# A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

## Presentation on theme: "A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,"— Presentation transcript:

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California, Berkeley

2 Introduction Problem –Check satisfiability of conjunction of literals –Example: x = 2y+3 Æ F(x-3) F(2y) –Application: program verification Existing algorithms –Linear arithmetic: Gaussian elimination, Simplex –Uninterpreted function terms: congruence closure –Combination: Nelson-Oppen, Shostak Our proposal –A randomized algorithm –We hope to gain: simplicity and efficiency

3 Outline Linear arithmetic Retracting assumptions Extension to uninterpreted function symbols Experimentation

4 Algebraic Interpretation of Satisfiability 1 : (z = x+y) Æ (x = y) Æ (z 0) 2 : (z = x+y) Æ (x = y) Æ (z 2x) 1 is satisfiable. For e.g. x=1, y=1, z=2 2 is not satisfiable since (z=x+y) Æ (x=y) ) (z=2x) Can we "test" the satisfiability of these formulae with low error probability?

5 Geometric Interpretation of Satisfiability IDEA: If we choose points randomly on L, we can easily tell that L ) R 1 and L ) R 2 1 : (z = x+y) Æ (x = y) Æ (z 0) 2 : (z = x+y) Æ (x = y) Æ (z 2x) L L R 2 : z = 2x R 1 : z = 0 P Line L: solution space for (z = x+y) Æ (x = y)

6 Overview of the Algorithm 1.Generate random assignments that satisfy all equality literals –We do this incrementally –Start with a set of completely random assignments – Adjust them to satisfy each equality literal one by one 2.Test them on disequality literals –If the random assignments satisfy e 1 = e 2, then the formula …. Æ e 1 e 2 Æ …. is unsatisfiable

7 Adjust Operation: Algebraic Interpretation Notation Sample S = collection of assignments S ² g = 0 means all assignments in S satisfy g=0 Properties of S = Adjust(S, e=0) 1.If S ² g=0, then S ² g=0 2.S ² e=0 3.If S ² g=0, then 9 g (S ² g=0 and g=0 Æ e=0 ) g=0) –S satisfies exactly one more linearly independent relationship satisfied by S

8 Adjust Operation: Geometric Interpretation Algorithm to obtain S = Adjust(S, e=0) S4S4 S2S2 S3S3 S1S1 S3S3 S1S1 S2S2 Hyperplane e = 0. Assignments = points Adjust = projection onto the hyperplane represented by an equality literal S satisfies e=0 and all relationships satisfied by S

9 The Satisfiability Procedure IsSatisfiable( ) = –let be –S Ã R, where R is a random sample –for i = 1 to k: S Ã Adjust(S,e i =0)

10 The Satisfiability Procedure IsSatisfiable( ) = –let be –S Ã R, where R is a random sample –for i = 1 to k: if S ² e i +c=0 for some c 0, then return Unsatisfiable else if S ² e i =0 then S Ã Adjust(S,e i =0) –for j = 1 to m: if S ² e j = 0, then return Unsatisfiable –return Satisfiable

11 Completeness Theorem If IsSatisfiable( ) returns true, then is satisfiable Proof: –The final sample satisfies all the equality literals and the disequality literals in the formula.

12 Soundness Theorem If is satisfiable, then IsSatisfiable( ) returns true with high-probability Error probability · –m: #disequalities –|F|: size of set from which random values are chosen –r: #assignments in the initial sample R –k: #equality literals If m = k = 10, |F| ¼ 2 32, r = 15, then error probability ·

13 Complexity r = #assignments in the initial sample R n = #variables k = #equality literals Each adjust operation has cost O(nr) Number of adjust operations = O(k) Total cost = O(nkr) = O(nk 2 )

14 Retracting Assumptions: Motivation if z=x+y then if x=y then assert (z=2x) else assert (x=z-y) ) decide satisfiability of (z=x+y) Æ (x=y) Æ (z 2x) and (z=x+y) Æ (x y) Æ (x z-y) One easy way to retract is to remember old samples –Space overhead

15 Retracting Assumptions: Unadjust Operation Remember Unadjust(S,e=0) = S [ { } (S [ { }) ² e=0 iff S ² e=0 S4S4 S2S2 S3S3 S1S1 S3S3 S1S1 S2S2 Hyperplane e = 0 S = Adjust(S, e=0)

16 Uninterpreted Function Symbols Use Ackerman transformation –Replace uninterpreted term e with new variable V e –For any F(e) and F(e) add if V e = V e then V F(e) = V F(e) Example (x=y) Æ (f(x)=u) Æ (f(y)=w) ! (x=y) Æ (v 1 =u) Æ (v 2 =w) Æ (if x=y then v 1 = v 2 ) Implementation –After adjusting for an equality, check if any of the conditional literals require adjustment.

17 Experimental Results ExampleArith- dense Arith- sparse Both- dense Both- sparse Uf #equalities2625205035 #adjusts2514294272 #points3020405040 Rand (ms)2.31.33.47.59.6 ICS (ms)386.484.837.073.923.1 ICS/Rand1686511102.5 ICS = Integrated Canonizer and Solver

18 Comparison with Shostaks Algorithm Symbolic manipulation vs. expression evaluation Shostaks solver » adjust operation Shostaks canonizer » probabilistic canonical form

19 Conclusion and Future Work Randomization can help achieve simplicity and efficiency at the expense of making soundness probabilistic Generate proofs Can we extend these ideas to other theories – inequalities, arrays? Integrate symbolic techniques with randomized ones

Similar presentations