Modular difference logic is hard

MODULAR DIFFERENC E LOGIC IS HARD NIKOLAJ BJØRNER, A NDREAS BLASS, YURI GUR EVICH, AND MADAN MUSUV A THI Abstra ct. In connection with mac hine arithmetic, we are interes ted in systems of constrain ts of the form x + k ≤ y + k ′ . Over integers, th e satisfiabilit y problem for such systems is p olynomial t ime. The problem b ecomes N P complete if we restrict attention to the residues for a fixed mod u lus N . 1. Introduction The goal of this pap er is to attract atten tion to the follo wing problem: Giv en a system Σ of inequalities, find out whether Σ is satisfiable in a giv en mac hine arithmetic. W e formalize a sp ecial case of the p r oblem, in Section 3, as the satisfiabilit y prob lem for mo dular difference logic (MDL). MDL is a v arian t of inte ger difference logic (IDL) describ ed in Section 2. The I DL satisfiabilit y p r oblem admits a s im p le and efficien t decision pro cedur e. It turns out that the MDL satisfiabilit y pr ob lem is infeasible (unless P=NP). The MDL satisfiabilit y problem is of particular relev ance in the con text of program verificatio n and analysis. Established program v erification en- vironmen ts [2] and abstract in terpretation metho ds [6] ha v e long relied on arithmetic o v er in tegers or o v er real num b ers for r easoning ab out p rograms, and f or a goo d reason. There are w ell kno wn efficien t metho ds for solv- ing the satisfiabilit y of linear arithmetic constrain ts o ve r the reals, suc h as dual s im p lex or interior p oin t m etho ds. And integ er constraint s can b e ap- proac h ed by extending simplex with Gomory cuts and branching m etho ds; b esides, imp ortant sp ecial cases, such as in teger difference logic, admit effi- cien t pro cedures. So the use of intege r or even real s eman tics is well justified from th e p ersp ectiv e of state of the art algorithms. The ob vious pr oblem of course is that neither reals n or in tegers capture the pr op er seman tics of mac hine arithmetic . Mod ular arithmetic, on the other hand, do es capture mac hine arithmetic. F urth er , a s y s tem of difference constrain ts can b e satisfiable o ver an y fi xed mo dulus N > 1 bu t unsatisfiable o ver in tegers or reals, e.g. 0 ≤ x and x + 1 ≤ 0. And a system of difference constrain ts can b e satisfiable o ver inte gers an d ov er reals, but u n satisfiable o ver a giv en mo dulu s N , e.g. x 0 < x 1 < · · · < x N . It follo ws that the common program analysis to ols tend to rely on metho ds that are b oth unsound and incomplete with resp ect to the accurate program P artially supp orted b y N SF gran t D MS-0653696. 1 2 BJØRNER, BLASS, GUREVICH, AND MUSUV A THI seman tics. W e prov e here that th e MDL satisfiabilit y problem is NP hard and th u s the dev elopmen t of efficien t to ols for the MDL satisfiabilit y p roblem is lik ely to b e elusiv e. W e also sho w that the problem is NP . T h e searc h f or efficien t metho ds for the MDL s atisfiability p roblem is on. 2. Integer difference logic In teger difference logic (IDL) is a fragment of linear arithmetic. IDL constrain ts ha ve the form x − y ≤ k where x, y are in teger v ariables and k is an integ er constan t. A system of IDL constraint s m a y or may not ha v e a solution. F or example, the constrain t system x 1 − x 2 ≤ − 3 , x 2 − x 3 ≤ 1 , x 3 − x 4 ≤ − 2 , x 4 − x 1 ≤ 3 is un satisfiable, whic h can b e established by add ing the left and right- hand sides sep arately: 0 = ( x 1 − x 2 ) + ( x 2 − x 3 ) + ( x 3 − x 4 ) + ( x 4 − x 1 ) ≤ − 3 + 1 − 2 + 3 = − 1 The IDL constraint satisfiabilit y problem (IDL-SA T) adm its an efficien t de- cision p ro cedure. Prop osition 1 ([7, 1]) . IDL-SA T is solvable in p olynomial time. Some efficien t pro cedures for IDL-SA T are b ased on the Flo yd -W arshall or F ord-F ulk erson style algorithms [ 4, 8 , 5]. IDL-SA T can b e generalized to o ctagon constrain ts ± x ± y ≤ k w hile still retai ning p olynomial time solv abilit y [6]. F or th e reader’s conv enience, we prov e here the p r op osition. Our pro of is based on the Flo yd -W arshall algorithm. Pr o of. Let Σ b e a system of IDL constrain ts. Without loss of generalit y , we presume that, for ev ery p air ( x, y ) of v ariables th ere is at most one constraint of the form x − y ≤ k . Extend Σ with an additional v ariable Sink add ing constrain ts x ≤ S ink (that is x − Sin k ≤ 0) f or ev ery original v ariable x ; giv en an y solution for Σ, set S ink to the maximal v alue of the original v ariables to get a solution of the extended system Σ + . W e construct a weig h ted directed graph G on the v ariables of Σ + : ev ery constrain t x − y ≤ k giv es rise to an edge from x to y of w eigh t k . In particular w e hav e a we igh t-zero edge from any original v ariable x to S ink. If G has a cycle of negativ e weig h t − n that starts and ends at vertex x then an u n solv able constr aint x − x ≤ − n is obtained by adding the in equalities from Σ + that ga ve rise to the edges in the cycle. The p olynomial-time Flo y d -W arshall algorithm [4, 8] find s out whether G has negativ e cycles. F ur thermore, su pp ose that G has no negativ e cycles. MODULAR DIFFERENCE LOGIC IS HARD 3 Then the Flo yd-W arshall algorithm co mputes the minimal w eigh t W ( x, y ) of any path fr om x to y ; if there is no p ath from x to y then W ( x, y ) = ∞ . This allo w s u s to constru ct a solution S for Σ. Set S (Sink) = 0 and S ( x ) = W ( x, Sink) for ev ery v ariable in Σ. E v er y constrain t x − y ≤ k of Σ is sat isfied. Ind eed, by the minimalit y of W , w e h a ve W ( x, Sink) ≤ W ( x, y ) + W ( y, Sink) and W ( x, y ) ≤ k . Hence S ( x ) ≤ k + S ( y ) and S ( x ) − S ( y ) ≤ k . (Note that W ( x, Sink) is the min im al w eigh t of any path f r om x on the original v ariables, so Sink is n ot really n eeded.)  But in teger difference logic cannot b e directly used when reasoning ab out constrain ts coming fr om mac hine arithmetic b ecause mac hine arithmetic uses m o dular addition. The question thus arises wh at is the co mplexit y of the constraint satisfiability p r oblem in the case of mo d ular arithmetic? W e establish her e th at th e pr oblem is NP complete. 3. Modular difference logic Mo dular d ifference logic (MDL) is similar to in teger difference logic except that in tegers are replaced with residues 0 , 1 , . . . , N − 1 mo dulo a fixed p ositiv e in teger N . T he residues are ord ered in the obvio us wa y; the maximal residue is N − 1. Instead of restricting atten tion to the residues, i t ma y b e b eneficial to w ork, m o dulo N , with arbitrary integ ers, and w e will often do that. But one should b e careful not to confuse (a) the standard integ er order ≤ and (b) another relation on in tegers, whic h we call ≤ N and will define shortly , that r eflects the order of the r esidues. Eac h int eger i is equal mo d u lo N to a uniqu e residu e i N . Define i ≤ N j if i N ≤ j N . Relations = N , ≥ N , < N , > N are defined acco rdingly . These definitions precisely matc h the semantic s of comparison op erations supp orted b y current h ardwa re arc hitectures for mac hin e arithmetic. In the case of int egers, a constraint x − y ≤ k is equiv alen t to constraint x ≤ y + k . This is not necessarily true in m o dular arithmetic. F o r example 9 − 5 ≤ 10 5 but 9 6≤ 10 5 + 5. Similarly x + 1 ≤ N y is not necessarily equiv alent to x ≤ N y − 1. F or example, 5 ≤ 10 0 − 1 = 10 9 b ut 5 + 1 > 10 0. W e define MDL constraints to h av e the form x + k ≤ N y + ℓ (1) where x, y are v ariables and k , ℓ are constants. T he MDL Satisfiability P r ob- lem (MDL-SA T) is the satisfiabilit y pr oblem for systems of MDL constrain ts. R emark 1 . F rom the p oint of view of logic, mo du lar differen ce lo gic is a fragmen t of the firs t-order theory T of d iscrete linear ord er with b oth ends (and t w o constants for the t w o en ds) and with the cyclic su ccessor and predecessor function. T he t wo constan ts could b e called Min and Max. T he successor of Max is Min, and the predecessor of Min is Max. The qu estion arises what’s x + k ? This dep en d s on the sign of k . If k ≥ 0 then x + k is the result of k -fold application o f the s u ccessor f u nction to x ; otherwise x + k 4 BJØRNER, BLASS, GUREVICH, AND MUSUV A THI is the result of | k | -fold application of the p redecessor f unction. The r esidues mo dulo N f orm a m o del of T where Min = 0 and Max = N − 1. Th ere are also infinite mo d els of T . One of th em can b e obtained b y reordering the in tegers as follo ws: 0 < 1 < 2 < 3 < · · · < − 3 < − 2 < − 1 . This order is reminiscent of the order ≤ N , where − 1 is also the maximal elemen t. It is kno wn (and not hard to chec k, b y means of an Ehr enfeuc h t-F ra ¨ ıss ´ e game [3]) th at, for ev ery first-order sente nce φ in the language of T , there is a natural num b er n , suc h that φ do es n ot distinguish b et ween any tw o mo d els of T of size ≥ n . It follo ws that all infin ite mo dels of T are elemen tarily equiv alen t. In that sense, one m ay sp eak ab out the infin ite mo del of T . W e are interested primarily i n the case of a modu lus N that is la rge. F rom the p oin t of view of logic, w e can as w ell work w ith th e infi nite mo del of T . Ev ery constraint -satisfactio n problem for MDL can b e formulated as an existenti al sentence in the language of T .  4. MDL-SA T is NP hard W e now establish th at a very m o dest fragment of MDL-SA T is NP hard. Theorem 2. Supp ose tha t N ≥ 4 . Then the fr agment of MDL- SA T with c onstr aints of the form (2) x + 1 ≤ N y or x ≤ N y − 1 is NP har d. Pr o of. Giv en a graph G , w e construct a system of MDL constraint s that is satisfiable if and only if the graph is 3-colorable. It will b e con v enient to assum e th at the v ertices o f G are linearly ordered. This allo ws us to represent edges as order ed pairs ( v , w ) wh er e v < w . With ev ery v ertex v of G we asso ciate three v ariables v 0 , v 1 , and v 2 and three constraints v 0 + 1 ≤ N v 1 v 1 + 1 ≤ N v 2 v 2 + 1 ≤ N v 0 . (3) One consequ en ce of constraints (3) is that at least one of the thr ee v ari- ables tak es the maximal v alue N − 1. With eac h edge e = ( v , w ) we asso ciate six v ariables e 1 , e 2 , e 3 , f 1 , f 2 , f 3 and nine constr aints: th ree constrain ts v c ≤ N e c − 1 , w c ≤ N f c − 1 , f c + 1 ≤ N e c (4) for eac h c = 0 , 1 , 2. O ne consequen ce of the three constrain ts (4) is that residues v c and w c cannot simulta neously h a ve the maximal v alue N − 1. MODULAR DIFFERENCE LOGIC IS HARD 5 Indeed, if v c = w c = N − 1 then, by the first and second constrain ts, e c = f c = 0 w hic h con tradicts the third constrain t. If all the constraints are satisfied then we hav e a 3-coloring for G : th e color of a vertex v is the fir st n um b er c suc h that v c = N − 1. By (3), ev ery v ertex has a unique color. By (4), no tw o adjacen t v ertices ha v e the s ame color. No w we supp ose that G is 3-colorable (with colors 0 , 1 , 2) and prov e that the constrain t system is satisfiable. F or every color c and ev ery vertex v of color c , set v c = N − 1 , v c +1 = 0 , v c +2 = 1 . where addition in the subs cr ip ts is mo du lo 3. Clearly all inequalities (3 ) are satisfied. No w consider an edge e = ( v , w ) and a color c . W e sho w ho w to satisfy the thr ee constraints (4). Case 1: c is the color of v , so that v c = N − 1. S in ce w do es not ha ve color c , w e ha ve w c ∈ { 0 , 1 } . T o satisfy the first of the th r ee constrain ts, set e c = 0. T o satisfy the third constraint , set f c = N − 1. T he second constrain t is satisfied as well: w c ≤ 1 ≤ N − 2. Case 2: c is the color of w , so th at w c = N − 1 and v c ∈ { 0 , 1 } . T o satisfy the second constrain t, set f c = 0. T o satisfy the first and third constraints, set e c = 2. Case 3: n either v n or w is of color c , so that b oth v c and w c are ≤ 1. Set f c = 2 and e c = 3.  R emark 2 . One ma y b e interested in the v arian t of MDL-SA T wh er e the mo dulu s N is not fixed b ut is a part of the inp ut. Th eorem 2 and its p r o of remain v alid. 5. Strict Inequalities Ov er intege rs, a non-strict inequalit y x − y ≤ k is equiv alen t to a strict inequalit y x − y < k + 1. Th e relation b etw een n on-strict and strict in- equalities is m uch more subtle in mod ular arithmetic. With this in min d, w e prov e a v ersion of Theorem 2 w ith str ict inequ alities. Theorem 3. Supp ose that N ≥ 9 . Then the fr agment of the mo difie d M DL- SA T with c onstr aints of the form x + k < N y + ℓ is NP har d. In fact, we will use only v alues 0 , 1 , 2 for k and only v alues 0 , 1 , − 1 for ℓ . Pr o of. The pro of is again by reduction from the 3-colo rabilit y problem, and it is simila r to the pro of of Theorem 2. Constraint s (3) replaced with con- strain ts v 0 + 2 < N v 1 , v 1 + 2 < N v 2 , v 2 + 2 < N v 0 , (5) 6 BJØRNER, BLASS, GUREVICH, AND MUSUV A THI and constraint s (4) are replaced with constraint s v c < N e c − 1 , w c < N f c − 1 , f c + 1 < N e c + 1 (6) F or eac h vertex v , constrain ts (5 ) force at least one of the three residu es v c to b e ≥ N − 2. The idea is that when v c has v alue ≥ N − 2, then c is an acceptable color for v . Con s train ts (6) imply that residues v c and w c cannot b e sim ultaneously ≥ N − 2. Indeed, by the first of the th r ee constrain ts, v c cannot ha ve th e maximal v alue N − 1, and if v c = N − 2 then e c = 0. Similarly , w c 6 = N − 1, and if w c = N − 2 then f c = 0. If v c = w c = N − 2 then e c = f c = 0 and then the third inequ alit y fails. Thus, any solution of the new system of constraint s yields a 3-coloring of G . In the other direction, we need to conv ert a give n 3-coloring o f G into a solution for the constraint system. F or ev ery colo r c and every vertex v of color c , we set v c = N − 2 , v c +1 = 1 , v c +2 = 4 . Clearly (5) is satisfied. No w consider an edge e = ( v , w ) and a color c . W e sho w ho w to satisfy th e three constraint s (6). As in the pr o of of Theorem 2, w e consider thr ee cases. Case 1: c is the color of v , so that v c = N − 2 and w c ∈ { 1 , 4 } . T o satisfy the first constraint, set e c = 0. T o sat isfy the third co nstrain t, s et f c = N − 1. The second constrain t is satisfied as w c ≤ 4 < N − 2 = f c − 1. Case 2: c is the color of w so that w c = N − 2 and v c ∈ { 1 , 4 } . Set e c = 6 and f c = 0. Clearly (6) is satisfied. Case 3: Neither v nor w is of color c so that b oth v c and w c are in { 1 , 4 } . Set e c = 7 and f c = 6.  6. MDL-SA T is NP In this section, we mo dify the satisfiabilit y problem MDL-SA T for mo du- lar difference logic in t w o wa ys. Firs t, the mo du lus N is a p art of the inpu t. Second, we lib eralize the notion of MDL constrain ts by allo win g constr aints in th e form of non-strict inequalities of the form x + k ≤ N y + ℓ, or x ≤ N k , or x ≥ N k , strict in equalities of the f orm x + k < N y + ℓ, or x < N k , or x > N k , as well as equalities of the form x + k = N y + ℓ, or x = N k . Both mo d ifi cations mak e the problem h ard er and thus m ak e the next theo- rem str onger. MODULAR DIFFERENCE LOGIC IS HARD 7 Theorem 4. The c onstr aint satisfia bility p r oblem MD L-SA T for mo dular differ enc e lo gic is N P. Pr o of. Let Σ b e a s ystem of MDL constrain ts with p v ariables. Let m b e th e maxim u m of the absolute v alues of th e constan ts in the Σ constraints. W e pro v e that, if Σ has an y solution, then it h as a solution wh ere the absolute v alues of all v ariables are ≤ (2 m + 1) p . It follo ws th at MDL-SA T is NP . Supp ose that Σ has a solution S that maps the v ariables in to the r esidues mo dulo N . T o simp lify the exp osition, w e extend Σ with t w o additional v ariables v min , v max and with t wo equations v min = 0, v max = − 1. The solution S exte nds appropr iately . W e create an auxiliary graph G S . The v ertices are the v ariables of Σ, and the edge s are pairs { v , w } such that | S ( v ) − S ( w ) | ≤ 2 m . Connected comp onent s of G S will b e called clusters . The dom ain of a cluster C is a closed interv al [ a, b ]. If v is a leftmost v ariable of C (so that S ( v ) ≤ S ( w ) for any other v ariable w ∈ C ) th en a = max { 0 , S ( v ) − m } . An d if v is the righ tmost v ariable of C then b = min { N − 1 , S ( v ) + m } . The domains of differen t clusters are d isj oin t. The clusters d ifferen t from those of v min and v max will b e ca lled inner . The crucial observ ation is that inner clusters could b e shifted around. In deed, consider an inner cluster C with domain [ a, b ], and let r b e the righ t end of t he domain of the left neigh b or of C , s o th at a > r . If r < a ′ < a , shift C leftw ard for distance d = a − a ′ , that is, mo d ify assignment S to an assignmen t S ′ that is lik e S except that S ′ ( v ) = S ( v ) − d on the v ariables v of C . It is easy to see that S ′ is a solution for Σ . In a similar wa y clusters could b e s h ifted to the right . No w w e are ready to pro duce the desired small-v alue solution. If there are inner clusters, shift the leftmost inner cluster C 1 to the left as far as p ossible (so that a ′ = r + 1 in the notat ion o f the previous paragraph). If there are inner clus ters to the righ t of C 1 , shif t the righ t neighbor C 2 of C 1 to the left as far as p ossible. And so on un til all inn er clusters are pac k ed as close as p ossible on th e left side. Let S ∗ b e the resulting solution. In th e rest of the pro of, v ariables repr esen t their S ∗ v alues. In add ition to v min = 0, there are ℓ ≤ p original v ariables in the cluster of v min and the inner clusters: v 0 = v min < v 1 < · · · < v ℓ . Ev ery v i +1 − v i ≤ 2 m + 1. It follo w s that ev ery v i ≤ v ℓ ≤ ℓ (2 m + 1) ≤ p (2 m + 1). A similar argu m en t applies to the cluster of v max except that there the distance b et w een neigh b oring v ariables is ≤ 2 m . Every v ariable v there is within distance 2 pm from the end, so that | v | ≤ 2 pm + 1. That completes the pr o of.  R emark 3 . W e ha v e n ot used the f act that mo dulus N is a p art of the input. The theorem and the pro of r emain v alid if the mo du lus is fixed or even if it is infi nite as in Remark 1. 8 BJØRNER, BLASS, GUREVICH, AND MUSUV A THI Referen ces [1] Scott Cotton and Oded Maler. F ast an d fl exible difference constraint propagation for DPLL(T). In 9th Int. Conf. on The ory and Applic ations of Satisfiabili ty T esting (SA T’06) . S p ringer Lecture Notes in Computer Science 4121: 170-183, 2006. [2] David L. Detlefs, K. Rustan M. Leino, Greg Nelson, and James B. S ax e. Extended static chec k ing. Research Rep ort 159, Compaq Sy stems Research Center, December 1998. [3] Heinz- Dieter Ebb inghaus and J¨ org Flum. Finite Mo del The ory . Springer, 1995. [4] Rob ert W. Flo yd. Algorithm 97: S hortest path . Commun. ACM , 5(6):345, 1962. [5] L.R. F ord and D.R. F u lkers on. Maximal flo w through a netw ork. Canadian Journal of Mathematics , 8:399–40 4, 1956. [6] Antoine Min ´ e. The o ctagon abstract domain. Higher-Or der and Symb olic Computation , 19(1):31–1 00, 2006. [7] V.R . Pratt. Two easy theories whose combination is hard. T echnical rep ort, Mas- sac husetts Institute of T echnolog y . Cam bridge, 1977. [8] St ep hen W arshall. A theorem on Bo olean matrices. J. ACM , 9(1):11–1 2, 1962. Micros oft Research, One Microsoft W a y, Redmond, W A 98052, U SA E-mail addr ess : nbjorne r@microso ft.com Ma th D ept., Universi ty of M ichigan, Ann Arbor, MI 48109, US A E-mail addr ess : ablass@ umich.edu Micros oft Research, One Microsoft W a y, Redmond, W A 98052, U SA E-mail addr ess : gurevic h@microso ft.com Micros oft Research, One Microsoft W a y, Redmond, W A 98052, U SA E-mail addr ess : madanm@ microsoft .com