Computer-Aided Program Design

Similar documents
Finite Model Generation for Isabelle/HOL Using a SAT Solver

1.4 Normal Forms. We define conjunctions of formulas as follows: and analogously disjunctions: Literals and Clauses

Boolean Functions (Formulas) and Propositional Logic

SAT Solvers. Ranjit Jhala, UC San Diego. April 9, 2013

PROPOSITIONAL LOGIC (2)

Deductive Methods, Bounded Model Checking

SAT Solver. CS 680 Formal Methods Jeremy Johnson

Normal Forms for Boolean Expressions

Mixed Integer Linear Programming

DM841 DISCRETE OPTIMIZATION. Part 2 Heuristics. Satisfiability. Marco Chiarandini

CSc Parallel Scientific Computing, 2017

Dipartimento di Elettronica Informazione e Bioingegneria. Cognitive Robotics. SATplan. Act1. Pre1. Fact. G. Gini Act2

Definition: A context-free grammar (CFG) is a 4- tuple. variables = nonterminals, terminals, rules = productions,,

4.1 Review - the DPLL procedure

Foundations of AI. 9. Predicate Logic. Syntax and Semantics, Normal Forms, Herbrand Expansion, Resolution

SAT Solver Heuristics

EECS 219C: Formal Methods Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley

COMP4418 Knowledge Representation and Reasoning

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

SAT/SMT Solvers and Applications

Symbolic Methods. The finite-state case. Martin Fränzle. Carl von Ossietzky Universität FK II, Dpt. Informatik Abt.

EECS 219C: Computer-Aided Verification Boolean Satisfiability Solving. Sanjit A. Seshia EECS, UC Berkeley

On Resolution Proofs for Combinational Equivalence Checking

Improving Coq Propositional Reasoning Using a Lazy CNF Conversion

Chapter 2 PRELIMINARIES

Lecture 14: Lower Bounds for Tree Resolution

Propositional Calculus: Boolean Functions and Expressions. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

2SAT Andreas Klappenecker

Satisfiability. Michail G. Lagoudakis. Department of Computer Science Duke University Durham, NC SATISFIABILITY

Integrity Constraints (Chapter 7.3) Overview. Bottom-Up. Top-Down. Integrity Constraint. Disjunctive & Negative Knowledge. Proof by Refutation

Course Summary! What have we learned and what are we expected to know?

Solving Boolean Equations with BDDs and Clause Forms. Gert Smolka

Multi Domain Logic and its Applications to SAT

A Pearl on SAT Solving in Prolog (extended abstract)

Implementation of a Sudoku Solver Using Reduction to SAT

8 NP-complete problem Hard problems: demo

To prove something about all Boolean expressions, we will need the following induction principle: Axiom 7.1 (Induction over Boolean expressions):

Seminar decision procedures: Certification of SAT and unsat proofs

CMPSCI 250: Introduction to Computation. Lecture #1: Things, Sets and Strings David Mix Barrington 22 January 2014

Harvard School of Engineering and Applied Sciences CS 152: Programming Languages

Better test results for the graph coloring and the Pigeonhole Problems using DPLL with k-literal representation

Theorem proving. PVS theorem prover. Hoare style verification PVS. More on embeddings. What if. Abhik Roychoudhury CS 6214

NP-Complete Reductions 2

CSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak

On Resolution Proofs for Combinational Equivalence

Mathematical Logic Prof. Arindama Singh Department of Mathematics Indian Institute of Technology, Madras. Lecture - 9 Normal Forms

Boolean Representations and Combinatorial Equivalence

Warm-Up Problem. Let L be the language consisting of as constant symbols, as a function symbol and as a predicate symbol. Give an interpretation where

Resolution (14A) Young W. Lim 6/14/14

Propositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson

Decision Procedures. An Algorithmic Point of View. Decision Procedures for Propositional Logic. D. Kroening O. Strichman.

Automated Theorem Proving: DPLL and Simplex

6. Hoare Logic and Weakest Preconditions

Programming Languages

CS-E3200 Discrete Models and Search

Planning as Search. Progression. Partial-Order causal link: UCPOP. Node. World State. Partial Plans World States. Regress Action.

Polynomial SAT-Solver Algorithm Explanation

Constraint Satisfaction Problems

Homework 1. Due Date: Wednesday 11/26/07 - at the beginning of the lecture

Decision Procedures in First Order Logic

COMP 410 Lecture 1. Kyle Dewey

Chapter 3: Propositional Languages

7/25/2016. Example: Addition of Unsigned Bit Patterns. ECE 120: Introduction to Computing. Adding Two Non-Negative Patterns Can Overflow

BITCOIN MINING IN A SAT FRAMEWORK

Lecture 4. First order logic is a formal notation for mathematics which involves:

Introduction to Axiomatic Semantics

Propositional Logic. Part I

Verifying Safety Property of Lustre Programs: Temporal Induction

NP and computational intractability. Kleinberg and Tardos, chapter 8

Binary Decision Diagrams

Research on Modeling Method for Constraint Inference

Complexity Classes and Polynomial-time Reductions

URSA: A SYSTEM FOR UNIFORM REDUCTION TO SAT

CSC 501 Semantics of Programming Languages

Lecture 4 Searching Arrays

Lecture Notes on Real-world SMT

(a) (4 pts) Prove that if a and b are rational, then ab is rational. Since a and b are rational they can be written as the ratio of integers a 1

Combinational Equivalence Checking

Lecture Notes on Linear Search

On the Relation between SAT and BDDs for Equivalence Checking

Critical Analysis of Computer Science Methodology: Theory

The Satisfiability Problem [HMU06,Chp.10b] Satisfiability (SAT) Problem Cook s Theorem: An NP-Complete Problem Restricted SAT: CSAT, k-sat, 3SAT

Where Can We Draw The Line?

CS446: Machine Learning Fall Problem Set 4. Handed Out: October 17, 2013 Due: October 31 th, w T x i w

Introduction to dependent types in Coq

Knowledge Representation. CS 486/686: Introduction to Artificial Intelligence

Combinatorial Optimization

Boolean Satisfiability Solving Part II: DLL-based Solvers. Announcements

Hoare Logic. COMP2600 Formal Methods for Software Engineering. Rajeev Goré

Solving 3-SAT. Radboud University Nijmegen. Bachelor Thesis. Supervisors: Henk Barendregt Alexandra Silva. Author: Peter Maandag s

of m clauses, each containing the disjunction of boolean variables from a nite set V = fv 1 ; : : : ; vng of size n [8]. Each variable occurrence with

Introduction to Axiomatic Semantics (1/2)

Part II. Hoare Logic and Program Verification. Why specify programs? Specification and Verification. Code Verification. Why verify programs?

Propositional Logic Formal Syntax and Semantics. Computability and Logic

Practical SAT Solving

New Worst-Case Upper Bound for #2-SAT and #3-SAT with the Number of Clauses as the Parameter

Lecture 5. Logic I. Statement Logic

A Reflexive Formalization of a SAT Solver in Coq

COS 320. Compiling Techniques

CS1 Lecture 3 Jan. 18, 2019

Transcription:

Computer-Aided Program Design Spring 2015, Rice University Unit 1 Swarat Chaudhuri January 22, 2015

Reasoning about programs A program is a mathematical object with rigorous meaning. It should be possible to prove theorems about programs.

Reasoning about programs A program is a mathematical object with rigorous meaning. It should be possible to prove theorems about programs. The program P always terminates On each input x such that (x > 0), P terminates and outputs (x + 5). There is an input on which P does not terminate. There is a way to complete the partial program P such that the resulting program always terminates.

Reasoning about programs A program is a mathematical object with rigorous meaning. It should be possible to prove theorems about programs. The program P always terminates On each input x such that (x > 0), P terminates and outputs (x + 5). There is an input on which P does not terminate. There is a way to complete the partial program P such that the resulting program always terminates. Proof gives us certainty, reliability...... to an extent not achieved by testing.

Reasoning about programs: Spot the bug! int computecurrentyear (int days) { /* input: number of days since Jan 1, 1980 */ int year = 1980; while (days > 365) { if (isleapyear(year)){ if (days > 366) { days = days - 366; year = year + 1; } } else { days = days - 365; year = year + 1; } } return year; } See http://bit-player.org/2009/the-zune-bug for more details.

Reasoning about programs: Is this program correct? do { AcquireSpinLock(); npacketsold = npackets; req = devext->wlhv; if (req && req->status) { devext->wlhv = req->next; ReleaseSpinLock(); npackets++; } } while (npackets!= npacketsold); ReleaseSpinLock();

Challenges How to specify correctness properties of programs?

Challenges How to specify correctness properties of programs? Mathematical logic i, j : i < j A[i] < A[j]

Challenges How to specify correctness properties of programs? Mathematical logic i, j : i < j A[i] < A[j] Proofs about programs are complicated and tedious. Won t a human get them wrong?

Challenges How to specify correctness properties of programs? Mathematical logic i, j : i < j A[i] < A[j] Proofs about programs are complicated and tedious. Won t a human get them wrong? Machine-checked proofs: Proofs must be fully formal, and checked by an algorithm. Automatic proofs: The proofs must be generated by an algorithm.

Automated reasoning about programs In principle, proving the correctness or incorrectness of a general program is undecidable.

Automated reasoning about programs In principle, proving the correctness or incorrectness of a general program is undecidable. In practice: Focus on solvable special cases (in particular, finite-state programs) Give semi-algorithms rather than algorithms.

Automated reasoning about programs In principle, proving the correctness or incorrectness of a general program is undecidable. In practice: Focus on solvable special cases (in particular, finite-state programs) Give semi-algorithms rather than algorithms. Questions: Program verification Program synthesis

This course: components Logic Decision procedures for logic Verification of finite-state programs Verification of infinite-state programs Program synthesis

Rules No laptops in class. Attendance is important No single textbook Few slides In-class activities TA: Keliang He More information on course webpage: http://www.cs.rice.edu/~swarat/comp507

Propositional logic Let us first consider finite-state systems: Hardware Network protocols Perhaps not software How do you describe correctness properties of such a system?

Propositional logic: Syntax Let Prop be a set of propositional variables. A formula F in propositional logic has the form where p Prop. F ::= p F 1 F 1 F 2 F 1 F 2 F 1 F 2 F 1 F 2 In the above, F 1 and F 2 are subformulas of F. A literal is a formula of the form p or p, where p Prop.

Propositional logic: Semantics Interpretation I : {P true, Q false, } I = F if F evaluates to true under I I = F false

Propositional logic: Semantics Interpretation I : {P true, Q false, } I = F if F evaluates to true under I I = F false Inductive definition of semantics: I = I = I = F iff I = F I = F 1 F 2 iff I = F 1 and I = F 2 I = F 1 F 2 iff I = F 1 or I = F 2 I = F 1 F 2 iff I = F 1 or I = F 2 I = F 1 F 2 iff I = F 1 and I = F 2, or I = F 1 and I = F 2.

Using propositional logic What does the following program do? bool foo(unsigned int v) { unsigned int f; f = v & (v - 1); return (f == 0); }

Using propositional logic What does the following program do? bool foo(unsigned int v) { unsigned int f; f = v & (v - 1); return (f == 0); } Verify this!

Satisfiability F is satisfiable iff there exists an interpretation I such that I = F. F is valid iff for all interpretations I, I = F.

Satisfiability F is satisfiable iff there exists an interpretation I such that I = F. F is valid iff for all interpretations I, I = F. F is valid iff F is unsatisfiable. Can you algorithmically check whether a formula is F is satisfiable?

Normal Forms 1. Negation Normal Form (NNF) Negations appear only in literals. (only,, ) 2. Disjunctive Normal Form (DNF) Disjunction of conjunctions of literals l ij for literals l ij i j 3. Conjunctive Normal Form (CNF) Conjunction of disjunctions of literals l ij for literals l ij i j

The Resolution Procedure Decides the satisfiability of PL formulae in CNF. Resolution Rule: For clauses C 1 and C 2 in CNF formula F, derive resolvent using the following rule: C 1 [P] C 2 [ P] C 1 [ ] C 2 [ ] Apply resolution and add resolvent to current set of clauses. If is ever deduced via resolution, then F must be unsatisfiable, as F is unsatisfiable. If every possible resolution produces an already-known clause, then F is satisfiable.

Resolution Example: 1. (P Q) P Q

Resolution Example: 1. (P Q) P Q 2. ( P Q) Q

Resolution: soundness and completeness Soundness of resolution: Every unsatisfiability judgment derived by resolution is correct. Completeness of resolution: Every correct unsatisfiability judgment can be derived by resolution. [Look up the textbook The Calculus of Computation, by Bradley and Manna.]

Boolean Constraint Propagation (BCP) Based on unit resolution l C[ l] clause C[ ] where l = P or l = P

Boolean Constraint Propagation (BCP) Based on unit resolution l C[ l] clause C[ ] where l = P or l = P Example: F : P ( P Q) (R Q S)

Davis-Putnam-Logemann-Loveland (DPLL) Algorithm Decides the satisfiability of PL formulae in CNF. Decision Procedure DPLL: Given F in CNF let rec dpll F = let F = bcp F in if F = then true else if F = then false else let P = choose vars(f ) in (dpll F {P }) (dpll F {P })

Davis-Putnam-Logemann-Loveland (DPLL) Algorithm Decides the satisfiability of PL formulae in CNF. Decision Procedure DPLL: Given F in CNF let rec dpll F = let F = bcp F in if F = then true else if F = then false else let P = choose vars(f ) in (dpll F {P }) (dpll F {P }) Optimization: Don t choose only-positive or only-negative variables for splitting.

DPLL Example F : ( P Q R) ( Q R) ( Q R) (P Q R)

Exercise How does DPLL work on the following example? (P Q R) (Q P R) (R Q)

Exercise How does DPLL work on the following example? (P Q R) (Q P R) (R Q) Solve this example using Z3.

In-class exercise: N-Queens You are given an N N chessboard. Your goal is to place N queens on the board so that no queen can hit any other. Show how to solve this problem using Z3 for N = 4.

Discussion What about formulas that are not in CNF?

Homework exercise Use Z3 to check the correctness of bool foo(unsigned int v) { unsigned int f; f = v & (v - 1); return (f == 0); } under 4-bit integers.

Homework exercise Use Z3 to check the correctness of bool foo(unsigned int v) { unsigned int f; f = v & (v - 1); return (f == 0); } under 4-bit integers. More precisely, that it checks whether v is a power of 2.

There is a bug! 0 is incorrectly considered to be a power of 2.

There is a bug! 0 is incorrectly considered to be a power of 2. Fix: bool foo(unsigned int v) { unsigned int f; f = v &&!(v & (v - 1)); return (f!= 0); } See more bit hacks at http://graphics.stanford.edu/ seander/bithacks.html.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback