Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University."— Presentation transcript:

1 1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University

2 2 Integrated decision procedures in Theorem-Provers Deciding a combination of theories is the key for automation in Theorem Provers: Boolean operators, Bit-vector, Sets, Linear-Arithmetic, Uninterpreted functions, More … f(f(x)-f(y)) != f(z) & y 10 Uninterpreted functions Linear Arithmetic Bit-Vector operators Normally, each theory is solved with its own decision procedure and the results are combined (Shostak, Nelson..).

3 3 Integrated decision procedures in Theorem-Provers All of these theories, except linear arithmetic, have known efficient direct reductions to propositional logic. Thus, reducing linear arithmetic to propositional logic will: 1. Enable integration of theories in the propositional logic level. 2. Potentially be faster than known techniques.

4 4 Linear Arithmetic and its sub-theories 2x –3y +5z < 0 5x + 2w  2 Some useful methods for solving a conjunction of linear arithmetic expressions: 1.Simplex, Elliptic curve 2.Variable Elimination Methods (Hodes, Fourier-Motzkin,..) 3.Shostak’s loop residues 4.Separation theory: Bellman / Pratt... 5....

5 5 A decision procedure for separation theory Separation predicates have the form x > y + c where x,y are real variables, and c is a constant Pratt [73] (/Bellman[57]): Given a set of conjuncted separation predicates  1. Construct the `inequality graph’ 2.  is satisfiable iff there is no cycle with non-negative accumulated weight  : ( x > z +3  z > y –1  y > x+1) x y z 3 1

6 6 Handling disjunctions through case splitting All previously mentioned algorithms handle disjunctions by splitting the formula. This can be thought of as a two stage process: 1.Convert formula to Disjunctive Normal Form (DNF) 2.Solve each clause separately, until satisfying one of them. (A common improvement: split ‘when needed’) Case splitting is frequently the bottleneck of the procedure

7 7 So what can be done against case-splitting ? Given a formula , this transformation can be done if  ’ s.t. | =   | =  ’, and  ’ is decidable under a finite domain. When is this possible?  enjoys the ‘Small model property’, or Tailor-made reduction Answer: Split the domain, not the formula.

8 8 SAT vs. infinite-state decision procedures With finite instantiation (e.g. SAT), we split the domain. Infinite state decision procedures split the formula. So what’s the big difference ?

9 9 SAT vs. infinite-state decision procedures SAT splits the domain. Infinite state decision procedures split the formula. So what’s the big difference ? 1. Pruning. 2. Learning. 3. Guidance (prioritizing internal steps) Three mechanisms, crucial for efficient decision making: SAT has a significant advantage in all three.

10 10 SAT vs. infinite-state decision procedures 1. Pruning. 2. Learning. 3. Guidance (prioritizing internal steps) Three mechanisms, crucial for efficient decision making: SAT has a significant advantage in all three.

11 11 SAT vs. infinite-state decision procedures (1/4) 1. Pruning SAT: each clause c prunes up to 2 |v|-|c| states. Others: ? (stops when finds a satisfiable clause) y x 0 01 1 Backtrack Pruned!. (x  y). |v|=1000, |c| =2 Pruning 2 998 states

12 12 SAT vs. infinite-state decision procedures (2/4) 2. Learning SAT: Partial assignments that lead to a conflict are recorded and hence not repeated. Others: (depends on decision procedure) - Adding proved sub-goals as antecedents to new sub-goals - …

13 13 SAT vs. infinite-state decision procedures (3/4) 3. Guidance (prioritizing internal steps) Guidance requires efficient estimation: Consider  1   2, where  1 is unsat and hard, and  2 is sat and easy. With proper guidance, a theorem prover should start from  2. - How hard it is to solve each sub-formula? - To what extent will it simplify the rest of the proof?

14 14 SAT vs. infinite-state decision procedures (4/4) 3. Guidance (cont’d) “..To what extent will it simplify the rest of the proof?” SAT: Guidance through decision heuristics (e.g. DLIS). Others: Expression ordering,... (x  y  z) (x  v) (~x  ~z) Estimating simplification by counting literals in each phase

15 15 Example: Equality Logic with Uninterpreted Functions (1/3) Equality Logic with Uninterpreted Functions: (Uninterpreted functions are reducible to equality logic. Thus, we can concentrate on equality logic) Traditional infinite-state decision procedure: Congruence Closure with case splitting.

16 16 Example: Equality Logic (2/3) Since 1998, several groups devised finite-state decision procedures for this theory: Goel et. al. (CAV’98) – Boolean encoding and BDDs Bryant et. al. (CAV’99) – Positive-equality + finite instantiation Pnueli et. al. (CAV’99) – Small domains instantiation Bryant et. al. (CAV’00) – Boolean encoding with explicit constraints

17 17 Example: Equality Logic (3/4) Goel et. al (CAV’98): Encode each equality i=j with a new Boolean variable e ij Construct BDD of encoded formula Search BDD for a consistent path leading to ‘1’. E.g. an assignment to three variables e xy,e yz, e xz is consistent iff e xy + e yz + e xz  2

18 18 Example: Equality Logic (3/3) Let (x=y, y=z, x=z) be the equality predicates in . x y z e xy e xz e yz 2. Impose transitivity on cycles: e xy + e yz + e xz  2 1. Construct the equality graph. The resulting formula is propositional  BDDs, SAT, etc. Bryant et. al. (CAV’00): Add transitivity constraints to the formula.

19 19 Example: Equality Logic (cont’d) The number of simple cycles can be exponential. Bryant et. al. Suggested to first make the graph chordal: e1e1 e2e2 e3e3 e4e4 ecec In a chordal graph, every assignment that violates transitivity, also violates transitivity of a triangle. Hence – it is sufficient to impose Transitivity over triangles.

20 20 This work 1.Separation predicates: 2.Separation predicates for integers: 3.Linear arithmetic: 4.Integer linear arithmetic: Extends the results of Bryant et.al. to a Boolean combination of: Done

21 21 Usability Separation predicates: “Most verification conditions involving inequalities are separation predicates” [Pratt, 1973]: Array bounds checks, tests on index variables, timing constraints, worst execution time analysis, etc. Linear arithmetic: All of the above + … + Linear programming, + Integer Linear programming.

22 22 Reducing separation predicates to propositional logic (1/6)  : f(x) > f(y+1)  : (x=y+1  f 1 =f 2 )  (f 1 >f 2 ) A. Normalize (example):  : (x>y+1  y>x-1  (f 1  f 2  f 2  f 1 ))  (f 1 >f 2 ) 1. Uninterpreted functions  equality logic x  y+1 f1=f2f1=f2 Now  has no negations and only the ‘>’ and ‘  ’ predicate symbols. 2. Normal form

23 23 Reducing separation predicates to propositional logic (2/6) 1. Reduce Uninterpreted Functions to equalities. 2. Rewrite equalities as conjunction of inequalities, e.g. rewrite x=y+c as x  y+c  x  y+c. 3. Transform  to Negation Normal Form, and eliminate negations by reversing inequality signs. 4. Rewrite ‘ ’ and ‘  ’, e.g. rewrite x x – c. A. Normalize (procedure)

24 24 Reducing separation predicates to propositional logic (2/6)  : z y-1)  : x > z +3  (z > y –1  y  x+1) A. Normalizing example:

25 25 x y z 3 1 Reducing separation predicates to propositional logic (3/6)  : ( x > z +3  (z > y –1  y  x+1))  ’: Transitivity constraints   ( )) ( B. Encode + construct graph (example): x y z -3 1 Separation graph: and its dual:

26 26 2. Substitute each predicate in  of the form x > y+c with a Boolean variable, and add an edge (x,y,c,>) to E 1. Construct a graph G(V,E), where V = variables in . Each edge e  E is a 4-tuple (from, to, weight, {>,  }) Reducing separation predicates to propositional logic (4/6) B. Encode predicates and construct a graph (procedure) 3. Substitute each predicate in  of the form x  y+c with a Boolean variable, and add an edge (x,y,c,  ) to E

27 27 x y z 3 1 Reducing separation predicates to propositional logic (5/6)  ’: Transitivity constraints   ( )) ( C. Add transitivity constraints for each simple cycle (example):  ’: (((( ))    ( ( x y z -3 1

28 28 c1c1 c3c3 c2c2 1. If there are mixed edges: If total weight is not negative: 2. If all edges are ‘  ’:... 3. If all edges are ‘>’:... If total weight is not positive: C. Add transitivity constraints for each cycle C Reducing separation predicates to propositional logic (6/6)

29 29 Compact representation of constraints (1/4)..... In most cases - yes. e.g. If the diamonds are ‘balanced’ ( c 1 + c 2 = c 3 + c 4 )  O(n) constraints..... c1c1 c2c2 c 1+ c 2 n diamonds  2 n simple cycles. Can we do better than that ? c3c3 c4c4

30 30 Compact representation of constraints (2/4) Chordal graphs: each cycle of size greater than 3, has a ‘chord’. In the equality predicates case: Let C be a cycle in G Let  be an assignment that violates C’s transitivity (  |  C) Theorem: there exists a cycle c of size 3 in G s.t.  |  c Conclusion: add transitivity constraints only for triangles. Now only a polynomial no. of constraints is required. G:G:

31 31 Compact representation of constraints (3/4) Our case is more complicated: G is directed G is a multi-graph Edges have weights There are two types of edges G is chordal iff: Every directed cycle of size greater than 3 has a chord which ‘accumulates’ the weight of the path between its ends. c1c1 c2c2 c3c3 c4c4 c 1+ c 2 c5c5

32 32 Compact representation of constraints (4/4) Complexity of making the graph chordal: 1. If the diamonds are ‘balanced’  O(n) constraints 3. Worst case  O(2 n )..... c1c1 c1c1 c1c1 c1c1 c2c2 c2c2 c2c2 c2c2 2. If there are uniform weights c 1 and c 2, c 1  c 2 on top and bottom paths  O(n 2 ) constraints

33 33 Extension to integer variables (1/2) Given  with integer separation predicates, derive  R : Declare all variables as real. Replace x > y + c, x  y + c where c is not an integer, with x  y +  c  For each predicate x > y + c, add a constraint x > y + c  x  y + c + 1 Theorem:  is satisfiable iff  R is satisfiable

34 34 Extension to integer variables (1/2) Given  with integer separation predicates, derive  R : Declare all variables as real. Theorem:  is satisfiable iff  R is satisfiable (c is an integer) For each predicate x > y + c, add a constraint x > y + c  x  y + c + 1

35 35 Extension to integer variables (2/2)  : x,y: int; x > y + 1  x < y + 2 Example:  R : x,y: real; x > y + 1  y > x - 2  (x > y + 1  x  y + 2)  (y > x - 2  y  x – 1)

36 36 Experimental results (1/3)..... n diamonds Each diamond has 2d edges Top and bottom paths in each diamond are disjuncted. There are 2 n conjuncted cycles. By adjusting the weights, we ensured that there is a single satisfying assignment. d=2

37 37 Experimental results (2/3) To be continued...

38 38 Experimental results (3/3) To be continued... The procedure has recently been integrated into SyMP and Euclid. We currently experiment with real software verification problems.

39 39 Experimental results (1/2)..... n diamonds Each diamond has 2d edges Top and bottom paths in each diamond are disjuncted. There are 2 n conjuncted cycles. By adjusting the weights, we ensured that there is a single satisfying assignment. d=2

40 40 Next: Linear Arithmetic (1/2) x > y + c x y c c1c1 c3c3 c2c2 Adding constraints according to accumulated cycle weight: The test c 1 + c 2 + c 3 > 0 results in a yes/no answer Separation predicates:

41 41 Next: Linear Arithmetic (2/2) x > y + 2 z + c x y 2 z + c  3 3  2 2 x y The test  1 +  2 +  3 > 0 results in a new predicate! Shostak[81]: ‘Deciding linear inequalities by computing loop residues’ - Determine a fixed variable order - Represent each predicate by its two ‘highest’ variables This procedure guarantees termination. Linear Arithmetic:

Download ppt "1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University."

Similar presentations

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.

Hybrid BDD and All-SAT Method for Model Checking Orna Grumberg Joint work with Assaf Schuster and Avi Yadgar Technion – Israel Institute of Technology.
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
ECE 667 - Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.

ECE Synthesis & Verification - L271 ECE 697B (667) Spring 2006 Synthesis and Verification of Digital Systems Model Checking basics.
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 

Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.

On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)

Weizmann Institute Tuning SAT-checkers for Bounded Model-Checking A bounded guided tour Ofer Shtrichman Weizmann Institute & IBM (HRL)
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Carnegie Mellon University Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints

Carnegie Mellon University Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Interpolants [Craig 1957] G(y,z) F(x,y)

Interpolants [Craig 1957] G(y,z) F(x,y)
Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.

Heuristics for Efficient SAT Solving As implemented in GRASP, Chaff and GSAT.
1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.

1 Satisfiability Modulo Theories Sinan Hanay. 2 Boolean Satisfiability (SAT) Is there an assignment to the p 1, p 2, …, p n variables such that  evaluates.
Solving Partial Order Constraints for LPO termination.

Solving Partial Order Constraints for LPO termination.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.

Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.

Similar presentations

Ads by Google