Nonlinear real arithmetic and -satisfiability Paolo Zuliani School - - PowerPoint PPT Presentation

Nonlinear real arithmetic and δ-satisfiability Paolo Zuliani

School of Computing Science Newcastle University, UK (Slides courtesy of Sicun Gao, MIT)

1 / 26

Introduction

◮ We use hybrid systems for modelling and verifying biological

system models

◮ prostate cancer therapy ◮ psoriasis UVB treatment

◮ Hybrid systems combine continuous dynamics with discrete

state changes

2 / 26

Why Nonlinear Real Arithmetic and Hybrid Systems? (I)

A prostate cancer model1 dx dt =

• αx

1 + e(k1−z)k2 − βx 1 + e(z−k3)k4 − m1

• 1 − z

z0

• − c1
• x + c2

dy dt =m1

• 1 − z

z0

• x +
• αy
• 1 − d0

z z0

• − βy
• y

dz dt = − zγ − c3 v =x + y

◮ v - prostate specific antigen (PSA) ◮ x - hormone sensitive cells (HSCs) ◮ y - castration resistant cells (CRCs) ◮ z - androgen

1A.M. Ideta, G. Tanaka, T. Takeuchi, K. Aihara: A mathematical model of intermittent androgen suppression for prostate cancer. Journal of Nonlinear Science, 18(6), 593–614 (2008) 3 / 26

Why Nonlinear Real Arithmetic and Hybrid Systems? (I)

Intermittent androgen deprivation therapy

𝑒𝑇1 𝑒𝑢 = 𝑤01 + 𝑏𝑏1 ∗ 𝑢 𝑒𝑇2 𝑒𝑢 = 𝑤02 𝑒𝑤1 𝑒𝑢 = 𝑏𝑏1 𝑒𝑇1 𝑒𝑢 = 𝑤01 𝑒𝑇2 𝑒𝑢 = 𝑤02 𝑒𝑇1 𝑒𝑢 = 𝑤01 + 𝑏𝑒1 ∗ 𝑢 𝑒𝑇2 𝑒𝑢 = 𝑤02 𝑒𝑤1 𝑒𝑢 = 𝑏𝑒1 𝑒𝑇1 𝑒𝑢 = 𝑤01 + 𝑏𝑒1 ∗ 𝑢 𝑒𝑇2 𝑒𝑢 = 𝑤02 + 𝑏𝑒2 ∗ 𝑢 𝑒𝑤1 𝑒𝑢 = 𝑏𝑒1 𝑒𝑤2 𝑒𝑢 = 𝑏𝑒2 𝑒𝑇2 𝑒𝑢 = 𝑤02 + 𝑏𝑒2 ∗ 𝑢 𝑒𝑤2 𝑒𝑢 = 𝑏𝑒2 𝑤1 = 𝑤𝑛𝑏𝑦 𝑇1 ≥ 𝑇2 + 𝑤01 ∗ 𝑢𝑡𝑏𝑔𝑓 𝑢 = 𝑢𝑠𝑓𝑏𝑑𝑢 𝑤1 = 0

• n-therapy

𝑒𝑦 𝑒𝑢 = 𝛽𝑦 1 + 𝑓 𝑙1−𝑨 𝑙2 − 𝛾𝑦 1 + 𝑓 𝑨−𝑙3 𝑙4 − 𝑛1 1 − 𝑨 𝑨0 − 𝑑1 𝑦 + 𝑑2 𝑒𝑧 𝑒𝑢 = 𝑛1 1 − 𝑨 𝑨0 𝑦 + 𝛽𝑧 1 − 𝑒0𝑨 𝑨0 − 𝛾 𝑧 𝑒𝑨 𝑒𝑢 = −𝑨𝛿 + 𝑑3

• ff-therapy

𝑒𝑦 𝑒𝑢 = 𝛽𝑦 1 + 𝑓 𝑙1−𝑨 𝑙2 − 𝛾𝑦 1 + 𝑓 𝑨−𝑙3 𝑙4 − 𝑛1 1 − 𝑨 𝑨0 − 𝑑1 𝑦 + 𝑑2 𝑒𝑧 𝑒𝑢 = 𝑛1 1 − 𝑨 𝑨0 𝑦 + 𝛽𝑧 1 − 𝑒0𝑨 𝑨0 − 𝛾 𝑧 𝑒𝑨 𝑒𝑢 = 𝑨0 − 𝑨 𝛿 + 𝑑3 𝑦 + 𝑧 ≤ 𝑠0 𝑦 + 𝑧 ≥ 𝑠

1

4 / 26

Why Nonlinear Real Arithmetic and Hybrid Systems? (II)

A model of psoriasis development and UVB treatment2

dSC dt = γ1 ω(1 − SC+λSCd

SCmax

)SC 1 + (ω − 1)( TA+TAd

Pta,h

)n − β1InASC − k1sω 1 + (ω − 1)( TA+TAd

Pta,h

)nSC + k1TA dTA dt = k1a,sωSC 1 + (ω − 1)( TA+TAd

Pta,h

)n + 2k1sω 1 + (ω − 1)( TA+TAd

Pta,h

)n + γ2GA − β2InATA − k2sTA − k1TA dGA dt = (k2a,s + 2k2s)TA − k2GA − k3GA − β3GA dSCd dt = γ1d (1 − SC + SCd SCmax,t SCd − β1d InASCd − k1sd SCd − kpSC2

d

k2

a + SC2 d

+ k1d TAd ) dTAd dt = k1a,sd SCd + 2k1sd SCd + γ2d TAd + k2d GAd − β2d InATAd − k2sd TAd − k1d TAd dGAd dt = (k2a,sd + 2k2sd )TAd − k2d GAd − k3d GAd − β3d GAd

◮ Therapy episode: 48 hours of irradiation + 8 hours of rest

• 2H. Zhang, W. Hou, L. Henrot, S. Schnebert, M. Dumas, C. Heus`

ele, and J. Yang. Modelling epidermis homoeostasis and psoriasis pathogenesis. Journal of The Royal Society Interface, 12(103), 2015. 5 / 26

Why Nonlinear Real Arithmetic and Hybrid Systems? (II)

A model of psoriasis development and UVB treatment2

dSC dt = γ1 ω(1 − SC+λSCd

SCmax

)SC 1 + (ω − 1)( TA+TAd

Pta,h

)n − β1 InASC − k1sω 1 + (ω − 1)( TA+TAd

Pta,h

)nSC + k1TA dTA dt = k1a,sωSC 1 + (ω − 1)( TA+TAd

Pta,h

)n + 2k1sω 1 + (ω − 1)( TA+TAd

Pta,h

)n + γ2GA − β2 InATA − k2sTA − k1TA dGA dt = (k2a,s + 2k2s)TA − k2GA − k3GA − β3GA dSCd dt = γ1d (1 − SC + SCd SCmax,t SCd − β1d InASCd − k1sd SCd − kpSC2

d

k2

a + SC2 d

+ k1d TAd ) dTAd dt = k1a,sd SCd + 2k1sd SCd + γ2d TAd + k2d GAd − β2d InATAd − k2sd TAd − k1d TAd dGAd dt = (k2a,sd + 2k2sd )TAd − k2d GAd − k3d GAd − β3d GAd

◮ Therapy episode: 48 hours of irradiation + 8 hours of rest ◮ Therapy episode = multiply β1 and β2 by a constant InA

• 2H. Zhang, W. Hou, L. Henrot, S. Schnebert, M. Dumas, C. Heus`

ele, and J. Yang. Modelling epidermis homoeostasis and psoriasis pathogenesis. Journal of The Royal Society Interface, 12(103), 2015. 5 / 26

Real-World Applications

◮ Psoriasis Stratification to Optimise Relevant Therapy

(PSORT)

◮ Large (∼£5m) ◮ Primarily biomarkers discovery ◮ We use computational modelling for understanding psoriasis’

mechanisms

6 / 26

Real-World Applications

◮ Psoriasis Stratification to Optimise Relevant Therapy

(PSORT)

◮ Large (∼£5m) ◮ Primarily biomarkers discovery ◮ We use computational modelling for understanding psoriasis’

mechanisms

◮ Personalised ultraviolet B treatment of psoriasis through

biomarker integration with computational modelling of psoriatic plaque resolution

◮ Starts February 2017 ◮ PIs: P.Z. and Nick Reynolds (Institute of Cellular Medicine) ◮ Computational modelling to inform UVB therapies used

in the clinic — real impact on people’s health!

6 / 26

Bounded Reachability

◮ Reachability is a key property in verification, also for hybrid

systems

◮ Reachability is undecidable even for linear hybrid systems

(Alur, Courcoubetis, Henzinger, Ho. 1993)

◮ [Bounded Reachability] Does the hybrid system reach a goal

state within a finite time and number of (discrete) steps?

7 / 26

Bounded Reachability

◮ Reachability is a key property in verification, also for hybrid

systems

◮ Reachability is undecidable even for linear hybrid systems

(Alur, Courcoubetis, Henzinger, Ho. 1993)

◮ [Bounded Reachability] Does the hybrid system reach a goal

state within a finite time and number of (discrete) steps?

◮ “Can a 5-episode UVB therapy remit psoriasis for a year?” 7 / 26

Bounded Reachability

◮ Reachability is a key property in verification, also for hybrid

systems

◮ Reachability is undecidable even for linear hybrid systems

(Alur, Courcoubetis, Henzinger, Ho. 1993)

◮ [Bounded Reachability] Does the hybrid system reach a goal

state within a finite time and number of (discrete) steps?

◮ “Can a 5-episode UVB therapy remit psoriasis for a year?”

◮ Reasoning about nonlinear real arithmetic is hard . . .

7 / 26

Type 2 Computability

Turning machines operate on finite strings, i.e., integers, which cannot capture real-valued functions.

◮ Real numbers can be encoded on infinite tapes.

◮ Real numbers are functions over integers.

◮ Real functions can be computed by machines that take infinite

tapes as inputs, and output infinite tapes encoding the values.

Definition (Name of a real number)

A real number a can be encoded by an infinite sequence of rationals γa : N → Q such that ∀i ∈ N |a − γa(i)| < 2−i.

8 / 26

Type 2 Computability

A function f (x) = y is computable if any name of x can be algorithmically mapped to a name of y

... ... ...

M . . . k input tapes work tapes

• utput tape

fM(y1, . . . , yk) = y y y1 yk

... ...

. . .

... ...

}

}

Writing on any finite segment of the output tape takes finite time.

9 / 26

Type 2 Computability

◮ Type 2 computability implies continuity ◮ “Numerically computable” roughly means Type 2 computable ◮ Approximation up to arbitrary numerical precisions

Ker-I Ko. Complexity Theory of Real Functions. 1991.

10 / 26

Facts

Type 2 Computable:

◮ polynomials, sin, exp, . . . ◮ numerically feasible ODEs, PDEs, . . .

Type 2 Complexity:

◮ sin, exp, etc. are in P[0,1] ◮ Lipschitz-continuous ODEs are in PSPACE[0,1]; in fact, can be

PSPACE[0,1]-complete (Kawamura, CCC 2009). See Ko’s book for many more results . . .

11 / 26

LRF-Formulas (Gao, Avigad, and Clarke. LICS 2012)

Let F be the class of all Type 2 computable real functions.

Definition (LRF-Formulas)

First-order language over >, F: t := x | f (t( x)) ϕ := t( x) > 0 | ¬ϕ | ϕ ∨ ϕ | ∃xiϕ | ∀xiϕ

Example

Let dx/dt = f (x) be an n-dimensional dynamical system. Lyapunov stability is expressed as: ∀ε∃δ∀t∀x0∀xt.

• ||x0|| < δ ∧ xt = x0 +

t f (s)ds

• → ||xt|| < ε

12 / 26

Hybrid Automata

A hybrid automaton is a tuple H = X, Q, {flowq( x, y, t) : q ∈ Q}, {jumpq→q′( x, y) : q, q′ ∈ Q}, {invq( x) : q ∈ Q}, {initq( x) : q ∈ Q}

◮ X ⊆ Rn for some n ∈ N ◮ Q = {q1, ..., qm} is a finite set of modes ◮ Other components are finite sets of quantifier-free

LRF-formulas.

13 / 26

Example: Nonlinear Bouncing Ball

◮ X = R2 and Q = {qu, qd}. ◮ flowqd(x0, v0, xt, vt, t), dynamics in the falling phase:

(xt = x0 + t v(s)ds) ∧ (vt = v0 + t g(1 + βv(s)2)ds)

◮ jumpqu→qd(x, v, x′, v′):

(v = 0 ∧ x′ = x ∧ v′ = v)

◮ invqd: (x >= 0 ∧ v >= 0). ◮ initqd: (x = 10 ∧ v = 0).

14 / 26

Encode Reachability

Continuous case: init( x0) ∧ flow( x0, t, xt) ∧ goal( xt) Make one jump: init( x0) ∧ flow( x0, t, xt) ∧ jump( xt, x′

t) ∧ goal(

x′

t)

15 / 26

Encode Reachability: invariant-free case

∃X x0∃X xt

0 · · · ∃X

xk∃X xt

k∃[0,M]t0 · · · ∃[0,M]tk

• q∈Q
• initq(

x0) ∧ flowq( x0, xt

0, t0)

• ∧

k−1

• i=0
• q,q′∈Q
• jumpq→q′(

xt

i ,

xi+1) ∧ flowq′( xi+1, xt

i+1, ti+1)

• ∧
• q∈Q

(goalq( xt

k))

(There’s some simplification here.)

16 / 26

Difficulty

Suppose F is {+, ×}. R | = ∃a∀b∃c (ax2 + bx + c > 0)?

◮ Decidable [Tarski 1948] but double-exponential lower-bound.

Suppose F further contains sine. R | = ∃x, y, z (sin2(πx) + sin2(πy) + sin2(πz) = 0 x3 + y3 = z3)?

◮ Undecidable.

17 / 26

Towards Delta-Decisions

We now define the delta-decision problems of LRF-formulas, which will lead to a totally different outlook.

18 / 26

Bounded LF-Sentences

Definition (Normal Form)

Any bounded LF-sentence ϕ can be written in the form Q[u1,v1]

1

xn · · · Q[un,vn]

n

xn

• (
• t(

x) > 0 ∨

• t(

x) ≥ 0)

◮ Negations are pushed into atoms. ◮ Bounded quantifiers: the bounds can use any terms that

contain previously-quantified variables.

19 / 26

δ-Variants

Definition (Numerical Perturbation)

Let δ ∈ Q+ ∪ {0}. The δ-weakening ϕ−δ of ϕ is Q[u1,v1]

1

x1 · · · Q[un,vn]

n

xn

• (
• t(

x) > −δ ∨

• t(

x) ≥ −δ)

◮ Obviously, ϕ → ϕ−δ (but not the other way round!) ◮ δ-strengthening ϕ+δ is defined by replacing −δ by δ.

20 / 26

δ-Decisions

Let δ ∈ Q+ be arbitrary.

Definition (δ-Decisions)

Decide, for any given bounded ϕ and δ ∈ Q+, whether

◮ ϕ is false, or ◮ ϕ−δ is true.

When the two cases overlap, either answer can be returned. The dual can be defined on δ-strengthening.

21 / 26

δ-Decisions

There is a grey area that a δ-complete algorithm can be wrong about.

UNSAT SAT

delta SAT

Corollary

In undecidable theories, it is undecidable whether a formula falls into this grey area.

22 / 26

δ-Decidability

Let F be an arbitrary collection of Type 2 computable functions.

Theorem

The δ-decision problem over RF is decidable.

See [Gao et al. LICS 2012].

It stands in sharp contrast to the high undecidability of simple formulas containing sine.

23 / 26

Complexity

Let S be some class of LF-sentences such that all the terms appearing in S are in Type 2 complexity class C. Then for any δ ∈ Q+:

Theorem

The δ-decision problem for a Σk-sentence from S is in (ΣP

k )C.

Corollary

◮ F = {+, ×, exp, sin, ...}: ΣP k -complete. ◮ F = {ODEs with P right-hand sides}: PSPACE-complete.

These are very reasonable!

24 / 26

Exactness

The definition of δ-decisions is exact in the following sense.

Theorem

If F is allowed to be arbitrary, then ϕ is decidable iff we consider bounded δ-decisions.

Theorem

Bounded sentences are δ-decidable iff F is computable.

25 / 26

Conclusions

The notion of delta-complete decision procedures allows formal analysis and use of numerical algorithms in decision procedures.

◮ Standard completeness is impossible. ◮ Delta-completeness: strong enough and achievable.

◮ Correctness guarantees on both sides 26 / 26