Keywords

figure a
figure b

1 Introduction

With recent advancements in optimization theory and computational techniques, Cyber-Physical Systems (CPS), which involve the seamless integration of physical components and software systems, have proliferated across various application domains. A significant subset of CPS, known as safety-critical systems, presents a heightened level of concern. Failures or malfunctions in such systems can lead to severe safety risks for individuals and the environment. Examples of safety-critical CPS include aircraft, automobiles, integrated medical devices, nuclear power plants, and biological systems. As a result, ensuring the safety of these systems has become a primary focus of extensive academic research.

One of the key challenges in CPS verification is the safety problem (or dually, the reachability problem), i.e., to demonstrate that a system, starting from its initial states, never enters an unsafe region. In general, the safety problem of CPS is undecidable [16]. The most challenging aspect of such problem lies in reasoning about the continuous dynamics, which are typically described by ordinary differential equations (ODEs).

Deductive verification, derived from Hoare-style program verification [17], offers a method to verify safety without directly computing the reachable set. At the core of deductive verification lies the synthesis of differential invariants [24, 28], which extend the concept of inductive invariants to the continuous-time domain. Specifically, a differential invariant is a set of states from which any trajectories starting from it can never escape. With a priori specified template, the invariant generation problem boils down to solving the constraints encoding the invariant condition. When all involved constraints are polynomial, the problem is decidable but has time complexity doubly exponential in the number of variables [24], according to Tarski’s theorem [39] and the complexity for the quantifier elimination procedure [9]. Consequently, considerable efforts have been dedicated to identifying differential invariants that allow for efficient synthesis.

In their seminal work [29], Prajna and Jadbabaie introduced the concept of barrier certificates as witnesses to safety. Namely, a barrier certificate is a real-valued function whose zero sub-level set serves as a differential invariant, separating the set of initial states and the unsafe region. It is important to note that, for the purpose of efficient synthesis, the barrier certificate condition strengthens the general condition of differential invariants. Since then, various definitions of barrier certificates have been proposed, aiming to relax the original barrier certificate conditions while still allowing for efficient synthesis. Examples of such definitions include exponential-type barrier certificates [21], Darboux-type barrier certificates [45], general convex barrier certificates [8] and vector barrier certificates [37], and invariant barrier certificates [41]. Moreover, similar notions of barrier certificates have been developed for verification problems that involve control inputs [2, 44], disturbances [42], stochastic dynamics [11, 18, 20, 30], and temporal logic specifications [25, 43]. These extensions broaden the applicability of barrier certificates in various domains. Recently, there are also works aim at generalizing the notion of k-inductiveness for safety verification, leading to the definitions of t-barrier certificates [6] and k-inductive barrier certificates [3, 4].

Sum-of-squares optimization is a well-established computational technique for synthesizing barrier certificates and has been employed in most of the works mentioned above. Typically, the barrier certificate conditions are first encoded into constraints involving sum-of-squares polynomials. These constraints are then translated into SDP and solved by numerical solvers. In scenarios where the domains are bounded, one can choose to rely on either a sound characterization or a complete characterization to encode the conditions. The differences between these two characterizations are often overlooked, as their formulations are quite similar. However, when dealing with systems defined over unbounded domains, the sound characterization tends to be conservative while the complete characterization can not be utilized due to the violation of the Archimedean condition in Putinar’s Positivstellensatz. In such unbounded cases, existing methods solely rely on the sound characterization, potentially leading to conservative results.

Besides sum-of-squares optimization, much effort have been devoted to incorporate other numerical methods for solving the obtained constraints, for instance, interval arithmetic [10, 12, 13], linear programming [35], and data-driven approaches [1, 27, 33, 46, 47].

Contributions. Our main contributions are threefold:

  1. 1.

    We explicitly clarify the connection between the soundness and the completeness of the sum-of-squares characterization of barrier certificates, which is mostly overlooked in existing works. This can be considered as a minor contribution. (See Sect. 3)

  2. 2.

    We utilize the homogenization technique from [19] to derive the first complete sum-of-squares characterization of polynomial barrier certificates over unbounded domains. (See Sect. 4)

  3. 3.

    We introduce the definition of homogenized systems and consider a specific class of non-polynomial barrier certificates with more expressive power. We also propose a complete sum-of-squares characterization for this class of non-polynomial barrier certificates. (See Sect. 5)

Finally, we implement algorithms for synthesizing barrier certificates based on the existing incomplete characterization and our two novel complete characterizations. These algorithms are tested over a set of benchmarks with unbounded domains adapted from the literature. Experimental results demonstrate that the two complete characterizations are more expressive while maintaining a comparable level of efficiency. (See Sect. 6)

Organization. The rest of this paper is organized as follows: Sect. 2 introduces algebraic tools that will be used. Section 3 formulates the barrier certificate synthesis problems and explains the connection between the sound and the complete characterization in the bounded case. Section 4 proposes the first complete characterization of polynomial barrier certificates over unbounded domains. Section 5 introduces the definition of homogenized systems and extends the results to a class of non-polynomial barrier certificates. Finally, Sect. 6 reports the experimental results and Sect. 7 concludes the paper.

2 Preliminaries

In this section, we fix basic notations and introduce necessary concepts concerning sum-of-squares optimization. For interested readers, we recommend [7, 23] for a detailed treatment of this topic.

Basic Notations. Let \(\mathbb {N}\), \(\mathbb {R}\), \(\mathbb {R}_{\ge 0}\), and \(\mathbb {R}_{>0}\) denote the set of all natural numbers, the set of reals, non-negative real numbers and the set of positive real numbers, respectively. The set of continuously differentiable functions over \(\mathbb {R}^n\) is denoted by \(\mathcal {C}^1(\mathbb {R}^n)\). By convention, we use boldface letters to denote vectors and vector-valued functions, e.g., \(\boldsymbol{x}=(x_1,\dots ,x_n)\) denotes a state variable and \(\boldsymbol{f}=(f_1,\dots ,f_n)\) denotes a vector field. For vectors \(\boldsymbol{x}, \boldsymbol{y}\in \mathbb {R}^n\), represents the inner product of \(\boldsymbol{x}\) and \(\boldsymbol{y}\), and denotes the standard Euclidean norm.

Let \(\mathbb {R}[\boldsymbol{x}]\) denote the set of polynomials in variables \(\boldsymbol{x}\) with real coefficients. A basic semialgebraic set \(\mathcal {K}\subseteq \mathbb R^n\) is of the form \( \left\{ \boldsymbol{x}\in \mathbb {R}^n \mid p_1(\boldsymbol{x}) \triangleright 0, \dots , p_m(\boldsymbol{x}) \triangleright 0 \right\} \), where \(p_i(\boldsymbol{x}) \in \mathbb {R}[\boldsymbol{x}]\) and \(\triangleright \in \{\ge , >\}\). An equality \(p(\boldsymbol{x})=0\) can be represented by two inequalities \(p(\boldsymbol{x}) \ge 0\) and \(-p(\boldsymbol{x})\ge 0\). A basic semialgebraic set is considered closed when its defining polynomials contain only non-strict inequalities. Semialgebraic sets are formed as unions of basic semialgebraic sets. i.e., \(\bigcup _{i=1}^{n} \mathcal {K}_i\), where each \(\mathcal {K}_i\) is a basic semialgebraic set.

Sum-of-Squares Polynomials. Given \(S\subseteq \mathbb {R}^n\), we say \(p(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) is nonnegative (resp. strictly positive) over S if \(p(\boldsymbol{x})\ge 0\) (resp. \(p(\boldsymbol{x})> 0\)) for any \(\boldsymbol{x}\in S\). Sum-of-squares (SOS) polynomials are an important subset of globally nonnegative polynomials over \(\mathbb {R}^n\). A polynomial \(p(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) is said to be a sum-of-squares polynomial if it can be expressed as \(p(\boldsymbol{x})=\sum _{i=1}^m p_i(\boldsymbol{x})^2\), where \(p_i(\boldsymbol{x})\in \mathbb R[\boldsymbol{x}]\) for each i. We use \(\varSigma [\boldsymbol{x}]\) to denote the set of SOS polynomials in variables \(\boldsymbol{x}\).

Putinar’s Theorem. Given polynomials \(p_1,\dots ,p_m\in \mathbb {R}[\boldsymbol{x}]\). Let \(\mathcal K\) be a closed basic semialgebraic set described by

(1)

The set of polynomials

figure e

is called the quadratic module generated by \(p_1,\dots ,p_m\). A quadratic module \({\textbf {QM}}\) is Archimedean, or satisfies the Archimedean condition, if \(N - \Vert \boldsymbol{x} \Vert ^2 \in {\textbf {QM}}\) for some constant \(N \in \mathbb {N}\). Since a sum-of-squares polynomial \(\sigma (\boldsymbol{x})\in \varSigma [\boldsymbol{x}]\) is nonnegative over \(\mathbb {R}^n\), the following result trivially holds.

Proposition 1

Given \(\mathcal K\) as defined in Eq. (1), then

$$\begin{aligned} f(\boldsymbol{x})\in {\textbf {QM}}(p_1,\dots ,p_m) \implies f(\boldsymbol{x})\ge 0 \text { over } \mathcal K. \end{aligned}$$

An important result in real algebraic geometry is Putinar’s Positivstellensatz, which states that, under the Archimedean condition, the quadratic module \({\textbf {QM}}(p_1,\dots ,p_m)\) contains all polynomials strictly positive over \(\mathcal K\).

Theorem 1

(Putinar’s Positivstellensatz [23, 31]). Given \(\mathcal K\) as defined in Eq. (1) and a polynomial \(f\in \mathbb R[\boldsymbol{x}]\), if \({\textbf {QM}}(p_1,\dots ,p_m)\) is Archimedean, then

$$\begin{aligned} f(\boldsymbol{x})> 0 \text { over } \mathcal K \implies f(\boldsymbol{x})\in {\textbf {QM}}(p_1,\dots ,p_m). \end{aligned}$$

Here, the condition “\({\textbf {QM}}(p_1,\dots ,p_m)\) is Archimedean” can be intuitively understood as \(\mathcal K\) in Eq. (1) is bounded. In one direction, if \({\textbf {QM}}(p_1,\dots ,p_m)\) is Archimedean, by Proposition 1, we have \(N-\Vert \boldsymbol{x}\Vert ^2\ge 0\) over \(\mathcal K\), hence \(\mathcal {K}\) is bounded. In the other direction, when \(\mathcal {K}\) is bounded within a ball \(\{\boldsymbol{x}\in \mathbb {R}^n \mid N- \Vert \boldsymbol{x} \Vert ^2\ge 0\}\), then we can assume a redundant constraint \(p_{m+1}=N- \Vert \boldsymbol{x} \Vert ^2\) and the new quadratic module \({\textbf {QM}}(p_1,\dots ,p_m,p_{m+1})\) is Archimedean. In general, note that Proposition 1 does not necessarily imply that \(\mathcal {K}\) is bounded.

3 Problem Formulation

In this section, we formally define the barrier certificate synthesis problem of interest, and discuss the relation between the sound and the complete sum-of-squares characterization of polynomial barrier certificates over bounded domains. The majority of the existing literature, such as [8, 21, 29, 37], primarily focus on the sound characterization. As far as we are aware, the complete characterization is only mentioned in [41]. Subsequently, we clarify the connection between these two characterizations, which can be considered as a minor contribution.

Differential Dynamical Systems. We consider a class of dynamical systems featuring differential dynamics governed by ordinary differential equations (ODEs) of autonomous type:

$$\begin{aligned} \dot{ \boldsymbol{x}} = \boldsymbol{f} (\boldsymbol{x}) \end{aligned}$$
(2)

where \(\boldsymbol{x}\in \mathbb {R}^n\) is the state vector, \(\dot{\boldsymbol{x}}\) denotes its temporal derivative dx/dt, and \(\boldsymbol{f}:\mathbb {R}^n\rightarrow \mathbb {R}^n\) is a polynomial vector field, i.e., each component \(f_i\) of \(\boldsymbol{f}\) is a polynomial. Since a polynomial vector field is locally Lipschitz continuous, ODE (2) admits an unique solution (or trajectory), denoted as \(\xi _{\boldsymbol{x}_0}: \mathbb {R}_{\ge 0} \rightarrow \mathbb {R}^n\), from any initial state \(\boldsymbol{x}_0\in \mathbb {R}^n\), such that (1) \(\xi _{\boldsymbol{x}_0}(0)=\boldsymbol{x}_0\) (2) for any \(t'\in \mathbb {R}_{\ge 0}\), \(\frac{\mathrm d \xi _{\boldsymbol{x}_0}}{\mathrm d t}\big \vert _{t=t'} = \boldsymbol{f}(\xi _{\boldsymbol{x}_0}(t')).\)

Safety Verification Problems. Given dynamical system Eq. (2) with domain \(\mathcal {X}\subseteq \mathbb {R}^n\), initial set \(\mathcal {I}\subset \mathcal {X}\), and unsafe set \(\mathcal {U}\subset \mathcal {X}\), the safety verification problem asks whether \(\mathcal {U}\) is reachable from any state in \(\mathcal {I}\) within \(\mathcal {X}\). Formally, let \(\mathcal {R}\) denote the reachable set,

figure f

where we assume that a trajectory will never leave the domain. The system is said to be safe if \(\mathcal {U}\cap \mathcal {R}=\emptyset \), and unsafe otherwise.

In this paper, we restrict our focus to the case when \(\mathcal {X}\), \(\mathcal {I}\), and \(\mathcal {U}\) are closed basic semialgebraic sets described by

figure g

Invariants. A differential invariant is a subset \(\varPhi \subseteq \mathcal {X}\) such that any trajectory starting from \(\varPhi \) stays within \(\varPhi \) forever, i.e.,

$$\begin{aligned} \forall \boldsymbol{x}_0 \in \varPhi , \forall t\in \mathbb {R}_{\ge 0}.~\xi _{\boldsymbol{x}_0}(t)\in \varPhi . \end{aligned}$$

Utilizing this concept, we can verify the safety of a system without explicitly computing the reachable set, which is typically intractable for the majority of nonlinear systems. The idea therein is to find a differential invariant \(\varPhi \subseteq \mathcal {X}\) such that \(\mathcal {I}\subseteq \varPhi \) and \(\mathcal {U}\subseteq \mathcal {X}\backslash \varPhi \). According to the definition, the differential invariant \(\varPhi \) serves as an over-approximation of the reachable set \(\mathcal {R}\), thereby substantiating safety of the system.

Barrier Certificates. Barrier certificates encapsulate the conditions requisite for a zero sub-level set of the form \( \left\{ \boldsymbol{x}\in \mathbb {R}^n \mid B(\boldsymbol{x})\le 0 \right\} \) to become a differential invariant, where \(B\in \mathcal {C}^1(\mathbb {R}^n)\). For the ease of explanation, we focus on exponential-type barrier certificates and refer to them as barrier certificates for simplicity. The technique presented in this paper can be readily extended to other types of barrier certificates [8, 37, 41] and hybrid systems (systems containing discrete transitions and continuous evolution) [29].

Theorem 2

(Exponential-type Barrier Certificates, Modified from [21]). Given the system (2) with sets \(\mathcal {X}\)\(\mathcal {I}\), and \(\mathcal {U}\). For any \(\lambda \in \mathbb {R}\), the system is safe if there exists an exponential-type barrier certificate, namely a real-valued function \(B(\boldsymbol{x})\in \mathcal C^1(\mathbb {R}^n)\) satisfying the following conditions

$$\begin{aligned} &\forall \boldsymbol{x}\in \mathcal {I}.~B(\boldsymbol{x})\le 0, \end{aligned}$$
(3)
$$\begin{aligned} &\forall \boldsymbol{x}\in \mathcal {U}.~B(\boldsymbol{x}) \ge \epsilon _e, \end{aligned}$$
(4)
$$\begin{aligned} &\forall \boldsymbol{x}\in \mathcal {X}.~\mathfrak L_{\boldsymbol{f}} B(\boldsymbol{x}) - \lambda B(\boldsymbol{x})\le 0, \end{aligned}$$
(5)

for some real constant \(\epsilon _e\in \mathbb {R}_{>0}\), where is the Lie derivative of \(p(\boldsymbol{x})\) over the vector filed \(\boldsymbol{f}\).

The difference between our Theorem 2 and its original formulation in [21] lies in Eq. (4), which was written as

figure i

When the unsafe region \(\mathcal {U}\) is bounded (compact), the two condition Eq. (4) and Eq. (4’) coincide, as a continuous function over a compact set always attains a minimum. However, when \(\mathcal {U}\) is unbounded, our formulation is stricter in the sense that \(\mathcal {I}\) and \(\mathcal {U}\) can not be arbitrarily close, otherwise we would be unable to distinguish between them, as shown in the following Exmp. 1. In theory, \(\epsilon _e\) can be any real constant in \(\mathbb {R}_{>0}\), and the corresponding \(B(\boldsymbol{x})\) will be equivalent up to a constant factor.

Example 1

Consider a system \(\boldsymbol{f}(x_1,x_2)=(x_1, 0)\) with \(\mathcal {X}=\mathbb {R}^2\), \(\mathcal {I}=\{(x_1,x_2)\mid x_1x_2+1\le 0, x_1\le 0\}\), and \(\mathcal {U}=\{(x_1,x_2)\mid x_1x_2-1\ge 0, x_1\ge 0\}\). The function \(B(x_1,x_2)=x_1\) is not a valid barrier certificate according to our definition, as the condition Eq. (4) is not satisfiable for any \(\epsilon _e>0\) (though when \(\epsilon _e=0\) Eq. (4’) is satisfied). In other words, the sets \(\mathcal {I}\) and \(\mathcal {U}\) are indistinguishable in practice when \(x_2\) goes to infinity, and our Theorem 2 rules out such cases.

To ensure computational tractability, the barrier certificate \(B(\boldsymbol{x})\) is commonly constrained to polynomial forms. One of the prevailing computational methods for synthesizing \(B(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) is based on the sum-of-squares optimization. Now we present the sound and complete sum-of-squares characterizations of polynomial barrier certificate over bounded domains.

Theorem 3

(Bounded Case). Let \(\mathcal {X}\), \(\mathcal {I}\), and \(\mathcal {U}\) be bounded, i.e., the corresponding quadratic module is Archimedean. Given \(\lambda \in \mathbb {R}\) and \(\epsilon _e\in \mathbb {R}_{>0}\), consider the following constraints with parameter \(\epsilon \),

$$\begin{aligned} \begin{aligned} & -B(\boldsymbol{x})+\epsilon = \sigma _0^\mathcal {I}+ \sum _{i=1}^{m_i} g_i^\mathcal {I}(\boldsymbol{x})\sigma _i^\mathcal {I}\\ & B(\boldsymbol{x}) - \epsilon _e + \epsilon = \sigma _0^\mathcal {U}+ \sum _{i=1}^{m_u} g_i^\mathcal {U}(\boldsymbol{x})\sigma _i^\mathcal {U}\\ & \lambda B(\boldsymbol{x}) - \mathfrak L_{\boldsymbol{f}} B(\boldsymbol{x}) +\epsilon = \sigma _0^\mathcal {X}+ \sum _{i=1}^{m_x} g_i^\mathcal {X}(\boldsymbol{x})\sigma _i^\mathcal {X}\\ &\sigma _0^\mathcal {I},\dots , \sigma _{m_i}^\mathcal {I}, \sigma _0^\mathcal {U},\dots , \sigma _{m_u}^\mathcal {U}, \sigma _0^\mathcal {X},\dots , \sigma _{m_x}^\mathcal {X}\in \varSigma [\boldsymbol{x}]. \end{aligned} \end{aligned}$$
(6)

When \(\epsilon =0\), Eq. (6) gives a sound characterization of polynomial barrier certificates, i.e., any solution \(B(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) to the above constraints is a barrier certificate. When \(\epsilon >0\), Eq. (6) gives a complete characterization of polynomial barrier certificates, i.e., any barrier certificate \(B(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) satisfies Eq. (6).

Proof

Proposition 1 and Theorem 1 entail soundness and completeness, respectively.    \(\square \)

In fact, in most practical cases, Eq. (6) with \(\epsilon =0\) can be viewed as a sound and complete characterization. In this situation, completeness follows from the so-called “finite convergence property” of Theorem 1, which requires the underlying basic semialgebraic sets \(\mathcal {X}\), \(\mathcal {I}\), and \(\mathcal {U}\) to satisfy some side conditions that are generally true [26]. For now, we do not go deep into these details and just consider that soundness and completeness are dependent on the parameter \(\epsilon \).

Unfortunately, when the domain \(\mathcal {X}\) becomes unbounded, Eq. (6) with \(\epsilon >0\) is no longer a complete characterization due to the violation of the Archimedean condition, while the \(\epsilon =0\) case is still sound. Consequently, we can solely rely on the sound characterization to synthesize barrier certificates, which may fail to identify potential solutions as in the following example. So the problem considered in this paper is, can we derive a complete characterization similar to Eq. (6) for the unbounded cases?

Example 2

Consider an 1-dimensional system \(f(x_1)=x_1\) with \(\mathcal {X}= \mathbb {R}\), \(\mathcal {I}=\{x_1\mid x_1^3\ge 0\}\), and \(\mathcal {U}=\{x_1\mid x_1+1\le 0 \}\), then \(B(x_1)=-x_1\) is a barrier certificate but is not a solution to Eq. (6) with \(\epsilon =0\). To see this, we only need to show that there exists no sum-of-squares polynomials \(\sigma ^\mathcal {I}_0(x_1), \sigma ^\mathcal {I}_1(x_1)\in \varSigma [x_1]\) such that \(x_1=\sigma ^\mathcal {I}_0(x_1)+x_1^3\sigma ^\mathcal {I}_1(x_1)\). Suppose we have such an expression, by setting \(x_1=0\), we have \(\sigma ^\mathcal {I}_0(0)=0\). Assume that \(\sigma ^\mathcal {I}_0\) can be expressed as \(\sigma ^\mathcal {I}_0(x_1)= \sum _i p_i^2(x_1)\), then \(\sigma ^\mathcal {I}_0(0)=0\) implies that \(p_i(0)=0\) for each i, so each \(p_i\) factors as \(p_i(x_1)=x_1 p_i'(x_1)\). Therefore, both \(\sigma ^\mathcal {I}_0(x_1)\) and \(x_1^3\sigma ^\mathcal {I}_1(x_1)\) contain no terms of degree less than 2, which is impossible.

4 A Complete Characterization of Polynomial Barrier Certificates

In this section, we give an affirmative answer to the question raised above. The tool we use is a newly introduced technique in the optimization community, called homogenization [19], to transform an unbounded optimization problem into a bounded one. In the following, we utilize the homogenization technique to derive a complete characterization for polynomial barrier certificates purely from a constraint-solving perspective. In the next section, we will take a different view of this technique and consider a family of non-polynomial barrier certificates that arise naturally.

We first fix some notations. Given \(\boldsymbol{x}\in \mathbb {R}^n\), let \(x_0\) be a fresh variable. For a polynomial \(p(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) of degree d, its homogenization w.r.t. variable \(x_0\) is a new polynomial \(\tilde{p}\in \mathbb {R}[x_0,\boldsymbol{x}]\) defined by . For example, let \(f(x_1,x_2)=x_1^2+x_2+1\), then \(\tilde{f}(x_0,x_1,x_2) =x_1^2+x_2x_0+x_0^2\). Suppose \(\mathcal K\subseteq \mathbb {R}^n\) is a semialgebraic set as described in Eq. (1), we introduce two related sets in \(\mathbb {R}^{n+1}\) as follows:

figure k

One can see that there exists an one-to-one mapping between \(\tilde{\mathcal {K}}_{>0}\) and \(\mathcal {K}\):

Lemma 1

Let \(\mathcal K\) be as in Eq. (1). Then \(\boldsymbol{x} \in \mathcal {K}\) if and only if

$$\begin{aligned} \left( \frac{1}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}, \frac{x_1}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}, \ldots , \frac{x_n}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}\right) \in \tilde{\mathcal {K}}_{>0}. \end{aligned}$$

Moreover, \((x_0, \boldsymbol{x}) \in \tilde{\mathcal {K}}_{>0}\) if and only if \((\frac{x_1}{\sqrt{1-\Vert \boldsymbol{x}\Vert ^2}}, \ldots , \frac{x_n}{\sqrt{1-\Vert \boldsymbol{x}\Vert ^2}})\in \mathcal K\).

Utilizing the above lemma, we can transform a potentially unbounded set into a bounded set located on the unit sphere within \(\mathbb {R}^{n+1}\). Moreover, note that points with \(x_0=0\) in \(\mathbb {R}^{n+1}\) correspond to points at infinity in \(\mathbb {R}^n\). This encourages us to take the points at infinity into consideration. The related concept is captured by the following definition.

Definition 1

(Closed at Infinity [26]). A basic semialgebraic set \(\mathcal K\) is closed at infinity if \(cl(\tilde{\mathcal {K}}_{>0})=\tilde{\mathcal {K}}\), where \(cl(\tilde{\mathcal {K}}_{>0})\) denotes the closure of \(\tilde{\mathcal {K}}_{>0}\).

We would like to emphasize that being closed at infinity is a generic property for semialgebraic sets [15], and its manifestation may be contingent upon the selection of descriptive polynomials. For example, let \(S_1 = \left\{ (x_1,x_2) \mid x_1-x_2^2\ge 0 \right\} \), then \(S_1\) is not closed at infinity because

$$\begin{aligned} (0,-1,0) \not \in cl(\tilde{S_1}_{>0})\quad \text { and }\quad (0,-1,0) \in \tilde{S_1}. \end{aligned}$$

However, by adding a redundant polynomial inequality \(x_1\ge 0\) in \(S_1\), we can check \(S_2= \left\{ (x_1,x_2)\in \mathbb {R}^2 \mid x_1-x_2^2\ge 0, x_1\ge 0 \right\} (=S_1)\) is closed at infinity. In this paper, we assume that \(\mathcal {I}\), \(\mathcal {U}\), and \(\mathcal {X}\) are all closed at infinity, which is purely a technical assumption. To check whether a semialgebraic set is closed at \(\infty \), one can use [15, Thm. 2.11].

The following theorem lies at the core of the homogenization technique.

Theorem 4

([19, Lem 3.2]). When a basic semialgebraic set \(\mathcal K\) is closed at infinity, for any polynomial \(f\in \mathbb {R}[\boldsymbol{x}]\)

$$\begin{aligned} f(\boldsymbol{x})\ge 0 \text { over } \mathcal K \iff \tilde{f}(x_0, \boldsymbol{x}) \ge 0 \text { over } \tilde{\mathcal {K}}. \end{aligned}$$

Now we present the homogenized version of Theorem 3, which solves the problem raised at the end of the last section.

Theorem 5

Assume that \(\mathcal {I}\), \(\mathcal {U}\), and \(\mathcal {X}\) are all closed at infinity. Given \(\lambda \in \mathbb {R}\) and \(\epsilon _e\in \mathbb {R}_{>0}\), consider the following constraints with parameter \(\epsilon \),

$$\begin{aligned} \begin{aligned} & - \tilde{B}(x_0, \boldsymbol{x}) + \epsilon = \sigma _0^\mathcal {I}+ \sum _{i=1}^{m_i+2} \sigma ^\mathcal {I}_i \tilde{g}^\mathcal {I}_i\\ & \tilde{B}(x_0, \boldsymbol{x}) - \epsilon _e x_0^{d} + \epsilon = \sigma _0^\mathcal {U}+ \sum _{i=1}^{m_u+2} \sigma ^\mathcal {U}_i \tilde{g}^\mathcal {U}_i \\ & \tilde{H}(x_0, \boldsymbol{x}) + \epsilon = \sigma _0^\mathcal {X}+ \sum _{i=1}^{m_x+2} \sigma ^\mathcal {X}_i \tilde{g}^\mathcal {X}_i\\ & \sigma ^\mathcal {I}_0, \dots , \sigma ^\mathcal {I}_{m_i+1}, \sigma ^\mathcal {U}_0, \dots , \sigma ^\mathcal {U}_{m_u+1}, \sigma ^\mathcal {X}_0, \dots , \sigma ^\mathcal {X}_{m_x+1} \in \varSigma [x_0, \boldsymbol{x}],\\ & \sigma ^\mathcal {I}_{m_i+2}, \sigma ^\mathcal {U}_{m_u+2}, \sigma ^\mathcal {X}_{m_x+2} \in \mathbb {R}[x_0, \boldsymbol{x}], \end{aligned} \end{aligned}$$
(7)

where , d is the degree of \(\deg {B}(\boldsymbol{x})\), \(\tilde{g}_{m_i+1}^\mathcal {I}= \tilde{g}_{m_u+1}^\mathcal {U}= \tilde{g}_{m_x+1}^\mathcal {X}= x_0\), and \(\tilde{g}_{m_i+2}^\mathcal {I}= \tilde{g}_{m_u+2}^\mathcal {U}= \tilde{g}_{m_x+2}^\mathcal {X}= x_0^2 + \Vert \boldsymbol{x} \Vert ^2-1\). When \(\epsilon =0\), Eq. (7) gives a sound characterization of polynomial barrier certificates, i.e., any solution \(B(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) of degree d to the above constraints is a barrier certificate. When \(\epsilon >0\), Eq. (7) gives a complete characterization of polynomial barrier certificates, i.e., any barrier certificate \(B(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) of degree d satisfies the above constraints.

Proof

We prove the first constraint corresponding to the initial set \(\mathcal {I}\), the other two constraints are similar. By employing homogenization and Theorem 4, the original condition Eq. (3) can be transformed into \(- \tilde{B}(x_0, \boldsymbol{x})\ge 0\) over \(\tilde{\mathcal {I}}\). Since the descriptive polynomials in \(\tilde{\mathcal {I}}\) contain \(\Vert \boldsymbol{x}\Vert ^2+x^2_0 = 1\), \(\tilde{\mathcal {I}}\) is a closed basic semialgebraic set and its corresponding quadratic module is Archimedean. Thus, we can apply Proposition 1 and Theorem 1 to obtain the soundness and completeness results, respectively. Note for the other two constraints, we need to homogenize the polynomial \(B(\boldsymbol{x})-\epsilon _e\) and \(B(\boldsymbol{x}) - \mathfrak L_{\boldsymbol{f}} B(\boldsymbol{x})\) as a whole.    \(\square \)

5 Homogenized Systems and Semialgebraic Barrier Certificates

In this section, we take a different perspective of the technique in the last section. The motivation comes from the observation that the homogenization procedure can be viewed as mapping the original system in \(\mathbb {R}^n\) into a new system in \(\mathbb {R}^{n+1}\). Consequently, the constraints in Eq. (7) can be conceived as barrier certificate conditions for the new system. Employing this idea, we introduce the definition of homogenized systems as follows. To avoid confusion, we will use \((y_0, \boldsymbol{y})\in \mathbb {R}^{n+1}\) to denote the state variables of the homogenized systems.

Definition 2

(Homogenized System). Given a system Eq. (2), the homogenized system is an associated system in \(\mathbb {R}^{n+1}\). For each state \(\boldsymbol{x}\in \mathbb {R}^n\) of the original system, the corresponding state \((y_0,\boldsymbol{y})\in \mathbb {R}^{n+1}\) of the homogenized system is given by

$$\begin{aligned} (y_0, y_1, \dots , y_n) = (\frac{1}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}, \frac{x_1}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}, \ldots , \frac{x_n}{\sqrt{1+\Vert \boldsymbol{x}\Vert ^2}}). \end{aligned}$$
(8)

The dynamics of the homogenized systems can be obtained by taking derivative in the right-hand-side of Eq. (8). Hence, the safety verification problem of the original system Eq. (2) with sets \(\mathcal {X}\), \(\mathcal {I}\), and \(\mathcal {U}\) can be translated into an equivalent problem for the homogenized system Eq. (8) with sets \(\tilde{\mathcal {X}}\), \(\tilde{\mathcal {I}}\), and \(\tilde{\mathcal {U}}\). Furthermore, we show that a barrier certificate of the original system can be computed from a barrier certificate of the homogenized system.

Theorem 6

\(B(y_0, \boldsymbol{y})\in \mathcal C^1(\mathbb {R}^{n+1})\) is a barrier certificate of the homogenized system if and only if \(B(\frac{1}{\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}}, \frac{\boldsymbol{x}}{\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}})\) is a barrier certificate of the original system.

Proof

Let \(B(y_0, \boldsymbol{y})\) be a barrier certificate of the homogenized system. Denote , we show that \(g(\boldsymbol{x})\) satisfies the conditions in Theorem 2. For \(\boldsymbol{x}\in \mathcal {I}\), since \((y_0, \boldsymbol{y})\in \tilde{\mathcal {I}}^b\) by Lem. 1 and Eq. (8), we have \(g(\boldsymbol{x})=B(y_0,\boldsymbol{y})\le 0\). Similarly, for \(\boldsymbol{x}\in \mathcal {U}\), we have \(g(\boldsymbol{x})= B(y_0,\boldsymbol{y})\ge \epsilon _e\). Finally, since

$$\begin{aligned} \begin{aligned} \mathfrak L_{\boldsymbol{f}} g(\boldsymbol{x}) &= \sum _{i=1}^n \frac{\partial g(\boldsymbol{x})}{\partial x_i} f_i(\boldsymbol{x}) = \sum _{i=1}^n \left( \sum _{j=0}^n \frac{\partial B(y_0, \boldsymbol{y})}{\partial y_j} \frac{\partial y_j}{\partial x_i}\right) f_i(\boldsymbol{x})\\ & = \sum _{j=0}^n \frac{\partial B(y_0, \boldsymbol{y})}{\partial y_j} \left( \sum _{i=1}^n \frac{\partial y_j}{\partial x_i} f_i(\boldsymbol{x})\right) = \mathfrak L_{\boldsymbol{f}'} B(y_0,\boldsymbol{y}), \end{aligned} \end{aligned}$$

where \(\boldsymbol{f}'\) is the dynamic of the homogenized system. For any \(\boldsymbol{x}\in \mathcal {X}\) we have \(\mathfrak L_{\boldsymbol{f}} g(\boldsymbol{x})-\lambda g(\boldsymbol{x}) = \mathfrak L_{\boldsymbol{f}'} B(y_0, \boldsymbol{y})-\lambda B(y_0,\boldsymbol{y}) \le 0\). The other direction is similar.    \(\square \)

According to Stone-Weierstrass theorem [38], a continuous function in a compact space in \(\mathbb {R}^{n+1}\) can be approximated by polynomials. This means that, if there exists \(B(y_0, \boldsymbol{y})\in \mathcal C^1(\mathbb {R}^{n+1})\) as a barrier certificate, one should be able to find a polynomial barrier certificate (of sufficient large degree) close to it. In fact, this is one of the reasons why we are primarily concerned with polynomial barrier certificates in the bounded case. By Theorem 6, if \(B(y_0, \boldsymbol{y})\) is a polynomial of degree d, then we have

$$\begin{aligned} (\sqrt{\Vert \boldsymbol{x}\Vert ^2+1})^d B(\frac{1}{\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}}, \frac{\boldsymbol{x}}{\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}}) = B_1(\boldsymbol{x}) + \sqrt{\Vert \boldsymbol{x}\Vert ^2+1} \cdot B_2(\boldsymbol{x}) \end{aligned}$$

for some polynomials \(B_1(\boldsymbol{x}),B_2(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\). From this expression, we can see that Theorem 5 is a special case when \(B(y_0, \boldsymbol{y})\) itself is a homogeneous polynomial (i.e., all monomials are of the same degree) and \(B_2(\boldsymbol{x})=0\).

Definition 3

We say a barrier certificate \(B(\boldsymbol{x})\) is semialgebraicFootnote 1 if it can be expressed as \(B(\boldsymbol{x})=B_1(\boldsymbol{x}) + \sqrt{\Vert \boldsymbol{x}\Vert ^2+1} \cdot B_2(\boldsymbol{x})\) for some \(B_1(\boldsymbol{x}),B_2(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\).

The synthesis of semialgebraic barrier certificates is not straightforward, due to the existence of non-polynomial component \(\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}\). To address this problem, we employ the technique in [22] to encode these non-polynomial expressions into polynomials with extra variables. To be concrete, we introduce two variables u and v, which stand for \(\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}\) and \(\frac{1}{\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}}\), respectively. Then, by Theorem 2, the conditions for a semialgebraic barrier certificate can be written as

(9)

where \(G(\boldsymbol{x},u,v)\in \mathbb {R}[\boldsymbol{x},u,v]\) is defined by

(10)

Similar to Theorems 3 and 5, we have the following characterization for semialgebraic barrier certificates. Without loss of generality, we assume that \(B_1(\boldsymbol{x})\) and \(B_2(\boldsymbol{x})\) are both of degree d.

Theorem 7

Assume that \(\mathcal {I}\), \(\mathcal {U}\), and \(\mathcal {X}\) are all closed at infinity. Given \(\lambda \in \mathbb {R}\) and \(\epsilon _e\in \mathbb {R}_{>0}\), consider the following constraints with parameter \(\epsilon \),

$$\begin{aligned} \begin{aligned} & B(\boldsymbol{x}, u) = B_1(\boldsymbol{x}) + u \cdot B_2(\boldsymbol{x})\\ & - \tilde{B}(x_0, \boldsymbol{x}, u) + \epsilon = \sigma _0^\mathcal {I}+ \sum _{i=1}^{m_i+4} \sigma ^\mathcal {I}_i \tilde{g}^\mathcal {I}_i \\ & \tilde{B}(x_0, \boldsymbol{x}, u) - \epsilon _e x_0^{d+1} + \epsilon = \sigma _0^\mathcal {U}+ \sum _{i=1}^{m_u+4} \sigma ^\mathcal {U}_i \tilde{g}^\mathcal {U}_i \\ & \tilde{G}(x_0, \boldsymbol{x}, u, v) + \epsilon = \sigma _0^\mathcal {X}+ \sum _{i=1}^{m_x+5} \sigma ^\mathcal {X}_i \tilde{g}^\mathcal {X}_i\\ & \sigma ^\mathcal {I}_0, \dots , \sigma ^\mathcal {I}_{m_i+2}, \sigma ^\mathcal {U}_0, \dots , \sigma ^\mathcal {U}_{m_u+2} \in \varSigma [x_0, \boldsymbol{x}, u], \\ &\sigma ^\mathcal {X}_0, \dots , \sigma ^\mathcal {X}_{m_x+2} \in \varSigma [x_0, \boldsymbol{x}, u, v],\\ &\sigma ^\mathcal {I}_{m_i+3}, \sigma ^\mathcal {I}_{m_i+4}, \sigma ^\mathcal {U}_{m_u+3}, \sigma ^\mathcal {U}_{m_u+4}\in \mathbb {R}[x_0, \boldsymbol{x}, u]\\ &\sigma ^\mathcal {X}_{m_x+3}, \sigma ^\mathcal {X}_{m_x+4}, \sigma ^\mathcal {X}_{m_x+5} \in \mathbb {R}[x_0, \boldsymbol{x},u,v], \end{aligned} \end{aligned}$$
(11)

where \(G(\boldsymbol{x},u,v)\) is as defined in Eq. (10), \(\tilde{g}_{m_i+1}^\mathcal {I}= \tilde{g}_{m_u+1}^\mathcal {U}= \tilde{g}_{m_x+1}^\mathcal {X}= x_0\), \(\tilde{g}_{m_i+2}^\mathcal {I}= \tilde{g}_{m_u+2}^\mathcal {U}= \tilde{g}_{m_x+2}^\mathcal {X}= u\), \(\tilde{g}_{m_i+3}^\mathcal {I}= \tilde{g}_{m_u+3}^\mathcal {U}= \tilde{g}_{m_x+3}^\mathcal {X}= u^2 - x_0^2 - \Vert \boldsymbol{x} \Vert ^2\), \(\tilde{g}_{m_i+4}^\mathcal {I}= \tilde{g}_{m_u+4}^\mathcal {U}= x_0^2 + \Vert \boldsymbol{x} \Vert ^2 + u^2 - 1\), \(\tilde{g}_{m_x+4}^\mathcal {X}= uv-x_0^2\), and \(\tilde{g}_{m_x+5}^\mathcal {X}= x_0^2 + \Vert \boldsymbol{x} \Vert ^2 + u^2 + v^2 - 1\). When \(\epsilon =0\), Eq. (11) gives a sound characterization for semialgebraic barrier certificates, i.e., any pair of solutions \(B_1(\boldsymbol{x}), B_2(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) to the above constraints makes \(B(\boldsymbol{x})\) a barrier certificate. When \(\epsilon >0\), Eq. (11) gives a complete characterization for semialgebraic barrier certificates, i.e., any semialgebraic barrier certificate with \(B_1(\boldsymbol{x}),B_2(\boldsymbol{x})\in \mathbb {R}[\boldsymbol{x}]\) of degree d satisfies the above constraints.

Proof

By applying Theorem 4 to Eq. (9). Similar to the proof of Theorem 5.    \(\square \)

6 Experiments

Implementation. We implemented the barrier certificate synthesis procedures in Julia programming language, interfaced with TSSOS [40] for formulating SOS relaxations and Mosek solver [5] for solving the underlying SDP. All experiments were performed on a Mac lap-top with Apple M2 chip and 8GB memory. The code and benchmarks are publicly available online . In the following, we use the corresponding theorems to refer to different approaches/characterizations.

Experiment Settings. The goal of our experiments was to compare the differences between employing characterizations Theorems 3, 5, and 7 to synthesize exponential-type barrier certificates over unbounded domains. To this end, we collected a set of dynamical systems of dimension 2 and 3 from the literature. For each benchmark system, we designed two problem instances. In the first instance, we only let the domain \(\mathcal {X}=\mathbb {R}^n\) be unbounded, while in the second instance, we further let the initial set \(\mathcal {I}\) and/or the unsafe region \(\mathcal {U}\) be unbounded (not necessarily containing the original bounded counterparts).

Fig. 1.
figure 1

Portraits of four selected examples.

Full size image

In practical computation, we set \(\lambda =-1\), \(\epsilon _e = 10^{-5}\) in the definition of barrier certificates and \(\epsilon =0\) in the sum-of-squares characterizations. As discussed after Theorem 3, the \(\epsilon =0\) case can be viewed as both sound and complete in most practical situations. We manually verified that the sets \(\mathcal {I}\), \(\mathcal {U}\), and \(\mathcal {X}\) are closed at infinity.

For Theorems 3 and 5, we searched for polynomial barrier certificates \(B(\boldsymbol{x})\) up to degree 6. For Theorem 7, due to the \(\sqrt{\Vert \boldsymbol{x}\Vert ^2+1}\) term, we searched for semialgebraic barrier certificates with \(B_1(\boldsymbol{x})\) and \(B_2(\boldsymbol{x})\) up to degree 4. When the target degree d is fixed, by restricting the highest degree of involved polynomials to be the smallest even number larger than d, the sum-of-squares characterizations can be solved as SDPs [7]. For each solution returned by SDP solver, we utilized Mathematica to symbolically verify that the numerical solution \(B(\boldsymbol{x})\) satisfies the barrier certificate conditions. The timeout for verifying each barrier certificate candidate was set to be 10 min. We report the total time for solving SDP constraints and verifying the results.

Empirical Observations. Table 1 reports the experimental results, and Fig. 1 portraits selected examples. We mainly compare the results from two aspects.

Table 1. Experimental results for synthesizing exponential type barrier certificates.
Full size table

Expressiveness : For problems with unbounded domains, both our complete characterizations Theorems 5 and 7 are more expressive than the incomplete characterization Theorem 3, as they succeeds in synthesizing barrier certificates in more problem instances. The two complete characterizations offer distinct advantages: Thm. 5 exhibits broader applicability, demonstrably successful for problem instances like arch4-2 and nagumo-2. In contrast, Theorem 7 excels at synthesizing lower-degree barrier certificates, as exemplified by vector-1,2 and barrier-1,2 problem instances. The experimental results also demonstrate that, while Theorem 7 theoretically subsumes Theorem 5, its characterization presents significantly greater complexity and hinders its ability to identify solutions, due to inherent numerical issues in SDP solvers.

Efficiency : For most benchmarks, the time overhead for employing Theorem 5 is comparable to Theorem 3, while Theorem 7 is evidently slower than the other two. This should be attributed to the introduction of fresh variables in SOS characterizations in the complete characterizations (one for Theorem 5 and two for Theorem 7). Hence, the computation cost of both SDP solving and posterior verification increases, mildly for Theorem 5 (e.g., lie-der-2 and arch1-1) but severely for Theorem 7 (e.g., barrier-1 and arch1-1). We also want to emphasize that, for 3-dimensional systems with higher-degree templates, posterior verification time increases significantly, meaning that we can not verify the validity of the barrier certificate candidates within a reasonable amount of time.

Summary. For practical applications, we recommend employing Theorem 5 to synthesize polynomial barrier certificates for unbounded problems. This approach achieves a high level of expressiveness while maintaining efficiency comparable to Theorem 3. Moreover, we believe that the performance of Theorem 7 can be improved by exploiting algebraic structures of the constraints. For example, the variables u, v only occur linearly or quadratically in constraints, which can be utilized in restrict the templates of unknown sum-of-squares polynomials.

Remark 1

In our experiments, we did not consider different parameter settings (such as the selection of \(\lambda \) discussed in [21]) and constraint formulations (such as techniques for taming numerical errors discussed in [32]), which may impact the synthesized barrier certificates but are not the focus of the current paper.

7 Conclusion

This paper addresses the problem of synthesizing barrier certificates over unbounded domains. Previous SDP-based approaches to this problem are incomplete, because Putinar’s Positivstellensatz is only applicable in bounded cases. We fill this gap by proposing the first complete sum-of-squares characterization for polynomial barrier certificates, achieved through the utilization of the homogenization approach derived from optimization theory. Furthermore, we introduce the notions of homogenized systems and semialgebraic barrier certificates, which are induced from polynomial barrier certificates of the homogenized systems. For such non-polynomial barrier certificates, we also provide a complete characterization. Experimental results substantiate the efficacy of both of our approaches, demonstrating their enhanced expressiveness and ability to synthesize more barrier certificates in comparison to existing methods.

While our paper primarily focuses on synthesizing barrier certificates for differential dynamical systems, it is crucial to note that our method can be readily extended to other types of systems, including hybrid systems and systems with control, disturbance, or stochastic dynamics. Furthermore, our method can also be utilized in related verification problems such as Lyapunov function synthesis, program invariant generation, and so on.