first order interpolation
play

First-Order Interpolation Laura Kov acs Interpolation: Craig - PowerPoint PPT Presentation

First-Order Interpolation Laura Kov acs Interpolation: Craig Interpolation Use of interpolation in software verification thanks to K. McMillan Interpolation: Craig Interpolation Use of interpolation in software verification


  1. Local Derivations A derivation is called local (well-colored) if each inference in it C 1 · · · C n C either has no blue symbols or has no red symbols. That is, one cannot mix blue and red in the same inference.

  2. Local Derivations: Example ◮ R := ∀ x ( x = a ) ◮ B := c = b ◮ Interpolant: ∀ x ∀ y ( x = y ) (note: universally quantified!)

  3. Local Derivations: Example ◮ R := ∀ x ( x = a ) ◮ B := c = b ◮ Interpolant: ∀ x ∀ y ( x = y ) (note: universally quantified!) x = a x = a c = a b = a c = b c � = b ⊥

  4. Local Derivations: Example ◮ R := ∀ x ( x = a ) ◮ B := c = b ◮ Interpolant: ∀ x ∀ y ( x = y ) (note: universally quantified!) Non-local proof x = a x = a c = a b = a c = b c � = b ⊥

  5. Local Derivations: Example ◮ R := ∀ x ( x = a ) ◮ B := c = b ◮ Interpolant: ∀ x ∀ y ( x = y ) (note: universally quantified!) Non-local proof Local Proof x = a x = a y = a x = a c = a b = a x = y c � = b c = b c � = b y � = b ⊥ ⊥

  6. Shape of a local derivation

  7. Symbol Eliminating Inference ◮ At least one of the premises is not grey. ◮ The conclusion is grey. x = a y = a x = y c � = b y � = b ⊥

  8. Extracting Interpolants from Local Proofs

  9. Extracting Interpolants from Local Proofs G 2 G 1 G 3 G 4 Interpolant: boolean combination of { G 1 , . . . , G 4 } [McMillan05, KV09]

  10. Extracting Interpolants from Local Proofs G 2 G 1 G 3 G 4 Digest Interpolant: boolean combination of { G 1 , . . . , G 4 }

  11. Extracting Interpolants from Local Proofs G 2 G 1 G is in the digest: - comes from a red block - followed by a blue or grey block G 3 G 4 Digest Interpolant: boolean combination of { G 1 , . . . , G 4 }

  12. Extracting Interpolants from Local Proofs G 2 G 1 G is in the digest: - comes from a red block - followed by a blue or grey block or G 3 - comes from a blue block - followed by a red G 4 Digest Interpolant: boolean combination of { G 1 , . . . , G 4 }

  13. Extracting Interpolants from Local Proofs Theorem Let Π be a local refutation. Then one can extract from Π in linear time a reverse interpolant I of R and B. This interpolant is ground if all formulas in Π are ground.

  14. Extracting Interpolants from Local Proofs Theorem Let Π be a local refutation. Then one can extract from Π in linear time a reverse interpolant I of R and B. This interpolant is ground if all formulas in Π are ground. This reverse interpolant is a boolean combination of conclusions of symbol-eliminating inferences of Π .

  15. Extracting Interpolants from Local Proofs Theorem Let Π be a local refutation. Then one can extract from Π in linear time a reverse interpolant I of R and B. This interpolant is ground if all formulas in Π are ground. This reverse interpolant is a boolean combination of conclusions of symbol-eliminating inferences of Π . What is remarkable in this theorem: ◮ No restriction on the calculus (only soundness required) – can be used with theories. ◮ Can generate interpolants in theories where no good interpolation algorithms exist.

  16. Interpolation: Examples in Vampire Our running example: Local proof and interpolant: vampire interpol1.p Non-local proof: vampire interpol2.p

  17. What is Vampire? An automated theorem prover for first-order logic and theories. https://vprover.github.io/download.html

  18. What is Vampire? An automated theorem prover for first-order logic and theories. https://vprover.github.io/download.html ◮ Completely automatic: once you started a proof attempt, it can only be interrupted by terminating the process.

  19. What is Vampire? An automated theorem prover for first-order logic and theories. https://vprover.github.io/download.html ◮ Completely automatic: once you started a proof attempt, it can only be interrupted by terminating the process. ◮ Champion of the CASC world-cup in first-order theorem proving: won CASC > 45 times.

  20. Vampire: ⊲ It produces detailed proofs but also supports finding finite models ⊲ In normal operation it is saturation-based - it saturates a clausal form with respect to an inference system ⊲ It is portfolio-based - it works best when you allow it to try lots of strategies ⊲ It supports lots of extra features and options

  21. Vampire: ⊲ It produces detailed proofs but also supports finding finite models ⊲ It competes with SMT solvers on their problems (thanks to our FOOL logic and AVATAR) ⊲ In normal operation it is saturation-based - it saturates a clausal form with respect to an inference system ⊲ It is portfolio-based - it works best when you allow it to try lots of strategies ⊲ It supports lots of extra features and options helpful for program analysis by symbol elimination

  22. Interpolation: Examples in Vampire Our running example: Local proof and interpolant: vampire interpol1.p Non-local proof: vampire interpol2.p

  23. Interpolation: Examples in Vampire fof(fA,axiom, q(f(a)) & ˜q(f(b)) ). fof(fB,conjecture, ?[V]: V != c). Non-local proof: vampire interpol4.p

  24. Interpolation: Examples in Vampire % request to generate an interpolant vampire(option,show_interpolant,on). % symbol coloring vampire(symbol,predicate,q,1,left). vampire(symbol,function,f,1,left). vampire(symbol,function,a,0,left). vampire(symbol,function,b,0,left). vampire(symbol,function,c,0,right). % formula R vampire(left_formula). fof(fA,axiom, q(f(a)) & ˜q(f(b)) ). vampire(end_formula). % formula B vampire(right_formula). fof(fB,conjecture, ?[V]: V != c). vampire(end_formula). Local proof and interpolant: vampire interpol3.p

  25. Outline Interpolation and Local Proofs Localizing Proofs Minimizing Interpolants Quantifier Complexity of Interpolants

  26. Localizing Proofs Task: eliminate non-local inferences

  27. Localizing Proofs Task: eliminate non-local inferences Idea: quantify away colored symbols ↓ Idea: colored symbols replaced by logical variables.

  28. Localizing Proofs Task: eliminate non-local inferences Idea: quantify away colored symbols ↓ Idea: colored symbols replaced by logical variables. Given R ( a ) ⊢ B where a is an uninterpreted constant not occurring in B . Then, R ( a ) ⊢ ( ∃ x ) R ( x ) and ( ∃ x ) R ( x ) ⊢ B .

  29. Localizing Proofs Task: eliminate non-local inferences Idea: quantify away colored symbols ↓ Idea: colored symbols replaced by logical variables. Given R ( a ) ⊢ B where a is an uninterpreted constant not occurring in B . Then, R ( a ) ⊢ ( ∃ x ) R ( x ) and ( ∃ x ) R ( x ) ⊢ B . R 1 ( a ) R 1 ( a ) R 2 ( a ) B ( ∃ x ) R 2 ( x ) B A A

  30. Localizing Proofs Task: eliminate non-local inferences Idea: quantify away colored symbols ↓ Idea: colored symbols replaced by logical variables. Cons: Comes at the cost of using extra quantifiers. Given R ( a ) ⊢ B where a is an uninterpreted constant not occurring in B . Then, R ( a ) ⊢ ( ∃ x ) R ( x ) and ( ∃ x ) R ( x ) ⊢ B . R 1 ( a ) R 1 ( a ) R 2 ( a ) B ( ∃ x ) R 2 ( x ) B A A

  31. Localizing Proofs Task: eliminate non-local inferences Idea: quantify away colored symbols ↓ Idea: colored symbols replaced by logical variables. Cons: Comes at the cost of using extra quantifiers. But we can minimise the number of quantifiers in the interpolant. Given R ( a ) ⊢ B where a is an uninterpreted constant not occurring in B . Then, R ( a ) ⊢ ( ∃ x ) R ( x ) and ( ∃ x ) R ( x ) ⊢ B . R 1 ( a ) R 1 ( a ) R 2 ( a ) B ( ∃ x ) R 2 ( x ) B A A

  32. Outline Interpolation and Local Proofs Localizing Proofs Minimizing Interpolants Quantifier Complexity of Interpolants

  33. Minimizing Interpolants Our Interest: Small Interpolants ◮ in size; ◮ in weight; ◮ in the number of quantifiers; ◮ . . .

  34. Minimizing Interpolants Our Interest: Small Interpolants ◮ in size; ◮ in weight; ◮ in the number of quantifiers; ◮ . . . Given ⊢ R → B , find a grey formula I : � ⊢ R → I ; � ⊢ I → B ; � I is small.

  35. Minimizing Interpolant Task: minimise interpolants = minimise digest

  36. Minimizing Interpolant Task: minimise interpolants = minimise digest

  37. Minimizing Interpolant Task: minimise interpolants = minimise digest Hercule Poirot: It is the little GREY CELLS , mon ami, on which one must rely. Mon Dieu, mon ami, but use your little GREY CELLS !

  38. Minimizing Interpolant Task: minimise interpolants = minimise digest

  39. Minimizing Interpolant Task: minimise interpolants = minimise digest Idea: Change the grey areas of the local proof

  40. Minimizing Interpolant Task: minimise interpolants = minimise digest Idea: Change the grey areas of the local proof Slicing off formulas A n + 1 · · · A m A 1 · · · A n A n + 1 · · · A m A 1 A n A · · · A 0 − → A 0 slicing off A

  41. Minimizing Interpolant Task: minimise interpolants = minimise digest Idea: Change the grey areas of the local proof Slicing off formulas A n + 1 · · · A m A 1 · · · A n A n + 1 · · · A m A 1 A n A · · · A 0 − → A 0 slicing off A If A is grey: Grey slicing

  42. Minimizing Interpolant Task: minimise interpolants = minimise digest Idea: Change the grey areas of the local proof Slicing off formulas R 0 B 0 R 0 B 0 G 1 − → G 0 G 0 slicing off G 1 If A is grey: Grey slicing

  43. Minimizing Interpolant Task: minimise interpolants = minimise digest Idea: Change the grey areas of the local proof, but preserve locality! Slicing off formulas R 0 B 0 R 0 B 0 G 1 − → G 0 G 0 slicing off G 1 If A is grey: Grey slicing

  44. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥

  45. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Digest: { G 4 , G 7 } Reverse interpolant: G 4 → G 7

  46. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥

  47. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Digest: { G 5 , G 7 } Reverse interpolant: G 5 → G 7

  48. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥

  49. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Digest: { G 6 , G 7 } Reverse interpolant: G 6 → G 7

  50. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥

  51. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Digest: { G 6 } Reverse interpolant: ¬ G 6

  52. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Note that the interpolant has changed from G 4 → G 7 to ¬ G 6 .

  53. Minimizing Interpolant R 1 G 1 B 1 G 2 G 3 G 4 G 5 R 3 G 6 R 4 G 7 ⊥ Note that the interpolant has changed from G 4 → G 7 to ¬ G 6 . ◮ There is no obvious logical relation between G 4 → G 7 and ¬ G 6 , for example none of these formulas implies the other one; ◮ These formulas may even have no common atoms or no common symbols.

  54. Minimizing Interpolant If grey slicing gives us very different interpolants, we can use it for finding small interpolants. Problem: if the proof contains n grey formulas, the number of possible different slicing off transformations is 2 n .

  55. Minimizing Interpolant If grey slicing gives us very different interpolants, we can use it for finding small interpolants. Problem: if the proof contains n grey formulas, the number of possible different slicing off transformations is 2 n .

  56. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations

  57. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3

  58. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations G 3 , and at most one of G 1 , G 2 can be sliced off. R B G 1 G 2 G 3

  59. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Some predicates on grey for- mulas: ◮ sliced ( G ) : G was sliced off; ◮ red ( G ) : the trace of G contains a red formula; ◮ blue ( G ) : the trace of G contains a blue formula; ◮ grey ( G ) : the trace of G contains only grey formulas; ◮ digest ( G ) : G belongs to the digest.

  60. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 ¬ sliced ( G 1 ) → grey ( G 1 ) G 3 sliced ( G 1 ) → red ( G 1 ) Some predicates on grey for- mulas: ◮ sliced ( G ) : G was sliced off; ◮ red ( G ) : the trace of G contains a red formula; ◮ blue ( G ) : the trace of G contains a blue formula; ◮ grey ( G ) : the trace of G contains only grey formulas; ◮ digest ( G ) : G belongs to the digest.

  61. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Some predicates on grey for- ¬ sliced ( G 3 ) → grey ( G 3 ) mulas: sliced ( G 3 ) → ( grey ( G 3 ) ↔ grey ( G 1 ) ∧ grey ( G 2 )) ◮ sliced ( G ) : G was sliced sliced ( G 3 ) → ( red ( G 3 ) ↔ red ( G 1 ) ∨ red ( G 2 )) off; sliced ( G 3 ) → ( blue ( G 3 ) ↔ blue ( G 1 ) ∨ blue ( G 2 )) ◮ red ( G ) : the trace of G contains a red formula; ◮ blue ( G ) : the trace of G contains a blue formula; ◮ grey ( G ) : the trace of G contains only grey formulas; ◮ digest ( G ) : G belongs to the digest.

  62. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Some predicates on grey for- mulas: ◮ sliced ( G ) : G was sliced off; ◮ red ( G ) : the trace of G digest ( G 1 ) → ¬ sliced ( G 1 ) contains a red formula; ◮ blue ( G ) : the trace of G contains a blue formula; ◮ grey ( G ) : the trace of G contains only grey formulas; ◮ digest ( G ) : G belongs to the digest.

  63. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 ¬ sliced ( G 1 ) → grey ( G 1 ) G 3 sliced ( G 1 ) → red ( G 1 ) Some predicates on grey for- ¬ sliced ( G 3 ) → grey ( G 3 ) mulas: sliced ( G 3 ) → ( grey ( G 3 ) ↔ grey ( G 1 ) ∧ grey ( G 2 )) ◮ sliced ( G ) : G was sliced sliced ( G 3 ) → ( red ( G 3 ) ↔ red ( G 1 ) ∨ red ( G 2 )) off; sliced ( G 3 ) → ( blue ( G 3 ) ↔ blue ( G 1 ) ∨ blue ( G 2 )) ◮ red ( G ) : the trace of G digest ( G 1 ) → ¬ sliced ( G 1 ) contains a red formula; · · · ◮ blue ( G ) : the trace of G contains a blue formula; ◮ grey ( G ) : the trace of G contains only grey formulas; ◮ digest ( G ) : G belongs to the digest.

  64. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Express digest ( G )

  65. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Express digest ( G ) by considering the possibilities: ◮ G comes from a red/ blue/ grey formula ◮ G is followed by a red/ blue/ grey formula

  66. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Express digest ( G ) by considering the possibilities: ◮ G comes from a red/ blue/ grey formula rc ( G ) /bc ( G ) ◮ G is followed by a red/ blue/ grey formula bf ( G ) /rf ( G )

  67. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 G 3 Express digest ( G ) by considering the possibilities: ◮ G comes from a red/ blue/ grey formula rc ( G ) /bc ( G ) digest ( G 3 ) ↔ ( rc ( G 3 ) ∧ rf ( G 3 )) ∨ ( bc ( G 3 ) ∧ bf ( G 3 )) ◮ G is followed by a rc ( G 3 ) ↔ ( ¬ sliced ( G 3 ) ∧ ( red ( G 1 ) ∨ red ( G 2 )) red/ blue/ grey formula bf ( G ) /rf ( G )

  68. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 ¬ sliced ( G 1 ) → grey ( G 1 ) G 3 sliced ( G 1 ) → red ( G 1 ) Express digest ( G ) ¬ sliced ( G 3 ) → grey ( G 3 ) by considering the possibilities: sliced ( G 3 ) → ( grey ( G 3 ) ↔ grey ( G 1 ) ∧ grey ( G 2 )) sliced ( G 3 ) → ( red ( G 3 ) ↔ red ( G 1 ) ∨ red ( G 2 )) ◮ G comes from a sliced ( G 3 ) → ( blue ( G 3 ) ↔ blue ( G 1 ) ∨ blue ( G 2 )) red/ blue/ grey formula digest ( G 1 ) → ¬ sliced ( G 1 ) rc ( G ) /bc ( G ) digest ( G 3 ) ↔ ( rc ( G 3 ) ∧ rf ( G 3 )) ∨ ( bc ( G 3 ) ∧ bf ( G 3 )) ◮ G is followed by a rc ( G 3 ) ↔ ( ¬ sliced ( G 3 ) ∧ ( red ( G 1 ) ∨ red ( G 2 )) red/ blue/ grey formula · · · bf ( G ) /rf ( G )

  69. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT ◮ solutions encode all slicing off transformations R B G 1 G 2 ¬ sliced ( G 1 ) → grey ( G 1 ) G 3 sliced ( G 1 ) → red ( G 1 ) Express digest ( G ) ¬ sliced ( G 3 ) → grey ( G 3 ) by considering the possibilities: sliced ( G 3 ) → ( grey ( G 3 ) ↔ grey ( G 1 ) ∧ grey ( G 2 )) sliced ( G 3 ) → ( red ( G 3 ) ↔ red ( G 1 ) ∨ red ( G 2 )) ◮ G comes from a sliced ( G 3 ) → ( blue ( G 3 ) ↔ blue ( G 1 ) ∨ blue ( G 2 )) red/ blue/ grey formula digest ( G 1 ) → ¬ sliced ( G 1 ) rc ( G ) /bc ( G ) digest ( G 3 ) ↔ ( rc ( G 3 ) ∧ rf ( G 3 )) ∨ ( bc ( G 3 ) ∧ bf ( G 3 )) ◮ G is followed by a rc ( G 3 ) ↔ ( ¬ sliced ( G 3 ) ∧ ( red ( G 1 ) ∨ red ( G 2 )) red/ blue/ grey formula · · · bf ( G ) /rf ( G )

  70. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT; ◮ solutions encode all slicing off transformations; ◮ compute small interpolants: smallest digest of grey formulas; � � � digest ( G i ) min { G i 1 ,..., G in } G i ◮ use a pseudo-boolean optimisation tool or an SMT solver to minimise interpolants; ◮ minimising interpolants is an NP-complete problem.

  71. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT; ◮ solutions encode all slicing off transformations; ◮ compute small interpolants: smallest digest of grey formulas; � � � digest ( G i ) min { G i 1 ,..., G in } G i ◮ use a pseudo-boolean optimisation tool or an SMT solver to minimise interpolants; ◮ minimising interpolants is an NP-complete problem.

  72. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT; ◮ solutions encode all slicing off transformations; ◮ compute small interpolants: smallest digest of grey formulas; � � � digest ( G i ) min { G i 1 ,..., G in } G i � � � quantifier number ( G i ) digest ( G i ) min { G i 1 ,..., G in } G i ◮ use a pseudo-boolean optimisation tool or an SMT solver to minimise interpolants; ◮ minimising interpolants is an NP-complete problem.

  73. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT; ◮ solutions encode all slicing off transformations; ◮ compute small interpolants: smallest digest of grey formulas; � � � digest ( G i ) min { G i 1 ,..., G in } G i � � � quantifier number ( G i ) digest ( G i ) min { G i 1 ,..., G in } G i ◮ use a pseudo-boolean optimisation tool or an SMT solver to minimise interpolants; ◮ minimising interpolants is an NP-complete problem.

  74. Minimizing Interpolant Solution: ◮ encode all sequences of transformations as an instance of SAT; ◮ solutions encode all slicing off transformations; ◮ compute small interpolants: smallest digest of grey formulas; � � � digest ( G i ) min { G i 1 ,..., G in } G i � � � quantifier number ( G i ) digest ( G i ) min { G i 1 ,..., G in } G i ◮ use a pseudo-boolean optimisation tool or an SMT solver to minimise interpolants; ◮ minimising interpolants is an NP-complete problem.

  75. Experiments with Small Interpolants ◮ Implemented in Vampire; ◮ We used Yices for solving pseudo-boolean constraints; ◮ Experimental results: ◮ 9632 first-order examples from the TPTP library: for example, for 2000 problems the size of the interpolants became 20-49 times smaller; ◮ 4347 SMT examples: ◮ we used Z3 for proving SMT examples; ◮ Z3 proofs were localised in Vampire; ◮ small interpolants were generated for 2123 SMT examples.

Recommend


More recommend