Decision methods for arithmetic Third summer school on formal methods Leonardo de Moura Microsoft...

Tags:

Preview:

Click to see full reader

Citation preview

Decision methods for arithmeticThird summer school on formal methods

Leonardo de Moura Microsoft Research

Software analysis/verification tools need some form of symbolic reasoning

Symbolic Reasoning

Logic is “The Calculus of Computer Science”Zohar Manna

Saturation x Search

Proof-finding Model-finding

Models

Proo

fsConflict

Resolution

SAT

CNF is a set (conjunction) set of clausesClause is a disjunction of literalsLiteral is an atom or the negation of an atom

Two procedures

Resolution DPLLProof-finder Model-finderSaturation Search

Resolution

ImprovementsDelete tautologies Ordered ResolutionSubsumption (delete redundant clauses)

unsat

Resolution: Example

Resolution: Example

Resolution: Example

Resolution: Example

Resolution: Example

Resolution: Problem

Exponential time and space

Unit Resolution

Complete for Horn Clauses

subsumes

DPLL

DPLL = Unit Resolution + Split rule

Split rule

𝑆 ,𝑝 𝑆 ,¬𝑝

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

DPLL𝑥∨ 𝑦 ,¬𝑥∨𝑦 , 𝑥∨¬ 𝑦 ,¬𝑥∨¬ 𝑦

CDCL: Conflict Driven Clause Learning

Resolution

DPLLConflict

Resolution

Proof

Model

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Propagations

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Propagations

𝑥≥1

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Propagations

𝑥≥1 𝑦 ≥1

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Decisions

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Model Assignments

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1𝑥→2

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Model Assignments

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1𝑥→2

We can’t falsify any fact in the trail.

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Conflict

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1𝑥→2

We can’t find a value of s.t.

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Conflict

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1𝑥→2

We can’t find a value of s.t.

Learning that = 2)is not productive

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2

Conflict

𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1𝑥→2

𝑦

𝑥

𝑥2+ 𝑦2≤1 𝑥→2

−1≤ 𝑥 , 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1

Conflict¬ (𝑥≥2 )∨¬(𝑥≤1)

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1

Learned by resolution

¬ (𝑥≥2 )∨¬(𝑥2+𝑦2≤1)

MCSat

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1¬(𝑥2+𝑦2≤1)

¬(𝑥2+𝑦2≤1)∨𝑥≤1¬ (𝑥≥2 )∨¬(𝑥2+𝑦2≤1)

MCSat – Finite BasisEvery theory that admits quantifier elimination has a finite basis (given a fixed assignment order)

𝐹 [𝑥1 ,…,𝑥𝑛 , 𝑦1 ,…, 𝑦𝑚]

∃𝑥1 ,…, 𝑥𝑛 :𝐹 [𝑥1 ,…,𝑥𝑛 , 𝑦 ]

𝐶1[𝑦1 ,…, 𝑦𝑚]∧…∧𝐶𝑘[𝑦1 ,…, 𝑦𝑚 ]

¬𝐹 [𝑥1 ,…,𝑥𝑛 , 𝑦1 ,…, 𝑦𝑚 ]∨𝐶𝑘[𝑦1 ,…, 𝑦𝑚]

MCSat – Finite Basis

𝐹 1[𝑥1]

𝐹 2[𝑥1 ,𝑥2]

𝐹 𝑛[𝑥1 ,𝑥2,…, 𝑥𝑛−1 ,𝑥𝑛]

𝐹 𝑛−1[𝑥1 ,𝑥2,…, 𝑥𝑛−1]…

MCSat – Finite Basis

𝐹 1[𝑥1]

𝐹 2[𝑥1 ,𝑥2]

𝐹 𝑛[𝑥1 ,𝑥2,…, 𝑥𝑛−1 ,𝑥𝑛]

𝐹 𝑛−1[𝑥1 ,𝑥2,…, 𝑥𝑛−1]…

MCSat – Finite Basis

𝐹 1[𝑥1]

𝐹 2[𝑥1 ,𝑥2]

𝐹 𝑛[𝑥1 ,𝑥2,…, 𝑥𝑛−1 ,𝑥𝑛]

𝐹 𝑛−1[𝑥1 ,𝑥2,…, 𝑥𝑛−1]…

MCSat – Finite Basis

𝐹 1[𝑥1]

𝐹 2[𝑥1 ,𝑥2]

𝐹 𝑛[𝑥1 ,𝑥2,…, 𝑥𝑛−1 ,𝑥𝑛]

𝐹 𝑛−1[𝑥1 ,𝑥2,…, 𝑥𝑛−1]…

MCSat – Finite BasisEvery “finite” theory has a finite basis

𝐹 [𝑥1 ,…,𝑥𝑛 , 𝑦1 ,…, 𝑦𝑚]

MCSat – Finite BasisTheory of uninterpreted functions has a finite basis

Theory of arrays has a finite basis [Brummayer- Biere 2009]

In both cases the Finite Basis is essentially composed of equalities between existing terms.

MCSat: Termination

Propagations

Decisions

Model Assignments

MCSat

Propagations

Decisions

Model Assignments

MCSat

Propagations

Decisions

Model Assignments

MCSat

¿𝐹𝑖𝑛𝑖𝑡𝑒𝐵𝑎𝑠𝑖𝑠∨¿

…Maximal Elements

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1Conflict¬ (𝑥≥2 )∨¬(𝑥≤1)

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1Conflict¬ (𝑥≥2 )∨¬(𝑥≤1)

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1¬(𝑥2+𝑦2≤1)

¬(𝑥2+𝑦2≤1)∨𝑥≤1¬ (𝑥≥2 )∨¬(𝑥2+𝑦2≤1)

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1𝑥2+ 𝑦2≤1 𝑥≤1

¬(𝑥2+𝑦2≤1)∨𝑥≤1Conflict¬ (𝑥≥2 )∨¬(𝑥≤1)

𝑥≥2 , (¬𝑥≥1∨ 𝑦 ≥1 ) ,(𝑥2+𝑦2≤1∨𝑥𝑦>1)

𝑥≥2 𝑥≥1 𝑦 ≥1¬(𝑥2+𝑦2≤1)

¬(𝑥2+𝑦2≤1)∨𝑥≤1¬ (𝑥≥2 )∨¬(𝑥2+𝑦2≤1)

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑝

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑝

Conflict (evaluates to false)

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑝

New clause

𝑥<1∨𝑥=2

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑝

New clause

𝑥<1∨𝑥=2

𝑥<1

𝑥<1∨𝑝 ,¬𝑝∨𝑥=2

𝑥→1

MCSat

𝑝

New clause

𝑥<1∨𝑥=2

𝑥<1

MCSat: Architecture

Arithmetic

Boolean Lists

Arrays

MCSat: development

Recommended

Leonardo de Moura Microsoft Research. Is formula F satisfiable modulo theory T ? SMT solvers have specialized algorithms for T
Documents
Moura Minor - mourass.eq.edu.au
Documents
Nikolaj Bjørner, Leonardo de Moura Microsoft Research Bruno Dutertre SRI International
Documents
Leonardo de Moura (Microsoft Research) and Grant Passmore ...leodemoura.github.io/files/cp2011.pdf · Solvers: AProve, Barcelogic, Boolector, CVC3, CVC4, MathSAT5, OpenSMT, SMTInterpol,
Documents
MANUAL DO ALUNO COLÉGIO MOURA JUÁ - 2018 · MANUAL DO ALUNO COLÉGIO MOURA JUÁ - 2018 3 Manual do Aluno MOURA Juazeiro 2018 Seja MOURA, o melhor pra você 02 – DADOS PESSOAIS
Documents
Automated Test Generation with SAL - SRI Internationalrushby/papers/salatg.pdf · 2005-02-24 · Automated Test Generation with SAL Gregoire Hamon, Leonardo de Moura and John Rushby´
Documents
Leonardo de Moura Microsoft Research. Verification/Analysis tools need some form of Symbolic Reasoning
Documents
Leonardo de Moura Microsoft Research
Documents
Leonardo de Moura Microsoft Research. Quantifiers in Satisfiability Modulo Theories Logic is “The Calculus of Computer Science” (Z. Manna). High computational
Documents
ppgd.propesp.ufpa.brppgd.propesp.ufpa.br/ARQUIVOS/editais/Resultado...JULINEIDE DO SOCORRO CORDEIRO DE OLIVEIRA LUCAS MUNHOZ MOURA M RCIA CRISTINA EVER DE ALMEIDA PABLO LEONARDO LIRA
Documents
Leonardo de Moura and Nikolaj Bjørner Microsoft Research · 2019. 8. 30. · Leonardo de Moura and Nikolaj Bjørner Microsoft Research. Z3 is a Satisfiability Modulo Theories (SMT)
Documents
Leonardo de Moura Microsoft Researchleodemoura.github.io/files/milan2010_part1.pdfLogic studies the relationship between language, meaning, and (proof) method. A logic consists of
Documents
Leonardo de Moura Microsoft Research. What is SMT? Experiments: Windows kernel verification. Extending SMT solvers. Garbage collector (Singularity) verification
Documents
Leonardo de Moura Microsoft Researchleodemoura.github.io/files/sbmf09-slides.pdf · Leonardo de Moura Microsoft Research. Satisfiability Modulo Theories: An Appetizer Verification/Analysis
Documents
Advances in Automated Theorem Proving Leonardo de Moura, Nikolaj Bjørner Ken McMillan, Margus Veanes presented by Thomas Ball
Documents
Guilherme Spina (left), V2COM, talks with Leonardo De ... · Guilherme Spina (left), managing director at V2COM, talks with Leonardo De Moura Rocha Lima, chief technology officer,
Documents
Johannes Kepler University Linz, Austria 2008 Leonardo de Moura and Nikolaj Bjørner Microsoft Research
Documents
Mourão Moura - input2012
Technology
Leonardo de Moura Microsoft Research. Satisfiability Modulo Theories: A Calculus of Computation Verification/Analysis tools need some form of Symbolic
Documents
Leonardo Marques Monteiro - New Methods in Urban Simulation
Technology