Reasoning About Set Comprehensions Edmund S. L. Lam Iliano - - PowerPoint PPT Presentation

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Reasoning About Set Comprehensions

Edmund S. L. Lam Iliano Cervesato

sllam@qatar.cmu.edu iliano@cmu.edu

Carnegie Mellon University

Supported by grant NPRP 09-667-1-100, Effective Programming for Large Distributed Ensembles

SMT’14 Vienna, Austria, July 2014

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Outline

1

Introduction

2

Encoding SC(LIA) into U+LIA

3

Implementation and Future Work

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Motivation

Automated support for reasoning about sets (multisets)

Cardinality constraints [Piskac and Kuncak, 2010, Suter et al., 2011] Aggregate constraints [Leino and Monahan, 2009]

But what about set comprehensions?

Is {10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X satisfiable?

Is {x | x < 4}x ˙

∈X ∩ {x | x ≥ 4}x ˙ ∈X = ∅ satisfiable?

We want automated support for reasoning about set comprehensions as well!

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Motivation

Automated support for reasoning about sets (multisets)

Cardinality constraints [Piskac and Kuncak, 2010, Suter et al., 2011] Aggregate constraints [Leino and Monahan, 2009]

But what about set comprehensions?

Is {10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X satisfiable?

Yes! Possible solutions: X = {1, 2, 3} or X = {1, 2, 3, 4} or . . . Is {x | x < 4}x ˙

∈X ∩ {x | x ≥ 4}x ˙ ∈X = ∅ satisfiable?

We want automated support for reasoning about set comprehensions as well!

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Motivation

Automated support for reasoning about sets (multisets)

Cardinality constraints [Piskac and Kuncak, 2010, Suter et al., 2011] Aggregate constraints [Leino and Monahan, 2009]

But what about set comprehensions?

Is {10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X satisfiable?

Yes! Possible solutions: X = {1, 2, 3} or X = {1, 2, 3, 4} or . . . Is {x | x < 4}x ˙

∈X ∩ {x | x ≥ 4}x ˙ ∈X = ∅ satisfiable?

No! No such X exists

We want automated support for reasoning about set comprehensions as well!

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

This work, at a Glance

Reasoning about set comprehensions: Source language: set comprehensions over some base theory Th — SC(Th) We encode formulas of SC(Th) into formulas of Th, plus an uninterpreted domain U — U+Th

Uninterpreted domain U represents the domain of sets of Th U+Th formulas are fed to an off-the-shelf SAT checker (e.g., Z3)

For simplicity, we demonstrate this encoding for Th = LIA (Linear Integer Arithmetic’s)

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Outline

1

Introduction

2

Encoding SC(LIA) into U+LIA

3

Implementation and Future Work

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

SC(LIA) and U+LIA

SC(LIA): Set Comprehensions over Linear Integer Arithmetic Arithmetic Term t ::= x | v | t op t Arithmetic Formula T ::= t . = t | t < t | ¬T | T ∧ T Set Term s ::= X | {¯ t} | {t | T}x ˙

∈s

| s ∪ s | s ∩ s | s \ s Set Formula S ::= t ˙ ∈ s | s . = s | s ⊆ s | ¬S | S ∧ S U+LIA: Linear Integer Arithmetic and Uninterpreted Sets Arithmetic Term t ::= x | v | t op t Arithmetic Formula T ::= t . = t | t < t Uninterpreted Set Term s ::= X Uninterpreted Set Formula S ::= t ˙ ∈ s Formula F, C ::= S | T | ¬F | F ∧ F | ∃x.F | ∀x.F

Set comprehensions: {tx | Tx}x ˙

∈s

tx: range pattern Tx: guard condition s: comprehension domain

Scope of x is tx and Tx

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA — an Example

S = F is the encoding in U+LIA of SC(LIA) formula S An example:

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X

=     

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA — an Example

S = F is the encoding in U+LIA of SC(LIA) formula S An example:

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X

=      ∀y. y ˙ ∈ X2 ↔ (y . = 10 ∨ y . = 20 ∨ y . = 30) − F1 : X2 = {10, 20, 30}

Encode set term {10, 20, 30} as uninterpreted variable X2 Relation ˙ ∈ is treated as an uninterpreted binary predicate Formula F1 provides the interpretation of X2 and ˙ ∈

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA — an Example

S = F is the encoding in U+LIA of SC(LIA) formula S An example:

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X

=      ∀y. y ˙ ∈ X2 ↔ (y . = 10 ∨ y . = 20 ∨ y . = 30) − F1 : X2 = {10, 20, 30} ∀x. (x ∗ 10 ˙ ∈ X3) ↔ (x ˙ ∈ X ∧ x < 4) − F2 : X3 = {x ∗ 10 | x < 4}x ˙

∈X

Same for {x ∗ 10 | x < 4}x ˙

∈X with X3 and F2

Given {tx | Tx}x ˙

∈s, we encode with X3

∀x. (tx ˙ ∈ X3) ↔ (x ˙ ∈ s ∧ Tx) This is a special case though . . .

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA — an Example

S = F is the encoding in U+LIA of SC(LIA) formula S An example:

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X

=      ∀y. y ˙ ∈ X2 ↔ (y . = 10 ∨ y . = 20 ∨ y . = 30) − F1 : X2 = {10, 20, 30} ∀x. (x ∗ 10 ˙ ∈ X3) ↔ (x ˙ ∈ X ∧ x < 4) − F2 : X3 = {x ∗ 10 | x < 4}x ˙

∈X

∀z. z ˙ ∈ X2 ↔ z ˙ ∈ X3 − F3 : X2 = X3

Finally, F3 states that X2 and X3 are extensionally equal

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA — an Example

S = F is the encoding in U+LIA of SC(LIA) formula S An example:

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X

=      ∀y. y ˙ ∈ X2 ↔ (y . = 10 ∨ y . = 20 ∨ y . = 30) − F1 : X2 = {10, 20, 30} ∀x. (x ∗ 10 ˙ ∈ X3) ↔ (x ˙ ∈ X ∧ x < 4) − F2 : X3 = {x ∗ 10 | x < 4}x ˙

∈X

∀z. z ˙ ∈ X2 ↔ z ˙ ∈ X3 − F3 : X2 = X3

{10, 20, 30} . = {x ∗ 10 | x < 4}x ˙

∈X is satisfiable

iff F1 ∧ F2 ∧ F3 is satisfiable (i.e., M | = F1 ∧ F2 ∧ F3) M | = F1 ∧ F2 ∧ F3 can be checked by many off-the-shelf SMT solvers (e.g., Z3)

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Set Comprehension Encoding (Special Case)

This was a special case Encode {tx | Tx}x ˙

∈s as ∀x. (tx ˙

∈ X3) ↔ (x ˙ ∈ s ∧ Tx) Here’s why:

{0, 2} . = {x%3 | ⊤}x ˙

∈{3,6,8}

=          ∀y. y ˙ ∈ X2 ↔ (y . = 0 ∨ y . = 2) − F1 : X2 = {0, 2} ∀x. (x%3 ˙ ∈ X3) ↔ (x ˙ ∈ X4) − F2 : X3 = {x%3 | ⊤}x ˙

∈X4

∀z. z ˙ ∈ X4 ↔ (z . = 3 ∨ z . = 6 ∨ z . = 8) − F3 : X4 = {3, 6, 8} ∀w. w ˙ ∈ X2 ↔ w ˙ ∈ X3 − F3 : X2 = X3

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Set Comprehension Encoding (Special Case)

This was a special case Encode {tx | Tx}x ˙

∈s as ∀x. (tx ˙

∈ X3) ↔ (x ˙ ∈ s ∧ Tx) Here’s why:

{0, 2} . = {x%3 | ⊤}x ˙

∈{3,6,8}

=          ∀y. y ˙ ∈ X2 ↔ (y . = 0 ∨ y . = 2) − F1 : X2 = {0, 2} ∀x. (x%3 ˙ ∈ X3) ↔ (x ˙ ∈ X4) − F2 : X3 = {x%3 | ⊤}x ˙

∈X4

∀z. z ˙ ∈ X4 ↔ (z . = 3 ∨ z . = 6 ∨ z . = 8) − F3 : X4 = {3, 6, 8} ∀w. w ˙ ∈ X2 ↔ w ˙ ∈ X3 − F3 : X2 = X3

We expect {0, 2} . = {x%3 | ⊤}x ˙

∈{3,6,8} to be satisfiable . . .

but F1 ∧ F2 ∧ F3 ∧ F4 is not!

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Set Comprehension Encoding (Special Case)

This was a special case Encode {tx | Tx}x ˙

∈s as ∀x. (tx ˙

∈ X3) ↔ (x ˙ ∈ s ∧ Tx) Here’s why:

{0, 2} . = {x%3 | ⊤}x ˙

∈{3,6,8}

=          ∀y. y ˙ ∈ X2 ↔ (y . = 0 ∨ y . = 2) − F1 : X2 = {0, 2} ∀x. (x%3 ˙ ∈ X3) ↔ (x ˙ ∈ X4) − F2 : X3 = {x%3 | ⊤}x ˙

∈X4

∀z. z ˙ ∈ X4 ↔ (z . = 3 ∨ z . = 6 ∨ z . = 8) − F3 : X4 = {3, 6, 8} ∀w. w ˙ ∈ X2 ↔ w ˙ ∈ X3 − F3 : X2 = X3

The problem: F2 is “malfunctioning” on the → case A counterexample 9%3 = 0, but 0 ˙ ∈ X3 → 9 ˙ ∈ X4

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Set Comprehension Encoding (In General)

Encode comprehensions with ∀x. (tx ˙ ∈ X3) ↔ (x ˙ ∈ s ∧ Tx)

• n work if tx is injective.

In general, comprehension patterns are encoding with two U+LIA formulas

{tx | Tx}x ˙

∈X =

         X ′ such that ∀x. (x ˙ ∈ X ∧ Tx) → tx ˙ ∈ X ′ − Fmax ∀z. z ˙ ∈ X ′ → ∃x. (z . = tx ∧ x ˙ ∈ X ∧ Tx) − Frg

Fmax enforces maximality: Every domain value in X has a corresponding value in X ′ Frg enforces range restriction: Every member of X ′ has a corresponding value in X

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Encoding SC(LIA) into U+LIA

Given a SC(LIA) formula S, is M | = S decidable?

Most likely not. U+LIA is not decidable [Halpern, 1991].

Nonetheless still useful:

Compiler optimization for CHR with comprehensions [Lam and Cervesato, 2014]

See paper for details!

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Outline

1

Introduction

2

Encoding SC(LIA) into U+LIA

3

Implementation and Future Work

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Implementation

A lightweight Python library:

Built on top of Z3 SMT Solver [De Moura and Bjørner, 2008] Simple combinator library to write SC(ThZ3) formulas, where ThZ3 consist of Z3 base types. Translates SC(ThZ3) formulas to U+ThZ3 formulas, which are SAT checked by Z3

Available for download at: https://github.com/sllam/pysetcomp

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Future Work

Set comprehension is great, but what about multiset comprehensions? Possible approach: Multisets as arrays (map elements to multiplicity)

M = X1 . = x ∗ 10 | x ≤ 3x ˙

∈X2

M =

• ∀x, m. (X2[x] = m ∧ m > 0 ∧ x ≤ 3) → X1[x ∗ 10] = m

∀z, m. (X1[z] = m ∧ m > 0) → ∃x.(z = x ∗ 10 ∧ x ≤ 3 ∧ X2[x] = m)

Future work:

“Multisets as arrays” works only for injective functions Requires a reduce sum on array values

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Conclusion

We have developed a framework for automated reasoning about formulas on set comprehensions over some base term theory Th (i.e., SC(Th)). Encodes SC(Th) into U+Th formulas, which can be SAT checked by off-the-shelf SMT solvers Implemented a light-weight Python library, built on top of Z3 Available for download at: https://github.com/sllam/pysetcomp

Introduction Encoding SC(LIA) into U+LIA Implementation and Future Work

Bibliography

De Moura, L. and Bjørner, N. (2008). Z3: An Efficient SMT Solver. In Proc. of the Theory and Practice of Software, 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, TACAS’08/ETAPS’08, pages 337–340, Berlin, Heidelberg. Springer-Verlag. Halpern, J. Y. (1991). Presburger Arithmetic with Unary Predicates is Π1

1 Complete.

Journal of Symbolic Logic, 56:56–2. Lam, E. S. L. and Cervesato, I. (2014). Optimized Compilation of Multiset Rewriting with Comprehensions (Full-Version). Technical Report CMU-CS-14-119, Carnegie Mellon University. Leino, K. R. M. and Monahan, R. (2009). Reasoning about Comprehensions with First-Order SMT Solvers. In In Proc. of the 2009 ACM symposium on Applied Computing, pages 615–622. ACM. Piskac, R. and Kuncak, V. (2010). MUNCH — Automated Reasoner for Sets and Multisets. In IJCAR’10, volume 6173 of Lecture Notes in Computer Science, pages 149–155. Springer. Suter, P., Steiger, R., and Kuncak, V. (2011). Sets with Cardinality Constraints in Satisfiability Modulo Theories. In Verification, Model Checking, and Abstract Interpretation, pages 403–418. Springer.