ground interpolation for the theory of equality
DESCRIPTION
Ground Interpolation for the Theory of Equality. A. Fuchs 1 , A. Goel 2 , J. Grundy 2 , S. Krstic 2 , C. Tinelli 1 1 The University of Iowa 2 Intel Corporation. Logical Interpolation in Formal Methods. Logical interpolants are useful in model checking, e.g., to - PowerPoint PPT PresentationTRANSCRIPT
Ground Interpolation for the Theory of Equality
A. Fuchs1, A. Goel2, J. Grundy2, S. Krstic2, C. Tinelli1
1 The University of Iowa2 Intel Corporation
Logical Interpolation in Formal Methods
Logical interpolants are useful in model
checking, e.g., to accelerate the computation of
reachability relations improve predicate abstraction
We will focus on ground interpolants
Ground Interpolation in First-order Theories
A theory T admits ground interpolation iffevery two ground formulas A and B inconsistent in T have a ground T -interpolant, a ground formula I s.t.
I’s symbols are shared by A and B A |=T I
I, B are inconsistent in T ( I, B |=T false )
Contribution of This Work
A new ground interpolation procedure for EUF
Highlights: Interpolants are extracted from colored
congruence graphs (CCGs) A CG represents compactly a proof of
inconsistency for sets of ground literals CGs are easily produced by usual congruence
closure algorithms for deciding ground satisfiability in EUF
Contribution of This Work
A new ground interpolation procedure for EUF
Highlights:
Our interpolants are: conjunctions of ground Horn clauses in simplest possible form for EUF smaller and simpler than in previous method by
McMillan [McM05]
Simplifying Assumptions
We consider only conjunctions of literals Any interpolation procedure for such
formulas, in any theory, can be uniformly extended to arbitrary ground formulas [e.g., McM05, CGS08]
(Only?) Previous Work
Interpolation procedure for EUF by McMillan [MCM03]
Based on a inference system for EUF with 6 rules (for reflexivity, symmetry, etc. of = )
Rules extended with annotations [u, v, , ] for premises and conclusions, and increased to 11
If A, B derives false[u, v, , ] then is an interpolant of A, B
Our view: Interpolation as a Cooperative Game u0 = v0
A = u2 = g(u1, u)
v2 = g(v1, h(v))
A-prover B-prover
0. A B
1.
2.
3.
4.
u1 = f(x, v0)
B = v1 = f(x, u0)
u = h(v), u2 v2
Ground Interpolation as a Cooperative Game
A-prover B-prover
0. A B
1. u0 = v0
2.
3.
4.
u0 = v0
A = u2 = g(u1, u)
v2 = g(v1, h(v))
u1 = f(x, v0)
B = v1 = f(x, u0)
u = h(v), u2 v2
Ground Interpolation as a Cooperative Game
A-prover B-prover
0. A B
1. u0 = v0
2. u1 = v1
3.
4.
u0 = v0
A = u2 = g(u1, u)
v2 = g(v1, h(v))
u1 = f(x, v0)
B = v1 = f(x, u0)
u = h(v), u2 v2
Ground Interpolation as a Cooperative Game
A-prover B-prover
0. A B
1. u0 = v0
2. u1 = v1
3. u = h(v)
4.
u0 = v0
A = u2 = g(u1, u)
v2 = g(v1, h(v))
u1 = f(x, v0)
B = v1 = f(x, u0)
u = h(v), u2 v2
Ground Interpolation as a Cooperative Game
A-prover B-prover
0. A B
1. u0 = v0
2. u1 = v1
3. u = h(v)
4. u2 = v2
Interpolant: u0 = v0 (u1 = v1 u = h(v) u2 = v2)
u0 = v0
A = u2 = g(u1, u)
v2 = g(v1, h(v))
u1 = f(x, v0)
B = v1 = f(x, u0)
u = h(v), u2 v2
Ground Interpolation as a Cooperative Game
Concrete Result for EUF:
A procedure to retrofit the interpolation game to congruence graphs
Congruence Graph: ExampleL = {x1 = z1, z1 = z2, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z5 = f(z3),
f(z4) = z6, z6 = x4, y1 = z7, z7 = f(x3), f(x4) = z8, z8 = y2} T = {terms in L} x1
y1 z7 z8 y2
x3 z5 z6 x4
z3
f(x1)
z4
z1 z2 x2
f(x2)
f(z3) f(z4)
f(x3) f(x4)
Basic edge
Derived edge
Congruence Graphs and EUF
Fact: decision procedures for EUF essentiallycompute congruence graphs
Prop. Let L = {equalities and disequalities}, T = {all terms in L}.L is inconsistent in EUF iffthere is a CG (T, ) and s t L s.t.
s * t
Congruence Graphs and EUF
Let G be any CG showing that L is inconsistent in EUF
Let L = A B
We can extract an interpolant of A, B from G by first suitably coloring G with{A, B}
The interpolant can be seen as generated from a run of the interpolation game between an A-prover and a B-prover
x1
y1 z7 z8 y2
x3 z5 z6 x4
z3
f(x1)
z4
z1 z2 x2
f(x2)
f(z3) f(z4)
f(x3) f(x4)
Colored Congruence Graph: Example
Coloring scheme: Nodes in A \ B colored A ” ” B \ A ” B ” ” A B ” AB Basic edges in A colored A ” ” ” B ” B Derived edges colored A (B)
if both endpoints are A (B)
A = {x1 = z1, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z6 = x4, z7 = f(x3), f(x4) = z8}
B = { z1 = z2, z5 = f(z3) , f(z4) = z6, y1 = z7, z8 = y2 }
Colored Congruence Graph: Example
A = {x1 = z1, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z6 = x4, z7 = f(x3), f(x4) = z8}
B = { z1 = z2, z5 = f(z3) , f(z4) = z6, y1 = z7, z8 = y2 }
x1
y1 z7 z8 y2
x3 z5 z6 x4
z3
f(x1)
z4
z1 z2 x2
f(x2)
f(z3) f(z4)
f(x3) f(x4)
Coloring scheme: Nodes in A \ B colored A ” ” B \ A ” B ” ” A B ” AB Basic edges in A colored A ” ” ” B ” B Derived edges colored A (B)
if both endpoints are A (B)
Fixing Uncolorable Graphs
It is possible (and easy) to modify the graph to remove uncolorable edges
Reason: EUF is equality interpolating
Lemma. [YM05] If A, B |= s = t one can compute a AB-term u s.t.
A, B |= s = u u = t
Extracting Interpolants from Colored Congruence Graphs
s
2
r2
s1 r1v1u1r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
CCG for A, B with s r B :
Notation: let xy denote a path from node x to node y
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = I(su) I(uv) I(vr)= I(s1r1) I(uv) = I(s1u1) I(u1v1) I(v1r1) I(uv)= {u1= v1} I(uv)
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = {u1= v1} I(uv)= {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v}
I(v3 = u3) I(v6 = u6) I(v4 = u4) I(u2 = v2)
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = {u1= v1} I(uv)= {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v}
I(u2 = v2)
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} I(u2 = v2)
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} I(s7 = r7)
s2 r2
s1 r1v1u1
r3s3 v2u2
s4 r4v3 v4u3 u4
s6 r2v5u5
s5 r5v6 u6
r7s7 u7v7
s u v r
I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} {u5 = v5 u7 = v7}
Note: A |= I(sr) and B, I(sr) |= s = r but s r B
Interpolation Function:Formal Definition
{I() | is a factor of st} if st has ≥ 2 factors
I(st) = {I() | is a parent of a link in st} if st is a B-path
{I() | P(st)} {J(st)} if st is a A-path
{P() | is a factor of st} if st has ≥ 2 factors
P(st) = {st} if st is a B-path
{P() | is a parent of a link in st} if st is a A-path
J(st) = {u = v | uv P(st)} s = t
Main Theoretical Result
Lemma. Function I is well defined andcomputable over any CCG, and returns a set of ground Horn clauses.
Theorem. Let G be a CCG for A, B.If sr is a path in G s.t. s r B, thenI(sr) is an EUF-interpolant of A and B.
Note: The paper also defines an I’ for when s r A.
Interpolation Procedure
Given a literal set L inconsistent in EUF and
a partition A, B of L
n run CC to find a CG G over L connecting s, r for some s r L
n modify G as needed to make it colorable and color it (in any allowed way)
n If s r B return I(sr) else return I’(sr)
Main Differences with McMillan’s Procedure
CGs condense inferences by reflexivity, symmetry and transitivity into paths (big step vs. small step proof)
Ex: z1 = x1 = z2 = x2 = f(z3) = x3 = z4 z1
Our interpolant: z1 = z4
McMillan’s: z1 = z2 z2 = f(z3) f(z3) = z4
Main Differences with McMillan’s Procedure
Interpolants with simple Boolean structure
Ex. 7,10 in our paper:
Our interpolant: (z1 = z2 z3 = z4) (z5 = z6 z7 = z8)
McMillan’s: (z1 = z2 (z3 = z4 z5 = z6))
z3 = z4 z7 = z8
Main Differences with McMillan’s Procedure
Minimal number of new, auxiliary terms vs. many new terms produced on-the-fly
Non-deterministic coloring step (2) vs. fully specified annotation mechanism
Overall smaller and simpler interpolants
Experimental Results
Interpolation procedure implemented in SMT-solver DPT
Compared with state-of-the-art implementation of McMillan’s procedure in MathSAT [Cim08] Both systems extend interpolation to general ground
EUF formulas in the same way (relying on similar DPLL-style SAT engines)
Resolution proofs from the two DPLL engines are comparable in size
Same benchset as in [Cim08]
Experimental Results
DTP vs. MathSAT on 45 benchmarks derived from SMT-LIBRuntimes: ComparableInterpolant size: DPT’s 3.8 times smaller on average
Conclusion
New interpolation procedure for EUF Easy to implement on top of CC procedures
within SMT solvers Generates smaller and simpler interpolants Provides basis for further refinements and
implementations Its flexibility could be useful when the notion
of interpolant quality is better understood
Theories with Ground Interpolation
Equality over uninterpreted function symbols (EUF)
Real arithmetic Linear Integer Arithmetic with divisibility
operator … Any FOL theory admitting quantifier
elimination
Theories with Ground Interpolation
Equality over uninterpreted function symbols (EUF)
Real arithmetic Linear Integer Arithmetic with divisibility
operator … Any FOL theory admitting quantifier
elimination
Coloring Congruence Graph
Let A, B be disjoint sets of literals
Every symbol of A (B) is A-colorable (B-colorable) A term is A-colorable (B-colorable) if all of its symbols are
To color a CG for A B, colorn a node with A (resp., B) if it occurs in A (resp., B)- a basic edge with A (resp., B) if it occurs in A (resp., B)- a derived edge with A (alternatively, with B) if its end-
points are both colored with A (with B)
Congruence Graph for L
Any undirected graph G built during this procedure
Input: L = {ground literals}, T = {ground terms}
Let G := (T, ) with := Repeat as long as possible
For each (s, t) TT \ * such that
s = t L or t = s L or
s is f(s1,…,sn), t is f(t1,…,tn) and s1 * t1, …, sn * tn
do add (s, t) to