Efficient Interpolant Generation in Satisfiability Modulo Linear - PowerPoint PPT Presentation

Deduction at Scale Seminar 2011 Efficient Interpolant Generation in Satisfiability Modulo Linear Integer Arithmetic Alberto Griggio FBK-IRST, Trento joint work with Thi Thieu Hoa Le and Roberto Sebastiani, DISI - Univ. Trento

Introduction ♦ (Craig) Interpolation for ground first-order theories successfully applied in formal verification ♦ Efficient SMT-based algorithms for several theories and combinations (e.g. EUF, LA(Q), DL, UTVPI) ♦ Interpolation for full LA(Z) is harder ♦ Some promising recent work [Brillout et al IJCAR'10, Kroening et al. LPAR'10], but still some drawbacks ♦ This work: propose a novel, general technique for interpolation in LA(Z) ♦ to overcome some drawbacks of current approaches

Outline ♦ Background ♦ Current techniques for interpolation in LA(Z) ♦ A novel interpolation technique for LA(Z) ♦ Experimental evaluation

Background - Interpolants ♦ (Craig) Interpolant for an ordered pair ( A, B ) of formulas s.t. is a formula I s.t. A ^ B j = T ? A j a) = T I B ^ I j = T ? b) c) all the uninterpreted (in ) symbols of I occur in both A and B T

Background - Interpolants ♦ Interpolants can be generated from proofs of unsatisfiability [McMillan]

Background - Interpolants ♦ Interpolants can be generated from proofs of unsatisfiability [McMillan] ♦ Proof of unsatisfiability in SMT: Boolean part T -specific part (ground resolution) (for conjunctions of constraints)

Background - Interpolants ♦ Interpolants can be generated from proofs of unsatisfiability [McMillan] ♦ Proof of unsatisfiability in SMT: Boolean part T -specific part (ground resolution) (for conjunctions of constraints) -specific T Standard Boolean interpolation interpolation for conjunctions only

Background - Interpolants ♦ Interpolants can be generated from proofs of unsatisfiability [McMillan] ♦ Proof of unsatisfiability in SMT: Boolean part T -specific part (ground resolution) (for conjunctions of constraints) -specific T Standard Boolean interpolation interpolation for conjunctions only Problem reduced to finding an interpolant for sets of -literals T

Outline ♦ Background ♦ Current techniques for interpolation in LA(Z) ♦ A novel interpolation technique for LA(Z) ♦ Experimental evaluation

Interpolation and LA(Z) ♦ Linear Integer Arithmetic: constraints of the form P / 2 f· ; = g i c i x i + c . / 0 ; . ♦ In general, no quantifier-free interpolation for LA(Z)! [McMillan05] Example: A := ( y ¡ 2 x = 0) B := ( y ¡ 2 z ¡ 1 = 0) The only interpolant is: 9 w: ( y = 2 w ) ♦ Solution: extend the signature to include modular equations (divisibility predicates) d 2 Z > 0 ( t + c = d 0) ´ 9 w: ( t + c = d ¢ w ) ; The interpolant now becomes: ( y = 2 0)

SMT(LA(Z)) with modular equations ♦ Modular equations can be eliminated via preprocessing: ♦ Replace every atom a := ( t + c = d 0) with a fresh Boolean variable p a ♦ Add the 4 clauses p a ! ( t + c ¡ dw 1 = 0) : p a ! ( t + c ¡ dw 1 ¡ w 2 = 0) ( ¡ w 2 + 1 · 0) ( w 2 ¡ d + 1 · 0) where are fresh integer variables w 1 ; w 2

Interpolation via quantifier elimination ♦ Using modular equation, interpolants can be constructed via quantifier elimination: I ( A; B ) := ExistElim( x i 62 B )( A ) ♦ However, this is very expensive, both in theory and in practice

Interpolants from LA(Z)-proofs ♦ Cutting-plane proof system: complete proof system for LA(Z) ¡ Comb t 1 · 0 t 2 · 0 Hyp c 1 ¢ t 1 + c 2 ¢ t 2 · 0 ; c 1 ; c 2 > 0 t · 0 P i c i x i + c · 0 P Div d e · 0 ; d > 0 divides the c i 's c i d x i + d c i

Interpolants from LA(Z)-proofs ♦ Cutting-plane proof system: complete proof system for LA(Z) ¡ Comb t 1 · 0 t 2 · 0 Hyp c 1 ¢ t 1 + c 2 ¢ t 2 · 0 ; c 1 ; c 2 > 0 t · 0 P i c i x i + c · 0 P Div d e · 0 ; d > 0 divides the c i 's LA(Q) rules c i d x i + d c i

Interpolants from LA(Z)-proofs ♦ Cutting-plane proof system: complete proof system for LA(Z) ¡ Comb t 1 · 0 t 2 · 0 Hyp c 1 ¢ t 1 + c 2 ¢ t 2 · 0 ; c 1 ; c 2 > 0 t · 0 P i c i x i + c · 0 P Strenghten d e · 0 ; d > 0 divides the c i 's i c i x i + d ¢ d c

Interpolants from LA(Z)-proofs ♦ Cutting-plane proof system: complete proof system for LA(Z) ¡ Comb t 1 · 0 t 2 · 0 Hyp c 1 ¢ t 1 + c 2 ¢ t 2 · 0 ; c 1 ; c 2 > 0 t · 0 P i c i x i + c · 0 P Strenghten d e · 0 ; d > 0 divides the c i 's i c i x i + d ¢ d c ♦ Interpolation by annotating proof rules [McMillan05, Brillout et al. IJCAR'10] fh t i · 0 ; V ♦ Annotation (in this talk): a set of pairs j ( t ij = 0) ig i ♦ When is derived, then ? I := W i ( t i · 0 ^ V j ExistElim( x i 62 B ) : ( t ij = 0)) is the computed interpolant

Interpolants from cutting-plane proofs ♦ Annotations for Hyp and Comb from [McMillan05] (same as LA(Q)) ½ t if t · 0 2 A ¡ t · 0 [ fh t 0 · 0 ; >ig ] t 0 = Hyp 0 if t · 0 2 B Comb t 1 · 0 [ I 1 ] t 2 · 0 [ I 2 ] c 1 ¢ t 1 + c 2 ¢ t 2 · 0 [ I ] I := fh c 1 t 0 i + c 2 t 0 j · 0 ; E i ^ E j i j h t 0 i ; E i i 2 I 1 ; h t 0 j ; E j i 2 I 2 g ♦ k-Strengthen rule of [Brillout et al. IJCAR'10] (special case) P i c i x i + c · 0 [ fh t · 0 ; >ig ] P Str. ; d > 0 divides the c i 's i c i x i + d ¢ d c d e · 0 [ I ] I := fh ( t + n · 0) ; ( t + n = 0) i j 0 · n < d ¢ d c d e ¡ c g[ fh ( t + d ¢ d c d e ¡ c · 0) ; >ig

Interpolants from cutting-plane proofs ♦ Annotations for Hyp and Comb from [McMillan05] (same as LA(Q)) ½ t if t · 0 2 A ¡ t · 0 [ fh t · 0 ; >ig ] t 0 = Hyp 0 if t · 0 2 B Comb t 1 · 0 [ I 1 ] t 2 · 0 [ I 2 ] c 1 ¢ t 1 + c 2 ¢ t 2 · 0 [ I ] I := fh c 1 t 0 i + c 2 t 0 j · 0 ; E i ^ E j i j h t 0 i ; E i i 2 I 1 ; h t 0 j ; E j i 2 I 2 g ♦ k-Strengthen rule of [Brillout et al. IJCAR'10] (special case) P i c i x i + c · 0 [ fh t · 0 ; >ig ] P Str. ; d > 0 divides the c i 's i c i x i + d ¢ d c d e · 0 [ I ] I := fh ( t + n · 0) ; ( t + n = 0) i j 0 · n < d ¢ d c d e ¡ c g[ fh ( t + d ¢ d c d e ¡ c · 0) ; >ig

Interpolants from cutting-plane proofs ♦ Annotations for Hyp and Comb from [McMillan05] (same as LA(Q)) ½ t if t · 0 2 A ¡ t · 0 [ fh 0 · 0 ; >ig ] t 0 = Hyp 0 if t · 0 2 B Comb t 1 · 0 [ I 1 ] t 2 · 0 [ I 2 ] c 1 ¢ t 1 + c 2 ¢ t 2 · 0 [ I ] I := fh c 1 t 0 i + c 2 t 0 j · 0 ; E i ^ E j i j h t 0 i ; E i i 2 I 1 ; h t 0 j ; E j i 2 I 2 g ♦ k-Strengthen rule of [Brillout et al. IJCAR'10] (special case) P i c i x i + c · 0 [ fh t · 0 ; >ig ] P Str. ; d > 0 divides the c i 's i c i x i + d ¢ d c d e · 0 [ I ] I := fh ( t + n · 0) ; ( t + n = 0) i j 0 · n < d ¢ d c d e ¡ c g[ fh ( t + d ¢ d c d e ¡ c · 0) ; >ig

Example [Kroening et al. LPAR'10] ½ ¡ y ¡ 4 x ¡ 1 · 0 ½ ¡ y ¡ 4 z + 1 · 0 A := B := y + 4 x · 0 y + 4 z ¡ 2 · 0 y + 4 x · 0 ¡ y ¡ 4 z + 1 · 0 4 x ¡ 4 z + 1 · 0 ¡ y ¡ 4 x ¡ 1 · 0 y + 4 z ¡ 2 · 0 4 x ¡ 4 z + 1 + 3 · 0 ¡ 4 x + 4 z ¡ 3 · 0 (1 · 0) ´ ?

Example – with annotations ½ ¡ y ¡ 4 x ¡ 1 · 0 ½ ¡ y ¡ 4 z + 1 · 0 A := B := y + 4 x · 0 y + 4 z ¡ 2 · 0 y + 4 x · 0 ¡ y ¡ 4 z + 1 · 0 [ fh y + 4 x · 0 ; >ig ] [ fh 0 · 0 ; >ig ] 4 x ¡ 4 z + 1 · 0 ¡ y ¡ 4 x ¡ 1 · 0 y + 4 z ¡ 2 · 0 [ fh y + 4 x · 0 ; >ig ] [ fh¡ y ¡ 4 x ¡ 1 · 0 ; >ig ] [ fh 0 · 0 ; >ig ] 4 x ¡ 4 z + 1 + 3 · 0 ¡ 4 x + 4 z ¡ 3 · 0 [ fh y + 4 x + n · 0 ; y + 4 x + n = 0 i j [ fh¡ y ¡ 4 x ¡ 1 · 0 ; >ig ] 0 · n < 3 g [ fh y + 4 x + 2 · 0 ; >ig ] (1 · 0) ´ ? [ fh n ¡ 1 · 0 ; y + 4 x + n = 0 i j 0 · n < 3 g [ fh 2 ¡ 1 · 0 ; >ig ]

Example – with annotations ½ ¡ y ¡ 4 x ¡ 1 · 0 ½ ¡ y ¡ 4 z + 1 · 0 A := B := y + 4 x · 0 y + 4 z ¡ 2 · 0 y + 4 x · 0 ¡ y ¡ 4 z + 1 · 0 Interpolant: [ fh y + 4 x · 0 ; >ig ] [ fh 0 · 0 ; >ig ] ( y = 4 0) _ ( y + 1 = 4 0) 4 x ¡ 4 z + 1 · 0 ¡ y ¡ 4 x ¡ 1 · 0 y + 4 z ¡ 2 · 0 [ fh y + 4 x · 0 ; >ig ] [ fh¡ y ¡ 4 x ¡ 1 · 0 ; >ig ] [ fh 0 · 0 ; >ig ] 4 x ¡ 4 z + 1 + 3 · 0 ¡ 4 x + 4 z ¡ 3 · 0 [ fh y + 4 x + n · 0 ; y + 4 x + n = 0 i j [ fh¡ y ¡ 4 x ¡ 1 · 0 ; >ig ] 0 · n < 3 g [ fh y + 4 x + 2 · 0 ; >ig ] (1 · 0) ´ ? [ fh n ¡ 1 · 0 ; y + 4 x + n = 0 i j 0 · n < 3 g [ fh 2 ¡ 1 · 0 ; >ig ]

Drawback of Strengthen ♦ Interpolation of Strengthen creates potentially very big disjunctions k := d d c ♦ Linear in the strengthening factor d e ¡ c ♦ Can be exponential in the size of the proof ½ ¡ y ¡ 4 x ¡ 1 · 0 ½ ¡ y ¡ 4 z + 1 · 0 Example: A := B := y + 4 x · 0 y + 4 z ¡ 2 · 0 ( y = 4 0) _ ( y + 1 = 4 0) Interpolant:

Drawback of Strengthen ♦ Interpolation of Strengthen creates potentially very big disjunctions k := d d c ♦ Linear in the strengthening factor d e ¡ c ♦ Can be exponential in the size of the proof ½ ¡ y ¡ 2 nx ¡ n + 1 · 0 ½ ¡ y ¡ 2 nz + 1 · 0 Example: A := B := y + 2 nx · 0 y + 2 nz ¡ n · 0 Interpolant: ( y = 2 n 0) _ ( y + 1 = 2 n 0) _ : : : _ ( y = 2 n n ¡ 1)