pegasus a framework for sound continuous invariant
play

Pegasus: a framework for sound continuous invariant generation - PowerPoint PPT Presentation

Dec 12, 2022 •8 likes •398 views

Pegasus: a framework for sound continuous invariant generation Andrew Sogokon 2 , 1 , Stefan Mitsch 1 , Yong Kiam Tan 1 , Katherine Cordwell 1 , e Platzer 1 and Andr 1 Carnegie Mellon University, USA 2 University of Southampton, UK FM 2019, 3rd

  1. Pegasus: a framework for sound continuous invariant generation Andrew Sogokon 2 , 1 , Stefan Mitsch 1 , Yong Kiam Tan 1 , Katherine Cordwell 1 , e Platzer 1 and Andr´ 1 Carnegie Mellon University, USA 2 University of Southampton, UK FM 2019, 3rd World Congress on Formal Methods, Porto October 20, 2019

  2. Introduction What this talk is about Theorem proving in cyber-physical systems (CPS). Why? Fully rigorous proofs of correctness . Important for safety-critical embedded systems. , Pegasus: a framework for sound continuous invariant generation 1/24

  3. Introduction What this talk is about Theorem proving in cyber-physical systems (CPS). Why? Fully rigorous proofs of correctness . Important for safety-critical embedded systems. Problem : Theorem proving in CPS is not fully automatic . Safety verification relies on finding the right invariants . , Pegasus: a framework for sound continuous invariant generation 1/24

  4. Invariants in verification invariant , Pegasus: a framework for sound continuous invariant generation 2/24

  5. Invariants in verification inductive invariant invariant , Pegasus: a framework for sound continuous invariant generation 3/24

  6. Continuous invariants ODEs: x ′ = f ( � x ) � x ∈ R n � Init ⊆ R n , Pegasus: a framework for sound continuous invariant generation 4/24

  7. Continuous invariants ODEs: x ′ = f ( � x ) � x ∈ R n � Init ⊆ R n , Pegasus: a framework for sound continuous invariant generation 5/24

  8. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). , Pegasus: a framework for sound continuous invariant generation 6/24

  9. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE , Pegasus: a framework for sound continuous invariant generation 6/24

  10. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE A complete axiomatization of continuous invariants in differential dynamic logic dL (Platzer & Tan, LICS 2018). , Pegasus: a framework for sound continuous invariant generation 6/24

  11. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE A complete axiomatization of continuous invariants in differential dynamic logic dL (Platzer & Tan, LICS 2018). formal proof dL prover prover formula, ODE of invariance ( KeYmaera X ) , Pegasus: a framework for sound continuous invariant generation 6/24

  12. Handling decidable problems Design choices in proof assistants decision procedure axioms ⊢ goal goal tactics yes/no goal prover prover assistant assistant Formal proof using tactics Using external oracles , Pegasus: a framework for sound continuous invariant generation 7/24

  13. Handling invariants Design choices in proof assistants LZZ procedure dL axioms ⊢ goal goal dL tactics yes/no goal KeYmaera X prover assistant assistant LCF-style “PVS-style” , Pegasus: a framework for sound continuous invariant generation 8/24

  14. Handling invariants Design choices in proof assistants LZZ Less soundness-critical code procedure dL axioms ⊢ goal goal dL tactics yes/no goal KeYmaera X prover assistant assistant LCF-style “PVS-style” , Pegasus: a framework for sound continuous invariant generation 9/24

  15. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) , Pegasus: a framework for sound continuous invariant generation 10/24

  16. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) , Pegasus: a framework for sound continuous invariant generation 10/24

  17. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) pre → inv inv → [ ODE ] inv inv → post pre → [ ODE ] post , Pegasus: a framework for sound continuous invariant generation 10/24

  18. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) pre → inv inv → [ ODE ] inv inv → post pre → [ ODE ] post Practical bottleneck for proof automation. , Pegasus: a framework for sound continuous invariant generation 10/24

  19. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 , Pegasus: a framework for sound continuous invariant generation 11/24

  20. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). , Pegasus: a framework for sound continuous invariant generation 11/24

  21. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). ∗ (However, this is hardly practical) Doubly-exponential time complexity in the number of variables (here the number of coefficients ). , Pegasus: a framework for sound continuous invariant generation 11/24

  22. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). ∗ (However, this is hardly practical) Doubly-exponential time complexity in the number of variables (here the number of coefficients ). More practical alternatives are needed. , Pegasus: a framework for sound continuous invariant generation 11/24

  23. Generating continuous invariants More practical methods for invariant generation exist. These are ◮ more specialized, ◮ incomplete, ◮ have different strengths and limitations, ◮ create a wide spectrum for what can be tried. , Pegasus: a framework for sound continuous invariant generation 12/24

  24. Generating continuous invariants More practical methods for invariant generation exist. These are ◮ more specialized, ◮ incomplete, ◮ have different strengths and limitations, ◮ create a wide spectrum for what can be tried. Challenge : ◮ build a system for navigating this spectrum , ◮ use it to improve proof automation in KeYmaera X. , Pegasus: a framework for sound continuous invariant generation 12/24

  25. Continuous invariant generator Pegasus is an automatic continuous invariant generator. Pegasus { pre } ODE { post } continuous invariant (hopefully) http://pegasus.keymaeraX.org As of version 1.0, Pegasus (implemented in Wolfram Language) has ◮ a simple continuous safety verification problem classifier, ◮ implementation of invariant generation methods, ◮ a strategy for combining invariant generation methods, ◮ proof hints for KeYmaera X. , Pegasus: a framework for sound continuous invariant generation 13/24

  26. Sound integration architecture , Pegasus: a framework for sound continuous invariant generation 14/24

  27. Discrete abstraction Partition R n into discrete states S 1 , . . . , S k defined by some predicates. Compute the discrete transition relation. , Pegasus: a framework for sound continuous invariant generation 15/24

  28. Qualitative analysis In essence : discrete abstraction using information in the problem. Some sources of predicates: ◮ right-hand sides of ODEs, their factors, etc. ◮ functions defining the pre/postcondition ◮ physically meaningful quantities (e.g. divergence of the vector field) , Pegasus: a framework for sound continuous invariant generation 16/24

  29. First integrals and Darboux polynomials Conserved quantities in the continuous system. Functions p such that p ′ = 0 (i.e. the rate of change of p w.r.t. f is 0). Searching for polynomial first integrals (of bounded degree) can be done using linear algebra. , Pegasus: a framework for sound continuous invariant generation 17/24

  30. First integrals and Darboux polynomials Conserved quantities in the continuous system. Functions p such that p ′ = 0 (i.e. the rate of change of p w.r.t. f is 0). Searching for polynomial first integrals (of bounded degree) can be done using linear algebra. Darboux polynomials : p ′ = αp , where α is a polynomial. , Pegasus: a framework for sound continuous invariant generation 17/24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key P Pegasus us Conc oncepts ts Pegasus WMS == Pegasus planner (mapper) + DAGMan workflow engine + HTCondor scheduler/broker Pegasus maps

459 views • 12 slides
Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu

Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu

Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu OUTLINE Introduction Scientific Workflows Pegasus Overview Success Stories Demo Executing a Pegasus workflow on Summit Supercomputer

594 views • 40 slides
ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier Hermant Franois Irigoin 5th International Workshop on Invariant Generation (WING) July 23, 2014 Introduction Need of abstract domains to represent

592 views • 37 slides
Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie

Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie

Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie Liu Tom Rothamel Scott D. Stoller Computer Science Department State University of New York at Stony Brook Invariants An invariant is a predicate

532 views • 17 slides
Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is

Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is

Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is Pegasus? Post-crash Emergency Buoyancy System Fully automatic Very light weight (&lt; 25 kgs per unit) Rapid inflation (&lt; 1.0

389 views • 12 slides
Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho

Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho

Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho Lee, Yoonho Lee, Jungtaek Kim , Adam R. Kosiorek, Seungjin Choi, and Yee Whye Teh Set-input problems and Deep Sets [Zaheer et al., 2017] Take

262 views • 10 slides
In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

X.ge#ofQu4sche-s Virtual surfaced on . Introduction O . surface X Ici smooth CE Hak tf ( X ,Z ) , 2) projective e , . In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M ) MTH ( v ) VW

537 views • 17 slides
Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W.

Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W.

Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W. Bongard, B.A. Kujak-Ford, E.T. Hinson, B.T. Lewicki, A.J. Redd, A.C. Sontag and the Pegasus Team University of Wisconsin - Madison D.J. Battaglia,

165 views • 12 slides
Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of

Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of

Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of Scientific Workflows Pegasus (from the point of view of an application scientist) Conducts a series of computational tasks. Resources

636 views • 32 slides
Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used to create: Mood Ambience Drama Environmental clues Continuity Feedback Practical Issues Real-time requirement

311 views • 17 slides
? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

9/4/19 Speech Hynek Hermansky Elecrical and Computer Engineering Hackerman 324Fp ? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf) no wolf wolf loudness timbre (sound color) More

334 views • 14 slides
Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Powered by Powered by Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil Jihie Kim Varun Ratnakar Ewa Deelman USC Information Sciences Institute www.isi.edu/ikcap/wings pegasus.isi.edu

505 views • 28 slides
Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1

Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1

CTP 431 Music and Audio Computing Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1 Outlines Introduction: Sound Processing Linear Time-Invariant Digital Filter Impulse response

651 views • 41 slides
Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp;

Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp;

Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp; Epots Ltd Pegasus Ipots &amp; Epots Ltd as fouded i ode to poide its ustoes ith pue food

534 views • 9 slides
PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E.

PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E.

PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E. Tsourakakis, C. Faloutsos What is Pegasus? Open source Peta Graph Mining Library Can deal with very large Giga-, Tera-, Peta-byte

552 views • 18 slides
SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are made when objects vibrate and the vibrations travel to enter you ear. You hear these vibrations as sounds. Sound is all around us We cannot

357 views • 9 slides
Sharing a Library between Proof Assistants: Reaching out the HOL Family Franc ois Thir e

Sharing a Library between Proof Assistants: Reaching out the HOL Family Franc ois Thir e

Sharing a Library between Proof Assistants: Reaching out the HOL Family Franc ois Thir e July 7, 2018 LSV, CNRS, Inria, ENS Paris-Saclay 1 Introduction Beluga PVS Automath Coq Agda RedPRL Isabelle/HOL Twelf Abella Matita

662 views • 49 slides
John Hoffman- Chairman &amp; CEO (ASX: PVS) DISCLAIMER This presentation dated 9 September 2020

John Hoffman- Chairman &amp; CEO (ASX: PVS) DISCLAIMER This presentation dated 9 September 2020

ASX Small &amp; Mid-Cap Conference 9 September 2020 John Hoffman- Chairman &amp; CEO (ASX: PVS) DISCLAIMER This presentation dated 9 September 2020 has been prepared by and is being issued by Pivotal Systems Corporation, risks, uncertainties

349 views • 17 slides
Californias Pioneering Policies for New Homes: Greater Efficiency with Required Solar Energy

Californias Pioneering Policies for New Homes: Greater Efficiency with Required Solar Energy

CESA Webinar Californias Pioneering Policies for New Homes: Greater Efficiency with Required Solar Energy Hosted by Warren Leon, Executive Director, CESA September 11, 2018 Housekeeping Join audio: Choose Mic &amp; Speakers to use

561 views • 45 slides
Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche

Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche

Kind-AI: When abstract interpretation and SMT-based model-checking meet Pierre-Loc Garoche Onera U. of Iowa joint work with T. Kashai and C. Tinelli 04/13/2012 Kind-AI: When abstract interpretation and SMT-based model-checking meet -

652 views • 53 slides
The Creation of Saints Row Saints Row 's Open World Cityscape: 's Open World Cityscape: The

The Creation of Saints Row Saints Row 's Open World Cityscape: 's Open World Cityscape: The

The Creation of Saints Row's Open World Cityscape: Stilwater The Creation of Saints Row's Open World Cityscape: Stilwater The Creation of Saints Row Saints Row 's Open World Cityscape: 's Open World Cityscape: The Creation of Stilwater

975 views • 65 slides
Cartesian Cubical Computational Type Carlo Angiuli Theory Evan Cavallo (*) Favonia Robert

Cartesian Cubical Computational Type Carlo Angiuli Theory Evan Cavallo (*) Favonia Robert

2018.07.24 Cartesian Cubical Computational Type Carlo Angiuli Theory Evan Cavallo (*) Favonia Robert Harper Jonathan Sterling Todd Wilson 1 Cubical features of homotopy type theory univalence, higher inductive types + Computational

1.01k views • 98 slides
Automatic Formal Verification for EPICS Jonathan Jacky, Stefani Banerian, Michael D. Ernst,

Automatic Formal Verification for EPICS Jonathan Jacky, Stefani Banerian, Michael D. Ernst,

Automatic Formal Verification for EPICS Jonathan Jacky, Stefani Banerian, Michael D. Ernst, Calvin Loncaric, Stuart Pernsteiner, Zachary Tatlock, Emina Torlak Department of Radiation Oncology University of Washington Medical Center Paul G.

412 views • 13 slides
XII Summer Workshop in Mathematics Interactively Proving Mathematical Theorems Section 4: Ring

XII Summer Workshop in Mathematics Interactively Proving Mathematical Theorems Section 4: Ring

XII Summer Workshop in Mathematics Interactively Proving Mathematical Theorems Section 4: Ring Theory in PVS Thaynara Arielly de Lima(IME) Mauricio Ayala-Rinc on (CIC-MAT) In collaboration with: Andr eia Borges Avelar da Silva (FUP -

525 views • 38 slides

More recommend