deciding a combination of theories - decision procedure - changki hong @ pswlab combination of...

Deciding a Combination of The-ories

- Decision Procedure -

Deciding a Combination of The-ories

- Decision Procedure -

Changki Hong @ pswlab Combination of Theories

Daniel Kroening, Ofer Strichman

Presented by Changki Hong

2 / 24

Decision procedures so far..

The decision procedures so far focus on one specific the-ory We know how to

- Decide Equality logic with Uninterpreted Functions (EUF) :- (x1 = x2) Æ (f(x2) = x3) Æ …

- Decide linear arithmetic :- 3x1 + 5x2 ¸ 2x3 Æ x3 · x5

How about a combined formula? A combination of linear arithmetic and EUF:

- (x2 ¸ x1) Æ (x1 - x3 ¸ x2) Æ f(f(x1) - f(x2)) f(x3) A combination of bit-vectors and uninterpreted functions:

- f(a[32], b[1]) = f(b[32], a[1]) Æ a[32] = b[32]


3 / 24

Combination of theories

Approach 1 : Reduce all theories to a common logic if possible (e.g. Propositional logic) Theories that are in NP can be translated to SAT problem.

Approach 2 : Combine decision procedures of the individ-ual theories. Nelson-Oppen method


4 / 24

Contents

Motivation Preliminaries The Nelson-Oppen Combination Procedure Proof of Correctness of the Nelson-Oppen Combination

Procedure Conclusion


5 / 24

Preliminaries

First order logic variables logical symbols : shared by all theories, such as the Boolean op-

erators (Ç, Æ, …), quantifiers (8, 9) and parentheses nonlogical symbols : function and predicates of the specific theory syntax

First order theories Axioms and symbols characterizing the theory. The signature of a theory T holds the set of functions and predi-

cates of the theory.


6 / 24

Theory combination

Definition 1. (theory combination) Given theories T1 and T2 with signatures 1 and 2, the combined

theory T1 © T2 - has signature 1 [ 2 and

- the axiom set T1 [ T2

Definition 2. (theory combination problem) Let Á be a 1 [ 2 formula. The theory combination problem is to decide whether the following

holds:- T1 © T2 ² Á


7 / 24

Restrictions

The theory combination problem is undecidable for arbi-trary theories T1 and T2 even though themselves are de-cidable.

Under certain restrictions, it becomes decidable. There is a decision procedure for each of the theories T1 … Tn

T1 … Tn are quantifier-free first-order theories.

Disjoint signatures (other than equality): 1 Å 2 = ;

Definition 3. (convex theory) A theory T is convex if for all conjunctions Á it holds following:

- Á ! Çi=1..n xi = yi for some finite n > 1 )

Á ! xi = yi for some i 2 {1..n}, where xi, yi are some T variables.


8 / 24

Example of convex theory

Linear arithmetic over R is convex Á : x1 · 1 Æ x1 ¸ 1 ! x1 = 1 implies a singleton

Á : x1 · 1 Æ x1 > 1 implies empty

Á : x1 · 1 Æ x1 ¸ 0 implies infinite disjunction of equality

- In all three cases, it fits the definition of convexity

Linear arithmetic over Z is not convex x1 = 1 Æ x2 = 2 Æ 1 · x3 Æ x3 · 2 ) (x3 = x1 Ç x3 = x2) holds, but neither

- x1 = 1 Æ x2 = 2 Æ 1 · x3 Æ x3 · 2 ) x3 = x1

nor - x1 = 1 Æ x2 = 2 Æ 1 · x3 Æ x3 · 2 ) x3 = x2 holds.


9 / 24

Contents




10 / 24

The Nelson-Oppen combination procedure (1/3)

Definition 4. (purification) Purification is a satisfiability preserving transformation of the for-

mula, after which each atom is from specific theory. Given a formula Á, purification generates an equisatisfiable for-

mula Á’ as follows:1. Let Á’ := Á2. For each ‘theory-mixed’ subexpression e in Á’,

a. replace e with a new auxiliary variable ae, and

b. constrain Á’ with ae = e

Example Given the formula Á := x1 · f(x1), Purification results in

- Á’ := x1 · a Æ a = f(x1)


mixed linear arithmetic and uninterpreted functions

linear arithmetic EUF

11 / 24


After purification we are left with several sets of pure ex-pressions F1…Fn such that:

Fi belongs to a specific theory.

Shared variables are allowed, i.e. it is possible that for some i, j, vars(Fi) Å vars(Fj) ;.

Á is satisfiable $ F1 Æ … Æ Fn is satisfiable


12 / 24


Algorithm 1: Nelson-Oppen for convex theories Input : A convex formula Á that mixes convex theories, with restric-

tions output : “satisfiable” if Á is satisfiable, and “unsatisfiable” other-

wise

1. Purify Á into F1Æ … Æ Fn.

2. Apply the decision procedure for Ti to Fi. If 9i. Fi is unsatisfiable, re-turn “unsatisfiable”.

3. Equality propagation : If 9i, j. Fi implies an equality not implied by Fj, add it to Fj and goto step 2.

4. Return “satisfiable”.


13 / 24

Example of N.O. (1/2)

Consider the formula

1. Purification


(f(x1,0) ¸ x3) Æ (f(x2,0) · x3) Æ (x1 ¸ x2) Æ (x2 ¸ x1) Æ (x3 - f(x1,0) ¸ 1)

F1 (Arithmetic over R)

a1 ¸ x3

a2 · x3

x1 ¸ x2

x2 ¸ x1

x3 - a1 ¸ 1a0 = 0

F2 (EUF)

a1 = f(x1, a0)a2 = f(x2, a0)

14 / 24

Example of N.O. (2/2)

2. Apply the decision procedure for each theory

- Neither F1 nor F2 is independently contradictory

3. Equality propagation


F1 (Arithmetic over R)

a1 ¸ x3

a2 · x3

x1 ¸ x2

x2 ¸ x1

x3 - a1 ¸ 1a0 = 0

F2 (EUF)

a1 = f(x1, a0)a2 = f(x2, a0)

x1 = x2

a1 = a2

a1 = x3

unsatisfiable

x1 = x2

a1 = a2

15 / 24

Combining nonconvex theories (1/2)

It generates a problem when we directly apply algorithm 1 to nonconvex theories.

Example

After purification


(1 · x) Æ (x · 2) Æ p(x) Æ :p(1) Æ :p(2)

F1 (Arithmetic over Z)

1 · xx · 2a1 = 1a2 = 2

F2 (EUF)

p(x) :p(1):p(2)

Algorithm 1 returns “Satisfiable”

However, the original formula is unsatisfiable in the combined the-ory.

16 / 24

Combining nonconvex theories (2/2)

But: 1 · x Æ x · 2 imply the disjunction x = 1 Ç x = 2 Since the theory is non-convex, we cannot propagate either x=1 or

x=2. We can only propagate the disjunction itself. Propagate the disjunction and perform case-splitting.


Arithmetic over Z Uninterpreted predicates

1 · x

x · 2

p(x)

:p(1) Æ :p(2)

x = 1 Ç x = 2x = 1 Ç x = 2

h¢i Æ x = 1

False

h¢i Æ x = 2

False

Split!

17 / 24

Revised N.O. combination pro-cedure

Algorithm 2: Revised Nelson-Oppen for convex theories Input : A formula Á that mixes theories, with restrictions output : “satisfiable” if Á is satisfiable, and “unsatisfiable” other-

wise

1. Purify Á into Á’ : F1Æ … Æ Fn.

2. Apply the decision procedure for Ti to Fi. If 9i. Fi is unsatisfiable, re-turn “unsatisfiable”.

3. Equality propagation : If 9i, j. Fi implies an equality not implied by Fj, add it to Fj and goto step 2.

4. If 9i. Fi ! (x1= y1Ç…Ç xk= yk) but 8j Fi 9 xj= yj, apply recursively to ’Æ x1= y1, … ,’Æ xk= yk. If any of them is satisfiable, return ‘satisfiable’. Otherwise return ‘un-satisfiable’.

5. Return “satisfiable”.


18 / 24

Contents




19 / 24

Proof correctness of N.O. algo-rithm

We now prove the correctness of N.O. algorithm for con-vex theories.

Theorem: N.O. returns unsatisfiable if and only if its input formula is unsatisfiable.

We will prove this theorem for the case of combining two convex theories.


20 / 24

Proof (, Soundness)

N.O. returns ‘unsatisfiable’ ! is unsatisfiable. Assume is satisfiable and let be a satisfying assignment of . Let A = {a1,…,an} be the auxiliary variables added as a result of

the purification step. We can extend ® to an assignment ®’ that includes also the

variables in A. (recall Æi Fi and are equisatisfiable)

For each equality eq added in step 3, 9i. Fi ! eq.

Since ’ ² Fi then also ’ ² eq.

Hence for all j 2 {1,2}, ’ ² Fj Æ eq. (recall equality propagation) Thus, N.O. does not return unsat in this case. In other words, if N.O. returns unsat, then is unsat.


21 / 24

Proof (, Completeness)

Definition 5 : (residue) A residue of a formula , denoted Res(), is the strongest Equality Logic

formula implied by .

ex) Res(x=f(a) Æ y=f(b)) is a = b ! x = y

Lemma 1: if F1 and F2 are formulas with disjoint signatures, Res(F1 Æ F2) $ (Res(F1)

Æ Res(F2)).


22 / 24

Proof (, Completeness)

is unsatisfiable ! N.O. returns ‘unsatisfiable’. Now suppose N.O. returns SAT although F1 Æ F2 is unsatisfiable. Res(F1 Æ F2) = false Hence, by Lemma 1, Res(F1) Æ Res(F2) = false On the other hand, if N.O. returns ‘Satisfiable’, we know that

- F1 and F2 are separately satisfiable

- F1 and F2 imply exactly the same equalities.

- Thus, Res(F1) and Res(F2) are satisfiable and imply the same equali-ties.

Hence, Res(F1) Æ Res(F2) is also satisfiable, i.e. Res(F1) Æ Res(F2) false (contradiction).


23 / 24

Contents




24 / 24

Conclusion

The theory combination problem is undecidable.

The Nelson-Oppen combination procedure solves the the-ory combination problem for theories that comply with several restrictions.


deciding a combination of theories - decision procedure - changki hong @ pswlab combination of...

Documents

convex x

theories t t n t t n

theory combination problem

theory combination definition

arbitrary theories t

combined theory t

individual theories

t variables