Efficient Craig Interpolation For Subsets of Integer Linear Arithmetic Himanshu Jain, CMU Edmund M.

Download Report

Transcript Efficient Craig Interpolation For Subsets of Integer Linear Arithmetic Himanshu Jain, CMU Edmund M. 

Efficient Craig Interpolation For
Subsets of Integer Linear Arithmetic
Himanshu Jain, CMU
Edmund M. Clarke, CMU
Orna Grumberg, Technion
1
Interpolants [Craig 1957]
Given formulas F, G such that F Æ G is unsatisfiable
An interpolant for (F,G) is a formula I:
1. F ) I
2. I Æ G is unsatisfiable
3. I contains only common variables of F and G
F(x,y)
I(y)
G(y,z)
2
Interpolants Example
Example 1 (propositional logic):
F := p Æ q
G := : q Æ r Æ s
I := q
Example 2 (linear arithmetic):
F := x + 2y ≤ 3 Æ –x - y ≤ -1
G := y ≥ 3
I := y ≤ 2
F)y≤2
3
Interpolants in Verification [McMillan 2003]
Useful in symbolic model checking
Interpolant
based image
S
Reach1(S)
Computing Reach1(S) requires existential
quantification (costly using BDDs or SAT)
4
Interpolants in Verification [Jhala et al. 2004]
Useful for Property Directed Invariant Generation
Program P
Predicates S
Predicate
Abstraction
Invariants for
P expressible
in terms of S
Interpolants help in finding right set of predicates
5
How are Interpolants Obtained
FÆG
proof of
unsatisfiability
of F Æ G
F, G
Interpolant for (F, G)
6
Existing Work on Computing Interpolants
Pudlak, McMillan, Jhala et al., Yorsh et al., Kapur et al.,
Rybalchenko et al., Kroening et al., Cimatti et al., Beyer et al.
Can efficiently compute interpolants
For rational/real linear arithmetic
For equality with uninterpreted function symbols
Propositional logic (using SAT solvers)
No efficient interpolation algorithms for
Integer linear arithmetic
Bit-vector arithmetic
Decision problem for conjunctions is itself NP-hard
We make progress in this direction.
Difference between rational
and integer linear arithmetic
Let H := x=2y Æ x=2z+1
If x, y, z are rational variables
H is satisfiable (take x=1,y=1/2, z=0)
If x, y, z are integer variables
H is unsatisfiable
7
8
Our results
Polynomial time interpolation algorithms
For useful subsets of integer linear arithmetic
Integer (Diophantine) linear equations
E.g. x = 3y Æ 5x = 3z+u+2 Æ …
Integer linear congruences (modular equations)
E.g. 4x = 2y + 9 (mod 3) Æ 2z + 5x –y = 7 (mod 4) Æ …
Integer linear equations and disequations
E.g. : (4x + 5y = 8) Æ x = 3y Æ …
9
Outline
Introduction
Craig Interpolation
New interpolation algorithms
Related Work
Integer Linear Equations
Integer Linear Congruences
Integer Linear Equations+Disequations
Experimental results
We will only give intuition and examples in the talk. See
paper for precise description of results.
10
Interpolation for Integer Linear Equations
F, G be conjuctions of integer linear equations
We show that interpolant for (F,G) is always:
An integer linear equation or
An integer linear congruence
F := (x = 2y) and G := (x=2z+1)
An interpolant is x = 0 (mod 2)
11
Interpolation Algorithm Step 1
Obtain a proof of unsatisfiability of F Æ G
(How to get a contradiction from F Æ G)
F := (30 x + 4y
= 2)
G := (
y + 5z = 2)
[1/5, 1/5]
1/5 F + 1/5 G is equal to
6x+y+z=4/5 (Contradiction)
12
Interpolation Algorithm Step 2
Sum the equations from F according to
the proof of unsatisfiability
F
G
1/5 (30 x + 4y = 2) + 1/5 (y + 5z = 2)
We do not
want x
6 x + 4/5 y = 2/5
Partial interpolant
13
Interpolation Algorithm Step 3
Remove variables not common to F and G
6 x + 4/5 y = 2/5
4/5 y -2/5 = -6x
) 4/5 y – 2/5 is divisible by 6
) 4/5 y – 2/5 = 0 (mod 6)
) 4y-2=0 (mod 30)
4y - 2 = 0 (mod 30) is an interpolant for (F, G)
We have proved the correctness of above algorithm
14
Complexity of the Algorithm
Obtain proof of unsatisfiability (step 1)
Polynomial time using Hermite Normal Form
Overall algorithm is polynomial time
Can also use modern SMT solvers
Multiple interpolants can be obtained
15
Multiple Interpolants
G := y+5z=2
F := 30x+4y=2
4y – 2 = 0 (mod 10)
4y – 2 = 0 (mod 30)
4y – 2 = 0 (mod 15)
4y – 2 = 0 (mod 5)
16
Outline
Introduction
Craig Interpolation
New interpolation algorithms
Related Work
Integer Linear Equations
Integer Linear Congruences
Integer Linear Equations+Disequations
Experimental results
17
Integer Linear Congruences
a = b (mod m) iff m divides (a-b)
a, b, m can be rational numbers
Integer Linear Congruence: i ai xi = b (mod m)
xi are integer variables
Example: 3x+2y+5z = 0 (mod 6)
SATISFIABLE (x=2,y=0,z=0)
18
Interpolation for Integer Linear Congruences
F, G be conjuctions of integer linear congruences
We show that interpolant for (F,G) is always:
An integer linear congruence
Basic steps same as before
Proof of unsatisfiability is more interesting
19
Proof of Unsatisfiability
Congruences may not hold with rational
multipliers
9 = 5 (mod 2). But 9/4 ≠ 5/4 (mod 2)
We show get a proof of unsatisfiability
With integer multipliers for equations
Congruence hold with integer multipliers
20
Proof of Unsatisfiability for Congruences
2x + 2y = 4 (mod 8) Æ
2 (2x + 2y = 4) (mod 8) +
2x + y = 4 (mod 8) Æ
-4 (2x + y = 4) (mod 8) +
4x
1 (4x
= 4 (mod 8)
0
= 4) (mod 8)
= -4 (mod 8)
Both proofs of unsatisfiability and (multiple) interpolants
can be obtained in polynomial time
21
Outline
Introduction
Craig Interpolation
New interpolation algorithms
Related Work
Integer Linear Equations
Integer Linear Congruences
Integer Linear Equations+Disequations
Experimental results
22
Integer Linear Equations + Disequations
Example: (x+2y+z=1) Æ :(x=1) Æ …
All integer variables
Let F = Feq Æ Fneq
We show F has no integral solution iff
F has no rational solution, OR
Feq has no integral solution
Interpolation for Integer
Linear Equations + Disequations
Given F = Feq Æ Fneq , G = Geq Æ Gneq , F Æ G is unsat
1.
F Æ G has no rational solution
 Interpolant as integer linear eqn/disequation
2. Feq Æ Geq has no integral solution
 Interpolant as integer linear eqn/congruence
23
24
Outline
Introduction
Craig Interpolation
New interpolation algorithms
Related Work
Integer Linear Equations
Integer Linear Congruences
Integer Linear Equations+Disequations
Experimental results
25
Predicate Discovery
void main()
{
int x=0, y=0;
while(*)
{
x = x + 4*nondet();
y = y + 8*nondet();
}
}
assert(x+y != 1);
assert(x+y != 2);
assert(x+y != 3);
C program
Loop invariant:
x+y is divisible by 4
That is, x+y=0 (mod 4)
Such predicates can be
found using our
interpolation algorithms
Existing state-of-the-art tools such as
BLAST, SATABS, VCEGAR cannot verify
these programs.
Predicate Discovery Experiments
the help of predicates found by
Example With
Predicates/Interpolants
Time
our algorithms they can (VCEGAR).
(secs)
ex1
y = 1 (mod 2)
2.72
ex2
x + y = 0 (mod 2)
0.83
ex4
x + y + z = 0 (mod 4)
0.95
ex5
x=0 (mod 4), y=0 (mod 4)
1.1
ex6
4x+2y+z = 0 (mod 8)
0.93
ex7
4x-2y+z = 0 (mod 222)
0.54
forb1
x + y = 0 (mod 3)
0.1
26
27
Conclusion
Efficient Interpolation Algorithms
Integer linear equations
Integer linear congruences
Integer linear equations and disequations
Easy to implement
Proofs of unsatisfiability
Integer linear congruences
Integer linear equations and disequations
28
Future Work
Full integer linear arithmetic
 Cutting-plane proofs/Pudlak’s algorithm
Bit-vector arithmetic
Boolean Combinations using SMT
29
Questions