differential game logic - avacs · contributions logical foundations for hybrid games 1...
Post on 28-Jun-2020
10 Views
Preview:
TRANSCRIPT
Differential Game Logic
Andre Platzer
aplatzer@cs.cmu.edu
Computer Science DepartmentCarnegie Mellon University, Pittsburgh, PA
0.20.4
0.60.8
1.00.1
0.2
0.3
0.4
0.5
Andre Platzer (CMU) Differential Game Logic TOCL’15 1 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 1 / 26
Can you trust a computer to control physics?
Rationale1 Safety guarantees require analytic foundations.
2 Foundations revolutionized digital computer science & our society.
3 Need even stronger foundations when software reaches out into ourphysical world.
How can we provide people with cyber-physical systems they can bet theirlives on? — Jeannette Wing
Cyber-physical Systems
CPS combine cyber capabilities with physical capabilities to solve problemsthat neither part could solve alone.
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 26
Can you trust a computer to control physics?
Rationale1 Safety guarantees require analytic foundations.
2 Foundations revolutionized digital computer science & our society.
3 Need even stronger foundations when software reaches out into ourphysical world.
How can we provide people with cyber-physical systems they can bet theirlives on? — Jeannette Wing
Cyber-physical Systems
CPS combine cyber capabilities with physical capabilities to solve problemsthat neither part could solve alone.
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 26
CPS Analysis: Robot Control
Challenge (Hybrid Systems)
Fixed rule describing stateevolution with both
Discrete dynamics(control decisions)
Continuous dynamics(differential equations)
2 4 6 8 10t
-0.8
-0.6
-0.4
-0.2
0.2
a
2 4 6 8 10t
0.2
0.4
0.6
0.8
1.0
v
2 4 6 8 10t
2
4
6
8
p
px
py
Andre Platzer (CMU) Differential Game Logic TOCL’15 3 / 26
CPS Analysis: Robot Control
Challenge (Hybrid Systems)
Fixed rule describing stateevolution with both
Discrete dynamics(control decisions)
Continuous dynamics(differential equations)
2 4 6 8 10t
-0.8
-0.6
-0.4
-0.2
0.2
a
2 4 6 8 10t
-1.0
-0.5
0.5
Ω
2 4 6 8 10t
-0.5
0.5
1.0
d
dx
dy
Andre Platzer (CMU) Differential Game Logic TOCL’15 3 / 26
CPS Analysis: Robot Control
Challenge (Games)
Game rules describing playevolution with both
Angelic choices(player Angel)
Demonic choices(player Demon)
0,0
2,1
1,2
3,1
\ Tr Pl
Trash 1,2 0,0Plant 0,0 2,1
8 rmbl0skZ7 ZpZ0ZpZ06 0Zpo0ZpZ5 o0ZPo0Zp4 PZPZPZ0O3 Z0Z0ZPZ02 0O0J0ZPZ1 SNAQZBMR
a b c d e f g hAndre Platzer (CMU) Differential Game Logic TOCL’15 4 / 26
CPS Analysis: Robot Control
Challenge (Hybrid Games)
Game rules describing playevolution with
Discrete dynamics(control decisions)
Continuous dynamics(differential equations)
Adversarial dynamics(Angel vs. Demon )
2 4 6 8 10t
-0.6
-0.4
-0.2
0.2
0.4
a
2 4 6 8 10t
0.2
0.4
0.6
0.8
1.0
1.2
v
2 4 6 8 10t
1
2
3
4
5
6
7
p
px
py
Andre Platzer (CMU) Differential Game Logic TOCL’15 5 / 26
CPS Analysis: Robot Control
Challenge (Hybrid Games)
Game rules describing playevolution with
Discrete dynamics(control decisions)
Continuous dynamics(differential equations)
Adversarial dynamics(Angel vs. Demon )
2 4 6 8 10t
-0.6
-0.4
-0.2
0.2
0.4
a
2 4 6 8 10t
-1.0
-0.5
0.5
Ω
2 4 6 8 10t
-0.5
0.5
1.0
d
dx
dy
Andre Platzer (CMU) Differential Game Logic TOCL’15 5 / 26
CPS Analysis: RoboCup Soccer
Challenge (Hybrid Games)
Game rules describing playevolution with
Discrete dynamics(control decisions)
Continuous dynamics(differential equations)
Adversarial dynamics(Angel vs. Demon )
2 4 6 8 10t
-0.6
-0.4
-0.2
0.2
0.4
a
2 4 6 8 10t
-1.0
-0.5
0.5
Ω
2 4 6 8 10t
-0.5
0.5
1.0
d
dx
dy
Andre Platzer (CMU) Differential Game Logic TOCL’15 6 / 26
Contributions
Logical foundations for hybrid games
1 Compositional programming language for hybrid games
2 Compositional logic and proof calculus for winning strategy existence
3 Hybrid games determined
4 Winning region computations terminate after ≥ωCK1 iterations
5 Separate truth (∃ winning strategy) vs. proof (winning certificate) vs.proof search (automatic construction)
6 Sound & relatively complete
7 Expressiveness
8 Fragments quite successful in applications
9 Generalizations in logic enable more applications
Andre Platzer (CMU) Differential Game Logic TOCL’15 7 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 7 / 26
Differential Game Logic dGL: Syntax
Definition (Hybrid game a)
x := f (x) | ?Q | x ′ = f (x) | a ∪ b | a; b | a∗ | ad
Definition (dGL Formula P)
p(e1, . . . , en) | e1 ≥ e2 | ¬P | P ∧ Q | ∀x P | ∃x P | 〈a〉P | [a]P
DiscreteAssign
TestGame
DifferentialEquation
ChoiceGame
Seq.Game
RepeatGame
AllReals
SomeReals
DualGame
AngelWins
DemonWins
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 8 / 26
Differential Game Logic dGL: Syntax
Definition (Hybrid game a)
x := f (x) | ?Q | x ′ = f (x) | a ∪ b | a; b | a∗ | ad
Definition (dGL Formula P)
p(e1, . . . , en) | e1 ≥ e2 | ¬P | P ∧ Q | ∀x P | ∃x P | 〈a〉P | [a]P
DiscreteAssign
TestGame
DifferentialEquation
ChoiceGame
Seq.Game
RepeatGame
AllReals
SomeReals
DualGame
AngelWins
DemonWins
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 8 / 26
Differential Game Logic dGL: Syntax
Definition (Hybrid game a)
x := f (x) | ?Q | x ′ = f (x) | a ∪ b | a; b | a∗ | ad
Definition (dGL Formula P)
p(e1, . . . , en) | e1 ≥ e2 | ¬P | P ∧ Q | ∀x P | ∃x P | 〈a〉P | [a]P
DiscreteAssign
TestGame
DifferentialEquation
ChoiceGame
Seq.Game
RepeatGame
AllReals
SomeReals
DualGame
AngelWins
DemonWins
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 8 / 26
Differential Game Logic dGL: Syntax
Definition (Hybrid game a)
x := f (x) | ?Q | x ′ = f (x) | a ∪ b | a; b | a∗ | ad
Definition (dGL Formula P)
p(e1, . . . , en) | e1 ≥ e2 | ¬P | P ∧ Q | ∀x P | ∃x P | 〈a〉P | [a]P
DiscreteAssign
TestGame
DifferentialEquation
ChoiceGame
Seq.Game
RepeatGame
AllReals
SomeReals
DualGame
AngelWins
DemonWins
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 8 / 26
Differential Game Logic dGL: Syntax
Definition (Hybrid game a)
x := f (x) | ?Q | x ′ = f (x) | a ∪ b | a; b | a∗ | ad
Definition (dGL Formula P)
p(e1, . . . , en) | e1 ≥ e2 | ¬P | P ∧ Q | ∀x P | ∃x P | 〈a〉P | [a]P
DiscreteAssign
TestGame
DifferentialEquation
ChoiceGame
Seq.Game
RepeatGame
AllReals
SomeReals
DualGame
AngelWins
DemonWins
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 8 / 26
Definable Game Operators
Angel Ops
∪ choice∗ repeatx ′ = f (x) evolve?Q challenge
Demon Ops
∩ choice× repeatx ′ = f (x)d evolve?Qd challenge
d
d
if(Q) a else b ≡ (?Q; a) ∪ (?¬Q; b)
while(Q) a ≡ (?Q; a)∗; ?¬Qa ∩ b ≡ (ad ∪ bd)d
a× ≡ ((ad)∗)d
(x ′ = f (x) &Q)d 6≡ x ′ = f (x) &Q
(x := f (x))d ≡ x := f (x)
?Qd 6≡ ?Q
Andre Platzer (CMU) Differential Game Logic TOCL’15 9 / 26
Simple Examples
〈(x := x + 1; (x ′ = x2)d ∪ x := x − 1)∗〉 (0 ≤ x < 1)
2
〈(x := x + 1; (x ′ = x2)d ∪ (x := x − 1 ∩ x := x − 2))∗〉(0 ≤ x < 1)
(w − e)2 ≤ 1 ∧ v = f →⟨((u := 1 ∩ u :=−1);
(g := 1 ∪ g :=−1);
t := 0;
(w ′ = v , v ′ = u, e ′ = f , f ′ = g , t ′ = 1 & t ≤ 1)d)×⟩(w − e)2 ≤ 1
Andre Platzer (CMU) Differential Game Logic TOCL’15 10 / 26
Simple Examples
〈(x := x + 1; (x ′ = x2)d ∪ x := x − 1)∗〉 (0 ≤ x < 1)
2
〈(x := x + 1; (x ′ = x2)d ∪ (x := x − 1 ∩ x := x − 2))∗〉(0 ≤ x < 1)
(w − e)2 ≤ 1 ∧ v = f →⟨((u := 1 ∩ u :=−1);
(g := 1 ∪ g :=−1);
t := 0;
(w ′ = v , v ′ = u, e ′ = f , f ′ = g , t ′ = 1 & t ≤ 1)d)×⟩(w − e)2 ≤ 1
Andre Platzer (CMU) Differential Game Logic TOCL’15 10 / 26
Simple Examples
〈(x := x + 1; (x ′ = x2)d ∪ x := x − 1)∗〉 (0 ≤ x < 1)
2 〈(x := x + 1; (x ′ = x2)d ∪ (x := x − 1 ∩ x := x − 2))∗〉(0 ≤ x < 1)
(w − e)2 ≤ 1 ∧ v = f →⟨((u := 1 ∩ u :=−1);
(g := 1 ∪ g :=−1);
t := 0;
(w ′ = v , v ′ = u, e ′ = f , f ′ = g , t ′ = 1 & t ≤ 1)d)×⟩(w − e)2 ≤ 1
Andre Platzer (CMU) Differential Game Logic TOCL’15 10 / 26
Simple Examples
〈(x := x + 1; (x ′ = x2)d ∪ x := x − 1)∗〉 (0 ≤ x < 1)
2 〈(x := x + 1; (x ′ = x2)d ∪ (x := x − 1 ∩ x := x − 2))∗〉(0 ≤ x < 1)
(w − e)2 ≤ 1 ∧ v = f →⟨((u := 1 ∩ u :=−1);
(g := 1 ∪ g :=−1);
t := 0;
(w ′ = v , v ′ = u, e ′ = f , f ′ = g , t ′ = 1 & t ≤ 1)d)×⟩(w − e)2 ≤ 1
Andre Platzer (CMU) Differential Game Logic TOCL’15 10 / 26
Differential Hybrid Games: Zeppelin Obstacle Parcours
arXivAndre Platzer (CMU) Differential Game Logic TOCL’15 11 / 26
Differential Hybrid Games: Zeppelin Obstacle Parcours
arXivAndre Platzer (CMU) Differential Game Logic TOCL’15 11 / 26
Differential Hybrid Games: Zeppelin Obstacle Parcours
arXivAndre Platzer (CMU) Differential Game Logic TOCL’15 11 / 26
Differential Game Invariants
Theorem (Differential Game Invariants)
(DGI)∃y ∈ Y ∀z ∈ Z F ′
f (x ,y ,z)x ′
F → [x ′ = f (x , y , z)&dy ∈ Y&z ∈ Z ]F
arXivAndre Platzer (CMU) Differential Game Logic TOCL’15 12 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςx:=f (x)(X ) = s ∈ S : s[[f (x)]]sx ∈ X
ςx ′=f (x)(X ) = ϕ(0) ∈ S : ϕ(r) ∈ X , dϕ(t)(x)dt (ζ) = [[f (x)]]ϕ(ζ) for all ζ
ς?P(X ) = [[P]] ∩ Xςa∪b(X ) = ςa(X ) ∪ ςb(X )ςa;b(X ) = ςa(ςb(X ))ςa∗(X ) =
⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
ςad (X ) = (ςa(X ))
Definition (dGL Formula P)
[[e1 ≥ e2]] = s ∈ S : [[e1]]s ≥ [[e2]]s[[¬P]] = ([[P]])
[[P ∧ Q]] = [[P]] ∩ [[Q]][[〈a〉P]] = ςa([[P]])[[[a]P]] = δa([[P]])
WinningRegion
Andre Platzer (CMU) Differential Game Logic TOCL’15 13 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςx:=f (x)(X ) = s ∈ S : s[[f (x)]]sx ∈ X
X
ςx:=f (x)(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςx ′=f (x)(X ) = ϕ(0) ∈ S : ϕ(r) ∈ X , dϕ(t)(x)dt (ζ) = [[f (x)]]ϕ(ζ) for all ζ
Xx′ =
f (x)
ςx ′=f (x)(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ς?P(X ) = [[P]] ∩ X
X
[[P]]
ς?P(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∪b(X ) = ςa(X ) ∪ ςb(X )
ςa (X )
ςb(X )
Xςa∪b(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa;b(X ) = ςa(ςb(X ))
ςa(ςb(X )) ςb(X ) X
ςa;b(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X ) ς2
a (X ) ςa(X )
X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X ) ς2
a (X )
ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X )
ς2a (X ) ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · ·
ς3a (X ) ς2
a (X ) ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X ) ς2
a (X ) ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X ) ς2
a (X ) ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςa∗(X ) =⋂Z ⊆ S : X ∪ ςa(Z ) ⊆ Z
≥ωCK1 iterations
ςa(ςa∗(X )) \ ςa∗(X )∅
ς∞a (X ) · · · ς3a (X ) ς2
a (X ) ςa(X ) X
ςa∗(X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςad (X ) = (ςa(X ))
X
X
ςa(X )
ςa(X )
ςad (X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Differential Game Logic: Denotational Semantics
Definition (Hybrid game a: denotational semantics)
ςad (X ) = (ςa(X ))
X
X
ςa(X )
ςa(X )
ςad (X )
Andre Platzer (CMU) Differential Game Logic TOCL’15 14 / 26
Consistency & Determinacy
Theorem (Consistency & determinacy)
Hybrid games are consistent and determined, i.e. ¬〈a〉¬P ↔ [a]P.
Corollary (Determinacy: At least one player wins)
¬〈a〉¬P → [a]P, thus 〈a〉¬P ∨ [a]P.
Corollary (Consistency: At most one player wins)
[a]P → ¬〈a〉¬P, thus ¬([a]P ∧ 〈a〉¬P)
Andre Platzer (CMU) Differential Game Logic TOCL’15 15 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 15 / 26
Differential Game Logic: Axiomatization
[·] [a]P ↔ ¬〈a〉¬P
〈:=〉 〈x := f (x)〉p(x)↔ p(f (x))
〈′〉 〈x ′ = f (x)〉P ↔ ∃t≥0 〈x := y(t)〉P
〈?〉 〈?Q〉P ↔ (Q ∧ P)
〈∪〉 〈a ∪ b〉P ↔ 〈a〉P ∨ 〈b〉P
〈;〉 〈a; b〉P ↔ 〈a〉〈b〉P
〈∗〉 P ∨ 〈a〉〈a∗〉P → 〈a∗〉P
〈d〉 〈ad〉P ↔ ¬〈a〉¬P
MP → Q
〈a〉P → 〈a〉Q
FPP ∨ 〈a〉Q → Q
〈a∗〉P → Q
MPP P → Q
Q
∀p → Q
p → ∀x Q(x 6∈ FV(p))
USϕ
ϕQ(·)p(·)
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 16 / 26
“There and Back Again” Game
x ′ = f (x) &Q ≡ t0 := x0; x ′ = f (x); (z := x ; z ′ = −f (z))d ; ?(z0≥t0 → Q(z))
t
~x
Q
t revert flow, time x0;Demon checks Qbackwards
x′ = f (x)
t0 := x0 r
z ′ = −f (z)
Lemma
Evolution domains definable by games
Andre Platzer (CMU) Differential Game Logic TOCL’15 17 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0
〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0
〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0
[·] x = 0 →[x := 0 ∩ x := 1]x = 0
ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0
〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0
〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0
〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0
[·] x = 0 →[x := 0 ∩ x := 1]x = 0
ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0
〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0
〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0
[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0
〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0
〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0
〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0
〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗
R x = 0 →0 = 0 ∨ 1 = 0〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Example Proof: Dual Filibuster
∗R x = 0 →0 = 0 ∨ 1 = 0〈:=〉x = 0 →〈x := 0〉x = 0 ∨ 〈x := 1〉x = 0〈∪〉 x = 0 →〈x := 0 ∪ x := 1〉x = 0〈d 〉 x = 0 →¬〈x := 0 ∩ x := 1〉¬x = 0[·] x = 0 →[x := 0 ∩ x := 1]x = 0ind x = 0 →[(x := 0 ∩ x := 1)∗]x = 0〈d 〉 x = 0 →〈(x := 0 ∪ x := 1)×〉x = 0
X
X
1
1
10
0
10
repeat
0
stop
repeat
1
stop
0
0
10
repeat
0
stop
repeatX
stop
Andre Platzer (CMU) Differential Game Logic TOCL’15 18 / 26
Soundness & Completeness
Theorem (Completeness)
dGL calculus is a sound & complete axiomatization of hybrid gamesrelative to any (differentially) expressive logic L.
ϕ iff TautL ` ϕ
TOCL’15Andre Platzer (CMU) Differential Game Logic TOCL’15 19 / 26
Soundness & Completeness: Consequences
Corollary (Constructive)
Constructive and Moschovakis-coding-free. (Minimal: x ′ = f (x), ∃, [a∗])
Remark (Coquand & Huet) (Inf.Comput’88)
Modal analogue for 〈a∗〉 of characterizations in Calculus of Constructions
Corollary (Meyer & Halpern) (J.ACM’82)
F → 〈a〉G semidecidable for uninterpreted programs.
Corollary (Schmitt) (Inf.Control.’84)
[a]-free semidecidable for uninterpreted programs.
Corollary
Uninterpreted game logic with even d in 〈a〉 is semidecidable.
Andre Platzer (CMU) Differential Game Logic TOCL’15 20 / 26
Soundness & Completeness: Consequences
Corollary
Harel’77 convergence rule unnecessary for hybrid games, hybrid systems,discrete programs.
Corollary (Characterization of hybrid game challenges)
[a∗]G : Succinct invariants discrete Π02
[x ′ = f (x)]G and 〈x ′ = f (x)〉G : Succinct differential (in)variants ∆11
∃x G : Complexity depends on Herbrand disjunctions: discrete Π11
X uninterpreted X reals × ∃x [a∗]G Π11-complete for discrete a
Corollary (Hybrid version of Parikh’s result) (FOCS’83)∗-free dGL complete relative to dL, relative to continuous, or to discreted -free dGL complete relative to dL, relative to continuous, or to discrete
Andre Platzer (CMU) Differential Game Logic TOCL’15 21 / 26
Soundness & Completeness: Consequences
Corollary (ODE Completeness) (+LICS’12)
dGL complete relative to ODE for hybrid games with finite-rank Borelwinning regions.
Corollary (Continuous Completeness)
dGL complete relative to LµD, continuous modal µ, over R
Corollary (Discrete Completeness) (+LICS’12)
dGL + Euler axiom complete relative to discrete Lµ over R
Andre Platzer (CMU) Differential Game Logic TOCL’15 22 / 26
Soundness & Completeness: Consequences
〈(x := 1; x ′ = 1d︸ ︷︷ ︸b
∪ x := x − 1︸ ︷︷ ︸c
)
︸ ︷︷ ︸a
∗〉0 ≤ x < 1
Fixpoint style proof technique
∗
∀x (0≤x<1 ∨ ∀t≥0 p(0 + t) ∨ p(x − 1)→ p(x))→ (true → p(x))
∀x (0≤x<1 ∨ 〈x := 1〉¬∃t≥0 〈x := x+t〉¬p(x) ∨ p(x−1)→ p(x))→ (true → p(x))
∀x (0≤x<1 ∨ 〈x := 1〉¬〈x ′ = 1〉¬p(x) ∨ p(x − 1)→ p(x))→ (true → p(x))
∀x (0≤x<1 ∨ 〈b〉p(x) ∨ 〈c〉p(x)→ p(x))→ (true → p(x))
∀x (0≤x<1 ∨ 〈b ∪ c〉p(x)→ p(x))→ (true → p(x))
∀x (0≤x<1 ∨ 〈a〉〈a∗〉0≤x<1→ 〈a∗〉0≤x<1)→ (true → 〈a∗〉0≤x<1)
true → 〈a∗〉0≤x<1
Andre Platzer (CMU) Differential Game Logic TOCL’15 23 / 26
Separating Axioms
Theorem (Axiomatic separation: hybrid systems vs. hybrid games)
Axiomatic separation is exactly K, I, C, B, V, G. dGL is a subregular,sub-Barcan, monotonic modal logic without loop induction axioms.
K [a](P → Q)→ ([a]P → [a]Q) M[·]P → Q
[a]P → [a]Q←−M 〈a〉(P ∨ Q)→ 〈a〉P ∨ 〈a〉Q M 〈a〉P ∨ 〈a〉Q → 〈a〉(P ∨ Q)
I [a∗](P → [a]P)→ (P → [a∗]P) ∀I (P → [a]P)→ (P → [a∗]P)
C[a∗]∀v>0 (p(v)→ 〈a〉p(v − 1))
→ ∀v (p(v)→ 〈a∗〉∃v≤0 p(v))(v 6∈a)
B 〈a〉∃x P → ∃x 〈a〉P (x 6∈a)←−B ∃x 〈a〉P → 〈a〉∃x P
V p → [a]p (FV(p) ∩ BV(a) = ∅) VK p → ([a]true→[a]p)
GP
[a]PM[·]
P → Q
[a]P → [a]Q
RP1 ∧ P2 → Q
[a]P1 ∧ [a]P2 → [a]QM[·]
P1 ∧ P2 → Q
[a](P1 ∧ P2)→ [a]Q
FA 〈a∗〉P → P ∨ 〈a∗〉(¬P ∧ 〈a〉P)
Andre Platzer (CMU) Differential Game Logic TOCL’15 24 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 24 / 26
Expressiveness
Theorem (Expressive Power: hybrid systems < hybrid games)
dGL for hybrid games strictly more expressive than dL for hybrid games:
dL < dGL
Clue: recursive open game quantifier expressible in dGL but not dL
ay ϕ(x , y)def≡ ∀y0 ∃y1 ∀y2 ∃y3 . . .
∨n<ω
ϕ(x , (|y0, . . . , yn|))
Andre Platzer (CMU) Differential Game Logic TOCL’15 25 / 26
Expressiveness
Theorem (Expressive Power: hybrid systems < hybrid games)
dGL for hybrid games strictly more expressive than dL for hybrid games:
dL < dGL
First-orderadm. R
Inductiveadm. R
Clue: recursive open game quantifier expressible in dGL but not dL
ay ϕ(x , y)def≡ ∀y0 ∃y1 ∀y2 ∃y3 . . .
∨n<ω
ϕ(x , (|y0, . . . , yn|))
Andre Platzer (CMU) Differential Game Logic TOCL’15 25 / 26
Outline
1 CPS Applications
2 Differential Game LogicDifferential Hybrid GamesDenotational SemanticsDeterminacy
3 Proofs for CPSAxiomatizationSoundness and CompletenessCorollariesSeparating Axioms
4 Expressiveness
5 Summary
Andre Platzer (CMU) Differential Game Logic TOCL’15 25 / 26
Differential Game Logic
differential game logic
dGL = GL + HG = dL+ d〈a〉P
P
Logic for hybrid games
Compositional PL + logic
Discrete + continuous + adversarial
Winning region iteration ≥ωCK1
Sound & rel. complete axiomatization
Hybrid games > hybrid systemsd radical challenge yet smooth extension
Stochastic ≈ adversarial
dis
cre
te contin
uo
us
nondet
sto
chastic
advers
arial
Andre Platzer (CMU) Differential Game Logic TOCL’15 26 / 26
LogicalFoundations
ofCyber-Physical
Systems
Logic
TheoremProving
ProofTheory
ModalLogic Model
Checking
Algebra
ComputerAlgebra
RAlgebraicGeometry
DifferentialAlgebra
LieAlgebra
Analysis
DifferentialEquations
CarathedorySolutions
ViscosityPDE
Solutions
DynamicalSystems
Stochastics Doob’sSuper-
martingales
Dynkin’sInfinitesimalGenerators
DifferentialGenerators
StochasticDifferentialEquations
Numerics
HermiteInterpolation
WeierstraßApprox-imation
ErrorAnalysis
NumericalIntegration
Algorithms
DecisionProcedures
ProofSearch
Procedures
Fixpoints& Lattices
ClosureOrdinals
Andre Platzer (CMU) Differential Game Logic TOCL’15 1 / 5
Andre Platzer.Differential game logic.ACM Trans. Comput. Log., 2015.To appear. Preprint at arXiv 1408.1980.doi:10.1145/2817824.
Andre Platzer.Differential hybrid games.CoRR, abs/1507.04943, 2015.arXiv:1507.04943.
Andre Platzer.Logics of dynamical systems.In LICS [9], pages 13–24.doi:10.1109/LICS.2012.13.
Andre Platzer.The complete proof theory of hybrid systems.In LICS [9], pages 541–550.doi:10.1109/LICS.2012.64.
Andre Platzer (CMU) Differential Game Logic TOCL’15 1 / 5
Andre Platzer.Differential game logic for hybrid games.Technical Report CMU-CS-12-105, School of Computer Science,Carnegie Mellon University, Pittsburgh, PA, March 2012.
Jan-David Quesel and Andre Platzer.Playing hybrid games with KeYmaera.In Bernhard Gramlich, Dale Miller, and Ulrike Sattler, editors, IJCAR,volume 7364 of LNCS, pages 439–453. Springer, 2012.doi:10.1007/978-3-642-31365-3_34.
Andre Platzer.A complete axiomatization of differential game logic for hybrid games.Technical Report CMU-CS-13-100R, School of Computer Science,Carnegie Mellon University, Pittsburgh, PA, January, Revised andextended in July 2013.
Andre Platzer.Differential game logic.CoRR, abs/1408.1980, 2014.
Andre Platzer (CMU) Differential Game Logic TOCL’15 1 / 5
arXiv:1408.1980.
Proceedings of the 27th Annual ACM/IEEE Symposium on Logic inComputer Science, LICS 2012, Dubrovnik, Croatia, June 25–28, 2012.IEEE, 2012.
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
alef
t
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
opa
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Differential Game Logic: Operational Semantics
Definition (Hybrid game a: operational semantics)
s
x := θ
s[[θ]]sx
x:=θ
s
x ′ = θ&Q
ϕ(r)
r
ϕ(t)
t
ϕ(0)
0
s
?P
s
?P
s|=
P
s
a ∪ b
s
tκ
b
tj
b
t1
b
right
s
sλ
a
si
a
s1
a
left
s
a; b
tλ
rλ1λ
b
r jλ
b
r1λ
b
a
ti
rλii
b
r1i
b
a
t1
rλ11
b
r j1
b
r11
b
a
s
a∗
s
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
a
repeatstop
a
...
a
...
a
repeatst
op
a
...
a
...
a
repeatst
op
arepeatst
op
a
repeat
s
stop
s
a
t0
tκtjt1
s0
sλsis1
sad
t0
tκtjt1
s0
sλsis1
Andre Platzer (CMU) Differential Game Logic TOCL’15 2 / 5
Successful Hybrid Games Proofs
Verification Challenge:
ey
fy
xb(lx, ly) ex fx
(rx, ry)
(vx, vy)
Hybrid games proving also for proving relaxed notions of system similarity
Andre Platzer (CMU) Differential Game Logic TOCL’15 3 / 5
Robotic Factory Automation (RF )
Example (Environment vs. Robot)(( ?true ∩ (?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx ; eff1 := 0)
∩ (?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy ; eff2 := 0) ) ;
(ax := ∗; ?(−A ≤ ax ≤ A);
ay := ∗; ?(−A ≤ ay ≤ A);
ts := 0 ) ;
(
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1&ts ≤ ε )d ;
∪ (( ?axvx ≤ 0 ∧ ayvy ≤ 0;
if vx = 0 then ax := 0 fi;
if vy = 0 then ay := 0 fi ) ;
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1
&ts ≤ ε ∧ axvx ≤ 0 ∧ ayvy ≤ 0)d))
)×ey
fy
xb(lx, ly) ex fx
(rx, ry)
(vx, vy)
Andre Platzer (CMU) Differential Game Logic TOCL’15 4 / 5
Robotic Factory Automation (RF )
Example (Environment vs. Robot)(( ?true ∩ (?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx ; eff1 := 0)
∩ (?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy ; eff2 := 0) ) ;
(ax := ∗; ?(−A ≤ ax ≤ A);
ay := ∗; ?(−A ≤ ay ≤ A);
ts := 0 ) ;
(
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1&ts ≤ ε )d ;
∪ (( ?axvx ≤ 0 ∧ ayvy ≤ 0;
if vx = 0 then ax := 0 fi;
if vy = 0 then ay := 0 fi ) ;
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1
&ts ≤ ε ∧ axvx ≤ 0 ∧ ayvy ≤ 0)d))
)×ey
fy
xb(lx, ly) ex fx
(rx, ry)
(vx, vy)
Andre Platzer (CMU) Differential Game Logic TOCL’15 4 / 5
Robotic Factory Automation (RF )
Example (Environment vs. Robot)(( ?true ∩ (?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx ; eff1 := 0)
∩ (?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy ; eff2 := 0) ) ;
(ax := ∗; ?(−A ≤ ax ≤ A);
ay := ∗; ?(−A ≤ ay ≤ A);
ts := 0 ) ;
(
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1&ts ≤ ε )d ;
∪ (( ?axvx ≤ 0 ∧ ayvy ≤ 0;
if vx = 0 then ax := 0 fi;
if vy = 0 then ay := 0 fi ) ;
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1
&ts ≤ ε ∧ axvx ≤ 0 ∧ ayvy ≤ 0)d))
)×ey
fy
xb(lx, ly) ex fx
(rx, ry)
(vx, vy)
Andre Platzer (CMU) Differential Game Logic TOCL’15 4 / 5
Robotic Factory Automation (RF )
Example (Environment vs. Robot)(( ?true ∩ (?(x < ex ∧ y < ey ∧ eff1 = 1); vx := vx + cx ; eff1 := 0)
∩ (?(ex ≤ x ∧ y ≤ fy ∧ eff2 = 1); vy := vy + cy ; eff2 := 0) ) ;
(ax := ∗; ?(−A ≤ ax ≤ A);
ay := ∗; ?(−A ≤ ay ≤ A);
ts := 0 ) ;((x ′ = vx , y
′ = vy , v′x = ax , v
′y = ay , t
′ = 1, t ′s = 1&ts ≤ ε )d ;
∪ (( ?axvx ≤ 0 ∧ ayvy ≤ 0;
if vx = 0 then ax := 0 fi;
if vy = 0 then ay := 0 fi ) ;
(x ′ = vx , y′ = vy , v
′x = ax , v
′y = ay , t
′ = 1, t ′s = 1
&ts ≤ ε ∧ axvx ≤ 0 ∧ ayvy ≤ 0)d)))×
ey
fy
xb(lx, ly) ex fx
(rx, ry)
(vx, vy)
Andre Platzer (CMU) Differential Game Logic TOCL’15 4 / 5
Robotic Factory Automation (RF )
Proposition (Robot stays in 2)
|= (x = y = 0 ∧ vx = vy = 0∧ Controllability Assumptions )→ (RF )(x ∈ [lx , rx ] ∧ y ∈ [ly , ry ])
Proposition (Stays in 2 + leaves shaded region in time)
RF |x : RF projected to the x-axis
|= (x = 0 ∧ vx = 0∧ Controllability Assumptions )→ (RF |x)(x ∈ [lx , rx ] ∧ (t ≥ ε→ (x ≥ xb)))
Andre Platzer (CMU) Differential Game Logic TOCL’15 5 / 5
top related