Implemented support for verifying IDTMCs

[plindnercs]

This feature extension includes IDTMC support to verify the following properties:

• Reachability Probabilities
• Reach-Reward
• Propositional

Note:

• As discussed in issue Add support for explicit scheduler-nature optimization directions in uncertain (interval) models #807, the results for Pmin, Pmax, Rmin and Rmax are flipped compared to PRISM.
• The expected results in the unit tests were double-checked with PRISM and manually verified by computing them by hand (except for the BRP-32-2 test case).
• If the minmax:method is not manually set to vi, the current implementation prints a warning and defaults to robust value iteration. This is somewhat related to issue Default selected method not supported (dd's) #264. Note that the warning currently appears twice as the minmax:method is checked in two places.
• The implementation heavily relies on the IMDP implementation (see Support for interval-based transitions in storm #409)
• This pull request should solve the first item and second item, at least for IDTMCs, in Support for interval models #762

I'm happy to receive any kind of feedback!

[tquatmann]

Good progress! My comment regarding the interval optimization direction is related to #807 .

[tquatmann]

The upper bound of 1 does not apply if we compute expected rewareds

[tquatmann]

It's a bit odd that the optimization direction controls nature for IDTMCs (but not for IMDPs, it seems).
Suggestion: the interval optimization direction should be stored as an std::optional<storm::OptimizationDirection> in the Checktask (and then checked e.g. here). That forces an API user to set it explicitly.
When creating a checktask from a formula, the interval optimization direction can be derived automatically (following PRISM behaviour).

[tquatmann]

Of course, this also means that we have to read the IntervalOptimizationDirection from the SolveGoal (somewhere in the Helper).

[tquatmann]

See above

[volkm]

Is it possible to keep the include only in the cpp file? This avoids costly includes of carl in header files.

[plindnercs]

With the current design (ValueType precision; stored by value), this is not possible, because ValueType needs to be complete at the point where ConstantsComparator<ValueType> is instantiated. However, as an alternative, we could change it to std::shared_ptr<const ValueType> precision, and use the precision variable by dereferencing the pointer in the implementation (ConstantsComparator.cpp). This would avoid requiring ValueType to be complete in the header. If that is acceptable, then I can change the code accordingly.

[tquatmann]

let's change that to

Suggested change

	#include "storm/adapters/IntervalAdapter.h"
	#include "storm/adapters/IntervalForward"

The pointer solution would yield a runtime overhead

[plindnercs]

Incorporating this change results in the following error while executing the tests locally on my machine (same as before adding the include for IntervalAdapter.h):
error: ‘storm::utility::ConstantsComparator<ValueType>::precision’ has incomplete type.

[tquatmann]

Thanks for the contribution! Looks good, I just have some nitpicks :)

[tquatmann]

let's change that to

Suggested change

	#include "storm/adapters/IntervalAdapter.h"
	#include "storm/adapters/IntervalForward"

The pointer solution would yield a runtime overhead

[tquatmann]

We actually need to check the requirements. Something like

auto req = solver->getRequirements(env);
if (!computeReward) {
    req.clearbounds();
}
STORM_LOG_THROW(!req.hasEnabledCriticalRequirement(), storm::exceptions::UncheckedRequirementException,
                        "Solver requirements " + req.getEnabledRequirementsAsString() + " not checked.");

[plindnercs]

Temporarily fixed in dee5cad. I hope this is okay for now.

[tquatmann]

I think we should throw already at this point. If the solver requires an upper bound and we ignore that requirement, it will fail or (even worse) terminate with a wrong result.

On another note: We should have negative rewards in mind. This means that 0 is not necessarily a lower bound. (I know there are still some parts that assume non-negative rewards).

Is there an issue with my suggestion?

[sjunges]

What does it even mean that we use an interval as precision in the constants comparator?

[volkm]

The following patch should handle the includes for ConstantsComparator.
patch.txt

[volkm]

I can also push the changes to this PR if you want.

[plindnercs]

What does it even mean that we use an interval as precision in the constants comparator?

Intuitively, I would have expected a behaviour like this, where we interpret the precision bounds as tolerances on the interval bounds:

storm::Interval precision(0.1, 0.15);
storm::Interval candidateA(0.3, 0.3);
storm::Interval candidateB(0.2, 0.4);
storm::Interval candidateC(0.1, 0.4);

storm::utility::ConstantsComparator<storm::Interval> constantsComparator(precision, false);

EXPECT_TRUE(constantsComparator.isEqual(candidateA, candidateB));
EXPECT_FALSE(constantsComparator.isEqual(candidateA, candidateC));
EXPECT_TRUE(constantsComparator.isEqual(candidateB, candidateC));

If this is not the intended semantics, then maybe we need to discuss this more thoroughly.

[plindnercs]

I can also push the changes to this PR if you want.

That would be great. Thank you!

About the failing build: is this due to an error in my implementation, or is it caused by the pipeline itself? I might be missing something, but I could not infer this from the error messages.

[volkm]

I have merged the recent changes from master. This should fix the build issue on Alpine.

[sjunges]

@plindnercs so you use two precisions, one for the lower bound and one for the upper bound? Is this a hypothetical use case, or a real one?

[plindnercs]

@plindnercs so you use two precisions, one for the lower bound and one for the upper bound? Is this a hypothetical use case, or a real one?

Yes, you can see it that way. Right now, it is only a hypothetical use case as far as I know. At least the implementation that I contributed does not make use of this directly.

[tquatmann]

@plindnercs so you use two precisions, one for the lower bound and one for the upper bound? Is this a hypothetical use case, or a real one?

Yes, you can see it that way. Right now, it is only a hypothetical use case as far as I know. At least the implementation that I contributed does not make use of this directly.

I'd be in favour of using the most obvious semantics for now, until something else is required. To me, "most obvious semantics" would be to have IntervalBaseType<ValueType> as type of precision and then apply that precision to both, lower and upper interval boundaries

Edit: I realise that this, again, requires the IntervalForward include in the ConstantsComparator.
I don't know how to prevent that. @volkm any idea?

[tquatmann]

Thanks! Just some final remarks.

I also pushed a change to the storm::api::createTask interface. In my opinion, this should explicitly ask for an uncertainty resolution mode when dealing with interval models.

[tquatmann]

I think we should throw already at this point. If the solver requires an upper bound and we ignore that requirement, it will fail or (even worse) terminate with a wrong result.

On another note: We should have negative rewards in mind. This means that 0 is not necessarily a lower bound. (I know there are still some parts that assume non-negative rewards).

Is there an issue with my suggestion?

[tquatmann]

STORM_LOG_ASSERT(false ...

with the validator above, this should not be reachable. It's better to just fail for now.

[tquatmann]

For consistency: UncertaintyResolutionMode const&

[tquatmann]

STORM_LOG_THROW(false, ...

[sjunges]

@plindnercs so you use two precisions, one for the lower bound and one for the upper bound? Is this a hypothetical use case, or a real one?

Yes, you can see it that way. Right now, it is only a hypothetical use case as far as I know. At least the implementation that I contributed does not make use of this directly.

I'd be in favour of using the most obvious semantics for now, until something else is required. To me, "most obvious semantics" would be to have IntervalBaseType<ValueType> as type of precision and then apply that precision to both, lower and upper interval boundaries

I fully second this. In particular, I would not even allow instantiating the constants comparator with intervals...

[volkm]

Edit: I realise that this, again, requires the IntervalForward include in the ConstantsComparator.
I don't know how to prevent that. @volkm any idea?

I think the IntervalForward is okay to include. Up until now, I managed to avoid including it, because ValueType is only later instantiated in the cpp and it was somehow okay to delay the actual include to the class which later uses it, for example in the tests. Maybe that is still possible.