decision procedures for equality logic and uninterpreted functions

1/66 Decision Procedure Changki Hong @ PSWLAB

Decision Procedures for Equality Logic and Uninterpreted Functions

Daniel Kroening and Ofer StrichmanDecision Procedure


Last talk.. We learnt about Equality logic and Equality

logic with uninterpreted functions.

There were two reduction schemes to trans-form Equality logic with uninterpreted func-tions into Equality logic.

Today, we will cover how to determine satisfi-ability of the Equality logic.


Contents Decision procedure for the Equality logic and

UFs

Decision procedure for the Equality logic Transform equality logic to propositional logic Range allocation algorithm


Basic assumptions and notations Assumptions

Input formulas are in NNF (Negation Normal Form) Input formulas are checked for satisfiability

Notations Equality formula with Uninterpreted Functions: UF

Equality formula: E


Decision procedure for conjunction of equali-ties Input: A conjunction of equalities and dise-

qualities

1. Define an equivalence class for each vari-able. For each equality x = y, unite the equivalence classes of x and y. Repeat until convergence.

2. For each disequality u v if u is in the same equivalence class as v return 'UNSAT'.

3. Return 'SAT'.


Example x1 = x2 ∧ x2 = x3 ∧ x4 = x5 ∧ x5 x1

x1 ,x

2 ,x3 x 4,x 5

Equivalence class Equivalence class

Is there a disequality between members of the same class ?No, so return SAT


Decision procedure for conjunction of equalities with uninterpreted functions x1 = x2 ∧ x2 = x3 ∧ x4 = x5 ∧ x5 x1 ∧ F(x1)

F(x2)

x1 ,x

2 ,x3 x 4,x 5

Equivalence class Equivalence class

F(x1 )

F(x2 )

Equivalence class

Equivalence class


Compute the Congruence Closure x1 = x2 ∧ x2 = x3 ∧ x4 = x5 ∧ x5 x1 ∧ F(x1)

F(x2)x1 ,x

2 ,x3 x 4,x 5

Equivalence classEquivalence class

Given two terms t1, t2 that are in the same class and that F(t1) and F(t2) are terms in for some uninterpreted function F, merge the classes of F(t1) and F(t2). Repeat until there are no more such instances.

If there exists a disequality t1 t2 in UF such that t1 and t2 are in the same equivalence class, return “Unsatisfiable”. Otherwise return “Satisfiable”

F(x1 ),F(x

2 )

Equivalence class


Consider a Boolean structure x1 = x2 ∨ (x2 = x3 ∧ x4 = x5 ∧ x5 x1 ∧ F(x1)

F(x2))

x 4,x 5x 2,x 3

case 1 case 2

Syntactic case splitting: This can work well as long as there are not too many cases to consider.

x1 ,x

2

Equivalence class Equivalence classes

F(x 1) F(x 2)


Basic notions From here on that uninterpreted functions have al-

ready been eliminated that we are solving the sat-isfiability problem for equality logic without unin-terpreted functions.

E: x = y ∧ y = z ∧ z x The Equality predicates: {x = y, y = z, z x}

which we can break to two sets: equality edge : E= ={x = y, y = z}, disequality edge :

E = {z x} The Equality Graph GE(E) = (V,E=,E) (a.k.a “E-

graph”)x

y

z


Basic notions 1

E: (x = y ∧ y = z)∧ z x unsatisfiable2

E: (x = y ∧ y = z)∨ z x satisfiable

The graph GE(E) represents an abstraction of E

It ignores the Boolean structure of E

x

y

z


Basic notions

Dfn: a path made of E= edges is an Equality

Path.we write x =*z.

Dfn: a path made of E= edges + exactly one edge from E is a Disequality Path. We write x *y.

x

y

z


Basic notions

Dfn. A cycle with one disequality edge is a Contradictory Cycle.

In a Contradictory Cycle, for every two nodes x, y it holds that x =* y and x * y.

x

y

z


Basic notions

Dfn: A subgraph is called satisfiable iff the conjunction of the predicates represented by its edges is satisfiable.

Thm: A subgraph is unsatisfiable iff it contains a Contradictory cycle

x

y

z


Simplifications

Let S be the set of edges that are not part of any Contradictory Cycle

Thm: replacing all solid edges in S with False, and all dashed edges in S with True, preserves satisfiability


Simplification: example

x1

x2

x3

x4

(x1 = x2 ∨ x1 = x4) ∧(x1 x3 ∨ x2 = x3)

(x1 = x2 ∨ True) ∧(x1 x3 ∨ x2 = x3)

(¬False ∨ True) = True Satisfiable!

True

True

False


Decision procedures for Equality logic and UFs From hereon we are going to look at algorithms which

transform Equality logic into propositional logic and use decision procedure for propositional logic.

Algorithm I – From Equality to Propositional Logic Adding transitivity constraints Making the graph chordal

Algorithm II – Range-Allocation What is the small-model property? Finding a small adequate range (domain) to each variable Reducing to Propositional Logic


We will first investigate methods that solve Equality Logic. Uninterpreted functions are eliminated with one of the reduction schemes.

Our starting point: the E-Graph GE(E)

Recall that GE(E) represents an abstraction of E.It represents ALL equality formulas with the same set of equality predicates as E.

Decision Procedures for Equality Logic


From Equality to Propositional LogicBryant & Velev 2000: the Sparse method

E : x1 = x2 ∧ x2 = x3 ∧ x1 x3

enc : e1 ∧ e2 ∧ ¬e3

Encode all edges with Boolean variables (note: for now, ignore polarity) This is an abstraction Transitivity of equality is lost! Must add transitivity constraints!

e 3

e2

e1


From Equality to Propositional Logic E : x1 = x2 ∧ x2 = x3 ∧ x1 x3

enc : e1 ∧ e2 ∧ ¬e3

For each cycle add a transitivity constraint trans = (e1 ∧ e2 ⇒ e3) ∧

(e1 ∧ e3 ⇒ e2) ∧ (e3 ∧ e2 ⇒ e1)

Check: enc ∧ trans

e 3

e2

e1


From Equality to Propositional Logic

e1

e2

e3

e4

e5

T

TF

T

F

T

There can be an exponential number of cycles, so let’s try to make it better.

Dfn: A chord of a cycle is an edge connecting two non-adjacent nodes of the cycle. If a cycle has no chords in a given graph, it is called a chord-free cycle.

Thm [Bryant & Velev]: It is sufficient to constrain chord-free simple cycles

From Bryant’s slide


Still, there can be an exponential number of chord-free simple cycles…

Solution: make the graph ‘chordal’ by adding edges.

….





Dfn: A graph is chordal iff every cycle of size 4 or more has a chord.

How to make a graph chordal ? eliminate ver-tices one at a time, and connect their neigh-bors.




T

T

TT

FTTContradiction!

Once the graph is chordal, we can constrain only the triangles.

Note that this procedure adds no more than a polynomial # of edges, and results in a poly-nomial # of constraints.


Decision Procedures for Equality logic and UFs Algorithm I – From Equality to Propositional

Logic Adding transitivity constraints Making the graph chordal

Algorithm II – Range-Allocation Small-model property Finding a small adequate range (domain) to each

variable Reducing to Propositional Logic


The small model property We show a method for solving equality logic formulas

by relying on the Small model property. This means that if a formula in this logic is satisfiable,

then there is a finite, bounded in size, model that sat-isfies it.

In Equality Logic, we can compute this bound. Solution strategy for checking whether a given equality

formula is satisfiable, can be summarized as follows: 1. Determine, a domain allocation by mapping each variable xi

into a finite set of intergers.2. Encode each variable xi as an enumerated type over its fi-

nite domain. Construct a propositional formula representing E under this finite domain, and use either BDDs or SAT to check if this formula is satisfiable.


The small model property Claim: the range 1..n is adequate, where n is

the number of variables in Proof:

Every satisfying assignment defines a partition of the variables

Every assignment that results in the same partitioning also satisfies the formula

The range 1..n allows all partitionings Complexity

We need log n variables to encode the range 1…n For n variables we need n log n bits


Reducing state-space

Instead of giving the range [1..11], analyze connectivity:x1 x2 y1 y2 g1 g2

zu1 f1 f2 u2

x1, y1, x2, y2 :{0-1} u1, f1, f2, u2 : {0-3}g1, g2, z: {0-2}

The state-space: from 1111 to ~ 110592

2

12211

212211

212121

gzgzfufu

ggfufuffyyxx

=

=========


Reducing state-space (Cond.)Or even better:

x1 x2 y1 y2 g1 g2

zu1 f1 f2 u2

x1, y1, g1 , u1 : {0}

{0} {0-1}

x2, y2 , g2 , f1 : {0-1}u2 : {0-3} f2, z : {0-2}

The state-space: from 110592 to 576


Range minimization problem Given an Equality formula E, find in polyno-

mial time a small domain D* sufficient to pre-serve its satisfiability

In other words: find D* such that E is satisfiable under an infinite domain D →

E is satisfiable under the finite domain D*


The strategy1. Determine a range allocation R, mapping

each variable xiE into a small set of integers, such that E is satisfiable iff it is satisfiable over some R-interpretation.

2. Encode each variable xi as an enumerated type over R(xi), and use a standard satisfiabil-ity checker as a decision procedure.


What range is adequate ? Recall that a subgraph of an E-Graph GE(E) is

unsatisfiable iff it contains a contradictory cy-cle.

Dfn: A Range Allocation R is adequate for GE(E) if every satisfiable subgraph can be sat-isfied under R.

Now we need an algorithm to find adequate ranges


Example Building the E-graph

x1 x2 y1 y2 g1 g2

zu1 f1 f2 u2

)}(),(),(),(),({ 221 212121 zgfufuyyxx

)}(),(),(),(),{( 121121 212 zgfufuggff =====

E :E= :

Note: 1. Inconsistent subsets appear as contradictory cycles2. Some of the vertices are mixed


The range allocation algorithm

A. Remove all solid edges not belonging to con-tradictory cycles.

B. Add a single unique value to singleton ver-tices, and remove them from the graph.

x1 x2 y1 y2 g1 g2

zu1 f1 f2 u2

{0} {1} {3}{2}

Step I - pre-processing:


The range allocation algorithmStep 2 – Set construction:

A. For each mixed vertex xi: 1. Add a unique value ui to R(xi) 2. Broadcast ui on G=

3. Remove xi and its adjacent edges from the graph B. Add a unique value to each remaining G=

componentg1 g2

z

{4}{4}

{4}

g1

z

{4, }

{4, }

g1 g2

z

{4}

{4, }

{4, }

A. B.

5

5

5

5



u1 f1 f2 u2

{6} {6} {6} {6}

f1 f2 u2

{6,7}{6,7}{6,7}

u2{6,7, }

u1 f1 f2 u2

{6} {6,7}

1.

2.

3. f1

{6,7, }

{6,7, } {6,7, }

8

8

9

9



The state-space is reduced to 72.

1111 721..n better connectiv-

ity 576110592connectivity range allocation

algo.


Conclusion Decision procedure for the equality logic with

UFs, which uses syntactic case splitting method, is inefficient if the formula has many disjunctions.

There are two algorithms which transform the original equality logic formula into the corre-sponding propositional logic formula and then check satisfiability using BDDs or SAT solver.


Linear Arithmetic

Daniel Kroening and Ofer StrichmanDecision Procedure


Linear Arithmetic

Feasible region

Linear program consists of the ob-jective function and the constraints.

We are interested in the decision problem rather than the optimiza-tion problem.


Simplex algorithm The simplex algorithm is developed by Danzig in 1947 but it

still efficiently used. The simplex algorithm can decide satisfiability of a conjunc-

tion of linear inequalities. The set of constraints is normally accompanied by a linear

objective functions in terms of the variables of the formula. If the set of constraints is satisfiable, the simplex algorithm

provides a satisfying assignment that maximizes the value of the objective function.

As we are concerned with the decision problem rather than the optimization problem, we are going to cover a variant of the simplex algo. called general simplex that does not re-quire an objective function.


General simplex algorithm The general simplex algorithm accepts two types

of constraints as input:1. Equalities of the form

2. Lower and upper bounds on the variables:

where li and ui are constants representing the lower and upper bounds on xi, respectively.

We call this representation of input formula as general form.

0...11 = nnxaxa

iii uxl


General simplex algorithm We can transform an linear constraint L F R with F2

{=, ·, ¸} into the general form as follows: Let m be the number of constraints. For the i-th con-

straints, 1· i · m 1. Move all addends in R to the left-hand side to obtain L’ F b,

where b is a constant.2. Introduce a new variable si. Add the constraints F b

The original and the transformed conjunctions of constraints are obviously equisatisfiable.

L0¡ si = 0 and si


Example

The new variables s1, … , sm are called the additional vari-ables.

The variables x1, … , xn in the original constraints are called problem variables.


General simplex algorithm It is common and convenient to view linear con-

straints satisfaction problem as geometrical prob-lems.

The shaded region rep-resents satisfiable area.

The red circled points il-lustrate the progress that the simplex algo-rithm makes.


General simplex algorithm The general form of the constraints can be repre-

sented as follows:

A : m by (n+m) metrics x : 1 by (n+m)metrics (x1, … , xn, s1,… , sm)


General simplex algorithm The tableau is simply a different representation of

A. Additional variables such as s1, … , sm are also called

the basic variable and denoted by B. Problem variables such as x1, … , xn are also called the

nonbasic variable and denoted by N. Tableau is written into

Example


General simplex algorithm


General simplex algorithm The algorithm initializes its data structure as

follows: The set of basic variables B is the set of additional

variables. The set of nonbasic variables N is the set of prob-

lem variables. For any xi with i 2 {1, … , n+m}, ®(xi) = 0.

Pivot operation Swaps xi with xj (xi is from the column of the

tableau and xj is from the row of the tableau). The process of the pivot operation is explained in

the following example.


Example

We initialize ®(xi) = 0. The lower bound of s1 is 2 and it is violated.

Since the variable x has a positive coefficient, it is suitable for the pivot operation.

We need to increase s1 by 2 in order to meet the lower bound, which means that x has to increase by 2 as well.


Example The first step of the pivot operation is to solve the row of s1

for x:

This equality is now used to replace x in the other two rows:

Written as a tableau, the result of the pivot operation is:


Example

The lower bound of s3 is violated. The only suitable variable for pivoting is y.

This equality is now used to replace y in the other two rows:

The final tableau is: This assignment ® satisfies the bounds, and thus {x 1, y 1} is a satisfying as-signment.

3113

31

313 ssyyss ==

31212

311

3231

32

sssyss

ssxysx

==

==


Integer Linear Programming Problem formulation

max cxAx · bx ¸ 0 and integer

Where A is an m £ n coefficients matrixc is an n-dimensional row vectorb is an m - dimensional column vectorx is an n - dimensional column vector of variables.


Feasibility of a linear system The decision problem associated with ILP is

NP-hard. But once again, we are not actually interested

in ILP: we do not have an objective function. All we want to know is whether a given sys-

tem is satisfiable.Ax · b

x ¸ 0 and integer

Still, NP-hard…


How different can it be from LP ? The LP problem can be feasible, whereas its

ILP version is not.

x1

x2

Feasible region


From hereon we will assume that all variables are finite.

Enumerate all solutions with a tree

Guaranteed to find a feasible solution if it ex-ists

But, exponential growth in the size of the tree / computation time

A naïve solution strategy

x1=0

x2=0 x2=2x2=1

x1=1 x1=2

x2=0 x2=2x2=1x2=0 x2=2x2=1


A family of algorithms: Branch & Bound Probably the most popular method for solving

Integer Linear Programming (ILP) problems (First presented in 1960) is B & B.

It is the optimization problem. However, we are interested in deciding feasi-

bility of a linear system.


Branch and Bound The main idea:

Solve the ‘relaxed’ problem, i.e. no integrality con-straints.

If the relaxed problem is infeasible – backtrack (there is no integer solution in this branch)

If the solution is integral – terminate (‘feasible’). Otherwise split on a variable for which the as-

signment is non-integral, and repeat for each case.

More details to come…


Splitting on non-integral LP solutions.

x1

x2

x1

x2

x2≤1

Solve LP relaxation to get fractional solutions Create two sub-branches by adding constraints

x2≥2

Feasible real solution


Example Suppose our system A has variables x1… x4,

and that the LP solver returned a solution (1, 0.7, 2.5, 3).

Choose one of x2, x3. Suppose we choose x2. Solve two new problems:

A1 = A [ {x2 · 0} A2 = A [ {x2 ¸ 1}

Clearly A1 or A2 are satisfiable iff A is.


x2≤2

Splitting on non-integral LP solutions.

x1

x2

x1

x2

Sub-branches can be pruned if it has no integral so-lution.

x2≥3

Feasible real solution This branch is not feasible


The branch and bound treeA

A2 A1

A12 A11

(1,0 .7,2.5,3)

(1,-1.5,1.5,4.1)

x2 · 0 x2 ¸ 1

x3 ¸ 1

(1,3,0.5,2)

(1,3,0.5,2)

x3 · 0

(1,3,4,1)x

Sub trees can be pruned away before reaching a leaf…

Each leaf is a feasible solution.

Pruned due to infeasibility


Conclusion General simplex algorithm can check satisfia-

bility of LP constraints.

ILP is NP-hard but Branch and bound algorithm works efficiently in practice.

decision procedures for equality logic and uninterpreted functions

Documents