Automated Reasoning in Complex Theories and Applications to - PowerPoint PPT Presentation

Automated Reasoning in Complex Theories and Applications to Verification Viorica Sofronie-Stokkermans University Koblenz-Landau (This presentation is based on joint work with W. Damm, J. Faber, M. Horbach, C. Ihlemann, S. Jacobs and D. Peuter) Oldenburg, 2.07.2018 1

Motivation Long-term goal of research in computer science - use computers as ’intelligent assistants’ in e.g. mathematics, engineering (and other fields) Main problem - complex description of problems to be solved �→ complex systems, complex encoding 1

Examples of application domains • Theories from mathematical analysis MATHEMATICS Functions over R Tasks - monotone, bounded − construct proofs - continuous, differentiable − check proofs • Algebraic structures Monoids, groups, rings Theories Lattices, Boolean algebras − numbers − polynomials • Logic − functions over Classical logic numeric domains Non-classical logics − algebras - many-valued, fuzzy - modal, dynamic, temporal - ... 2

Examples of application domains Controllers VERIFICATION MATHEMATICS Tasks Tasks − programs − construct proofs correctness/termination − check proofs Embedded software − reactive/hybrid systems safety/lifeness Theories − cryptography correctness crypt. prot. − numbers Theories − polynomials − numbers − functions over − data types numeric domains − functions over numeric domains − algebras 3

Examples of application domains Controllers VERIFICATION MATHEMATICS Tasks Tasks − programs − construct proofs correctness/termination Embedded software − check proofs − reactive/hybrid systems safety/lifeness Theories Program verification − cryptography correctness crypt. prot. − numbers int [] BubbleSort (int[] a ) { Theories int i , j , t ; − polynomials for ( i := | a | − 1; i > 0; i := i − 1) { − numbers for ( j := 0; j < i ; j := j + 1) { − functions over − data types if ( a [ j ] > a [ j + 1]) { t := a [ j ]; numeric domains − functions over a [ j ] := a [ j + 1]; numeric domains − algebras a [ j + 1] := t } ; }} return a } • Does BubbleSort return a sorted array? • Is a state with a certain property reachable in ≤ k steps? 3

Examples of application domains Controllers VERIFICATION MATHEMATICS Tasks Tasks − programs − construct proofs correctness/termination − check proofs − reactive/hybrid systems safety/lifeness Theories − cryptography Check: correctness crypt. prot. • No overflow − numbers • Substances in the right proportion Theories − polynomials Fill React • If substances in wrong proportion, − numbers Inv Inv 1 2 − functions over flow tank can be drained in ≤ 200s. flow 1 − data types 2 numeric domains Determine values for parameters Inv Inv 3 4 − functions over flow flow 3 4 such that this is the case numeric domains − algebras Dump Filter 3

Examples of application domains Controllers VERIFICATION MATHEMATICS Tasks Tasks − programs − construct proofs correctness/termination − check proofs − reactive/hybrid systems safety/lifeness Theories − cryptography Train/Plane controllers correctness crypt. prot. RBC − numbers Theories − polynomials − numbers braking + reaction distance − functions over − data types • Task: check collision freeness numeric domains − functions over numeric domains − algebras 3

Examples of application domains Controllers VERIFICATION MATHEMATICS Tasks Tasks − programs − construct proofs correctness/termination − check proofs − reactive/hybrid systems safety/lifeness Theories − cryptography Car controllers correctness crypt. prot. Car platoon − numbers Theories − polynomials − numbers • Task: check collision freeness − functions over − data types numeric domains − functions over numeric domains − algebras 3

Examples of application domains VERIFICATION DATA BASES MATHEMATICS Tasks Tasks Tasks − programs − test consistency − construct proofs correctness/termination − answer queries − check proofs − reactive/hybrid − limit search systems safety/lifeness Theories Theories − cryptography − First−order logic correctness crypt. prot. − numbers − Datalog Theories − polynomials − ... − numbers − functions over − data types − numbers numeric domains − functions over − functions from/to numeric domains − algebras numerical domains 4

Examples of application domains VERIFICATION DATA BASES MATHEMATICS Tasks Tasks Tasks − programs − test consistency − construct proofs correctness/termination − answer queries − check proofs − reactive/hybrid − limit search systems safety/lifeness Theories Theories − cryptography − First−order logic Verification tasks can often be reduced to testing correctness crypt. prot. − numbers − Datalog Theories − polynomials − ... satisfiability/validity of logical formulae − numbers − functions over − data types − numbers numeric domains − functions over − functions from/to numeric domains − algebras numerical domains 4

Problems and goals 1 st order logic is undecidable: cannot build an ’all-purpose’ program – – theories do not occur alone: need to consider combinations of theories + often fragments of theories occurring in applications are decidable + often provers for the component theories can be combined efficiently Important: Identify theories (and extensions/combinations thereof) which are decidable (with low complexity) and relevant in applications 5

Efficient reasoning • Possibility of limiting search • Modular reasoning in complex theories without loss of completeness 6

Example: A theory of doubly-linked lists Reasoning about doubly-linked lists cf. also [Necula, McPeak 2005] A p ( p � = null ∧ p .next � = null → p .next.prev = p ) A p ( p � = null ∧ p .prev � = null → p .prev.next = p ) ∧ c � =null ∧ c .next � =null ∧ d � =null ∧ d .next � =null ∧ c .next= d .next ∧ c � = d | = ⊥ 7

Example: A theory of doubly-linked lists Reasoning about doubly-linked lists cf. also [Necula, McPeak 2005] ( c � =null ∧ c .next � =null → c .next.prev= c ) ( c .next � =null ∧ c .next.next � =null → c .next.next.prev= c .next ( d � =null ∧ d .next � =null → d .next.prev= d ) ( d .next � =null ∧ d .next.next � =null → d .next.next.prev= d .next ∧ c � =null ∧ c .next � =null ∧ d � =null ∧ d .next � =null ∧ c .next= d .next ∧ c � = d | = ⊥ 7

Example: A theory of doubly-linked lists Reasoning about doubly-linked lists cf. also [Necula, McPeak 2005] ( c � =null ∧ c .next � =null → c .next.prev= c ) ( c .next � =null ∧ c .next.next � =null → c .next.next.prev= c .next) Extensions which also take the elements of ( d � =null ∧ d .next � =null → d .next.prev= d ) ( d .next � =null ∧ d .next.next � =null → d .next.next.prev= d .next) the list: analogous? ∧ c � =null ∧ c .next � =null ∧ d � =null ∧ d .next � =null ∧ c .next= d .next ∧ c � = d | = ⊥ �→ Reasoning in complex theories 7

Complex Theories Hierarchic Reasoning Example: T 1 T 1 : Σ 1 -theory; T 0 ⊆ T 1 Σ 0 ⊂ Σ 1 f : R → R mon. T 0 T 0 : Σ 0 -theory. R Can we use a prover for T 0 as a blackbox to prove theorems in T 1 ? 8

Complex Theories Hierarchic Reasoning T 1 T 1 : Σ 1 -theory; T 0 ⊆ T 1 Σ 0 ⊂ Σ 1 T 0 T 0 : Σ 0 -theory. Can we use a prover for T 0 as a blackbox to prove theorems in T 1 ? Modular Reasoning Example: T 0 : Σ 0 -theory. lists ( R ) ∪ arrays ( R ) T 1 T 0 T 2 T i : Σ i -theory; T 0 ⊆ T i Σ 0 ⊆ Σ i . Can we use provers for T 1 , T 2 as blackboxes to prove theorems in T 1 ∪ T 2 ? Which information needs to be exchanged between the provers? 8

Overview • Local theory extensions Idea Definitions Hierarchical reasoning/Parametric complexity Recognizing local theory extensions • Applications Mathematics Verification • Symbol Elimination/Synthesis 9

Example & Idea R ∪ Mon( f ) ∪ ( a ≤ b ∧ f ( a ) = f ( b ) + 1) | = ⊥ � �� � G A Mon( f ) x , y ( x ≤ y → f ( x ) ≤ f ( y )) 10

Example & Idea R ∪ Mon( f ) ∪ ( a ≤ b ∧ f ( a ) = f ( b ) + 1) | = ⊥ � �� � G A Mon( f ) x , y ( x ≤ y → f ( x ) ≤ f ( y )) Problems: • A prover for R does not know about f • A prover for first-order logic may have problems with the reals and integers • SMT provers may have problems with the universal quantifiers �→ Instantiation-based methods: incomplete or non-terminating often answer “unknown” for satisfiable formulae 10

Example & Idea R ∪ Mon( f ) ∪ ( a ≤ b ∧ f ( a ) = f ( b ) + 1) | = ⊥ � �� � G A Mon( f ) x , y ( x ≤ y → f ( x ) ≤ f ( y )) Problems: • A prover for R does not know about f • A prover for first-order logic may have problems with the reals and integers • SMT provers may have problems with the universal quantifiers �→ Instantiation-based methods: incomplete or non-terminating often answer “unknown” for satisfiable formulae Our goal: Identify situations in which we can restrict to certain instances without loss of completeness 10