Model Generation for Quantified First-order Logic Formulas - - PowerPoint PPT Presentation

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Model Generation for Quantified First-order Logic Formulas

Christoph Gladisch

University of Koblenz

9th Symposium May 25th, 2010, Gernsbach

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Introduction

What it means

model = interpretation that satisfies a formula showing satisfiability = showing the existence of a model

Why it is important

Counterexamples for failed verification attempts Test data generation Checking consistency of axioms and preconditions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Introduction

What it means

model = interpretation that satisfies a formula showing satisfiability = showing the existence of a model

Why it is important

Counterexamples for failed verification attempts Test data generation Checking consistency of axioms and preconditions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Introduction

State-of-the-art techniques for showing satisfiability

Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices

The Problem

The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers

Example: formula that is not solvable by SMT solvers

∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Introduction

State-of-the-art techniques for showing satisfiability

Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices

The Problem

The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers

Example: formula that is not solvable by SMT solvers

∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Introduction

State-of-the-art techniques for showing satisfiability

Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices

The Problem

The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers

Example: formula that is not solvable by SMT solvers

∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Example: Problems with Quantifiers

JAVA + JML /*@ ♣✉❜❧✐❝ ♥♦r♠❛❧❴❜❡❤❛✈✐♦r r❡q✉✐r❡s next!=♥✉❧❧ && prev!=♥✉❧❧ && next!=prev; ❡♥s✉r❡s (❭❢♦r❛❧❧ ✐♥t j;0<=j && j<next.length;prev[next[j]]==j); ❛ss✐❣♥❛❜❧❡ prev[*]; @*/ ♣✉❜❧✐❝ ✈♦✐❞ link(){ /*@❧♦♦♣❴✐♥✈❛r✐❛♥t (❭❢♦r❛❧❧ ✐♥t x;0<=x&& x<=i;prev[next[x]]==x) && (0<=i && i<=next.length); ♠♦❞✐❢✐❡s prev[*],i; @*/ ❢♦r(✐♥t i=0;i<next.length;i++){ prev[next[i]]=i; } } JAVA + JML

experiments/0 SFPexampleCode/FPTest.test4bad4() QuEKeY 2C’ (KeYSolver6) can solve the first open branch Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Counterexample Generation with KeY

Given an open proof branch Γ = ⇒ ∆ Counterexample generation means to create a model for Γ ∧ ¬∆ The problem are quantifiers that cannot be skolemized. In the

• riginal sequent these are:

∀x.ϕ1, ∃x.ϕ2 = ⇒ ∀x.ϕ1, ∃x.ϕ2

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Counterexample Generation with KeY

Given an open proof branch Γ = ⇒ ∆ Counterexample generation means to create a model for Γ ∧ ¬∆ The problem are quantifiers that cannot be skolemized. In the

• riginal sequent these are:

∀x.ϕ1, ∃x.ϕ2 = ⇒ ∀x.ϕ1, ∃x.ϕ2

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

More General Distinction between Quantifications

Case Skolemizable Non-Skolemizable validity ∀x.ϕ ∃x.ϕ unsatisfiability ∃x.ϕ ∀x.ϕ satisfiability ∃x.ϕ ∀x.ϕ falsifiability ∀x.ϕ ∃x.ϕ

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Methods for Handling of Quantifiers

Quantifier Instantiation

Idea: Given ∀x.ϕ(x), create ϕ(t1) ∧ ϕ(t2) ∧ ϕ(t3) ∧ . . . Techniques: ground instantiations (e.g. E-matching) free variables/meta variables finite model finding

Quantifier Elimination

Idea: ∀x.a < x → b < x is equi-satisfiable to a ≥ b Techniques: Fourier-Motzkin: QE for linear rational arithmetic Cooper’s Method: QE for Presburger arithmetic

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Methods for Handling of Quantifiers

Quantifier Instantiation

Idea: Given ∀x.ϕ(x), create ϕ(t1) ∧ ϕ(t2) ∧ ϕ(t3) ∧ . . . Techniques: ground instantiations (e.g. E-matching) free variables/meta variables finite model finding

Quantifier Elimination

Idea: ∀x.a < x → b < x is equi-satisfiable to a ≥ b Techniques: Fourier-Motzkin: QE for linear rational arithmetic Cooper’s Method: QE for Presburger arithmetic

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Few words about E-matching

E-matching is a heuristic E-matching is not complete: Simplify is unsound for counter example generation.

Example: Unsoundness of Simplify for model generation

∀h.∀i.∀v.rd(wr(h, i, v), i) = v ∀h.∀j.0 rd(h, j) ∧ rd(h, j) 232 − 1 Consider the instantiation: [h := wr(h0, k, 232), j := k], E-matching is complete in certain cases. Examples: Bernays-Sch¨

• nfinkel class. E.g. P(a), ∀x.P(x)

Array Property Fragment. E.g. ∀x.x > b → a(x) = b(x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Motivation Background Related Work

Few words about E-matching

E-matching is a heuristic E-matching is not complete: Simplify is unsound for counter example generation.

Example: Unsoundness of Simplify for model generation

∀h.∀i.∀v.rd(wr(h, i, v), i) = v ∀h.∀j.0 rd(h, j) ∧ rd(h, j) 232 − 1 Consider the instantiation: [h := wr(h0, k, 232), j := k], E-matching is complete in certain cases. Examples: Bernays-Sch¨

• nfinkel class. E.g. P(a), ∀x.P(x)

Array Property Fragment. E.g. ∀x.x > b → a(x) = b(x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

The Novel Approach: QuEKeY

Model generation for (quantified) formulas Two variants of the approach

Eliminates quantifiers, returns a residue of ground formulas. Precomputation step for SMT solvers. Complete model generation.

The interesting questions are

which language to use for model representation how to construct “models” which calculus to use to validate “models”

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

The Novel Approach: QuEKeY

Model generation for (quantified) formulas Two variants of the approach

Eliminates quantifiers, returns a residue of ground formulas. Precomputation step for SMT solvers. Complete model generation.

The interesting questions are

which language to use for model representation how to construct “models” which calculus to use to validate “models”

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

The Novel Approach: QuEKeY

Model generation for (quantified) formulas Two variants of the approach

Eliminates quantifiers, returns a residue of ground formulas. Precomputation step for SMT solvers. Complete model generation.

The interesting questions are

which language to use for model representation how to construct “models” which calculus to use to validate “models”

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Basic idea of QuEKeY

It’s a search procedure that generates and checks “models” Use programs to represent models Use weakest precondition computation to validate models

Example

Let φ = ∀x.(x 0 → prev(next(x)) = x) We could generate the following program p for(i=0;true;i++){ next[i]=new T(); next[i].prev=i; } And show wp(p, φ)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Basic idea of QuEKeY

It’s a search procedure that generates and checks “models” Use programs to represent models Use weakest precondition computation to validate models

Example

Let φ = ∀x.(x 0 → prev(next(x)) = x) We could generate the following program p for(i=0;true;i++){ next[i]=new T(); next[i].prev=i; } And show wp(p, φ)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Basic idea of QuEKeY

It’s a search procedure that generates and checks “models” Use programs to represent models Use weakest precondition computation to validate models

Example

Let φ = ∀x.(x 0 → prev(next(x)) = x) We could generate the following program p for(i=0;true;i++){ next[i]=new T(); next[i].prev=i; } And show wp(p, φ)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Basic idea of QuEKeY

It’s a search procedure that generates and checks “models” Use programs to represent models Use weakest precondition computation to validate models

Example

Let φ = ∀x.(x 0 → prev(next(x)) = x) We could generate the following program p for(i=0;true;i++){ next[i]=new T(); next[i].prev=i; } And show wp(p, φ)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Basic idea of QuEKeY

It’s a search procedure that generates and checks “models” Use programs to represent models Use weakest precondition computation to validate models

Example

Let φ = ∀x.(x 0 → prev(next(x)) = x) We could generate the following program p for(i=0;true;i++){ next[i]=new T(); next[i].prev=i; } And show wp(p, φ)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Problem

Programming languages such as Java are not directly suitable for this approach, because: Function and predicate symbols are not representable Loop invariants would have to be generated Finite integer semantics

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Solution

Suitable language and calculus to represent and evaluate models exists in KeY (quantified) updates:

Support function (and predicate) symbols Quantified updates: no need for loop invariants Support infinite domains

Example

{(for x1; x1 0; next(x1) := x1); (for x2; x2 0; prev(next(x2)) := x2)} This update evaluates the following formula to true ∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Solution

Suitable language and calculus to represent and evaluate models exists in KeY (quantified) updates:

Support function (and predicate) symbols Quantified updates: no need for loop invariants Support infinite domains

Example

{(for x1; x1 0; next(x1) := x1); (for x2; x2 0; prev(next(x2)) := x2)} This update evaluates the following formula to true ∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Solution

Suitable language and calculus to represent and evaluate models exists in KeY (quantified) updates:

Support function (and predicate) symbols Quantified updates: no need for loop invariants Support infinite domains

Example

{(for x1; x1 0; next(x1) := x1); (for x2; x2 0; prev(next(x2)) := x2)} This update evaluates the following formula to true ∀x.(x 0 → prev(next(x)) = x)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Problem Description

Given is a sequent of the form:

Γ, ∀x.ϕ(x) = ⇒ ∆

The goal is:

Create an update u, such that {u}Γ, {u}∀x.ϕ(x)

• true

= ⇒ {u}∆

Challenges

ϕ(x) may have a complex structure ∀x.ϕ(x) may already have a partial model in Γ = ⇒ ∆ {u}∀x.ϕ(x): update on quantified formula: limits of upd.-calculus

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Problem Description

Given is a sequent of the form:

Γ, ∀x.ϕ(x) = ⇒ ∆

The goal is:

Create an update u, such that {u}Γ, {u}∀x.ϕ(x)

• true

= ⇒ {u}∆

Challenges

ϕ(x) may have a complex structure ∀x.ϕ(x) may already have a partial model in Γ = ⇒ ∆ {u}∀x.ϕ(x): update on quantified formula: limits of upd.-calculus

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Problem Description

Given is a sequent of the form:

Γ, ∀x.ϕ(x) = ⇒ ∆

The goal is:

Create an update u, such that {u}Γ, {u}∀x.ϕ(x)

• true

= ⇒ {u}∆

Challenges

ϕ(x) may have a complex structure ∀x.ϕ(x) may already have a partial model in Γ = ⇒ ∆ {u}∀x.ϕ(x): update on quantified formula: limits of upd.-calculus

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Reformulation of the Problem

The twist

(Γ, ∀x.ϕ(x) = ⇒ ∆) ⇐ ⇒ (Γ, true = ⇒ ∆) This condition is equivalent to Γ = ⇒ ∀x.ϕ(x), ∆

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Reformulation of the Problem

The twist

(Γ, ∀x.ϕ(x) = ⇒ ∆) ⇐ ⇒ (Γ, true = ⇒ ∆) This condition is equivalent to Γ = ⇒ ∀x.ϕ(x), ∆

The improved approach

Create an update such that the following is valid {u}Γ = ⇒ {u}∀x.ϕ(x), {u}∆ Then the quantified formula can be removed in the original problem {u}Γ = ⇒ {u}∆ instead of {u}Γ, {u}∀x.ϕ(x)

• true

= ⇒ {u}∆

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Reformulation of the Problem

The twist

(Γ, ∀x.ϕ(x) = ⇒ ∆) ⇐ ⇒ (Γ, true = ⇒ ∆) This condition is equivalent to Γ = ⇒ ∀x.ϕ(x), ∆

Advantages

The quantified formula can be skolemized: Γ = ⇒ ϕ(sk), ∆ Theorem prover can analyse structure of ϕ(sk) Γ, ∆ are taken into account. ϕ(sk) may be just true.

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Reformulation of the Problem

The twist

(Γ, ∀x.ϕ(x) = ⇒ ∆) ⇐ ⇒ (Γ, true = ⇒ ∆) This condition is equivalent to Γ = ⇒ ∀x.ϕ(x), ∆

The approach in more detail

The input is: Γ = ⇒ ∀x.ϕ(x), ∆ The theorem prover gives a set of open branches ψ1, . . . , ψn Goal: create u1, . . . , un such that {u1}ψ1, . . . , {un}ψn Then check if {u1; . . . ; un}(Γ = ⇒ ∀x.ϕ(x), ∆)

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Example

Given is the following sequent. Γ, ∀x.(f (x) > x ∧ g(x) < f (x)) = ⇒ ∆ Reformulate the problem Γ = ⇒ ∀x.(f (x) > x ∧ g(x) < f (x)), ∆ Γ = ⇒ (f (sk) > sk ∧ g(sk) < f (sk)), ∆ Γ = ⇒ f (sk) > sk

• core atom

, ∆ and Γ = ⇒ g(sk) < f (sk)

• core atom

, ∆ Now it is much easier to construct candidate updates: for x; Γ = ⇒ ∆; f (x) := x − gtZero for x; Γ = ⇒ ∆; g(x) := f (x) + gtZero Add ground axiom gtZero > 0

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Example

Given is the following sequent. Γ, ∀x.(f (x) > x ∧ g(x) < f (x)) = ⇒ ∆ Reformulate the problem Γ = ⇒ ∀x.(f (x) > x ∧ g(x) < f (x)), ∆ Γ = ⇒ (f (sk) > sk ∧ g(sk) < f (sk)), ∆ Γ = ⇒ f (sk) > sk

• core atom

, ∆ and Γ = ⇒ g(sk) < f (sk)

• core atom

, ∆ Now it is much easier to construct candidate updates: for x; Γ = ⇒ ∆; f (x) := x − gtZero for x; Γ = ⇒ ∆; g(x) := f (x) + gtZero Add ground axiom gtZero > 0

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Example

Given is the following sequent. Γ, ∀x.(f (x) > x ∧ g(x) < f (x)) = ⇒ ∆ Reformulate the problem Γ = ⇒ ∀x.(f (x) > x ∧ g(x) < f (x)), ∆ Γ = ⇒ (f (sk) > sk ∧ g(sk) < f (sk)), ∆ Γ = ⇒ f (sk) > sk

• core atom

, ∆ and Γ = ⇒ g(sk) < f (sk)

• core atom

, ∆ Now it is much easier to construct candidate updates: for x; Γ = ⇒ ∆; f (x) := x − gtZero for x; Γ = ⇒ ∆; g(x) := f (x) + gtZero Add ground axiom gtZero > 0

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Update Construction from Core Atoms (Examples)

Equalities

Given t1 = t2 create either t1 := t2 or t2 := t1

Arithmetic Expressions

Given, e.g., 2 ∗ a + b ∗ c = d − e. Solve the equation for each function symbol: E.g. a := (d − e − b ∗ c)/2

Inequalities

Given, t1 < t2, create t1 := t2 + gtZero and gtZero > 0 Given, t1 = t2, create t1 := t2 + notZero and notZero = 0

Quantification

Deskolemization of elementary updates to quantified updates

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Update Construction from Core Atoms (Examples)

Equalities

Given t1 = t2 create either t1 := t2 or t2 := t1

Arithmetic Expressions

Given, e.g., 2 ∗ a + b ∗ c = d − e. Solve the equation for each function symbol: E.g. a := (d − e − b ∗ c)/2

Inequalities

Given, t1 < t2, create t1 := t2 + gtZero and gtZero > 0 Given, t1 = t2, create t1 := t2 + notZero and notZero = 0

Quantification

Deskolemization of elementary updates to quantified updates

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Update Construction from Core Atoms (Examples)

Equalities

Given t1 = t2 create either t1 := t2 or t2 := t1

Arithmetic Expressions

Given, e.g., 2 ∗ a + b ∗ c = d − e. Solve the equation for each function symbol: E.g. a := (d − e − b ∗ c)/2

Inequalities

Given, t1 < t2, create t1 := t2 + gtZero and gtZero > 0 Given, t1 = t2, create t1 := t2 + notZero and notZero = 0

Quantification

Deskolemization of elementary updates to quantified updates

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion Basic Idea How Updates are Created

Update Construction from Core Atoms (Examples)

Equalities

Given t1 = t2 create either t1 := t2 or t2 := t1

Arithmetic Expressions

Given, e.g., 2 ∗ a + b ∗ c = d − e. Solve the equation for each function symbol: E.g. a := (d − e − b ∗ c)/2

Inequalities

Given, t1 < t2, create t1 := t2 + gtZero and gtZero > 0 Given, t1 = t2, create t1 := t2 + notZero and notZero = 0

Quantification

Deskolemization of elementary updates to quantified updates

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas

Introduction QuEKeY: The Novel Approach Summary and Conclusion

Summary and Conclusion

We have presented a model generation technique for quantified formulas Important for counterexample generation, testing, and checking the consistency of axioms/preconditions It’s a search algorithm that uses updates as the model representation language Two variants:

Complete model generation (no need for SMT solver) Precomputation for SMT solver (eliminates quantified formulas)

Completes my overall approach of a semi-decision procedure for program correctness Limitation: recursive functions

Christoph Gladisch Model Generation for Quantified First-order Logic Formulas