Download presentation
Presentation is loading. Please wait.
1
Nikolaj Bjørner Joe Hendrix Microsoft Research & Corporation
2
Linear Functional Fixed-Point Logic (FFP) Complexity results for FFP: FFP(Propositional) – PSPACE/NP FFP(Linear/Equalities) – PSPACE By a reduction to LTL FFP(Non-linear)– NEXPTIME hard/undecidable Integrating FFP with an SMT solver (Z3)
3
TT TT FF FF FF TT head curr data(curr) := true; curr := f(curr) data(curr) := true; curr := f(curr) curr = head TT TT TT TT TT TT head curr curr := head FF FF FF FF FF FF head curr Loop invariant: Every data element between head and curr is set to true FF FF FF FF FF TT head curr
4
Loop invariant : Every data element between head and curr is set to true TT TT FF FF FF TT head curr x [head curr]. data(x) f invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x))) LFP Inv, x. [ x = curr (data(x) Inv(f(x))) ] (head) Inv x [ x = curr (data(x) Inv(f(x))) ] (head) What are practical ways of reasoning with such fixed-points?
![Loop invariant : Every data element between head and curr is set to true TT TT FF FF FF TT head curr x [head curr].](http://images.slideplayer.com./16/5131007/slides/slide_4.jpg "data(x) f invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x))) LFP Inv, x. [ x = curr (data(x) Inv(f(x))) ] (head) Inv x [ x = curr (data(x) Inv(f(x))) ] (head) What are practical ways of reasoning with such fixed-points .")
5
uvuvuvuv uvuvuvuv f w [Nelson 80] uuvvww f ff f f f
![uvuvuvuv uvuvuvuv f w [Nelson 80] uuvvww f ff f f f](http://images.slideplayer.com./16/5131007/slides/slide_5.jpg "uvuvuvuv uvuvuvuv f w [Nelson 80] uuvvww f ff f f f")
6
uuvvww f ff ff uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] f w [Nelson 80] f
![uuvvww f ff ff uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] f w [Nelson 80] f](http://images.slideplayer.com./16/5131007/slides/slide_6.jpg "uuvvww f ff ff uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] f w [Nelson 80] f")
7
uuvv f ff f uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf. Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] B(u) = v BSet(u) BSet(f(u)) BSet(f(f(u))) BSet(v) R(u,v) uuvv f ff f BSet(f(u)) BSet(f(f(u))) From u reach v and v is the first element satisfying BSet(v) From u reach v and everything after u and up to v satisfies BSet
![uuvv f ff f uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf.](http://images.slideplayer.com./16/5131007/slides/slide_7.jpg "Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] B(u) = v BSet(u) BSet(f(u)) BSet(f(f(u))) BSet(v) R(u,v) uuvv f ff f BSet(f(u)) BSet(f(f(u))) From u reach v and v is the first element satisfying BSet(v) From u reach v and everything after u and up to v satisfies BSet.")
8
uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf. Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Use first-order axioms to encode quantifier-free theory of reachability. [LQ08] rely on SMT solver Z3 for instantiating axioms using triggers. Required quantifier support by solver is not so off-the-shelf. Use first-order axioms to encode quantifier-free theory of reachability. [LQ08] rely on SMT solver Z3 for instantiating axioms using triggers. Required quantifier support by solver is not so off-the-shelf.
![uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf.](http://images.slideplayer.com./16/5131007/slides/slide_8.jpg "Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Use first-order axioms to encode quantifier-free theory of reachability. [LQ08] rely on SMT solver Z3 for instantiating axioms using triggers. Required quantifier support by solver is not so off-the-shelf. Use first-order axioms to encode quantifier-free theory of reachability. [LQ08] rely on SMT solver Z3 for instantiating axioms using triggers. Required quantifier support by solver is not so off-the-shelf..")
9
uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf. Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] wSnS (finite trees) wSnS (finite trees) wS1S (fin. Acyclic lists) wS1S (fin. Acyclic lists) S1S (inf. Acyclic lists) S1S (inf. Acyclic lists) SnS (inf. Trees) SnS (inf. Trees) wSO(f) (finite linked lists) wSO(f) (finite linked lists) SO(f) (infinite trees) SO(f) (infinite trees)
![uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamarić07+] btwn f (u,v,w) [Rakamarić07+] wf.](http://images.slideplayer.com./16/5131007/slides/slide_9.jpg "Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] wSnS (finite trees) wSnS (finite trees) wS1S (fin. Acyclic lists) wS1S (fin. Acyclic lists) S1S (inf. Acyclic lists) S1S (inf. Acyclic lists) SnS (inf. Trees) SnS (inf. Trees) wSO(f) (finite linked lists) wSO(f) (finite linked lists) SO(f) (infinite trees) SO(f) (infinite trees).")
10
[Immerman+ 04] First-order transitive closure [Møller+ 05] Pointer assertion logic [Lev-Ami+ 05] Acyclic transtive closure [McPeak+ 05] Linked lists [Ranise+ 05] Linked lists [Balaban+ 07] Single parent heaps [Bouajjani+ 06-09] Reachability + arithmetic + T Apologies for relevant omissions.
![[Immerman+ 04] First-order transitive closure [Møller+ 05] Pointer assertion logic [Lev-Ami+ 05] Acyclic transtive closure [McPeak+ 05] Linked lists [Ranise+ 05] Linked lists [Balaban+ 07] Single parent heaps [Bouajjani ] Reachability + arithmetic + T Apologies for relevant omissions.](http://images.slideplayer.com./16/5131007/slides/slide_10.jpg "[Immerman+ 04] First-order transitive closure [Møller+ 05] Pointer assertion logic [Lev-Ami+ 05] Acyclic transtive closure [McPeak+ 05] Linked lists [Ranise+ 05] Linked lists [Balaban+ 07] Single parent heaps [Bouajjani ] Reachability + arithmetic + T Apologies for relevant omissions.")
11
Existing decision procedures for fixed-points use -Encoding with first-order axioms -Rely on first-order instantiation engine for completeness -Reduction to automata -Powerful combination with some theories, but flexible combination approach and “low-order” complexity results unclear to us TT TT FF FF FF TT head curr
12
Theories Core Theory SAT solver Bit-Vectors Arithmetic Data-types E- matching Arrays Formula Rewriting Simplification Specialized theory solvers interoperate by exchanging learned equalities and clauses with a common congruence closure core Core Theory: Equalities, asserted literals Theory Core: Equalities, asserted literals, new clauses TT TT FF FF FF TT head curr
13
Loop invariant : Every data element between head and curr is set to true TT TT FF FF FF TT head curr x [head curr]. data(x) f invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x))) LFP Inv, x. [ x = curr (data(x) Inv(f(x))) ] (head) Inv x [ x = curr (data(x) Inv(f(x))) ] (head)
![Loop invariant : Every data element between head and curr is set to true TT TT FF FF FF TT head curr x [head curr].](http://images.slideplayer.com./16/5131007/slides/slide_13.jpg "data(x) f invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x))) LFP Inv, x. [ x = curr (data(x) Inv(f(x))) ] (head) Inv x [ x = curr (data(x) Inv(f(x))) ] (head).")
14
[data(x) Until f,x x = curr] (head) Is there a convenient propositional-like abstraction of fixed-points? Our Approach: establish and use a connection with Linear Time Temporal Logic for linear functional fixed-points Inv x [ x = curr (data(x) Inv(f(x))) ] (head) A Until B B [A (A Until B)] X. B [A X] TT TT FF FF FF TT head curr
![ [data(x) Until f,x x = curr] (head) Is there a convenient propositional-like abstraction of fixed-points.](http://images.slideplayer.com./16/5131007/slides/slide_14.jpg "Our Approach: establish and use a connection with Linear Time Temporal Logic for linear functional fixed-points Inv x [ x = curr (data(x) Inv(f(x))) ] (head) A Until B B [A (A Until B)] X. B [A X] TT TT FF FF FF TT head curr.")
15
[A(x) Until f,x B(x)] (a) R x [B(x) (A(x) R(f(x)))] (a) [ f,x A(x)] (a) [true Until f,x A(x)] (a) [ f,x A(x)] (a) [ f,x A(x)] (a)
![ [A(x) Until f,x B(x)] (a) R x [B(x) (A(x) R(f(x)))] (a) [ f,x A(x)] (a) [true Until f,x A(x)] (a) [ f,x A(x)] (a) [ f,x A(x)] (a)](http://images.slideplayer.com./16/5131007/slides/slide_15.jpg " [A(x) Until f,x B(x)] (a) R x [B(x) (A(x) R(f(x)))] (a) [ f,x A(x)] (a) [true Until f,x A(x)] (a) [ f,x A(x)] (a) [ f,x A(x)] (a)")
16
uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamanic07+] btwn f (u,v,w) [Rakamanic07+] wf. Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] wSnS (finite trees) wSnS (finite trees) wS1S (fin. Acyclic lists) wS1S (fin. Acyclic lists) S1S (inf. Acyclic lists) S1S (inf. Acyclic lists) SnS (inf. Trees) SnS (inf. Trees) wSO(f) (finite linked lists) wSO(f) (finite linked lists) SO(f) (infinite trees) SO(f) (infinite trees)
![uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamanic07+] btwn f (u,v,w) [Rakamanic07+] wf.](http://images.slideplayer.com./16/5131007/slides/slide_16.jpg "Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] wSnS (finite trees) wSnS (finite trees) wS1S (fin. Acyclic lists) wS1S (fin. Acyclic lists) S1S (inf. Acyclic lists) S1S (inf. Acyclic lists) SnS (inf. Trees) SnS (inf. Trees) wSO(f) (finite linked lists) wSO(f) (finite linked lists) SO(f) (infinite trees) SO(f) (infinite trees).")
17
uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamanic07+] btwn f (u,v,w) [Rakamanic07+] wf. Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] Propositional Linear Time Temporal Logic ?
![uvuvuvuv uvuvuvuv btwn f (u,v,w) [Rakamanic07+] btwn f (u,v,w) [Rakamanic07+] wf.](http://images.slideplayer.com./16/5131007/slides/slide_17.jpg "Reachability [Lahiri, Qadeer 06] wf. Reachability [Lahiri, Qadeer 06] f w [Nelson 80] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] Interpreted sets & Bounded quant. [Lahiri, Qadeer 08] FFP(Prop) Lin. FFP(Eq) FFP(Non-linear) Reachable Patterns [Yorsh+ 06] Reachable Patterns [Yorsh+ 06] Propositional Linear Time Temporal Logic .")
18
[ f,x P(f(x))](a) [ f,x P(x)](b) [Q(x) Until f,x P(f(x))](b) - Distinguished function f - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time [Q(x) Until f,x [P(f(x)) Until f,y R(y)]](b)
 [ f,x P(x)](b) [Q(x) Until f,x P(f(x))](b) - Distinguished function f - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time [Q(x) Until f,x [P(f(x)) Until f,y R(y)]](b)](http://images.slideplayer.com./16/5131007/slides/slide_18.jpg "[ f,x P(f(x))](a) [ f,x P(x)](b) [Q(x) Until f,x P(f(x))](b) - Distinguished function f - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time [Q(x) Until f,x [P(f(x)) Until f,y R(y)]](b)")
19
From LTL to FFP(PL) P f,x f,x P(f(x))(anchor) From FFP(PL) to LTL f,x P(f(x))(a) f,x P(x)(b) P a P b Complexity(FFP(PL)) = Complexity(pLTL)
20
f u v uuvv f ff f f [True Until f,x x = v](u) f,x (x = v)(u) [True Until f,x x = v](u) f,x (x = v)(u)
 f,x (x = v)(u) [True Until f,x x = v](u) f,x (x = v)(u)](http://images.slideplayer.com./16/5131007/slides/slide_20.jpg "f u v uuvv f ff f f [True Until f,x x = v](u) f,x (x = v)(u) [True Until f,x x = v](u) f,x (x = v)(u)")
21
f u v w uuvvww f ff f f f [x w Until f,x x = v](u)
](http://images.slideplayer.com./16/5131007/slides/slide_21.jpg "f u v w uuvvww f ff f f f [x w Until f,x x = v](u)")
22
btwn f (u,v,w) [x w Until f,x x = v](u) f,x (x = w)(v) uuvvww f ff ff f
 f,x (x = w)(v) uuvvww f ff ff f](http://images.slideplayer.com./16/5131007/slides/slide_22.jpg "btwn f (u,v,w) [x w Until f,x x = v](u) f,x (x = w)(v) uuvvww f ff ff f")
23
uuvv f ff f B(u) = v BSet(u) BSet(f(u)) BSet(f(f(u))) BSet(v) R(u,v) uuvv f ff f BSet(f(u)) BSet(f(f(u))) [ BSet(f(x)) Until f,x x = v](u) [ BSet(x) Until f,x x = v](u) BSet(v)
 [ BSet(x) Until f,x x = v](u) BSet(v)](http://images.slideplayer.com./16/5131007/slides/slide_23.jpg "uuvv f ff f B(u) = v BSet(u) BSet(f(u)) BSet(f(f(u))) BSet(v) R(u,v) uuvv f ff f BSet(f(u)) BSet(f(f(u))) [ BSet(f(x)) Until f,x x = v](u) [ BSet(x) Until f,x x = v](u) BSet(v)")
24
[ f,x x c](b) [ g,x P(g(x))](a) [ f,x P(f(x))](a) [x fff(x) Until f,x x = a](b) [ g,x g(g(x)) = x](c) - Distinguished functions f, g - As long as f and g are separate - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time
 [ g,x P(g(x))](a) [ f,x P(f(x))](a) [x fff(x) Until f,x x = a](b) [ g,x g(g(x)) = x](c) - Distinguished functions f, g - As long as f and g are separate - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time](http://images.slideplayer.com./16/5131007/slides/slide_24.jpg "[ f,x x c](b) [ g,x P(g(x))](a) [ f,x P(f(x))](a) [x fff(x) Until f,x x = a](b) [ g,x g(g(x)) = x](c) - Distinguished functions f, g - As long as f and g are separate - Unary predicate symbols, P, Q, R - At most one bound variable in scope at any time")
25
wp(f(u) := v, [A Until f,x B](w)) f’ := x. if x = u then v else f(x) =[A Until f,x B](w)[f f’] A’ := A[f f’], B’ := B[f f’] =[A’ Until f’,x B’](w) = …. = [A’’ Until f,x B’’](w) A’’ := A’ u x B’’ := B’ (u = x [(u x A’) Until f,x B’](v))
) f’ := x.](http://images.slideplayer.com./16/5131007/slides/slide_25.jpg "if x = u then v else f(x) =[A Until f,x B](w)[f f’] A’ := A[f f’], B’ := B[f f’] =[A’ Until f’,x B’](w) = …. = [A’’ Until f,x B’’](w) A’’ := A’ u x B’’ := B’ (u = x [(u x A’) Until f,x B’](v)).")
26
From LTL to FFP(E) P f,x f,x P(f(x))(anchor) From FFP(E) to LTL? [ f,x x = c f,x P(x)](a) a and b reach c [ f,x x = c f,x P(x)](b) after that there is a common P state.
27
From LTL to FFP(E) P f,x f,x P(f(x))(anchor) From FFP(E) to LTL [ f,x (T(x) U(x)) f(x) = b](a) [ f,x (T(x) U(x)) f(x) = c](b) [ f,x (T(x) U(x)) f(x) = a](c) TT bb TT ccTT aa UU UU UU Obstacle: f is a function.- The Temporal Next operator does not encode functionality by itself.
 [ f,x (T(x) U(x)) f(x) = c](b) [ f,x (T(x) U(x)) f(x) = a](c) TT bb TT ccTT aa UU UU UU Obstacle: f is a function.- The Temporal Next operator does not encode functionality by itself.](http://images.slideplayer.com./16/5131007/slides/slide_27.jpg "From LTL to FFP(E) P f,x f,x P(f(x))(anchor) From FFP(E) to LTL [ f,x (T(x) U(x)) f(x) = b](a) [ f,x (T(x) U(x)) f(x) = c](b) [ f,x (T(x) U(x)) f(x) = a](c) TT bb TT ccTT aa UU UU UU Obstacle: f is a function.- The Temporal Next operator does not encode functionality by itself.")
28
Tableau ( ) F – acc. cond Tableau ( ) F – acc. cond PTL PTL* Normalize f Erasure Functionality axioms Functionality axioms
29
Tableau ( ) F – acc. cond Tableau ( ) F – acc. cond PTL PTL* Normalize f Erasure Functionality axioms Proposition: Validity for FFP(E) is PSPACE complete PTL* Size of PTL* is quadratic in Pure pLTL formula
30
FFP(NL) – more than one variable in nested bound context [ f,x [ f,y f(x) y](x)] (a) NEXPTIME hard FFP(NL) MSO(f) 2FFP(E) – allow nested use of functions f g: [ f,x g(f(x)) = f(g(x))] (a) 2FFP(E) is undecidable aa f ff ff f f aa f f f f f f f ff f f f g g g g g g g g g g g g
] (a) NEXPTIME hard FFP(NL) MSO(f) 2FFP(E) – allow nested use of functions f g: [ f,x g(f(x)) = f(g(x))] (a) 2FFP(E) is undecidable aa f ff ff f f aa f f f f f f f ff f f f g g g g g g g g g g g g](http://images.slideplayer.com./16/5131007/slides/slide_30.jpg "FFP(NL) – more than one variable in nested bound context [ f,x [ f,y f(x) y](x)] (a) NEXPTIME hard FFP(NL) MSO(f) 2FFP(E) – allow nested use of functions f g: [ f,x g(f(x)) = f(g(x))] (a) 2FFP(E) is undecidable aa f ff ff f f aa f f f f f f f ff f f f g g g g g g g g g g g g")
31
Most SMT solvers use a DPLL(T) architecture SAT Equality Core Theories Literal assignments Equalities Literal assignments Equalities Literal assignments Lemmas (Conflict Clauses)
32
Property: FFP(E) is stably infinite If FFP(E) formula has a model, it has a model of size N, it has a model of size N+1 Theorem: Let T be stably infinite, decidable, and have disjoint signature from f, g, Then quantifier-free formulas over FFP(E) + T are decidable
33
pLTL Equality Core Theories Trace of Literal assignments Equalities Literal assignments Equalities Literal assignments Invariants Safety properties
34
Linear Functional Fixed-Point Logic (FFP) Complexity results for FFP: FFP(Propositional) – PSPACE/NP FFP(Linear/Equalities) – PSPACE By a reduction to LTL FFP(Non-linear)– NEXPTIME hard/undecidable Integrating FFP with the SMT solver
35
We established a sandwich link between Linear Functional Fixed-Point Logic and Propositional Linear Time Temporal Logic More sandwiched links plausible, but open. From DPLL(T) to SMC(T) We show how to integrate a solver based on LTL with an SMT Solver A prototype using CUDD and shows signs of life
Similar presentations
