Program Synthesis for Polynomial System using Algebraic Geometry

Anonymous

Abstract

Template-based synthesis, also known as sketching, is a localized approach to program synthesis in which the programmer provides not only a specification, but also a high-level “sketch” of the program. The sketch is basically a partial program that models the general intuition of the programmer, while leaving the low-level details as unimplemented “holes”. The role of the synthesis engine is then to fill in these holes such that the completed program satisfies the desired specification. In this work, we focus on template-based synthesis of polynomial imperative programs with real variables, i.e. imperative programs in which all expressions appearing in assignments, conditions and guards are polynomials over program variables. While this problem can be solved in a sound and complete manner by a reduction to the first-order theory of the reals, the resulting formulas will contain a quantifier alternation and are extremely hard for modern SMT solvers, even when considering toy programs with a handful of lines. Moreover, the classical algorithms for quantifier elimination are notoriously unscalable and not at all applicable to this use-case.

In contrast, our main contribution is an algorithm, based on several well-known theorems in polyhedral and real algebraic geometry, namely Putinar’s Positivstellensatz, the Real Nullstellensatz, Handelman’s Theorem and Farkas’ Lemma, which sidesteps the quantifier elimination difficulty and reduces the problem directly to Quadratic Programming (QP). Alternatively, one can view our algorithm as an efficient way of eliminating quantifiers in the particular formulas that appear in the synthesis problem. The resulting QP instances can then be handled quite easily by SMT solvers. Notably, our reduction to QP is sound and semi-complete, i.e. it is complete if polynomials of a sufficiently high degree are used in the templates. Thus, we provide the first method for sketching-based synthesis of polynomial programs that does not sacrifice completeness, while being scalable enough to handle meaningful programs. Finally, we provide experimental results over a variety of examples from the literature.

Keywords:

program synthesis, sketching, syntax-guided synthesis

1 Introduction

An imperative program is a sequence of instructions in a programming language that manipulate the memory to solve a problem. The task of writing the program is usually done by a programmer who first comes up with a high-level idea for the algorithm, and then they implement their algorithm by writing a program. Synthesis makes the later part easier; given logical specification for the program, we can synthesize a program that satisfies those specifications. Syntax-Guided Synthesis problem (SyGuS) module theory $T$ is a general synthesis problem of a function $f$ given semantic constraint as a formula built from symbols in theory $T$ and $f$ , and syntactic constraint given as a (possibly infinite) set of expressions from $T$ specified using a context-free grammar.

In this paper, we focus on Syntax-Guided program synthesis problem module theory of Polynomial Arithmetic (over reals).

The treatment here generalises the methods for program synthesis used in [srivastava2013template] for linear programs to polynomial programs. Our main tools include the use of classical theorems from Real Algebraic Geoemtry [bochnak2013real] like Handelman’s Theorem (Thoerem 4.3), Putinar’s Positivstellensatz (Theorem 4.4) and Real Nullstellensatz (Theorem 4.5). We provide with a sound and semi-complete synthesis algorithm for polynomial programs.

Outline of the paper: In Section 2, we defined the notions of programs, semantics and templates. We also give a mathematically precise formulation of the problem in terms of constraint pairs. In Section 4.2, we presented classical theorems from Real Algebraic Geometry required for design of the synthesis algorithm. We also presented Theorem 4.6 which is a new mathematical contribution from this paper. In Section LABEL:synthesis_algo, we presented our synthesis algorithm along with proving it’s soundness and semi-completeness. Finally in Section LABEL:secion_proof_of_concept we presented a proof of our proposed concept by providing experimentation results on small programs.

2 Template-based Synthesis of Polynomial Programs

We consider program as a sequence of instructions, as in an imperative programming language. For instance, consider the following example program $P$ :

Example 1

⬇

@real: i,s,n;

@pre: n>=0;

i = 0;

while(i <= n, s >= i) {

s = s+1;

i = i+1;

}

@post: s >= n;

The program variables in the above example program are $V=\{s,i,n\}$ , and we say that the program is defined over the variables $V$ . Note that we have the precondition and postcondition in our example program, which are polynomial assertion over the program variables. A program is said to be valid if every valuation of program variables that satisfies the pre condition, the valuation obtained after executing the program satisfies the post condition. The programmer sometimes may have a specification of a program via precondition and postcondition with partial implementation. We call such partial implementation as program template. The synthesis problem is to complete such partial implementation and generate a concrete valid program.

In this paper, we restrict ourselves to the so-called polynomial programs over a set of variables $V$ that can be generated from the following grammar:

	$\displaystyle P$	$\displaystyle:=(\Phi,E,\Phi)$
	$\displaystyle E$	$\displaystyle:=v\leftarrow P(V)\mid\texttt{ if }(\Phi)\;\{E\}\texttt{ else }\{E\}\mid\texttt{while }(\Phi,\Phi)\;\{E\}\mid E;E$
	$\displaystyle\Phi$	$\displaystyle:=P(V)\geq 0\mid(\Phi\land\Phi)\mid\lnot\Phi$

where $P(V)$ denotes any polynomial expression over the variables $V$ with real coefficients. The semantics of each instruction are as usual except for $while(\psi,\phi,E)$ which is a while loop with guard $\psi$ for the block of code $E$ , and $\phi$ is a loop invariant. In general, the loop invariant $\phi$ should be strong enough for us to prove the correctness of the program with given precondition and postcondition.

Let the set of program variables be $V=\{x_{1},x_{2},\ldots,x_{n}\}$ , $\nu\in\mathbb{R}^{V}$ be any valuation of $V$ . Given a polynomial $P$ over $V$ and a valuation $\nu\in\mathbb{R}^{V}$ , we denote $P(\nu)$ to be the evaluation of the polynomial $P$ on substituting each $x\in V$ with $\nu(x)$ . On executing an instruction $E$ , the valuation of the variables becomes $\nu^{\prime}=E(\nu)$ . We define the semantics of the program recursively in the Table 2.

Expression $E$	Final Valuation $\nu^{\prime}$
$E_{1};E_{2}$	$\nu^{\prime}=E_{2}(E_{1}(\nu))$
$v\leftarrow P(V)$	$\nu^{\prime}(v)=P(\nu)$ and $\forall x\in V\setminus\{v\}.\nu^{\prime}(x)=\nu(x)$
$\texttt{if }(\phi)\;\{E_{1}\}\texttt{ else }\{E_{2}\}$	if $\nu\models\phi$ then $\nu^{\prime}=E_{1}(\nu)$ else $\nu^{\prime}=E_{2}(\nu)$
$\texttt{while }(guard,inv)\;\{E\}$	if $\nu\models\textit{guard}$ and $\nu\models\textit{inv}$ , then $\nu^{\prime}=E(\nu_{1})$ where $\nu_{1}=E(\nu)$ and $\nu_{1}\models\textit{inv}$ else $\nu^{\prime}=\nu$

Example 2

Consider the following template $T$ , for example, whose one realization is the program $P$ from Example 1. The synthesis algorithm will replace the holes with suitable polynomials, if they exist, such that the resulting program satisfies the constraints given by pre-conditions and post-conditions.

⬇

@real: i,s,n;

@function f1 = [(i),1]

@function f2 = [(i),1]

@pre: n>=0;

i = 0;

s = 0;

while(i <= n, s >= f1) {

s = s+f2;

i = i+1;

}

@post: s >= n;

A template program basically specifies the intuition behind the final program and has holes at location where the program expects the synthesizer to fill in appropriate expressions. A hole could be thought of as a hint that programmer has provided to synthesis a correct program. In this example template program, we have two polynomial function symbols $F=\{f_{1},f_{2}\}$ . $[V^{\prime},d]$ , called a program hole, represents a symbolic polynomial P over the variables $V^{\prime}$ with total degree $d\in\mathbb{N}$ and coefficients from the template variable set $U=\{a_{1},a_{2},a_{3},a_{4}\}$ . Given a template program, our goal is to synthesize values for all the template variables such that the resulting program is valid.

In the following we formalize what we mean by partial implementation, or template. A template of the polynomial program over the variables $V$ and set of polynomial function symbol $F$ is defined using the following grammar:

	$\displaystyle E$	$\displaystyle:=E^{\prime}\mid\texttt{ if }(\Phi)\;\{E^{\prime}\}\texttt{ else }\{E\}\mid\texttt{while }(\Phi,\Phi)\;\{E^{\prime}\}\mid E;E$
	$\displaystyle X$	$\displaystyle:=f\leftarrow P[V]\mid f\leftarrow[V^{\prime},d]\mid f\leftarrow f+f\mid f\leftarrow f\times f\mid[\sigma](f)$
	$\displaystyle\sigma$	$\displaystyle:=v\to P[V]\mid\sigma,\sigma$
	$\displaystyle\Phi$	$\displaystyle:=P(V)\geq 0\mid[V^{\prime},d]\geq 0\mid(\Phi\land\Phi)\mid\lnot\Phi$

The polynomial function symbols could be used by the programmer to specify either a concrete polynomial or a symbolic polynomial. The programmar can also evaluate a polynomial function symbol using a substitution map $\sigma:\mathbb{R}[V]\to\mathbb{R}[V]$ . A substitution map that can be applied on polynomials and function symbols to obtain another polynomial expression.

Though this representation is programmer-friendly, to describe our algorithm succinctly we shall use an equivalent representation of programs and template programs. We provide with the notions of polynomial transition systems and symbolic polynomial transition systems which are respectively equivalent to polynomial programs and symbolic polynomial programs.

Example 3

In the figure 1, we graphically describe the symbolic polynomial transition system $TS$ corresponding to the template program $T$ defined in Example 2. The location $l_{0}$ and $l_{4}$ are the inital and final location respectively. The set $C=\{l_{2}\}$ is the cutset.

Refer to caption — Figure 1: The transition system for the template program defined in 2

We will first define few terms that are useful, and then define polynomial variants of linear transitions system and linear control-flow graph that were defined in [colon2003linear].

Definition 1 (Symbolic Polynomial Assertions)

Given a set $V$ of program variables and $U$ of template variables, we define $\Psi(U,V)$ to be the set of finite boolean combination of polynomial inequalities over program variables with coefficients being real polynomials over template variables. More precisely, $\Psi(U,V)$ is the set of all possible finite boolean combinations of inequalities of the form $f\geq 0$ such that $f\in(\mathbb{R}[U])[V]$ .

We can now define a polynomial transition system.

Definition 2 (Polynomial transition system)

A polynomial transition system is a tuple $P=(V,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ that consists of a set of variables $V$ , a set of locations $L$ , an initial location $l_{0}$ , an initial assertion $\theta_{0}$ , a final location $l_{f}$ , a final assertion $\theta_{f}$ and set of transitions $\mathcal{T}$ . Each transition $\tau\in\mathcal{T}$ is a tuple $(l,l^{\prime},\rho_{\tau})$ , where $l,l^{\prime}\in L$ are the pre and post locations, and $\rho_{\tau}$ is an polynomial assertion over $V\cup V^{\prime}$ , where $V$ represents current-state variables and its primed version $V^{\prime}$ represents the next-state variables.

Symbolic polynomial transition system over the program variables $V$ and has the same structure as the polynomial transition system except that its assertions are allowed to be symbolic polynomial assertion from $\Psi(U,V\cup V^{\prime})$ .

Definition 3 (Symbolic polynomial transition system)

. A symbolic polynomial transition system is a tuple $T=(V\cup U,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ that consists of a set of variables $V$ , a set of template variables $U$ , a set of locations $L$ , an initial location $l_{0}$ , an initial symbolic polynomial assertion $\theta_{0}$ , a final location $l_{f}$ , a final symbolic polynomial assertion $\theta_{f}$ and set of transitions $\mathcal{T}$ . Each transition $\tau\in\mathcal{T}$ is a tuple $(l,l^{\prime},\rho_{\tau})$ , where $l,l^{\prime}\in L$ are the pre and post locations, and $\rho_{\tau}$ is a symbolic polynomial assertion over $V\cup V^{\prime}$ , where $V$ represents current-state variables and its primed version $V^{\prime}$ represents the next-state variables. All the coefficients ofsymbolic polynomial assertions over $V\cup V^{\prime}$ belong to the polynomial ring $\mathbb{R}[U]$ .

A control-flow graph corresponds to the underlying structure of a given transition system.

Definition 4 (Control-flow graph)

Given a transition system $P=(V,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ , we define control-flow graph $\emph{CFG}(P)$ with locations $L$ as the vertex set and transitions $\mathcal{T}$ as the edge set. More precisely we have an edge from $l$ to $l^{\prime}$ if and only if we have a transition $\tau=(l,l^{\prime},\rho_{\tau})\in\mathcal{T}$ for some $\rho_{\tau}$ .

We shall now define the notion of cutset and basic path which would be help us in defining the inductive polynomial assertion map.

Definition 5 (Cutset)

Given a transition system $P=(V,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ , a subset of vertices of $\emph{CFG}(P)$ is called a cutset $C$ if every cyclic path in $\emph{CFG}(P)$ passes through some vertex in $C$ . An element of $C$ is called a cutpoint.

Definition 6 (Basic path)

Given a transition system $P=(V,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ , a path $\pi$ between two cutpoints $l$ and $l^{\prime}$ is called a basic path if it does not pass through any other cutpoint in $C$ .

Definition 7 (Inductive polynomial assertion map)

Given a transition system $P=(V,L,l_{0},\theta_{0},\mathcal{T},l_{f},\theta_{f})$ with a cutset $C$ and an assertion $\eta_{C}(l)$ for each cutpoint $l$ , we say that $\eta_{C}$ is an inductive polynomial assertion map for $C$ if it satisfies the following conditions for all cutpoints $l,l^{\prime}\in C$ :

•

Initiation: For each basic path $\pi$ from $l_{0}$ to $l$ , $\theta_{0}\wedge\rho_{\pi}\models\eta_{C}(l)^{\prime}$ .
•

Consecution: For each basic path $\pi$ from $l$ to $l^{\prime}$ , $\eta_{C}(l)\wedge\rho_{\pi}\models\eta_{C}(l^{\prime})^{\prime}$ .
•

Finalization: For each basic path $\pi$ from $l$ to $l_{f}$ , $\eta_{C}(l)\wedge\rho_{\pi}\models\theta_{f}$

A inductive polynomial assertion map is said to be symbolic if it has one or more symbolic polynomial assertions. The definitions of control-flow graph, cutset and basic path also naturally extends to the symbolic polynomial transition system. Given a model $M:U\to\mathbb{R}$ of the template variables, let $M(T)$ and $M(\eta_{C})$ denote the concrete polynomial transtion system and concrete inductive polynomial assertion map obtained by substituting the values of the template variables in the respective templates.

2.1 Problem Statement

Let $T$ be a symbolic polynomial transition system over the program variables $V=\{x_{1},\dots,x_{n}\}$ and the set of template variables $U=\{c_{1},\ldots,c_{m}\}$ , $C$ be a cutset of $T$ , and $\eta_{C}$ be the symbolic polynomial inductive assertion map.

The synthesis problem for the tuple $(T,\eta_{C})$ is to find a valuation $M:U\to\mathbb{R}$ of template variables such that $M(\eta_{C})$ is valid inductive polynomial assertion map for the concrete transtion system $T$ .

3 Hardness

?? TODO: FILL THIS IN

4 Algorithms

4.1 Overview of our approach

The programmer first writes a template in the grammar defined at in the beginning of the section. In the pre-processing step, the algorithm first verifies the syntax of the program and substitute the program holes with symbolic polynomial of the specified degree. We call the program generated after the pre-processing step as symbolic polynomial program.

A constraint pair is a pair $(\alpha,\beta)$ where $\alpha=\{g_{i}\bowtie_{i}0\mid\bowtie_{i}\in\{\geq,>\}\}$ is a set of polynomial inequalities, and $\beta$ is an polynomial inequality of the form $f\bowtie 0$ with $\bowtie\in\{\geq,>\}$ . We can reduce the correctness of the symbolic polynomial program $T$ to validity of a set of constraint pairs $S$ .

We will describe our approach to construct the constraint pairs with the following example.

Example 4

We are given the symbolic polynomial transition system $TS$ as described in Example 1, the cutset $C=\{l_{2}\}$ and the symbolic polynomial assertion map $\eta_{C}$ . Say, $\eta_{C}(l_{2})=a_{0}s+a_{1}i\geq 0$ . We will create three condition pairs corresponding to various restrictions on $\eta_{C}$ for it to be a valid inductive assertion map.

1.

Initiation: There is only one basic path from the initial location $l_{0}$ to $l_{2}$ . We get the following constraint pair for the path $\pi_{1}:=l_{0}\to l_{1}\to l_{2}$ :

$S_{1}:=([n_{0}>=0\land i_{0}==0\land s_{0}==0],[a_{0}s_{0}+a_{1}i_{0}\geq 0])$
2.

Consecution: There is one basic path $\pi_{2}:=l_{2}\to l_{3}\to l_{3}$ from $l_{2}$ to $l_{2}$ . The constraint pair for the basic path $\pi_{2}$ is:

$S_{2}:=([i_{0}<=n_{0}\land s_{1}==s_{0}+(a_{0}i_{0})+a_{1}\land i_{1}==i_{0}+1],[a_{0}s_{1}+a_{1}i_{1}\geq 0])$
3.

Finalization: The path $\pi_{3}:=l_{2}\to l_{4}$ is the only basic path from points of cutset $C$ to the final location $l_{4}$ . For this path, we get the following constraint pair:

$S_{3}:=([a_{0}s_{1}+a_{1}i_{1}\geq 0,i_{1}>n_{0}],[s_{1}>n_{0}])$

For each basic path $\pi$ from $l$ to $l_{f}$ , $\eta_{C}(l)\wedge\rho_{\pi}\models\theta_{f}$

We get the three constraint pairs $\{S_{1},S_{2},S_{3}\}$ .

Theorem 4.1

The number of constraint pairs generated using our approach is at most quadratic in the number of locations if the given cutset contains all the locations, i.e, $C=L$ . Moreover, if the cutset $C\subset L$ , then the number of constraint pairs is linear in the to the number of basic paths between each pair of locations in the cutsets.

Proof

The proof follows directly from the construction.

4.2 Mathematical Toolkit

In Section LABEL:sec:algo:overview above, we provided an overview of our algorithm. However, the details of Step 3, i.e. the reduction to QP, were not presented since they depend on certain mathematical prerequisites. In this section, we provide the mathematical tools and theorems that are crucial for this step of the algorithm. We first recall some notation and classical definitions. Then, we present several theorems from polyhedral and real algebraic geometry. Finally, we obtain tailor-made versions of these theorems in a format that can be used in Step 3 of our algorithm above. We refer to [hartshorne2013algebraic, bochnak2013real] for a more detailed treatment of these theorems.

Sums of Squares

A polynomial $h\in\mathbb{R}[x_{1},\dots,x_{n}]$ is a sum of squares (SOS) iff there exist $k\geq 1$ and polynomials $g_{1},\dots,g_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ such that $h=\sum_{i=1}^{k}g_{i}^{2}.$

Strong Positivity

Given a set $X\subseteq\mathbb{R}^{n}$ and a polynomial $g\in\mathbb{R}[x_{1},\dots,x_{n}]$ , we say that $g$ is strongly positive over X if $\inf_{x\in X}g(x)>0$ . We write this as $X\models g\gg 0.$

Notation

Let $\Phi=\{g_{1}\bowtie_{1}0,\dots,g_{k}\bowtie_{k}0\}$ be a set of polynomial inequalities where $\bowtie_{i}\in\{\geq,>\}$ and $g_{i}\in\mathbb{R}[x_{1},\dots,x_{n}]$ . We define $\textsl{SAT}(\Phi)$ as the set of all real valuations $\val$ over the variables $\{x_{1},\dots,x_{n}\}$ that satisfy $\Phi.$ More formally, $\textsl{SAT}(\Phi)=\{\val\in\mathbb{R}^{n}~{}|~{}\bigwedge_{i=1}^{k}\val\models(g_{i}\bowtie_{i}0)\}.$

Closure

Given a set $X\subseteq\mathbb{R}^{n}$ , we define $\overline{X}$ to be the closure of $X$ with respect to the Euclidean topology of $\mathbb{R}^{n}$ . For a set $\Phi$ of polynomial inequalities, we define $\overline{\Phi}$ as the system of polynomial inequalities obtained from $\Phi$ by replacing every strict ineqaulity with its non-strict counterpart.

We are now ready to present the main mathematical theorems that will be used in our work. Our presentation follows that of [goharshady2020parameterized, Section 2.6], which also contains proofs of corollaries that are not proven here.

Theorem 4.2 (Farkas’ Lemma [farkas1902theorie])

Consider a set $V=\{x_{1},\ldots,x_{r}\}$ of real-valued variables and the following system $\Phi$ of equations over $V$ :

\Phi:=\begin{cases}a_{1,0}+a_{1,1}\cdot x_{1}+\ldots+a_{1,r}\cdot x_{r}\geq 0\\ \hfil\vdots\\ a_{m,0}+a_{m,1}\cdot x_{1}+\ldots+a_{m,r}\cdot x_{r}\geq 0\\ \end{cases}.

When $\Phi$ is satisfiable, it entails a linear inequality

\psi:=c_{0}+c_{1}\cdot x_{1}+\dots+c_{r}\cdot x_{r}\geq 0

if and only if $\psi$ can be written as non-negative linear combination of the inequalities in $\Phi$ and the trivial inequality $1\geq 0,$ i.e. if there exist non-negative real numbers $y_{0},\dots,y_{m}$ such that

\begin{matrix}c_{0}=y_{0}+\sum_{i=1}^{k}y_{i}\cdot a_{i,0};\\ c_{1}=\sum_{i=1}^{k}y_{i}\cdot a_{i,1};\\ \vdots\\ c_{r}=\sum_{i=1}^{k}y_{i}\cdot a_{i,r}.\end{matrix}

Moreover, $\Phi$ is unsatisfiable if and only if $-1\geq 0$ can be derived as above.

The importance of Farkas’ Lemma for us is that if we have a standard constraint of form (LABEL:eq:entailment-form) and if the constraint includes only linear/affine inequalities, then we can use this lemma in Step 3 of our algorithm to reduce the standard constraint to QP, just as we did in Section LABEL:sec:algo:overview. Moreover, Farkas’ Lemma guarantees that this approach is not only sound but also complete. A corner case that we have to consider is when $\Phi$ is itself unsatisfiable and thus $\Phi\Rightarrow\psi$ holds vacuously. Fortunately, Farkas’ Lemma also provides a criterion for unsatisfiability. In practice, we work with the following corollary of Theorem 4.2 which can also handle strict inequalities.

Corollary 1

Consider a set $V=\{x_{1},\ldots,x_{r}\}$ of real-valued variables and the following system of equations over $V$ :

\Phi:=\begin{cases}a_{1,0}+a_{1,1}\cdot x_{1}+\ldots+a_{1,r}\cdot x_{r}\bowtie_{1}0\\ \hfil\vdots\\ a_{m,0}+a_{m,1}\cdot x_{1}+\ldots+a_{m,r}\cdot x_{r}\bowtie_{m}0\\ \end{cases}

where $\bowtie_{i}\in\{>,\geq\}$ for all $1\leq i\leq m$ . When $\Phi$ is satisfiable, it entails a linear inequality

\psi:=c_{0}+c_{1}\cdot x_{1}+\dots+c_{r}\cdot x_{r}\bowtie 0

with $\bowtie\in\{>,\geq\}$ , if and only if $\psi$ can be written as non-negative linear combination of inequalities in $\Phi$ and the trivial inequality $1>0$ . Note that if $\psi$ is strict, then at least one of the strict inequalities should appear with a non-zero coefficient in the linear combination. Moreover, $\Phi$ is unsatisfiable if and only if either $-1\geq 0$ or $0>0$ can be derived as above.

We now consider extensions of Farkas’ Lemma which can help us handle non-linear standard constraints in Step 3. The first extension is Handelman’s theorem, which can be applied when the inequalities on the left hand side of (LABEL:eq:entailment-form) are linear/affine, but the right hand side is a polynomial of arbitrary degree. To present the theorem, we first need the concept of monoids.

Monoid

Consider a set $V=\{x_{1},\dots x_{r}\}$ of real-valued variables and the following system of linear inequalities over $V$ :

\Phi:=\begin{cases}a_{1,0}+a_{1,1}\cdot x_{1}+\ldots+a_{1,r}\cdot x_{r}\bowtie_{1}0\\ \hfil\vdots\\ a_{m,0}+a_{m,1}\cdot x_{1}+\ldots+a_{m,r}\cdot x_{r}\bowtie_{m}0\\ \end{cases}

where $\bowtie_{i}\in\{>,\geq\}$ for all $1\leq i\leq m$ . Let $g_{i}$ be the left hand side of the $i$ -th inequality, i.e. $g_{i}(x_{1},\dots,x_{r}):=a_{i,0}+a_{i,1}\cdot x_{1}+\dots a_{i,r}\cdot x_{r}$ . The monoid of $\Phi$ is defined as:

\textstyle\textsl{Monoid}(\Phi):=\left\{\prod_{i=1}^{m}g_{i}^{k_{i}}\mid m\in\mathbb{N}~{}\wedge~{}\forall i~{}\;k_{i}\in\mathbb{N}\cup\{0\}\right\}.

In other words, the monoid contains all polynomials that can be obtained as a multiplication of the $g_{i}$ ’s. Note that $1\in\textsl{Monoid}(\Phi).$ We define $\textsl{Monoid}_{d}(\Phi)$ as the subset of polynomials in $\textsl{Monoid}(\Phi)$ of degree at most $d.$

Theorem 4.3 (Handelman’s Theorem [handelman1988representing])

Consider a set $V=\{x_{1},\dots,x_{r}\}$ of real-valued variables and the following system of equations over $V$ :

\Phi:=\begin{cases}a_{1,0}+a_{1,1}\cdot x_{1}+\ldots+a_{1,r}\cdot x_{r}\geq 0\\ \hfil\vdots\\ a_{m,0}+a_{m,1}\cdot x_{1}+\ldots+a_{m,r}\cdot x_{r}\geq 0\\ \end{cases}.

If $\Phi$ is satisfiable, $\textsl{SAT}(\Phi)$ is compact, and $\Phi$ entails a polynomial inequality $g(x_{1},\dots,x_{r})>0,$ then there exist non-negative real numbers $y_{1},\dots y_{u}$ and polynomials $h_{1},\dots,h_{u}\in\textsl{Monoid}(\Phi)$ such that:

\textstyle g=\sum_{i=1}^{u}y_{i}\cdot h_{i}.

The intuition here is that if every inequality in $\Phi$ holds, then all the LHS expressions in $\Phi$ are non-negative and hence any multiplication $h_{i}$ of them is also non-negative. As in the case of Farkas’ Lemma, Handelman’s theorem shows that this approach is not only sound but also complete. We also need a variant that can handle strict inequalities in $\Phi.$

Corollary 2

Consider a set $V=\{x_{1},\dots,x_{r}\}$ of real-valued variables and the following system of equations over $V$ :

\Phi:=\begin{cases}a_{1,0}+a_{1,1}\cdot x_{1}+\ldots+a_{1,r}\cdot x_{r}\bowtie_{1}0\\ \hfil\vdots\\ a_{m,0}+a_{m,1}\cdot x_{1}+\ldots+a_{m,r}\cdot x_{r}\bowtie_{m}0\\ \end{cases}

in which $\bowtie_{i}\in\{>,\geq\}$ for all $1\leq i\leq m$ . If $\Phi$ is satisfiable and $\textsl{SAT}(\Phi)$ is bounded, then $\Phi$ entails a strong polynomial inequality $g\gg 0$ if and only if there exist constants $y_{0}\in(0,\infty),$ and $y_{1},\dots,y_{u}\in[0,\infty)$ , and polynomials $h_{1},\dots,h_{u}\in\textsl{Monoid}(\Phi)$ such that:

\textstyle g=y_{0}+\sum_{i=1}^{u}y_{i}\cdot h_{i}.

Corollary 2 above can handle a wider family of standard constraints than Corollary 1. However, it is also more expensive, since we now need to generate one new variable $y_{i}$ for every polynomial in $\textsl{Monoid}_{d}(\Phi)$ instead of $\Phi$ itself. Moreover, there is no bound $d$ in the theorem itself, so introducing $d$ would lead to semi-completeness instead of completeness, i.e. the approach would be complete only if a large enough value of $d$ is used. As such, in cases where both sides of (LABEL:eq:entailment-form) are linear, Corollary 1 is preferable. We now consider a more expressive theorem that can handle polynomials on boths sides of (LABEL:eq:entailment-form).

Theorem 4.4 (Putinar’s Positivstellensatz [putinar1993positive])

Given a finite collection of polynomials $\{g,g_{1},\dots,g_{k}\}\in\mathbb{R}[x_{1},\dots,x_{n}]$ , let $\Phi$ be the set of inequalities defined as

\Phi:\{g_{1}\geq 0,\dots,g_{k}\geq 0\}.

If $\Phi$ entails the polynomial inequality $g>0$ and there exist some $i$ such that $\textsl{SAT}(g_{i}\geq 0)$ is compact, then there exist polynomials $h_{0},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ such that

\textstyle g=h_{0}+\sum_{i=1}^{m}h_{i}\cdot g_{i}

and every $h_{i}$ is a sum of squares. Moreover, $\Phi$ is unsatisfiable if and only if $-1>0$ can be obtained as above, i.e. with $g=-1$ .

As in the cases of Farkas and Handelman, we need a variant of of Theorem 4.4 that can handle strict inequalities in $\Phi.$

Corollary 3

Consider a finite collection of polynomials $\{g,g_{1},\dots,g_{k}\}\in\mathbb{R}[x_{1},\dots,x_{n}]$ and let

\Phi:\{g_{1}\bowtie_{1}0,\dots,g_{k}\bowtie_{k}0\}

where $\bowtie_{i}\in\{>,\geq\}$ for all $1\leq i\leq k$ . Assume that there exist some $i$ such that $\textsl{SAT}(g_{i}\geq 0)$ is compact or equivalently $\textsl{SAT}(g_{i}\bowtie_{i}0)$ is bounded. If $\Phi$ is satisfiable, then it entails the strong polynomial inequality $g\gg 0$ , iff there exists a constant $y_{0}\in(0,\infty)$ and polynomials $h_{0},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ such that

\textstyle g=y_{0}+h_{0}+\sum_{i=1}^{k}h_{i}\cdot g_{i},

and every $h_{i}$ is a sum of squares.

Trying to use the corollary above for handling standard constraints of form (LABEL:eq:entailment-form) in Step 3 of our algorithm leads to two problems: (i) we also need a criterion for unsatisfiability of $\Phi$ to handle the cases where $\Phi\Rightarrow\psi$ holds vacuously, and (ii) in our QP, we should somehow express the property that every $h_{i}$ is a sum of squares. We now show how each of these challenges can be handled. To handle (i), we need another classical theorem from real algebraic geometry.

Theorem 4.5 ([bochnak2013real, Corollary 4.1.8] the Real Nullstellensatz)

Given polynomials $g,g_{1},\dots,g_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ , exactly one of the following two statements holds: {compactitem}

There exists $x\in\mathbb{R}^{n},$ such that $g_{1}(x)=\dots=g_{k}(x)=0$ , but $g(x)\neq 0$ .

There exists $\alpha\in\mathbb{N}\cup\{0\}$ and polynomials $h_{1},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ such that $\sum_{i=1}^{k}h_{i}\cdot g_{i}-h_{0}=g^{2\cdot\alpha}$ and $h_{0}$ is a sum of squares.

We now combine the Real Nullstellensatz with Putinar’s Postivstellensatz to obtain a criterion for unsatisfiability of $\Phi.$

Theorem 4.6

Consider a finite collection of polynomials $\{g_{1},\dots,g_{k}\}\in\mathbb{R}[x_{1},\dots,x_{n}]$ and the following system of inequalities:

\Phi:\{g_{1}\bowtie_{1}0,\dots,g_{k}\bowtie_{k}0\}

where $\bowtie_{i}\in\{>,\geq\}$ for all $1\leq i\leq k$ . $\Phi$ is unsatisfiable if and only if at least one of the following statements holds: {compactitem}

There exist a constant $y_{0}\in(0,\infty)$ and sum of square polynomials $h_{0},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ such that

\textstyle-1=y_{0}+h_{0}+\sum_{i=1}^{k}h_{i}\cdot g_{i}.

(1)

There exist $\alpha\in\mathbb{N}\cup\{0\}$ and $h_{0},h_{1},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n},w_{1},\dots,w_{k}]$ , such that for some $1\leq j\leq m$ with $\bowtie_{j}\in\{>\}$ , we have

\textstyle w_{j}^{4\cdot\alpha}=\sum_{i=1}^{m}h_{i}\cdot(g_{i}-w_{i}^{2})-h_{0}.

(2)

where $h_{0}$ is a sum of squares in $\mathbb{R}[x_{1},\dots,x_{n}]$ . Note that $w_{1},\dots,w_{k}$ are new variables.

Proof

First we show that if any of the two equalities (1) or (2) holds then $\Phi$ is unsatisfiable. Suppose $\Phi$ is satisfiable and pick $\val\in\textsl{SAT}(\Phi)$ . Then, the RHS of (1) is positive at $\val,$ whereas the LHS is negative. So, (1) cannot hold. Now define $\tilde{g_{i}}(x_{1},\dots,x_{n},w_{1},\dots,w_{k}):=g_{i}(x_{1},\dots,x_{n})-w_{i}^{2}.$ Using this definition, we can rewrite (2) as $w_{j}^{4.\alpha}=\sum_{i=1}^{m}h_{i}\cdot\tilde{g_{i}}-h_{0}$ . Moreover, $g_{j}^{2\cdot\alpha}=(\tilde{g_{j}}+w_{j}^{2})^{2\cdot\alpha}.$ Expanding the right hand side using the binomial theorem, we get $g_{j}^{2\cdot\alpha}=w_{j}^{4\cdot\alpha}+h_{j}^{\prime}\cdot\tilde{g_{j}}$ for some $h_{j}^{\prime}\in\mathbb{R}[x_{1},\dots,x_{n},w_{1},\dots,w_{k}]$ . Now, substituting $w_{j}^{4\cdot\alpha}$ (2), we get

\textstyle g_{j}^{2\cdot\alpha}=\sum_{i=1}^{m}h_{i}\cdot\tilde{g_{i}}-h_{0}+h_{j}^{\prime}\cdot\tilde{g_{j}}

(3)

Let us extend $\val$ , which is a valuation of $\{v_{1},\dots,v_{n}\}$ to a valuation $\val^{\prime}$ over $\{v_{1},\dots,v_{n},w_{1},\dots,w_{k}\}$ such that $\val^{\prime}\models\tilde{g_{i}}(v_{1},\dots,v_{n},w_{1},\dots,w_{k})=0$ for all $1\leq i\leq k$ . Note that such an extension is always possible. We get a contradiction by evaluating (3) on $\val^{\prime}$ as the LHS is positive, whereas the RHS is negative.

We now prove the other side. Suppose $\Phi$ is unsatisfiable. We have two possibilities: either $\overline{\Phi}$ is also unsatisfiable or $\overline{\Phi}$ is satisfiable. Suppose $\overline{\Phi}$ is unsatisfiable, then using Theorem 4.4, $\overline{\Phi}$ entails $-2>0$ and we can write $-2=h_{0}+\sum_{i=1}^{k}h_{i}\cdot g_{i}$ for sum of squares polynomials $h_{0},\dots,h_{k}\in\mathbb{R}[x_{1},\dots,x_{n}]$ . Therefore,

\textstyle-1=1+h_{0}+\sum_{i=1}^{k}h_{i}\cdot g_{i}

which fits into (1). Now we are left with the case when $\overline{\Phi}$ is satisfiable but $\Phi$ is unsatisfiable. We first reorder the inequalities in $\Phi$ such that the non-strict inequalities appear first in the order. Let $j$ be the smallest index for which $\Phi[1\dots j]$ , i.e. the set of first $j$ inequalities in $\Phi$ , is unsatisfiable. By definition, $\Phi[1\dots j-1]$ is satisfiable and hence $\overline{\textsl{SAT}(\Phi[1\dots j-1])}=\textsl{SAT}(\overline{\Phi}[1\dots j-1])$ . We can rewrite $\Phi[1\dots j]=\Phi[1\dots j-1]\wedge(g_{j}>0)$ . As $\Phi[1\dots j]$ is unsatisfiable, we know that $\Phi[1\dots j-1]$ entails $g_{j}\leq 0$ . More precisely, this means $\textsl{SAT}(\Phi[1\dots j-1])\subseteq\textsl{SAT}(g_{j}\leq 0)$ . On taking closures on both sides we get $\emph{SAT}(\overline{\Phi}[1\dots j-1])\subseteq\emph{SAT}(g_{j}\leq 0)$ . This implies that $\overline{\Phi}[1,\dots j-1]$ entails $g_{j}\leq 0$ and hence $\overline{\Phi}[1\dots j]$ entails $g_{j}=0$ . As defined above, $\tilde{g_{i}}(x_{1},\dots,x_{n},w_{1},\dots,w_{k})=g_{i}(x_{1},\dots,x_{n})-w_{i}^{2}$ . Now, we will show that there is no valuation $\val^{*}$ over the variables $\{x_{1},\dots,x_{n},w_{1},\dots,w_{k}\}$ such that for all $1\leq i\leq j$ , $\tilde{g_{i}}(\val^{*})=0$ but $g_{j}(\val^{*})\neq 0$ . Suppose there exist such a valuation $\val^{*}$ . Let us define $\val$ to be the restriction of $\val^{*}$ to $\{x_{1},\dots,x_{n}\}$ . For each $1\leq i\leq j$ , we get $g_{i}(\val)\geq 0$ as $\tilde{g_{j}}(\val^{*})=0$ . We also get $g_{j}(\val)=g_{j}(\val^{*})\neq 0$ . Hence, we get a contradiction with the previous result that $\overline{\Phi}[1\dots j]$ entails $g_{j}=0$ . Applying the Real Nullstellensatz (Theorem 4.5) to $\tilde{g_{i}}$ ’s and $g_{j}$ , we have

\textstyle g_{j}^{2\cdot\alpha}=\sum_{i=1}^{j}\tilde{h_{i}}\cdot\tilde{g_{i}}-h_{0}

where $\alpha$ is a non-negative integer and $\tilde{h_{i}}$ ’s and $h_{0}$ are sums of sqaures in $\mathbb{R}[x_{1},\dots,x_{n},w_{1},\dots,w_{k}]$ . Using the definition of $g_{j}=\tilde{g_{j}}+w_{j}^{2}$ and the binomial theorem, we get $g_{j}^{2\cdot\alpha}=w_{j}^{4\cdot\alpha}+h_{j}^{\prime}\cdot\tilde{g_{j}}$ for some $h_{j}^{\prime}\in\mathbb{R}[x_{1},\dots,x_{n},w_{1},\dots,w_{k}]$ . Therefore, we finally get the following expression:

\textstyle w_{j}^{4\cdot\alpha}=\sum_{i=1}^{j}\tilde{h_{i}}\cdot(g_{i}-w_{i}^{2})-h_{j}^{\prime}\cdot(g_{j}-w_{j}^{2})-h_{0}

which fits into the format of (2), hence completing the proof.

Finally, we provide the needed theorems to check that a certain polynomial $h$ is a sum of squares using QP.

Theorem 4.7 ([blekherman2012semidefinite, Theorem 3.39])

Let $\vec{a}$ be the vector of all $\binom{n+d}{d}$ monomials of degree less than or equal to $d$ over the variables $\{x_{1},\dots,x_{n}\}.$ A polynomial $p\in\mathbb{R}[x_{1},\dots,x_{n}]$ of degree $2\cdot d$ is a sum of squares if and only if there exist a positive semidefinite matrix $Q$ of order $\binom{n+d}{d}$ such that $p=a^{T}\cdot Q\cdot a.$

Theorem 4.8 (Cholesky decomposition [watkins2004fundamentals])

A symmetric square matrix $Q$ is positive semidefinite if and only if it has a Cholesky decomposition of the form $Q=LL^{T}$ where $L$ is a lower-triangular matrix with non-negative diagonal entries.

Based on Theorems 4.7 and 4.8, a polynomial $p$ of degree $2\cdot d$ is a sum of squares if and only if it can be written as $p=a^{T}\cdot L\cdot L^{T}\cdot a$ such that diagonal entries of $L$ are non-negative. This representation provides us with a simple approach to generate a sum-of-squares polynomial of degree $2\cdot d$ with symbolic coefficients and encoding them in QP. We first generate a lower triangular matrix $L$ of order $\binom{n+d}{d}$ by creating one fresh variable for each entry in the lower triangle and adding the extra condition that the entries on the diagonal must be non-negative. Then, we symbolically compute $a^{T}\cdot L\cdot L^{T}\cdot a.$

4.3 Details of Step 3 of the Algorithm

We now have all the necessary ingredients to provide a variant of Step 3 of the algorithm that preserves completeness. We assume a positive integer $d$ is given as part of the input. This $d$ serves as an upper-bound on the degrees of polynomials/templates that we use in Handelman’s theorem (the monoid) and the Stellensätze. Our approach is complete as long as a large enough $d$ is chosen.

Step 3: Eliminating Program Variables and Reduction to QP

Recall that at the end of Step 2, we have a finite set of standard constraints of form (LABEL:eq:entailment-form). In this step, the algorithm handles each standard constraint separately and reduces it to quadratic programming over template variables and newly-introduced variables, hence effectively eliminating the program variables and the quantification over them. Let $f_{1}\bowtie_{1}0~{}\wedge~{}f_{2}\bowtie_{2}0~{}\wedge~{}\ldots\wedge f_{r}\bowtie_{r}0\Rightarrow f\bowtie 0$ be one of the standard constraints. The algorithm considers three cases: (i) if all the inequalities on both sides of the constraint are affine, then it applies Farkas’ Lemma; (ii) if the LHS inequalities are affine but the RHS is a higher-degree polynomial, then the algorithm applies Handelman’s theorem; and (iii) if the LHS contains higher-degree polynomials, the algorithm applies the Stellensätze and Theorem 4.6. Below, we define $\Phi:\{f_{1}\bowtie_{1}0,f_{2}\bowtie_{2}0,\ldots,f_{r}\bowtie_{r}0\}$ and $\psi:f\bowtie 0.$

Step 3.(i). Applying Farkas’ Lemma

Assuming all the constraints in $\Phi$ and $\psi$ are affine, we can apply Corollary 1. Based on this corollary, we have to consider three cases disjunctively: {compactenum}

$\Phi$ is satisfiable and entails $\psi$ : The algorithm creates new template variables $y_{0},\dots,y_{r}$ with the constraint $y_{i}\geq 0$ for every $i$ . It then symbolically computes $f=y_{0}+\sum_{i=1}^{r}y_{i}\cdot f_{i}.$ The latter is a polynomial equality over $\vars.$ So, the algorithm equates the coefficients of corresponding monomials on both sides, hence reducing this case to QP. Additionally, if $\psi$ is a strict inequality, the algorithm adds the extra constraint $\sum_{\bowtie_{i}\in\{>\}}y_{i}>0.$

$\Phi$ is unsatisfiable and $-1\geq 0$ can be obtained: This is similar to the previous case, except that $-1$ should be written as $y_{0}+\sum_{i=1}^{r}y_{i}\cdot f_{i}.$

$\Phi$ is unsatisfiable and $0>0$ can be obtained: This is also similar to the last two cases. We have $0=y_{0}+\sum_{i=1}^{r}y_{i}\cdot f_{i}$ and $\sum_{\bowtie_{i}\in\{>\}}y_{i}>0.$ Note that the template variables $y$ are freshly generated in each case above. Also, we have to consider cases (2) and (3) because $\Phi$ is unsatisfiable in these cases and hence the constraint $\Phi\Rightarrow\psi$ always holds vacuously.

Step 3.(ii). Applying Handelman’s Theorem

Assuming all constraints in $\Phi$ are linear but $\psi$ is a higher-degree polynomial inequality, the algorithm applies Corollaries 1 and 2. Again, we have to consider the same three cases as in Step 3.(i): {compactenum}

$\Phi$ is satisfiable and entails $\psi$ : We apply Corollary 2. The algorithm first symbolically computes $\textsl{Monoid}_{d}(\Phi)=\{h_{1},h_{2},\dots,h_{u}\}.$ It then generates new template variables $y_{0},y_{1},\dots,y_{u}$ and constrains them by setting $y_{0},y_{1},y_{2},\dots,y_{u}\geq 0.$ If $\psi$ is a strict inequality, it further adds the constraint $y_{0}>0.$ It then symbolically computes the equality

\textstyle f=y_{0}+\sum_{i=1}^{u}y_{i}\cdot h_{i}.

As usual, this is an equality whose both sides are polynomials over $\vars.$ So, the algorithm equates the coefficients of corresponding monomials on the LHS and RHS, which reduces this case to QP.

Note that $\Phi$ consists of linear inequalities, so we can use Farkas’ Lemma to check if $\Phi$ is unsatisfiable. As such, this step is the same as case (2) of Step 3.(i).

This is the same as case (3) of Step 3.(i).

Step 3.(iii). Applying Stellensätze

If $\Phi$ includes polynomial inequalities of degree $2$ or larger, then we have to apply Corollary 3 and Theorem 4.6. The algorithm considers three cases and combines them disjunctively: {compactenum}

$\Phi$ is satisfiable and entails $\psi$ : In this case, we apply Corollary 3. The algorithm generates template sum-of-squares polynomials $h_{0},\ldots,h_{r}$ of degree $d$ and adds QP constraints that ensure each $h_{i}$ is a sum of squares (See the end of Section 4.2). It also generates a non-negative fresh variable $y_{0}$ . If $\psi$ is strict, the algorithm adds the constraint $y_{0}>0.$ Finally, the algorithm symbolically computes

\textstyle f=y_{0}+h_{0}+\sum_{i=1}^{r}h_{i}\cdot f_{i};

and equates the corresponding coefficients in the LHS and RHS to obtain QP constraints.

$\Phi$ is unsatisfiable due to the first condition of Theorem 4.6: This case is handled similary to case (1) above, except that we have $-1=y_{0}+h_{0}+\sum_{i=1}^{r}h_{i}\cdot f_{i}.$

$\Phi$ is unsatisfiable due to the second condition of Theorem 4.6: The algorithm introduces $r$ new program variables $w_{1},\dots,w_{r}.$ It then generates a sum-of-squares template polynomial $h$ over $\vars$ and arbitrary template polynomials $h_{1},\dots,h_{k}$ over $\vars\cup\{w_{1},\dots,w_{r}\}.$ All $h_{i}$ ’s are degree- $d$ templates. Finally, for every index $j$ that corresponds to a strict inequality, i.e. $\bowtie_{j}\in\{>\},$ the algorithm symbolically computes

\textstyle w_{j}^{d^{\prime}}=\sum_{i=1}^{r}h_{i}\cdot(f_{i}-w_{i}^{2})-h_{0},

in which $d^{\prime}$ is the largest multiple of $4$ that does not exceed $d$ . Note that this is an equality between two polynomials over $\vars\cup\{w_{1},\dots,w_{r}\}.$ As before, the algorithm equates the coefficients of corresponding monomials on both sides of the equality and reduces it to QP.

After the algorithm runs Step 3 as above, all standard constraints generated in Step 2 will be reduced to QP and can hence be passed to an external solver in Step 4, as illustrated in Section LABEL:sec:algo:overview.

Degree bounds

We are using the same bound $d$ for the degree of the polynomials and templates in all cases above. This is not a requirement. One can fix different degree bounds for each case.

Handling Boundedness

To achieve completeness, we need the boundedness assumption, i.e. that for every variable $v\in\vars,$ we always have $-M\leq v\leq M.$ To model this in the algorithm, we can add the boundedness inequalities to the left-hand side of every standard constraint. Additionally, we can get a concrete value for $M$ as part of the input, or treat $M$ symbolically, i.e. as a template variable, and let the QP solver synthesize a value for it.

4.4 Soundness and Completeness

We now prove that our algorithm is sound and semi-complete for TBSP. The soundness result needs no extra assumptions and can be obtained directly. The completeness on the other hand relies on several assumptions: (i) boundedness, (ii) having chosen a large enough degree bound $d$ , and (iii) having invariants and post-conditions that, when written in DNF form, consist only of strongly positive polynomial inequalities of the form $g\gg 0.$

Theorem 4.9 (Soundness)

Given a sketch polynomial program or equivalently a sketch polynomial transition system (SPTS) of the form $(\vars,\tvars,\locs,\loc_{0},\theta_{0},\loc_{f},\theta_{f},\transitions,\invariant)$ together with a cutset $\cutset$ as input, every concrete polynomial transition system (PTS) synthesized by the algorithm above is inductively valid.

Proof

The standard constraints of form (LABEL:eq:entailment-form) generated in Step 2 are equivalent to the initiation, consecution and finalization constraints in the definition of inductive validity. The reduction from standard constraints to QP in Step 3 is also sound since, in every case, it either writes the RHS of the standard constraint as a combination of the LHS polynomials, hence proving that it holds, or otherwise proves that the LHS is unsatisfiable and thus the standard constraint holds vacuously.

Theorem 4.10 (Semi-completeness)

Consider a solvable sketch polynomial transition system (SPTS) of the form $(\vars,\tvars,\locs,\loc_{0},\theta_{0},\loc_{f},\theta_{f},\transitions,\invariant),$ together with a cutset $\cutset,$ that is given as input. Moreover, assume that: {compactenum}

The boundedness assumption holds, i.e. there is a constant $M\in(0,\infty)$ such that for every $v\in\vars,$ we always have $-M\leq v\leq M.$

Every invariant $\invariant(\loc)$ and post-condition $\theta_{f},$ when written in disjunctive normal form, contains only strongly positive polynomial inequalities of the form $g\gg 0.$ Then, there exists a constant degree bound $d\in\mathbb{N}$ , for which the algorithm above is guaranteed to successfully synthesize an inductively valid polynomial transition system (PTS).

Proof

Since our instance is solvable, there is a valuation $\tval$ for the template variables that yields an inductively valid PTS. We prove that for large enough $d$ , the valuation $\tval$ is obtained by one of the solutions of the QP instance solved in Step 4 of the algorithm. The proof is pretty straightforward since we just have to check that all steps of our algorithm are complete. Step 2 is complete since it simply rewrites the inductive validity constraints as an equivalent set of standard constraints. For Step 3, we prove completeness of each case separately. Step 3.(i) is complete due to Farkas’ Lemma (Corollary 1). In Step 3.(ii), if $\Phi$ is unsatisfiable, then the algorithm is complete based on Corollary 1. Otherwise, it is complete based on Corollary 2. However, since we are using a degree bound $d$ for the monoid, the completeness only holds if the chosen $d$ is large enough. Moreover, Corollary 2 requires strong positivity of $g$ , which corresponds to invariants and post-conditions in our use-case, and boundedness of $\textsl{SAT}(\Phi),$ which is a direct consequence of our boundedness assumption. Finally, Step 3.(iii) is complete due to Corollary 3 and Theorem 4.6. These depend on $d$ , strong positivity and boundedness in the exact same manner as in the case of Step 3.(ii).

Limitations of Completeness

The main limitation in our completeness result is that it holds only if the degree bound $d$ chosen for the template polynomials is large enough. This is why we call it a semi-completeness theorem. In theory, it is possible to come up with adversarial instances in which the required degree is exponentially high [mai2022complexity]. In practice, we rarely, if ever, need to use a higher degree than that of the polynomials that are already part of the input SPTS. The second limitation is boundedness. This limitation cannot be lifted since both Handelman’s Theorem and Putinar’s Positivstellensatz assume compactness, which is equivalent to being closed and bounded in $\mathbb{R}^{n}$ . Nevertheless, it does not have a significant practical effect and the algorithm remains sound even without this assumption. It is also noteworthy that the treatment of the linear/affine case using Farkas’ Lemma requires neither boundedness nor any specific value of $d$ and is always complete. Finally, strong positivity in the invariants and post-conditions is needed because Putinar’s Positivstellensatz and Theorem 4.6 can only provide a sound and complete characterization of strongly positive polynomials over a bounded semi-algebraic set $X\subseteq R^{n}$ if we do not assume that $X$ itself is closed. In terms of the synthesis problem, this means that our algorithm is not guaranteed to be complete for inequalities of the form $f>0$ in the invariants/post-conditions for which the value of $f$ in the runs of the program can get arbitrarily close to $0.$ However, this limitation is also not significant in practice because (i) our soundness does not depend on it, and (ii) $f+\epsilon\gg 0$ holds for any constant $\epsilon>0.$ So, a small change (by any value $\epsilon>0$ ) in the invariants/postconditions leads to an instance over which our completeness holds.

References

5 Appendix

5.1 Examples used in Section LABEL:secion_proof_of_concept

These examples are motivated from the benchmarks provided in [rodriguez2018some].