Kodkod: A Constraint Solver for Relational Logic Emina Torlak - - PowerPoint PPT Presentation

kodkod a constraint solver for relational logic
SMART_READER_LITE
LIVE PREVIEW

Kodkod: A Constraint Solver for Relational Logic Emina Torlak - - PowerPoint PPT Presentation

Jun 10, 2023 142 likes •988 views

Kodkod: A Constraint Solver for Relational Logic Emina Torlak LaSh 2010 Edinburgh, UK July 15, 2010 A constraint solver for software engineering Alloy4 Miniatur design code Karun analysis checking MemSAT ExUML Analyzer

slide-1
SLIDE 1

Kodkod: A Constraint Solver for Relational Logic

Emina Torlak LaSh 2010 · Edinburgh, UK · July 15, 2010
slide-2
SLIDE 2

A constraint solver for software engineering …

2 ExUML Analyzer MIT Course Scheduler Miniatur Karun Whispec design analysis Kesit kodkod Alloy4 code checking test case generation declarative configuration ConfigAssure MemSAT
slide-3
SLIDE 3

… and research

3 [1] D. Batory. A modeling language for program design and synthesis. Advances in Software Engineering, pages 39–58, 2008. [2] J. Bendisposto, M. Leuschel, O. Ligot, and M. Samia. La validation de mod` eles event-b avec le plug-in prob pour rodin. TSI, pages 1065–1084, 2008. [3] D. L. Berre and A. Parrain. On sat technologies for dependency management and beyond. In ASPL 2008, 2008. [4] J. Blanchette. Relational analysis of (co) inductive predicates,(co) algebraic datatypes, and (co) recursive
  • functions. In TAP 2010, 2010.
[5] J. Blanchette and A. Krauss. Monotonicity inference for higher-order formulas. In IJCAR, 2010. [6] J. Blanchette and T. Nipkow. Nitpick: A counterexample generator for higher-order logic based on a relational model finder. In TAP, 2009. [7] F. Chang. Generation of Policy-Rich Websites From Declarative Models. PhD thesis, Massachusetts Institute of Technology, 2009. [8] P. De Oliveira Cantante De Matos and J. Marques-Silva. Model checking event-b by encoding into alloy. In ABZ, volume 5238 of LNCS. Springer, 2008. [9] G. Dennis. A relational framework for bounded program verification. PhD thesis, Massachusetts Institute
  • f Technology, 2009.
[10] G. Dennis, K. Yessenov, and D. Jackson. Bounded verification of voting software. Verified Software: Theories, Tools, Experiments, pages 130–145, 2008. [11] N. Dippolito, M. Frias, J. Galeotti, E. Lanzarotti, and S. Mera. Alloy+HotCore: A fast approximation to unsat core. In Abstract State Machines, Alloy, B and Z, pages 160–173, 2010. [12] J. Dolby, M. Vaziri, and F. Tip. Finding bugs efficiently with a sat solver. In Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering, page 204. ACM, 2007. [13] A. Dunets, G. Schellhorn, and W. Reif. Automating algebraic specifications of non-freely generated data types. Automated Technology for Verification and Analysis, pages 141–155, 2008. [14] A. Dunets, G. Schellhorn, and W. Reif. Bounded relational analysis of free data types. Tests and Proofs, pages 99–115, 2008. [15] A. Dunets, G. Schellhorn, and W. Reif. Automated flaw detection in algebraic specifications. Journal
  • f Automated Reasoning, pages 1–37, 2009.
[16] A. Edmunds. Providing Concurrent Implementations for Event-B Developments. PhD thesis, University
  • f Southampton, 2010.
[17] R. Finkel and B. O’Sullivan. Reasoning about Conditional Constraint Specifications. In 2009 21st IEEE International Conference on Tools with Artificial Intelligence, pages 349–353. IEEE, 2009. [18] A. Fuchs. Evolving model evolution. PhD thesis, University of Iowa, 2009. [19] J. Galeotti, N. Rosner, C. Pombo, and M. Frias. Analysis of invariants for efficient bounded verification. In 2010 International Symposium on Software Testing and Analysis. ACM Sigsoft, 2010. [20] J. Galeotti, N. Rosner, C. Pombo, and M. Frias. Distributed sat-based computation of relational tight
  • bounds. Scientific Commons, 2010.
[21] C. Ghezzi and A. Mocci. Behavior model based component search: an initial assessment. In Proceedings
  • f 2010 ICSE Workshop on Search-driven Development: Users, Infrastructure, Tools and Evaluation,
pages 9–12. ACM, 2010. [22] M. Gogolla. Towards model validation and verification with sat techniques. In Algorithms and Appli- cations for Next Generation SAT Solvers, 2010. [23] W. Hassan and L. Logrippo. Requirements and compliance in legal systems: a logic approach. Require- ments Engineering and Law, 2008. RELAW’08., pages 40–44, 2008. [24] V. Issarny, B. Steffen, B. Jonsson, G. Blair, P. Grace, M. Kwiatkowska, R. Calinescu, P. Inverardi,
  • M. Tivoli, A. Bertolino, et al.
CONNECT Challenges: Towards Emergent Connectors for Eternal Networked Systems. In Proceedings of the 2009 14th IEEE International Conference on Engineering of Complex Computer Systems-Volume 00, pages 154–161. IEEE Computer Society, 2009. [25] D. Jackson. A direct path to dependable software. Communications of the ACM, 52(4):78–88, 2009. [26] D. Jackson, D. Jackson, H. Estler, and D. Rayside. The guided improvement algorithm for exact, general-purpose, many-objective combinatorial optimization. Technical Report MIT-CSAIL-TR-2009- 033, Massachusetts Institute of Technology, 2009. [27] E. Jackson and J. Sztipanovits. Formalizing the structural semantics of domain-specific modeling lan-
  • guages. Software and Systems Modeling, 8(4):451–478, 2009.
[28] E. Kang. A Framework for Dependability Analysis of Software Systems with Trusted Bases. Master’s thesis, Massachusetts Institute of Technology, 2010. [29] E. Kang and D. Jackson. Formal modeling and analysis of a flash filesystem in alloy. Abstract state machines, B and Z, pages 294–308, 2008. [30] S. Khalek, B. Elkarablieh, Y. Laleye, and S. Khurshid. Query-aware test generation using a relational constraint solver. In Proceedings of the 2008 23rd IEEE/ACM International Conference on Automated Software Engineering-Volume 00, pages 238–247. IEEE Computer Society, 2008. [31] J. Khoury. Naming and discovery in networks: architecture and economics. PhD thesis, The University
  • f New Mexico, 2009.
[32] J. Khoury, C. Abdallah, and G. Heileman. Towards formalizing network architectural descriptions. Abstract State Machines, Alloy, B and Z, pages 132–145, 2010. [33] A. Kiezun. Effective software testing with a string-constraint solver. PhD thesis, Massachusetts Institute
  • f Technology, 2009.
[34] M. P. Krieger and A. Knapp. Executing underspecified, ocl and solver, sat. In 8th International Workshop on OCL Concepts and Tools (OCL 2008) at MoDELS 2008, volume 15, 2008. [35] V. Kuncak. Modular data structure verification. PhD thesis, Massachusetts Institute of Technology, 2007. [36] M. Leuschel, J. Falampin, F. Fritz, and D. Plagge. Automated property verification for large scale b
  • models. FM 2009: Formal Methods, pages 708–723, 2009.
[37] P. Malik, L. Groves, and C. Lenihan. Translating z to alloy. Abstract State Machines, Alloy, B and Z, pages 377–390, 2010. [38] J. Marques-Silva. Minimal Unsatisfiability: Models, Algorithms and Applications (Invited Paper). In 40th IEEE International Symposium on Multiple-Valued Logic, pages 9–14. IEEE, 2010. [39] P. Matos, B. Fischer, and J. Marques-Silva. A lazy unbounded model checker for event-b. Formal Methods and Software Engineering, pages 485–503, 2009. [40] F. Nafz, F. Ortmeier, H. Seebach, J. Stegh ”ofer, and W. Reif. A universal self-organization mechanism for role-based organic computing systems. Autonomic and Trusted Computing, pages 17–31, 2009. [41] S. Nakajima. Semi-automated diagnosis of FODA feature diagram. In Proceedings of the 2010 ACM Symposium on Applied Computing, pages 2191–2197. ACM, 2010. [42] S. Narain, G. Levin, S. Malik, and V. Kaul. Declarative infrastructure configuration synthesis and
  • debugging. J. Netw. Syst. Manage., 16(3):235–258, 2008.
[43] S. Narain, R. Talpade, and G. Levin. Network configuration validation. Guide to Reliable Internet Services and Applications, pages 277–316, 2010. [44] R. Nokhbeh Zaeem and S. Khurshid. Contract-based data structure repair using alloy. In ECOOP 2010–Object-Oriented Programming, pages 577–598. Springer, 2010. [45] G. Perrouin, S. Sen, J. Klein, B. Baudry, and Y. Le Traon. Automated and scalable t-wise test case generation strategies for software product lines. In 2010 Third International Conference on Software Testing, Verification and Validation, pages 459–468. IEEE, 2010. [46] D. Plagge, M. Leuschel, I. Lopatkin, A. Iliasov, and A. Romanovsky. Sal, kodkod, and bdds for validation
  • f b models. Automated Formal Methods (AFM09), 2009.
[47] D. Power, M. Slaymaker, and A. Simpson. On the construction and verification of self-modifying access control policies. Secure Data Management, pages 107–121, 2009. [48] H. Raffelt, T. Margaria, B. Steffen, and M. Merten. Hybrid test of web applications with webtest. In Proceedings of the 2008 workshop on Testing, analysis, and verification of web services and applications, pages 1–7. ACM, 2008. [49] T. Ramananandro. Mondex, an electronic purse: specification and refinement checks with the alloy model-finding method. Formal Aspects of Computing, 20(1):21–39, 2008. [50] D. Rayside and H. Estler. A spreadsheet-like user interface for combinatorial multi-objective opti-
  • mization. In Proceedings of the 2009 Conference of the Center for Advanced Studies on Collaborative
Research, pages 58–69. ACM, 2009. [51] M. Rijnders. First-order logic as a lightweight software specification language. Master’s thesis, University
  • f Amsterdam, 2008.
[52] I. RyChKOVA. Formal semantics for refinement verification of entreprise models. PhD thesis, Ecole polytechnique f´ ed´ erale de Lausanne, 2008. [53] V. Schuppan. Towards a notion of unsatisfiable cores for LTL. Fundamentals of Software Engineering, pages 129–145, 2010. [54] S. Sen, B. Baudry, and J. Mottu. Automatic model generation strategies for model transformation
  • testing. Theory and Practice of Model Transformations, pages 148–164, 2009.
[55] N. Shankar. Automated deduction for verification. ACM Computing Surveys (CSUR), 41(4):1–56, 2009. [56] D. Shao, S. Khurshid, and D. Perry. Whispec: White-box testing of libraries using declarative specifica-
  • tions. In Proceedings of the 2007 Symposium on Library-Centric Software Design, pages 11–20. ACM,
2007. [57] D. Shao, S. Khurshid, and D. Perry. An incremental approach to scope-bounded checking using a lightweight formal method. FM 2009: Formal Methods, pages 757–772, 2009. [58] M. Taghdiri. Automating Modular Program Verification by Refining Specifications. PhD thesis, Mas- sachusetts Institute of Technology, 2007. [59] E. Torlak. A constraint solver for software engineering: finding models and cores of large relational
  • specifications. PhD thesis, Massachusetts Institute of Technology, 2009.
[60] E. Torlak, F. Chang, and D. Jackson. Finding minimal unsatisfiable cores of declarative specifications. FM 2008: Formal Methods, pages 326–341, 2008. [61] E. Torlak, M. Vaziri, and J. Dolby. Memsat: checking axiomatic specifications of memory models. In Proceedings of the 2010 ACM SIGPLAN conference on Programming language design and implementa- tion, pages 341–350. ACM, 2010. [62] E. Uzuncaova, D. Garcia, S. Khurshid, and D. Batory. A specification-based approach to testing software product lines. In The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers, pages 525–528. ACM, 2007. [63] E. Uzuncaova, D. Garcia, S. Khurshid, and D. Batory. Testing software product lines using incremental test generation. In 19th International Symposium on Software Reliability Engineering, 2008. ISSRE 2008, pages 249–258, 2008. [64] E. Uzuncaova and S. Khurshid. Constraint prioritization for efficient analysis of declarative models. FM 2008: Formal Methods, pages 310–325, 2008. [65] E. Uzuncaova, S. Khurshid, and D. Batory. Incremental test generation for software product lines. IEEE Transactions on Software Engineering, 2010. [66] T. Weber. SAT-based Finite Model Generation for Higher-Order Logic. PhD thesis, T. U. Munchen, 2008. [67] J. Wittocx. Finite Domain and Symbolic Inference Methods for Extensions of First-Order Logic. PhD thesis, Katholieke Universiteit Leuven, 2010. [68] J. Wittocx and M. Denecker. Grounding fo (id) with bounds. In LaSh 2010, 2010. [69] J. Wittocx, M. Mari ”en, and M. Denecker. Grounding fo and fo (id) with bounds. Journal of Artificial Intelligence Research, 38:223–269, 2010. [70] S. Wong, J. Sun, I. Warren, and J. Sun. A Scalable Approach to Multi-Style Architectural Modeling and Verification. In 13th IEEE International Conference on Engineering of Complex Computer Systems, pages 25–34. IEEE, 2008. [71] K. Yessenov. A Lightweight Specification Language for Bounded Program Verification. PhD thesis, Massachusetts Institute of Technology, 2009. [72] F. Zaraket. Program analysis with boolean logic solvers. 2007. [73] F. Zaraket, A. Aziz, and S. Khurshid. Sequential circuits for program analysis. In Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering, pages 114–123. ACM, 2007. [74] F. Zaraket and W. Masri. Property based coverage criterion. In Proceedings of the 2nd International Workshop on Defects in Large Software Systems: Held in conjunction with the ACM SIGSOFT Inter- national Symposium on Software Testing and Analysis (ISSTA 2009), pages 27–28. ACM, 2009. [75] K. Zee, V. Kuncak, M. Taylor, and M. Rinard. Runtime checking for program verification. In Proceedings
  • f the 7th international conference on Runtime verification, pages 202–213. Springer-Verlag, 2007.
slide-4
SLIDE 4

Model finding with Kodkod

4 Network example adapted from [Narain08] kodkod ConfigAssure relational problem SAT problem SAT solver
  • addresses are distinct
  • same masks on a subnet
  • address range is 121.96.*.*
b d a c h ... / ... ... / ... ... / ... ... / ... ... / ...
slide-5
SLIDE 5

Model finding with Kodkod

4 Network example adapted from [Narain08] kodkod ConfigAssure relational problem SAT problem SAT solver partial model
  • addresses are distinct
  • same masks on a subnet
  • address range is 121.96.*.*
constraints b d a c h ... / ... ... / ... ... / ... ... / ... ... / ...
slide-6
SLIDE 6

Model finding with Kodkod

4 Network example adapted from [Narain08] kodkod ConfigAssure relational problem SAT problem SAT solver boolean model model partial model b d a c h 121.96.128.35 / 17 121.96.128.43 / 17 121.96.128.47 / 17 121.96.0.7 / 25 121.96.0.11 / 25
  • addresses are distinct
  • same masks on a subnet
  • address range is 121.96.*.*
constraints b d a c h ... / ... ... / ... ... / ... ... / ... ... / ...
slide-7
SLIDE 7

Core extraction with Kodkod

5 Network example adapted from [Narain08] kodkod ConfigAssure relational problem SAT problem SAT solver b d a c h ... / ... ... / ... ... / ... ... / ... ... / ...
  • addresses are distinct
  • same masks on a subnet
  • address range is 121.96.0.[0..3]
slide-8
SLIDE 8

Core extraction with Kodkod

5 Network example adapted from [Narain08] kodkod ConfigAssure relational problem SAT problem SAT solver boolean proof of unsatisfiability minimal unsatisfiable core b d a c h ... / ... ... / ... ... / ... ... / ... ... / ...
  • addresses are distinct
  • same masks on a subnet
  • address range is 121.96.0.[0..3]
  • address range is 121.96.0.[0..3]
  • addresses are distinct
slide-9
SLIDE 9

Relational logic by example: choosing and sorting files

6 unsorted collection of movies and music portable media player

?

slide-10
SLIDE 10

Relational logic by example: choosing and sorting files

6 unsorted collection of movies and music portable media player

?

Automatically select interesting files according to some constraints, sort them into directories and transfer them to the mp3 player.
slide-11
SLIDE 11

Relational logic by example: choosing and sorting files

6 unsorted collection of movies and music portable media player

?

Automatically select interesting files according to some constraints, sort them into directories and transfer them to the mp3 player. This is just constraint solving with partial models: use Kodkod!
slide-12
SLIDE 12 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7
slide-13
SLIDE 13 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7 The root of the hierarchy is a directory.
slide-14
SLIDE 14 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7 Directories may contain files or directories.
slide-15
SLIDE 15 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7 All directories and files are reachable from the root by following the contents relation zero or more times.
slide-16
SLIDE 16 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7 contents relation is acyclic.
slide-17
SLIDE 17 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Relational logic by example: a toy file organizer

7 { } universe of uninterpreted atoms.
slide-18
SLIDE 18 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Relational logic by example: a toy file organizer

7 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 bounds for each relation; root is constant.
slide-19
SLIDE 19 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Relational logic by example: a toy file organizer

8 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents
slide-20
SLIDE 20

Kodkod architecture

9 [Torlak07] [Torlak08] spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-21
SLIDE 21

Kodkod architecture

9 [Torlak07] [Torlak08] translation to propositional logic using sparse matrices and compact boolean circuits spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-22
SLIDE 22

Kodkod architecture

9 [Torlak07] [Torlak08] translation to propositional logic using sparse matrices and compact boolean circuits symmetry detection in the presence of arbitrary bounds spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-23
SLIDE 23

Kodkod architecture

9 [Torlak07] [Torlak08] translation to propositional logic using sparse matrices and compact boolean circuits symmetry detection in the presence of arbitrary bounds recycling core extraction for finding minimal unsatisfiable cores of declarative specifications spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-24
SLIDE 24

Kodkod architecture

9 [Torlak07] [Torlak08] translation to propositional logic using sparse matrices and compact boolean circuits spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-25
SLIDE 25

Translation by example

10 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Bottom-up translation: from relations to expressions to formulas.
slide-26
SLIDE 26

Relations as matrices

11 {} ⊆ contents ⊆ { }×{ } f0 f1 d0 d1 d2 1 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 { } ⊆ Root ⊆ { }
slide-27
SLIDE 27

Relations as matrices

11 {} ⊆ contents ⊆ { }×{ } f0 f1 d0 d1 d2 1 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 { } ⊆ Root ⊆ { }
slide-28
SLIDE 28

Relations as matrices

11 {} ⊆ contents ⊆ { }×{ } f0 f1 d0 d1 d2 1 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 { } ⊆ Root ⊆ { }
slide-29
SLIDE 29

Relations as matrices

11 {} ⊆ contents ⊆ { }×{ } f0 f1 d0 d1 d2 1 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 { } ⊆ Root ⊆ { }
slide-30
SLIDE 30

Relations as matrices

11 {} ⊆ contents ⊆ { }×{ } f0 f1 d0 d1 d2 1 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 { } ⊆ Root ⊆ { }
slide-31
SLIDE 31

Expressions as matrix operations

12 f0 f1 d0 d1 d2 d0 d1 d2 f0 f1 File Dir File ∪ Dir ∨ = Dir d0 d1 d2 d0 d1 d2 f0 f1 File ∪ Dir × = d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 Dir × (File ∪ Dir)
slide-32
SLIDE 32

Formulas as constraints over matrix entries

13 c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 c10 c11 c12 c13 c14 contents ⇒ = contents ⊆ Dir × (File ∪ Dir) d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 Dir × (File ∪ Dir) (c0 ⇒ d0∧d0) ∧ (c1 ⇒ d0∧d1) ∧ (c2 ⇒ d0∧d2) ∧ (c3 ⇒ d0∧f0) ∧ (c4 ⇒ d0∧f1) ∧ (c5 ⇒ d1∧d0) ∧ (c6 ⇒ d1∧d1) ∧ (c7 ⇒ d1∧d2) ∧ (c8 ⇒ d1∧f0) ∧ (c9 ⇒ d1∧f1) ∧ (c10 ⇒ d2∧d0) ∧ (c11 ⇒ d2∧d1) ∧ (c12 ⇒ d2∧d2) ∧ (c13 ⇒ d2∧f0) ∧ (c14 ⇒ d2∧f1)
slide-33
SLIDE 33 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir)
slide-34
SLIDE 34 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir) sparseness: empty regions in expression matrices (exponential w.r.t. arity)
slide-35
SLIDE 35 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 redundancy: different circuits for the same formula

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir) sparseness: empty regions in expression matrices (exponential w.r.t. arity) commutativity
slide-36
SLIDE 36 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 redundancy: different circuits for the same formula

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir) sparseness: empty regions in expression matrices (exponential w.r.t. arity) commutativity
slide-37
SLIDE 37 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 redundancy: different circuits for the same formula

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir) sparseness: empty regions in expression matrices (exponential w.r.t. arity) idempotence commutativity
slide-38
SLIDE 38 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 redundancy: different circuits for the same formula

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir) sparseness: empty regions in expression matrices (exponential w.r.t. arity) k-dimensional sparse matrices represented as interval trees [Torlak07] idempotence commutativity

slide-39
SLIDE 39 d0∧d0 d0∧d1 d0∧d2 d0∧f0 d0∧f1 d1∧d0 d1∧d1 d1∧d2 d1∧f0 d1∧f1 d2∧d0 d2∧d1 d2∧d2 d2∧f0 d2∧f1 redundancy: different circuits for the same formula

Technical challenges: sparseness and redundancy

14 Dir × (File ∪ Dir)
  • n-the-fly sharing
detection with compact boolean circuits [Torlak07] sparseness: empty regions in expression matrices (exponential w.r.t. arity) k-dimensional sparse matrices represented as interval trees [Torlak07] idempotence commutativity

✔ ✔

slide-40
SLIDE 40

Experimental results (log scale)

15 1 5 25 126 632 3172 15905 79763 400000 AWD.OpTotal-51 NUM378-22 ALG197-14 SET967-4 ALG195-14 Handshake-10 COM008-12 SET948-14 GEO092-16 LAT258-7 List.Reflexive-28 SET943-7 GEO158-16 AWD.Ignore-51 FileSystem-90 List.Symm-16 RingElection-16 NUM374-5 GEO159-16 MED007-35 MED009-35 GEO115-18 ALG212-7 Dijkstra-60 Trees-7 GEO091-20 TOP020-10 List.Empties-120 AWD.Transfer-41 AWD.A241-51 model finding time (ms) kodkod alloy3 m/o m/o t/o t/o t/o t/o m/o m/o t/o m/o m/o Benchmarks (12 Alloy and 18 TPTP problems):
  • 4 to 59 constraints
  • 4 to 120 atom universe
  • 2 sat, 28 unsat
  • 5 min timeout for translation & solving
Performance summary:
  • alloy3 timed out on 5 / 30 and ran out of
memory on 6 / 30 problems
  • kodkod 16x faster on average, with a 24x
translation and an 8x solving speed up
slide-41
SLIDE 41

Kodkod architecture and contributions

16 [Torlak07] [Torlak08] translation to propositional logic using sparse matrices and compact boolean circuits spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-42
SLIDE 42

Kodkod architecture and contributions

16 [Torlak07] [Torlak08] symmetry detection in the presence of arbitrary bounds spec bounds universe skolemizer symmetry detector symmetry breaker skolemized formula universe partitioning circuit transformer boolean formula SBP translator SAT solver CNF model sharing detector sat? core extractor unsat? minimal core
slide-43
SLIDE 43 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents
slide-44
SLIDE 44 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents
slide-45
SLIDE 45 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents
slide-46
SLIDE 46 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents Is this still a model?
slide-47
SLIDE 47 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents Is this still a model? Yes!
slide-48
SLIDE 48 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents Is this still a model? Yes! How about now?
slide-49
SLIDE 49 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetry by example

17 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root File Dir contents contents contents Is this still a model? Yes!
slide-50
SLIDE 50 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents)

Symmetries between models

18 equivalent models { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root Root Root Root
slide-51
SLIDE 51 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Symmetries between non-models

19 equivalent non-models Root Root Root Root
slide-52
SLIDE 52 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Symmetries partition bindings into equivalence classes

20 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root Root Root Root Root Root Root Root models non-models Root Root Root Root Root Root Root Root
slide-53
SLIDE 53 Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ }

Exploiting symmetries (symmetry breaking)

21 { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 Root Root Root Root Root Root sufficient to test one binding per class
slide-54
SLIDE 54 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 non-model symmetries Root G0 Root G1 Root G2 Root G3
slide-55
SLIDE 55 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 non-model symmetries ( ) Root G0 Root G2 Root G3
slide-56
SLIDE 56 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 non-model symmetries ( ) ( ) Root G0 Root G3
slide-57
SLIDE 57 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 non-model symmetries ( ) ( ) ( ) ( ) Root G0
slide-58
SLIDE 58 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 ( ) non-model symmetries ( ) ( ) ( ) ( )
slide-59
SLIDE 59 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 ( ) ( ) ( ) (non-)model symmetries = bound symmetries ( ) ( )
slide-60
SLIDE 60 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 ( ) ( ) ( ) (non-)model symmetries = bound symmetries ( ) ( )
slide-61
SLIDE 61 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 ( ) ( ) ( ) (non-)model symmetries = bound symmetries ( ) ( )
slide-62
SLIDE 62 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } Root ⊆ Dir contents ⊆ Dir × (File ∪ Dir) (File ∪ Dir) ⊆ Root.*contents ∀ d: Dir | ¬ (d ⊆ d.^contents) { } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉

Detecting symmetries

22 ( ) symmetry detection theorem [Torlak07] ( ) ( ) (non-)model symmetries = bound symmetries ( ) ( )
slide-63
SLIDE 63

Detecting all symmetries is hard …

23 (non-)model symmetries = bound symmetries graph automorphism detection ⇔ 〈 , 〉 〈 , 〉 〈 , 〉 〈 , 〉 〈 , 〉 〈 , 〉 { } symmetry detection theorem [Torlak07]
slide-64
SLIDE 64

✔ ✘

But effective symmetry breaking needs only a few symmetries

24 Detection by graph automorphism
  • non-polynomial
  • finds all symmetries
Detection by base partitioning [Torlak07]
  • polynomial in size of bounds
  • finds the symmetries that
correspond to the coarsest base partitioning of the universe
slide-65
SLIDE 65 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉

Base partitioning of the file system universe

25 coarsest partitioning of the universe such that all non-empty bounds are expressible as unions of products of partitions 〈 〉 〈 〉 〈 〉 〈 〉
slide-66
SLIDE 66 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉

Base partitioning of the file system universe

25 coarsest partitioning of the universe such that all non-empty bounds are expressible as unions of products of partitions 〈 〉 〈 〉 〈 〉 〈 〉
slide-67
SLIDE 67 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉

Base partitioning of the file system universe

25 coarsest partitioning of the universe such that all non-empty bounds are expressible as unions of products of partitions 〈 〉 〈 〉 〈 〉 〈 〉 { } ∪ { } 〈 〉 〈 〉 〈 〉
slide-68
SLIDE 68 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉

Base partitioning of the file system universe

25 coarsest partitioning of the universe such that all non-empty bounds are expressible as unions of products of partitions 〈 〉 〈 〉 〈 〉 〈 〉 { × } ∪ { × { }} ∪ { × { }} ∪ {{ } × } ∪ {{ } × { }} ∪ {{ } × { }} 〈 〉〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉
slide-69
SLIDE 69 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } { } ⊆ Root ⊆ { } {} ⊆ contents ⊆ { }×{ } { } 〈 〉 〈 〉 〈 〉

Base partitioning of the file system universe

25 symmetries 〈 〉 〈 〉 〈 〉 〈 〉 { × } ∪ { × { }} ∪ { × { }} ∪ {{ } × } ∪ {{ } × { }} ∪ {{ } × { }} 〈 〉〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 ( ) ( ) ( ) ( ) ( )
slide-70
SLIDE 70

Finding base partitioning

26 start with a single partition and refine greedily for each non-empty lower and upper bound
slide-71
SLIDE 71

Finding base partitioning

27

?

〈 〉 〈 〉 {} ⊆ File ⊆ { }
slide-72
SLIDE 72

Finding base partitioning

27

〈 〉 〈 〉 {} ⊆ File ⊆ { }
slide-73
SLIDE 73

Finding base partitioning

27

〈 〉 〈 〉 {} ⊆ File ⊆ { }
slide-74
SLIDE 74

Finding base partitioning

28

✔ ?

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { }
slide-75
SLIDE 75

Finding base partitioning

28

✔ ✔

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { }
slide-76
SLIDE 76

Finding base partitioning

29

✔ ✔ ?

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } {} ⊆ contents ⊆ { }×{ }
slide-77
SLIDE 77

Finding base partitioning

29

✔ ✔

{ } × { } ∪ { } × { }

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } {} ⊆ contents ⊆ { }×{ } 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉
slide-78
SLIDE 78 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } {} ⊆ contents ⊆ { }×{ } { } ⊆ Root ⊆ { }

Finding base partitioning

30

✔ ✔ ✔ ?

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉
slide-79
SLIDE 79 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } {} ⊆ contents ⊆ { }×{ } { } ⊆ Root ⊆ { }

Finding base partitioning

30

✔ ✔ ✔ ✘

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉
slide-80
SLIDE 80 {} ⊆ File ⊆ { } {} ⊆ Dir ⊆ { } {} ⊆ contents ⊆ { }×{ } { } ⊆ Root ⊆ { }

Finding base partitioning

30

✔ ✔ ✔ ✔

〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉 〈 〉
slide-81
SLIDE 81

Experimental results (log scale)

31 1 5 23 113 548 2650 12819 62013 300000 SET943-7 GEO158-16 AWD.Ignore-51 LAT258-7 List.Symm-16 COM008-12 GEO092-16 List.Reflexive-28 MED007-35 Trees-7 GEO091-20 TOP020-10 Handshake-10 RingElection-16 NUM374-5 AWD.Transfer-41 NUM378-22 SET967-4 FileSystem-90 MED009-35 Dijkstra-60 AWD.OpTotal-51 ALG197-14 ALG195-14 GEO115-18 ALG212-7 List.Empties-120 AWD.A241-51 SET948-14 GEO159-16 detection time (ms) greedy detection complete detection t/o t/o t/o t/o t/o Benchmarks (12 Alloy and 18 TPTP problems):
  • 10 with a partial model (1 to 462 tuples)
  • 56 to 16,040 bits of state
  • 1 to 7×10163 symmetries
  • 5 min timeout
Performance summary:
  • complete detection with Nauty timed out on
5 / 30 problems
  • greedy detection 8,125x faster on average,
found all symmetries
slide-82
SLIDE 82

Discussion

32 language first order logic relational algebra partial models inductive definitions types bitvector arithmetic model finding partial models inductive definitions symmetry breaking high-arity relations nested quantifiers core extraction minimal core Kodkod IDP1.3 Paradox2.3 DarwinFM Mace4 full support partial support no support
slide-83
SLIDE 83

So long, and thanks for all the fish!

33 questions? alloy.mit.edu/kodkod/