Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel."— Presentation transcript:

1 Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel

2 Weizmann Institute DC+C Verification Condition Generator Code generation Abstraction Level ++ CVT Auto-decomposition Abstraction Range Minimizer TLV (verifier)

3 Weizmann Institute To a formula with uninterpreted functions Uninterpreted functions From a general formula:

4 Weizmann Institute From a formula with uninterpreted functions: To a formula in the theory of equality Ackerman’s reduction

5 Weizmann Institute Sajid et al (CAV 98’) : encode each comparison (x=y) with a boolean variable e xy. A special BDD traversing algorithm maintains the lost transitivity. Major improvement comparing to finite instantiations with 1..n. The traversing algorithm is worst case exponential. The number of encoding bits is worst case (Vs. n logn in finite instantiations). Bryant et al (CAV 99’) : in positive equality formulas, replace each UIF with a unique constant. A folk theorem: Finite Instantiations with 1..n. In search for an efficient decision procedure

6 Weizmann Institute Instead of giving the range [1..11], analyze connectivity: x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 x 1, y 1, x 2, y 2 :{0-1} u 1, f 1, f 2, u 2 : {0-3}g 1, g 2, z: {0-2} The state-space: from 11 11 to ~10 5 Finite Instantiations revisited

7 Weizmann Institute Or even better: x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 x 1, y 1, g 1, u 1 : {0} {0}{0}{0-1} An Upper-bound: State-space  n! x 2, y 2, g 2, f 1 : {0-1} u 2 : {0-3} f 2, z: {0-2} The state-space: from ~10 5 to 576

8 Weizmann Institute Choosing a minimal range for the integer variables 0. a,b,c,d,e : {0..65536}(1.2 E 24)(normal) 1.a,b,c,d,e : {1..5} (3125)(1..n) 2. a,b,c: {1..3}(connectivity d,e: {1..2} (108) analysis) 3. a: {1}, b:{1-2}, c: {1-3}(factorial d: {1}, e: {1-2} (12) reduction) 4..........

9 Weizmann Institute The Range-Minimization Problem Given a quantifier-free formula with equalities only, find in polynomial time a small domain sufficient to preserve its truth value: D : Infinite domain D*: finite domain D*D

10 Weizmann Institute Deciding Equality Formulas by Small-Domains Instantiations The strategy: 1. Determine a range allocation, mapping each variable x i  into a small set of integers, s.t.  is satisfiable iff it is satisfiable over some R-interpretation. 2. Encode each variable x i as an enumerated type over R(x i ), and use a standard satisfiability checker as a decision procedure.

11 Weizmann Institute Some simple bounds In exp time, a singleton allocation can be found. If  is not valid, a single counter example is such an allocation. In P-time, the range [1..n], where n is the number of variables, is adequate. This allocation results in a state-space of n n. If we do not insist on a uniform allocation, we can do better: the allocation results in a state-space of n!.

12 Weizmann Institute Analyzing the formula structure Assume  is given in positive form, and contains no constants. Let At(  ) be the set of all atomic formulas of the form x i =x j or x i  x j appearing in . A subset B = {  1,…,  k }  At(  ) is consistent, if  1 ^... ^  k is satisfiable; e.g. B = (x i = x j ^ x i  x j ) is inconsistent. A Range Allocation R is adequate for At(  ), if every consistent subset B  At(  ) can be satisfied under R.

13 Weizmann Institute Computing the A = and A  sets directly The negation sign of each comparison, if transformed to positive form can be predicted in polynomial time. Counting negations in the parsing tree:     b=c a=b d=e

14 Weizmann Institute Examples: The price of a polynomial procedure: At(  ) holds less information than .

15 Weizmann Institute To check validity of , we compute the positive form of  : ::  : and check for satisfiability.

16 Weizmann Institute Split At(  ) into two sets:  : A  : A = : The atomic sub-formulas of 

17 Weizmann Institute x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 A graphical representation A  : A = : Note: 1. Inconsistent subsets, appear as contradictory cycles 2. Some of the vertices are mixed

18 Weizmann Institute The Range-Allocation Algorithm A. Remove all solid edges not belonging to contradictory cycles. B. Add a single unique value to singleton vertices, and remove them from the graph. x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 {0}{0}{1}{1}{3}{3}{2}{2} Step I - pre-processing:

19 Weizmann Institute Step II - Set construction: A. For each mixed vertex x i : 1. Add a unique value u i to R(x i ) 2. Broadcast u i on G  3. Remove x i from the graph B. Add a unique value to each remaining G = component g1g1 g2g2 z {4}{4} {4}{4} {4}{4} g1g1 z {4, } g1g1 g2g2 z {4}{4} 1.2.

20 Weizmann Institute u1u1 f1f1 f2f2 u2u2 {6}{6}{6}{6}{6}{6} {6}{6} f1f1 f2f2 u2u2 {6,7}{6,7} {6,7}{6,7} {6,7}{6,7} u2u2 {6,7, } u1u1 f1f1 f2f2 u2u2 {6}{6}{6,7}{6,7} 1. 2. 3. f1f1 {6,7, }

21 Weizmann Institute Is the allocated range always adequate? »For all x  B, assign the smallest value allocated in step A to a mixed vertex which is G( B ) = - connected to x. »If there isn’t any, choose the value given in step B. x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 {3}{3}{2}{2} {4}{4} {4, } {6}{6}{6,7}{6,7} {6,7, } {1}{1} {0}{0} We have to satisfy every consistent subset B :

22 Weizmann Institute Bad ordering: Good ordering: 18 12 The vertices removed in step A constitutes a Vertex-Cover of G . We will look for a Minimal Vertex Cover (mvc). State space: Order makes a difference {6}{6}{6,7}{6,7}{6,7, } {6, }{6}{6}{6,7}{6,7}{6,7, }

23 Weizmann Institute G Order makes a difference G/mvc

24 Weizmann Institute Colors make a difference 12 4 {6, }{6}{6}{6}{6} {6}{6} {6,7}{6,7} {6,7, } State space: Unique values: ~ Unique values: When should mvc vertices be assigned different values?

25 Weizmann Institute Colors make a difference xy Two mixed vertices are incompatible, if there is a path between them with one solid edge. Coloring the incompatibility graph: z w y z w

26 Weizmann Institute Order affects the Coloring y zxw IV I II III Order: x and z have a ‘bad’ path. Yet, z does not decide the value assigned to y, due to the ordering. Therefore x and z are compatible. y zxw Coloring the incompatibility graph:

27 Weizmann Institute For each connected G = component k: n k = |G = | m k = |mvc k | y k - the number of colors in mvc k (y k  m k ) 1. i  y k |R(x i )|  i 2. y k < i  m k |R(x i )|  y k 3. m k < i  n k |R(x i )|  y k +1 The state-space upper-bound : A new upper bound for the state-space Size of R(x i ) iAccumulated state-space k

28 Weizmann Institute x1x1 x2x2 y1y1 y2y2 g1g1 g2g2 zu1u1 f1f1 f2f2 u2u2 {3}{3}{2}{2} {4}{4} {4,5}{4,5} {4,5}{4,5} {6,7}{6,7} {6}{6}{6}{6}{6,8}{6,8} {1}{1} {0}{0} A state-space story: 11 11! 16 1..n1..ibasic ordercolor 4872? 576 connectivity Range allocation algo.

29 Weizmann Institute The worst case: double cliques back to n! One connected component (n k =n) All vertices are mixed Worst vertex-cover: m k = n k -1 Worst coloring: y k =m k A 4 double-clique State-space  A new upper bound for the state-space For each connected G = component k: n k = |G = | m k = |mvc k | y k - the number of colors in mvc k (y k  m k ) k

30 Weizmann Institute Formulas with constants The maximal state-space of a formula with c k constants: In the worst case: a b5 {1,5} {1,2,5}

31 Weizmann Institute Before and after, in SMV

32 Weizmann Institute Experimental Results A design of a SNECMA turbine engine with Sildex™ results in a verification condition of about 6000 lines. Before : 92% verified in reasonable time After: 100% verified in reasonable time Some of the formulas had 150 integer variables and more. The implementation is available at: http://www.wisdom.weizmann.ac.il/~ofers/sat/bench.htm

Download ppt "Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel."

Similar presentations

NP-Hard Nattee Niparnan.

NP-Hard Nattee Niparnan.
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.

Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.
Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
1 NP-completeness Lecture 2: Jan 11. 2 P The class of problems that can be solved in polynomial time. e.g. gcd, shortest path, prime, etc. There are many.

1 NP-completeness Lecture 2: Jan P The class of problems that can be solved in polynomial time. e.g. gcd, shortest path, prime, etc. There are many.
1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 

1 NP-Complete Problems. 2 We discuss some hard problems:  how hard? (computational complexity)  what makes them hard?  any solutions? Definitions 
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
Graphs 4/16/2017 8:41 PM NP-Completeness.

Graphs 4/16/2017 8:41 PM NP-Completeness.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.

Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.

1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
NP-Complete Problems Reading Material: Chapter 10 Sections 1, 2, 3, and 4 only.

NP-Complete Problems Reading Material: Chapter 10 Sections 1, 2, 3, and 4 only.
SAT-Based Decision Procedures for Subsets of First-Order Logic

SAT-Based Decision Procedures for Subsets of First-Order Logic
The Theory of NP-Completeness

The Theory of NP-Completeness
NP-Complete Problems Problems in Computer Science are classified into

NP-Complete Problems Problems in Computer Science are classified into
Weizmann Institute Range Minimization O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Range Minimization O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
A New Approach to Structural Analysis and Transformation of Networks Alan Mishchenko November 29, 1999.

A New Approach to Structural Analysis and Transformation of Networks Alan Mishchenko November 29, 1999.
Analysis of Algorithms CS 477/677

Analysis of Algorithms CS 477/677
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
Search in the semantic domain. Some definitions atomic formula: smallest formula possible (no sub- formulas) literal: atomic formula or negation of an.

Search in the semantic domain. Some definitions atomic formula: smallest formula possible (no sub- formulas) literal: atomic formula or negation of an.
Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.

Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.

Similar presentations

Ads by Google