Analyzing Satisfiability and Refutability in Selected Constraint Systems

This dissertation is concerned with the satisfiability and refutability problems for several constraint systems. We examine both Boolean constraint systems, in which each variable is limited to the values true and false, and polyhedral constraint systems, in which each variable is limited to the set of real numbers R in the case of linear polyhedral systems or the set of integers Z in the case of integer polyhedral systems. An important aspect of our research is that we focus on providing certificates. That is, we provide satisfying assignments or easily checkable proofs of infeasibility depending on whether the instance is feasible or not. Providing easily checkable certificates has become a much sought after feature in algorithms, especially in light of spectacular failures in the implementations of some well-known algorithms. There exist a number of problems in the constraint-solving domain for which efficient algorithms have been proposed, but which lack a certifying counterpart. When examining Boolean constraint systems, we specifically look at systems of 2-CNF clauses and systems of Horn clauses. When examining polyhedral constraint systems, we specifically look at systems of difference constraints, systems of UTVPI constraints, and systems of Horn constraints. For each examined system, we determine several properties of general refutations and determine the complexity of finding restricted refutations. These restricted forms of refutation include read-once refutations, in which each constraint can be used at most once; literal-once refutations, in which for each literal at most one constraint containing that literal can be used; and unit refutations, in which each step of the refutation must use a constraint containing exactly one literal. The advantage of read-once refutations is that they are guaranteed to be short. Thus, while not every constraint system has a read-once refutation, the small size of the refutation guarantees easy checkability

Optimal certifying algorithms for linear and lattice point feasibility in a system of UTVPI constraints

This thesis is concerned with the design and analysis of time-optimal and spaceoptimal, certifying algorithms for checking the linear and lattice point feasibility of a class of constraints called Unit Two Variable Per Inequality (UTVPI) constraints. In a UTVPI constraint, there are at most two non-zero variables per constraint, and the coefficients of the non-zero variables belong to the set {lcub}+1, --1{rcub}. These constraints occur in a number of application domains, including but not limited to program verification, abstract interpretation, and operations research. As per the literature, the fastest known certifying algorithm for checking lattice point feasibility in UTVPI constraint systems ([1]), runs in O( m n + n2 log n) time and O(n2) space, where m represents the number of constraints and n represents the number of variables in the constraint system. In this paper, we design and analyze new algorithms for checking the linear feasibility and the lattice point feasibility of UTVPI constraints. Both of the presented algorithms run in O( m[.]n) time and O(m + n) space. Additionally they are certifying in that they produce satisfying assignments in the event that they are presented with feasible instances and refutations in the event that they are presented with infeasible instances. The importance of providing certificates cannot be overemphasized, especially in mission-critical applications. Our approaches for both the linear and the lattice point feasibility problems in UTVPI constraints are fundamentally different from existing approaches for these problems (as described in the literature), in that our approaches are based on new insights on using well-known inference rules

Speeding up the constraint-based method in difference logic

"The final publication is available at http://link.springer.com/chapter/10.1007%2F978-3-319-40970-2_18"Over the years the constraint-based method has been successfully applied to a wide range of problems in program analysis, from invariant generation to termination and non-termination proving. Quite often the semantics of the program under study as well as the properties to be generated belong to difference logic, i.e., the fragment of linear arithmetic where atoms are inequalities of the form u v = k. However, so far constraint-based techniques have not exploited this fact: in general, Farkas’ Lemma is used to produce the constraints over template unknowns, which leads to non-linear SMT problems. Based on classical results of graph theory, in this paper we propose new encodings for generating these constraints when program semantics and templates belong to difference logic. Thanks to this approach, instead of a heavyweight non-linear arithmetic solver, a much cheaper SMT solver for difference logic or linear integer arithmetic can be employed for solving the resulting constraints. We present encouraging experimental results that show the high impact of the proposed techniques on the performance of the VeryMax verification systemPeer ReviewedPostprint (author's final draft

Managing Complex Scheduling Problems with Dynamic and Hybrid Constraints.

The task of scheduling can often be a difficult one because of the inherent complexity of real-world problems. In the field of Artificial Intelligence, many representations and algorithms have been developed to automate the scheduling process. Many state of the art scheduling systems deal with this complexity by making assumptions that simplify the algorithms, but in doing so, miss some opportunities to improve performance. Scheduling problems are temporal in nature, and so they often contain constraints that change over time. Many scheduling systems assume that the problems they are solving are all independent, and so they ignore the similarities between subsequent sets of scheduling constraints. Additionally, scheduling problems often contain a mixture of finite-domain and temporal constraints. Many of the systems that can solve problems of this type do so by creating finite-domain variables to represent the constraints, but then ignore the distinction between the different types of variables when searching for a solution. In this dissertation, I identify opportunities to improve performance by exploiting structure where it has previously been overlooked. Following this approach, I develop a set of techniques that apply to a wide variety of situations that can arise in real-world scheduling problems. First, I consider dynamic scheduling problems with constraints that change over time. To address such problems, I introduce a new representation called the Dynamic Disjunctive Temporal Problem, along with several techniques to improve both efficiency and stability when solving one. Second, I consider scheduling problems in which a mixture of finite-domain and temporal variables can interact through hybrid constraints. I introduce the Hybrid Scheduling Problem to represent such problems, and I present a set of techniques that capitalize on the distinction between variable types to improve efficiency across the problem space. Finally, I conclude by proposing several ways that the dynamic and hybrid representations and techniques can be combined. To compare many of the techniques presented throughout this dissertation in the context of structured, real-world problems, I use them to solve scheduling problems based on actual air traffic control constraints recorded from the Dallas/Fort Worth International Airport.Ph.D.Computer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/57625/2/pschwart_1.pd

Exact Join Detection for Convex Polyhedra and Other Numerical Abstractions

Deciding whether the union of two convex polyhedra is itself a convex polyhedron is a basic problem in polyhedral computations; having important applications in the field of constrained control and in the synthesis, analysis, verification and optimization of hardware and software systems. In such application fields though, general convex polyhedra are just one among many, so-called, numerical abstractions, which range from restricted families of (not necessarily closed) convex polyhedra to non-convex geometrical objects. We thus tackle the problem from an abstract point of view: for a wide range of numerical abstractions that can be modeled as bounded join-semilattices --that is, partial orders where any finite set of elements has a least upper bound--, we show necessary and sufficient conditions for the equivalence between the lattice-theoretic join and the set-theoretic union. For the case of closed convex polyhedra --which, as far as we know, is the only one already studied in the literature-- we improve upon the state-of-the-art by providing a new algorithm with a better worst-case complexity. The results and algorithms presented for the other numerical abstractions are new to this paper. All the algorithms have been implemented, experimentally validated, and made available in the Parma Polyhedra Library.Comment: 36 pages, 4 figure

Subterm-based proof techniques for improving the automation and scope of security protocol analysis

During the last decades, many advances in the field of automated security protocol analysis have seen the field mature and grow from being applicable to toy examples, to modeling intricate protocol standards and finding real-world vulnerabilities that extensive manual analysis had missed. However, modern security protocols often contain elements for which such tools were not originally designed, such as protocols that construct, by design, terms of unbounded size, such as counters, trees, and blockchains. Protocol analysis tools such as Tamarin and ProVerif have some very restricted support, but typically lack the ability to effectively reason about dynamically growing unbounded-depth terms. In this work, we introduce subterm-based proof techniques that are tailored for automated protocol analysis in the Tamarin prover. In several case studies, we show that these techniques improve automation (allow for analyzing more protocols, or remove the need for manually specified invariants), efficiency (reduce proof size for existing analyses), and expressive power (enable new kinds of properties). In particular, we provide the first automated proofs for TreeKEM, S/Key, and Tesla Scheme 2; and we show substantial benefits, most notably in WPA2 and 5G-AKA, two of the largest automated protocol proofs. Note: An extended abstract of this paper appears at CSF 2023. This is the long version

Vérification relationnelle pour des programmes avec des données entières

Les travaux présentés dans cette thèse sont lies aux problèmes de vérification de l'atteignabilité et de la terminaison de programmes qui manipulent des données entières non-bornées. On décrit une nouvelle méthode de vérification basée sur une technique d'accélération de boucle, qui calcule, de manière exacte, la clôture transitive d'une relation arithmétique. D'abord, on introduit un algorithme d'accélération de boucle qui peut calculer, en quelques secondes, des clôtures transitives pour des relations de l'ordre d'une centaine de variables. Ensuite, on présente une méthode d'analyse de l'atteignabilité, qui manipule des relations entre les variables entières d'un programme, et applique l'accélération pour le calcul des relations entrée-sortie des procédures, de façon modulaire. Une approche alternative pour l'analyse de l'atteignabilité, présentée également dans cette thèse, intègre l'accélération avec l'abstraction par prédicats, afin de traiter le problème de divergence de cette dernière. Ces deux méthodes ont été évaluées de manière pratique, sur un nombre important d'exemples, qui étaient, jusqu'a présent, hors de la portée des outils d'analyse existants. Dernièrement, on a étudié le problème de la terminaison pour certaines classes de boucles de programme, et on a montré la décidabilité pour les relations étudiées. Pour ces classes de relations arithmétiques, on présente un algorithme qui s'exécute en temps au plus polynomial, et qui calcule l'ensemble d'états qui peuvent générer une exécution infinie. Ensuite on a intégré cet algorithme dans une méthode d'analyse de la terminaison pour des programmes qui manipulent des données entières.This work presents novel methods for verification of reachability and termination properties of programs that manipulate unbounded integer data. Most of these methods are based on acceleration techniques which compute transitive closures of program loops. We first present an algorithm that accelerates several classes of integer relations and show that the new method performs up to four orders of magnitude better than the previous ones. On the theoretical side, our framework provides a common solution to the acceleration problem by proving that the considered classes of relations are periodic. Subsequently, we introduce a semi-algorithmic reachability analysis technique that tracks relations between variables of integer programs and applies the proposed acceleration algorithm to compute summaries of procedures in a modular way. Next, we present an alternative approach to reachability analysis that integrates predicate abstraction with our acceleration techniques to increase the likelihood of convergence of the algorithm. We evaluate these algorithms and show that they can handle a number of complex integer programs where previous approaches failed. Finally, we study the termination problem for several classes of program loops and show that it is decidable. Moreover, for some of these classes, we design a polynomial time algorithm that computes the exact set of program configurations from which non-terminating runs exist. We further integrate this algorithm into a semi-algorithmic method that analyzes termination of integer programs, and show that the resulting technique can verify termination properties of several non-trivial integer programs.SAVOIE-SCD - Bib.électronique (730659901) / SudocGRENOBLE1/INP-Bib.électronique (384210012) / SudocGRENOBLE2/3-Bib.électronique (384219901) / SudocSudocFranceF

Efficient querying and learning in probabilistic and temporal databases

Probabilistic databases store, query, and manage large amounts of uncertain information. This thesis advances the state-of-the-art in probabilistic databases in three different ways: 1. We present a closed and complete data model for temporal probabilistic databases and analyze its complexity. Queries are posed via temporal deduction rules which induce lineage formulas capturing both time and uncertainty. 2. We devise a methodology for computing the top-k most probable query answers. It is based on first-order lineage formulas representing sets of answer candidates. Theoretically derived probability bounds on these formulas enable pruning low-probability answers. 3. We introduce the problem of learning tuple probabilities which allows updating and cleaning of probabilistic databases. We study its complexity, characterize its solutions, cast it into an optimization problem, and devise an approximation algorithm based on stochastic gradient descent. All of the above contributions support consistency constraints and are evaluated experimentally.Probabilistische Datenbanken können große Mengen an ungewissen Informationen speichern, anfragen und verwalten. Diese Doktorarbeit treibt den Stand der Technik in diesem Gebiet auf drei Arten vorran: 1. Ein abgeschlossenes und vollständiges Datenmodell für temporale, probabilistische Datenbanken wird präsentiert. Anfragen werden mittels Deduktionsregeln gestellt, welche logische Formeln induzieren, die sowohl Zeit als auch Ungewissheit erfassen. 2. Ein Methode zur Berechnung der k Anworten höchster Wahrscheinlichkeit wird entwickelt. Sie basiert auf logischen Formeln erster Stufe, die Mengen an Antwortkandidaten repräsentieren. Beschränkungen der Wahrscheinlichkeit dieser Formeln ermöglichen das Kürzen von Antworten mit niedriger Wahrscheinlichkeit. 3. Das Problem des Lernens von Tupelwahrscheinlichkeiten für das Aktualisieren und Bereiningen von probabilistischen Datenbanken wird eingeführt, auf Komplexität und Lösungen untersucht, als Optimierungsproblem dargestellt und von einem stochastischem Gradientenverfahren approximiert. All diese Beiträge unterstützen Konsistenzbedingungen und wurden experimentell analysiert