Re Relational Con Constraint So Solving ng in in SMT SMT Paul Meng , Andrew Reynolds, Cesare Tinelli, Clark Barrett Midwest Verification Day September 2018
Re Relational Re Reasoning Many problems can be modeled relationally • Ontologies • Network systems • High-level system design • … Relational logic is well suited for reasoning about structurally rich problems
A A Moti tivati ting g Examp mple
�� �� Mo Mode deling ng a To Toy File System A Relational Solver 𝑆𝑝𝑝𝑢 ⊆ 𝐸𝑗𝑠 There is a root directory The contents defines relations between c 𝑝𝑜𝑢𝑓𝑜𝑢𝑡 ⊆ 𝐸𝑗𝑠 × directories and files or 𝐺𝑗𝑚𝑓 ⋃ 𝐸𝑗𝑠 directories All directories and files are reachable from the Root 𝐺𝑗𝑚𝑓 ⋃ 𝐸𝑗𝑠 ⊆ contents contents root directory by Root.*contents following the contents contents ∀ 𝑒: 𝐸𝑗𝑠 | ¬(𝑒 ⊆ Contents relation is acyclic 𝑒. ^contents) * – reflexive-transitive closure ^ – transitive closure
Tech chnical Pr Preliminaries Sa Satisfiability Mo Modul dulo T The heori ries ( (SMT MT)
Sa Satisfiability Mo Modul dulo T The heori ries ( (SMT MT) Decide the satisfiability of many-sorted first-order logic formulas with respect to combinations of background theories (a[i] > a[j] ) ∧ (str = “Hello World”) ∧ (len(str) + x = 3) ∧ (A ∨ B) ∧ (x ∈ S) Sets Arrays Strings Arithmetic Booleans SMT UNSAT SAT Solver
Sa Satisfiability Mo Modul dulo T The heori ries ( (SMT MT) A theory 𝓤 = ( Σ , 𝚱 ) defines • A signature Σ : a set of non-logical symbols • A class of Σ -interpretations 𝚱 • Examples : integer arithmetic, strings, finite sets, … Ø A simple theory : Σ > = 0, 1, +, = Ø A formula in the theory 𝓤 > : 𝑦 + 0 = 1
Re Related Work
Al Alloy A declarative language based on first-order relational logic created at MIT Model and analyze structurally-rich systems SAT-based analysis by the Alloy Analyzer • Checks the consistency of an Alloy Specification • Can disprove but only prove a given property for an Alloy specification within a given bounds
Analysis of Alloy Speci cifications via SMT El Ghazi et al. [8, 9, 10] translates the Alloy kernel language to SMT-LIB language and solves using SMT solvers ( AlloyPE ) The resulting SMT formulas are difficult to solve due to heavy usage of quantifiers in the translation
Descr cription Logics cs (DLs) Fragments of relational logic for efficient knowledge representation and reasoning Consider on purpose only unary and binary relations OWL : a standardized semantic web ontology language based on description logics • Efficient solvers : KONCLUDE, HermiT, FaCT++ and etc.
A A Theo eory y of Fi Finite e Set t 𝓤 𝓣 in in SMT A theory 𝓤 𝓣 of finite sets was introduced by Kshitij Bansal et al. [3] Signature 𝛵 𝒯 of 𝓤 𝓣 • Singleton set constructor : [▁]: 𝛽 → Set 𝛽 • Subset : ⊑ ∶ Set 𝛽 × Set 𝛽 → Bool • Membership : ∈ ∶ 𝛽 × Set 𝛽 → Bool • Union, intersection, set difference : ⊓,⊔, \ ∶ Set 𝛽 × Set 𝛽 → Set 𝛽 A modular set solver was implemented in CVC4
My Research My ch Relations 𝓤 𝓢 A A Th Theor ory of of Fi Finite Re
Ty Type Notations 𝐔𝐯𝐪 𝒐 𝜷 𝟐 , … , 𝜷 𝒐 : a parametric tuple sort (n > 0) 𝐓𝐟𝐮(𝐔𝐯𝐪 𝒐 𝜷 𝟐 , … , 𝜷 𝒐 ) : a relational sort abbreviated as 𝐒𝐟𝐦 𝒐 𝜷 𝟐 , ⋯ , 𝜷 𝒐
Re Relational Signature 𝛵 ℛ of of 𝓤 𝓢 Tuple constructor : _ , … , _ ∶ 𝛽 i × ⋯ × 𝛽 j → Tup j 𝛽 i , … , 𝛽 j Ø Example : ⟨1, 2⟩ a binary integer tuple constant Singleton relation constructor : [ q ] ∶ Tup j 𝛽 i , … , 𝛽 j → Rel s 𝛽 i , … , 𝛽 j Ø Example : ⟨1, “Hello”⟩ a singleton set of integer and string binary tuple
Re Relational Signature 𝛵 ℛ of of 𝓤 𝓢 Product : ∗ ∶ Rel x 𝛽 × Rel j 𝛾 → Rel xzj 𝛽, 𝛾 Ø Example : R1 = ⟨1, 2⟩, ⟨3, 4⟩ ; R2 = ⟨5, 6⟩ R1 ∗ R2 = ⟨1, 2, 5, 6⟩, ⟨3, 4, 5, 6⟩ Join : ⋈ ∶ Rel €zi 𝛽, 𝛿 × Rel ‚zi 𝛿, 𝛾 → Rel €z‚ 𝛽, 𝛾 with 𝑞 + 𝑟 > 0 Ø Example : R1 = ⟨1, “Hello”⟩, ⟨2, “Hi”⟩ ; R2 = ⟨“Hello”, 3⟩, ⟨“World”, 4⟩ ; R1 ⋈ R2 = ⟨1, 3⟩
Re Relational Signature 𝛵 ℛ of of 𝓤 𝓢 Transpose : _ qi : Rel x 𝛽 i , ⋯ , 𝛽 x → Rel x 𝛽 x , ⋯ , 𝛽 i Ø Example : R = ⟨1, “Hello”⟩, ⟨2, “Hi”⟩ ; R -1 = ⟨“Hello”, 1⟩, ⟨“Hi”, 2⟩ ; Transitive Closure : _ z : Rel Œ α, α → Rel Œ α, α Ø Example : R = ⟨1, 2⟩, ⟨2, 3⟩ R + = ⟨1, 2⟩, ⟨2, 3⟩, ⟨1, 3⟩
culus 𝓓 𝓢 fo A A Calcu for 𝓤 𝓢
A Compact ct Calcu culus for 𝓤 𝓣 Derivation rules for intersection and union
A Compact ct Calcu culus for 𝓤 𝓣 Derivation rules for set difference, singleton, disequality and contradiction
le ( _ q𝟐 ) TR TRANSPO POSE Deriv ivation ion Rule
JOIN JOIN Der Derivati tion Ru Rule e ( ⋈ ) 𝓐 is a fresh variable
PR PRODUCT T Deriv ivation ion Rule le ( ∗ )
le ( _ z ) TR TRANSITI TIVE CLOSURE Deriv ivation ion Rule 𝓐, 𝓐 i , 𝓐 Œ are fresh variables
An An Examp mple 𝒯 = { 𝑏, 𝑐 ∈ 𝑆 z , 𝑏, 𝑐 ∉ R, 𝑏, 𝑐 ∉ R ⋈ R} TCLOS DOWN 𝒯 ∶= 𝒯 ∪ { 𝑏, 𝑐 ∈ R} 𝒯 ∶= 𝒯 ∪ { 𝑏, 𝑙 ∈ R, 𝑙 𝑐 ∈ R} EQ UNSAT 𝑏, 𝑐 ∉ R 𝒯 ∶= 𝒯 ∪ { 𝑏, 𝑙 i ∈ R, 𝑙 i , 𝑙 Œ ∈ R, 𝑙 Œ 𝑐 ∈ R, 𝑙 i ≉ 𝑙 Œ } JOIN UP UNSAT 𝒯 ∶= 𝒯 ∪ { 𝑏, 𝑐 ∈ R ⋈ R} NO RULES APPLY (After exhaustively applying JOIN-UP) EQ UNSAT 𝑏, 𝑐 ∉ R ⋈ R SAT UNSAT
Calcu culus 𝓓 𝓢 Correct ctness
Calcu culus 𝓓 𝓢 Correct ctness Refutation Sound – a closed derivation tree proves that input constraints are UNSAT Model Sound – from a saturated branch of a derivation tree one can extract a model for input constraints Detailed proof can be found in Meng et al. [21]
Te Termination fo for a a Frag agment of of 𝓤 𝓢 Termination: If S is a finite set of constraints generated by the grammar above, then all derivation trees are finite. Detailed proof can be found in Meng et al. [21]
A Re Relational Solver in CVC4 Relations Arithmetic Strings Theory Prop Engine Engine Others Sets Uninterpreted Function
A Re Relational Solver in CVC4 • Allows us to solve constraints from a combination of relations and other domains • Extend SMT-LIB/CVC4 native language with support for relations • Enables natural mappings from several relational modeling languages to SMT • Brings to those languages the power of SMT solvers and their ability to reason efficiently about built-in types
Ap Applicati tions of 𝓤 𝓢
Ap Applicati tion 1: 1: Al Alloy y to CV CVC4 C4 Support Alloy kernel language in SMT natively Finite model finding of CVC4 can efficiently reason about problems with presence of quantifiers Built a translator from Alloy kernel language to SMT Can disprove and prove properties with respect to Alloy specifications
ALLOY KERNEL LANGUAGE CVC4 Signature sig S S : Rel 1 (Atom) Field f : S 1 → ⋯ → S n of a sig S f : Rel n+1 (Atom, …, Atom) f ⊑ S ∗ S 1 ∗ ⋯ ∗ S n sig S 1 , … , S n extends S S 1 ⊑ S, … , S n ⊑ S S i ⊓ S j = [ ] for 1 ≤ i < j ≤ n S 1 ⊔ ⋯ ⊔ S n = S if S is abstract sig S 1 , … , S n in S, S 1 ⊑ S, … , S n ⊑ S
ALLOY KERNEL LANGUAGE CVC4 Sets Operators: + , &, − , = , in ⊔ , ⊓ − , ≈ , ⊑ _ qi , ⋈ , ∗ , _ z Relational Operators: ~, ⋅ , → , ^ Logical operators: and, or, not AND, OR, NOT Quantifiers: all, some FORALL, EXISTS
Evaluation on Alloy Bench chmarks Evaluated CVC4 with two configurations • CVC4 : enables full native support for relational operators • CVC4+AX: encodes all relational operators as uninterpreted functions with axioms Compared with Alloy Analyzer and AlloyPE on two sets of benchmarks: 1. From AlloyPE and 2. From an academic course
Evaluation on Alloy Bench chmarks Compared to the Alloy Analyzer • CVC4 is overall slower for SAT benchmarks • CVC4 solves UNSAT benchmarks , whereas the Alloy Analyzer can only answer bounded UNSAT Compared to AlloyPE • CVC4 solves SAT benchmarks , whereas AlloyPE solves none • CVC4 solves most of AlloyPE’s benchmarks Compared to CVC4+AX • CVC4 solves SAT benchmarks , whereas CVC4+AX solves none • CVC4 solves significantly more UNSAT benchmarks
Ev Evaluation on SA SAT Bench chmarks 1000 Seconds in Log Scale 100 10 1 0.1 CVC4 Alloy Analyzer
Seconds in Log Scale 1000 100 0.1 10 1 Ev Evaluation on UN mem-wr mem-wi ab-ai ab-dua abt-dua abt-ly-u gp-nsf gp-nsg com-1 com-3 CVC4 com-4a UNSAT Bench com-4b CVC4+AX fs-sd fs-nda gc-s1 academia_3 AlloyPE academia_4 family_1 family_2 birthday chmarks library gc-s2 gc-c com-2 social_3 social_4 social_2 lights INSLabel
Ap Applicati tion 2: 2: OWL L DL DL to SMT OWL DL based on an expressive description logic fragment Built a translator from OWL DL to SMT in 𝓤 𝓢 Check logical consistency of OWL models using CVC4
Recommend
More recommend
