Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05.

Published byDominick James Modified over 9 years ago

Similar presentations

Presentation on theme: "1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05."— Presentation transcript:

1 1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05

2 2 Craig Interpolation Theorem A, B first-order formulas If A  B   then there exists a first-order formula C 1.A  C 2.C  B   3.C refers only to AB-common symbols C is an interpolant for (A,B)

3 3 Motivation Abstraction –forget some information about the system –preserve enough information to show that an error state is not reachable Interpolation –forget some information about A –preserve enough information to show that B is unsatisfiable

4 4 Motivation Bounded Model Checking [McMillan, CAV’03] –abstraction of reachable states –completeness initial error reachable in k steps A-partB-part C

5 5 Motivation Bounded model checking [McMillan, CAV’03] –propositional (hardware) and first-order (software) Predicate abstraction refinement [HJMS, POPL’04] –first-order Computation of the abstract transition relation [McMillan et al., CAV’05] –propositional Exploit prover’s ability to focus on relevant facts

6 6 Interpolant Generation Craig interpolation theorem [’57] –(full) first-order logic –existence of interpolants (cut elimination) Pudlak [‘95], Krajicek [’95] –propositional logic Pudlak [‘95] –linear inequalities (LI) McMillan [TACAS’04] –uninterpreted functions (UF) –the combinated theory of UF and LI (with boolean combinations)

7 7 Nelson-Oppen Combination Method Satisfiability in a combined theory [’79] Given –P 1 is a decision procedure for satisfiability in T 1 –P 2 is a decision procedure for satisfiability in T 2 Combines P 1 and P 2 into a decision procedure for satisfiability in the combined theory T = T 1  T 2

8 8 Interpolant Generation in Combined Theory Given –P 1 interpolant generation procedure for T 1 –P 2 interpolant generation procedure for T 2 How to combine P 1 and P 2 into an interpolant generation procedurefor the combined theory T = T 1  T 2 ?

9 9 Outline Notations Partial interpolants Example Equality-interpolating theories Conclusions

10 10 First-Order Theory T  T entailment modulo theory T  signature –constant, function and relation symbols –equality = L is a set of  -formulas –assume L is (quantifier free) conjunction of  -literals    interpreted symbols –theory of linear inequalities: +, < –theory of Lisp structures: car, cdr, cons, atom

11 11 Example Theories UF – Uninterpreted Functions –  contains uninterpreted function symbols: f,g,... –  is empty –example: f(a,b) = g(c) LI - Linear Inequalities –  contains +, <, 0, 1, 2,... –example: a < b + 2*c Lisp structures –  = { car, cdr, cons, atom } –example: car(a) = cons(car(b),cdr(c))

12 12 Theory-Specific Interpolants A, B are formulas in L If A  B  T  then there exists a formula C in L 1.A  T C 2.C  B  T  3.C refers only to AB-common symbols or to symbols in  C is an interpolant in theory T for (A,B)

13 13 Example: Lisp Structures –A-local symbols: a, car,cdr,atom –B-local symbols: b, cons –AB-common symbols: c 1,c 2,c 3 –  is { car, cdr, cons, atom } AB car(a) = c 2 c 3 = cdr(a) a = c 1  atom(c 1 )  (b = cons(c 2,c 3 )) c 1 = b Interpolant for (A,B) in Lisp theory is c 1 = cons(c 2,c 3 )

14 14 Combined Theory T First-order theory T defined as a combination of T 1 and T 2 –T is T 1  T 2 (union of axioms / intersection of sets of models) –  is  1   1 –  is  1   2 –disjoint signatures:  1   2 is { = }

15 15 Interpolants in Combined Theory AB UF a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) LI a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3 A is (f(x 1 ) + x 2 = x 3 )  (f(y 1 ) + y 2 = y 3 )  (y 1  x 1 ) B is (x 2 = g(b))  (y 2 = g(b))  (x 1  y 1 )  (x 3 < y 3 ) separatelyPurify A and B separately –A UF  A LI is the result of purify(A) –B UF  B LI is the result of purify(B) T is UF  LI

16 16 Interpolants in Combined Theory AB UF a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) LI a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3 Find an interpolant C for (A,B) –C in  UF   LI –C uses only AB-common symbols or interpreted symbols  UF   LI (+,<, x 1,x 2,x 3,y 1,y 2,y 3 ) T is UF  LI

17 17 Interpolant Generation in Combined Theory Given –P 1 is a decision procedure for T 1 –P 2 is a decision procedure for T 2 Combine P 1 and P 2 into an interpolant generation procedure for the combined theory T = T 1  T 2

18 18Requirements Requirement on procedure P 1 (same for P 2 ) –P 1 is a decision procedure for satisfiability of T 1 –if input is satisfiable P 1 generates a new consequence (equality between variables) –if input of the form A  B is unsatisfiable in T 1, P 1 generates an interpolant for A and B in T 1 Requirement on T 1 (and T 2 ) –stably-infinite –convex –equality-interpolating

19 19 Equality Propagation P UF P LI a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3   A UF B UF A LI B LI x 1 =y 1 x 2 =y 2 a 1 =a 2  C LI is interpolant for A LI  (a 1 =a 2 ) and B LI  (x 2 =y 2 ) C LI is x 2 -y 2 = x 3 -y 3 C LI is not an interpolant for (A,B) [ C LI ] [ ? ]

20 20 Observation C LI is interpolant for A LI  (a 1 =a 2 ) and B LI  (x 2 =y 2 ) C LI is not an interpolant for (A,B) –A LI  (a 1 =a 2 )  T C LI but A  T C LI –a 1 =a 2 follows from A  B, but not A alone How to “lift” C LI to an interpolant for (A,B) ?

21 21 The idea Whenever a new equality generated by a component procedure P 1 (or P 2 ), P 1 also generates a formula [?] –“explains” the equality –uses only AB-common symbol –partial interpolant An interpolant for (A,B) in UF  LI is a boolean combination of C LI and [?],...,[?]

22 22 Theory-Specific Partial Interpolants P1P1P1P1 A 1  B 1 x=y A 1  B 1  T1 x=y A 1  B 1   (x=y)  T1    

23 23 Theory-Specific Partial Interpolants P1P1P1P1 A 1  B 1 x=y A 1  B 1  T1 x=y A 1  B 1   (x=y)  T1      [ C T1 ] C T1 (x=y)theory-specificC T1 (x=y) a theory-specific partial partial interpolant of x=y for A 1 and B 1 in theory T 1 –interpolant for A 1 and B 1  (x=y) if x,y  B-local  AB-common –interpolant for A 1  (x=y) and B 1 if x,y  A-local  AB-common

24 24 C T1 (x=y)C T1 (x=y) is a theory-specific partial interpolant of x=y for A 1  (a=a’) and B 1  (b=b’) in theory T 1 C(x=y)C(x=y) a partial interpolant of x=y for A and B in T 1  T 2 is a boolean combination of C T1 (x=y) and C(a=a’) and C(b=b’) Partial Interpolants (a=a’)  A 1  B 1  (b=b’) x=y [ ? ] [ C(a=a’) ][ C(b=b’) ] P1P1P1P1 [ C T1 (x=y) ]

25 25 Example P UF P LI a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3   A UF B UF A LI B LI C UF (a 1 =a 2 ) for A UF and B UF  (x 1 =y 1 ) is an interpolant for A UF  (a 1 =a 2 ) and B UF  (x 1 =y 1 ) x 1 =y 1 [ y 1  x 1 ] C(a 1 =a 2 ) for A and B is C UF (a 1 =a 2 )  C(x 1 =y 1 )  (x 1 = y 1 ) a 1 =a 2  (x 1 =y 1 )  y 1  x 1 [ y 1 < x 1 ]

26 26 Example P UF P LI a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3   A UF B UF A LI B LI x 1 =y 1 [ y 1  x 1 ] a 1 =a 2 [ y 1 < x 1 ]  C(  ) for A and B is x 2 -y 2 =x 3 -y 3  y 1 <x 1 C LI (  ) interpolant for A LI  (a 1 =a 2 ) and B LI  (x 2 =y 2 ) C LI (  ) is x 2 -y 2 = x 3 -y 3 x 2 =y 2 [  ]

27 27 P UF P LI a 1 = f(x 1 ) a 2 = f(y 1 ) x 2 = g(b) y 2 = g(b) a 1 + x 2 = x 3 a 2 + y 2 = y 3 y 1  x 1 x 1  y 1 x 3 < y 3   A UF B UF A LI B LI x 1 =y 1 [ y 1  x 1 ] a 1 =a 2 [ y 1 < x 1 ] x 2 =y 2 [  ] An interpolant C for A and B is [x 2 -y 2 =x 3 -y 3  y 1 <x 1 ] Example 

28 28 Theory-Specific Partial Interpolants P1P1P1P1 A 1  B 1 e [ C T1 (e) ] C T1 (e)theory-specificC T1 (e) a theory-specific partial partial interpolant of e for A 1 and B 1 in theory T 1 –interpolant for A 1 and B 1  e if e  B-local  AB-common –interpolant for A 1  e and B 1 if e  A-local  AB-common –if e is a=b a is A-local, b is B-local –interpolant for A 1 and B 1  (a=b) ? –interpolant for A 1  (a=b) and B 1 ?... to B or not to B ?

29 29 Equality-Interpolating Theory If A  B  T (a = b) –a is A-local, b is B-local then there exists a term t –A  B  T (a = t)  (t = b) –t refers to AB-common symbols only Equality-interpolating: UF, LI, Lisp –easy to extend the existing decision procedures to generate such terms t

30 30Requirements Requirement on P 1 (and P 2 ) –P 1 is a decision procedure for satisfiability of T 1 –if input is satisfiable P 1 generates a new consequence (equality between variables) –if input of the form A  B is unsatisfiable in T 1, P 1 generates an interpolant for A and B in T 1 Requirement on T 1 (and T 2 ) –stably-infinite –convex –equality-interpolating

31 31 Summary A method for generating interpolants for combined theories –interpolant-generation procedures P 1, P 2 used as black-boxes –on top of a Nelson-Oppen procedure –propagate partial interpolants –equality-interpolating theories Can be integrated within existing tools –Simplify, Verifun, ICS, CVCLite, Zap Extensions –arbitrary quantifier-free formulas, non-convex theories, non-disjoint signatures, quantifiers Application to software model-checking More support for operations modulo theories –join, widening, predicate abstraction, counter-example generation

Download ppt "1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05."

Similar presentations

Model Checking Base on Interoplation

Model Checking Base on Interoplation
Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.

Combining Abstract Interpreters Sumit Gulwani Microsoft Research Redmond, Group Ashish Tiwari SRI RADRAD.
A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California,
Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.

Logical Abstract Interpretation Sumit Gulwani Microsoft Research, Redmond.
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
Demand-driven inference of loop invariants in a theorem prover

Demand-driven inference of loop invariants in a theorem prover
Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?

Automated Theorem Proving Lecture 1. Program verification is undecidable! Given program P and specification S, does P satisfy S?
Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.

Quantified Invariant Generation using an Interpolating Saturation Prover Ken McMillan Cadence Research Labs TexPoint fonts used in EMF: A A A A A.
SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀

SMT Solvers (an extension of SAT) Kenneth Roe. Slide thanks to C. Barrett & S. A. Seshia, ICCAD 2009 Tutorial 2 Boolean Satisfiability (SAT) ⋁ ⋀ ¬ ⋁ ⋀
Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.

Linked List Implementation class List { private List next; private Object data; private static List root; private static int size; public static void addNew(Object.
UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.

UIUC CS 497: Section EA Lecture #2 Reasoning in Artificial Intelligence Professor: Eyal Amir Spring Semester 2004.
Efficient SAT/BDD-based Techniques for Predicate Abstraction Efficient SAT/BDD-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work.

Efficient SAT/BDD-based Techniques for Predicate Abstraction Efficient SAT/BDD-based Techniques for Predicate Abstraction Shuvendu K. Lahiri Joint work.
Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.

Interpolants from Z3 proofs Ken McMillan Microsoft Research TexPoint fonts used in EMF: A A A A A.
1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.

1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond.
Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.

Panel on Decision Procedures Panel on Decision Procedures Randal E. Bryant Lintao Zhang Nils Klarlund Harald Ruess Sergey Berezin Rajeev Joshi.
Leonardo de Moura and Nikolaj Bjørner Microsoft Research.

Leonardo de Moura and Nikolaj Bjørner Microsoft Research.
Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.

Reduction of Interpolants for Logic Synthesis John Backes Marc Riedel University of Minnesota Dept.
Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.

Nikolaj Bjørner Microsoft Research Lecture 4. DayTopicsLab 1Overview of SMT and applications. SAT solving, Z3 Encoding combinatorial problems with Z3.
SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:

SAT and Model Checking. Bounded Model Checking (BMC) A.I. Planning problems: can we reach a desired state in k steps? Verification of safety properties:
Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)

Computability and Complexity 9-1 Computability and Complexity Andrei Bulatov Logic Reminder (Cnt’d)

Similar presentations

Ads by Google