Partial Quantifier Elimination

We consider the problem of Partial Quantifier Elimination (PQE). Given formula exists(X)[F(X,Y) & G(X,Y)], where F, G are in conjunctive normal form, the PQE problem is to find a formula F*(Y) such that F* & exists(X)[G] is logically equivalent to exists(X)[F & G]. We solve the PQE problem by generating and adding to F clauses over the free variables that make the clauses of F with quantified variables redundant. The traditional Quantifier Elimination problem (QE) is a special case of PQE where G is empty so all clauses of the input formula with quantified variables need to be made redundant. The importance of PQE is twofold. First, many problems are more naturally formulated in terms of PQE rather than QE. Second, in many cases PQE can be solved more efficiently than QE. We describe a PQE algorithm based on the machinery of dependency sequents and give experimental results showing the promise of PQE

Property Checking Without Invariant Generation

We introduce a procedure for proving safety properties. This procedure is based on a technique called Partial Quantifier Elimination (PQE). In contrast to complete quantifier elimination, in PQE, only a part of the formula is taken out of the scope of quantifiers. So, PQE can be dramatically more efficient than complete quantifier elimination. The appeal of our procedure is twofold. First, it can prove a property without generating an inductive invariant. Second, it employs depth-first search and so can be used to find deep bugs

Quantifier elimination in C*-algebras

The only C*-algebras that admit elimination of quantifiers in continuous logic are $\mathbb{C}, \mathbb{C}^2$, $C($Cantor space$)$ and $M_2(\mathbb{C})$. We also prove that the theory of C*-algebras does not have model companion and show that the theory of $M_n(\mathcal {O_{n+1}})$ is not $\forall\exists$-axiomatizable for any $n\geq 2$.Comment: More improvements and bug fixes. To appear in IMR

Transfer Function Synthesis without Quantifier Elimination

Traditionally, transfer functions have been designed manually for each operation in a program, instruction by instruction. In such a setting, a transfer function describes the semantics of a single instruction, detailing how a given abstract input state is mapped to an abstract output state. The net effect of a sequence of instructions, a basic block, can then be calculated by composing the transfer functions of the constituent instructions. However, precision can be improved by applying a single transfer function that captures the semantics of the block as a whole. Since blocks are program-dependent, this approach necessitates automation. There has thus been growing interest in computing transfer functions automatically, most notably using techniques based on quantifier elimination. Although conceptually elegant, quantifier elimination inevitably induces a computational bottleneck, which limits the applicability of these methods to small blocks. This paper contributes a method for calculating transfer functions that finesses quantifier elimination altogether, and can thus be seen as a response to this problem. The practicality of the method is demonstrated by generating transfer functions for input and output states that are described by linear template constraints, which include intervals and octagons.Comment: 37 pages, extended version of ESOP 2011 pape

Partial Quantifier Elimination By Certificate Clauses

We study partial quantifier elimination (PQE) for propositional CNF formulas. In contrast to full quantifier elimination, in PQE, one can limit the set of clauses taken out of the scope of quantifiers to a small subset of target clauses. The appeal of PQE is twofold. First, PQE can be dramatically simpler than full quantifier elimination. Second, it provides a language for performing incremental computations. Many verification problems (e.g. equivalence checking and model checking) are inherently incremental and so can be solved in terms of PQE. Our approach is based on deriving clauses depending only on unquantified variables that make the target clauses $\mathit{redundant}$. Proving redundancy of a target clause is done by construction of a ``certificate'' clause implying the former. We describe a PQE algorithm called $\mathit{START}$ that employs the approach above. We apply $\mathit{START}$ to generating properties of a design implementation that are not implied by specification. The existence of an $\mathit{unwanted}$ property means that this implementation is buggy. Our experiments with HWMCC-13 benchmarks suggest that $\mathit{START}$ can be used for generating properties of real-life designs

Lower Bounds for RAMs and Quantifier Elimination

We are considering RAMs $N_{n}$, with wordlength $n=2^{d}$, whose arithmetic instructions are the arithmetic operations multiplication and addition modulo $2^{n}$, the unary function $\min\lbrace 2^{x}, 2^{n}-1\rbrace$, the binary functions $\lfloor x/y\rfloor$ (with $\lfloor x/0 \rfloor =0$), $\max(x,y)$, $\min(x,y)$, and the boolean vector operations $\wedge,\vee,\neg$ defined on $0,1$ sequences of length $n$. It also has the other RAM instructions. The size of the memory is restricted only by the address space, that is, it is $2^{n}$ words. The RAMs has a finite instruction set, each instruction is encoded by a fixed natural number independently of $n$. Therefore a program $P$ can run on each machine $N_{n}$, if $n=2^{d}$ is sufficiently large. We show that there exists an $\epsilon>0$ and a program $P$, such that it satisfies the following two conditions. (i) For all sufficiently large $n=2^{d}$, if $P$ running on $N_{n}$ gets an input consisting of two words $a$ and $b$, then, in constant time, it gives a $0,1$ output $P_{n}(a,b)$. (ii) Suppose that $Q$ is a program such that for each sufficiently large $n=2^{d}$, if $Q$, running on $N_{n}$, gets a word $a$ of length $n$ as an input, then it decides whether there exists a word $b$ of length $n$ such that $P_{n}(a,b)=0$. Then, for infinitely many positive integers $d$, there exists a word $a$ of length $n=2^{d}$, such that the running time of $Q$ on $N_{n}$ at input $a$ is at least $\epsilon (\log d)^{\frac{1}{2}} (\log \log d)^{-1}$