Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May - - PowerPoint PPT Presentation

synthesis by quantifier
SMART_READER_LITE
LIVE PREVIEW

Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May - - PowerPoint PPT Presentation

Dec 18, 2022 47 likes •588 views

Synthesis by Quantifier Instantiation in CVC4 Andrew Reynolds May 4, 2015 Overview SMT solvers : how they work Synthesis Problem : f. x. P( f, x ) There exists a function f such that for all x, P( f, x ) New approaches for

slide-1
SLIDE 1

Synthesis by Quantifier Instantiation in CVC4

Andrew Reynolds May 4, 2015

slide-2
SLIDE 2

Overview

  • SMT solvers : how they work
  • Synthesis Problem :  f.  x. P( f, x )
  • New approaches for synthesis problems in an SMT solver [CAV 15]
  • Implemented in the SMT solver CVC4
  • Evaluation

There exists a function f such that for all x, P( f, x )

slide-3
SLIDE 3

SMT solvers

  • Are powerful tools used in many formal methods applications:
  • Software and Hardware verification
  • Automated Theorem Proving
  • Scheduling and Planning
  • Software synthesis
  • Reason about Boolean combinations of theory constraints:
  • Linear arithmetic : 2*a+1>0
  • Bitvectors : bvsgt(a,#bin0001)
  • Arrays : select(store(a,5,b),c)=5
  • Datatypes : tail(cons(a,b))=b
  • ….
slide-4
SLIDE 4

SMT Solver for Theory T

  • Combines:
  • Off the shelf SAT solver
  • (Possibly combined) decision procedure for decidable theory T
  • Components communicate via DPLL(T) framework

SAT Solver

Decision Procedure for T

SMT Solver

DPLL(T)

slide-5
SLIDE 5

SMT Solver for Theory T

  • Determines if set of formulas F is T-satisfiable

SAT Solver

Decision Procedure for T

SMT Solver

DPLL(T)

F unsat sat

slide-6
SLIDE 6

SMT Solver for Theory T

SAT Solver

Decision Procedure for T

SMT Solver

DPLL(T)

f(a)>0f(a)<4 unsat sat

  • Model, for example f(a)=1
slide-7
SLIDE 7

unsat

SMT Solver for Theory T

SAT Solver

Decision Procedure for T

SMT Solver

DPLL(T)

f(a)>0f(a)<-1 sat

  • No model
slide-8
SLIDE 8

unsat

SMT Solver for Theory T

SAT Solver

Decision Procedure for T

SMT Solver

DPLL(T)

f(a)>0f(a)<-1 sat

  • For decidable theories (e.g. here T is TUF+TLIA)
  • Solver is terminating ith either unsat or sat
slide-9
SLIDE 9

SMT Solver + Quantified Formulas

  • SMT solvers have limited support for (first-order) quantified formulas 

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

Quantifiers Module SMT solver

slide-10
SLIDE 10

SMT Solver + Quantified Formulas

  • For input f(a)>0   x.f(x)<0
  • Ground solver maintains a set of ground (variable-free) constraints : f(a)>0
  • Quantifiers Module maintains a set of axioms :  x.f(x)<0

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

f(a)>0 Quantifiers Module  x.f(x)<0

slide-11
SLIDE 11

SMT Solver + Quantified Formulas

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

f(a)>0 Quantifiers Module  x.f(x)<0

slide-12
SLIDE 12

SMT Solver + Quantified Formulas

  • Ground solver checks T-satisfiability of current set of constraints

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

f(a)>0 Quantifiers Module  x.f(x)<0 unsat

sat

slide-13
SLIDE 13

SMT Solver + Quantified Formulas

  • Quantifiers Module adds instances of axioms
  • Goal : add istaces util groud soler ca aser unsat

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

f(a)>0,f(a)<0,f(b)<0,… Quantifiers Module  x.f(x)<0

instances

slide-14
SLIDE 14

SMT Solver + Quantified Formulas

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

f(a)>0,f(a)<0,f(b)<0,… Quantifiers Module  x.f(x)<0 unsat

  • Since f(a)>0 and f(a)<0
slide-15
SLIDE 15

SMT Solver + Quantified Formulas

  • Generally, a sound but incomplete procedure
  • Difficult to answer sat (when have we added enough instances of Q[x]?)

SAT Solver

Decision Procedure for T

Ground solver

DPLL(T)

F,Q[t1],Q[t2],… Quantifiers Module Q[x] unsat

sat instances

  • f Q

sat

 sat

slide-16
SLIDE 16

Approaches for Quantifiers in SMT

  • Heuristic instantiation good for unsat:
  • E-matching [Detlefs et al 2003, Ge et al 2007, de Moura/Bjorner 2007]
  • Complete approaches ay aser sat:
  • Local theory extensions [Sofronie-Stokkermans 2005]
  • Array fragments [Bradley et al 2006, Alberti et al 2014]
  • Complete instantiation [Ge/de Moura 2009]
  • Finite model finding [Reynolds et al 2013]

 Each limited to a particular fragment

slide-17
SLIDE 17

The Synthesis problem

f.x.P(f,x)

There exists a function f such that for all x, property P holds

  • Most existing approaches for synthesis
  • E.g. [Solar-Lezama et al 2006, Udupa et al 2013, Milicevic et al 2014]
  • Rely on specialized solver that makes subcalls to an SMT Solver
  • Approach for synthesis in this talk:
  • Instrument an approach for synthesis entirely inside SMT solver
slide-18
SLIDE 18

Running Example : Max of Two Integers

 f.xy.(f(x,y)≥x  f(x,y)≥y 

(f(x,y)=x  f(x,y)=y))

  • Specifies that f computes the maximum of integers x and y
  • Solution:

f := lxy.ite(x>y,x,y)

slide-19
SLIDE 19

How does an SMT solver handle Max example?

f.xy.(f(x,y)≥x  f(x,y)≥y  (f(x,y)=x  f(x,y)=y))

slide-20
SLIDE 20
  • Straightforward approach:
  • Treat f as an uninterpreted function
  • Succeed if SMT solver can find correct interpretation of f, aser sat

However, this is challenging

  • SMT solvers have limited ability to find models when  are present
  • It is difficult to directly synthesize interpretation lxy.ite(x>y,x,y)

f : Int  Int  Int xy.(f(x,y)≥x  f(x,y)≥y  (f(x,y)=x  f(x,y)=y))

How does an SMT solver handle Max example?

slide-21
SLIDE 21

Refutation-Based Synthesis

 f. x.P(f,x)

  • “ice “MT solers are liited at aserig sat he  are present,

 Can we instead use a refutation-based approach for synthesis?

slide-22
SLIDE 22

What if we negate the synthesis conjecture?

  • Negate the synthesis conjecture
  • If we are in a satisfaction-complete theory T (e.g. linear arithmetic, bitvectors):
  • F is T-satisfiable if and only if F is T-unsatisfiable
  • In such cases:
  • If SMT solver can establish  f. x.P(f,x) is unsatisfiable
  • Then we know that  f. x.P(f,x) is satisfiable (f has a solution)
  •  f. x.P(f,x)
slide-23
SLIDE 23

Challenge: Second-Order Quantification

  • Want to show negated formula is unsatisfiable
  • Challenge: outermost quantification f over function f
  • No SMT solvers directly support second-order quantification
  • However, we can avoid this quantification using two approaches:
  • 1. When property P is single invocation for f
  • 2. When f is given syntactic restrictions

f. x.P(f,x)

  •  f. x.P(f,x)

negate

slide-24
SLIDE 24

Challenge: Second-Order Quantification

  • Want to show negated formula is unsatisfiable
  • Challenge: outermost quantification f over function f
  • No SMT solvers directly support second-order quantification
  • However, we can avoid this quantification using two approaches:
  • 1. When property P is single invocation for f  Focus of this talk
  • 2. When f is given syntactic restrictions

f. x.P(f,x)

  •  f. x.P(f,x)

negate

slide-25
SLIDE 25

Single Invocation Property : Max Example

f.  xy.(f(x,y)<x  f(x,y)<y  (f(x,y)≠x  f(x,y)≠y))

slide-26
SLIDE 26

Single Invocation Property : Max Example

  • Single invocation properties
  • Are properties such that:
  • All occurrences of f are of a particular form, e.g. f(x,y) above
  • Are a common class of properties useful for:
  • Software Synthesis (post-conditions describing the result of a function)
  • Examples of properties that are not single invocation:
  • c.  xy.c(x,y)=c(y,x), e.g. c is commutative

f.  xy.(f(x,y)<x  f(x,y)<y  (f(x,y)≠x  f(x,y)≠y))

slide-27
SLIDE 27

Single Invocation Property : Max Example

  • Occurrences of f(x,y) are replaced with integer variable g
  • Resulting formula is equisatisfiable, and first-order

f.  xy.(f(x,y)<x  f(x,y)<y  (f(x,y)≠x  f(x,y)≠y))  xy.g.(g<x  g<y  (g≠x  g≠y))

Push quantification downwards

slide-28
SLIDE 28

Single Invocation Property : Max Example

f.  xy.(f(x,y)<x  f(x,y)<y  (f(x,y)≠x  f(x,y)≠y))  xy.g.(g<x  g<y  (g≠x  g≠y))

Push quantification downwards

g.(g<a  g<b (g≠a  g≠b))

Skolemize, for fresh a and b

slide-29
SLIDE 29

Solving Max Example

g.(g<a  g<b (g≠a  g≠b))

slide-30
SLIDE 30

Solving Max Example

g.(g<a  g<b (g≠a  g≠b))

Ground solver Quantifiers Module

slide-31
SLIDE 31

Solving Max Example

g.(g<a  g<b (g≠a  g≠b))

Quantifiers Module Ground solver

instances a/g, b/g (a<a  a<b (a≠a  a≠b)) (b<a  b<b (b≠a  b≠b))

slide-32
SLIDE 32

Solving Max Example

g.(g<a  g<b (g≠a  g≠b))

Quantifiers Module Ground solver

a<b  b<a  simplify

slide-33
SLIDE 33

Solving Max Example

g.(g<a  g<b (g≠a  g≠b))

Quantifiers Module unsat Ground solver

a<b  b<a   g.(g<a  g<b (g≠a  g≠b)) is unsatisfable, implies original synthesis conjecture has a solution

slide-34
SLIDE 34

How do we get solutions?

Quantifiers Module Ground solver

f.x.P(f(x),x)

  • Given refutation-based approach for synthesis conjecture f.x.P(f(x),x)

 Solution for f can be extracted from unsatisfiable core of instantiations

slide-35
SLIDE 35

How do we get solutions?

g.P(g,k)

Quantifiers Module Ground solver

f.x.P(f(x),x)

negate, translate to FO

slide-36
SLIDE 36

How do we get solutions?

g.P(g,k)

Quantifiers Module Ground solver

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)

instances

negate, translate to FO

slide-37
SLIDE 37

How do we get solutions?

g.P(g,k)

Quantifiers Module Ground solver

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)

instances

negate, translate to FO

unsat

  • P(t1,k),…,P(tn,k)|= false
slide-38
SLIDE 38

How do we get solutions?

g.P(g,k)

Quantifiers Module Ground solver

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)

instances

negate, translate to FO

unsat

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k]

slide-39
SLIDE 39

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

slide-40
SLIDE 40

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

If P holds for t1, return t1

slide-41
SLIDE 41

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

If P holds for t2, return t2

slide-42
SLIDE 42

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

If P holds for tn-1, return tn-1

slide-43
SLIDE 43

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn,k)|= false

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

Why does P(tn,k) hold?

slide-44
SLIDE 44

Why is this a solution?

f.x.P(f(x),x)

  • P(t1,k),…,P(tn-1,k)|= P(tn,k)

Claim the following is a solution for f:

  • lx. ite( P(t1,k), t1,

ite( P(t2,k), t2, … ite( P(tn-1,k), tn-1, tn)…)[x/k] Given Found

Due to unsatisfiable core

slide-45
SLIDE 45

Solution for Max Example

f.xy.(f(x,y)≥x  f(x,y)≥y (f(x,y)=x  f(x,y)=y))

Given

slide-46
SLIDE 46

Solution for Max Example

f.xy.(f(x,y)≥x  f(x,y)≥y (f(x,y)=x  f(x,y)=y))

|= false

Given Found (a≥a  a≥b (a=a  a=b)),

  • (b≥a  b≥b (b=a  b=b))
slide-47
SLIDE 47

Solution for Max Example

f.xy.(f(x,y)≥x  f(x,y)≥y (f(x,y)=x  f(x,y)=y))

|= false

Claim the following is a solution for f:

  • lxy. ite( a≥a  a≥b (a=a  a=b), a,

b)…)[x/a][y/b] Given Found (a≥a  a≥b (a=a  a=b)),

  • (b≥a  b≥b (b=a  b=b))
slide-48
SLIDE 48

Solution for Max Example

f.xy.(f(x,y)≥x  f(x,y)≥y (f(x,y)=x  f(x,y)=y))

|= false

Claim the following is a solution for f:

  • lxy. ite( x≥x  x≥y (x=x  x=y), x,

y)…) Given Found (a≥a  a≥b (a=a  a=b)),

  • (b≥a  b≥b (b=a  b=b))
slide-49
SLIDE 49

Solution for Max Example

f.xy.(f(x,y)≥x  f(x,y)≥y (f(x,y)=x  f(x,y)=y))

|= false

Claim the following is a solution for f:

  • lxy. ite( x≥y , x, y )

Given Found (a≥a  a≥b (a=a  a=b)),

  • (b≥a  b≥b (b=a  b=b))
slide-50
SLIDE 50

Evaluation

  • Implemented techniques in SMT solver CVC4
  • Compared CVC4 against tools taken from 2014 SyGuS competition
  • In particular: enumerative CEGIS solver ESolver (Upenn)
  • Of 243 benchmarks from this competition:
  • 176 were single invocation
slide-51
SLIDE 51

Results

  • In total,
  • cvc4 finds solution for 35 that ESolver does not
  • ESolver finds solution for 2 that cvc4 does not
  • Solves 25 benchmarks unsolved by any other known solver
  • Many of these in fraction of a second
slide-52
SLIDE 52

Results : Max Example

  • For class of properties synthesizing function taking max of n integers
  • cvc4 scales well to max9+
  • No solver from SyGuS competition synthesized max5 with timeout of an hour
slide-53
SLIDE 53

Summary

  • Refutation-based approach for synthesis
  • Solutions constructed from unsatisfiable core of instantiations
  • Implemented in CVC4
  • Highly competitive for single invocation properties

 For more details, see CAV 15 paper

Coutereaple Guided Quatifier Istatiatio for “thesis i “MT with Morgan Deters, Viktor Kuncak, Cesare Tinelli, and Clark Barrett

slide-54
SLIDE 54

Thanks!

  • CVC4 publicly available at:

http://cvc4.cs.nyu.edu/web/

  • Handles inputs in the sygus language format *.sl
  • Techniques in this presentation enabled by argument “--cegqi-si”