1

A Combination Method for Generating Interpolants

by G. Yorsh and M. Masuvathi

Presentation by: Emilia Katz

2

The Goal

• Given:– theory T – combination of T1 and T2

– A and B – two logical T-formulas– A ⋀ B is unsatisfiable in T– efficient interpolant-generation procedures

exist for T1 and T2

• Find:– interpolant for <A,B>

if both sub-procedures are polynomial, the resulting

procedure will also be polynomial

restrictions on T1 and T2 will be

seen later…

3

The Idea

• How to find an interpolant efficiently?– Derive it from unsatisfiability proof

• But how? And how to get the proof?• We don’t want to make further assumptions about

T1 and T2, so– We don’t know how their interpolant-generation

procedures work– We don’t know how their decision procedures work

• The idea: use them as black boxes– Combine d.p.-s for T1 and T2 into a d. p. for T.– Use the proof and the interpolant-generation

procedures for T1 and T2 to derive an interpolant in T.Nelson-Oppen framework…

4

Example

T1 = UIF (uninterpreted functions theory)

T2 = LI (linear equalities theory)

A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1)

B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3)

• UIF and LI satisfy the requirements [assume it meanwhile, we’ll return to it later]

• A B is unsatisfiable [we’ll see this in a couple of minutes]

5

Nelson – Oppen framework

… for combining decision procedures• Given:

– theory T – combination of T1 and T2

– A and B – two conjunctions of literals in T• Goal: is A ⋀ B satisfiable in T ?• Assumptions:

– Σ = Σ1 Σ2 (denote: Σ = ΣT, Σi = ΣTi)– Σ1 Σ2 = {=}– T1, T2 are stably-infinite– T1, T2 have decision procedures for satisfiability of

conjunctions of Σi literals

= every quantifier-free Σi-formula is

satisfiable in Ti iff it is satisfied by a Ti-

interpretation with infinite domain

6

N.-O. framework application example

T1 = UIF (uninterpreted functions theory)T2 = LI (linear equalities theory)

A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1)B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3)

1. Purification: ALI = (a1+x2=x3) (a2+y2=y3) (y1x1)

AUIF = ((a1 = f(x1)) (a2 = f(y1))BLI = (x1 y1)(x3 < y3)BUIF = (x2=g(b))(y2=g(b))

replace: f(x1) by a1, f(y1) by a2

add equalities for a1, a2

no replacements needed

7

Application Example – contd.2. Equality propagation:

UIF LI

(1) a1 = f(x1) (5) a1+x2=x3

(2) a2 = f(y1) (6) a2+y2=y3

(3) x2=g(b) (7) y1x1

(4) y2=g(b) (8) x1 y1

-------------------- (9) x3 < y3

--------------------(10) x1 = y1

(11) a1 = a2

(12) x2 = y2

Unsatisfiable! Theory: LI

Eq = (a1=a2 x2=y2)

under the line: EqLI

under the line: EqUIF

8

Nelson – Oppen frameworkA B

Purification

A1 B1 A2 B2

in T

in T1 in T2

Equality propagation

Dec. proc. for T1

Dec. proc. for T2

F1:= A1 B1 F2:= A2 B2

Equality derivation in T1 (Eq1)

Equality derivation in T2 (Eq2)

F2 := F2Eq1

F1 := F1Eq2

Sat. Sat.

Satisfiable!

no more new equalities

Unsatisfiable! (found by Ti, with Eq)

Unsat.Unsat.

adding new variables to replace objects of the “wrong” type, and

equalities “defining” them

9

Theory-specific InterpolantGiven:• T – first order theory of signature Σ• – class of quantifier-free Σ-formulas• ΣT Σ – interpreted symbols in T• A, B ∈ such that A ⋀ B ⊦T ⊥Then theory-specific interpolant for <A,B> is ∈ such that:

1. A ⊦T 2. ⋀ B ⊦T ⊥

3. () ((A)(B)) ΣT

new requirement: quantifier-free interpolants (for completeness of SAT-checks with

interpolants [in subsequent analysis stages])

less strict requirement: can

contain not only AB-common symbols

not necessary for the method

to work properly

set of symbols that appear in the formula

10

Requirement (3) Change Motivation

Example:A ≝ c2 = car(c1) ⋀ c3 = cdr(c1) ⋀ atom(c1)B ≝ c1 = cons(c2 ,c3)In theory of Lisp structures• ci – s are lists• car(c) = “head” element of the list c• cdr(c) = “tail” of the list c• cons(c,d) = concatenation of d after c• ΣT = {car, cdr, cons, atom}• A ⋀ B ⊦T ⊥

Axiom of T: ∀x(atom(x) ⇒ cons(car(x),cdr(x))=x)

Apply to x=A:A ⇒ (c1 = cons(c2 ,c3))

contradiction with B!

Interpolant (by new def.)

c1 = cons(c2 ,c3)

“cons” is not AB–common; “cons”, “atom”, “cdr”, “car” not alowed in

=> no interpolant for <A,B>!

11

Interpolants Generation MethodAssumptions:• T – combination of T1, T2

• Σ = Σ1 Σ2

• efficient interpolant-generation procedures exist for T1 and T2

• Restrictions from Nelson-Oppen framework:– Σ1 Σ2 = {=}– T1, T2 are stably-infinite– T1, T2 have decision procedures for satisfiability of conjunctions of Σi

literals

• T1, T2 are equality-interpolating• T1, T2 are convexGuarantee:• Output: theory-specific interpolant for <A,B> in T

first-order theories Input: <Ai,Bi> - conjunctions

of Σi literals; output – interpolant as i formula

to be explained

( (xi = yi)) ⇒ ∃k. (xk=yk)

12

Simple Case

Constraints to be relaxed later:

• A, B – conjunctions of literals

Constraints possible to relax

• T1, T2 are convex theories

Arise from the use of the Nelson-

Oppen framework

Relaxed in another work of the authors…

13

Naïve approachA B

Nelson-Oppen

in T

“Unsatisfiable!”

+ Eq (propagated equalities)

+ P (proof of AiBi ⊦Ti ⊥)

framework for <T1,T2>

“Satisfiable!”

Given: AB ⊦T ⊥

Ai Eq|Ai P Bi Eq|Bi

Interpolant generation procedure for Ti

Interpolant for <A,B>

?

14

The problem - example

A ≝ (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1)B ≝ (x2=g(b))(y2=g(b))(x1 y1)(x3 < y3)• Contradiction found by LI between

A’ = ALI(a1=a2); B’ = BLI(x1=y1)(x2=y2)• Interpolant found for <A’,B’> in LI: = (x2-y2=x3-y3)• Is interpolant for <A,B> in T?

– B T ⊥– But A : (f(x1)+x2=x3) (f(y1)+y2=y3) (y1x1) (x2-y2=x3-

y3)– A → A’ doesn’t have to hold => A additional information

from B might appear in A’

15

Proposed solution: Partial Interpolants

Definition: Projection

Given Θ – conjunction of AB-pure literals

Define Θ|A – conjunction of A-local literals,

Θ|B – conjunction of B-local and AB-common literals

Note: Θ = Θ|A Θ|B

Example: A = (a1=f(x1) a2 = f(y1)),

B = (a1=f(x1) a3 = f(y1))

Θ = A B = (a2 = f(y1) a1=f(x1) a3 = f(y1))Θ|A Θ|B

Attach one to each equality propagated in

the unsatisfiability proof in Nelson-

Oppen framework

16

Partial Interpolant – defn.

Definition: Theory-specific partial interpolant

A’,B’ - conjunctions of pure literals in Σi,

e – AB-pure atomic formula generated by decision procedure for the theory Ti: A’B’ Ti e

Then:

Theory-specific partial interpolant for e w.r.t. <A’,B’>, φi

A’,B’(e), is the interpolant generated for <A’(e|A’), B’(e|B’)> by Ti’s procedure

thus, A’B’ e Ti ⊥

in our case, (A’)(A), (B’)(B) => interpolant for e contains only AB-common symbols

17

LI-Partial Interpolant Example

• First equality propagated: e=(x1=y1); A’ = ALI, B’ = BLI

• (7) ALI, (8) BLI

• e|A’= true, e|B’= (x1=y1)

• Interpolant for < y1x1 ,

(x1y1) (x1=y1) >: φLI

A’,B’(x1=y1)= y1 x1

UIF LI

(1) a1 = f(x1)(5) a1+x2=x3

(2) a2 = f(y1)(6) a2+y2=y3

(3) x2=g(b) (7) y1x1

(4) y2=g(b) (8) x1 y1

------------------ (9) x3 < y3

------------------

(10) x1 = y1

x1, y1 are AB-common

18

Partial Interpolant – contd.

Definition: Partial interpolant• e – AB-pure equality derived from AB in Nelson-Oppen

framework by a theory Ti: AiBiEq Ti e• Ai, Bi – conjunctions of pure literals• Eq – a set of AB-pure equalitiesPartial interpolant for e w.r.t. <A,B>, φA,B(e), is defined

inductively:• Base:

– e Ai ⇒ φA,B(e) = ⊥, – e Bi ⇒ φA,B(e) = ⊤

• Inductive step: Let A’ ≝ AiEq|A, B’ ≝ BiEq|B φA,B(e) = (φi

A’,B’(e) ⋁aA’ φA,B(a)) ⋀bB’ φA,B(b)

reason for restriction to equality-interpolating theories

derived from AB by Nelson-Oppen procedure…

a, b - equalities

19

Partial interpolant - example

• Find partial interpolant for <A,B>, φA,B(⊥), from the running example:

• Follow the proof step-by-step• Step1: deriving (x1=y1)

– Ti = LI– Eq = ⊤, thus:– A’ = ALI = (a1+x2=x3) (a2+y2=y3) (y1x1)– B’ = BLI = (x1 y1)(x3 < y3)– φA,B(x1=y1) = φLI

A’,B’(x1=y1) = y1 x1

20

Partial interpolant example – contd.

• Step2: deriving (a1=a2)– Ti = UIF– Eq = (x1=y1)– Eq|A = ⊤, Eq|B = (x1=y1), thus:– A’ = AUIF = ((a1 = f(x1)) (a2 = f(y1))– B’ = BUIF(x1=y1) = (x2=g(b))(y2=g(b)) (x1=y1)– φA,B(a1=a2) = (φUIF

A’,B’(a1=a2) ⊥) ⋀bB’ φA,B(b)– φUIF

A’,B’(a1=a2)= (x1=y1)– φA,B(a1=a2) = (x1=y1)(y1 x1) = (y1 < x1)

A’=AUIF => we have results only from

the base case

= φA,B(x1=y1) = (y1 x1)

interpolant-generation proc. of UIF

the rest is True from the base case

propagated eq. used to derive a1=a2

21

Partial interpolant example – contd.

• Step3: deriving (x2=y2)

– Ti = UIF

– Eq = ⊤, thus:

– A’ = AUIF = ((a1 = f(x1)) (a2 = f(y1))

– B’ = BUIF = (x2=g(b))(y2=g(b))

– φA,B(x2=y2) = φUIFA’,B’(x2=y2) =

= interpolant, derived by UIF’s procedure for <A’(x2=y2)|A’, B’ (x2=y2)|B’> =

=interpolant for < ((a1 = f(x1)) (a2 = f(y1)), (x2=g(b))(y2=g(b)) (x2=y2) >

no propagated eq. needed to derive x2=y2

= ⊤ = (x2=y2)

=> Internal contradiction => φA,B(x2=y2) = ⊤

22

Partial interpolant example – contd.

• Step4: deriving ⊥– Ti = LI

– Eq = (x2=y2) (a1=a2)

– Eq|A = (x2=y2) (a1=a2), Eq|B = ⊤, thus:

– A’ = ALI(x2=y2)(a1=a2) = ((a1 = f(x1))(a2 = f(y1)) (x2=y2)(a1=a2)

– B’ = BLI = (x2=g(b))(y2=g(b))

– φA,B(⊥) = (φLIA’,B’(⊥) (φA,B(x2=y2) φA,B(a1=a2))) ⊤

=> φA,B(⊥) = ((x2-y2=x3-y3)) (y1 < x1)

= (y1<x1)

interpolant-generation proc. of UIF

⋀bB’ φA,B(b) = ⊤from the base case

propagated eq.-s used to derive ⊥

= ⊤= (x2-y2=x3-y3)

23

Correctness

Lemma 1:

The partial interpolant, φA,B(e), is an interpolant for < A (e|A), B (e|B) > in the combined theory T.

φA,B(⊥) is an interpolant for < A, B >

24

Equality-interpolating theories

• Restriction on T1, T2 : they should be equality-interpolating

Definition: Theory T is equality-interpolating if whenever

– A, B T– AB T (a=b)– a (A)-(B), b (B)-(A)=> Exists a term t s.t.– AB T (a=t) (b=t)– (t) (A) (B)t is called equality-interpolating term for (a=b)

with respect to <A,B>

thus propagation of AB-pure equalities only in the Nelson-

Oppen framework is enough indeed

25

Equality-interpolating theories (contd.)

• LI, UIF, Lisp are equality-interpolating theories

• Not all the theories are equality-interpolating. Example:– theory with two relation symbols, P and Q– axiom: abc P(a,c)Q(c,b) ⇒ (a=b)– let A ≝ P(a,c), B ≝ Q(c,b)– A B (a=b)– But: no equality-interpolating term for (a=b) !

26

Relaxing constraints

• Constraints to be relaxed:– A, B – conjunctions of literals

• The idea: use– Extended Pudlák’s algorithm

=> propositional interpolants for a pair of clause sets– Lazy Proof-Explication framework (using SAT-slover)

=> checking satisfiability of arbitrary quantifier-free FOL formulas

i.e., CNF formulas

27

Pudlák’s algorithm• Input:

– A, B – pair of clause sets– A ⋀ B ⊦T ⊥– – proof of unsatisfiability for A ⋀ B

• For each clause c in , define p(c):1. (a) cA ⇒ p(c) := ⊥

(b) cB ⇒ p(c) := ⊤• otherwise, x,c1,c2.(c = resolvex(c1,c2))

(a) xA and xB ⇒ p(c) := p(c1)p(c2)

(b) xB and xA ⇒ p(c) := p(c1)p(c2)

(c) x - AB-common ⇒ p(c) := (x p(c1))(x p(c2))

• p(⊥) is the interpolant for <A,B>

partial interpolant

for c

c is a result of

resolution; x - pivot

x – A-local

x – B-local

variant of the seen before

28

Pudlák’s algorithm correctness

• Invariant:

For each clause c , p(c) is an interpolant for <gA(c), gB(c)>

gA(c) =A(c)|A, gB(c)=B(c)|B• Thus:

(c = ⊥) ⇒ gA(⊥) = A, gB(⊥) = B

⇒[invariant] p(⊥) is the interpolant for <A,B>

29

Lazy Proof-Explication framework

• Our input – quantifier-free FOL formulas

• Nelson-Oppen framework works on conjunctions of literals

• How to bridge the gap?

• Use SAT-solver!

30

Lazy Proof-Explication frameworkφ=A B

Nelson-Oppen

atomic formulas replaced by boolean variables

“Unsatisfiable!”

+ C (conflict clauses set)

framework for <T1,T2> “Satisfiable!”

result: φ’

propositional abstraction

satisfiability check Unsat.

satisfying ass. s for φ’

φ’:= φ’ s; C:= C {s}

Unsat.

Sat.

Sat.

s = conjunction of literals; satisfies φ propositionally

s = new conflict clause

SAT-solver

L.P.E.

31

Obtaining the interpolant

• We would like to :– give Pudlák’s algorithm the proof obtained from

L.P.E. framework – obtain interpolant

• Problem: the base case! (a) cA ⇒ p(c) := ⊥ (b) cB ⇒ p(c) := ⊤

• Now possible: cA and cB– Conflict clauses appear in the proof, and a

conflict clause may involve local literals from both A and B

32

L.P.E. framework - observations

• For each conflict clause cC, c is a conjunction of literals

c is unsatisfiable (proven by N.-O.) c contains only literals from A and B

=> every literal in c is AB-pure

• Thus we can apply previously described method (“simple case”) to find an interpolant between (c)|A and (c)|B

33

Partial Interpolant for Clauses

Definition: Partial interpolant for clauses• AB T ⊥• C – corresponding set of conflict clauses• ABC – propositionally unsatisfiable• c CPartial interpolant for c, φA,B(c), is defined inductively:• Base:

– c A ⇒ φA,B(c) = ⊥, – c B ⇒ φA,B(c) = ⊤

• Inductive step: φA,B(c) = interpolant for <c|A ,c|B> in T

can be calculated by the “simple

case” method

34

Extended Pudlák’s algorithm• Input:

– <A,B; C> where A, B, C – clause sets

– A ⋀ B ⊦T ⊥

– – proof of unsatisfiability for A ⋀ B

• For each clause c in , define p(c):1. c is not a resolution result ⇒ p(c):= φA,B(c)

2. otherwise, x,c1,c2.(c = resolvex(c1,c2))

(a) xA and xB ⇒ p(c) := p(c1)p(c2)

(b) xB and xA ⇒ p(c) := p(c1)p(c2)

(c) x - AB-common ⇒ p(c) := (x p(c1))(x p(c2))

• p(⊥) is the interpolant for <A,B>

C – set of conflict clauses

No change needed here…

35

Extended algorithm correctness• Enough to show the invariant is maintained, i.e.,

c , p(c) is an interpolant for <gA(c), gB(c)>

gA(c) =A(c)|A, gB(c)=B(c)|B• Observation: in the base case,

– cA ⇒ φA,B(c) = ⊥ ⇒

p(c) := ⊥ (as in the original algorithm) ⇒old proof works

– cB ⇒ φA,B(c) = ⊤ ⇒

p(c) := ⊤ (as in the original algorithm) ⇒old proof works

– new case: cA and cB ⇒ need new proof

36

Extended algorithm correctness(2)

• Base case: – left to prove for the case cA and cB– then φA,B(c) is interpolant for <c|A ,c|B> (by

definition)

⇒ ((c)|A φA,B(c)) ⇒ ((A(c)|A) φA,B(c))

⇒ (φA,B(c) (c)|B ⊥) ⇒ ((B (c)|B) φA,B(c) ⊥)– thus p(c)=φA,B(c) is indeed an interpolant for

<A (c)|A,B (c)|B > in T

• Induction step:– the proof relied only on the fact that the invariant

holds in the base case => the old proof stays correct

37

Conclusions

• Presented: efficient and modular method for interpolant-generation

• Generic, and not theory-specific method• Easy to incrementally extend interpolation-

generation to additional theories• Uses Nelson-Oppen framework in a

modular way, and in case of its improvement can easily connect to the new version

38

Thank you!