efficient craig interpolation for linear diophantine (dis)equations & linear modular equations

Efficient Craig InterpolationEfficient Craig InterpolationforforLinear Diophantine (Dis)EquationsLinear Diophantine (Dis)Equations&& Linear Modular Equations Linear Modular Equations

Jain, Clarke & Grumberg CAV08

We saw (in Yael’s talk):

Interpolants are used in abstraction refinement for finding a set of predicates in order to rule out spurious counterexamples

c1x1+c2x2+… + cnxn = (≠) c0

These predicates are of the form of linear (dis)equations:

1x:=ctr

2

3

... 5

ctr:=ctr+1

y:=ctr

4x=m

ERR …

x≠m

y=m+1y≠m+1

We first discuss equations of the types:

c1x1+c2x2+… + cnxn = c0

a Linear Diophantine Equation (LDE)

Rational

Integral variable

c1x1+c2x2+… + cnxn ≡ c0(mod m)

a Linear Modular Equation (LME)

Rational

A system of LDEs can be written as:

A X = C

A system of LMEs can be written as:

A X ≡mC

A system of LDEs as a conjunction:

A1

A2X =

C1

C2

(A1X = C1) ^ (A2X = C2)

A system of LDEs CX=B is unsatisfiableunsatisfiable if it has

no integral solution for X

Example:

1 1 01- 1 00 2 2

xyz

=113

x+y=1x-y=1

y=0

2*0+2z=3 z=2.5

We say that

A1

A2

)A1X = C1 (^) A2X = C2( ==false

XC1

C2

Theorem: AX=B == false

iff there exists a rational vector R such that:•RA is integral •RB is not an integer

We call R a proof of unsatisfiability for AX=B

0.5- 0.5R :=

=01

1- 2 01 0- 2

xyz

Example:

AX=B :=

RA = 1- 1 1

RB = 0.5

AX=B == false

)A1X = C1( ^ )A2X = C2( ==falseAn interpolant for

is a system AX=C such that:

(A1X = C1) (AX=C)

(AX=C) ^ (A2X = C2) == false

AX=C refers only to xi common to A1, A2.

For instance ,A1X=C1 UA1X=UC1

for a rational vector U

X has no integral solution in )AX=C (and (A2X = C2)

Only to xi who have coefficients ≠ 0 in A1 and in A2

Every integral solution for A1X=C1 is also an integral solution for

AX=C

An interpolant

=1 1 01- 1 0

xyz

0.5- 0.5 0.5- 0.5 11

Example:

0 2 2 x

yz

=11

1 1 01- 1 0

xyz

^= 3

==false

= 00 1 0 xyz

0 2 2 xyz

^ = 3 ==false

Lemma: AX=B implies CX=D iff

AX=B is unsatisfiable

or there exists a vector R such that C = RA and D=RB

Example:

1 0- 2 xyz

= 01- 2 0 xyz

^ = 1 ==false

X is even X is odd

proof:

An unsatisfiable system of LDEs does not always

have an LDE as an interpolant.

However, there exists an LME as an interpolant:

xyz

1 0 0 ≡2 0There always exists an LME

as an interpolant

If the system has an LDE as an interpolant

then it is of the form: r(x-2y)=0

It can only contain x as a common variable r=0

But 0=0 is not an interpolant:

(x-2z)=1^(0=0) is satisfiable

An algorithm for finding interpolants

Let AX=A’ ^ BX=B’ == false Let R = [R1 R2] be a proof of unsatisfiability:

R1A+R2B is integralR1A’+R2B’ is not an integer

The LDE R1AX=R1A’ is a partial interpolant for the system

=AB X

A’

B’

R1 R2 R1 R2R1AX+R2BX R1A’+R2B’

R1AX=R1A’ ==

\i A B i AB

i i i ix V x V

a x b x c

variables occuring only in

AX=A’variables occuring in both

AX=A’ and in BX=B’

The LDE R1AX=R1A’ is a partial interpolant for the system

R1AX=R1A’ ==

\i A B i AB

i i i ix V x V

a x b x c

variables occuring

only in AX=A’ variables occuring in bothAX=A’ and in BX=B’

R1AX+R2BX = R1A’+R2B’

Lemma: ai is an integer

These variables do not appear in R2BX, and R1AX+R2BX is integral


Lemma:

The partial interpolant R1AX=R1A’ satisfies:

AX=A’ R1AX=R1A’ 1.

2.(R1AX=R1A’) ^ (BX=B’) == false


Proof:

(R1AX=R1A’) ^ (BX=B’)

R1AB X =

R1A’

B’

R1AB

= R1A+R2B1 R2 1 R1A’B’

= R1A’+R2B’R2

integralnot an integer

[1 R2] is a proof of unsatisfiability


R1AX=R1A’ == \i A B i AB

i i i ix V x V

a x b x c

If all ai=0, then the partial interpolant

is also an interpolant for AX=A’ ^ BX=B’:

We saw the first two conditions hold.In case ai=0 , then R1AX=R1A’ is over variables common to AX=A’ and to BX=B’.

Example:

0 2 2 xyz

=11

1 1 01- 1 0

xyz

^ = 3 ==false

1 1 01- 1 00 2 2

=113

xyz

A proof of unsatisfiability: 0.5- 0.5 0.5

The partial interpolant:

0.5- 0.5 1 1 01- 1 0

= 0.5- 0.5xyz

11

0 1 0 xyz

= 0

Only over y , common to both LDEs. the partial interpolant is also an interpolant.


Doesn’t always work:

^ 1 0- 2 x

yz

= 01- 2 0 xyz

= 1 ==false

X is even X is odd

1- 2 01 0- 2 =

01

xyz

A proof of unsatisfiability: 0.5 0.5


0.5 1- 2 0 = 0.5xyz

0 0.5- 1 0 xyz

= 0

Only over x and y , not common to both LDEs. the partial interpolant is not an interpolant.

flashback: This system does not have an LDE

interpolant



By removing variables not common to AX=A’ and BX=B’

Obtaining an LME interpolant

α := gcd of ai

β := integer such that β|α

ai is an integer α is an integer

(mod )i AB

i ix V

b x c

Then is an interpolant

\i A B i AB

i i i ix V x V

a x b x c


(mod )i AB

i ix V

b x c

is an interpolant

Proof:

1. AX=A’ R1AX=R1A’ R1AX ≡β R1A’ β|α, α|ai

\i A B i AB

i i i ix V x V

a x b x c

i AB

i ix V

b x c

^i AB

i ix V

b x c

2. Suppose that BX=B’ has an integral solution xi=gi

BX=B’ R2BX=R2B’ xi=gi is a solution for R2BX=R2B’

R2BG=R2B’ ==/i AB i B A

i i i ix V x V

e g f g d


R2BG=R2B’ =/i AB i B A

i i i ix V x V

e g f g d

/

( )i AB i B A

i i i i ix V x V

t b e g f g c d

R1A’+R2B’

not an integer

an integer an integeran integer

A contradiction

R1A+R2B is integral

i AB

i ix V

b x c

^ BX=B’ == false

3. The expression is over variables common to AX=A’ and BX=B

An interpolant!


i AB

i ix V

b g t c

+

R1AG ≡β R1A’

An algorithm for finding interpolants (summary):

Given an unsatisfiable system of LDEs AX=A’ and BX=B’:

1. compute a proof of unsatisfiability [R1 R2]

2. compute the partial interpolant R1AX=R1A’

How? still to come...

else return R1AX=R1A’

3. if R1AX=R1A’ is not only over VAB :

3.1 compute the gcd α of coefficients of xi’s in VA/B

3.2 compute β that divides α

3.3 return (mod )i AB

i ix V

b x c

Interpolants for LMEs

c1x1+c2x2+… + cnxn ≡ c0(mod m) A X ≡m C

Theorem:

AX ≡m B == false iff there exists a rational vector R such that:•RA is integral •mR is integral•RB is not an integer

We call R a proof of unsatisfiability for AX ≡m B

1/4- 1/2- 1/8R :=

≡8 444

2 2 2 1 4 0

xy

Example:

AX ≡m B :=

AX ≡m B == false

RA = -1 0

RB = -3/2

mR = 2- 4- 1

Proof:

An LME CX≡m D: c11 …… c1n

c21 …… c2n

cn1 …… ctn

For each equation: ci1x1+ci2x2+ … + cinxn ≡m di

Add a new variable: ci1x1+ci2x2+ … + cinxn + mvi = di

The two equations are equi-satisfiable

x1

x2

xn

≡m

d1

d2

dt


The new systemC’Z=D:

c11 …… c1n m 0 … 0 c21 …… c2n 0 m … 0

cn1 …… ctn 0 0 … m

x1.

xn

v1.

vt

=

d1

d2

dt

CX ≡m D has an integral solution iff C’Z=D has one.


•CX ≡m D has no integral solution iff •C’Z=D has no integral solution iff•There exists a vector R such that RC’ is integral and RD is not an integer

Let R=[r1 r2 … rt]

=[RC[1] RC[2] … RC[n] mr1 mr2 …. mrt] = [RC mR]

RC’= c11 …… c1n m 0 … 0 c21 …… c2n 0 m … 0

cn1 …… ctn 0 0 … m

r1 r2…… rt

Integral

Let (AX ≡m A’) ^ (BX ≡m B’) == false Let R = [R1 R2] be a proof of unsatisfiability:

R1AX = \i A B i AB

i i i ix V x V

a x b x c

mR1 = [d1 d2 d3 ... dk]

Otherwise:

Let α = gcd S U T

Let β := integer such that β|α

(m/β R1)AX ≡m (m/β R1)A’ is an interpolant

Let S={ai | ai ≠0}

Let T={di | di ≠0}

If T=Φ interpolant: 0≡m0


Proof:

(AX ≡m A’) ^ (BX ≡m B’) == false Let R = [R1 R2] be a proof of unsatisfiability:

AB X

A’

B’

R1 R2 R1 R2≡m

•R1A’+ R2B’ is not an integer


•R1A+ R2B is integral The coefficients of xi only in A are integral

•mR = [mR1 mR2] is integral mR1 is integral

Let S={ai | ai ≠0}

Let T={di | di ≠0}

If T=Φ R1 = 0

R1AX = \i A B i AB

i i i ix V x V

a x b x c

mR1 = [d1 d2 d3 ... dk]

interpolant: 0≡m0 (== true)

R2B is integral, R2B’ is not an integer

)BX ≡m B (’== false

If T≠Φ:

S and T are integral α := gcd S U T is an integer


(m/β R1)AX ≡m (m/β R1)A’ is an interpolant

need to prove:

β := integer such that β|α


1/β mR1 = m/β R1 is integral (mark it U)

Lemma: For every integral vector U the system CX ≡m D implies UCX ≡m UD

1. mR1 is integral.

β divides every element of mR1.

AX ≡m A’ implies (m/βR1)AX ≡m (m/βR1)A’


UAB X

UA’

B’

≡m2. UAX≡mUA’ ^ BX ≡m B’

[β/m,R2] is a proof of unsatisfiability:

UAB

β/m R2 = β/m m/βR1A+R2B = R1A+R2B

Integral

m[β/m,R2] = [β,mR2]

not an Integer

UA’B’

β/m R2 = β/m m/βR1A’+R2B’ = R1A’+R2B’

Integer Integral

UAX≡mUA’ ^ BX ≡m B’ == false


3. (m/β R1)AX ≡m (m/β R1)A’ is over common variables:

\i A B i AB

i i i i mx V x V

m ma x b x c

)m/β R1(AX )m/β R1(A’

β divides ai’s ai/β is integrali AB

i i mx V

mb x c

Example:

4 0 xy^

4 ==false≡8 44

2 2 2 1

xy

≡8

≡8 444

2 2 2 1 4 0

xy

A proof of unsatisfiability: 1/4- 1/2- 1/8

R1AX = ¼-1/2 2 2 2 1

xy

= -1/2 0 xy

= -1/2x

mR1 = 2- 4 S = Φ T = {2, -4} α = 2 β = 2 or β = 1

-4 0 xy

≡8 -8 ==

-2 0 xy

≡8 -4 ==

2- 4 2 2 2 1

xy

≡8 1 2- 4 44

for β = 1: 1

2- 4 2 2 2 1

xy

≡8 2- 4 44

for β = 2: ½ ½


standardmoduli

operations

What if the moduli is different?

(AX ≡m1 A’) ^ (BX ≡m2 B’) == false

m=lcm(m1,m2)

(AX ≡m1 A’) ^ (BX ≡m2 B’)

≡

(m2AX ≡m m2A’) ^ (m1BX ≡m m1B’) For more than two formulas, use m=lcm(m1,m2, m3,…,),For the i’th formula use m/mi


Obtaining Proofs of Unsatisfiability

If AX=B has no rational solution, it has no integral solution.

First, use Gaussian elimination

Hermite Normal FormEvery full row rank matrix A[mxn] can be represented as:

E 0 mxm mx(n-m)

Lower triangular

Invertible

All entries non-negative

Maximal element lies on the diagonal

The HNF form can be obtained by using the three basic

column operations on A

There exists a unimodular (invertible, integral, closed under product and inversion) matrix U such that AU=[E 0]

Lemma: AX=B has no integral solution iff E-1B is not integral

Obtaining proofs of unsatisfiability

To obtain R, a proof of unsatisfiability:

1. Compute [E 0]

2. If E-1B is not integral:

2.1. E-1B[i] is not an integer.

R’ = the i’th row in E-1

R’B is not an integer, R’A is integral

E-1AU = E-1[E 0] = [I 0]

E-1AUU-1= E-1A = [I 0] U-1

IntegralIntegral

Proof: AU = [E 0]

Proofs of Unsatisfiability for LMEs:

Obtaining proofs of unsatisfiability

AX ≡m B

Each equation ti ≡m bi can be written as an equi-satisfiable

LDE ti + mvi = bi .

New integer variable

AX ≡m B is reduced to an equi-satisfiable system A’Z = B

The proof of unsatisfiability is the same for both systems.

Handling Disequations

c1x1+c2x2+… + cnxn ≠ c0

Disequations can also be represented by a matrix: CX ≠ D

A system of equations and disequations: AX=B ^ CX ≠ D

A system AX=B ^ CX ≠ D has no integral solution

Iff AX=B ^ CX ≠ D has no rational solution

or AX=B has no integral solution

Theorem:

Can be done in polynomial time

Can be determined in polynomial time

F=F1 ^ F2 and G=G1 ^ G2

LDE LDD

If F^G is unsatisfiable because F1^F2^G1^G2 has no

rational solution, an interpolant can be computed.

If F^G is unsatisfiable because F1^G1 has no integral

solution, an interpolant for F1^G1 can be computed.



For LMD’s , the problem is NP-hard

By reduction from 3-SAT:

Variables in 3-SAT: {z1, z2, …zi, …, zn}

Express the constraints:

xi ≡4 0 and xi’ ≡4 1 or xi ≡4 1 and xi’ ≡4 0

One for zi, one for ¬ziTwo variables for zi: xi, xi’

V

i ¬(xi ≡4 xi’)

V

i ¬(xi ≡4 2)

V V

i ¬(xi ≡4 3)

V

V

i ¬(xi’ ≡4 2)

V V

i ¬(xi’ ≡4 3)

V

L1=


For each clause (u V v V w):

¬(u+v+w ≡4 0 )

V

clauses(u V v V w)

¬(u+v+w ≡4 0 )L2=

L=L1 L2

V

The 3-SAT formula is satisfiable iff L is satisfiable.

This is only falsified when u,v,w are all assigned 0(mod 4)

Interpolants for LMEs, LDEs and LDDs can be computed in polynomial time using algebraic techniques

The existing tools based on predicate abstraction and CEGAR can not discover the predicates computed by these techniques.

Experimental results show that little unwinding is needed due to the early discovery of appropriate LMEs.

Toda Raba!

If F^G is unsatisfiable because F1^F2^G1^G2 has no

rational solution, an interpolant can be computed.


Proof:

1. If F^G is unsatisfiable because F1^F2 == AX=B^A’X=B’

has no rational solution, then R=[R1 R2] exists,

and R1AX=R1B is an interpolant.

Lemma: A system AX=B has no rational solution iff there exists a vector R such that RA=0 and RB≠0

1. AX=B^A’X=B’ => Vcix,

and R1AX=R1B is an interpolant.


AX=B EX=F iff

AX=B == false or E=RA and F=RB

Lemma: Rational row vector

Lemma: AX=B V(CiX=Di) iff

AX=B CkX=Dk for some k

להוריד שקף?

efficient craig interpolation for linear diophantine (dis)equations & linear modular equations

Documents