## Sets with Cardinality Constraints in Satisfiability Modulo Theories

Citations: | 4 - 0 self |

### BibTeX

@MISC{Steiger_setswith,

author = {Robin Steiger and Viktor Kuncak},

title = {Sets with Cardinality Constraints in Satisfiability Modulo Theories},

year = {}

}

### OpenURL

### Abstract

Abstract. Boolean Algebra with Presburger Arithmetic (BAPA) is a decidable logic that can express constraints on sets of elements and their cardinalities. Problems from verification of complex properties of software often contain fragments that belong to quantifier-free BAPA (QFBAPA). In contrast to many other NP-complete problems (such as quantifier-free first-order logic or linear arithmetic), the applications of QFBAPA to a broader set of problems has so far been hindered by the lack of an efficient implementation that can be used alongside other efficient decision procedures. We overcome these limitations by extending the efficient SMT solver Z3 with the ability to reason about cardinality (QFBAPA) constraints. Our implementation uses the DPLL(T) mechanism of Z3 to reason about the top-level propositional structure of a QFBAPA formula, improving the efficiency compared to previous implementations. Moreover, we present a new algorithm for automatically decomposing QFBAPA formulas. Our algorithm alleviates the exponential explosion of considering all Venn regions, significantly improving the tractability of formulas with many set variables. Because it is implemented as a theory plugin, our implementation enables Z3 to prove formulas that use QFBAPA constructs with constructs from other theories that Z3 supports, as well as with quantifiers. We have applied our implementation to the verification of functional programs; we show it can automatically prove formulas that no automated approach was reported to be able to prove before. 1

### Citations

470 | Z3: An efficient SMT solver
- Moura, Bjørner
- 2008
(Show Context)
Citation Context ...ractice (see Section 5). 4 Integration with Z3 We implemented our new decision procedure for QFBAPA constraints based on the results of Section 3 as an extension to the state-of-the-art SMT solver Z3 =-=[14]-=-. In this extension, sets do not range over uninterpreted elements but over the integers. The resulting prover can thus handle constraints such as (S1 = {1, 2, 3, 4} ∧ S2 ⊆ S1 ∧ S2 ̸= ∅) =⇒ | S2 | ∈ S... |

147 | The Java Native Interface Programmer’s Guide and Specification
- Liang
- 1990
(Show Context)
Citation Context ... (i.e. that are not restricted to theory elements) to the logical context of Z3 at any time, this was indeed not a major limitation. We wrote our extension in Scala and used the Java Native Interface =-=[12]-=- to access the C API of Z3. 2 We did not observe any significant overhead in the forwarding of function calls from and to the Java virtual machine. Reduction to the integers. We handle constraints on ... |

84 | Full functional verification of linked data structures
- Zee, Kuncak, et al.
(Show Context)
Citation Context ...le to prove before. 1 Introduction Sets naturally arise in software that performs discrete computation, as a built-in data type [2], as container libraries, or inside program specification constructs =-=[11, 20]-=-. An intrinsic part of reasoning about sets is reasoning about sizes of sets, with well-known associated laws such as the inclusion-exclusion principle | A ∪ B | = | A | + | B | − | A ∩ B |. A natural... |

72 |
The first order properties of products of algebraic systems
- Feferman, Vaught
- 1959
(Show Context)
Citation Context ...B |. A natural decidable logic that supports set operations (union, intersection, complement) as well as a cardinality operator is a logic we call BAPA, for Boolean Algebra with Presburger Arithmetic =-=[3, 8]-=-. We here consider the quantifier-free fragment of BAPA, denoted QFBAPA. QFBAPA was shown to be NP-complete using a particular encoding into ⋆ Philippe Suter was supported by the Swiss NSF Grant 20002... |

44 | Generalized typestate checking for data structure consistency - Lam, Kuncak, et al. - 2005 |

43 |
The Software Model Checker BLAST
- Beyer, Henzinger, et al.
- 2007
(Show Context)
Citation Context ...rates lemmas in integer linear arithmetic and gives them back to Z3, which incorporates them with other integer constraints. At the same time, Z3 takes care of equality constraints. The net result is =-=(1)-=- dramatic improvement of efficiency compared to previously reported QFBAPA implementations (2) the ability to use QFBAPA cardinality operation alongside all other operations that Z3 supports. We illus... |

38 | Modular Data Structure Verification
- Kuncak
- 2007
(Show Context)
Citation Context ...es. Figure 4 shows our experimental results. 3 Jahob benchmarks. We included all benchmarks from [10] in our evaluation. These formulas express verification conditions generated with the Jahob system =-=[7]-=- for programs manipulating (abstractions of) pointer-based datastructures such as linked lists. In [10], the benchmarks were used to compare the efficiency of the sparse encoding into linear arithmeti... |

35 |
Programming by refinement, as exemplified by the SETL representation sublanguage
- Dewar
- 1979
(Show Context)
Citation Context ...atically prove formulas that no automated approach was reported to be able to prove before. 1 Introduction Sets naturally arise in software that performs discrete computation, as a built-in data type =-=[2]-=-, as container libraries, or inside program specification constructs [11, 20]. An intrinsic part of reasoning about sets is reasoning about sizes of sets, with well-known associated laws such as the i... |

32 | M.: Deciding Boolean Algebra with Presburger Arithmetic
- Kuncak, Nguyen, et al.
- 2006
(Show Context)
Citation Context ...B |. A natural decidable logic that supports set operations (union, intersection, complement) as well as a cardinality operator is a logic we call BAPA, for Boolean Algebra with Presburger Arithmetic =-=[3, 8]-=-. We here consider the quantifier-free fragment of BAPA, denoted QFBAPA. QFBAPA was shown to be NP-complete using a particular encoding into ⋆ Philippe Suter was supported by the Swiss NSF Grant 20002... |

29 | M.: Towards efficient satisfiability checking for Boolean Algebra with Presburger Arithmetic
- Kuncak, Rinard
- 2007
(Show Context)
Citation Context ... was supported by the Swiss NSF Grant 200021 120433.2 Philippe Suter, Robin Steiger, and Viktor Kuncak quantifier-free Presburger arithmetic that exploits an integer analogue of Carathéodory theorem =-=[10]-=-. We thus think of QFBAPA as a generalization of SAT that is similar to SAT from a high-level complexity-theory point of view. The richness of QFBAPA is reflected in the fact that, being propositional... |

28 |
Model-based theory combination
- Moura, Bjørner
- 2007
(Show Context)
Citation Context ...perty of the formula to avoid generating all Venn regions. Our implementation is integrated into the state-of-the-art SMT solver Z3, whose important feature is efficient support for linear arithmetic =-=[13]-=-. Efficient integration with Z3 was made possible by the recently introduced theory plugin architecture of Z3, as well as by an incremental implementation of our algorithm. In this integration, Z3 pro... |

27 | V.: Decision procedures for algebraic data types with abstractions
- Suter, Dotta, et al.
(Show Context)
Citation Context ...al decomposition steps to be complete [20, 21]. A complete methodology for using QFBAPA as a glue logic for non-disjoint combination was introduced in [17], with additional useful cases introduced in =-=[16, 18]-=-, some of which are surveyed in [9]. The combination method we describe is simple, in that it does not require exchanging set constraints between different theories that share sets of objects. In that... |

21 |
A combination framework for tracking partition sizes
- Gulwani, Lev-Ami, et al.
- 2009
(Show Context)
Citation Context ...est that this approach is very promising and we expect it to extend to richer logics containing QFBAPA, such as [18]. Research in program analysis has used cardinality constraints in abstract domains =-=[5, 15]-=-, typically avoiding the need for a full-fledged QFBAPA decision procedure. Thanks to our efficient implementation of QFBAPA, we expect thatSets with Cardinality Constraints in Satisfiability Modulo ... |

20 | An integrated proof language for imperative programs
- Zee, Kuncak, et al.
- 2009
(Show Context)
Citation Context ...st to [3]. The work of combination of QFBAPA with other decidable theories has so far included implementation as part of the Jahob system [7], which requires manual decomposition steps to be complete =-=[20, 21]-=-. A complete methodology for using QFBAPA as a glue logic for non-disjoint combination was introduced in [17], with additional useful cases introduced in [16, 18], some of which are surveyed in [9]. T... |

15 |
Combined satisfiability modulo parametric theories
- Krstić, Goel, et al.
- 2007
(Show Context)
Citation Context ...mbination setup of [19], which introduces a non-deterministic procedure that was, to the best of our knowledge, not implemented. Combinations of theories that have finite domains has been explored in =-=[6]-=-. In this paper we have focused on combinations with integers, but we believe that our approach can be adapted to more general cases. Our decomposition of formulas was inspired by the algorithms for b... |

13 | V.: Combining theories with shared set operations
- Wies, Piskac, et al.
- 2009
(Show Context)
Citation Context ...cially, BAPA supports set operations and cardinality, whose polynomial encoding into SAT is possible but non-trivial [10]. Strikingly, a number of expressive logics can be naturally reduced to QFBAPA =-=[17, 9]-=-. This enables combination of formulas from non-disjoint theory signatures that share set operations, and goes beyond current disjoint theory combinations. However, although the QFBAPA satisfiability ... |

8 | A.: Cardinality abstraction for declarative networking applications
- Pérez, Rybalchenko, et al.
- 2009
(Show Context)
Citation Context ...est that this approach is very promising and we expect it to extend to richer logics containing QFBAPA, such as [18]. Research in program analysis has used cardinality constraints in abstract domains =-=[5, 15]-=-, typically avoiding the need for a full-fledged QFBAPA decision procedure. Thanks to our efficient implementation of QFBAPA, we expect thatSets with Cardinality Constraints in Satisfiability Modulo ... |

7 | T.: Building a calculus of data structures
- Kuncak, Piskac, et al.
- 2010
(Show Context)
Citation Context ...cially, BAPA supports set operations and cardinality, whose polynomial encoding into SAT is possible but non-trivial [10]. Strikingly, a number of expressive logics can be naturally reduced to QFBAPA =-=[17, 9]-=-. This enables combination of formulas from non-disjoint theory signatures that share set operations, and goes beyond current disjoint theory combinations. However, although the QFBAPA satisfiability ... |

4 | Collections, cardinalities, and relations
- Yessenov, Kuncak, et al.
(Show Context)
Citation Context ...al decomposition steps to be complete [20, 21]. A complete methodology for using QFBAPA as a glue logic for non-disjoint combination was introduced in [17], with additional useful cases introduced in =-=[16, 18]-=-, some of which are surveyed in [9]. The combination method we describe is simple, in that it does not require exchanging set constraints between different theories that share sets of objects. In that... |

1 |
B.: Hyperconsistency width for constraint satisfaction: Algorithms and complexity results
- Gottlob, Greco, et al.
- 2009
(Show Context)
Citation Context ...ntegers, but we believe that our approach can be adapted to more general cases. Our decomposition of formulas was inspired by the algorithms for bounded (hyper)tree width from constraint satisfaction =-=[4]-=-, although we do not directly follow any particular decomposition algorithm from the literature. These algorithms are typically used to reduce subclasses of NP-hard constraint satisfaction problems ov... |

1 |
Combining sets with integers. In: FroCoS: Frontiers of Combining Systems
- Zarba
- 2002
(Show Context)
Citation Context ...escribe is simple, in that it does not require exchanging set constraints between different theories that share sets of objects. In that sense, it corresponds to the multi-sorted combination setup of =-=[19]-=-, which introduces a non-deterministic procedure that was, to the best of our knowledge, not implemented. Combinations of theories that have finite domains has been explored in [6]. In this paper we h... |