SOTA temporal logic: replace speculative FRET/Pressburger claims with LTL operators from RA, cite Baier 2008
This commit is contained in:
parent
df129dadd9
commit
115ba4e8bb
@ -161,31 +161,28 @@ primary assurance evidence remain as significant challenges.
|
||||
Formal verification of any system requires a precise language for stating
|
||||
what the system must do. Temporal logic provides this language by extending
|
||||
classical propositional logic with operators that express properties over
|
||||
time. Where propositional logic can state that a condition is true or false,
|
||||
temporal logic can state that a condition must always hold, must eventually
|
||||
hold, or must hold until some other condition is met. This expressiveness
|
||||
makes temporal logic the foundation for specifying reactive systems---systems
|
||||
that continuously interact with their environment and must satisfy ongoing
|
||||
behavioral requirements.
|
||||
|
||||
For nuclear control applications, temporal logic captures exactly the kinds
|
||||
of properties that matter: safety properties (``the reactor never enters an
|
||||
unsafe configuration''), liveness properties (``the system eventually reaches
|
||||
operating temperature''), and response properties (``if coolant pressure
|
||||
drops, shutdown initiates within bounded time''). These properties can be
|
||||
derived directly from operating procedures and regulatory requirements,
|
||||
creating a formal link between existing documentation and verifiable system
|
||||
behavior.
|
||||
|
||||
NASA's Formal Requirements Elicitation Tool (FRET) bridges the gap between
|
||||
natural language requirements and temporal logic specifications. FRET
|
||||
provides a structured intermediate language that allows engineers to define
|
||||
temporal behavior without writing raw logic formulas. The HARDENS project
|
||||
used FRET for requirement capture, and it has been validated on aerospace
|
||||
systems including a Lift+Cruise aircraft with 53 formalized
|
||||
requirements~\cite{Pressburger2023}. FRET's ability to start with imprecise
|
||||
natural language and iteratively refine it into well-posed specifications
|
||||
makes it particularly suited to formalizing nuclear operating procedures.
|
||||
time~\cite{baier_principles_2008}. Where propositional logic can state that
|
||||
a condition is true or false, temporal logic can state that a condition must
|
||||
always hold, must eventually hold, or must hold until some other condition is
|
||||
met. Linear temporal logic (LTL) formalizes these notions through four key
|
||||
operators:
|
||||
\begin{itemize}
|
||||
\item $\mathbf{X}\phi$ (next): $\phi$ holds in the next state
|
||||
\item $\mathbf{G}\phi$ (globally): $\phi$ holds in all future states
|
||||
\item $\mathbf{F}\phi$ (finally): $\phi$ holds in some future state
|
||||
\item $\phi \mathbf{U} \psi$ (until): $\phi$ holds until $\psi$ becomes
|
||||
true
|
||||
\end{itemize}
|
||||
These operators allow specification of safety properties ($\mathbf{G}\neg
|
||||
\text{unsafe}$), liveness properties ($\mathbf{F}\text{target}$), and
|
||||
response properties ($\mathbf{G}(\text{trigger} \rightarrow
|
||||
\mathbf{F}\text{response})$). For nuclear control, this expressiveness
|
||||
captures exactly the kinds of requirements that matter: the reactor must
|
||||
never enter an unsafe configuration, the system must eventually reach
|
||||
operating temperature, and if coolant pressure drops, shutdown must initiate
|
||||
within bounded time. These properties can be derived directly from operating
|
||||
procedures and regulatory requirements, creating a formal link between
|
||||
existing documentation and verifiable system behavior.
|
||||
|
||||
\subsubsection{Differential Dynamic Logic}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user