1 Cover Algorithms and Their Combination Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond
Cover Algorithms and Their Combination
Dec 30, 2015
Cover Algorithms and Their Combination. Sumit Gulwani, Madan Musuvathi Microsoft Research, Redmond. Cover Definition. Cover operation is useful for simplifying a formula by discarding facts related to a set of variables Given A quantifier-free formula in theory T A set of symbols V - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
1
Cover Algorithms and Their Combination
Sumit Gulwani, Madan MusuvathiMicrosoft Research, Redmond
2
Cover Definition
Cover operation is useful for simplifying a formula by discarding facts related to a set of variables
Given A quantifier-free formula in theory T A set of symbols V
Cover(, V) is The most-precise quantifier-free formula implied by
that does not involve V e.g. Cover(y=f(a+v)–f(b+v), {v}) : (a=b) ) y=0
3
Cover vs. Quantifier Elimination
Quantifier Elimination: Given a quantified formula, output a logically equivalent quantifier-free formula
9V ´ CoverT(,V) if T admits quantifier elimination
Some theories do not: theory of uninterpreted functions Example: f(y) = 0 Cannot say “0 is in the domain of y” without using
quantifiers
Cover(,V) is the most-precise quantifier-free approximation to 9V
4
Applications
Strongest post-condition Useful for abstract interpretation on logical formulas Existential quantification of dead variables SP(, x := e) = 9 x’ ([x’/x] Æ x = e[x’/x])
Image computation Useful for reachability analysis in symbolic model
checking Existential quantification of old state variables Ri+1(S) = 9S’(Ri[S’/S] Æ T(S’,S)) Ç Ri(S)
5
Applications
Procedure summaries Existential quantification of local variables Useful for interprocedural analysis
Interpolants Suppose A ) B. Then I is the Interpolant(A,B) if
A ) I ) B I only contains variables common to A and B
Cover(A, VA) is most precise Interpolant(A,B) :Cover(:B, VB) is least precise Interpolant(A,B)
6
Outline
Symbolic model checking using Cover
Cover algorithm for uninterpreted functions
Cover algorithm for the combination of uninterpreted functions and linear arithmetic
Symbolic Model Checking Algorithm
I(S) : initial states, E(S) : error states T(S’,S) : transition from old state S’ to new state S R(S): reachable states
R0(S) = I(S)
Ri+1(S) = 9S’(Ri[S’/S] Æ T(S’,S)) Ç Ri(S)
Error found if Rn+1(S) Æ E(S) is satisfiable
7
Symbolic Model Checking Using Cover
I(S) : initial states, E(S) : error states T(S’,S) : transition from old state S’ to new state S R(S): reachable states
R0(S) = I(S)
Ri+1(S) = Cover(Ri[S’/S] Æ T(S’,S), S’) Ç Ri(S)
8
Symbolic Model Checking Using Cover
I(S) : initial states, E(S) : error states T(S’,S) : transition from old state S’ to new state S R(S): reachable states
R0(S) = I(S)
Ri+1(S) = Cover(Ri[S’/S] Æ T(S’,S), S’) Ç Ri(S)
This algorithm can find false errors As Cover over-approximates the set of reachable
states
9
Symbolic Model Checking Using Cover
I(S) : initial states, E(S) : error states T(S’,S) : transition from old state S’ to new state S R(S): reachable states
R0(S) = I(S)
Ri+1(S) = Cover(Ri[S’/S] Æ T(S’,S), S’) Ç Ri(S)
Theorem: If the transition system is described using quantifier-free formulas, symbolic model checking using cover is sound and precise
10
11
Outline
Symbolic model checking using Cover
Cover algorithm for uninterpreted functions
Cover algorithm for the combination of uninterpreted functions and linear arithmetic
12
Cover Algorithm for Unary Uninterpreted Functions
Cover(, V) = Erase V from congruence closure of
Example: Let be x=f(v1) Æ y=f(v2) Æ v1 = v2
Cover(, {v1,v2}) is x=y
v1
f
v2
fyx
13
Cover Algorithm for Binary Uninterpreted Functions
The erasure technique does not work Let be x=f(a,v) Æ y=f(b,v) Erasure(, {v}) is true Cover(, {v}) is a=b ) x=y
Cover(, V) is: For all partitions E of congruence classes in
E ) Erasure( Æ E, V)
14
Example
x1
b1
f
v
x2
b2
f
v
a1 v
y
f
f
f
a2 v
y
x1
f
x1
a1 = b1 Æ a2 = b1 )
y
x1
f
x2
a1 = b1 Æ a2 = b2 )
x2 x2
y
x2
f
x1
a1 = b2 Æ a2 = b1 )
y fa1 = b2 Æ a2 = b2 )
Cover(,{v})
Cover(, {v}) can be exponential in
15
Outline
Cover algorithm for linear arithmetic
Cover algorithm for uninterpreted functions
Cover algorithm for combination of theories
16
Combining Cover Algorithms: Idea 1
CoverT1 [ T2(1Æ2, V):
Return CoverT1(1,V) Æ CoverT2
(2,V)
Fails on x=v1+1 Æ y=v2+1 Æ v1=f(z) Æ v2=f(z)
Algorithm returns trueCover is x=y
Solution: Share variable equalities
17
Combining Cover Algorithms: Idea 2
CoverT1 [ T2(1Æ2, V):
E Ã Saturate(1,2)
Return CoverT1(1ÆE,V) Æ CoverT2
(2ÆE,V)
Fails on v=x+1 Æ y=f(v) Algorithm returns trueCover is y=f(x+1)
Solution: Share equalities between variables and “simple” terms
18
Combining Cover Algorithms: Idea 3
CoverT1 [ T2(1Æ2, V):
E Ã Saturate(1,2)
Return CoverT1(1ÆE,V) Æ CoverT2
(2ÆE,V)
Fails on x·v Æ v·y Æ v=f(z,v)Algorithm returns x·yCover is x·y Æ (x=y ) x=f(z,x))
Solution: Share conditional equalities
19
Example
Cover(y=f(a+v)–f(b+v), {v})
v1 = a+v
v2 = b+v
y = v3-v4
v3 = f(v1)
v4 = f(v2)
a=b ) v1=v2
a=b ) v3=v4
a=b ) y=0 true
20
Conclusion
Cover is the most-precise quantifier-free approximation to quantifier elimination
Cover algorithm for uninterpreted functions
Cover algorithm for combination of theories Exchange equalities between variables and good terms Exchange conditional equalities
Related Documents
