1 / 66

Decision Procedures in First Order Logic

Decision Procedures in First Order Logic. Part II – Equality Logic and Uninterpreted Functions. Part I - Introduction. Reminders - What is Logic Proofs by deduction Proofs by enumeration Decidability, Soundness and Completeness Some notes on Propositional Logic

keenana
Download Presentation

Decision Procedures in First Order Logic

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Decision Procedures in First Order Logic Part II – Equality Logic and Uninterpreted Functions Ofer Strichman, Technion

  2. Part I - Introduction • Reminders - • What is Logic • Proofs by deduction • Proofs by enumeration • Decidability, Soundness and Completeness • Some notes on Propositional Logic • Deciding Propositional Logic • SAT tools • BDDs   Technion

  3. Part II – Introduction toEquality Logic and Uninterpreted Functions • Introduction • Definition, complexity • Reducing Uninterpreted Functions to Equality Logic • Using Uninterpreted Functions in proofs • Simplifications • Introduction to the decision procedures • The framework: assumptions and Normal Forms • General terms and notions • Solving a conjunction of equalities • Simplifications Technion

  4. Equality Logic • A Boolean combination of Equalities and Propositions x1=x2Æ (x2=x3Ç: ((x1=x3) ÆbÆx1= 2)) • We will always push negations inside (NNF): x1=x2Æ (x2=x3Ç ((x1x3) Ç:bÇx1 2)) • Note: the set of Boolean variables is always separate from the set of term variables Technion

  5. Equality Logic: the grammar • formula : formulaÇformula | :formula | atom • atom : term-variable = term-variable | term-variable = constant | Boolean-variable term-variables are defined over some (possible infinite) domain. The constants are from the same domain. Technion

  6. Expressiveness and complexity • Allows more natural description of systems,althoughtechnically it is as expressible as Propositional Logic. • Clearly NP-hard. • In fact, it is in NP, and hence NP-complete, for reasons we shall see later. Technion

  7. Expressiveness and complexity • Q1: Let L1 and L2 be two logics whose satisfiability problem is decidable and in the same complexity class. Is the satisfiability problem of an L1 formula reducible to a satisfiability problem of an L2 formula? • Q2: Let L1 and L2 be two logics whose satisfiability problems are reducible to one another. Are L1 and L2 in the same complexity class ? Technion

  8. Equality logic with uninterpreted functions • formula : formulaÇformula | :formula | atom • atom : term = term | Boolean-variable • term : term-variable | function ( list of terms ) term-variables are defined over some (possible infinite) domain. Note that constants are functions with empty list of terms. Technion

  9. Uninterpreted Functions • Every function is a mapping from a domain to a range. • Example: the ‘+’ function over the naturals N is a mapping from <N£N> to N. Technion

  10. Uninterpreted Functions • Now: suppose we replace ‘+’ with an uninterpreted Binary function f (h1st argi , h 2nd arg i) • For example: x1+ x2 = x3+x4 is replaced with • We lost the ‘semantics’ of ‘+’. In other words, fcanrepresent any binary function. • Loosing the semantics means that f is not restricted by any axioms. • But f is still a function! Technion

  11. Uninterpreted Functions (UF’s) • The most general axiom for any function is functional consistency. • Example: if x = y, then f(x) = f(y) for any function f. • Functional consistency axiom scheme: x1=x1’ Æ … Æxn=xn’ !f(x1,…, xn) = f(x1’,…, xn’) • Sometimes, functional consistency is all that is needed for the proof. Technion

  12. Example: Circuit Transformations • Circuits consist of combinationalgates and latches (registers) • The combinational gates can be modeled using functions • The latches can be modeled with variables Latch R1 I Combi- national part Technion

  13. Example: Circuit Transformations Some bitvector Input Some function, say I >> 5 Some other function, say L1 & 100110001… Some condition on L2 Technion

  14. Example: Circuit Transformations Stage 1 • A pipeline processes data in stages • Data is processed in parallel – as in an assembly line • Formal Model: Stage 2 Stage 3 Technion

  15. Example: Circuit Transformations • The maximum clock frequency depends on the longest path between two latches • Note that the output of g is usedas input to k • We want to speed up the design by postponing k to the third stage • Also note that the circuit only uses one of L3 or L4, never both • We can remove one of the latches Technion

  16. Example: Circuit Transformations ? = Technion

  17. Example: Circuit Transformations • Equivalence in this case holds regardless of the actual functions • Conclusion: can be decided using Equality Logic and Uninterpreted Functions Technion

  18. F( ), G( ),… f1 F2(F1(x)) = 0 f2 f2 =0 UFs  Equality Logic: Ackermann’s reduction • For each function in UF: • Number function instances (from the inside out) • Replace each function instance with a new variable • Condition UF with a functional consistency constraint for every pair of instances of thesame function. Given a formula UF with uninterpreted functions ((x=f1) f1=f2 )  (f2=0) Technion

  19. Ackermann’s reduction : Example • Given the formula(x1x2) Ç (F(x1) =F(x2)) Ç (F(x1) F(x3))which we want to check for validity, we first number the function instances: (x1x2) Ç (F1(x1) =F2(x2)) Ç (F1(x1) F3(x3)) Technion

  20. Ackermann’s reduction : Example (x1x2) Ç (F1(x1) =F2(x2)) Ç (F1(x1) F3(x3)) • Replace each function with a new variable, (x1x2) Ç (f1 =f2 ) Ç (f1f3 ) • Condition with Functional Consistency constraints: Technion

  21. F( ), G( ),… F1(x1) = F2(x2) case x1=x2 : f1true :f2 f1 = UFs  Equality Logic: Bryant’s reduction Given a formula UF with UFs • For each function in UF: • Number function instances (from the inside out) • Replace a function instance Fi with an expression casex1=xi :f1 x2=xi:f2 xi-1 =xi :fi-1 true :fi Technion

  22. Bryant’s reduction: Example • x1=x2F1(G1(x1)) =F2(G2(x2)) • Replace each function with an expression • where Technion

  23. Using UFs in proofs • Uninterpreted functions gives us the ability to represent an abstract view of functions. • It over-approximates the concrete system. 1 + 1 = 1 is a contradiction But F(1,1) = 1 is satisfiable ! • Conclusion: unless we are careful, we can give wrong answers and this way lose soundness. Technion

  24. Using UFs in proofs • In general a sound and incomplete method is more useful than unsound and complete. • A soundbutincomplete algorithm: • Given a formula with uninterpreted functions UF: • Transform it to Equality Logic formula E • If E is unsatisfiable return Unsatisfiable • Else return ‘Don’t know’ Technion

  25. Using UFs in proofs • Question #1: is this useful ? • Question #2: can it be made complete in some cases ? • When the abstract view is sufficient for the proof, it enables (or simplifies) a mechanicalproof. • So when is the abstract view sufficient ? Technion

  26. Using UFs in proofs (cont’d) • (common) Proving equivalence between: • Two versions of a hardware design (one with and one without a pipeline) • Source and target of a compiler (“Translation Validation”) • (rare) Proving properties that do not rely on the exact functionality of some of the functions. Technion

  27. Example: Translation Validation • Assume the source program has the statementz= (x1+y1)  (x2+y2) which the compiler turned into:u1=x1+y1;u2=x2+y2;z=u1u2 ; • We need to prove that:(u1=x1+y1 u2=x2+y2  z=u1u2)z= (x1+y1)  (x2+y2) Technion

  28. Example (cont’d) (u1=x1+y1 u2=x2+y2 z=u1u2) z= (x1+y1)  (x2+y2) (u1=F1(x1,y1) u2=F2(x2,y2) z=G1(u1,u2)) z=G2(F1(x1,y1), F2(x2,y2)) • Claim: is valid • We will prove this by reducing it to an Equality Logic formula UF: Technion

  29. Uninterpreted Functions: usability • Good: each function on the left can be mapped to a function on the right with equivalent arguments • Bad: almost all other cases • Example: Left Right x + x 2x Technion

  30. Uninterpreted Functions: usability • This is easy to prove: x1=y1x2=y2x1+y1=x2+y2 • This requires knowledge on commutativity: x1=y2x2=y1x1+y1=x2+y2 • easy fix: ((x1=x2y1=y2) (x1=y2x2=y1)) f1= f2 • What about other cases ?useRewriting rules Technion

  31. These two functions return the same value regardless if it is ‘*’ or any other function. Conclusion: we can prove equivalence by replacing ‘*’ with an Uninterpreted Function Example: equivalence of C programs (1/4) Power3_new(int in) { out = (in*in)*in; return out; } Power3(int in) { out = in; for (i=0; i < 2; i++) out = out * in; return out; } Technion

  32. But first… we need to know how to write programs as equations. We will learn one out of several options, namely Static Single Assignment for Bounded programs. Example: equivalence of C programs (1/4) Power3_new(int in) { out = (in*in)*in; return out; } Power3(int in) { out = in; for (i=0; i < 2; i++) out = out * in; return out; } Technion

  33. From programs to equations • Static Single Assignment (SSA) form Ma ze??? Technion

  34. In this case we can replace  with a guard: y3Ãx2 < 3 ? y1 : y2 Problem: What do we do with loops ? Static Single Assignment form Technion

  35. SSA for bounded programs • For each loop i in a given program, let ki be a bound on its iteration count. • Unroll the program according to the bounds. • We are left with statements and conditions. Technion

  36. : x = 0; while (x < y) { x++; z = z + y; } x = 0; z = z * 2; Let k1 = 2 … x0 = 0 guard0 = x0 < y0 x1 = guard0 ? x0 + 1:x0 z1 = guard0 ? z0 + y0:z0 guard1 = x1 < y0 x2 = guard1 ? x1 + 1: x1 z2 = guard1 ? z1 + y0: z1 x4 = 0 z3 = z2 * 2 SSA for bounded programs Technion

  37. Example: equivalence of C programs (2/4) Power3_new(int in) { out = (in*in)*in; return out; } Power3(int in) { out = in; for (i=0; i < 2; i++) out = out * in; return out; } Static Single Assignment (SSA) form: out0 = inÆ out1 = out0 * in Æ out2 = out1 * in out’0 = (in’ * in’) * in’ Prove that both functions return the same value (out2= out’0) given that in = in’ Technion

  38. Example: equivalence of C programs (3/4) Static Single Assignment (SSA) form: out0 = inÆ out1 = out0 * in Æ out2 = out1 * in out’0 = (in’ * in’) * in’ With Uninterpreted Functions: out’0 = F4(F3(in’ , in’) , in’) out0 = inÆ out1 = F1 (out0 , in) Æ out2 = F2 (out1 , in) Technion

  39. Example: equivalence of C programs (4/4) With Uninterpreted Functions: out’0 = F4(F3(in’ , in’) , in’) out0 = inÆ out1 = F1 (out0 , in) Æ out2 = F2 (out1 , in) Ackermann’s reduction: Eb: out’0 = f4 Ea: out0 = inÆ out1 = f1Æ out2 = f2 The Verification Condition (“the proof obligation”) ((out0 = out1 Æin = in) !f1 = f2) Æ ((out0 = in’ Æin = in’) !f1 = f3) Æ ((out0 = f3Æin= in’) !f1 = f4) Æ ((out1 = in’ Æin= in’) !f2 = f3) Æ ((out1 = f3Æin= in’) !f2 = f4) Æ ((in’ = f3Æin’ = in’) !f3 = f4) Ea Æ Eb Æ (in=in’) Æ !out2 = out’0 Technion

  40. Uninterpreted Functions: simplifications • Let n be the number of function instances of F() • Both reduction schemes require O(n2) comparisons • This can be the bottleneck of the verification effort • Solution: try to guess the pairing of functions • Still sound: wrong guess can only make a valid formula invalid Technion

  41. UFs: simplifications (1) • Given thatx1 = x1’,x2 = x2’,x3 = x3’,prove² o1 = o2 o1 = (x1 + (a¢x2)) a = x3 + 5 Left f1f2 o2 = (x 1’ + (b¢x2’)) b = x3’ + 5 Right f3f4 • 4 function instances  6 comparisons Technion

  42. UFs: simplifications (2) o1 = (x1 + (a¢x2)) a = x3 + 5 Left f1f2 o2 = (x 1’ + (b¢x2’)) b = x3’ + 5 Right f3f4 • Guess: validity of equivalence does not rely onf1=f2or onf3=f4 • Conclusion: only enforce functional consistency of pairs (Left,Right) Technion

  43. UFs: simplifications (3) o1 = (x1 + (a¢x2)) a = x3 + 5 Left f1f2 o2 = (x 1’ + (b¢x2’)) b = x3’ + 5 Right f3f4 • Down to 4 comparisons… (from n(n-1)/2 to n2/4) • Another Guess: validity of equivalence only depends on f1 =f3and f2 =f4 • Pattern matching can be useful here ... Technion

  44. + + Match according to patterns (‘signatures’): in ¢ 5 in in in f1,f3 f2,f4 UFs: simplifications (4) o1 = (x1 + (a¢x2)) a = x3 + 5 Left f1f2 o2 = (x 1’ + (b¢x2’)) b = x3’ + 5 Right f3f4 • Down to 2 comparisons… Technion

  45. UFs: simplifications (5) o1 = (x1 + (a¢x2)) a = x3 + 5 Left f1f2 o2 = (x 1’ + (b¢x2’)) b = x3’ + 5 Right f3f4 + + Propagate through intermediate variables: ¢ ¢ in in var + in in + 5 in 5 in f1,f3 Technion

  46. F in F in in F in in Same example Static Single Assignment (SSA) form: • map F1 to F3 out0 = inÆ out1 = out0 * in Æ out2 = out1 * in out’0 = (in’ * in’) * in’ With Uninterpreted Functions: out’0 = F4(F3(in’ , in’) , in’) out0 = inÆ out1 = F1 (out0 , in) Æ out2 = F2 (out1 , in) • map F2 to F4 Technion

  47. Same example, smaller Verification Condition With Uninterpreted Functions: out’0 = F4(F3(in’ , in’) , in’) out0 = inÆ out1 = F1 (out0 , in) Æ out2 = F2 (out1 , in) Ackermann’s reduction: Eb: out’0 = f4 Ea: out0 = inÆ out1 = f1Æ out2 = f2 The Verification Condition has shrunk: ((out0 = in’ Æin = in’) !f1 = f3) Æ ((out1 = f3Æin= in’) !f2 = f4) Æ (in=in’) ÆEa Æ Eb!out2 = out’0 Technion

  48. now with Bryant’s reduction: With Uninterpreted Functions: out’0 = F4(F3(in’ , in’) , in’) out0 = inÆ out1 = F1 (out0 , in) Æ out2 = F2 (out1 , in) Bryant’s reduction: Eb: out’0 = case case in’=outoÆin’=in : f1 true : f3 =out1 Æ in’=in:: f2 true : f4 Ea: out0 = inÆ out1 = f1Æ out2 = f2 The Verification Condition (“the proof obligation”) Prove validity of:(EaÆEbÆin = in’) !out2 = out’0 Technion

  49. So is Equality Logic with UFs interesting? • It is expressible enough to state something interesting. • It is semi-decidable and more efficiently solvable than richer logics, for example in which some functions are interpreted. • Models which rely on infinite-type variables are more naturally expressed in this logic in comparison with Propositional Logic. Technion

  50. Part II – Introduction toEquality Logic and Uninterpreted Functions • Introduction • Definition, complexity • Reducing Uninterpreted Functions to Equality Logic • Using Uninterpreted Functions in proofs • Simplifications • Introduction to the decision procedures • The framework: assumptions and Normal Forms • General terms and notions • Solving a conjunction of equalities • Simplifications      Technion

More Related