A Verified Decision Procedure for Univariate Real Arithmetic with the BKR Algorithm
AA Verified Decision Procedure for Univariate RealArithmetic with the BKR Algorithm
Katherine Cordwell Yong Kiam Tan Andr´e Platzer * Abstract
We formalize the univariate fragment of Ben-Or, Kozen, and Reif’s (BKR) decision pro-cedure for first-order real arithmetic in Isabelle/HOL. BKR’s algorithm has good potential forparallelism and was designed to be used in practice. Its key insight is a clever recursive pro-cedure that computes the set of all consistent sign assignments for an input set of univariatepolynomials while carefully managing intermediate steps to avoid exponential blowup fromnaively enumerating all possible sign assignments (this insight is fundamental for both theunivariate case and the general case). Our proof combines ideas from BKR and a follow-upwork by Renegar that are well-suited for formalization. The resulting proof outline allows usto build substantially on Isabelle/HOL’s libraries for algebra, analysis, and matrices. Our mainextensions to existing libraries are also detailed.
Formally verified arithmetic has important applications in formalized mathematics and rigorousengineering domains. For example, real arithmetic questions often arise as part of formal proofsfor safety-critical cyber-physical systems (CPS) [23], the formal proof of the Kepler conjectureinvolves the verification of more than , real inequalities [10], and the verification of floating-point algorithms also involves real arithmetic reasoning [11]. Quantifier elimination (QE) is the process by which a quantified formula (involving ∀ and ∃ quantifiers) is transformed into a logically equivalent quantifier-free formula. Tarski famouslyproved that the theory of first-order real arithmetic (FOL R ) admits QE; FOL R validity and satisfia-bility are therefore decidable by QE and evaluation [28]. Thus, in theory , all it takes to rigorouslyanswer any real arithmetic question is to verify a QE procedure for FOL R . However, in practice ,QE algorithms for FOL R are complicated and the fastest known QE algorithm, cylindrical alge-braic decomposition (CAD) [5] is, in the worst case, doubly exponential in the number of variables.The multivariate CAD algorithm is highly complicated and has yet to be fully formally verified ina theorem prover [14], although various specialized approaches have been used to successfully * Computer Science Department, Carnegie Mellon University, Pittsburgh, USA { kcordwel,yongkiat,aplatzer } @cs.cmu.edu a r X i v : . [ c s . L O ] F e b . Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKRtackle restricted subsets of real arithmetic questions in proof assistants, e.g., quantifier elimina-tion for linear real arithmetic [21], sum-of-squares witnesses for the universal fragment [12], andinterval arithmetic when the quantified variables range over bounded domains [26].There are few general-purpose formally verified decision procedures for FOL R . Mahboubi andCohen [4] formally verified an algorithm for QE based on Tarski’s proof but their formalization isprimarily a theoretical decidability result [4, Section 1] owing to the non-elementary complexityof Tarski’s algorithm. The proof-producing procedure by McLaughlin and Harrison [18] can solvea number of small univariate and multivariate examples but suffers similarly from the complexityof the underlying Cohen-H ¨ormander procedure. The situation for univariate real arithmetic (i.e.,problems that involve only a single variable) is better. In Isabelle/HOL, Li, Passmore, and Paulson[14] formalized an efficient univariate decision procedure based on univariate CAD. There areadditionally some univariate decision procedures in PVS, including hutch , which is based onCAD [19] and tarski , which is based on the Sturm-Tarski theorem [20].This paper adds to the latter body of work by formalizing the univariate case of the Ben-Or,Kozen, and Reif (BKR) decision procedure [2], drawing on insights from Renegar’s [25] latervariation of BKR. It is desirable to have a variety of formally verified decision procedures forarithmetic, since different strategies can have different efficiency tradeoffs on different classes ofproblems [6, 24]. For example, in PVS, hutch is usually significantly faster than tarski [19] butthere are a number of problems which are adversarial for hutch on which tarski performs better[6]. BKR has a fundamentally different working principle than CAD. Like the Cohen-H¨ormanderprocedure, it represents roots and sign-invariant regions abstractly, instead of via concrete realalgebraic numbers whose nontrivial minimal polynomial ideal computations CAD needs. Further,unlike Cohen-H¨ormander, BKR was designed to be used in practice. When its inherent parallelismis exploited, an optimized version of univariate BKR is an NC algorithm (that is, it runs in parallelpolylogarithmic time). Our formalization is not yet optimized and parallelized, so we do not yetachieve such efficiency. However, we do export our Isabelle/HOL formalization to Standard ML(SML) and are able to solve some examples with the exported code.Additionally, our formalization is a significant stepping stone towards the multivariate case,which builds inductively on the univariate case. Multivariate BKR seems to rely fairly directlyon the univariate version, so we hope that it will be significantly easier to formally verify thanmultivariate CAD, which is highly complicated. However, it is unlikely that multivariate BKR willbe as efficient as CAD in the average case. While BKR states that their multivariate algorithmis computable in parallel exponential time (or in NC for fixed dimension), Canny later found anerror in BKR’s multivariate analysis [3], which highlights the subtlety of the algorithm and therole for formal verification. Notwithstanding this, multivariate BKR is almost certain to outper-form methods such as Tarski’s algorithm and Cohen-H¨ormander and can supplement an eventualformalization of multivariate CAD.We detail our construction and how we blend concepts from BKR and Renegar (Section 2),discuss some important aspects of our formalization and the exported code (Section 3), give somemathematical intuition for why we think multivariate BKR is plausible (Section 4), discuss relatedwork (Section 5), and conclude with some potential future directions (Section 6). Our formalizationis available at:
2. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR
This section provides an outline of our decision procedure for univariate real arithmetic and itsverification in Isabelle/HOL [22]. The goal is to provide an accessible mathematical blueprint thatexplains our construction and its blend of ideas from BKR [2] and Renegar [25]; in-depth technicaldiscussion of the formal proofs is largely deferred to Section 3. Throughout this paper, univariate polynomials are assumed to have variable x . Our decision procedure works for polynomials withrational coefficients ( rat poly in Isabelle), though some lemmas are proved more generally forpolynomials with real coefficients ( real poly in Isabelle). Formulas of univariate real arithmetic are generated by the following grammar, where p is a uni-variate polynomial with rational coefficients: φ, ψ ::= p > | p ≥ | p = 0 | φ ∨ ψ | φ ∧ ψ For formula φ , the universal decision problem is to decide if φ is true for all real values of x ,i.e., validity of the quantified formula ∀ x φ . The existential decision problem is to decide if φ istrue for some real value of x , i.e., validity of the quantified formula ∃ x φ . For example, a decisionprocedure should return false for formula (1) and true for formula (2) below (left). ∀ x ( x − ∧ x > (1) ∃ x ( x − ∧ x > (2) Formula Structure: A = 0 ∧ B > Polynomials: A : x − , B : 3 x The first observation is that both univariate decision problems can be transformed to the prob-lem of finding the set of consistent sign assignments (also known as realizable sign assignments [1,Definition 2.34]) of the set of polynomials appearing in the formula φ . Definition 1. A sign assignment for a set G of polynomials is a mapping σ that assigns each g ∈ G to either +1 , − , or . A sign assignment σ for G is consistent if there exists an x ∈ R where, for all g ∈ G , the sign of g ( x ) matches the sign of σ ( g ) .For the polynomials x − and x appearing in formulas (1) and (2), the set of all consistentsign assignments (written as ordered pairs) is: { (+1 , − , (0 , − , ( − , − , ( − , , ( − , +1) , (0 , +1) , (+1 , +1) } Formula (1) is not valid because consistency of sign assignment (0 , − implies there exists areal value x ∈ R such that conjunct x − is satisfied but not x > . Conversely, formula (2)is valid because the consistent sign assignment (0 , +1) demonstrates the existence of an x ∈ R satisfying x − and x > . The truth-value of formula φ at a given sign assignmentis computed by evaluating the formula after replacing all of its polynomials by their respectiveassigned signs. For example, for the sign assignment (0 , − , replacing A by and B by − inthe formula structure underlying (1) and (2) shown above (right) yields ∧ − > , which3. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKRevaluates to false. Validity of ∀ x φ is decided by checking that φ evaluates to true at each of itsconsistent sign assignments. Similarly, validity of ∃ x φ is decided by checking that φ evaluates totrue at at least one consistent sign assignment.Our top-level formalized algorithms are called decide universal and decide existential ,both with type rat poly fml ⇒ bool . The definition of decide existential is as follows(the omitted definition of decide universal is similar): definition decide_existential :: "rat poly fml ⇒ bool" where "decide_existential fml = (let (fml_struct,polys) = convert fml infind (lookup_sem fml_struct) (find_consistent_signs polys) (cid:54) = None)"
Here, convert extracts the list of constituent polynomials polys from the input formula fml along with the formula structure fml struct , find consistent signs returns the list ofall consistent sign assignments conds for polys , and find checks that predicate lookup semfml struct is true at one of those sign assignments. Given a sign assignment σ , lookup semfml struct σ evaluates the truth value of fml at σ by recursively evaluating the truth of itssubformulas after replacing polynomials by their sign according to σ using the formula structure fml struct . Thus, decide existential returns true iff fml evaluates to true at at least one ofthe consistent sign assignments of its constituent polynomials.The correctness theorem for decide universal and decide existential is shown be-low, where fml sem fml x evaluates the truth of fml at the real value x . theorem decision_procedure:"( ∀ x::real. fml_sem fml x) ←→ decide_universal fml""( ∃ x::real. fml_sem fml x) ←→ decide_existential fml" This theorem depends crucially on find consistent signs correctly finding all consistentsign assignments for polys , i.e., solving the sign-determination problem.
The next step restricts the sign-determination problem to the following more concrete format:Find all consistent sign assignments for a set of polynomials q , . . . , q n that occur at the roots ofa nonzero polynomial p . The key insight of BKR is that this restricted problem can be solvedefficiently (in parallel) using purely algebraic tools (Section 2.3). Following BKR’s procedure, wealso normalize the q i to be coprime with (i.e. share no common factors with) p , which simplifiesthe subsequent construction for the key step and its formal proof. Consider as input a set of polynomials (with rational coefficients) G = { g , . . . , g k } for whichwe need to find all consistent sign assignments. The transformation proceeds as follows: This design choice comes with potential efficiency tradeoffs: Renegar’s algorithm for the restricted sign determi-nation problem is more complicated than BKR’s, but Renegar’s reduction to the restricted problem is comparativelysimpler. Intuitively, BKR performs a number of smaller computations, while Renegar performs one larger computa-tion. Future work would be needed to determine the efficiency tradeoffs in practice. BKR’s style is more modularand has greater potential for parallelism; the smaller computations can be performed in parallel. However, Renegar’sapproach is likely to be more desirable in the multivariate case [3].
4. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR(1) Factorize the input polynomials G into a set of pairwise coprime factors (with rational coeffi-cients) Q = { q , . . . , q n } . This also removes redundant/duplicate polynomials.Each input polynomial g ∈ G can be expressed in the form g = (cid:80) ni =1 c i q d i i for some rationalcoefficients c i and natural number powers d i ≥ so the sign of g is directly recovered fromthe signs of the factors q ∈ Q . For example, if g = q q and in a consistent sign assignment q is positive while q is negative, then g is negative according to that assignment, and soon. Accordingly, to determine the set of all consistent sign assignments for G it suffices todetermine the same for Q .(2) For each ≤ i ≤ n , solve the restricted sign-determination problem for all consistent signassignments of { q , . . . , q n } \ { q i } at the roots of q i .This yields all consistent sign assignments of Q where exactly one q i is assigned to zero.Because the q i ’s are pairwise coprime, in all remaining consistent sign assignments, all the q i ’smust be assigned to nonzero (i.e., +1 , − ) signs.(3) Compute a polynomial p that satisfies the following properties: i) p is pairwise coprime with all of the q i ’s, ii) p has a root in every interval between any two roots of the q i ’s, iii) p has a root that is greater than all of the roots of the q i ’s, and iv) p has a root that is smaller than all of the roots of the q i ’s.An explicit choice of p satisfying these properties when q i ∈ Q are squarefree and pairwisecoprime is shown in Section 3.1.2. The relationship between the roots of p and the roots of q i ∈ Q is visualized in Fig. 1. Intuitively, the roots of p (red points) provide representativesample points between the roots of the q i ’s (black squares). The roots of all the q i ’s Some root of p is greater than all the roots of the q i ’sp has a root in between any two roots of the q i ’sSome root of p is less than all the roots of the q i ’s Figure 1: The relation between the roots of the added polynomial p and the roots of the q i ’s.(4) Solve the restricted sign-determination problem for all consistent sign assignments of { q , . . . , q n } at the roots of p .Returning to Fig. 1, the q i ’s are sign-invariant in the intervals between any two roots of the q i ’s(black squares) and to the left and right of all roots of q i . Intuitively, moving along the realnumber line, no q i can change sign unless without first passing through a root of q i . Thus,5. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKRall consistent sign assignments of q i that only have nonzero signs must occur in one of theseintervals and therefore, also at one of the roots of p (red points).(5) The combined set of sign assignments found in (2) for zeros and (4) for nonzeros solves thesign-determination problem for Q , and therefore also for G as argued in (1).Our algorithm to solve BKR’s key step is called find consistent signs at roots ; wenow turn to the details of this method. The restricted sign determination problem for polynomials q , . . . , q n at the roots of a polynomial p (cid:54) = 0 , where each q , . . . , q n is coprime with p , can be tackled naively by setting up and solvinga matrix equation . The idea of using a matrix equation for sign determination dates back to Tarski[28] [1, Section 10.3]. BKR’s additional insight is to avoid the prohibitive complexity of enumer-ating the exponentially many possible sign assignments for q , . . . , q n by computing the matrixequation recursively and reducing it along the way so that its intermediate data stays manageableat every step. We first explain the technical underpinnings of the matrix equation before returningto our implementation of BKR’s recursive procedure. For brevity, references to sign assignmentsfor q , . . . , q n in this section are always at the roots of p . The inputs to the matrix equation are a set of candidate (i.e., not necessarily consistent) sign as-signments ˜Σ = { ˜ σ , . . . , ˜ σ m } for the polynomials q , . . . , q n and a set of subsets S = { I , . . . , I l } , I i ⊆ { , . . . , n } of indices selecting among those polynomials. The set of all consistent signassignments Σ for q , . . . , q n is assumed to be a subset of ˜Σ , i.e., Σ ⊆ ˜Σ .For example, consider p = x − x and q = 3 x + 2 . The set of all possible candidate signassignments ˜Σ = { (+1) , ( − } must contain the consistent sign assignments for q (sign (0) isimpossible as p, q are coprime). The possible subsets of indices are I = {} and I = { } .The main algebraic tool underlying the matrix equation is the Tarski query which providessemantic information about the number of roots of p with respect to another polynomial q . Definition 2.
Given univariate polynomials p, q with p (cid:54) = 0 , the Tarski query N ( p, q ) is: N ( p, q ) = { x ∈ R | p ( x ) = 0 , q ( x ) > } − { x ∈ R | p ( x ) = 0 , q ( x ) < } . Importantly, Tarski queries can be computed efficiently from the input polynomials p, q usingEuclidean remainder sequences without explicitly finding the roots of p . This is a consequence ofthe Sturm-Tarski theorem which has been formalized in Isabelle/HOL by Li [13]. The theoreticalcomplexity of computing a Tarski query N ( p, q ) is O ((deg p ) · deg q ) [1, Sections 2.2.2 and 8.3].However, this complexity analysis does not take into account the bitsizes of coefficients in theremainder sequences [1, Section 8.3], so will not be not achieved by the Isabelle formalization[13] without further optimizations.For the matrix equation, we lift Tarski queries to a subset of the input polynomials:6. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR Definition 3.
Given a univariate polynomial p (cid:54) = 0 , univariate polynomials q , . . . , q n , and a subset I ⊆ { , . . . , n } , the Tarski query N ( I ) with respect to p is: N ( I ) = N ( p, Π i ∈ I q i ) = { x ∈ R | p ( x ) = 0 , Π i ∈ I q i ( x ) > }− { x ∈ R | p ( x ) = 0 , Π i ∈ I q i ( x ) < } . The matrix equation is the relationship M · w = v between the following three entities:• M , the l -by- m matrix with entries M i,j = Π k ∈ I i σ j ( q k ) ∈ {− , } ,• w , the length m vector whose entries count the number of roots of p where q , . . . , q n hassign assignment ˜ σ , i.e., w i = { x ∈ R | p ( x ) = 0 , sgn ( q j ( x )) = ˜ σ i ( q j ) for all ≤ j ≤ n } ,• v , the length l vector consisting of Tarski queries for the subsets, i.e., v i = N ( I i ) .Observe that the vector w is such that the sign assignment σ i is consistent (at a root of p ) iffits corresponding entry w i is nonzero. Thus, the matrix equation can be used to solve the signdetermination problem by solving for w . In particular, the matrix M and the vector v are bothcomputable from the input (candidate) sign assignments and subsets. Further, since the subsetswill be chosen such that the constructed matrix M is invertible , the matrix equation uniquelydetermines w and the nonzero entries of w = M − · v .The following Isabelle/HOL theorem summarizes sufficient conditions on the list of sign assign-ments signs and the list of index subsets subsets for the matrix equation to hold for polynomiallist qs at the roots of polynomial p . Note the switch from set-based representation to list-basedrepresentation in the theorem. This formally provides an ordering to the polynomials, sign assign-ments, and subsets, which is useful for computations. theorem matrix_equation: assumes "p (cid:54) = assumes " (cid:86) q. q ∈ set qs = ⇒ coprime p q" assumes "distinct signs" assumes "consistent_signs_at_roots p qs ⊆ set signs" assumes " (cid:86) l i. l ∈ set subsets = ⇒ i ∈ set l = ⇒ i < length qs" shows "M_mat signs subsets * v w_vec p qs signs = v_vec p qs subsets" Here,
M mat , w vec , and v vec construct the matrix M and vectors w , v respectively; * v denotes the matrix-vector product in Isabelle/HOL. The switch into list notation necessitates someconsistency assumptions, e.g., that the signs list contains distinct sign assignments and thatthe index i occurring in each list of indices l in subsets points to a valid element of the list qs .The proof of matrix equation uses a counting argument: intuitively, M i,j is the contribution ofany real value x that has the sign assignment σ j towards N ( I i ) , so multiplying these contributionsby the actual counts of those real values in w gives M i · w = v i .Note that the theorem does not ensure that the constructed matrix M is invertible (or evensquare). This must be ensured separately when solving the matrix equation for w . We now discussBKR’s inductive construction and its usage of the matrix equation.7. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR . =
1 11 -1 21 Tarski query N({})Tarski query N({1})
Key information
Signs list:[[+1], [-1]]Subsets list:[{}, {1}]
INPUTS:p = x - xqs = [q ] Figure 2: Matrix equation for p = x − x , q = 3 x + 2 . The simplest (base) case of the algorithm is when there is a single polynomial [ q ] . Here, it sufficesto set up a matrix equation M · w = v from which we can compute all consistent sign assignments.As hinted at earlier, this can be done with the list of index subsets [ {} , { } ] and the candidate signassignment list [(+1) , ( − . Further, as illustrated in Fig. 2, the matrix M is invertible for thesechoices of subsets and candidate sign assignments, so the matrix equation can be explicitly solvedfor w . The matrix equation can be similarly used to determine the consistent sign assignments for an ar-bitrary list of polynomials [ q , . . . , q n ] . The driving idea for BKR is that, given two solutions of thesign determination problem at the roots of p for two input lists of polynomials, say, (cid:96) = [ r , . . . , r k ] and (cid:96) = [ r k +1 , . . . , r k + l ] , one can combine them to yield a solution for the list of polynomi-als [ r , . . . , r k + l ] . This yields a recursive method for solving the sign determination problem bysolving the base case at the single polynomials [ q ] , [ q ] , . . . , [ q n ] , and then recursively combiningthose solutions, i.e., solving [ q , q ] , [ q , q ] , . . . , then [ q , q , q , q ] , . . . , and so on until a solu-tion for [ q , . . . , q n ] is obtained. Importantly, BKR performs a reduction (Section 2.3.4) after eachcombination step to bound the size of the intermediate data.More precisely, assume for (cid:96) , we have a list of index subsets S and a list of sign assignments ˜Σ such that ˜Σ contains all of the consistent sign assignments for (cid:96) and the matrix M constructedfrom S and ˜Σ is invertible. Accordingly, for (cid:96) , we have the list of subsets S , list of signassignments ˜Σ containing all consistent sign assignments for (cid:96) , and M constructed from S , ˜Σ is invertible. In essence, we are assuming that S , ˜Σ and S , ˜Σ satisfy the hypotheses for thematrix equation to hold, so that they contain all the information needed to solve for the consistentsign assignments of (cid:96) and (cid:96) respectively. In the Isabelle/HOL formalization, we use -indexed lists to represent sets and sign assignments, so the subsetslist is represented as [[],[0]] and the signs list is [[1],[-1]] .
8. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR
Combine subsets lists, calculate RHS vector {}{1} {}{2} {} U {}{} U {2}{1} U {}{1} U {2} v = p = x – xq_list = [3x + 2, 2x – 1] Combine the signs lists [1] [-1] [1, 1][1, -1][-1, 1][-1, -1][1] [-1]
Calculate matrix, solve for LHS vector, determine consistent sign assignments -1 v = 1 11 -1 1 11 -11 11 -1 -1 -1-1 1M = Consistent sign assignments:++, + - , - +
N({})= 3N({2})= 1N({1})= 1N({1,2})= -1
Figure 3: Combining two systems.Observe that any consistent sign assignment for (cid:96) = [ r , . . . , r k + l ] must have a prefix that isitself a consistent sign assignment to (cid:96) and a suffix that is itself a consistent sign assignment to (cid:96) . Thus, the combined list of sign assignments ˜Σ obtained by concatenating every entry of ˜Σ with every entry of ˜Σ contains all consistent sign assignments for (cid:96) . The combined subsets list S is obtained in an analogous way from S , S (where concatenation is now set union), with aslight modification: the subset list S indexes polynomials from (cid:96) , but those polynomials nowhave different indices in (cid:96) , so everything in S is shifted by the length of (cid:96) before combination.Once we have the combined subsets list, we can calculate the RHS vector v with Tarski queries asexplained in Section 2.3.1.The matrix M constructed from S , ˜Σ is exactly the Kronecker product of M and M . Further,the Kronecker product of invertible matrices is invertible, so the matrix equation can be solved forthe LHS vector w using M and the vector v computed from the subsets list S . Then the nonzeroentries of w correspond to the consistent sign assignments of l . Taking a concrete example, supposewe want to find the list of consistent sign assignments for (cid:96) = [3 x + 2 , x − at the zeros of p = x − x . The combination step for (cid:96) = [3 x + 2] and (cid:96) = [2 x − is visualized in Fig. 3. The reduction step takes as input the indices S and candidate sign assignments ˜Σ and removes theinconsistent sign assignments. This keeps the size of the intermediate data tracked for the matrixequation as small as possible (to reduce the complexity of the algorithm).The reduction step is best explained in terms of the matrix equation M · w = v constructed fromthe inputs S , ˜Σ . After solving for w , the reduction starts by deleting all indexes of w i that are andthe corresponding i -th sign assignments in ˜Σ which are now known to be inconsistent (recall that w i counts the number of zeros of p where the i -th sign assignment is realized). This corresponds todeleting the i -th columns of matrix M . If any columns are deleted, the resulting matrix is no longersquare (nor invertible). Thus, the next step finds a basis among the remaining rows of the matrix9. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR . = Step 1: Identify 0’s in LHS vector = Step 2: Drop those entries and the corresponding columns in the matrix
1 11 -1 1 11 -11 11 -1 -1 -1-1 1 311-1 . = Step 3: Identify a basis of row vectors . =
1 11 -1 1 1 1 1 -1
Step 4: Take those row vectors and corresponding rows in the RHS vector . = Figure 4: Reducing a system.to make it invertible again (deleting any rows that do not belong to the chosen basis). Deletingthe j -th row in this matrix corresponds to deleting the j -th index subset in S . We visualize thereduction step for the matrix equation of the example with p = x − x and (cid:96) = [3 x + 2 , x − in Fig. 4. Now that we have set up the theory behind the construction, we turn to some details of our formal-ization: the proofs, extensions to the existing matrix libraries, and the exported code.
In this section, we discuss the proofs for our decision procedure in reverse order compared toSection 2; that is, we first discuss the formalization of our algorithm for restricted sign determi-nation find consistent signs at roots before discussing the top-level decision proceduresfor univariate real arithmetic: decide { universal|existential } . We combine BKR’s base case (Section 2.3.2), combination step (Section 2.3.3), and reduction step(Section 2.3.4) to form our core algorithm calc data for the restricted sign determination prob-lem at the roots of a polynomial. The calc data algorithm takes a real polynomial p and a listof polynomials qs and produces a -tuple (M, S, Σ ) , consisting of the matrix M from the matrixequation, the list of index subsets S , and the list of all consistent sign assignments Σ for qs atthe roots of p . Although M can be calculated directly from S and Σ , it is returned (as part of thealgorithm) for use in the combination and reduction step, to avoid redundantly recomputing it.10. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR fun calc_data :: "real poly ⇒ real poly list ⇒ (rat mat × (nat list list × rat list list))" where "calc_data p qs = (let len = length qs inif len = 0 then( λ (a,b,c).(a,b,map (drop 1) c)) (reduce_system p ([1],base_case_info))else if len ≤ definition find_consistent_signs_at_roots :: "real poly ⇒ real poly list ⇒ rat list list" where "find_consistent_signs_at_roots p qs =(let (M,S, Σ ) = calc_data p qs in Σ )" The base case where qs has length ≤ is handled using the fixed choice of matrix, indexsubsets, and sign assignments (defined as the constant base case info ) from Section 2.3.2. Oth-erwise, when length qs > , the list is partitioned into two sublists qs1, qs2 and the algorithmrecurses on those sublists.The outputs for both sublists are combined using combine systems which takes the Kro-necker product of the output matrices and concatenates the index subsets and sign assignmentsas explained in Section 2.3.3. Finally, reduce system performs the reduction according to Sec-tion 2.3.4, removing inconsistent sign assignments and redundant subsets of indices. The top-levelprocedure is find consistent signs at roots , which returns only Σ (the third component of calc data ). The following Isabelle/HOL snippets show its main correctness theorem and impor-tant relevant definitions. definition roots :: "real poly ⇒ real set" where "roots p = {x. poly p x = 0}" definition consistent_signs_at_roots :: "real poly ⇒ real poly list ⇒ rat list set" where "consistent_signs_at_roots p qs = (sgn_vec qs) ‘ (roots p)" theorem find_consistent_signs_at_roots: assumes "p (cid:54) = assumes " (cid:86) q. q ∈ set qs = ⇒ coprime p q" shows "set (find_consistent_signs_at_roots p qs) =consistent_signs_at_roots p qs" Here, roots defines the set of roots of a polynomial p (non-constructively), i.e., real values x where the polynomial evaluates to 0 ( poly p x = 0 ). Similarly, consistent signs at roots returns the set of all sign vectors for the list of polynomials qs at the roots of p ; sgn vec returns The trivial case where length qs = 0 is also handled for completeness; in this case, the list of consistentsign assignments is empty if p has no real roots, otherwise, it is the singleton list [[]] .
11. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKRthe sign vector for input qs at a real value and ’ is Isabelle/HOL notation for the image of afunction on a set. These definitions are not meant to be computational. Rather, they are used tostate the correctness theorem that the algorithm find consistent signs at roots (and hence calc data ) computes exactly all consistent sign assignments for p and qs for input polynomial p (cid:54) = and polynomial list qs , where every entry in qs is coprime to p .The proof of find consistent signs at roots is by induction on calc data . Specifi-cally, we prove that the following properties (our inductive invariant) are satisfied by the base caseand maintained by both the combination step and the reduction step :1. The signs list is well-defined, i.e., the length of every entry in the signs list is the sameas the length of the corresponding qs . Additionally, all assumptions on S and Σ from the matrix equation theorem from Section 2.3.1 hold. (In particular, the algorithm alwaysmaintains a distinct list of sign assignments that, when viewed as a set, is a superset of allconsistent sign assignments for qs .)2. The matrix M matches the matrix calculated from S and Σ . (Since we do not directly computethe matrix from S and Σ , as defined in Section 2.3.1, we need to verify that our computationskeep track of M correctly.)3. The matrix M is invertible (so M · w = v can be uniquely solved for w ).Some of these properties are easier to verify than others. The well-definedness properties, forexample, are quite straightforward. In contrast, matrix invertibility is more complicated to verify,especially after the reduction step; we will discuss this in more detail in Section 3.2. The inductiveinvariant establishes that we have a superset of the consistent sign assignments throughout theconstruction. This is because the base case and the combination step may include extraneous signassignments. Only the reduction step is guaranteed to produce exactly the set of consistent signassignments. Thus the other main ingredient in our formalization, besides the inductive invariant,is a proof that the reduction step deletes all inconsistent sign assignments. As calc data alwayscalls the reduction step before returning output, calc data returns exactly the set of all consistentsign assignments, as desired. To prove the decision procedure theorem from Section 2.1, we need to establish the correct-ness of find consistent signs . The most interesting part is formalizing the transformationdescribed in Section 2.2. We discuss the steps from Section 2.2 enumerated (1)–(5) below.(1) Our procedure takes an input list of rational polynomials G = [ g , . . . , g k ] and computes a listof their pairwise coprime and squarefree factors Q = [ q , . . . , q n ] . Factorization for a single rational polynomial is formalized in Isabelle/HOL by Divas´on et al. [8]; we slightly modified This is actually overkill: we do not necessarily need to completely factor every polynomial in G to transform G into a set of pairwise coprime factors. BKR suggest a parallel algorithm based on the literature [32] to find a “basisset” of squarefree and pairwise coprime polynomials.
12. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKRtheir proof to find factors for a list of polynomials while still ensuring that the resulting factorsare pairwise coprime which also implies ( (cid:81) i q i ) is squarefree.(2) This step makes n calls to find consistent signs at roots , one for each Q \ { q i } .(3) We choose the polynomial p = ( x − crb ( (cid:81) i q i ))( x + crb ( (cid:81) i q i ))( (cid:81) i q i ) (cid:48) , where crb ( (cid:81) i q i ) isa positive integer with larger magnitude than any real root of (cid:81) i q i . The choice of crb ( (cid:81) i q i ) uses a proof of the Cauchy root bound [1, Section 10.1] by Thiemann and Yamada [30]. Weprove that p satisfies the four properties of step (3) from Section 2.2: i) Since ( (cid:81) i q i ) is squarefree, ( (cid:81) i q i ) (cid:48) is coprime with ( (cid:81) i q i ) and, thus, also coprime witheach of the q i ’s. Because crb ( (cid:81) i q i ) is strictly larger in magnitude than all of the roots ofthe roots of the q i ’s, it follows that p is also coprime with all of the q i ’s. ii) By Rolle’s theorem (which is already formalized in Isabelle/HOL’s standard library), ( (cid:81) i q i ) (cid:48) has a root between every two roots of (cid:81) i q i and therefore p also has a root inevery interval between any two roots of the q i ’s. iii) and iv) This p has roots at − crb ( (cid:81) i q i ) and crb ( (cid:81) i q i ) , which are respectively smallerand greater than all roots of the q i ’s.(4) Each polynomial q i is sign invariant between its roots. Accordingly, the q i ’s are sign invariantbetween the roots of (cid:81) i q i (and to the left/right of all roots of the q i ’s).(5) We use the find consistent signs at roots algorithm with Q and our chosen p .Putting the pieces together, we verify that find consistent signs finds exactly the consis-tent sign assignments for its input polynomials. The decision procedure theorem follows byinduction over the fml type representing formulas of univariate real arithmetic and our formalizedsemantics for those formulas. Matrices feature prominently in our algorithm: the combination step uses the Kronecker prod-uct, while the reduction step requires matrix inversion and an algorithm for finding a basis fromthe rows (or, equivalently, columns) of a matrix. There are a number of linear algebra librariesavailable in Isabelle/HOL [7, 27, 29], each building on a different underlying representation ofmatrices. We use the formalization by Thiemann and Yamada [29]; it provides most of the matrixalgorithms required by our decision procedure and supports efficient code extraction [29, Section1]. Naturally, any such choice leads to tradeoffs; we now detail some challenges of working withthe library and some new results we prove. For differentiable function f : R (cid:55)→ R with f ( a ) = f ( b ) , a < b , there exists a < z < b where f (cid:48) ( z ) = 0 . By the intermediate value theorem (which is already formalized in Isabelle/HOL’s standard library), if q i changessign, e.g., from positive to negative, between two adjacent roots, then there exists a third root in between those adjacentroots, which is a contradiction.
13. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR
We define the Kronecker product for matrices A , B over a ring as follows: definition kronecker_product :: "’a :: ring mat ⇒ ’a mat ⇒ ’a mat" where "kronecker_product A B = (let ra = dim_row A; ca = dim_col A; rb = dim_row B; cb = dim_col B inmat (ra * rb) (ca * cb)( λ (i,j). A $$ (i div rb, j div cb) * B $$ (i mod rb, j mod cb)))" Matrices with entries of type ’a are constructed with mat m n f , where m, n :: nat arethe number of rows and columns of the matrix respectively, and f :: nat × nat ⇒ ’a is suchthat f i j gives the matrix entry at position i , j . Accordingly, M $$ (i,j) extracts the (i,j) -th entry of matrix M , and dim row, dim col return the number of rows and columns of a matrixrespectively.We prove basic properties of the Kronecker product: it is associative, distributes over addition,and satisfies the mixed-product property for matrices A , B , C , D with compatible dimensions (for A* C and
B * D ), i.e., kronecker product (A * C) (B * D) = (kronecker product AB) * (kronecker product C D) .The mixed-product property implies that the Kronecker product of invertible matrices is inverti-ble. Briefly, for invertible matrices A , B with respective inverses A − , B − , the mixed productidentity gives: (kronecker product A B)* (kronecker product A − B − )= kronecker product (A * A − ) (B * B − ) = I where I is the identity matrix. That is, kronecker product A B and kronecker productA − B − are inverses. We use this to prove that the matrix obtained by the combination step isinvertible (part of the inductive hypothesis from Section 3.1.1). Our reduction step makes extensive use of the Gauss-Jordan elimination algorithm by Thiemannand Yamada [31]. First, we use matrix inversion based on Gauss-Jordan elimination to invert thematrix M in the matrix equation (Section 2.3.1 and Step 1 in Fig. 4). We also contribute new proofssurrounding their Gauss-Jordan elimination algorithm in order to use it to extract a basis from therows (equivalently columns) of a matrix (Step 3 in Fig. 4).Suppose that an input matrix A has more rows than columns, e.g., the matrix in Step 2 of Fig. 4.The following definition of rows to keep returns a list of (distinct) row indices of A . definition rows_to_keep:: "(’a::field) mat ⇒ nat list" where "rows_to_keep A = map snd (pivot_positions (gauss_jordan_single (A T )))" Here, gauss jordan single returns the row-reduced echelon form (RREF) of A after Gauss-Jordan elimination and pivot positions finds the positions, i.e., (row, col) pairs, of the firstnonzero entry in each row of the matrix; both are existing definitions from the library by Thiemannand Yamada [31]. Our main new result for rows to keep is:14. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR lemma rows_to_keep_rank: assumes "dim_col A ≤ dim_row A" shows "vec_space.rank (length (rows_to_keep A)) (take_rows A(rows_to_keep A)) = vec_space.rank (dim_row A) A" Here vec space.rank n M (defined by Bentkamp [29]) is the finite dimension of the vectorspace spanned by the columns of M . Thus, the lemma says that keeping only the pivot rows ofmatrix A (with take rows A (rows to keep A) ) preserves the rank of A . At a high level, theproof of rows to keep rank is in three steps:1. First, we prove a version of rows to keep rank for the pivot columns of a matrix andwhere A is assumed to be a matrix in RREF. The RREF assumption for A enables directanalysis of the shape of its pivot columns.2. Next, we lift the result to an arbitrary matrix A , which can always be put into RREF form by gauss jordan single .3. Finally, we formalize the following classical result that column rank is equal to row rank: vec space.rank (dim row A) A = vec space.rank (dim col A) (A T ) . The pre-ceding results for pivot columns are therefore lifted to also work for pivot rows by matrixtransposition (pivot rows of matrix A are the pivot columns of the transpose matrix A T ).To complete the proof of the reduction step, recall that the matrix in Step 2 of Fig. 4 is obtainedby dropping columns of an invertible matrix. The resulting matrix has full column rank but morerows than columns. We show that when A in rows to keep rank has full column rank (its rank is dim col A ) then length (rows to keep A) = dim col A and so the matrix consisting ofpivot rows of A is square, has full rank, and is therefore invertible. We export our decision procedure to Standard ML and tested it on 10 microbenchmarks from [14,Section 8]. While we leave extensive experiments for future work since our implementation isstill unoptimized, we compare the performance of our decision procedure using BKR sign deter-mination (Sections 2.3.2–2.3.4) versus an unverified implementation of an algorithm that naivelyuses the matrix equation (Section 2.3.1). The benchmarks were compiled with mlton and ran onan Ubuntu 18.04 laptop with 16GB RAM and 2.70 GHz Intel Core i7-6820HQ CPU. Results arein Table 1.The most significant bottleneck in our current implementation is the computation of Tarskiqueries N ( p, q ) when solving the matrix equation. Recall for our algorithm (Section 2.3.1) theinput q to N ( p, q ) is a product of (subsets of) polynomials appearing in the inputs. Indeed, Table 1 A technical drawback of our choice of libraries is the locale argument n for vec space . Intuitively (for realmatrices) this carves out subsets of R n to form the vector space spanned by the columns of M . Whereas one wouldusually work with n fixed and implicit within an Isabelle/HOL locale, we pass the argument explicitly here becauseour theorems often need to relate the rank of vector spaces in R m and R n for m (cid:54) = n . This negates some of theautomation benefits of Isabelle/HOL’s locale system.
15. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR
Formula N ( p, q ) (Naive) N ( p, q ) (BKR) Time(Naive) Time(BKR) ex1 4 (12) 3 (1) 20 31 0.003 0.006ex2 5 (6) 7 (1) 576 180 5.780 0.442ex3 4 (22) 5 (22) 112 120 1794.843 1865.313ex4 5 (3) 5 (2) 112 95 0.461 0.261ex5 8 (3) 7 (3) 576 219 28.608 8.333ex6 22 (9) 22 (8) 50331648 - - -ex7 10 (12) 10 (11) 6144 - - -ex1 ∧ ex2 9 (12) 9 (1) 2816 298 317.432 3.027ex1 ∧ ex2 ∧ ex4 13 (12) 12 (2) 28672 555 - 51.347ex1 ∧ ex2 ∧ ex5 16 (12) 14 (3) 131072 826 - 436.575Table 1: Comparison of decision procedures using BKR versus naive sign determination. Allformulas are labeled following [14, Section 8]; formulas with ∧ indicate conjunctions of the listedexamples. Columns: counts the number of distinct polynomials appearing in the formula(maximum degree among polynomials in parentheses), counts the number of distinctfactors from (1) in Section 2.2 (maximum degree among factors in parentheses), N ( p, q ) countsthe number of Tarski queries made by each approach, and Time reports time taken (seconds, 3d.p.) for each decision procedure to run to completion. Cells with - indicate a timeout after 1 hour.shows that the algorithm performs well when the factors have low degrees, e.g., ex1, ex2, ex4,and ex5. Conversely, it performs poorly on problems with many factors and higher degrees, e.g.,ex3, ex6, and ex7. Further, as noted in experiments by Li and Paulson [16], the Sturm-Tarski theo-rem in Isabelle/HOL currently uses a straightforward method for computing remainder sequenceswhich can also lead to significant (exponential) blowup in the bitsize of rational coefficients of theinvolved polynomials. This is especially apparent for ex6 and ex7, which have large polynomialdegrees and high coefficient complexity; these time out without completing even a single Tarskiquery. From Table 1, the BKR approach successfully reduces the number of Tarski queries as thenumber of input factors grows—the number of queries for BKR is dependent on the polynomialdegrees and the number of consistent sign assignments, while the naive approach always requiresexactly ( n + 1)2 n queries for n factors (which are reported in Table 1 whether completed or not).On the other hand, there is some overhead for smaller problems, e.g., ex1, ex3, that arises from therecursion in BKR.An important future step is to avoid coefficient growth, e.g., by using pseudo division [20,Section 3] or more advanced techniques: for example, using subresultants to compute polynomialGCDs (and thereby build the remainder sequences) [9]. The pseudo division method has beenformalized in Isabelle/HOL [14] but it is not yet available on the AFP.16. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR The ultimate intent for this formalization is to serve as the basis for an extension to the multivariatecase.The main part of the univariate construction that must be adapted for multivariate polynomialsis the computation of Tarski queries. In the univariate case, this is accomplished with remaindersequences per the following (standard) result:
Theorem 1. [Generalized Sturm’s theorem [25, Proposition 8.1]] Given coprime univariate poly-nomials p , q with p (cid:54) = 0 , form the Euclidean remainder sequence p = p , p = p (cid:48) q , and p i is thenegated remainder of p i − divided by p i − for i ≥ . This terminates at some p k +1 = 0 becausethe remainder has lower degree than the divisor at every step. Let a i be the leading coefficient of p i for ≤ i ≤ k . Consider the two sequences a , . . . , a k and ( − deg p a , · · · , ( − deg p k a k . If S + ( p, q ) is the number of sign changes in a , . . . , a k and S − ( p, q ) is the number of sign changes in ( − deg p a , · · · , ( − deg p k a k , then N ( p, q ) = S − ( p, q ) − S + ( p, q ) . Following the idea of BKR, we intend to treat multivariate polynomials in n variables as uni-variate polynomials (whose coefficients are polynomials in n − variables) and so compute re-mainder sequences of polynomials with attention to a single variable. These remainder sequenceswill be sequences of polynomials in n − variables rather than integers, but we only need to knowthe signs of those polynomials (rather than their values). That reduces the problem of sign deter-mination for polynomials in n variables to a sign determination problem for polynomials in n − variables. In this way we intend to successively reduce multivariate computations to a series of(already formalized) univariate computations.This intuition can be captured by the following concrete example. Consider p = x y + 1 and q = xy + 1 . Suppose we choose to first eliminate y . If x is 0, then the analysis for the remaining p = q = 1 is simple. Otherwise, both x and x are nonzero. Now, we calculate the remaindersequence from Theorem 1: p = x y + 1 , p = x y + x , and p = − (1 − x ) . To find p , wecalculate x y + 1 = x ( x y + x ) + (1 − x ) , where x is well-defined since x (cid:54) = 0 .The leading coefficients of p , p , and p as polynomials in y are a = x , a = x , and a = − (1 − x ) . Here, we must use our univariate algorithm to fix some consistent sign assignment in x onthe a i ’s, taking into account our earlier stipulation that x and x are nonzero. Say that we choose,for example, x positive, x positive, and − (1 − x ) negative. (A full QE procedure would need toconsider all possible consistent sign assignments.) Because of our chosen sign assignment, a ispositive, a is positive, and a is negative. Still following Theorem 1, S + ( p, q ) = 1 and S − ( p, q ) =0 . The Tarski query N ( { } ) is then computed as N ( { } ) = N ( p, q ) = S − ( p, q ) − S + ( p, q ) = − .If we wish to find the signs of q at the roots of p , we can use this way of computing Tarskiqueries to build the matrix equation for p and q . Computing N ( {} ) = 1 , and following the methodof the base case (in which the candidate signs list is [[+1] , [ − ), we find: (cid:18) − (cid:19) (cid:18) (cid:19) = (cid:18) − (cid:19) This means that − is the only consistent sign assignment for q at the zeros of p , given our as-
17. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR sumptions that x is positive and − (1 − x ) is negative . Thus, − is a consistent sign assignmentfor q at the roots of p . To find the other consistent sign assignments, we repeat this process with allother consistent choices for the signs of x and a , a , a . Our work fits into the larger body of formalized univariate decision procedures. Most closelyrelated are Li et al. ’s formalization of a CAD-based univariate QE procedure in Isabelle/HOL [14]and the tarski univariate QE strategy formalized in PVS [20]. We discuss each in turn.Our work is fundamentally different from [14], because CAD and BKR differ fundamentally.Univariate CAD decomposes R into a set of sign-invariant regions, so that every polynomial ofinterest has constant sign within each region. A real algebraic sample point is chosen from everyregion, so the set of sample points captures all of the relevant information about the signs of thepolynomials of interest for the entirety of R . BKR (and Renegar) take a more indirect approach,relying on consistent sign assignments which merely indicate the existence of points with suchsigns. Consequently, though CAD will be faster in the average case, BKR and CAD have differentstrengths and weaknesses. For example, CAD works best on full-dimensional decision problemsas in [17], where only rational sample points are needed (this allows faster computation than thecomputationally expensive real algebraic numbers that general CAD depends on). BKR does notneed sample points and avoids computing with real algebraic numbers. However, the procedure of[14] is already highly optimized and designed to run quickly within Isabelle; our procedure is notcurrently optimized and will not run quickly within Isabelle (which is why we export our algorithmto SML code).The Sturm-Tarski theorem is also invoked [14, Section 5] to decide the sign of a univariate poly-nomial at a point (using only rational arithmetic). (This was later extended to bivariate polynomialsin [15].) This is theoretically similar to our procedure to find the consistent sign assignments for q , . . . , q n at the roots of p , as both rely on the mathematical properties of Sturm-Tarski; however,for example, we do not require isolating the real roots of p within intervals, whereas such isola-tion predicates their computations. This difference reflects our different goals: theirs is to encodealgebraic numbers in Isabelle/HOL, ours is to perform full sign-determination with BKR.PVS uses Tarski queries and a version of the matrix equation to solve univariate decision prob-lems [20]. Unlike our work, tarski has already been optimized in significant ways; for example, tarski computes Tarski queries with pseudo divisions. However, tarski does not maintain a reduced matrix equation as our work does. Further, tarski was designed to solve existentialconjunctive formulas, requiring DNF transformations otherwise [6]. We can check this as follows. Given our assumption that x (cid:54) = 0 , the only root of p is − x . Plugging this into q ,we obtain x ( − x ) + 1 = − x + 1 . Because x is assumed to be positive, the sign of − x + 1 is the same as the sign of x ( − x + 1) = − x = − (1 − x ) , which we have assumed to be negative.
18. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR
This paper describes how we have verified the correctness of a decision procedure for univariatereal arithmetic in Isabelle/HOL. To the best of our knowledge, this is the first formalization ofBKR’s key insight [2, 25] for recursively exploiting the matrix equation. Our formalization laysthe groundwork for several future directions, including:1. Optimizing the current formalization and adding parallelism.2. Proving that the univariate sign determination problem is decidable in NC [2, 25] and othercomplexity-theoretic results. This (ambitious) project would require developing a complex-ity framework that is compatible with all of the libraries we use.3. Verifying a multivariate sign-determination algorithm and decision procedure based on BKR.As mentioned previously, multivariate BKR has an error in its complexity analysis; variantsof decision procedures for FOL R based on BKR’s insight that attempt to mitigate this errorcould eventually be formalized for useful points of comparison. Two of particular interestare that of Renegar [25], who develops a full QE algorithm, and that of Canny [3], in whichcoefficients can involve some more general terms, like transcendental functions. Acknowledgments
We would very much like to thank Brandon Bohrer, Fabian Immler, and Wenda Li for usefuldiscussions about Isabelle/HOL and its libraries. Thank you also to Magnus Myreen for usefulfeedback on the paper.This material is based upon work supported by the National Science Foundation GraduateResearch Fellowship under Grants Nos. DGE1252522 and DGE1745016. Any opinions, findings,and conclusions or recommendations expressed in this material are those of the authors and do notnecessarily reflect the views of the National Science Foundation. This research was also sponsoredby the National Science Foundation under Grant No. CNS-1739629, the AFOSR under grantnumber FA9550-16-1-0288, and A*STAR, Singapore. The views and conclusions contained inthis document are those of the authors and should not be interpreted as representing the officialpolicies, either expressed or implied, of any sponsoring institution, the U.S. government or anyother entity.
References [1] Saugata Basu, Richard Pollack, and Marie-Franc¸oise Roy.
Algorithms in Real Alge-braic Geometry . Springer, Berlin, Heidelberg, second edition, 2006. doi:10.1007/3-540-33099-2 .[2] Michael Ben-Or, Dexter Kozen, and John H. Reif. The complexity of elementary algebra andgeometry.
J. Comput. Syst. Sci. , 32(2):251–264, 1986. doi:10.1016/0022-0000(86)90029-2 . 19. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR[3] John F. Canny. Improved algorithms for sign determination and existential quantifier elimi-nation.
Comput. J. , 36(5):409–418, 1993. doi:10.1093/comjnl/36.5.409 .[4] Cyril Cohen and Assia Mahboubi. Formal proofs in real algebraic geometry: from orderedfields to quantifier elimination.
Log. Methods Comput. Sci. , 8(1), 2012. doi:10.2168/LMCS-8(1:2)2012 .[5] George E. Collins. Quantifier elimination for real closed fields by cylindrical algebraic de-composition. In H. Barkhage, editor,
Automata Theory and Formal Languages , volume 33 of
LNCS , pages 134–183. Springer, 1975. doi:10.1007/3-540-07407-4_17 .[6] Katherine Cordwell, C´esar A. Mu ˜noz, and Aaron Dutle. Improving automated strategies forunivariate quantifier elimination. Technical report, NASA, 2021.[7] Jose Divas´on and Jes´us Aransay. Rank-nullity theorem in linear algebra.
Archive ofFormal Proofs , January 2013. https://isa-afp.org/entries/Rank_Nullity_Theorem.html , Formal proof development.[8] Jose Divas´on, Sebastiaan J. C. Joosten, Ren´e Thiemann, and Akihisa Yamada. A formal-ization of the Berlekamp-Zassenhaus factorization algorithm. In Yves Bertot and ViktorVafeiadis, editors,
CPP , pages 17–29. ACM, 2017. doi:10.1145/3018610.3018617 .[9] Lionel Ducos. Optimizations of the subresultant algorithm.
J. Pure Appl. Algebra ,145(2):149–163, 2000. doi:10.1016/S0022-4049(98)00081-4 .[10] Thomas Hales, Mark Adams, Gertrud Bauer, Tat Dat Dang, John Harrison, Hoang Le Truong,Cezary Kaliszyk, Victor Magron, Sean McLaughlin, Tat Thang Nguyen, et al. A formal proofof the Kepler conjecture.
Forum of Mathematics, Pi , 5:e2, 2017. doi:10.1017/fmp.2017.1 .[11] John Harrison. Floating-point verification using theorem proving. In Marco Bernardo andAlessandro Cimatti, editors,
SFM , volume 3965 of
LNCS , pages 211–242. Springer, 2006. doi:10.1007/11757283_8 .[12] John Harrison. Verifying nonlinear real formulas via sums of squares. In Klaus Schneiderand Jens Brandt, editors,
TPHOLs , volume 4732 of
LNCS , pages 102–118. Springer, 2007. doi:10.1007/978-3-540-74591-4_9 .[13] Wenda Li. The Sturm-Tarski theorem.
Archive of Formal Proofs , September 2014. http://isa-afp.org/entries/Sturm_Tarski.html , Formal proof development.[14] Wenda Li, Grant Olney Passmore, and Lawrence C. Paulson. Deciding univariate polynomialproblems using untrusted certificates in Isabelle/HOL.
J. Autom. Reason. , 62(1):69–91, 2019. doi:10.1007/s10817-017-9424-6 .[15] Wenda Li and Lawrence C. Paulson. A modular, efficient formalisation of real algebraicnumbers. In Jeremy Avigad and Adam Chlipala, editors,
CPP , pages 66–75. ACM, 2016. doi:10.1145/2854065.2854074 .[16] Wenda Li and Lawrence C. Paulson. Counting polynomial roots in Isabelle/HOL: A formalproof of the Budan-Fourier theorem. In
CPP , page 52–64, New York, NY, USA, 2019. ACM. doi:10.1145/3293880.3294092 . 20. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR[17] Scott McCallum. Solving polynomial strict inequalities using cylindrical algebraic decom-position.
Comput. J. , 36(5):432–438, 1993. doi:10.1093/comjnl/36.5.432 .[18] Sean McLaughlin and John Harrison. A proof-producing decision procedure for real arith-metic. In Robert Nieuwenhuis, editor,
CADE , volume 3632 of
LNCS , pages 295–314.Springer, 2005. doi:10.1007/11532231_22 .[19] C´esar A. Mu ˜noz, Anthony J. Narkawicz, and Aaron Dutle. A decision procedure for univari-ate polynomial systems based on root counting and interval subdivision.
J. Formaliz. Reason. ,11(1):19–41, 2018. doi:10.6092/issn.1972-5787/8212 .[20] Anthony Narkawicz, C´esar A. Mu ˜noz, and Aaron Dutle. Formally-verified decision pro-cedures for univariate polynomial computation based on Sturm’s and Tarski’s theorems.
J.Autom. Reason. , 54(4):285–326, 2015. doi:10.1007/s10817-015-9320-x .[21] Tobias Nipkow. Linear quantifier elimination.
J. Autom. Reason. , 45(2):189–212, 2010. doi:10.1007/s10817-010-9183-0 .[22] Tobias Nipkow, Lawrence C. Paulson, and Markus Wenzel.
Isabelle/HOL - A Proof Assis-tant for Higher-Order Logic , volume 2283 of
LNCS . Springer, 2002. doi:10.1007/3-540-45949-9 .[23] Andr´e Platzer.
Logical Foundations of Cyber-Physical Systems . Springer, Cham, 2018. doi:10.1007/978-3-319-63588-0 .[24] Andr´e Platzer, Jan-David Quesel, and Philipp R ¨ummer. Real world verification. In Renate A.Schmidt, editor,
CADE , volume 5663 of
LNCS , pages 485–501. Springer, 2009. doi:10.1007/978-3-642-02959-2_35 .[25] James Renegar. On the computational complexity and geometry of the first-order theory ofthe reals, part III: quantifier elimination.
J. Symb. Comput. , 13(3):329–352, 1992. doi:10.1016/S0747-7171(10)80005-7 .[26] Alexey Solovyev. Formal computations and methods. January 2013. URL: http://d-scholarship.pitt.edu/16721/ .[27] Christian Sternagel and Ren´e Thiemann. Executable matrix operations on matrices of ar-bitrary dimensions.
Archive of Formal Proofs , June 2010. https://isa-afp.org/entries/Matrix.html , Formal proof development.[28] Alfred Tarski.
A Decision Method for Elementary Algebra and Geometry . RAND Cor-poration, Santa Monica, CA, 1951. Prepared for publication with the assistance of J.C.C.McKinsey.[29] Ren´e Thiemann and Akihisa Yamada. Matrices, Jordan normal forms, and spectral radiustheory.
Archive of Formal Proofs , August 2015. https://isa-afp.org/entries/Jordan_Normal_Form.html , Formal proof development.[30] Ren´e Thiemann, Akihisa Yamada, and Sebastiaan Joosten. Algebraic numbers in Is-abelle/HOL.
Archive of Formal Proofs , December 2015. https://isa-afp.org/entries/Algebraic_Numbers.html , Formal proof development.21. Cordwell, Y. K. Tan, A. Platzer Verified Univariate BKR[31] Ren´e Thiemann and Akihisa Yamada. Formalizing Jordan normal forms in Isabelle/HOL.In Jeremy Avigad and Adam Chlipala, editors,
CPP , pages 88–99. ACM, 2016. doi:10.1145/2854065.2854073 .[32] Joachim von zur Gathen. Parallel algorithms for algebraic problems.
SIAM J. Comput. ,13(4):802–824, 1984. doi:10.1137/0213050doi:10.1137/0213050