coasterx a case study in component driven hybrid systems
play

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof - PowerPoint PPT Presentation

Mar 08, 2023 •219 likes •889 views

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Based on ADHS 18 [BLCP18] Brandon Bohrer (joint work with Adriel Luo, Xuean Chuang, Andr e Platzer) Logical Systems Lab Computer Science Department Carnegie

  1. CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Based on ADHS ’18 [BLCP18] Brandon Bohrer (joint work with Adriel Luo, Xuean Chuang, Andr´ e Platzer) Logical Systems Lab Computer Science Department Carnegie Mellon University Speaking Skills, Mar 26 2018 1 / 49

  2. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 2 / 49

  3. Roller Coasters are Safety-Critical Systems Top Thrill Steel Phantom Mindbender [BLCP18] Joker’s Jinx Phantom’s Revenge Fujin Raijin II Rollback Head Injury Derailment 3 / 49

  4. Formal Proofs in d L Ensure Safe Designs [BLCP18] Top Thrill Steel Phantom Mindbender Rollback Head Injury Derailment ⇓ Pre → [ phys ] Post Identify: • Notion of safety Post ( acc < acc hi ) 4 / 49

  5. Formal Proofs in d L Ensure Safe Designs [BLCP18] Top Thrill Steel Phantom Mindbender Rollback Head Injury Derailment ⇓ Pre → [ phys ] Post Identify: • Notion of safety Post ( acc < acc hi ) • Safe conditions Pre ( v = v 0 ) 4 / 49

  6. Formal Proofs in d L Ensure Safe Designs [BLCP18] Top Thrill Steel Phantom Mindbender Rollback Head Injury Derailment ⇓ Pre → [ phys ] Post Identify: • Notion of safety Post ( acc < acc hi ) • Safe conditions Pre ( v = v 0 ) Verify physical environment design phys ( { x ′ = . . . , y ′ = . . . } ) 4 / 49

  7. Design Verification Supplements Simulation Simulations typically used today [XXLY12, Wei15] Approach Pro Con Simulate Rich dynamics, easy Low rigor+precision Verify High rigor+precision Simple dynamics, hard 5 / 49

  8. Verifying Physical Designs is a Challenge • How do we verify models at scale? • How do we make verification accessible to non-experts? 6 / 49

  9. Verifying Environment Designs is Important ⇓ 7 / 49

  10. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 8 / 49

  11. Component-Driven Proof Automation Enables Design Verification KeYmaera X Prover Core d L fml. GUI Builder (1700 Lines) CoasterX [FMQ + 15] Backend Component d L pf. model Goal Solution Accessible High-level graphical modeling 9 / 49

  12. Component-Driven Proof Automation Enables Design Verification KeYmaera X Prover Core d L fml. GUI Builder (1700 Lines) CoasterX [FMQ + 15] Backend Component d L pf. model Goal Solution Accessible High-level graphical modeling Rigorous Formal proof checked by small prover core 9 / 49

  13. Component-Driven Proof Automation Enables Design Verification KeYmaera X Prover Core d L fml. GUI Builder (1700 Lines) CoasterX [FMQ + 15] Backend Component d L pf. model Goal Solution Accessible High-level graphical modeling Rigorous Formal proof checked by small prover core Scalable Proof scales by exploiting component structure 9 / 49

  14. Track Sections are Components for Coasters Generic Component 10 / 49

  15. Track Sections are Components for Coasters Generic Component � � � Automatic Composition 10 / 49

  16. Track Sections are Components for Coasters Generic Component � � � Automatic Composition 11 / 49

  17. Track Sections are Components for Coasters Generic Component � � � Automatic Composition 12 / 49

  18. Track Sections are Components for Coasters Generic Component � � � Automatic Composition 13 / 49

  19. Track Sections are Components for Coasters Generic Component � � � Automatic Composition 14 / 49

  20. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 15 / 49

  21. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 16 / 49

  22. Background: d L Formulas P , Q ::= P ∧ Q | ¬ P | ∀ xP | ∃ xP | θ 1 ≥ θ 2 | [ α ] P | � α � P Example: Pre → [ phys ] Post Construct Meaning P ∧ Q , ¬ P Classical propositional connectives 17 / 49

  23. Background: d L Formulas P , Q ::= P ∧ Q | ¬ P | ∀ xP | ∃ xP | θ 1 ≥ θ 2 | [ α ] P | � α � P Example: Pre → [ phys ] Post Construct Meaning P ∧ Q , ¬ P Classical propositional connectives ∀ x P , ∃ x P First-order real quantifiers θ 1 ≥ θ 2 Real arithmetic comparisons 17 / 49

  24. Background: d L Formulas P , Q ::= P ∧ Q | ¬ P | ∀ xP | ∃ xP | θ 1 ≥ θ 2 | [ α ] P | � α � P Example: Pre → [ phys ] Post Construct Meaning P ∧ Q , ¬ P Classical propositional connectives ∀ x P , ∃ x P First-order real quantifiers θ 1 ≥ θ 2 Real arithmetic comparisons [ α ] P After α runs, P always holds � α � P After α runs, P sometimes holds 17 / 49

  25. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail 18 / 49

  26. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x 18 / 49

  27. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ 18 / 49

  28. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ Evolution domain constraint P asserted continuously 18 / 49

  29. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ Evolution domain constraint P asserted continuously P must also hold initially (like ? P ) 18 / 49

  30. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ Evolution domain constraint P asserted continuously P must also hold initially (like ? P ) α ∪ β Choose either α or β nondeterministically 18 / 49

  31. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ Evolution domain constraint P asserted continuously P must also hold initially (like ? P ) α ∪ β Choose either α or β nondeterministically α ; β First α then β in any resulting state 18 / 49

  32. Background: Hybrid Programs α, β ::= ? P | x := θ | { x ′ = θ & P } | α ∪ β | α ; β | α ∗ Construct Meaning ? P Assert formula P , else fail x := θ Assign value of term θ to x { x ′ = θ & P } Evolve x at continuous rate θ Evolution domain constraint P asserted continuously P must also hold initially (like ? P ) α ∪ β Choose either α or β nondeterministically α ; β First α then β in any resulting state α ∗ Loop α nondeterministically n ≥ 0 times 18 / 49

  33. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 19 / 49

  34. Velocity and Acceleration Bounds are Fundamental Rollback Head Injury Derailment 0 < v lo ≤ v | a | ≤ a hi | a | ≤ a hi [AST17] 20 / 49

  35. Tracks are 2D • 2D modeling greatly simplifies GUI • Vertical and horizontal bounds only (no lateral bound) • Ignores banking, wind, roll resistance (1-2%) ⇒ 21 / 49

  36. Acceleration Bound is Conservative Top Thrill Steel Phantom Mindbender Joker’s Jinx Phantom’s Revenge Fujin Raijin II Rollback Head Injury Derailment ( > ) ( < ) ( < ) 22 / 49

  37. Conservative Bound Suffices for Phantom Top Thrill Steel Phantom Mindbender Joker’s Jinx Phantom’s Revenge Fujin Raijin II Rollback Head Injury Derailment ( > ) ( < ) ( < ) 23 / 49

  38. Outline 1 Motivation 2 Approach 3 Modeling and Verification Background: d L Identifying Assumptions Formal Specification Formal Verification 4 Evaluation 5 Future Work and Conclusion 24 / 49

  39. Example √ √ √ phys ≡ {{ x ′ = 2 / 2 v , y ′ = 2 / 2 v , v ′ = − 2 / 2 g & 0 ≤ x ≤ 100 } √ ∪ { x ′ = dx v , y ′ = dy , v ′ = − dy g , dx ′ = − dy v / 100 2 , √ dy ′ = dx v / 100 2 & 100 ≤ x ≤ 200 } √ √ √ ∪ { x ′ = 2 / 2 v , y ′ = − 2 / 2 v , v ′ = 2 / 2 g & 200 ≤ x ≤ 300 }} ∗ 25 / 49

  40. Example phys ≡ {{ Line( . . . ) & 0 ≤ x ≤ 100 } ∪ { Arc( . . . ) & 100 ≤ x ≤ 200 } ∪ { Line( . . . ) & 200 ≤ x ≤ 300 }} ∗ 26 / 49

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Brandon Bohrer (joint

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Brandon Bohrer (joint

CoasterX: A Case Study in Component-Driven Hybrid Systems Proof Automation Brandon Bohrer (joint work with Adriel Luo, Xuean Chuang, Andr e Platzer) Logical Systems Lab Computer Science Department Carnegie Mellon University ADHS, Jul 7

639 views • 41 slides
HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid

HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid

1 + HRML: a hybrid relational modelling language He Jifeng + + 2 + Hybrid Systems Systems are composed by continuous physical component and discrete control component The system state evoles over time

968 views • 51 slides
On linear output regulation: data-driven, hybrid, optimal, and more! Sergio Galeani joint work

On linear output regulation: data-driven, hybrid, optimal, and more! Sergio Galeani joint work

On linear output regulation: data-driven, hybrid, optimal, and more! Sergio Galeani joint work with (data-driven) D. Carnevale, M. Sassano, A. Serrani HYBRID DYNAMICAL SYSTEMS: OPTIMIZATION, STABILITY AND APPLICATIONS, Trento, January 9-11,

419 views • 31 slides
A systems re-engineering case study Programming robots with occam and Handel-C Dan Slipper

A systems re-engineering case study Programming robots with occam and Handel-C Dan Slipper

A systems re-engineering case study Programming robots with occam and Handel-C Dan Slipper Supervisors: Alistair A. McEwan Wilson Ifill AWE 1 The Problem 2 Re-engineering Platform Independent Model Legacy System Replacement Component

349 views • 31 slides
How to Generate Worst-Case Crisp Case Scenarios When Testing Component-Wise . . . Applying the

How to Generate Worst-Case Crisp Case Scenarios When Testing Component-Wise . . . Applying the

Traditional Systems . . . Systems of Systems Specific Example Need for Generating . . . How to Generate Worst-Case Crisp Case Scenarios When Testing Component-Wise . . . Applying the . . . Already Deployed Systems Algorithm: Next . . .

234 views • 21 slides
Hybrid MPI - A Case Study on the Xeon Phi Platform Udayanga Wickramasinghe Center for Research on

Hybrid MPI - A Case Study on the Xeon Phi Platform Udayanga Wickramasinghe Center for Research on

Hybrid MPI - A Case Study on the Xeon Phi Platform Udayanga Wickramasinghe Center for Research on Extreme Scale Technologies (CREST) Indiana University Greg Bronevetsky Lawrence Livermore National Laboratory Andrew Friedley Intel Corporation

571 views • 42 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

910 views • 4 slides
BENEFITS OF HYBRID ENERGY STORAGE SYSTEMS COMBINING LITHIUM-ION AND VRLA BATTERIES

BENEFITS OF HYBRID ENERGY STORAGE SYSTEMS COMBINING LITHIUM-ION AND VRLA BATTERIES

BENEFITS OF HYBRID ENERGY STORAGE SYSTEMS COMBINING LITHIUM-ION AND VRLA BATTERIES www.hoppecke.com HOPPECKE 1 BENEFITS OF HYBRID ENERGY STORAGE SYSTEMS What is an energy storage system? Application: Frequency Response Case Study at

432 views • 22 slides
Demystifying the Characteristics of 3D-Stacked Memories: A Case Study for the Hybrid Memory Cube

Demystifying the Characteristics of 3D-Stacked Memories: A Case Study for the Hybrid Memory Cube

Demystifying the Characteristics of 3D-Stacked Memories: A Case Study for the Hybrid Memory Cube (HMC) , BaharAsgari, Burhan Ahmad Mudassar, SaibalMukhopadhyay, SudhakarYalamanchili, and HyesoonKim IISWC17 Talk Memory Evolution 2

563 views • 54 slides
Community-Driven Pipeline Safety : A Case Study from

Community-Driven Pipeline Safety : A Case Study from

NASHUA REGIONAL PLANNING COMMISSION Community-Driven Pipeline Safety : A Case Study from the Nashua, NH Region Pipeline Safety Trust 2016 Annual Conference

475 views • 16 slides
SiPINTAR - A Case Study of Hybrid Product between Asuransiku (Micro Insurance) and Emasku (Micro

SiPINTAR - A Case Study of Hybrid Product between Asuransiku (Micro Insurance) and Emasku (Micro

SiPINTAR - A Case Study of Hybrid Product between Asuransiku (Micro Insurance) and Emasku (Micro Investment) as Part of National Strategy for Financial Inclusion in Indonesia Jakub Nugraha Micro Insurance Division and Agriculture Insurance Dept

618 views • 25 slides
Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael

Automated synthesis of reliable and efficient systems through game theory: a case study Mickael Randour UMONS - University of Mons 03.09.2012 European Conference on Complex Systems Context Case study Final words Background I must confess.

606 views • 56 slides
COMPONENT DRIVEN DESIGN AND DEVELOPMENT Cristina Chumillas CRISTINA CHUMILLAS @chumillas ckrina

COMPONENT DRIVEN DESIGN AND DEVELOPMENT Cristina Chumillas CRISTINA CHUMILLAS @chumillas ckrina

COMPONENT DRIVEN DESIGN AND DEVELOPMENT Cristina Chumillas CRISTINA CHUMILLAS @chumillas ckrina / Designer and frontend developer at Ymbra WHAT ARE WE GOING TO TALK ABOUT Components Design Systems CSS Methodologies Styles Guides In

809 views • 66 slides
Global Information Systems The Case Study: Development of an Asian-European Business Portal

Global Information Systems The Case Study: Development of an Asian-European Business Portal

Global Information Systems The Case Study: Development of an Asian-European Business Portal Henri Pirkkalainen, Prof. Dr. Jan M. Pawlowski 09.09.2013 Contents Introduction Case Study Contents of the case study The process of the

693 views • 21 slides
A hybrid LCA methodology to assess the environmental footprint of a territory - A french case

A hybrid LCA methodology to assess the environmental footprint of a territory - A french case

A hybrid LCA methodology to assess the environmental footprint of a territory - A french case study Aurlie Gallice 1 , Sverine Mehier 1 , Fanny Tarrise-Vicard 1 , Sbastjen Worbe 1 1 VEOLIA Research &amp; Innovatjon, Maison-Laffjtue, France

249 views • 14 slides
CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata

CIS 4930/6930: Principles of Cyber-Physical Systems Chapter 4: Hybrid Systems - Hybrid Automata Hao Zheng Department of Computer Science and Engineering University of South Florida Ref.: An Introduction to Hybrid Automata

623 views • 41 slides
The impact of trauma networks and the importance of data: A year of trauma audit in Northern

The impact of trauma networks and the importance of data: A year of trauma audit in Northern

The impact of trauma networks and the importance of data: A year of trauma audit in Northern Ireland Northern Ireland Major Trauma Network Conference 8 th March 2019 Antoinette Edwards: Executive Director Laura White: Operations Director

524 views • 30 slides
Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast,

Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast,

Utter Command Fast, hands-free computer control by speech Redstart Report Method Fast, efficient, consistent reports by speech Kimberly Patch kim@redstartsystems.com www.redstartsystems.com Disabled Users as Speech Testbed Many people in

389 views • 6 slides
Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th ,

Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th ,

Welco elcome! me! Le Learnin arning g Se Session ssion/Summit /Summit Day Two May 26 th , 2017 Rec ecap of Da ap of Day On y One &amp; e &amp; Outline of the Days Activities Jennifer Allison 2 Outcome Outcome Data Data Su

716 views • 48 slides
A Case Study in Machine Learning Harikrishna Narasimhan Department of Computer Science and

A Case Study in Machine Learning Harikrishna Narasimhan Department of Computer Science and

Predicting Anticancer Drug Response A Case Study in Machine Learning Harikrishna Narasimhan Department of Computer Science and Automation I Indian Institute of Science, Bangalore Joint work with Shivani Agarwal, IISc and Mitra Biotech An

668 views • 42 slides
Maximising Community Connec6on a7er Brain Injury: A Mul6-component Program Professor Jacinta

Maximising Community Connec6on a7er Brain Injury: A Mul6-component Program Professor Jacinta

Maximising Community Connec6on a7er Brain Injury: A Mul6-component Program Professor Jacinta Douglas Allen Mar&gt;n Memorial Lecture 23 Nov 2016 CRICOS Provider 00115M latrobe.edu.au CRICOS Provider 00115M Overview Rela&gt;onships and

588 views • 32 slides
Commercial Dog Breeders Part 9: Husbandry Standards Course Objectives 1. Describe minimum food

Commercial Dog Breeders Part 9: Husbandry Standards Course Objectives 1. Describe minimum food

Introductory Course for Commercial Dog Breeders Part 9: Husbandry Standards Course Objectives 1. Describe minimum food and water requirements for dogs 2. Describe the requirements for compatible grouping of dogs 3. Explain the exercise

652 views • 50 slides
Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH

Introduction to Symbolic Verification Methods David Basin Institute of Information Security ETH Zurich Road map Motivation Basic notions Problems Symbolic models 1 Security protocols Omnipresent Authentication:

827 views • 37 slides
Obje c tive s of our time toge the r De fine po ve rty Unde rsta nd fa mily po ve rty

Obje c tive s of our time toge the r De fine po ve rty Unde rsta nd fa mily po ve rty

6/15/2018 Wor king with F amilie s L iving in Pove r ty: Str ate gie s for E ngage me nt PRE SE NT E D BY: RUT H VONDE ROHE , M.A. &amp; HOL L Y HAT T ON- BOWE RS, PHD NE BRASKA E XT E NSION Obje c tive s of our time

628 views • 21 slides

More recommend