1 / 19

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols. Sumit Gulwani George Necula EECS Department University of California, Berkeley. Introduction. Problem Check satisfiability of conjunction of literals Example: x = 2y+3 Æ F(x-3)  F(2y)

javierball
Download Presentation

A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A Randomized Satisfiability Procedure for Arithmetic and Uninterpreted Function Symbols Sumit Gulwani George Necula EECS Department University of California, Berkeley

  2. Introduction • Problem • Check satisfiability of conjunction of literals • Example: x = 2y+3 Æ F(x-3)  F(2y) • Application: program verification • Existing algorithms • Linear arithmetic: Gaussian elimination, Simplex • Uninterpreted function terms: congruence closure • Combination: Nelson-Oppen, Shostak • Our proposal • A randomized algorithm • We hope to gain: simplicity and efficiency

  3. Outline • Linear arithmetic • Retracting assumptions • Extension to uninterpreted function symbols • Experimentation

  4. Algebraic Interpretation of Satisfiability 1 : (z = x+y) Æ (x = y) Æ (z  0) 2 : (z = x+y) Æ (x = y) Æ (z  2x) • 1 is satisfiable. For e.g. x=1, y=1, z=2 • 2 is not satisfiable since (z=x+y) Æ (x=y) ) (z=2x) • Can we "test" the satisfiability of these formulae with low error probability?

  5. Geometric Interpretation of Satisfiability 1 : (z = x+y) Æ (x = y) Æ (z  0) 2 : (z = x+y) Æ (x = y) Æ (z  2x) L L P R1: z = 0 R2: z = 2x Line L: solution space for (z = x+y) Æ (x = y) IDEA: If we choose points randomly on L, we can easily tell that L ) R1 and L ) R2

  6. Overview of the Algorithm • Generate random assignments that satisfy all equality literals • We do this incrementally • Start with a set of completely random assignments • Adjust them to satisfy each equality literal one by one • Test them on disequality literals • If the random assignments satisfy e1 = e2, then the formula ….Æ e1 e2Æ …. is unsatisfiable

  7. Adjust Operation: Algebraic Interpretation Notation • Sample S = collection of assignments • S ² g = 0 means all assignments in S satisfy g=0 Properties of S’ = Adjust(S, e=0) • If S ² g=0, then S’ ² g=0 • S’ ² e=0 • If S’ ² g’=0, then 9g (S ² g=0 and g=0 Æ e=0 ) g’=0) • S’ satisfies exactly one more linearly independent relationship satisfied by S

  8. Adjust Operation: Geometric Interpretation Algorithm to obtain S’ = Adjust(S, e=0) S4 S1  . Hyperplane e =0 S’1 S’2 S’3 S2 S3 • Assignments = points • Adjust = projection onto the hyperplane represented by an equality literal • S’ satisfies e=0 and all relationships satisfied by S

  9. The Satisfiability Procedure • IsSatisfiable() = • let  be • S Ã R, where R is a random sample • for i = 1 to k: • S Ã Adjust(S,ei=0)

  10. The Satisfiability Procedure • IsSatisfiable() = • let  be • S Ã R, where R is a random sample • for i = 1 to k: • if S ² ei+c=0 for some c  0, then return Unsatisfiable • else if S ² ei=0 then S Ã Adjust(S,ei=0) • for j = 1 to m: • if S ² ej’ = 0, then return Unsatisfiable • return Satisfiable

  11. Completeness Theorem • “If IsSatisfiable() returns true, then  is satisfiable” • Proof: • The final sample satisfies all the equality literals and the disequality literals in the formula.

  12. Soundness Theorem • “If  is satisfiable, then IsSatisfiable() returns true with high-probability” • Error probability · • m: #disequalities • |F|: size of set from which random values are chosen • r: #assignments in the initial sample R • k: #equality literals • If m = k = 10, |F| ¼ 232, r = 15, then error probability ·

  13. Complexity r = #assignments in the initial sample R n = #variables k = #equality literals • Each adjust operation has cost O(nr) • Number of adjust operations = O(k) • Total cost = O(nkr) = O(nk2)

  14. Retracting Assumptions: Motivation • if z=x+y then if x=y then assert (z=2x) else assert (x=z-y) • ) decide satisfiability of (z=x+y) Æ (x=y) Æ (z2x) and (z=x+y) Æ (xy) Æ (xz-y) • One easy way to retract is to remember old samples • Space overhead

  15. S4 S1  Hyperplane e =0 S’1 S’2 S’3 S2 S3 Retracting Assumptions: Unadjust Operation • Remember  • Unadjust(S’,e=0) = S’ [ { } • (S’ [ { }) ² e=0 iff S ² e=0 S’ = Adjust(S, e=0)

  16. Uninterpreted Function Symbols • Use Ackerman transformation • Replace uninterpreted term e with new variable Ve • For any F(e) and F(e’) add if Ve = Ve’ then VF(e) = VF(e’) • Example (x=y) Æ (f(x)=u) Æ (f(y)=w) ! (x=y) Æ (v1=u) Æ (v2=w) Æ (if x=y then v1 = v2) • Implementation • After adjusting for an equality, check if any of the conditional literals require adjustment.

  17. Experimental Results ICS = Integrated Canonizer and Solver

  18. Comparison with Shostak’s Algorithm • Symbolic manipulation vs. expression evaluation • Shostak’s solver » adjust operation • Shostak’s canonizer » probabilistic canonical form

  19. Conclusion and Future Work • Randomization can help achieve simplicity and efficiency at the expense of making soundness probabilistic • Generate proofs • Can we extend these ideas to other theories – inequalities, arrays? • Integrate symbolic techniques with randomized ones

More Related