Linear Functional Fixed-Points Nikolaj Bjørner Joe Hendrix Microsoft Research & Corporation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Linear Functional Fixed-Points
Nikolaj Bjørner Joe Hendrix
Microsoft Research & Corporation
Overview
Linear Functional Fixed-Point Logic (FFP)
Complexity results for FFP:FFP(Propositional) – PSPACE/NP
FFP(Linear/Equalities) – PSPACE
By a reduction to LTLFFP(Non-linear)– NEXPTIME hard/undecidable
Integrating FFP with an SMT solver (Z3)
A list-manipulating program
T T
F
FF
Thead
curr
data(curr) := true;curr := f(curr)
curr = head
T T
T
TT
Thead
curr
curr := head
F F
F
FF
Fhead
curr
Loop invariant: Every data element betweenhead and curr is set to true
F F
F
FF
Thead
curr
The loop invariant
Loop invariant: Every data element betweenhead and curr is set to true
T T
F
FF
T
head
curr
x [head curr] . data(x)f
invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x)))
LFP Inv , x. [ x = curr (data(x) Inv(f(x))) ] (head)
Inv x [ x = curr (data(x) Inv(f(x))) ] (head)
What are practical ways of reasoning with such fixed-points?
uvf
w[Nelson 80]
Some solutions
u v wf f f f
f f
Some solutions
u v wf f f f f
uvbtwnf(u,v,w
)[Rakamarić07
+]
f
w[Nelson 80]
f
Some solutions
u vf f f f
uvbtwnf(u,v,w
)[Rakamarić07
+]
wf. Reachability[Lahiri, Qadeer
06]
f
w[Nelson 80]
B(u) = v
BSet(u)
BSet(f(u))
BSet(f(f(u)))
BSet(v)
R(u,v) u vf f f f
BSet(f(u))
BSet(f(f(u)))
From u reach vand v is the first element satisfyingBSet(v)
From u reach vand everything afteru and up to v satisfies BSet
uvbtwnf(u,v,w
)[Rakamarić07
+]
wf. Reachability[Lahiri, Qadeer
06]
f
w[Nelson 80]
Interpreted sets &
Bounded quant.[Lahiri, Qadeer
08]
Some solutions
Use first-order axioms to encode quantifier-free theory of reachability.
[LQ08] rely on SMT solver Z3 for instantiating axioms using triggers.
Required quantifier support by solver is not so off-the-shelf.
uvbtwnf(u,v,w
)[Rakamarić07
+]
wf. Reachability[Lahiri, Qadeer
06]
f
w[Nelson 80]
Interpreted sets &
Bounded quant.[Lahiri, Qadeer
08]FFP(Prop)
Lin. FFP(Eq)
FFP(Non-linear)Reachable Patterns
[Yorsh+ 06]
wSnS(finite trees) wS1S
(fin. Acyclic lists)
S1S(inf. Acyclic
lists)
SnS(inf. Trees)
wSO(f)(finite linked
lists)
SO(f)(infinite trees)
Some solutions
Many other solutions
[Immerman+ 04] First-order transitive closure
[Møller+ 05] Pointer assertion logic
[Lev-Ami+ 05] Acyclic transtive closure
[McPeak+ 05] Linked lists
[Ranise+ 05] Linked lists
[Balaban+ 07] Single parent heaps
[Bouajjani+ 06-09] Reachability + arithmetic + T
Apologies for relevant omissions.
A Quest for an SMT solver integrationExisting decision procedures for fixed-points use
- Encoding with first-order axioms-Rely on first-order instantiation engine for completeness
- Reduction to automata -Powerful combination with some theories, but flexible combination approach and “low-order” complexity results unclear to us
T T
F
FF
Thead
curr
The DPLL(T) setting for SMT
Theories
Core Theory
SAT solver
Bit-Vectors
Arithmetic
Data-types
E-matching
Arrays
Formula
Rewriting Simplification
Specialized theory solvers interoperateby exchanging learned equalities and clauses with a commoncongruence closure core
Core Theory: Equalities, asserted literalsTheory Core: Equalities, asserted literals, new clauses
T T
F
FF
Thead
curr
Back to the loop invariant
Loop invariant: Every data element betweenhead and curr is set to true
T T
F
FF
Thead
curr
x [head curr] . data(x)f
invariant(head) where invariant(x) = x = curr (data(x) invariant(f(x)))
LFP Inv , x. [ x = curr (data(x) Inv(f(x))) ] (head)
Inv x [ x = curr (data(x) Inv(f(x))) ] (head)
Question:
[data(x) Untilf,x x = curr] (head)
Is there a convenient propositional-like abstraction of fixed-points?
Our Approach: establish and use a connection with Linear Time Temporal Logic for linear functional fixed-points
Inv x [ x = curr (data(x) Inv(f(x))) ] (head)
A Until B
B [A (A Until B)]
X . B [A X]
T T
F
FF
Thead
curr
FFP Temporal Macros
[A(x) Untilf,x B(x)] (a)
R x [B(x) (A(x) R(f(x)))] (a)
[f,x A(x)] (a) [true Untilf,x
A(x)] (a)
[f,x A(x)] (a) [f,x A(x)] (a)
uvbtwnf(u,v,w
)[Rakamanic07
+]
wf. Reachability[Lahiri, Qadeer
06]
f
w[Nelson 80]
Interpreted sets &
Bounded quant.[Lahiri, Qadeer
08]FFP(Prop)
Lin. FFP(Eq)
FFP(Non-linear)Reachable Patterns
[Yorsh+ 06]
wSnS(finite trees) wS1S
(fin. Acyclic lists)
S1S(inf. Acyclic
lists)
SnS(inf. Trees)
wSO(f)(finite linked
lists)
SO(f)(infinite trees)
Some solutions
uvbtwnf(u,v,w
)[Rakamanic07
+]
wf. Reachability[Lahiri, Qadeer
06]
f
w[Nelson 80]
Interpreted sets &
Bounded quant.[Lahiri, Qadeer
08]FFP(Prop)
Lin. FFP(Eq)
FFP(Non-linear)Reachable Patterns
[Yorsh+ 06]
Propositional Linear Time
Temporal Logic
Our approach – a tighter sandwich
?
FFP(Propositional Logic): basic results
[f,x P(f(x))](a) [ f,x P(x)](b) [Q(x) Until f,x
P(f(x))](b)
- Distinguished function f - Unary predicate symbols, P, Q, R- At most one bound variable in
scope at any time [Q(x) Until f,x [P(f(x)) Until f,y R(y)]](b)
FFP(PL): basic results
From LTL to FFP(PL)
P f,x f,x P(f(x))(anchor)
From FFP(PL) to LTL
f,x P(f(x))(a) f,x P(x)(b) Pa Pb
Complexity(FFP(PL)) = Complexity(pLTL)
FFP(Equalities): propositions and equalities
fu v u v
f f f f
f
[True Until f,x x = v](u)
f,x (x = v)(u)
FFP(E): propositions and equalities
fu v w
u v wf f f f
f f
[x w Until f,x x = v](u)
FFP(E): propositions and equalities
btwnf(u,v,w)
[x w Until f,x x = v](u) f,x (x = w)(v)
u v wf f f f f f
FFP(E): propositions and equalities
u vf f f f
B(u) = v
BSet(u)
BSet(f(u))
BSet(f(f(u)))
BSet(v)
R(u,v) u vf f f f
BSet(f(u))
BSet(f(f(u)))
[BSet(f(x)) Until f,x x = v](u)
[BSet(x) Until f,x x = v](u) BSet(v)
FFP(E): propositions and equalities
[ f,x x c](b)
[g,x P(g(x))](a) [f,x P(f(x))](a) [x fff(x) Until f,x x = a](b) [g,x g(g(x)) = x](c)
- Distinguished functions f, g - As long as f and g are separate
- Unary predicate symbols, P, Q, R- At most one bound variable in scope
at any time
FFP(E): A litmus test. Closure under updates.
wp(f(u) := v, [A Until f,x B](w)) f’ := x. if x = u then v
else f(x)= [A Until f,x B](w)[f f’]
A’ := A[f f’], B’ := B[f f’]
= [A’ Until f’,x B’](w)
= ….
= [A’’ Until f,x B’’](w)
A’’ := A’ u x B’’ := B’ (u = x [(u x A’) Until
f,x B’](v))
FFP(E) : reduction to LTL?
From LTL to FFP(E)
P f,x f,x P(f(x))(anchor)
From FFP(E) to LTL?
[f,x x = c f,x P(x)](a) a and b reach c
[f,x x = c f,x P(x)](b) after that there is a
common P state.
FFP(E) : reduction to LTL?
From LTL to FFP(E)
P f,x f,x P(f(x))(anchor)
From FFP(E) to LTL
[f,x (T(x) U(x)) f(x) = b](a)
[f,x (T(x) U(x)) f(x) = c](b)
[f,x (T(x) U(x)) f(x) = a](c)
T b
T
cT
aU
UUObstacle: f is a function.-
The Temporal Next operator does not encode functionality by itself.
FFP(E) encoding forcing functionality
Tableau()
F – acc. cond
PTL PTL*
Normalize f Erasure Functionality axioms
Functionality axioms
FFP(E) encoding forcing functionality
Tableau()
F – acc. cond
PTL PTL*
Normalize f Erasure Functionality axioms
Proposition: Validity for FFP(E) is PSPACE complete
Size of PTL* is quadratic in
Pure pLTL formula
FFP(E) extensions
FFP(NL) – more than one variable in nested bound context
[ f,x [ f,y f(x) y](x)] (a)
NEXPTIME hard FFP(NL) MSO(f)
2FFP(E) – allow nested use of functions f g: [ f,x g(f(x)) = f(g(x))] (a)
2FFP(E) is undecidable
af f f f f f f
af f f f
f f f f
g g g g
ggg g
SMT solver Integration
Most SMT solvers use a DPLL(T) architecture
SAT Equality Core Theories
SAT Equality Core Theories
Literal assignmentsEqualities
Literal assignments
Literal assignmentsEqualitiesLiteral assignments
Lemmas (Conflict Clauses)
SMT solver Integration (Theory)
Property: FFP(E) is stably infiniteIf FFP(E) formula has a model, it has a model of size N, it has a model of size N+1
Theorem: Let T be stably infinite, decidable, and have disjoint signature from f, g, Then quantifier-free formulas over FFP(E) + T are decidable
SMT solver Integration (Incremental)
pLTL Equality Core Theories
pLTL Equality Core Theories
Trace of Literal assignments
EqualitiesLiteral assignments
EqualitiesLiteral assignmentsInvariants
Safety properties
Summary
Linear Functional Fixed-Point Logic (FFP)
Complexity results for FFP:FFP(Propositional) – PSPACE/NP
FFP(Linear/Equalities) – PSPACE
By a reduction to LTLFFP(Non-linear)– NEXPTIME hard/undecidable
Integrating FFP with the SMT solver
Conclusions
We established a sandwich link between
Linear Functional Fixed-Point Logic andPropositional Linear Time Temporal LogicMore sandwiched links plausible, but open.
From DPLL(T) to SMC(T)We show how to integrate a solver based on LTL with an SMT Solver A prototype using CUDD and shows signs of life
Related Documents
