decision procedures an algorithmic point of view l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Decision Procedures An algorithmic point of view PowerPoint Presentation
Download Presentation
Decision Procedures An algorithmic point of view

Loading in 2 Seconds...

play fullscreen
1 / 47

Decision Procedures An algorithmic point of view - PowerPoint PPT Presentation


  • 116 Views
  • Uploaded on

Decision Procedures An algorithmic point of view. Equality Logic and Uninterpreted Functions. Outline. Introduction Definition, complexity Reducing Uninterpreted Functions to Equality Logic Using Uninterpreted Functions in proofs Simplifications Introduction to the decision procedures

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Decision Procedures An algorithmic point of view' - ciara


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
decision procedures an algorithmic point of view

Decision ProceduresAn algorithmic point of view

Equality Logic andUninterpreted Functions

outline
Outline
  • Introduction
    • Definition, complexity
    • Reducing Uninterpreted Functions to Equality Logic
    • Using Uninterpreted Functions in proofs
    • Simplifications
  • Introduction to the decision procedures
    • The framework: assumptions and normal forms
    • General terms and notions
    • Solving a conjunction of equalities
    • Simplifications
equality logic
Equality Logic
  • A Boolean combination of Equalities and Propositions

x1=x2Æ (x2=x3Ç: ((x1=x3) ÆbÆx1= 2))

  • We will always push negations inside (NNF):

x1=x2Æ (x2=x3Ç ((x1x3) Ç:bÇx1 2))

  • Note: the set of Boolean variables is always separate from the set of term variables
equality logic the grammar
Equality Logic: the grammar
  • formula : formulaÇformula | :formula | atom
  • atom : term-variable = term-variable | term-variable = constant | Boolean-variable

term-variables are defined over some (possible infinite) domain.

The constants are from the same domain.

expressiveness and complexity
Expressiveness and complexity
  • Allows more natural description of systems,althoughtechnically it is as expressible as Propositional Logic.
  • Clearly NP-hard.
  • In fact, it is in NP, and hence NP-complete, for reasons we shall see later.
equality logic with uninterpreted functions
Equality logic with uninterpreted functions
  • formula : formulaÇformula | :formula | atom
  • atom : term = term | Boolean-variable
  • term : term-variable | function ( list of terms )

term-variables are defined over some (possible infinite) domain.

Note that constants are functions with empty list of terms.

what is an uninterpreted function
What is an uninterpreted function ?
  • The signature  includes in addition to equality, function and predicate symbols.
  • The theory restricts the interpretation of these symbols by a single axiom. For n-ary function F:
  • Sometimes, functional consistency is all that is needed for the proof.
uninterpreted functions
Uninterpreted Functions
  • Uninterpreted functions are used for abstraction.
  • Example: replace ‘+’ with an uninterpreted Binary function f (h1st argi , h 2nd arg i)
  • For example: x1+ x2 = x3+x4 is replaced with
  • fcanrepresent any binary function, not just +.
example circuit transformations
Example: Circuit Transformations
  • Circuits consist of combinationalgates and latches (registers)
  • The combinational gates can be modeled using functions
  • The latches can be modeled with variables

Latch

R1

I

Combi- national part

example circuit transformations10
Example: Circuit Transformations

Some bitvector Input

Some function, say I >> 5

Some other function, say L1 & 100110001…

Some condition on L2

example circuit transformations11
Example: Circuit Transformations
  • A pipeline processes data in stages
  • Data is processed in parallel – as in an assembly line
  • Formal Model:

Stage 1

Stage 2

Stage 3

example circuit transformations12
Example: Circuit Transformations
  • The maximum clock frequency depends on the longest path between two latches
  • Note that the output of g is usedas input to k
  • We want to speed up the design by postponing k to the third stage
  • Also note that the circuit only uses one of L3 or L4, never both
  • We can remove one of the latches
example circuit transformations14
Example: Circuit Transformations
  • Equivalence in this case holds regardless of the actual functions
  • Conclusion: can be decided using Equality Logic and Uninterpreted Functions
ufs equality logic ackermann s reduction

F( ), G( ),…

f1

F2(F1(x)) = 0

f2

f2 =0

UFs  Equality Logic: Ackermann’s reduction
  • For each function in UF:
    • Number function instances (from the inside out)
    • Replace each function instance with a new variable
    • Condition UF with a functional consistency constraint for every pair of instances of thesame function.

Given a formula UF with uninterpreted functions

((x=f1) f1=f2 )  (f2=0)

ackermann s reduction example
Ackermann’s reduction : Example
  • Given the formula(x1x2) Ç (F(x1) =F(x2)) Ç (F(x1) F(x3))which we want to check for validity, we first number the function instances: (x1x2) Ç (F1(x1) =F2(x2)) Ç (F1(x1) F3(x3))
ackermann s reduction example17
Ackermann’s reduction : Example

(x1x2) Ç (F1(x1) =F2(x2)) Ç (F1(x1) F3(x3))

  • Replace each function with a new variable,

(x1x2) Ç (f1 =f2 ) Ç (f1f3 )

  • Condition with Functional Consistency constraints:
ufs equality logic bryant s reduction

F( ), G( ),…

F1(x1) = F2(x2)

case x1=x2 : f1true :f2

f1 =

UFs  Equality Logic: Bryant’s reduction

Given a formula UF with UFs

  • For each function in UF:
    • Number function instances (from the inside out)
    • Replace a function instance Fi with an expression

casex1=xi :f1

x2=xi:f2

xi-1 =xi :fi-1

true :fi

ufs equality logic bryant s reduction19

F( ), G( ),…

F1(x1) = F2(x2)

UFs  Equality Logic: Bryant’s reduction

Given a formula UF with UFs

  • For each function in UF:
    • Number function instances (from the inside out)
    • Replace a function instance Fi with an expression

casex1=xi :f1

x2=xi:f2

xi-1 =xi :fi-1

true :fi

(x1=x2 → f1= f1)Æ

(x1x2 → f1= f2)

bryant s reduction example
Bryant’s reduction: Example
  • x1=x2F1(G1(x1)) =F2(G2(x2))
  • Replace each function with an expression
  • where
using ufs in proofs
Using UFs in proofs
  • Uninterpreted functions gives us the ability to represent an abstract view of functions.
  • It over-approximates the concrete system.

1 + 1 = 1 is a contradiction

But

F(1,1) = 1 is satisfiable !

  • Conclusion: unless we are careful, we can give wrong answers and this way lose soundness.
using ufs in proofs22
Using UFs in proofs
  • In general a sound and incomplete method is more useful than unsound and complete.
  • A soundbutincomplete algorithm:
  • Given a formula with uninterpreted functions UF:
    • Transform it to Equality Logic formula E
    • If E is unsatisfiable return Unsatisfiable
    • Else return ‘Don’t know’
using ufs in proofs23
Using UFs in proofs
  • Question #1: is this useful ?
  • Question #2: can it be made complete in some cases ?
  • When the abstract view is sufficient for the proof, it enables (or simplifies) a mechanicalproof.
  • So when is the abstract view sufficient ?
using ufs in proofs cont d
Using UFs in proofs (cont’d)
  • (common) Proving equivalence between:
    • Two versions of a hardware design
      • e.g., one with and one without a pipeline
    • Source and target of a compiler (“Translation Validation”)
  • (rare) Proving properties that do not rely on the exact functionality of some of the functions.
example translation validation
Example: Translation Validation
  • Assume the source program has the statementz= (x1+y1)  (x2+y2)

which the compiler turned into:u1=x1+y1;u2=x2+y2;z=u1u2 ;

  • We need to prove that:(u1=x1+y1 u2=x2+y2  z=u1u2)z= (x1+y1)  (x2+y2)
example cont d
Example (cont’d)

(u1=x1+y1 u2=x2+y2 z=u1u2) z= (x1+y1)  (x2+y2)

(u1=F1(x1,y1) u2=F2(x2,y2) z=G1(u1,u2)) z=G2(F1(x1,y1), F2(x2,y2))

  • Claim: is valid
  • We will prove this by reducing it to an Equality Logic formula

UF:

uninterpreted functions usability
Uninterpreted Functions: usability
  • Good: each function on the left can be mapped to a function on the right with equivalent arguments
  • Bad: almost all other cases
  • Example:

Left Right

x + x 2x

uninterpreted functions usability28
Uninterpreted Functions: usability
  • This is easy to prove:

x1=x2y1=y2x1+y1=x2+y2

  • This requires knowledge on commutativity:

x1=y2y1= x2x1+y1=x2+y2

  • easy fix:

((x1=x2y1=y2) (x1=y2x2=y1)) f1= f2

  • What about other cases ?useRewriting rules
example equivalence of c programs 1 4
These two functions return the same value regardless if it is ‘*’ or any other function.

Conclusion: we can prove equivalence by replacing ‘*’ with an Uninterpreted Function

Example: equivalence of C programs (1/4)

Power3_new(int in) {

out = (in*in)*in;

return out;

}

Power3(int in) {

out = in;

for (i=0; i < 2; i++)

out = out * in;

return out;

}

example equivalence of c programs 1 430
But first… we need to know how to write programs as equations.

We will learn one out of several options, namely Static Single Assignment for Bounded programs.

Example: equivalence of C programs (1/4)

Power3_new(int in) {

out = (in*in)*in;

return out;

}

Power3(int in) {

out = in;

for (i=0; i < 2; i++)

out = out * in;

return out;

}

from programs to equations
From programs to equations
  • Static Single Assignment (SSA) form

Ma ze???

ssa for bounded programs
SSA for bounded programs
  • For each loop i in a given program, let ki be a bound on its iteration count.
  • Unroll the program according to the bounds.
  • We are left with statements and conditions.
ssa for bounded programs34
:

x = 0;

while (x < y) {

x++;

z = z + y;

}

x = 0;

z = z * 2;

Let k1 = 2

x0 = 0

guard0 = x0 < y0

x1 = guard0 ? x0 + 1:x0

z1 = guard0 ? z0 + y0:z0

guard1 = x1 < y0

x2 = guard1 ? x1 + 1: x1

z2 = guard1 ? z1 + y0: z1

x4 = 0

z3 = z2 * 2

SSA for bounded programs
example equivalence of c programs 2 4
Example: equivalence of C programs (2/4)

Power3_new(int in) {

out = (in*in)*in;

return out;

}

Power3(int in) {

out = in;

for (i=0; i < 2; i++)

out = out * in;

return out;

}

Static Single Assignment (SSA) form:

out0 = inÆ

out1 = out0 * in Æ

out2 = out1 * in

out’0 = (in’ * in’) * in’

Prove that both functions return the same value (out2= out’0) given that in = in’

example equivalence of c programs 3 4
Example: equivalence of C programs (3/4)

Static Single Assignment (SSA) form:

out0 = inÆ

out1 = out0 * in Æ

out2 = out1 * in

out’0 = (in’ * in’) * in’

With Uninterpreted Functions:

out’0 = F4(F3(in’ , in’) , in’)

out0 = inÆ

out1 = F1 (out0 , in) Æ

out2 = F2 (out1 , in)

example equivalence of c programs 4 4
Example: equivalence of C programs (4/4)

With Uninterpreted Functions:

out’0 = F4(F3(in’ , in’) , in’)

out0 = inÆ

out1 = F1 (out0 , in) Æ

out2 = F2 (out1 , in)

Ackermann’s reduction:

Ea: out0 = inÆ

out1 = f1Æ

out2 = f2

Eb: out’0 = f4

The Verification Condition (“the proof obligation”)

((out0 = out1 Æin = in) !f1 = f2) Æ

((out0 = in’ Æin = in’) !f1 = f3) Æ

((out0 = f3Æin= in’) !f1 = f4) Æ

((out1 = in’ Æin= in’) !f2 = f3) Æ

((out1 = f3Æin= in’) !f2 = f4) Æ

((in’ = f3Æin’ = in’) !f3 = f4)

Ea Æ Eb

Æ (in=in’) Æ

!out2 = out’0

uninterpreted functions simplifications
Uninterpreted Functions: simplifications
  • Let n be the number of function instances of F()
  • Both reduction schemes require O(n2) comparisons
  • This can be the bottleneck of the verification effort
  • Solution: try to guess the pairing of functions
  • Still sound: wrong guess can only make a valid formula invalid
ufs simplifications 1
UFs: simplifications (1)
  • Given thatx1 = x1’,x2 = x2’,x3 = x3’,prove² o1 = o2

o1 = (x1 + (a¢x2)) a = x3 + 5 Left

f1f2

o2 = (x1’ + (b¢x2’)) b = x3’ + 5 Right

f3f4

  • 4 function instances  6 comparisons
ufs simplifications 2
UFs: simplifications (2)

o1 = (x1 + (a¢x2)) a = x3 + 5 Left

f1f2

o2 = (x1’ + (b¢x2’)) b = x3’ + 5 Right

f3f4

  • Guess: validity of equivalence does not rely onf1=f2or onf3=f4
  • Conclusion: only enforce functional consistency of pairs (Left,Right)
ufs simplifications 3
UFs: simplifications (3)

o1 = (x1 + (a¢x2)) a = x3 + 5 Left

f1f2

o2 = (x1’ + (b¢x2’)) b = x3’ + 5 Right

f3f4

  • Down to 4 comparisons… (from n(n-1)/2 to n2/4)
  • Another Guess: validity of equivalence only depends on f1 =f3and f2 =f4
  • Pattern matching can be useful here ...
ufs simplifications 4

+

+

Match according

to patterns (‘signatures’):

in

¢

5

in

in

in

f1,f3

f2,f4

UFs: simplifications (4)

o1 = (x1 + (a¢x2)) a = x3 + 5 Left

f1f2

o2 = (x1’ + (b¢x2’)) b = x3’ + 5 Right

f3f4

  • Down to 2 comparisons…
ufs simplifications 5
UFs: simplifications (5)

o1 = (x1 + (a¢x2)) a = x3 + 5 Left

f1f2

o2 = (x1’ + (b¢x2’)) b = x3’ + 5 Right

f3f4

+

+

Propagate through

intermediate variables:

¢

¢

in

in

var

+

in

in

+

5

in

5

in

f1,f3

same example

F

in

F

in

in

F

in

in

Same example

Static Single Assignment (SSA) form:

  • map F1 to F3

out0 = inÆ

out1 = out0 * in Æ

out2 = out1 * in

out’0 = (in’ * in’) * in’

With Uninterpreted Functions:

out’0 = F4(F3(in’ , in’) , in’)

out0 = inÆ

out1 = F1 (out0 , in) Æ

out2 = F2 (out1 , in)

  • map F2 to F4
same example smaller verification condition
Same example, smaller Verification Condition

With Uninterpreted Functions:

out’0 = F4(F3(in’ , in’) , in’)

out0 = inÆ

out1 = F1 (out0 , in) Æ

out2 = F2 (out1 , in)

Ackermann’s reduction:

Eb: out’0 = f4

Ea: out0 = inÆ

out1 = f1Æ

out2 = f2

The Verification Condition has shrunk:

((out0 = in’ Æin = in’) !f1 = f3) Æ

((out1 = f3Æin= in’) !f2 = f4)

Æ (in=in’) ÆEa Æ Eb!out2 = out’0

now with bryant s reduction
now with Bryant’s reduction:

With Uninterpreted Functions:

out’0 = F4(F3(in’ , in’) , in’)

out0 = inÆ

out1 = F1 (out0 , in) Æ

out2 = F2 (out1 , in)

Bryant’s reduction:

Eb: out’0 =

case

case in’=outoÆin’=in : f1

true : f3 =out1

Æ in’=in:: f2

true : f4

Ea: out0 = inÆ

out1 = f1Æ

out2 = f2

The Verification Condition (“the proof obligation”)

Prove validity of:(EaÆEbÆin = in’) !out2 = out’0

so is equality logic with ufs interesting
So is Equality Logic with UFs interesting?
  • It is expressible enough to state something interesting.
  • It is decidable and more efficiently solvable than richer logics, for example in which some functions are interpreted.
  • On the other, hand replacing functions with UF is an abstraction.
  • Models which rely on infinite-type variables are more naturally expressed in this logic in comparison with Propositional Logic.