Decision procedures for presburger arithmetic
This presentation is the property of its rightful owner.
Sponsored Links
1 / 51

Decision Procedures for Presburger Arithmetic PowerPoint PPT Presentation


  • 66 Views
  • Uploaded on
  • Presentation posted in: General

Decision Procedures for Presburger Arithmetic. Presented by Constantinos Bartzis. Presburger formulas. numeral ::= 0 | 1 | 2… var ::= x | y | z … relop ::= < | ≤ | = |  | > term ::= numeral | term + term | -term | numeral  term | var

Download Presentation

Decision Procedures for Presburger Arithmetic

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Decision procedures for presburger arithmetic

Decision Procedures forPresburger Arithmetic

Presented by Constantinos Bartzis


Presburger formulas

Presburger formulas

  • numeral ::= 0 | 1 | 2…

  • var ::= x | y | z …

  • relop ::= < | ≤ | = |  | >

  • term ::= numeral | term + term | -term | numeral  term | var

  • formula ::= term relop term | formula formula | formula formula | formula | var. formula | var. formula

    numeral  term isn't really multiplication; it's short-hand for term + term + … + term


Decision procedures

Decision Procedures

  • The aim is to produce an algorithm for determining whether or not a Presburger formula is valid with respect to the standard interpretation in arithmetic.

  • Such an algorithm is a decision procedure if it is guaranteed to correctly return “True” or “False” for all closedformulas.

  • Will discuss algorithms for determining truth of formulas of Presburger arithmetic:

    • Fourier-Motzkin variable elimination (FMVE)

    • Omega Test

    • Cooper's algorithm

    • Automata based


Quantifier elimination

Quantifier Elimination

  • All the methods we'll look at are quantifier eliminationprocedures.

  • If a formula with no free variables has no quantifiers, then it is easy to determine its truth value,

    e.g., 10 > 11  3+4 < 5  3 - 6

  • Quantifier elimination works by taking input Pwith nquantifiers and turning it into equivalent formula P’ with mquantifiers, and where m < n.

  • So, eventually P P’ … Qand Qhas no quantifiers.

  • Qwill be trivially true or false, and that's the decision


Normalization

Normalization

  • Methods require input formulas to be normalized

    • e.g., collect coefficients, use only < and ≤

  • Methods eliminate innermost existentialquantifiers. Universal quantifiers are normalized with

    (x. P(x))  (x. P(x))

  • In FMVE, the sub-formula under the innermost existential quantifier must be a conjunction of relations.

  • This means the inner formula must be converted to disjunctive normal form(DNF):

    (c11c12 … c1n1)  ...  (cm1cm2 … cmnm)


Normalization cont

Normalization (cont.)

  • The formula under  is in DNF. Next, the  must be moved inwards

  • First over disjuncts, using

    (x. P Q)  (x. P)  (x. Q)

  • Must then ensure every conjunct under the quantifier mentions the bound variable. Use

    (x. P(x) Q)  (x. P(x)) Q

  • For example:

    (x. 3 < x x +2y ≤ 6 y < 0) 

    (x. 3 < x x +2y ≤ 6) y < 0


Fourier motzkin theorems

Fourier-Motzkin theorems

  • The following simple facts are the basis for a very simple quantifier elimination procedure.

  • Over R (or Q), with a,b > 0:

    (x. c ≤ax bx ≤d) bc ≤ad

    (x. c < ax bx ≤d) bc < ad

    (x. c ≤ax bx < d) bc < ad

    (x. c < ax bx < d) bc < ad

  • In all four, the right hand side is implied by the left because of transitivity

    • e.g., (x < y y ≤z)  x < z


Fourier motzkin theorems cont

Fourier-Motzkin theorems (cont.)

  • For the other direction:

    (bc < ad)  (x.c < ax bx ≤d)

    take xto be d/b: c < a( d/b ), and b( d/b ) ≤d.

  • For (bc < ad)  (x.c < ax bx < d)

    take xto be (bc+ad)/2ab:

    c < a(bc+ad)/2ab  2bc < bc+ad bc < ad

  • Similarly for the other bound


Extending to a full procedure

Extending to a full procedure

  • So far: a quantifier elimination procedure for formulas where the scope of each quantifier is 1 upper bound and 1 lower bound.

  • The method needs to extend to cover cases with multiple constraints.

  • No lower bound, many upper bounds:

    (x: b1x < d1b2x < d2 … bnx < dn)

    True!(take min(di/bi) as witness for x)

  • No upper bound, many lower bounds: obviously analogous.


Combining many constraints

Combining many constraints

  • Example:

    (x.c ≤ax b1x ≤d1b2x ≤d2) b1c ≤ad1b2c ≤ad2

  • From left to right, result just depends on transitivity.

  • From right to left, take xto be min(d1/b1, d2/b2).

  • In general, with many constraints, combine all possible lower-upper bound pairs.

  • Proof that this is possible is by induction on number of constraints.


Combining many constraints1

Combining many constraints

  • The core elimination formula is

  • With nconstraints initially, evenly divided between upper and lower bounds, this formula generates n2/4 new constraints.


Fmve example

FMVE example

x. 20+x ≤ 0 y. 3y +x ≤ 10  20 ≤y - x

(re-arrange)

x. 20+x ≤ 0 y. 20+x ≤y  3y ≤ 10 - x

(eliminate y)

x. 20+x ≤ 0  60+3x ≤ 10 - x

(re-arrange)

x. 20+x ≤ 0  4x +50 ≤ 0

(normalize universal)

x. 20+x ≤ 0  0 < 4x +50

(re-arrange)

 x. -50 < 4x x ≤ -20

(eliminate x)

 (-50 < -80)  T


Complexity

Complexity

  • As before, when eliminating an existential over nconstraints we may introduce n2/4 new constraints.

  • With kquantiers to eliminate, we might end with n2k/4kconstraints.

  • If dealing with alternating quantifiers, repeated conversions to DNF may really hurt.


Integers

Integers


Expressivity over integers

Expressivity over Integers

  • Can do divisibility by specific numerals:

    2|e x. 2x = e

    for example:

    x. 0 < x < 30  (2|x  3|x  5|x)

  • Can do integer division and modulus, as long as divisor is constant. Use one of the following results (similar for division)

    P(x mod d)  q,r. (x = qd +r ) (0 ≤r < d d < r ≤ 0) P(r )

    P(x mod d)  q,r. (x = qd +r )  (0 ≤r < d d < r ≤ 0) P(r )

  • Any formula involving modulus or integer division by a constant can be translated to one without.


Expressivity over integers1

Expressivity over Integers

  • Any procedure for Z trivially extends to be one for N (or any mixture of N and Z) too: add extra constraints stating that variables are  0

  • Relations < and ≤ can be converted into one another:

    x ≤y x < y +1

    x < y x +1 ≤y

  • Decision procedures normalize to one of these relations.


Fourier motzkin for integers

Fourier-Motzkin for Integers?

  • Central theorem is false. E.g.,

    (xZ. 3 ≤ 2x 2x ≤ 3)  6 ≤ 6

  • But one direction still works (thanks to transitivity):

    (x. c ≤ax bx ≤d) bc ≤ad

  • We can compute consequences of existentially quantified formulas

/


Fourier motzkin for integers1

Fourier-Motzkin for Integers?

  • We know (x. c ≤ax bx ≤d) bc ≤ad

  • Thus an incomplete procedure for universal formulas over Z:

  • Compute negation: (x. P(x)) (x. P(x))

  • Compute consequences:

    if (x. P(x)) then (x. P(x)) and (x. P(x))  T

  • Repeat for all quantified variables.

  • This is Phase 1 of the Omega Test


Omega phase 1 example

Omega Phase 1 - Example

x,yZ. 0 < x y < x y +1 < 2x

(normalize)

 x,y. 1 ≤x y +1 ≤x  2x ≤y +1

x,y. 1 ≤x y +1 ≤x  2x ≤y +1

(eliminate y)

x. 1 ≤x  2x ≤x

(normalize)

x. 1 ≤x x ≤ 0

(eliminate x)

 1 ≤ 0 


Omega phase 1 and the interactive theorem provers

Omega Phase 1 and the Interactive Theorem Provers

  • The Omega Test's Phase 1 is used by systems like Coq, HOL4, HOL Light and Isabelle to decide arithmetic problems.

  • Against:

    • it's incomplete

    • conversion to DNF

    • quadratic increase in numbers of constraints

  • For:

    • it's easy to implement

    • it's easy to adapt the procedures to create proofs that can be checked by other tools


Some shadows

Some Shadows

  • Given x. (i ci≤aix) (j bjx ≤dj)

  • The formula

    i,j bjci≤aidj

    is known as the real shadow.

  • If all of the aior all of the bjare equal to 1, then the real shadow is exact.

  • If the shadow is exact, then the formula can be used as an equivalence.


Exact shadows

Exact Shadows

  • When a = 1 or b = 1, the core theorem

    (x. c ≤ax bx ≤d) bc ≤ad is valid because

    •  transitivity still holds

    •  take x = dif b = 1 or x = cif a = 1

  • Omega Test's inventor, Bill Pugh, claims many problems in his domain (compiler optimization) have exact shadows.

  • Experience suggests the same is true in other domains too, such as interactive theorem-proving.

  • When shadows are exact, can pretend problem is over R rather than Z and life is easy.


Dark shadows

Dark Shadows

  • The formula i,j (ai-1)(bj-1) ≤ aidj - bjci

    is known as the dark shadow.

  • If all aior all bjare one, then this is the same as the real shadow (or exact).

  • The real shadow provides a test for unsatisfiability.

  • The dark shadow tests for satisfiability, because

    (a-1)(b-1) ≤ad - bc  (x. c ≤ax bx ≤d)

  • This is the Phase 2 of the Omega Test


Omega test phases 1 2

Omega Test Phases 1 & 2

  • Problem is x. P(x)

  • If input is exact for one elements of x, then eliminate them

    x. P(x) x’. P’(x’)

  • Otherwise, calculate real shadow R:

    x. P(x) R

    so, if R , then input formula is .

  • Otherwise, calculate dark shadow D:

    D x. P(x)

    so, if D = T, then input formula is T.


Omega phase 2 example

Omega Phase 2 - Example

(a-1)(b-1) ≤ad - bc  (x. c ≤ax bx ≤d)

x,y. 3x +2y ≤ 18  3y ≤ 4x  3x ≤ 2y +1

3y ≤ 4x 3x ≤ 2y +1 3y ≤ 4x 3x ≤ 18 - 2y

6 ≤ 8y + 4 - 9y 6 ≤ 72 - 8y - 9y

y ≤ -2 17y ≤ 66

y ≤ 3

  • This gives a suitable value for y, and by back-substitution, finds

    x = -1, y = -2 as a possible solution.


Splinters

Splinters

  • Purely existential formulas are often proved false by their real shadow; or proved true by their dark shadow

  • But in “rare” cases, the main theorem is needed. Let mbe the maximum of all the djs. Then

splinter

dark shadow


Splinters1

Splinters

  • A splinter doesrepresent a smaller problem than the original because the extra equality allows xto be eliminated immediately.

  • When quantifiers alternate, and there is no exact shadow, the main theorem is used as an equivalence, and splinters can't be avoided.

  • Splinters must also be checked if neither real nor dark shadows decide an input formula.


Eliminating equalities

Eliminating Equalities

  • In an expression

    x. … cx = e  …

    the existential can be eliminated.

  • First, multiply all terms involving xso that they have a common coefficient.

  • Formula becomes

    x. …c’x … c’x = e’  …c’x…

  • This is equivalent to

    …e’… c’|e’ …e’…


Eliminating divisibilities

Eliminating Divisibilities

x. … c | dx + e  …

  • Note: d < c(otherwise, replace d with d mod c).

  • Introduce temporary new existential variable:

    x,y. … cy = dx + e  …

  • Rearrange:

    x,y. … dx = cy -e  …

  • Use equality elimination to derive

    y. … d | cy -e  …

  • Because d < c, this process must terminate with elimination of divisibility term.


Implementation normalization

Implementation - Normalization

  • Omega Test's bigdisadvantage is that it requires the formula under quantifier to be in DNF

  • Consider

    x. (x  10 x  11  9 < x ≤ 12) x = 12

  • Negate, remove , <:

    x. (x ≤ 9  11 ≤x)  (x ≤ 10  12 ≤x)  10 ≤x x ≤ 12  (x ≤ 11  13 ≤x)

  • Evaluate 8 (= 23) DNF terms.

  • Clever preparation of input formulas can make orders of magnitude difference


Implementation normalization1

Implementation - Normalization

  • The propositional tautology

    (p (q q’))  (p q p q’)

    justifies the following procedure:

  • If Pis an atomic formula, then when processing P Q, assume Pis true while processing Q:

    • If a sub-formula Q0 of Qis such that P Q0, then replace Q0 in Qby T.

    • If a sub-formula Q0 of Qis such that P Q0, then replace Q0 in

      Qby .

  • Similarly, (p (q q’))  (p q p q’) for disjunctions.


Contextual rewriting example

Contextual Rewriting example

  • Over  :

    0 ≤x + y + 4  (0 ≤x + y + 6  0 ≤ 2x + 3y + 6)

    is equivalent to 0 ≤x + y + 4

  • Whereas

    0 ≤x + y + 4  0 ≤ -x -y -6  0 ≤ 2x + 3y + 6

    is equivalent to 

  • Over  :

    0 ≤x + y + 4  0 ≤x + y + 1  0 ≤ 2x + 3y + 6

    is equivalent to

    0 ≤x + y + 4  0 ≤ 2x + 3y + 6


Cooper s algorithm

Cooper’s Algorithm


Cooper s algorithm1

Cooper's Algorithm

  • Cooper's algorithm is a decision procedure for Presburger arithmetic.

  • A non-Fourier-Motzkin alternative

  • It is also a quantifier elimination procedure, which also works from the inside out, eliminating existentials.

  • Its bigadvantage is that it doesn't need to normalize input formulas to DNF.

  • Description is of simplest possible implementation; many tweaks are possible.


Preprocessing

Preprocessing

  • To eliminate the quantifier in x. P(x):

  • Normalize so that only operators are <, and divisibility (c|e), and negations only occur around divisibility leaves.

  • Compute least common multiplec of all coefficients of x, and multiply all terms by appropriate numbers so that in every term the coefficient of x is c.

  • Now apply

    (x. P(cx))  (x. P(x) c|x).


Preprocessing example

Preprocessing Example

x,y  Z. 0 < y x < y x +1 < 2y

(normalize)

x,y. 0 < y x < y  2y < x +2

(transform y to 2y everywhere)

 x,y. 0 < 2y  2x < 2y  2y < x +2

(give y unit coefficient)

 x,y. 0 < y  2x < y y < x +2  2|y


Two cases

Two cases

  • How might x. P(x) be true?

  • Either:

    • there is a least xmaking Ptrue; or

    • there is no least x: however small you go, there will be a smaller xthat still makes Ptrue

  • Construct two formulas corresponding to both cases.


Case 1 infinitely many small solutions

Case 1:Infinitely many small solutions

  • Look at the atomic formulas in P, and think about their values when xhas been made arbitrarily small:

    • x < e: if xgoes as small as we like, this will be T

    • e < x: if xgoes small, this will be

    • c | x+e: unchanged

  • This constructs P-, a formula where xonly occurs in divisibility terms.

  • Say  is the l.c.m.of the constants involved in divisibility terms. Need just test P- on 1,…, .


P example

P- example

  • For y. 0 < y  2x < y y < x +2  2|y

    • 0 < ywill become  as ygets small

    • 2x < yalso becomes  as y gets small

    • y < x +2 will be T as y gets small

    • 2|ydoesn't change (it tests if yis even or not)

  • So in this case,

    P- (y)  ( T  2|y) 


Case 2 least solution

Case 2: Least solution

  • The case when there is a least xsatisfying P.

  • For there to be a least xsatisfying P, it must be the case that one of the terms e < xis T, and that if xwas any smaller the formula would become .

  • Let B = {b | b < x is a term of P}

  • Need just consider P(b+j), where b Band 1 ≤j ≤.

  • Final elimination formula is:


Example continued

Example continued

  • For

    y. 0 < y  2x < y y < x +2  2|y

  • least solutions, if they exist, will be at

    y = 1, y = 2, y = 2x +1, or y = 2x +2

  • The divisibility constraint eliminates two of these.

  • Original formula is equivalent to:

    (2x < 2  0 < x)  (0 < 2x +2 x < 0)

    Which is unsatisfiable.


Automata based

Automata based


Symbolic representation

0 1 1

0,0,1

0 0 1

0,1,1

0

1

1

0

Symbolic Representation

We use finite automata to represent the integer solutions (in binary) of atomic linear constraints.

Example: The constraint x1x20 has solutions:

(0,0), (1,0), (1,1), (2,0), (2,1), (2,2), (3,0), …

The corresponding automaton


Fa construction

0

1

2

FA Construction

  • Based on the basic state machine (BSM)

  • A finite state transducer for computing linear integer expressions

0 1

0 0

/ /

0 1

0

1

/

1

1

0

/

0

0 1

1 1

/ /

0 1

Example BSM

for x + 2y

0

1

/

0

1

1

/

1

1

1

/

0

010

+ 2  001

0

0

/

1

0 1

0 0

/ /

0 1

1

0

0


Equality with 0

Equality With 0

  • Construct the BSM

  • All transitions writing 1 go to a sink state

  • State labeled 0 is the only accepting state

  • For disequations, state labeled 0 is the only rejecting state

  • Size


Inequality 0

Inequality (<0)

  • Construct the BSM

  • States with negative carries are accepting

  • No sink state

  • All other types of inequalities can be derived from this

  • Size


Non zero constant term c

Non-zero Constant Term c

  • Same as before but now -c is the initial state

  • If there is no such state, create one (and possibly some intermediate states)

  • Size

  • Alternatively, we can stack log2c BSMs that compare with 0 or 1, depending on the corresponding bit of c


Boolean connectives

Boolean Connectives

  • For  compute the intersection

  • For  compute the union

  • For compute the complement


Conjunction example

0 0 1

0,1,1

0 1

0,1

1

0

Automaton for x-y<1

1

0

1

0

-1

0

1

0

1

0 0 1

0,1,1

0 0

0,1

0 0

0,1

0,-1

0

0

1

1

1

0

1

1 1

0,1

0

1

Automaton for x-y<1  2x-y>0

1

0

0 1

0,1

Automaton

for 2x-y>0

0 1

0,1

0 1

0,1

-1,-1

-1,0

-1

0

0

1

0

0

0

0

0

1

0

1

0

1

0

0 1

1,1

0 1

1,1

1

0

0 1 1

1,0,1

-2,-1

-2,0

-2,1

-2

0

1

1

0

1

1

Conjunction example


Existential quantification

Existential Quantification

  • Project the quantified variables away

  • The resulting FA is non-deterministic

  • Determinization results in exponential blowup of the FA size

  • Rarely occurs in practice

  • For universal quantification use negation


Constraints on all integers

Constraints on All Integers

  • Use 2’s complement arithmetic

  • The BSM remains the same

  • Create two clones for each state of the BSM one accepting and one rejecting

  • For =0, accepting states contain loops that write 0

  • For <0, accepting states contain loops that write 1

  • Size


  • Login