On a Decidable Fragment of d L or, The Next 700 (Un)decidable - - PowerPoint PPT Presentation

On a Decidable Fragment of dL

• r, The Next 700 (Un)decidable Fragments of dL

David M Kahn Siva Somayyajula

Carnegie Mellon University

December 11, 2018

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 1 / 15

Motivation

If you or a loved one has been frustrated trying to formally verify systems,

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 2 / 15

Motivation

If you or a loved one has been frustrated trying to formally verify systems, you may be entitled to righteous indignation.

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 2 / 15

Motivation

Why is formal verification so frustrating? complicated and tedious proofs lots of work for no product change people only care it looks like it works hi

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 3 / 15

Motivation

Why is formal verification so frustrating? complicated and tedious proofs lots of work for no user-facing change people only care it looks like it works Cyberphysical systems are life-critical!

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 4 / 15

Motivation

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 5 / 15

Results

Found and implemented decidable fragments of dL to ease verifying cyberphysical systems Found undecidable/inter-decidable fragments of dL to ease future decidability research

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 6 / 15

(Un)decidability Results

Arithmetical Approaches

Integer Arithmetic dL positive ∃ MRDP’s Diophantine Post Correspondence positive ∀ polynomial ID testing extended Platzer-Tan bounded finitary checking Post Correspondence single variable trivial Post Correspondence purely + Presburger Post Correspondence purely × Skolem Post Correspondence

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 7 / 15

(Un)decidability Results

Structural Approaches

dL without ∪ MRDP’s Diophantine without ; piecewise constant derivative reachability without ∗ (exponential) polynomial star-free

• nly :=

Post Correspondence

• nly ?(−)

reduction to FOLR

• nly x′ = f (x) & Q

piecewise constant derivative reachability simultaneously [α]P ∧ αP when [α]P is

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 8 / 15

Polynomial Star-Free Fragment

How can this be used for theorem proving? Work with simple ODEs Human identifies loop invariant That’s it! Everything else is free.

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 9 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t)) David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t))

Remove iteration (star/asterate)

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t))

Remove iteration (star/asterate)

◮ α∗ = ?true ∪ α; α∗ David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t))

Remove iteration (star/asterate)

◮ α∗ = ?true ∪ α; α∗ ◮ Loop invariants? David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t))

Remove iteration (star/asterate)

◮ α∗ = ?true ∪ α; α∗ ◮ Loop invariants? ◮ Encode integer arithmetic: undecidable David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Idea: sound translation to FOLR

◮ [x := e]P(x) ↔ P(e) ◮ [α; β]P ↔ [α][β]P ◮ [x′ = f (x)]P(x) ↔ ∀t ≥ 0 P(x(t)) where x′(t) = f (x(t))

Remove iteration (star/asterate)

◮ α∗ = ?true ∪ α; α∗ ◮ Loop invariants? ◮ Encode integer arithmetic: undecidable

Restrict to polynomial solutions of ODEs

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 10 / 15

Polynomial Star-Free Fragment

Theorem (DAG condition)

Given S ≡ x′

i = e1, . . . , x′ n = en, let G be a digraph s.t.

edge from x′

i = ei to x′ j = ej ⇐

⇒ xi occurs in ej Then, S has a polynomial solution ⇐ = G is acyclic.

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 11 / 15

Polynomial Star-Free Fragment

Theorem (DAG condition)

Given S ≡ x′

i = e1, . . . , x′ n = en, let G be a digraph s.t.

edge from x′

i = ei to x′ j = ej ⇐

⇒ xi occurs in ej Then, S has a polynomial solution ⇐ = G is acyclic.

Proof sketch.

Back-sub in the topological order of G.

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 11 / 15

Polynomial Star-Free: Implementation

∼ 500 lines in OCaml

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 12 / 15

Polynomial Star-Free: Implementation

∼ 500 lines in OCaml Shallow embedding of dL using weak higher-order abstract syntax

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 12 / 15

Polynomial Star-Free: Implementation

∼ 500 lines in OCaml Shallow embedding of dL using weak higher-order abstract syntax Polynomial manipulation and ODE solver

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 12 / 15

Polynomial Star-Free: Implementation

∼ 500 lines in OCaml Shallow embedding of dL using weak higher-order abstract syntax Polynomial manipulation and ODE solver Z3 for quantifier elimination

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 12 / 15

Polynomial Star-Free: Demo

Verifying x ≥ 0 ∧ v ≥ 0 ∧ a ≥ 0 → [x′ = v, v ′ = a] x ≥ 0

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 13 / 15

Conclusion and Future Work

Survey of restrictions for (un)decidability

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 14 / 15

Conclusion and Future Work

Survey of restrictions for (un)decidability Decision procedures for theorem proving

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 14 / 15

David M Kahn, Siva Somayyajula (CMU) On a Decidable Fragment of dL December 11, 2018 15 / 15