1 / 24

Deciding equality formulas by small domain instantiations

This research explores the decision procedures for equality formulas, specifically focusing on small domain instantiations. It presents various algorithms and methods for code generation, verification, and condition generation. The goal is to find efficient ways to convert formulas with uninterpreted functions into equivalent ones with uninterpreted functions. The study also introduces the Range-Minimization problem and analyzes formula structures to determine adequate range allocations. The research concludes with a discussion on state-space complexity and the impact of vertex cover and coloring algorithms.

belindamartin
Download Presentation

Deciding equality formulas by small domain instantiations

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Deciding equality formulasby small domain instantiations O. Shtrichman The Weizmann Institute Joint work with A.Pnueli, Y.Rodeh, M.Siegel Weizmann Institute

  2. Code generation C DC+ CVT Verification Condition Generator Auto-decomposition Abstraction Abstraction Level ++ Range Minimizer TLV (verifier) Weizmann Institute

  3. Uninterpreted functions From a general formula: To a formula with uninterpreted functions Weizmann Institute

  4. Ackerman’s reduction From a formula with uninterpreted functions: To a formula in the theory of equality Weizmann Institute

  5. In search for an efficient decision procedure A folk theorem: Finite Instantiations with 1..n. • Sajid et al (CAV 98’) : encode each comparison (x=y) with a boolean variable exy. A special BDD traversing algorithm • maintains the lost transitivity. • Major improvement comparing to finite instantiations with 1..n. • The traversing algorithm is worst case exponential. • The number of encoding bits is worst case (Vs. n logn in finite instantiations). Bryant et al (CAV 99’) : in positive equality formulas, replace each UIF with a unique constant. Weizmann Institute

  6. Finite Instantiations revisited Instead of giving the range [1..11], analyze connectivity: x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z x1, y1, x2, y2:{0-1}u1, f1, f2, u2 : {0-3} g1, g2, z: {0-2} The state-space: from 1111 to ~105 Weizmann Institute

  7. Or even better: {0} {0-1} x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z x1, y1, g1 , u1 : {0} x2, y2 , g2 , f1: {0-1} f2, z : {0-2} u2 : {0-3} The state-space: from ~105 to 576 An Upper-bound: State-space n! Weizmann Institute

  8. D* D The Range-Minimization Problem Given a quantifier-free formula with equalities only, find in polynomial time a small domain sufficient to preserve its truth value: D : Infinite domain D*: finite domain Weizmann Institute

  9. Analyzing the formula structure Assume  is given in positive form, and contains no constants. Let At() be the set of all atomic formulas of the form xi=xj or xi  xj appearing in . A subset B= {1,…,k} At() is consistent, if 1 ^... ^k is satisfiable; e.g. B= (xi= xj ^ xi  xj) is inconsistent. A Range Allocation R is adequate for At(), if every consistent subset B At() can be satisfied under R. Weizmann Institute

  10. Examples: The price of a polynomial procedure: At() holds less information than . Weizmann Institute

  11. The atomic sub-formulas of  : Split At() into two sets: A : A= : Weizmann Institute

  12. A graphical representation A : A= : x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z Note: 1. Inconsistent subsets, appear as contradictory cycles 2.Some of the vertices are mixed Weizmann Institute

  13. The Range-Allocation Algorithm Step I - pre-processing: A. Remove all solid edges not belonging to contradictory cycles. B. Add a single unique value to singleton vertices, and remove them from the graph. {0} {1} {2} {3} x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z Weizmann Institute

  14. Step II - Set construction: A. For each mixed vertexxi: 1. Add a unique valueuito R(xi) 2. Broadcast ui on G 3. Remove xi from the graph B. Add a unique value to each remaining G= component {4} {4} {4, } {4, } {4} g1 g2 g1 g1 g2 z z z {4, } {4, } {4} 1. 2. Weizmann Institute

  15. {6} {6} {6} {6} u1 f1 f2 u2 1. {6,7} {6,7} {6,7} 2. f1 f2 u2 {6,7, } {6,7, } 3. f1 u2 {6} {6,7,} {6,7} {6,7, } u1 f1 f2 u2 Weizmann Institute

  16. Is the allocated range always adequate? We have to satisfy every consistent subset B: • For all xB, assignthe smallest value allocated in step A to a mixed vertex which is G(B)=- connected to x. • If there isn’t any, choose the value given in step B. {0} {2} {3} {4, } {1} {4} x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z {4, } {6} {6,7} {6,7, } {6,7, } Weizmann Institute

  17. {6} {6,7, } {6,7} {6,7, } {6, } {6} {6,7} {6,7, } Order makes a difference State space: Bad ordering: 18 Good ordering: 12 The vertices removed in step A constitutes a Vertex-Cover of G. We will look for a Minimal Vertex Cover (mvc). Weizmann Institute

  18. Order makes a difference G G/mvc Weizmann Institute

  19. Colors make a difference State space: {6} {6,7, } {6, } {6,7} Unique values: 12 {6, } {6} {6} {6, } ~ Unique values: 4 When should mvc vertices be assigned different values? Weizmann Institute

  20. Colors make a difference Two mixed vertices are incompatible, if there is a path between them with one solid edge. x y z w Coloring the incompatibility graph: y z w Weizmann Institute

  21. A state-space story: Range allocation algo. 1..n 1..i connectivity basic order color 72 48 16 ? 1111 11! 576 {0} {2} {3} {4,5} {1} {4} x1 x2 y1 y2 g1 g2 u1 f1 f2 u2 z {4,5} {6,7} {6} {6} {6,8} Weizmann Institute

  22. A 4 double-clique A new upper bound for the state-space For each connected G=component k: nk = |G=| mk= |mvck| yk - the number of colors in mvck (ykmk) k State-space • The worst case: double cliques back to n! • One connected component (nk=n) • All vertices are mixed • Worst vertex-cover: mk = nk-1 • Worst coloring: yk=mk Weizmann Institute

  23. Before and after, in SMV Weizmann Institute

  24. Experimental Results • A design of a SNECMA turbine engine with Sildex™ results in a verification condition of about 6000 lines. • Before : 92% verified in reasonable time After: 100% verified in reasonable time • Some of the formulas had 150 integer variables and more. The implementation is available at: http://www.wisdom.weizmann.ac.il/~ofers/sat/bench.htm Weizmann Institute

More Related