Equalities and Uninterpreted Functions. Chapter 3. Decision Procedures. An Algorithmic Point of View. Revision 1.0

Similar documents
(Yet another) decision procedure for Equality Logic

SMT BASICS WS 2017/2018 ( ) LOGIC SATISFIABILITY MODULO THEORIES. Institute for Formal Models and Verification Johannes Kepler Universität Linz

CSE507. Satisfiability Modulo Theories. Computer-Aided Reasoning for Software. Emina Torlak

Warm-Up Problem. Is the following true or false? 1/35

Satisfiability Modulo Theories (SMT)

First-Order Logic (FOL)

Tutorial 1: Modern SMT Solvers and Verification

CS156: The Calculus of Computation

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

Dynamic Semantics. Dynamic Semantics. Operational Semantics Axiomatic Semantics Denotational Semantic. Operational Semantics

Equality Logic and Uninterpreted Functions

Sample Problems for all sections of CMSC250, Midterm 1 Fall 2014

Title: Logical Agents AIMA: Chapter 7 (Sections 7.4 and 7.5)

Description Logics. Deduction in Propositional Logic. franconi. Enrico Franconi

First-Order Theorem Proving and Vampire. Laura Kovács (Chalmers University of Technology) Andrei Voronkov (The University of Manchester)

Functions. Computers take inputs and produce outputs, just like functions in math! Mathematical functions can be expressed in two ways:

The Calculus of Computation: Decision Procedures with Applications to Verification. Part I: FOUNDATIONS. by Aaron Bradley Zohar Manna

CS156: The Calculus of Computation Zohar Manna Winter 2010

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008

First-Order Theorem Proving and Vampire

Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11 CSE

Learning Goals of CS245 Logic and Computation

Motivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory

Proof Techniques (Review of Math 271)

A brief introduction to Logic. (slides from

Automated Program Verification and Testing 15414/15614 Fall 2016 Lecture 8: Procedures for First-Order Theories, Part 2

Logic. Propositional Logic: Syntax. Wffs

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Algorithmic verification

Topics in Model-Based Reasoning

CSC 7101: Programming Language Structures 1. Axiomatic Semantics. Stansifer Ch 2.4, Ch. 9 Winskel Ch.6 Slonneger and Kurtz Ch. 11.

Formal Verification Methods 1: Propositional Logic

CS1021. Why logic? Logic about inference or argument. Start from assumptions or axioms. Make deductions according to rules of reasoning.

Lecture 13: Soundness, Completeness and Compactness

Overview. CS389L: Automated Logical Reasoning. Lecture 7: Validity Proofs and Properties of FOL. Motivation for semantic argument method

An Introduction to Z3

Part 1: Propositional Logic

First-order resolution for CTL

Lecture 7. Logic. Section1: Statement Logic.

Proof Rules for Correctness Triples

PROPOSITIONAL LOGIC. VL Logik: WS 2018/19

CS156: The Calculus of Computation Zohar Manna Autumn 2008

Normal Forms of Propositional Logic

KE/Tableaux. What is it for?

Propositional Logic: Models and Proofs

Decision Procedures for Equality Logic and Uninterpreted Functions

1 Circuit Complexity. CS 6743 Lecture 15 1 Fall Definitions

02 Propositional Logic

The Simplify Theorem Prover

NP-Completeness I. Lecture Overview Introduction: Reduction and Expressiveness

Solving Quantified Verification Conditions using Satisfiability Modulo Theories

Lecture 2: Syntax. January 24, 2018

Tecniche di Verifica. Introduction to Propositional Logic

The Eager Approach to SMT. Eager Approach to SMT

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Essential facts about NP-completeness:

CHAPTER1: Digital Logic Circuits Combination Circuits

Logic. Propositional Logic: Syntax

Symbolic Trajectory Evaluation (STE): Orna Grumberg Technion, Israel

Price: $25 (incl. T-Shirt, morning tea and lunch) Visit:

Abstractions and Decision Procedures for Effective Software Model Checking

Proving languages to be nonregular

Introduction to Artificial Intelligence Propositional Logic & SAT Solving. UIUC CS 440 / ECE 448 Professor: Eyal Amir Spring Semester 2010

Chapter 4: Computation tree logic

COMP219: Artificial Intelligence. Lecture 20: Propositional Reasoning

Propositional Resolution

Artificial Intelligence Chapter 7: Logical Agents

Contribution of Problems

Propositional Logic: Part II - Syntax & Proofs 0-0

CS2742 midterm test 2 study sheet. Boolean circuits: Predicate logic:

NP-Completeness. Algorithmique Fall semester 2011/12

Notes on induction proofs and recursive definitions

Section 1.1: Logical Form and Logical Equivalence

Deductive Verification

COP4020 Programming Languages. Introduction to Axiomatic Semantics Prof. Robert van Engelen

Propositional Logic: Syntax

CMPE12 - Notes chapter 1. Digital Logic. (Textbook Chapter 3)

Digital Control of Electric Drives

Alan Bundy. Automated Reasoning LTL Model Checking

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

Introduction to Logic in Computer Science: Autumn 2006

Decision Procedures for Satisfiability and Validity in Propositional Logic

LOGIC PROPOSITIONAL REASONING

Computational Logic. Davide Martinenghi. Spring Free University of Bozen-Bolzano. Computational Logic Davide Martinenghi (1/30)

Herbrand Theorem, Equality, and Compactness

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

Logic for Computer Scientists

Deductive Systems. Lecture - 3

Přednáška 12. Důkazové kalkuly Kalkul Hilbertova typu. 11/29/2006 Hilbertův kalkul 1

Propositional Reasoning

Hoare Logic: Reasoning About Imperative Programs

Basing Decisions on Sentences in Decision Diagrams

Logical agents. Chapter 7. Chapter 7 1

n Empty Set:, or { }, subset of all sets n Cardinality: V = {a, e, i, o, u}, so V = 5 n Subset: A B, all elements in A are in B

Overview. Discrete Event Systems Verification of Finite Automata. What can finite automata be used for? What can finite automata be used for?

Leonardo de Moura Microsoft Research

First Order Logic: Syntax and Semantics

NP-Complete Reductions 2

Z = F(X) Combinational circuit. A combinational circuit can be specified either by a truth table. Truth Table

Using the Prover I: Lee Pike. June 3, NASA Langley Formal Methods Group Using the Prover I:

Transcription:

Equalities and Uninterpreted Functions Chapter 3 Decision Procedures An Algorithmic Point of View D.Kroening O.Strichman Revision 1.0

Outline Decision Procedures Equalities and Uninterpreted Functions 2

Equality Logic A Boolean combination of Equalities and Propositions x 1 = x 2 (x 2 = x 3 ((x 1 = x 3 ) b x 1 = 2)) We always push negations inside (NNF): x 1 = x 2 (x 2 = x 3 ((x 1 x 3 ) b x 1 2)) Decision Procedures Equalities and Uninterpreted Functions 3

Syntax of Equality Logic formula : formula formula formula atom atom : term-variable = term-variable term-variable = constant Boolean-variable The term-variables are defined over some (possible infinite) domain. The constants are from the same domain. The set of Boolean variables is always separate from the set of term variables Decision Procedures Equalities and Uninterpreted Functions 4

Expressiveness and complexity Allows more natural description of systems, although technically it is as expressible as Propositional Logic. Obviously NP-hard. In fact, it is in NP, and hence NP-complete, for reasons we shall see later. Decision Procedures Equalities and Uninterpreted Functions 5

Equality logic with uninterpreted functions formula : formula formula formula atom atom : term = term Boolean-variable term : term-variable function ( list of terms ) The term-variables are defined over some (possible infinite) domain. Constants are functions with an empty list of terms. Decision Procedures Equalities and Uninterpreted Functions 6

Uninterpreted Functions Every function is a mapping from a domain to a range. Example: the + function over the naturals N is a mapping from N N to N. Decision Procedures Equalities and Uninterpreted Functions 7

Uninterpreted Functions Suppose we replace + by an uninterpreted binary function f(a, b) Example: x 1 + x 2 = x 3 + x 4 is replaced by f(x 1, x 2 ) = f(x 3, x 4 ) We lost the semantics of +, as f can represent any binary function. Loosing the semantics means that f is not restricted by any axioms or rules of inference. But f is still a function! Decision Procedures Equalities and Uninterpreted Functions 8

Uninterpreted Functions The most general axiom for any function is functional consistency. Example: if x = y, then f(x) = f(y) for any function f. Functional consistency axiom schema: x 1 = x 1... x n = x n = f(x 1,..., x n ) = f(x 1,..., x n) Sometimes, functional consistency is all that is needed for a proof. Decision Procedures Equalities and Uninterpreted Functions 9

Example: Circuit Transformations Circuits consist of combinational gates and latches (registers) I R 1 Latch Combinational part Decision Procedures Equalities and Uninterpreted Functions 10

Example: Circuit Transformations Circuits consist of combinational gates and latches (registers) I R 1 Latch Combinational part The combinational gates can be modeled using functions The latches can be modeled with variables f(x, y) := x y R 1 = f(r 1, I) Decision Procedures Equalities and Uninterpreted Functions 10

Example: Circuit Transformations in F L1 G K H L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

Example: Circuit Transformations in in: a primary input of the circuit F L1 G H K L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

Example: Circuit Transformations in F in: a primary input of the circuit L1 G F, G, H, K, D: some functions over bit-vectors H K L2 L3 L4 C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 11

Example: Circuit Transformations in F in: a primary input of the circuit L2 C L1 G H K L3 L4 D 1 0 L5 F, G, H, K, D: some functions over bit-vectors L 1,..., L 5 : latches (registers) Decision Procedures Equalities and Uninterpreted Functions 11

Example: Circuit Transformations in F in: a primary input of the circuit L2 C L1 G H K L3 L4 D 1 0 F, G, H, K, D: some functions over bit-vectors L 1,..., L 5 : latches (registers) C: a predicate over bit-vectors a multiplexer (case-split) L5 Decision Procedures Equalities and Uninterpreted Functions 11

Example: Circuit Transformations in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

Example: Circuit Transformations Stage 1 in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

Example: Circuit Transformations in F Stage 2 L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

Example: Circuit Transformations in F L1 G K H A pipeline processes data in stages Data is processed in parallel as in an assembly line Formal model: L 1 = f(i) L2 C Stage 3 L3 L4 D 1 0 L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L5 Decision Procedures Equalities and Uninterpreted Functions 12

Example: Circuit Transformations in F L2 L1 G K L3 H L4 The maximum clock frequency depends on the longest path between two latches Note that the output of g is used as input to k We want to speed up the design by postponing k to the third stage C D 1 0 L5 Decision Procedures Equalities and Uninterpreted Functions 13

Example: Circuit Transformations in F L2 C L1 G H K L3 L4 D 1 0 The maximum clock frequency depends on the longest path between two latches Note that the output of g is used as input to k We want to speed up the design by postponing k to the third stage Also note that the circuit only uses one of L 3 or L 4, never both We can remove one of the latches L5 Decision Procedures Equalities and Uninterpreted Functions 13

Example: Circuit Transformations in in F F L1 L 1 G C G H H L2 K L3 L4 =? L 2 1 0 L 3 C D K D 1 0 1 0 L5 L 5 Decision Procedures Equalities and Uninterpreted Functions 14

Example: Circuit Transformations L 1 = f(i) L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L 1 = f(i) L 2 = c(l 1) L 3 = c(l 1)? g(l 1) : h(l 1) L 5 = L 2? k(l 3) : l(l 3) L 5? = L 5 Decision Procedures Equalities and Uninterpreted Functions 15

Example: Circuit Transformations L 1 = f(i) L 2 = L 1 L 3 = k(g(l 1 )) L 4 = h(l 1 ) L 5 = c(l 2 )? L 3 : l(l 4 ) L 1 = f(i) L 2 = c(l 1) L 3 = c(l 1)? g(l 1) : h(l 1) L 5 = L 2? k(l 3) : l(l 3) L 5? = L 5 Equivalence in this case holds regardless of the actual functions Conclusion: can be decided using Equality Logic and Uninterpreted Functions Decision Procedures Equalities and Uninterpreted Functions 15

Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) F 2 ( F 1 (x) ) = 0 Decision Procedures Equalities and Uninterpreted Functions 16

Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) f 1 {}}{ F 2 ( F 1 (x) ) = 0 }{{} f 2 2. Replace each function instance with a new variable f2 = 0 Decision Procedures Equalities and Uninterpreted Functions 16

Transforming UFs to Equality Logic using Ackermann s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) f 1 {}}{ F 2 ( F 1 (x) ) = 0 }{{} f 2 2. Replace each function instance with a new variable f2 = 0 3. Add functional consistency constraint to ϕ UF for every pair of instances of the same function. ((x = f 1 ) (f 2 = f 1 ) f 2 = 0 Decision Procedures Equalities and Uninterpreted Functions 16

Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) Decision Procedures Equalities and Uninterpreted Functions 17

Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) 2 Replace each function with a new variable: x 1 x 2 f 1 = f 2 f 1 f 3 Decision Procedures Equalities and Uninterpreted Functions 17

Ackermann s reduction: Example Suppose we want to check x 1 x 2 F (x 1 ) = F (x 2 ) F (x 1 ) F (x 3 ) for validity. 1 First number the function instances: x 1 x 2 F 1 (x 1 ) = F 2 (x 2 ) F 1 (x 1 ) F 3 (x 3 ) 2 Replace each function with a new variable: x 1 x 2 f 1 = f 2 f 1 f 3 3 Add functional consistency constraints: (x 1 = x 2 f 1 = f 2 ) (x 1 = x 3 f 1 = f 3 ) (x 2 = x 3 f 2 = f 3 ) Decision Procedures Equalities and Uninterpreted Functions 17

Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) F 1 (a) = F 2 (b) Decision Procedures Equalities and Uninterpreted Functions 18

Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) 2. Replace each function instance F i with an expression F i F 1 (a) = F 2 (b) F 1 = F 2 Decision Procedures Equalities and Uninterpreted Functions 18

Transforming UFs to Equality Logic using Bryant s reduction Given: a formula ϕ UF with uninterpreted functions For each function in ϕ UF : 1. Number function instances (from the inside out) 2. Replace each function instance F i with an expression Fi F i := case x 1 = x i : f 1 x 2 = x i : f 2.. x i 1 = x i : f i 1 true : f i F 1 (a) = F 2 (b) F 1 = F 2 f 1 = ( case a = b: f1 true : f 2 Decision Procedures Equalities and Uninterpreted Functions 18

Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Decision Procedures Equalities and Uninterpreted Functions 19

Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Number the instances: a = b F 1 (G 1 (a) = F 2 (G 2 (b)) Decision Procedures Equalities and Uninterpreted Functions 19

Example of Bryant s reduction Original formula: a = b F (G(a) = F (G(b)) Number the instances: a = b F 1 (G 1 (a) = F 2 (G 2 (b)) Replace each function application with an expression: where a = b F1 = F2 F1 = f ( 1 case G F2 = 1 = G 2 : f 1 true : f 2 ) G 1 = g ( 1 ) case a = b : G g1 2 = true : g 2 Decision Procedures Equalities and Uninterpreted Functions 19

Using uninterpreted functions in proofs Uninterpreted functions give us the ability to represent an abstract view of functions. It over-approximates the concrete system. 1 + 1 = 1 is a contradiction But F (1, 1) = 1 is satisfiable! Decision Procedures Equalities and Uninterpreted Functions 20

Using uninterpreted functions in proofs Uninterpreted functions give us the ability to represent an abstract view of functions. It over-approximates the concrete system. 1 + 1 = 1 is a contradiction But F (1, 1) = 1 is satisfiable! Conclusion: unless we are careful, we can give wrong answers, and this way, loose soundness. Decision Procedures Equalities and Uninterpreted Functions 20

Using uninterpreted functions in proofs In general, a sound but incomplete method is more useful than an unsound but complete method. A sound but incomplete algorithm for deciding a formula with uninterpreted functions ϕ UF : 1 Transform it into Equality Logic formula ϕ E 2 If ϕ E is unsatisfiable, return Unsatisfiable 3 Else return Don t know Decision Procedures Equalities and Uninterpreted Functions 21

Using uninterpreted functions in proofs Question #1: is this useful? Decision Procedures Equalities and Uninterpreted Functions 22

Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? Decision Procedures Equalities and Uninterpreted Functions 22

Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? When the abstract view is sufficient for the proof, it enables (or at least simplifies) a mechanical proof. Decision Procedures Equalities and Uninterpreted Functions 22

Using uninterpreted functions in proofs Question #1: is this useful? Question #2: can it be made complete in some cases? When the abstract view is sufficient for the proof, it enables (or at least simplifies) a mechanical proof. So when is the abstract view sufficient? Decision Procedures Equalities and Uninterpreted Functions 22

Using uninterpreted functions in proofs (common) Proving equivalence between: Two versions of a hardware design (one with and one without a pipeline) Source and target of a compiler ( Translation Validation ) Decision Procedures Equalities and Uninterpreted Functions 23

Using uninterpreted functions in proofs (common) Proving equivalence between: Two versions of a hardware design (one with and one without a pipeline) Source and target of a compiler ( Translation Validation ) (rare) Proving properties that do not rely on the exact functionality of some of the functions Decision Procedures Equalities and Uninterpreted Functions 23

Example: Translation Validation Assume the source program has the statement z = (x 1 + y 1 ) (x 2 + y 2 ); which the compiler turned into: u 1 = x 1 + y 1 ; u 2 = x 2 + y 2 ; z = u 1 u 2 ; Decision Procedures Equalities and Uninterpreted Functions 24

Example: Translation Validation Assume the source program has the statement z = (x 1 + y 1 ) (x 2 + y 2 ); which the compiler turned into: u 1 = x 1 + y 1 ; u 2 = x 2 + y 2 ; z = u 1 u 2 ; We need to prove that: (u 1 = x 1 + y 1 u 2 = x 2 + y 2 z = u 1 u 2 ) (z = (x 1 + y 1 ) (x 2 + y 2 )) Decision Procedures Equalities and Uninterpreted Functions 24

Example: Translation Validation Claim: ϕ UF is valid We will prove this by reducing it to an Equality Logic formula ϕ E = (x 1 = x 2 y 1 = y 2 f 1 = f 2 ) (u 1 = f 1 u 2 = f 2 g 1 = g 2 ) ((u 1 = f 1 u 2 = f 2 z = g 1 ) z = g 2 ) Decision Procedures Equalities and Uninterpreted Functions 25

Uninterpreted functions: usability Good: each function on the left can be mapped to a function on the right with equivalent arguments Decision Procedures Equalities and Uninterpreted Functions 26

Uninterpreted functions: usability Good: each function on the left can be mapped to a function on the right with equivalent arguments Bad: almost all other cases Example: Left x + x Right 2x Decision Procedures Equalities and Uninterpreted Functions 26

Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Fix by adding: (x 1 + y 1 = y 1 + x 1 ) (x 2 + y 2 = y 2 + x 2 ) Decision Procedures Equalities and Uninterpreted Functions 27

Uninterpreted functions: usability This is easy to prove: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = x 2 + y 2 ) This requires commutativity: (x 1 = x 2 y 1 = y 2 ) (x 1 + y 1 = y 2 + x 2 ) Fix by adding: (x 1 + y 1 = y 1 + x 1 ) (x 2 + y 2 = y 2 + x 2 ) What about other cases? Use more rewriting rules! Decision Procedures Equalities and Uninterpreted Functions 27

Example: equivalence of C programs (1/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } These two functions return the same value regardless if it is * or any other function. Conclusion: we can prove equivalence by replacing * with an uninterpreted function Decision Procedures Equalities and Uninterpreted Functions 28

From programs to equations But first we need to know how to turn programs into equations. There are several options we will see static single assignment for bounded programs. Decision Procedures Equalities and Uninterpreted Functions 29

Static Single Assignment (SSA) form see compiler class Idea: Rename variables such that each variable is assigned exactly once Example: x=x+y; x=x*2; a[i]=100; x 1 =x 0 +y 0 ; x 2 =x 1 *2; a 1 [i 0 ]=100; Decision Procedures Equalities and Uninterpreted Functions 30

Static Single Assignment (SSA) form see compiler class Idea: Rename variables such that each variable is assigned exactly once Example: x=x+y; x=x*2; a[i]=100; x 1 =x 0 +y 0 ; x 2 =x 1 *2; a 1 [i 0 ]=100; Read assignments as equalities Generate constraints by simply conjoining these equalities x 1 =x 0 +y 0 ; x x 2 =x 1 *2; 1 = x 0 + y 0 Example: x 2 = x 1 2 a 1 [i 0 ]=100; a 1 [i 0 ] = 100 Decision Procedures Equalities and Uninterpreted Functions 30

SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; y=8; if(x) y--; else y++; } z=y+1; Decision Procedures Equalities and Uninterpreted Functions 31

SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; } y=8; if(x) y--; else y++; z=y+1; int main() { int x, y, z; } y 1 =8; if(x 0 ) y 2 =y 1-1; else y 3 =y 1 +1; y 4 =φ(y 2, y 3 ); z 1 =y 4 +1; Decision Procedures Equalities and Uninterpreted Functions 31

SSA for bounded programs What about if? Branches are handled using φ-nodes. int main() { int x, y, z; } y=8; if(x) y--; else y++; z=y+1; int main() { int x, y, z; } y 1 =8; if(x 0 ) y 2 =y 1-1; else y 3 =y 1 +1; y 4 =φ(y 2, y 3 ); z 1 =y 4 +1; y 1 = 8 y 2 = y 1 1 y 3 = y 1 + 1 y 4 = (x 0 0? y 2 : y 3 ) z 1 = y 4 + 1 Decision Procedures Equalities and Uninterpreted Functions 31

SSA for bounded programs What about loops? We unwind them! void f(...) {... while(cond) { BODY; }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

SSA for bounded programs What about loops? We unwind them! void f(...) {... if(cond) { BODY; while(cond) { BODY; } }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

SSA for bounded programs What about loops? We unwind them! void f(...) {... if(cond) { BODY; if(cond) { BODY; while(cond) { BODY; } } }... Remainder; } Decision Procedures Equalities and Uninterpreted Functions 32

SSA for bounded programs Some caveats: Unwind how many times? Must preserve locality of variables declared inside loop Decision Procedures Equalities and Uninterpreted Functions 33

SSA for bounded programs Some caveats: Unwind how many times? Must preserve locality of variables declared inside loop There is a tool available that does this CBMC C Bounded Model Checker Bound is verified using unwinding assertions Used frequently for embedded software Bound is a run-time guarantee Integrated into Eclipse Decision problem can be exported Decision Procedures Equalities and Uninterpreted Functions 33

SSA for bounded programs: CBMC Decision Procedures Equalities and Uninterpreted Functions 34

Example: equivalence of C programs (2/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } Decision Procedures Equalities and Uninterpreted Functions 35

Example: equivalence of C programs (2/4) int power3(int in) { out = in; } for(i=0; i<2; i++) out = out * in; return out; int power3 new(int in) { out = (in*in)*in; return out; } Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in Prove that both functions return the same value: out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 35

Example: equivalence of C programs (3/4) Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in With uninterpreted functions: out 1 = in out 2 = F (out 1, in) out 3 = F (out 2, in) out 1 = F (F (in, in), in) Decision Procedures Equalities and Uninterpreted Functions 36

Example: equivalence of C programs (3/4) Static single assignment (SSA) form: out 1 = in out 2 = out 1 in out 1 = (in in) in out 3 = out 2 in With uninterpreted functions: out 1 = in out 2 = F (out 1, in) out 3 = F (out 2, in) out 1 = F (F (in, in), in) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 36

Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 37

Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 Decision Procedures Equalities and Uninterpreted Functions 37

Example: equivalence of C programs (4/4) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 The verification condition: (out 1 = out 2 f 1 = f 2 ) (out 1 = in f 1 = f 3 ) (out 1 = f 3 f 1 = f 4 ) (out 2 = in f 2 = f 3 ) ϕ E a ϕ E b (out 2 = f 3 f 2 = f 3 ) (in = f 3 f 3 = f 4 ) out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 37

Uninterpreted functions: simplifications Let n be the number of instances of F () Both reduction schemes require O(n 2 ) comparisons This can be the bottleneck of the verification effort Decision Procedures Equalities and Uninterpreted Functions 38

Uninterpreted functions: simplifications Let n be the number of instances of F () Both reduction schemes require O(n 2 ) comparisons This can be the bottleneck of the verification effort Solution: try to guess the pairing of functions Still sound: wrong guess can only make a valid formula invalid Decision Procedures Equalities and Uninterpreted Functions 38

Simplifications (1) Given x 1 = x 1, x 2 = x 2, x 3 = x 3, prove = o 1 = o 2. o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right 4 function instances 6 comparisons Decision Procedures Equalities and Uninterpreted Functions 39

Simplifications (1) Given x 1 = x 1, x 2 = x 2, x 3 = x 3, prove = o 1 = o 2. o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right 4 function instances 6 comparisons Guess: validity does not rely on f 1 = f 2 or on f 3 = f 4 Idea: only enforce functional consistency of pairs (Left,Right). Decision Procedures Equalities and Uninterpreted Functions 39

Simplifications (2) o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Down to 4 comparisons! Decision Procedures Equalities and Uninterpreted Functions 40

Simplifications (2) o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Down to 4 comparisons! Another guess: equivalence only depends on f 1 = f 3 and f 2 = f 4 Pattern matching may help here Decision Procedures Equalities and Uninterpreted Functions 40

Simplifications (3) o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 Right Match according to patterns ( signatures ) Down to 2 comparisons! + v v v f 1, f 3 + v 5 f 2, f 4 Decision Procedures Equalities and Uninterpreted Functions 41

Simplifications (4) o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left Substitute intermediate variables (in the example: a, b) o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 + v v v + v 5 Right

Simplifications (4) o 1 = (x 1 + (a x 2 )) a = x }{{} 3 + 5 }{{} f 1 f 2 Left Substitute intermediate variables (in the example: a, b) o 2 = (x 1 + (b x }{{ 2) ) b = x3 + 5 }}{{} f 3 f 4 + v Xv v + v 5 Right + v + v v 5 f 1, f 3 Decision Procedures Equalities and Uninterpreted Functions 42

The SSA example revisited (1) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Decision Procedures Equalities and Uninterpreted Functions 43

The SSA example revisited (1) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Map F 1 to F 3 : F v v Map F 2 to F 4 : F v F v v Decision Procedures Equalities and Uninterpreted Functions 43

The SSA example revisited (2) With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Ackermann s reduction: out 1 = in ϕ E a : out 2 = f 1 ϕ E b : out 1 = f 4 out 3 = f 2 The verification condition has shrunk: [( ) ] (out1 = in f 1 = f 3 ) ϕ E a ϕ E (out 2 = f 3 f 2 = f 4 ) b out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 44

Same example with Bryant s reduction With numbered uninterpreted functions: out 1 = in out 2 = F 1 (out 1, in) out 1 = F 4(F 3 (in, in), in) out 3 = F 2 (out 2, in) Bryant s reduction: out 1 = in ϕ E a : out 2 = f 1 out 3 = f 2 ϕ ( E b : out 1 = case «case in = out1 : f 1 ) = out true : f 2 : f 2 3 true : f 4 The verification condition: (ϕ E a ϕ E b ) out 3 = out 1 Decision Procedures Equalities and Uninterpreted Functions 45

So is Equality Logic with UFs interesting? 1 It is expressible enough to state something interesting. 2 It is decidable and more efficiently solvable than richer logics, for example in which some functions are interpreted. 3 Models which rely on infinite-type variables are expressed more naturally in this logic in comparison with Propositional Logic. Decision Procedures Equalities and Uninterpreted Functions 46

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback