Transcript Arithmetic constraints and automata

Arithmetic Constraints and Automata
Linear Arithmetic Constraints
• Can be used to represent sets of valuations of unbounded
integers
• Linear integer arithmetic formulas can be stored as a set of
polyhedra
F = Ú Ù ckl
k
l
where each ckl is a linear equality or inequality constraint
and each
Ù ckl
l
is a polyhedron
Linear Arithmetic Constraints
• Disjunction complexity: linear
• Conjunction complexity: quadratic
• Negation complexity: can be exponential
– Because of the disjunctive representation
• Satisfiability and Equivalence checking complexity: can be
exponential
– Uses existential variable elimination
• Post and precondition computation complexity: can be
exponential
– Uses existential variable elimination
• Existential variable elimination can be done by extending
Fourier-Motzkin variable elimination to integers
Fourier-Motzkin Variable Elimination
• Given two constraints   bz and az   we have
a  abz  b
• We can eliminate z as:
z . a  abz  b if and only if
a  b
real shadow
• Every upper and lower bound pair can generate a separate
constraint, the number of constraints can double for each
eliminated variable
Consider the constraints:
y . 0  3y – x  7  1 x – 2y  5
We get the following bounds for y:
2x  6y
3x - 15  6y
6y  2x + 14
6y  3x - 3
When we combine 2 lower bounds with 2 upper
bounds we get four constraints:
0  14 , 3  x , x  29 , 0  12
Result is: 3  x  29
Integers are More Complicated
• If z is integer
z . a  abz  b if a + (a - 1)(b - 1)  b
real shadow
• Remaining solutions can be characterized using periodicity
constraints in the following form:
z .  + i = bz
x – 5  2y
y
2y  x – 1
x  3y
3y  x + 7
3
29
dark shadow
real shadow
x
What About Using BDDs for Encoding Arithmetic
Constraints?
• Arithmetic constraints on bounded integer variables can be
represented using BDDs
• Use a binary encoding
– represent integer x as x0x1x2... xk
– where x0, x1, x2, ... , xk are binary variables
• You have to be careful about the variable ordering!
Arithmetic Constraints vs. BDDs
• Constraint based verification can be more efficient than
BDDs for integers with large domains
• BDD-based verification is more robust
• Constraint based approach does not scale well when there
are boolean or enumerated variables in the specification
• Constraint based verification can be used to automatically
verify infinite state systems
– cannot be done using BDDs
• Price of infinity
– Verification becomes undecidable and fixpoints are not
guaranteed to converge
Fixpoints May Not Converge
• Integer variables can increase without a bound
– state space is infinite
• Verification is undecidable for systems with unbounded
integer variables
• Must use approximation
Widening
• Assuming that i1 and i2 are conjunctions of atomic
constraints (i.e., polyhedra), then
i1  i2 is defined as: all the constraints in i1 which are also
satisfied by i2
Example:
i1 = 0count  count2
i2 = 0count  count3
i1  i2 = 0count
This constraint is not
satisfied by i so we drop it
2
• Replace i2 with i1  i2 in c2
• This generates an upper approximation for the least fixpoint
computation
Automata Representation for Arithmetic Constraints
[Bartzis, Bultan CIAA’02, IJFCS ’02]
• Given an atomic linear arithmetic constraint in one of the
following two forms
v
åa × x = c
i =1
i
i
v
åa × x < c
i =1
i
i
we construct an FA which accepts all the solutions to the
given constraint
• By combining such automata one can handle full
Presburger arithmetic
Basic Construction
• We first construct a basic state machine which
– Reads one bit of each variable at each step, starting
from the least significant bits
– and executes bitwise binary addition and stores the carry
in each step in its state
0
0
/
0
Example
x + 2y
010
+ 2  001
1
0
/
1
0
v
O(å | a |)
i =1
1
1
/
1
0
0
/
1
10 0
Number of states:
0
1
/
0
i
0
1
/
1
1
0
/
0
1
0
1
/
0
1
1
/
0
0
0
/
0
1
0
/
1
1
1
/
1
2
Automaton Construction
• Equality With 0
– All transitions writing 1 go to a sink state
– State labeled 0 is the only accepting state
– For disequations (), state labeled 0 is the only rejecting
state
• Inequality (<0)
– States with negative carries are accepting
– No sink state
• Non-zero Constant Term c
– Same as before, but now -c is the initial state
– If there is no such state, create one (and possibly some
intermediate states which can increase the size by |c|)
Conjunction and Disjunction
• Conjunction and disjunction is handled by generating the
product automaton
001
0,1,1
01
0,1
Automaton for x-y<1
1
0
1
0
1
0
-1
0
1
0
1
00
0,1
11
0,1
Automaton
for 2x-y>0
00
0,1
0
01
0,1
-1
0
1
0
1
1
0
01
0,1
-2
01
1,1
Automaton for x-y<1 
2x-y>0
01
0,1
-1,-1
-1,0
1
0
0
0
1
0
011
1,0,1
0,-1
1
1
0
1
001
0,1,1
0
0
0
0
1
0
1
0
-2,-1
01
1,1
-2,0
0
1
-2,1
1
1
1
0
1
0