We describe an algorithm for deciding the first-order multisorted theory BAPA, which combines Boolean algebras of sets of uninterpreted elements (BA) and Presburger arithmetic operations (PA). BAPA can express the relationship between... more
We describe an algorithm for deciding the first-order multisorted theory BAPA, which combines Boolean algebras of sets of uninterpreted elements (BA) and Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and ...
Craig interpolation has been a valuable tool for formal methods with interesting applications in program analysis and verification. Modern SMT-solvers implement interpolation procedures for the theories that are most commonly used in... more
Craig interpolation has been a valuable tool for formal methods with interesting applications in program analysis and verification. Modern SMT-solvers implement interpolation procedures for the theories that are most commonly used in these applications. However, many application-specific theories remain unsupported, which limits the class of problems to which interpolation-based techniques apply. In this paper, we present a generic framework to build new interpolation procedures via reduction to existing interpolation procedures. We consider the case where an application-specific theory can be formalized as an extension of a base theory with additional symbols and axioms. Our technique uses finite instantiation of the extension axioms to reduce an interpolation problem in the theory extension to one in the base theory. We identify a model theoretic criterion that allows us to detect the cases where our technique is complete. We discuss specific theories that are relevant in program ...
We describe an algorithm for deciding the first-order multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship... more
We describe an algorithm for deciding the first-order multisorted theory BAPA, which combines 1) Boolean algebras of sets of uninterpreted elements (BA) and 2) Presburger arithmetic operations (PA). BAPA can express the relationship between integer variables and cardinalities of a priory unbounded finite sets, and supports arbitrary quantification over sets and integers. Our motivation for BAPA is deciding verification conditions that arise in the static analysis of data structure consistency properties. Data structures often use an integer variable to keep track of the number of elements they store; an invariant of such a data structure is that the value of the integer variable is equal to the number of elements stored in the data structure. When the data structure content is represented by a set, the resulting constraints can be captured in BAPA. BAPA formulas with quantifier alternations arise when verifying programs with annotations containing quantifiers, or when proving simulation relation conditions for refinement and equivalence of program fragments. Furthermore, BAPA constraints can be used for proving the termination of programs that manipulate data structures, and have applications in constraint databases. We give a formal description of a decision procedure for BAPA, which implies the decidability of BAPA. We analyze our algorithm and obtain an elementary upper bound on the running time, thereby giving the first complexity bound for BAPA. Because it works by a reduction to PA, our algorithm yields the decidability of a combination of sets of uninterpreted elements with any decidable extension of PA. Our algorithm can also be used to yield an optimal decision procedure for BA through a reduction to PA with bounded quantifiers. We have implemented our algorithm and used it to discharge verification conditions in the Jahob system for data structure consistency checking of Java programs; our experience with the algorithm is promising.
Multiway decision graph (MDG) is a canonical representation of a subset of many-sorted first-order logic. It generalizes the logic of equality with abstract types and uninterpreted function symbols. The area of satisfiability (SAT) has... more
Multiway decision graph (MDG) is a canonical representation of a subset of many-sorted first-order logic. It generalizes the logic of equality with abstract types and uninterpreted function symbols. The area of satisfiability (SAT) has been the subject of intensive research in recent years, with significant theoretical and practical contributions. In this paper, we propose a new design verification tool integrating MDG and SAT, to check the safety of a design by invariant checking. Using MDG to encode the set of states provides a powerful mean of abstraction. We use a SAT solver to search for paths of reachable states violating the property under certain encoding constraints. In addition, we introduce an automated conversion-verification methodology to convert a directed formula (DF) into a conjunctive normal form (CNF) formula that can be fed to a SAT solver. The formal verification of this conversion is conducted within the HOL theorem prover. Finally, we present experimental results and a case study to show the correctness and the efficiency of our proposed methodology.
We give a novel deterministic tableau-based satisfiability algorithm for Hybrid Propositional Dynamic Logic (i.e. PDL with nominals) with satisfaction statements, denoted as HPDL @. The algorithm builds tableaux which are essentially... more
We give a novel deterministic tableau-based satisfiability algorithm for Hybrid Propositional Dynamic Logic (i.e. PDL with nominals) with satisfaction statements, denoted as HPDL @.
The algorithm builds tableaux which are essentially and-or graphs, in which there are two kinds of nodes: sentential nodes that represent partial descriptions of worlds of a model and unification nodes that deal with nominals. The algorithm prevents world cycles of eventualities within a sentential node by examining in advance the reduction formulas that occur by the application of the usual static rules. Without being necessary to examine global properties of a tableau in multiple subsequent passes, the algorithm detects unfulfilled eventualities and unifies the contents of nodes due to nominals on-the-fly, as the tableau is built.
The main technical achievement of this work is the determination of the necessary information that a sentential node should have so that its reuse will be possible. This allows us to partially cache the sentential nodes of a tableau and as a result, we can ensure the termination of the algorithm and restrict the expansion of a tableau in a more effective way. The set of the cached nodes changes dynamically in the sense that the nodes that have been added to it might be removed due to loop dependencies. Each saturated sentential node is available for possible reuse up to the point that the information of a cached node becomes out of date due to loops and as a result, the algorithm does not allow its reuse anymore.
The algorithm runs in double exponential time in the general case, as loop dependencies restrict the caching of nodes. In the case of iteration-free formulas, we can guarantee that loops do not occur and thus, all the nodes are free from dependencies. Therefore, all the saturated sentential nodes are cached and the algorithm works in single exponential time. Moreover, in the general case, despite the iteration operator, since all the saturated sentential nodes which are not involved in a loop are cached, the algorithm has the potential to achieve acceptable performance.
