pegasus a framework for sound continuous invariant
play

Pegasus: a framework for sound continuous invariant generation - PowerPoint PPT Presentation

Dec 12, 2022 •8 likes •398 views

Pegasus: a framework for sound continuous invariant generation Andrew Sogokon 2 , 1 , Stefan Mitsch 1 , Yong Kiam Tan 1 , Katherine Cordwell 1 , e Platzer 1 and Andr 1 Carnegie Mellon University, USA 2 University of Southampton, UK FM 2019, 3rd

  1. Pegasus: a framework for sound continuous invariant generation Andrew Sogokon 2 , 1 , Stefan Mitsch 1 , Yong Kiam Tan 1 , Katherine Cordwell 1 , e Platzer 1 and Andr´ 1 Carnegie Mellon University, USA 2 University of Southampton, UK FM 2019, 3rd World Congress on Formal Methods, Porto October 20, 2019

  2. Introduction What this talk is about Theorem proving in cyber-physical systems (CPS). Why? Fully rigorous proofs of correctness . Important for safety-critical embedded systems. , Pegasus: a framework for sound continuous invariant generation 1/24

  3. Introduction What this talk is about Theorem proving in cyber-physical systems (CPS). Why? Fully rigorous proofs of correctness . Important for safety-critical embedded systems. Problem : Theorem proving in CPS is not fully automatic . Safety verification relies on finding the right invariants . , Pegasus: a framework for sound continuous invariant generation 1/24

  4. Invariants in verification invariant , Pegasus: a framework for sound continuous invariant generation 2/24

  5. Invariants in verification inductive invariant invariant , Pegasus: a framework for sound continuous invariant generation 3/24

  6. Continuous invariants ODEs: x ′ = f ( � x ) � x ∈ R n � Init ⊆ R n , Pegasus: a framework for sound continuous invariant generation 4/24

  7. Continuous invariants ODEs: x ′ = f ( � x ) � x ∈ R n � Init ⊆ R n , Pegasus: a framework for sound continuous invariant generation 5/24

  8. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). , Pegasus: a framework for sound continuous invariant generation 6/24

  9. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE , Pegasus: a framework for sound continuous invariant generation 6/24

  10. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE A complete axiomatization of continuous invariants in differential dynamic logic dL (Platzer & Tan, LICS 2018). , Pegasus: a framework for sound continuous invariant generation 6/24

  11. Checking continuous invariants Checking whether a formula defines a continuous (inductive) invariant is decidable (Liu, Zhan & Zhao, EMSOFT 2011). LZZ procedure yes/no formula, ODE A complete axiomatization of continuous invariants in differential dynamic logic dL (Platzer & Tan, LICS 2018). formal proof dL prover prover formula, ODE of invariance ( KeYmaera X ) , Pegasus: a framework for sound continuous invariant generation 6/24

  12. Handling decidable problems Design choices in proof assistants decision procedure axioms ⊢ goal goal tactics yes/no goal prover prover assistant assistant Formal proof using tactics Using external oracles , Pegasus: a framework for sound continuous invariant generation 7/24

  13. Handling invariants Design choices in proof assistants LZZ procedure dL axioms ⊢ goal goal dL tactics yes/no goal KeYmaera X prover assistant assistant LCF-style “PVS-style” , Pegasus: a framework for sound continuous invariant generation 8/24

  14. Handling invariants Design choices in proof assistants LZZ Less soundness-critical code procedure dL axioms ⊢ goal goal dL tactics yes/no goal KeYmaera X prover assistant assistant LCF-style “PVS-style” , Pegasus: a framework for sound continuous invariant generation 9/24

  15. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) , Pegasus: a framework for sound continuous invariant generation 10/24

  16. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) , Pegasus: a framework for sound continuous invariant generation 10/24

  17. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) pre → inv inv → [ ODE ] inv inv → post pre → [ ODE ] post , Pegasus: a framework for sound continuous invariant generation 10/24

  18. Generating continuous invariants Excellent progress made this decade on the invariant checking problem . { inv } ODE { inv } ( in dL inv → [ ODE ] inv ) The invariant generation problem is much more difficult. { pre } ODE { post } ( in dL pre → [ ODE ] post ) pre → inv inv → [ ODE ] inv inv → post pre → [ ODE ] post Practical bottleneck for proof automation. , Pegasus: a framework for sound continuous invariant generation 10/24

  19. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 , Pegasus: a framework for sound continuous invariant generation 11/24

  20. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). , Pegasus: a framework for sound continuous invariant generation 11/24

  21. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). ∗ (However, this is hardly practical) Doubly-exponential time complexity in the number of variables (here the number of coefficients ). , Pegasus: a framework for sound continuous invariant generation 11/24

  22. Generating continuous invariants In theory, we can search for invariants using template formulas : a 0 + a 1 x + a 2 y + a 3 x 2 + a 4 xy + a 5 y 2 < 0 ∧ b 0 + b 1 x + b 2 y ≥ 0 Searching for the coefficients using algorithms from real algebraic geometry (e.g. CAD). ∗ (However, this is hardly practical) Doubly-exponential time complexity in the number of variables (here the number of coefficients ). More practical alternatives are needed. , Pegasus: a framework for sound continuous invariant generation 11/24

  23. Generating continuous invariants More practical methods for invariant generation exist. These are ◮ more specialized, ◮ incomplete, ◮ have different strengths and limitations, ◮ create a wide spectrum for what can be tried. , Pegasus: a framework for sound continuous invariant generation 12/24

  24. Generating continuous invariants More practical methods for invariant generation exist. These are ◮ more specialized, ◮ incomplete, ◮ have different strengths and limitations, ◮ create a wide spectrum for what can be tried. Challenge : ◮ build a system for navigating this spectrum , ◮ use it to improve proof automation in KeYmaera X. , Pegasus: a framework for sound continuous invariant generation 12/24

  25. Continuous invariant generator Pegasus is an automatic continuous invariant generator. Pegasus { pre } ODE { post } continuous invariant (hopefully) http://pegasus.keymaeraX.org As of version 1.0, Pegasus (implemented in Wolfram Language) has ◮ a simple continuous safety verification problem classifier, ◮ implementation of invariant generation methods, ◮ a strategy for combining invariant generation methods, ◮ proof hints for KeYmaera X. , Pegasus: a framework for sound continuous invariant generation 13/24

  26. Sound integration architecture , Pegasus: a framework for sound continuous invariant generation 14/24

  27. Discrete abstraction Partition R n into discrete states S 1 , . . . , S k defined by some predicates. Compute the discrete transition relation. , Pegasus: a framework for sound continuous invariant generation 15/24

  28. Qualitative analysis In essence : discrete abstraction using information in the problem. Some sources of predicates: ◮ right-hand sides of ODEs, their factors, etc. ◮ functions defining the pre/postcondition ◮ physically meaningful quantities (e.g. divergence of the vector field) , Pegasus: a framework for sound continuous invariant generation 16/24

  29. First integrals and Darboux polynomials Conserved quantities in the continuous system. Functions p such that p ′ = 0 (i.e. the rate of change of p w.r.t. f is 0). Searching for polynomial first integrals (of bounded degree) can be done using linear algebra. , Pegasus: a framework for sound continuous invariant generation 17/24

  30. First integrals and Darboux polynomials Conserved quantities in the continuous system. Functions p such that p ′ = 0 (i.e. the rate of change of p w.r.t. f is 0). Searching for polynomial first integrals (of bounded degree) can be done using linear algebra. Darboux polynomials : p ′ = αp , where α is a polynomial. , Pegasus: a framework for sound continuous invariant generation 17/24

Recommend

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key

Pegasus Enhancing User Experience on OSG Mats Rynge rynge@isi.edu https://pegasus.isi.edu Key P Pegasus us Conc oncepts ts Pegasus WMS == Pegasus planner (mapper) + DAGMan workflow engine + HTCondor scheduler/broker Pegasus maps

459 views • 12 slides
Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu

Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu

Pegasus Workflows on OLCF - Summit George Papadimitriou georgpap@isi.edu http://pegasus.isi.edu OUTLINE Introduction Scientific Workflows Pegasus Overview Success Stories Demo Executing a Pegasus workflow on Summit Supercomputer

594 views • 40 slides
ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier

ALICe: A Framework to Improve Affine Loop Invariant Computation Vivien Maisonneuve Olivier Hermant Franois Irigoin 5th International Workshop on Invariant Generation (WING) July 23, 2014 Introduction Need of abstract domains to represent

592 views • 37 slides
Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie

Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie

Efficient Runtime Invariant Checking: A Framework and Case S tudy Michael Gorbovitski Y. Annie Liu Tom Rothamel Scott D. Stoller Computer Science Department State University of New York at Stony Brook Invariants An invariant is a predicate

532 views • 17 slides
Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is

Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is

Pegasus Post-Crash Emergency Buoyancy System Pegasus Proof of Concept (completed Mar 13) What is Pegasus? Post-crash Emergency Buoyancy System Fully automatic Very light weight (&lt; 25 kgs per unit) Rapid inflation (&lt; 1.0

389 views • 12 slides
Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho

Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho

Set Transformer: A Framework for Attention-based Permutation-Invariant Neural Networks Juho Lee, Yoonho Lee, Jungtaek Kim , Adam R. Kosiorek, Seungjin Choi, and Yee Whye Teh Set-input problems and Deep Sets [Zaheer et al., 2017] Take

262 views • 10 slides
In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M )

X.ge#ofQu4sche-s Virtual surfaced on . Introduction O . surface X Ici smooth CE Hak tf ( X ,Z ) , 2) projective e , . In theoretic Fgm ( X invariant k GW 1) us GW . = Ijf , M ) invariant refined ( M ) MTH ( v ) VW

537 views • 17 slides
Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W.

Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W.

Point-source DC Helicity Injection on the Pegasus Toroidal Experiment Devon J. Battaglia M.W. Bongard, B.A. Kujak-Ford, E.T. Hinson, B.T. Lewicki, A.J. Redd, A.C. Sontag and the Pegasus Team University of Wisconsin - Madison D.J. Battaglia,

165 views • 12 slides
Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of

Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of

Pegasus Workflow Management System Karan Vahi USC Information Sciences Institute Benefits of Scientific Workflows Pegasus (from the point of view of an application scientist) Conducts a series of computational tasks. Resources

636 views • 32 slides
Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used to create: Mood Ambience Drama Environmental clues Continuity Feedback Practical Issues Real-time requirement

311 views • 17 slides
? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

9/4/19 Speech Hynek Hermansky Elecrical and Computer Engineering Hackerman 324Fp ? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf) no wolf wolf loudness timbre (sound color) More

334 views • 14 slides
Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil

Powered by Powered by Wings for Pegasus: A Semantic Approach for Creating Very Large Scientific Workflows Yolanda Gil Jihie Kim Varun Ratnakar Ewa Deelman USC Information Sciences Institute www.isi.edu/ikcap/wings pegasus.isi.edu

505 views • 28 slides
Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1

Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1

CTP 431 Music and Audio Computing Sound Processing and Digital Filters Graduate School of Culture Technology (GSCT) Juhan Nam 1 Outlines Introduction: Sound Processing Linear Time-Invariant Digital Filter Impulse response

651 views • 41 slides
Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp;

Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp;

Kotjos Eta Vigi Olie Oil Pesetatjo Aout Pegasus Ipots &amp; Epots Ltd Pegasus Ipots &amp; Epots Ltd as fouded i ode to poide its ustoes ith pue food

534 views • 9 slides
PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E.

PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E.

PEGASUS: A peta-scale graph mining system - Implementation and observations U. Kang, C. E. Tsourakakis, C. Faloutsos What is Pegasus? Open source Peta Graph Mining Library Can deal with very large Giga-, Tera-, Peta-byte

552 views • 18 slides
SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are made when objects vibrate and the vibrations travel to enter you ear. You hear these vibrations as sounds. Sound is all around us We cannot

357 views • 9 slides
A FRAMEWORK FOR REDUCING THE COST OF INSTRUMENTED CODE Known from Continuous Path and

A FRAMEWORK FOR REDUCING THE COST OF INSTRUMENTED CODE Known from Continuous Path and

A FRAMEWORK FOR REDUCING THE COST OF INSTRUMENTED CODE Known from Continuous Path and Edge Profiling Bug Isolation via Remote Program Sampling Low-overhead Memory Leak Detection using Adaptive Statistical Profiling (SWAT)

178 views • 16 slides
NMI Build &amp; Test Laboratory: Continuous Integration Framework for Distributed Computing

NMI Build &amp; Test Laboratory: Continuous Integration Framework for Distributed Computing

NMI Build &amp; Test Laboratory: Continuous Integration Framework for Distributed Computing Software Andrew Pavlo, Peter Couvares, Rebekah Gietzel, Anatoly Karp, Ian D. Alderman, and Miron Livny University of Wisconsin-Madison Charles Bacon

215 views • 21 slides
T-duality Invariant Formalisms at the Quantum Level Daniel Thompson Queen Mary University of

T-duality Invariant Formalisms at the Quantum Level Daniel Thompson Queen Mary University of

Introduction Duality Invariant Formalisms for Abelian T-duality Renormalisation of Duality Invariant Formalism Generalising T-duality Invariant Constructions Conclusions T-duality Invariant Formalisms at the Quantum Level Daniel Thompson

424 views • 28 slides
2014 Mississippi Business and Technology Framework Webinar Sound Check If you cant hear me,

2014 Mississippi Business and Technology Framework Webinar Sound Check If you cant hear me,

2014 Mississippi Business and Technology Framework Webinar Sound Check If you cant hear me, call 662 -325-2510 for assistance. Participant Window Expand/Collapse Control Panel Raise Hand Icon Mute line option This Webinar Will be Recorded

424 views • 16 slides
Cumulative Effects Framework for BC Webinar for the Howe Sound Community Forum February 20, 2014

Cumulative Effects Framework for BC Webinar for the Howe Sound Community Forum February 20, 2014

Cumulative Effects Framework for BC Webinar for the Howe Sound Community Forum February 20, 2014 Kai Elmauer, CEF Project Coordinator and Outreach Specialist Ministry of Forests, Lands, and Natural Resource Operations Content Based on

583 views • 13 slides
Sound File Formats Raw data has samples (interleaved w/stereo) Need way to parse raw

Sound File Formats Raw data has samples (interleaved w/stereo) Need way to parse raw

The Game Development Process Audio Creation Topics Computer Audio Technology Music Guidelines Audio Process Guidelines 1 Digital Audio Sound produced by variations in air pressure Can take any continuous value Analog

267 views • 26 slides
Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the

Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the

Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the air or some other material. Difference between Sound and Noise Sound has communication purpose. Noise is random and unwanted. TYPES OF Sounds

103 views • 7 slides
Continuous Mapping and Monitoring Framework for Habitat Analysis in the United Arab Emirates

Continuous Mapping and Monitoring Framework for Habitat Analysis in the United Arab Emirates

Continuous Mapping and Monitoring Framework for Habitat Analysis in the United Arab Emirates Prashanth Marpu 1, *, Marouane Temimi 1 , Fatima AlAydaroos 2 , Nazmi Saleous 3 and Anil Kumar 4 1 Khalifa University of Science and Technology, Abu

590 views • 16 slides

More recommend