380 likes | 546 Views
A Combination Method for Generating Interpolants. by G. Yorsh and M. Masuvathi. Presentation by: Emilia Katz. The Goal. restrictions on T 1 and T 2 will be seen later…. Given: theory T – combination of T 1 and T 2 A and B – two logical T-formulas A ⋀ B is unsatisfiable in T
E N D
A Combination Method for Generating Interpolants by G. Yorsh and M. Masuvathi Presentation by: Emilia Katz
The Goal restrictions on T1 and T2 will be seen later… • Given: • theory T – combination of T1 and T2 • A and B – two logical T-formulas • A ⋀ B is unsatisfiable in T • efficient interpolant-generation procedures exist for T1 and T2 • Find: • interpolant for <A,B> if both sub-procedures are polynomial, the resulting procedure will also be polynomial
The Idea • How to find an interpolant efficiently? • Derive it from unsatisfiability proof • But how? And how to get the proof? • We don’t want to make further assumptions about T1 and T2, so • We don’t know how their interpolant-generation procedures work • We don’t know how their decision procedures work • The idea: use them as black boxes • Combine d.p.-s for T1 and T2 into a d. p. for T. • Use the proof and the interpolant-generation procedures for T1 and T2 to derive an interpolant in T. Nelson-Oppen framework…
Example T1 = UIF (uninterpreted functions theory) T2 = LI (linear equalities theory) A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1) B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3) • UIF and LI satisfy the requirements [assume it meanwhile, we’ll return to it later] • A B is unsatisfiable [we’ll see this in a couple of minutes]
Nelson – Oppen framework … for combining decision procedures • Given: • theory T – combination of T1 and T2 • A and B – two conjunctions of literals in T • Goal: is A ⋀ B satisfiable in T ? • Assumptions: • Σ = Σ1Σ2 (denote: Σ = ΣT, Σi= ΣTi) • Σ1Σ2 = {=} • T1, T2 are stably-infinite • T1, T2 have decision procedures for satisfiability of conjunctions of Σi literals = every quantifier-free Σi-formula is satisfiable in Ti iff it is satisfied by a Ti-interpretation with infinite domain
N.-O. framework applicationexample T1 = UIF (uninterpreted functions theory) T2 = LI (linear equalities theory) A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1) B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3) • Purification: ALI = (a1+x2=x3) (a2+y2=y3) (y1x1) AUIF = ((a1 = f(x1)) (a2 = f(y1)) BLI = (x1 y1)(x3 < y3) BUIF = (x2=g(b))(y2=g(b)) replace: f(x1) by a1, f(y1) by a2 add equalities for a1, a2 no replacements needed
ApplicationExample – contd. 2. Equality propagation: under the line: EqUIF under the line: EqLI (10) x1 = y1 (11) a1 = a2 (12) x2 = y2 Unsatisfiable! Theory: LI Eq = (a1=a2 x2=y2)
Nelson – Oppen framework in T adding new variables to replace objects of the “wrong” type, and equalities “defining” them A B Purification in T1 in T2 A1 B1 A2 B2 F2:= A2 B2 F1:= A1 B1 Equality propagation Unsatisfiable! (found by Ti, with Eq) Dec. proc. for T1 Dec. proc. for T2 Unsat. Unsat. Sat. Sat. Equality derivation in T2 (Eq2) Equality derivation in T1 (Eq1) F1 := F1Eq2 F2 := F2Eq1 no more new equalities Satisfiable!
Theory-specific Interpolant Given: • T – first order theory of signature Σ • L – class of quantifier-free Σ-formulas • ΣTΣ – interpreted symbols in T • A, B ∈L such that A ⋀ B ⊦T ⊥ Then theory-specific interpolant for <A,B> is I∈L such that: • A ⊦TI • I⋀ B ⊦T ⊥ • V(I ) (V(A)V(B)) ΣT not necessary for the method to work properly new requirement: quantifier-free interpolants (for completeness of SAT-checks with interpolants [in subsequent analysis stages]) less strict requirement: I can contain not only AB-common symbols set of symbols that appear in the formula
Requirement (3) Change Motivation contradiction with B! Example: A ≝ c2 = car(c1) ⋀ c3 = cdr(c1) ⋀ atom(c1) B ≝c1 = cons(c2 ,c3) In theory of Lisp structures • ci – s are lists • car(c) = “head” element of the list c • cdr(c) = “tail” of the list c • cons(c,d) = concatenation of d after c • ΣT = {car, cdr, cons, atom} • A ⋀ B ⊦T ⊥ Axiom of T: ∀x(atom(x) ⇒ cons(car(x),cdr(x))=x) Apply to x=A: A ⇒ (c1 = cons(c2 ,c3)) Interpolant (by new def.) c1 = cons(c2 ,c3) “cons” is not AB–common; “cons”, “atom”, “cdr”, “car” not alowed in I => no interpolant for <A,B>!
Interpolants Generation Method first-order theories Input: <Ai,Bi> - conjunctions of Σi literals; output – interpolant as Li formula Assumptions: • T – combination of T1, T2 • Σ = Σ1Σ2 • efficient interpolant-generation procedures exist for T1 and T2 • Restrictions from Nelson-Oppen framework: • Σ1Σ2 = {=} • T1, T2 are stably-infinite • T1, T2 have decision procedures for satisfiability of conjunctions of Σi literals • T1, T2 are equality-interpolating • T1, T2 are convex Guarantee: • Output: theory-specific interpolant for <A,B> in T to be explained ( (xi = yi)) ⇒ ∃k. (xk=yk)
Simple Case Arise from the use of the Nelson-Oppen framework Constraints to be relaxed later: • A, B – conjunctions of literals Constraints possible to relax • T1, T2 are convex theories Relaxed in another work of the authors…
Naïve approach Given: AB ⊦T⊥ in T A B Nelson-Oppen framework for <T1,T2> “Satisfiable!” “Unsatisfiable!” + Eq (propagated equalities) + P (proof of AiBi ⊦Ti⊥) Ai Eq|Ai P Bi Eq|Bi ? Interpolant generation procedure for Ti Interpolant Ifor <A,B>
The problem - example A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1) B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3) • Contradiction found by LI between A’ = ALI(a1=a2); B’ = BLI(x1=y1)(x2=y2) • Interpolant found for <A’,B’> in LI: I = (x2-y2=x3-y3) • Is I interpolant for <A,B> in T? • I B T ⊥ • But A I: (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1) (x2-y2=x3-y3) • A → A’ doesn’t have to hold => A I additional information from B might appear in A’
Proposed solution: Partial Interpolants Attach one to each equality propagated in the unsatisfiability proof in Nelson-Oppen framework Definition: Projection Given Θ – conjunction of AB-pure literals Define Θ|A – conjunction of A-local literals, Θ|B – conjunction of B-local and AB-common literals Note: Θ = Θ|A Θ|B Example: A = (a1=f(x1) a2 = f(y1)), B = (a1=f(x1) a3 = f(y1)) Θ = A B = (a2 = f(y1) a1=f(x1) a3 = f(y1)) Θ|A Θ|B
Partial Interpolant – defn. in our case, V(A’)V(A), V(B’)V(B) => interpolant for e contains only AB-common symbols Definition: Theory-specific partial interpolant A’,B’ - conjunctions of pure literals in Σi, e – AB-pure atomic formula generated by decision procedure for the theory Ti: A’B’Ti e Then: Theory-specific partial interpolant for e w.r.t. <A’,B’>, φiA’,B’(e), is the interpolant generated for <A’(e|A’), B’(e|B’)> by Ti’s procedure thus, A’B’ e Ti ⊥
LI-Partial Interpolant Example • First equality propagated: e=(x1=y1); A’ = ALI, B’ = BLI • (7) ALI, (8) BLI • e|A’= true, e|B’= (x1=y1) • Interpolant for < y1x1 , (x1y1) (x1=y1) >:φLIA’,B’(x1=y1)= y1 x1 (10) x1 = y1 x1, y1 are AB-common
Partial Interpolant – contd. reason for restriction to equality-interpolating theories Definition: Partial interpolant • e – AB-pure equality derived from AB in Nelson-Oppen framework by a theory Ti: AiBiEqTi e • Ai, Bi – conjunctions of pure literals • Eq – a set of AB-pure equalities Partial interpolant for e w.r.t. <A,B>, φA,B(e), is defined inductively: • Base: • e Ai⇒ φA,B(e) = ⊥, • e Bi⇒ φA,B(e) = ⊤ • Inductive step: Let A’ ≝ AiEq|A, B’ ≝ BiEq|B φA,B(e) = (φiA’,B’(e) ⋁aA’ φA,B(a)) ⋀bB’ φA,B(b) derived from AB by Nelson-Oppen procedure… a, b - equalities
Partial interpolant - example • Find partial interpolant for <A,B>, φA,B(⊥), from the running example: • Follow the proof step-by-step • Step1:deriving (x1=y1) • Ti = LI • Eq = ⊤, thus: • A’ = ALI = (a1+x2=x3) (a2+y2=y3) (y1x1) • B’ = BLI = (x1 y1)(x3 < y3) • φA,B(x1=y1) = φLIA’,B’(x1=y1) = y1 x1
Partial interpolant example – contd. • Step2:deriving (a1=a2) • Ti = UIF • Eq = (x1=y1) • Eq|A = ⊤, Eq|B = (x1=y1), thus: • A’ = AUIF = ((a1 = f(x1)) (a2 = f(y1)) • B’ = BUIF(x1=y1) = (x2=g(b))(y2=g(b)) (x1=y1) • φA,B(a1=a2) = (φUIFA’,B’(a1=a2) ⊥) ⋀bB’ φA,B(b) • φUIFA’,B’(a1=a2)= (x1=y1) • φA,B(a1=a2) = (x1=y1)(y1 x1) = (y1 < x1) propagated eq. used to derive a1=a2 A’=AUIF => we have results only from the base case = φA,B(x1=y1) = (y1 x1) interpolant-generation proc. of UIF the rest is True from the base case
Partial interpolant example – contd. • Step3:deriving (x2=y2) • Ti = UIF • Eq = ⊤, thus: • A’ = AUIF = ((a1 = f(x1)) (a2 = f(y1)) • B’ = BUIF = (x2=g(b))(y2=g(b)) • φA,B(x2=y2) = φUIFA’,B’(x2=y2) = = interpolant, derived by UIF’s procedure for <A’(x2=y2)|A’, B’ (x2=y2)|B’> = =interpolant for < ((a1 = f(x1)) (a2 = f(y1)), (x2=g(b))(y2=g(b)) (x2=y2) > no propagated eq. needed to derive x2=y2 = ⊤ = (x2=y2) => Internal contradiction => φA,B(x2=y2) = ⊤
Partial interpolant example – contd. • Step4:deriving ⊥ • Ti = LI • Eq = (x2=y2) (a1=a2) • Eq|A = (x2=y2) (a1=a2), Eq|B = ⊤, thus: • A’ = ALI(x2=y2)(a1=a2) = ((a1 = f(x1))(a2 = f(y1)) (x2=y2)(a1=a2) • B’ = BLI = (x2=g(b))(y2=g(b)) • φA,B(⊥) = (φLIA’,B’(⊥) (φA,B(x2=y2) φA,B(a1=a2))) ⊤ => φA,B(⊥) = ((x2-y2=x3-y3)) (y1 < x1) propagated eq.-s used to derive ⊥ ⋀bB’ φA,B(b) = ⊤ from the base case = (y1<x1) = ⊤ = (x2-y2=x3-y3) interpolant-generation proc. of UIF
Correctness Lemma 1: The partial interpolant, φA,B(e), is an interpolant for < A (e|A), B (e|B) > in the combined theory T. φA,B(⊥) is an interpolant for < A, B >
Equality-interpolating theories • Restriction on T1, T2 : they should be equality-interpolating Definition: Theory T is equality-interpolating if whenever • A, B T • AB T (a=b) • a V(A)-V(B), b V(B)-V(A) => Exists a term t s.t. • AB T (a=t) (b=t) • V(t) V(A) V(B) t is called equality-interpolating term for (a=b) with respect to <A,B> thus propagation of AB-pure equalities only in the Nelson-Oppen framework is enough indeed
Equality-interpolating theories (contd.) • LI, UIF, Lisp are equality-interpolating theories • Not all the theories are equality-interpolating. Example: • theory with two relation symbols, P and Q • axiom: abc P(a,c)Q(c,b) ⇒ (a=b) • let A ≝ P(a,c), B ≝ Q(c,b) • A B (a=b) • But: no equality-interpolating term for (a=b) !
Relaxing constraints • Constraints to be relaxed: • A, B – conjunctions of literals • The idea: use • Extended Pudlák’s algorithm => propositional interpolants for a pair of clause sets • Lazy Proof-Explication framework (using SAT-slover) => checking satisfiability of arbitrary quantifier-free FOL formulas i.e., CNF formulas
variant of the seen before Pudlák’s algorithm partial interpolant for c • Input: • A, B – pair of clause sets • A ⋀ B ⊦T ⊥ • T – proof of unsatisfiability for A ⋀ B • For each clause c in T, define p(c): • (a) cA ⇒ p(c) := ⊥ (b) cB ⇒ p(c) := ⊤ • otherwise, x,c1,c2.(c = resolvex(c1,c2)) (a) xA and xB ⇒ p(c) := p(c1)p(c2) (b) xB and xA ⇒ p(c) := p(c1)p(c2) (c) x - AB-common ⇒ p(c) := (x p(c1))(x p(c2)) • p(⊥) is the interpolant for <A,B> c is a result of resolution; x - pivot x – A-local x – B-local
Pudlák’s algorithm correctness • Invariant: For each clause c T, p(c) is an interpolant for <gA(c), gB(c)> gA(c) =A(c)|A, gB(c)=B(c)|B • Thus: (c = ⊥) ⇒ gA(⊥) = A, gB(⊥) = B ⇒[invariant] p(⊥) is the interpolant for <A,B>
Lazy Proof-Explication framework • Our input – quantifier-free FOL formulas • Nelson-Oppen framework works on conjunctions of literals • How to bridge the gap? • Use SAT-solver!
Lazy Proof-Explication framework φ=A B atomic formulas replaced by boolean variables L.P.E. SAT-solver propositional abstraction result: φ’ “Unsatisfiable!” + C (conflict clauses set) Unsat. satisfiability check Sat. s = conjunction of literals; satisfies φpropositionally satisfying ass. s for φ’ Nelson-Oppen Sat. framework for <T1,T2> “Satisfiable!” Unsat. s = new conflict clause φ’:= φ’ s; C:= C {s}
Obtaining the interpolant • We would like to : • give Pudlák’s algorithm the proof obtained from L.P.E. framework • obtain interpolant • Problem: the base case! (a) cA ⇒ p(c) := ⊥ (b) cB ⇒ p(c) := ⊤ • Now possible: cA and cB • Conflict clauses appear in the proof, and a conflict clause may involve local literals from both A and B
L.P.E. framework - observations • For each conflict clause cC, c is a conjunction of literals • c is unsatisfiable (proven by N.-O.) • c contains only literals from A and B => every literal in c is AB-pure • Thus we can apply previously described method (“simple case”) to find an interpolant between (c)|A and(c)|B
Partial Interpolant for Clauses Definition: Partial interpolant for clauses • ABT ⊥ • C – corresponding set of conflict clauses • ABC – propositionally unsatisfiable • c C Partial interpolant for c, φA,B(c), is defined inductively: • Base: • c A⇒ φA,B(c) = ⊥, • c B⇒ φA,B(c) = ⊤ • Inductive step: φA,B(c) = interpolant for <c|A ,c|B> in T can be calculated by the “simple case” method
Extended Pudlák’s algorithm C – set of conflict clauses • Input: • <A,B; C> where A, B, C – clause sets • A ⋀ B ⊦T ⊥ • T – proof of unsatisfiability for A ⋀ B • For each clause c in T, define p(c): • c is not a resolution result ⇒ p(c):= φA,B(c) • otherwise, x,c1,c2.(c = resolvex(c1,c2)) (a) xA and xB ⇒ p(c) := p(c1)p(c2) (b) xB and xA ⇒ p(c) := p(c1)p(c2) (c) x - AB-common ⇒ p(c) := (x p(c1))(x p(c2)) • p(⊥) is the interpolant for <A,B> No change needed here…
Extended algorithm correctness • Enough to show the invariant is maintained, i.e., c T, p(c) is an interpolant for <gA(c), gB(c)> gA(c) =A(c)|A, gB(c)=B(c)|B • Observation: in the base case, • cA ⇒ φA,B(c) = ⊥ ⇒ p(c) := ⊥ (as in the original algorithm) ⇒ old proof works • cB ⇒ φA,B(c) = ⊤ ⇒ p(c) := ⊤ (as in the original algorithm) ⇒ old proof works • new case: cA and cB ⇒ need new proof
Extended algorithm correctness(2) • Base case: • left to prove for the case cA and cB • thenφA,B(c) is interpolant for <c|A ,c|B> (by definition) ⇒ ((c)|A φA,B(c)) ⇒ ((A(c)|A) φA,B(c)) ⇒ (φA,B(c) (c)|B ⊥)⇒ ((B (c)|B) φA,B(c) ⊥) • thus p(c)=φA,B(c) is indeed an interpolant for <A (c)|A,B (c)|B > in T • Induction step: • the proof relied only on the fact that the invariant holds in the base case => the old proof stays correct
Conclusions • Presented: efficient and modular method for interpolant-generation • Generic, and not theory-specific method • Easy to incrementally extend interpolation-generation to additional theories • Uses Nelson-Oppen framework in a modular way, and in case of its improvement can easily connect to the new version