Equalities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0

Size: px

Start display at page:

Download "Equalities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0"

Arline Stafford
5 years ago
Views:

1 Equalities and Uninterpreted Functions Chapter 3 Decision Procedures An Algorithmic Point of View D.Kroening O.Strichman Revision 1.0

2 Outline Decision Procedures Equalities and Uninterpreted Functions 2

3 Equality Logic A Boolean combination of Equalities and Propositions x 1 = x 2 (x 2 = x 3 ((x 1 = x 3 ) b x 1 = 2)) We always push negations inside (NNF): x 1 = x 2 (x 2 = x 3 ((x 1 x 3 ) b x 1 2)) Decision Procedures Equalities and Uninterpreted Functions 3

4 Syntax of Equality Logic formula : formula formula formula atom atom : term-variable = term-variable term-variable = constant Boolean-variable The term-variables are defined over some (possible infinite) domain. The constants are from the same domain. The set of Boolean variables is always separate from the set of term variables Decision Procedures Equalities and Uninterpreted Functions 4

5 Expressiveness and complexity Allows more natural description of systems, although technically it is as expressible as Propositional Logic. Obviously NP-hard. In fact, it is in NP, and hence NP-complete, for reasons we shall see later. Decision Procedures Equalities and Uninterpreted Functions 5

6 Equality logic with uninterpreted functions formula : formula formula formula atom atom : term = term Boolean-variable term : term-variable function ( list of terms ) The term-variables are defined over some (possible infinite) domain. Constants are functions with an empty list of terms. Decision Procedures Equalities and Uninterpreted Functions 6

7 Uninterpreted Functions Every function is a mapping from a domain to a range. Example: the + function over the naturals N is a mapping from N N to N. Decision Procedures Equalities and Uninterpreted Functions 7

8 Uninterpreted Functions Suppose we replace + by an uninterpreted binary function f(a, b) Example: x 1 + x 2 = x 3 + x 4 is replaced by f(x 1, x 2 ) = f(x 3, x 4 ) We lost the semantics of +, as f can represent any binary function. Loosing the semantics means that f is not restricted by any axioms or rules of inference. But f is still a function! Decision Procedures Equalities and Uninterpreted Functions 8

9 Uninterpreted Functions The most general axiom for any function is functional consistency. Example: if x = y, then f(x) = f(y) for any function f. Functional consistency axiom schema: x 1 = x 1... x n = x n = f(x 1,..., x n ) = f(x 1,..., x n) Sometimes, functional consistency is all that is needed for a proof. Decision Procedures Equalities and Uninterpreted Functions 9

10 Example: Circuit Transformations Circuits consist of combinational gates and latches (registers) I R 1 Latch Combinational part Decision Procedures Equalities and Uninterpreted Functions 10

Example: Circuit Transformations Circuits consist of combinational gates and latches (registers) I R 1 Latch Combinational part The combinational gates can be

11 Example: Circuit Transformations Circuits consist of combinational gates and latches (registers) I R 1 Latch Combinational part The combinational gates can be modeled using functions The latches can be modeled with variables f(x, y) := x y R 1 = f(r 1, I) Decision Procedures Equalities and Uninterpreted Functions 10

12 Example: Circuit Transformations in F L1 G K H L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

13 Example: Circuit Transformations in in: a primary input of the circuit F L1 G H K L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

14 Example: Circuit Transformations in F in: a primary input of the circuit L1 G F, G, H, K, D: some functions over bit-vectors H K L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

15 Example: Circuit Transformations in F in: a primary input of the circuit L2 C L1 G H K L3 L4 D 1 0 L5 F, G, H, K, D: some functions over bit-vectors L 1,..., L 5 : latches (registers) Decision Procedures Equalities and Uninterpreted Functions 11

16 Example: Circuit Transformations in F in: a primary input of the circuit L2 C L1 G H K L3 L4 D 1 0 F, G, H, K, D: some functions over bit-vectors L 1,..., L 5 : latches (registers) C: a predicate over bit-vectors a multiplexer (case-split) L5 Decision Procedures Equalities and Uninterpreted Functions 11

17 Example: Circuit Transformations in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

18 Example: Circuit Transformations Stage 1 in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

19 Example: Circuit Transformations in F Stage 2 L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

20 Example: Circuit Transformations in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C Stage 3 L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

21 Example: Circuit Transformations in F L2 L1 G K L3 H L4 The maximum clock frequency depends on the longest path between two latches Note that the output of g is used as input to k We want to speed up the design by postponing k to the third stage C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 13

22 Example: Circuit Transformations in F L2 C L1 G H K L3 L4 D 1 0 The maximum clock frequency depends on the longest path between two latches Note that the output of g is used as input to k We want to speed up the design by postponing k to the third stage Also note that the circuit only uses one of L 3 or L 4, never both We can remove one of the latches L5 Decision Procedures Equalities and Uninterpreted Functions 13

23 Example: Circuit Transformations in in F F L1 L 1 G C G H H L2 K L3 L4 =? L L 3 C D K D L5 L 5 Decision Procedures Equalities and Uninterpreted Functions 14

24 Example: Circuit Transformations L 1 = f(i) L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L 1 = f(i) L 2 = c(l 1) L 3 = c(l 1)? g(l 1) : h(l 1) L 5 = L 2? k(l 3) : l(l 3) L 5? = L 5 Decision Procedures Equalities and Uninterpreted Functions 15

25 Example: Circuit Transformations L 1 = f(i) L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L 1 = f(i) L 2 = c(l 1) L 3 = c(l 1)? g(l 1) : h(l 1) L 5 = L 2? k(l 3) : l(l 3) L 5? = L 5 Equivalence in this case holds regardless of the actual functions Conclusion: can be decided using Equality Logic and Uninterpreted Functions Decision Procedures Equalities and Uninterpreted Functions 15

26 Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) F 2 ( F 1 (x) ) = 0 Decision Procedures Equalities and Uninterpreted Functions 16

27 Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) f 1 {}}{ F 2 ( F 1 (x) ) = 0 }{{} f 2 2. Replace each function instance with a new variable f2 = 0 Decision Procedures Equalities and Uninterpreted Functions 16

28 Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) f 1 {}}{ F 2 ( F 1 (x) ) = 0 }{{} f 2 2. Replace each function instance with a new variable f2 = 0 3. Add functional consistency constraint to ϕ UF for every pair of instances of the same function. ((x = f 1 ) (f 2 = f 1 ) f 2 = 0 Decision Procedures Equalities and Uninterpreted Functions 16

29 Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) Decision Procedures Equalities and Uninterpreted Functions 17

30 Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) 2 Replace each function with a new variable: x 1 x 2 f 1 = f 2 f 1 f 3 Decision Procedures Equalities and Uninterpreted Functions 17

31 Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) 2 Replace each function with a new variable: x 1 x 2 f 1 = f 2 f 1 f 3 3 Add functional consistency constraints: (x 1 = x 2 f 1 = f 2 ) (x 1 = x 3 f 1 = f 3 ) (x 2 = x 3 f 2 = f 3 ) Decision Procedures Equalities and Uninterpreted Functions 17

32 Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) F 1 (a) = F 2 (b) Decision Procedures Equalities and Uninterpreted Functions 18

33 Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) 2. Replace each function instance F i with an expression F i F 1 (a) = F 2 (b) F 1 = F 2 Decision Procedures Equalities and Uninterpreted Functions 18

34 Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) 2. Replace each function instance F i with an expression Fi F i := case x 1 = x i : f 1 x 2 = x i : f 2.. x i 1 = x i : f i 1 true : f i F 1 (a) = F 2 (b) F 1 = F 2 f 1 = ( case a = b: f1 true : f 2 Decision Procedures Equalities and Uninterpreted Functions 18

35 Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Decision Procedures Equalities and Uninterpreted Functions 19

36 Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Number the instances: a = b F 1 (G 1 (a) = F 2 (G 2 (b)) Decision Procedures Equalities and Uninterpreted Functions 19

37 Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Number the instances: a = b F 1 (G 1 (a) = F 2 (G 2 (b)) Replace each function application with an expression: where a = b F1 = F2 F1 = f ( 1 case G F2 = 1 = G 2 : f 1 true : f 2 ) G 1 = g ( 1 ) case a = b : G g1 2 = true : g 2 Decision Procedures Equalities and Uninterpreted Functions 19

38 Using uninterpreted functions in proofs Uninterpreted functions give us the ability to represent an abstract view of functions. It over-approximates the concrete system = 1 is a contradiction But F (1, 1) = 1 is satisfiable! Decision Procedures Equalities and Uninterpreted Functions 20

39 Using uninterpreted functions in proofs Uninterpreted functions give us the ability to represent an abstract view of functions. It over-approximates the concrete system = 1 is a contradiction But F (1, 1) = 1 is satisfiable! Conclusion: unless we are careful, we can give wrong answers, and this way, loose soundness. Decision Procedures Equalities and Uninterpreted Functions 20

40 Using uninterpreted functions in proofs In general, a sound but incomplete method is more useful than an unsound but complete method. A sound but incomplete algorithm for deciding a formula with uninterpreted functions ϕ UF : 1 Transform it into Equality Logic formula ϕ E 2 If ϕ E is unsatisfiable, return Unsatisfiable 3 Else return Don t know Decision Procedures Equalities and Uninterpreted Functions 21

41 Using uninterpreted functions in proofs Question #1: is this useful? Decision Procedures Equalities and Uninterpreted Functions 22

42 Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? Decision Procedures Equalities and Uninterpreted Functions 22

43 Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? When the abstract view is sufficient for the proof, it enables (or at least simplifies) a mechanical proof. Decision Procedures Equalities and Uninterpreted Functions 22

44 Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? When the abstract view is sufficient for the proof, it enables (or at least simplifies) a mechanical proof. So when is the abstract view sufficient? Decision Procedures Equalities and Uninterpreted Functions 22

45 Using uninterpreted functions in proofs (common) Proving equivalence between: Two versions of a hardware design (one with and one without a pipeline) Source and target of a compiler ( Translation Validation ) Decision Procedures Equalities and Uninterpreted Functions 23

46 Using uninterpreted functions in proofs (common) Proving equivalence between: Two versions of a hardware design (one with and one without a pipeline) Source and target of a compiler ( Translation Validation ) (rare) Proving properties that do not rely on the exact functionality of some of the functions Decision Procedures Equalities and Uninterpreted Functions 23

47 Example: Translation Validation Assume the source program has the statement z = (x 1 + y 1 ) (x 2 + y 2 ); which the compiler turned into: u 1 = x 1 + y 1 ; u 2 = x 2 + y 2 ; z = u 1 u 2 ; Decision Procedures Equalities and Uninterpreted Functions 24

48 Example: Translation Validation Assume the source program has the statement z = (x 1 + y 1 ) (x 2 + y 2 ); which the compiler turned into: u 1 = x 1 + y 1 ; u 2 = x 2 + y 2 ; z = u 1 u 2 ; We need to prove that: (u 1 = x 1 + y 1 u 2 = x 2 + y 2 z = u 1 u 2 ) (z = (x 1 + y 1 ) (x 2 + y 2 )) Decision Procedures Equalities and Uninterpreted Functions 24

49 Example: Translation Validation Claim: ϕ UF is valid We will prove this by reducing it to an Equality Logic formula ϕ E = (x 1 = x 2 y 1 = y 2 f 1 = f 2 ) (u 1 = f 1 u 2 = f 2 g 1 = g 2 ) ((u 1 = f 1 u 2 = f 2 z = g 1 ) z = g 2 ) Decision Procedures Equalities and Uninterpreted Functions 25

50 Uninterpreted functions: usability Good: each function on the left can be mapped to a function on the right with equivalent arguments Decision Procedures Equalities and Uninterpreted Functions 26

51 Uninterpreted functions: usability Good: each function on the left can be mapped to a function on the right with equivalent arguments Bad: almost all other cases Example: Left x + x Right 2x Decision Procedures Equalities and Uninterpreted Functions 26

52 Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

53 Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

54 Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Fix by adding: (x 1 + y 1 = y 1 + x 1 ) (x 2 + y 2 = y 2 + x 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

55 Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Fix by adding: (x 1 + y 1 = y 1 + x 1 ) (x 2 + y 2 = y 2 + x 2 ) What about other cases? Use more rewriting rules! Decision Procedures Equalities and Uninterpreted Functions 27

56 Example: equivalence of C programs (1/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } These two functions return the same value regardless if it is * or any other function. Conclusion: we can prove equivalence by replacing * with an uninterpreted function Decision Procedures Equalities and Uninterpreted Functions 28

57 From programs to equations But first we need to know how to turn programs into equations. There are several options we will see static single assignment for bounded programs. Decision Procedures Equalities and Uninterpreted Functions 29

58 Static Single Assignment (SSA) form see compiler class Idea: Rename variables such that each variable is assigned exactly once Example: x=x+y; x=x*2; a[i]=100; x 1 =x 0 +y 0 ; x 2 =x 1 *2; a 1 [i 0 ]=100; Decision Procedures Equalities and Uninterpreted Functions 30

59 Static Single Assignment (SSA) form see compiler class Idea: Rename variables such that each variable is assigned exactly once Example: x=x+y; x=x*2; a[i]=100; x 1 =x 0 +y 0 ; x 2 =x 1 *2; a 1 [i 0 ]=100; Read assignments as equalities Generate constraints by simply conjoining these equalities x 1 =x 0 +y 0 ; x x 2 =x 1 *2; 1 = x 0 + y 0 Example: x 2 = x 1 2 a 1 [i 0 ]=100; a 1 [i 0 ] = 100 Decision Procedures Equalities and Uninterpreted Functions 30

60 SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; y=8; if(x) y--; else y++; } z=y+1; Decision Procedures Equalities and Uninterpreted Functions 31

61 SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; } y=8; if(x) y--; else y++; z=y+1; int main() { int x, y, z; } y 1 =8; if(x 0 ) y 2 =y 1-1; else y 3 =y 1 +1; y 4 =φ(y 2, y 3 ); z 1 =y 4 +1; Decision Procedures Equalities and Uninterpreted Functions 31

62 SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; } y=8; if(x) y--; else y++; z=y+1; int main() { int x, y, z; } y 1 =8; if(x 0 ) y 2 =y 1-1; else y 3 =y 1 +1; y 4 =φ(y 2, y 3 ); z 1 =y 4 +1; y 1 = 8 y 2 = y 1 1 y 3 = y y 4 = (x 0 0? y 2 : y 3 ) z 1 = y Decision Procedures Equalities and Uninterpreted Functions 31

63 SSA for bounded programs What about loops? We unwind them! void f(...) {... while(cond) { BODY; }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

64 SSA for bounded programs What about loops? We unwind them! void f(...) {... if(cond) { BODY; while(cond) { BODY; } }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

65 SSA for bounded programs What about loops? We unwind them! void f(...) {... if(cond) { BODY; if(cond) { BODY; while(cond) { BODY; } } }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

66 SSA for bounded programs Some caveats: Unwind how many times? Must preserve locality of variables declared inside loop Decision Procedures Equalities and Uninterpreted Functions 33

67 SSA for bounded programs Some caveats: Unwind how many times? Must preserve locality of variables declared inside loop There is a tool available that does this CBMC C Bounded Model Checker Bound is verified using unwinding assertions Used frequently for embedded software Bound is a run-time guarantee Integrated into Eclipse Decision problem can be exported Decision Procedures Equalities and Uninterpreted Functions 33

68 SSA for bounded programs: CBMC Decision Procedures Equalities and Uninterpreted Functions 34

69 Example: equivalence of C programs (2/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } Decision Procedures Equalities and Uninterpreted Functions 35

70 Example: equivalence of C programs (2/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in Prove that both functions return the same value: out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 35

71 Example: equivalence of C programs (3/4) Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in With uninterpreted functions: out 1 = in out 2 = F (out 1, in) out 3 = F (out 2, in) out 1 = F (F (in, in), in) Decision Procedures Equalities and Uninterpreted Functions 36

72 Example: equivalence of C programs (3/4) Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in With uninterpreted functions: out 1 = in out 2 = F (out 1, in) out 3 = F (out 2, in) out 1 = F (F (in, in), in) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 36

73 Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 37

74 Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 Decision Procedures Equalities and Uninterpreted Functions 37

75 Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 The verification condition: (out 1 = out 2 f 1 = f 2 ) (out 1 = in f 1 = f 3 ) (out 1 = f 3 f 1 = f 4 ) (out 2 = in f 2 = f 3 ) ϕ E a ϕ E b (out 2 = f 3 f 2 = f 3 ) (in = f 3 f 3 = f 4 ) out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 37

76 Uninterpreted functions: simplifications Let n be the number of instances of F () Both reduction schemes require O(n 2 ) comparisons This can be the bottleneck of the verification effort Decision Procedures Equalities and Uninterpreted Functions 38

77 Uninterpreted functions: simplifications Let n be the number of instances of F () Both reduction schemes require O(n 2 ) comparisons This can be the bottleneck of the verification effort Solution: try to guess the pairing of functions Still sound: wrong guess can only make a valid formula invalid Decision Procedures Equalities and Uninterpreted Functions 38

78 Simplifications (1) Given x 1 = x 1, x 2 = x 2, x 3 = x 3, prove = o 1 = o 2. o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right 4 function instances 6 comparisons Decision Procedures Equalities and Uninterpreted Functions 39

79 Simplifications (1) Given x 1 = x 1, x 2 = x 2, x 3 = x 3, prove = o 1 = o 2. o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right 4 function instances 6 comparisons Guess: validity does not rely on f 1 = f 2 or on f 3 = f 4 Idea: only enforce functional consistency of pairs (Left,Right). Decision Procedures Equalities and Uninterpreted Functions 39

80 Simplifications (2) o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Down to 4 comparisons! Decision Procedures Equalities and Uninterpreted Functions 40

81 Simplifications (2) o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Down to 4 comparisons! Another guess: equivalence only depends on f 1 = f 3 and f 2 = f 4 Pattern matching may help here Decision Procedures Equalities and Uninterpreted Functions 40

82 Simplifications (3) o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Match according to patterns ( signatures ) Down to 2 comparisons! + v v v f 1, f 3 + v 5 f 2, f 4 Decision Procedures Equalities and Uninterpreted Functions 41

83 Simplifications (4) o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left Substitute intermediate variables (in the example: a, b) o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 + v v v + v 5 Right

84 Simplifications (4) o 1 = (x 1 + (a x 2 )) a = x }{{} }{{} f 1 f 2 Left Substitute intermediate variables (in the example: a, b) o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 + v Xv v + v 5 Right + v + v v 5 f 1, f 3 Decision Procedures Equalities and Uninterpreted Functions 42

85 The SSA example revisited (1) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 43

86 The SSA example revisited (1) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Map F 1 to F 3 : F v v Map F 2 to F 4 : F v F v v Decision Procedures Equalities and Uninterpreted Functions 43

87 The SSA example revisited (2) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 The verification condition has shrunk: [( ) ] (out1 = in f 1 = f 3 ) ϕ E a ϕ E (out 2 = f 3 f 2 = f 4 ) b out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 44

88 Same example with Bryant s reduction With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Bryant s reduction: out 1 = in ϕ E a : out 2 = f 1 out 3 = f 2 ϕ ( E b : out 1 = case «case in = out1 : f 1 ) = out true : f 2 : f 2 3 true : f 4 The verification condition: (ϕ E a ϕ E b ) out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 45

89 So is Equality Logic with UFs interesting? 1 It is expressible enough to state something interesting. 2 It is decidable and more efficiently solvable than richer logics, for example in which some functions are interpreted. 3 Models which rely on infinite-type variables are expressed more naturally in this logic in comparison with Propositional Logic. Decision Procedures Equalities and Uninterpreted Functions 46

(Yet another) decision procedure for Equality Logic

(Yet another) decision procedure for Equality Logic Ofer Strichman and Orly Meir echnion echnion 1 Equality Logic 0 0 0 1 0 1 E : (x 1 = x 2 Æ (x 2 x 3 Ç x 1 x 3 )) Domain: x 1,x 2,x 3 2 N he satisfiability