Decision Procedures in Verification Decision Procedures (2) - PowerPoint PPT Presentation

Decision Procedures in Verification Decision Procedures (2) 6.01.2020 Viorica Sofronie-Stokkermans e-mail: sofronie@uni-koblenz.de 1

Until now: Logical theories Satisfiability w.r.t. a theory / Validity w.r.t. a theory Decidable theories / Undecidable theories In order to obtain decidability results: • Look at certain fragments 2

3.3. Theory of Uninterpreted Function Symbols Why? - Reasoning about equalities is important in automated reasoning - Applications to program verification (approximation: abstract from additional properties) 3

Uninterpreted function symbols Let Σ = (Ω, Π) be arbitrary Let M = Σ-alg be the class of all Σ-structures The theory of uninterpreted function symbols is Th(Σ-alg) the family of all first-order formulae which are true in all Σ-algebras. in general undecidable Decidable fragment: e.g. the class Th ∀ (Σ-alg) of all universal formulae which are true in all Σ-algebras. 4

Uninterpreted function symbols Assume Π = ∅ (and ≈ is the only predicate) In this case we denote the theory of uninterpreted function symbols by UIF (Σ) (or UIF when the signature is clear from the context). This theory is sometimes called the theory of free functions and denoted Free(Σ) 5

Uninterpreted function symbols Theorem 3.3.1 The following are equivalent: (1) testing validity of universal formulae w.r.t. UIF is decidable (2) testing validity of (universally quantified) clauses w.r.t. UIF is decidable 6

Last time: Solution 1 Task: = ∀ x ( s 1 ( x ) ≈ t 1 ( x ) ∧ · · · ∧ s k ( x ) ≈ t k ( x ) → � m Check if UIF | j =1 s ′ j ( x ) ≈ t ′ j t ( x )) Solution 1: The following are equivalent: (1) ( � i s i ≈ t i ) → � j s ′ j ≈ t ′ j is valid (2) Eq ( ∼ ) ∧ Con( f ) ∧ ( � i s i ∼ t i ) ∧ ( � j s ′ j �∼ t ′ j ) is unsatisfiable. where Eq ( ∼ ) : Refl( ∼ ) ∧ Sim( ∼ ) ∧ Trans( ∼ ) Con( f ) : ∀ x 1 , . . . , x n , y 1 , . . . , y n ( � x i ∼ y i → f ( x 1 , . . . , x n ) ∼ f ( y 1 , . . . , y n )) Resolution: inferences between transitivity axioms – nontermination 7

Last time: Solution 2 Task: = ∀ x ( s 1 ( x ) ≈ t 1 ( x ) ∧ · · · ∧ s k ( x ) ≈ t k ( x ) → � m Check if UIF | j =1 s ′ j ( x ) ≈ t ′ j ( x )) Solution 2: Ackermann’s reduction. Flatten the formula (replace, bottom-up, f ( c ) with a new constant c f φ �→ FLAT ( φ ) Theorem 3.3.2: The following are equivalent: i s i ( c ) ≈ t i ( c )) ∧ � j s ′ j ( c ) �≈ t ′ (1) ( � j ( c ) is satisfiable (2) FC ∧ FLAT [( � i s i ( c ) ≈ t i ( c )) ∧ � j s ′ j ( c ) �≈ t ′ j ( c )] is satisfiable where FC = { c 1 ≈ d 1 , . . . c n ≈ d n → c f ≈ d f | whenever f ( c 1 , . . . , c n ) was renamed to c f f ( d 1 , . . . , d n ) was renamed to d f } Note: The problem is decidable in PTIME (see next pages) Problem: Naive handling of transitivity/congruence axiom �→ O ( n 3 ) Goal: Give a faster algorithm 8

Last time: Solution 3 Task: = ∀ x ( s 1 ( x ) ≈ t 1 ( x ) ∧ · · · ∧ s k ( x ) ≈ t k ( x ) → � m Check if UIF | j =1 s ′ j ( x ) ≈ t ′ j ( x )) i.e. if ( s 1 ( c ) ≈ t 1 ( c ) ∧ · · · ∧ s k ( c ) ≈ t k ( c ) ∧ � j s ′ j ( c ) �≈ t ′ j ( c )) unsatisfiable. 9

Solution 3 Task: Check if ( s 1 ( c ) ≈ t 1 ( c ) ∧ · · · ∧ s k ( c ) ≈ t k ( c ) ∧ � k s ′ k ( c ) �≈ t ′ k ( c )) unsatisfiable. Solution 3 [Downey-Sethi, Tarjan’76; Nelson-Oppen’80] represent the terms occurring in the problem as DAG’s Example: Check whether f ( f ( a , b ), b ) ≈ a is a consequence of f ( a , b ) ≈ a . v 1 v 1 : f ( f ( a , b ), b ) f v 2 : f ( a , b ) v v 3 : a 2 f v 4 : b v a b v 3 4 10

Solution 3 Task: Check if ( s 1 ( c ) ≈ t 1 ( c ) ∧ · · · ∧ s k ( c ) ≈ t k ( c ) ∧ s ( c ) �≈ t ( c )) unsatisfiable. Solution 3 [Downey-Sethi, Tarjan’76; Nelson-Oppen’80] - represent the terms occurring in the problem as DAG’s - represent premise equalities by a relation on the vertices of the DAG Example: Check whether f ( f ( a , b ), b ) ≈ a is a consequence of f ( a , b ) ≈ a . v 1 v 1 : f ( f ( a , b ), b ) f v 2 : f ( a , b ) v v 3 : a 2 f v 4 : b v a b v R : { ( v 2 , v 3 ) } 3 4 - compute the “congruence closure” R c of R - check whether ( v 1 , v 3 ) ∈ R c 11

Computing the congruence closure of a DAG Example • DAG structures: v 1 - G = ( V , E ) directed graph f - Labelling on vertices v 2 f λ ( v ): label of vertex v δ ( v ): outdegree of vertex v v a b v 3 4 - Edges leaving the vertex v are ordered ( v [ i ]: denotes i -th successor of v ) λ ( v 1 ) = λ ( v 2 ) = f λ ( v 3 ) = a , λ ( v 4 ) = b δ ( v 1 ) = δ ( v 2 ) = 2 δ ( v 3 ) = δ ( v 4 ) = 0 v 1 [1] = v 2 , v 2 [2] = v 4 ... 12

Congruence closure of a DAG/Relation Given: G = ( V , E ) DAG + labelling R ⊆ V × V The congruence closure of R is the smallest relation R c on V which is: • reflexive • symmetric • transitive • congruence: v 1 If λ ( u ) = λ ( v ) and δ ( u ) = δ ( v ) v 2 f f and for all 1 ≤ i ≤ δ ( u ): ( u [ i ], v [ i ]) ∈ R c v then ( u , v ) ∈ R c . 2 f v a b v 3 4 v a b v 3 4 13

Congruence closure of a relation Recursive definition ( u , v ) ∈ R ( u , v ) ∈ R c ( u , v ) ∈ R c ( u , v ) ∈ R c ( v , w ) ∈ R c ( v , v ) ∈ R c ( v , u ) ∈ R c ( u , w ) ∈ R c λ ( u ) = λ ( v ) u , v have n successors and ( u [ i ], v [ i ]) ∈ R c for all 1 ≤ i ≤ n ( u , v ) ∈ R c • The congruence closure of R is the smallest set closed under these rules 14

Congruence closure and UIF Assume that we have an algorithm A for computing the congruence closure of a graph G and a set R of pairs of vertices • Use A for checking whether � n i =1 s i ≈ t i ∧ � m j =1 s ′ j �≈ t ′ j is satisfiable. (1) Construct graph corresponding to the terms occurring in s i , t i , s ′ j , t ′ j Let v t be the vertex corresponding to term t (2) Let R = { ( v s i , v t i ) | i ∈ { 1, . . . , n }} (3) Compute R c . j ) �∈ R c for all 1 ≤ j ≤ m , otherwise “Unsat” (4) Output “Sat” if ( v s ′ j , v t ′ Theorem 3.3.3 (Correctness) � n i =1 s i ≈ t i ∧ � m j ] R c � =[ v t ′ j =1 s ′ j �≈ t ′ j ] R c for all 1 ≤ j ≤ m . j is satisfiable iff [ v s ′ 15

Congruence closure and UIF Theorem 3.3.3 (Correctness) � n i =1 s i ≈ t i ∧ � m j =1 s ′ j �≈ t ′ j ] R c � =[ v t ′ j ] R c for all 1 ≤ j ≤ m . j is satisfiable iff [ v s ′ Proof ( ⇒ ) = � n i =1 s i ≈ t i ∧ � m Assume A is a Σ-structure such that A | j =1 s ′ j �≈ t ′ j . We can show that [ v s ] R c = [ v t ] R c implies that A | = s = t (Exercise). (We use the fact that if [ v s ] R c = [ v t ] R c then there is a derivation for ( v s , v t ) ∈ R c in the calculus defined before; use induction on length of derivation to show that A | = s = t .) j ] R c � =[ v t ′ As A | = s ′ j �≈ t ′ j ] R c for all 1 ≤ j ≤ m . j , it follows that [ v s ′ 16

Congruence closure and UIF Theorem 3.3.3 (Correctness) � n i =1 s i ≈ t i ∧ � m j ] R c � =[ v t ′ j =1 s ′ j �≈ t ′ j is satisfiable iff [ v s ′ j ] R c for all 1 ≤ j ≤ m . Proof ( ⇐ ) Assume that [ v s ′ j ] R c � = [ v t ′ j ] R c for all 1 ≤ j ≤ m . We construct a structure that satisfies � n i =1 s i ≈ t i ∧ � m j =1 s ′ j �≈ t ′ j • Universe is quotient of V w.r.t. R c plus new element 0. • c constant �→ c A = [ v c ] R c .  if v f ( t 1 , ... , t n ) ∈ V , [ v f ( t 1 , ... , t n ) ] R c    • f / n �→ f A ([ v 1 ] R c , . . . , [ v n ] R c ) = [ v t i ] R c = [ v i ] R c for 1 ≤ i ≤ n   0 otherwise  well-defined because R c is a congruence. • It holds that A | = s ′ j �≈ t ′ j and A | = s i ≈ t i 17

Computing the congruence closure of a DAG Given: G = ( V , E ) DAG + labelling R ⊆ V × V Compute R c (the congruence closure of R ) Task: Example: f ( a , b ) ≈ a → f ( f ( a , b ), b ) ≈ a v 1 f Idea: R = { ( v 2 , v 3 ) } - Start with the identity relation R c = Id v 2 f - Successively add new pairs of nodes to R c ; close relation under congruence. v a b v 3 4 Task: Compute R c 18

Computing the congruence closure of a DAG Given: G = ( V , E ) DAG + labelling R ⊆ V × V ; ( v , v ′ ) ∈ V 2 Check whether ( v , v ′ ) ∈ R c Task: Example: f ( a , b ) ≈ a → f ( f ( a , b ), b ) ≈ a v 1 f Idea: R = { ( v 2 , v 3 ) } - Start with the identity relation R c = Id v 2 f - Successively add new pairs of nodes to R c ; close relation under congruence. v a b v 3 4 Task: Decide whether ( v 1 , v 3 ) ∈ R c 19

Computing the congruence closure of a DAG Given: G = ( V , E ) DAG + labelling R ⊆ V × V Compute R c (the congruence closure of R ) Task: Idea: Recursively construct relations closed under congruence R i (approximating R c ) by identifying congruent vertices u , v and computing R i +1 := congruence closure of R i ∪ { ( u , v ) } . Representation: - Congruence relation �→ corresponding partition 20