Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg

Size: px

Start display at page:

Download "Interpolation. Seminar Slides. Betim Musa. 27 th June Albert-Ludwigs-Universität Freiburg"

Willis Martin Austin
5 years ago
Views:

1 Interpolation Seminar Slides Albert-Ludwigs-Universität Freiburg Betim Musa 27 th June 2015

2 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) { l 3 x := x + 1; l 4 i := i + 1; } assert (x == a + b); 27 th June 2015 Betim Musa Interpolation 2 / 22

3 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) { l 3 x := x + 1; l 4 i := i + 1; } Prove correctness (CEGAR approach) Idea: Show that all traces from l 0 to l err are infeasible. l err assert (x!= a + b); 27 th June 2015 Betim Musa Interpolation 2 / 22

4 Motivation program add(int a, int b) { var x,i : int; l 0 assume(b 0); l 1 x := a; l 2 i := 0; while(i < b) { l 3 x := x + 1; l 4 i := i + 1; } Prove correctness (CEGAR approach) Idea: Show that all traces from l 0 to l err are infeasible. 1 Choose an error trace τ. 2 Show that τ is infeasible. 3 Compute interpolants for τ. l err assert (x!= a + b); 27 th June 2015 Betim Musa Interpolation 2 / 22

5 Contents A bit of history Interpolation What is an interpolant? Interpolation in Propositional Logic Interpolation in First-Order Logic Conclusion References 27 th June 2015 Betim Musa Interpolation 3 / 22

6 Bit of history W. Craig (1957), Linear reasoning. A new form of the Herbrand-Gentzen theorem 27 th June 2015 Betim Musa Interpolation 4 / 22

7 Bit of history W. Craig (1957), Linear reasoning. A new form of the Herbrand-Gentzen theorem K. L. McMillan (2003), Interpolation and SAT-Based Model Checking 27 th June 2015 Betim Musa Interpolation 4 / 22

8 Bit of history W. Craig (1957), Linear reasoning. A new form of the Herbrand-Gentzen theorem K. L. McMillan (2003), Interpolation and SAT-Based Model Checking A. Cimatti et al. (2007), Efficient Interpolant Generation in SMT 27 th June 2015 Betim Musa Interpolation 4 / 22

9 Contents A bit of history Interpolation What is an interpolant? Interpolation in Propositional Logic Interpolation in First-Order Logic Conclusion References 27 th June 2015 Betim Musa Interpolation 5 / 22

10 Interpolant An interpolant I for the unsatisfiable pair of formulae A,B has the following properties: 27 th June 2015 Betim Musa Interpolation 6 / 22

11 Interpolant An interpolant I for the unsatisfiable pair of formulae A,B has the following properties: A = I 27 th June 2015 Betim Musa Interpolation 6 / 22

12 Interpolant An interpolant I for the unsatisfiable pair of formulae A,B has the following properties: A = I I B is unsatisfiable 27 th June 2015 Betim Musa Interpolation 6 / 22

13 Interpolant An interpolant I for the unsatisfiable pair of formulae A,B has the following properties: A = I I B is unsatisfiable I A and I B (symbol condition) 27 th June 2015 Betim Musa Interpolation 6 / 22

14 Contents A bit of history Interpolation What is an interpolant? Interpolation in Propositional Logic Interpolation in First-Order Logic Conclusion References 27 th June 2015 Betim Musa Interpolation 7 / 22

15 Interpolation in Propositional Logic Ingredients 1 a pair of unsatisfiable formulae A, B 2 a resolution proof of their unsatisfiability 27 th June 2015 Betim Musa Interpolation 8 / 22

16 Interpolation in Propositional Logic Resolution A B {}}{{}}{ Prove unsatisfiability of P ( P R) R 27 th June 2015 Betim Musa Interpolation 9 / 22

17 Interpolation in Propositional Logic Resolution A B {}}{{}}{ Prove unsatisfiability of P ( P R) R P ( P R) R 27 th June 2015 Betim Musa Interpolation 9 / 22

18 Interpolation in Propositional Logic Resolution A B {}}{{}}{ Prove unsatisfiability of P ( P R) R P ( P R) R R 27 th June 2015 Betim Musa Interpolation 9 / 22

19 Interpolation in Propositional Logic Resolution A B {}}{{}}{ Prove unsatisfiability of P ( P R) R P ( P R) R R false 27 th June 2015 Betim Musa Interpolation 9 / 22

20 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

21 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. For every vertex v of the proof define the interpolant ITP(v) as follows: C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

22 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. For every vertex v of the proof define the interpolant ITP(v) as follows: if v is an input node C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

23 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. For every vertex v of the proof define the interpolant ITP(v) as follows: if v is an input node 1 if v A then ITP(v) = global_literals(v) 2 else ITP(v) = true C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

24 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. For every vertex v of the proof define the interpolant ITP(v) as follows: if v is an input node 1 if v A then ITP(v) = global_literals(v) 2 else ITP(v) = true else v must have two predecessors v 1,v 2 and p v is the pivot variable. C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

25 Interpolation in Propositional Logic Given: unsatisfiable formulae A, B and a proof of unsatisfiability. For every vertex v of the proof define the interpolant ITP(v) as follows: if v is an input node 1 if v A then ITP(v) = global_literals(v) 2 else ITP(v) = true else v must have two predecessors v 1,v 2 and p v is the pivot variable. 1 if p v is local to A, then ITP(v) = ITP(v 1 ) ITP(v 2 ) 2 else ITP(v) = ITP(v 1 ) ITP(v 2 ) C 1 C 2... C n v v false 27 th June 2015 Betim Musa Interpolation 10 / 22

26 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R R false 27 th June 2015 Betim Musa Interpolation 11 / 22

27 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R ITP(P) = FALSE P ( P R) R R false 27 th June 2015 Betim Musa Interpolation 11 / 22

28 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R ITP(P) = FALSE ITP( P R) = R P ( P R) R R false 27 th June 2015 Betim Musa Interpolation 11 / 22

29 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R ITP(P) = FALSE ITP( P R) = R ITP( R) = TRUE R false 27 th June 2015 Betim Musa Interpolation 11 / 22

30 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R R ITP(P) = FALSE ITP( P R) = R ITP( R) = TRUE ITP(R) = ITP(P) ITP( P R) false 27 th June 2015 Betim Musa Interpolation 11 / 22

31 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R R false ITP(P) = FALSE ITP( P R) = R ITP( R) = TRUE ITP(R) = ITP(P) ITP( P R) ITP(false) = ITP(R) ITP( R) 27 th June 2015 Betim Musa Interpolation 11 / 22

32 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R R false ITP(P) = FALSE ITP( P R) = R ITP( R) = TRUE ITP(R) = ITP(P) ITP( P R) ITP(false) = ITP(R) ITP( R) 27 th June 2015 Betim Musa Interpolation 11 / 22

33 Interpolation in Propositional Logic Example A B {}}{{}}{ Formula: P ( P R) R P ( P R) R R false ITP(P) = FALSE ITP( P R) = R ITP( R) = TRUE ITP(R) = ITP(P) ITP( P R) ITP(false) = ITP(R) ITP( R) The resulting interpolant: ITP(false) = (FALSE R) TRUE = R 27 th June 2015 Betim Musa Interpolation 11 / 22

34 Contents A bit of history Interpolation What is an interpolant? Interpolation in Propositional Logic Interpolation in First-Order Logic Conclusion References 27 th June 2015 Betim Musa Interpolation 12 / 22

35 Interpolation in First-Order Logic Overview Interesting theories in practice 27 th June 2015 Betim Musa Interpolation 13 / 22

36 Interpolation in First-Order Logic Overview Interesting theories in practice Linear Integer Arithmetic Presburger Arithmetic Equality Theory with Uninterpreted Functions Theory of Arrays Theory of Lists 27 th June 2015 Betim Musa Interpolation 13 / 22

37 Interpolation in First-Order Logic Overview Interesting theories in practice Linear Integer Arithmetic Presburger Arithmetic Equality Theory with Uninterpreted Functions Theory of Arrays Theory of Lists Requirements SAT-Solver (lazy) a theory solver (T-Solver) 27 th June 2015 Betim Musa Interpolation 13 / 22

38 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? 27 th June 2015 Betim Musa Interpolation 14 / 22

39 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 27 th June 2015 Betim Musa Interpolation 14 / 22

40 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 27 th June 2015 Betim Musa Interpolation 14 / 22

41 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 3 Check the current assignment for consistency (T-solver) 27 th June 2015 Betim Musa Interpolation 14 / 22

42 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 3 Check the current assignment for consistency (T-solver) inconsistent, T-solver returns a conflict set η, add its negation as a T-lemma 27 th June 2015 Betim Musa Interpolation 14 / 22

43 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 3 Check the current assignment for consistency (T-solver) inconsistent, T-solver returns a conflict set η, add its negation as a T-lemma consistent, go on with assignment of next variable 27 th June 2015 Betim Musa Interpolation 14 / 22

44 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 3 Check the current assignment for consistency (T-solver) inconsistent, T-solver returns a conflict set η, add its negation as a T-lemma consistent, go on with assignment of next variable 4 If a truth value is assigned to all variables = SAT 27 th June 2015 Betim Musa Interpolation 14 / 22

45 SMT: Satisfiability Modulo Theory Is a given FOL-formula φ satisfiable with respect to the theory T? Procedure (lazy approach) 1 Encode as a boolean formula φ 2 Assign a truth value to some variable (SAT-Solver) 3 Check the current assignment for consistency (T-solver) inconsistent, T-solver returns a conflict set η, add its negation as a T-lemma consistent, go on with assignment of next variable 4 If a truth value is assigned to all variables = SAT 5 If no assignment left = UNSAT 27 th June 2015 Betim Musa Interpolation 14 / 22

46 SMT-SAT (lazy approach) Illustration φ 27 th June 2015 Betim Musa Interpolation 15 / 22

47 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula 27 th June 2015 Betim Musa Interpolation 15 / 22

48 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula start new assign. SAT-Solver 27 th June 2015 Betim Musa Interpolation 15 / 22

49 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula start new assign. assign some var. SAT-Solver 27 th June 2015 Betim Musa Interpolation 15 / 22

50 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula assign some var. start new assign. SAT-Solver consistent? T-Solver 27 th June 2015 Betim Musa Interpolation 15 / 22

51 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula assign some var. start new assign. SAT-Solver consistent consistent? T-Solver 27 th June 2015 Betim Musa Interpolation 15 / 22

52 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula assign some var. start new assign. SAT-Solver inconsist. (store conflict set) consistent T-Solver consistent? 27 th June 2015 Betim Musa Interpolation 15 / 22

53 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula assign some var. start new assign. all vars. assigned SAT-Solver inconsist. (store conflict set) consistent consistent? SAT T-Solver 27 th June 2015 Betim Musa Interpolation 15 / 22

54 SMT-SAT (lazy approach) Illustration φ φ encode as boolean formula assign some var. start new assign. all vars. assigned SAT-Solver inconsist. (store conflict set) consistent T-Solver consistent? no assignment left SAT UNSAT 27 th June 2015 Betim Musa Interpolation 15 / 22

55 Interpolation in SMT Setting Given two formulae c 1 = x 1 x 2 x 3 and c 2 = x 2 x 3 c 1 c 2 = x 2 x 3 27 th June 2015 Betim Musa Interpolation 16 / 22

56 Interpolation in SMT Setting Given two formulae c 1 = x 1 x 2 x 3 and c 2 = x 2 x 3 c 1 c 2 = x 2 x 3 c 1 \ c 2 = x 1 27 th June 2015 Betim Musa Interpolation 16 / 22

57 Interpolation in SMT Generate an interpolant for the conjunction A B. 27 th June 2015 Betim Musa Interpolation 17 / 22

58 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B 27 th June 2015 Betim Musa Interpolation 17 / 22

59 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) 27 th June 2015 Betim Musa Interpolation 17 / 22

60 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: 27 th June 2015 Betim Musa Interpolation 17 / 22

61 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B 27 th June 2015 Betim Musa Interpolation 17 / 22

62 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B if C B, then I C 27 th June 2015 Betim Musa Interpolation 17 / 22

63 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B if C B, then I C For every inner node C of P obtained by resolution from C 1 = p φ 1,C 2 = p φ 2, 27 th June 2015 Betim Musa Interpolation 17 / 22

64 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B if C B, then I C For every inner node C of P obtained by resolution from C 1 = p φ 1,C 2 = p φ 2, if p / B, then I C I C1 I C2 27 th June 2015 Betim Musa Interpolation 17 / 22

65 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B if C B, then I C For every inner node C of P obtained by resolution from C 1 = p φ 1,C 2 = p φ 2, if p / B, then I C I C1 I C2 else I C I C1 I C2 27 th June 2015 Betim Musa Interpolation 17 / 22

66 Interpolation in SMT Generate an interpolant for the conjunction A B. Compute a proof of unsatisfiability P for A B For every T lemma η in P compute an interpolant I η for (η \ B,η B) For every input clause C in P: if C A, then I C C B if C B, then I C For every inner node C of P obtained by resolution from C 1 = p φ 1,C 2 = p φ 2, if p / B, then I C I C1 I C2 else I C I C1 I C2 Output the interpolant at the root node, namely I 27 th June 2015 Betim Musa Interpolation 17 / 22

67 Conclusion Interpolation an important technique in software verification 27 th June 2015 Betim Musa Interpolation 18 / 22

68 Conclusion Interpolation an important technique in software verification available for many relevant theories (e.g. LIA, Equality with UF, Arrays, Lists) 27 th June 2015 Betim Musa Interpolation 18 / 22

69 Conclusion Interpolation an important technique in software verification available for many relevant theories (e.g. LIA, Equality with UF, Arrays, Lists) research in progress for other theories 27 th June 2015 Betim Musa Interpolation 18 / 22

70 Summary What is interpolation? automatically generalize formulae and preserve relevant parts 27 th June 2015 Betim Musa Interpolation 19 / 22

71 Summary What is interpolation? automatically generalize formulae and preserve relevant parts interpolant (Craig s definition) 27 th June 2015 Betim Musa Interpolation 19 / 22

72 Summary What is interpolation? automatically generalize formulae and preserve relevant parts interpolant (Craig s definition) 27 th June 2015 Betim Musa Interpolation 19 / 22

73 Summary What is interpolation? automatically generalize formulae and preserve relevant parts interpolant (Craig s definition) How does it work? Propositional Logic: resolution proof 27 th June 2015 Betim Musa Interpolation 19 / 22

74 Summary What is interpolation? automatically generalize formulae and preserve relevant parts interpolant (Craig s definition) How does it work? Propositional Logic: resolution proof First-Order Logic: Resolution proof, Theory interpolation 27 th June 2015 Betim Musa Interpolation 19 / 22

75 Future work A theory where no efficient interpolation algorithm exists theory of non-linear integer arithmetic (e.g. x 2 + y 2 = 1) 27 th June 2015 Betim Musa Interpolation 20 / 22

76 References I A. Cimatti, A. Griggio, R. Sebastiani. Efficient Interpolant Generation in SMT. K.L.McMillan. Interpolation and SAT-based Model Checking. Philipp Rümmer Craig Interpolation in SAT and SMT interpolation_philipp.pdf D. Kroening, G. Weissenbacher. Lifting Propositional Interpolants to the Word-Level. 27 th June 2015 Betim Musa Interpolation 21 / 22

77 References II Wikipedia Satisfiability Modulo Theories. Modulo_Theories 27 th June 2015 Betim Musa Interpolation 22 / 22

Tutorial 1: Modern SMT Solvers and Verification

University of Illinois at Urbana-Champaign Tutorial 1: Modern SMT Solvers and Verification Sayan Mitra Electrical & Computer Engineering Coordinated Science Laboratory University of Illinois at Urbana