Part 1: Positive Equality for Uninterpreted functions in Eager Encoding

Part 1: Positive Equality for Part 1: Positive Equality for Uninterpreted functions in Uninterpreted functions in

Eager EncodingEager Encoding

Part 1: Positive Equality for Part 1: Positive Equality for Uninterpreted functions in Uninterpreted functions in

Eager EncodingEager Encoding

– 2 –

Eliminating Function applicationsEliminating Function applications

Two applications of an uninterpreted function f in a formula

f(x1) and f(x2)

Ackermann’s Ackermann’s EncodingEncoding

f(f(xx11)) vfvf11

f(f(xx22)) vfvf22

xx11== xx2 2 vfvf1 1 = = vfvf22

Bryant, German, Velev’s Bryant, German, Velev’s EncodingEncoding

f(f(xx11)) vfvf11

f(f(xx22))

ITE(ITE(xx11== xx22, vf, vf11, vf, vf22))

– 3 –

Positive Equality OptimizationPositive Equality Optimization

GoalGoal Replace as many of the vfi variables with constant values

Exploit the positive structure of the formulaExploit the positive structure of the formula

Overall BenefitOverall Benefit The function-free formula has smaller number of integer

variables Reduces the number of interpretations to check for validity

– 4 –

Eliminating Function applicationsEliminating Function applications


f(x1) and f(x2)


f(f(xx11)) vfvf11

f(f(xx22)) vfvf22

xx11== xx2 2 vfvf1 1 = = vfvf22

Bryant, German, Velev’s Bryant, German, Velev’s EncodingEncoding

f(f(xx11)) vfvf11

f(f(xx22))

ITE(ITE(xx11== xx22, vf, vf11, vf, vf22))

Favors positive equality analysis

– 5 –

EUFEUF

Logic of Equality with Uninterpreted Functions

TermsTermsITE(F, T1, T2) If-then-else

f (T1, …, Tk) Function application

FormulasFormulasF, F1 F2, F1 F2 Boolean connectives

T1 = T2 Equation

p (T1, …, Tk) Predicate application

Special CasesSpecial Casesv Domain variable (order-0

function)

a Propositional variable (order-0 predicate)

– 6 –

EUF and small-model propertyEUF and small-model property

Small Model Property for Small Model Property for Validity Validity [Ackermann ’54]

Suffices to consider a domain with k values

k is the number of distinct function application terms in the formula

Number of cases (interpretations) to check: k!

x y

g g

f f

=

=

(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))

Function-application terms:{x, y, g(x), g(y), f(g(x), f(g(y) }Function-application terms:{x, y, g(x), g(y), f(g(x), f(g(y) }

k = 6

– 7 –

Positive Equality for EUFPositive Equality for EUF

Classify formulas, terms, Classify formulas, terms, functions intofunctions into Positive (p)

General (g)

x y

g g

f f

=

=


General (g) General (g) FunctionsFunctions

x,yx,y

Positive (p) Positive (p) FunctionsFunctions

f,gf,g

p-formulas

g-formulas

p-terms

[Bryant, German, Velev CAV’99]

Positive (p) formulasPositive (p) formulas Negated even no. of times

Do not control ITE

Positive (p) termsPositive (p) terms Never appears in a g-

formula equation

Positive (p) function symbolsPositive (p) function symbols All applications are p-terms

– 8 –

Maximally Diverse InterpretationsMaximally Diverse Interpretations

An interpretation An interpretation I I is is maximally diversemaximally diverse if: if: For any p-function symbol f

1. I [f(T1) = f(T2)] iff I [T1=T2]

2. I [f(T)] I [g(U)], for any other function symbol g

where f(T1), f(T2), g(U) are terms in the formula

h

x y

=

=

g

g

gh

Terms Equal?x y Potentiallyg (x) g (y) Only if x = yg (x) y No

– 9 –


An interpretation An interpretation I I is is maximally diversemaximally diverse if: if: For any p-function symbol f

1. I [f(T1) = f(T2)] iff I [T1=T2]

2. I [f(T1)] I [g(U)], for any other function symbol g


PropertyProperty Formula valid if and only if true under all maximally diverse

interpretations

– 10 –

Justification of Maximal Diversity PropertyJustification of Maximal Diversity Property

For a formula For a formula F For any interpretation I, there is a maximally diverse

interpretation J, such that J[F] I[F]

h

x y

=

=

g

g

ghCreate Worst Case for Create Worst Case for

ValidityValidity Falsify positive equation

Create Worst Case for Create Worst Case for ValidityValidity Falsify positive equation Function applications yield

distinct results

Create Worst Case for Create Worst Case for ValidityValidity Falsify positive equation Function applications yield

distinct results Function arguments distinct

– 11 –

Exploiting Positive EqualityExploiting Positive Equality

PropertyProperty P-function symbol f Introduce variables vf1, …, vfn during elimination

Consider only diverse interpretations for variables vf1, …, vfn

vfi v for any other variable v

ExampleExample Assuming vf1 vf2 :

x1

x2

vf1

vf2

T

F

= = iff x1=x2

f(x1)

f(x2)

– 12 –

Summary: Positive equality optimizationSummary: Positive equality optimization1.1. Eliminate function applicationsEliminate function applications

1. Introduce vf1, …, vfn while eliminating function symbol f

2.2. For a p-function symbol For a p-function symbol ff1. Replace vf1, …, vfn with distinct constants

3.3. The only variables in the function-free formula are The only variables in the function-free formula are the the vfvfii variables for g function symbols variables for g function symbols m = number of g-function applications

– 13 –


x y

g g

f f

=

=


General (g)General (g)FunctionsFunctions

x,yx,y

Positive Positive FunctionsFunctions

f,gf,g

PropertyProperty Number of interpretations

to consider = m! m = number of g-function

applications

– 14 –




x,yx,y


f,gf,g

PropertyProperty Number of interpretations

to consider = m! m = number of g-function

applications Function-application terms:{x, y, g(x), g(y), f(g(x)), f(g(y)) }Function-application terms:

{x, y, g(x), g(y), f(g(x)), f(g(y)) }

p applications:{g(x), g(y), f(g(x)), f(g(y)) }

p applications:{g(x), g(y), f(g(x)), f(g(y)) }

g applications:{x,y}

g applications:{x,y}

m = 2m = 2

Search Space reduced from 6! to 2!

– 15 –

Application of positive equalityApplication of positive equality

Pipelined processor verificationPipelined processor verificationBryant, German and Velev CAV’99, Velev and Bryant DAC’00,..

Observation: Most uninterpreted functions which appear in pipeline data-path are p-functions

E.g. ALU, Incrementer for PC, ….

Other Infinite-state system verificationOther Infinite-state system verificationBryant, Lahiri, Seshia CAV’02

Improves efficiency in benchmarks from cache-coherence verification, out-of-order processors, software benchmarks

– 16 –

Impact of Positive EqualityImpact of Positive Equality

Model Initial formula size

UCLID w/ p-eq. (s)

UCLID w/o p-eq. (s)

SVC time (s)

Out-of-order proc

3929 61.90 149.46 4257.3

Cache coherence

3939 61.08 > 1 hr > 1 day

DLX pipeline 639 13.22 1897 > 1 day

Positive equality can be exploited to improve performance

[Bryant, Lahiri, Seshia CAV’02]

– 17 –

Ackermann’s encoding and positive equalityAckermann’s encoding and positive equality


f(x1) and f(x2)

Can’t assign distinct values to Can’t assign distinct values to vfvf11, ,

vfvf2 2 for p-function symbol for p-function symbol ff

Ignores the case when xx11== xx2 2


f(f(xx11)) vfvf11

f(f(xx22)) vfvf22

xx11== xx2 2 vfvf1 1 = = vfvf22

– 18 –

Limitation of positive equality analysisLimitation of positive equality analysisLimitation of previous approachLimitation of previous approach

Not “robust” Entire analysis fails even

when a single application is negative

x

=

(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))

GeneralGeneralFunctionsFunctions

x,fx,f


f

f

f=

f

p-applications:{}

p-applications:{}

g-applications:{x, f(x), f 2(x), f 3(x),

f 4(x) }

g-applications:{x, f(x), f 2(x), f 3(x),

f 4(x) }

Function-application terms:

{x, f(x), f 2(x), f 3(x), f 4(x) }


{x, f(x), f 2(x), f 3(x), f 4(x) }

– 19 –

Robust Positive Equality AnalysisRobust Positive Equality Analysis

Look at each application instead Look at each application instead of function symbolsof function symbols

Finer granularity for exploiting positive equality

[Lahiri, Bryant, Goel, Talupur TACAS’04]

x

=


GeneralGeneral FunctionsFunctions

x,fx,f


f

f

f=

f

p-terms:{ f 2(x), f 3(x), f 4(x) }

p-terms:{ f 2(x), f 3(x), f 4(x) }

g-terms:{x, f(x)}

g-terms:{x, f(x)}


{x, f(x), f 2(x), f 3(x), f 4(x) }


{x, f(x), f 2(x), f 3(x), f 4(x) }

– 20 –

Robust Positive Equality AnalysisRobust Positive Equality Analysis

GoalGoal If a variable vfi is a result of eliminating a p-term, then try to

assign it a distinct constant

QuestionQuestion Can we always assign the vfi variables for any p-term a

distinct value? Not always

Can we compute the set of p-terms that maximizes the number of vfi variables that can be assigned distinct values?

In general, NP-complete

– 21 –

OutlineOutline

Robust positive equalityRobust positive equality “Robust” maximal diversity theorem

Exploiting robust positive equality Exploiting robust positive equality Obstacles Solutions

ResultsResults

Related work Related work

– 22 –

Robust Maximal DiversityRobust Maximal Diversity

For an interpretation For an interpretation II A p-term f(T) is called is g-arg-distinct, if there is no g-term

f(U), such that I [T] = I [U].

An interpretation An interpretation I I is is robust maximally diverserobust maximally diverse if: if: For every g-arg-distinct p-term f(T1),

1.I [f(T1) = f(T2)] iff I [T1=T2]

2.I [f(T)] I [g(U)], for any other function symbol g


– 23 –

Equals non f term

ExampleExampleI = I = {{x, f 2(x), f 4(x)}}, {{f(x), f 3(x)}}


x

=

f

f=

f

fG-term

P-term

Non robust-maximally diverseinterpretation

g-arg-distinctg-arg-distinct

For an interpretation For an interpretation II A p-term f(T) is called is g-

arg-distinct, if there is no g-term f(U), such that

I [T] = I [U].

An interpretation An interpretation I I is is robust robust maximally diversemaximally diverse if: if: For every g-arg-distinct p-term

f(T1), 1. I [f(T1) = f(T2)] iff I [T1=T2] 2. I [f(T)] I [g(U)], for any

other function symbol g


– 24 –

Robust Maximal Diversity TheoremRobust Maximal Diversity Theorem

Generalization of positive equalityGeneralization of positive equality Any robust-maximally diverse interpretation is a maximally

diverse interpretations The subset inclusion can be proper

ConsequenceConsequence Fewer interpretations to consider to check validity

TheoremTheorem Formula valid if and only if true under all robust maximally

diverse interpretations

– 25 –

Exploiting Robust Positive EqualityExploiting Robust Positive Equality

By Robust maximal By Robust maximal diversity theoremdiversity theorem Assign a distinct

constant to vfi , when i > l

Value of vfi = Value of f(f(xxii))

when xxii does not equal {xx11,,

…,…,xxi-1i-1}

i.e. when f(f(xxii) ) is g-arg-distinctg-arg-distinct

Function applications f(x1),…, f(xn)

Introduce variables vf1, …, vfn during elimination

f(f(xx11),…,),…, f(f(xxll),…, f(),…, f(xxii),…,f(),…,f(xxnn))

Contains all the g-terms for ff

– 26 –

What we needWhat we need

Eliminate the g-terms as early as possibleEliminate the g-terms as early as possible Constrained by the sub-expression ordering e.g. f(x) has to be eliminated before eliminating f(f (x))

Need the best topological order Need the best topological order Respects the sub-expression orderings

Maximizes the number of vf variables that can be assigned distinct constant value

Need to define this objective function precisely

– 27 –

Function elimination and topological orderFunction elimination and topological orderRequires a topological Requires a topological

order on the termsorder on the terms Respects the sub-

expression order Eliminate functions from

sub-terms first

Example orderExample order x, f(x), f 2(x), f 3(x), f 4(x) Only order for this example

x

=


f

f

f=

f

– 28 –

Function elimination and topological orderFunction elimination and topological order

x

f

f

f=

f

(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))

=

Always precedes the

g-term f 2(x)

vfvf variables for every p- variables for every p-term can’t be assigned term can’t be assigned distinct valuesdistinct values P-terms that are subterms

of a g-term with the same function.

Example orderExample order x, f(x), f 2(x), f 3(x), f 4(x) Only order for this example

– 29 –

Topological ordering and the p-termsTopological ordering and the p-terms

Topological order <

PosPos<<(f) (f) Set of p-terms of f which

do not precede any g-

terms of f in <

PosPos<< = = f f PosPos<<(f) (f)

– 30 –

Topological ordering: Example 1Topological ordering: Example 1

Topological order <



terms of f in <


x

=


f

f

f=

f

++

++

++

ExampleExample

x< f(x) < f 2(x) < f 3(x) < f 4(x)

Pos< = {f 2(x), f 3(x), f 4(x)}

– 31 –

Topological orderingTopological ordering

PropertyProperty The vfi variables which results

when eliminating terms in

PosPos<< can be assigned a distinct constant value

GoalGoal

Find the topological order “<<” that maximizes the size

of PosPos<<

Topological order <



terms of f in <


– 32 –

Finding the best topological orderingFinding the best topological ordering

ExampleExample 3 topological orders on

terms1. x<g(x)<f(g(x))<f(x)<g(f(x))

2. x< f(x)<g(f(x))<g(x)<f(g(x))

3. x<g(x)< f(x)<g(f(x))<f(g(x))(f(g(x)) = g(f(x)))(f(g(x)) = g(f(x)))

=

f

f g

g

x

PosPos<< == {{x, , f(x)}}

PosPos<< == {{x, g(x)}}

PosPos<< == {{x }}

Not best for

f

Not best for

g

With multiple non-zero arity function symbolWith multiple non-zero arity function symbol

Best order may not be best for each symbol

– 33 –

Obtaining best topological orderObtaining best topological order

ComplexityComplexity NP-complete

Polynomial when only 1 non-zero arity function symbol

Reduction from the maximum independent set problem

Greedy heuristic to find a good orderGreedy heuristic to find a good order Assign higher priorities to p-terms of functions with greater

number of “potential” terms in PosPos<<

Finds the optimal order for most of the examples we have seen so far.

– 34 –

Sample ResultsSample Results

Implemented in UCLID decision procedure With Zchaff SAT-solver

Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99]

exampleexample #vars#vars Positive EqualityPositive Equality

#pvar time#pvar time

Robust Positive EqRobust Positive Eq


SpeedupSpeedup

Cv22Cv22 101101 11 70.8470.84 1616 45.6545.65 1.551.55

Cv44Cv44 3838 88 19.7519.75 1717 7.137.13 2.772.77

Cv46Cv46 7070 1010 >1800>1800 2828 100.50100.50 >18>18

– 35 –

ObservationsObservations

Robust positive equality improves efficiency Robust positive equality improves efficiency Useful in practice

Small overhead (+5%) over positive equality analysisSmall overhead (+5%) over positive equality analysis Efficient implementation can further reduce this overhead Seldom affects total time when translation time to SAT is a

small fraction of the overall time

– 36 –

Related workRelated work

Pnueli, Rodeh, Strichman & Siegel CAV’99Pnueli, Rodeh, Strichman & Siegel CAV’99 Removes function applications by Ackermann’s reduction Range allocation for the resultant formula

Assigns smaller ranges for g-terms

Rodeh & Strichman CAV’01Rodeh & Strichman CAV’01 Uses Bryant, German & Velev’s function elimination method

+ range allocation Has similarities and differences with our work

– 37 –

ConclusionsConclusions

Positive EqualityPositive Equality Simplifies function-free formula by reducing the number of

variables in the formula

Robust Positive EqualityRobust Positive Equality Generalization of positive equality Improves applicability for more general benchmarks

Can be extended for CLU logicCan be extended for CLU logic T1 < T2 + c [BLS02; Lahiri MS Thesis]

Can we generalize it for linear arithmetic + EUF?

– 38 –

Questions Questions

– 39 –

Decision Procedure BenchmarkingDecision Procedure Benchmarking

ModelModel Term Term formula formula DAG sizeDAG size

Prop Prop formula formula DAG size DAG size

UCLID UCLID time (s)time (s)

SVC time SVC time (s)(s)

CVC time CVC time (s)(s)

Out-of-Out-of-orderorder

executionexecution

UnitUnit

735735 36583658 4.84.8 3.03.0 6.166.16

19701970 1375513755 18.318.3 102.4102.4 90.7590.75

39293929 3717937179 61.961.9 4257.34257.3 Out of MemOut of Mem

Elf™Elf™

processorprocessor

218218 942942 1.21.2 10.910.9 0.250.25

10851085 44814481 8.48.4 1851.61851.6 114.46114.46

24672467 1645316453 30.630.6 > 1 day> 1 day Out of MemOut of Mem

45534553 5428854288 111.0111.0 > 1 day> 1 day Out of MemOut of Mem

Compared against Stanford Validity Checker (SVC) & its successor CVC (which uses Chaff)• Decides CLU + real linear arith. + bit-vector arith.

UCLID uses Chaff for Boolean SAT• UCLID time = translation time + Chaff time

– 40 –

Impact of Positive EqualityImpact of Positive Equality

Model Term formula size

UCLID w/ p-eq. (s)

UCLID w/o p-eq. (s)

Out-of-order

execution unit

735 4.78 9.79

1970 18.29 37.71

3929 61.90 149.46

Cache

Protocol

1829 6.29 26.50

2782 16.13 165.91

3939 61.08 > 1 hr

DLX pipeline 639 13.22 1897

Positive equality can be exploited to improve performance

– 41 –

Exploiting Positive EqualityExploiting Positive Equality

PropertyProperty P-function symbol f Introduce variables vf1, …, vfn during elimination

Consider only diverse interpretations for variables vf1, …, vfn

vfi v for any other variable v

ExampleExample Assuming vf1 vf2 :

x1

x2

vf1

vf2

T

F

= = iff x1=x2

– 42 –

f

fvf1

vf2

Compare: Ackermann’s MethodCompare: Ackermann’s Method

Replacing ApplicationReplacing Application Introduce new domain variable Enforce functional consistency by global constraints

Unclear how to generate diverse interpretations

x1

x2

F= =

– 43 –

Decision Procedures in VerificationDecision Procedures in Verification

Work-horse for many automated verification Work-horse for many automated verification methodologiesmethodologies Processor and Protocol verification

Pipelined processor verification

» Burch & Dill CAV’94, Bryant, German & Velev CAV’99,…Out-of-order processor and cache coherence verification

» Lahiri, Seshia & Bryant FMCAD’02, Bryant, Lahiri & Seshia CAV’02

Predicate abstractionSoftware verification

» SLAM (MSR), BLAST (Berkeley), MAGIC (CMU),…Protocol verification

» Das, Dill & Park CAV’99,

– 44 –

Decision Procedures for quantifier-free fragment of first-order logicDecision Procedures for quantifier-free fragment of first-order logicPrincipal theoriesPrincipal theories

Logic of equality with uninterpreted functions f(x) = f(g(y))

Linear arithmetic Difference-bound logic subset ( T1 < T2 + c) Full linear arithmetic

Arrays read and write operations

ToolsTools SVC/CVC from Stanford (FMCAD ’96, CAV’02, CAV ‘04) UCLID from CMU (CAV’02, CAV’04) ICS from SRI (CAV ’01) Simplify/Verifun from HP (CAV ’03) Zapato from Microsoft (CAV ’04) ……

Carnegie Mellon University

Revisiting Positive EqualityRevisiting Positive EqualityRevisiting Positive EqualityRevisiting Positive Equality

Shuvendu K. LahiriRandal E. Bryant

Amit GoelMuralidhar Talupur

– 46 –

ConclusionsConclusions

Generalization of Bryant et al’s positive equality Generalization of Bryant et al’s positive equality analysisanalysis Subsumes original positive equality

Exploiting robust positive equality in a decision Exploiting robust positive equality in a decision procedureprocedure Problems and heuristics

Future WorkFuture Work Integrate smaller range-allocation for the g-terms

Pnueli et al. CAV’99, Talupur et al. CAV’04

– 47 –


x y

g g

f f

=

=



x,yx,y


f,gf,g

Split the set of terms intoSplit the set of terms into p-terms

Function applications of p-functions

g-termsFunction applications of g-

functions

– 48 –

DefinitionDefinition

P-termP-term Term which never appear

in equations that are g-formulas

G-termG-term Term which appears at

least once in an equation that is a g-formula

x

=


f

f

f=

f

p-terms

g-terms

– 49 –

f

f

fx1

x2

x3

vf1

vf2

T

F

=

==

T

F

vf3

T

F

Eliminating Function ApplicationsEliminating Function Applications

Bryant, German & Velev CAV’99

Replacing ApplicationReplacing Application Introduce new domain variable Nested ITE structure maintains functional consistency

– 50 –

Robust maximally diverse interpretationsRobust maximally diverse interpretationsP-term P-term h(Th(T11,…, T,…, Tnn))

If args. do not equal the args. of any g-term h(U1,…,Un), thenCan only equal other h

application terms with equal arguments

PropertyProperty Formula valid if and only if

true under all robust maximally diverse interpretations

I = I = {{x 0, f(0) 1, f(1) 0,..}}


Equals non f term0

1

0

1

0

x

=

f

f=

f

fG-term

P-term


Argsnot equal

with the g-term

– 51 –

Heuristic for obtaining topological orderHeuristic for obtaining topological orderPotentially positivePotentially positive terms for a terms for a

function function f The p-terms of f that are

not sub-terms of any g-term of f

StepsSteps1. Sort the function symbols

by the number of potentially positive terms

2. For each function f in sorted order: Put all the g-terms of f (and

their subterms) in the topological order

3. Put all the remaining p-terms in the topological order

– 52 –

Heuristic for obtaining topological orderHeuristic for obtaining topological order

Sort the functionsSort the functions f;g; x

Put the g-terms for Put the g-terms for ff x<g(x)<f(g(x))

Put the g-terms for Put the g-terms for gg f(x)<f(f((x))<g(f(f(x)))

Put the g-terms for Put the g-terms for xx Already present

(f(g(x)) = g(f(f(x))))(f(g(x)) = g(f(f(x))))

=

f

f g

g

f

++ ++

++

Potentially positivePotentially positive terms for a terms for a function function f The p-terms of f that are

not sub-terms of any g-term of f

StepsSteps1. Sort the function symbols

by the number of potentially positive terms

2. For each function f in sorted order: Put all the g-terms of f (and

their subterms) in the topological order

3. Put all the remaining p-terms in the topological order

++xx<g(x)<f(g(x))<f(x)<f(f(x))<g(f(f(x)))

TT<<+ + == {{x, , f(x),f(f(x))}}

– 53 –

DefinitionsDefinitions

Interpretation Interpretation II Assigns a value to all the

functions appearing in a formula

I(f) = function associated with the symbol f

EvaluationEvaluation

I [e] evaluates e w.r.t. the

interpretation I Defined inductively on the

structure of e

x

=


f

f

f=

f

I = I = {{x 0, f(0) 1, f(1) 0,..}}

0

1

0

1

0

false

true

truefalse

– 54 –


Topological order <

TT<<++(f) (f)

Set of p-terms of f which do not precede any g-

terms of f in <

TT<<++ = = f f TT<<

++(f) (f)

ExampleExample

x< f(x) < f 2(x) < f 3(x) < f 4(x)

T<+ = {f 3(x), f 4(x)}

x

f

f

f=

f


++

++=

Always precedes the

g-term f 2(x)

– 55 –

ResultsResults

Implemented in UCLID decision procedure With Zchaff SAT-solver

Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99]

exampleexample #var#varss

Positive EqualityPositive Equality


Robust Positive EqRobust Positive Eq

#pvar |T#pvar |T++| time| time

SpeedupSpeedup

Cv22Cv22 101101 11 70.8470.84 1616 1818 45.6545.65 1.551.55

Cv23Cv23 101101 88 23.0623.06 2222 2222 15.9615.96 1.441.44

Cv25Cv25 101101 88 45.9345.93 2222 2222 21.8021.80 2.102.10

Cv44Cv44 3838 88 19.7519.75 1717 1717 7.137.13 2.772.77

Cv46Cv46 7070 1010 >1800>1800 2828 2828 100.50100.50 >18>18

TT++ = union of the set of potentially positive terms for each function

– 56 –


Topological order <



terms of f in <


ExampleExample

x< f(x) < f 2(x) < f 3(x) < f 4(x)

Pos< = {f 3(x), f 4(x)}

x

f

f

f=

f


++

++=

Always precedes the

g-term f 2(x)

– 57 –

Finding the best topological orderingFinding the best topological ordering

With multiple non-zero arity With multiple non-zero arity function symbolfunction symbol Best order may not be

best for each symbol

ExampleExample 3 topological orders on

terms1. x<g(x)<f(g(x))<f(x)<g(f(x))

2. x< f(x)<g(f(x))<g(x)<f(g(x))

3. x<g(x)< f(x)<g(f(x))<f(g(x))(f(g(x)) = g(f(x)))(f(g(x)) = g(f(x)))

=

f

f g

g

x

PosPos<< == {{x, , f(x)}}

PosPos<< == {{x, g(x)}}

PosPos<< == {{x }}

– 58 –

Relevant papersRelevant papers

““Exploiting positive equality in a logic of equality Exploiting positive equality in a logic of equality with uninterpreted functions”with uninterpreted functions” Bryant, German and Velev, CAV’99

““Revisiting Positive Equality”Revisiting Positive Equality” Lahiri, Bryant, Goel and Talupur, TACAS’04 Generalization of positive equality

– 59 –


P-Function SymbolsP-Function Symbols Equal results only for

equal arguments Doesn’t equal

application of any other function symbol

G-Function SymbolsG-Function Symbols Potentially yield equal

results for unequal arguments

PropertyProperty Formula valid if and

only if true under all maximally diverse interpretations

h

x y

=

=

g

g

gh

Terms Equal?x y Potentiallyg (x) g (y) Only if x = yg (x) y No

– 60 –

Robust maximally diverse interpretationsRobust maximally diverse interpretationsFor every p-term For every p-term h(Th(T11,…, T,…, Tnn))





– 61 –

Robust maximally diverse interpretationsRobust maximally diverse interpretationsP-term P-term h(Th(T11,…, T,…, Tnn))





I = I = {{x, f 2(x)}}, {{f(x), f 3(x)}}


Equals non f termx

=

f

f=

f

fG-term

P-term


Argnot equal to the

arg ofg-term of f

Documents

Part 1: Positive Equality for Uninterpreted functions in Eager Encoding