-Complete Decision Procedure and dReal Damien Zufferey MIT CSAIL - PowerPoint PPT Presentation

δ-Complete Decision Procedure and dReal Damien Zufferey MIT CSAIL ARSBM 2016, 20 Sept 2016 Based on the work of Sicun Gao and Soonho Kong

Outline ● Interval constraints propagation (ICP) – Branch and Prune Algorithm – Completeness – dReal Example ● Adding ODEs – dReach Example – SMT encoding ● dReal Tricks

Interval Constraints Propagation ● Search for a solution using – Pruning: interval arithmetic to prune the search space . – Branching: when pruning is stuck, split the domain of a variable and continue recursively . ● Interval arithmetic on double precision numbers – Rounding errors taken into account – dReal uses IBEX and CAPD libraries ● Use δ>0 to guarantee the termination

Branch and Prune ICP D D prune branch D D ₁ D ₂

Branch-and-Prune Example B A

Branch-and-Prune Example Prune by B B A

Branch-and-Prune Example Prune by B Prune by A B A

Branch-and-Prune Example Prune by B Prune by A B Branch A

Branch-and-Prune Example Prune by B Prune by A B Branch A Prune by A

Branch-and-Prune Example Prune by B Prune by A B Branch A Prune by A Prune by B

Branch-and-Prune Example Prune by B Prune by A B Branch A Prune by A Prune by B Prune by A

Branch-and-Prune Example Prune by B Prune by A B Branch A Prune by A Prune by B Prune by A Prune by B

Completeness ● δ-satisfiability is NP (PSpace with ODE). ● Idea: – If we can guess a small enough box containing the solution, we can check it in polynomial time using interval arithmetic. – If the problem is unsatisfiable, we need to explore a potentially exponential number of small boxes and show that all of them are empty. ● Takeaway message: Nonlinear theories over the reals are just polynomially harder than SAT.

dReal ● Description: http://dreal.github.io/ ● Getting the tool: https://github.com/dreal/dreal3 ● GPL3 license ● Runs natively on Linux and Mac ● Runs on Windows via Docker

dReal Frontends ● SMT2 ● dr ( s e t - l o g i c Q F _ N R A ) ( d e c l a r e - f u n x ( ) R e a l ) v a r : ( d e c l a r e - f u n y ( ) R e a l ) [ 2 . 4 , 2 . 6 ] x ; ( a s s e r t ( < 2 . 4 x ) ) [ - 1 0 , 1 0 ] y ; ( a s s e r t ( < x 2 . 6 ) ) c t r : ( a s s e r t ( < - 1 0 . 0 y ) ) y = c o s ( x ) ; ( a s s e r t ( < y 1 0 . 0 ) ) ( a s s e r t ( a n d ( = y ( c o s x ) ) ) ) ( c h e c k - s a t ) ( e x i t )

dReal Example

What We Support ● Types: Real, Int, Bool – Int are handled in the ICP by a special contractor. – Bool are handled before the ICP by a SAT solver. NRA solver prune SAT solver ● Functions: polynomials, trigonometric functions, logarithms, … (We will discuss very soon about the ODEs.)

ODEs and dReach ● dReal support ODEs directly in the SMT2 interface with a Q logic but the F _ N R A _ O D E notation is non-standard. ● The dReach tool is much more user-friendly. ● dReach is a BMC that generates a dReal query from an hybrid automata

dReach Syntax

dReach Syntax [ 0 , 2 0 ] x ; [ - 9 . 8 ] g ; [ - 1 0 0 , 1 0 0 ] v ; [ 0 , 1 0 ] t i m e ;

dReach Syntax { m o d e 2 ; [ 0 , 2 0 ] x ; i n v t : [ - 9 . 8 ] g ; ( v > = 0 ) ; [ - 1 0 0 , 1 0 0 ] v ; ( x > = 0 ) ; [ 0 , 1 0 ] t i m e ; f l o w : d / d t [ x ] = v ; { m o d e 1 ; d / d t [ v ] = g ; i n v t : j u m p : ( v < = 0 ) ; ( v = 0 ) = = > ( x > = 0 ) ; @ 1 ( a n d ( x ' = x ) f l o w : ( v ' = v ) ) ; d / d t [ x ] = v ; } d / d t [ v ] = g ; j u m p : ( x = 0 ) = = > @ 2 ( a n d ( x ' = x ) ( v ' = ( 0 - v ) ) ) ; }

dReach Syntax { m o d e 2 ; [ 0 , 2 0 ] x ; i n v t : [ - 9 . 8 ] g ; ( v > = 0 ) ; [ - 1 0 0 , 1 0 0 ] v ; ( x > = 0 ) ; [ 0 , 1 0 ] t i m e ; f l o w : d / d t [ x ] = v ; { m o d e 1 ; d / d t [ v ] = g ; i n v t : j u m p : ( v < = 0 ) ; ( v = 0 ) = = > ( x > = 0 ) ; @ 1 ( a n d ( x ' = x ) f l o w : ( v ' = v ) ) ; d / d t [ x ] = v ; } d / d t [ v ] = g ; j u m p : i n i t : ( x = 0 ) = = > @ 1 ( a n d ( x = 1 0 ) ( v = 0 ) ) ; @ 2 ( a n d ( x ' = x ) g o a l : ( v ' = ( 0 - v ) ) ) ; @ 2 ( a n d ( x = 1 ) ( v > = 1 ) ) ; }

dReach Example

SMT Encoding (1) ● Variables ( d e c l a r e - f u n m o d e _ ( ) R e a l ) i ( d e c l a r e - f u n t i m e _ ( ) R e a l ) i ( d e c l a r e - f u n x _ _ 0 ( ) R e a l ) i ( d e c l a r e - f u n x _ _ t ( ) R e a l ) i ( d e c l a r e - f u n v _ _ 0 ( ) R e a l ) i ( d e c l a r e - f u n v _ _ t ( ) R e a l ) i ● Mode invariants ( a s s e r t ( a n d ( f o r a l l _ t 1 [ 0 t i m e _ ] ( > = x _ _ t 0 ) ( < = v _ _ t 0 ) ) i i i ( f o r a l l _ t 2 [ 0 t i m e _ ] ( > = x _ _ t 0 ) ( > = v _ _ t 0 ) ) i i i ) )

SMT Encoding (2) ● Flow declaration ( d e c l a r e - f u n x ( ) R e a l ) ( d e c l a r e - f u n v ( ) R e a l ) ( d e f i n e - o d e f l o w _ 1 ( ( = d / d t [ x ] v ) ( = d / d t [ v ] g ) ) ) ( d e f i n e - o d e f l o w _ 2 ( ( = d / d t [ x ] v ) ● Jump conditions ( = d / d t [ v ] g ) ) ) ( a s s e r t ( o r ( a n d ( = m o d e _ 1 ) ( = m o d e _ 2 ) ( = x _ _ t 0 ) i j i ( = x _ _ 0 x _ _ t ) ( = v _ _ 0 ( - v _ _ t ) ) ) j i j i ( a n d ( = m o d e _ 2 ) ( = m o d e _ 1 ) ( = v _ _ t 0 ) i j i ( = x _ _ 0 x _ _ t ) ( = v _ _ 0 v _ _ t ) ) ) ) j i j i

SMT Encoding (3) ● Connecting the flows ( a s s e r t ( o r ( a n d ( = m o d e _ 1 ) i ( = [ x _ _ t v _ _ t ] ( i n t e g r a l 0 . t i m e _ [ x _ _ 0 v _ _ 0 ] f l o w _ 1 ) ) ) i i i i i ( a n d ( = m o d e _ 2 ) i ( = [ x _ _ t v _ _ t ] ( i n t e g r a l 0 . t i m e _ [ x _ _ 0 v _ _ 0 ] f l o w _ 2 ) ) ) i i i i i ) ) ● Other elements – Initial and final conditions – Bounds for all the variables – ...

ODEs, dReal, and Completeness is just a pruning operator over the domain

dReal Tricks ● Julia bindings, C API, etc. ● Precision (δ) – Option: - - p r e c i s i o n 0 . 1 – In SMT file: ( s e t - o p t i o n : p r e c i s i o n 0 . 1 ) ● Model Generation – Option: - - m o d e l ● Polytope contractor – Option: - - p o l y t o p e ● Branching heuristics – Options: - , - - g r a d b r a n c h - s c o r i n g - i c p

What Comes Next ● More efficient search heuristics (!!!) ∃∀ formula ● ● More parallelism ● ...

Conclusion ● dReal is an SMT solver for nonlinear theories over the reals ● dReach is a bounded model checker for hybrid systems. dReach uses dReal as backend. ● If you have questions, contact us by email, open issues on github. Pull-requests on github are also welcome.