1 / 36

ECI 2007: Specification and Verification of Object-Oriented Programs

ECI 2007: Specification and Verification of Object-Oriented Programs. Lecture 5. Arithmetic programs. In addition, integer-valued variables with affine operations.  Formula := A |   |    A  Atom := b | t = 0 | t > 0 | t  0 t  Term := c | x | t + t | t – t | ct b  SymBoolConst

airell
Download Presentation

ECI 2007: Specification and Verification of Object-Oriented Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ECI 2007: Specification and Verification of Object-Oriented Programs Lecture 5

  2. Arithmetic programs • In addition, integer-valued variables with affine operations •  Formula := A |   |    A  Atom := b | t = 0 | t > 0 | t  0 t  Term := c | x | t + t | t – t | ct b  SymBoolConst x  SymIntConst c  {…,-1,0,1,…}

  3. Satisfiability modulo arithmetic • A formula is a boolean combination of literals • Each literal is a positive or negative atom • Each atom is either a boolean variable or a linear constraint over integer variables

  4. x  y  (a  z > 0)  (a  x > y)  y + z  x b  x  y c  z > 0 d  x > y e  y + z  x b  (a  c)  (a  d)  e

  5. x  y  (a  z > 0)  (a  x > y)  y + z  x b  x  y c  z > 0 d  x > y e  y + z  x b  (a  c)  (a  d)  e Arithmetic Solver

  6. x  y  (a  z > 0)  (a  x > y)  y + z  x b  x  y c  z > 0 d  x > y e  y + z  x b  (a  c)  (a  d)  e b = T, e = T Arithmetic Solver Satisfiable

  7. x  y  (a  z > 0)  (a  x > y)  y + z  x b  x  y c  z > 0 d  x > y e  y + z  x b  (a  c)  (a  d)  e b = T, e = T Arithmetic Solver a = F Unsatisfiable b = T, c = T, e = T

  8. x  y  (a  z > 0)  (a  x > y)  y + z  x b  x  y c  z > 0 d  x > y e  y + z  x b  (a  c)  (a  d)  e b = T, e = T Arithmetic Solver a = T Unsatisfiable b = T, d = T, e = T

  9. Affine constraints A collection of m constraints over n variables: a11 x1 + a12 x2 + … + a1n xn + c1  0 a21 x1 + a22 x2 + … + a2n xn + c2  0 … am1 x1 + am2 x2 + … + amn xn + cm  0 a1 x1 + a2 x2 + … + an xn + c> 0 a1 x1 + a2 x2 + … + an xn + c-1 0 a1 x1 + a2 x2 + … + an xn + c 0 (-a1)x1 + (-a2)x2 + … + (-an xn) + (-c) 0 a1 x1 + a2 x2 + … + an xn + c= 0

  10. Satisfiability problem for affine constraints A collection of m constraints over n variables: a11 x1 + a12 x2 + … + a1n xn + c1  0 a21 x1 + a22 x2 + … + a2n xn + c2  0 … am1 x1 + am2 x2 + … + amn xn + cm  0 Does there exist an assignment of x1,x2, …,xn over the integers such that each constraint is satisfied ?

  11. Solving affine constraints • Integer linear programming • NP-complete • Approximate integers by rationals/reals • Linear programming • Polynomial time (Khachian 1978, Karmarkar 1984) • Simplex algorithm (Dantzig 63) • exponential worst-case time • polynomial behavior in practice

  12. Simplex Algorithm for Affine Constraints

  13. Tableau x1 x2 …xn y1 a11 a12 … a1n c1 y2 a21 a22 … a2n c2 … ym am1 am2 … amn cm Row variables Column variables Read it as: y1 = a11 x1 + a12 x2 + … + a1n xn + c1 y2 = a21 x1 + a22 x2 + … + a2n xn + c2 … ym = am1 x1 + am2 x2 + … + amn xn + cm y1  0 y2  0 … ym  0

  14. x – y + 1  0 x + y + 3  0 -x + -4  0 x y a 1 -1 1 b 1 1 3 c -1 0 -4

  15. c = 0 x = 0 a = 0 y = 0 b = 0

  16. Sample point x1 x2 …xn y1 a11 a12 … a1n c1 y2 a21 a22 … a2n c2 … ym am1 am2 … amn cm x1 = 0x2 = 0…xn = 0 y1 = c1 y2 = c2 … ym = cm

  17. A tableau is feasible if the sample point satisfies • all sign constraints. • Otherwise, drop a subset of sign constraints to • get a feasible tableau. • For each unsatisfied sign constraint: • Look for a different point satisfying the constraint • while preserving existing constraints • If such a point is found, add the constraint • Otherwise, declare unsatisfiable • Declare satisfiable

  18. Pivot operation Exchange row i and column j: 1. Solve for xj yi = ai1 x1 + … + aij xj + … + ain xn + ci xj = (-1/aij) (ai1 x1 + … + (-1)yi + … + ain xn + ci) 2. Substitute in row k  i yk = ak1 x1 + … + akj xj + … + akn xn + ck yk = (ak1 – akjai1/aij) x1 + … + (akj/aij)yi + … + (akn – akjain/aij) xn + (ck – akjci/aij)

  19. x1 …xj …xn y1 a11 … a1j … a1n c1 … yi ai1 … aij … ain ci … ym am1 … amj … amn cm x1 …yi…xn y1 (a11 – a1jai1/aij)… (a1j/aij) … (a1n – a1jain/aij)(c1 – a1jci/aij) … xj (- ai1/aij) … (1/aij) … (- ain/aij)(-ci/aij) … ym (am1 – amjai1/aij) … (amj/aij) … (amn – amjain/aij)(cm – amjci/aij)

  20. Observation A pivot operation preserves the solution set of any tableau.

  21. x y a 1 -1 1 b 1 1 3 c -1 0 -4 x y a 1 -1 1 b 1 1 3 c -1 0 -4 Drop sign constraint for c Pivot a and x a b x 1/2 1/2 -2 y -1/2 1/2 -1 c -1/2 -1/2 -2 a y x 1 1 -1 b 1 2 2 c -1 -1 -3 Pivot b and y

  22. c = 0 x = 0 a = 0 y = 0 b = 0

  23. Manifestly maximized row variable A row variable is manifestly maximized if every non-zero entry, other than the entry in the constant column, in its row is negative and lies in a column owned by a restricted variable. m n x y 1 -1 2 0 l -1 -3 0 -1 • - l is manifestly maximized in the above tableau. • l is constrained to be at most -1. • y is not manifestly maximized in the above tableau.

  24. Manifestly unbounded column variable A column variable is manifestly unbounded if every negative entry in its column is in a row owned by an unrestricted variable. x u l 1 -1 0 y -1 -1 1 z -1 -2 -1 m 0 1 2 • x is manifestly unbounded in the above tableau. • x can take arbitrarily large values. • u is not manifestly unbounded in the above tableau.

  25. Observation • Given a feasible tableau T and a variable v, there • is a sequence of pivot operations on T leading to a • tableau T’ such that either • v is manifestly maximized in T’, or • 2. v is manifestly unbounded in T’

  26. Algorithm • Create initial tableau T with only those sign constraints that are • satisfied by the sample point of T • 2. If every row variable satisfies its sign constraint, return satisfiable • 3. Pick a row k owned by variable y such that the sign constraint is • not satisfied by the sample point of T • 4. If y is manifestly maximized in T, return unsatisfiable • 5. Pick a column j such that akj is positive • 6. If every restricted row has a non-negative entry in column j, • perform Pivot(k,j). y becomes manifestly unbounded in T. • Therefore, add the sign constraint for y. Go to 2. • 7. (i, j) = ComputePivot(k) • 8. Perform Pivot(T,i,j) • 9. If the sample point of T satisfies the sign constraint for y, then • add the sign constraint for y. Go to 2. • 9. Go to 4

  27. Observation • If a row variable y is not manifestly maximized • either there is a positive entry in some column • or there is a negative entry in a column owned by an unrestricted variable

  28. Algorithm • Create initial tableau T with only those sign constraints that are • satisfied by the sample point of T • 2. If every row variable satisfies its sign constraint, return satisfiable • 3. Pick a row k owned by variable y such that the sign constraint is • not satisfied by the sample point of T • 4. If y is manifestly maximized in T, return unsatisfiable • 5’. Pick a column j such that akj is negative and the variable in column j • is unrestricted. • 6. If every restricted row has a non-positive entry in column j, • perform Pivot(k,j). y becomes manifestly unbounded in T. • Therefore, add the sign constraint for y. Go to 2. • 7. (i, j) = ComputePivot(k) • 8. Perform Pivot(T,i,j) • 9. If the sample point of T satisfies the sign constraint for y, then • add the sign constraint for y. Go to 2. • 9. Go to 4

  29. Pratt’s Algorithm for Difference Constraints

  30. Difference constraints Three different kinds of constraints: x – y  c x  c -y  c • - very common in program verification • satisfiability procedure more efficient than • for general affine constraints • - satisfiability procedure complete for integers

  31. Variable x Vertex x Constraint x – y  c Edge from y to x with weight c Reduction to a graph problem Introduce a new variable z to denote the value 0 x - z  c x  c z - y  c -y  c - Add a new vertex s. - Add an edge with weight 0 from s to every other vertex v.

  32. Theorem The set of constraints is satisfiable iff there is no negative cycle in the graph.

  33. Soundness If there is a negative cycle in the graph, the set of constraints is unsatisfiable. x1 - x2  c1 x2 - x3  c2 … xn - x1  cn 0  c1 + c2 + … + cn < 0

  34. Completeness If there is no negative cycle in the graph, the set of constraints is satisfiable.

  35. Bellman-Ford algorithm d(s) := 0 for each vertex v  s: d(v) :=  for each vertex: for each edge (u,v): if d(v) > d(u) + weight(u,v) d(v) := d(u) + weight(u,v) for each edge (u,v): if d(v) > d(u) + weight(u,v) Graph contains a negative-weight cycle

  36. Completeness If there is no negative cycle in the graph, then d(v) - d(u)  weight(u,v) for each edge (u,v). Model: Assign to variable x the value d(x) –d(z).

More Related