solvers equality and arrays lecture 4 2012
Download
Skip this Video
Download Presentation
Solvers: Equality and Arrays Lecture 4 2012

Loading in 2 Seconds...

play fullscreen
1 / 133

Solvers: Equality and Arrays Lecture 4 2012 - PowerPoint PPT Presentation


  • 37 Views
  • Uploaded on

Solvers: Equality and Arrays Lecture 4 2012. Nikolaj Bjørner Microsoft Research DTU Winter course January 5 th 2012. Plan. The theory of Un-interpreted functions The Theory of Arrays. Key Takeaways :. Theory of equality, un-interpreted functions and arrays

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Solvers: Equality and Arrays Lecture 4 2012' - berny


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
solvers equality and arrays lecture 4 2012

Solvers: Equality and Arrays Lecture 4 2012

Nikolaj Bjørner

Microsoft Research

DTU Winter course January 5th2012

slide2
Plan
  • The theory of Un-interpreted functions
  • The Theory of Arrays
key takeaways
Key Takeaways:
  • Theory of equality, un-interpreted functions and arrays
  • Saturation-based decision procedures
    • A common pattern
    • Connections with algorithms used in program analysis
      • Inference rule formulation
      • Datalog formulation
  • A reduction approach to decision procedures
    • The theory of array reduces to theory of equalities/functions
slide4
Deciding

Equality

e the theory of equality
E - The theory of equality

Reflexivity: t = t

Symmetry: t = s  s = t

Transitivity: t = s  s= u t = u

Congruence: t1= s1 ..  tn =sn  f(t1, …, tn) = f(s1, …, sn)

E – the (infinite) conjunction of these axioms

congruence closure
Congruence Closure
  • E-satisfiability can be decided with a simple algorithm known as congruence closure.
    • Congruence closure creates a finite quotient for DC(E + L).
    • E – Equality axioms
    • L – Literals: extra equalities in input
deciding equality
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t

deciding equality1
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a

b

c

d

e

s

t

deciding equality2
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t

deciding equality3
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b

c

d

e

s

t

deciding equality4
Deciding Equality

a = b, b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t

deciding equality5
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d

e

s

t

deciding equality6
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t

deciding equality7
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c

d,e

s

t

deciding equality8
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t

deciding equality9
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e

t

deciding equality10
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

deciding equality11
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

deciding equality12
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e, a s

a,b,c,s

d,e,t

Unsatisfiable

deciding equality13
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

d,e,t

Model construction

deciding equality14
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
deciding equality15
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = 1 (assignment)
deciding equality16
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Alternative notation:

  • aM = 1

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = 1 (assignment)
deciding equality17
Deciding Equality

a = b,b = c, d = e, b = s, d = t, a e

a,b,c,s

1

2

d,e,t

Model construction

  • |M| = {1 ,2} (universe, aka domain)
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
deciding equality termination soundness completeness
Deciding Equality:Termination, Soundness, Completeness
  • Termination: easy
  • Soundness
    • Invariant: all constants in a “ball” are known to be equal.
    • The “ball” merge operation is justified by:
      • Transitivity and Symmetry rules.
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Proof template (by contradiction):
      • Build a candidate model.
      • Assume a literal was not satisfied.
      • Find contradiction.
deciding equality termination soundness completeness1
Deciding Equality:Termination, Soundness, Completeness
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Instantiating the template for our procedure:
      • Assume some literal c = d is not satisfied by our model.
      • That is, M(c) ≠ M(d).
      • This is impossible, c and d must be in the same “ball”.

c,d,…

i

M(c) = M(d) = i

deciding equality termination soundness completeness2
Deciding Equality:Termination, Soundness, Completeness
  • Completeness
    • We can build a model if an inconsistency was not detected.
    • Instantiating the template for our procedure:
      • Assume some literal c ≠ d is not satisfied by our model.
      • That is, M(c) = M(d).
      • Key property: we only check the disequalities after we processed all equalities.
      • This is impossible, c and d must be in the different “balls”

c,…

d,…

i

j

M(c) = i

M(d) = j

deciding equality uninterpreted functions
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions1
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, g(d))  f(b, g(e))

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions2
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions3
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, g(e))

v1  g(d)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions4
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions5
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, f(a, v1)  f(b, v2)

v1  g(d), v2  g(e)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions6
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  f(b, v2)

v1  g(d), v2  g(e), v3 f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions7
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 f(b, v2)

v1  g(d), v2  g(e), v3  f(a, v1)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions8
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

First Step: “Naming” subterms

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions9
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions10
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies g(d) = g(e)
deciding equality uninterpreted functions11
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

d,e,t

v2

v4

v1

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies v1= v2
deciding equality uninterpreted functions12
Deciding Equality + (uninterpreted) Functions

We say:

  • v1 and v2 are congruent.

a = b,b = c, d = e, b = s, d = t, v3 v4

v1 g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • d = e implies v1= v2
deciding equality uninterpreted functions13
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies f(a, v1) = f(b, v2)
deciding equality uninterpreted functions14
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

d,e,t

v4

v3

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies v3 = v4
deciding equality uninterpreted functions15
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3 v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4 f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
  • a = b, v1= v2implies v3 = v4
deciding equality uninterpreted functions16
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, v3  v4

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Unsatisfiable

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions17
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Changing the problem

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions18
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions19
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

v3,v4

d,e,t

Congruence Rule:

  • x1 = y1, …, xn = yn implies f(x1, …, xn) = f(y1, …, yn)
deciding equality uninterpreted functions20
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
deciding equality uninterpreted functions21
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4

Missing:

Interpretation for f and g.

deciding equality uninterpreted functions22
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
deciding equality uninterpreted functions23
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
      • Problem: we may have

v  g(a) and w  g(b) s.t.

M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

So, is M(g)(1) = 2 or M(g)(1) = 3?

deciding equality uninterpreted functions24
Deciding Equality + (uninterpreted) Functions
  • Building the interpretation for function symbols
    • M(g) is a mapping from |M| to |M|
    • Defined as:

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise (k is an arbitrary element)

    • Is M(g) well-defined?
      • Problem: we may have

v  g(a) and w  g(b) s.t.

M(a) = M(b) = 1 and M(v) = 2 ≠ 3 = M(w)

So, is M(g)(1) = 2 or M(g)(1) = 3?

This is impossible because of the congruence rule!

a and b are in the same “ball”, then so are v and w

deciding equality uninterpreted functions25
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

a,b,c,s

v1,v2

1

2

3

4

v3,v4

d,e,t

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
deciding equality uninterpreted functions26
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions27
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions28
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions29
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions30
Deciding Equality + (uninterpreted) Functions

a = b,b = c, d = e, b = s, d = t, a v4, v2  v3

v1  g(d), v2  g(e), v3  f(a, v1) , v4  f(b, v2)

Model construction:

  • |M| = {1 ,2 ,3 ,4}
  • M(a) = M(b) = M(c) = M(s) = 1
  • M(d) = M(e) = M(t) = 2
  • M(v1) = M(v2) = 3
  • M(v3) = M(v4) = 4
  • M(g) = {2 →3, else →1}
  • M(f) = { (1 ,3)→4, else →1}

M(g)(i) = j if there is v  g(a) s.t.

M(a) = i

M(v) = j

= k, otherwise

deciding equality uninterpreted functions31
Deciding Equality + (uninterpreted) Functions

What about predicates?

p(a, b), p(c, b)

deciding equality uninterpreted functions32
Deciding Equality + (uninterpreted) Functions

What about predicates?

p(a, b), p(c, b)

  • fp(a, b) = T, fp(c, b) ≠ T
e satisfiability example
E-satisfiability - example
  • f(f(a)) = a, a  f(a)
conguruence closure graph
Conguruence Closure Graph
  • Recall congruence rule:
  • Congruence: t1= s1 ..  tn =sn f(t1, …, tn) = f(s1, …, sn)
congruence closure graph12
Congruence closure graph
  • Let G = (V,E) be a directed graph such that for each vertex v in G, the successors (children) of v are ordered.
  • Let C be any equivalence relation on V.
  • The congruence closure C* of C is the finest equivalence relation on V,
    • that contains C : v C w then v C* w
    • Closed: If
      • children(v) = v1 ..vn
      • children(w) = w1 ..wn Then v C* w
      • v1C* w1 … vnC* wn
congruence closure graph13
Congruence closure graph
  • From literals L to a congruence graph.
    • For each subterm t in L create a vertex vt
    • For each function symbol f create vertex vf
    • If t = f(t1, …, tn),let children(vt) = vf, vt1, …, vtn
  • From literals L to an initial equivalence C
    • Initially C = { { v } | v  V }
    • For each equality t = s  L:
      • Merge equivalence classes for vt and vs
computing congruence closure
Computing congruence closure
  • From the definition, we can read off that Congruence closure is the least fixed-point of the operator CongClos:

CongClos(C*)(v,w) =

v Cw

or let v1 .. vn = children(v)

let w1 ..wn = children(w) in CongClos(C*)(v1, w1)  ..  CongClos(C*)(vn, wn)

computing congruence closure1
Computing Congruence closure
  • Fixed-point characterization suggests (dynamic programming) algorithm:
    • Maintain root vertex for each equivalence class.
    • Maintain sig(nature) of each vertex: sig(vf(t1,..,tn)) = root(vf ), root(vt1).. root(vtn) 
    • Initialize C*  C
    • while  v,w  V s.t. v C* w, but sig(v) = sig(w): C*  C* with classes for v, w merged
computing congruence closure2
Computing Congruence closure
  • A more efficient implementation of congruence closure
    • Use union-find for maintaining roots
    • Maintain use (a list) for set of parent vertices.
    • Set todo = {}
    • def merge(v, w):C*  C* with classes for v, w merged

foreachvp use(v), wp use(w): add  vp, wp  to todo

    • foreachasserted equality (v,w): merge(v,w)
    • while some  v, w   todo:remove  v, w  from todoif v C* w, but sig(v) = sig(w) then merge(v,w)
using congruence closure
Using congruence closure
  • Back to the main problem.
    • E-satisfiability t1 = t2  t3 = t4  t5  t6
  • Form graph using {t1, t2, t3 , t4 , t5 , t6 }
  • Initialize C from equalities
  • Compute C* from C
  • Check that vt5C*vt6
congruence closure algorithm
Congruence closure algorithm
  • Soundness: C* just simulates axioms of E.
  • Completeness: From C* build model M.
      • fM(v1, …, vn) = root(v), if there is a v, such that sig(v) = fM,v1, …, vn
      • fM(v1, …, vn) = * otherwise
      • Then all axioms in E are true in M.
      • All equalities in L are true in M.
dpll e
DPLL(E)
  • Congruence closure just checks satisfiability of conjunction of literals.
  • How does this fit together with Boolean search DPLL?
  • DPLL builds partial model M incrementally
    • Use M to build C*
      • After every Decision or Propagate, or
      • When F is propositionally satisfied by M.
    • Check that disequalities are satisfied.
e conflicts
E - conflicts

Recall Conflict:

  • Conflict M || F  M || F || CifCF, M ⊨T C

A version more useful for theories:

  • Conflict M || F  M || F || CifC M, ⊨T C
e conflicts1
E - conflicts

Example

  • M = fff(a) = a, g(b) = c, fffff(a)= a, a  f(a)
  •  C = fff(a) = a, fffff(a)=a, a  f(a)
  • ⊨E fff(a) a fffff(a) a  a = f(a)
  • Use C as a conflict clause.
e conflicts2
E - conflicts

How can one mine M for E-conflicts?

convexity
Convexity
  • The theory E is convex.
    • Convexity: Let L be a set of equalities and disequalitiesIf L ⊨Es1 = t1 …  sn = tnThen for some i: L ⊨Esi = ti(proof: use soundess and completeness of Congruence Closure).
    • A consequence:
      • To check satisfiability it suffices to check each disequality in isolation.
inference rules abstract decision procdures and datalog
Inference rules, Abstract decision procdures, and Datalog

Consider Datalog formulation: Rule formulation:

Eq(x,x) .

Eq(x,y) :- Eq(y,x).

Eq(x,y) :- Eq(x,z), Eq(z,y) .

Eq(u,v) :- Eq(x,y), F(x,u), F(y,v) .

F(a,f(a)) . F(b, f(b)) . Eq(a,b) .

?- Eq(f(a),f(b)) .

Congruence closure algorithm is “just”an efficient way of computing closure of Eq(_,_).

why use abstract arrays
Why use abstract arrays?

def swap(a, i, j):

tmp = a[i];

a[i] = a[j];

a[j] = tmp;

new(a)[i] = a[j]

new(a)[j] = a[i]

k i, k j a[k] = new(a)[k]

new(a)[i] = write(write(a,i,a[j]),j,a[i])[i] = ifi = j then a[i] else write(a,i,a[j])[i] =

  • ifi = j then a[i] else a[j] =
  • a[j]

new(a)[j] = write(write(a,i,a[j]),j,a[i])[j] = a[i]

new(a) = write(write(a,i,a[j]),j,a[i])

new(a) =

let tmp = a[i]

a1= write(a,i,a[j]);

a2= write(a1,j,tmp);in a2

def swap(a, i, j):

tmp = a[i];

a1= write(a,i,a[j]);

a2= write(a1,j,tmp); new(a) = a2

def swap(a, i, j):

tmp = a[i];

a = write(a,i,a[j]);

a= write(a,j,tmp);

theory of arrays
Theory of arrays
  • Functions: F= { read, write }
  • Predicates: P= { = }
  • Convention a[i] means: read(a,i)
  • Non-extensional arrays TA:
    • a, i, v . write(a,i,v)[i] = v
    • a, i, j, v . i  j  write(a,i,v)[j] = a[j]
  • Extensional arrays: TEA = TA +
    • a, b. ((i. a[i] = b[i])  a = b)
array examples1
Array examples

Is valid

Is unsat

Is unsat

(arrayaxiom)

Is unsat

(congruence)

array examples2
Array examples

Is valid

Is unsat

array examples3
Array examples

Is unsat

Array axiom

array examples6
Array examples

Case:

Array axiom

array examples8
Array examples

Case:

Congruence

array examples10
Array examples

Case:

Extensionality

array examples11
Array examples

Case:

Extensionality

array examples12
Array examples

Case:

Skolemize

array examples13
Array examples

Case:

Array axiom

decision procedures for arrays
Decision procedures for arrays
  • Let L be literals over F= { read, write }
  • Find M such that: M ⊨TA L
  • Basic algorithm, reduce to E:
    • for every sub-term read(a,i), write(b,j,v) in L
      • i  j  a = b  read(write(b,j,v),i) = read(a,i)
      • read(write(b,j,v),j) = v
    • Find ME, such that ME⊨EL  AssertedAxioms
decision procedures for arrays1
Decision procedures for arrays
  • Correctness of basic algorithm:
    • ME satisfies array axioms on terms in L.
    • To show that ME can be extended to model for arrays:
      • From Congurence Closure C* build model:
        • aM = [| *d1  *r1 , *d2  *r2 , *d3  .., else  vroot(a) |]
        • Where readM(aM, *di ) = *r1e.g., *r1 = root(read(root(a),root(i)) under C*
      • Model satisfies array axioms.
        • For every write(a,i,v) the model satisfies write(a,i,v)[j] = a[j] whenever iM jM(first axiom) and also write(a,i,v)[i] = v (second axiom).
        • vroot(a) was added to make arrays different unless they were forced to be (no extensionality)
non extensionality
Non-extensionality
  • A non-theorem
  • a and b need not be equal even if the array axioms hold.
extensional arrays
Extensional arrays
    • To enforce: a, b. ((i. a[i]= b[i])  a = b)
  • For every pair a, b in L,
    • Add fresh constant iab
    • Add axiom a  b  a[iab]  b[iab]
arrays galore
Arrays galore
  • Arrays may be more than just read/write.
    • The constant array:v, i . const(v)[i] = v
    • Generalized write: a,b,c, i . a[i] = b[i]  write(a,b,c)[i] = c[i] a,b,c, i . a[i]  b[i]  write(a,b,c)[i] = b[i]
    • We now have sets:
      •  = const(false), T = const(true),
      • A  B = write(,A,B)[i]
      • A  B = write(T,A,B)[i]
    • Ranges:
      • l,u, x . range(l,u)[x]  l  x  u
arrays galore1
Arrays galore
  • Claim: Same kind of reduction to E (and arithmetic) works
    • Integer ranges, require slightly more
      • range(l,u)[l-1], range(l,u)[u+1]
      • range(l,u)[l], range(l,u)[u]
  • Is there a general principle underpinning such extensions?
arrays galore2
Arrays galore
  • Consider a more general formulation.
    •  is a conjunction of:
      • Equalities, disequalities
      •  i, j, k . G(i,j,k)  F(i,j,k)
        • Where G is a guard formula comparing indices:
          • And-or formula of i  j, i  c
          • Claim: We can always eliminate i =j from the guard.
        • Where F is a general formula with arrays, Restriction: no nested array formulas.
    • Example:
      •  j . if i = j then b[i] = v else b[i] = a[i]
      • Encodes that b = write(a,i,v)
arrays galore3
Arrays galore
  •  i, j, k . G(i,j,k)  F(i,j,k)
    • Where G is a guard formula comparing indices:
      • And-or formula of i  j, i  c
      • Claim: We can always eliminate i =j ori = c from the guard.

 i, j, k . i = j  k  c  j  c’  F(i,j,k)

  i, k . k  c  i  c  F(i,i,k)

arrays galore4
Arrays galore
  •  i, j, k . G(i,j,k)  F(i,j,k)
    • Where G is a guard formula comparing indices:
      • And-or formula of i  j, i  c
      • Claim: We can always or from the guard

 i, j, k . G(i,j,k)  G’(i,j,k)  F(i,j,k)

  i, j, k . G(i,j,k)  F(i,j,k)

 i, j, k . G’(i,j,k)  F(i,j,k)

arrays galore5
Arrays galore
  •  i, j, k . G(i,j,k)  F(i,j,k)
    • Where G is conjunction of i  j, i  c
  • Decision procedure:
    • Collect all c, where a[c] or c = i
    • Instantiate quantifiers by all combinations of such indices.
    • Check for E – satisfiability of ground formula.
  • Correctness: All quantified formulas are satisfied by C*.
arrays galore arithmetic
Arrays galore - Arithmetic
  •  i, j, k . G(i,j,k)  F(i,j,k)
    • Where G is conjunction of i < j, i < c, i > c
  • Decision procedure:
    • Collect all c, where a[c], c < i , c > ioccurs in formula.
    • For each c, also add c-1, c+1 to collection.
    • Instantiate quantifiers by all combinations of collected indices.
    • Check for ILA + E – satisfiability of ground formula.
what else are arrays
What else are arrays?
  • Special combinators:
  • Result: Existential fragment is decidable and in NP by reduction to congruence closure using finite set of instances.( f belongs to base theory – not arrays)
a different fragment
… A different fragment:
  • Then:
  • Theory is decidable.
last combinator for the road
Last combinator for the road…
  • Can I access a default array value?

Only sound for infinite domains

let s use cal
Let’s use CAL:
  • Simple set and bag operations:
  • But not cardinality |A|, power-set 2A, …
a reduction based approach
A reduction-based approach

Use saturation rules to reduce arrays to the theory of un-interpreted functions

Extract models for arrays as finite graphs

array saturation rules
Array Saturation Rules
  • a~b – a and b are equal in current context
  • a≡t – a is a name for the term t
bottlenecks
Bottlenecks
  • Extensionality axiom is instantiated on every pair of array variables.
  • Upwards propagation distributes index over all modifications of same array.
bottlenecks and
Bottlenecks and
  • Bottleneck: Extensionality axiom is instantiated on every pair of array variables.
  • Optimization: Restrict to variables asserted different, or shared.
bottlenecks and1
Bottlenecks and
  • Bottleneck: Upwards propagation distributes index over all modifications of same array.
  • Optimization: Only use  for updates where ancestor has multiple children. Formulas from programs are well-behaved.
the effect on benchmarks
The effect on benchmarks

This is where it matters

saturating k map1
Saturating K, map, 
  • Rules for map are similar as for store.
  • Optimization of  has to be generalized.
  • Finite domains…
ad