Opening

People	Corky, Gregory, Josh, Raj, Jun, Angela [+Alex, +Kath,+Yilong]
Lectures	MW, Meetings F
Scribe	Walid

• Corky:
  • model theory:
  • proof theory: purely syntactic process of deduction
  • the connection between the two is what makes them interesting.

• Remarks:
  • I agree that the connection between models and proofs is the most insightful aspect
  • Models for System F (therefore, for Coq), are problematic.

• Course plan:
  • Should we do real analysis first?
  • link

• Corky will give an intro to domain theory. This is about five lectures.

Domain Theory (1)

Topic	Domain Theory
Speaker	Corky
Scribe	Angela
Date	2008/1/16

* Background:

• • Very technical treatment of program meaning, no text book available.
  • Materials available: We have some notes on domain theory by Corky, which based on Dana Scott's monograph.
  • There are many ways to present a mathematical theory. In this note, we use finitary bases. Other ways including neighborhood systems, information systems, and topology.
  • Dana Scott is a Mathematician, never write any code? We will look at some more intuitive explanation here.

• Data values and operations
  • In comp 210, we have seen algebraic data types like trees, infinite streams.
  • In domain theory, it is not enough to just have data type like "tree", we need also a model for manipulating these data values as the lambda calculus.
  • If you build a domain D, you need to make D->D, DxD^? close in the domain. In other words, D is isomorphism to DxD^?.
  • We know that every things that are closed are functions.
  • You cannot have normal forms for all functions, since equivalence of computable functions are undecidable.
  • Thus, we have extensional behavior functions (full abstractions). Where functions are infinite things, every computable function is representable.

• Scott Domain
  • Scott came up a construction of domains for lambda calculus.
  • It mainly solves the problem: D ~ D -> D (2^D)
  • Characteristics about computable functions:
    • They are monotonic a < b <=> f(a) < f(b)
    • They can incrementally produce more information. Data is ordered by the information content.
    • What is need for taking the limit: Continuousness.

• Example

        O
      /   \ 
    true   _|_       => true

    
        O
      /   \ 
    _|_   false      => false

Domain Theory (4)

Topic	Domain Theory
Speaker	Corky
Scribe	Angela
Date	2008/1/25

• In this series of talks, we will focus on critical things behind the conceptions.
• From section 1:
  • Partial elements and total elements: total elements are just maximum elements.
  • From bases to domain, you throw in the limits.
  • There is Isomorphism between finitary bases and principle ideals, as well as between domains constructed from them.
  • While most other treatment on Domain Theory goes "from above to below", where they first describe the properties of a Domain and then use "compact elements" to get corresponding things to our finitary basis, We start off using finite elements and construct domains upon them by throwing in their limits, which makes it more understandable in the sense of computation.
  • An example about cpo:

    o      o             o      o 
    | \  / |             | \  / |   
    |  \/  |             |  \/  |   
    |  /\  |             |   o  | 
    | /   \|             | /   \|
     o     o              o     o
      \   /                \   /
       \ /                  \ /
        o                    o

• Section 2: Operations on Data
  • Does function from Domain A to Domain B also forms a domain? How to prove it? We will see later that to prove domain closed under Cartesian product and sum are simple, the meat part is about function "->"
  • Two most important characteristics about function: monotonic and continuous. In fact, continuousity contains monotonicity. Examples of functions that are not monotonic or not continuous are given in class. The tricky part is function value in the limit.
  • We talked maximum function (point wise maximum) on a given domain, the key issue is about what should be the function value for bottom. in strict function case, when call-by-value is used, bottom always gets function value bottom; when call-by-name used, bottom can have function value not a bottom is input can be bypassed, for exampel f(_)=0.
  • Notice that approximable doesn't imply computable. There are to kinds of the concept computability. One corresponding to Turing Machine computable, where a finite input is required. the other one is more general. ( The intuition is that, the cardility of function is not countable, while Turing Machines are countable.)

Checking type safety of foreign function calls

Authors	Michael Furr, Jeffrey Foster
Speaker	Raj
Scribe	Walid, Angela
Date	2008/2/15

• Problem with "contribution" slide:
  • Contribution should be a list of solution and what to achieve. Here from the bullets it is not clear what are problems, and how are they solved.
  • It should be more precise on what are the problems, why are they difficult, why it is interesting.
  • Walid: are they guaranteeing safety? Raj: Not for all, but for a large class of programs.
• If we have C program reference to OCaml objects, the object can be trashed at run time.
• For garbage collection (GC), if it is single threaded, then there might be no problem. However, in the case of multi-thread, GC can happen during other program is running at the same time. Walid: we need to make sure whether OCaml GC can run during external function call.
• On the example slide, the Caml** should be explained.
• nullary value are unboxed, unnullary value are boxed. Is_long appears to be equivalent with unboxed. More intuitive terms should be used to help explain the idea.
• On the "Refining ..." slide, the notion of "flow sensitive"and "flow insensitive" need to be made clearer.
• The type system using both comma and "+" is confusing, thought it is from the paper.
• Overall suggestions to the presentation:
  • Contribution not clear
  • Big figure need to be re-considered.
  • Explain everything in example more carefully.
  • Representation and notations needs some tweaking.
  • Terminology like flow sensitivity need to be made clear.
  • No key idea in the begining. The key idea of the presentation can be different from the key idea of the paper.
• Simon's suggestions are about presenting your own work, when presenting other's work, what things needs care?
• From Walid:
  • FFTs: you should say sth about FFIs and why they are needed.
  • Contributions: you should say what, not how.
  • Problems, related work, and contributions needs to be strengthened.
  • Example slide:
    • Write on slide what example illustrates
    • Use different fonts to illustrate different things.
    • Explain much more carefully.
    • What about closure and cell bonds.
  • Figure out exactly what do they mean by flow sensitive/insensitive.

TeleScope and Impulse: A Software Case Study

Speaker	Karen Wu, Roumen Kaiabachev
Company	Schlumberger
Scribe	Cherif
Date	1/30/2008

• Driling tools:
  • They specify the direction that holes take.
  • 50% of profit in drilling
  • 50% in measurement
  • We want to make measurement simultaneously with drilling
• Measurements:
  • Inclinations
  • Azimuth
  • Shocks
  • Temperature (usually less than 100 celsius)
  • Gravity Tool Face
  • Magnetic Tool Face
• Sending data back is hard because of low bandwidth (24 bps).
• We want to make sure of code correctness and fit resources
• Telescope controller board:
  • There is a Co-Processor that controls the motor
  • Main Controller acquires data from sensors
• Impulse Controller board:
  • Have a UART connected to Main Controller
• Corky: is there a reason to use Motorola or Intel processors?
• Answer: Some tools are older and SLB had to pre-buy all the parts for the life time of the tools.
• Development:
  • Mostly C with some assembly.
  • Processor emulators (expensive and not always available)
• Prioritized tasks communicating with queues
• Use different modulation
• There are real-time requirements
• Error handling requirements
• Current practice
  • Processor and memory load can be unknown
  • Loss of logging data due to bad software state
  • Documentation can become obsolete
  • Correctness is ensured using testing and some very basic static analysis tools
• What we really need is
  • A tool that can estimate the amount of processing task might need.
  • Formalization of system timings and constraints
  • Self documentation
  • Better code analyzers
• Current tools used:
  • PC-Lint
  • PolySpace (only recently)
    • Uses abstract interpretation (extended data-flow analysis with handling for particular infinite sets of data). This was formalized by P. and R. Cousot.
• Corky: I am skeptical about complete soundness of PolySpace
• Deian: What about the power consumption? Do you generate more power than you can use?
  • Answer: Yes
• Corky: Comparing different analysis tools that are available.
• Some C Run-time errors detected including array bounds violations, null pointers, usage of uninitialized data, overflow, division by zero, conflicts while sharing data, dead code.
• Current experience with PolySpace^?
  • Lots of false positives
  • Overnight run on a server
• Corky: Martin Rinard's work is very interesting in this context.
  • "Automated Techniques for Surviving (Otherwise) Fatal Software Errors"

A New Representation for Exact Real Numbers (1)

Authors	Abbas Edalat, Peter John Potts
Speaker	Angela
Scribe	Walid, Jun
Date	2008/2/11

Intro

Goal is to present a new representation of exact reals useful for computation (as opposed to reasoning about them). Subject introduced by Gosper [says Corky].

Existing Approaches:

• Interval Arithmetic
  • Iterate same computation with increasing precision until the result is sufficiently accurate
  • Pioneered by Aberth [Corky]
• Rational Arithmetic
  • Represent real number by a rational-valued function that approximates

the real number to arbitrary precision

• • Some authors include: Boehm and Cartwright, and Bishop
• Lazy streams of digits
  • Bill Gosper
  • Radix problem: see below
• Linear fractions (or 2x2 and 1x2 matrices)
  • Today's focus
  • Equate [a, b] (written as a 1x2 matrix) with a/b; this gives a bijective projection between Q^\infty and the set of 1x2 integer-entry matrices.
  • Represent a real as an infinite stream of matrices (a_ij), which is interpreted to represent an infinite composition of x \mapsto (a_11 x + a_12)/(a_21 x + a_22).

Angela claims that sensible definitions of transcendental functions (tan() in particular) is not given for anything other than the linear fraction approach. Differentiation and integration is missing as well.

Side note: Walid mentioned the continuum hypothesis, which (in the weak form) states that every uncountable set has a greater cardinality than the set of real numbers, i.e. the reals is (one of) the smallest uncountable set. This was proven to be unprovable in ZFC by Paul Cohen in 1963.

Radix Problem

The lazy stream approach suffers from the radix problem: what should, say, the integer part be of x = 0.444... + 0.555..., where "..." denotes data that is not available without further computation? We can't say it's 0 because then we're committing ourselves to the claim that x <= 1, when in fact the ellipses may turn out to be x = 0.4444 + 0.5557 = 1.0001. We can't say it's 1 either because x might actually be x = 0.444 + 0.555 = 0.999 < 1. Short of an infinite lookahead (which obviously we can't do), this problem is undecidable.

The problem is solved by allowing 10 or negative numbers as a digit, thereby forcing people to infer less from the claim that the integer part is 0 (for example). With x = 0.444... + 0.555..., allowing negative digits, we can say the integer part is 1 because we are no longer committed to saying the number is then >= 1; the least real number that can start with "1." in this number system is 1.(-9)(-9)(-9)... = 0.

According to the paper this problem was "discovered after Gosper's publication", but Hartley Roger had given it as an exercise in 1967 [Corky]. Boehm, Cartwright, et al. also gave similar exercises in a 1986 book.

We ran out of time, so Angela will give another shot in her next slot.

Problems with The Talk

Walid: slide 5 is missing dates for some papers. Slide 7 needs more explanation.

Physical Modeling for Computer Scientists, Part 1 of 4

Speaker	Alex
Scribe	Cherif
Date	2/6/2008

Equations of Motions

New Euler Equations

Translational: \Sigma F = M a = M x''
Rotational: \Sigma \tau = J \alpha = J \theta''

• To be able to write the motion equations describing a mechanical system (either rotational or translational), one should draw the Free Body Diagram (FBD) of each object and apply the above formulas to it.
• Friction forces are proportional to velocity and spring forces are proportional to displacement.
• The motion equations are sufficient to describe the whole system
• For examples on mechanical systems see the talk slides

Euler-Lagrange Formulation

• An alternative way of describing the whole system.
• Sometimes simpler

L = K - P     (Kinetic Energy - Potential Energy)
f = (d (\delta L / \delta x') / d t) - (\delta L / \delta x) 

• Simple example in Accumen
• Next time: Solving for displacement

Introduction To Monads

Speaker	Walid
Scribe	Cherif
Date	2/13/2008

Type Constructors

A -> B
A x B
A + B
\forall \alpha. A
\exists \alpha. B
M(B) (Monads)
\circle B (Staged)
\rectangle B (Co-Monads: logic)
\mu \alpah. A  (Recursive types)

• Monads are a way of abstracting behavior that you are interested in but you don't want to express explicitly. Introduced by Moggi in 1991 in "Notions of Computations and Monads"

Monad operations

1 return:  A -> MA
2 bind: MA x (A -> MB) -> MB

• Conventional (infix) notation for bind:

bind m f 

can be written as:

m >> f

Monad properties (rules)

1) bind (return x) f = f x
2) bind m return = m
3) (a>>b)>>c = a>>(\lambda x. (b_x >> c))

• The last rule could be rewritten as:

bind (bind a b) c = bind a (\lambda x. bind (b x) c)

• Bind is sometimes written as a monadic let as follows (Haskell):

letm  x \doubleleftarrow e_1
   in e_2

which is equivalent to:

bind e_1 \lambda x. e_2  

Examples

• Identity Monad:

M_id = (MA = A, 
        ret x = x,
        bind x f = fx)

• Lift Monad:

M_lift = (MA = A+1,  (+ is the union: inleft denoted as inl and inright denoted as inr) 
        ret x = inl x,
        bind x f = match x with
                     inl(a) -> f a
                   | inr_(A+1)(1) -> inr_(B+1)(1) (propagate failure)
)

• Exercise:
  • Check that M_id and M_lift satisfies the rules
• Corky: Monads are not useful in call-by-name, but they are useful in a call-by-value setting
• Next paper to look at: "Comprehending Monads" by Wadler in 1996
• More recently a tutorial by Hughes "Monads and Arrows"

Using monads to define a (monadic) language denotationally:

• Define type syntax:

 
t = 1| A x B | A + B | A -> B  

where 1 is void/unit

• Define type domains
• Define the translation from type syntax to type domain. We denote the translation by using the oxford brackets [| . |] and a subscript V or N to indicate Call-By-Value (CBV) or Call-By-Name (CBN)
  • Corky: This is very suitable for languages having type partitioning
  • For CBV

[| 1 |]_v = \One
[| A x B |]_v = [| A |]_v x [| B |]_v
[| A + B |]_v = [| A |]_v + [| B |]_v
[| A -> B |]_v = [| A |]_v -> M[| B |]_v

• • For CBN (any computation could diverge and that's why you need monads everywhere)

[| 1 |]_n = M\One
[| A x B |]_n = M([| A |]_n x [| B |]_n)
[| A + B |]_n = M([| A |]_n + [| B |]_n)
[| A -> B |]_n = M([| A |]_n -> M[| B |]_n)

• Corky: What about a language like Java that doesn't have type partitioning?
  • The problem with Java is that in it all types fall in the category:

\mu \alpha. A

Type Theory and Functional Programming (by Simon Thompson)

Speaker	Greg
Topic	Chapters 3 and 4 from Simon Thompson book
Scribe	Cherif
Date	2/20/2008

• Products Example
• Corky: This idea of introduction and elimination rules was introduced by Genssen (A brilliant mathematician often underestimated). Does Simon book talk about this history?
• The Curry-Howard Isomorphism
• Simple types:
  • Replace "formula" with "type" in slide
  • Product, Arrow, Sums
• Arrow type:
  • Walid: Introduction, how does the author explain this rule since it contains non-local information? Does he say for example that we have some information carried around in some context?
  • Corky: It is a way of discharging the implicit assumption that is a leaf in a the proof tree.
  • Walid: I like more the use of environment and a turn style before that.
• Note: We should look at Frank Pfenning paper titled: "A judgmental analysis of linear logic"
• Note: Let's see if products and implications can be used to get sums.
• Can we proof that:
  • A -> C given that A -> B and B -> C without using propositional logic.
    1. Using truth table
    2. Assume A and use the first rule to conclude that B holds and then use that with the second rule to conclude that C holds
• Programs give you a mechanical way to prove things. The proof is syntax driven. There is only one rule that matches a certain syntax and that what gives you a mechanical way.
• Corky: Classical way in Genssen System is not syntax driven.
• Walid: Syntax driven can be done based on the syntax of types or the syntax of the program (what is on the left hand side versus what is on the right hand side of the colon in typing rules).
• If we want to do theorem proofing, being syntax driven with respect to the proposition is important because it gives you only one rule to check at any point in time and you are doing it by induction (your antecedent is always smaller). Therefore the theory is decidable.
• Double negation become non-syntax driven. Syntax driven with contradiction is not syntax driven.
• For proof checking things are slightly different. Each proof construction is syntax driven.
• This theory is not applicable to Java because of subtyping.

t1<=t1
\Gamma |- e: t1   
----------------
\Gamma |- e: t2

• The problem with subtyping is that type A is a subtype of itself.

(~A)
..
#
---
A

(~A)
..
#
-----------
not not a:A

• If you are doing analysis on a program, you cannot do a good job because you don't have enough hooks there. That's why we want to add annotations (or specific constructs). In proof checkers you provide these constructs.
• That is also the difference between partial evaluation and multistage programming.
• The above is not even Hindley Milner because we don't have polymorphism.
• Combining polymorphism with subtyping is harder.

A Monadic Approach to Avoiding Code Duplication

Authors	Walid Taha, et. al.
Speaker	Jun
Scribe	Angela, Raj
Date	2008/2/27

• Comments from Walid for the problems and solutions
  • The problem is staging will introduce some duplicated code and computation.
  • FIX: CPS conversion before staging.
  • Factoring out memorization code to Y combinator can widen the applicable range of the method.
  • Monad is a way to cleanly encapsulate the transformations, and hidden away some ugly code, which also reduce the odds of making mistakes in transformation.
• Raj asked why compiler cannot eliminate the duplicated computation by common expression elimination.
  • Walid explained that though the compiler elimination can lead to linear code, but since the duplicated code before elimination is exponential, to go through those expression and compress them should cost exponential time.

SLB visiting

Speaker	Hifzi, Roger, Devika, Marcie, Lydia
Scribe	Angela
Date	2008/2/29

• shyam will send a people to help doing automation and look and Acumen and use it

Hifzi:

• Oil demand and E&P Expenditure -- A Macro View
  • lack of enough supplies.
  • Resources to Reserves -- Challenges Facing the Industry
  • U.S. Gas Decline Rate: "Treadmill Effect"
  • 50% of current production is from last 3 years.
• Gas
  • 34% of all gas fields are classified as tight (<10mD)
  • 32% of all gas fields are classified as sour (1000ppm H2S)
  • 10% of all gas fields are classified as acidic (>10% CO2)
  • 2%? high pressure, high temperature.
• SLB at a Glance
  • 2006 financial highlights: Revenue 19.2 B Net income 3709M
• Areas of technology focus
  • Exploration appraisal,
  • maximize recovery
  • production enhancement
  • unconventional Hydrocarbons
  • challenging environments
• Research, integration, technology and Manufacturing centers
  • 5 research centers: Boston, Cambridge UK, Taiwai, Moskon, Oslosral
  • 7 integration centers: IPC, SPC, for e.g.. Paris, Japan, etc.
  • 15 technology centers: not all activities, just focus on one type of business, or discipline.
  • 25 Manufacturing centers. One in Houston
• IPC - A multi-site technology center
  • Sugarland, has three tech. center report to it.
  • 6 product lines, serve diff SLB segments
• ICP Human Resources Global Data
  • R&D Education 0.2 PhD^?, 0.34 MS, 0.46 BS.
  • Diversity - 43 Nationalities 0.49 U.S.,
• Cables (product line)
  • all the marine cables (drug and power)
  • wireline cables.
• Conveyance & Intervention
  • tractors.
  • different interventions
• Chemistry (Unconventional reservior)
  • Matrix Acidizing
  • Water & Soale Control
  • Reactive Liquid Acid
• Surface Equipment & Trucks
  • Stimulation Unit, Cementing, wirline, stimulation vessel, coiled Unit.
• Acquisition Software & Hardware
  • telemetry, software,
• Design & Interpretation Software
  • only group on sw side of business, developing need domain experts.
  • modeling for reservoirs, some for modeling tools
  • weston geko (apply to specific jobs)
• Commitment to Research comes from the roots
  • "I agree to disburse to my sons, conrad and Marcel, the funds necessary for research study in view of determing the nature of the subsurface, in amount not exceeding five hundred..."

Roger:

• Cased hole -- tractor and mechanical services -- Methods of Conveyance
  • Slickline, wireline -gravity, Tough logging conditions system, Logging while fishing, Coil tubing, tractor Deviation and more Complex wells Slickline
  • Fast efficient rig up requireing minimal equipment and crew
  • Limited to push/pull maintenance and remedial work operations or memory PLT
  • Limited deviation intervention dependent on operation.
• Tough Logging Conditions
  • typically use to convey tool strings into open hole for formation evaluation where gravity assist will not work
  • Slow and expensive due to trip time of pipe - 3 minutes per stand
  • Bend because of rotating.
• Logging while fishing
  • Used to open the envelope of gravity assist.
  • If tool gets stuck, fish with reverse cut and thread and continue logging operation at same time.
  • If performed slower than a convertional TLC operation.
• Coiled Tubing Logging (long continuous)
  • Proven system for logging in deviated wells
  • Main application for logging in producing wells
  • Considerable equipment and personnel requirement.
  • Limited reach due to helical lock up
  • Possibel to pomp e-line
• Wireline
  • Const effective, fast: converyance of tools on wireline using gravity to run to TD.
  • Limited by deviation and borehole profile
• Surface unit and rigup
• Basic Wireline cables
  • constructed from a range of conductor, insulation, jacket and armor materials
  • provides electrical connection betwen tools and surface data processing equipment
  • Mechanical connection with downhole tools
  • depth measurements
  • available in three distinct configurations, heptacable, monocable and coaxial cable
• Tractor
  • Extends use of gravity assist by use of downhole tool to push tool and drag cable in well
  • Minimal additional resuources required at well site.
  • Not suited to all applications.
  • reciprocating grip and continuous drive
• Tractor Physics
  • Tractor force is the sum of
    • cable drag
    • weight of tool string x friction ffactor
    • addtional drag factors
• Wireline conveyance (skipped)
  • Highly deviated wells market
• Camming principle - the SLCD
  • The MaxTRAC^? PSTT-S uses cams for its gripping mechanism
  • The camming principle is similar to that as used by rock climebers for fall protection
  • Once the cam is installed in place, any pull against the cam locks it harder in place
  • MaxTRAC^? opening and grip
• Inchworm mechanism
  • Direction of tractoring
    • tractor sonde, grip section, sonde on power strike, grip section activated to lock out
• Upper Sonde Power Stroke
• Open hole can be very discontinuous and unexpected.

• -Do you have sensors.
  • Yes, e.g. Pressure sensors
• -Where comes the pressure?
  • The mud.
• -Open hole, why not preliminary
  • Completion

Devika

• • Limited sensing, possibility of which kind of control can work
  • Adaptive embedded system: anticipated situations
  • Goal: to build systems that "learn from experience."
  • The system dynamics changes a lot
  • How about the sensors are not functioning
  • Abrupt shifts in GPS data quality when satellites drop

Marcie

• Haptic feedback in virtual environments
  • Development of robotic systems for training and rehabilitation of arm movements via shared control
    • for haptic assistance
  • A human operator, interacting with a virtual environment, feels force feedback from the system, and feels
    • the haptic assistance
  • Shared control, used effectively during training, can be leveraged to affect rate of internal model
    • formation and thereby speed learning of manual control tasks.
  • Shared control assist utilizes all
• Shared control methodologies
  • Study human performance and acquisition of sensorimotor tasks in real and virtual environments
  • Analyze human motion data and performance of various skills by different performance groups
  • Develop more accurate models of sensorimotor skill acquisition of computation
• MIME/RiceWrist Integrated System
  • Passive mode
  • Triggered Mode
  • Develop control algorithms for strike rehabilitation
  • Analyze movement data from clinical trials to measure motor retracting via rehabilitation protocols
• Rice Nanomanipulation System
  • Calibrate vision-based force sensing scheme to measure contact forces with environment
  • Address mismatch in force data acquisition rates via
• Research: Dynamic system, control, and robotics
  • Design, lumped parameter modeling system identification and control of haptic interfaces
  • Potential Applications
    • Space telerobotics
    • Vehicle and aircraft cockpits
  • Utility of Haptic Feedback:
    • Situational awareness
    • Performance enhancement
    • Primary and secondary controls
• Surgical teleoperation
• Surgical teleoperation test bed

Lydia

• www.kavrakilab.org
• Physical and Biological Computing
  • Make computers able to reason about the physical world
  • Application areas: Robotics, Bioinformatics
  • At the interestion of algorithms, geometry, graphics,
• Robotics
• Planning with Mathematical knots

Lustre: Semantics of Synchronous Languages

Authors	Caspi D. Pilaud, N. Halbwachs, J.A. Plaice
Speaker	Gregory M. Malecha
Scribe	Angela
Date	2008/3/12

• Page 4, comments: the "1" on the left side of array is different from the "1"s on the right. The former is a stream, the later is a data value.
• Page 5, comments, operation on nil will fail as a whole, not just for the first element.
• Page 8, there is a "current" operation which behaves as a compliment of "when". Also, undefined value is different from nil, though operations fail on both.
• Page 10
  • Walid: Why not do stream operation in Ucello. Greg: We can do that. Walid: Church encoding of streams may be used.
  • Walid: How clock gets to work here? Greg: Clock in latches.
    • Choice between old value and new value.
    • In circuits, delays are not generally the same. Placement of latches can be used to decide the delay.
• Page 11, Walid: This is a good starting point. We need to push further after this talke.
  • Translations based on these ideas
  • Keep kernel of Ucello small and simple, freedom in developing renderings further.
  • Take advantages of Ucello infrastructure.

Formal Verification of Dynamic Properties in an Aerospace Application

Authors	Simin Nadjm-Tehrani, Jan-Erik Strömberg
Speaker	Alex Stoll
Scribe	Jun
Date	2008/3/17

(Paper's) Thesis: it's a good idea to model the physical environment of the software; bond graphs give a concise description of the system and a pathway to translation to mathematics.

The Steps they use:

• model system in schematic diagram
• turn diagram into bond graph
• convert to extended duration calculus
• verify
• code generation

Bond graphs represent the system as a electrical circuit-like combination of primitive elements. It allows for precise math/physical interpretation while being intuitive.

A bond graph is basically a directed graph:

• nodes = degenerate primitive energy processes
• bonds = potential flow of energy, including direction

Generalized power variables are associated to each arc:

• e:effort
• f:flow
• |ef|:magnitude of power (in Watts)

single arrow: power, double arrow : control

Primitive elements: elements are idealized components, namely

• sources
• storages
• dissipation
• conversion
• distributions (junctions)

slide: things are in time domain; x is the reading on the accumulator

Example: we look at the graph and extract equations a la Kirchoff's laws in electrical engineering (each element type gives a different set of equations, except junctions which have a standard set of equations; one for flow, one for effect).

Walid: Translation of mechanical systems to bond graphs is mathematically similar or equivalent to circuit -> graph translation. This is an interesting problem that Uccello may be able to attack.

Bond graph theory comes with algorithms for assigning causality to variables, which can reduce the number of equations extracted from the bond graph, sometimes dramatically. This makes it easier to map to a computation. Classical algorithm: Sequential Causality Assignment Procedure (SCAP).

Walid & Corky: This sounds fishy. Why do we have to think of `causality' when you're just solving a system of equations? (The paper cites van Dijk's Ph.D. thesis "On the role of bond graph causality in modelling mechatronic systems"; no downloadable copy found)

Switched bond graphs are extended bond graphs for mode-switching systems. It has a new ideal element : ideal generalized switch.

Extended duration calculus uses interval temporal logic for real-time systems verification; system specs are formulated and proved using temporal logic.

Walid: Here's a crucial question that needs to be answered clearly and explicitly (but is not): What is their proposed method for modeling & verification? Is it meant for computer scientists or mechanical engineers?

Walid: Do you (Alex) think you (as a mechE) could write these logcial equations yourself? Alex: probably.

Topics for next semester (Fall 2008)

People	Corky, Walid, Gregory, Raj, Jun, Angela
Scribe	Angela

• Topics that our research group is interested in:
  • MSP for OO
    • Extensible parsing
    • Converge (Jun)
  • PSC: physical safety computing
    • Filipe Luiz's thesis (Angela)
    • Reasoning about stability
    • Reasoning about simulation
  • Concoction: indexed type
  • Theorem proving
  • device drivers
  • HWDL
    • Constraint solving: 1980 Nelson & Oppen (Jun?)
  • Functional MSP
    • Liang & Hudak & Jones
    • Monad transformer (Jun)
    • Monadic interpreter. (Jun)
  • compiling dynamic language
    • Dynamic typing with dependent types
  • DSLs broadly. Let me know if you are interested in a particular domain.
  • DSL for bioinformatics
  • Visual/graph-based language

Intro to Dynamic System Stability

People	Josh, Walid, Gregory, Raj, Jun, Angela
Speaker	Josh
Scribe	Jun

The purpose of this talk is to give a brief introduction to techniques for determining if (or rather, proving that) a dynamic system is stable.

Types of Stability

• Global stability
  • fcn stays within some neighborhood of an equilibrium

• Asymptotic stability
  • special form of global stability
  • global, function decays to equilibrium

• Exponential Stablity
  • special form of asymptotic stability
  • decay is exponential

stability criteria for linear systems

• pole (singularity) placement: all eigenvalues have negative real part

• Routh-Hurwitz (Same stuff as above, but easier to compute; doesn't require computing roots) only for single-input single-output systems

Digression: intro to linear systems by Walid

A linear system is one that is described by a system of linear differential equations.

The Laplace transform of a system of linear DEs is a (set of) polynomial equations, which is particularly easy to handle; so engineers approximate things towards linearity.

Criteria for Nonlinear Systems

*Lyapunov candidate function V(x)

• • Usually energy content or an overestimate thereof
  • Positive definite V(x) >= 0
  • Derivative is negative definite dV(x)/dt < x

• dV(x)/dt = 0 allows for marginally stable (oscillatory) systems

Example

The simple pendulum: we have a mass m attached to a frictionless pivot by a rigit rod of length l. The position of the mass is given by the angular displacement \theta from some point of reference, usually the mass-at-bottom configuration.

Jun: the "closed form" solutions to this system is given in terms of the Jacobi theta functions, which are analytically rather nasty.

The system is nonlinear, with a well-known linearization for small \theta, which is essentially sin\theta \approx \theta.

(See slides for graph) No control, starting at top: nonlinear system converges to the equilibrium (mass at bottom), but linearization diverges

No control, starting at an angle (stable): both linear and nonlinear converge to the bottom

E = mgl(1-\cos\theta) + (m l^2 \theta'^2) / 2 linearize to E = mgl |\theta| + (m l^2 \theta'^2) / 2

This is an overestimate so can be used as Lyapunov candidate function, only under the assumption that |\theta| is small. The derivative of |\theta| at zero is handled by putting an envelope.

Walid: how do you know your linearization is a proper overestimation, analytically? (How would you prove it?) How would we analyize this system under discretized external influence?

Fault Tolerance

People	Robert Hanmer, Walid, Corky, Raj, Cherif, Jun, Angela
Speaker	Robert Hanmer
Scribe	Walid, Cherif (typing in notes)

• Recent IEEE annals of the history of computing
  • 4 page article starting at page 92
• Patterns for Fault Tolerant Software by Robert Hanmer

• 4ESS switch
  • Jim Caplin inspired the patterns
  • Ralf Johnson saw them as new
  • Patterns
  • Data Structures
    • Call register (Primary call object). For fault tolerance: doubly linked list to facilitate repairing in case of a broken link.
  • Event Procession, uni-processor system
  • Tandem fault tolerance
• Concurrency in telephone switches:
  • Lots of calls being started at the same time
  • Real timing switching multiplexing because of time sharing
  • Concurrency is relevant in standing to routing calls
  • 4ESS: Round robin queue, with regular check for higher priority by events
• Quality: is generally achieved through process
• Fault tolerance: is part of specification
• Fault tolerance: to operate even parts of system is down
• Working on techniques that Martin Rinard has been looking at in the last couple years
• There is no one pattern for making sure that all errors are handled
  • This could be area for us to continue discussions
• Mean time to repair was always something around 2 hours:
  • So practical failure rate us once in 40 years
  • Shorter failures also exist
• Other books focus on modeling failure rates (like Michael Lynn's book)
• Cascading failures can be a much bigger problem than local failures. Jan 15, 1991, C Software had a new condition and it didn't terminate properly: Western half of US lost long-distance communications
• 911 systems (local) are life critical, and so service full system failure is much worse undesirable
• Design software to allow maximum user intervention
• Error detection: What do we do to detect errors?
• Checkout software engineering radio