E-Matching with Free Variables Philipp Rmmer Uppsala University - PowerPoint PPT Presentation

E-Matching with Free Variables Philipp Rümmer Uppsala University Sweden FATPA Workshop Belgrade February 3rd 2012 1 / 25

Context: reasoning in first-order logic (FOL) First-order provers SMT solvers Resolution, superposition, DPLL(T) , Nelson-Oppen tableaux , etc. (Free) variables , unification E-matching , heuristics Complete for FOL Complete on ground fragment Many built-in theories Great for algebra, not so Fast, but incomplete on much for verification quantified problems 2 / 25

How about putting things together? This is possible. Here: KE-tableau/DPLL FOL Theory procedures Arithmetic E-matching Axiomatisation of theories Free variables + constraints Quantifiers Interesting completeness results Experimental implementation: P RINCESS In some domains: Performance comparable to SMT solvers Some features that are rather unique 3 / 25

How about putting things together? This is possible. Here: KE-tableau/DPLL FOL Theory procedures Arithmetic E-matching Axiomatisation of theories Free variables + constraints Quantifiers Interesting completeness results Experimental implementation: P RINCESS In some domains: Performance comparable to SMT solvers Some features that are rather unique 3 / 25

Outline The base logic + calculus : Linear integer arithmetic + uninterpreted predicates Positive Unit Hyper-Resolution ( PUHR ) Uninterpreted functions : Encoding + Axioms E-matching Experiment al results More details: paper at LPAR 2012 4 / 25

The base logic [LPAR’08] Linear integer arithmetic + uninterpreted predicates: | x | | c | | α t + · · · + α t t ::= α | | φ ∨ φ | | ¬ φ | | ∀ x .φ | | ∃ x .φ φ ::= φ ∧ φ | . . | t . | t | t | α | t | | p ( t , . . . , t ) = 0 | ≥ 0 | ≤ 0 | | t . . . terms φ . . . formulae x . . . variables c . . . constants p . . . uninterpreted predicates (fixed arity) α . . . integer literals ( ❩ ) 5 / 25

The base logic [LPAR’08] Linear integer arithmetic + uninterpreted predicates: | x | | c | | α t + · · · + α t t ::= α | | φ ∨ φ | | ¬ φ | | ∀ x .φ | | ∃ x .φ φ ::= φ ∧ φ | . . | t . | t | t | α | t | | p ( t , . . . , t ) = 0 | ≥ 0 | ≤ 0 | | No functions! (more later) Subsumes FOL and Presburger arithmetic (PA) Valid formulae are not enumerable [Halpern, 1991] 5 / 25

Example formula: optimisation \forall int x, y; ( p(x, y) <-> (2*x + y <= 18 & 2*x + 3*y <= 42 & 3*x + y <= 24 & x >= 0 & y >= 0) ) -> \exists int x, y; ( p(x, y) & \forall int x2, y2; ( p(x2, y2) -> 3*x + 2*y >= 3*x2 + 2*y2) ) 6 / 25

Abstract calculus φ Input formula (with preds.): 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ Compute PA approximation: C 0 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ Compute PA approximation: C 0 C 0 is valid = ⇒ φ is valid 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ Compute PA approximation: C 0 C 0 is invalid . . . refine approximation 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ ⇑ Compute PA approximation: C 0 ⇒ C 1 C 0 is invalid . . . refine approximation 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ ⇑ Compute PA approximation: C 0 ⇒ C 1 ⇒ C 2 · · · C 0 is invalid . . . refine approximation 7 / 25

Abstract calculus φ Input formula (with preds.): ⇑ ⇑ Compute PA approximation: C 0 ⇒ C 1 ⇒ C 2 · · · C 0 is invalid . . . refine approximation Any C i is valid = ⇒ φ is valid 7 / 25

Approximation? Constrained sequents! Notation used here: Γ ⊢ ∆ ⇓ C � �� � ���� Antecedent, Succedent Constraint/approximation (sets of formulae) (formula) Definition Γ ⊢ ∆ ⇓ C is valid if the formula C → � Γ → � ∆ is valid. 8 / 25

Iterative proof construction Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction � analytic reasoning   about input formula  Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction � analytic reasoning   Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction � analytic reasoning Γ 2 ⊢ ∆ 2 ⇓ ?   Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction Γ 3 ⊢ ∆ 3 ⇓ ? � analytic reasoning Γ 2 ⊢ ∆ 2 ⇓ ?   Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ ? � analytic reasoning Γ 2 ⊢ ∆ 2 ⇓ ?   Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ ? �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ ?     Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ ?     Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ C 2     Γ 1 ⊢ ∆ 1 ⇓ ? about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ C 2     Γ 1 ⊢ ∆ 1 ⇓ C 3 about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ ? 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ C 2     Γ 1 ⊢ ∆ 1 ⇓ C 3 about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ C 9 / 25

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 �  analytic reasoning propagation Γ 2 ⊢ ∆ 2 ⇓ C 2     Γ 1 ⊢ ∆ 1 ⇓ C 3 about input formula  � of constraints . . . . Γ ⊢ ∆ ⇓ C Constraints are simplified during propagation If C is valid , then so is Γ ⊢ ∆ If C is satisfiable , it describes a solution for Γ ⊢ ∆ If C is unsatisfiable, expand the proof tree further . . . 9 / 25

A few proof rules Γ ⊢ φ, ∆ ⇓ C Γ ⊢ ψ, ∆ ⇓ D AND - RIGHT Γ ⊢ φ ∧ ψ, ∆ ⇓ C ∧ D Γ , [ x / c ] φ, ∀ x .φ ⊢ ∆ ⇓ [ x / c ] C ALL - LEFT Γ , ∀ x .φ ⊢ ∆ ⇓ ∃ x . C ( c is fresh) s . s ) ⊢ p (¯ = ¯ Γ , p (¯ t ) , ¯ t , ∆ ⇓ C PRED - UNIFY s ) ⊢ p (¯ Γ , p (¯ t ) , ∆ ⇓ C ∗ CLOSE Γ , φ 1 , . . . , φ n ⊢ ψ 1 , . . . , ψ m , ∆ ⇓ ¬ φ 1 ∨ · · · ∨ ¬ φ n ∨ ψ 1 ∨ · · · ∨ ψ m (selected formulae are predicate-free) 10 / 25

Correctness Lemma (Soundness) It’s sound! Lemma (Completeness) Complete for fragments: FOL PA Purely existential formulae Purely universal formulae Universal formulae with finite parametrisation (same as ME (LIA)) 11 / 25

Practicality 12 / 25

Practicality So far: quantifier instantiation is always delayed : . . . s . s ) ⊢ p (¯ = ¯ . . . , p (¯ t ) , ¯ t , . . . PRED - UNIFY s ) ⊢ p (¯ . . . , p (¯ t ) , . . . . . . Γ , [ x / c ] φ, ∀ x .φ ⊢ ∆ ALL - LEFT Γ , ∀ x .φ ⊢ ∆ . . . 12 / 25

Practicality So far: quantifier instantiation is always delayed : . . . s . s ) ⊢ p (¯ = ¯ . . . , p (¯ t ) , ¯ t , . . . PRED - UNIFY s ) ⊢ p (¯ . . . , p (¯ t ) , . . . . . . Γ , [ x / c ] φ, ∀ x .φ ⊢ ∆ ALL - LEFT Γ , ∀ x .φ ⊢ ∆ . . . This corresponds to . . . Free variables + Unification Standard approach in FOL provers 12 / 25

Alternative: E-Matching, standard in SMT solvers Matching of triggers (modulo equations): Γ , ∀ ¯ x .φ [ t [¯ x ]] , [¯ x / ¯ s ] φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ Γ , ∀ ¯ x .φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ 13 / 25

Alternative: E-Matching, standard in SMT solvers Matching of triggers (modulo equations): Γ , ∀ ¯ x .φ [ t [¯ x ]] , [¯ x / ¯ s ] φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ Γ , ∀ ¯ x .φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ \forall int a, i, v; select(store(a, i, v), i) = v \forall int a, i1, i2, v; (i1 != i2 -> select(store(a, i1, v), i2) = select(a, i2)) 13 / 25

Alternative: E-Matching, standard in SMT solvers Matching of triggers (modulo equations): Γ , ∀ ¯ x .φ [ t [¯ x ]] , [¯ x / ¯ s ] φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ Γ , ∀ ¯ x .φ [ t [¯ x ]] ⊢ ψ [ t [¯ s ]] , ∆ \forall int a, i, v; select(store(a, i, v), i) = v \forall int a, i1, i2, v; (i1 != i2 -> select(store(a, i1, v), i2) = select(a, i2)) 13 / 25

Comparison E-Matching Free variables + unification Heuristic → incomplete Systematic Good for “simple” instances Can find “difficult” instances User guidance possible → Triggers Quite fast Quite expensive → Only ground formulae → Very nondeterministic 14 / 25