A must-read for anyone interested in the development of modern and computational systems science for cyber-physical systems. This textbook is based on lecture notes for the undergraduate Fundamentals of Cyber-Physical Systems course I taught in the Computer Science Department at Carnegie Mellon University.

Introduction

• Cyber-Physical Systems Analysis by Example
• Application Domains
• Significance
• The Importance of Safety

Of course, the prerequisite is that the cyber-physical systems themselves must be secure, otherwise the cure may be worse than the disease. How can we ensure that cyber-physical systems are guaranteed to achieve their design goals.

Fig. 1.1 Airplane example: Which control decisions are safe for aircraft collision avoidance?

Hybrid Systems Versus Cyber-Physical Systems

Multi-dynamical Systems

How the descriptive advantage of a composition of multi-dynamic systems turns into an analytical advantage. Multidynamic systems also influence and simplify the presentation of Logical Foundations of Cyber-Physical Systems.

Fig. 1.2 Multi-dynamical systems aspects of CPS

How to Learn About Cyber-Physical Systems

Of course, this textbook also examines other differential equations in some illustrative examples, but these are not on the critical path to understanding the rest of the book. This textbook itself develops a considerable amount of logic as part of the way of understanding cyberphysical systems.

Computational Thinking for Cyber-Physical Systems

Therefore, no prior understanding of logic is necessary to study this book. In fact, the undergraduate course Fundamentals of Cyber-Physical Systems taught by the author at Carnegie Mellon University, on which this textbook is based, counts as fulfillment of the Logic/Languages ​​elective or programming language requirement without prior knowledge of either.

Learning Objectives

These allow us to assess, for example, when it is important to control for opposing effects, and when a non-deterministic model is sufficient. An in-depth understanding of the semantics of CPS models is also achieved by carefully relating their semantics to their reasoning principles and aligning them in perfect harmony.

Structure of This Textbook

The core of the textbook is the chapters leading to Elementary CPS (Part I) in Fig. 1.3, including either Ch. 8 or 9 or both. This textbook contains an active development that guides the reader through a critical and self-paced development of the core aspects of cyber-physical systems.

Fig. 1.3 Dependencies and suggested reading sequences of the chapters

Summary

A minimal core for understanding basic cyberphysical systems consists of Chapters 1-7 of Part I. The reader may have found a completely correct answer that was simply not anticipated when the textbook was written.

DOI : 10.1145/1592761.1592781

22] জিন-ব্যাপটিস্ট জেনিন, খলিল ঘোরবাল, ইয়ানি কৌসকুলাস, অরোরা স্মিড্ট, রায়ান গার্ডনার, স্টেফান মিটশ এবং আন্দ্রে প্লাটজার। 28] এডওয়ার্ড অ্যাশফোর্ড লি এবং সঞ্জিত অরুঞ্জুমার সেশিয়া এমবেডেড সিস্টেমের ভূমিকা — একটি সাইবার-ফিজিক্যাল সিস্টেম অ্যাপ্রোচ।

DOI : 10.1109/JPROC.2011.2165270

Introduction

More detailed treatments of differential equations can e.g. found in Walter's seminal book [10] or elsewhere [2,4,8,9]. We introduce the first-order logic of real arithmetic as the modeling language for describing evolution domains of differential equations.

Differential Equations as Models of Continuous Physical ProcessesProcesses

Modeling and control: We develop an understanding of one central principle behind CPS: the case of federated dynamics and differential equations with development domains as models of the physical part of CPS. 30 2 Differential Equations and Domains This means that the position x of the car changes with time derivative v, which changes with time derivative a.

Fig. 2.1 Vector field (left) and vector field with one solution of a differential equation (right)

The Meaning of Differential Equations

This means that the time derivative of the solution at each time is equal to the right-hand side of the differential equation, as shown for timet=−1 in Figure 2.4. At each point, the vector corresponds to the right-hand side of the differential equation.

Fig. 2.4 Differential equation solution condition: time-derivative shown in red at t = − 1 equals right-hand side of differential equation at all times

A Tiny Compendium of Differential Equation Examples

Example 2.5 (* A two-dimensional linear differential equation for rotation). In the important differential equation systemv0=w,w0=−vwith the initial value problem. Example 2.7 (* A linear differential equation adjustable for rotation). In the system of important differential equation v0=ωw,w0=−ωvwith the initial value problem.

Fig. 2.7 A solution of the rotational differential equations v and w over time t (left) and in phase space with coordinates w over v (right)

Domains of Differential Equations

If the system were ever to leave this region, it would stop evolving immediately (in order to give the cyber parts of the system a chance to act) before exiting the development domain. Then the system follows the differential equation x0=f(x) for any amount of time, but must stop before leaving Q.

Syntax of Continuous Programs

• Continuous Programs
• Terms
• First-Order Formulas

Ifxi is a variable, any term possibly containing x, and the Qa formula for the first-order logic of real arithmetic, then continuous programs are of the form. A rigorous definition of the syntax of hybrid programs also depends on defining what a term and what a formula Q of the first-order logic of real arithmetic are.

Semantics of Continuous Programs

• Terms
• First-Order Formulas
• Continuous Programs

Eg. the last line defines the function[[e·e]]˜ as the function[[e·e]]˜ :S→R that maps stateω to the real value given by the productω[[e]]·ω[ [e]] ˜ of the valuesω[[e]]andω[[e]].˜ The two ways of understanding Definition 2.4 are equivalent. That is, a greater-than-or-equal inequality is true in a condition ωif the term on the left evaluates to a number greater than or equal to the value of the right-hand term.

Fig. 2.12 Illustration of the dynamics of continuous pro-grams

Summary

Furthermore, note the explicit transition from syntax to semantics3 through the use of the semantics function[[·]]in Definition2.6. Consequently, the only conditions that Definition2.6 states for duration 0 are that the initial stateω and final stateν match and that the evolution domain constraintQ is respected at that state:ω∈[[Q]].

Appendix

• Existence Theorems
• Uniqueness Theorems
• Linear Differential Equations with Constant Coefficients
• Continuation and Continuous Dependency

A direct proof of the following global version of the Picard-Lindelöf theorem can be found in the literature [10, Proposition 10.VII]. Example 2.12 (Accelerated motion in a straight line). In the initial value problem from Example 2.4 on p.34, we guessed the solution to the system of differential equations and then checked that it is the correct solution by factoring it into the differential. the equations.

Introduction

Synopsis This chapter develops a central dynamical systems model for describing the behavior of cyberphysical systems using a programming language. The chapter connects the federal dynamics of differential equations to the discrete dynamics of conventional computer programs by directly integrating differential equations with discrete programming languages.

A Gradual Introduction to Hybrid Programs

• Discrete Change in Hybrid Programs
• Compositions of Hybrid Programs
• Decisions in Hybrid Programs
• Choices in Hybrid Programs
• Tests in Hybrid Programs
• Repetitions in Hybrid Programs

The way to do that is to run tests on the current state of the system. In (3.8) the cyber controller can first choose to accelerate or brake (depending on whether v<4 ​​is true in the current state), then the physics evolves along differential equationx00=a for a while, after which the controller can again choose whether to accelerate or brake (depending on whether v<4 ​​is true in the state that is then reached), and eventually physics evolves again along x00=a.

Fig. 3.2 Fixed acceleration a (left), velocity v (middle), and position x (right) change over time t

Hybrid Programs

• Syntax of Hybrid Programs
• Semantics of Hybrid Programs

Graphical illustrations of the transition semantics of hybrid programs defined below and possible example dynamics are depicted in Fig.3.4. That is, final stateν differs from initial stateω only in its interpretation of the variablex, which changesν to the value that the right-hand term has in the initial stateω.

Fig. 3.4 Transition semantics (left) and example dynamics (right) of hybrid programs

Hybrid Program Design

• To Brake, or Not to Brake, That Is the Question
• A Matter of Choice

Let us denote the HP in (3.13), then the semantics[[β]]ofβ now only includes relations between initial and final states that can be achieved by acceleration choices (because there are no braking choices inβ). Note that the duration of the first differential equation in (3.13) is suddenly bounded, because ifx also continues to accelerate.

Fig. 3.7 Transition structure of the acceleration/braking example (3.12)

Summary

A more realistic and permissive controller therefore also handles the case if that test fails, after which we are back at (3.8). The differential equations in this controller tacitly assume that the velocity will always remain above 4, which is clearly not always the case when braking.

Appendix: Modeling the Motion of a Robot Around a Bend

Define the syntax for hybrid automata consisting of a (finite) setX of state variables and a (finite) setLoc of locations interconnected by a (finite) set Edg of edges, where each location`∈Lochas a differential equationFlow(`)and evolution domain constraintInv(`)and where each edgee∈Edghas a guard condition Guard(e) and a resetReset(e) list of assignments. Define the semantics of hybrid automata by defining which states(k,ν) can be reached from initial state(`,ω) by running the hybrid automaton.

Fig. 3.9 Illustration of the Dubins dynamics of a point (x,y) moving in direction (v,w) along a dashed curve with angular velocity ω

Introduction

The reason has to do with the physical impact of CPS and the non-negotiability of the laws of nature. Along the way, however, this chapter develops an intuitive understanding of the role of requirements and contracts in CPS, as well as important ways to formalize CPS features and their properties.

A Gradual Introduction to CPS Contracts

• The Adventures of Quantum the Bouncing Ball
• How Quantum Discovered a Crack in the Fabric of Time
• How Quantum Learned to Deflate
• Postcondition Contracts for CPS
• Precondition Contracts for CPS

When looking for a very simple model of what the bouncing ball does, it is easier to describe it as a hybrid system. The bouncing ball Quantum is quite happy with the model (4.6), and continues to explore whether the model does what he expects it to do.

Fig. 4.1 Sample trajectory of a bouncing ball (plotted as height over time)

Logical Formulas for Hybrid Programs

The most important feature of differential dynamic logic for our purposes is that it allows us to refer to hybrid systems. Chapter 2 introduced the first-order logic of real arithmetic, which was used to describe the limits of the evolutionary domain of differential equations, and made it possible to refer to conjunctions or disjunctions of comparisons of (polynomial) terms with quantifiers over real-valued variables.

Differential Dynamic Logic

• Syntax of Differential Dynamic Logic
• Semantics of Differential Dynamic Logic

That is, a negated formula¬P is true in the complement of the set of states where the formulaPitself is true. That is, a conjunction is true at the intersection of the states where both conjunctions are true.

CPS Contracts in Logic

Due to the nature of implication, dieLformula (4.16) does not say what happens in statesω in which the condition does not apply (soω6∈[[A]]). Recall that dieLformula[α] is true in exactly those conditions in which all runs of HPα lead only to conditions in which postconditionBis is true.

Identifying Requirements of a CPS

Even if the initial state satisfies all the requirements of the antecedent of (4.22), the bouncing ball can still jump higher than it should, i.e. higher than its initial heightH. This happens when the bouncing ball initially has a very large downward velocity, so ifvis is much smaller than 0 (sometimes written as v0).

Fig. 4.9 Sample trajectory of a bouncing ball climbing with upwards initial velocity v > 0

Summary

But after so many failed starts and missing assumptions and requirements for the bouncing ball, it's a good idea to prove (4.23) beyond any doubt once and for all. However, to prove formula (4.23), we need to investigate how proof works in CPS.

Appendix

• Intermediate Conditions for a Proof of Sequential CompositionsCompositions
• A Proof of Choice
• A Proof of Tests

It claims that the postcondition 0≤x∧x≤H holds after all runs of HP in the[·]modality. We assume that the intermediate condition (4.28) holds in the intermediate condition of the sequential composition in (4.26).

Introduction

Synopsis This central chapter develops a logical characterization of the dynamics of hybrid programs in differential dynamic logic. The focus of this chapter is on the systematic development of basic reasoning principles for cyber-physical systems.

Intermediate Conditions for CPS

This degenerate model fragment is nevertheless an informative stepping stone to a proof of the full model. Depending on the accuracy of the intermediate stateE, this argument may require showing that B after all runs of β of extra states that are not reachable from ω by runningα but happen to satisfy E (unmarked nodes in Fig.5.2).

Fig. 5.1 Sample trajectory of a single-hop bouncing ball (plotted as height over time) that can follow the first blue hop but is incapable of following the remaining hops shown in gray

Dynamic Axioms for Dynamical Systems

• Dynamic Axioms for Nondeterministic Choices
• Soundness of Axioms
• Dynamic Axioms for Assignments
• Dynamic Axioms for Differential Equations
• Dynamic Axioms for Tests
• Dynamic Axioms for Sequential Compositions
• Dynamic Axioms for Loops
• Axioms for Diamonds

By the definition of semantics, P must be true in all states that α∪β can reach from ω according to[[α∪β]], so that [α∪β]P is true inω. Unlike the other axioms, axiom[∗] does not exactly cancel the formula on the left.

Fig. 5.3 Illustration of dy- dy-namic axiom for sequential composition

A Proof of a Short Bouncing Ball

The assumption H−g2t2=0 in the center line directly implies the first conjunct of the right side of the center line. Similarly, the assumption H−g2t2≥0 in the last line implies the first conjunct on its right-hand side.

Summary

The equivalence axioms in Figure 5.4 are primarily intended to be used by replacing the left side (highlighted in blue) with the structurally simpler right side. With the notable exception of iteration axiom [∗], using these left-to-right equivalences decomposes a property of a more complex HP into properties of distinctly simpler subprograms.

Appendix

• Modal Modus Ponens Has Implications on Boxes
• Vacuous State Change if Nothing Relevant Ever Changes
• Gödel Generalizes Validities into Boxes
• Monotonicity of Postconditions
• Of Free and Bound Variables
• Free and Bound Variable Analysis

Such supersets of the sets of free variables and bound variables are quite easily com-. The set of variables ever written to is an obvious superset of the bound variables.