A Constraint Solver for Software Engineering Finding. Models and Cores of Large Relational Specifications. Emina Torlak, Submitted to the Department of Electrical Engineering and Computer Science. on December 8 2008 in partial fulfillment of the,requirements for the degree of. Doctor of Philosophy, Relational logic is an attractive candidate for a software description language be. cause both the design and implementation of software often involve reasoning about. relational structures organizational hierarchies in the problem domain architectural. configurations in the high level design or graphs and linked lists in low level code Un. til recently however frameworks for solving relational constraints have had limited. applicability Designed to analyze small hand crafted models of software systems. current frameworks perform poorly on specifications that are large or that have par. tially known solutions, This thesis presents an efficient constraint solver for relational logic with recent. applications to design analysis code checking test case generation and declarative. configuration The solver provides analyses for both satisfiable and unsatisfiable. specifications a finite model finder for the former and a minimal unsatisfiable core. extractor for the latter It works by translating a relational problem to a boolean. satisfiability problem applying an off the shelf SAT solver to the resulting formula. and converting the SAT solver s output back to the relational domain. The idea of solving relational problems by reduction to SAT is not new The core. contributions of this work instead are new techniques for expanding the capacity. and applicability of SAT based engines They include a new interface to SAT that. extends relational logic with a mechanism for specifying partial solutions a new. translation algorithm based on sparse matrices and auto compacting circuits a new. symmetry detection technique that works in the presence of partial solutions and a. new core extraction algorithm that recycles inferences made at the boolean level to. speed up core minimization at the specification level. Thesis Supervisor Daniel Jackson,Title Professor,Acknowledgments. Working on this thesis has been a challenging rewarding and above all wonderful. experience I am deeply grateful to the people who have shared it with me. To my advisor Daniel Jackson for his guidance support enthusiasm and a. great sense of humor He has helped me become not only a better researcher. but a better writer and a better advocate for my ideas. To my thesis readers David Karger and Sharad Malik for their insights and. excellent comments, To my friends and colleagues in the Software Design Group Felix Chang Greg. Dennis Jonathan Edwards Eunsuk Kang Sarfraz Khurshid Carlos Pacheco. Derek Rayside Robert Seater Ilya Shlyakhter Mana Taghdiri and Mandana. Vaziri for their companionship and for many lively discussions of research. ideas big and small Ilya s work on Alloy3 paved the way for this disserta. tion Greg Mana and Felix s early adoption of the solver described here was. instrumental to its design and development, To my husband Aled for his love patience and encouragement to my sister. Alma for her boundless warmth and kindness and to my mother Edina for her. unrelenting support and for giving me life more than once. I dedicate this thesis to my mother and to the memory of my father. The first challenge for computing science is to discover how to maintain order in a finite. but very large discrete universe that is intricately intertwined. E W Dijkstra 1979,1 Introduction 13,1 1 Bounded relational logic 15. 1 2 Finite model finding 17,1 3 Minimal unsatisfiable core extraction 23. 1 4 Summary of contributions 27,2 From Relational to Boolean Logic 31. 2 1 Bounded relational logic 32, 2 2 Translating bounded relational logic to SAT 35. 2 2 1 Translation algorithm 35, 2 2 2 Sparse matrix representation of relations 37. 2 2 3 Sharing detection at the boolean level 40,2 3 Related work 44. 2 3 1 Type based representation of relations 44,2 3 2 Sharing detection at the problem level 46. 2 3 3 Multidimensional sparse matrices 47,2 3 4 Auto compacting circuits 50. 2 4 Experimental results 51,3 Detecting Symmetries 55. 3 1 Symmetries in model extension 56,3 2 Complete and greedy symmetry detection 60. 3 2 1 Symmetries via graph automorphism detection 61. 3 2 2 Symmetries via greedy base partitioning 63,3 3 Experimental results 68. 3 4 Related work 70,3 4 1 Symmetries in traditional model finding 71. 3 4 2 Symmetries in constraint programming 72,4 Finding Minimal Cores 75. 4 1 A small example 76,4 1 1 A toy list specification 76. 4 1 2 Sample analyses 77,4 2 Core extraction with a resolution engine 81. 4 2 1 Resolution based analysis 82,4 2 2 Recycling core extraction 86. 4 2 3 Correctness and minimality of RCE 88,4 3 Experimental results 89. 4 4 Related work 93,4 4 1 Minimal core extraction 93. 4 4 2 Clause recycling 94,5 Conclusion 97,5 1 Discussion 98. 5 2 Future work 101, 5 2 1 Bitvector arithmetic and inductive definitions 101. 5 2 2 Special purpose translation for logic fragments 102. 5 2 3 Heuristics for variable and constraint ordering 103. List of Figures,1 1 A hard Sudoku puzzle 13, 1 2 Sudoku in bounded relational logic Alloy FOL and FOL ID 18. 1 3 Solution for the sample Sudoku puzzle 19, 1 4 Effect of partial models on the performance of SAT based model finders 21. 1 5 Effect of partial models on the performance of a dedicated Sudoku solver 22. 1 6 An unsatisfiable Sudoku puzzle and its core 24. 1 7 Comparison of SAT based core extractors on 100 unsatisfiable Sudokus 26. 1 8 Summary of contributions 28, 2 1 Syntax and semantics of bounded relational logic 33. 2 2 A toy filesystem 34, 2 3 Translation rules for bounded relational logic 36. 2 4 A sample translation 38, 2 5 Sparse representation of translation matrices 39. 2 6 Computing the d reachable descendants of a CBC node 41. 2 7 A non compact boolean circuit and its compact equivalents 43. 2 8 GCRS and ECRS representations for multidimensional sparse matrices 48. 2 9 An example of a non optimal two level rewrite rule 52. 3 1 Isomorphisms of the filesystem model 57, 3 2 Isomorphisms of an invalid binding for the toy filesystem 57. 3 3 Complete symmetry detection via graph automorphism 62. 3 4 A toy filesystem with no partial model 64, 3 5 Symmetry detection via greedy base partitioning 66. 3 6 Microstructure of a CSP 74,4 1 A toy list specification 78. 4 2 The resolution rule for propositional logic 84. 4 3 Resolution based analysis of a b b c a c 84,4 4 Core extraction algorithms 87. List of Tables,1 1 Recent applications of Kodkod 29. 2 1 Simplification rules for CBCs 42, 2 2 Evaluation of Kodkod s translation optimizations 53. 3 1 Evaluation of symmetry detection algorithms 69. 4 1 Evaluation of minimal core extractors 90, 4 2 Evaluation of minimal core extractors based on problem difficulty 91. 5 1 Features of state of the art model finders 99,Introduction. Puzzles with simple rules can be surprisingly hard to solve even when a part of the. solution is already known Take Sudoku for example It is a logic game played on a. partially completed 9 9 grid like the one in Fig 1 1 The goal is simply to fill in the. blanks so that the numbers 1 through 9 appear exactly once in every row column. and heavily boxed region of the grid Each puzzle has a unique solution and many. are easily solved Yet some are very hard Target completion time for the puzzle in. Fig 1 1 for example is 30 minutes 58,Figure 1 1 A hard Sudoku puzzle 58. Software engineering is full of problems like Sudoku where the rules are easy. to describe parts of the solution are known but the task of filling in the blanks is. computationally intractable Examples include most notably declarative configura. tion problems such as network configuration 99 installation management 133 and. scheduling 149 The configuration task usually involves extending a valid config. uration with one or more new components so that certain validity constraints are. preserved To install a new package on a Linux machine for example an installa. tion manager needs to find a subset of packages in the Linux distribution including. the desired package which can be added to the installation so that all package de. pendencies are met Also related are the problems of declarative analysis software. design analysis 69 bounded code verification against rich structural specifications. 31 34 126 138 and declarative test case generation 77 114 134. Automatic solutions to problems like Sudoku and declarative configuration usually. come in two flavors a special purpose solver or a special purpose translator to some. logic used either with an off the shelf SAT solver or since recently an SMT solver. 38 53 9 29 that can also reason about linear integer and bitvector arithmetic. An expertly implemented special purpose solver is likely to perform better than a. translation based alternative simply because a custom solver can be guided with. domain specific knowledge that may be hard or impossible to use effectively in a. translation But crafting an efficient search algorithm is tricky and with the advances. in SAT solving technology the performance benefits of implementing a custom solver. tend to be negligible 53 Even for a problem as simple as Sudoku with many known. special purpose inference rules SAT based approaches 86 144 are competitive with. hand crafted solvers e g 141, Reducing a high level problem description to SAT is not easy however since a. boolean encoding has to contain just the right amount and kind of information to. elicit the best performance from the SAT solver If the encoding includes too many. redundant formulas the solver will slow down significantly 119 139 41 At the. same time introducing certain kinds of redundancy into the encoding in the form. of symmetry breaking 27 116 or reconvergence 150 clauses can yield dramatic. improvements in solving times, The challenges of using SAT for declarative configuration and analysis are not. limited to finding the most effective encoding When a SAT solver fails to find a. satisfying assignment for the translation of a problem many applications need to. know what caused the failure and correct it For example if a software package. cannot be installed because it conflicts with one or more existing packages a SAT. based installation manager such as OPIUM 133 needs to identify and remove the. conflicting packages It does this by analyzing the proof of unsatisfiability produced. by the SAT solver to find an unsatisfiable subset of the translation clauses known. as an unsatisfiable core Once extracted from the proof the boolean core needs to. mapped back to the conflicting constraints in the problem domain The problem. domain core in turn has to be minimized before corrective action is taken because. it may contain constraints which do not contribute to its unsatisfiability. This thesis presents a framework that facilitates easy and efficient use of SAT for. declarative configuration and analysis The user of the framework provides just a. high level description of the problem in a logic that underlies many software design. languages 2 143 123 69 and a partial solution if one is available The framework. then does the rest efficient translation to SAT interpretation of the SAT instance in. terms of problem domain concepts and in the case of unsatisfiability interpretation. and minimization of the unsatisfiable core The key algorithms used for SAT encoding. 131 and core minimization 129 are the main technical contributions of this work. the main methodological contribution is the idea of separating the description of the. problem from the description of its partial solution 130 The embodiment of these. contributions called Kodkod has so far been used in a variety of applications for. declarative configuration 100 149 design analysis 21 bounded code verification. 31 34 126 and automated test case generation 114 134. 1 1 Bounded relational logic, Kodkod is based on the relational logic of Alloy 69 consisting essentially of a. first order logic augmented with the operators of the relational calculus 127 The. inclusion of transitive closure extends the expressiveness beyond standard first order. logics and allows the encoding of common reachability constraints that otherwise. could not be expressed In contrast to specification languages such as Z 123 B. 2 and OCL 143 that are based on set theoretic logics Alloy s relational logic was. designed to have a stronger connection to data modeling languages such as ER 22. and SDM 62 a more uniform syntax and a simpler semantics Alloy s logic treats. everything as a relation sets as relations of arity one and scalars as singleton sets. Function application is modeled as relational join and an out of domain application. results in the empty set dispensing with the need for special notions of undefinedness. The use of multi arity relations in contrast to functions over sets is a critical factor. in Alloy being first order and amenable to automatic analysis The choice of this logic. for Kodkod was thus based not only on its simplicity but also on its analyzability. Kodkod extends the logic of Alloy with the notion of relational bounds A bounded. relational specification is a collection of constraints on relational variables of any arity. that are bound above and below by relational constants i e sets of tuples All. bounding constants consist of tuples that are drawn from the same finite universe of. uninterpreted elements The upper bound specifies the tuples that a relation may. contain the lower bound specifies the tuples that it must contain. Figure 1 2a shows a snippet of bounded relational logic1 that describes the Sudoku. puzzle from Fig 1 1 It consists of three parts the universe of discourse line 1 the. bounds on free variables that encode the assertional knowledge about the problem. lines 2 7 such as the initial state of the grid and the constraints on the bounded. variables that encode definitional knowledge about the problem lines 10 21 i e the. rules of the game, The bounds specification is straightforward The unary relation num line 2. provides a handle on the set of numbers used in the game As this set is constant the. relation has the same lower and upper bound The relations r1 r2 and r3 lines 4 6. partition the numbers into three consecutive equally sized intervals The ternary. relation grid line 7 models the Sudoku grid as a mapping from cells defined by their. row and column coordinates to numbers The set h1 1 6i h1 4 2i h9 9. 7i specifies the lower bound on the grid relation these are the mappings of cells to. numbers that are given in Fig 1 1 2 The upper bound on its value is the lower bound. augmented with the bindings from the coordinates of the empty cells such as the cell. in the first row and second column to the numbers 1 through 9. The rest of the problem description defines the rules of Sudoku each cell on the. grid contains some value line 10 and that value is unique with respect to other. values in the same row column and 3 3 region of grid lines 11 21 Relational join. Because Kodkod is designed as a Java API the users communicate with it by constructing. formulas relations and bounds via API calls The syntax shown here is just an illustrative rendering. of Kodkod s abstract syntax graph defined formally in Chapter 2. The symbol is not a part of the syntax It is used in Fig 1 1 and in text to mean etc.

Public Health Assessment for . LIBBY ASBESTOS NPL SITE LIBBY, LINCOLN COUNTY, MONTANA ... ATSDR can also authorize health education or pilot studies of health effects, fullscale epidemiology studies, disease registries, surveillance studies or research on specific hazardous substances. ... Public Health Assessment Libby Asbestos NPL Site . a.

4) IEEE 9th Workshop on Multimedia Signal Processing, 2007. MMSP 2007. 5) This article has two well di erentiated parts. In the rst, the authors do a review of the state of the art in multimodal sensor networks. Multimodal networks are made of sensors which acquire data of di erent nature, as sound level, light intensity, or gas levels, for ...

The 12 Week Guitar Course is an absolutely free-of-charge, 12-week, online guitar course taught at beginner, intermediate, and advanced levels by guitar expert, author, and long-time guitar magazine editor Adam St. James.

A8 Installation Packet Page 4 of 14 3430450000 E Leg and Foot Assembly 1 - Slide worksurface bracket over motor in orientation shown . 2 - Attach worksurface bracket with four (4) 4mm hex screws . 5 - Align leg assembly with locator holes in orientation shown Attach to worksurface with #3 Phillips screws; each leg requires ten (10) screws . Align with locator holes

Univerza v Ljubljani Filozofska fakulteta Oddelek za slovenistiko Jana Stare Erotika v kratkoproznem opusu Franja Fran?i?a Diplomsko delo Mentorica doc. dr. Alenka ?bogar

Review of the Implementation of the Welfare of Animals Act (Northern Ireland) 2011 activities are involved. As well as dealing with wild animals and serious criminal activity involving animals, the PSNI also has legal responsibility where an animal is found wandering on the road under the Animals (NI) Order 1976 and the Roads (NI) Order 1993 ...

Secret Sharing and Secure Multi-party Computation Michael Mortensen 1. July 2007 Department of Informatics University of Bergen PB. 7800 N-5020 BERGEN. Preface This thesis explores the di?erent secret sharing schemes from the 1970s until today. We present the schemes and provide descriptions and examples on how they work. More time is devoted to exploring monotone span programs, a ...

of mammary gland biology in normal and diseased states [1]. Several immortalized cell lines have been established from primary mammary epithelial cells. The primary cells or tissue explants are likely more representative of the . in vivo. system due to the temporal proximity to the original tissues/cells having, likely, more similar molecular milieu (e.g. more similar epigenome and ...

the algebraic distinction between the commutative substrate manif old M n (e.g., the Minkowski space-time underlying the BV-zoo) and the quotients A = F = of the free associative algebras taken for the target sets. The maps that ta ke the sheaves M n nC of some other free associative algebras {in earnest, the sheaves of groups of walks,