On a Decidable Fragment of d L or, The Next 700 (Un)decidable - PowerPoint PPT Presentation

On a Decidable Fragment of d L or, The Next 700 (Un)decidable Fragments of d L David M Kahn Siva Somayyajula Carnegie Mellon University December 11, 2018 David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 1 / 15

Motivation If you or a loved one has been frustrated trying to formally verify systems, David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 2 / 15

Motivation If you or a loved one has been frustrated trying to formally verify systems, you may be entitled to righteous indignation. David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 2 / 15

Motivation Why is formal verification so frustrating? complicated and tedious proofs lots of work for no product change people only care it looks like it works hi David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 3 / 15

Motivation Why is formal verification so frustrating? complicated and tedious proofs lots of work for no user-facing change people only care it looks like it works Cyberphysical systems are life-critical! David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 4 / 15

Motivation David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 5 / 15

Results Found and implemented decidable fragments of d L to ease verifying cyberphysical systems Found undecidable/inter-decidable fragments of d L to ease future decidability research David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 6 / 15

(Un)decidability Results Arithmetical Approaches Integer Arithmetic d L positive ∃ MRDP’s Diophantine Post Correspondence positive ∀ polynomial ID testing extended Platzer-Tan bounded finitary checking Post Correspondence single variable trivial Post Correspondence purely + Presburger Post Correspondence purely × Skolem Post Correspondence David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 7 / 15

(Un)decidability Results Structural Approaches d L without ∪ MRDP’s Diophantine without ; piecewise constant derivative reachability without ∗ (exponential) polynomial star-free only := Post Correspondence only ?( − ) reduction to FOL R only x ′ = f ( x ) & Q piecewise constant derivative reachability simultaneously [ α ] P ∧ � α � P when [ α ] P is David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 8 / 15

Polynomial Star-Free Fragment How can this be used for theorem proving? Work with simple ODEs Human identifies loop invariant That’s it! Everything else is free. David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 9 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) Remove iteration (star/asterate) David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) Remove iteration (star/asterate) ◮ α ∗ = ? true ∪ α ; α ∗ David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) Remove iteration (star/asterate) ◮ α ∗ = ? true ∪ α ; α ∗ ◮ Loop invariants? David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) Remove iteration (star/asterate) ◮ α ∗ = ? true ∪ α ; α ∗ ◮ Loop invariants? ◮ Encode integer arithmetic: undecidable David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Idea: sound translation to FOL R ◮ [ x := e ] P ( x ) ↔ P ( e ) ◮ [ α ; β ] P ↔ [ α ][ β ] P ◮ [ x ′ = f ( x )] P ( x ) ↔ ∀ t ≥ 0 P ( x ( t )) where x ′ ( t ) = f ( x ( t )) Remove iteration (star/asterate) ◮ α ∗ = ? true ∪ α ; α ∗ ◮ Loop invariants? ◮ Encode integer arithmetic: undecidable Restrict to polynomial solutions of ODEs David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 10 / 15

Polynomial Star-Free Fragment Theorem (DAG condition) Given S ≡ x ′ i = e 1 , . . . , x ′ n = e n , let G be a digraph s.t. edge from x ′ i = e i to x ′ j = e j ⇐ ⇒ x i occurs in e j Then, S has a polynomial solution ⇐ = G is acyclic. David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 11 / 15

Polynomial Star-Free Fragment Theorem (DAG condition) Given S ≡ x ′ i = e 1 , . . . , x ′ n = e n , let G be a digraph s.t. edge from x ′ i = e i to x ′ j = e j ⇐ ⇒ x i occurs in e j Then, S has a polynomial solution ⇐ = G is acyclic. Proof sketch. Back-sub in the topological order of G . David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 11 / 15

Polynomial Star-Free: Implementation ∼ 500 lines in OCaml David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 12 / 15

Polynomial Star-Free: Implementation ∼ 500 lines in OCaml Shallow embedding of d L using weak higher-order abstract syntax David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 12 / 15

Polynomial Star-Free: Implementation ∼ 500 lines in OCaml Shallow embedding of d L using weak higher-order abstract syntax Polynomial manipulation and ODE solver David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 12 / 15

Polynomial Star-Free: Implementation ∼ 500 lines in OCaml Shallow embedding of d L using weak higher-order abstract syntax Polynomial manipulation and ODE solver Z3 for quantifier elimination David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 12 / 15

Polynomial Star-Free: Demo Verifying x ≥ 0 ∧ v ≥ 0 ∧ a ≥ 0 → [ x ′ = v , v ′ = a ] x ≥ 0 David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 13 / 15

Conclusion and Future Work Survey of restrictions for (un)decidability David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 14 / 15

Conclusion and Future Work Survey of restrictions for (un)decidability Decision procedures for theorem proving David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 14 / 15

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of d L December 11, 2018 15 / 15