Efficient Craig InterpolationEfficient Craig InterpolationforforLinear Diophantine (Dis)EquationsLinear Diophantine (Dis)Equations&& Linear Modular Equations Linear Modular Equations
Jain, Clarke & Grumberg CAV08
We saw (in Yael’s talk):
Interpolants are used in abstraction refinement for finding a set of predicates in order to rule out spurious counterexamples
c1x1+c2x2+… + cnxn = (≠) c0
These predicates are of the form of linear (dis)equations:
1x:=ctr
2
3
... 5
ctr:=ctr+1
y:=ctr
4x=m
ERR …
x≠m
y=m+1y≠m+1
We first discuss equations of the types:
c1x1+c2x2+… + cnxn = c0
a Linear Diophantine Equation (LDE)
Rational
Integral variable
c1x1+c2x2+… + cnxn ≡ c0(mod m)
a Linear Modular Equation (LME)
Rational
A system of LDEs can be written as:
A X = C
A system of LMEs can be written as:
A X ≡mC
A system of LDEs as a conjunction:
A1
A2X =
C1
C2
(A1X = C1) ^ (A2X = C2)
A system of LDEs CX=B is unsatisfiableunsatisfiable if it has
no integral solution for X
Example:
1 1 01- 1 00 2 2
xyz
=113
x+y=1x-y=1
y=0
2*0+2z=3 z=2.5
We say that
A1
A2
)A1X = C1 (^) A2X = C2( ==false
XC1
C2
Theorem: AX=B == false
iff there exists a rational vector R such that:•RA is integral •RB is not an integer
We call R a proof of unsatisfiability for AX=B
0.5- 0.5R :=
=01
1- 2 01 0- 2
xyz
Example:
AX=B :=
RA = 1- 1 1
RB = 0.5
AX=B == false
)A1X = C1( ^ )A2X = C2( ==falseAn interpolant for
is a system AX=C such that:
(A1X = C1) (AX=C)
(AX=C) ^ (A2X = C2) == false
AX=C refers only to xi common to A1, A2.
For instance ,A1X=C1 UA1X=UC1
for a rational vector U
X has no integral solution in )AX=C (and (A2X = C2)
Only to xi who have coefficients ≠ 0 in A1 and in A2
Every integral solution for A1X=C1 is also an integral solution for
AX=C
An interpolant
=1 1 01- 1 0
xyz
0.5- 0.5 0.5- 0.5 11
Example:
0 2 2 x
yz
=11
1 1 01- 1 0
xyz
^= 3
==false
= 00 1 0 xyz
0 2 2 xyz
^ = 3 ==false
Lemma: AX=B implies CX=D iff
AX=B is unsatisfiable
or there exists a vector R such that C = RA and D=RB
Example:
1 0- 2 xyz
= 01- 2 0 xyz
^ = 1 ==false
X is even X is odd
proof:
An unsatisfiable system of LDEs does not always
have an LDE as an interpolant.
However, there exists an LME as an interpolant:
xyz
1 0 0 ≡2 0There always exists an LME
as an interpolant
If the system has an LDE as an interpolant
then it is of the form: r(x-2y)=0
It can only contain x as a common variable r=0
But 0=0 is not an interpolant:
(x-2z)=1^(0=0) is satisfiable
An algorithm for finding interpolants
Let AX=A’ ^ BX=B’ == false Let R = [R1 R2] be a proof of unsatisfiability:
R1A+R2B is integralR1A’+R2B’ is not an integer
The LDE R1AX=R1A’ is a partial interpolant for the system
=AB X
A’
B’
R1 R2 R1 R2R1AX+R2BX R1A’+R2B’
R1AX=R1A’ ==
\i A B i AB
i i i ix V x V
a x b x c
variables occuring only in
AX=A’variables occuring in both
AX=A’ and in BX=B’
The LDE R1AX=R1A’ is a partial interpolant for the system
R1AX=R1A’ ==
\i A B i AB
i i i ix V x V
a x b x c
variables occuring
only in AX=A’ variables occuring in bothAX=A’ and in BX=B’
R1AX+R2BX = R1A’+R2B’
Lemma: ai is an integer
These variables do not appear in R2BX, and R1AX+R2BX is integral
An algorithm for finding interpolants
Lemma:
The partial interpolant R1AX=R1A’ satisfies:
AX=A’ R1AX=R1A’ 1.
2.(R1AX=R1A’) ^ (BX=B’) == false
An algorithm for finding interpolants
Proof:
(R1AX=R1A’) ^ (BX=B’)
R1AB X =
R1A’
B’
R1AB
= R1A+R2B1 R2 1 R1A’B’
= R1A’+R2B’R2
integralnot an integer
[1 R2] is a proof of unsatisfiability
An algorithm for finding interpolants
R1AX=R1A’ == \i A B i AB
i i i ix V x V
a x b x c
If all ai=0, then the partial interpolant
is also an interpolant for AX=A’ ^ BX=B’:
We saw the first two conditions hold.In case ai=0 , then R1AX=R1A’ is over variables common to AX=A’ and to BX=B’.
Example:
0 2 2 xyz
=11
1 1 01- 1 0
xyz
^ = 3 ==false
1 1 01- 1 00 2 2
=113
xyz
A proof of unsatisfiability: 0.5- 0.5 0.5
The partial interpolant:
0.5- 0.5 1 1 01- 1 0
= 0.5- 0.5xyz
11
0 1 0 xyz
= 0
Only over y , common to both LDEs. the partial interpolant is also an interpolant.
An algorithm for finding interpolants
Doesn’t always work:
^ 1 0- 2 x
yz
= 01- 2 0 xyz
= 1 ==false
X is even X is odd
1- 2 01 0- 2 =
01
xyz
A proof of unsatisfiability: 0.5 0.5
The partial interpolant:
0.5 1- 2 0 = 0.5xyz
0 0.5- 1 0 xyz
= 0
Only over x and y , not common to both LDEs. the partial interpolant is not an interpolant.
flashback: This system does not have an LDE
interpolant
An algorithm for finding interpolants
An algorithm for finding interpolants
By removing variables not common to AX=A’ and BX=B’
Obtaining an LME interpolant
α := gcd of ai
β := integer such that β|α
ai is an integer α is an integer
(mod )i AB
i ix V
b x c
Then is an interpolant
\i A B i AB
i i i ix V x V
a x b x c
The partial interpolant:
(mod )i AB
i ix V
b x c
is an interpolant
Proof:
1. AX=A’ R1AX=R1A’ R1AX ≡β R1A’ β|α, α|ai
\i A B i AB
i i i ix V x V
a x b x c
i AB
i ix V
b x c
^i AB
i ix V
b x c
2. Suppose that BX=B’ has an integral solution xi=gi
BX=B’ R2BX=R2B’ xi=gi is a solution for R2BX=R2B’
R2BG=R2B’ ==/i AB i B A
i i i ix V x V
e g f g d
An algorithm for finding interpolants
R2BG=R2B’ =/i AB i B A
i i i ix V x V
e g f g d
/
( )i AB i B A
i i i i ix V x V
t b e g f g c d
R1A’+R2B’
not an integer
an integer an integeran integer
A contradiction
R1A+R2B is integral
i AB
i ix V
b x c
^ BX=B’ == false
3. The expression is over variables common to AX=A’ and BX=B
An interpolant!
An algorithm for finding interpolants
i AB
i ix V
b g t c
+
R1AG ≡β R1A’
An algorithm for finding interpolants (summary):
Given an unsatisfiable system of LDEs AX=A’ and BX=B’:
1. compute a proof of unsatisfiability [R1 R2]
2. compute the partial interpolant R1AX=R1A’
How? still to come...
else return R1AX=R1A’
3. if R1AX=R1A’ is not only over VAB :
3.1 compute the gcd α of coefficients of xi’s in VA/B
3.2 compute β that divides α
3.3 return (mod )i AB
i ix V
b x c
Interpolants for LMEs
c1x1+c2x2+… + cnxn ≡ c0(mod m) A X ≡m C
Theorem:
AX ≡m B == false iff there exists a rational vector R such that:•RA is integral •mR is integral•RB is not an integer
We call R a proof of unsatisfiability for AX ≡m B
1/4- 1/2- 1/8R :=
≡8 444
2 2 2 1 4 0
xy
Example:
AX ≡m B :=
AX ≡m B == false
RA = -1 0
RB = -3/2
mR = 2- 4- 1
Proof:
An LME CX≡m D: c11 …… c1n
c21 …… c2n
cn1 …… ctn
For each equation: ci1x1+ci2x2+ … + cinxn ≡m di
Add a new variable: ci1x1+ci2x2+ … + cinxn + mvi = di
The two equations are equi-satisfiable
x1
x2
xn
≡m
d1
d2
dt
Interpolants for LMEs
The new systemC’Z=D:
c11 …… c1n m 0 … 0 c21 …… c2n 0 m … 0
cn1 …… ctn 0 0 … m
x1.
xn
v1.
vt
=
d1
d2
dt
CX ≡m D has an integral solution iff C’Z=D has one.
Interpolants for LMEs
•CX ≡m D has no integral solution iff •C’Z=D has no integral solution iff•There exists a vector R such that RC’ is integral and RD is not an integer
Let R=[r1 r2 … rt]
=[RC[1] RC[2] … RC[n] mr1 mr2 …. mrt] = [RC mR]
RC’= c11 …… c1n m 0 … 0 c21 …… c2n 0 m … 0
cn1 …… ctn 0 0 … m
r1 r2…… rt
Integral
Let (AX ≡m A’) ^ (BX ≡m B’) == false Let R = [R1 R2] be a proof of unsatisfiability:
R1AX = \i A B i AB
i i i ix V x V
a x b x c
mR1 = [d1 d2 d3 ... dk]
Otherwise:
Let α = gcd S U T
Let β := integer such that β|α
(m/β R1)AX ≡m (m/β R1)A’ is an interpolant
Let S={ai | ai ≠0}
Let T={di | di ≠0}
If T=Φ interpolant: 0≡m0
Interpolants for LMEs
Proof:
(AX ≡m A’) ^ (BX ≡m B’) == false Let R = [R1 R2] be a proof of unsatisfiability:
AB X
A’
B’
R1 R2 R1 R2≡m
•R1A’+ R2B’ is not an integer
Interpolants for LMEs
•R1A+ R2B is integral The coefficients of xi only in A are integral
•mR = [mR1 mR2] is integral mR1 is integral
Let S={ai | ai ≠0}
Let T={di | di ≠0}
If T=Φ R1 = 0
R1AX = \i A B i AB
i i i ix V x V
a x b x c
mR1 = [d1 d2 d3 ... dk]
interpolant: 0≡m0 (== true)
R2B is integral, R2B’ is not an integer
)BX ≡m B (’== false
If T≠Φ:
S and T are integral α := gcd S U T is an integer
Interpolants for LMEs
(m/β R1)AX ≡m (m/β R1)A’ is an interpolant
need to prove:
β := integer such that β|α
Interpolants for LMEs
1/β mR1 = m/β R1 is integral (mark it U)
Lemma: For every integral vector U the system CX ≡m D implies UCX ≡m UD
1. mR1 is integral.
β divides every element of mR1.
AX ≡m A’ implies (m/βR1)AX ≡m (m/βR1)A’
Interpolants for LMEs
UAB X
UA’
B’
≡m2. UAX≡mUA’ ^ BX ≡m B’
[β/m,R2] is a proof of unsatisfiability:
UAB
β/m R2 = β/m m/βR1A+R2B = R1A+R2B
Integral
m[β/m,R2] = [β,mR2]
not an Integer
UA’B’
β/m R2 = β/m m/βR1A’+R2B’ = R1A’+R2B’
Integer Integral
UAX≡mUA’ ^ BX ≡m B’ == false
Interpolants for LMEs
3. (m/β R1)AX ≡m (m/β R1)A’ is over common variables:
\i A B i AB
i i i i mx V x V
m ma x b x c
)m/β R1(AX )m/β R1(A’
β divides ai’s ai/β is integrali AB
i i mx V
mb x c
Example:
4 0 xy^
4 ==false≡8 44
2 2 2 1
xy
≡8
≡8 444
2 2 2 1 4 0
xy
A proof of unsatisfiability: 1/4- 1/2- 1/8
R1AX = ¼-1/2 2 2 2 1
xy
= -1/2 0 xy
= -1/2x
mR1 = 2- 4 S = Φ T = {2, -4} α = 2 β = 2 or β = 1
-4 0 xy
≡8 -8 ==
-2 0 xy
≡8 -4 ==
2- 4 2 2 2 1
xy
≡8 1 2- 4 44
for β = 1: 1
2- 4 2 2 2 1
xy
≡8 2- 4 44
for β = 2: ½ ½
Interpolants for LMEs
standardmoduli
operations
What if the moduli is different?
(AX ≡m1 A’) ^ (BX ≡m2 B’) == false
m=lcm(m1,m2)
(AX ≡m1 A’) ^ (BX ≡m2 B’)
≡
(m2AX ≡m m2A’) ^ (m1BX ≡m m1B’) For more than two formulas, use m=lcm(m1,m2, m3,…,),For the i’th formula use m/mi
Interpolants for LMEs
Obtaining Proofs of Unsatisfiability
If AX=B has no rational solution, it has no integral solution.
First, use Gaussian elimination
Hermite Normal FormEvery full row rank matrix A[mxn] can be represented as:
E 0 mxm mx(n-m)
Lower triangular
Invertible
All entries non-negative
Maximal element lies on the diagonal
The HNF form can be obtained by using the three basic
column operations on A
There exists a unimodular (invertible, integral, closed under product and inversion) matrix U such that AU=[E 0]
Lemma: AX=B has no integral solution iff E-1B is not integral
Obtaining proofs of unsatisfiability
To obtain R, a proof of unsatisfiability:
1. Compute [E 0]
2. If E-1B is not integral:
2.1. E-1B[i] is not an integer.
R’ = the i’th row in E-1
R’B is not an integer, R’A is integral
E-1AU = E-1[E 0] = [I 0]
E-1AUU-1= E-1A = [I 0] U-1
IntegralIntegral
Proof: AU = [E 0]
Proofs of Unsatisfiability for LMEs:
Obtaining proofs of unsatisfiability
AX ≡m B
Each equation ti ≡m bi can be written as an equi-satisfiable
LDE ti + mvi = bi .
New integer variable
AX ≡m B is reduced to an equi-satisfiable system A’Z = B
The proof of unsatisfiability is the same for both systems.
Handling Disequations
c1x1+c2x2+… + cnxn ≠ c0
Disequations can also be represented by a matrix: CX ≠ D
A system of equations and disequations: AX=B ^ CX ≠ D
A system AX=B ^ CX ≠ D has no integral solution
Iff AX=B ^ CX ≠ D has no rational solution
or AX=B has no integral solution
Theorem:
Can be done in polynomial time
Can be determined in polynomial time
F=F1 ^ F2 and G=G1 ^ G2
LDE LDD
If F^G is unsatisfiable because F1^F2^G1^G2 has no
rational solution, an interpolant can be computed.
If F^G is unsatisfiable because F1^G1 has no integral
solution, an interpolant for F1^G1 can be computed.
Handling Disequations
Handling Disequations
For LMD’s , the problem is NP-hard
By reduction from 3-SAT:
Variables in 3-SAT: {z1, z2, …zi, …, zn}
Express the constraints:
xi ≡4 0 and xi’ ≡4 1 or xi ≡4 1 and xi’ ≡4 0
One for zi, one for ¬ziTwo variables for zi: xi, xi’
V
i ¬(xi ≡4 xi’)
V
i ¬(xi ≡4 2)
V V
i ¬(xi ≡4 3)
V
V
i ¬(xi’ ≡4 2)
V V
i ¬(xi’ ≡4 3)
V
L1=
Handling Disequations
For each clause (u V v V w):
¬(u+v+w ≡4 0 )
V
clauses(u V v V w)
¬(u+v+w ≡4 0 )L2=
L=L1 L2
V
The 3-SAT formula is satisfiable iff L is satisfiable.
This is only falsified when u,v,w are all assigned 0(mod 4)
Interpolants for LMEs, LDEs and LDDs can be computed in polynomial time using algebraic techniques
The existing tools based on predicate abstraction and CEGAR can not discover the predicates computed by these techniques.
Experimental results show that little unwinding is needed due to the early discovery of appropriate LMEs.
Toda Raba!
If F^G is unsatisfiable because F1^F2^G1^G2 has no
rational solution, an interpolant can be computed.
Handling Disequations
Proof:
1. If F^G is unsatisfiable because F1^F2 == AX=B^A’X=B’
has no rational solution, then R=[R1 R2] exists,
and R1AX=R1B is an interpolant.
Lemma: A system AX=B has no rational solution iff there exists a vector R such that RA=0 and RB≠0
1. AX=B^A’X=B’ => Vcix,
and R1AX=R1B is an interpolant.
Handling Disequations
AX=B EX=F iff
AX=B == false or E=RA and F=RB
Lemma: Rational row vector
Lemma: AX=B V(CiX=Di) iff
AX=B CkX=Dk for some k
להוריד שקף?