predicate learning and selective theory deduction for solving difference logic

Predicate Learning and Selective Theory Deduction for Solving Difference Logic

Chao Wang, Aarti Gupta, Malay Ganai

NEC Laboratories AmericaPrinceton, New Jersey, USA

August 21, 2006

Presentation-only: for more info. please check [Wang et al LPAR’05] and [Wang et al DAC’06]

2

Difference LogicLogic to model systems at the “word-level”

Subset of quantifier-free first order logic Boolean connectives + predicates like (x – y ≤ c)

Formal verification applications Pipelined processors, timed systems, embedded software e.g., back-end of the UCLID Verifier

Existing solvers Eager approach [Strichman et al. 02], [Talupur et al. 04], UCLID Lazy approach TSAT++, MathSAT, DPLL(T), Saten, SLICE, Yices, HTP,

… Hybrid approach [Seshia et al. 03], UCLID, SD-SAT

3

Our contributionLessons learned from previous works

Incremental conflict detection and zero-cost theory backtracking [Wang et al. LPAR’05]

Exhaustive theory deduction [Nieuwenhuis & Oliveras CAV’05]

Eager chordal transitivity constraints [Strichman et al. FMCAD’02]

What’s new? Incremental conflict detection PLUS selective theory

deduction with little additional cost

Dynamic predicate learning to combat exponential blow-up

4

Outline

PreliminariesSelective theory (implication) deductionDynamic predicate learningExperimentsConclusions

5

PreliminariesDifference logic formula

Difference predicates

Boolean skeleton

Constraint graph for assignment (A,¬B,C,D)

x y

wz

A:2

D:10C:3

¬B:-7

A: ( x – y ≤ 2 ) ¬ B: ( z – x ≤ -7 ) C: ( y - z ≤ 3 ) D: ( w - y ≤ 10 )

A: ( x – y ≤ 2 ), B: ( z – x ≤ -7 )C: ( y - z ≤ 3 ), D: ( w - y ≤ 10 )

6

Theory conflict: infeasible Boolean assignment

Negative weighted cycle Theory conflict Theory conflict Lemma or blocking clause Boolean

conflict

A: ( x – y ≤ 2 ) ¬ B: ( z – x ≤ -7 ) C: ( y - z ≤ 3 ) D: ( w - y ≤ 10 )

x y

wz

A:2

D:10C:3

¬B:-7

Lemma learned:

(¬A + B + ¬C)

A:2

C:3

¬B:-7

Conflicting clause: (false + false + false)

7

Theory implication: implied Boolean assignment

If adding an edge creates a negative cycle negated edge is implied

Theory implication var assignment Boolean implication (BCP)

A: ( x – y ≤ 2 ) ¬ B: ( z – x ≤ -7 ) C: ( y - z ≤ 3 ) D: ( w - y ≤ 10 )

x y

wz

A:2

D:10C:3

¬B:-7

Theory implication:

A ^ ¬B → (¬C)

C:3

Implied Boolean assignment trigger a series of BCP

8

Negative cycle detectionCalled repeatedly to solve many similar subproblems

For conflict detection (incremental, efficient) For implication deduction (often expensive)

Incremental detection versus exhaustive deduction

SLICE: Incremental cycle detection -- O(n log n) DPLL(T): Exhaustive theory deduction -- O(n * m)

SLICE[LPAR’05]

DPLL(T) – Barcelogic[CAV’05]

Conflict detection Incremental NO

Implication deduction NO Exhaustive

9

1

10

100

1000

10000

1 10 100 1000 10000

vs. UCLID

1

10

100

1000

10000

1 10 100 1000 10000

vs. ICS 2.0

1

10

100

1000

10000

1 10 100 1000 10000

vs. MathSAT

1

10

100

1000

10000

1 10 100 1000 10000

vs. DPLL(T) – Barcelogic

1

601

1201

1801

2401

3001

3601

1 601 1201 1801 2401 3001 3601

vs. DPLL(T)–B (linear scale)

1

10

100

1000

10000

1 10 100 1000 10000

vs. TSAT++

Data from [LPAR’05]: Comparing SLICE solver (SMT benchmarks repository,as of 08-2005)

Points above the diagonals Wins for SLICE solver

10

From the previous resultsWe have learned that

Incremental conflict detection more scalable Exhaustive theory deduction also helpful Can we combine their relative strengths?

Our new solution Incremental conflict detection (SLICE) Zero-cost theory backtracking (SLICE) PLUS selective theory deduction with O(n) cost

11

Outline

Preliminaries Selective theory (implication) deduction

Dynamic predicate learningExperimentsConclusions

12

Deduce()

{

while (implications.empty()) {

set_var_value(implications.pop());

if (detect_conflict())

return CONFLICT;

add_new_implications();

if ( ready_for_theory_propagation() ) {

if (theory_detect_conflict())

return CONFLICT;

theory_add_new_implications();

}

}

}

Constraint Propagation

Boolean CP (BCP)

Theory Constraint Propagation

13

0

Incremental conflict detectionRelax Edge (u,v): if ( d[v] > d[u]+w[u,v] ) { d[v] = d[u]+w[u,v]; pi[v] = u

}

[Ramalingam 1999] [Bozzano et al. 2005] [Cotton 2005] [Wang et al. LPAR’05]

x y

wz

2

10

-7

0

-7 0

3

X -4 (z,y) d[y]=-4

pi[y]=z

X 6

(y,w) d[w]=6 pi[w]=y(y,x) d[x]=-2 pi[x]=y

X -2

(x,z) d[z]=-9 pi[z]=x

X -9

•Add an edge relax, relax, relax, …•Remove an edge do nothing (zero-cost backtracking in SLICE)

(z,y) CONFLICT !!!

14

Selective theory deduction

x y wz

Post(x) = {x, z, … } Pre(y) = {y, w, … }

d[z] - d[y] <= w[y,z]

Edge (y,z) is an implied assignment

FWD: Pre(y) = {y} Post(x) = {x,z,…}

Both: Pre(y) = {y,w,…} Post(x) = {x,z,…} Significantly cheaper than exhaustive theory deduction

Pi[y] = wthrough relax

15

Outline

Preliminaries Selective theory (implication) deduction Dynamic predicate learning

ExperimentsConclusions

16

Diamonds: with O(2^n) negative cycles

-1

e1 e2

e0

Observations:

With existing predicates (e1,e2,…) exponential number of lemmas

Add new predicates (E1,E2,E3) and dummies (E1+!E1) & (E2+!E2) & …

almost linear number of lemmas

Previous eager chordal transitivity used by [Strichmann et al. FMCAD’02]

E1 E2 E3

17

Add new predicates to reduce lemmas

x y wz

Heuristics to choose GOOD predicates (short-cuts)

Nodes that show up frequently in negative cycles

Nodes that are re-convergence points of the graph

(Conceptually) adding a dummy constraint (E3 + ! E3)

E3: x – y <= (d[x] - d[y])

Predicates: E1: x – y < 5 E2: y – x < 5Lemma: ( ! E1 + ! E2 )

18

Experiments with SLICE+

Implemented upon SLICE i.e., [Wang et al. LPAR’05]

Controlled experiments Flexible theory propagation invocation

Per predicate assignment, per BCP, or per full assignment

Selective theory deduction No deduction, Fwd-only, or Both-directions

Dynamic predicate learning With, or Without

19

When to call the theory solver?

1

10

100

1000

1 10 100 1000Per decision level

Per

full

assig

nmen

t1

10

100

1000

1 10 100 1000Per decision level

Per

vari

able

ass

ignm

ent

per BCP versus per predicate assignment per BCP versus per full assignment

Points above the diagonals Wins for per BCP

On the DTP benchmark suite

20

Comparing theory deduction schemes

1

10

100

1000

1 10 100 1000No deduction

For

war

d de

duct

ion

1

10

100

1000

1 10 100 1000No deduction

Bot

h di

rect

ions

Fwd-only deduction vs. no deductiontotal 660 seconds

Both-directions vs. no deductiontotal 1138 seconds

Points above the diagonals Wins for no deduction

On the DTP benchmark suite

21

Comparing dynamic predicate learning

0

20

40

60

80

100

120

140

160

180

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35

Different diamonds formulae

CP

U t

ime

(s)

no new predicate

with new predicate

On the diamonds benchmark suite

22

Comparing dynamic predicate learning

1

10

100

1000

1 10 100 1000No predicate learning

Dyn

amic

pre

dica

te le

arni

ng

Dyn. pred. learning vs. No pred. learning

Points above the diagonals Wins for No pred. learning

On the DTP benchmark suite

23

Lessons learned

Timing to invoke theory solver “after every BCP finishes” gives the best

performance

Selective implication deduction Little added cost, but improves the performance

significantly

Dynamic predicate learning Reduces the exponential blow-up in certain

examples In the spirit of “predicate abstraction”

Questions ?