1 A Combination Method for A Combination Method for Generating Interpolants Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05
1 A Combination Method for Generating Interpolants Greta Yorsh Madan Musuvathi Tel Aviv University, Israel Microsoft Research, Redmond, US CAV’05.
Jan 12, 2016
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
A Combination Method for A Combination Method for Generating InterpolantsGenerating Interpolants
Greta Yorsh
Madan Musuvathi
Tel Aviv University, Israel
Microsoft Research, Redmond, US
CAV’05
2
Craig Interpolation TheoremCraig Interpolation Theorem
• A, B first-order formulas
• If A B then there exists a first-order formula C
1. A C2. C B 3. C refers only to AB-common
symbols
• C is an interpolant for (A,B)
3
MotivationMotivation
• Abstraction– forget some information about the system – preserve enough information to show that
an error state is not reachable
• Interpolation– forget some information about A – preserve enough information to show that
B is unsatisfiable
4
MotivationMotivation
• Bounded Model Checking [McMillan, CAV’03]
– abstraction of reachable states – completeness
initial errorreachable in k steps
A-part B-part
C
5
MotivationMotivation
• Bounded model checking [McMillan, CAV’03]
– propositional (hardware) and first-order (software)
• Predicate abstraction refinement [HJMS, POPL’04] – first-order
• Computation of the abstract transition relation [McMillan et al., CAV’05]– propositional
• Exploit prover’s ability to focus on relevant facts
6
Interpolant GenerationInterpolant Generation• Craig interpolation theorem [’57]
– (full) first-order logic– existence of interpolants (cut elimination)
• Pudlak [‘95], Krajicek [’95]– propositional logic
• Pudlak [‘95]– linear inequalities (LI)
• McMillan [TACAS’04]– uninterpreted functions (UF)– the combinated theory of UF and LI
(with boolean combinations)
7
Nelson-Oppen Nelson-Oppen Combination MethodCombination Method
• Satisfiability in a combined theory [’79]
• Given– P1 is a decision procedure for satisfiability in T1
– P2 is a decision procedure for satisfiability in T2
• Combines P1 and P2 into a decision procedure for satisfiability in the combined theory T = T1 T2
8
Interpolant Generation Interpolant Generation in Combined Theory in Combined Theory
• Given– P1 interpolant generation procedure for T1
– P2 interpolant generation procedure for T2
• How to combine P1 and P2 into an interpolant generation procedure for the combined theory T = T1 T2 ?
9
OutlineOutline
• Notations
• Partial interpolants
• Example
• Equality-interpolating theories
• Conclusions
10
First-Order Theory First-Order Theory TT
T entailment modulo theory T
signature– constant, function and relation symbols– equality =
• L is a set of -formulas – assume L is (quantifier free) conjunction of -literals
interpreted symbols– theory of linear inequalities: + , < – theory of Lisp structures: car, cdr, cons, atom
11
Example TheoriesExample Theories
• UF – Uninterpreted Functions contains uninterpreted function symbols: f,g,... is empty – example: f(a,b) = g(c)
• LI - Linear Inequalities contains + , < , 0, 1, 2, ... – example: a < b + 2*c
• Lisp structures = { car, cdr, cons, atom }– example: car(a) = cons(car(b),cdr(c))
12
Theory-Specific InterpolantsTheory-Specific Interpolants
• A, B are formulas in L
• If A B T
then there exists a formula C in L
1. A T C
2. C B T
3. C refers only to AB-common symbols or to symbols in
• C is an interpolant in theory T for (A,B)
13
Example: Lisp StructuresExample: Lisp Structures
– A-local symbols: a, car,cdr,atom– B-local symbols: b, cons
– AB-common symbols: c1,c2,c3
is { car, cdr, cons, atom }
A B
car(a) = c2
c3 = cdr(a)
a = c1
atom(c1)
(b = cons(c2,c3))
c1 = b
• Interpolant for (A,B) in Lisp theory is c1 = cons(c2,c3)
14
Combined Theory TCombined Theory T
• First-order theory T defined as a combination of T1 and T2
– T is T1 T2
(union of axioms / intersection of sets of models)
is 1 1
is 1 2
– disjoint signatures: 1 2 is { = }
15
Interpolants in Combined TheoryInterpolants in Combined Theory
A B
UFa1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)
LI
a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
• A is (f(x1) + x2 = x3)(f(y1) + y2 = y3)(y1 x1)
• B is (x2 = g(b))(y2 = g(b))(x1 y1)(x3 < y3)
• Purify A and B separatelyseparately– AUF ALI is the result of purify(A)– BUF BLI is the result of purify(B)
T is UF LI
16
Interpolants in Combined TheoryInterpolants in Combined Theory
A B
UFa1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)
LI
a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
• Find an interpolant C for (A,B)– C in UF LI
– C uses only AB-common symbols or interpreted symbols UF LI
(+,<, x1,x2,x3,y1,y2,y3)
T is UF LI
17
Interpolant Generation Interpolant Generation in Combined Theory in Combined Theory
• Given– P1 is a decision procedure for T1
– P2 is a decision procedure for T2
• Combine P1 and P2 into an interpolant generation procedure for the combined theory T = T1 T2
18
RequirementsRequirements
• Requirement on procedure P1 (same for P2)– P1 is a decision procedure for satisfiability of T1
– if input is satisfiable P1 generates a new consequence (equality between variables)
– if input of the form AB is unsatisfiable in T1, P1 generates an interpolant for A and B in T1
• Requirement on T1 (and T2)– stably-infinite– convex– equality-interpolating
19
Equality PropagationEquality Propagation
PPUFUFPPUFUF PPLILIPPLILI
a1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
AUF BUF ALI BLI
x1=y1
x2=y2
a1=a2
CLI is interpolant for ALI(a1=a2) and BLI(x2=y2)
CLI is x2-y2 = x3-y3
CLI is not an interpolant for (A,B)
[ CLI ][ ? ][ ? ]
[ ? ][ ? ]
[ ? ][ ? ]
20
ObservationObservation
• CLI is interpolant for ALI(a1=a2) and BLI(x2=y2)
• CLI is not an interpolant for (A,B)
– ALI (a1=a2) T CLI but A T CLI
– a1=a2 follows from A B, but not A alone
• How to “lift” CLI to an interpolant for (A,B) ?
21
The ideaThe idea
• Whenever a new equality generated by a component procedure P1 (or P2),
P1 also generates a formula [?]– “explains” the equality– uses only AB-common symbol– partial interpolant
• An interpolant for (A,B) in UFLI is a boolean combination of CLI and [?],...,[?]
22
Theory-Specific Partial InterpolantsTheory-Specific Partial Interpolants
PP11PP11
A1 B1
x=y
• A1 B1 T1 x=y
• A1 B1 (x=y) T1
23
Theory-Specific Partial InterpolantsTheory-Specific Partial Interpolants
PP11PP11
A1 B1 x=y• A1 B1 T1 x=y
• A1 B1 (x=y) T1
[ C[ CT1T1 ] ]
• CCT1T1(x=y)(x=y) a theory-specific theory-specific partialpartial interpolant of x=y
for A1 and B1 in theory T1 – interpolant for A1 and B1 (x=y)
if x,y B-local AB-common – interpolant for A1 (x=y) and B1
if x,y A-local AB-common
24
• CCT1T1(x=y)(x=y) is a theory-specific partial interpolant of x=y
for A1(a=a’) and B1(b=b’)
in theory T1
• C(x=y)C(x=y) a partial interpolant
of x=y for A and B in T1T2
is a boolean combination of CT1(x=y) and C(a=a’) and C(b=b’)
Partial InterpolantsPartial Interpolants(a=a’)A1 B1(b=b’)
x=y[ ? ][ ? ]
[ C(a=a’) ] [ C(b=b’) ]
PP11PP11
[ C[ CT1T1(x=y) ](x=y) ]
25
ExampleExample
PPUFUFPPUFUF PPLILIPPLILI
a1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
AUF BUF ALI BLI
CUF(a1=a2) for AUF and BUF(x1=y1) is
an interpolant for AUF(a1=a2) and BUF(x1=y1)
x1=y1 [ y1 x1 ]
C(a1=a2) for A and B is CUF(a1=a2) C(x1=y1)
(x1= y1)
a1=a2
(x1=y1) y1 x1
[ y1 < x1 ]
26
ExampleExample
PPUFUFPPUFUF PPLILIPPLILI
a1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
AUF BUF ALI BLI
x1=y1 [ y1 x1 ]
a1=a2 [ y1 < x1 ]
C() for A and B is x2-y2=x3-y3 y1<x1
CLI() interpolant for ALI(a1=a2) and BLI(x2=y2)
CLI() is x2-y2 = x3-y3
x2=y2[ ]
27
PPUFUFPPUFUF PPLILIPPLILI
a1 = f(x1)a2 = f(y1)
x2 = g(b)
y2 = g(b)a1 + x2 = x3
a2 + y2 = y3
y1 x1
x1 y1
x3 < y3
AUF BUF ALI BLI
x1=y1 [ y1 x1 ]
a1=a2 [ y1 < x1 ]
x2=y2[ ]
An interpolant C for A and B is [x2-y2=x3-y3 y1<x1]
ExampleExample
28
Theory-Specific Partial InterpolantsTheory-Specific Partial Interpolants
PP11PP11
A1 B1
e [ C[ CT1T1(e) ](e) ]
• CCT1T1(e)(e) a theory-specific theory-specific partialpartial interpolant of e
for A1 and B1 in theory T1 – interpolant for A1 and B1 e
if e B-local AB-common – interpolant for A1 e and B1
if e A-local AB-common
– if e is a=b a is A-local, b is B-local
– interpolant for A1 and B1 (a=b) ?– interpolant for A1 (a=b) and B1 ?
... to B or not to B ?
29
Equality-Interpolating TheoryEquality-Interpolating Theory
• If A B T (a = b)
– a is A-local, b is B-local
• then there exists a term t – A B T (a = t) (t = b)
– t refers to AB-common symbols only
• Equality-interpolating: UF, LI, Lisp– easy to extend the existing decision
procedures to generate such terms t
30
RequirementsRequirements
• Requirement on P1 (and P2)– P1 is a decision procedure for satisfiability of T1
– if input is satisfiable P1 generates a new consequence (equality between variables)
– if input of the form AB is unsatisfiable in T1, P1 generates an interpolant for A and B in T1
• Requirement on T1 (and T2)– stably-infinite– convex– equality-interpolating
31
SummarySummary
• A method for generating interpolants for combined theories– interpolant-generation procedures P1, P2 used as black-boxes– on top of a Nelson-Oppen procedure– propagate partial interpolants– equality-interpolating theories
• Can be integrated within existing tools– Simplify, Verifun, ICS, CVCLite, Zap
• Extensions– arbitrary quantifier-free formulas, non-convex theories,
non-disjoint signatures, quantifiers
• Application to software model-checking• More support for operations modulo theories
– join, widening, predicate abstraction, counter-example generation
Related Documents
