Satisfiability Modulo Free Data Structures Combined with Bridging - PowerPoint PPT Presentation

Satisfiability Modulo Free Data Structures Combined with Bridging Functions Raphaël Berthon 1 , Christophe Ringeissen 2 1 ENS Rennes 2 LORIA & Inria Nancy Grand Est SMT 2016 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 1 / 22

Outline Introduction 1 Free Data Structures with Bridging Functions 2 Combination Method 3 Conclusion 4 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 2 / 22

Introduction Outline Introduction 1 Free Data Structures with Bridging Functions 2 Combination Method 3 Conclusion 4 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 3 / 22

Introduction Satisfiability Procedures in Deductive Verification verification tools need satisfiability procedures to reason modulo (the combination of) theories ◮ little engines of Satisfiability Modulo Theories (SMT) solvers Recurrent task: solve satisfiability problems expressed in a combination of ◮ fragments of Arithmetic ◮ theories modeling data-structures: list, tree, set, multiset, array, record, UF, ... ◮ bridging functions: length, size, cardinality, ... ◮ data structures instantiated with arbitrary theories of elements: list[tree], array[int], list[bool], tree[bool], ... figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 4 / 22

Introduction Combining Satisfiability Procedures Nelson-Oppen combination method ubiquitous in SMT solvers classical limitations: the component theories are signature-disjoint and stably infinite ◮ bridging functions: a form of non-disjoint combination � ℓ ( cons ( X , Y )) = ℓ ( Y ) + 1 T ℓ = ℓ ( nil ) = 0 ◮ combination with a theory of finite elements ( ∀ X : elem . X = a ∨ X = b ) ∧ a � = b ➼ polite data structures theories are combinable with arbitrary theories of elements [Ranise et al., 2005] This talk: non-disjoint combinations with bridging functions figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 5 / 22

Introduction Non-disjoint Combinations with Bridging Functions Absolutely Free Data structures (AFDS) combined via bridging functions ◮ Lists with length [Fontaine et al., 2005] ◮ Term algebras with integer constraints [Zhang et al., 2006] ◮ AFDS with bridging function [Sofronie-Stokkermans, 2009] ◮ Trees with abstraction function [Suter et al., 2010] ◮ AFDS with bridging function [Chocron et al., 2015] ➼ A combination approach à la Nelson-Oppen for polite theories Free Data Structures (FDS) combined via bridging functions ➼ Trees/Lists/(Multi)Sets with cardinality [Zarba, 2005] This talk: A combination approach à la Nelson-Oppen for FDS? figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 6 / 22

Free Data Structures with Bridging Functions Outline Introduction 1 Free Data Structures with Bridging Functions 2 Combination Method 3 Conclusion 4 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 7 / 22

Free Data Structures with Bridging Functions Free Data Structures (Finite Trees Modulo)   c : struct × struct → struct   Σ = u : elem → struct nil : struct   FDS E = {A | struct A = T (Σ ∪ elem A ) / = E } Remark E can be combinations of regular axioms including Associativity, Commutativity, Unit, Idempotency. figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 8 / 22

Free Data Structures with Bridging Functions Examples of Useful Theories Examples of FDS instances: (Standard interpretation of) Sets, Multisets, Lists. Example E Multiset = AC ( ⊎ ) ∪ {∀ X . X ⊎ ∅ = X } E Set = AC ( ∪ ) ∪ {∀ X . X ∪ ∅ = X , X ∪ X = X } E List = A ( c ) ∪ {∀ X . c ( X , nil ) = X , c ( nil , X ) = X } figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 9 / 22

Free Data Structures with Bridging Functions Surprising Examples Examples of more surprising FDS instances: (Standard interpretation of) Naturals and Booleans. Example E N = AC (+) ∪ {∀ X . X + 0 = X } ∪ {∀ V , W . 1 ( V ) = 1 ( W ) } E B = AC ( ∨ ) ∪ {∀ X . X ∨ ⊥ = X , X ∨ X = X } ∪ {∀ V , W . ⊤ ( V ) = ⊤ ( W ) } figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 10 / 22

Free Data Structures with Bridging Functions Bridging Theory f : FDS E 1 → FDS E 2 defined by structural induction Definition Given the signature Σ f = Σ 1 ∪ Σ 2 ∪ { f : struct 1 → struct 2 } , a bridging Σ f -theory T f associated to f has the form:  f ( c ( X , Y )) = f c ( f ( X ) , f ( Y ))  T f = f ( u ( V )) = f u ( V ) f ( nil ) = f nil  where f c , , f u , f nil are Σ t -terms of respective arities 2 , 1 , 0. Assumption f maps E 1 -equal terms to E 2 -equal terms figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 11 / 22

Free Data Structures with Bridging Functions Bridging Theory: Examples Example The function calculating the set of the elements of a tree:  f ( nil ) = ∅   T f = f ( u ( x )) = { x }  f ( c ( X 1 , X 2 )) = f ( X 1 ) ∪ f ( X 2 )  Example The function calculating the multiset of the elements of a tree:  f ( nil ) = ø   T f = f ( u ( x )) = � x �  f ( c ( X 1 , X 2 )) = f ( X 1 ) ⊎ f ( X 2 )  figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 12 / 22

Free Data Structures with Bridging Functions Combination of Theories Definition Let T 1 = FDS E 1 and T 2 = FDS E 2 . T denotes the class of Σ f -structures A such that A Σ 1 ∈ T 1 , A Σ 2 ∈ T 2 , and A | = T f . in other words, T = T 1 ∪ T f ∪ T 2 . Problem Develop a combination method for T -satisfiability figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 13 / 22

Free Data Structures with Bridging Functions Our Approach: Reduction to Disjoint Combination How to combine satisfiability procedures for theories connected by a bridging theory? Instantiate the axioms of the bridging theory to get ground 1 equalities Hence, the problem is reduced to a disjoint combination: reuse of 2 Nelson-Oppen procedure figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 14 / 22

Combination Method Outline Introduction 1 Free Data Structures with Bridging Functions 2 Combination Method 3 Conclusion 4 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 15 / 22

Combination Method Overview of the Combination Method Purification: Convert the input into a separate form 1 ϕ 1 ∪ ϕ elem ∪ ϕ 2 ∪ ϕ f , where ϕ 1 is flat and solved, ϕ f = � x { f x = f ( x ) } Target Encoding: Consider ϕ 1 ∪ ϕ elem ∪ ϕ 2 ∪ CP ϕ 1 ∪ ϕ f where 2 CP ϕ 1 = { f v = f c ( f x , f y ) | v = c ( x , y ) ∈ ϕ 1 } ∪ { f v = f u ( e ) | v = u ( e ) ∈ ϕ 1 } ∪ { f v = f nil | v = nil ∈ ϕ 1 } ∪ { f v = f x | v = x ∈ ϕ 1 } Guessing range constraints for bridging variables ( f x = i or f x ≥ i ) 3 Inverting range constraints ( f x = i ⇔ x = t i ) 4 Checking satisfiability in component theories 5 figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 16 / 22

Combination Method Combination Method: An Example Assume f : List → Set computes the set of elements in a list. Consider the separate form  X = ( e ) · Y , V = ( e ) , X � = V  ϕ = f X = { e } , f X � = f Y f X = f ( X ) , f Y = f ( Y ) , f V = f ( V )  Let us guess the following values for f Y : f Y = ∅ or f Y = { e ′ } ∪ S . The non-empty case is UNSAT in Set since f Y = ∅ is entailed by { e } ∪ f Y = f X = { e } , f X � = f Y . The case f Y = ∅ is SAT in Set . Then, we add Y = nil and this leads to X = ( e ) · nil = ( e ) = V , which is UNSAT in List . Therefore, ϕ is UNSAT. figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 17 / 22

Combination Method Case Studies A complete procedure (without any guessing for bridging variables), when there is no source disequalities A form of infinite surjectivity, when considering a counting function as bridging function: T f = { f ( c ( X , Y )) = f ( X ) + f ( Y ) , f ( u ( e )) = 1 , f ( nil ) = 0 } A form of sufficient surjectivity, when there are only disequalities between isolated variables figures/inrialoria Berthon, Ringeissen (ENS Rennes, Inria) Satisfiability Modulo Free Data Structures SMT 2016 18 / 22