Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier...
-
Upload
lee-mathews -
Category
Documents
-
view
220 -
download
0
description
Transcript of Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier...
![Page 1: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/1.jpg)
Synthesis, Analysis, and VerificationLecture 08
Lectures: Viktor Kuncak
BAPA: Quantifier Elimination and Decision ProceduresWS1S: Automata-Based Decision Procedure
![Page 2: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/2.jpg)
Boolean Algebra with Presburger Arithmetic
![Page 3: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/3.jpg)
Quantifier Elimination
Usually harder than just satisfiability checkingHigh-level idea:
– express everything using cardinalities– separate integer arithmetic and set part
(using auxiliary integer variables)– reduce set quantifier to integer quantifier– eliminate integer quantifier– eliminate auxiliary integer variables
![Page 4: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/4.jpg)
Eliminate Quantifier
![Page 5: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/5.jpg)
![Page 6: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/6.jpg)
Eliminate Quantifier
![Page 7: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/7.jpg)
Eliminate Quantifier
![Page 8: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/8.jpg)
Eliminate Quantifier
![Page 9: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/9.jpg)
Eliminate Quantifier
![Page 10: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/10.jpg)
Another Example
![Page 11: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/11.jpg)
![Page 12: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/12.jpg)
Quantifier-free Boolean Algebra with Presburger Arithmetic (QFBAPA)
• If sets are over integers:
φASTc
::= φ ∨ φ, φ ∧ φ, ¬ φ, A::= S = S, S S, T = T, T ≤ T⊆::= si, , S S, S ∅ ∪ ∩ S, S \ S::= ki, c, c · T, T + T, T - T, |S|::= …, -2, -1, 0, 1, 2, …
AS
::= …, T S∈::= …, { T }
![Page 13: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/13.jpg)
A Decision Procedure for QFBAPA| A | > 1 A B | B ∧ ⊆ ∧ ∩ C | ≤ 2
A
B C
k7
k6
k5k4
k3k2
k1k0
k1 + k4 + k5 + k7 > 1k1 + k5 = 0k6 + k7 ≤ 2
∀ i { 0, …, 7 } .∈ ki ≥ 0
k4 = k7 = 1 ∀ i { 4, 7 } .∉ ki = 0
A = { 1, 2 }, B = { 1, 2 }, C = { 2 }
![Page 14: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/14.jpg)
A Decision Procedure for QFBAPA
• Simple proof of decidability.• Very simple linear arithmetic constraints, but…• …for n set variables, uses 2n integer variables• Two orthogonal ways to improve it
– sparse solutions– identifying independent constraints
![Page 15: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/15.jpg)
Sparse Solutions
The difficulty of the general problem reduces tointeger linear programming problemswith many integer variablesbut still polynomially many constraints.
card(A B) = k1 card(B C) = k2
x1 + x2 + x3 + x5 + x6 + x7 = k1 x6 + x7 = k2
23
61
4
A B
C5 7
0
![Page 16: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/16.jpg)
![Page 17: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/17.jpg)
Caratheodory theorem
Vector v of dimension d is a convex combination of { a1 , … , an }
Then it is a convex combination of a subset { ak(1) , … , ak(d+1) } of (d+1) of them
![Page 18: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/18.jpg)
ILP associated w/ formula of size n
x1 + x2 + x3 + x5 + x6 + x7 = p . . . x6 + x7 = q
n equations
2n variables
Integer linear programming problem: for non-negative xi
Are there sparse solutions where O(nk) variables are non-zero?for reals - yes, matrix rank is O(n) for non-negative reals
for non-negative integers- yes, Caratheodory them- Eisenbrand, Shmonin’06
Integer Caratheodory thm. (only when coefficients are bounded)
![Page 19: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/19.jpg)
Independent Constraints
A
B
C
D
AB
C
| A U B | = 3 C ∧ ⊆D
| A \ B | = | C |
![Page 20: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/20.jpg)
Independent Constraints
• A and C are only indirectly related.• All that matters is that the models for B are
compatible.
| A U B | = 4 | B ∧ ∩ C | = 2
AB
B
C
![Page 21: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/21.jpg)
When can Models be Combined?|A| = 1 |B| = 1 ∧ ∧ |A ∩ B| = 1 ∧ |A| = 1 |C| = 1 ∧ ∧ |A ∩ C| = 1 ∧ |B| = 1 |C| = 1 ∧ ∧ |B ∩ C| = 0
A A
B
B
C C
The models are pairwise compatible, yet cannot be combined.
![Page 22: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/22.jpg)
When can Models be Combined?
• Let φ1, …, φn be BAPA constraints.• Let V be the set of all set variables that appear
in at least two constraints.• Models M1, …, Mn for φ1, …, φn can be
combined into a model M for φ1 … ∧ ∧ φn if and only if they “agree” on the sizes of all Venn regions of the variables in V.
Theorem 3
![Page 23: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/23.jpg)
When can Models be Combined?|A| = 1 |B| = 1 |A ∧ ∧ ∩ B| = 1 ∧ |A| = 1 |C| = 1 |A ∧ ∧ ∩ C| = 1 ∧ |B| = 1 |C| = 1 |B ∧ ∧ ∩ C| = 0
A A
B
B
C C
V = { A, B, C } and models don’t agree on | A ∩ B ∩ C |.
![Page 24: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/24.jpg)
|A \ B| > |A ∩ B| B ∧ ∩ C ∩ D = |B \ D| > |B \ ∅ ∧C|
A
BB
BD
C
A,B B,C,DB
![Page 25: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/25.jpg)
|A \ B| > |A ∩ B| ∧ B ∩ C ∩ D = ∅ ∧ |B \ D| > |B \ C|
A
BB
BD
C
k3
k2
k1k0
k5
k4
k13
k11
k12
k10
k9
k8
k7k6
k0 + k1 = k4
k2 + k3 = k5
k4 = k6 + k8 + k9 + k12
k5 = k7 + k10 + k11 + k13
k1 > k3 k∧ 13 = 0 k∧ 7 + k10 > k7 + k11A,B B,C,DB
![Page 26: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/26.jpg)
|A \ B| > |A ∩ B| B ∧ ∩ C ∩ D = |B \ D| > |B \ ∅ ∧C|
A
BB
BD
C
A,B B,C,DB22 23
21
k3
k2
k1k0
k5
k4
k13
k11
k12
k10
k9
k8
k7k6
![Page 27: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/27.jpg)
Hypertree Decomposition
A,B
B,C C,D,E
C,D,F F,G
B C,D
G
|A ∪ B| ≤ 3 C ∧ B ⊆ |(C ∧ ∩ D) \ E| = 2
∧ |(C ∩ F) \ D| = 2 G ∧ F⊆
• Hyperedges correspond to applications of Theorem 3.
![Page 28: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/28.jpg)
Functional Programs: Example• Given:
def length(lst : List[Int]) : Int = lst match { case Nil 0⇒ case Cons(x, xs) 1 + length(xs)⇒}
length(list) > | content(list) | ∧ content(Nil) = ∅ ∧ ∀ x: Int, xs: List[Int] : content(Cons(x, xs)) = { x } content(xs)∀ ∪ ∧ length(Nil) = 0 ∧ ∀ x: Int, xs: List[Int] : length(Cons(x, xs)) = 1 + length(xs)∀
def content(lst: List[Int]) : Set[Int] = lst match { case Nil ⇒ ∅ case Cons(x, xs) { x } content(xs)⇒ ∪}
• We want to prove: ∀ list : List[Int] . | content(list) | ≤ length(list)
• SMT query:
![Page 29: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/29.jpg)
JVM
• Maintains the hypertree decomposition• Translates constraints on sets to constraints on integers• Lifts integer model to model for sets
• Reasons about all other theories• Communicates new BAPA constraints
• Notifies when push/pop occurs
System Architecture
![Page 30: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/30.jpg)
WS1S
• Weak Monadic Second-Order Logic of One Successor
• Like BAPA, allows quantification over sets• Unlike BAPA, does not allow |A|=|B|• However, it allows talking about lists
– BAPA talks only about identities of elements– (There is a way to combine WS1S and BAPA)
• WS1S generalizes to WSkS – reachability in trees!
![Page 31: Synthesis, Analysis, and Verification Lecture 08 Lectures: Viktor Kuncak BAPA: Quantifier Elimination and Decision Procedures WS1S: Automata-Based Decision.](https://reader035.fdocuments.in/reader035/viewer/2022070605/5a4d1ad27f8b9ab059971e3a/html5/thumbnails/31.jpg)
A Verification Condition in WS1S