smt solving for nonlinear theories over the reals edmund
play

SMT Solving for Nonlinear Theories over the Reals Edmund M. Clarke - PowerPoint PPT Presentation

Jul 11, 2023 •157 likes •562 views

SMT Solving for Nonlinear Theories over the Reals Edmund M. Clarke School of Computer Science Carnegie Mellon University Joint Work with Sicun Gao, Soonho Kong, and Jeremy Avigad Special thanks to Lenore Blum for her insightful comments. 1/40

  1. SMT Solving for Nonlinear Theories over the Reals Edmund M. Clarke School of Computer Science Carnegie Mellon University Joint Work with Sicun Gao, Soonho Kong, and Jeremy Avigad Special thanks to Lenore Blum for her insightful comments. 1/40

  2. Symbolic Model Checking with BDDs Method used by most “industrial strength” model checkers: ◮ uses Boolean encoding for state machine and sets of states. ◮ can handle much larger designs – hundreds of state variables. ◮ BDDs traditionally used to represent Boolean functions. 2/40

  3. Problems with BDDs ◮ BDDs are a canonical representation. Often become too large. ◮ Variable ordering must be uniform along paths. ◮ Selecting right variable ordering very important for obtaining small BDDs. ◮ Often time consuming or needs manual intervention. ◮ Sometimes, no space efficient variable ordering exists. BMC is an alternative approach to symbolic model checking that uses SAT procedures. 3/40

  4. Advantages of SAT Procedures ◮ SAT procedures also operate on Boolean expressions but do not use canonical forms. ◮ Do not suffer from the potential space explosion of BDDs. ◮ Different split orderings possible on different branches. ◮ Very efficient implementations available. 4/40

  5. Bounded Model Checking (Clarke, Biere, Cimatti, Zhu) ◮ Bounded model checking uses a SAT procedure instead of BDDs. ◮ We construct Boolean formula that is satisfiable iff there is a counterexample of length k . ◮ We look for longer and longer counterexamples by incrementing the bound k . 5/40

  6. Bounded Model Checking (Cont.) ◮ After some number of iterations, we may conclude no counterexample exists and specification holds. ◮ For example, to verify safety properties, number of iterations is bounded by diameter of finite state machine. 6/40

  7. Main Advantages of Our Approach ◮ Bounded model checking finds counterexamples fast. This is due to depth first nature of SAT search procedures. ◮ It finds counterexamples of minimal length. This feature helps user understand counterexample more easily. 7/40

  8. Main Advantages of Our Approach (Cont.) ◮ It uses much less space than BDD based approaches. ◮ Does not need manually selected variable order or costly reordering. Default splitting heuristics usually sufficient. ◮ Bounded model checking of LTL formulas does not require a tableau or automaton construction. 8/40

  9. Implementation ◮ Implemented a tool BMC in 1999. ◮ It accepts a subset of the SMV language. ◮ Given k , BMC outputs a formula that is satisfiable iff counterexample exists of length k . ◮ If counterexample exists, a standard SAT solver generates a truth assignment for the formula. 9/40

  10. Performance ◮ There are many examples where BMC significantly outperforms BDD based model checking. ◮ In some cases BMC detects errors instantly, while SMV fails to construct BDD for initial state. ◮ Armin’s example: Circuit with 9510 latches, 9499 inputs. BMC formula has 4 × 10 6 variables, 1 . 2 × 10 7 clauses. Shortest bug of length 37 found in 69 seconds. 10/40

  11. Temporal Logic ◮ We use linear temporal logic (LTL) for specifications. ◮ Basic LTL operators: next time ‘ X ’ eventuality ‘ F ’ ‘ G ’ ‘ U ’ globally until release ‘ R ’ 11/40

  12. Temporal Logic ◮ Only consider existential LTL formulas E f , where ◮ E is the existential path quantifier, and ◮ f is a temporal formula with no path quantifiers. ◮ Finding a witness for E f is equivalent to finding a counterexample for A ¬ f . 12/40

  13. Kripke Structure ◮ System described as a Kripke structure M = ( S, I, T, ℓ ) , where ◮ S is a finite set of states and I a set of initial states, ◮ T ⊆ S × S is the transition relation, (We assume every state has a successor state.) ◮ ℓ : S → P ( A ) is the state labeling. 13/40

  14. The Microwave Oven Example AG ( start → ( ¬ heat U close )) ~ Start ~ Close ~ Heat ~ Error ~ Start Start ~ Start Close ~ Close Close Heat ~ Heat ~ Heat Error ~ Error ~ Error Start Start Start Close Close Close ~ Heat ~ Heat Heat Error ~ Error ~ Error 14/40

  15. Definitions and Notation (Cont.) ◮ In symbolic model checking, a state is represented by a vector of state variables s = ( s (1) , . . . , s ( n )) . ◮ We define propositional formulas f I ( s ) , f T ( s, t ) and f p ( s ) as follows: ◮ f I ( s ) iff s ∈ I , ◮ f T ( s, t ) iff ( s, t ) ∈ T , and ◮ f p ( s ) iff p ∈ ℓ ( s ) . ◮ We write T ( s, t ) instead of f T ( s, t ) , etc. 15/40

  16. Definitions and Notation (Cont.) ◮ If π = ( s 0 , s 1 , . . . ) , then π ( i ) = s i and π i = ( s i , s i +1 , . . . ) . ◮ π is a path if π ( i ) → π ( i + 1) for all i . ◮ E f is true in M ( M | = E f ) iff there is a path π in M with π | = f and π (0) ∈ I . ◮ Model checking is the problem of determining the truth of an LTL formula in a Kripke structure. Equivalently, Does a witness exist for the LTL formula? 16/40

  17. Diameter ◮ Diameter d : Least number of steps to reach all reachable states. If the property holds for k ≥ d , the property holds for all reachable states. ◮ Finding d is computationally hard: ◮ State s is reachable in j steps: j − 1 � R j ( s ) := ∃ s 0 , . . . , s j : s = s j ∧ I ( s 0 ) ∧ T ( s i , s i +1 ) i =0 ◮ Thus, k is greater or equal than the diameter d if ∀ s : R k +1 ( s ) = ⇒ ∃ j ≤ k : R j ( s ) This requires an efficient QBF checker! 17/40

  18. The Cyber-Physical Challenge ◮ Complex aerospace, automotive, biological systems. ◮ They combine discrete and continuous behaviors. ◮ Many are safety-critical. 18/40

  19. Bounded Model Checking for Hybrid Automata ◮ Hybrid automata [Henzinger 1996] are widely used to model cyber-physical systems. ◮ They combine finite automata with continuous dynamical systems. ◮ Grand challenge for formal verification! ◮ Reachability for simple systems is undecidable. ◮ Existing tools do not scale on realistic systems. 19/40

  20. Hybrid Systems H = � X, Q, Init , Flow , Jump � ◮ A continuous space X ⊆ R k and a finite set of modes Q . ◮ Init ⊆ Q × X : initial configurations ◮ Flow: continuous flows ◮ Each mode q is equipped with differential equations d� x dt = � f q ( � x, t ) . ◮ Jump: discrete jumps ◮ The system can be switched from ( q, � x ) to ( q ′ , � x ′ ) , resetting modes and variables. 20/40

  21. Example: Cardiac-Cell Model 21/40

  22. Reachability for Continuous Systems Single differential equation case: ◮ Continuous Dynamics: d� x ( t ) = � f ( � x ( t ) , t ) dt ◮ The solution curve: � t � α : R → X, α ( t ) = α (0) + f ( α ( s ) , s ) ds . 0 ◮ Define the predicate x ) � M = { ( � � Flow ( � x ) : α (0) = � x 0 , α ( t ) = � x } x 0 , t, � x 0 , t, � ◮ Reachability: Is it possible to reach an unsafe state from an initial state following trajectory of differential equations? ◮ ∃ � x, t. ( Init ( � x 0 ) ∧ Flow ( � x ) ∧ Unsafe ( � x )) ? x 0 , � x 0 , t, � 22/40

  23. Reachability for Hybrid Systems Combining continuous and discrete behaviors, we can encode bounded reachability: ◮ “ � x is reachable after after 0 discrete jumps”: Reach 0 ( � x ) := ∃ � x 0 , t. [ Init ( � x 0 ) ∧ Flow ( � x 0 , t, � x )] ◮ Inductively, “ � x is reachable after k + 1 discrete jumps” is definable as: Reach k +1 ( � x ′ k , t. [ Reach k ( � x ′ x ′ x ) := ∃ � x k , � x k ) ∧ Jump ( � x k , � k ) ∧ Flow ( � k , t, � x )] ◮ Unsafe within n discrete jumps: n � Reach i ( � ∃ � x. ( x ) ∧ Unsafe ( � x )) ? i =0 23/40

  24. A Major Obstacle We have shown how to use first-order formulas over the real numbers to encode formal verification problems for hybrid automata. ◮ Need to decide the truth value of formulas, which include nonlinear real functions. ◮ Polynomials ◮ Exponentiation and trigonometric functions ◮ Solutions of ODEs, mostly no closed forms ◮ High complexity for polynomials; undecidable for either sin or cos . 24/40

  25. Connection to Type 2 Computability ◮ Negative results put a limit on symbolic decision procedures for the theory over nonlinear real functions. ◮ In practice (control engineering, scientific computing) these functions are routinely computed numerically. ◮ Can we use numerical algorithms to decide logic formulas over the reals? 25/40

  26. Computable Real Numbers ◮ A real number a ∈ R is computable if it has a name γ a : N → Q that is a total computable function. √ ◮ 0 . 33 ... , 2 , π , e , 0 . 101010010001000001 ... ◮ Not all reals are computable! ◮ There are only countably many Turing machines while there are uncountably many real numbers. 26/40

  27. Quote from Turing’s 1936 Paper ◮ “Equally easy to define and investigate computable functions of an integral variable or a real or computable variable.” ◮ A. M. Turing, On Computable Numbers with an Application to the Entscheidungsproblem, Proceedings of the London Math Society, 1936. ◮ A real function f is computable, if there exists a Type 2 Turing Machine that maps any name γ a of a to a name γ f ( a ) of f ( a ) . 27/40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert

Introduction to Satisfiability Modulo Theories Combinatorial Problem Solving (CPS) Albert Oliveras Enric Rodr guez-Carbonell May 31, 2019 Satisfiability Modulo Theories Some problems are more naturally expressed in other logics than

752 views • 33 slides
Solving Nonlinear Eigenvalue Problems with SLEPc Jose E. Roman D. Sistemes Inform` atics i

Solving Nonlinear Eigenvalue Problems with SLEPc Jose E. Roman D. Sistemes Inform` atics i

Introduction PEP: Polynomial Eigensolvers NEP: General Nonlinear Eigensolvers Solving Nonlinear Eigenvalue Problems with SLEPc Jose E. Roman D. Sistemes Inform` atics i Computaci o Universitat Polit` ecnica de Val` encia, Spain Joint

649 views • 31 slides
Notes Solving Nonlinear Systems Most thoroughly explored in the context of optimization

Notes Solving Nonlinear Systems Most thoroughly explored in the context of optimization

Notes Solving Nonlinear Systems Most thoroughly explored in the context of optimization For systems arising in implicit time integration of stiff problems: Must be more efficient than taking k substeps of an explicit method ruling

73 views • 4 slides
Distributed Problem Solving Distributed Problem Solving and Planning and Planning Edmund H.

Distributed Problem Solving Distributed Problem Solving and Planning and Planning Edmund H.

Distributed Problem Solving Distributed Problem Solving and Planning and Planning Edmund H. Durfee University of Michigan, USA The University of Michigan The University of Michigan Goals for this Talk Goals for this Talk Introduction to a

1.47k views • 131 slides
Integer Nonlinear Programming Approach . . . . . . . . . . Solving Heated Oil Pipeline

Integer Nonlinear Programming Approach . . . . . . . . . . Solving Heated Oil Pipeline

. Integer Nonlinear Programming Approach . . . . . . . . . . Solving Heated Oil Pipeline Problems Via Mixed Yu-Hong Dai . Academy of Mathematics and Systems Science, Chinese Academy of Sciences dyh@lsec.cc.ac.cn Collaborators:

440 views • 40 slides
Numerical Inverse Scattering Transform for Solving the Nonlinear Schr odinger Equation A.

Numerical Inverse Scattering Transform for Solving the Nonlinear Schr odinger Equation A.

Numerical Inverse Scattering Transform for Solving the Nonlinear Schr odinger Equation A. Aric` o, G. Rodriguez, S. Seatzu Department of Mathematics and Computer Science University of Cagliari Italy Conference on Applied Inverse

759 views • 30 slides
Solving System of Nonlinear Equations with the Genetic Algorithm and Newtons Method Ryuji

Solving System of Nonlinear Equations with the Genetic Algorithm and Newtons Method Ryuji

Solving System of Nonlinear Equations with the Genetic Algorithm and Newtons Method Ryuji Koshikawa, Akira Terui, and Masahiko Mikawa University of Tsukuba Tsukuba, Japan International Congress on Mathematical Software 2020 TU Braunschweig,

339 views • 32 slides
Solving a Nonlinear Equation Problem: Given f ( x ), find a root (solution) of f ( x ) = 0. If

Solving a Nonlinear Equation Problem: Given f ( x ), find a root (solution) of f ( x ) = 0. If

Solving a Nonlinear Equation Problem: Given f ( x ), find a root (solution) of f ( x ) = 0. If f is a polynomial with degree 4 or less, formulas for roots exist. If f is a polynomial with degree larger than 4, no finite formula exists

482 views • 12 slides
Solving and visualizing nonlinear constraint satisfaction problems Elif Garajova , Martin Mec

Solving and visualizing nonlinear constraint satisfaction problems Elif Garajova , Martin Mec

Solving and visualizing nonlinear constraint satisfaction problems Elif Garajova , Martin Mec iar Department of Applied Mathematics Faculty of Mathematics and Physics Charles University in Prague SWIM, June 2015 Outline 1 Interval

250 views • 13 slides
Solving Elliptic (and Hyperbolic) Differential Equations in Nonlinear Viscoelasticity Elasticity

Solving Elliptic (and Hyperbolic) Differential Equations in Nonlinear Viscoelasticity Elasticity

Solving Elliptic (and Hyperbolic) Differential Equations in Nonlinear Viscoelasticity Elasticity Hyperelasticity Viscoelasticity Bhavesh Shrimali Department of Civil and Environmental Engineering CS598APK, Fall 2017 Bhavesh

410 views • 12 slides
Rational Krylov Methods for Solving Nonlinear Eigenvalue Problems Roel Van Beeumen

Rational Krylov Methods for Solving Nonlinear Eigenvalue Problems Roel Van Beeumen

Rational Krylov Methods for Solving Nonlinear Eigenvalue Problems Roel Van Beeumen rvanbeeumen@lbl.gov Computational Research Division Lawrence Berkeley National Laboratory BASCD 2016 Stanford December 3, 2016 Quadratic eigenvalue

813 views • 47 slides
A Measure of Space for Computing over the Reals Paulin Jacob e de Naurois LIPN - Universit

A Measure of Space for Computing over the Reals Paulin Jacob e de Naurois LIPN - Universit

A Measure of Space for Computing over the Reals Paulin Jacob e de Naurois LIPN - Universit e Paris XIII A Measure of Space for Computing over the Reals p. 1/24 Plan of the Talk The BSS Model of Computation over the Reals Michauxs

1.11k views • 70 slides
Solving ill-posed nonlinear systems with noisy data: a regularizing trust-region approach Elisa

Solving ill-posed nonlinear systems with noisy data: a regularizing trust-region approach Elisa

Solving ill-posed nonlinear systems with noisy data: a regularizing trust-region approach Elisa Riccietti Universit` a degli Studi di Firenze Dipartimento di Matematica e Informatica Ulisse Dini Joint work with Stefania Bellavia,

853 views • 49 slides
Custom Writing Service - Special Prices Problem solving and decision making presentation theories

Custom Writing Service - Special Prices Problem solving and decision making presentation theories

Custom Writing Service - Special Prices Problem solving and decision making presentation theories University of denver creative writing notes critical thinking stories benefits paragraph writing assignment zemach carlos islam data mining

165 views • 3 slides
Edmund Rice Novena 2015 Theme : Edmund Rice, Disciple of Christ Sunday, 26 th April

Edmund Rice Novena 2015 Theme : Edmund Rice, Disciple of Christ Sunday, 26 th April

Edmund Rice Novena 2015 Theme : Edmund Rice, Disciple of Christ Sunday, 26 th April Monday, 4 th May 2015 Feast Day of Blessed Edmund Rice: Tuesday, 5 th May 2015 Introduction The first CLT meeting of 2015 took us on pilgrimage/Emmaus

401 views • 18 slides
Solving Ordinary Differential Equations in Coq Evgeny Makarov Joint work with Bas Spitters

Solving Ordinary Differential Equations in Coq Evgeny Makarov Joint work with Bas Spitters

Solving Ordinary Differential Equations in Coq Evgeny Makarov Joint work with Bas Spitters Radboud University Nijmegen 19 November 2012 1 / 19 Outline Type Classes on the Example of Approximate Rationals 1 Fast Reals 2 Picard-Lindel

416 views • 19 slides
Multi-Resolution Cellular Automata for Real Computation James I. Lathrop, Jack H. Lutz, and Brian

Multi-Resolution Cellular Automata for Real Computation James I. Lathrop, Jack H. Lutz, and Brian

Multi-Resolution Cellular Automata for Real Computation James I. Lathrop, Jack H. Lutz, and Brian Patterson Iowa State University Department of Computer Science June 28, 2011 1 / 28 Introduction 1 Prior Work Bit Computability Cellular

296 views • 28 slides
Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire

Signal machines : localization of isolated accumulation Signal machines : localization of isolated accumulation Jrme Durand-Lose Laboratoire dInformatique Fondamentale dOrlans, Universit dOrlans, Orlans, FRANCE 6 mars 2011

553 views • 39 slides
Metastability in ergodic theory Jeremy Avigad Department of Philosophy and Department of

Metastability in ergodic theory Jeremy Avigad Department of Philosophy and Department of

Metastability in ergodic theory Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University (joint work with Philipp Gerhardy, Ksenija Simic, and Henry Towsner) January, 2009 The mean ergodic

149 views • 13 slides
Computability on real numbers 1 Wrapping Sets 2 3 Taylor Models Examples 4 Closing remarks

Computability on real numbers 1 Wrapping Sets 2 3 Taylor Models Examples 4 Closing remarks

Using Taylor Models in TTE 1 1.5 1.5 f 1 f 2 R R R 1 1 0.5 0.5 0 0 -0.5 -0.5 I N I N I N I N I N -1 -1 1 1 2 2 -1.5 -1.5 -1.5 -1 -0.5 0 0.5 1 1.5 -1.5 -1 -0.5 0 0.5 1

642 views • 29 slides
The Critical Exponent is Computable for Automatic Sequences Jeffrey Shallit School of Computer

The Critical Exponent is Computable for Automatic Sequences Jeffrey Shallit School of Computer

The Critical Exponent is Computable for Automatic Sequences Jeffrey Shallit School of Computer Science University of Waterloo Waterloo, Ontario N2L 3G1 Canada shallit@cs.uwaterloo.ca http://www.cs.uwaterloo.ca/~shallit 1 / 93 Powers in

947 views • 93 slides
Decision Problems for Linear Recurrence Sequences Jo el Ouaknine Department of Computer

Decision Problems for Linear Recurrence Sequences Jo el Ouaknine Department of Computer

Decision Problems for Linear Recurrence Sequences Jo el Ouaknine Department of Computer Science, Oxford University (Joint work with James Worrell and Matt Daws) RP 2012 Bordeaux, September 2012 Termination of Simple Linear Programs x := a

1.85k views • 92 slides
Q numbers True False 1 Cardinality of sets _IDefI Let S be a set If there are exactly NEIN

Q numbers True False 1 Cardinality of sets _IDefI Let S be a set If there are exactly NEIN

0 tooo than all rational There're more real numbers in Q numbers True False 1 Cardinality of sets _IDefI Let S be a set If there are exactly NEIN distinct we say S is afinitesd wity elements in S Notation 1st denotes cardinality of S 0 I 2,3 4

288 views • 8 slides
Overview CS20a: Computation, Computers, Programs Instructor: Jason Hickey Email:

Overview CS20a: Computation, Computers, Programs Instructor: Jason Hickey Email:

Overview CS20a: Computation, Computers, Programs Instructor: Jason Hickey Email: jyh@cs.caltech.edu Office hours: TR 10-11am TAs: Nathan Gray (n8gray@cs.caltech.edu) Brian Aydemir (emre@cs.caltech.edu) Jason Frantz

353 views • 9 slides

More recommend