efficient craig interpolation for subsets of integer linear arithmetic himanshu jain, cmu edmund m....
Post on 19-Dec-2015
218 views
TRANSCRIPT
Efficient Craig Interpolation For Subsets of Integer Linear Arithmetic
Himanshu Jain, CMU Edmund M. Clarke, CMU
Orna Grumberg, Technion
2
Interpolants [Craig 1957]
Given formulas F, G such that F Æ G is unsatisfiableGiven formulas F, G such that F Æ G is unsatisfiable
An interpolant for (F,G) is a formula I:1. F ) I2. I Æ G is unsatisfiable3. I contains only common variables of F and G
An interpolant for (F,G) is a formula I:1. F ) I2. I Æ G is unsatisfiable3. I contains only common variables of F and G
I(y) I(y)F(x,y)F(x,y) G(y,z)G(y,z)
3
Interpolants Example
Example 1 (propositional logic):F := p Æ q G := : q Æ r Æ s I := q
Example 2 (linear arithmetic):F := x + 2y ≤ 3 Æ –x - y ≤ -1G := y ≥ 3
Example 2 (linear arithmetic):F := x + 2y ≤ 3 Æ –x - y ≤ -1G := y ≥ 3
F ) y ≤ 2F ) y ≤ 2
I := y ≤ 2
I := y ≤ 2
4
Interpolants in Verification [McMillan 2003]
Useful in symbolic model checking
Reach1(S)Reach1(S)SS
Computing Reach1(S) requires existential quantification (costly using BDDs or SAT) Computing Reach1(S) requires existential quantification (costly using BDDs or SAT)
Interpolant based imageInterpolant based image
5
Interpolants in Verification [Jhala et al. 2004]
Useful for Property Directed Invariant Generation
PredicateAbstractionPredicateAbstraction
Predicates SPredicates S
Program PProgram PInvariants forP expressiblein terms of S
Invariants forP expressiblein terms of S
Interpolants help in finding right set of predicatesInterpolants help in finding right set of predicates
6
How are Interpolants Obtained
F Æ GF Æ Gproof of unsatisfiability of F Æ G
proof of unsatisfiability of F Æ G
Interpolant for (F, G)Interpolant for (F, G)
F, GF, G
7Existing Work on Computing Interpolants
Pudlak, McMillan, Jhala et al., Yorsh et al., Kapur et al., Rybalchenko et al., Kroening et al., Cimatti et al., Beyer et al.
Can efficiently compute interpolants For rational/real linear arithmeticFor equality with uninterpreted function symbols Propositional logic (using SAT solvers)
No efficient interpolation algorithms for Integer linear arithmeticBit-vector arithmeticDecision problem for conjunctions is itself NP-hard
We make progress in this direction. We make progress in this direction.
8
Difference between rational and integer linear arithmetic
Let H := x=2y Æ x=2z+1
If x, y, z are rational variables H is satisfiable (take x=1,y=1/2, z=0)
If x, y, z are integer variables H is unsatisfiable
9
Our results
Polynomial time interpolation algorithmsFor useful subsets of integer linear arithmetic
Integer (Diophantine) linear equationsE.g. x = 3y Æ 5x = 3z+u+2 Æ …
Integer linear congruences (modular equations)E.g. 4x = 2y + 9 (mod 3) Æ 2z + 5x –y = 7 (mod 4) Æ
…
Integer linear equations and disequationsE.g. : (4x + 5y = 8) Æ x = 3y Æ …
10
IntroductionCraig InterpolationRelated Work
Integer Linear EquationsInteger Linear CongruencesInteger Linear Equations+DisequationsExperimental results
Outline
New interpolation algorithmsNew interpolation algorithms
We will only give intuition and examples in the talk. See paper for precise description of results. We will only give intuition and examples in the talk. See paper for precise description of results.
11
Interpolation for Integer Linear Equations
F, G be conjuctions of integer linear equations
We show that interpolant for (F,G) is always:An integer linear equation or An integer linear congruence
F := (x = 2y) and G := (x=2z+1)An interpolant is x = 0 (mod 2)
12
1/5 F + 1/5 G is equal to 6x+y+z=4/5 (Contradiction)
1/5 F + 1/5 G is equal to 6x+y+z=4/5 (Contradiction)
Interpolation Algorithm Step 1
Obtain a proof of unsatisfiability of F Æ G(How to get a contradiction from F Æ G)
F := (30 x + 4y = 2) G := ( y + 5z = 2)F := (30 x + 4y = 2) G := ( y + 5z = 2)
[1/5, 1/5][1/5, 1/5]
13
F G
1/5 (30 x + 4y = 2) + 1/5 (y + 5z = 2)
F G
1/5 (30 x + 4y = 2) + 1/5 (y + 5z = 2)
Interpolation Algorithm Step 2
Sum the equations from F according to the proof of unsatisfiability
6 x + 4/5 y = 2/5 Partial interpolant
6 x + 4/5 y = 2/5 Partial interpolant
We do not want
x
We do not want
x
14
6 x + 4/5 y = 2/5
4/5 y -2/5 = -6x) 4/5 y – 2/5 is divisible by 6) 4/5 y – 2/5 = 0 (mod 6)) 4y-2=0 (mod 30)
6 x + 4/5 y = 2/5
4/5 y -2/5 = -6x) 4/5 y – 2/5 is divisible by 6) 4/5 y – 2/5 = 0 (mod 6)) 4y-2=0 (mod 30)
Interpolation Algorithm Step 3
Remove variables not common to F and G
4y - 2 = 0 (mod 30) is an interpolant for (F, G)We have proved the correctness of above algorithm4y - 2 = 0 (mod 30) is an interpolant for (F, G)We have proved the correctness of above algorithm
15
Complexity of the Algorithm
Obtain proof of unsatisfiability (step 1)Polynomial time using Hermite Normal
FormOverall algorithm is polynomial time
Can also use modern SMT solvers
Multiple interpolants can be obtained
16
Multiple Interpolants
F := 30x+4y=2F := 30x+4y=2
4y – 2 = 0 (mod 30)4y – 2 = 0 (mod 30)
4y – 2 = 0 (mod 15)4y – 2 = 0 (mod 15)
4y – 2 = 0 (mod 10)4y – 2 = 0 (mod 10)
G := y+5z=2G := y+5z=2
4y – 2 = 0 (mod 5)4y – 2 = 0 (mod 5)
17
IntroductionCraig InterpolationRelated Work
Integer Linear EquationsInteger Linear CongruencesInteger Linear Equations+DisequationsExperimental results
Outline
New interpolation algorithmsNew interpolation algorithms
18
Integer Linear Congruences
a = b (mod m) iff m divides (a-b)a, b, m can be rational numbers
Integer Linear Congruence: i ai xi = b (mod m)xi are integer variables
Example: 3x+2y+5z = 0 (mod 6)SATISFIABLE (x=2,y=0,z=0)
19
Interpolation for Integer Linear Congruences
F, G be conjuctions of integer linear congruences
We show that interpolant for (F,G) is always:An integer linear congruence
Basic steps same as beforeProof of unsatisfiability is more interesting
20
Proof of Unsatisfiability
Congruences may not hold with rational multipliers9 = 5 (mod 2). But 9/4 ≠ 5/4 (mod 2)
We show get a proof of unsatisfiabilityWith integer multipliers for equationsCongruence hold with integer multipliers
21
Proof of Unsatisfiability for Congruences
2x + 2y = 4 (mod 8) Æ
2x + y = 4 (mod 8) Æ
4x = 4 (mod 8)
2x + 2y = 4 (mod 8) Æ
2x + y = 4 (mod 8) Æ
4x = 4 (mod 8)
2 (2x + 2y = 4) (mod 8) +
-4 (2x + y = 4) (mod 8) +
1 (4x = 4) (mod 8)
0 = -4 (mod 8)
2 (2x + 2y = 4) (mod 8) +
-4 (2x + y = 4) (mod 8) +
1 (4x = 4) (mod 8)
0 = -4 (mod 8)
Both proofs of unsatisfiability and (multiple) interpolants can be obtained in polynomial timeBoth proofs of unsatisfiability and (multiple) interpolants can be obtained in polynomial time
22
IntroductionCraig InterpolationRelated Work
Integer Linear EquationsInteger Linear CongruencesInteger Linear Equations+DisequationsExperimental results
Outline
New interpolation algorithmsNew interpolation algorithms
23
Integer Linear Equations + Disequations
Example: (x+2y+z=1) Æ :(x=1) Æ …All integer variables
Let F = Feq Æ Fneq
We show F has no integral solution iffF has no rational solution, ORFeq has no integral solution
24Interpolation for Integer Linear Equations +
DisequationsGiven F = Feq Æ Fneq , G = Geq Æ Gneq , F Æ G is
unsat
1. F Æ G has no rational solution Interpolant as integer linear eqn/disequation
2. Feq Æ Geq
has no integral solution
Interpolant as integer linear eqn/congruence
25
IntroductionCraig InterpolationRelated Work
Integer Linear EquationsInteger Linear CongruencesInteger Linear Equations+DisequationsExperimental results
Outline
New interpolation algorithmsNew interpolation algorithms
26
Predicate Discoveryvoid main() { int x=0, y=0;
while(*) { x = x + 4*nondet(); y = y + 8*nondet();
assert(x+y != 1); assert(x+y != 2); assert(x+y != 3); }}
void main() { int x=0, y=0;
while(*) { x = x + 4*nondet(); y = y + 8*nondet();
assert(x+y != 1); assert(x+y != 2); assert(x+y != 3); }}
Loop invariant:
x+y is divisible by 4 That is, x+y=0 (mod 4)
C program
Such predicates can be found using our interpolation algorithms
27
Predicate Discovery Experiments
Example Predicates/Interpolants Time (secs)
ex1 y = 1 (mod 2) 2.72
ex2 x + y = 0 (mod 2) 0.83
ex4 x + y + z = 0 (mod 4) 0.95
ex5 x=0 (mod 4), y=0 (mod 4)
1.1
ex6 4x+2y+z = 0 (mod 8) 0.93
ex7 4x-2y+z = 0 (mod 222) 0.54
forb1 x + y = 0 (mod 3) 0.1
Existing state-of-the-art tools such as BLAST, SATABS, VCEGAR cannot verify these programs.
With the help of predicates found byour algorithms they can (VCEGAR).
Existing state-of-the-art tools such as BLAST, SATABS, VCEGAR cannot verify these programs.
With the help of predicates found byour algorithms they can (VCEGAR).
28
Conclusion
Efficient Interpolation AlgorithmsInteger linear equationsInteger linear congruencesInteger linear equations and disequations
Easy to implement
Proofs of unsatisfiabilityInteger linear congruencesInteger linear equations and disequations
29
Future Work
Full integer linear arithmetic Cutting-plane proofs/Pudlak’s algorithm
Bit-vector arithmetic
Boolean Combinations using SMT