1 / 45

CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures

CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures. Presented by: Sergey Berezin Stanford University, U.S.A. People. Project leaders: Sergey Berezin, Clark Barrett, David Dill Developers and contributors:. Daniel Wichs Ying Hu Mark Zavislak Jim Zhuang.

elsie
Download Presentation

CVCL Lite: An Efficient Theorem Prover Based on Combination of Decision Procedures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CVCL Lite:An Efficient Theorem Prover Based on Combination of Decision Procedures Presented by: Sergey Berezin Stanford University, U.S.A.

  2. People Project leaders: • Sergey Berezin, Clark Barrett, David Dill Developers and contributors: • Daniel Wichs • Ying Hu • Mark Zavislak • Jim Zhuang • Deepak Goyal • Jake Donham • Sean McLaughlin • Vijay Ganesh • Mehul Trivedi

  3. Outline • Theoretical Basis • CVCL from User's Point of View • C++ library • Command line • Theory API • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality

  4. What is CVC Lite? • Validity Checker: G ² f • First-Order Logic with interpreted theories • Arithmetic, uninterpreted functions, arrays, etc. • Theorem Prover based on multiple DPs

  5. Logic • Many-sorted FOL + '=' + Theories x=y ) a[i]+2*y < f(rec.f, 15-3*b[j+1]) • Partial functions (e.g. x/y) • Quantifiers (experimental) • Validity Problem: • Is f valid under the set of assumptions G ? G²f

  6. Theoretical Basis: Combination of Decision Procedures • Clark Barrett's thesis • Fusion of Nelson-Oppen + Shostak methods T1[ T2 ² f T1[ T2 [:f ² ? (T1[G1) [ (T2[G2) ² ? • Search for an arrangement A over S0 such that (T1[G1) [ A and (T2[G2) [ A are SAT

  7. Theoretical Basis: Real Implementation • Vijay Ganesh's extension of Ghilardi's method: T1[ T2 ² f T1[ T2 [:f ² ? (T1[G1) [ (T2[G2) ² ? Ti[Gi[ Ck ² Ck+1, i2{1,2} Ck are positive ground clauses

  8. Outline • Theoretical Basis • CVCL from User's Point of View • C++ library • Command line • Theory API • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality

  9. CVCL as C++ Library • API: ValidityChecker class • Provides functionality: • Create terms and formulas as CVCL Expr • Manipulate logical context G • Solve G²f

  10. CVCL Executable Parser & Command Processor CVCL library CVCL API User Input Command Line Executable • PVS-like input language • Parser and command processor • implemented on top of C++ API

  11. Theory API(For New Decision Procedures) • "Hackability" – very important! • All functionality implemented locally in DP • No changes to the Core files CVCL Library CVCL Core Theory API Arith Arrays UF

  12. Outline • Theoretical Basis • CVCL from User's Point of View • Command line • C++ library • Theory API • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality

  13. CVCL Core SAT Solver Union-Find DB Fact Queue Notify List Arith Arrays UF CVC Lite Architecture

  14. Union-Find & Notify List y x y' x' x' = y' => x = y 2*x + 3*y => 5*y

  15. ... ... Setup / Update Mechanism update(2*x=2*y, 2*x+3*y) 2*x + 3*y = 5*y + 2*x = 2*y * * 2 x 3 y update(x=y, 2*x) x = y

  16. Soundness:Theorems and Proof Rules • Computing with proof rules • Every proven formula is a Theorem object • Theorems are constructed with Proof Rules • Proof rules comprise Trusted Code • Soundness checked on-the-fly • Transparent assumption tracking and proof production • Automatically up-to-date

  17. t1· x x · t2 t1· t2 R Computing with Proof Rules Example: Fourier-Motzkin elimination t1· x, x · t2 => t1· t2 C++ Method: R(t1· x, x · t2) { return t1· t2; } Proof Rule:

  18. Theorem Class Sequent: G²f class Theorem { // private constructors Formula f; Assumptions G; Proof pf; };

  19. G1² t1· x G2² x · t2 G1[G2² t1· t2 R Trusted Code R(Theorem(G1 ² t1· x), Theorem(G2 ² y · t2)) { check_sound(x == y); Proof pf = ... // Compute the proof object return Theorem(G1 [G2 ² t1· t2, pf); }

  20. Outline • Theoretical Basis • CVCL from User's Point of View • Command line • C++ library • Theory API • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality

  21. (BCP; DP)* s1 s2 s3 :s2 (BCP; DP)* (BCP; DP)* (BCP; DP)* :s3 SAT Solver + DPs BCP: Unit Clauses DP: Ti[Gi[ Ck² Ck+1 Backtracking Mechanism! ? ?

  22. Backtracking Mechanism • CDO -- generic backtracking object • read, assign • CDList -- backtracking stack • push, read-only • CDMap – backtracking STL-like map • add <key,value>, change value; [no deletion] ~1% CPU overhead

  23. (BCP; DP)* s1 (BCP; DP)* s2 • Derived G0 such that: • (Ti[Gi) [G0²G0 • ?2G0 • Therefore (T1[G1) [ (T2[G2) is SAT • Hence, T1[ T2 ² f (BCP; DP)* s3 (BCP; DP)* Completeness of CVC Lite T1[ T2 ² f T1[ T2 [:f ² ? (T1[G1) [ (T2[G2) ² ? Ti[Gi[ Ck ² Ck+1, i2{1,2} SAT

  24. assump a²a G1²f1G2²f2 G1[G2²y R Efficiency:Tracking Assumptions for Conflict Analysis Splitters: Typical Proof Rule: Assumptions are proof explications! G²?

  25. l9 l8 l4 l5 l6 l7 l1 l2 l3 l :l Implication Graph and Conflict Clauses Conflict Clause: (: l1Ç: l6Ç: l7) ?

  26. y<z z<x y<z z<x y<x R x<y y<x x<y y<x ? LT? Implication Graph from Theorems ?

  27. ² z<x ² y<z y<z z<x y<x R ² x<y ² y<x x<y y<x ? LT? Implication Graph from G ²?

  28. Outline • Theoretical Basis • CVCL from User's Point of View • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality • Proofs • Quantifiers • Partial Functions

  29. y<z z<x y<x R Proof Production • pf[y<x] = R(pf[y<z], pf[z<y]) • Curry-Howard Isomorphism: • Proofs are terms • Formulas are types • R: (y<z) £ (z<x) ! (y<x) • Constructed in proof rules

  30. Outline • Theoretical Basis • CVCL from User's Point of View • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality • Proofs • Quantifiers • Partial Functions

  31. D, G²f G²f 9E Existential Quantifiers • Add "axiom": (9 x. f(x)) )f(a) • fresh Skolem constant a • Skolemization by Modus Ponens • Set of axioms D is eliminated:

  32. 8 x. f(x) f(t) 8E Universal Quantifiers • Instantiate: • Search for terms in current context • Cache useful instantiations • Those that derive ?

  33. Outline • Theoretical Basis • CVCL from User's Point of View • Architecture and Design Decisions • Information Flow in CVCL • Other Functionality • Proofs • Quantifiers • Partial Functions

  34. Partial Functions & Subtypes True, False or Undefined? x/y · x/y x/y > x/y : (y = 0) => x/y · x/y : (x/y · x/y) => y = 0 x/y > x/y => y = 0

  35. Kleene Semantics • Values: T, F, ? • Connectives: • FÆ?´F, TÆ?´? • FÇ?´?, TÇ?´T • Most general • Agrees with classical logic • f´? iff value of f depends on particular total extension

  36. Type Correctness Conditions (TCCs) • TCC[f] iff f is defined (T or F) • TCC[f(t)] = df(t) Æ TCC[t] • TCC[f1Çf2] = (TCC[f1] Æ TCC[f2]) Ç (TCC[f1] Æf1) Ç (TCC[f2] Æf2)

  37. Total Extensions with TCCs • If TCC[f] ´T, • Then M ²f iff Mtotal²f • E.g. arithmetic: x / 0 = 0

  38. Partial Functions with Subtypes • Subtypes: NAT = { x: REAL | int(x) Æ x ¸ 0 } R0 = { x : REAL | x != 0 } • x / y: REAL £ R0! REAL • TCC[x/y] = (y != 0)

  39. ´T Example of TCC • TCC[y=0 Ç x/y · x/y] ´ (TÆ y != 0) Ç (TÆ y=0) Ç ( y != 0 Æ x/y · x/y) • Therefore: • y!=0 ) x/y · x/y ´ T

  40. User Input TCCs Decision Procedure: Any Total Extension CVCL Library CVCL Core Theory API Arith Arrays UF

  41. Hack to the Future • New Decision Procedures • Bit Vectors, Datatypes • Functionality • Symbolic Simulation • Interpolation? Predicate Abstraction? • Interface • Multiple input languages • Performance • Raw speed • SAT heuristics (DP-specific?)

  42. DPs: 2x+3y<8, f(x)=g(y), a[i], r.f, 8 x. f(x) G²f Ti[ Ck² Ck+1 9 x. f(x) )f(a) cvc.exe 8 x. f(x) f(t) 8E Theory API Core DP DP DP Questions? Theory C++ lib 8, 9 UI CVCL Kleene Architecture TCCs Impl Graph SAT Notify List NAT v INT x / 0 Theorems G²f Completeness Backtracking

  43. Thank you!

  44. Other Important Features • Efficient backtracking mechanism • Partial Functions and Subtypes • Kleene semantics (most general) • Quantifiers (experimental) • Symbolic Simulator (in progress) • Proof Production

  45. Adding Decision Procedures • Core files need not be modified • All functionality is coded locally in DP • Type checking • TCCs (partial functions) • Specialized expressions • Parsing aid • Pretty-printing • Distribution of responsibility among developers

More Related