Part 1: Positive Equality for Uninterpreted functions in Eager Encoding.

Slides:



Advertisements
Similar presentations
A SAT characterization of boolean-program correctness K. Rustan M. Leino Microsoft Research, Redmond, WA 14 Nov 2002 IFIP WG 2.4 meeting, Schloβ Dagstuhl,
Advertisements

Representing Boolean Functions for Symbolic Model Checking Supratik Chakraborty IIT Bombay.
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Carnegie Mellon University Boolean Satisfiability with Transitivity Constraints Boolean Satisfiability with Transitivity Constraints
Carnegie Mellon University Decision Procedures Customized for Formal Verification Decision Procedures Customized for Formal Verification
Interpolants [Craig 1957] G(y,z) F(x,y)
1 Boolean Satisfiability in Electronic Design Automation (EDA ) By Kunal P. Ganeshpure.
Bit Vector Decision Procedures A Basis for Reasoning about Hardware & Software Randal E. Bryant Carnegie Mellon University.
Automated Theorem Proving Lecture 4.   Formula := A |  |    A  Atom := b | t = 0 | t < 0 | t  0 t  Term := c | x | t + t | t – t | ct | Select(m,t)
Improving code generation. Better code generation requires greater context Over expressions: optimal ordering of subtrees Over basic blocks: Common subexpression.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.
1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.
Yeting Ge Leonardo de Moura New York University Microsoft Research.
SAT-Based Decision Procedures for Subsets of First-Order Logic
Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
Search in the semantic domain. Some definitions atomic formula: smallest formula possible (no sub- formulas) literal: atomic formula or negation of an.
Technion 1 (Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir Technion.
Last time Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search strategy.
Carnegie Mellon University SAT-Based Decision Procedures for Subsets of First-Order Logic Randal E. Bryant Part I: Equality.
Decision Procedures Mooly Sagiv. Bibliography Nelson & Oppen Fast Decision Procedures Based on Congruence Closure JACM 1979 Stump, Dill, Barrett, Levitt.
Improving Code Generation Honors Compilers April 16 th 2002.
1 Abstraction Refinement for Bounded Model Checking Anubhav Gupta, CMU Ofer Strichman, Technion Highly Jet Lagged.
1 A propositional world Ofer Strichman School of Computer Science, Carnegie Mellon University.
Improving code generation. Better code generation requires greater context Over expressions: optimal ordering of subtrees Over basic blocks: Common subexpression.
Carnegie Mellon University SAT-Based Decision Procedures for Linear Arithmetic and Uninterpreted Functions SAT-Based Decision Procedures for Linear Arithmetic.
CS & ECE Departments Carnegie Mellon University Modeling and Verifying Systems using CLU Logic Randal E. Bryant Shuvendu Lahiri Sanjit A. Seshia.
*Carnegie Mellon University † IBM Exploiting Positive Equality in a Logic of Equality with Uninterpreted Functions Exploiting Positive Equality in a Logic.
Formal Verification of SpecC Programs using Predicate Abstraction Himanshu Jain Daniel Kroening Edmund Clarke Carnegie Mellon University.
Carnegie Mellon University Convergence Testing in Term-level Bounded Model Checking Randal E. Bryant Shuvendu K. Lahiri Sanjit A. Seshia.
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
Ofer Strichman, Technion Deciding Combined Theories.
1 First order theories. 2 Satisfiability The classic SAT problem: given a propositional formula , is  satisfiable ? Example:  Let x 1,x 2 be propositional.
1/25 Pointer Logic Changki PSWLAB Pointer Logic Daniel Kroening and Ofer Strichman Decision Procedure.
Leonardo de Moura Microsoft Research. Many approaches Graph-based for difference logic: a – b  3 Fourier-Motzkin elimination: Standard Simplex General.
Deciding a Combination of Theories - Decision Procedure - Changki pswlab Combination of Theories Daniel Kroening, Ofer Strichman Presented by Changki.
Boolean Satisfiability and SAT Solvers
CMU, Oct 4 DPLL-based Checkers for Satisfiability Modulo Theories Cesare Tinelli Department of Computer Science The University of Iowa Joint work with.
Daniel Kroening and Ofer Strichman 1 Decision Procedures in First Order Logic Decision Procedures for Equality Logic Range Allocation.
Daniel Kroening and Ofer Strichman 1 Decision Proceduresfoe Equality Logic 4 Range Allocation.
1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05.
SAT and SMT solvers Ayrat Khalimov (based on Georg Hofferek‘s slides) AKDV 2014.
1 MVD 2010 University of Iowa New York University Comparing Proof Systems for Linear Real Arithmetic Using LFSC Andrew Reynolds September 17, 2010.
Controller Synthesis for Pipelined Circuits Using Uninterpreted Functions Georg Hofferek and Roderick Bloem. MEMOCODE 2011.
Propositional Calculus CS 270: Mathematical Foundations of Computer Science Jeremy Johnson.
Integrating high-level constructs into programming languages Language extensions to make programming more productive Underspecified programs –give assertions,
Symbolic Execution with Abstract Subsumption Checking Saswat Anand College of Computing, Georgia Institute of Technology Corina Păsăreanu QSS, NASA Ames.
Random Interpretation Sumit Gulwani UC-Berkeley. 1 Program Analysis Applications in all aspects of software development, e.g. Program correctness Compiler.
1 Reasoning with Infinite stable models Piero A. Bonatti presented by Axel Polleres (IJCAI 2001,
Semantics of Predicate Calculus For the propositional calculus, an interpretation was simply an assignment of truth values to the proposition letters of.
Controller Synthesis for Pipelined Circuits Using Uninterpreted Functions Georg Hofferek and Roderick Bloem. MEMOCODE 2011.
Daniel Kroening and Ofer Strichman Decision Procedures An Algorithmic Point of View Deciding Combined Theories.
Error Explanation with Distance Metrics Authors: Alex Groce, Sagar Chaki, Daniel Kroening, and Ofer Strichman International Journal on Software Tools for.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View Basic Concepts and Background.
1 A framework for eager encoding Daniel Kroening ETH, Switzerland Ofer Strichman Technion, Israel (Executive summary) (submitted to: Formal Aspects of.
Metalogic Soundness and Completeness. Two Notions of Logical Consequence Validity: If the premises are true, then the conclusion must be true. Provability:
Daniel Kroening and Ofer Strichman 1 Decision Procedures for Equality Logic 1.
Decision Procedures in Equality Logic
Hybrid BDD and All-SAT Method for Model Checking
SMT-Based Verification of Parameterized Systems
Lifting Propositional Interpolants to the Word-Level
Georg Hofferek, Ashutosh Gupta, Bettina Könighofer, Jie-Hong Roland Jiang and Roderick Bloem Synthesizing Multiple Boolean Functions using Interpolation.
Dichotomies in CSP Karl Lieberherr inspired by the paper:
Automatic Abstraction of Microprocessors for Verification
Presentation transcript:

Part 1: Positive Equality for Uninterpreted functions in Eager Encoding

– 2 – Eliminating Function applications Two applications of an uninterpreted function f in a formula f( x 1 ) and f( x 2 )Ackermann’sEncoding f( x 1 ) vf 1 f( x 2 ) vf 2 x 1 = x 2 vf 1 = vf 2 x 1 = x 2  vf 1 = vf 2 Bryant, German, Velev’s Encoding f( x 1 ) vf 1 f( x 2 ) ITE( x 1 = x 2, vf 1, vf 2 )

– 3 – Positive Equality Optimization Goal Replace as many of the vf i variables with constant values Exploit the positive structure of the formula Overall Benefit The function-free formula has smaller number of integer variables Reduces the number of interpretations to check for validity

– 4 – Eliminating Function applications Two applications of an uninterpreted function f in a formula f( x 1 ) and f( x 2 )Ackermann’sEncoding f( x 1 ) vf 1 f( x 2 ) vf 2 x 1 = x 2 vf 1 = vf 2 x 1 = x 2  vf 1 = vf 2 Bryant, German, Velev’s Encoding f( x 1 ) vf 1 f( x 2 ) ITE( x 1 = x 2, vf 1, vf 2 ) Favors positive equality analysis

– 5 – EUF Logic of Equality with Uninterpreted FunctionsTerms ITE(F, T 1, T 2 ) If-then-else f (T 1, …, T k ) Function applicationFormulas  F, F 1  F 2, F 1  F 2 Boolean connectives T 1 = T 2 Equation p (T 1, …, T k ) Predicate application Special Cases v Domain variable (order-0 function) a Propositional variable (order-0 predicate)

– 6 – EUF and small-model property Small Model Property for Validity Small Model Property for Validity [Ackermann ’54] Suffices to consider a domain with k values k is the number of distinct function application terms in the formula Number of cases (interpretations) to check: k! xy gg ff = =    (x=y)  (f(g(x)) = f(g(y)) Function-application terms: { x, y, g(x), g(y), f(g(x), f(g(y) } k = 6

– 7 – Positive Equality for EUF Classify formulas, terms, functions into Positive (p) General (g) xy gg ff = =    (x=y)  (f(g(x)) = f(g(y)) General (g) Functions x,y Positive (p) Functionsf,g p-formulas g-formulas p-terms [Bryant, German, Velev CAV’99] Positive (p) formulas Negated even no. of times Do not control ITE Positive (p) terms Never appears in a g- formula equation Positive (p) function symbols All applications are p-terms

– 8 – Maximally Diverse Interpretations An interpretation I is maximally diverse if: For any p-function symbol f 1. I [ f(T1) = f(T2) ] iff I [ T1=T2 ] 2. I [ f(T) ]  I [ g(U) ], for any other function symbol g where f(T1), f(T2), g(U) are terms in the formula h xy =  =  g g g h TermsEqual? xy Potentially g (x)g (y) Only if x = y g (x)y No

– 9 – Maximally Diverse Interpretations An interpretation I is maximally diverse if: For any p-function symbol f 1. I [ f(T 1 ) = f(T 2 ) ] iff I [ T 1 =T 2 ] 2. I [ f(T 1 ) ]  I [ g(U) ], for any other function symbol g where f(T 1 ), f(T 2 ), g(U) are terms in the formulaProperty Formula valid if and only if true under all maximally diverse interpretations

– 10 – Justification of Maximal Diversity Property For a formula For a formula F For any interpretation I, there is a maximally diverse interpretation J, such that J [ F ]  I [ F ] h xy =  =  g g g h Create Worst Case for Validity Falsify positive equation Create Worst Case for Validity Falsify positive equation Function applications yield distinct results Create Worst Case for Validity Falsify positive equation Function applications yield distinct results Function arguments distinct

– 11 – Exploiting Positive Equality Property P-function symbol f Introduce variables vf 1, …, vf n during elimination Consider only diverse interpretations for variables vf 1, …, vf n vf i  v for any other variable vExample Assuming vf 1  vf 2 : x1x1 x2x2 vf 1 vf 2 TFTF = = iff x 1 =x 2 f(x 1 ) f(x 2 )

– 12 – Summary: Positive equality optimization  Eliminate function applications  Introduce vf 1, …, vf n while eliminating function symbol f  For a p-function symbol f  Replace vf 1, …, vf n with distinct constants  The only variables in the function-free formula are the vf i variables for g function symbols m = number of g-function applications

– 13 – Positive Equality for EUF xy gg ff = =    (x=y)  (f(g(x)) = f(g(y)) General (g) Functionsx,yPositiveFunctionsf,g Property Number of interpretations to consider = m! m = number of g-function applications

– 14 – Positive Equality for EUF  (x=y)  (f(g(x)) = f(g(y)) General (g) Functionsx,yPositiveFunctionsf,g Property Number of interpretations to consider = m! m = number of g-function applications Function-application terms: { x, y, g(x), g(y), f(g(x)), f(g(y)) } p applications: { g(x), g(y), f(g(x)), f(g(y)) } g applications: { x,y } m = 2 Search Space reduced from 6! to 2!

– 15 – Application of positive equality Pipelined processor verification Bryant, German and Velev CAV’99, Velev and Bryant DAC’00,.. Observation: Most uninterpreted functions which appear in pipeline data-path are p-functions E.g. ALU, Incrementer for PC, …. Other Infinite-state system verification Bryant, Lahiri, Seshia CAV’02 Improves efficiency in benchmarks from cache-coherence verification, out-of-order processors, software benchmarks

– 16 – Impact of Positive Equality ModelInitial formula size UCLID w/ p-eq. (s) UCLID w/o p-eq. (s) SVC time (s) Out-of-order proc Cache coherence > 1 hr> 1 day DLX pipeline > 1 day Positive equality can be exploited to improve performance [Bryant, Lahiri, Seshia CAV’02]

– 17 – Ackermann’s encoding and positive equality Two applications of an uninterpreted function f in a formula f( x 1 ) and f( x 2 ) Can’t assign distinct values to vf 1, vf 2 for p-function symbol f x 1 = x 2 Ignores the case when x 1 = x 2Ackermann’sEncoding f( x 1 ) vf 1 f( x 2 ) vf 2 x 1 = x 2 vf 1 = vf 2 x 1 = x 2  vf 1 = vf 2

– 18 – Limitation of positive equality analysis Limitation of previous approach Not “robust” Entire analysis fails even when a single application is negative x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) GeneralFunctionsx,f PositiveFunctions f f f = f p-applications: {} g-applications: { x, f(x), f 2 (x), f 3 (x), f 4 (x) } Function-application terms: { x, f(x), f 2 (x), f 3 (x), f 4 (x) }

– 19 – Robust Positive Equality Analysis Look at each application instead of function symbols Finer granularity for exploiting positive equality [Lahiri, Bryant, Goel, Talupur TACAS’04] x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) General Functions Functionsx,f PositiveFunctions f f f = f p-terms: { f 2 (x), f 3 (x), f 4 (x) } g-terms: { x, f(x) } Function-application terms: { x, f(x), f 2 (x), f 3 (x), f 4 (x) }

– 20 – Robust Positive Equality Analysis Goal If a variable vf i is a result of eliminating a p-term, then try to assign it a distinct constantQuestion Can we always assign the vf i variables for any p-term a distinct value? Not always Can we compute the set of p-terms that maximizes the number of vf i variables that can be assigned distinct values? In general, NP-complete

– 21 – Outline Robust positive equality “Robust” maximal diversity theorem Exploiting robust positive equality Obstacles SolutionsResults Related work

– 22 – Robust Maximal Diversity For an interpretation I A p-term f(T) is called is g-arg-distinct, if there is no g-term f(U), such that I [ T ] = I [ U ]. An interpretation I is robust maximally diverse if: For every g-arg-distinct p-term f(T 1 ), 1. I [ f(T 1 ) = f(T 2 ) ] iff I [ T 1 =T 2 ] 2. I [ f(T) ]  I [ g(U) ], for any other function symbol g where f(T 1 ), f(T 2 ), g(U) are terms in the formula

– 23 – Equals non f term Example I = {}{} I = { x, f 2 (x), f 4 (x) }, { f(x), f 3 (x) }  (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) x =   f f = f f G-term P-term Non robust-maximally diverse interpretation g-arg-distinct For an interpretation I A p-term f(T) is called is g- arg-distinct, if there is no g- term f(U), such that I [ T ] = I [ U ]. An interpretation I is robust maximally diverse if: For every g-arg-distinct p-term f(T 1 ), 1. I [ f(T 1 ) = f(T 2 ) ] iff I [ T 1 =T 2 ] 2. I [ f(T) ]  I [ g(U) ], for any other function symbol g where f(T 1 ), f(T 2 ), g(U) are terms in the formula

– 24 – Robust Maximal Diversity Theorem Generalization of positive equality Any robust-maximally diverse interpretation is a maximally diverse interpretations The subset inclusion can be properConsequence Fewer interpretations to consider to check validity Theorem Formula valid if and only if true under all robust maximally diverse interpretations

– 25 – Exploiting Robust Positive Equality By Robust maximal diversity theorem Assign a distinct constant to vf i, when i > l f( x i ) Value of vf i = Value of f( x i ) x i x 1,…, x i-1 when x i does not equal { x 1,…, x i-1 } f( x i ) g-arg-distinct i.e. when f( x i ) is g-arg-distinct Function applications f( x 1 ),…, f( x n ) Introduce variables vf 1, …, vf n during elimination f( x 1 ),…, f( x l ),…, f( x i ),…,f( x n ) f Contains all the g-terms for f

– 26 – What we need Eliminate the g-terms as early as possible Constrained by the sub-expression ordering e.g. f(x) has to be eliminated before eliminating f(f (x)) Need the best topological order Respects the sub-expression orderings Maximizes the number of vf variables that can be assigned distinct constant value Need to define this objective function precisely

– 27 – Function elimination and topological order Requires a topological order on the terms Respects the sub- expression order Eliminate functions from sub-terms first Example order x, f(x), f 2 (x), f 3 (x), f 4 (x) Only order for this example x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) f f f = f

– 28 – Function elimination and topological order x  f f f = f  (f(f(x))=x)  (f(f(f(f(x)))) = f(f(f((x))) =  Always precedes the g-term f 2 (x) vf variables for every p- term can’t be assigned distinct values vf variables for every p- term can’t be assigned distinct values P-terms that are subterms of a g-term with the same function. Example order x, f(x), f 2 (x), f 3 (x), f 4 (x) Only order for this example

– 29 – Topological ordering and the p-terms Topological order < Pos < (f) Set of p-terms of f which do not precede any g- terms of f in < Pos < = f Pos < (f) Pos < =  f Pos < (f)

– 30 – Topological ordering: Example 1 Topological order < Pos < (f) Set of p-terms of f which do not precede any g- terms of f in < Pos < = f Pos < (f) Pos < =  f Pos < (f) x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) f f f = f Example x< f(x) < f 2 (x) < f 3 (x) < f 4 (x) Pos < = { f 2 (x), f 3 (x), f 4 (x) }

– 31 – Topological ordering Property Pos < The vf i variables which results when eliminating terms in Pos < can be assigned a distinct constant valueGoal < Pos < Find the topological order “ < ” that maximizes the size of Pos < Topological order < Pos < (f) Set of p-terms of f which do not precede any g- terms of f in < Pos < = f Pos < (f) Pos < =  f Pos < (f)

– 32 – Finding the best topological ordering Example 3 topological orders on terms 1. 1.x<g(x)<f(g(x))<f(x)<g(f(x)) 2. 2.x< f(x)<g(f(x))<g(x)<f(g(x)) 3. 3.x<g(x)< f(x)<g(f(x))<f(g(x))  (f(g(x)) = g(f(x))) = f f g g x  Pos < = {, } Pos < = { x, f(x) } Pos < = {} Pos < = { x, g(x) } Pos < = {} Pos < = { x } Not best for f Not best for g With multiple non-zero arity function symbol Best order may not be best for each symbol

– 33 – Obtaining best topological order Complexity NP-complete Polynomial when only 1 non-zero arity function symbol Reduction from the maximum independent set problem Greedy heuristic to find a good order Pos < Assign higher priorities to p-terms of functions with greater number of “potential” terms in Pos < Finds the optimal order for most of the examples we have seen so far.

– 34 – Sample Results Implemented in UCLID decision procedure With Zchaff SAT-solver Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99] example#vars Positive Equality #pvar time Robust Positive Eq #pvar time Speedup Cv Cv Cv467010> >18

– 35 – Observations Robust positive equality improves efficiency Useful in practice Small overhead (+5%) over positive equality analysis Efficient implementation can further reduce this overhead Seldom affects total time when translation time to SAT is a small fraction of the overall time

– 36 – Related work Pnueli, Rodeh, Strichman & Siegel CAV’99 Removes function applications by Ackermann’s reduction Range allocation for the resultant formula Assigns smaller ranges for g-terms Rodeh & Strichman CAV’01 Uses Bryant, German & Velev’s function elimination method + range allocation Has similarities and differences with our work

– 37 – Conclusions Positive Equality Simplifies function-free formula by reducing the number of variables in the formula Robust Positive Equality Generalization of positive equality Improves applicability for more general benchmarks Can be extended for CLU logic T1 < T2 + c [BLS02; Lahiri MS Thesis] Can we generalize it for linear arithmetic + EUF?

– 38 – Questions

– 39 – Decision Procedure Benchmarking Model Term formula DAG size Prop formula DAG size UCLID time (s) SVC time (s) CVC time (s) Out-of- order executionUnit Out of Mem Elf™processor > 1 day Out of Mem > 1 day Out of Mem Compared against Stanford Validity Checker (SVC) & its successor CVC (which uses Chaff) Decides CLU + real linear arith. + bit-vector arith. UCLID uses Chaff for Boolean SAT UCLID time = translation time + Chaff time

– 40 – Impact of Positive Equality ModelTerm formula size UCLID w/ p-eq. (s) UCLID w/o p- eq. (s) Out-of-order execution unit Cache Protocol > 1 hr DLX pipeline Positive equality can be exploited to improve performance

– 41 – Exploiting Positive Equality Property P-function symbol f Introduce variables vf 1, …, vf n during elimination Consider only diverse interpretations for variables vf 1, …, vf n vf i  v for any other variable vExample Assuming vf 1  vf 2 : x1x1 x2x2 vf 1 vf 2 TFTF = = iff x 1 =x 2

– 42 – ff vf 1 vf 2 Compare: Ackermann’s Method Replacing Application Introduce new domain variable Enforce functional consistency by global constraints Unclear how to generate diverse interpretations x1x1 x2x2 F ==   

– 43 – Decision Procedures in Verification Work-horse for many automated verification methodologies Processor and Protocol verification Pipelined processor verification »Burch & Dill CAV’94, Bryant, German & Velev CAV’99,… Out-of-order processor and cache coherence verification »Lahiri, Seshia & Bryant FMCAD’02, Bryant, Lahiri & Seshia CAV’02 Predicate abstraction Software verification »SLAM (MSR), BLAST (Berkeley), MAGIC (CMU),… Protocol verification » Das, Dill & Park CAV’99,

– 44 – Decision Procedures for quantifier- free fragment of first-order logic Principal theories Logic of equality with uninterpreted functions f(x) = f(g(y)) Linear arithmetic Difference-bound logic subset ( T 1 < T 2 + c ) Full linear arithmetic Arrays read and write operationsTools SVC/CVC from Stanford (FMCAD ’96, CAV’02, CAV ‘04) UCLID from CMU (CAV’02, CAV’04) ICS from SRI (CAV ’01) Simplify/Verifun from HP (CAV ’03) Zapato from Microsoft (CAV ’04) ……

Carnegie Mellon University Revisiting Positive Equality Shuvendu K. Lahiri Randal E. Bryant Amit Goel Muralidhar Talupur

– 46 – Conclusions Generalization of Bryant et al’s positive equality analysis Subsumes original positive equality Exploiting robust positive equality in a decision procedure Problems and heuristics Future Work Integrate smaller range-allocation for the g-terms Pnueli et al. CAV’99, Talupur et al. CAV’04

– 47 – Positive Equality for EUF xy gg ff = =    (x=y)  (f(g(x)) = f(g(y)) General (g) Functionsx,yPositiveFunctionsf,g Split the set of terms into p-terms Function applications of p- functions g-terms Function applications of g- functions

– 48 – Definition P-term Term which never appear in equations that are g- formulasG-term Term which appears at least once in an equation that is a g-formula x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) f f f = f p-terms g-terms

– 49 – fff x1x1 x2x2 x3x3 vf 1 vf 2 TFTF = = = TFTF vf 3 TFTF Eliminating Function Applications Bryant, German & Velev CAV’99 Replacing Application Introduce new domain variable Nested ITE structure maintains functional consistency

– 50 – Robust maximally diverse interpretations P-term h(T 1,…, T n ) If args. do not equal the args. of any g-term h(U 1,…,U n ), then Can only equal other h application terms with equal argumentsProperty Formula valid if and only if true under all robust maximally diverse interpretations I = {} I = { x  0, f(0)  1, f(1)  0,.. }  (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) Equals non f term x =   f f = f f G-term P-term Non robust-maximally diverse interpretation Args not equal with the g-term

– 51 – Heuristic for obtaining topological order Potentially positive terms for a function Potentially positive terms for a function f The p-terms of f that are not sub-terms of any g-term of fSteps  Sort the function symbols by the number of potentially positive terms  For each function f in sorted order: Put all the g-terms of f (and their subterms) in the topological order  Put all the remaining p- terms in the topological order

– 52 – Heuristic for obtaining topological order Sort the functions f;g; x Put the g-terms for f x<g(x)<f(g(x)) Put the g-terms for g f(x)<f(f((x))<g(f(f(x))) Put the g-terms for x Already present  (f(g(x)) = g(f(f(x)))) = f f g g  f ++ + Potentially positive terms for a function Potentially positive terms for a function f The p-terms of f that are not sub-terms of any g-term of fSteps  Sort the function symbols by the number of potentially positive terms  For each function f in sorted order: Put all the g-terms of f (and their subterms) in the topological order  Put all the remaining p- terms in the topological order + x x<g(x)<f(g(x))<f(x)<f(f(x))<g(f(f(x))) T < + = {, } T < + = { x, f(x),f(f(x)) }

– 53 – Definitions Interpretation I Assigns a value to all the functions appearing in a formula I(f) = function associated with the symbol fEvaluation I [ e ] evaluates e w.r.t. the interpretation I Defined inductively on the structure of e x =    (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) f f f = f I = {} I = { x  0, f(0)  1, f(1)  0,.. } false true false

– 54 – Topological ordering: Example 2 Topological order < T < + (f) Set of p-terms of f which do not precede any g- terms of f in < T < + = f T < + (f) T < + =  f T < + (f) Example x< f(x) < f 2 (x) < f 3 (x) < f 4 (x) T < + = { f 3 (x), f 4 (x) } x  f f f = f  (f(f(x))=x)  (f(f(f(f(x)))) = f(f(f((x))) + + =  Always precedes the g-term f 2 (x)

– 55 – Results Implemented in UCLID decision procedure With Zchaff SAT-solver Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99] example #var s Positive Equality #pvar time Robust Positive Eq #pvar |T + | time Speedup Cv Cv Cv Cv Cv467010> >18 T + T + = union of the set of potentially positive terms for each function

– 56 – Topological ordering: Example 2 Topological order < Pos < (f) Set of p-terms of f which do not precede any g- terms of f in < Pos < = f Pos < (f) Pos < =  f Pos < (f) Example x< f(x) < f 2 (x) < f 3 (x) < f 4 (x) Pos < = { f 3 (x), f 4 (x) } x  f f f = f  (f(f(x))=x)  (f(f(f(f(x)))) = f(f(f((x))) + + =  Always precedes the g-term f 2 (x)

– 57 – Finding the best topological ordering With multiple non-zero arity function symbol Best order may not be best for each symbolExample 3 topological orders on terms 1. 1.x<g(x)<f(g(x))<f(x)<g(f(x)) 2. 2.x< f(x)<g(f(x))<g(x)<f(g(x)) 3. 3.x<g(x)< f(x)<g(f(x))<f(g(x))  (f(g(x)) = g(f(x))) = f f g g x  Pos < = {, } Pos < = { x, f(x) } Pos < = {} Pos < = { x, g(x) } Pos < = {} Pos < = { x }

– 58 – Relevant papers “Exploiting positive equality in a logic of equality with uninterpreted functions” “Exploiting positive equality in a logic of equality with uninterpreted functions” Bryant, German and Velev, CAV’99 “Revisiting Positive Equality” “Revisiting Positive Equality” Lahiri, Bryant, Goel and Talupur, TACAS’04 Generalization of positive equality

– 59 – Maximally Diverse Interpretations P-Function Symbols Equal results only for equal arguments Doesn’t equal application of any other function symbol G-Function Symbols Potentially yield equal results for unequal argumentsProperty Formula valid if and only if true under all maximally diverse interpretations h xy =  =  g g g h TermsEqual? xy Potentially g (x)g (y) Only if x = y g (x)y No

– 60 – Robust maximally diverse interpretations For every p-term h(T 1,…, T n ) If args. do not equal the args. of any g-term h(U 1,…,U n ), then Can only equal other h application terms with equal argumentsProperty Formula valid if and only if true under all robust maximally diverse interpretations

– 61 – Robust maximally diverse interpretations P-term h(T 1,…, T n ) If args. do not equal the args. of any g-term h(U 1,…,U n ), then Can only equal other h application terms with equal argumentsProperty Formula valid if and only if true under all robust maximally diverse interpretations I = {}{} I = { x, f 2 (x) }, { f(x), f 3 (x) }  (f(x)=x)  (f(f(f(f(x)))) = f(f(f((x))) Equals non f term x =   f f = f f G-term P-term Non robust-maximally diverse interpretation Arg not equal to the arg of g-term of f

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.