Modular Proof Systems for Partial Functions with Weak Equality Harald Ganzinger † Viorica Sofronie-Stokkermans Uwe Waldmann 1
Three (Unrelated?) Topics Topic 1: Hierarchic extensions of theories. Let Σ 0 be a signature, let T 0 be a Σ 0 -theory. Let Σ 1 be an extension of Σ 0 . Can one use a prover for T 0 as a black-box to prove theorems over Σ 1 relative to T 0 ? Example: T 0 = natural numbers with ordering; Σ 1 = { read, write } ; Task: prove some property of sorted arrays. 2
Three (Unrelated?) Topics Topic 2: Modularity. Let Σ 1 ∩ Σ 2 = Σ 0 � = ∅ . Can one get a complete prover for Σ 1 ∪ Σ 2 by combining provers for Σ 1 and Σ 2 ? Problem: The provers can only communicate using formulas over Σ 0 . Is that sufficient? Example: Σ 0 = some data; Σ 1 = lists over data; Σ 2 = arrays over data. 3
Three (Unrelated?) Topics Topic 3: Partial functions. Many partial functions occur in practical problems: car, cdr, pop, division, array access, . . . How can one deal in a sound and efficient way with partial functions in a theorem prover? 4
Three (Related!) Topics What is the relationship? Partial functions allow to prove better results for modularity and hierarchic combinations: If function symbols in T 1 \ T 0 are partial, then hierarchic proving is possible. If function symbols in T 1 \ T 2 and T 2 \ T 1 are partial, then combining provers for T 1 and T 2 is possible (it is sufficient if they communicate using formulas over T 1 ∩ T 2 ). 5
Logic for Partial Functions Many possible approaches (usually discussed for the purely equational case): existential equality strong equality Evans equality . . . Central question: Does an equation s ≈ t imply that s and t are defined? 6
Logic for Partial Functions Here: Evans equality g ( t 1 , . . . , t n ) ≈ s means: if s is defined, and if t 1 , . . . , t n are defined, then g ( t 1 , . . . , t n ) is defined and equal to s . Note: t i undefined ⇒ result is irrelevant ⇒ equation holds vacuously. Example: The formulas ∀ x . ∀ y . car(cons( x , y )) ≈ x ∀ x . cons(car( x ), cdr( x )) ≈ x hold in the standard partial model. 7
Logic for Partial Functions How can we extend Evans equality to arbitrary formulas? An equation is true if one of its terms is irrelevant, that is, if some proper subterm is undefined. 8
Logic for Partial Functions How can we extend Evans equality to arbitrary formulas? An equation is true if one of its terms is irrelevant, that is, if some proper subterm is undefined. Our approach: the same property holds also for negated equations and arbitrary clauses! 9
Logic for Partial Functions un ir v 1 v 2 = = / = / ? v 1 = / = = / ? v 2 = / = / ? ? un ? ? ? ? ir 10
Logic for Partial Functions un ir v 1 v 2 = = / = / ? v 1 = / = = / ? v 2 = / = / ? ? un ? ? ? ? ir 11
Logic for Partial Functions un ir v 1 v 2 = = / = / ? v 1 = / = = / ? v 2 = / = / ? ? un ? ? ? ? ir 12
Logic for Partial Functions un ir Example: v 1 v 2 The formulas = = / = / ? v 1 car(nil) ≈ cdr(nil) = / = = / ? v 2 car(nil) �≈ cdr(nil) = / = / ? ? un car(car(nil)) ≈ nil car(car(nil)) �≈ nil ? ? ? ? ir hold in the standard partial model. 13
Logic for Partial Functions un ir Formally: v 1 v 2 Three-valued logic { 0 , 1 2 , 1 } , = = / = / ? v 1 x ∧ y = min { x , y } , = / = = / ? v 2 x ∨ y = max { x , y } , ¬ x = 1 − x , = / = / ? ? un = F iff A ( F ) ≥ 1 A | 2 . ? ? ? ? ir 14
Logic for Partial Functions Expressivity: We can express that a term t is not defined: t �≈ t . If a function symbol is declared as partial, then we can express that it is defined for certain arguments, but only by giving a definition : ∀ x . ∀ y . car(cons( x , y )) ≈ x 15
Partial Superposition Superposition: Saturation-based calculus for equational clauses (“resolution with built-in equality”) Parameterized by a well-founded term ordering: Inferences must involve maximal terms of clauses. Redundancy ❀ deletion/simplification. Here: terms consisting only of total symbols must be small. 16
Partial Superposition C ∨ s �≈ s ′ Equality resolution: C σ if σ is an mgu of s and s ′ and s and s ′ do not contain partial symbols. 17
Partial Superposition C ∨ s �≈ s ′ Equality resolution: C σ if σ is an mgu of s and s ′ and s and s ′ do not contain partial symbols. Note: LIST | = car(nil) �≈ car(nil) Deleting disequations between undefined or irrelevant terms would be unsound! 18
Partial Superposition D ∨ t ≈ t ′ C ∨ s [ u ] ≈ s ′ Superposition: ( D ∨ C ∨ s [ t ′ ] ≈ s ′ ) σ if σ is an mgu of t and u , t has no partial symbols below the top, and x σ does not contain partial symbols. 19
Partial Superposition D ∨ t ≈ t ′ C ∨ s [ u ] ≈ s ′ Superposition: ( D ∨ C ∨ s [ t ′ ] ≈ s ′ ) σ if σ is an mgu of t and u , t has no partial symbols below the top, and x σ does not contain partial symbols. Note: LIST | = car(car(nil)) ≈ 1, LIST | = car(car(nil)) ≈ 2 Replacing irrelevant terms would be unsound! 20
Modularity of Partial Superposition Easy consequence: Let Σ 1 and Σ 2 be signatures such that all symbols not in Σ 1 ∩ Σ 2 are partial. Suppose that all initially given clauses are pure Σ 1 -clauses or pure Σ 2 -clauses. Then all inferences are pure. In other words: The Σ 1 -part and the Σ 2 -part remain separated except for (Σ 1 ∩ Σ 2 )-clauses that have to be transferred. 21
Hierarchic Partial Superposition We can transform partial superposition into a hierarchic calculus: Replace unification by lazy unification: Rather than computing the unifier of two terms f ( s , s ′ ) and g ( t , t ′ ), we check only that the top symbols are the same and transform the remaining unification problem into new literals. Do not perform any regular inferences on clauses that do not contain partial symbols. Instead: We check whether all such clauses are T 0 -satisfiable. 22
Hierarchic Partial Superposition D ∨ f ( � v ) ≈ t ′ C ∨ s [ f ( � u )] ≈ s ′ Hier. Superposition: D ∨ C ∨ � v �≈ � u ∨ s [ t ′ ] ≈ s ′ if f is a partial symbol, and � u and � v do not contain partial symbols. M Constraint Refutation: ⊥ if M is a finite set of Σ 0 -clauses that is inconsistent with the base theory T 0 . 23
Hierarchic Partial Superposition Result: Hierarchic proof system. Σ 0 -reasoning: by external T 0 -prover. (Σ 1 \ Σ 0 )-reasoning: by hierarchic partial superposition. 24
Partial vs. Total Algebras Partial functions ❀ strong modularity and combination results. To what extent can they be transferred to total functions? Many-sorted logic: extension functions having a result of base sort must be partial; extension functions having a result of extensiom sort may be total. In general: every total model is a partial model, therefore: sound approximation of total logic. 25
Partial vs. Total Algebras Shallow extensions: If partial symbols occur only positively and only at the root, then every partial algebra model can be extended to total algebra model. Note: Every set of ground clauses can be transformed into a set of shallow ground clauses (by introducing new (total) constants). Other examples: local theories. 26
Conclusions Summary: Logic for partial functions (generalizing Evans equality). Superposition calculus for partial functions (sound and refutationally complete). Partial functions ❀ Modularity results. Hierarchic superposition for partial functions (sound and refutationally complete). Partial functions ❀ Hierarchic combinations. Special cases: sorted logic, shallow theories, . . . 27
Recommend
More recommend