Seminar Decision Procedures and Applications

Transcription

1 Seminar Decision Procedures and pplications Background Informations Viorica Sofronie-Stokkermans University Koblenz-Landau 29 May

2 Structure Topics for the talks: D. Basin & H. Ganzinger: utomated complexity analysis based on ordered resolution V. Kuncak & S. Jacobs: Towards Complete Reasoning about xiomatic Specfications F. Baader & B. Morawska: Unification in the description logic EL F. Baader & K. Schulz: Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures 2

3 Overview We give a survey of recent developments and give examples. Plan of this lecture Reasoning in standard theories Reasoning in complex theories theory extensions combinations of theories Examples of applications Important: identify decidable/tractable fragments 3

4 Reasoning about standard datatypes Numbers - natural numbers, integers, reals, rationals Data structures - theories of lists - theory of acyclic lists - theory of arrays - theories of sets, multisets 4

5 Reasoning in theory extensions Numbers - integers, reals, rationals Data structures - theories of lists of integers, reals,... - theory of acyclic lists of integers, reals,... - theory of arrays of integers, reals,... - theories of sets of integers, reals,... + functions (free, rec. def.) e.g : length, card Functions - e.g. over numeric domains - monotone functions - bounds on slope - convexity/concavity conditions - continuity, derivability 5

6 Modularity Modular (i.e. black-box) composition of decision procedures is highly desirable for saving time and resources. Modular Reasoning Example: T 1 T 0 T 2 T 0 : Σ 0 -theory. lists(r) arrays(r) T i : Σ i -theory; T 0 T i Σ 0 Σ i. Can we use provers for T 1,T 2 as blackboxes to prove theorems in T 1 T 2? Which information needs to be exchanged between the provers? 6

7 Structure Reasoning in standard theories crash course: Decidable logical theories and theory fragments Reasoning in complex theories Modular reasoning in combinations of theories Disjoint signature: The Nelson-Oppen method Hierarchical/Modular reasoning in theory extensions Local theory extensions Examples: data structures (arrays, pointers, lists) pplications Combinations of local extensions Non-disjoint signature 7

8 Conventions In what follows we will use the following conventions: constants (0-ary function symbols) are denoted with a, b, c, d,... function symbols with arity 1 are denoted f,g,h,... if the formulae are interpreted into arbitrary algebras +,,s,... if the intended interpretation is into numerical domains predicate symbols with arity 0 are denoted p,q,r,s,... predicate symbols with arity 1 are denoted P,Q,R,... if the formulae are interpreted into arbitrary algebras,,<,> if the intended interpretation is into numerical domains variables are denoted x,y,z,... 8

9 Logical theories Syntactic view xiomatized by a set F of (closed) first-order Σ-formulae. the models of F: Mod(F) = { Σ-alg = G, for all G in F} Semantic view given a class M of Σ-structures the first-order theory of M: Th(M) = {G F Σ (X) closed M = G} 9

10 Logical theories Syntactic view xiomatized by a set F of (closed) first-order Σ-formulae. the models of F: Mod(F) = { Σ-alg = G, for all G in F} F Th(Mod(F)) M Mod(Th(M)) (typically strict) (typically strict) Semantic view given a class M of Σ-structures the first-order theory of M: Th(M) = {G F Σ (X) closed M = G} Th(Mod(F)) the set of formulae true in all models of F represents exactly the set of consequences of F 10

11 Examples 1. Linear integer arithmetic. Σ = ({0/0,s/1,+/2},{ /2}) Z + = (Z,0,s,+, ) the standard interpretation of integers. {Z + } Mod(Th(Z + )) 2. Uninterpreted function symbols. Σ = (Ω, Pred) M = Σ-alg: the class of all Σ-structures The theory of uninterpreted function symbols is Th(Σ-alg) the family of all first-order formulae which are true in all Σ-structures. 11

12 Examples 3. Lists. Σ = ({car/1,cdr/1,cons/2}, ) car(cons(x, y)) x F = cdr(cons(x, y)) y cons(car(x), cdr(x)) x Mod(F): the class of all models of F Th Lists = Th(Mod(F)) theory of lists (axiomatized by F) 4. rrays. Σ = ({read/2, write/3) { read(write(a, i, e), i) = e F = i j read(write(a,i,e),j) = read(a,j) Mod(F): the class of all models of F Th arrays = Th(Mod(F)) theory of arrays (axiomatized by F) 12

13 Decidable theories Σ = (Ω,Pred) be a signature. M: class of Σ-structures. T = Th(M) is decidable iff there is an algorithm which, for every closed first-order formula φ, can decide (after a finite number of steps) whether φ is in T or not. F: class of (closed) first-order formulae. The theory T = Th(Mod(F)) is decidable iff there is an algorithm which, for every closed first-order formula φ, can decide (in finite time) whether F = φ or not. 13

14 Examples Undecidable theories Peano arithmetic xiomatized by: x (x + 1 0) x F[0] ( y (x + 1 y + 1 x y x (x + 0 x) x (F[x] F[x + 1]) x,y (x + (y + 1) (x + y) + 1) x,y (x 0 0) 3 y +5 > 2 y expressed as x,y (x (y + 1) x y + x) E xf[x]) z(z 0 3 y +5 2 y +z) (zero) (successor) (induction) (plus zero) (plus successor) (times zero) (times successor) Intended interpretation: (N,{0, 1, +, },{, }) (does not capture true arithmetic by Gödel s incompleteness theorem) Th((Z,{0,1,+, },{ })) Th(Σ-alg) 14

15 Examples In order to obtain decidability results: Restrict the signature Enrich axioms Look at certain fragments 15

16 Examples In order to obtain decidability results: Restrict the signature Enrich axioms Look at certain fragments Decidable theories Presburger arithmetic decidable in 3EXPTIME [Presburger 29] Signature: ({0,1,+},{, }) (no ) xioms { (zero), (successor), (induction), (plus zero), (plus successor) } Th(Z + ) Z + = (Z,0,s,+, ) the standard interpretation of integers. 16

17 Examples In order to obtain decidability results: Restrict the signature Enrich axioms Look at certain fragments Decidable theories The theory of real numbers (with addition and multiplication) is decidable in 2EXPTIME [Tarski 30] 17

18 Examples In order to obtain decidability results: Restrict the signature Enrich axioms Look at certain fragments L Fma(Σ) Simpler task: Given φ in L, is it the case that T = φ? Common restrictions on L Pred = {φ L T = φ} L={ L={ L={ L={ x(x) atomic} word problem x( 1... n B) i,b atomic} uniform word problem xc(x) C(x) clause} xφ(x) φ(x) unquantified} Th clausal validity problem Th universal validity problemth Horn,cl 18

19 Examples In order to obtain decidability results: Restrict the signature Enrich axioms Look at certain fragments L Fma(Σ) Simpler task: Given φ in L, is it the case that T = φ? Common restrictions on L Π = {φ L T = φ} L={ L={ E x 1... n i atomic} unification problem Th x E x 1... n i atomic} unification with constants Th E E 19

20 Validity of formulae vs. ground satisfiability The following are equivalent: (1) T = x(l 1 (x) L n (x)) (2) There is no model of T which satisfies E x( L 1 (x) L n (x)) (3) There is no model of T and no valuation for the constants c for which ( L 1 (c) L n (c)) becomes true (notation: ( L 1 (c) L n (c)) = T ) Can reduce any validity problem to a ground satisfiability problem 20

21 Useful theories Many example of theories in which ground satisfiability is decidable: The empty theory (no axioms) UIF(Σ) linear (rational or integer) arithmetic theories axiomatizing common datatypes (lists, arrays) 21

22 The theory of uninterpreted function symbols Let Σ = (Ω,Π) be arbitrary Let M = Σ-alg be the class of all Σ-structures The theory of uninterpreted function symbols is Th(Σ-alg) the family of all first-order formulae which are true in all Σ-algebras. - in general undecidable - Satisfiability of conjunctions of ground literals is decidable (in PTIME) Method 1: ckermann s reduction f(a,b) = a f(f(a,b),b) a f(a,b) = c,f(c,b) = d c = a d a a = c b = b c = d 22

23 The theory of uninterpreted function symbols Let Σ = (Ω,Π) be arbitrary Let M = Σ-alg be the class of all Σ-structures The theory of uninterpreted function symbols is Th(Σ-alg) the family of all first-order formulae which are true in all Σ-algebras. - in general undecidable - Satisfiability of conjunctions of ground literals is decidable (in PTIME) Method 2: DG encoding [Downey-Sethi, Tarjan 76; Nelson-Oppen 80] v f(a,b) = a = f(f(a,b),b) = a 2 f v 1 v3 a b v4 f v 1 : f(f(a,b),b) v 2 : f(a,b) v 3 : a v 4 : b R : {(v 2,v 3 )} - compute the congruence closure R c of R - check whether (v 1,v 3 ) R c 23

24 Linear (rational or integer) arithmetic Syntax Signature Σ = ({0/0,s/1,+/2},{ /2,< /2}) Terms, atomic formulae as usual Example: 3 x 1 +2 x 2 5 x 3 abbreviation for (x 1 +x 1 +x 1 )+(x 2 +x 2 ) (x 3 +x 3 +x 3 +x 3 +x 3 ) Formulae: conjunctions of atomic formulae 24

25 Linear arithmetic Problem: check satisfiability of conjunctions of atomic formulae in linear arithmetic over a numerical domain D Complexity: D = R: PTIME; D = Z: NP-hard Methods The simplex method (D = R) Integer linear programming (D = Z) use branch-and-bound/cutting planes The Fourier-Motzkin method (D = R) use variable elimination The Omega test (D = Z) use variable elimination 25

26 Theories axiomatizing common datatypes Example 1: McCarthy s theory of arrays. Σ = {write/3, read/2} xioms: read(write(x, i, y), i) = y i j read(write(x,i,y),j) = read(x,j) a = b - the full first-order theory of arrays is undecidable - the ground satisfiability problem is decidable (in NP) i(read(a, i) = read(b, i)) Methods: - refinements of resolution which efficiently handle equality [RR 02] - instantiation 26

27 Theories axiomatizing common datatypes Example 2: The theory of acyclic lists xioms: car(cons(x, y) = x cdr(cons(x, y) = y cons(car(x), cdr(x)) = x t(x) x t contains only cons The full first-order theory is decidable (but non-elementary) Satisfiability of conjunctions of ground literals decidable (in PTIME). Methods: - refinements of resolution which efficiently handle equality [RR 02] - instantiation 27

28 Theories axiomatizing common datatypes Example 3: doubly-linked lists (cf. also [Necula, McPeak 2005]) p (p null p.next null p.next.prev = p) p (p null p.prev null p.prev.next = p) c null c.next null d null d.next null c.next=d.next c d = 28

29 Theories axiomatizing common datatypes Example 3: doubly-linked lists (cf. also [Necula, McPeak 2005]) (c null c.next null c.next.prev=c) (c.next null c.next.next null c.next.next.prev=c.next) (d null d.next null d.next.prev=d) (d.next null d.next.next null d.next.next.prev=d.next) c null c.next null d null d.next null c.next=d.next c d = 29

30 Local Theories T 1 := K set of Horn clauses; Kislocal,ifforgroundHornclausesC, K = C iff K[C] = C [Mcllester, Givan 92, 93] Local theories capture PTIME 30

31 Local Theories T 1 := K set of Horn clauses; Kislocal,ifforgroundHornclausesC, K = C iff K[C] = C [Mcllester, Givan 92, 93] Local theories capture PTIME Natural extension of ideas which occurred in deductive databases Datalog program: - set K of Horn clauses without function symbols - for ground clauses C: K = C iff K[C] = C - entailment of ground clauses in PTIME 31

32 Local Theories T 1 := K set of Horn clauses; Kislocal,ifforgroundHornclausesC, K = C iff K[C] = C T 1 local theory Horn theory of T 1 in PTIME [Mcllester et al. 92, 93] [Ganzinger 01] Emb(T 1 ) [Skolem 20] [Evans 53,Burris 95] 32

33 How to recognize local theories [Ganzinger 2001] test embeddability of partial into total models Examples: - theory of lattices [Skolem 1920] - monotone functions on posets, lattices - theory of free function symbols s(x) = y p(y) = x p(y) = x s(x) = y - K : s(x) = s(y) x = y p(x) = p(y) x = y - theory of doubly linked lists - theory of lists with cons,car,cdr 33

34 How to recognize local theories [Ganzinger 2001] test embeddability of partial into total models [Basin, Ganzinger 96, 01] test saturation under ordered resolution Recognize locality [Basin, Ganzinger 96, 01; Ganzinger 01] = EQ (binary predicate) + congruence axioms special relations(off) saturate Generate local presentations: add clauses K : s(x)=y p(y)=x p(y)=x s(x)=y s(x)=s(y) x=y p(x)=p(y) x=y L : cons(x,y)=z car(z)=x cons(x,y)=z cdr(z)=y cons(x,y)=cons(u,v) x=u y=v 34

35 Theories axiomatizing common datatypes Example 3: doubly-linked lists (cf. also [Necula, McPeak 2005]) p (p null p.next null p.next.prev = p) p (p null p.prev null p.prev.next = p) c null c.next null d null d.next null c.next=d.next c d = 35

36 Theories axiomatizing common datatypes Example 3: doubly-linked lists (cf. also [Necula, McPeak 2005]) (c null c.next null c.next.prev=c) (c.next null c.next.next null c.next.next.prev=c.next) (d null d.next null d.next.prev=d) (d.next null d.next.next null d.next.next.prev=d.next) c null c.next null d null d.next null c.next=d.next c d = 36

37 Theories axiomatizing common datatypes Example 3: doubly-linked lists (cf. also [Necula, McPeak 2005]) (c null c.next null c.next.prev=c) (c.next null c.next.next null c.next.next.prev=c.next) Extensions which also take the elements into account (for doubly-linked lists, but also for arrays and lists with car/cdr) Reasoning in complex theories (d null d.next null d.next.prev=d) (d.next null d.next.next null d.next.next.prev=d.next) c null c.next null d null d.next null c.next=d.next c d = 37

38 Overview Reasoning in standard theories crash course: Decidable logical theories and theory fragments Reasoning in complex theories Modular reasoning in combinations of theories disjoint signature: the Nelson-Oppen method Hierarchical/Modular reasoning in theory extensions Local theory extensions pplications Examples: data structures (arrays, pointers, lists) Combinations of local extensions non-disjoint signature 38

39 Reasoning in combinations of theories We are interested in testing satisfiability of ground formulae The combined decidability problem For i = 1,2 let T i be a first-order theory in signature Σ i assume the T i ground satisfiability problem is decidable Let T 1 T2 be a combination of T 1 and T 2 Question: Is the T 1 T2 ground satisfiability problem decidable? 39

40 The combined decidability problem Main issue: How is T 1 T2 defined? Here: put together the axioms Syntactic view: T 1 +T 2 = T 1 T 2 F Σ1 Σ 2 (X) Mod(T 1 T 2 ) = { (Σ 1 Σ 2 )-alg = G, for all G in T 1 T 2 } where Σ 1 Σ 2 = (Ω 1,Pred 1 ) (Ω 2,Pred 2 ) = (Ω 1 Ω 2,Pred 1 Pred 2 ) Semantic view: Let M i = Mod(T i ),i = 1,2 M 1 +M 2 = { (Σ 1 Σ 2 )-alg Σi M i for i = 1,2} 40

41 The combined decidability problem Main issue: How is T 1 T2 defined? Here: put together the axioms Syntactic view: T 1 +T 2 = T 1 T 2 F Σ1 Σ 2 (X) Mod(T 1 T 2 ) = { (Σ 1 Σ 2 )-alg = G, for all G in T 1 T 2 } where Σ 1 Σ 2 = (Ω 1,Pred 1 ) (Ω 2,Pred 2 ) = (Ω 1 Ω 2,Pred 1 Pred 2 ) Mod(T 1 T 2 ) iff M 1 +M 2 Semantic view: Let M i = Mod(T i ),i = 1,2 M 1 +M 2 = { (Σ 1 Σ 2 )-alg Σi M i for i = 1,2} 41

42 Combinations of theories Definition. theory is consistent if it has at least one model. Question: Is the union of two consistent theories always consistent? nswer: No.(Not even when the two theories have disjoint signatures) Example: Σ 1 = (Ω 1, ), Σ 2 = ({c/0,d/0}, ), c,d Ω 1 T 1 = { T 2 = { E x,y,z(x y x z y z)} x(x c x d)} Mod(T 1 ) iff 3. B Mod(T 2 ) iff 2. 42

43 Combinations of theories For i = 1,2 let T i be a first-order theory in signature Σ i s.t. the ground satisfiability problem for T i is decidable Question: Is the ground decidability problem for T 1 T 2 decidable? nswer: In general No (restrictions needed for affirmative answer) There are theories T 1,T 2 with disjoint signatures and decidable ground satisfiability problem such that ground satisfiability in T 1 T 2 is unsatisfiable. [Bonacina, Ghilardi et.al, IJCR 2006] 43

44 Combination of theories over disjoint signatures The Nelson/Oppen procedure Given: T 1,T 2 first-order theories with signatures Σ 1,Σ 2 ssume that Σ 1 Σ 2 = (share only ) P i decision procedures for satisfiability of ground formulae w.r.t. T i φ quantifier-free formula over Σ 1 Σ 2 Task: Check whether φ is satisfiable w.r.t. T 1 T 2 Note: Restrict to conjunctive quantifier-free formulae φ DNF(φ) DNF(φ) satisfiable in T iff one of the disjuncts satisfiable in T 44

45 Example [Nelson & Oppen, 1979] Theories R theory of rationals Σ R = {,+,,0,1} L theory of lists Σ L = {car,cdr,cons} E theory of equality (UIF) Σ: free function and predicate symbols 45

46 Example [Nelson & Oppen, 1979] Theories R theory of rationals Σ R = {,+,,0,1} L theory of lists Σ L = {car,cdr,cons} E theory of equality (UIF) Σ: free function and predicate symbols Problems: 1. R L E = x,y(x y y x+car(cons(0,x)) P(h(x) h(y)) P(0)) 2. Is the following conjunction: c d d c +car(cons(0,c)) P(h(c) h(d)) P(0) satisfiable in R L E? 46

47 n Example R L E Σ {,+,,0,1} {car,cdr,cons} F P xioms x +0 x car(cons(x,y)) x x x 0 cdr(cons(x,y)) y (univ. + is, C at(x) cons(car(x), cdr(x)) x quantif.) is R,T, at(cons(x,y)) x y y x x y x+z y +z Is the following conjunction: c d d c +car(cons(0,c)) P(h(c) h(d)) P(0) satisfiable in R L E? 47

48 Step 1: Purification Given: φ conjunctive quantifier-free formula over Σ 1 Σ 2 Task: Find φ 1,φ 2 s.t. φ i is a pure Σ i -formula and φ 1 φ 2 equivalent with φ f(s 1,...,s n ) g(t 1,...,t m ) u f(s 1,...,s n ) u g(t 1,...,t m ) f(s 1,...,s n ) g(t 1,...,t m ) u f(s 1,...,s n ) v g(t 1,...,t m ) u v ( )P(...,s i,...) ( )P(...,u,...) u s i ( )P(...,s i [t],...) ( )P(...,s i [t u],...) u t where t f(t 1,...,t n ) Termination: Obvious Correctness: φ 1 φ 2 and φ are equisatisfiable w.r.t. T 1 T 2 48

49 Step 1: Purification c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 3 h(c) c 5 0 c 4 h(d) 49

50 Step 1: Purification c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 3 h(c) c 5 0 c 4 h(d) satisfiable satisfiable satisfiable 50

51 Step 2: Propagation c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 3 h(c) c 5 0 c 4 h(d) deduce and propagate equalities between constants entailed by components 51

52 Step 2: Propagation c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 3 h(c) c 5 0 c 4 h(d) c 1 c 5 52

53 Step 2: Propagation c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 3 h(c) c 5 0 c 4 h(d) c 1 c 5 c 1 c 5 c d 53

54 Step 2: Propagation c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 5 0 c 3 h(c) c 4 h(d) c 1 c 5 c 1 c 5 c d c d c 3 c 4 54

55 Step 2: Propagation c d d c +car(cons( 0 c 5,c)) c 1 P(h(c) h(d) ) P( 0 c 3 c 4 c 2 ) c 5 R L E c d c 1 car(cons(c 5,c)) P(c 2 ) d c +c 1 P(c 5 ) c 2 c 3 c 4 c 5 0 c 3 h(c) c 4 h(d) c 1 c 5 c 1 c 5 c d c d c 3 c 4 c 2 c 5 55

56 The Nelson-Oppen algorithm φ conjunction of literals Step 1. Purification T 1 T 2 φ (T 1 φ 1 ) (T 2 φ 2 ): where φ i is a pure Σ i -formula and φ 1 φ 2 is equisatisfiable with φ. Step 2. Propagation. The decision procedure for ground satisfiability for T 1 and T 2 fairly exchange information concerning entailed unsatisfiability of constraints in the shared signature i.e. clauses over the shared variables. until an inconsistency is detected or a saturation state is reached. 56

57 The Nelson-Oppen algorithm φ conjunction of literals Step 1. Purification T 1 T 2 φ (T 1 φ 1 ) (T 2 φ 2 ): where φ i is a pure Σ i -formula and φ 1 φ 2 is equisatisfiable with φ. not problematic; requires linear time Step 2. Propagation. The decision procedure for ground satisfiability for T 1 and T 2 fairly exchange information concerning entailed unsatisfiability of constraints in the shared signature i.e. clauses over the shared variables. until an inconsistency is detected or a saturation state is reached. not problematic; termination guaranteed Sound: if inconsistency detected input unsatisfiable Complete: under additional assumptions 57

58 Implementation φ conjunction of literals Step 1. Purification: T 1 T 2 φ (T 1 φ 1 ) (T 2 φ 2 ), where φ i is a pure Σ i -formula and φ 1 φ 2 is equisatisfiable with φ. Step 2. Propagation: The decision procedure for ground satisfiability for T 1 and T 2 fairly exchange information concerning entailed unsatisfiability of constraints in the shared signature i.e. clauses over the shared variables. until an inconsistency is detected or a saturation state is reached. How to implement Propagation? Guessing: guess a maximal set of literals containing the shared variables; check it for T i φ i consistency. Backtracking: identify disjunction of equalities between shared variables entailed by T i φ i ; make case split by adding some of these equalities to φ 1,φ 2. Repeat as long as possible. 58

59 Completeness Example T 1 theory admitting models of cardinality at most 2 T 2 theory admitting models of any cardinality f 1 Σ 1,f 2 Σ 2 such that T i = x,y f i (x) = f i (y). φ = f 1 (c 1 ) f 1 (c 2 ) f 2 (c 1 ) f 2 (c 3 ) f 2 (c 2 ) f 2 (c 3 ) φ 1 = f 1 (c 1 ) f 1 (c 2 ) φ 2 = f 2 (c 1 ) f 2 (c 3 ) f 2 (c 2 ) f 2 (c 3 ) The Nelson-Oppen procedure returns satisfiable T 1 T 2 = x,y,z(f 1 (x) f 1 (y) f 2 (x) f 2 (z) f 2 (y) f 2 (z) (x y x z y z)) f 1 (c 1 ) f 1 (c 2 ) f 2 (c 1 ) f 2 (c 3 ) f 2 (c 2 ) f 2 (c 3 ) unsatisfiable 59

60 Completeness Cause of incompleteness There exist formulae satisfiable in finite models of bounded cardinality Solution: Consider stably infinite theories. T is stably infinite iff for every quantifier-free formula φ φ satisfiable in T iff φ satisfiable in an infinite model of T. Note: This restriction is not mentioned in [Nelson Oppen 1979]; introduced by Oppen in

61 Completeness Guessing version: C set of constants shared by φ 1,φ 2 R equiv.relationassoc.withpartitionofc ar(c,r) = R(c,d) c d R(c,d) c d Lemma. ssume that there exists a partition of C s.t. φ i ar(c,r) is T i - satisfiable. Then φ 1 φ 2 is T 1 T 2 -satisfiable. Idea of proof: Let i Mod(T i ) s.t. i =φ i ar(c,r). Then c 1 =d 1 iff c 2 =d 2. Let i : {c 1 c C} {c 2 c C}, i(c 1 ) = c 2 well-defined; isomorphism. Stable infinity: can assume w.l.o.g. that 1, 2 have the same cardinality Let h : 1 2 bijection s.t. h(c 1 ) = c 2 Use h to transfer the Σ 1 -structure on 2. Theorem. If T 1,T 2 are both stably infinite and the shared signature is empty then the Nelson-Oppen procedure transfers decidability of ground satisfiability from T 1,T 2 to T 1 T 2. 61

62 Limitations of the Nelson-Oppen procedure Problem: The conditions which guarantee completeness of the Nelson- Oppen procedure are quite restrictive. Need to consider data structures with elements in a finite domain Sometimes the theories are tighter interrelated. Example 1: Theories of arrays with elements of a certain type: - Sorts: i (Indices), e (Elements), a (rrays) - Theories: T i, T e, T a - xioms for T a a,i,e : read(write(a,i,e),i) = e a,i,j,e : i j read(write(a,i,e),j) = read(a,j) Example 2: lists with elements of a certain type; length functions,... 62

63 Limitations of the Nelson-Oppen procedure Example 3: Doubly-linked lists p (p null p.next null p.next.prev = p) p (p null p.prev null p.prev.next = p) p (p null p.next null p.next.value > p.value) Example 4: f : R R monotone x,y : (x y f(x) f(y)) 63

64 Reasoning in standard theories Overview crash course: Decidable logical theories and theory fragments Reasoning in complex theories Modular reasoning in combinations of theories disjoint signature Hierarchical/Modular reasoning in theory extensions pplications Local theory extensions Examples: data structures (arrays, pointers, lists) Combinations of local extensions non-disjoint signature 64

65 Example R Mon f Mon g = x,y,z(x+5 f(x) x+3 y f(y) g(z) f(x) f(g(z))) Mon f Mon g x,y(x y f(x) f(y)) x,y(x y g(x) g(y)) Problems: prover for R does not know about f,g prover for first-order logic may have problems with the reals The theories share the predicate symbol Nelson-Oppen reasoning in theory combinations not possible 65

66 Example R Mon f Mon g = x,y,z(x+5 f(x) x+3 y f(y) g(z) f(x) f(g(z))) Hierarchic reasoning reduce to the problem of checking a family of constraints over R Modular reasoning if we separate the information about f and g at the beginning: no need to combine the information again at a later point 66

67 Local theory extensions K set of equational clauses; T 0 theory; T 1 = T 0 K (Loc) T 0 T 1 is local, if for ground clauses G, T 0 K G = iff T 0 K[G] G has no (partial) model How to recognize local theory extensions? T 1 local extension of T 0 [Ganzinger, VS, Waldmann 04, VS 05] Emb(T 0,T 1 ) 67

68 Reasoning in local theory extensions Locality: T 0 K G = iff T 0 K[G] G = Problem: Decide whether T 0 K[G] G = Solution 1: Use SMT(T 0 +UIF): possible only if K[G] ground Solution 2: Hierarchic reasoning [VS 05] reduce to satisfiability in T 0 : applicable in general parameterized complexity 68

69 Reasoning in local theory extensions Locality: T 0 K G = iff T 0 K[G] G = Problem: Decide whether T 0 K[G] G = Solution 1: Use SMT(T 0 +UIF): possible only if K[G] ground Solution 2: Hierarchic reasoning [VS 05] Hierarchical reasoning R Mon(f) (a < b f(a) = f(b)+1) G G Mon(f) a < b f(a) = f(b) + 1 reduce to satisfiability in T 0 : applicable in general x(x y f(x) f(y)) = parameterized complexity 69

70 Reasoning in local theory extensions Locality: T 0 K G = iff T 0 K[G] G = Problem: Decide whether T 0 K[G] G = Solution 1: Use SMT(T 0 +UIF): possible only if K[G] ground Solution 2: Hierarchic reasoning [VS 05] Hierarchical reasoning R Mon(f) (a < b f(a) = f(b)+1) G G Mon(f)[G] a < b f(a) = f(b) + 1 a b f(a) f(b) b a f(b) f(a) reduce to satisfiability in T 0 : applicable in general = parameterized complexity 70

71 Reasoning in local theory extensions Locality: T 0 K G = iff T 0 K[G] G = Problem: Decide whether T 0 K[G] G = Solution 1: Use SMT(T 0 +UIF): possible onlya if = K[G] b a 1 ground = b 1 Solution 2: Hierarchic reasoning [VS 05] Hierarchical reasoning R Mon(f) (a < b f(a) = f(b)+1) G Definitions G 0 Mon(f)[G] 0 Con[G] 0 a 1 = f(a) a < b b 1 = f(b) a 1 = b a b a 1 b 1 b a b 1 a 1 reduce to satisfiability in T 0 : applicable in general = parameterized complexity 71