Rudiments of Presburger Arithmetic St ephane Demri (demri@lsv.fr) - PowerPoint PPT Presentation

Rudiments of Presburger Arithmetic St´ ephane Demri (demri@lsv.fr) September 30th, 2016

Slides and lecture notes http://www.lsv.fr/˜demri/notes-de-cours.html https://wikimpri.dptinfo.ens-cachan.fr/doku. php?id=cours:c-2-9-1

About the lectures 1 & 2 ◮ Introduction to counter machines and verification decision problems. ◮ Covering problem for lossy counter machines is Ackermann-hard.

Plan of the today lecture ◮ Introduction to Presburger arithmetic. ◮ Decidability and quantifier elimination. ◮ Decidability by the automata-based approach.

Research internships M2 ◮ VASS games for resource-bounded logics. ◮ Temporal logics on strings. ◮ Decision procedures for separation logics. http://www.lsv.fr/˜demri/ The internship can be followed by a PhD thesis with existing financement.

A Formalism for Arithmetical Constraints

A fundamental decidable theory ◮ First-order theory of � N , + , ≤� introduced by Mojcesz Presburger (1929). ◮ Handy to express guards and updates in counter machines: x++ ≈ x ′ = x + 1 x 1 + x 2 = x B ∧ x 1 < 36 ◮ Nondeterministic update in a lossy counter machine: x ′ ≤ x + 1 ◮ Formulae are viewed as symbolic representations for (infinite) sets of tuples of natural numbers. x ≤ y can be interpreted as {� n , m � ∈ N 2 | n ≤ m }

Symbolic representation in counter machines ◮ Counter machine with two counters and with at least the locations q 0 (initial), q 1 and q 2 . ◮ Suppose ϕ 1 ( x , y ) interpreted as X 1 = {� n , m � ∈ N 2 | � q 0 , 0 , 0 � ∗ − → � q 1 , n , m �} ◮ Suppose ϕ 2 ( x , y ) interpreted as X 2 = {� n , m � ∈ N 2 | � q 0 , 0 , 0 � ∗ − → � q 2 , n , m �} ◮ Equivalence between the statements below: ◮ Every pair of counter values from a reachable configuration with location q 1 is also a pair of counter values from a reachable configuration with location q 2 . ◮ X 1 ⊆ X 2 . ◮ ϕ 1 ( x , y ) ⇒ ϕ 2 ( x , y ) is always true.

Essential properties for formal verification ◮ Rich logical language: captures most standard updates and guards in counter machines (and more). ◮ Decidability of the satisfiability and validity problems. Worst-case complexity characterised (below 2E XP S PACE ). ◮ Handy language with unrestricted quantifications but those quantifications can be viewed as concise macros. ◮ Expressive power of the language is known: Presburger sets = semilinear sets. ◮ Formalism also used to express constraints on graphs, on number of events, etc. See e.g., [Seidl & Schwentick & Muscholl, chapter 07]

Presburger arithmetic [Presburger, 29] ◮ “First-order theory of � N , + , ≤� ” (no multiplication). ◮ A property about the structure � N , + , ≤� : ∀ x ( ∃ y (( 2x + 8 ) ≤ y ) ◮ Atomic formula (( 2x + 8 ) ≤ y ) . ◮ Term ( 2x + 8 ) . ◮ Variables x and y. ◮ Given VAR = { x , y , z , . . . } , the terms are of the form a 1 x 1 + · · · + a n x n + k with a 1 , . . . , a n , k ≥ 0.

Valuations ◮ Valuation v : VAR → N . ◮ Extending v to all terms: ◮ v ( k ) = k . ◮ v ( a x ) = a × v ( x ) . ◮ v ( t + t ′ ) = v ( t ) + v ( t ′ ) . ◮ Satisfaction relation | = ◮ v | = ( 2x + 8 ) ≤ y with v ( x ) = 3 and v ( y ) = 27. ◮ v �| = ( 2x + 8 ) ≤ y with v ( x ) = 3 and v ( y ) = 13.

Formulae (1/2) ◮ Atomic formula t ≤ t ′ . = t ≤ t ′ ⇔ v ( t ) ≤ v ( t ′ ) . def ◮ v | ◮ Formulae are built from Boolean connectives and quantifiers. ◮ Abbreviations: ( t ≤ t ′ ) ∧ ( t ′ ≤ t ) def t = t ′ = t < t ′ def t + 1 ≤ t ′ = t ′ ≤ t t ≥ t ′ def = t ′ + 1 ≤ t def t > t ′ =

Formulae (2/2) ϕ ::= ⊤ | ⊥ | t ≤ t ′ | ¬ ϕ | ϕ ∧ ϕ | ϕ ∨ ϕ | ∃ x ϕ | ∀ x ϕ where t and t ′ are terms and x ∈ VAR . ◮ Infinite number of 3 multiples: ∀ x ( ∃ y ( y > x ) ∧ ( ∃ z ( y = 3z ))) . ◮ Oddness: ∃ y x = 2y + 1. ◮ xy + 1 = z is not a formula.

Semantics def def ◮ v | = ⊤ ⇔ true; v | = ⊥ ⇔ false, def = t ≤ t ′ ⇔ v ( t ) ≤ v ( t ′ ) , ◮ v | def ◮ v | = ¬ ϕ ⇔ not v | = ϕ , = ϕ ∧ ϕ ′ def = ϕ ′ , ◮ v | ⇔ v | = ϕ and v | def = ϕ ∨ ϕ ′ = ϕ ′ , ◮ v | ⇔ v | = ϕ or v | def ◮ v | = ∃ x ϕ ⇔ there is n ∈ N such that v [ x �→ n ] | = ϕ where v [ x �→ n ] is equal to v except that x is mapped to n , def ◮ v | = ∀ x ϕ ⇔ for every n ∈ N , we have v [ x �→ n ] | = ϕ .

Standard first-order semantics = t = t ′ (where ’ t = t ′ ’ is an abbreviation) iff v ( t ) = v ( t ′ ) . ◮ v | def ◮ ϕ and ψ are equivalent in FO ( N ) ⇔ for every valuation v , we have v | = ϕ iff v | = ψ . ◮ ϕ 1 ∧ ϕ 2 and ¬ ( ¬ ϕ 1 ∨ ¬ ϕ 2 ) are equivalent formulae. ◮ ∃ x ϕ and ¬∀ x ¬ ϕ are equivalent formulae. ◮ ∀ x ∃ y ( y < x ) and ∀ x ∃ y ( x < y ) are not equivalent.

Total ordering ◮ ϕ tot : � N , < � is a linearly ordered set: def = ∀ x ∀ y (( x = y ) ∨ ( x < y ) ∨ ( x > y )) . ϕ tot ◮ Key argument: for all valuations v , v | = ( x = y ) ∨ ( x < y ) ∨ ( x > y )

Standard notations ◮ ∀ x 1 · · · ∀ x n ϕ is also written ∀ x 1 , . . . , x n ϕ ◮ ∀ x ( x ≤ k ) ⇒ ϕ is also written ∀ ≤ k x ϕ ◮ 3y ≤ 7x + 8 is also written − 2x + 3y − 8 ≤ 5x

Modulo constraints ◮ x ≡ k 0 is an abbreviation for ∃ y ( x = k y ) . ◮ t ≡ k t ′ is an abbreviation for ∃ x ( t = k x + t ′ ) ∨ ( t ′ = k x + t ) ◮ Example of formula in FO ( N ) (with various abbreviations): ∀ x , y ( − 2x + 9 ≡ 4 y + 1 ) ⇔ ( − y ≡ 4 2x − 8 )

Satisfiability problem ◮ Satisfiability problem Input: a formula ϕ Question: is there a valuation v such that v | = ϕ ? ◮ Satisfiable formula: ( x 1 ≥ 2 ) ∧ ( x 2 ≥ 2x 1 ) ∧ · · · ∧ ( x n ≥ 2x n − 1 ) (take v ( x i ) = 2 i ) ◮ Validity problem Input: a formula ϕ Question: is the case that for every valuation v , we have v | = ϕ ? ◮ Valid formula: ( x 1 ≥ 2 ∧ x 2 ≥ 2x 1 ∧ · · · ∧ x n ≥ 2x n − 1 ) ⇒ x n ≥ 2 n

Equivalences (1/2) ◮ ϕ : formula whose free variables are among x 1 , . . . , x n . ◮ The propositions below are equivalent: (I) ϕ is valid. (II) ∀ x 1 , . . . , x n ϕ is valid. (III) ∀ x 1 , . . . , x n ϕ is satisfiable. (IV) ∀ x 1 , . . . , x n ϕ is equivalent to ⊤ .

Equivalences (2/2) ◮ ϕ : formula whose free variables are among x 1 , . . . , x n . ◮ The propositions below are equivalent: (I) ϕ is satisfiable. (II) ∃ x 1 , . . . , x n ϕ is valid. (III) ∃ x 1 , . . . , x n ϕ is satisfiable. (IV) ∃ x 1 , . . . , x n ϕ is equivalent to ⊤ .

Defining sets of tuples ◮ Formula ϕ ( x 1 , . . . , x n ) with n free variables: = {� v ( x 1 ) , . . . , v ( x n ) � ∈ N n : v | def � ϕ ( x 1 , . . . , x n ) � = ϕ } ◮ � x 1 < x 2 � = {� n , n ′ � ∈ N 2 : n < n ′ } . ◮ � x = x + x � = { 0 } . ◮ ϕ is satisfiable iff � ϕ � is non-empty. ◮ ϕ is valid (with free variables x 1 , . . . ,x n ) iff � ϕ � = N n .

Presburger sets ◮ X ⊆ N d is a Presburger set def ⇔ there is ϕ with free variables x 1 , . . . , x d such that � ϕ � = X . x 2 ++ ; x 1 -- x 1 ++ x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ q 1 q 2 q 3 q 4 � x 1 ≥ 1 ∧ x 2 ≥ 3 ∧ x 1 + x 2 ≥ 6 � = {� n , m � | � q 1 , 0 , 0 � ∗ − → � q 4 , n , m �}

A rough analysis x 2 ++ ; x 1 -- x 1 ++ x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ q 1 q 2 q 3 q 4 � x 1 = x 2 = 0 � = {� n , m � | � q 1 , 0 , 0 � ∗ − → � q 1 , n , m �} � x 2 = 1 ∧ x 1 ≥ 1 � = {� n , m � | � q 1 , 0 , 0 � ∗ − → � q 2 , n , m �} � x 2 ≥ 2 ∧ x 1 + x 2 ≥ 4 � = {� n , m � | � q 1 , 0 , 0 � ∗ − → � q 3 , n , m �} � x 1 ≥ 1 ∧ x 2 ≥ 3 ∧ x 1 + x 2 ≥ 6 � = {� n , m � | � q 1 , 0 , 0 � ∗ − → � q 4 , n , m �}

Quantifiers can help ∃ z 1 , z 2 , z 3 ( x 1 = 3 + z 1 − z 2 ) ∧ ( x 2 = 3 + z 2 + z 3 ) ∧ 2 + z 1 − z 2 ≥ 0 (equivalent to add ( x 1 ≥ 1 ) ) x 2 ++ ; x 1 -- x 1 ++ x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ x 1 ++ ; x 2 ++ q 1 q 2 q 3 q 4

Always good to capture the reachability sets ◮ Suppose � ϕ q � = { x ∈ N n : � q 0 , x 0 � ∗ − → � q , x �} for every control state/location q . ◮ { x ∈ N n : � q 0 , x 0 � ∗ − → � q , x �} is infinite iff the formula below is satisfiable: ¬ ∃ y ∀ x 1 , . . . , x n ϕ q ( x 1 , . . . , x n ) ⇒ ( x 1 ≤ y ∧ · · · ∧ x n ≤ y ) ◮ � q 0 , x 0 � ∗ − → � q , z � iff the formula below is satisfiable: ϕ q ( x 1 , . . . , x n ) ∧ x 1 = z ( 1 ) ∧ · · · ∧ x n = z ( n ) , ◮ Control state q can be reached from � q 0 , x 0 � iff the Presburger formula ϕ q ( x 1 , . . . , x n ) is satisfiable.

Refinement: new set of atomic formulae ⊤ | ⊥ | t ≤ t ′ | t ≡ k t ′ | t = t ′ | t < t ′ | t ≥ t ′ | t > t ′ (PAF) def ◮ A formula ϕ is quantifier-free ⇔ ϕ is a Boolean combination of atomic formulae (i.e. without quantifiers). ( x + y ≡ 5 z ) ∨ ( y > 23 ) ◮ Linear fragment (LIN) = (PAF) � modulo constraints ⊤ | ⊥ | t ≤ t ′ | t = t ′ | t < t ′ | t ≥ t ′ | t > t ′ (LIN)