Solvers equality and arrays lecture 4 2012
This presentation is the property of its rightful owner.
Sponsored Links
1 / 133

Solvers: Equality and Arrays Lecture 4 2012 PowerPoint PPT Presentation


  • 26 Views
  • Uploaded on
  • Presentation posted in: General

Solvers: Equality and Arrays Lecture 4 2012. Nikolaj Bjørner Microsoft Research DTU Winter course January 5 th 2012. Plan. The theory of Un-interpreted functions The Theory of Arrays. Key Takeaways :. Theory of equality, un-interpreted functions and arrays

Download Presentation

Solvers: Equality and Arrays Lecture 4 2012

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Solvers: Equality and ArraysLecture 4 2012

Nikolaj Bjørner

Microsoft Research

DTU Winter course January 5th2012


Plan

  • The theory of Un-interpreted functions

  • The Theory of Arrays


Key Takeaways:

  • Theory of equality, un-interpreted functions and arrays

  • Saturation-based decision procedures

    • A common pattern

    • Connections with algorithms used in program analysis

      • Inference rule formulation

      • Datalog formulation

  • A reduction approach to decision procedures

    • The theory of array reduces to theory of equalities/functions


Deciding

Equality


E - The theory of equality

Reflexivity: t = t

Symmetry: t = s  s = t

Transitivity: t = s  s= u t = u

Congruence: t1= s1 ..  tn =sn  f(t1, …, tn) = f(s1, …, sn)

E – the (infinite) conjunction of these axioms


Congruence Closure

  • E-satisfiability can be decided with a simple algorithm known as congruence closure.

    • Congruence closure creates a finite quotient for DC(E + L).

    • E – Equality axioms

    • L – Literals: extra equalities in input


Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t


Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t


Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t


Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t


Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

Unsatisfiable


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

d,e,t

Model construction


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)

  • M(a) = 1 (assignment)


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Alternative notation:

  • aM = 1

Model construction

  • |M| = {1 ,2} (universe, aka domain)

  • M(a) = 1 (assignment)


Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2


Deciding Equality:Termination, Soundness, Completeness

  • Termination: easy

  • Soundness

    • Invariant: all constants in a “ball” are known to be equal.

    • The “ball” merge operation is justified by:

      • Transitivity and Symmetry rules.

  • Completeness

    • We can build a model if an inconsistency was not detected.

    • Proof template (by contradiction):

      • Build a candidate model.

      • Assume a literal was not satisfied.

      • Find contradiction.


Deciding Equality:Termination, Soundness, Completeness

  • Completeness

    • We can build a model if an inconsistency was not detected.

    • Instantiating the template for our procedure:

      • Assume some literal c = d is not satisfied by our model.

      • That is, M(c) ≠ M(d).

      • This is impossible, c and d must be in the same “ball”.

c,d,…

i

M(c) = M(d) = i


Deciding Equality:Termination, Soundness, Completeness

  • Completeness

    • We can build a model if an inconsistency was not detected.

    • Instantiating the template for our procedure:

      • Assume some literal c ≠ d is not satisfied by our model.

      • That is, M(c) = M(d).

      • Key property: we only check the disequalities after we processed all equalities.

      • This is impossible, c and d must be in the different “balls”

c,…

d,…

i

j

M(c) = i

M(d) = j


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  f(b, v2)

v1  g(d), v2  g(e), v3 f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 f(b, v2)

v1  g(d), v2  g(e), v3  f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • d = e implies g(d) = g(e)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • d = e implies v1= v2


Deciding Equality + (uninterpreted) Functions

We say:

  • v1 and v2 are congruent.

a = b,b = c, d = e, b = s, d = t, v3 v4

v1 g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • d = e implies v1= v2


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • a = b, v1= v2implies f(a, v1) = f(b, v2)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • a = b, v1= v2implies v3 = v4


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)

  • a = b, v1= v2implies v3 = v4


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Unsatisfiable

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Changing the problem

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

Missing:

Interpretation for f and g.


Deciding Equality + (uninterpreted) Functions

  • Building the interpretation for function symbols

    • M(g) is a mapping from |M| to |M|

    • Defined as:

      M(g)(i) = j if there is v  g(a) s.t.

      M(a) = i

      M(v) = j

      = k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?


Deciding Equality + (uninterpreted) Functions

  • Building the interpretation for function symbols

    • M(g) is a mapping from |M| to |M|

    • Defined as:

      M(g)(i) = j if there is v  g(a) s.t.

      M(a) = i

      M(v) = j

      = k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?

      • Problem: we may have

        v  g(a) and w  g(b) s.t.

        M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

        So, is M(g)(1) = 2 or M(g)(1) = 3?


Deciding Equality + (uninterpreted) Functions

  • Building the interpretation for function symbols

    • M(g) is a mapping from |M| to |M|

    • Defined as:

      M(g)(i) = j if there is v  g(a) s.t.

      M(a) = i

      M(v) = j

      = k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?

      • Problem: we may have

        v  g(a) and w  g(b) s.t.

        M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

        So, is M(g)(1) = 2 or M(g)(1) = 3?

This is impossible because of the congruence rule!

a and b are in the same “ball”, then so are v and w


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

  • M(g) = {2 →3, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise


Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}

  • M(a) = M(b) = M(c) = M(s) = 1

  • M(d) = M(e) = M(t) = 2

  • M(v1) = M(v2) = 3

  • M(v3) = M(v4) = 4

  • M(g) = {2 →3, else →1}

  • M(f) = { (1 ,3)→4, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise


Deciding Equality + (uninterpreted) Functions

What about predicates?

p(a, b), p(c, b)


Deciding Equality + (uninterpreted) Functions

What about predicates?

p(a, b), p(c, b)

  • fp(a, b) = T, fp(c, b) ≠ T


E-satisfiability - example

  • f(f(a)) = a, a  f(a)


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Conguruence Closure Graph

  • Recall congruence rule:

  • Congruence: t1= s1 ..  tn =sn f(t1, …, tn) = f(s1, …, sn)


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence Closure Graph


Congruence closure graph

  • Let G = (V,E) be a directed graph such that for each vertex v in G, the successors (children) of v are ordered.

  • Let C be any equivalence relation on V.

  • The congruence closure C* of C is the finest equivalence relation on V,

    • that contains C : v C w then v C* w

    • Closed: If

      • children(v) = v1 ..vn

      • children(w) = w1 ..wn Then v C* w

      • v1C* w1 … vnC* wn


Congruence closure graph

  • From literals L to a congruence graph.

    • For each subterm t in L create a vertex vt

    • For each function symbol f create vertex vf

    • If t = f(t1, …, tn),let children(vt) = vf, vt1, …, vtn

  • From literals L to an initial equivalence C

    • Initially C = { { v } | v  V }

    • For each equality t = s  L:

      • Merge equivalence classes for vt and vs


Computing congruence closure

  • From the definition, we can read off that Congruence closure is the least fixed-point of the operator CongClos:

    CongClos(C*)(v,w) =

    v Cw

    orlet v1 .. vn = children(v)

    let w1 ..wn = children(w) in CongClos(C*)(v1, w1)  ..  CongClos(C*)(vn, wn)


Computing Congruence closure

  • Fixed-point characterization suggests (dynamic programming) algorithm:

    • Maintain root vertex for each equivalence class.

    • Maintain sig(nature) of each vertex:sig(vf(t1,..,tn)) = root(vf ), root(vt1).. root(vtn) 

    • Initialize C*  C

    • while  v,w  V s.t. v C* w, but sig(v) = sig(w):C*  C* with classes for v, w merged


Computing Congruence closure

  • A more efficient implementation of congruence closure

    • Use union-find for maintaining roots

    • Maintain use (a list) for set of parent vertices.

    • Set todo = {}

    • def merge(v, w):C*  C* with classes for v, w merged

      foreachvp use(v), wp use(w):add  vp, wp  to todo

    • foreachasserted equality (v,w): merge(v,w)

    • while some  v, w   todo:remove  v, w  from todoif v C* w, but sig(v) = sig(w) then merge(v,w)


Using congruence closure

  • Back to the main problem.

    • E-satisfiability t1 = t2  t3 = t4  t5  t6

  • Form graph using {t1, t2, t3 , t4 , t5 , t6 }

  • Initialize C from equalities

  • Compute C* from C

  • Check that vt5C*vt6


Congruence closure algorithm

  • Soundness: C* just simulates axioms of E.

  • Completeness: From C* build model M.

    • fM(v1, …, vn) = root(v), if there is a v, such that sig(v) = fM,v1, …, vn

    • fM(v1, …, vn) = *otherwise

    • Then all axioms in E are true in M.

    • All equalities in L are true in M.


DPLL(E)

  • Congruence closure just checks satisfiability of conjunction of literals.

  • How does this fit together with Boolean search DPLL?

  • DPLL builds partial model M incrementally

    • Use M to build C*

      • After every Decision or Propagate, or

      • When F is propositionally satisfied by M.

    • Check that disequalities are satisfied.


E - conflicts

Recall Conflict:

  • Conflict M || F  M || F || CifCF, M ⊨T C

    A version more useful for theories:

  • Conflict M || F  M || F || CifC M, ⊨T C


E - conflicts

Example

  • M = fff(a) = a, g(b) = c, fffff(a)= a, a  f(a)

  •  C = fff(a) = a, fffff(a)=a, a  f(a)

  • ⊨E fff(a) a fffff(a) a  a = f(a)

  • Use C as a conflict clause.


E - conflicts

How can one mine M for E-conflicts?


Convexity

  • The theory E is convex.

    • Convexity: Let L be a set of equalities and disequalitiesIf L ⊨Es1 = t1 …  sn = tnThen for some i: L ⊨Esi = ti(proof: use soundess and completeness of Congruence Closure).

    • A consequence:

      • To check satisfiability it suffices to check each disequality in isolation.


Inference rules, Abstract decision procdures, and Datalog

Consider Datalog formulation:Rule formulation:

Eq(x,x) .

Eq(x,y) :- Eq(y,x).

Eq(x,y) :- Eq(x,z), Eq(z,y) .

Eq(u,v) :- Eq(x,y), F(x,u), F(y,v) .

F(a,f(a)) . F(b, f(b)) . Eq(a,b) .

?- Eq(f(a),f(b)) .

Congruence closure algorithm is “just”an efficient way of computing closure of Eq(_,_).


Arrays


Why use abstract arrays?

def swap(a, i, j):

tmp = a[i];

a[i] = a[j];

a[j] = tmp;

new(a)[i] = a[j]

new(a)[j] = a[i]

k i, k j a[k] = new(a)[k]

new(a)[i] = write(write(a,i,a[j]),j,a[i])[i] = ifi = j then a[i] else write(a,i,a[j])[i] =

  • ifi = j then a[i] else a[j] =

  • a[j]

new(a)[j] = write(write(a,i,a[j]),j,a[i])[j] = a[i]

new(a) = write(write(a,i,a[j]),j,a[i])

new(a) =

let tmp = a[i]

a1= write(a,i,a[j]);

a2= write(a1,j,tmp);in a2

def swap(a, i, j):

tmp = a[i];

a1= write(a,i,a[j]);

a2= write(a1,j,tmp); new(a) = a2

def swap(a, i, j):

tmp = a[i];

a = write(a,i,a[j]);

a= write(a,j,tmp);


Theory of arrays

  • Functions: F= { read, write }

  • Predicates: P= { = }

  • Convention a[i] means: read(a,i)

  • Non-extensional arrays TA:

    • a, i, v . write(a,i,v)[i] = v

    • a, i, j, v . i  j  write(a,i,v)[j] = a[j]

  • Extensional arrays: TEA = TA +

    • a, b. ((i. a[i] = b[i])  a = b)


Array examples


Array examples

Is valid

Is unsat

Is unsat

(arrayaxiom)

Is unsat

(congruence)


Array examples

Is valid

Is unsat


Array examples

Is unsat

Array axiom


Array examples

Is unsat


Array examples

Case:


Array examples

Case:

Array axiom


Array examples

Case:


Array examples

Case:

Congruence


Array examples – a few steps

Case:


Array examples

Case:


Array examples

Case:

Extensionality


Array examples

Case:

Extensionality


Array examples

Case:

Skolemize


Array examples

Case:

Array axiom


Array examples

Case:


Decision procedures for arrays

  • Let L be literals over F= { read, write }

  • Find M such that: M ⊨TA L

  • Basic algorithm, reduce to E:

    • for every sub-term read(a,i), write(b,j,v) in L

      • i  j  a = b  read(write(b,j,v),i) = read(a,i)

      • read(write(b,j,v),j) = v

    • Find ME, such thatME⊨EL  AssertedAxioms


Decision procedures for arrays

  • Correctness of basic algorithm:

    • ME satisfies array axioms on terms in L.

    • To show that ME can be extended to model for arrays:

      • From Congurence Closure C*build model:

        • aM = [| *d1  *r1 , *d2  *r2 , *d3  .., else  vroot(a) |]

        • Where readM(aM, *di ) = *r1e.g., *r1 = root(read(root(a),root(i)) under C*

      • Model satisfies array axioms.

        • For every write(a,i,v) the model satisfies write(a,i,v)[j] = a[j] whenever iM jM(first axiom) and also write(a,i,v)[i] = v (second axiom).

        • vroot(a) was added to make arrays different unless they were forced to be (no extensionality)


Non-extensionality

  • A non-theorem

  • a and b need not be equal even if the array axioms hold.


Extensional arrays

  • To enforce:a, b. ((i. a[i]= b[i])  a = b)

  • For every pair a, b in L,

    • Add fresh constant iab

    • Add axiom a  b  a[iab]  b[iab]


  • Arrays galore

    • Arrays may be more than just read/write.

      • The constant array:v, i . const(v)[i] = v

      • Generalized write: a,b,c, i . a[i] = b[i]  write(a,b,c)[i] = c[i] a,b,c, i . a[i]  b[i]  write(a,b,c)[i] = b[i]

      • We now have sets:

        •  = const(false), T = const(true),

        • A  B = write(,A,B)[i]

        • A  B = write(T,A,B)[i]

      • Ranges:

        • l,u, x . range(l,u)[x]  l  x  u


    Arrays galore

    • Claim: Same kind of reduction to E (and arithmetic) works

      • Integer ranges, require slightly more

        • range(l,u)[l-1], range(l,u)[u+1]

        • range(l,u)[l], range(l,u)[u]

    • Is there a general principle underpinning such extensions?


    Arrays galore

    • Consider a more general formulation.

      •  is a conjunction of:

        • Equalities, disequalities

        •  i, j, k . G(i,j,k)  F(i,j,k)

          • Where G is a guard formula comparing indices:

            • And-or formula of i  j, i  c

            • Claim: We can always eliminate i =j from the guard.

          • Where F is a general formula with arrays, Restriction: no nested array formulas.

      • Example:

        •  j . if i = j then b[i] = v else b[i] = a[i]

        • Encodes that b = write(a,i,v)


    Arrays galore

    •  i, j, k . G(i,j,k)  F(i,j,k)

      • Where G is a guard formula comparing indices:

        • And-or formula of i  j, i  c

        • Claim: We can always eliminate i =j ori = c from the guard.

           i, j, k . i = j  k  c  j  c’  F(i,j,k)

            i, k . k  c  i  c  F(i,i,k)


    Arrays galore

    •  i, j, k . G(i,j,k)  F(i,j,k)

      • Where G is a guard formula comparing indices:

        • And-or formula of i  j, i  c

        • Claim: We can always or from the guard

           i, j, k . G(i,j,k)  G’(i,j,k)  F(i,j,k)

            i, j, k . G(i,j,k)  F(i,j,k)

           i, j, k . G’(i,j,k)  F(i,j,k)


    Arrays galore

    •  i, j, k . G(i,j,k)  F(i,j,k)

      • Where G is conjunction of i  j, i  c

    • Decision procedure:

      • Collect all c, where a[c] or c = i

      • Instantiate quantifiers by all combinations of such indices.

      • Check for E – satisfiability of ground formula.

    • Correctness: All quantified formulas are satisfied by C*.


    Arrays galore - Arithmetic

    •  i, j, k . G(i,j,k)  F(i,j,k)

      • Where G is conjunction of i < j, i < c, i > c

    • Decision procedure:

      • Collect all c, where a[c], c < i , c > ioccurs in formula.

      • For each c, also add c-1, c+1 to collection.

      • Instantiate quantifiers by all combinations of collected indices.

      • Check for ILA + E – satisfiability of ground formula.


    Combinatory Array Logic


    What else are arrays?

    • Special combinators:

    • Result: Existential fragment is decidable and in NP by reduction to congruence closure using finite set of instances.( f belongs to base theory – not arrays)


    … A different fragment:

    • Then:

    • Theory is decidable.


    Last combinator for the road…

    • Can I access a default array value?

    Only sound for infinite domains


    Let’s use CAL:

    • Simple set and bag operations:

    • But not cardinality |A|, power-set 2A, …


    A Basic Decision Procedure


    A reduction-based approach

    Use saturation rules to reduce arrays to the theory of un-interpreted functions

    Extract models for arrays as finite graphs


    Array Saturation Rules

    • a~b – a and b are equal in current context

    • a≡t – a is a name for the term t


    Congruence Closure Rule


    Bottlenecks

    • Extensionality axiom is instantiated on every pair of array variables.

    • Upwards propagation distributes index over all modifications of same array.


    Bottlenecks and

    • Bottleneck: Extensionality axiom is instantiated on every pair of array variables.

    • Optimization: Restrict to variables asserted different, or shared.


    Bottlenecks and

    • Bottleneck: Upwards propagation distributes index over all modifications of same array.

    • Optimization: Only use  for updates where ancestor has multiple children. Formulas from programs are well-behaved.


    The effect on benchmarks

    This is where it matters


    Saturating for CAL


    Saturating K, map, 


    Saturating K, map, 

    • Rules for map are similar as for store.

    • Optimization of  has to be generalized.

    • Finite domains…


  • Login