Rudiments of Presburger Arithmetic Stephane´ Demri ([email protected]) September 30th, 2016 Slides and lecture notes http://www.lsv.fr/˜demri/notes-de-cours.html https://wikimpri.dptinfo.ens-cachan.fr/doku. php?id=cours:c-2-9-1 About the lectures 1 & 2 I Introduction to counter machines and verification decision problems. I Covering problem for lossy counter machines is Ackermann-hard. Plan of the today lecture I Introduction to Presburger arithmetic. I Decidability and quantifier elimination. I Decidability by the automata-based approach. Research internships M2 I VASS games for resource-bounded logics. I Temporal logics on strings. I Decision procedures for separation logics. http://www.lsv.fr/˜demri/ The internship can be followed by a PhD thesis with existing financement. A Formalism for Arithmetical Constraints A fundamental decidable theory I First-order theory of hN; +; ≤i introduced by Mojcesz Presburger (1929). I Handy to express guards and updates in counter machines: x++ ≈ x0 = x + 1 x1 + x2 = xB ^ x1 < 36 I Nondeterministic update in a lossy counter machine: x0 ≤ x + 1 I Formulae are viewed as symbolic representations for (infinite) sets of tuples of natural numbers. 2 x ≤ y can be interpreted as fhn; mi 2 N j n ≤ mg Symbolic representation in counter machines I Counter machine with two counters and with at least the locations q0 (initial), q1 and q2. I Suppose '1(x; y) interpreted as 2 ∗ X1 = fhn; mi 2 N j hq0; 0; 0i −!hq1; n; mig I Suppose '2(x; y) interpreted as 2 ∗ X2 = fhn; mi 2 N j hq0; 0; 0i −!hq2; n; mig I Equivalence between the statements below: I Every pair of counter values from a reachable configuration with location q1 is also a pair of counter values from a reachable configuration with location q2. I X1 ⊆ X2. I '1(x; y) ) '2(x; y) is always true. Essential properties for formal verification I Rich logical language: captures most standard updates and guards in counter machines (and more). I Decidability of the satisfiability and validity problems. Worst-case complexity characterised (below 2EXPSPACE). I Handy language with unrestricted quantifications but those quantifications can be viewed as concise macros. I Expressive power of the language is known: Presburger sets = semilinear sets. I Formalism also used to express constraints on graphs, on number of events, etc. See e.g., [Seidl & Schwentick & Muscholl, chapter 07] Presburger arithmetic [Presburger, 29] I “First-order theory of hN; +; ≤i” (no multiplication). I A property about the structure hN; +; ≤i: 8 x (9 y ((2x + 8) ≤ y) I Atomic formula ((2x + 8) ≤ y). I Term (2x + 8). I Variables x and y. I Given VAR = fx; y; z;:::g, the terms are of the form a1x1 + ··· + anxn + k with a1;:::; an; k ≥ 0. Valuations I Valuation v: VAR ! N. I Extending v to all terms: I v(k) = k. I v(ax) = a × v(x). 0 0 I v(t + t ) = v(t) + v(t ). I Satisfaction relation j= I v j= (2x + 8) ≤ y with v(x) = 3 and v(y) = 27. I v 6j= (2x + 8) ≤ y with v(x) = 3 and v(y) = 13. Formulae (1/2) 0 I Atomic formula t ≤ t . 0 def 0 I v j= t ≤ t , v(t) ≤ v(t ). I Formulae are built from Boolean connectives and quantifiers. I Abbreviations: t = t0 =def (t ≤ t0) ^ (t0 ≤ t) t < t0 =def t + 1 ≤ t0 t ≥ t0 =def t0 ≤ t t > t0 =def t0 + 1 ≤ t Formulae (2/2) ' ::= > j ? j t ≤ t0 j :' j ' ^ ' j ' _ ' j 9x ' j 8x ' where t and t0 are terms and x 2 VAR. I Infinite number of 3 multiples: 8 x (9 y (y > x) ^ (9 z (y = 3z))): I Oddness: 9y x = 2y + 1. I xy + 1 = z is not a formula. Semantics def def I v j= > , true; v j=? , false, 0 def 0 I v j= t ≤ t , v(t) ≤ v(t ), def I v j= :' , not v j= ', 0 def 0 I v j= ' ^ ' , v j= ' and v j= ' , 0 def 0 I v j= ' _ ' , v j= ' or v j= ' , def I v j= 9 x ' , there is n 2 N such that v[x 7! n] j= ' where v[x 7! n] is equal to v except that x is mapped to n, def I v j= 8 x ' , for every n 2 N, we have v[x 7! n] j= '. Standard first-order semantics 0 0 0 I v j= t = t (where ’t = t ’ is an abbreviation) iff v(t) = v(t ). def I ' and are equivalent in FO(N) , for every valuation v, we have v j= ' iff v j= . I '1 ^ '2 and :(:'1 _:'2) are equivalent formulae. I 9 x ' and :8 x :' are equivalent formulae. I 8 x 9 y (y < x) and 8 x 9 y (x < y) are not equivalent. Total ordering I 'tot: hN; <i is a linearly ordered set: def 'tot = 8 x 8 y ((x = y) _ (x < y) _ (x > y)): I Key argument: for all valuations v, v j= (x = y) _ (x < y) _ (x > y) Standard notations I 8 x1 · · · 8 xn ' is also written 8 x1;:::; xn ' I 8 x (x ≤ k) ) ' is also written 8≤k x ' I 3y ≤ 7x + 8 is also written −2x + 3y − 8 ≤ 5x Modulo constraints I x ≡k 0 is an abbreviation for 9 y (x = ky). 0 I t ≡k t is an abbreviation for 9 x (t = kx + t0) _ (t0 = kx + t) I Example of formula in FO(N) (with various abbreviations): 8 x; y (−2x + 9 ≡4 y + 1) , (−y ≡4 2x − 8) Satisfiability problem I Satisfiability problem Input: a formula ' Question: is there a valuation v such that v j= '? I Satisfiable formula: (x1 ≥ 2) ^ (x2 ≥ 2x1) ^ · · · ^ (xn ≥ 2xn−1) i (take v(xi ) = 2 ) I Validity problem Input: a formula ' Question: is the case that for every valuation v, we have v j= '? I Valid formula: n (x1 ≥ 2 ^ x2 ≥ 2x1 ^ · · · ^ xn ≥ 2xn−1) ) xn ≥ 2 Equivalences (1/2) I ': formula whose free variables are among x1, . , xn. I The propositions below are equivalent: (I) ' is valid. (II) 8 x1;:::; xn ' is valid. (III) 8 x1;:::; xn ' is satisfiable. (IV) 8 x1;:::; xn ' is equivalent to >. Equivalences (2/2) I ': formula whose free variables are among x1, . , xn. I The propositions below are equivalent: (I) ' is satisfiable. (II) 9 x1;:::; xn ' is valid. (III) 9 x1;:::; xn ' is satisfiable. (IV) 9 x1;:::; xn ' is equivalent to >. Defining sets of tuples I Formula '(x1;:::; xn) with n free variables: def n '(x1;:::; xn) = fhv(x1);:::; v(xn)i 2 N : v j= 'g J K 0 2 0 I x1 < x2 = fhn; n i 2 N : n < n g. J K I x = x + x = f0g. J K I ' is satisfiable iff ' is non-empty. J K n I ' is valid (with free variables x1, . ,xn) iff ' = N . J K Presburger sets d def I X ⊆ N is a Presburger set , there is ' with free variables x1, . , xd such that ' = X. J K x1++ x2++; x1-- x2++ x1++; x2++ x1++; x2++ x1++; x2++ q1 q2 q3 q4 x1 ≥ 1 ^ x2 ≥ 3 ^ x1 + x2 ≥ 6 J K = ∗ fhn; mi j hq1; 0; 0i −!hq4; n; mig A rough analysis x1++ x2++; x1-- x2++ x1++; x2++ x1++; x2++ x1++; x2++ q1 q2 q3 q4 ∗ x1 = x2 = 0 = fhn; mi j hq1; 0; 0i −!hq1; n; mig J K ∗ x2 = 1 ^ x1 ≥ 1 = fhn; mi j hq1; 0; 0i −!hq2; n; mig J K ∗ x2 ≥ 2 ^ x1 + x2 ≥ 4 = fhn; mi j hq1; 0; 0i −!hq3; n; mig J K ∗ x1 ≥ 1^x2 ≥ 3^x1+x2 ≥ 6 = fhn; mi j hq1; 0; 0i −!hq4; n; mig J K Quantifiers can help 9 z1; z2; z3 (x1 = 3 + z1 − z2) ^ (x2 = 3 + z2 + z3) ^ 2 + z1 − z2 ≥ 0 (equivalent to add (x1 ≥ 1)) x1++ x2++; x1-- x2++ x1++; x2++ x1++; x2++ x1++; x2++ q1 q2 q3 q4 Always good to capture the reachability sets n ∗ I Suppose 'q = fx 2 N : hq0; x0i −!hq; xig for every control state/locationJ K q. n ∗ I fx 2 N : hq0; x0i −!hq; xig is infinite iff the formula below is satisfiable: : 9 y 8 x1;:::; xn 'q(x1;:::; xn) ) (x1 ≤ y ^ · · · ^ xn ≤ y) ∗ I hq0; x0i −!hq; zi iff the formula below is satisfiable: 'q(x1;:::; xn) ^ x1 = z(1) ^ · · · ^ xn = z(n); I Control state q can be reached from hq0; x0i iff the Presburger formula 'q(x1;:::; xn) is satisfiable. Refinement: new set of atomic formulae 0 0 0 0 0 0 > j ? j t ≤ t j t ≡k t j t = t j t < t j t ≥ t j t > t (PAF) def I A formula ' is quantifier-free , ' is a Boolean combination of atomic formulae (i.e. without quantifiers). (x + y ≡5 z) _ (y > 23) I Linear fragment (LIN) = (PAF) r modulo constraints > j ? j t ≤ t0 j t = t0 j t < t0 j t ≥ t0 j t > t0 (LIN) More fragments def I Difference fragment: ' is in the difference fragment , ' belongs to the linear fragment and the terms are of the form either x + k or k. in: :(x = y + 8) ^ y ≥ 7. out: 2x = 6 and x + y ≥ 3. I Prenex normal form: Q1 x1 ···Qn xn with in the linear fragment and fQ1;:::; Qng ⊆ f9; 8g. I :(9 x (x ≥ 3)) _ (8 y (y ≥ 4)) is equivalent to 8 x 8 y (:(x ≥ 3) _ y ≥ 4) I Extended prenex normal form: (Q1)≤k1 x1 ··· (Qn)≤kn xn with is in (LIN), fQ1;:::; Qng ⊆ f9; 8g and k1;:::; kn 2 N.