smt techniques and solvers in automated termination
play

SMT Techniques and Solvers in Automated Termination Analysis - PowerPoint PPT Presentation

Dec 30, 2023 •679 likes •1.83k views

SMT Techniques and Solvers in Automated Termination Analysis Carsten Fuhs Birkbeck, University of London 2 nd July 2016 14 th Workshop on SAT Modulo Theories (SMT) Coimbra, Portugal Why analyze termination? 2/25 Why analyze termination? 1

  1. Example (Division)  minus ( x, 0 ) → x   minus ( s ( x ) , s ( y )) → minus ( x, y )  R = quot ( 0 , s ( y )) → 0   quot ( s ( x ) , s ( y )) → s ( quot ( minus ( x, y ) , s ( y )))  minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y )  →  minus ♯ ( x, y ) quot ♯ ( s ( x ) , s ( y )) DP = → quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) →  Dependency Pairs [Arts, Giesl, TCS ’00 ] For TRS R build dependency pairs DP ( ∼ function calls) Show: No ∞ call sequence with DP (eval of DP ’s args via R ) Dependency Pair Framework [Giesl et al, JAR ’06 ] (simplified): while DP � = ∅ : 10/25

  2. Example (Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) � minus ( x, y )  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))  minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y )  �  minus ♯ ( x, y ) quot ♯ ( s ( x ) , s ( y )) DP = � quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) �  Dependency Pairs [Arts, Giesl, TCS ’00 ] For TRS R build dependency pairs DP ( ∼ function calls) Show: No ∞ call sequence with DP (eval of DP ’s args via R ) Dependency Pair Framework [Giesl et al, JAR ’06 ] (simplified): while DP � = ∅ : find well-founded order ≻ with DP ∪ R ⊆ � 10/25

  3. Example (Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) � minus ( x, y )  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))   minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) ( � )   quot ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) DP = ( � ) quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) ( � )   Dependency Pairs [Arts, Giesl, TCS ’00 ] For TRS R build dependency pairs DP ( ∼ function calls) Show: No ∞ call sequence with DP (eval of DP ’s args via R ) Dependency Pair Framework [Giesl et al, JAR ’06 ] (simplified): while DP � = ∅ : find well-founded order ≻ with DP ∪ R ⊆ � delete s → t with s ≻ t from DP 10/25

  4. Example (Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) � minus ( x, y )  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))   minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) ( � )   quot ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) DP = ( � ) quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) ( � )   Dependency Pairs [Arts, Giesl, TCS ’00 ] For TRS R build dependency pairs DP ( ∼ function calls) Show: No ∞ call sequence with DP (eval of DP ’s args via R ) Dependency Pair Framework [Giesl et al, JAR ’06 ] (simplified): while DP � = ∅ : find well-founded order ≻ with DP ∪ R ⊆ � delete s → t with s ≻ t from DP Find ≻ automatically and efficiently 10/25

  5. Polynomial interpretations Get ≻ via polynomial interpretations [ · ] over N [Lankford ’79] → ranking functions for rewriting Example minus ( s ( x ) , s ( y )) � minus ( x, y ) 11/25

  6. Polynomial interpretations Get ≻ via polynomial interpretations [ · ] over N [Lankford ’79] → ranking functions for rewriting Example minus ( s ( x ) , s ( y )) � minus ( x, y ) Use [ · ] with [ minus ] ( x 1 , x 2 ) = x 1 [ s ] ( x 1 ) = x 1 + 1 11/25

  7. Polynomial interpretations Get ≻ via polynomial interpretations [ · ] over N [Lankford ’79] → ranking functions for rewriting Example ∀ x, y. x + 1 = [ minus ( s ( x ) , s ( y )) ] ≥ [ minus ( x, y ) ] = x Use [ · ] with [ minus ] ( x 1 , x 2 ) = x 1 [ s ] ( x 1 ) = x 1 + 1 Extend to terms: [ x ] = x [ f ( t 1 , . . . , t n ) ] = [ f ] ( [ t 1 ] , . . . , [ t n ] ) ≻ boils down to > over N 11/25

  8. Example (Constraints for Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) minus ( x, y ) �  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))   minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) ( � )   quot ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) DP = ( � ) quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) ( � )   12/25

  9. Example (Constraints for Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) � minus ( x, y )  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))  minus ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y )  ≻  quot ♯ ( s ( x ) , s ( y )) minus ♯ ( x, y ) DP = ≻ quot ♯ ( s ( x ) , s ( y )) quot ♯ ( minus ( x, y ) , s ( y )) ≻  Use interpretation [ · ] over N with [ quot ♯ ] ( x 1 , x 2 ) = x 1 + x 2 . [ quot ] ( x 1 , x 2 ) = x 1 + x 2 [ minus ♯ ] ( x 1 , x 2 ) = x 1 [ minus ] ( x 1 , x 2 ) = x 1 [ 0 ] = 0 [ s ] ( x 1 ) = x 1 + 1 � order solves all constraints 12/25

  10. Example (Constraints for Division)  minus ( x, 0 ) � x   minus ( s ( x ) , s ( y )) � minus ( x, y )  R = quot ( 0 , s ( y )) � 0   quot ( s ( x ) , s ( y )) � s ( quot ( minus ( x, y ) , s ( y )))    DP =  Use interpretation [ · ] over N with [ quot ♯ ] ( x 1 , x 2 ) = x 1 + x 2 . [ quot ] ( x 1 , x 2 ) = x 1 + x 2 [ minus ♯ ] ( x 1 , x 2 ) = x 1 [ minus ] ( x 1 , x 2 ) = x 1 [ 0 ] = 0 [ s ] ( x 1 ) = x 1 + 1 � order solves all constraints � DP = ∅ � termination of division algorithm proved � 12/25

  11. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 13/25

  12. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 13/25

  13. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 13/25

  14. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 3 Eliminate ∀ x, y by absolute positiveness criterion [Hong, Jakuš, JAR ’98 ] : a s b m + a s c m ≥ 0 ∧ b s b m − b m ≥ 0 ∧ b s c m − c m ≥ 0 Here: 13/25

  15. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 3 Eliminate ∀ x, y by absolute positiveness criterion [Hong, Jakuš, JAR ’98 ] : a s b m + a s c m ≥ 0 ∧ b s b m − b m ≥ 0 ∧ b s c m − c m ≥ 0 Here: 13/25

  16. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 3 Eliminate ∀ x, y by absolute positiveness criterion [Hong, Jakuš, JAR ’98 ] : a s b m + a s c m ≥ 0 ∧ b s b m − b m ≥ 0 ∧ b s c m − c m ≥ 0 Here: 13/25

  17. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 3 Eliminate ∀ x, y by absolute positiveness criterion [Hong, Jakuš, JAR ’98 ] : a s b m + a s c m ≥ 0 ∧ b s b m − b m ≥ 0 ∧ b s c m − c m ≥ 0 Here: Non-linear constraints (QF_NIA), even for linear interpretations 13/25

  18. Automation Task: Solve minus ( s ( x ) , s ( y )) � minus ( x, y ) 1 Fix a degree, use pol. interpretation with parametric coefficients: [ minus ] ( x, y ) = a m + b m x + c m y, [ s ] ( x ) = a s + b s x 2 From term constraint to polynomial constraint: s � t � [ s ] ≥ [ t ] Here: ∀ x, y. ( a s b m + a s c m ) + ( b s b m − b m ) x + ( b s c m − c m ) y ≥ 0 3 Eliminate ∀ x, y by absolute positiveness criterion [Hong, Jakuš, JAR ’98 ] : a s b m + a s c m ≥ 0 ∧ b s b m − b m ≥ 0 ∧ b s c m − c m ≥ 0 Here: Non-linear constraints (QF_NIA), even for linear interpretations Task: Show satisfiability of non-linear constraints over N � Prove termination of given term rewrite system 13/25

  19. Extensions Polynomials with negative coefficients and max-operator [Hirokawa, Middeldorp, IC ’07 ; Fuhs et al, SAT ’07, RTA ’08 ] models behavior of functions more closely automation via SMT for QF_NIA, more complex Boolean structure 14/25

  20. Extensions Polynomials with negative coefficients and max-operator [Hirokawa, Middeldorp, IC ’07 ; Fuhs et al, SAT ’07, RTA ’08 ] models behavior of functions more closely automation via SMT for QF_NIA, more complex Boolean structure Polynomials over Q + and R + [Lucas, RAIRO ’05 ] non-integer coefficients increase proving power SMT-based automation [Fuhs et al, AISC ’08 ; Zankl, Middeldorp, LPAR ’10 ; Borralleras et al, JAR ’12 ] 14/25

  21. Extensions Polynomials with negative coefficients and max-operator [Hirokawa, Middeldorp, IC ’07 ; Fuhs et al, SAT ’07, RTA ’08 ] models behavior of functions more closely automation via SMT for QF_NIA, more complex Boolean structure Polynomials over Q + and R + [Lucas, RAIRO ’05 ] non-integer coefficients increase proving power SMT-based automation [Fuhs et al, AISC ’08 ; Zankl, Middeldorp, LPAR ’10 ; Borralleras et al, JAR ’12 ] Matrix interpretations [Endrullis, Waldmann, Zantema, JAR ’08 ] interpretation to vectors over N k , coefficients are matrices useful for deeply nested terms QF_NIA instances with more complex atoms 14/25

  22. Extensions Polynomials with negative coefficients and max-operator [Hirokawa, Middeldorp, IC ’07 ; Fuhs et al, SAT ’07, RTA ’08 ] models behavior of functions more closely automation via SMT for QF_NIA, more complex Boolean structure Polynomials over Q + and R + [Lucas, RAIRO ’05 ] non-integer coefficients increase proving power SMT-based automation [Fuhs et al, AISC ’08 ; Zankl, Middeldorp, LPAR ’10 ; Borralleras et al, JAR ’12 ] Matrix interpretations [Endrullis, Waldmann, Zantema, JAR ’08 ] interpretation to vectors over N k , coefficients are matrices useful for deeply nested terms QF_NIA instances with more complex atoms “Arctic” matrices on the max-plus semiring on N or Z (instead of plus-times) [Koprowski, Waldmann, Acta Cyb. ’09 ] very useful for deeply nested terms can be encoded to QF_ L IA, but (unary!) bit-blasting seems to be faster in practice [Codish, Fekete, Fuhs, Giesl, Waldmann, SMT ’12 ] 14/25

  23. Extensions Polynomials with negative coefficients and max-operator [Hirokawa, Middeldorp, IC ’07 ; Fuhs et al, SAT ’07, RTA ’08 ] models behavior of functions more closely automation via SMT for QF_NIA, more complex Boolean structure Polynomials over Q + and R + [Lucas, RAIRO ’05 ] non-integer coefficients increase proving power SMT-based automation [Fuhs et al, AISC ’08 ; Zankl, Middeldorp, LPAR ’10 ; Borralleras et al, JAR ’12 ] Matrix interpretations [Endrullis, Waldmann, Zantema, JAR ’08 ] interpretation to vectors over N k , coefficients are matrices useful for deeply nested terms QF_NIA instances with more complex atoms “Arctic” matrices on the max-plus semiring on N or Z (instead of plus-times) [Koprowski, Waldmann, Acta Cyb. ’09 ] very useful for deeply nested terms can be encoded to QF_ L IA, but (unary!) bit-blasting seems to be faster in practice [Codish, Fekete, Fuhs, Giesl, Waldmann, SMT ’12 ] 14/25

  24. Example (bits)  half ( 0 ) → 0 bits ( 0 ) → 0  R = half ( s ( 0 )) → 0 bits ( s ( x )) → s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) → s ( half ( x ))  15/25

  25. Example (bits)  half ( 0 ) → 0 bits ( 0 ) → 0  R = half ( s ( 0 )) → 0 bits ( s ( x )) → s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) → s ( half ( x ))  half ♯ ( s ( s ( x ))) half ♯ ( x )  →  bits ♯ ( s ( x )) half ♯ ( s ( x )) DP = → bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) →  15/25

  26. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))   half ♯ ( s ( s ( x ))) half ♯ ( x ) ( � )   bits ♯ ( s ( x )) half ♯ ( s ( x )) DP = ( � ) bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ( � )   15/25

  27. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP = bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ≻  15/25

  28. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP = bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ≻  Classic polynomials cannot solve bits ♯ ( s ( x )) ≻ bits ♯ ( half ( s ( x ))) 15/25

  29. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP = bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ≻  Classic polynomials cannot solve bits ♯ ( s ( x )) ≻ bits ♯ ( half ( s ( x ))) [ bits ♯ ] ( x ) = x, [ half ] ( x ) = x − 1 Remedy: [ s ] ( x ) = x + 1 , 15/25

  30. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP = bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ≻  Classic polynomials cannot solve bits ♯ ( s ( x )) ≻ bits ♯ ( half ( s ( x ))) [ bits ♯ ] ( x ) = x, [ half ] ( x ) = x − 1 Remedy: [ s ] ( x ) = x + 1 , But: Then ≻ not well founded any more: 0 ≻ half ( 0 ) ≻ half ( half ( 0 )) ≻ . . . 15/25

  31. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP = bits ♯ ( s ( x )) bits ♯ ( half ( s ( x ))) ≻  Classic polynomials cannot solve bits ♯ ( s ( x )) ≻ bits ♯ ( half ( s ( x ))) [ bits ♯ ] ( x ) = x, [ half ] ( x ) = x − 1 Remedy: [ s ] ( x ) = x + 1 , But: Then ≻ not well founded any more: 0 ≻ half ( 0 ) ≻ half ( half ( 0 )) ≻ . . . ⇒ Solution [Hirokawa, Middeldorp, IC ’07 ] : [ half ] ( x 1 ) = max( x 1 − 1 , 0) ⇒ [ half ( s ( x )) ] = max(( x + 1) − 1 , 0) = x 15/25

  32. Example (bits)  half ( 0 ) � 0 bits ( 0 ) � 0  R = half ( s ( 0 )) � 0 bits ( s ( x )) � s ( bits ( half ( s ( x )))) half ( s ( s ( x ))) � s ( half ( x ))    DP =  Classic polynomials cannot solve bits ♯ ( s ( x )) ≻ bits ♯ ( half ( s ( x ))) [ bits ♯ ] ( x ) = x, [ half ] ( x ) = x − 1 Remedy: [ s ] ( x ) = x + 1 , But: Then ≻ not well founded any more: 0 ≻ half ( 0 ) ≻ half ( half ( 0 )) ≻ . . . ⇒ Solution [Hirokawa, Middeldorp, IC ’07 ] : [ half ] ( x 1 ) = max( x 1 − 1 , 0) ⇒ [ half ( s ( x )) ] = max(( x + 1) − 1 , 0) = x 15/25

  33. Problem: Expressions like max( x 1 − 1 , 0) are no polynomials For [ s ] > [ t ], show 16/25

  34. Problem: Expressions like max( x 1 − 1 , 0) are no polynomials For [ s ] > [ t ], show [ s ] left > [ t ] right [ s ] left under-approximation of [ s ] [ t ] right over-approximation of [ t ] [ s ] left , [ t ] right polynomials 16/25

  35. Problem: Expressions like max( x 1 − 1 , 0) are no polynomials For [ s ] > [ t ], show [ s ] left > [ t ] right [ s ] left under-approximation of [ s ] [ t ] right over-approximation of [ t ] [ s ] left , [ t ] right polynomials Automation initially: Generate-and-test Approx. for max( p, 0) depend on signum of constant addend of p [ s ( x ) ] right ⇒ [ s ( x ) ] = max( x + 1 , 0) = x + 1 [ half ( x ) ] right [ half ( x ) ] = max( x − 1 , 0) ⇒ = x 16/25

  36. Problem: Expressions like max( x 1 − 1 , 0) are no polynomials For [ s ] > [ t ], show [ s ] left > [ t ] right [ s ] left under-approximation of [ s ] [ t ] right over-approximation of [ t ] [ s ] left , [ t ] right polynomials Automation initially: Generate-and-test Approx. for max( p, 0) depend on signum of constant addend of p [ s ( x ) ] right ⇒ [ s ( x ) ] = max( x + 1 , 0) = x + 1 [ half ( x ) ] right [ half ( x ) ] = max( x − 1 , 0) ⇒ = x Solution [Fuhs et al, SAT ’07 ] : Encode case analysis . . . [ f ( x ) ] right = a f x 1 + c f ( x ) [ f ( x ) ] = max( a f x 1 + b f , 0) ⇒ . . . using side constraints ( b f ≥ 0 → c f ( x ) = b f ) ∧ ( b f < 0 → c f ( x ) = 0) Boolean structure in SMT quite handy! 16/25

  37. (SAT and) SMT solving for path orders Path orders: based on precedences of function symbols Recursive Path Order [Dershowitz, TCS ’82 ; Codish et al, JAR ’11 ] Weighted Path Order [Yamada, Kusakari, Sakabe, SCP ’15 ] 17/25

  38. (SAT and) SMT solving for path orders Path orders: based on precedences of function symbols Recursive Path Order [Dershowitz, TCS ’82 ; Codish et al, JAR ’11 ] Weighted Path Order [Yamada, Kusakari, Sakabe, SCP ’15 ] Knuth-Bendix Order [Knuth, Bendix, CPAA ’70 ] → SMT-Encoding to QF_LIA [Zankl, Hirokawa, Middeldorp, JAR ’09 ] outperformed polynomial time algorithm [Korovin, Voronkov, IC ’03 ] in experiments 17/25

  39. (SAT and) SMT solving for path orders Path orders: based on precedences of function symbols Recursive Path Order [Dershowitz, TCS ’82 ; Codish et al, JAR ’11 ] Weighted Path Order [Yamada, Kusakari, Sakabe, SCP ’15 ] Knuth-Bendix Order [Knuth, Bendix, CPAA ’70 ] → SMT-Encoding to QF_LIA [Zankl, Hirokawa, Middeldorp, JAR ’09 ] outperformed polynomial time algorithm [Korovin, Voronkov, IC ’03 ] in experiments Analogy: Exponential-time simplex vs. polynomial-time interior-point methods for QF_LRA? 17/25

  40. Further extensions Constrained term rewriting [Fuhs et al, RTA ’09 ; Kop, Nishida, FroCoS ’13 ; Rocha, Meseguer, Muñoz, WRLA ’14 ] term rewriting with predefined operations from SMT theories, e.g. integer arithmetic, . . . target language for translations from programming languages 18/25

  41. Further extensions Constrained term rewriting [Fuhs et al, RTA ’09 ; Kop, Nishida, FroCoS ’13 ; Rocha, Meseguer, Muñoz, WRLA ’14 ] term rewriting with predefined operations from SMT theories, e.g. integer arithmetic, . . . target language for translations from programming languages Complexity analysis [Hirokawa, Moser, IJCAR ’08 ; Noschinski, Emmes, Giesl, JAR ’13 ] Can re-use termination machinery to infer and prove statements like “runtime complexity of this TRS is in O ( n 3 ) ” 18/25

  42. SMT solvers from termination analysis Annual SMT-COMP, division QF_NIA Year Winner 2009 Barcelogic-QF_NIA 2010 MiniSmt 2011 AProVE 2012 no QF_NIA 2013 no SMT-COMP 2014 AProVE 2015 AProVE 2016 → today, 4 pm 19/25

  43. SMT solvers from termination analysis Annual SMT-COMP, division QF_NIA Year Winner 2009 Barcelogic-QF_NIA 2010 MiniSmt (spin-off of T T 2) T 2011 AProVE 2012 no QF_NIA 2013 no SMT-COMP 2014 AProVE 2015 AProVE 2016 → today, 4 pm ⇒ Termination provers can also be successful SMT solvers! 19/25

  44. SMT solvers from termination analysis Annual SMT-COMP, division QF_NIA Year Winner 2009 Barcelogic-QF_NIA 2010 MiniSmt (spin-off of T T 2) T 2011 AProVE 2012 no QF_NIA 2013 no SMT-COMP 2014 AProVE 2015 AProVE 2016 → today, 4 pm ⇒ Termination provers can also be successful SMT solvers! (disclaimer: Z3 participated only hors concours in the last years) 19/25

  45. Term Rewrite Systems (TRSs) 1 Imperative Programs 2 20/25

  46. Papers on termination of imperative programs often about integers as data 21/25

  47. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: while x � = 0: x = x − 1 Does this program terminate? 21/25

  48. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: ℓ 0 : ℓ 1 : while x � = 0: ℓ 2 : x = x − 1 Does this program terminate? Example (Equivalent translation to transition system) → [ x ≥ 0] ℓ 0 ( x ) ℓ 1 ( x ) ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0] 21/25

  49. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: ℓ 0 : ℓ 1 : while x � = 0: ℓ 2 : x = x − 1 Does this program terminate? Example (Equivalent translation to transition system) → [ x ≥ 0] ℓ 0 ( x ) ℓ 1 ( x ) ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0] Oh no! ℓ 1 ( − 1) → ℓ 2 ( − 1) → ℓ 1 ( − 2) → ℓ 2 ( − 2) → ℓ 1 ( − 3) → · · · 21/25

  50. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: ℓ 0 : ℓ 1 : while x � = 0: ℓ 2 : x = x − 1 Does this program terminate? Example (Equivalent translation to transition system) → [ x ≥ 0] ℓ 0 ( x ) ℓ 1 ( x ) ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0] Oh no! ℓ 1 ( − 1) → ℓ 2 ( − 1) → ℓ 1 ( − 2) → ℓ 2 ( − 2) → ℓ 1 ( − 3) → · · · ⇒ Restrict initial states to ℓ 0 ( z ) for z ∈ Z 21/25

  51. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: ℓ 0 : ℓ 1 : while x � = 0: ℓ 2 : x = x − 1 Does this program terminate? Example (Equivalent translation to transition system) → [ x ≥ 0] ℓ 0 ( x ) ℓ 1 ( x ) ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0] Oh no! ℓ 1 ( − 1) → ℓ 2 ( − 1) → ℓ 1 ( − 2) → ℓ 2 ( − 2) → ℓ 1 ( − 3) → · · · ⇒ Restrict initial states to ℓ 0 ( z ) for z ∈ Z ⇒ Find invariant x ≥ 0 at ℓ 1 , ℓ 2 21/25

  52. Papers on termination of imperative programs often about integers as data Example (Imperative program) if x ≥ 0: ℓ 0 : ℓ 1 : while x � = 0: ℓ 2 : x = x − 1 Does this program terminate? Example (Equivalent translation to transition system) → [ x ≥ 0] ℓ 0 ( x ) ℓ 1 ( x ) ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Oh no! ℓ 1 ( − 1) → ℓ 2 ( − 1) → ℓ 1 ( − 2) → ℓ 2 ( − 2) → ℓ 1 ( − 3) → · · · ⇒ Restrict initial states to ℓ 0 ( z ) for z ∈ Z ⇒ Find invariant x ≥ 0 at ℓ 1 , ℓ 2 21/25

  53. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) → ℓ 1 ( x ) [ x ≥ 0] ℓ 1 ( x ) → ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) → ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) → ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x 22/25

  54. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) ℓ 1 ( x ) [ x ≥ 0] � ℓ 1 ( x ) � ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) ≻ ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) � ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x 22/25

  55. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) ℓ 1 ( x ) [ x ≥ 0] � ℓ 1 ( x ) � ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) ≻ ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) � ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x Automate search using parametric ranking function: [ ℓ 0 ] ( x ) = a 0 + b 0 · x, [ ℓ 1 ] ( x ) = a 1 + b 1 · x, . . . 22/25

  56. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) ℓ 1 ( x ) [ x ≥ 0] � ℓ 1 ( x ) � ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) ≻ ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) � ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x Automate search using parametric ranking function: [ ℓ 0 ] ( x ) = a 0 + b 0 · x, [ ℓ 1 ] ( x ) = a 1 + b 1 · x, . . . Constraints e.g.: x ≥ 0 ⇒ a 2 + b 2 · x > a 1 + b 1 · ( x − 1) “decrease . . . ” x ≥ 0 ⇒ a 2 + b 2 · x ≥ 0 “. . . against a bound” 22/25

  57. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) ℓ 1 ( x ) [ x ≥ 0] � ℓ 1 ( x ) � ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) ≻ ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) � ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x Automate search using parametric ranking function: [ ℓ 0 ] ( x ) = a 0 + b 0 · x, [ ℓ 1 ] ( x ) = a 1 + b 1 · x, . . . Constraints e.g.: x ≥ 0 ⇒ a 2 + b 2 · x > a 1 + b 1 · ( x − 1) “decrease . . . ” x ≥ 0 ⇒ a 2 + b 2 · x ≥ 0 “. . . against a bound” Use Farkas’ Lemma to eliminate ∀ x , QF_LRA solver gives model for a i , b i . 22/25

  58. Proving termination with invariants Example (Transition system with invariants) ℓ 0 ( x ) ℓ 1 ( x ) [ x ≥ 0] � ℓ 1 ( x ) � ℓ 2 ( x ) [ x � = 0 ∧ x ≥ 0] ℓ 2 ( x ) ≻ ℓ 1 ( x − 1) [ x ≥ 0] ℓ 1 ( x ) � ℓ 3 ( x ) [ x == 0 ∧ x ≥ 0] Prove termination by ranking function [ · ] with [ ℓ 0 ] ( x ) = [ ℓ 1 ] ( x ) = · · · = x Automate search using parametric ranking function: [ ℓ 0 ] ( x ) = a 0 + b 0 · x, [ ℓ 1 ] ( x ) = a 1 + b 1 · x, . . . Constraints e.g.: x ≥ 0 ⇒ a 2 + b 2 · x > a 1 + b 1 · ( x − 1) “decrease . . . ” x ≥ 0 ⇒ a 2 + b 2 · x ≥ 0 “. . . against a bound” Use Farkas’ Lemma to eliminate ∀ x , QF_LRA solver gives model for a i , b i . More: [Podelski, Rybalchenko, VMCAI ’04 , Alias et al, SAS ’10 ] 22/25

  59. Searching for invariants using SMT Termination prover needs to find invariants for programs on integers Statically before the translation [Ströder et al, IJCAR ’14 ] In cooperation with a safety prover [Brockschmidt, Cook, Fuhs, CAV ’13 ] Using Max-SMT [Larraz, Oliveras, Rodríguez-Carbonell, Rubio, FMCAD ’13 ] Nowadays all SMT-based! 23/25

  60. Extensions Proving non -termination (infinite run from initial states is possible) [Gupta et al, POPL ’08 , Brockschmidt et al, FoVeOOS ’11 , Chen et al, TACAS ’14 , Larraz et al, CAV ’14 , Cook et al, FMCAD ’14 ] CTL ∗ model checking for infinite state systems based on termination and non-termination provers [Cook, Khlaaf, Piterman, CAV ’15 ] Complexity bounds [Alias et al, SAS ’10 , Hoffmann, Shao, JFP ’15 , Brockschmidt et al, TOPLAS ’16 ] 24/25

  61. Conclusion Automated termination analysis for term rewriting and for imperative programs developed in parallel over the last ∼ 15 years 25/25

  62. Conclusion Automated termination analysis for term rewriting and for imperative programs developed in parallel over the last ∼ 15 years Term rewriting: need to encode how to represent data structures 25/25

  63. Conclusion Automated termination analysis for term rewriting and for imperative programs developed in parallel over the last ∼ 15 years Term rewriting: need to encode how to represent data structures Imperative programs on integers: need to consider reachability and invariants 25/25

  64. Conclusion Automated termination analysis for term rewriting and for imperative programs developed in parallel over the last ∼ 15 years Term rewriting: need to encode how to represent data structures Imperative programs on integers: need to consider reachability and invariants Since a few years cross-fertilization 25/25

Recommend

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany VTSA 12, Saarbr ucken, Germany Overview I. Termination of Term Rewriting 1 Termination of Term Rewrite Systems 2 Non-Termination of Term

1.47k views • 133 slides
Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University,

Automated Termination Analysis J urgen Giesl LuFG Informatik 2, RWTH Aachen University, Germany VTSA 12, Saarbr ucken, Germany Overview I. Termination of Term Rewriting 1 Termination of Term Rewrite Systems 2 Non-Termination of Term

1.93k views • 148 slides
Stratification Criteria and Rewriting Techniques for Checking Chase Termination S. Greco, F .

Stratification Criteria and Rewriting Techniques for Checking Chase Termination S. Greco, F .

Stratification Criteria and Rewriting Techniques for Checking Chase Termination Stratification Criteria and Rewriting Techniques for Checking Chase Termination S. Greco, F . Spezzano and I. Trubitsyna DEIS, Universit` a della Calabria - Italy

1.51k views • 112 slides
UNIVERSAL LICENSING SYSTEM AUTOMATED TERMINATION AND ELECTRONIC FILING OF PLEADINGS January 24,

UNIVERSAL LICENSING SYSTEM AUTOMATED TERMINATION AND ELECTRONIC FILING OF PLEADINGS January 24,

UNIVERSAL LICENSING SYSTEM AUTOMATED TERMINATION AND ELECTRONIC FILING OF PLEADINGS January 24, 2006 10:30 AM Room 8-B516 of the Portals II Building 445 Twelfth Street, SW Washington, DC 20554 1 Agenda Introduction Purpose of the Public

773 views • 61 slides
Solvers Principles and Architecture (SPA) Lecture 1 SAT Solvers Master Sciences Informatique

Solvers Principles and Architecture (SPA) Lecture 1 SAT Solvers Master Sciences Informatique

Solvers Principles and Architecture (SPA) Lecture 1 SAT Solvers Master Sciences Informatique (Sif) September 25th, 2017 Rennes Khalil Ghorbal k halil.ghorbal@inria.fr K. Ghorbal (INRIA) 1 SIF M2 1 / 42 Automated Theorem Proving

1.42k views • 102 slides
Types of Termination Mutual With Consent Termination Automatic Termination

Types of Termination Mutual With Consent Termination Automatic Termination

Types of Termination Mutual With Consent Termination Automatic Termination Termination Termination for Convenience Without Consent Frustration /Force Majeure Contractual Breach Breach Common Law Breach

444 views • 29 slides
An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for

An Empirical Comparison of Automated Generation and Classification Techniques for Object-Oriented Unit Testing Marcelo dAmorim (UIUC) Carlos Pacheco (MIT) Tao Xie (NCSU) Darko Marinov (UIUC) Michael D. Ernst (MIT) Automated Software

513 views • 33 slides
SAT and SMT Solvers in Practice Marijn J.H. Heule and Ruben Martins

SAT and SMT Solvers in Practice Marijn J.H. Heule and Ruben Martins

SAT and SMT Solvers in Practice Marijn J.H. Heule and Ruben Martins http://www.cs.cmu.edu/~mheule/15816-f19/ Automated Reasoning and Satisfiability, September 12, 2019 1/24 DIMACS: SAT solver input format The DIMACS format for SAT solvers has

580 views • 27 slides
Automated Configuration of MIP solvers Frank Hutter, Holger Hoos, and Kevin Leyton-Brown

Automated Configuration of MIP solvers Frank Hutter, Holger Hoos, and Kevin Leyton-Brown

Automated Configuration of MIP solvers Frank Hutter, Holger Hoos, and Kevin Leyton-Brown Department of Computer Science University of British Columbia Vancouver, Canada { hutter,hoos,kevinlb } @cs.ubc.ca CPAIOR 2010, June 16 Parameters in

1.09k views • 73 slides
Termination of Rewrite Systems (I) 15ai (based on Dershowitz, JSC, 3, 87) Some basic properties

Termination of Rewrite Systems (I) 15ai (based on Dershowitz, JSC, 3, 87) Some basic properties

Termination of Rewrite Systems (I) 15ai (based on Dershowitz, JSC, 3, 87) Some basic properties relevant for termination: (note: s t means s&gt;t or s=t) AUTOMATED REASONING Monotonicity: if t&gt;u then f(t) &gt; f(u).

214 views • 4 slides
Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU

Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU

Introduction Three Easy, Automated Techniques Tools for Cryptography Conclusion Cryptanalysis of Symmetric-Key Primitives: Automated Techniques Nicky Mouha ESAT/COSIC, KU Leuven, Belgium IBBT, Belgium Summer School on Tools, Mykonos

886 views • 77 slides
. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

. Needs effective (finitary) representation .. Failed Termination Proof vs. Non- TNT:

Runtime Errors Proving Non-Termination Ashutosh K. Gupta Thomas A. Henzinger Rupak Majumdar MPI-SWS EPFL UCLA Andrey Rybalchenko Ru-Gang Xu MPI-SWS UCLA 2 Non-Termination Errors Proving Non-Termination Search for infinite

402 views • 6 slides
Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using

Introduction to SAT and SMT Solvers Interfacing Yosys and SMT Solvers for BMC and more using SMT-LIB 2.5 Clifford Wolf 1 Abstract Bounded model checking and other SAT-based formal methods are an important part of todays digital design

773 views • 52 slides
Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies

Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies

Termination Rate Debate in Africa Dr. Christoph Stork Termination = Monopoly Monopolies require price regulation Termination rates at cost of efficient operator Provide incentive to invest in new technologies to reduce costs Promote

605 views • 32 slides
Meta-algorithmic techniques in SAT solving: Automated configuration, selection and beyond

Meta-algorithmic techniques in SAT solving: Automated configuration, selection and beyond

Meta-algorithmic techniques in SAT solving: Automated configuration, selection and beyond Holger H. Hoos BETA Lab Department of Computer Science University of British Columbia Canada SAT/SMT Summer School Trento, Italy, 2012/06/12 What

1.34k views • 94 slides
Course on Automated Planning: MDP &amp; POMDP Planning; Reinforcement Learning Hector Geffner

Course on Automated Planning: MDP &amp; POMDP Planning; Reinforcement Learning Hector Geffner

Course on Automated Planning: MDP &amp; POMDP Planning; Reinforcement Learning Hector Geffner ICREA &amp; Universitat Pompeu Fabra Barcelona, Spain H. Geffner, Course on Automated Planning, Rome, 7/2010 1 Models, Languages, and Solvers A

347 views • 30 slides
Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on

Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on

Introduction Preliminaries Methodology Evaluation Related work Conclusions Methodology for Comparison and Ranking of SAT Solvers Mladen Nikoli c Third Workshop on Formal and Automated Theorem Prooving and Applications January 29, 2010.

974 views • 27 slides
Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection

Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection

Automated Oscillator Macromodelling Techniques for Capturing Amplitude Variations and Injection Locking Xiaolue Lai, Jaijeet Roychowdhury ECE Dept., University of Minnesota, Minneapolis Slide 1 December 10, 2004 Oscillators and Perturbation

502 views • 26 slides
Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Satisfiability Modulo Theories SMT solvers are finding their way in many different application

Applications of SMT solvers Alessandro Cimatti Embedded System Unit Fondazione Bruno Kessler Trento, Italy cimatti@fbk.eu Applications of SMT solvers @ SAT/SMT School, Helsinki, July 2013 Satisfiability Modulo Theories SMT solvers are

1.09k views • 27 slides
Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan

Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan

Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan Carrier, Applications Laboratory Manager at Anatune www.anatune.co.uk Purpose of my presentation To show how we can help tackle challenging

843 views • 52 slides
Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan

Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan

Use of automated sample preparation techniques with GC-SQ, QQQ, and QTOF for aqueous samples Dan Carrier, Applications Laboratory Manager Anatune www.anatune.co.uk Purpose of my presentation To show how we can automate challenging

1.12k views • 68 slides
Termination of Abstract Reduction Systems Jeremy E. Dawson and Rajeev Gor e Logic &amp;

Termination of Abstract Reduction Systems Jeremy E. Dawson and Rajeev Gor e Logic &amp;

Termination of Abstract Reduction Systems Jeremy E. Dawson and Rajeev Gor e Logic &amp; Computation Programme Automated Reasoning Group National ICT Australia Computer Sciences Laboratory Res. Sch. of Inf. Sci. and Eng. Australian National

425 views • 21 slides
Termination of Rewrite Systems (Overview) 15ai Q: Why should we want terminating rewrite systems?

Termination of Rewrite Systems (Overview) 15ai Q: Why should we want terminating rewrite systems?

Termination of Rewrite Systems (Overview) 15ai Q: Why should we want terminating rewrite systems? A: Weve seen that to be useful a set of rewrite rules should be complete; to check completeness uses the Knuth Bendix procedure; AUTOMATED

189 views • 6 slides
Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude

Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude

Semi-Automated Cartographic Techniques to Analyse the Geomorphometric Parameters in High Altitude Glacierised Terrain using SRTM DEM Data M. TAMIL SELVAN Remote Sensing and GIS Centre Jawaharlal Nehru University, New Delhi, India

544 views • 37 slides

More recommend