ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 4.

Slides:



Advertisements
Similar presentations
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Advertisements

Automated Theorem Proving
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Synthesis, Analysis, and Verification Lecture 04c Lectures: Viktor Kuncak VC Generation for Programs with Data Structures “Beyond Integers”
Knowledge & Reasoning Logical Reasoning: to have a computer automatically perform deduction or prove theorems Knowledge Representations: modern ways of.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Propositional and First Order Reasoning. Terminology Propositional variable: boolean variable (p) Literal: propositional variable or its negation p 
Disjunctive Normal Form CS 680: Formal Methods Jeremy Johnson.
Models and Propositional Logic In propositional logic, a model in general simply fixes the truth value – true or false – for every proposition symbol.
Logic.
CPSC 422, Lecture 21Slide 1 Intelligent Systems (AI-2) Computer Science cpsc422, Lecture 21 Mar, 4, 2015 Slide credit: some slides adapted from Stuart.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.
1/30 SAT Solver Changki PSWLAB SAT Solver Daniel Kroening, Ofer Strichman.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)
Computability and Complexity 8-1 Computability and Complexity Andrei Bulatov Logic Reminder.
Willis Lemasters Grant Conklin. Searching a tree recursively one branch at a time, abandoning any branch which does not satisfy the search constraints.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 5.
Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)
Presented by Ed Clarke Slides borrowed from P. Chauhan and C. Bartzis
1 Quantified Formulas Acknowledgement: QBF slides borrowed from S. Malik.
1 Polynomial Time Reductions Polynomial Computable function : For any computes in polynomial time.
Existential Graphs and Davis-Putnam April 3, 2002 Bram van Heuveln Department of Cognitive Science.
Restricted Satisfiability (SAT) Problem
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 1.
Search in the semantic domain. Some definitions atomic formula: smallest formula possible (no sub- formulas) literal: atomic formula or negation of an.
Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
Review: forward E { P } { P && E } TF { P && ! E } { P 1 } { P 2 } { P 1 || P 2 } x = E { P } { \exists … }
1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.
CS1502 Formal Methods in Computer Science Lecture Notes 10 Resolution and Horn Sentences.
SAT Solver Math Foundations of Computer Science. 2 Boolean Expressions  A Boolean expression is a Boolean function  Any Boolean function can be written.
Deciding a Combination of Theories - Decision Procedure - Changki pswlab Combination of Theories Daniel Kroening, Ofer Strichman Presented by Changki.
Proof Systems KB |- Q iff there is a sequence of wffs D1,..., Dn such that Dn is Q and for each Di in the sequence: a) either Di is in KB or b) Di can.
Logics for Data and Knowledge Representation Propositional Logic: Reasoning Originally by Alessandro Agostini and Fausto Giunchiglia Modified by Fausto.
Boolean Satisfiability and SAT Solvers
Decision Procedures - An algorithmic point of view
Quantified Formulas - Decision Procedure Daniel Kroening, Ofer Strichman Presented by Changki Hong 07 NOV 08.
CMU, Oct 4 DPLL-based Checkers for Satisfiability Modulo Theories Cesare Tinelli Department of Computer Science The University of Iowa Joint work with.
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
Solvers for the Problem of Boolean Satisfiability (SAT) Will Klieber Aug 31, 2011 TexPoint fonts used in EMF. Read the TexPoint manual before you.
1 Agenda Modeling problems in Propositional Logic SAT basics Decision heuristics Non-chronological Backtracking Learning with Conflict Clauses SAT and.
Unification Algorithm Input: a finite set Σ of simple expressions Output: a mgu for Σ (if Σ is unifiable) 1. Set k = 0 and  0 = . 2. If Σ  k is a singleton,
CS Introduction to AI Tutorial 8 Resolution Tutorial 8 Resolution.
Logical Agents Chapter 7. Knowledge bases Knowledge base (KB): set of sentences in a formal language Inference: deriving new sentences from the KB. E.g.:
LDK R Logics for Data and Knowledge Representation Propositional Logic: Reasoning First version by Alessandro Agostini and Fausto Giunchiglia Second version.
CS6133 Software Specification and Verification
Disjunctive Normal Form CS 270: Math Foundation of CS Jeremy Johnson.
First-Order Logic and Inductive Logic Programming.
Automated reasoning with propositional and predicate logics Spring 2007, Juris Vīksna.
1 The Wumpus Game StenchBreeze Stench Gold Breeze StenchBreeze Start  Breeze.
CPSC 422, Lecture 21Slide 1 Intelligent Systems (AI-2) Computer Science cpsc422, Lecture 21 Oct, 30, 2015 Slide credit: some slides adapted from Stuart.
© Copyright 2008 STI INNSBRUCK Intelligent Systems Propositional Logic.
Nikolaj Bjørner Microsoft Research DTU Winter course January 2 nd 2012 Organized by Flemming Nielson & Hanne Riis Nielson.
1 First order theories (Chapter 1, Sections 1.4 – 1.5) From the slides for the book “Decision procedures” by D.Kroening and O.Strichman.
Planning as Satisfiability (SAT-Plan). SAT-Plan Translate the planning problem into a satisfiability problem for length n of Plan garb 0 (proposition)present.
CS357 Lecture 13: Symbolic model checking without BDDs Alex Aiken David Dill 1.
Logical Agents Chapter 7. Outline Knowledge-based agents Propositional (Boolean) logic Equivalence, validity, satisfiability Inference rules and theorem.
SAT Solving As implemented in - DPLL solvers: GRASP, Chaff and
1/20 Arrays Changki PSWLAB Arrays Daniel Kroening and Ofer Strichman Decision Procedure.
Inference in Propositional Logic (and Intro to SAT) CSE 473.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View Basic Concepts and Background.
CSCI 2670 Introduction to Theory of Computing December 7, 2005.
Knowledge Repn. & Reasoning Lecture #9: Propositional Logic UIUC CS 498: Section EA Professor: Eyal Amir Fall Semester 2005.
Dana Nau: Lecture slides for Automated Planning Licensed under the Creative Commons Attribution-NonCommercial-ShareAlike License:
Logical Agents. Outline Knowledge-based agents Logic in general - models and entailment Propositional (Boolean) logic Equivalence, validity, satisfiability.
Resolution in the Propositional Calculus
Lecture 2 Propositional Logic
Elementary Metamathematics
Presentation transcript:

ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 4

Proving verification conditions What is the decision procedure for proving validity of VC(f)? Depends on the logic in which VC(f) is expressed VC(f)  pre  VC(S, post)

Verification condition logic Atoms connected by boolean operators – , , ,  Atoms depend on the program variables and operations on them –boolean, integer, memory Atoms depend on the language of assertions, i.e., program assertions, loop invariants, preconditions and postconditions –quantification, reachability predicate

Assume each assertion is a quantifier-free boolean combination of expressions over program variables. VC(f) is a boolean combination of atoms –Each atom is a relation over terms –Each term is built using functions and logical constants Logical constants are different from program variables –program variables change over time –logical constants are fixed The logical constants in VC(f) refer to the values of program variables at the beginning of f.

Case I: Boolean programs Boolean-valued variables and boolean operations   Formula := A |  |    A  Atom := b b  SymBoolConst

Example returns c requires true ensures c = a  b bool or(bool a, bool b) { if (a) c := true else c := b } Conjecture to be proved: true  (a  true = a  b)  (  a  b = a  b) VC(S, c = a  b) = (a  true = a  b)  (  a  b = a  b) S

Case II: Arithmetic programs In addition, integer-valued variables with affine operations   Formula := A |   |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct b  SymBoolConst x  SymIntConst c  {…,-1,0,1,…}

returns c requires b >= 0 ensures c = a + b int add(int a, int b) { int t; t := b c := a invariant t  0  c = a + b - t while (t > 0) { c := c + 1 t := t - 1 } Example Conjecture to be proved: b  0  VC(A, c = a + b) VC(B, t  0  c = a + b - t)  t - 1  0  c + 1 = a + b – (t – 1) B L A VC(L, c = a + b)  t  0  c = a + b – t  (t  0  c = a + b – t   t > 0  t - 1  0  c + 1 = a + b – (t - 1)  t  0  c = a + b)[c 0 /c,t 0 /t] VC(L, c = a + b)  t  0  c = a + b – t  (t 0  0  c 0 = a + b – t 0   t 0 > 0  t  0  c = a + b – (t 0 - 1)  t 0  0  c 0 = a + b) VC(A, c = a + b)  b  0  a = a + b – b  (t 0  0  c 0 = a + b – t 0   t 0 > 0  t  0  c = a + b – (t 0 - 1)  t 0  0  c 0 = a + b)

Case III: Memory programs In addition, a memory with read and write operations –an unbounded set of objects –a finite set of fields in each object –each field contains a boolean value, an integer value, or a reference to an object For each field f, two operations Select and Update –Select(f,o) is the content of the memory at object o and field f –Update(f,o,v) is a new memory obtained by updating field f of object o to v

Memory axioms for all objects o and o’, and memories m:  o = o’  Select(Update(m,o,v),o’) = v  o  o’  Select(Update(m,o,v),o’) = Select(m,o’)

Modeling memory operations Treat each field f as a map variable: a = b.f a = Select(f,b) a.f = b f = Update(f,a,b) { ? } a.f = 5 { a.f + b.f = 10 } WP(a.f = 5, a.f + b.f = 10)  WP(f = Update(f,a,5), Select(f,a) + Select(f,b) = 10)  Select(Update(f,a,5),a) + Select(Update(f,a,5),b) = 10

Simplify using memory axiom Select(Update(f,a,5),a) + Select(Update(f,a,5),b) = 10 iff 5 + Select(Update(f,a,5),b) = 10 iff Select(Update(f,a,5),b) = 5 iff  a = b  5 = 5  a  b  Select(f,b) = 5 iff a  b  Select(f,b) = 5

  Formula := A |   |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t) m  MemTerm := f | Update(m,t,t) b  SymBoolConst x  SymIntConst c  {…,-1,0,1,…}

Decision procedures Boolean programs –Propositional satisfiability Arithmetic programs –Propositional satisfiability modulo theory of linear arithmetic Memory programs –Propositional satisfiability modulo theory of linear arithmetic + arrays

Decision procedures Boolean programs –Propositional satisfiability Arithmetic programs –Propositional satisfiability modulo theory of linear arithmetic Memory programs –Propositional satisfiability modulo theory of linear arithmetic + arrays

Case I: Boolean programs Boolean-valued variables and boolean operations   Formula := b |  |    b  SymBoolConst

SAT First NP-complete problem (Cook 1972) Davis-Putnam algorithm (1960) –resolution-based –may use exponential memory Davis-Logemann-Loveland algorithm (1962) –search-based –basis for all successful modern solvers Conflict-driven learning and non-chronological backtracking (1996) –resolution strikes back! Amazing progress –GRASP, SATO, Chaff, ZChaff, BerkMin, …

Conjunctive Normal Form  CNF Formula ::= c 1  c 2  … c m c  Clause ::= l 1  l 2  … l n l  Literal ::= b |  b b  SymBoolConst Unit clause ( l ) -a clause containing a single literal Empty clause ( ) - a clause containing no literal - equivalent to false

Conversion into CNF In general, converting  into an equivalent CNF formula may result in an exponential blow-up We are only interested in satisfiability of  Convert into an equi-satisfiable CNF formula EQCNF(  ) –  is satisfiable iff EQCNF(  ) is satisfiable –size of EQCNF(  ) is polynomial in size of 

Conversion into CNF Convert formula  into normal form NF(  ) –NF(  ) is polynomial in  Convert  = NF(  ) into equisatisfiable CNF formula EQCNF(  ) –EQCNF(  ) is polynomial in 

Normal form: NF(  )   Negated normal form: NNF(  )   Normal Form NF(b) = b NNF(b) =  b NF(  ) = NNF(  ) NNF(  ) = NF(  ) NF(  1   2 ) = NF(  1 )  NF(  1 ) NNF(  1   2 ) = NNF(  1 )  NNF(  2 )

Equi-satisfiable CNF Cl(b) = Cl(  b) = true Cl(  ) = Cl(  )  Cl(  )  (v   v   v  )  (v   v  )  (v   v  ) Cl(  ) = Cl(  )  Cl(  )  (v   v   v  )  (v   v  )  (v   v  ) Let  be a formula in normal form. For each subformula  of  : - create a fresh symbol v  in SymBoolConst Identify v b with b and v  b with  b EQCNF(  ) = v   Cl(  )

Resolution (c 1  b) (c 2   b) (c 1  c 2 ) clauses resolvent resolvent(b, c 1  b, c 2   b) = c 1  c 2 =  b. (c 1  b)  (c 2   b) c 1, c 2 independent of b

  (c 1  b)  (c 2   b) iff   (c 1  b)  (c 2   b)  (c 1  c 2 ) Theorem Adding the resolvent to the set of clauses does not affect the satisfiability of the clause set.

Unit resolution ( b ) (c 2   b) ( c 2 ) One of the clauses being resolved is a unit clause Derivation of the empty clause (denoted by  ) ( b ) (  b )  (  b ) (c 2  b) ( c 2 )

Davis-Putnam algorithm (I) Given clause set C: Rule 1: If a clause (c  l  l)  C, replace it with (c  l) Rule 2: If a clause (c  b   b)  C, remove it from C Rule 3a: If  b does not occur in any clause in C, remove every clause containing b from C Rule 3b: If b does not occur in any clause in C, remove every clause containing  b from C

Davis-Putnam algorithm (II) Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2  C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if (   C’) return unsatisfiable C = C’ } return satisfiable

(a  b  c) (b   c   f) (  b  c) Satisfiable example (b   c   f) (  b  c) Rule 3a (c   c   f) Resolve on b Rule 2 Clause set is empty

(a  b) (a   b) (  a  c) (  a   c) ( a ) (  a  c) (  a   c) ( c ) (  c )  Unsatisfiable example Pick b Pick a Pick c

Correctness Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2  C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if (   C’) return unsatisfiable C = C’ } return satisfiable Two observations: - Each of the rules 1, 2, 3a, and 3b preserve satisfiability - C’ =  b. C

Memory explosion Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2  C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if (   C’) return unsatisfiable C = C’ } return satisfiable Let n be the number of clauses in the input clause set Number of clauses after i-th iteration of loop: O(n^(2^i))

Davis-Logemann-Loveland algorithm Slides of sat_course1.pdf Download from:

Davis-Logemann-Loveland algorithm Eliminates exponential memory requirement Might still need exponential time

Conflict-driven learning and non- chronological backtracking Slides 2-20 of sat_course2.pdf Download from: