Introduction QuEKeY: The Novel Approach Summary and Conclusion Model Generation for Quantified First-order Logic Formulas Christoph Gladisch University of Koblenz 9th Symposium May 25th, 2010, Gernsbach Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Introduction What it means model = interpretation that satisfies a formula showing satisfiability = showing the existence of a model Why it is important Counterexamples for failed verification attempts Test data generation Checking consistency of axioms and preconditions Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Introduction What it means model = interpretation that satisfies a formula showing satisfiability = showing the existence of a model Why it is important Counterexamples for failed verification attempts Test data generation Checking consistency of axioms and preconditions Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Introduction State-of-the-art techniques for showing satisfiability Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices The Problem The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers Example: formula that is not solvable by SMT solvers ∀ x . ( x � 0 → prev ( next ( x )) = x ) Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Introduction State-of-the-art techniques for showing satisfiability Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices The Problem The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers Example: formula that is not solvable by SMT solvers ∀ x . ( x � 0 → prev ( next ( x )) = x ) Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Introduction State-of-the-art techniques for showing satisfiability Satisfiability modulo theory (SMT) solvers In the following we have tested: Z3, CVC3, Yices The Problem The problem is: quantified formulas Formulas used in KeY often have quantifies and are not solvable with SMT solvers Example: formula that is not solvable by SMT solvers ∀ x . ( x � 0 → prev ( next ( x )) = x ) Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Example: Problems with Quantifiers J AVA + JML /*@ ♣✉❜❧✐❝ ♥♦r♠❛❧❴❜❡❤❛✈✐♦r r❡q✉✐r❡s next!= ♥✉❧❧ && prev!= ♥✉❧❧ && next!=prev; ❡♥s✉r❡s ( ❭❢♦r❛❧❧ ✐♥t j;0<=j && j<next.length;prev[next[j]]==j); ❛ss✐❣♥❛❜❧❡ prev[*]; @*/ ♣✉❜❧✐❝ ✈♦✐❞ link(){ /*@ ❧♦♦♣❴✐♥✈❛r✐❛♥t ( ❭❢♦r❛❧❧ ✐♥t x;0<=x&& x<=i;prev[next[x]]==x) && (0<=i && i<=next.length); ♠♦❞✐❢✐❡s prev[*],i; @*/ ❢♦r ( ✐♥t i=0;i<next.length;i++){ prev[next[i]]=i; } } J AVA + JML experiments/0 SFPexampleCode/FPTest.test4bad4() QuEKeY 2C’ (KeYSolver6) can solve the first open branch Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Counterexample Generation with KeY Given an open proof branch Γ = ⇒ ∆ Counterexample generation means to create a model for Γ ∧ ¬ ∆ The problem are quantifiers that cannot be skolemized. In the original sequent these are: ∀ x .ϕ 1 , ∃ x .ϕ 2 = ⇒ ∀ x .ϕ 1 , ∃ x .ϕ 2 Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Counterexample Generation with KeY Given an open proof branch Γ = ⇒ ∆ Counterexample generation means to create a model for Γ ∧ ¬ ∆ The problem are quantifiers that cannot be skolemized. In the original sequent these are: ∀ x .ϕ 1 , ∃ x .ϕ 2 = ⇒ ∀ x .ϕ 1 , ∃ x .ϕ 2 Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work More General Distinction between Quantifications Case Skolemizable Non-Skolemizable validity ∀ x .ϕ ∃ x .ϕ unsatisfiability ∃ x .ϕ ∀ x .ϕ satisfiability ∃ x .ϕ ∀ x .ϕ falsifiability ∀ x .ϕ ∃ x .ϕ Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Methods for Handling of Quantifiers Quantifier Instantiation Idea: Given ∀ x .ϕ ( x ), create ϕ ( t 1 ) ∧ ϕ ( t 2 ) ∧ ϕ ( t 3 ) ∧ . . . Techniques: ground instantiations (e.g. E-matching) free variables/meta variables finite model finding Quantifier Elimination Idea: ∀ x . a < x → b < x is equi-satisfiable to a ≥ b Techniques: Fourier-Motzkin: QE for linear rational arithmetic Cooper’s Method: QE for Presburger arithmetic Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Methods for Handling of Quantifiers Quantifier Instantiation Idea: Given ∀ x .ϕ ( x ), create ϕ ( t 1 ) ∧ ϕ ( t 2 ) ∧ ϕ ( t 3 ) ∧ . . . Techniques: ground instantiations (e.g. E-matching) free variables/meta variables finite model finding Quantifier Elimination Idea: ∀ x . a < x → b < x is equi-satisfiable to a ≥ b Techniques: Fourier-Motzkin: QE for linear rational arithmetic Cooper’s Method: QE for Presburger arithmetic Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Few words about E-matching E-matching is a heuristic E-matching is not complete: Simplify is unsound for counter example generation. Example: Unsoundness of Simplify for model generation ∀ h . ∀ i . ∀ v . rd ( wr ( h , i , v ) , i ) = v ∀ h . ∀ j . 0 � rd ( h , j ) ∧ rd ( h , j ) � 2 32 − 1 Consider the instantiation: [ h := wr ( h 0 , k , 2 32 ) , j := k ], E-matching is complete in certain cases. Examples: Bernays-Sch¨ onfinkel class. E.g. P ( a ) , ∀ x . P ( x ) Array Property Fragment. E.g. ∀ x . x > b → a ( x ) = b ( x ) Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Motivation QuEKeY: The Novel Approach Background Summary and Conclusion Related Work Few words about E-matching E-matching is a heuristic E-matching is not complete: Simplify is unsound for counter example generation. Example: Unsoundness of Simplify for model generation ∀ h . ∀ i . ∀ v . rd ( wr ( h , i , v ) , i ) = v ∀ h . ∀ j . 0 � rd ( h , j ) ∧ rd ( h , j ) � 2 32 − 1 Consider the instantiation: [ h := wr ( h 0 , k , 2 32 ) , j := k ], E-matching is complete in certain cases. Examples: Bernays-Sch¨ onfinkel class. E.g. P ( a ) , ∀ x . P ( x ) Array Property Fragment. E.g. ∀ x . x > b → a ( x ) = b ( x ) Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Basic Idea QuEKeY: The Novel Approach How Updates are Created Summary and Conclusion The Novel Approach: QuEKeY Model generation for (quantified) formulas Two variants of the approach Eliminates quantifiers, returns a residue of ground formulas. Precomputation step for SMT solvers. Complete model generation. The interesting questions are which language to use for model representation how to construct “models” which calculus to use to validate “models” Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Introduction Basic Idea QuEKeY: The Novel Approach How Updates are Created Summary and Conclusion The Novel Approach: QuEKeY Model generation for (quantified) formulas Two variants of the approach Eliminates quantifiers, returns a residue of ground formulas. Precomputation step for SMT solvers. Complete model generation. The interesting questions are which language to use for model representation how to construct “models” which calculus to use to validate “models” Christoph Gladisch Model Generation for Quantified First-order Logic Formulas
Recommend
More recommend