Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.

Slides:



Advertisements
Similar presentations
Join Algorithms for the Theory of Uninterpreted Functions Sumit Gulwani Ashish Tiwari George Necula UC-Berkeley SRI UC-Berkeley.
Advertisements

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
A Polynomial-Time Algorithm for Global Value Numbering SAS 2004 Sumit Gulwani George C. Necula.
Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
Program Verification using Probabilistic Techniques Sumit Gulwani Microsoft Research Invited Talk: VSTTE Workshop August 2006 Joint work with George Necula.
Global Value Numbering using Random Interpretation Sumit Gulwani George C. Necula CS Department University of California, Berkeley.
Precise Interprocedural Analysis using Random Interpretation Sumit Gulwani George Necula UC-Berkeley.
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
CS4026 Formal Models of Computation Part II The Logic Model Lecture 1 – Programming in Logic.
Constraint-based Invariant Inference over Predicate Abstraction Sumit Gulwani Ramarathnam Venkatesan Microsoft Research, Redmond Saurabh Srivastava University.
Heteroskedasticity Lecture 17 Lecture 17.
1 Decision Procedures An algorithmic point of view Equality Logic and Uninterpreted Functions.
Problems and Their Classes
Inference Rules Universal Instantiation Existential Generalization
Semantics Static semantics Dynamic semantics attribute grammars
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Reasoning About Code; Hoare Logic, continued
Hoare’s Correctness Triplets Dijkstra’s Predicate Transformers
Rigorous Software Development CSCI-GA Instructor: Thomas Wies Spring 2012 Lecture 11.
Hybrid Systems Presented by: Arnab De Anand S. An Intuitive Introduction to Hybrid Systems Discrete program with an analog environment. What does it mean?
Methods of Proof Chapter 7, second half.. Proof methods Proof methods divide into (roughly) two kinds: Application of inference rules: Legitimate (sound)
Program Analysis as Constraint Solving Sumit Gulwani (MSR Redmond) Ramarathnam Venkatesan (MSR Redmond) Saurabh Srivastava (Univ. of Maryland) TexPoint.
Copyright © 2006 Addison-Wesley. All rights reserved.1-1 ICS 410: Programming Languages Chapter 3 : Describing Syntax and Semantics Axiomatic Semantics.
Discovering Affine Equalities Using Random Interpretation Sumit Gulwani George Necula EECS Department University of California, Berkeley.
Lifting Abstract Interpreters to Quantified Logical Domains Sumit Gulwani, MSR Bill McCloskey, UCB Ashish Tiwari, SRI 1.
Program Verification as Probabilistic Inference Sumit Gulwani Nebojsa Jojic Microsoft Research, Redmond.
Assertion Checking Unified Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI.
Precise Inter-procedural Analysis Sumit Gulwani George C. Necula using Random Interpretation presented by Kian Win Ong UC Berkeley.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Interpolants [Craig 1957] G(y,z) F(x,y)
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Prof. Necula CS Lecture 121 Decision-Procedure Based Theorem Provers Tactic-Based Theorem Proving Inferring Loop Invariants CS Lecture 12.
Search in the semantic domain. Some definitions atomic formula: smallest formula possible (no sub- formulas) literal: atomic formula or negation of an.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
Review: forward E { P } { P && E } TF { P && ! E } { P 1 } { P 2 } { P 1 || P 2 } x = E { P } { \exists … }
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
Ofer Strichman, Technion Deciding Combined Theories.
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic.
SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.
Deciding a Combination of Theories - Decision Procedure - Changki pswlab Combination of Theories Daniel Kroening, Ofer Strichman Presented by Changki.
From Program Verification to Program Synthesis Saurabh Srivastava * Sumit Gulwani ♯ Jeffrey S. Foster * * University of Maryland, College Park ♯ Microsoft.
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
NP Complexity By Mussie Araya. What is NP Complexity? Formal Definition: NP is the set of decision problems solvable in polynomial time by a non- deterministic.
Unification Algorithm Input: a finite set Σ of simple expressions Output: a mgu for Σ (if Σ is unifiable) 1. Set k = 0 and  0 = . 2. If Σ  k is a singleton,
LDK R Logics for Data and Knowledge Representation Propositional Logic: Reasoning First version by Alessandro Agostini and Fausto Giunchiglia Second version.
NP-Complete Problems. Running Time v.s. Input Size Concern with problems whose complexity may be described by exponential functions. Tractable problems.
Automated Reasoning Early AI explored how to automated several reasoning tasks – these were solved by what we might call weak problem solving methods as.
CS6133 Software Specification and Verification
© Copyright 2008 STI INNSBRUCK Intelligent Systems Propositional Logic.
Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.
Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding Combined Theories.
NPC.
Quantified Data Automata on Skinny Trees: an Abstract Domain for Lists Pranav Garg 1, P. Madhusudan 1 and Gennaro Parlato 2 1 University of Illinois at.
Logical Agents Chapter 7. Outline Knowledge-based agents Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules and theorem.
Computer Systems Laboratory Stanford University Clark W. Barrett David L. Dill Aaron Stump A Framework for Cooperating Decision Procedures.
Satisfiability Modulo Theories and DPLL(T) Andrew Reynolds March 18, 2015.
Logical Agents. Outline Knowledge-based agents Logic in general - models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability.
CENG 424-Logic for CS Introduction Based on the Lecture Notes of Konstantin Korovin, Valentin Goranko, Russel and Norvig, and Michael Genesereth.
Decision Procedures in First Order Logic
Reasoning about code CSE 331 University of Washington.
Propositional Calculus: Boolean Algebra and Simplification
NP-Complete Problems.
Predicate Transformers
Search techniques.
Program correctness Axiomatic semantics
Lecture 23 NP-Hard Problems
Presentation transcript:

Assertion Checking over Combined Abstraction of Linear Arithmetic and Uninterpreted Functions Sumit Gulwani Microsoft Research, Redmond Ashish Tiwari SRI

/171 Precision of combined abstraction a 1 := a 1 +1; a 2 := a 2 +2; b 1 := F(b 1 ); b 2 := F(b 2 ); c 1 := F(2c 1 -c 2 ); c 2 := F(c 2 ); a 1 := 0; a 2 := 0; b 1 := 1; b 2 := F(1); c 1 := 2; c 2 := 2; Assert(a 2 =2a 1 ); Assert(b 2 = F(b 1 )); Assert(c 2 =c 1 ); * False True Analysis over abstractions of linear arithmetic & uninterpreted functions can verify first and second assertions resp. Third assertion can be verified only over the combined abstraction.

/172 Abstract Program Model / Problem Statement Linear Arithmetic e = y | c | e 1 § e 2 | c e Uninterpreted Functions e = y | F(e 1,e 2 ) Combination e = y | c | e 1 § e 2 | c e | F(e 1,e 2 ) Assignment y := e Non-deterministic Conditional * True False Non-deterministic Assignment y := ? Assertion Assert(e 1 =e 2 )

/173 Earlier Results AbstractionAssertion Checking Complexity Linear Arithmetic O(n 2 ) Gulwani-Necula (POPL 03) Uninterpreted Functions O(n 4 ) Gulwani-Necula (POPL 04) Combination Decision Procedure Complexity O(n 3 ) Gaussian Elimination O(n log n) Congruence Closure O(n 4 ) Nelson-Oppen Comb coNP-hard! This paper

/174 Outline Connection between assertion checking and unification coNP-hardness Algorithm Remarks

/175 Unification Terminology A substitution is a (acyclic) mapping of some variables to expressions. A substitution 1 is more general than 2 if there exists such that 1 = ( 2 ). A substitution is a unifier for an equality e 1 =e 2 if e 1 [y/ (y)] = e 2 [y/ (y)]. Example Consider the equality F(y) = F(a) + F(b) – F(a+b-y). { y à a } is a unifier for it and so is { y à 1, a à 1 }. The former unifier is more general than the latter.

/176 Unification Terminology Continued … A set of unifiers { 1,…, k } for e 1 =e 2 is complete if for all unifiers of e 1 =e 2, 9 i s.t. i is more general than Let Unif(e 1 =e 2 ) = Ç Æ y = i (y) i=1 k y Example Consider the equality F(y) = F(a) + F(b) – F(a+b-y). { {y à a}, {y à b} } is a complete set of unifiers for it. Hence, Unif(F(y) = F(a)+F(b)-F(a+b-y)) = (y=a Ç y=b).

/177 An assertion e 1 = e 2 holds at a program point iff the assertion Unif(e 1 =e 2 ) holds at Connection between Assertion Checking & Unification Example To prove, F(y) = F(a) + F(b) – F(a+b-y), you need to prove that y=a Ç y=b is true.

/178 Outline Connection between assertion checking and unification coNP-hardness Algorithm Remarks

/179 Reducing Unsatisfiability to Assertion Checking boolean 3-SAT instance with m clauses IsUnsatisfiable( ) { for j=1 to m c j := 0; for i=1 to k do if (*) 8 j s.t. var i occurs positively in clause j, c j := 1; else 8 j s.t. var i occurs negatively in clause j, c j := 1; y = c 1 + c 2 + … + c m ; Assert (y=0 Ç y=1 … Ç y=m-1); }

/1710 Encoding disjunction The check y=1 Ç y=2 can be encoded by the assertion F(y) = F(1)+F(2)-F(3-y)). The above trick can be recursively applied to construct an assertion that encodes y=0 Ç y=1 Ç … Ç y=m-1 –Eg., y=0 Ç y=1 Ç y=2 can be encoded by encoding F(y)=F(0) Ç F(y)=F(1)+F(2)-F(3-y)

/1711 Outline Connection between assertion checking and unification coNP-hardnes Algorithm Remarks

/1712 Assertion Checking Algorithm Backward Analysis –Perform weakest precondition computation. –At each step replace the formula by Unif( ), which is a stronger and simpler formula. Termination (reach fixpoint across loops)? –Yes, because of unifier computations. –This result is interesting because forward analysis (which attempts to infer invariants) does not terminate, as lattice has infinite height.

/1713 Proof of Termination At each program point, the proof obligation has the form: Ç Æ y = i (y) i=1 k y In each successive loop iteration, above formula becomes stronger. We prove this cannot happen indefinitely: –Assign the following measure to the above formula { # of conjuncts representing unifier i | i=1 to k } –Show this measure decreases in some well-founded ordering.

/1714 Outline Connection between assertion checking and unification coNP-hardnes Algorithm Remarks

/1715 Further Connections between Assertion Checking & Unification Can we explain the complexity results more naturally? Answer Complexity of assertion checking appears to depend on the cardinality of complete set of unifiers for equalities in the corresponding abstraction. AbstractionCardinalityComplexity Linear Arithmetic UnitaryPTime Uninterpreted Functions UnitaryPTime CombinationFinitarycoNP-hard, but decidable

/1716 Related work on combining abstract interpreters Is there an efficient analysis to reason about most assertions? Answer (PLDI 06): Given abstract interpreters for Lattice L1 (eg, linear equalities, Gulwani-Necula POPL 03) Lattice L2 (eg, uninterpreted funs, Gulwani-Necula POPL 04) Can obtain abstract interpreter for logical product of L1 & L2. Cons: Cannot reason about all assertions. Pros: Polynomial time. Can reason about conditionals.

/1717 Conclusion Assertion checking for combination of linear arithmetic and uninterpreted functions is: –coNP-hard. –but decidable. We prove these (surprising!) results by establishing connections between assertion checking & unification. These results motivate logical product combination of lattices, which entail slightly imprecise, but efficient & automated reasoning (PLDI 06).

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.