Efficient Interpolation for the Theory of Arrays Tanja Schindler - PowerPoint PPT Presentation

Efficient Interpolation for the Theory of Arrays Tanja Schindler Jochen Hoenicke University of Freiburg July 23, 2017

Motivation Interpolation for the Theory of Arrays ◮ model checkers use interpolants to automatically generate invariants ◮ theory of arrays represents the data type arrays, memory, parallel processes

Motivation Interpolation for the Theory of Arrays ◮ model checkers use interpolants to automatically generate invariants ◮ theory of arrays represents the data type arrays, memory, parallel processes Existing work [Bruttomesso et al. 2011], [Totla&Wies 2013] ◮ the solver needs to know the interpolation problem in advance ◮ need to re-run the solver for each partitioning to compute sequence or tree interpolants

Outline Motivation Background Proof Tree Preserving Interpolation Theory of Arrays Weakly Equivalent Arrays Interpolants for the Theory of Arrays Read-Over-Weakeq Lemmas Weakeq-Ext Lemmas Conclusion

Craig Interpolant Given formulas A , B such that A ∧ B is unsatisfiable, a Craig interpolant is a formula I such that ◮ A implies I ◮ I ∧ B is unsatisfiable ◮ I contains only symbols that occur in both A and B .

Interpolants from Proofs Resolution Proof for F Derive Interpolants leaf leaf ◮ compute partial interpolants for leaf nodes res ◮ theory lemmas : need special leaf leaf leaf procedures res res ◮ combine them at resolution nodes ◮ the partial interpolant of ⊥ is the ⊥ interpolant for F : A ∧ B

Interpolants from Proofs Resolution Proof for F Derive Interpolants leaf leaf ◮ compute partial interpolants for leaf nodes res ◮ theory lemmas : need special leaf leaf leaf procedures res res ◮ combine them at resolution nodes ◮ the partial interpolant of ⊥ is the ⊥ interpolant for F : A ∧ B Proof Tree Preserving Interpolation ◮ can be applied to proofs unaware of the interpolation problem ◮ can handle mixed (in)equalities ◮ can not handle mixed terms [Christ et al. 2013]

Proof Tree Preserving Interpolation ◮ Mixed equalities: A ∧ B ∧ a = b Interpolate A ∧ a = x and B ∧ x = b for fresh x Interpolant contains x

Proof Tree Preserving Interpolation ◮ Mixed equalities: A ∧ B ∧ a = b Interpolate A ∧ a = x and B ∧ x = b for fresh x Interpolant contains x ◮ Mixed disequalities: A ∧ B ∧ a � = b Interpolate A ∧ EQ( x , a ) and B ∧ ¬ EQ( x , b ) with uninterpreted predicate EQ Interpolant contains EQ( x , s ),

Proof Tree Preserving Interpolation ◮ Mixed equalities: A ∧ B ∧ a = b Interpolate A ∧ a = x and B ∧ x = b for fresh x Interpolant contains x ◮ Mixed disequalities: A ∧ B ∧ a � = b Interpolate A ∧ EQ( x , a ) and B ∧ ¬ EQ( x , b ) with uninterpreted predicate EQ Interpolant contains EQ( x , s ), and A ∧ B − → a = s ∧ s = b (equality-interpolating theories)

The Axioms of the Theory of Arrays a � i ⊳ v � [ i ] = v (idx) i � = k − → a � k ⊳ v � [ i ] = a [ i ] (read-over-write) ( ∀ i . a [ i ] = b [ i ]) − → a = b (ext)

The Axioms of the Theory of Arrays a � i ⊳ v � [ i ] = v (idx) i � = k − → a � k ⊳ v � [ i ] = a [ i ] (read-over-write) a [diff( a , b )] = b [diff( a , b )] − → a = b (ext-diff) [Bruttomesso et al. 2011]

Weakly Equivalent Arrays Problem Proof Tree Preserving Interpolation cannot handle mixed terms.blue Example Proof for interpolation problem A := s 1 � k ⊳ v � = s 2 ∧ f ( k ) = 0 B := s 1 [ i ] � = s 2 [ i ] ∧ f ( i ) = 1 Instantiating read-over-write i � = k − → s 1 � k ⊳ v � [ i ] = s 1 [ i ]

Weakly Equivalent Arrays Problem Proof Tree Preserving Interpolation cannot handle mixed terms.blue Example Proof for interpolation problem A := s 1 � k ⊳ v � = s 2 ∧ f ( k ) = 0 B := s 1 [ i ] � = s 2 [ i ] ∧ f ( i ) = 1 Instantiating read-over-write i � = k − → s 1 � k ⊳ v � [ i ] = s 1 [ i ] Solution Avoid creating mixed terms: Weakly Equivalent Arrays [Christ&Hoenicke 2015]

Read-Over-Weakeq Extended Array Lemma i � = k − → a � k ⊳ v � [ i ] = a [ i ] (read-over-write)

� Read-Over-Weakeq Extended Array Lemma a ≈ i b ∧ i = j − → a [ i ] = b [ j ] (read-over-weakeq) ( a ≈ i b : connected by path of array equalities and writes not on i ) Visualization of the corresponding conflict a [ i ] b [ j ] ← − a [ i ] � = b [ j ] j ← − i = j i − − − k 1 k 2 k n a . . . ← − a ≈ i b b

� Interpolants for Read-Over-Weakeq . . . with i in both A and B a [ i ] b [ j ] j i − −− k 1 k 2 k 3 a s 1 s 2 s 3 s 4 b

� Interpolants for Read-Over-Weakeq . . . with i in both A and B a [ i ] b [ j ] j i − −− k 1 k 2 k 3 a s 1 s 2 s 3 s 4 b Interpolant I : s 1 [ i ] = s 2 [ i ] ∧ s 3 [ i ] = s 4 [ i ]

� Interpolants for Read-Over-Weakeq . . . with i and j in B a [ i ] b [ j ] j i x 1 x 2 − − x 3 − k 1 k 2 k 3 s 1 s 2 s 3 s 4 a b

� Interpolants for Read-Over-Weakeq . . . with i and j in B a [ i ] b [ j ] j i x 1 x 2 − − x 3 − k 1 k 2 k 3 s 1 s 2 s 3 s 4 a b Interpolant I : weq( s 1 , s 2 , 1 , EQ( x 1 , · )) ∧ weq( s 3 , s 4 , 2 , EQ( x 2 , · ) ∨ EQ( x 3 , · )) weq( a , b , 0 , F ( · )) : ≡ a = b weq( a , b , m + 1 , F ( · )) : ≡ ( a = b ∨ F (diff( a , b ))) ∧ weq( a � diff( a , b ) ⊳ b [diff( a , b )] � , b , m , F ( · ))

Weakeq-Ext Lemmas Extended Array Lemma ( ∀ i . a [ i ] = b [ i ]) − → a = b (ext)

� Weakeq-Ext Lemmas Extended Array Lemma a P ⇔ b ∧ ( ∀ i ∈ Stores( P ) . a ∼ i b ) − → a = b (weakeq-ext) P a ⇔ b : connected by a path of array equalities and writes a ∼ i b : connected by a path of subpaths s ≈ i s ′ and read equalities on i Visualization of the corresponding conflict ← − a � = b i 1 i 2 i n a − a P . . . b ← ⇔ b i 1 − − k 1 k 1 k 1 n 1 1 2 ← − a ∼ i 1 b a . . . b . . . . i n . − − . k n k n k n n n 1 2 a ← − a ∼ i n b . . . b

� Interpolants for Weakeq-Ext . . . with a and b in B i 1 i 2 s 1 s 2 a b i 1 x 1 − i 1 k 1 i 1 s 1 s 1 a b 1 2 i 2 x 2 x 3 − − − k 2 k 3 k 4 s 2 s 2 a b 1 2

� Interpolants for Weakeq-Ext . . . with a and b in B i 1 i 2 s 1 s 2 a b i 1 x 1 − i 1 k 1 i 1 s 1 s 1 a b 1 2 i 2 x 2 x 3 − − − k 2 k 3 k 4 s 2 s 2 a b 1 2 Interpolant I : weq( s 1 1 , s 1 2 , 1 , EQ( x 1 , · )) ∧ weq( s 1 , s 2 , 1 , EQ( x 2 , · ) ∧ s 2 1 [ · ] = s 2 2 [ · ] ∧ EQ( x 4 , · ) ) � �� � compare with read-over-weakeq

� Interpolants for Weakeq-Ext . . . with a in A and b in B x ab i 1 i 2 a s b i 1 x 1 − i 1 k 1 s 1 a b i 2 x 2 − k 2 i 2 s 2 a b

� Interpolants for Weakeq-Ext . . . with a in A and b in B x ab i 1 i 2 a s b i 1 x 1 − i 1 k 1 s 1 a b i 2 x 2 − k 2 i 2 s 2 a b Interpolant I : EQ( x ab , s ) ∧ weq( s , s 2 , 1 , EQ( x 2 , · )) � ∨ nweq s , s 1 , 2 , EQ( x ab , s �· ⊳ s 1 [ · ] � )) ∧ weq( s �· ⊳ s 1 [ · ] � , s 2 , 1 , EQ( x 2 , :) ) � �� � � compare with first line ∧ EQ( x 1 , · )

Conclusion Our interpolation method for the theory of arrays ◮ produces quantifier-free interpolants ◮ is designed for proof tree preserving interpolation ◮ reuses a graph produced during the proof based on weak equivalence between arrays ◮ is efficient for sequence and tree interpolants Implementation in SMTInterpol is ongoing work.

Thank you for your attention!