). ↓0(t > del +safe

rate⇒ a ≥ safe).

25 / 26

Page 81: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Conclusion

Outline

1 Introduction

2 The topos B of behavior types

3 Temporal type theory

4 Application to the NAS

5 ConclusionSummary

Temporal Type Theory, https://arxiv.org/abs/1710.10258

25 / 26

Page 82: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Conclusion Summary

Summary

Idea: topos theory for integrating systems.Systems characterized by their possible behaviors.B Shv(IR/B): topos of behavior types.X ∈ B. X (`)=“possible behaviors of length-`.”

plane 1 plane 2

radar satellite

Integrate systems in a hypergraph category of relations.Each component X has an interface, say A1 , . . . ,An.Characterize by its property X : A1 × · · · × An → Prop

Differential equations, discrete automata, delays, are examples.A new temporal type theory with sheaf semantics.

Questions and comments are welcome. Thanks!

26 / 26

Page 83: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Conclusion Summary

Summary

Idea: topos theory for integrating systems.Systems characterized by their possible behaviors.B Shv(IR/B): topos of behavior types.X ∈ B. X (`)=“possible behaviors of length-`.”

plane 1 plane 2

radar satellite

Integrate systems in a hypergraph category of relations.Each component X has an interface, say A1 , . . . ,An.Characterize by its property X : A1 × · · · × An → Prop

Differential equations, discrete automata, delays, are examples.

A new temporal type theory with sheaf semantics.

Questions and comments are welcome. Thanks!

26 / 26

Page 84: A higher-order temporal logic for dynamical systemsmath.ucr.edu/home/baez/ACT2017/ACT2017_spivak.pdfA higher-order temporal logic for dynamical systems David I. Spivak and Patrick

Conclusion Summary

Summary

Idea: topos theory for integrating systems.Systems characterized by their possible behaviors.B Shv(IR/B): topos of behavior types.X ∈ B. X (`)=“possible behaviors of length-`.”

plane 1 plane 2

radar satellite

Integrate systems in a hypergraph category of relations.Each component X has an interface, say A1 , . . . ,An.Characterize by its property X : A1 × · · · × An → Prop

Differential equations, discrete automata, delays, are examples.A new temporal type theory with sheaf semantics.

Questions and comments are welcome. Thanks!

26 / 26