1 / 19

# - PowerPoint PPT Presentation

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols. Sumit Gulwani George Necula EECS Department University of California, Berkeley. Introduction. Problem Check satisfiability of conjunction of literals Example: x = 2y+3 Æ F(x-3)  F(2y)

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.

## PowerPoint Slideshow about '' - marlow

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

### A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols

Sumit Gulwani George Necula

EECS Department

University of California, Berkeley

Introduction Uninterpreted Function Symbols

• Problem

• Check satisfiability of conjunction of literals

• Example: x = 2y+3 Æ F(x-3)  F(2y)

• Application: program verification

• Existing algorithms

• Linear arithmetic: Gaussian elimination, Simplex

• Uninterpreted function terms: congruence closure

• Combination: Nelson-Oppen, Shostak

• Our proposal

• A randomized algorithm

• We hope to gain: simplicity and efficiency

Outline Uninterpreted Function Symbols

• Linear arithmetic

• Retracting assumptions

• Extension to uninterpreted function symbols

• Experimentation

Algebraic Interpretation of Satisfiability Uninterpreted Function Symbols

1 : (z = x+y) Æ (x = y) Æ (z  0)

2 : (z = x+y) Æ (x = y) Æ (z  2x)

• 1 is satisfiable. For e.g. x=1, y=1, z=2

• 2 is not satisfiable since (z=x+y) Æ (x=y) ) (z=2x)

• Can we "test" the satisfiability of these formulae with low error probability?

Geometric Interpretation of Satisfiability Uninterpreted Function Symbols

1 : (z = x+y) Æ (x = y) Æ (z  0)

2 : (z = x+y) Æ (x = y) Æ (z  2x)

L

L

P

R1: z = 0

R2: z = 2x

Line L: solution space for (z = x+y) Æ (x = y)

IDEA: If we choose points randomly on L, we can easily tell that L ) R1 and L ) R2

Overview of the Algorithm Uninterpreted Function Symbols

• Generate random assignments that satisfy all equality literals

• We do this incrementally

• Adjust them to satisfy each equality literal one by one

• Test them on disequality literals

• If the random assignments satisfy e1 = e2, then the formula ….Æ e1 e2Æ …. is unsatisfiable

Adjust Operation: Algebraic Interpretation Uninterpreted Function Symbols

Notation

• Sample S = collection of assignments

• S ² g = 0 means all assignments in S satisfy g=0

Properties of S’ = Adjust(S, e=0)

• If S ² g=0, then S’ ² g=0

• S’ ² e=0

• If S’ ² g’=0, then 9g (S ² g=0 and g=0 Æ e=0 ) g’=0)

• S’ satisfies exactly one more linearly independent relationship satisfied by S

Adjust Operation: Geometric Interpretation Uninterpreted Function Symbols

Algorithm to obtain S’ = Adjust(S, e=0)

S4

S1

.

Hyperplane e =0

S’1

S’2

S’3

S2

S3

• Assignments = points

• Adjust = projection onto the hyperplane represented by an equality literal

• S’ satisfies e=0 and all relationships satisfied by S

The Satisfiability Procedure Uninterpreted Function Symbols

• IsSatisfiable() =

• let  be

• S Ã R, where R is a random sample

• for i = 1 to k:

The Satisfiability Procedure Uninterpreted Function Symbols

• IsSatisfiable() =

• let  be

• S Ã R, where R is a random sample

• for i = 1 to k:

• if S ² ei+c=0 for some c  0, then return Unsatisfiable

• else if S ² ei=0 then S Ã Adjust(S,ei=0)

• for j = 1 to m:

• if S ² ej’ = 0, then return Unsatisfiable

• return Satisfiable

Completeness Theorem Uninterpreted Function Symbols

• “If IsSatisfiable() returns true, then  is satisfiable”

• Proof:

• The final sample satisfies all the equality literals and the disequality literals in the formula.

Soundness Theorem Uninterpreted Function Symbols

• “If  is satisfiable, then IsSatisfiable() returns true with high-probability”

• Error probability ·

• m: #disequalities

• |F|: size of set from which random values are chosen

• r: #assignments in the initial sample R

• k: #equality literals

• If m = k = 10, |F| ¼ 232, r = 15,

then error probability ·

Complexity Uninterpreted Function Symbols

r = #assignments in the initial sample R

n = #variables

k = #equality literals

• Each adjust operation has cost O(nr)

• Number of adjust operations = O(k)

• Total cost = O(nkr) = O(nk2)

Retracting Assumptions: Motivation Uninterpreted Function Symbols

• if z=x+y then

if x=y then assert (z=2x)

else assert (x=z-y)

• ) decide satisfiability of (z=x+y) Æ (x=y) Æ (z2x)

and (z=x+y) Æ (xy) Æ (xz-y)

• One easy way to retract is to remember old samples

S Uninterpreted Function Symbols4

S1

Hyperplane e =0

S’1

S’2

S’3

S2

S3

• Remember 

• Unadjust(S’,e=0) = S’ [ { }

• (S’ [ { }) ² e=0 iff S ² e=0

Uninterpreted Function Symbols Uninterpreted Function Symbols

• Use Ackerman transformation

• Replace uninterpreted term e with new variable Ve

• For any F(e) and F(e’) add if Ve = Ve’ then VF(e) = VF(e’)

• Example

(x=y) Æ (f(x)=u) Æ (f(y)=w) !

(x=y) Æ (v1=u) Æ (v2=w) Æ (if x=y then v1 = v2)

• Implementation

• After adjusting for an equality, check if any of the conditional literals require adjustment.

Experimental Results Uninterpreted Function Symbols

ICS = Integrated Canonizer and Solver

Comparison with Shostak’s Algorithm Uninterpreted Function Symbols

• Symbolic manipulation vs. expression evaluation

• Shostak’s solver » adjust operation

• Shostak’s canonizer » probabilistic canonical form

Conclusion and Future Work Uninterpreted Function Symbols

• Randomization can help achieve simplicity and efficiency at the expense of making soundness probabilistic

• Generate proofs

• Can we extend these ideas to other theories – inequalities, arrays?

• Integrate symbolic techniques with randomized ones