Download presentation
Presentation is loading. Please wait.
1
ECI 2007: Specification and Verification of Object- Oriented Programs Lecture 4
2
Proving verification conditions What is the decision procedure for proving validity of VC(f)? Depends on the logic in which VC(f) is expressed VC(f) pre VC(S, post)
3
Verification condition logic Atoms connected by boolean operators – , , , Atoms depend on the program variables and operations on them –boolean, integer, memory Atoms depend on the language of assertions, i.e., program assertions, loop invariants, preconditions and postconditions –quantification, reachability predicate
4
Assume each assertion is a quantifier-free boolean combination of expressions over program variables. VC(f) is a boolean combination of atoms –Each atom is a relation over terms –Each term is built using functions and logical constants Logical constants are different from program variables –program variables change over time –logical constants are fixed The logical constants in VC(f) refer to the values of program variables at the beginning of f.
5
Case I: Boolean programs Boolean-valued variables and boolean operations Formula := A | | A Atom := b b SymBoolConst
6
Example returns c requires true ensures c = a b bool or(bool a, bool b) { if (a) c := true else c := b } Conjecture to be proved: true (a true = a b) ( a b = a b) VC(S, c = a b) = (a true = a b) ( a b = a b) S
7
Case II: Arithmetic programs In addition, integer-valued variables with affine operations Formula := A | | A Atom := b | t = 0 | t < 0 | t 0 t Term := c | x | t + t | t – t | ct b SymBoolConst x SymIntConst c {…,-1,0,1,…}
8
returns c requires b >= 0 ensures c = a + b int add(int a, int b) { int t; t := b c := a invariant t 0 c = a + b - t while (t > 0) { c := c + 1 t := t - 1 } Example Conjecture to be proved: b 0 VC(A, c = a + b) VC(B, t 0 c = a + b - t) t - 1 0 c + 1 = a + b – (t – 1) B L A VC(L, c = a + b) t 0 c = a + b – t (t 0 c = a + b – t t > 0 t - 1 0 c + 1 = a + b – (t - 1) t 0 c = a + b)[c 0 /c,t 0 /t] VC(L, c = a + b) t 0 c = a + b – t (t 0 0 c 0 = a + b – t 0 t 0 > 0 t 0 - 1 0 c 0 + 1 = a + b – (t 0 - 1) t 0 0 c 0 = a + b) VC(A, c = a + b) b 0 a = a + b – b (t 0 0 c 0 = a + b – t 0 t 0 > 0 t 0 - 1 0 c 0 + 1 = a + b – (t 0 - 1) t 0 0 c 0 = a + b)
9
Case III: Memory programs In addition, a memory with read and write operations –an unbounded set of objects –a finite set of fields in each object –each field contains a boolean value, an integer value, or a reference to an object For each field f, two operations Select and Update –Select(f,o) is the content of the memory at object o and field f –Update(f,o,v) is a new memory obtained by updating field f of object o to v
10
Memory axioms for all objects o and o’, and memories m: o = o’ Select(Update(m,o,v),o’) = v o o’ Select(Update(m,o,v),o’) = Select(m,o’)
11
Modeling memory operations Treat each field f as a map variable: a = b.f a = Select(f,b) a.f = b f = Update(f,a,b) { ? } a.f = 5 { a.f + b.f = 10 } WP(a.f = 5, a.f + b.f = 10) WP(f = Update(f,a,5), Select(f,a) + Select(f,b) = 10) Select(Update(f,a,5),a) + Select(Update(f,a,5),b) = 10
12
Simplify using memory axiom Select(Update(f,a,5),a) + Select(Update(f,a,5),b) = 10 iff 5 + Select(Update(f,a,5),b) = 10 iff Select(Update(f,a,5),b) = 5 iff a = b 5 = 5 a b Select(f,b) = 5 iff a b Select(f,b) = 5
13
Formula := A | | A Atom := b | t = 0 | t < 0 | t 0 t Term := c | x | t + t | t – t | ct | Select(m,t) m MemTerm := f | Update(m,t,t) b SymBoolConst x SymIntConst c {…,-1,0,1,…}
14
Decision procedures Boolean programs –Propositional satisfiability Arithmetic programs –Propositional satisfiability modulo theory of linear arithmetic Memory programs –Propositional satisfiability modulo theory of linear arithmetic + arrays
15
Decision procedures Boolean programs –Propositional satisfiability Arithmetic programs –Propositional satisfiability modulo theory of linear arithmetic Memory programs –Propositional satisfiability modulo theory of linear arithmetic + arrays
16
Case I: Boolean programs Boolean-valued variables and boolean operations Formula := b | | b SymBoolConst
17
SAT First NP-complete problem (Cook 1972) Davis-Putnam algorithm (1960) –resolution-based –may use exponential memory Davis-Logemann-Loveland algorithm (1962) –search-based –basis for all successful modern solvers Conflict-driven learning and non-chronological backtracking (1996) –resolution strikes back! Amazing progress –GRASP, SATO, Chaff, ZChaff, BerkMin, …
18
Conjunctive Normal Form CNF Formula ::= c 1 c 2 … c m c Clause ::= l 1 l 2 … l n l Literal ::= b | b b SymBoolConst Unit clause ( l ) -a clause containing a single literal Empty clause ( ) - a clause containing no literal - equivalent to false
19
Conversion into CNF In general, converting into an equivalent CNF formula may result in an exponential blow-up We are only interested in satisfiability of Convert into an equi-satisfiable CNF formula EQCNF( ) – is satisfiable iff EQCNF( ) is satisfiable –size of EQCNF( ) is polynomial in size of
20
Conversion into CNF Convert formula into normal form NF( ) –NF( ) is polynomial in Convert = NF( ) into equisatisfiable CNF formula EQCNF( ) –EQCNF( ) is polynomial in
21
Normal form: NF( ) Negated normal form: NNF( ) Normal Form NF(b) = b NNF(b) = b NF( ) = NNF( ) NNF( ) = NF( ) NF( 1 2 ) = NF( 1 ) NF( 1 ) NNF( 1 2 ) = NNF( 1 ) NNF( 2 )
22
Equi-satisfiable CNF Cl(b) = Cl( b) = true Cl( ) = Cl( ) Cl( ) (v v v ) (v v ) (v v ) Cl( ) = Cl( ) Cl( ) (v v v ) (v v ) (v v ) Let be a formula in normal form. For each subformula of : - create a fresh symbol v in SymBoolConst Identify v b with b and v b with b EQCNF( ) = v Cl( )
23
Resolution (c 1 b) (c 2 b) (c 1 c 2 ) clauses resolvent resolvent(b, c 1 b, c 2 b) = c 1 c 2 = b. (c 1 b) (c 2 b) c 1, c 2 independent of b
24
(c 1 b) (c 2 b) iff (c 1 b) (c 2 b) (c 1 c 2 ) Theorem Adding the resolvent to the set of clauses does not affect the satisfiability of the clause set.
25
Unit resolution ( b ) (c 2 b) ( c 2 ) One of the clauses being resolved is a unit clause Derivation of the empty clause (denoted by ) ( b ) ( b ) ( b ) (c 2 b) ( c 2 )
26
Davis-Putnam algorithm (I) Given clause set C: Rule 1: If a clause (c l l) C, replace it with (c l) Rule 2: If a clause (c b b) C, remove it from C Rule 3a: If b does not occur in any clause in C, remove every clause containing b from C Rule 3b: If b does not occur in any clause in C, remove every clause containing b from C
27
Davis-Putnam algorithm (II) Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2 C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if ( C’) return unsatisfiable C = C’ } return satisfiable
28
(a b c) (b c f) ( b c) Satisfiable example (b c f) ( b c) Rule 3a (c c f) Resolve on b Rule 2 Clause set is empty
29
(a b) (a b) ( a c) ( a c) ( a ) ( a c) ( a c) ( c ) ( c ) Unsatisfiable example Pick b Pick a Pick c
30
Correctness Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2 C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if ( C’) return unsatisfiable C = C’ } return satisfiable Two observations: - Each of the rules 1, 2, 3a, and 3b preserve satisfiability - C’ = b. C
31
Memory explosion Saturate C w.r.t Rules 1, 2, 3a, and 3b while (C is nonempty) { Pick a variable b appearing in some clause in C C’ = { resolvent(b,c 1,c 2 ) | c 1,c 2 C } Saturate C’ w.r.t. Rules 1, 2, 3a, and 3b if ( C’) return unsatisfiable C = C’ } return satisfiable Let n be the number of clauses in the input clause set Number of clauses after i-th iteration of loop: O(n^(2^i))
32
Davis-Logemann-Loveland algorithm Slides 42-72 of sat_course1.pdf Download from: http://research.microsoft.com/users/lintaoz/SATSolving/satsolving.htm
33
Davis-Logemann-Loveland algorithm Eliminates exponential memory requirement Might still need exponential time
34
Conflict-driven learning and non- chronological backtracking Slides 2-20 of sat_course2.pdf Download from: http://research.microsoft.com/users/lintaoz/SATSolving/satsolving.htm
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.