Theorem Provers, SMT, and Interpolation Philipp Rmmer Uppsala - PowerPoint PPT Presentation

The base logic [LPAR’08] Linear integer arithmetic + uninterpreted predicates: t ::= α | x | c | α t + · · · + α t φ ::= φ ∧ φ | φ ∨ φ | ¬ φ | ∀ x .φ | ∃ x .φ . . | t . = 0 | t ≥ 0 | t ≤ 0 | α | t | p ( t , . . . , t ) . . . terms t φ . . . formulae . . . variables x c . . . constants p . . . uninterpreted predicates (fixed arity) α . . . integer literals ( ❩ ) 17 / 49

The base logic [LPAR’08] Linear integer arithmetic + uninterpreted predicates: t ::= α | x | c | α t + · · · + α t φ ::= φ ∧ φ | φ ∨ φ | ¬ φ | ∀ x .φ | ∃ x .φ . . | t . = 0 | t ≥ 0 | t ≤ 0 | α | t | p ( t , . . . , t ) Functions encoded as relations (later) Subsumes FOL and Presburger arithmetic (PA) Valid formulae are not enumerable [Halpern, 1991] 17 / 49

Constrained sequents Notation used here: Γ ⊢ ∆ ⇓ C � �� � ���� Antecedent, Succedent Constraint/approximation (sets of formulae) (formula) Definition Γ ⊢ ∆ ⇓ C is valid if the formula C → � Γ → � ∆ is valid. 18 / 49

Iterative proof construction Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction analytic reasoning �  about input formula   (SMT-like) Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction analytic reasoning �  about input formula  Γ 1 ⊢ ∆ 1 ⇓ ?  . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction analytic reasoning � Γ 2 ⊢ ∆ 2 ⇓ ?  about input formula  Γ 1 ⊢ ∆ 1 ⇓ ?  . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction Γ 3 ⊢ ∆ 3 ⇓ ? analytic reasoning � Γ 2 ⊢ ∆ 2 ⇓ ?  about input formula  Γ 1 ⊢ ∆ 1 ⇓ ?  . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ ? analytic reasoning � Γ 2 ⊢ ∆ 2 ⇓ ?  about input formula  Γ 1 ⊢ ∆ 1 ⇓ ?  . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ ? analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ ?   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ ?  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ ?   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ ?  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ C 2   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ ?  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ C 2   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ C 3  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ ? 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ C 2   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ C 3  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ C 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ C 2   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ C 3  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ C Constraints are simplified during propagation If C is valid , then so is Γ ⊢ ∆ If C is satisfiable , it describes a solution for Γ ⊢ ∆ If C is unsatisfiable, expand the proof tree further . . . 19 / 49

Iterative proof construction ∗ . . . . Γ 3 ⊢ ∆ 3 ⇓ C 1 analytic reasoning �  propagation Γ 2 ⊢ ∆ 2 ⇓ C 2   about input formula   of constraints Γ 1 ⊢ ∆ 1 ⇓ C 3  � . (SMT-like) . . . Γ ⊢ ∆ ⇓ C Constraints are simplified during propagation If C is valid , then so is Γ ⊢ ∆ If C is satisfiable , it describes a solution for Γ ⊢ ∆ If C is unsatisfiable, expand the proof tree further . . . Theories have two roles: analytic + propagation 19 / 49

A few proof rules Γ ⊢ φ, ∆ ⇓ C Γ ⊢ ψ, ∆ ⇓ D AND - RIGHT Γ ⊢ φ ∧ ψ, ∆ ⇓ C ∧ D Γ , [ x / c ] φ, ∀ x .φ ⊢ ∆ ⇓ [ x / c ] C ALL - LEFT Γ , ∀ x .φ ⊢ ∆ ⇓ ∃ x . C ( c is fresh) s . s ) ⊢ p (¯ = ¯ Γ , p (¯ t ) , ¯ t , ∆ ⇓ C PRED - UNIFY s ) ⊢ p (¯ Γ , p (¯ t ) , ∆ ⇓ C ∗ Γ , φ 1 , . . . ⊢ ψ 1 , . . . , ∆ ⇓ ¬ φ 1 ∨ · · · ∨ ψ 1 ∨ · · · CLOSE (selected formulae are predicate-free) 20 / 49

A few proof rules Γ ⊢ φ, ∆ ⇓ C Γ ⊢ ψ, ∆ ⇓ D AND - RIGHT Γ ⊢ φ ∧ ψ, ∆ ⇓ C ∧ D Γ , [ x / c ] φ, ∀ x .φ ⊢ ∆ ⇓ [ x / c ] C ALL - LEFT Γ , ∀ x .φ ⊢ ∆ ⇓ ∃ x . C ( c is fresh) s . s ) ⊢ p (¯ = ¯ Γ , p (¯ t ) , ¯ t , ∆ ⇓ C PRED - UNIFY s ) ⊢ p (¯ Γ , p (¯ t ) , ∆ ⇓ C ∗ Γ , φ 1 , . . . ⊢ ψ 1 , . . . , ∆ ⇓ ¬ φ 1 ∨ · · · ∨ ψ 1 ∨ · · · CLOSE (selected formulae are predicate-free) + Theory rules! 20 / 49

In the example ∗ [ 1 � . = X ] . . . . . . . , 1 � . = X → sel ( b , X ) . = sel ( a , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) AX , b . = sto ( a , 1 , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) AX , b . = sto ( a , 1 , 2 ) ⊢ ∃ x . sel ( b , x ) . = sel ( a , 2 ) AX ⊢ b . = sto ( a , 1 , 2 ) → ∃ x . sel ( b , x ) . = sel ( a , 2 ) 21 / 49

In the example . . . . ⊢ 1 � . = sel ( a , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ ? = X ⇓ ? sel ( b , X ) . . . . , 1 � . = sel ( a , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ ? = X → sel ( b , X ) . = sto ( a , 1 , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ ? AX , b . = sto ( a , 1 , 2 ) ⊢ ∃ x . sel ( b , x ) . = sel ( a , 2 ) ⇓ ? AX , b . = sto ( a , 1 , 2 ) → ∃ x . sel ( b , x ) . = sel ( a , 2 ) ⇓ ? AX ⊢ b . 21 / 49

In the example ∗ . . . ∗ . ⊢ 1 � . = X ⇓ 1 � . = sel ( a , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ true = X sel ( b , X ) . . . . , 1 � . = sel ( a , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ 1 � . = X → sel ( b , X ) . = X = sto ( a , 1 , 2 ) ⊢ sel ( b , X ) . = sel ( a , 2 ) ⇓ 1 � . AX , b . = X = sto ( a , 1 , 2 ) ⊢ ∃ x . sel ( b , x ) . = sel ( a , 2 ) ⇓ ∃ X . 1 � . AX , b . = X = sto ( a , 1 , 2 ) → ∃ x . sel ( b , x ) . = sel ( a , 2 ) ⇓ true AX ⊢ b . 21 / 49

Correctness Lemma (Soundness) It’s sound! Lemma (Completeness) Complete for fragments: FOL PA Purely existential formulae Purely universal formulae Universal formulae with finite parametrisation (same as ME (LIA)) 22 / 49

Functions 23 / 49

Functions Functions almost like in SMT: Terms are always flattened n -ary function f becomes ( n + 1 ) -ary predicate f p E.g. g ( f ( x ) , a ) f ( x ) = c ∧ g ( c , a ) = d � f p ( x , c ) ∧ g p ( c , a , d ) � 23 / 49

Functions Functions almost like in SMT: Terms are always flattened n -ary function f becomes ( n + 1 ) -ary predicate f p E.g. g ( f ( x ) , a ) f ( x ) = c ∧ g ( c , a ) = d � f p ( x , c ) ∧ g p ( c , a , d ) � Axioms necessary: Totality + Functionality ∀ ¯ x . ∃ y . f p (¯ x , y ) x , y 2 ) → y 1 . ∀ ¯ x , y 1 , y 2 . ( f p (¯ x , y 1 ) → f p (¯ = y 2 ) 23 / 49

Functions Functions almost like in SMT: Terms are always flattened n -ary function f becomes ( n + 1 ) -ary predicate f p E.g. g ( f ( x ) , a ) f ( x ) = c ∧ g ( c , a ) = d � f p ( x , c ) ∧ g p ( c , a , d ) � Axioms necessary: Totality + Functionality ∀ ¯ x . ∃ y . f p (¯ x , y ) x , y 2 ) → y 1 . ∀ ¯ x , y 1 , y 2 . ( f p (¯ x , y 1 ) → f p (¯ = y 2 ) Very closely resembles congruence closure 23 / 49

Relative completeness In SMT solvers : Choice of triggers determines provability Bad triggers → bad luck In the first-order SMT calculus : Choice of triggers determines performance Regardless of triggers, the same formulae are provable E-matching is complemented by free variables + unification 24 / 49

Practicality AUFLIA+p (193) AUFLIA-p (193) Z3 191 191 P RINCESS 145 137 CVC3 132 128 Implementation of our calculus in P RINCESS Unsatisfiable AUFLIA benchmarks from SMT-comp 2011 Intel Core i5 2-core, 3.2GHz, timeout 1200s, 4Gb http://www.philipp.ruemmer.org/princess.shtml Currently running: CASC 2012 25 / 49

Related work ME (LIA): [Baumgartner, Tinelli, Fuchs, 08], [Baumgartner, Tinelli, 11] SPASS+T [Prevosto, Waldmann, 06] DPLL( SP ) [de Moura, Bjørner, 08] Complete instantiation [Ge, de Moura, 09] Saturation + theories, e.g. [Stickel, 85], [Bürchert, 90], [Bachmair, Ganzinger, Waldmann, 94], [Korovin, Voronkov, 07], [Althaus, Kruglov, Weidenbach, 09] · · · 26 / 49

Conclusion Overall challenge: Combine the theories and performance of SMT solvers with the completeness of FOL provers Presented work is one step in this direction Ongoing work: Better unification on term level Better heuristics for introducing free variables Lemma learning Generalisation to other theories 27 / 49

Computation of Craig Interpolants

Motivation: inference of invariants Generic verification problem (“safety”) { pre } while (*) Body { post } Standard approach: loop rule using invariant pre ⇒ φ { φ } Body { φ } φ ⇒ post { pre } while (*) Body { post } How to compute φ automatically? 29 / 49

✦ From intermediate assertions to invariants {pre} Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 1 {pre} Body { ψ 1 } { ψ 1 } Body {post} [McMillan, 2003] 30 / 49

From intermediate assertions to invariants {pre} Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 1 {pre} Body { ψ 1 } { ψ 1 } Body {post} [ ψ 1 ⇒ pre ] pre is invariant ✦ [McMillan, 2003] 30 / 49

From intermediate assertions to invariants {pre} Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 1 {pre} Body { ψ 1 } { ψ 1 } Body {post} [ ψ 1 ⇒ pre ] [otherwise] pre is invariant ✦ [McMillan, 2003] 30 / 49

From intermediate assertions to invariants {pre ∨ ψ 1 } Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 2 {pre ∨ ψ 1 } Body { ψ 2 } { ψ 2 } Body {post} [ ψ 1 ⇒ pre ] [otherwise] pre is invariant ✦ [McMillan, 2003] 30 / 49

From intermediate assertions to invariants {pre ∨ ψ 1 } Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 2 {pre ∨ ψ 1 } Body { ψ 2 } { ψ 2 } Body {post} [ ψ 2 ⇒ pre ∨ ψ 1 ] [otherwise] pre ∨ ψ 1 is invariant ✦ [McMillan, 2003] 30 / 49

From intermediate assertions to invariants {pre ∨ ψ 1 } Body ; Body {post} ? Bounded model checking problem ✦ Compute intermediate assertion ψ 2 {pre ∨ ψ 1 } Body { ψ 2 } { ψ 2 } Body {post} . . . [ ψ 2 ⇒ pre ∨ ψ 1 ] pre ∨ ψ 1 is invariant ✦ [McMillan, 2003] 30 / 49

How to compute intermediate assertions? VC generation { pre } pre ( s 0 ) → Body ( s 0 , s 1 ) Body; → Body ( s 1 , s 2 ) Body { post } → post ( s 2 ) 31 / 49

How to compute intermediate assertions? VC generation { pre } pre ( s 0 ) → Body ( s 0 , s 1 ) Body; → Body ( s 1 , s 2 ) Body { post } → post ( s 2 ) Theorem (Craig, 1957) Suppose A → C is a valid FOL implication. Then there is a formula I (an interpolant) such that A → I and I → C are valid, every non-logical symbol of I occurs in both A and C. 31 / 49

How to compute intermediate assertions? VC generation A ( s 0 , s 1 ) pre ( s 0 ) { pre } → Body ( s 0 , s 1 ) Body; I ( s 1 ) → Body ( s 1 , s 2 ) Body → post ( s 2 ) { post } C ( s 1 , s 2 ) Theorem (Craig, 1957) Suppose A → C is a valid FOL implication. Then there is a formula I (an interpolant) such that A → I and I → C are valid, every non-logical symbol of I occurs in both A and C. 31 / 49

Illustration Interpolation problem: A → I → C C A 32 / 49

Illustration Interpolation problem: A → I → C C I A 32 / 49

Reverse interpolants Definition Suppose A ∧ B is unsatisfiable. A reverse interpolant is a formula I such that A → I and B → ¬ I are valid, every non-logical symbol of I occurs in both A and B . Lemma I is reverse interpolant for A ∧ B ⇐ ⇒ I is interpolant for A → ¬ B 33 / 49

Available interpolation engines (incomplete . . . ) Foci CSIsat MathSAT SMTInterpol OpenSMT iZ3 Princess 34 / 49

Proof-based interpolation techniques Implication A → C Theorem prover Model Proof of A → C Proof lifting Interpolating proof of A → C Craig interpolant A → I → C 35 / 49

Interpolating propositional logic Interpolation procedures available for many calculi Overview paper for resolution proofs: [D’Silva et al, 2010] Shown here: interpolants from a Gentzen-style proof (similar to calculus from before, but without constraints) 36 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ 3 ⊢ ∆ 3 Γ 2 ⊢ ∆ 2 Γ 1 ⊢ ∆ 1 . . . . A ⊢ C 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ 3 ⊢ ∆ 3 � annotation of Γ 2 ⊢ ∆ 2   formulae with labels Γ 1 ⊢ ∆ 1  . . . . A ⊢ C 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ 3 ⊢ ∆ 3 � annotation of Γ 2 ⊢ ∆ 2   formulae with labels Γ 1 ⊢ ∆ 1  . . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ 3 ⊢ ∆ 3 � annotation of Γ 2 ⊢ ∆ 2   Γ ∗ 1 ⊢ ∆ ∗ formulae with labels  . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ 3 ⊢ ∆ 3 Γ ∗ 2 ⊢ ∆ ∗ � annotation of 2   Γ ∗ 1 ⊢ ∆ ∗ formulae with labels  . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 Γ ∗ 2 ⊢ ∆ ∗ � annotation of 2   Γ ∗ 1 ⊢ ∆ ∗ formulae with labels  . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 Γ ∗ 2 ⊢ ∆ ∗ �  annotation of propagation of 2     Γ ∗ 1 ⊢ ∆ ∗ formulae with labels interpolants  � . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 ◮ I 3 � Γ ∗ 2 ⊢ ∆ ∗  annotation of propagation of 2     Γ ∗ 1 ⊢ ∆ ∗ formulae with labels interpolants  � . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 ◮ I 3 � Γ ∗ 2 ⊢ ∆ ∗  2 ◮ I 2 annotation of propagation of     Γ ∗ 1 ⊢ ∆ ∗ formulae with labels interpolants  � . 1 . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 ◮ I 3 � Γ ∗ 2 ⊢ ∆ ∗  2 ◮ I 2 annotation of propagation of     Γ ∗ 1 ⊢ ∆ ∗ formulae with labels interpolants 1 ◮ I 1  � . . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R 37 / 49

Basic idea of proof lifting in a sequent calculus Interpolation problem: A → I → C ∗ . . . . Γ ∗ 3 ⊢ ∆ ∗ 3 ◮ I 3 � Γ ∗ 2 ⊢ ∆ ∗  2 ◮ I 2 annotation of propagation of     Γ ∗ 1 ⊢ ∆ ∗ formulae with labels interpolants 1 ◮ I 1  � . . . . ⌊ A ⌋ L ⊢ ⌊ C ⌋ R ◮ I 37 / 49

Labelled formulae Interpolation problem: A → I → C Labelled formula Intuition “ φ is subformula of A ” ⌊ φ ⌋ L “ φ is subformula of C ” ⌊ φ ⌋ R 38 / 49

Example Non-interpolating proof: ∗ p ⊢ p , q , r ∗ ¬ p , p ⊢ q , r q , p ⊢ q , r ¬ p ∨ q , p ⊢ q , r ¬ p ∨ q , p ⊢ q ∨ r 39 / 49

Example Non-interpolating proof: ∗ p ⊢ p , q , r ∗ ¬ p , p ⊢ q , r q , p ⊢ q , r ¬ p ∨ q , p ⊢ q , r ¬ p ∨ q , p ⊢ q ∨ r Lifted interpolating proof: ∗ ⌊ p ⌋ L ⊢ ⌊ p ⌋ L ∗ ⌊¬ p ⌋ L , ⌊ p ⌋ L ⊢ . . . ⌊ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ⌋ R , ⌊ r ⌋ R ⌊¬ p ∨ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ⌋ R , ⌊ r ⌋ R ⌊¬ p ∨ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ∨ r ⌋ R 39 / 49

Example Non-interpolating proof: ∗ p ⊢ p , q , r ∗ ¬ p , p ⊢ q , r q , p ⊢ q , r ¬ p ∨ q , p ⊢ q , r ¬ p ∨ q , p ⊢ q ∨ r Lifted interpolating proof: ∗ ⌊ p ⌋ L ⊢ ⌊ p ⌋ L ◮ false ∗ ⌊¬ p ⌋ L , ⌊ p ⌋ L ⊢ . . . ◮ false ⌊ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ⌋ R , ⌊ r ⌋ R ◮ q ⌊¬ p ∨ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ⌋ R , ⌊ r ⌋ R ◮ false ∨ q ⌊¬ p ∨ q ⌋ L , ⌊ p ⌋ L ⊢ ⌊ q ∨ r ⌋ R ◮ q 39 / 49

Interpolating propositional rules Γ , ⌊ φ ⌋ L ⊢ ∆ ◮ I Γ , ⌊ φ ⌋ R ⊢ ∆ ◮ I Γ , ⌊ ψ ⌋ L ⊢ ∆ ◮ J Γ , ⌊ ψ ⌋ R ⊢ ∆ ◮ J OR - LEFT - L OR - LEFT - R Γ , ⌊ φ ∨ ψ ⌋ L ⊢ ∆ ◮ I ∨ J Γ , ⌊ φ ∨ ψ ⌋ R ⊢ ∆ ◮ I ∧ J Γ , ⌊ φ ⌋ D , ⌊ ψ ⌋ D ⊢ ∆ ◮ I Γ ⊢ ⌊ φ ⌋ D , ∆ ◮ I AND - LEFT NOT - LEFT Γ , ⌊ φ ∧ ψ ⌋ D ⊢ ∆ ◮ I Γ , ⌊¬ φ ⌋ D ⊢ ∆ ◮ I ∗ ∗ CLOSE - LL CLOSE - RR Γ , ⌊ φ ⌋ L ⊢ ⌊ φ ⌋ L , ∆ ◮ false Γ , ⌊ φ ⌋ R ⊢ ⌊ φ ⌋ R , ∆ ◮ true ∗ ∗ CLOSE - LR CLOSE - RL Γ , ⌊ φ ⌋ L ⊢ ⌊ φ ⌋ R , ∆ ◮ φ Γ , ⌊ φ ⌋ R ⊢ ⌊ φ ⌋ L , ∆ ◮ ¬ φ Γ , ⌊ [ x / t ] φ ⌋ L , ⌊∀ x .φ ⌋ L ⊢ ∆ ◮ I Γ , ⌊ [ x / t ] φ ⌋ R , ⌊∀ x .φ ⌋ R ⊢ ∆ ◮ I ALL - ALL - LEFT - L LEFT - R Γ , ⌊∀ x .φ ⌋ L ⊢ ∆ ◮ ∀ Rt I Γ , ⌊∀ x .φ ⌋ R ⊢ ∆ ◮ ∃ Lt I Γ , ⌊ [ x / c ] φ ⌋ D ⊢ ∆ ◮ I Γ ⊢ ⌊ [ x / c ] φ ⌋ D , ∆ ◮ I EX - ALL - LEFT RIGHT Γ , ⌊∃ x .φ ⌋ D ⊢ ∆ ◮ I Γ ⊢ ⌊∀ x .φ ⌋ D , ∆ ◮ I 40 / 49

Interpolating integer arithmetic . . .

Some theory rules for integers Linear combination of inequalities ( α > 0 , β > 0 ) . ≤ 0 ⊢ ∆ Γ , . . . , α s + β t FM - ELIM ′ . . ≤ 0 , t ≤ 0 ⊢ ∆ Γ , s Strengthening inequalities (subsumes rounding, Gomory cuts) . Γ , t . = 0 ⊢ ∆ Γ , t + 1 ≤ 0 ⊢ ∆ STRENGTHEN ′ . ≤ 0 ⊢ ∆ Γ , t 42 / 49

Some theory rules for integers Linear combination of inequalities ( α > 0 , β > 0 ) . ≤ 0 ⊢ ∆ Γ , . . . , α s + β t FM - ELIM ′ . . ≤ 0 , t ≤ 0 ⊢ ∆ Γ , s Strengthening inequalities (subsumes rounding, Gomory cuts) . Γ , t . = 0 ⊢ ∆ Γ , t + 1 ≤ 0 ⊢ ∆ STRENGTHEN ′ . ≤ 0 ⊢ ∆ Γ , t Calculus contains both analytic and synthetic rules ⇒ More general form of labels needed 42 / 49