1. Efficient Craig Interpolation for Linear Diophantine (Dis)Equations & Linear Modular Equations
Jain, Clarke & Grumberg CAV08

2. We saw (in Yael’s talk):
Interpolants are used in abstraction refinement for finding a set of predicates in order to rule out spurious counterexamples 1
x:=ctr 2 3
... 5
ctr:=ctr+1
y:=ctr 4
x=m
ERR …
x≠m
y=m+1
y≠m+1
c1x1+c2x2+… + cnxn = (≠) c0
These predicates are of the form of linear (dis)equations:

3. c1x1+c2x2+… + cnxn ≡ c0(mod m)
We first discuss equations of the types:
c1x1+c2x2+… + cnxn = c0
Rational
Integral variable
a Linear Diophantine Equation (LDE)
Rational
c1x1+c2x2+… + cnxn ≡ c0(mod m)
a Linear Modular Equation (LME)

4. A C X A C X = ≡m A system of LDEs can be written as:
A system of LMEs can be written as: A X ≡m C

5. A system of LDEs as a conjunction:X C1 C2 =
(A1X = C1) ^ (A2X = C2)

6. (A1X = C1) ^ (A2X = C2) == false
A system of LDEs CX=B is unsatisfiable if it has
no integral solution for X
Example: x y z = 1 3
x+y=1
x-y=1
We say that A1 A2
(A1X = C1) ^ (A2X = C2) == false X C1 C2
y=0
2*0+2z=3
z=2.5

7. We call R a proof of unsatisfiability for AX=B
Theorem: AX=B == false
iff there exists a rational vector R such that:
RA is integral
RB is not an integer
We call R a proof of unsatisfiability for AX=B = 1 x y z
Example:
AX=B :=
RA =
RB = 0.5
AX=B == false
R :=

8. (AX=C) ^ (A2X = C2) == false
An interpolant for
is a system AX=C such that:
For instance,
A1X=C UA1X=UC1
for a rational vector U
(A1X = C1) (AX=C)
Every integral solution for A1X=C1 is also an integral solution for AX=C
X has no integral solution in
(AX=C) and (A2X = C2)
(AX=C) ^ (A2X = C2) == false
Only to xi who have coefficients ≠ 0 in A1 and in A2
AX=C refers only to xi common to A1, A2.

9. ^ ^ Example: = = = 1 1 0 1 -1 0 x y z 0.5 -0.5 1 1 1 0 1 -1 0 x y z 1 x y z 1 x y z 1 x y z = 3 =
== false
An interpolant = x y z ^ 3
== false

10. ^ = An unsatisfiable system of LDEs does not always
have an LDE as an interpolant.
Example: x y z = ^ 1
== false
X is even
X is odd
proof:
Lemma: AX=B implies CX=D iff
AX=B is unsatisfiable
or there exists a vector R such that C = RA and D=RB

11. There always exists an LME
If the system has an LDE as an interpolant
then it is of the form: r(x-2y)=0
It can only contain x as a common variable
r=0
But 0=0 is not an interpolant:
(x-2z)=1^(0=0) is satisfiable
However, there exists an LME as an interpolant: x y z ≡2
There always exists an LME
as an interpolant

12. = An algorithm for finding interpolants Let AX=A’ ^ BX=B’ == false
Let R = [R1 R2] be a proof of unsatisfiability: = A B X A’ B’ R1 R2
R1AX+R2BX
R1A’+R2B’
R1A+R2B is integral
R1A’+R2B’ is not an integer
The LDE R1AX=R1A’ is a partial interpolant for the system
R1AX=R1A’ ==
variables occuring only in AX=A’
variables occuring in both
AX=A’ and in BX=B’

13. R1AX+R2BX = R1A’+R2B’ R1AX=R1A’ == Lemma: ai is an integer
An algorithm for finding interpolants
R1AX+R2BX =
R1A’+R2B’
The LDE R1AX=R1A’ is a partial interpolant for the system
R1AX=R1A’ ==
Lemma: ai is an integer
variables occuring only in AX=A’
variables occuring in both
AX=A’ and in BX=B’
These variables do not appear in R2BX,
and R1AX+R2BX is integral

14. The partial interpolant R1AX=R1A’ satisfies:
An algorithm for finding interpolants
Lemma:
The partial interpolant R1AX=R1A’ satisfies:
AX=A’
R1AX=R1A’ 1. 2.
(R1AX=R1A’) ^ (BX=B’) == false
Proof:
(R1AX=R1A’) ^ (BX=B’)
R1A B X =
R1A’ B’ 1
R1A’ B’
= R1A’+R2B’ R2
R1A B
= R1A+R2B 1 R2
integral
not an integer
[1 R2] is a proof of unsatisfiability

15. If all ai=0, then the partial interpolant
An algorithm for finding interpolants
R1AX=R1A’ ==
If all ai=0, then the partial interpolant
is also an interpolant for AX=A’ ^ BX=B’:
We saw the first two conditions hold.
In case ai=0 , then R1AX=R1A’ is over variables common to AX=A’ and to BX=B’.

16. ^ Example: = = = = 0 2 2 x y z 3 == false 1 1 0 1 -1 0 x y z 1 1 1 0
An algorithm for finding interpolants ^
Example: x y z = 3
== false x y z 1 = = 1 3 x y z
A proof of unsatisfiability:
The partial interpolant: = x y z 1 x y z =
Only over y , common to both LDEs.
the partial interpolant is also an interpolant.

17. flashback: This system does not have an LDE interpolant
An algorithm for finding interpolants ^
Doesn’t always work: x y z = x y z = 1
== false = 1 x y z
X is even
X is odd
A proof of unsatisfiability:
flashback: This system does not have an LDE interpolant
The partial interpolant:
0.5 = x y z x y z =
Only over x and y , not common to both LDEs.
the partial interpolant is not an interpolant.

18. ai is an integer α is an integer
An algorithm for finding interpolants
Obtaining an LME interpolant
By removing variables not common to AX=A’ and BX=B’
The partial interpolant:
α := gcd of ai
ai is an integer α is an integer
β := integer such that β|α
Then
is an interpolant

19. ^ is an interpolant Proof: β|α, α|ai xi=gi
An algorithm for finding interpolants
is an interpolant
Proof:
1. AX=A’ R1AX=R1A’ R1AX ≡β R1A’
β|α, α|ai ^
2. Suppose that
BX=B’
has an integral solution
xi=gi
BX=B’
R2BX=R2B’
xi=gi is a solution for R2BX=R2B’
R2BG=R2B’ ==

20. ^ + An interpolant! An algorithm for finding interpolants R2BG=R2B’ =
R1AG ≡β R1A’
not an integer
R1A’+R2B’
an integer
R1A+R2B is integral ^
BX=B’ == false
A contradiction
3. The expression is over variables common to
AX=A’ and BX=B
An interpolant!

21. An algorithm for finding interpolants (summary):
Given an unsatisfiable system of LDEs AX=A’ and BX=B’:
How? still to come...
1. compute a proof of unsatisfiability [R1 R2]
2. compute the partial interpolant R1AX=R1A’
3. if R1AX=R1A’ is not only over VAB :
3.1 compute the gcd α of coefficients of xi’s in VA/B
3.2 compute β that divides α
3.3 return
else return R1AX=R1A’

22. We call R a proof of unsatisfiability for AX ≡m B
Interpolants for LMEs
c1x1+c2x2+… + cnxn ≡ c0(mod m) A X ≡m C
Theorem:
AX ≡m B == false iff there exists a rational vector R such that:
RA is integral
mR is integral
RB is not an integer
We call R a proof of unsatisfiability for AX ≡m B
AX ≡m B == false
RA =
-1 0
RB = -3/2
mR = ≡8 4
2 2
2 1
4 0 x y
Example:
AX ≡m B :=
1/4 -1/2 -1/8
R :=

23. The two equations are equi-satisfiable
Interpolants for LMEs
Proof:
An LME CX≡m D:
c11 …… c1n
c21 …… c2n
cn1 …… ctn x1 x2 xn d1 d2 dt ≡m
The two equations are equi-satisfiable
For each equation: ci1x1+ci2x2+ … + cinxn ≡m di
Add a new variable: ci1x1+ci2x2+ … + cinxn + mvi = di
The new system
C’Z=D:
c11 …… c1n m 0 … 0
c21 …… c2n 0 m … 0
cn1 …… ctn 0 0 … m x1 . xn v1 vt = d1 d2 dt

24. r1 r2…… rt c11 …… c1n m 0 … 0 c21 …… c2n 0 m … 0 cn1 …… ctn 0 0 … m
Interpolants for LMEs
CX ≡m D has an integral solution iff C’Z=D has one.
CX ≡m D has no integral solution iff
C’Z=D has no integral solution iff
There exists a vector R such that RC’ is integral and
RD is not an integer
Let R=[r1 r2 … rt]
RC’=
c11 …… c1n m 0 … 0
c21 …… c2n 0 m … 0
cn1 …… ctn 0 0 … m
r1 r2…… rt
Integral
=[RC[1] RC[2] … RC[n] mr1 mr2 …. mrt]
= [RC mR]

25. Let (AX ≡m A’) ^ (BX ≡m B’) == false
Interpolants for LMEs
Let (AX ≡m A’) ^ (BX ≡m B’) == false
Let R = [R1 R2] be a proof of unsatisfiability:
R1AX =
Let S={ai | ai ≠0}
mR1 = [d1 d2 d dk]
Let T={di | di ≠0}
If T=Φ interpolant: 0≡m0
Otherwise:
Let α = gcd S U T
Let β := integer such that β|α
(m/β R1)AX ≡m (m/β R1)A’ is an interpolant

26. (AX ≡m A’) ^ (BX ≡m B’) == false
Interpolants for LMEs
Proof:
(AX ≡m A’) ^ (BX ≡m B’) == false
Let R = [R1 R2] be a proof of unsatisfiability: A B X A’ B’ R1 R2 ≡m
R1A+ R2B is integral
The coefficients of xi only in A are integral
mR = [mR1 mR2] is integral
mR1 is integral
R1A’+ R2B’ is not an integer

27. R2B is integral, R2B’ is not an integer
Interpolants for LMEs
R1AX =
Let S={ai | ai ≠0}
mR1 = [d1 d2 d dk]
Let T={di | di ≠0}
If T=Φ
R1 = 0
R2B is integral, R2B’ is not an integer
interpolant: 0≡m0 (== true)
(BX ≡m B’) == false
If T≠Φ:
S and T are integral
α := gcd S U T is an integer

28. β := integer such that β|α
Interpolants for LMEs
β := integer such that β|α
need to prove:
(m/β R1)AX ≡m (m/β R1)A’ is an interpolant
Lemma:
For every integral vector U the system CX ≡m D implies UCX ≡m UD
1. mR1 is integral.
β divides every element of mR1.
1/β mR1 = m/β R1 is integral (mark it U)
AX ≡m A’ implies (m/βR1)AX ≡m (m/βR1)A’

29. [β/m,R2] is a proof of unsatisfiability:
Interpolants for LMEs
2. UAX≡mUA’ ^ BX ≡m B’ UA B X
UA’ B’ ≡m
[β/m,R2] is a proof of unsatisfiability: UA B
β/m R2
= β/m m/βR1A+R2B = R1A+R2B
Integral
m[β/m,R2] = [β,mR2]
Integer
Integral
not an Integer
UA’ B’
β/m R2
= β/m m/βR1A’+R2B’ = R1A’+R2B’
UAX≡mUA’ ^ BX ≡m B’ == false

30. 3. (m/β R1)AX ≡m (m/β R1)A’ is over common variables:
Interpolants for LMEs
3. (m/β R1)AX ≡m (m/β R1)A’ is over common variables:
(m/β R1)AX
(m/β R1)A’
β divides ai’s
ai/β is integral

31. ^ Example: == false x y x y x y R1AX = ¼ -1/2 -1/2 0 mR1 = S = Φ
Interpolants for LMEs ^
Example:
== false
2 2
2 1 x y ≡8 4
4 0 x y ≡8 4 ≡8 4
2 2
2 1
4 0 x y
A proof of unsatisfiability:
1/4 -1/2 -1/8
R1AX =
¼ -1/2
2 2
2 1 x y =
-1/2 0
= -1/2x
mR1 =
2 -4
S = Φ
T = {2, -4}
α = 2
β = 2 or β = 1
-4 0 x y ≡8 -8 ==
2 -4
2 2
2 1 x y ≡8 1 4
for β = 1:
2 -4
2 2
2 1 x y ≡8 4
for β = 2:
-2 0 x y ≡8 -4 ==

32. What if the moduli is different?
Interpolants for LMEs
What if the moduli is different?
(AX ≡m1 A’) ^ (BX ≡m2 B’) == false
m=lcm(m1,m2)
standard
moduli operations
(AX ≡m1 A’) ^ (BX ≡m2 B’) ≡
(m2AX ≡m m2A’) ^ (m1BX ≡m m1B’)
For more than two formulas, use m=lcm(m1,m2, m3,…,),
For the i’th formula use m/mi

33. E 0 Obtaining Proofs of Unsatisfiability Hermite Normal Form
If AX=B has no rational solution, it has no integral solution.
First, use Gaussian elimination
Hermite Normal Form
Every full row rank matrix A[mxn] can be represented as: E
mxm
mx(n-m)
Lower triangular
Invertible
All entries non-negative
Maximal element lies on the diagonal
There exists a unimodular (invertible, integral, closed under product and inversion) matrix U such that AU=[E 0]
The HNF form can be obtained by using the three basic
column operations on A

34. Lemma: AX=B has no integral solution iff E-1B is not integral
Obtaining proofs of unsatisfiability
Lemma: AX=B has no integral solution iff E-1B is not integral
To obtain R, a proof of unsatisfiability:
1. Compute [E 0]
2. If E-1B is not integral:
2.1. E-1B[i] is not an integer.
R’ = the i’th row in E-1
R’B is not an integer, R’A is integral
Proof: AU = [E 0]
E-1AU = E-1[E 0] = [I 0]
Integral
Integral
E-1AUU-1= E-1A = [I 0] U-1

35. Proofs of Unsatisfiability for LMEs:
Obtaining proofs of unsatisfiability
Proofs of Unsatisfiability for LMEs:
AX ≡m B
Each equation ti ≡m bi can be written as an equi-satisfiable
LDE ti + mvi = bi .
New integer variable
AX ≡m B is reduced to an equi-satisfiable system A’Z = B
The proof of unsatisfiability is the same for both systems.

36. c1x1+c2x2+… + cnxn ≠ c0 Handling Disequations
Disequations can also be represented by a matrix: CX ≠ D
A system of equations and disequations: AX=B ^ CX ≠ D
A system AX=B ^ CX ≠ D has no integral solution
Iff AX=B ^ CX ≠ D has no rational solution
or AX=B has no integral solution
Theorem:
Can be done in polynomial time
Can be determined in polynomial time

37. Handling Disequations
LDE
LDD
F=F1 ^ F2 and G=G1 ^ G2
If F^G is unsatisfiable because F1^F2^G1^G2 has no rational solution, an interpolant can be computed.
If F^G is unsatisfiable because F1^G1 has no integral solution, an interpolant for F1^G1 can be computed.

38. V For LMD’s , the problem is NP-hard By reduction from 3-SAT:
Handling Disequations
For LMD’s , the problem is NP-hard
By reduction from 3-SAT:
Variables in 3-SAT: {z1, z2, …zi, …, zn}
Two variables for zi: xi, xi’
One for zi, one for ¬zi
Express the constraints:
xi ≡4 0 and xi’ ≡ or xi ≡4 1 and xi’ ≡4 0 V i
¬(xi ≡4 xi’)
¬(xi ≡4 2)
¬(xi ≡4 3)
¬(xi’ ≡4 2)
¬(xi’ ≡4 3)
L1=

39. V V For each clause (u V v V w): ¬(u+v+w ≡4 0 )
Handling Disequations
For each clause (u V v V w):
¬(u+v+w ≡4 0 )
This is only falsified when u,v,w are all assigned 0(mod 4) V
clauses(u V v V w)
¬(u+v+w ≡4 0 )
L2=
L=L L2 V
The 3-SAT formula is satisfiable iff L is satisfiable.

40. Interpolants for LMEs, LDEs and LDDs can be computed in polynomial time using algebraic techniques
The existing tools based on predicate abstraction and CEGAR can not discover the predicates computed by these techniques.
Experimental results show that little unwinding is needed due to the early discovery of appropriate LMEs.

41. Toda Raba!

42. and R1AX=R1B is an interpolant.
Handling Disequations
If F^G is unsatisfiable because F1^F2^G1^G2 has no rational solution, an interpolant can be computed.
Proof:
Lemma: A system AX=B has no rational solution iff there exists a vector R such that RA=0 and RB≠0
If F^G is unsatisfiable because F1^F2 == AX=B^A’X=B’ has no rational solution, then R=[R1 R2] exists,
and R1AX=R1B is an interpolant.

43. AX=B^A’X=B’ => Vcix,
and R1AX=R1B is an interpolant.

44. להוריד שקף? Lemma: AX=B EX=F iff AX=B == false or E=RA and F=RB Lemma:
Handling Disequations
Rational row vector
Lemma:
AX=B EX=F iff
AX=B == false or E=RA and F=RB
Lemma:
AX=B V(CiX=Di) iff
AX=B CkX=Dk for some k
להוריד שקף?