Decision Procedures in First Order Logic

Daniel Kroening and Ofer Strichman 1

Decision Procedures in First Order Logic

Propositional Encodings

Decision Procedures An algorithmic point of view 2

Fourier-Motzkin Elimination

nnmnm

n

b

b

b

x

x

x

aa

aa

aaa

:

:

:

:

......

::

::

:

....

2

1

2

1

1

2221

11211

bIA A system of conjoined linear inequalities

m constraints

n variables

Decision Procedures An algorithmic point of view 3

1. When eliminating xn, partition the constraints according to the coefficient ai,n:

¨ ai,n > 0: upper bound

¨ ai,n < 0: lower bound nX

j =1ai;j ¢xj · bi

) xn ·bi

ai;n¡

n¡ 1X

j =1

ai;j

ai;n¢xj

) ai;n ¢xn · bi ¡n¡ 1X

j =1ai;j ¢xj

Decision Procedures An algorithmic point of view 4

n Example:

(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

Assume we eliminate 1.

Lower bound

Lower bound

Upper bound

Category?

Decision Procedures An algorithmic point of view 5

2. For each pair of a lower bound al,n<0 andupper bound au,n>0, we have

3. For each such pair, add a constraint

4. In other words, apply the proof rule:

Decision Procedures An algorithmic point of view 6

n Example:(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

(5) 2x3 ≤ 0 (from 1 and 3)

(6) x2 + x3 ≤ 0 (from 2 and 3)

Eliminate x1.

Decision Procedures An algorithmic point of view 7

n Example:

(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

(5) 2x3 ≤ 0 (from 1 and 3)

(6) x2 + x3 ≤ 0 (from 2 and 3)

(7) 0 ≤ -1 (from 4 and 5)

Contradiction (the system is unsatisfiable)!

Eliminate x3.

Decision Procedures An algorithmic point of view 8

Complexity of Fourier-Motzkin

In verification we typically solve a large number of small linear inequality systems.

The bottleneck: case splitting

Q: Is there an alternative to case-splitting ?

Decision Procedures An algorithmic point of view 9

Boolean Fourier-Motzkin (BFM)

x1 – x2 < 0 x1 – x3 < 0 (-x1 + 2x3 + x2 < 0 -x3 < -1)

(x1 – x2 0) x1 – x3 < 0 (-x1 + 2x3 + x2 0 1 x3 )

1. Normalize formula: ¨ Transform to NNF¨ Eliminate negations by reversing inequality signs

(1/2)

Decision Procedures An algorithmic point of view 10

: x1 - x2 < 0 x1 - x3 < 0 (-x1 + 2x3 + x2 < 0 -x3 < -1)

2. B

Boolean Fourier-Motzkin (BFM)

3. Derive Btrans: Perform FM on the conjunction of all predicates:

e1 e2 ( e3 e4 )

x1 – 2 < 0-x1 + 2x3 + x2 < 0

2x3 < 0

e1

e3

e5

e1 e3 e5

(2/2)

4. Solve ’ = B Æ (Btrans)

Decision Procedures An algorithmic point of view 11

BFM: example

e1 x1 – x2 < 0

e2 x1 – x3 < 0

e3 -x1 + 2x3 + x2 < 0

e4 -x3 < -1

e1 e2 (e3 e4)

e5 2x3 < 0

e6 x2 + x3 < 0

e1 e3 e5

e2 e3 e6

False 0 < -1 e4 e5 False

’ = Bsk Æ Btrans is satisfiable

Btrans

Computing Btrans

Computing Bsk

Decision Procedures An algorithmic point of view 12

n A proof rule

n A proof step (r,p,a)¨ r: Rule¨ p: Proposition¨ a: Antecedents

Decision Procedures An algorithmic point of view 13

Some proof rules

Decision Procedures An algorithmic point of view 14

Let’s prove

Decision Procedures An algorithmic point of view 15

Proof-graph of P

A

A

B

:

,:

Decision Procedures An algorithmic point of view 16

n Definition (Proof-step Constraint): if A1…Ak are the antecedents of step then

n Example:

():= (=5) Æ (:¸ 0) ! (:5 ¸ 0)

Boolean encoding

Decision Procedures An algorithmic point of view 18

n A proof P =(s1,…, sn) is a set of Proof Steps, in which the Antecedence relation is acyclic.

n The Proof Constraint c(P) induced by P is the conjunction of the constraints induced by its steps:

Decision Procedures An algorithmic point of view 19

n Propositional skeleton:

Decision Procedures An algorithmic point of view 20

n A proof P is said to prove validity of if :sk Æ c(P) is unsatisfiable.

n Normally proofs refer to the Boolean skeleton (the roots are sub-formulas).

n We will consider proofs starting from literals, and, hence, no Boolean structure.

Decision Procedures An algorithmic point of view 22

n Prove validity of x 5 Ç x ¸ 0 by using atoms only

Example

Decision Procedures An algorithmic point of view 23

Example (cont’d)

:sk Æ (’)

Decision Procedures An algorithmic point of view 24

Complete proofs

n Definition (Complete proofs): A proof P is called complete with respect to if

Decision Procedures An algorithmic point of view 25

n Proposition (sufficient condition for completeness #1): Let be an unsatisfiable formula, and let A denote the set of full assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A,

TL(): Theory Literals corresponding to

Decision Procedures An algorithmic point of view 26

n Proposition (sufficient condition for completeness #2): Let be an unsatisfiable formula, and let A denote the set of minimal assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A,

TL(): Theory Literals corresponding to

For a partial assignment s.t. ² , is minimal if 8v. nv 2

Decision Procedures An algorithmic point of view 27

n Proposition (sufficient condition for completeness #3): Let be an unsatisfiable formula, and let A denote the set of minimal assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A, for some unsatisfiable core TLuc() µ TL()

TL(): Theory Literals corresponding to

Decision Procedures An algorithmic point of view 28

Goal: find complete proofs

n We will see a ‘complete’ proof mechanism, based on projection.

n First, let us define projection in terms of proof steps.

Decision Procedures An algorithmic point of view 29

Decision Procedures An algorithmic point of view 30

Example - projection

n Indeed, ¨ x1 var(x4 > x4)

¨ ’ = (x2 > x3) Æ (x4 > x4) is equisatisfiable to

Decision Procedures An algorithmic point of view 31

Decision Procedures An algorithmic point of view 32

Example – strong projection

12

n Indeed

are unsatisfiable and do not contain x1.

Decision Procedures An algorithmic point of view 33

Decision Procedures An algorithmic point of view 34

Decision Procedures An algorithmic point of view 35

Decision Procedures An algorithmic point of view 36

Decision Procedures An algorithmic point of view 38

Examples

n Disjunctive Linear arithmetic:Boolean Fourier-Motzkin

n Equality Logic:¨ For each pair of predicates

of the form xi=xj and xj=xk in , apply:

¨ To each pair of contradicting predicates of the form xi = xj and xi xj, apply

xi = xj xj = xk

xi = xk(T ransitivity of Equality)

xi = xj xi 6= xj

f alse(Contradiction)

Decision Procedures An algorithmic point of view 39

Optimizations

n Conjunction Matrices

n Early detection

n Cross-theory learning

Decision Procedures An algorithmic point of view 40

Cross-theory learning

n T1:

n T2:

n From T1 we learn z1= z2,which we propagate to T2

n In T2 we get a contradiction on: z1 > 2, z2=1, z1 = z2

n This results in a conflict clause:

n Which represents cross-theory learning

(: e(z1 > 2) _ : e(z2 = 1) _ : e(z1 = z2))

x1 = x2; z1 = f (x1); z2 = f (x2)

z1 > 2;z2 = 1