Aim:
* Query network with properties
* Enforce properties on network during training

# 1 Query
* __Declaratively__, to query the network for inputs we need a precise way to __impose constraints__ on these inputs, hence some type of __logic__.
* __Operationally__, we also need a way to __perform queries__ on the network with these constraints.

## 1.1 Logic
We introduce a standard logic with 
* no quantifiers: 
    - $\forall$
    - $\exists$
    - $\exists$!
* Comparision operation:
    - $\lnot$
    - $\neq$
    - $\land$, conjunction, (&)
    - $\lor$, disjunction,(||)
    - $\leq$
    - $\geq$
    - $\lt$
    - $\gt$
    - $\Rightarrow$
    - Note the comparision operation on vectors are point wise
* Functions $f:\mathbb{R}^m \to \mathbb{R}^n$

__Example property to query for AE__
![Query AE](figures/syntaxsugar.PNG)
Expression for property $\Phi$:
$$\begin{align}
\Phi=&\land^k_{j=1,j\neq 9}NN(i)[j]<NN(i)[9]\\
&\land \parallel i-\text{deer}\parallel_{\infty} \lt 25\\
&\land \parallel i-\text{deer}\parallel_{\infty} \gt 5
\end{align}$$
NN(i)[j] means the output of the NN at class j when input is i.

## 1.2 Solve
The aim is to fing value of input i that makes the property hold.
* By standard constraint solver, only feasible for small network
    - Z3 SMT
    - AST
* Solve as optimisation by introduce translation of logical formulas into differentiable loss function $T(\phi)$ to be solved with optimization. The translation T must fulfill the follow properties:
    * __Theorem__: $\forall x$, if $T(\phi)(x)=0$, then x satisfies $\phi$. Thus we need to find x that make T = 0,this x will solve our original property.
    
   
### 1.2.1 Translations
First define distance $d(a,b)\geq 0$ equality occurs iff $a=b$.

$I_{t_1\gt t_2}$ is an __indicator function__ which is 1 when $t_1\gt t_2$ and 0 otherwise. 

| Logic Term | Translation |
| :------ | :--------------- |
| $t_1=t_2$ | $d(t_1,t_2)$ |
| $t_1\leq t_2$ | $I_{t_1\gt t_2}d(t_1,t_2)$ |
| $t_1\lt t_2$ | $T(t_1+\epsilon \leq t_2)$ |
| $t_1\neq t_2$ | $T( (t_1\leq t_2) \lor (t_2 \leq t_1))$ |
| $\psi \lor \varphi$ | $T(\psi) \cdot T(\varphi)$ |
| $\psi \land \varphi$ | $T(\psi) + T(\varphi)$ |

If we use $d(a,b)=|a-b|$:

    $I_{t_1\gt t_2}d(t_1,t_2) = max(0,t_1-t_2)$

| Logic Term | Translation |
| :------ | :--------------- |
| $t_1=t_2$ | $|t_1-t_2|$ |
| $t_1\leq t_2$ | $max(0, t_1-t_2)$ |
| $t_1\lt t_2$ | $T(t_1+\epsilon \leq t_2)$ |
| $t_1\neq t_2$ | $T( (t_1\leq t_2) \lor (t_2 \leq t_1))$ |
| $\psi \lor \varphi$ | $T(\psi) \cdot T(\varphi)$ |
| $\psi \land \varphi$ | $T(\psi) + T(\varphi)$ |

### 1.2.2 Loss minimising

We want to minimise the translation loss T to zero.
* If T=0 -> there must be points satisfying the property
* If $T\neq0$, there may still be points satisfying the property

Recall theorem $\forall x$, __if__ $T(\phi)(x)=0$, then x satisfies $\phi$.

The if can become iff under the following condition:
![translationtheorem](figures/translationtheorem.PNG)


# 2. Train the network with logic

The idea is to use the sam translated loss of a property $T(\phi)$ and incorporate it into training.