Post on 14-Jan-2016
description
Part 1: Positive Equality for Part 1: Positive Equality for Uninterpreted functions in Uninterpreted functions in
Eager EncodingEager Encoding
Part 1: Positive Equality for Part 1: Positive Equality for Uninterpreted functions in Uninterpreted functions in
Eager EncodingEager Encoding
– 2 –
Eliminating Function applicationsEliminating Function applications
Two applications of an uninterpreted function f in a formula
f(x1) and f(x2)
Ackermann’s Ackermann’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22)) vfvf22
xx11== xx2 2 vfvf1 1 = = vfvf22
Bryant, German, Velev’s Bryant, German, Velev’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22))
ITE(ITE(xx11== xx22, vf, vf11, vf, vf22))
– 3 –
Positive Equality OptimizationPositive Equality Optimization
GoalGoal Replace as many of the vfi variables with constant values
Exploit the positive structure of the formulaExploit the positive structure of the formula
Overall BenefitOverall Benefit The function-free formula has smaller number of integer
variables Reduces the number of interpretations to check for validity
– 4 –
Eliminating Function applicationsEliminating Function applications
Two applications of an uninterpreted function f in a formula
f(x1) and f(x2)
Ackermann’s Ackermann’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22)) vfvf22
xx11== xx2 2 vfvf1 1 = = vfvf22
Bryant, German, Velev’s Bryant, German, Velev’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22))
ITE(ITE(xx11== xx22, vf, vf11, vf, vf22))
Favors positive equality analysis
– 5 –
EUFEUF
Logic of Equality with Uninterpreted Functions
TermsTermsITE(F, T1, T2) If-then-else
f (T1, …, Tk) Function application
FormulasFormulasF, F1 F2, F1 F2 Boolean connectives
T1 = T2 Equation
p (T1, …, Tk) Predicate application
Special CasesSpecial Casesv Domain variable (order-0
function)
a Propositional variable (order-0 predicate)
– 6 –
EUF and small-model propertyEUF and small-model property
Small Model Property for Small Model Property for Validity Validity [Ackermann ’54]
Suffices to consider a domain with k values
k is the number of distinct function application terms in the formula
Number of cases (interpretations) to check: k!
x y
g g
f f
=
=
(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))
Function-application terms:{x, y, g(x), g(y), f(g(x), f(g(y) }Function-application terms:{x, y, g(x), g(y), f(g(x), f(g(y) }
k = 6
– 7 –
Positive Equality for EUFPositive Equality for EUF
Classify formulas, terms, Classify formulas, terms, functions intofunctions into Positive (p)
General (g)
x y
g g
f f
=
=
(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))
General (g) General (g) FunctionsFunctions
x,yx,y
Positive (p) Positive (p) FunctionsFunctions
f,gf,g
p-formulas
g-formulas
p-terms
[Bryant, German, Velev CAV’99]
Positive (p) formulasPositive (p) formulas Negated even no. of times
Do not control ITE
Positive (p) termsPositive (p) terms Never appears in a g-
formula equation
Positive (p) function symbolsPositive (p) function symbols All applications are p-terms
– 8 –
Maximally Diverse InterpretationsMaximally Diverse Interpretations
An interpretation An interpretation I I is is maximally diversemaximally diverse if: if: For any p-function symbol f
1. I [f(T1) = f(T2)] iff I [T1=T2]
2. I [f(T)] I [g(U)], for any other function symbol g
where f(T1), f(T2), g(U) are terms in the formula
h
x y
=
=
g
g
gh
Terms Equal?x y Potentiallyg (x) g (y) Only if x = yg (x) y No
– 9 –
Maximally Diverse InterpretationsMaximally Diverse Interpretations
An interpretation An interpretation I I is is maximally diversemaximally diverse if: if: For any p-function symbol f
1. I [f(T1) = f(T2)] iff I [T1=T2]
2. I [f(T1)] I [g(U)], for any other function symbol g
where f(T1), f(T2), g(U) are terms in the formula
PropertyProperty Formula valid if and only if true under all maximally diverse
interpretations
– 10 –
Justification of Maximal Diversity PropertyJustification of Maximal Diversity Property
For a formula For a formula F For any interpretation I, there is a maximally diverse
interpretation J, such that J[F] I[F]
h
x y
=
=
g
g
ghCreate Worst Case for Create Worst Case for
ValidityValidity Falsify positive equation
Create Worst Case for Create Worst Case for ValidityValidity Falsify positive equation Function applications yield
distinct results
Create Worst Case for Create Worst Case for ValidityValidity Falsify positive equation Function applications yield
distinct results Function arguments distinct
– 11 –
Exploiting Positive EqualityExploiting Positive Equality
PropertyProperty P-function symbol f Introduce variables vf1, …, vfn during elimination
Consider only diverse interpretations for variables vf1, …, vfn
vfi v for any other variable v
ExampleExample Assuming vf1 vf2 :
x1
x2
vf1
vf2
T
F
= = iff x1=x2
f(x1)
f(x2)
– 12 –
Summary: Positive equality optimizationSummary: Positive equality optimization1.1. Eliminate function applicationsEliminate function applications
1. Introduce vf1, …, vfn while eliminating function symbol f
2.2. For a p-function symbol For a p-function symbol ff1. Replace vf1, …, vfn with distinct constants
3.3. The only variables in the function-free formula are The only variables in the function-free formula are the the vfvfii variables for g function symbols variables for g function symbols m = number of g-function applications
– 13 –
Positive Equality for EUFPositive Equality for EUF
x y
g g
f f
=
=
(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))
General (g)General (g)FunctionsFunctions
x,yx,y
Positive Positive FunctionsFunctions
f,gf,g
PropertyProperty Number of interpretations
to consider = m! m = number of g-function
applications
– 14 –
Positive Equality for EUFPositive Equality for EUF
(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))
General (g)General (g)FunctionsFunctions
x,yx,y
Positive Positive FunctionsFunctions
f,gf,g
PropertyProperty Number of interpretations
to consider = m! m = number of g-function
applications Function-application terms:{x, y, g(x), g(y), f(g(x)), f(g(y)) }Function-application terms:
{x, y, g(x), g(y), f(g(x)), f(g(y)) }
p applications:{g(x), g(y), f(g(x)), f(g(y)) }
p applications:{g(x), g(y), f(g(x)), f(g(y)) }
g applications:{x,y}
g applications:{x,y}
m = 2m = 2
Search Space reduced from 6! to 2!
– 15 –
Application of positive equalityApplication of positive equality
Pipelined processor verificationPipelined processor verificationBryant, German and Velev CAV’99, Velev and Bryant DAC’00,..
Observation: Most uninterpreted functions which appear in pipeline data-path are p-functions
E.g. ALU, Incrementer for PC, ….
Other Infinite-state system verificationOther Infinite-state system verificationBryant, Lahiri, Seshia CAV’02
Improves efficiency in benchmarks from cache-coherence verification, out-of-order processors, software benchmarks
– 16 –
Impact of Positive EqualityImpact of Positive Equality
Model Initial formula size
UCLID w/ p-eq. (s)
UCLID w/o p-eq. (s)
SVC time (s)
Out-of-order proc
3929 61.90 149.46 4257.3
Cache coherence
3939 61.08 > 1 hr > 1 day
DLX pipeline 639 13.22 1897 > 1 day
Positive equality can be exploited to improve performance
[Bryant, Lahiri, Seshia CAV’02]
– 17 –
Ackermann’s encoding and positive equalityAckermann’s encoding and positive equality
Two applications of an uninterpreted function f in a formula
f(x1) and f(x2)
Can’t assign distinct values to Can’t assign distinct values to vfvf11, ,
vfvf2 2 for p-function symbol for p-function symbol ff
Ignores the case when xx11== xx2 2
Ackermann’s Ackermann’s EncodingEncoding
f(f(xx11)) vfvf11
f(f(xx22)) vfvf22
xx11== xx2 2 vfvf1 1 = = vfvf22
– 18 –
Limitation of positive equality analysisLimitation of positive equality analysisLimitation of previous approachLimitation of previous approach
Not “robust” Entire analysis fails even
when a single application is negative
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
GeneralGeneralFunctionsFunctions
x,fx,f
Positive Positive FunctionsFunctions
f
f
f=
f
p-applications:{}
p-applications:{}
g-applications:{x, f(x), f 2(x), f 3(x),
f 4(x) }
g-applications:{x, f(x), f 2(x), f 3(x),
f 4(x) }
Function-application terms:
{x, f(x), f 2(x), f 3(x), f 4(x) }
Function-application terms:
{x, f(x), f 2(x), f 3(x), f 4(x) }
– 19 –
Robust Positive Equality AnalysisRobust Positive Equality Analysis
Look at each application instead Look at each application instead of function symbolsof function symbols
Finer granularity for exploiting positive equality
[Lahiri, Bryant, Goel, Talupur TACAS’04]
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
GeneralGeneral FunctionsFunctions
x,fx,f
Positive Positive FunctionsFunctions
f
f
f=
f
p-terms:{ f 2(x), f 3(x), f 4(x) }
p-terms:{ f 2(x), f 3(x), f 4(x) }
g-terms:{x, f(x)}
g-terms:{x, f(x)}
Function-application terms:
{x, f(x), f 2(x), f 3(x), f 4(x) }
Function-application terms:
{x, f(x), f 2(x), f 3(x), f 4(x) }
– 20 –
Robust Positive Equality AnalysisRobust Positive Equality Analysis
GoalGoal If a variable vfi is a result of eliminating a p-term, then try to
assign it a distinct constant
QuestionQuestion Can we always assign the vfi variables for any p-term a
distinct value? Not always
Can we compute the set of p-terms that maximizes the number of vfi variables that can be assigned distinct values?
In general, NP-complete
– 21 –
OutlineOutline
Robust positive equalityRobust positive equality “Robust” maximal diversity theorem
Exploiting robust positive equality Exploiting robust positive equality Obstacles Solutions
ResultsResults
Related work Related work
– 22 –
Robust Maximal DiversityRobust Maximal Diversity
For an interpretation For an interpretation II A p-term f(T) is called is g-arg-distinct, if there is no g-term
f(U), such that I [T] = I [U].
An interpretation An interpretation I I is is robust maximally diverserobust maximally diverse if: if: For every g-arg-distinct p-term f(T1),
1.I [f(T1) = f(T2)] iff I [T1=T2]
2.I [f(T)] I [g(U)], for any other function symbol g
where f(T1), f(T2), g(U) are terms in the formula
– 23 –
Equals non f term
ExampleExampleI = I = {{x, f 2(x), f 4(x)}}, {{f(x), f 3(x)}}
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
x
=
f
f=
f
fG-term
P-term
Non robust-maximally diverseinterpretation
g-arg-distinctg-arg-distinct
For an interpretation For an interpretation II A p-term f(T) is called is g-
arg-distinct, if there is no g-term f(U), such that
I [T] = I [U].
An interpretation An interpretation I I is is robust robust maximally diversemaximally diverse if: if: For every g-arg-distinct p-term
f(T1), 1. I [f(T1) = f(T2)] iff I [T1=T2] 2. I [f(T)] I [g(U)], for any
other function symbol g
where f(T1), f(T2), g(U) are terms in the formula
– 24 –
Robust Maximal Diversity TheoremRobust Maximal Diversity Theorem
Generalization of positive equalityGeneralization of positive equality Any robust-maximally diverse interpretation is a maximally
diverse interpretations The subset inclusion can be proper
ConsequenceConsequence Fewer interpretations to consider to check validity
TheoremTheorem Formula valid if and only if true under all robust maximally
diverse interpretations
– 25 –
Exploiting Robust Positive EqualityExploiting Robust Positive Equality
By Robust maximal By Robust maximal diversity theoremdiversity theorem Assign a distinct
constant to vfi , when i > l
Value of vfi = Value of f(f(xxii))
when xxii does not equal {xx11,,
…,…,xxi-1i-1}
i.e. when f(f(xxii) ) is g-arg-distinctg-arg-distinct
Function applications f(x1),…, f(xn)
Introduce variables vf1, …, vfn during elimination
f(f(xx11),…,),…, f(f(xxll),…, f(),…, f(xxii),…,f(),…,f(xxnn))
Contains all the g-terms for ff
– 26 –
What we needWhat we need
Eliminate the g-terms as early as possibleEliminate the g-terms as early as possible Constrained by the sub-expression ordering e.g. f(x) has to be eliminated before eliminating f(f (x))
Need the best topological order Need the best topological order Respects the sub-expression orderings
Maximizes the number of vf variables that can be assigned distinct constant value
Need to define this objective function precisely
– 27 –
Function elimination and topological orderFunction elimination and topological orderRequires a topological Requires a topological
order on the termsorder on the terms Respects the sub-
expression order Eliminate functions from
sub-terms first
Example orderExample order x, f(x), f 2(x), f 3(x), f 4(x) Only order for this example
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
f
f
f=
f
– 28 –
Function elimination and topological orderFunction elimination and topological order
x
f
f
f=
f
(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))
=
Always precedes the
g-term f 2(x)
vfvf variables for every p- variables for every p-term can’t be assigned term can’t be assigned distinct valuesdistinct values P-terms that are subterms
of a g-term with the same function.
Example orderExample order x, f(x), f 2(x), f 3(x), f 4(x) Only order for this example
– 29 –
Topological ordering and the p-termsTopological ordering and the p-terms
Topological order <
PosPos<<(f) (f) Set of p-terms of f which
do not precede any g-
terms of f in <
PosPos<< = = f f PosPos<<(f) (f)
– 30 –
Topological ordering: Example 1Topological ordering: Example 1
Topological order <
PosPos<<(f) (f) Set of p-terms of f which
do not precede any g-
terms of f in <
PosPos<< = = f f PosPos<<(f) (f)
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
f
f
f=
f
++
++
++
ExampleExample
x< f(x) < f 2(x) < f 3(x) < f 4(x)
Pos< = {f 2(x), f 3(x), f 4(x)}
– 31 –
Topological orderingTopological ordering
PropertyProperty The vfi variables which results
when eliminating terms in
PosPos<< can be assigned a distinct constant value
GoalGoal
Find the topological order “<<” that maximizes the size
of PosPos<<
Topological order <
PosPos<<(f) (f) Set of p-terms of f which
do not precede any g-
terms of f in <
PosPos<< = = f f PosPos<<(f) (f)
– 32 –
Finding the best topological orderingFinding the best topological ordering
ExampleExample 3 topological orders on
terms1. x<g(x)<f(g(x))<f(x)<g(f(x))
2. x< f(x)<g(f(x))<g(x)<f(g(x))
3. x<g(x)< f(x)<g(f(x))<f(g(x))(f(g(x)) = g(f(x)))(f(g(x)) = g(f(x)))
=
f
f g
g
x
PosPos<< == {{x, , f(x)}}
PosPos<< == {{x, g(x)}}
PosPos<< == {{x }}
Not best for
f
Not best for
g
With multiple non-zero arity function symbolWith multiple non-zero arity function symbol
Best order may not be best for each symbol
– 33 –
Obtaining best topological orderObtaining best topological order
ComplexityComplexity NP-complete
Polynomial when only 1 non-zero arity function symbol
Reduction from the maximum independent set problem
Greedy heuristic to find a good orderGreedy heuristic to find a good order Assign higher priorities to p-terms of functions with greater
number of “potential” terms in PosPos<<
Finds the optimal order for most of the examples we have seen so far.
– 34 –
Sample ResultsSample Results
Implemented in UCLID decision procedure With Zchaff SAT-solver
Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99]
exampleexample #vars#vars Positive EqualityPositive Equality
#pvar time#pvar time
Robust Positive EqRobust Positive Eq
#pvar time#pvar time
SpeedupSpeedup
Cv22Cv22 101101 11 70.8470.84 1616 45.6545.65 1.551.55
Cv44Cv44 3838 88 19.7519.75 1717 7.137.13 2.772.77
Cv46Cv46 7070 1010 >1800>1800 2828 100.50100.50 >18>18
– 35 –
ObservationsObservations
Robust positive equality improves efficiency Robust positive equality improves efficiency Useful in practice
Small overhead (+5%) over positive equality analysisSmall overhead (+5%) over positive equality analysis Efficient implementation can further reduce this overhead Seldom affects total time when translation time to SAT is a
small fraction of the overall time
– 36 –
Related workRelated work
Pnueli, Rodeh, Strichman & Siegel CAV’99Pnueli, Rodeh, Strichman & Siegel CAV’99 Removes function applications by Ackermann’s reduction Range allocation for the resultant formula
Assigns smaller ranges for g-terms
Rodeh & Strichman CAV’01Rodeh & Strichman CAV’01 Uses Bryant, German & Velev’s function elimination method
+ range allocation Has similarities and differences with our work
– 37 –
ConclusionsConclusions
Positive EqualityPositive Equality Simplifies function-free formula by reducing the number of
variables in the formula
Robust Positive EqualityRobust Positive Equality Generalization of positive equality Improves applicability for more general benchmarks
Can be extended for CLU logicCan be extended for CLU logic T1 < T2 + c [BLS02; Lahiri MS Thesis]
Can we generalize it for linear arithmetic + EUF?
– 38 –
Questions Questions
– 39 –
Decision Procedure BenchmarkingDecision Procedure Benchmarking
ModelModel Term Term formula formula DAG sizeDAG size
Prop Prop formula formula DAG size DAG size
UCLID UCLID time (s)time (s)
SVC time SVC time (s)(s)
CVC time CVC time (s)(s)
Out-of-Out-of-orderorder
executionexecution
UnitUnit
735735 36583658 4.84.8 3.03.0 6.166.16
19701970 1375513755 18.318.3 102.4102.4 90.7590.75
39293929 3717937179 61.961.9 4257.34257.3 Out of MemOut of Mem
Elf™Elf™
processorprocessor
218218 942942 1.21.2 10.910.9 0.250.25
10851085 44814481 8.48.4 1851.61851.6 114.46114.46
24672467 1645316453 30.630.6 > 1 day> 1 day Out of MemOut of Mem
45534553 5428854288 111.0111.0 > 1 day> 1 day Out of MemOut of Mem
Compared against Stanford Validity Checker (SVC) & its successor CVC (which uses Chaff)• Decides CLU + real linear arith. + bit-vector arith.
UCLID uses Chaff for Boolean SAT• UCLID time = translation time + Chaff time
– 40 –
Impact of Positive EqualityImpact of Positive Equality
Model Term formula size
UCLID w/ p-eq. (s)
UCLID w/o p-eq. (s)
Out-of-order
execution unit
735 4.78 9.79
1970 18.29 37.71
3929 61.90 149.46
Cache
Protocol
1829 6.29 26.50
2782 16.13 165.91
3939 61.08 > 1 hr
DLX pipeline 639 13.22 1897
Positive equality can be exploited to improve performance
– 41 –
Exploiting Positive EqualityExploiting Positive Equality
PropertyProperty P-function symbol f Introduce variables vf1, …, vfn during elimination
Consider only diverse interpretations for variables vf1, …, vfn
vfi v for any other variable v
ExampleExample Assuming vf1 vf2 :
x1
x2
vf1
vf2
T
F
= = iff x1=x2
– 42 –
f
fvf1
vf2
Compare: Ackermann’s MethodCompare: Ackermann’s Method
Replacing ApplicationReplacing Application Introduce new domain variable Enforce functional consistency by global constraints
Unclear how to generate diverse interpretations
x1
x2
F= =
– 43 –
Decision Procedures in VerificationDecision Procedures in Verification
Work-horse for many automated verification Work-horse for many automated verification methodologiesmethodologies Processor and Protocol verification
Pipelined processor verification
» Burch & Dill CAV’94, Bryant, German & Velev CAV’99,…Out-of-order processor and cache coherence verification
» Lahiri, Seshia & Bryant FMCAD’02, Bryant, Lahiri & Seshia CAV’02
Predicate abstractionSoftware verification
» SLAM (MSR), BLAST (Berkeley), MAGIC (CMU),…Protocol verification
» Das, Dill & Park CAV’99,
– 44 –
Decision Procedures for quantifier-free fragment of first-order logicDecision Procedures for quantifier-free fragment of first-order logicPrincipal theoriesPrincipal theories
Logic of equality with uninterpreted functions f(x) = f(g(y))
Linear arithmetic Difference-bound logic subset ( T1 < T2 + c) Full linear arithmetic
Arrays read and write operations
ToolsTools SVC/CVC from Stanford (FMCAD ’96, CAV’02, CAV ‘04) UCLID from CMU (CAV’02, CAV’04) ICS from SRI (CAV ’01) Simplify/Verifun from HP (CAV ’03) Zapato from Microsoft (CAV ’04) ……
Carnegie Mellon University
Revisiting Positive EqualityRevisiting Positive EqualityRevisiting Positive EqualityRevisiting Positive Equality
Shuvendu K. LahiriRandal E. Bryant
Amit GoelMuralidhar Talupur
– 46 –
ConclusionsConclusions
Generalization of Bryant et al’s positive equality Generalization of Bryant et al’s positive equality analysisanalysis Subsumes original positive equality
Exploiting robust positive equality in a decision Exploiting robust positive equality in a decision procedureprocedure Problems and heuristics
Future WorkFuture Work Integrate smaller range-allocation for the g-terms
Pnueli et al. CAV’99, Talupur et al. CAV’04
– 47 –
Positive Equality for EUFPositive Equality for EUF
x y
g g
f f
=
=
(x=y) (f(g(x)) = f(g(y))(x=y) (f(g(x)) = f(g(y))
General (g)General (g)FunctionsFunctions
x,yx,y
Positive Positive FunctionsFunctions
f,gf,g
Split the set of terms intoSplit the set of terms into p-terms
Function applications of p-functions
g-termsFunction applications of g-
functions
– 48 –
DefinitionDefinition
P-termP-term Term which never appear
in equations that are g-formulas
G-termG-term Term which appears at
least once in an equation that is a g-formula
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
f
f
f=
f
p-terms
g-terms
– 49 –
f
f
fx1
x2
x3
vf1
vf2
T
F
=
==
T
F
vf3
T
F
Eliminating Function ApplicationsEliminating Function Applications
Bryant, German & Velev CAV’99
Replacing ApplicationReplacing Application Introduce new domain variable Nested ITE structure maintains functional consistency
– 50 –
Robust maximally diverse interpretationsRobust maximally diverse interpretationsP-term P-term h(Th(T11,…, T,…, Tnn))
If args. do not equal the args. of any g-term h(U1,…,Un), thenCan only equal other h
application terms with equal arguments
PropertyProperty Formula valid if and only if
true under all robust maximally diverse interpretations
I = I = {{x 0, f(0) 1, f(1) 0,..}}
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
Equals non f term0
1
0
1
0
x
=
f
f=
f
fG-term
P-term
Non robust-maximally diverseinterpretation
Argsnot equal
with the g-term
– 51 –
Heuristic for obtaining topological orderHeuristic for obtaining topological orderPotentially positivePotentially positive terms for a terms for a
function function f The p-terms of f that are
not sub-terms of any g-term of f
StepsSteps1. Sort the function symbols
by the number of potentially positive terms
2. For each function f in sorted order: Put all the g-terms of f (and
their subterms) in the topological order
3. Put all the remaining p-terms in the topological order
– 52 –
Heuristic for obtaining topological orderHeuristic for obtaining topological order
Sort the functionsSort the functions f;g; x
Put the g-terms for Put the g-terms for ff x<g(x)<f(g(x))
Put the g-terms for Put the g-terms for gg f(x)<f(f((x))<g(f(f(x)))
Put the g-terms for Put the g-terms for xx Already present
(f(g(x)) = g(f(f(x))))(f(g(x)) = g(f(f(x))))
=
f
f g
g
f
++ ++
++
Potentially positivePotentially positive terms for a terms for a function function f The p-terms of f that are
not sub-terms of any g-term of f
StepsSteps1. Sort the function symbols
by the number of potentially positive terms
2. For each function f in sorted order: Put all the g-terms of f (and
their subterms) in the topological order
3. Put all the remaining p-terms in the topological order
++xx<g(x)<f(g(x))<f(x)<f(f(x))<g(f(f(x)))
TT<<+ + == {{x, , f(x),f(f(x))}}
– 53 –
DefinitionsDefinitions
Interpretation Interpretation II Assigns a value to all the
functions appearing in a formula
I(f) = function associated with the symbol f
EvaluationEvaluation
I [e] evaluates e w.r.t. the
interpretation I Defined inductively on the
structure of e
x
=
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
f
f
f=
f
I = I = {{x 0, f(0) 1, f(1) 0,..}}
0
1
0
1
0
false
true
truefalse
– 54 –
Topological ordering: Example 2Topological ordering: Example 2
Topological order <
TT<<++(f) (f)
Set of p-terms of f which do not precede any g-
terms of f in <
TT<<++ = = f f TT<<
++(f) (f)
ExampleExample
x< f(x) < f 2(x) < f 3(x) < f 4(x)
T<+ = {f 3(x), f 4(x)}
x
f
f
f=
f
(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))
++
++=
Always precedes the
g-term f 2(x)
– 55 –
ResultsResults
Implemented in UCLID decision procedure With Zchaff SAT-solver
Code Validation Benchmarks [Pnueli, Rodeh, Strichman, Siegel CAV’99]
exampleexample #var#varss
Positive EqualityPositive Equality
#pvar time#pvar time
Robust Positive EqRobust Positive Eq
#pvar |T#pvar |T++| time| time
SpeedupSpeedup
Cv22Cv22 101101 11 70.8470.84 1616 1818 45.6545.65 1.551.55
Cv23Cv23 101101 88 23.0623.06 2222 2222 15.9615.96 1.441.44
Cv25Cv25 101101 88 45.9345.93 2222 2222 21.8021.80 2.102.10
Cv44Cv44 3838 88 19.7519.75 1717 1717 7.137.13 2.772.77
Cv46Cv46 7070 1010 >1800>1800 2828 2828 100.50100.50 >18>18
TT++ = union of the set of potentially positive terms for each function
– 56 –
Topological ordering: Example 2Topological ordering: Example 2
Topological order <
PosPos<<(f) (f) Set of p-terms of f which
do not precede any g-
terms of f in <
PosPos<< = = f f PosPos<<(f) (f)
ExampleExample
x< f(x) < f 2(x) < f 3(x) < f 4(x)
Pos< = {f 3(x), f 4(x)}
x
f
f
f=
f
(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))(f(f(x))=x) (f(f(f(f(x)))) = f(f(f((x)))
++
++=
Always precedes the
g-term f 2(x)
– 57 –
Finding the best topological orderingFinding the best topological ordering
With multiple non-zero arity With multiple non-zero arity function symbolfunction symbol Best order may not be
best for each symbol
ExampleExample 3 topological orders on
terms1. x<g(x)<f(g(x))<f(x)<g(f(x))
2. x< f(x)<g(f(x))<g(x)<f(g(x))
3. x<g(x)< f(x)<g(f(x))<f(g(x))(f(g(x)) = g(f(x)))(f(g(x)) = g(f(x)))
=
f
f g
g
x
PosPos<< == {{x, , f(x)}}
PosPos<< == {{x, g(x)}}
PosPos<< == {{x }}
– 58 –
Relevant papersRelevant papers
““Exploiting positive equality in a logic of equality Exploiting positive equality in a logic of equality with uninterpreted functions”with uninterpreted functions” Bryant, German and Velev, CAV’99
““Revisiting Positive Equality”Revisiting Positive Equality” Lahiri, Bryant, Goel and Talupur, TACAS’04 Generalization of positive equality
– 59 –
Maximally Diverse InterpretationsMaximally Diverse Interpretations
P-Function SymbolsP-Function Symbols Equal results only for
equal arguments Doesn’t equal
application of any other function symbol
G-Function SymbolsG-Function Symbols Potentially yield equal
results for unequal arguments
PropertyProperty Formula valid if and
only if true under all maximally diverse interpretations
h
x y
=
=
g
g
gh
Terms Equal?x y Potentiallyg (x) g (y) Only if x = yg (x) y No
– 60 –
Robust maximally diverse interpretationsRobust maximally diverse interpretationsFor every p-term For every p-term h(Th(T11,…, T,…, Tnn))
If args. do not equal the args. of any g-term h(U1,…,Un), thenCan only equal other h
application terms with equal arguments
PropertyProperty Formula valid if and only if
true under all robust maximally diverse interpretations
– 61 –
Robust maximally diverse interpretationsRobust maximally diverse interpretationsP-term P-term h(Th(T11,…, T,…, Tnn))
If args. do not equal the args. of any g-term h(U1,…,Un), thenCan only equal other h
application terms with equal arguments
PropertyProperty Formula valid if and only if
true under all robust maximally diverse interpretations
I = I = {{x, f 2(x)}}, {{f(x), f 3(x)}}
(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))(f(x)=x) (f(f(f(f(x)))) = f(f(f((x)))
Equals non f termx
=
f
f=
f
fG-term
P-term
Non robust-maximally diverseinterpretation
Argnot equal to the
arg ofg-term of f