Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University."— Presentation transcript:

1 1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University

2 2 Separation predicates  Predicates of the form x 1 < x 2 + c and x 1  x 2 + c where c is a constant  Also known as ‘difference predicates’  We will consider x 1, x 2 as either real or integer variables  Used when proving formulas derived from Timed automata, Scheduling problems, and more  Pratt: “Most inequalities arising in verification are separation predicates”

3 3 Deciding separation via case-splitting (1/2)  : x 1 < x 2 + 1  x 2 < x 3 + 1  (x 3 < x 1 -3  x 3 < x 1 +1) x 1 < x 2 + 1  x 2 < x 3 + 1  x 3 < x 1 -3 x 1 < x 2 + 1  x 2 < x 3 + 1  x 3 < x 1 +1 x1x1 x2x2 x3x3 1 1 -3 x1x1 x2x2 x3x3 1 1 1 Theorem [Bellman, 57]: The formula is satisfiable iff the inequality graph does not contain a negative cycle. Case splitting

4 4 Deciding separation via case-splitting (2/2) 1 1 -3 5 -4 Bellman-Ford: Finding whether there is a negative cycle in a graph is polynomial  Overall complexity: O(2 |  | ), due to case-splitting  Case-splitting is normally the bottleneck of decision procedures  Q: Is there an alternative to case-splitting ?

5 5 Difference Decision Diagrams(DDD) (Møller, Lichtenberg, Andersen, Hulgaard, 1999)  Similar to BDDs, but the nodes are separation predicates  Ordering on variables determines order on predicates  Semi-canonical (i.e canonical when  is a tautology or a contradiction)  : !(x 1 – x 3 < 0)  x 2 - x 3  0  !(x 2 -x 1 < 0) x 1 – x 3 < 0 x 2 - x 3  0 x 2 -x 1 < 0 10  Each path leading to ‘1’ is checked for consistency with ‘Bellman-Ford’  Worst case – an exponential no. of such paths

6 6  : x 1 < x 2 + 1  x 2 < x 3 + 1  (x 3 < x 1 -3  x 3 < x 1 +1) 1. Encode: 2. Build the joint graph G: x1x1 x2x2 x3x3 1 1 1 -3 3. Forbid ‘true’ assignment to negative simple cycles in G: Boolean encoding (take 1) ’:’:

7 7 What about negations in  ? The unsatisfiable formula  : ¬(x 1 < x 2  x 2  x 1 +1) is reduced to the satisfiable formula: x1x1 x2x2 0 1 Problem: our graph does not consider the polarity of the constraints. Legend: ‘<’ ‘  ’

8 8 Solution #1: Consider both polarities Dual edges: x1x1 x2x2 x3x3 1 1 -3 x1x1 x2x2 x3x3 3 x1x1 x2x2 x3x3 1 1 -3 3 The joint graph: x 1 < x 2 +1 x 2  x 1 -1

9 9 Solution #2: Eliminate negations 1. Transform  to Negation Normal Form (NNF), and eliminate negations by reversing inequality signs 2. Rewrite ‘>’ and ‘  ’ predicates as ‘<’ and ‘  ’, e.g. rewrite x 1 > x 2 + c as x 2 < x 1 – c Solution #2 results in a smaller number of constraints

10 10 Problem: redundant constraints  : ( x 1 < x 2 -3  (x 2 < x 3 –1  x 3 < x 1 +1)) x1x1 x3x3 x2x2 -3 x1x1 x3x3 x2x2 -3 1 Case splitting x1x1 x3x3 x2x2 -3 1 The joint graph G: G creates redundant constraints

11 11  Let  d be the DNF representation of  Solution: Conjunctions Matrices (1/3)  We only need to consider cycles that are in one of the clauses of  d  Deriving  d is exponential. But –  Knowing whether a given set of literals share a clause in  d is polynomial, using Conjunctions Matrices

12 12 Conjunctions Matrices (2/3)  Let  be a formula in NNF.  Let l i and l j be two literals in .  The joining operand of l i and l j is the lowest joint parent of l i and l j in the parse tree of .  :l 0  (l 1  (l 2  l 3 ))    l0l0 l1l1 l2l2 l3l3 l 0 l 1 l 2 l 3 l0l1l2l3l0l1l2l3 1 1 1 1 0 0 1 0 1 Conjunctions Matrix M :M :

13 13  Claim: A set of literals L={l 0,l 1 …l n }   share a clause in  d iff for all l i,l j  L, i  j, M  [l i,l j ] =1.  : x 0 < x 1  (x 1 < x 2  (x 2 < x 3  x 3 < x 0 )) x0x0 x3x3 x2x2 x1x1 Conjunctions Matrices (3/3)  In our case the literals are separation predicates. The entries in the conjunctions matrix correspond to ‘edges between edges’  We can now consider only simple cycles that their corresponding M  graph form a clique.

14 14 1. Encode  (replace each separation predicate with a Boolean var) 2. Build the joint inequality graph G 3. Add a constraint forbidding ‘true’ assignment to negative simple cycles in G that their corresponding M  form a clique. 0. Normalize  (eliminate negations) Boolean encoding (take 2)

15 15..... In many cases - yes. How? with variable elimination..... c1c1 c2c2 c 1+ c 2 n diamonds  2 n simple cycles. Can we do better than that ? c3c3 c4c4 Compact representation of constraints (1/2)

16 16 Quantifying out x 3:  Worst case exponential no. of constraints  Complexity heavily depends on elimination order c1c1 c2c2 c3c3 c 1 + c 3 c 2 + c 3 x4x4 x1x1 x1x1 x2x2 x3x3 x4x4 x4x4 x2x2 Compact representation of constraints (2/2)  Given a conjunctions matrix M , we add a constraint only if the joining operand of the two constraints is ‘  ’

17 17 1. Encode  (replace each separation predicate with a Boolean var) 2. Build the joint inequality graph G 3. Eliminate all variables successively: e 1 and e 2 are ingoing and outgoing edges of the eliminated variable, and M  [e 1,e 2 ]=1, and the resulting edge is e 3 then add to  ’ the constraint e 1  e 2  e 3 0. Normalize  (eliminate negations) Boolean encoding (take 3) If

18 18 Extension to integer variables Given  with integer separation predicates, derive  R :  Declare all variables as real  Replace x 1 < x 2 + c and x 1  x 2 + c where c is not an integer, with x 1  x 2 +  c   Replace each predicate x 1 < x 2 + c with x 1  x 2 + c – 1 Theorem:  is satisfiable iff  R is satisfiable

19 19 Experimental results (1/3).....  n diamonds  Each diamond has 2d edges  Top and bottom paths in each diamond are disjointed. There are 2 n conjoined cycles.  By adjusting the weights, we ensured that there is a single satisfying assignment. d=2

20 20 Experimental results (2/3)  Results in seconds  Using variable elimination (rather than explicit cycle enumeration) ‘Diamond’ shape formulas

21 21 Experimental results (3/3) Symbolic simulation of hardware designs  Results in seconds  Using variable elimination (rather than explicit cycle enumeration)

22 22 Discussion and conclusions (1/2)  Procedures based on case-splitting can not scale  SAT methods can also be seen as ‘case-splitting’, but they split the domain, not the formula. As a result: Pruning is easy Learning is easy Guidance is easy (“which case should we start with ?”)

23 23 Discussion and conclusions (2/2)  Both the reduction to SAT and solving the SAT instance are exponential  The reduction to SAT is the bottleneck of our procedure, whereas the resulting SAT instances are empirically easy to solve  The total time was shorter in all examples comparing to ICS and DDD’s  The decision procedure has recently been integrated into the theorem prover C-prover and the verification system Uclid

24 24 The End

25 25 Integrated decision procedures in Theorem-Provers All of these theories, except linear arithmetic, have known efficient direct reductions to propositional logic. Thus, reducing linear arithmetic to propositional logic will: 1. Enable integration of theories in the propositional logic level. 2. Potentially be faster than known techniques.

26 26 A decision procedure for separation theory Separation predicates have the form x > y + c where x,y are real variables, and c is a constant Pratt [73] (/Bellman[57]): Given a set of conjuncted separation predicates  1. Construct the `inequality graph’ 2.  is satisfiable iff there is no cycle with non-negative accumulated weight  : ( x > z +3  z > y –1  y > x+1) x y z 3 1

27 27 Handling disjunctions through case splitting All previously mentioned algorithms handle disjunctions by splitting the formula. This can be thought of as a two stage process: 1.Convert formula to Disjunctive Normal Form (DNF) 2.Solve each clause separately, until satisfying one of them. (A common improvement: split ‘when needed’) Case splitting is frequently the bottleneck of the procedure

28 28 So what can be done against case-splitting ? Given a formula , this transformation can be done if  ’ s.t. | =   | =  ’, and  ’ is decidable under a finite domain. When is this possible?  enjoys the ‘Small model property’, or Tailor-made reduction Answer: Split the domain, not the formula.

29 29 SAT vs. infinite-state decision procedures With finite instantiation (e.g. SAT), we split the domain. Infinite state decision procedures split the formula. So what’s the big difference ?

30 30 SAT vs. infinite-state decision procedures 1. Pruning. 2. Learning. 3. Guidance (prioritizing internal steps) Three mechanisms, crucial for efficient decision making: SAT has a significant advantage in all three.

31 31 SAT vs. infinite-state decision procedures (1/4) 1. Pruning SAT: each clause c prunes up to 2 |v|-|c| states. Others: ? (stops when finds a satisfiable clause) y x 0 01 1 Backtrack Pruned!. (x  y). |v|=1000, |c| =2 Pruning 2 998 states

32 32 SAT vs. infinite-state decision procedures (2/4) 2. Learning SAT: Partial assignments that lead to a conflict are recorded and hence not repeated. Others: (depends on decision procedure) - Adding proved sub-goals as antecedents to new sub-goals - …

33 33 SAT vs. infinite-state decision procedures (3/4) 3. Guidance (prioritizing internal steps) Guidance requires efficient estimation: Consider  1   2, where  1 is unsat and hard, and  2 is sat and easy. With proper guidance, a theorem prover should start from  2. - How hard it is to solve each sub-formula? - To what extent will it simplify the rest of the proof?

34 34 SAT vs. infinite-state decision procedures (4/4) 3. Guidance (cont’d) “..To what extent will it simplify the rest of the proof?” SAT: Guidance through decision heuristics (e.g. DLIS). Others: Expression ordering,... (x  y  z) (x  v) (~x  ~z) Estimating simplification by counting literals in each phase

35 35 This work 1.Separation predicates: 2.Separation predicates for integers: 3.Linear arithmetic: 4.Integer linear arithmetic: Extends the results of Bryant et.al. to a Boolean combination of: This work

36 36 Reducing separation predicates to propositional logic (4/6) B. Encode predicates and construct a graph (procedure) Let  {>,  } 1. Construct a graph G(V,E), where V = variables in . Each edge e  E is a 4-tuple (from, to, weight, ) 2. Substitute each predicate in  of the form x y+c with a Boolean variable, and add an edge (x,y,c, ) to E

37 37 x y z 3 1 Reducing separation predicates to propositional logic (3/6)  : ( x > z +3  (z > y –1  y  x+1))  ’: Transitivity constraints   ( )) ( B. Encode + construct graph (example): Separation graph:

38 38 If total weight is positive, or All edges are ‘  ’ and total weight is equal to 0 then add the constraint: C. Add transitivity constraints for each cycle C Reducing separation predicates to propositional logic (6/6)

39 39 x y z 3 1 Reducing separation predicates to propositional logic (5/6)  ’: Transitivity constraints   ( )) ( C. Add transitivity constraints for each simple cycle (example):  ’: (((( ))    ( (

40 40 Some special cases: 1. If the diamonds are ‘balanced’  O(n) constraints..... c1c1 c1c1 c1c1 c1c1 c2c2 c2c2 c2c2 c2c2 2. If there are uniform weights c 1 and c 2, c 1  c 2 on top and bottom paths  O(n 2 ) constraints Compact representation of constraints

41 41 Integrated decision procedures in Theorem-Provers Deciding a combination of theories is the key for automation in Theorem Provers: Boolean operators, Bit-vector, Sets, Linear-Arithmetic, Uninterpreted functions, More … f(f(x)-f(y)) != f(z) & y 10 Uninterpreted functions Linear Arithmetic Bit-Vector operators Normally, each theory is solved with its own decision procedure And the results are combined (Shostak, Nelson..).

Download ppt "1 Deciding separation formulas with SAT Ofer Strichman Sanjit A. Seshia Randal E. Bryant School of Computer Science, Carnegie Mellon University."

Similar presentations

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.

On Solving Presburger and Linear Arithmetic with SAT Ofer Strichman Carnegie Mellon University.
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.
Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.

Daniel Kroening and Ofer Strichman 1 Decision Procedures An Algorithmic Point of View SAT.
The Theory of NP-Completeness

The Theory of NP-Completeness
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.

Weizmann Institute Deciding equality formulas by small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel.
Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.

Plan for today Proof-system search ( ` ) Interpretation search ( ² ) Quantifiers Equality Decision procedures Induction Cross-cutting aspectsMain search.
Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.

Constraint Logic Programming Ryan Kinworthy. Overview Introduction Logic Programming LP as a constraint programming language Constraint Logic Programming.
Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 3. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
Decision Procedures for Presburger Arithmetic Presented by Constantinos Bartzis.

Decision Procedures for Presburger Arithmetic Presented by Constantinos Bartzis.
Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.

Ofer Strichman, Technion 1 Decision Procedures in First Order Logic Part III – Decision Procedures for Equality Logic and Uninterpreted Functions.
NP-Complete Problems Reading Material: Chapter 10 Sections 1, 2, 3, and 4 only.

NP-Complete Problems Reading Material: Chapter 10 Sections 1, 2, 3, and 4 only.
SAT-Based Decision Procedures for Subsets of First-Order Logic

SAT-Based Decision Procedures for Subsets of First-Order Logic
The Theory of NP-Completeness

The Theory of NP-Completeness
NP-Complete Problems Problems in Computer Science are classified into

NP-Complete Problems Problems in Computer Science are classified into
Sanjit A. Seshia and Randal E. Bryant Computer Science Department

Sanjit A. Seshia and Randal E. Bryant Computer Science Department
Analysis of Algorithms CS 477/677

Analysis of Algorithms CS 477/677
Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Technion 1 Generating minimum transitivity constraints in P-time for deciding Equality Logic Ofer Strichman and Mirron Rozanov Technion, Haifa, Israel.

Similar presentations

Ads by Google