-Complete Decision Procedure and dReal Damien Zufferey MIT CSAIL - - PowerPoint PPT Presentation

δ-Complete Decision Procedure and dReal

Damien Zufferey

MIT CSAIL

ARSBM 2016, 20 Sept 2016 Based on the work of Sicun Gao and Soonho Kong

Outline

• Interval constraints propagation (ICP)

– Branch and Prune Algorithm – Completeness – dReal Example

• Adding ODEs

– dReach Example – SMT encoding

• dReal Tricks

Interval Constraints Propagation

• Search for a solution using

– Pruning: interval arithmetic to prune the search space. – Branching: when pruning is stuck, split the domain of a

variable and continue recursively.

• Interval arithmetic on double precision numbers

– Rounding errors taken into account – dReal uses IBEX and CAPD libraries

• Use δ>0 to guarantee the termination

Branch and Prune ICP

D prune D D branch D₁ D₂

Branch-and-Prune Example

A B

Branch-and-Prune Example

A B Prune by B

Branch-and-Prune Example

A B Prune by B Prune by A

Branch-and-Prune Example

A B Prune by B Prune by A Branch

Branch-and-Prune Example

A B Prune by B Prune by A Branch Prune by A

Branch-and-Prune Example

A B Prune by B Prune by A Branch Prune by A Prune by B

Branch-and-Prune Example

A B Prune by B Prune by A Branch Prune by A Prune by B Prune by A

Branch-and-Prune Example

A B Prune by B Prune by A Branch Prune by A Prune by B Prune by A Prune by B

Completeness

• δ-satisfiability is NP (PSpace with ODE).
• Idea:

– If we can guess a small enough box containing the solution,

we can check it in polynomial time using interval arithmetic.

– If the problem is unsatisfiable, we need to explore a

potentially exponential number of small boxes and show that all of them are empty.

• Takeaway message:

Nonlinear theories over the reals are just polynomially harder than SAT.

dReal

• Description: http://dreal.github.io/
• Getting the tool: https://github.com/dreal/dreal3
• GPL3 license
• Runs natively on Linux and Mac
• Runs on Windows via Docker

dReal Frontends

• SMT2
• dr

( s e t

• l
• g

i c Q F _ N R A ) ( d e c l a r e

• f

u n x ( ) R e a l ) ( d e c l a r e

• f

u n y ( ) R e a l ) ( a s s e r t ( < 2 . 4 x ) ) ( a s s e r t ( < x 2 . 6 ) ) ( a s s e r t ( <

• 1

. y ) ) ( a s s e r t ( < y 1 . ) ) ( a s s e r t ( a n d ( = y ( c

• s

x ) ) ) ) ( c h e c k

• s

a t ) ( e x i t ) v a r : [ 2 . 4 , 2 . 6 ] x ; [

• 1

, 1 ] y ; c t r : y = c

• s

( x ) ;

dReal Example

What We Support

• Types: Real, Int, Bool

– Int are handled in the ICP by a special contractor. – Bool are handled before the ICP by a SAT solver.

• Functions:

polynomials, trigonometric functions, logarithms, … (We will discuss very soon about the ODEs.)

prune SAT solver NRA solver

ODEs and dReach

• dReal support ODEs directly in the SMT2

interface with a Q F _ N R A _ O D E logic but the notation is non-standard.

• The dReach tool is much more user-friendly.
• dReach is a BMC that generates a dReal query

from an hybrid automata

dReach Syntax

dReach Syntax

[ , 2 ] x ; [

• 9

. 8 ] g ; [

• 1

, 1 ] v ; [ , 1 ] t i m e ;

dReach Syntax

{ m

• d

e 1 ; i n v t : ( v < = ) ; ( x > = ) ; f l

• w

: d / d t [ x ] = v ; d / d t [ v ] = g ; j u m p : ( x = ) = = > @ 2 ( a n d ( x ' = x ) ( v ' = (

• v

) ) ) ; } [ , 2 ] x ; [

• 9

. 8 ] g ; [

• 1

, 1 ] v ; [ , 1 ] t i m e ; { m

• d

e 2 ; i n v t : ( v > = ) ; ( x > = ) ; f l

• w

: d / d t [ x ] = v ; d / d t [ v ] = g ; j u m p : ( v = ) = = > @ 1 ( a n d ( x ' = x ) ( v ' = v ) ) ; }

dReach Syntax

{ m

• d

e 1 ; i n v t : ( v < = ) ; ( x > = ) ; f l

• w

: d / d t [ x ] = v ; d / d t [ v ] = g ; j u m p : ( x = ) = = > @ 2 ( a n d ( x ' = x ) ( v ' = (

• v

) ) ) ; } [ , 2 ] x ; [

• 9

. 8 ] g ; [

• 1

, 1 ] v ; [ , 1 ] t i m e ; { m

• d

e 2 ; i n v t : ( v > = ) ; ( x > = ) ; f l

• w

: d / d t [ x ] = v ; d / d t [ v ] = g ; j u m p : ( v = ) = = > @ 1 ( a n d ( x ' = x ) ( v ' = v ) ) ; } i n i t : @ 1 ( a n d ( x = 1 ) ( v = ) ) ; g

• a

l : @ 2 ( a n d ( x = 1 ) ( v > = 1 ) ) ;

dReach Example

SMT Encoding (1)

• Variables
• Mode invariants

( d e c l a r e

• f

u n m

• d

e _ i ( ) R e a l ) ( d e c l a r e

• f

u n t i m e _ i ( ) R e a l ) ( d e c l a r e

• f

u n x _ i _ ( ) R e a l ) ( d e c l a r e

• f

u n x _ i _ t ( ) R e a l ) ( d e c l a r e

• f

u n v _ i _ ( ) R e a l ) ( d e c l a r e

• f

u n v _ i _ t ( ) R e a l ) ( a s s e r t ( a n d ( f

• r

a l l _ t 1 [ t i m e _ i ] ( > = x _ i _ t ) ( < = v _ i _ t ) ) ( f

• r

a l l _ t 2 [ t i m e _ i ] ( > = x _ i _ t ) ( > = v _ i _ t ) ) ) )

SMT Encoding (2)

• Flow declaration
• Jump conditions

( d e c l a r e

• f

u n x ( ) R e a l ) ( d e c l a r e

• f

u n v ( ) R e a l ) ( d e f i n e

• d

e f l

• w

_ 1 ( ( = d / d t [ x ] v ) ( = d / d t [ v ] g ) ) ) ( d e f i n e

• d

e f l

• w

_ 2 ( ( = d / d t [ x ] v ) ( = d / d t [ v ] g ) ) ) ( a s s e r t (

• r

( a n d ( = m

• d

e _ i 1 ) ( = m

• d

e _ j 2 ) ( = x _ i _ t ) ( = x _ j _ x _ i _ t ) ( = v _ j _ (

• v

_ i _ t ) ) ) ( a n d ( = m

• d

e _ i 2 ) ( = m

• d

e _ j 1 ) ( = v _ i _ t ) ( = x _ j _ x _ i _ t ) ( = v _ j _ v _ i _ t ) ) ) )

SMT Encoding (3)

• Connecting the flows
• Other elements

– Initial and final conditions – Bounds for all the variables – ...

( a s s e r t (

• r

( a n d ( = m

• d

e _ i 1 ) ( = [ x _ i _ t v _ i _ t ] ( i n t e g r a l . t i m e _ i [ x _ i _ v _ i _ ] f l

• w

_ 1 ) ) ) ( a n d ( = m

• d

e _ i 2 ) ( = [ x _ i _ t v _ i _ t ] ( i n t e g r a l . t i m e _ i [ x _ i _ v _ i _ ] f l

• w

_ 2 ) ) ) ) )

ODEs, dReal, and Completeness

is just a pruning operator over the domain

dReal Tricks

• Julia bindings, C API, etc.
• Precision (δ)

– Option: -

• p

r e c i s i

• n

. 1

– In SMT file: (

s e t

• p

t i

• n

: p r e c i s i

• n

. 1 )

• Model Generation

– Option: -

• m
• d

e l

• Polytope contractor

– Option: -

• p
• l

y t

• p

e

• Branching heuristics

– Options: -

• g

r a d b r a n c h , -

• s

c

• r

i n g

• i

c p

What Comes Next

• More efficient search heuristics (!!!)
• ∃∀ formula
• More parallelism
• ...

Conclusion

• dReal is an SMT solver for nonlinear theories
• ver the reals
• dReach is a bounded model checker for hybrid
• systems. dReach uses dReal as backend.
• If you have questions, contact us by email,
• pen issues on github. Pull-requests on github

are also welcome.