Array Property Fragment
|
|
- Spencer Woods
- 7 years ago
- Views:
Transcription
1 Array Property Fragment Max-Ferdinand Gerhard Suffel Saarland University 25th January 2013 Decision Procedures MPI-SWS 1 / 29
2 Application in Deductive Verification 2 / 29
3 Application in Deductive Verification Problem Decide whether a given programm is correct and always terminates. 2 / 29
4 Application in Deductive Verification Problem Decide whether a given programm is correct and always terminates. Approach Use SMT-Solver to proof automatically assertions along basic paths. 2 / 29
5 Application in Deductive Verification Problem Decide whether a given programm is correct and always terminates. Approach Use SMT-Solver to proof automatically assertions along basic paths. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { if(arr [i] >= max ) { max = arr [i]; } } return max ; } 2 / 29
6 Application in Deductive Verification Problem Decide whether a given programm is correct and always terminates. Approach Use SMT-Solver to proof automatically assertions along basic paths. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { } if(arr [i] >= max ) { max = arr [i]; } } return max ; Required Theories T Z T E T A 2 / 29
7 Application in Deductive Verification Problem Decide whether a given programm is correct and always terminates. Approach Use SMT-Solver to proof automatically assertions along basic paths. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { } if(arr [i] >= max ) { max = arr [i]; } } return max ; Required Theories T Z T E T A Now, Theory of Arrays T A and more... 2 / 29
8 Theory of Arrays T A John McCarthy, 1962 Signature Σ A : { [ ],, =} 3 / 29
9 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. 3 / 29
10 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. 3 / 29
11 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. 3 / 29
12 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. Here, a[i] and a i v are functions, and = is a predicate! 3 / 29
13 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. Here, a[i] and a i v are functions, and = is a predicate! Axioms of T A : (reflexivity), (symmetry), and (transitivity) of T E. 3 / 29
14 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. Here, a[i] and a i v are functions, and = is a predicate! Axioms of T A : (reflexivity), (symmetry), and (transitivity) of T E. a, i, j. i = j a[i] = a[j] (array congruence) 3 / 29
15 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. Here, a[i] and a i v are functions, and = is a predicate! Axioms of T A : (reflexivity), (symmetry), and (transitivity) of T E. a, i, j. i = j a[i] = a[j] (array congruence) a, i, j. i = j a i v [j] = v (read-over-write 1) 3 / 29
16 Theory of Arrays T A John McCarthy, 1962 where Signature Σ A : { [ ],, =} a[i] represents the value of array a at position i. a i v represents the modified array a with value v at position i. and = represents equality of array elements not whole arrays. Here, a[i] and a i v are functions, and = is a predicate! Axioms of T A : (reflexivity), (symmetry), and (transitivity) of T E. a, i, j. i = j a[i] = a[j] (array congruence) a, i, j. i = j a i v [j] = v (read-over-write 1) a, i, j. i j a i v [j] = a[j] (read-over-write 2) 3 / 29
17 Can we decide T A -validity? 4 / 29
18 Can we decide T A -validity? Theorem (Undecidability) T A -validity of a general Σ A -formula is undecidable. 4 / 29
19 Can we decide T A -validity? Theorem (Undecidability) T A -validity of a general Σ A -formula is undecidable. Reason: Arrays are similar to uninterpreted functions with modifications. 4 / 29
20 Can we decide T A -validity? Theorem (Undecidability) T A -validity of a general Σ A -formula is undecidable. Reason: Arrays are similar to uninterpreted functions with modifications. Encode arbitrary formula of FOL in T A by viewing functions as multi-dimensional arrays. 4 / 29
21 Can we decide T A -validity? Theorem (Undecidability) T A -validity of a general Σ A -formula is undecidable. Reason: Arrays are similar to uninterpreted functions with modifications. Encode arbitrary formula of FOL in T A by viewing functions as multi-dimensional arrays. FOL is in general undecidable. 4 / 29
22 Can we decide T A -validity? Theorem (Undecidability) T A -validity of a general Σ A -formula is undecidable. Reason: Arrays are similar to uninterpreted functions with modifications. Encode arbitrary formula of FOL in T A by viewing functions as multi-dimensional arrays. FOL is in general undecidable. Theorem (Decidability) T A -satisfiability of a quantifier-free Σ A -formula is decidable. 4 / 29
23 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. 5 / 29
24 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. 5 / 29
25 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. Idea Reduce to T E -satisfiability via application of (read-over-write) axioms. 5 / 29
26 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. Idea Reduce to T E -satisfiability via application of (read-over-write) axioms. If F does not contain any write terms, then view read terms as uninterpreted function terms. 5 / 29
27 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. Idea Reduce to T E -satisfiability via application of (read-over-write) axioms. If F does not contain any write terms, then view read terms as uninterpreted function terms. Otherwise, any write term must occur in the context of a read since arrays themselves cannot be asserted to be equal or not equal. 5 / 29
28 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. Idea Reduce to T E -satisfiability via application of (read-over-write) axioms. If F does not contain any write terms, then view read terms as uninterpreted function terms. Otherwise, any write term must occur in the context of a read since arrays themselves cannot be asserted to be equal or not equal. Apply (read-over-write) axioms to deconstruct the read-over-writes. 5 / 29
29 Quantifier-free fragment of T A Given quantifier-free conjunctive Σ A -formula F. Problem Decide whether F is T A -satisfiable or not. Idea Reduce to T E -satisfiability via application of (read-over-write) axioms. If F does not contain any write terms, then view read terms as uninterpreted function terms. Otherwise, any write term must occur in the context of a read since arrays themselves cannot be asserted to be equal or not equal. Apply (read-over-write) axioms to deconstruct the read-over-writes. T E -satisfiability on quantifier-free fragment of T E is decidable. 5 / 29
30 Decision Procedure for QFF of T A 6 / 29
31 Decision Procedure for QFF of T A Step 1 For every read-over-write term a i v [j] in F, replace F with: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Repeat until there are no more read-over-write terms. 6 / 29
32 Decision Procedure for QFF of T A Step 1 For every read-over-write term a i v [j] in F, replace F with: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Repeat until there are no more read-over-write terms. Step 2 Associate each array variable a with a fresh function symbol f a. Replace read terms a[i] with f a (i). 6 / 29
33 Decision Procedure for QFF of T A Step 1 For every read-over-write term a i v [j] in F, replace F with: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Repeat until there are no more read-over-write terms. Step 2 Associate each array variable a with a fresh function symbol f a. Replace read terms a[i] with f a (i). Step 3 Decide and return the T E -satisfiability of the resulting formula. (Apply Congruence-closure algorithm on each produced disjunct.) 6 / 29
34 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] 7 / 29
35 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] Step 1 7 / 29
36 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] Step 1 F contains a read-over-write term: a i 1 v 1 i 2 v 2 [j] 7 / 29
37 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] Step 1 F contains a read-over-write term: a i 1 v 1 i 2 v 2 [j] Rewrite it to F 1 F 2 : F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 2 : i 2 j i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 [j] a[j]. 7 / 29
38 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] Step 1 F contains a read-over-write term: a i 1 v 1 i 2 v 2 [j] Rewrite it to F 1 F 2 : F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 2 : i 2 j i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 [j] a[j]. F 2 contains a read-over-write term: a i 1 v 1 [j] 7 / 29
39 Decision Procedure for QFF of T A Example Is this Σ A -formula T A -satisfiable? F : i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 i 2 v 2 [j] a[j] Step 1 F contains a read-over-write term: a i 1 v 1 i 2 v 2 [j] Rewrite it to F 1 F 2 : F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 2 : i 2 j i 1 = j i 1 i 2 a[j] = v 1 a i 1 v 1 [j] a[j]. F 2 contains a read-over-write term: a i 1 v 1 [j] Rewrite it to F 3 F 4 : F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. 7 / 29
40 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 8 / 29
41 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). 8 / 29
42 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). Step 3 8 / 29
43 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). Step 3 F 1 is T E -unsatisfiable since i 2 = j i 1 = j i 1 = i 2 but i 1 i 2. 8 / 29
44 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). Step 3 F 1 is T E -unsatisfiable since i 2 = j i 1 = j i 1 = i 2 but i 1 i 2. F 3 is T E -unsatisfiable since f a (j) = v 1 v 1 f a (j) are contradictory. 8 / 29
45 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). Step 3 F 1 is T E -unsatisfiable since i 2 = j i 1 = j i 1 = i 2 but i 1 i 2. F 3 is T E -unsatisfiable since f a (j) = v 1 v 1 f a (j) are contradictory. F 4 is T E -unsatisfiable since f a (j) f a (j) is contradictory. 8 / 29
46 Decision Procedure for QFF of T A Example (cont ) F 1 : i 2 = j i 1 = j i 1 i 2 a[j] = v 1 v 2 a[j], F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 a[j] = v 1 v 1 a[j], F 4 : i 1 j i 2 j i 1 = j i 1 i 2 a[j] = v 1 a[j] a[j]. Step 2 F 1, F 3, F 4 do not contain any write terms, so replace read terms: F 1 : i 2 = j i 1 = j i 1 i 2 f a (j) = v 1 v 2 f a (j), F 3 : i 1 = j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 v 1 f a (j), F 4 : i 1 j i 2 j i 1 = j i 1 i 2 f a (j) = v 1 f a (j) f a (j). Step 3 F 1 is T E -unsatisfiable since i 2 = j i 1 = j i 1 = i 2 but i 1 i 2. F 3 is T E -unsatisfiable since f a (j) = v 1 v 1 f a (j) are contradictory. F 4 is T E -unsatisfiable since f a (j) f a (j) is contradictory. Hence, F is T A -unsatisfiable! 8 / 29
47 Decision Procedure for QFF of T A Actually, the algorithm suffers from an exponential blowup in Step 1: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom 9 / 29
48 Decision Procedure for QFF of T A Actually, the algorithm suffers from an exponential blowup in Step 1: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Idea Avoid it by introducing a fresh variable x aijv : F {a i v [j] x aijv } ((i = j x aijv = v) (i j x aijv = a[j])) 9 / 29
49 Decision Procedure for QFF of T A Actually, the algorithm suffers from an exponential blowup in Step 1: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Idea Avoid it by introducing a fresh variable x aijv : F {a i v [j] x aijv } ((i = j x aijv = v) (i j x aijv = a[j])) But, this is not in the quantifier-free conjunctive fragment of T E. 9 / 29
50 Decision Procedure for QFF of T A Actually, the algorithm suffers from an exponential blowup in Step 1: (i = j F {a i v [j] v}) (i j F {a i v [j] a[j]}) }{{}}{{} (read-over-write 1) axiom (read-over-write 2) axiom Idea Avoid it by introducing a fresh variable x aijv : F {a i v [j] x aijv } ((i = j x aijv = v) (i j x aijv = a[j])) But, this is not in the quantifier-free conjunctive fragment of T E. Theorem (Complexity) T A -satisfiability of a quantifier-free conjunctive Σ A -formula is NP-complete. 9 / 29
51 Is this fragment of T A expressive enough? 10 / 29
52 Is this fragment of T A expressive enough? Is F T A -valid? F : a[i] = e a i e = a 10 / 29
53 Is this fragment of T A expressive enough? F : a[i] = e a i e = a Is F T A -valid? No, since equality between arrays is undefined! 10 / 29
54 Is this fragment of T A expressive enough? F : a[i] = e a i e = a Is F T A -valid? No, since equality between arrays is undefined! F : a[i] = e j. a i e [j] = a[j] Is F T A -valid? 10 / 29
55 Is this fragment of T A expressive enough? F : a[i] = e a i e = a Is F T A -valid? No, since equality between arrays is undefined! F : a[i] = e j. a i e [j] = a[j] Is F T A -valid? Yes, but F is not a quantifier-free Σ A -formula! 10 / 29
56 Is this fragment of T A expressive enough? F : a[i] = e a i e = a Is F T A -valid? No, since equality between arrays is undefined! F : a[i] = e j. a i e [j] = a[j] Is F T A -valid? Yes, but F is not a quantifier-free Σ A -formula! Extensional Theory of Arrays T A = (Levitt et al. 2001) Define equality between arrays as a further axiom for T A : a, b. ( i. a[i] = b[i]) a = b (extensionality) 10 / 29
57 Is this fragment of T A expressive enough? F : a[i] = e a i e = a Is F T A -valid? No, since equality between arrays is undefined! F : a[i] = e j. a i e [j] = a[j] Is F T A -valid? Yes, but F is not a quantifier-free Σ A -formula! Extensional Theory of Arrays T A = (Levitt et al. 2001) Define equality between arrays as a further axiom for T A : a, b. ( i. a[i] = b[i]) a = b Theorem (Decidability) (extensionality) T A = -satisfiability of a quantifier-free Σ= A -formula is decidable. 10 / 29
58 Array Property Fragment of T A Aaron R. Bradley and Zohar Manna, / 29
59 Array Property Fragment of T A Aaron R. Bradley and Zohar Manna, 2007 An array property is a Σ A -formula with a list of variables i: i. F [i] G[i] 11 / 29
60 Array Property Fragment of T A Aaron R. Bradley and Zohar Manna, 2007 An array property is a Σ A -formula with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom var iguard iguard iguard iguard atom var = var evar var var evar evar uvar where uvar i, and evar is any constant or unquantified variable. 11 / 29
61 Array Property Fragment of T A Aaron R. Bradley and Zohar Manna, 2007 An array property is a Σ A -formula with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom var iguard iguard iguard iguard atom var = var evar var var evar evar uvar where uvar i, and evar is any constant or unquantified variable. value constraint G[i]: Each i i occurs only in a read a[i] where a is an array term. Nested reads are not allowed: a[b[i]] 11 / 29
62 Array Property Fragment of T A Aaron R. Bradley and Zohar Manna, 2007 An array property is a Σ A -formula with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom var iguard iguard iguard iguard atom var = var evar var var evar evar uvar where uvar i, and evar is any constant or unquantified variable. value constraint G[i]: Each i i occurs only in a read a[i] where a is an array term. Nested reads are not allowed: a[b[i]] Array Property Fragment of T A : Boolean combination of quantifier-free Σ A -formulas and array properties. 11 / 29
63 Array Property Fragment of T A Examples 12 / 29
64 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. 12 / 29
65 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. 12 / 29
66 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. i. i }{{} = i a k v [i] = b[i]. 12 / 29
67 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. i. i }{{} = i a k v [i] = b[i]. Illegal: i. i a[k] a[i] = a[k]. 12 / 29
68 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. i. i }{{} = i a k v [i] = b[i]. Illegal: i. i a[k] a[i] = a[k]. Rewrite as: v = a[k] i. i v a[i] = a[k]. 12 / 29
69 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. i. i }{{} = i a k v [i] = b[i]. Illegal: i. i a[k] a[i] = a[k]. Rewrite as: v = a[k] i. i v a[i] = a[k]. i. i a[i] a[i] = a[k]. 12 / 29
70 Array Property Fragment of T A Examples Legal: i. i j a j v [i] = w. i. i c a[i] = v with constant c. i. i }{{} = i a k v [i] = b[i]. Illegal: i. i a[k] a[i] = a[k]. Rewrite as: v = a[k] i. i v a[i] = a[k]. i. i a[i] a[i] = a[k]. i, j. i j a[i] = a[j]. 12 / 29
71 Array Property Fragment of T A and Extensionality 13 / 29
72 Array Property Fragment of T A and Extensionality Remark (Extensionality): Two arrays are equal precisely when their corresponding elements are equal. 13 / 29
73 Array Property Fragment of T A and Extensionality Remark (Extensionality): Two arrays are equal precisely when their corresponding elements are equal. For given formula: F : a = b with array terms a and b, rewrite F as: F : ( i. a[i] = b[i]) }{{} Array property F and F are equisatisfiable and F is in array property fragment of T A! 13 / 29
74 Array Property Fragment of T A and Extensionality Remark (Extensionality): Two arrays are equal precisely when their corresponding elements are equal. For given formula: F : a = b with array terms a and b, rewrite F as: F : ( i. a[i] = b[i]) }{{} Array property F and F are equisatisfiable and F is in array property fragment of T A! The array property fragment of T A incorporates T = A. 13 / 29
75 Array Property Fragment of T A Given Σ A -formula F of the array property fragment of T A. 14 / 29
76 Array Property Fragment of T A Given Σ A -formula F of the array property fragment of T A. Problem Decide whether F is T A -satisfiable or not. 14 / 29
77 Array Property Fragment of T A Given Σ A -formula F of the array property fragment of T A. Problem Decide whether F is T A -satisfiable or not. Idea Use quantifier instantiation, which is similar to quantifier elimination. 14 / 29
78 Array Property Fragment of T A Given Σ A -formula F of the array property fragment of T A. Problem Decide whether F is T A -satisfiable or not. Idea Use quantifier instantiation, which is similar to quantifier elimination. Replace universal quantification: by finite conjunction: i.f [i] F [t 1 ] F [t n ] We call t 1,..., t n the index terms which depend on the formula F. 14 / 29
79 Array Property Fragment of T A Given Σ A -formula F of the array property fragment of T A. Problem Decide whether F is T A -satisfiable or not. Idea Use quantifier instantiation, which is similar to quantifier elimination. Replace universal quantification: by finite conjunction: i.f [i] F [t 1 ] F [t n ] We call t 1,..., t n the index terms which depend on the formula F. Find index terms s.t. examination is sufficient to decide satisfiability. 14 / 29
80 Decision Procedure for Array Property Fragment of T A 15 / 29
81 Decision Procedure for Array Property Fragment of T A Step 1 Put F in NNF. 15 / 29
82 Decision Procedure for Array Property Fragment of T A Step 1 Put F in NNF. Step 2 Apply the following rule exhaustively to remove writes: F [a i v ] F [a ] a [i] = v ( j. j i a[j] = a [j]) for fresh a After each application, the formula contains at least one write term fewer. 15 / 29
83 Decision Procedure for Array Property Fragment of T A Step 1 Put F in NNF. Step 2 Apply the following rule exhaustively to remove writes: F [a i v ] F [a ] a [i] = v ( j. j i a[j] = a [j]) for fresh a After each application, the formula contains at least one write term fewer. Step 3 Apply the following rule exhaustively to remove existential quantification: F [ i. G[i]] F [G[j]] for fresh j Existential quantification can arise during Step 1 if the given formula has a negated array property. 15 / 29
84 Decision Procedure for Array Property Fragment of T A Step 4 From the output F 3 of Step 3, construct the index set I: I {λ} := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an evar in the parsing of index guards} 16 / 29
85 Decision Procedure for Array Property Fragment of T A Step 4 From the output F 3 of Step 3, construct the index set I: I {λ} := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an evar in the parsing of index guards} The finite index set I contains: All terms t that occur in some read a[t] anywhere in F (unless it is a universally quantified variable). 16 / 29
86 Decision Procedure for Array Property Fragment of T A Step 4 From the output F 3 of Step 3, construct the index set I: I {λ} := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an evar in the parsing of index guards} The finite index set I contains: All terms t that occur in some read a[t] anywhere in F (unless it is a universally quantified variable). All terms t (constant or unquantified variable) that are compared to a universally quantified variable in some index guard. 16 / 29
87 Decision Procedure for Array Property Fragment of T A Step 4 From the output F 3 of Step 3, construct the index set I: I {λ} := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an evar in the parsing of index guards} The finite index set I contains: All terms t that occur in some read a[t] anywhere in F (unless it is a universally quantified variable). All terms t (constant or unquantified variable) that are compared to a universally quantified variable in some index guard. λ is a fresh constant that represents all other index positions that are not explicitly in I. 16 / 29
88 Decision Procedure for Array Property Fragment of T A Step 5 Apply the following rule exhaustively to remove universal quantification: H[ i. F [i] G[i]] [ ] H (F [i] G[i]) i I n where n is the number of quantified variables i. 17 / 29
89 Decision Procedure for Array Property Fragment of T A Step 5 Apply the following rule exhaustively to remove universal quantification: H[ i. F [i] G[i]] [ ] H (F [i] G[i]) i I n where n is the number of quantified variables i. Step 6 From the output F 5 of Step 5, construct: F 6 : F 5 i I\{λ} λ i The new conjuncts assert that the variable λ of Step 4 is indeed unique. 17 / 29
90 Decision Procedure for Array Property Fragment of T A Step 5 Apply the following rule exhaustively to remove universal quantification: H[ i. F [i] G[i]] [ ] H (F [i] G[i]) i I n where n is the number of quantified variables i. Step 6 From the output F 5 of Step 5, construct: F 6 : F 5 i I\{λ} λ i The new conjuncts assert that the variable λ of Step 4 is indeed unique. Step 7 Decide the T A -satisfiability of F 6 using the decision procedure for the quantifier-free fragment of T A. 17 / 29
91 Decision Procedure for Array Property Fragment of T A Example Is this Σ A -formula T A -valid? F := ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i]) 18 / 29
92 Decision Procedure for Array Property Fragment of T A Example Is this Σ A -formula T A -valid? F := ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i]) Hence, check T A -satisfiability of: (( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i])) 18 / 29
93 Decision Procedure for Array Property Fragment of T A Example Is this Σ A -formula T A -valid? F := ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i]) Hence, check T A -satisfiability of: (( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i])) Step 1: NNF F 1 : ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] b[i]) 18 / 29
94 Decision Procedure for Array Property Fragment of T A Example Is this Σ A -formula T A -valid? F := ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i]) Hence, check T A -satisfiability of: (( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i])) Step 1: NNF F 1 : ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] b[i]) Step 2: Remove writes F 2 : ( i. i k a[i] = b[i]) b[k] = v ( i. a [i] b[i]) a [k] = v ( i. i k a [i] = a[i]) 18 / 29
95 Decision Procedure for Array Property Fragment of T A Example Is this Σ A -formula T A -valid? F := ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i]) Hence, check T A -satisfiability of: (( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] = b[i])) Step 1: NNF F 1 : ( i. i k a[i] = b[i]) b[k] = v ( i. a k v [i] b[i]) Step 2: Remove writes F 2 : ( i. i k a[i] = b[i]) b[k] = v ( i. a [i] b[i]) a [k] = v ( i. i k a [i] = a[i]) Step 3: Remove existential quantifiers F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) 18 / 29
96 Decision Procedure for Array Property Fragment of T A Example (cont ) F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) Step 4: Compute index set I := {λ, k, j} 19 / 29
97 Decision Procedure for Array Property Fragment of T A Example (cont ) F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) Step 4: Compute index set I := {λ, k, j} Step 5+6: Remove universal quantifiers F 6 : (λ k a[λ] = b[λ]) (k k a[k] = b[k]) (j k a[j] = b[j]) b[k] = v a [j] b[j] a [k] = v (λ k a [λ] = a[λ]) (k k a [k] = a[k]) (j k a [j] = a[j]) λ k λ j 19 / 29
98 Decision Procedure for Array Property Fragment of T A Example (cont ) F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) Step 4: Compute index set I := {λ, k, j} Step 5+6: Remove universal quantifiers F 6 : (λ k a[λ] = b[λ]) (k k a[k] = b[k]) (j k a[j] = b[j]) b[k] = v a [j] b[j] a [k] = v (λ k a [λ] = a[λ]) (k k a [k] = a[k]) (j k a [j] = a[j]) λ k λ j Step 7: Case distinction on j = k reveals: j = k: a [j] = v and b[j] = v but a [j] b[j], thus contraction. 19 / 29
99 Decision Procedure for Array Property Fragment of T A Example (cont ) F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) Step 4: Compute index set I := {λ, k, j} Step 5+6: Remove universal quantifiers F 6 : (λ k a[λ] = b[λ]) (k k a[k] = b[k]) (j k a[j] = b[j]) b[k] = v a [j] b[j] a [k] = v (λ k a [λ] = a[λ]) (k k a [k] = a[k]) (j k a [j] = a[j]) λ k λ j Step 7: Case distinction on j = k reveals: j = k: a [j] = v and b[j] = v but a [j] b[j], thus contraction. j k: b[j] = a[j] and a [j] = a[j] but b[j] a [j], thus contraction. 19 / 29
100 Decision Procedure for Array Property Fragment of T A Example (cont ) F 3 : ( i. i k a[i] = b[i]) b[k] = v a [j] b[j] a [k] = v ( i. i k a [i] = a[i]) Step 4: Compute index set I := {λ, k, j} Step 5+6: Remove universal quantifiers F 6 : (λ k a[λ] = b[λ]) (k k a[k] = b[k]) (j k a[j] = b[j]) b[k] = v a [j] b[j] a [k] = v (λ k a [λ] = a[λ]) (k k a [k] = a[k]) (j k a [j] = a[j]) λ k λ j Step 7: Case distinction on j = k reveals: j = k: a [j] = v and b[j] = v but a [j] b[j], thus contraction. j k: b[j] = a[j] and a [j] = a[j] but b[j] a [j], thus contraction. Hence, F is T A -valid! 19 / 29
101 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. 20 / 29
102 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. 20 / 29
103 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. Assume I = F 6 and index set I. Construct J such that J = F : 20 / 29
104 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. Assume I = F 6 and index set I. Construct J such that J = F : If α I [i] = v i for i I and α I [λ] = v λ then 20 / 29
105 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. Assume I = F 6 and index set I. Construct J such that J = F : If α I [i] = v i for i I and α I [λ] = v λ then proj I (t) = { i if αi [t] = v i for some i I λ otherwise 20 / 29
106 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. Assume I = F 6 and index set I. Construct J such that J = F : If α I [i] = v i for i I and α I [λ] = v λ then proj I (t) = { i if αi [t] = v i for some i I λ otherwise Extend proj I to vectors of variables. 20 / 29
107 Decision Procedure for Array Property Fragment of T A Theorem (Sound & Complete) Let F be a Σ A -formula of the array property fragment of T A. The output of F 6 by the algorithm is T A -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Step 6 does not affect the satisfiability of F 6, as λ is a fresh constant. Assume I = F 6 and index set I. Construct J such that J = F : If α I [i] = v i for i I and α I [λ] = v λ then proj I (t) = { i if αi [t] = v i for some i I λ otherwise Extend proj I to vectors of variables. Define J like I except for arrays, i.e., a[i] = a[proj I (i)]. 20 / 29
108 Decision Procedure for Array Property Fragment of T A This even works, when we extend T A with an arbitrary theory T with signature Σ for the array elements! 21 / 29
109 Decision Procedure for Array Property Fragment of T A This even works, when we extend T A with an arbitrary theory T with signature Σ for the array elements! Theorem (Sound & Complete) Let F be a (Σ A Σ)-formula of the array property fragment of (T A T ). The output of F 6 by the algorithm is (T A T )-equisatisfiable to F. 21 / 29
110 Decision Procedure for Array Property Fragment of T A This even works, when we extend T A with an arbitrary theory T with signature Σ for the array elements! Theorem (Sound & Complete) Let F be a (Σ A Σ)-formula of the array property fragment of (T A T ). The output of F 6 by the algorithm is (T A T )-equisatisfiable to F. Theorem (Complexity) Suppose T -satisfiability is in NP. For sub-fragments of the array property fragment of (T A T ) in which formula have bounded-size blocks of quantifiers, (T A T )-satisfiability is NP-complete. 21 / 29
111 Is this fragment of T A expressive enough? 22 / 29
112 Is this fragment of T A expressive enough? No, we considered only arrays with uninterpreted indices but software engineers usually think of arrays as integer-indexed cells in memory! 22 / 29
113 Is this fragment of T A expressive enough? No, we considered only arrays with uninterpreted indices but software engineers usually think of arrays as integer-indexed cells in memory! Containment, the array a contains element e at some index between l and u: i. l i u a[i] = e 22 / 29
114 Is this fragment of T A expressive enough? No, we considered only arrays with uninterpreted indices but software engineers usually think of arrays as integer-indexed cells in memory! Containment, the array a contains element e at some index between l and u: i. l i u a[i] = e Sortedness, the array a is sorted between index l and index u: i, j. l i j u a[i] a[j] 22 / 29
115 Is this fragment of T A expressive enough? No, we considered only arrays with uninterpreted indices but software engineers usually think of arrays as integer-indexed cells in memory! Containment, the array a contains element e at some index between l and u: i. l i u a[i] = e Sortedness, the array a is sorted between index l and index u: i, j. l i j u a[i] a[j] Partitioning, the array elements between l 1 and u 1 are smaller than all elements between l 2 and u 2 : i, j. l 1 i u 1 l 2 j u 2 a[i] a[j] 22 / 29
116 Is this fragment of T A expressive enough? No, we considered only arrays with uninterpreted indices but software engineers usually think of arrays as integer-indexed cells in memory! Containment, the array a contains element e at some index between l and u: i. l i u a[i] = e Sortedness, the array a is sorted between index l and index u: i, j. l i j u a[i] a[j] Partitioning, the array elements between l 1 and u 1 are smaller than all elements between l 2 and u 2 : i, j. l 1 i u 1 l 2 j u 2 a[i] a[j] Theory of Integer-Indexed Arrays T Z A (Bradley, Manna, Sipma 2006) 22 / 29
117 Array Property Fragment of T Z A Now, array properties are (Σ A Σ Z )-formulas with a list of variables i: i. F [i] G[i] 23 / 29
118 Array Property Fragment of T Z A Now, array properties are (Σ A Σ Z )-formulas with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom iguard iguard iguard iguard atom expr expr expr = expr expr uvar pexpr pexpr pexpr pexpr Z Z evar pexpr + pexpr where uvar i, and evar is any existential quantified or free integer variable. 23 / 29
119 Array Property Fragment of T Z A Now, array properties are (Σ A Σ Z )-formulas with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom iguard iguard iguard iguard atom expr expr expr = expr expr uvar pexpr pexpr pexpr pexpr Z Z evar pexpr + pexpr where uvar i, and evar is any existential quantified or free integer variable. value constraint G[i]: like in the array property fragment of T A. 23 / 29
120 Array Property Fragment of T Z A Now, array properties are (Σ A Σ Z )-formulas with a list of variables i: index guard F [i]: i. F [i] G[i] iguard atom iguard iguard iguard iguard atom expr expr expr = expr expr uvar pexpr pexpr pexpr pexpr Z Z evar pexpr + pexpr where uvar i, and evar is any existential quantified or free integer variable. value constraint G[i]: like in the array property fragment of T A. Array Property Fragment of T Z A : Boolean combination of quantifier-free (Σ A Σ Z )-formulas and array properties. 23 / 29
121 Decision Procedure for Array Property Fragment of T Z A 24 / 29
122 Decision Procedure for Array Property Fragment of T Z A Step 1 Put F in NNF. 24 / 29
123 Decision Procedure for Array Property Fragment of T Z A Step 1 Put F in NNF. Step 2 Apply the following rule exhaustively to remove writes: F [a i v ] F [a ] a [i] = v ( j. j i a[j] = a [j]) for fresh a Rewrite index guard to match syntactic requierements: j.j i 1 i + 1 j a[j] = a [j] 24 / 29
124 Decision Procedure for Array Property Fragment of T Z A Step 1 Put F in NNF. Step 2 Apply the following rule exhaustively to remove writes: F [a i v ] F [a ] a [i] = v ( j. j i a[j] = a [j]) for fresh a Rewrite index guard to match syntactic requierements: j.j i 1 i + 1 j a[j] = a [j] Step 3 Apply the following rule exhaustively to remove existential quantification: F [ i. G[i]] F [G[j]] for fresh j 24 / 29
125 Decision Procedure for Array Property Fragment of T Z A Step 4 From the output F 3 of step 3, construct the index set I: I := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an pexpr in the parsing of index guards} If I =, then let I := {0}. 25 / 29
126 Decision Procedure for Array Property Fragment of T Z A Step 4 From the output F 3 of step 3, construct the index set I: I := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an pexpr in the parsing of index guards} If I =, then let I := {0}. The index set contains all relevant symbolic indices that occur in F / 29
127 Decision Procedure for Array Property Fragment of T Z A Step 4 From the output F 3 of step 3, construct the index set I: I := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an pexpr in the parsing of index guards} If I =, then let I := {0}. The index set contains all relevant symbolic indices that occur in F 3. Step 5 Apply the following rule exhaustively to remove universal quantification: H[ i. F [i] G[i]] [ ] H (F [i] G[i]) i I n where n is the number of quantified variables i. 25 / 29
128 Decision Procedure for Array Property Fragment of T Z A Step 4 From the output F 3 of step 3, construct the index set I: I := {t : [t] F 3 such that t is not a universally quantified variable} {t : t occurs as an pexpr in the parsing of index guards} If I =, then let I := {0}. The index set contains all relevant symbolic indices that occur in F 3. Step 5 Apply the following rule exhaustively to remove universal quantification: H[ i. F [i] G[i]] [ ] H (F [i] G[i]) i I n where n is the number of quantified variables i. Step 6 Decide the T Z A -satisfiability of F 5 using the decision procedure for the quantifier-free fragment of T Z A. 25 / 29
129 Decision Procedure for Array Property Fragment of T Z A Theorem (Sound & Complete) Let F be a Σ Z A -formula of the array property fragment of T A Z. The output of F 5 by the algorithm is TA Z -equisatisfiable to F. 26 / 29
130 Decision Procedure for Array Property Fragment of T Z A Theorem (Sound & Complete) Let F be a Σ Z A -formula of the array property fragment of T A Z. The output of F 5 by the algorithm is TA Z -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. 26 / 29
131 Decision Procedure for Array Property Fragment of T Z A Theorem (Sound & Complete) Let F be a Σ Z A -formula of the array property fragment of T A Z. The output of F 5 by the algorithm is TA Z -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Assume I = F 5 and index set I. Construct J such that J = F : 26 / 29
132 Decision Procedure for Array Property Fragment of T Z A Theorem (Sound & Complete) Let F be a Σ Z A -formula of the array property fragment of T A Z. The output of F 5 by the algorithm is TA Z -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Assume I = F 5 and index set I. Construct J such that J = F : iff proj I (t) = i I α I[i] α I[t] ( j I. α I[j] α I[t] α I[j] α I[i]). or α I[t] > α I[i] ( j I. α I[i] α I[j]). 26 / 29
133 Decision Procedure for Array Property Fragment of T Z A Theorem (Sound & Complete) Let F be a Σ Z A -formula of the array property fragment of T A Z. The output of F 5 by the algorithm is TA Z -equisatisfiable to F. Proof (Sketch): Step 5 weakens universal quantification to finite conjunction. Assume I = F 5 and index set I. Construct J such that J = F : iff proj I (t) = i I α I[i] α I[t] ( j I. α I[j] α I[t] α I[j] α I[i]). or α I[t] > α I[i] ( j I. α I[i] α I[j]). Extend proj I to vectors. Define J like I except for arrays, i.e., a[i] = a[proj I (i)]. 26 / 29
134 Decision Procedure for Array Property Fragment of T Z A Assume an arbitrary theory T with signature Σ for the array elements. Theorem (Sound & Complete) Let F be a (Σ Z A Σ)-formula of the array property fragment of (T A Z T ). The output of F 5 by the algorithm is (TA Z T )-equisatisfiable to F. 27 / 29
135 Decision Procedure for Array Property Fragment of T Z A Assume an arbitrary theory T with signature Σ for the array elements. Theorem (Sound & Complete) Let F be a (Σ Z A Σ)-formula of the array property fragment of (T A Z T ). The output of F 5 by the algorithm is (TA Z T )-equisatisfiable to F. Theorem (Complexity) Suppose T -satisfiability is in NP. For sub-fragments of the array property fragment of (TA Z T ) in which formula have bounded-size blocks of quantifiers, (TA Z T )-satisfiability is NP-complete. 27 / 29
136 Conclusion For verification purpose we need support for Theory of Arrays. 28 / 29
137 Conclusion For verification purpose we need support for Theory of Arrays. Succint fragments are decidable and NP-complete. 28 / 29
138 Conclusion For verification purpose we need support for Theory of Arrays. Succint fragments are decidable and NP-complete. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { if(arr [i] >= max ) { max = arr [i]; } } return max ; } 28 / 29
139 Conclusion For verification purpose we need support for Theory of Arrays. Succint fragments are decidable and NP-complete. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { if(arr [i] >= max ) { max = arr [i]; } Required Theories } return max ; T Z T E T A } 28 / 29
140 Conclusion For verification purpose we need support for Theory of Arrays. Succint fragments are decidable and NP-complete. arr > 0 forall ix. ( ix >= 0 && ix < arr -> rv >= arr [ ix ]) int max ( int [] arr ) { int max = arr [0]; forall j. (j < i && j >= 0 -> max >= arr [j]) for ( int i = 1; i < arr ; i = i + 1) { if(arr [i] >= max ) { max = arr [i]; } Required Theories } return max ; T Z T E T A } 28 / 29
141 29 / 29 Bibliography Aaron R. Bradley and Zohar Manna The Calculus of Computation. Springer Berlin Heidelberg, 2007 Aaron R. Bradley, Zohar Manna, and Henny B. Sipma Whats Decidable About Arrays? In VMCAI 06 Proceedings of the 7th International Conference of Verification, Model Checking and Abstract Interpretation, p Aaron Stump, Clark W Barrett, David L. Dill, and Jeremy Levitt A Decision Procedure for an Extensional Theory of Arrays. In LICS 01 Proceedings of the 16th Annual IEEE Symposium on Logic in Computer Science, p Jochen Hoenicke Decision Procedures Summer Theory of Arrays Software Engineering, Albert-Ludwigs-University Freiburg
First-Order Theories
First-Order Theories Ruzica Piskac Max Planck Institute for Software Systems, Germany piskac@mpi-sws.org Seminar on Decision Procedures 2012 Ruzica Piskac First-Order Theories 1 / 39 Acknowledgments Theories
More informationIntroduction to Logic in Computer Science: Autumn 2006
Introduction to Logic in Computer Science: Autumn 2006 Ulle Endriss Institute for Logic, Language and Computation University of Amsterdam Ulle Endriss 1 Plan for Today Now that we have a basic understanding
More informationChair of Software Engineering. Software Verification. Assertion Inference. Carlo A. Furia
Chair of Software Engineering Software Verification Assertion Inference Carlo A. Furia Proving Programs Automatically The Program Verification problem: Given: a program P and a specification S = [Pre,
More informationInvGen: An Efficient Invariant Generator
InvGen: An Efficient Invariant Generator Ashutosh Gupta and Andrey Rybalchenko Max Planck Institute for Software Systems (MPI-SWS) Abstract. In this paper we present InvGen, an automatic linear arithmetic
More informationIntroduction to Scheduling Theory
Introduction to Scheduling Theory Arnaud Legrand Laboratoire Informatique et Distribution IMAG CNRS, France arnaud.legrand@imag.fr November 8, 2004 1/ 26 Outline 1 Task graphs from outer space 2 Scheduling
More informationAnalyzing First-order Role Based Access Control
Analyzing First-order Role Based Access Control Carlos Cotrini, Thilo Weghorn, David Basin, and Manuel Clavel Department of Computer Science ETH Zurich, Switzerland {basin, ccarlos, thiloweghorn}@infethzch
More informationWhy? A central concept in Computer Science. Algorithms are ubiquitous.
Analysis of Algorithms: A Brief Introduction Why? A central concept in Computer Science. Algorithms are ubiquitous. Using the Internet (sending email, transferring files, use of search engines, online
More informationON FUNCTIONAL SYMBOL-FREE LOGIC PROGRAMS
PROCEEDINGS OF THE YEREVAN STATE UNIVERSITY Physical and Mathematical Sciences 2012 1 p. 43 48 ON FUNCTIONAL SYMBOL-FREE LOGIC PROGRAMS I nf or m at i cs L. A. HAYKAZYAN * Chair of Programming and Information
More informationCS510 Software Engineering
CS510 Software Engineering Propositional Logic Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Scott A. Carr Slides inspired by Xiangyu Zhang http://nebelwelt.net/teaching/15-cs510-se
More information! " # The Logic of Descriptions. Logics for Data and Knowledge Representation. Terminology. Overview. Three Basic Features. Some History on DLs
,!0((,.+#$),%$(-&.& *,2(-$)%&2.'3&%!&, Logics for Data and Knowledge Representation Alessandro Agostini agostini@dit.unitn.it University of Trento Fausto Giunchiglia fausto@dit.unitn.it The Logic of Descriptions!$%&'()*$#)
More informationData integration general setting
Data integration general setting A source schema S: relational schema XML Schema (DTD), etc. A global schema G: could be of many different types too A mapping M between S and G: many ways to specify it,
More informationLecture 8: Resolution theorem-proving
Comp24412 Symbolic AI Lecture 8: Resolution theorem-proving Ian Pratt-Hartmann Room KB2.38: email: ipratt@cs.man.ac.uk 2014 15 In the previous Lecture, we met SATCHMO, a first-order theorem-prover implemented
More informationHandout #1: Mathematical Reasoning
Math 101 Rumbos Spring 2010 1 Handout #1: Mathematical Reasoning 1 Propositional Logic A proposition is a mathematical statement that it is either true or false; that is, a statement whose certainty or
More informationNP-Completeness and Cook s Theorem
NP-Completeness and Cook s Theorem Lecture notes for COM3412 Logic and Computation 15th January 2002 1 NP decision problems The decision problem D L for a formal language L Σ is the computational task:
More informationNotes on Complexity Theory Last updated: August, 2011. Lecture 1
Notes on Complexity Theory Last updated: August, 2011 Jonathan Katz Lecture 1 1 Turing Machines I assume that most students have encountered Turing machines before. (Students who have not may want to look
More informationModel Checking: An Introduction
Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI
More informationCassandra. References:
Cassandra References: Becker, Moritz; Sewell, Peter. Cassandra: Flexible Trust Management, Applied to Electronic Health Records. 2004. Li, Ninghui; Mitchell, John. Datalog with Constraints: A Foundation
More informationSystem BV is NP-complete
System BV is NP-complete Ozan Kahramanoğulları 1,2 Computer Science Institute, University of Leipzig International Center for Computational Logic, TU Dresden Abstract System BV is an extension of multiplicative
More informationMATHEMATICS: CONCEPTS, AND FOUNDATIONS Vol. III - Logic and Computer Science - Phokion G. Kolaitis
LOGIC AND COMPUTER SCIENCE Phokion G. Kolaitis Computer Science Department, University of California, Santa Cruz, CA 95064, USA Keywords: algorithm, Armstrong s axioms, complete problem, complexity class,
More informationThe composition of Mappings in a Nautural Interface
Composing Schema Mappings: Second-Order Dependencies to the Rescue Ronald Fagin IBM Almaden Research Center fagin@almaden.ibm.com Phokion G. Kolaitis UC Santa Cruz kolaitis@cs.ucsc.edu Wang-Chiew Tan UC
More informationCHAPTER 3. Methods of Proofs. 1. Logical Arguments and Formal Proofs
CHAPTER 3 Methods of Proofs 1. Logical Arguments and Formal Proofs 1.1. Basic Terminology. An axiom is a statement that is given to be true. A rule of inference is a logical rule that is used to deduce
More informationHigh Integrity Software Conference, Albuquerque, New Mexico, October 1997.
Meta-Amphion: Scaling up High-Assurance Deductive Program Synthesis Steve Roach Recom Technologies NASA Ames Research Center Code IC, MS 269-2 Moffett Field, CA 94035 sroach@ptolemy.arc.nasa.gov Jeff Van
More informationScalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving
Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving Alessandro Armando 1,2 and Silvio Ranise 2, 1 DIST, Università degli Studi di Genova, Italia 2 Security
More informationMonitoring Metric First-order Temporal Properties
Monitoring Metric First-order Temporal Properties DAVID BASIN, FELIX KLAEDTKE, SAMUEL MÜLLER, and EUGEN ZĂLINESCU, ETH Zurich Runtime monitoring is a general approach to verifying system properties at
More informationLecture 7: NP-Complete Problems
IAS/PCMI Summer Session 2000 Clay Mathematics Undergraduate Program Basic Course on Computational Complexity Lecture 7: NP-Complete Problems David Mix Barrington and Alexis Maciel July 25, 2000 1. Circuit
More informationFormal Verification of Software
Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification
More informationOne More Decidable Class of Finitely Ground Programs
One More Decidable Class of Finitely Ground Programs Yuliya Lierler and Vladimir Lifschitz Department of Computer Sciences, University of Texas at Austin {yuliya,vl}@cs.utexas.edu Abstract. When a logic
More informationHow To Understand The Theory Of Computer Science
Theory of Computation Lecture Notes Abhijat Vichare August 2005 Contents 1 Introduction 2 What is Computation? 3 The λ Calculus 3.1 Conversions: 3.2 The calculus in use 3.3 Few Important Theorems 3.4 Worked
More informationfacultad de informática universidad politécnica de madrid
facultad de informática universidad politécnica de madrid On the Confluence of CHR Analytical Semantics Rémy Haemmerlé Universidad olitécnica de Madrid & IMDEA Software Institute, Spain TR Number CLI2/2014.0
More informationElementary Number Theory and Methods of Proof. CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.
Elementary Number Theory and Methods of Proof CSE 215, Foundations of Computer Science Stony Brook University http://www.cs.stonybrook.edu/~cse215 1 Number theory Properties: 2 Properties of integers (whole
More informationIntroduction to tuple calculus Tore Risch 2011-02-03
Introduction to tuple calculus Tore Risch 2011-02-03 The relational data model is based on considering normalized tables as mathematical relationships. Powerful query languages can be defined over such
More information3. Mathematical Induction
3. MATHEMATICAL INDUCTION 83 3. Mathematical Induction 3.1. First Principle of Mathematical Induction. Let P (n) be a predicate with domain of discourse (over) the natural numbers N = {0, 1,,...}. If (1)
More informationMathematics for Computer Science/Software Engineering. Notes for the course MSM1F3 Dr. R. A. Wilson
Mathematics for Computer Science/Software Engineering Notes for the course MSM1F3 Dr. R. A. Wilson October 1996 Chapter 1 Logic Lecture no. 1. We introduce the concept of a proposition, which is a statement
More informationTransformation Techniques for Constraint Logic Programs with Applications to Protocol Verification
UNIVERSITÀ DEGLI STUDI DI ROMA TOR VERGATA FACOLTÀ DI INGEGNERIA DOTTORATO DI RICERCA IN INFORMATICA ED INGEGNERIA DELL AUTOMAZIONE XX CICLO Transformation Techniques for Constraint Logic Programs with
More informationTrust but Verify: Authorization for Web Services. The University of Vermont
Trust but Verify: Authorization for Web Services Christian Skalka X. Sean Wang The University of Vermont Trust but Verify (TbV) Reliable, practical authorization for web service invocation. Securing complex
More informationReasoning About the Unknown in Static Analysis
Reasoning About the Unknown in Static Analysis Isil Dillig Thomas Dillig Alex Aiken {isil, tdillig, aiken}@cs.stanford.edu Computer Science Department Stanford University ABSTRACT Static program analysis
More informationClassification - Examples
Lecture 2 Scheduling 1 Classification - Examples 1 r j C max given: n jobs with processing times p 1,...,p n and release dates r 1,...,r n jobs have to be scheduled without preemption on one machine taking
More informationA Decision Procedure for Bit-Vectors and Arrays
A Decision Procedure for Bit-Vectors and Arrays VijayGaneshandDavidL.Dill Computer Systems Laboratory Stanford University {vganesh, dill}@cs.stanford.edu Abstract. STP is a decision procedure for the satisfiability
More informationLanguage. Johann Eder. Universitat Klagenfurt. Institut fur Informatik. Universiatsstr. 65. A-9020 Klagenfurt / AUSTRIA
PLOP: A Polymorphic Logic Database Programming Language Johann Eder Universitat Klagenfurt Institut fur Informatik Universiatsstr. 65 A-9020 Klagenfurt / AUSTRIA February 12, 1993 Extended Abstract The
More informationXML Data Integration
XML Data Integration Lucja Kot Cornell University 11 November 2010 Lucja Kot (Cornell University) XML Data Integration 11 November 2010 1 / 42 Introduction Data Integration and Query Answering A data integration
More informationOPERATIONAL TYPE THEORY by Adam Petcher Prepared under the direction of Professor Aaron Stump A thesis presented to the School of Engineering of
WASHINGTON NIVERSITY SCHOOL OF ENGINEERING AND APPLIED SCIENCE DEPARTMENT OF COMPTER SCIENCE AND ENGINEERING DECIDING JOINABILITY MODLO GROND EQATIONS IN OPERATIONAL TYPE THEORY by Adam Petcher Prepared
More informationML for the Working Programmer
ML for the Working Programmer 2nd edition Lawrence C. Paulson University of Cambridge CAMBRIDGE UNIVERSITY PRESS CONTENTS Preface to the Second Edition Preface xiii xv 1 Standard ML 1 Functional Programming
More informationOpus: University of Bath Online Publication Store http://opus.bath.ac.uk/
England, M. (2014) Formulating problems for real algebraic geometry. In: UNSPECIFIED. Link to official URL (if available): Opus: University of Bath Online Publication Store http://opus.bath.ac.uk/ This
More informationProgram Monitoring with LTL in EAGLE
Howard Barringer University of Manchester, England Program Monitoring with LTL in EAGLE Allen Goldberg, Klaus Havelund Kestrel Technology, NASA Ames Research Center, USA Koushik Sen University of Illinois,
More informationComputability Theory
CSC 438F/2404F Notes (S. Cook and T. Pitassi) Fall, 2014 Computability Theory This section is partly inspired by the material in A Course in Mathematical Logic by Bell and Machover, Chap 6, sections 1-10.
More informationFirst-Order Logics and Truth Degrees
First-Order Logics and Truth Degrees George Metcalfe Mathematics Institute University of Bern LATD 2014, Vienna Summer of Logic, 15-19 July 2014 George Metcalfe (University of Bern) First-Order Logics
More informationo-minimality and Uniformity in n 1 Graphs
o-minimality and Uniformity in n 1 Graphs Reid Dale July 10, 2013 Contents 1 Introduction 2 2 Languages and Structures 2 3 Definability and Tame Geometry 4 4 Applications to n 1 Graphs 6 5 Further Directions
More informationNP-complete? NP-hard? Some Foundations of Complexity. Prof. Sven Hartmann Clausthal University of Technology Department of Informatics
NP-complete? NP-hard? Some Foundations of Complexity Prof. Sven Hartmann Clausthal University of Technology Department of Informatics Tractability of Problems Some problems are undecidable: no computer
More informationMONPOLY: Monitoring Usage-control Policies
MONPOLY: Monitoring Usage-control Policies David Basin, Matúš Harvan, Felix Klaedtke, and Eugen Zălinescu Computer Science Department, ETH Zurich, Switzerland 1 Introduction Determining whether the usage
More informationLecture 13 of 41. More Propositional and Predicate Logic
Lecture 13 of 41 More Propositional and Predicate Logic Monday, 20 September 2004 William H. Hsu, KSU http://www.kddresearch.org http://www.cis.ksu.edu/~bhsu Reading: Sections 8.1-8.3, Russell and Norvig
More informationLecture Notes on Linear Search
Lecture Notes on Linear Search 15-122: Principles of Imperative Computation Frank Pfenning Lecture 5 January 29, 2013 1 Introduction One of the fundamental and recurring problems in computer science is
More informationStatic Program Transformations for Efficient Software Model Checking
Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major
More informationMathematical Induction
Mathematical Induction In logic, we often want to prove that every member of an infinite set has some feature. E.g., we would like to show: N 1 : is a number 1 : has the feature Φ ( x)(n 1 x! 1 x) How
More informationTECHNICAL UNIVERSITY OF CRETE DATA STRUCTURES FILE STRUCTURES
TECHNICAL UNIVERSITY OF CRETE DEPT OF ELECTRONIC AND COMPUTER ENGINEERING DATA STRUCTURES AND FILE STRUCTURES Euripides G.M. Petrakis http://www.intelligence.tuc.gr/~petrakis Chania, 2007 E.G.M. Petrakis
More information5.1 Bipartite Matching
CS787: Advanced Algorithms Lecture 5: Applications of Network Flow In the last lecture, we looked at the problem of finding the maximum flow in a graph, and how it can be efficiently solved using the Ford-Fulkerson
More informationCost Model: Work, Span and Parallelism. 1 The RAM model for sequential computation:
CSE341T 08/31/2015 Lecture 3 Cost Model: Work, Span and Parallelism In this lecture, we will look at how one analyze a parallel program written using Cilk Plus. When we analyze the cost of an algorithm
More informationRegression Verification: Status Report
Regression Verification: Status Report Presentation by Dennis Felsing within the Projektgruppe Formale Methoden der Softwareentwicklung 2013-12-11 1/22 Introduction How to prevent regressions in software
More informationRigorous Software Development CSCI-GA 3033-009
Rigorous Software Development CSCI-GA 3033-009 Instructor: Thomas Wies Spring 2013 Lecture 11 Semantics of Programming Languages Denotational Semantics Meaning of a program is defined as the mathematical
More informationhttp://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86
Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy
More informationEFFICIENT KNOWLEDGE BASE MANAGEMENT IN DCSP
EFFICIENT KNOWLEDGE BASE MANAGEMENT IN DCSP Hong Jiang Mathematics & Computer Science Department, Benedict College, USA jiangh@benedict.edu ABSTRACT DCSP (Distributed Constraint Satisfaction Problem) has
More informationOffline 1-Minesweeper is NP-complete
Offline 1-Minesweeper is NP-complete James D. Fix Brandon McPhail May 24 Abstract We use Minesweeper to illustrate NP-completeness proofs, arguments that establish the hardness of solving certain problems.
More informationBounded-width QBF is PSPACE-complete
Bounded-width QBF is PSPACE-complete Albert Atserias 1 and Sergi Oliva 2 1 Universitat Politècnica de Catalunya Barcelona, Spain atserias@lsi.upc.edu 2 Universitat Politècnica de Catalunya Barcelona, Spain
More informationPropagating Functional Dependencies with Conditions
Propagating Functional Dependencies with Conditions Wenfei Fan 1,2,3 Shuai Ma 1 Yanli Hu 1,5 Jie Liu 4 Yinghui Wu 1 1 University of Edinburgh 2 Bell Laboratories 3 Harbin Institute of Technologies 4 Chinese
More informationStaRVOOrS: A Tool for Combined Static and Runtime Verification of Java
StaRVOOrS: A Tool for Combined Static and Runtime Verification of Java Jesús Mauricio Chimento 1, Wolfgang Ahrendt 1, Gordon J. Pace 2, and Gerardo Schneider 3 1 Chalmers University of Technology, Sweden.
More informationBindings, mobility of bindings, and the -quantifier
ICMS, 26 May 2007 1/17 Bindings, mobility of bindings, and the -quantifier Dale Miller, INRIA-Saclay and LIX, École Polytechnique This talk is based on papers with Tiu in LICS2003 & ACM ToCL, and experience
More informationBugs, Moles and Skeletons: Symbolic Reasoning for Software Development
Bugs, Moles and Skeletons: Symbolic Reasoning for Software Development Leonardo de Moura and Nikolaj Bjørner Microsoft Research, One Microsoft Way, Redmond, WA, 98052, USA {leonardo, nbjorner@microsoft.com
More informationAutomatic Test Data Synthesis using UML Sequence Diagrams
Vol. 09, No. 2, March April 2010 Automatic Test Data Synthesis using UML Sequence Diagrams Ashalatha Nayak and Debasis Samanta School of Information Technology Indian Institute of Technology, Kharagpur
More informationChapter 1. NP Completeness I. 1.1. Introduction. By Sariel Har-Peled, December 30, 2014 1 Version: 1.05
Chapter 1 NP Completeness I By Sariel Har-Peled, December 30, 2014 1 Version: 1.05 "Then you must begin a reading program immediately so that you man understand the crises of our age," Ignatius said solemnly.
More informationnpsolver A SAT Based Solver for Optimization Problems
npsolver A SAT Based Solver for Optimization Problems Norbert Manthey and Peter Steinke Knowledge Representation and Reasoning Group Technische Universität Dresden, 01062 Dresden, Germany peter@janeway.inf.tu-dresden.de
More informationCOMPUTER SCIENCE TRIPOS
CST.98.5.1 COMPUTER SCIENCE TRIPOS Part IB Wednesday 3 June 1998 1.30 to 4.30 Paper 5 Answer five questions. No more than two questions from any one section are to be answered. Submit the answers in five
More informationComplexity Theory. Jörg Kreiker. Summer term 2010. Chair for Theoretical Computer Science Prof. Esparza TU München
Complexity Theory Jörg Kreiker Chair for Theoretical Computer Science Prof. Esparza TU München Summer term 2010 Lecture 8 PSPACE 3 Intro Agenda Wrap-up Ladner proof and time vs. space succinctness QBF
More informationAutomated Theorem Proving - summary of lecture 1
Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of
More informationCoNP and Function Problems
CoNP and Function Problems conp By definition, conp is the class of problems whose complement is in NP. NP is the class of problems that have succinct certificates. conp is therefore the class of problems
More informationComputational Logic and Cognitive Science: An Overview
Computational Logic and Cognitive Science: An Overview Session 1: Logical Foundations Technical University of Dresden 25th of August, 2008 University of Osnabrück Who we are Helmar Gust Interests: Analogical
More informationCommon Approaches to Real-Time Scheduling
Common Approaches to Real-Time Scheduling Clock-driven time-driven schedulers Priority-driven schedulers Examples of priority driven schedulers Effective timing constraints The Earliest-Deadline-First
More informationConstructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers
Constructing Contracts: Making Discrete Mathematics Relevant to Beginning Programmers TIMOTHY S. GEGG-HARRISON Winona State University Although computer scientists understand the importance of discrete
More informationTableaux Modulo Theories using Superdeduction
Tableaux Modulo Theories using Superdeduction An Application to the Verification of B Proof Rules with the Zenon Automated Theorem Prover Mélanie Jacquel 1, Karim Berkani 1, David Delahaye 2, and Catherine
More informationModel Checking II Temporal Logic Model Checking
1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:
More informationUpdating Action Domain Descriptions
Updating Action Domain Descriptions Thomas Eiter, Esra Erdem, Michael Fink, and Ján Senko Institute of Information Systems, Vienna University of Technology, Vienna, Austria Email: (eiter esra michael jan)@kr.tuwien.ac.at
More informationDiscuss the size of the instance for the minimum spanning tree problem.
3.1 Algorithm complexity The algorithms A, B are given. The former has complexity O(n 2 ), the latter O(2 n ), where n is the size of the instance. Let n A 0 be the size of the largest instance that can
More informationCHAPTER 7 GENERAL PROOF SYSTEMS
CHAPTER 7 GENERAL PROOF SYSTEMS 1 Introduction Proof systems are built to prove statements. They can be thought as an inference machine with special statements, called provable statements, or sometimes
More informationPredicate logic Proofs Artificial intelligence. Predicate logic. SET07106 Mathematics for Software Engineering
Predicate logic SET07106 Mathematics for Software Engineering School of Computing Edinburgh Napier University Module Leader: Uta Priss 2010 Copyright Edinburgh Napier University Predicate logic Slide 1/24
More informationOHJ-2306 Introduction to Theoretical Computer Science, Fall 2012 8.11.2012
276 The P vs. NP problem is a major unsolved problem in computer science It is one of the seven Millennium Prize Problems selected by the Clay Mathematics Institute to carry a $ 1,000,000 prize for the
More informationA simple algorithm with no simple verication
A simple algorithm with no simple verication Laszlo Csirmaz Central European University Abstract The correctness of a simple sorting algorithm is resented, which algorithm is \evidently wrong" at the rst
More informationA first step towards modeling semistructured data in hybrid multimodal logic
A first step towards modeling semistructured data in hybrid multimodal logic Nicole Bidoit * Serenella Cerrito ** Virginie Thion * * LRI UMR CNRS 8623, Université Paris 11, Centre d Orsay. ** LaMI UMR
More informationThis asserts two sets are equal iff they have the same elements, that is, a set is determined by its elements.
3. Axioms of Set theory Before presenting the axioms of set theory, we first make a few basic comments about the relevant first order logic. We will give a somewhat more detailed discussion later, but
More informationGenerating models of a matched formula with a polynomial delay
Generating models of a matched formula with a polynomial delay Petr Savicky Institute of Computer Science, Academy of Sciences of Czech Republic, Pod Vodárenskou Věží 2, 182 07 Praha 8, Czech Republic
More informationTemporal Logics. Computation Tree Logic
Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving
More informationA Static Analyzer for Large Safety-Critical Software. Considered Programs and Semantics. Automatic Program Verification by Abstract Interpretation
PLDI 03 A Static Analyzer for Large Safety-Critical Software B. Blanchet, P. Cousot, R. Cousot, J. Feret L. Mauborgne, A. Miné, D. Monniaux,. Rival CNRS École normale supérieure École polytechnique Paris
More informationApproximation Algorithms
Approximation Algorithms or: How I Learned to Stop Worrying and Deal with NP-Completeness Ong Jit Sheng, Jonathan (A0073924B) March, 2012 Overview Key Results (I) General techniques: Greedy algorithms
More informationPlan-Space Search. Searching for a Solution Plan in a Graph of Partial Plans
Plan-Space Search Searching for a Solution Plan in a Graph of Partial Plans Literature Malik Ghallab, Dana Nau, and Paolo Traverso. Automated Planning Theory and Practice, chapter 2 and 5. Elsevier/Morgan
More information2 Temporal Logic Model Checking
Bounded Model Checking Using Satisfiability Solving Edmund Clarke 1, Armin Biere 2, Richard Raimi 3, and Yunshan Zhu 4 1 Computer Science Department, CMU, 5000 Forbes Avenue Pittsburgh, PA 15213, USA,
More informationSchedule. Logic (master program) Literature & Online Material. gic. Time and Place. Literature. Exercises & Exam. Online Material
OLC mputational gic Schedule Time and Place Thursday, 8:15 9:45, HS E Logic (master program) Georg Moser Institute of Computer Science @ UIBK week 1 October 2 week 8 November 20 week 2 October 9 week 9
More informationMinimum Satisfying Assignments for SMT
Minimum Satisfying Assignments for SMT Isil Dillig 1, Thomas Dillig 1, Kenneth L. McMillan 2, and Alex Aiken 3 1 College of William & Mary 2 Microsoft Research 3 Stanford University Abstract. A minimum
More informationSoftware Modeling and Verification
Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system
More informationIntroducing Formal Methods. Software Engineering and Formal Methods
Introducing Formal Methods Formal Methods for Software Specification and Analysis: An Overview 1 Software Engineering and Formal Methods Every Software engineering methodology is based on a recommended
More informationDecentralizing SDN Policies
Decentralizing SDN Policies Oded Padon Tel Aviv University odedp@mail.tau.ac.il Neil Immerman University of Massachusetts, Amherst immerman@cs.umass.edu Aleksandr Karbyshev Tel Aviv University karbyshev@post.tau.ac.il
More informationA Semantical Perspective on Verification of Knowledge
A Semantical Perspective on Verification of Knowledge Paul Leemans, Jan Treur, Mark Willems Vrije Universiteit Amsterdam, Department of Artificial Intelligence De Boelelaan 1081a, 1081 HV Amsterdam The
More informationThe Classes P and NP
The Classes P and NP We now shift gears slightly and restrict our attention to the examination of two families of problems which are very important to computer scientists. These families constitute the
More informationChapter 11. 11.1 Load Balancing. Approximation Algorithms. Load Balancing. Load Balancing on 2 Machines. Load Balancing: Greedy Scheduling
Approximation Algorithms Chapter Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A. Theory says you're unlikely to find a poly-time algorithm. Must sacrifice one
More information