Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)"— Presentation transcript:

1 Automated Theorem Proving Lecture 4

2   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t) m  MemTerm := f | Update(m,t,t) f  Field b  SymBoolConst x  SymIntConst c  {…,-1,0,1,…}

3 Memory axiom for all objects o and o’, and memories m:  o = o’  Select(Update(m,o,v),o’) = v  o  o’  Select(Update(m,o,v),o’) = Select(m,o’)

4 Select(f,b) = 5  Select(Update(f,a,5),a) + Select(Update(f,a,5),b)  10 is unsatisfiable { b.f = 5 } a.f = 5 { a.f + b.f = 10 } theory of arithmetic: 5, 10, + theory of arrays: Select, Update, f Constraints that arise in program verification are mixed! iff

5 Theories communicating via equality and variables Introduce: variable w to represent Select(f,b) variable x to represent Select(Update(f,a,w),a) variable y to represent Select(Updatef,a,w),b) variables z and z’ to eliminate the arithmetic disequality w = Select(f,b) x = Select(Update(f,a,w),a) y = Select(Update(f,a,w),b) z  z’ Theory of arithmeticTheory of arrays w = 5 x + y = z z’ = 10 Select(f,b) = 5  Select(Update(f,a,5),a) + Select(Update(f,a,5),b)  10 x = w, y = w z = z’

6 Theory of arrays   Formula := A |    A  Atom := t = t | t  t t  Term := c | Select(m,t) m  MemTerm := f | Update(m,t,t) c  SymConst for all objects o and o’, and memories m:  o = o’  Select(Update(m,o,v),o’) = v  o  o’  Select(Update(m,o,v),o’) = Select(m,o’)

7 Theory of Equality with Uninterpreted Functions   Formula := A |    A  Atom := t = t | t  t t  Term := c | f(t,…,t) c  SymConst f  Function for all constants a and b and functions f: - a = a - a = b  b = a - a = b  b = c  a = c - a = b  f(a) = f(b)

8 f(f(f(f(f(a))))) = a f(f(f(a))) = a f(f(a)) = a f(a) = a f(a,b) = a f(f(a,b),b) = b f(a,b) = b a = b f(f(f(f(a)))) = a

9 f ab f f f f f f a f(a,b) = a f(f(a,b),b) = b f(f(f(f(f(a))))) = a f(f(f(a))) = a

10 f ab f f f f f f a e-graph Use union-find algorithm to maintain equivalence classes on terms. Congruence closure algorithm

11 Decision procedure for EUF 1. Construct initial e-graph for all terms appearing in equalities and disequalities. 2. Apply congruence closure ignoring disequalities. 3. If there is a disequality t 1  t 2 and an equivalence class containing both t 1 and t 2, return unsatisfiable. 4. Otherwise, return satisfiable.

12 Soundness Theorem: If the algorithm returns unsatisfiable, the constraints are unsatisfiable. Lemma: At every step of the congruence closure algorithm, each equality in the e-graph is implied by the original set of equalities. Proof: By induction on the number of steps.

13 Completeness Theorem: If the algorithm returns satisfiable, there is a model satisfying the constraints.

14 Model A (finite or infinite) universe U An interpretation I - maps each constant symbol u to an element I(u)  U - maps each function symbol f to a function I(f)  (U  U)

15 Completeness Theorem: If the algorithm returns satisfiable, there is a model satisfying the constraints. How do we construct the model?

16 f ab f f(a,b) = a f(f(a,b),b) = b For any term t in the e-graph, let EC(t) be the equivalence class containing t. U = set of equivalence classes + new element  I(c) = EC(c) I(f)(  ) = EC(f(u)), if  u . f(u) is a term in the e-graph I(f)(  ) = , otherwise

17 Convexity A conjunction of facts is convex if whenever it entails a disjunction of equalities, it also entails at least one equality by itself. If C  a 1 = b 1  …  a n = b n Then there is i  [1,n] such that C  a i = b i A theory is convex if ever conjunction of facts in the theory is convex.

18 EUF is convex Suppose C  u 1 = t 1  u 2 = t 2 Then C  u 1  t 1  u 2  t 2 is unsatisfiable The congruence closure algorithm demonstrates that there is some i such that even C  u i  t i is unsatisfiable

19 Uninterpreted theory Function symbols: f 1, f 2, … (each with an arity  {0,1,…}) Relation symbols: R 1, R 2, … (each with an arity  {0,1,…}) Special relation: equality (arity 2) Variables: x 1, x 2, … Boolean facts: x 1 = x 2, x 1  x 2, R(x 1, x 2 ),  R(x 1, x 2 ),  x. R(x,y) A conjunction of facts is consistent iff there is a model (U,I) that satisfies each fact in the conjunction. e.g., EUF, arrays, lists

20 Interpreted theory Function symbols: f 1, f 2, … (each with an arity  {0,1,…}) Relation symbols: R 1, R 2, … (each with an arity  {0,1,…}) Special relation: equality (arity 2) Variables: x 1, x 2, … Boolean facts: x 1 = x 2, x 1  x 2, R(x 1, x 2 ),  R(x 1, x 2 ),  x. R(x,y) A conjunction of facts is consistent iff I can be extended to the free variables of the conjunction so that each fact in the conjunction is satisfied. Fixed model (U,I) providing an interpretation for the function and relation symbols. e.g., arithmetic over rationals, arithmetic over integers

21 Communicating theories Suppose the only shared symbols between two theories T1 and T2 are equality and variables C1 is conjunction of facts in theory T1 C2 is conjunction of facts in theory T2 Suppose C1 is consistent by itself and C2 is consistent by itself Is C1  C2 consistent?

22 f(f(x) – f(y))  f(z)  x  y  y + z  x  z  0 x  y y + z  x z  0 g 1 = g 2 – g 3 f(g 1 )  f(z) g 2 = f(x) g 3 = f(y) C1 is consistent C2 is consistent But C1  C2 is not consistent! C1 C2 x = y g 2 = g 3 g 1 = z

23 For any conjunction C1 of facts in the theory of rationals and any conjunction C2 of facts in the theory of EUF, it suffices to communicate equalities over shared variables. What if C1 is a conjunction of facts in the theory of arithmetic over integers?

24 1  x x  2 a = 1 b = 2 f(x)  f(a) f(x)  f(b) C1 C2 C1  x = a  x = b  f(x) = f(a)  f(x) = f(b) =  C2 The equality sharing procedure does not work because the theory of integers is non-convex (although the theory of rationals is convex)! Fix: Communicate disjunctions of equalities!

25 1  x x  2 a = 1 b = 2 f(x)  f(a) f(x)  f(b)  x = a  x = b

26 1  x x  2 a = 1 b = 2 x = a f(x)  f(a) f(x)  f(b) x = a 4, 2, x = b Unsatisfiable

27 1  x x  2 a = 1 b = 2 x = b f(x)  f(a) f(x)  f(b) x = b Unsatisfiable

28 Another Example

29 1  x x  2 a = 1 b = 2 f(x) = a f(a) = b f(b) = b  x = a  x = b

30 1  x x  2 a = 1 b = 2 x = a f(x) = a f(a) = b f(b) = b x = a 4, 3, x = b a = b Unsatisfiable

31 1  x x  2 a = 1 b = 2 x = b f(x) = a f(a) = b f(b) = b x = b Unsatisfiable a = b

32 The procedure returns satisfiable only when (1) C1 is consistent (2) C2 is consistent (3) C1 is convex (4) C2 is convex (5) C1 entails (x = y) iff C2 entails (x = y) Theorem: If the procedure returns satisfiable, then there is a model of C1  C2. Technical side conditions: (1) Every consistent formula in T1 has a countably infinite model (2) Every consistent formula in T2 has a countably infinite model

33 Proof Partition variables into equivalence classes Q 1, …, Q n such that for all i  [1,n], if x,y  Q i then C1 entails x = y. Lemma: For all i  [1,n], if x,y  Q i then C2 entails x = y. For each i  [1,n], pick representative w i  Q i. Lemma: C1   1  i < j  n (w i  w j ) is consistent. Lemma: C2   1  i < j  n (w i  w j ) is consistent.

34 Proof continued D1 = C1   1  i < j  n (w i  w j ) D2 = C2   1  i < j  n (w i  w j ) D1 has a countably infinite model (U1, I1) D2 has a countably infinite model (U2, I2) Pick an isomorphism K from U1 to U2 that is consistent with variable assignments, i.e., for all x, K(I1(x)) = I2(x). The interpretations of function and relation symbols can be mapped easily using K.

Download ppt "Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)"

Similar presentations

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
Automated Theorem Proving

Automated Theorem Proving
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Completeness and Expressiveness

Completeness and Expressiveness
Some important properties Lectures of Prof. Doron Peled, Bar Ilan University.

Some important properties Lectures of Prof. Doron Peled, Bar Ilan University.
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”

Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.
Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.

Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis.
Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Lecture 6 Hyperreal Numbers (Nonstandard Analysis)

Lecture 6 Hyperreal Numbers (Nonstandard Analysis)
Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.

A Semantic Characterization of Unbounded-Nondeterministic Abstract State Machines Andreas Glausch and Wolfgang Reisig 1.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.

Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
1 9. Evaluation of Queries Query evaluation –. 2 9.1 Quantifier Elimination and Satisfiability Example: Logical Level: r   y 1,…y n  r’ Constraint.

1 9. Evaluation of Queries Query evaluation – Quantifier Elimination and Satisfiability Example: Logical Level: r   y 1,…y n  r’ Constraint.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 5.

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 5.
1 2. Constraint Databases Next level of data abstraction: Constraint level – finitely represents by constraints the logical level.

1 2. Constraint Databases Next level of data abstraction: Constraint level – finitely represents by constraints the logical level.

Similar presentations

Ads by Google