Ground Interpolation for the Theory of Equality

A. Fuchs1, A. Goel2, J. Grundy2, S. Krstic2, C. Tinelli1

1 The University of Iowa2 Intel Corporation

Logical Interpolation in Formal Methods

Logical interpolants are useful in model

checking, e.g., to accelerate the computation of

reachability relations improve predicate abstraction

We will focus on ground interpolants

Ground Interpolation in First-order Theories

A theory T admits ground interpolation iffevery two ground formulas A and B inconsistent in T have a ground T -interpolant, a ground formula I s.t.

I’s symbols are shared by A and B A |=T I

I, B are inconsistent in T ( I, B |=T false )

Contribution of This Work

A new ground interpolation procedure for EUF

Highlights: Interpolants are extracted from colored

congruence graphs (CCGs) A CG represents compactly a proof of

inconsistency for sets of ground literals CGs are easily produced by usual congruence

closure algorithms for deciding ground satisfiability in EUF

Contribution of This Work

A new ground interpolation procedure for EUF

Highlights:

Our interpolants are: conjunctions of ground Horn clauses in simplest possible form for EUF smaller and simpler than in previous method by

McMillan [McM05]

Simplifying Assumptions

We consider only conjunctions of literals Any interpolation procedure for such

formulas, in any theory, can be uniformly extended to arbitrary ground formulas [e.g., McM05, CGS08]

(Only?) Previous Work

Interpolation procedure for EUF by McMillan [MCM03]

Based on a inference system for EUF with 6 rules (for reflexivity, symmetry, etc. of = )

Rules extended with annotations [u, v, , ] for premises and conclusions, and increased to 11

If A, B derives false[u, v, , ] then is an interpolant of A, B

Our view: Interpolation as a Cooperative Game u0 = v0

A = u2 = g(u1, u)

v2 = g(v1, h(v))

A-prover B-prover

0. A B

1.

2.

3.

4.

u1 = f(x, v0)

B = v1 = f(x, u0)

u = h(v), u2 v2

Ground Interpolation as a Cooperative Game

A-prover B-prover

0. A B

1. u0 = v0

2.

3.

4.

u0 = v0

A = u2 = g(u1, u)

v2 = g(v1, h(v))

u1 = f(x, v0)

B = v1 = f(x, u0)

u = h(v), u2 v2

Ground Interpolation as a Cooperative Game

A-prover B-prover

0. A B

1. u0 = v0

2. u1 = v1

3.

4.

u0 = v0

A = u2 = g(u1, u)

v2 = g(v1, h(v))

u1 = f(x, v0)

B = v1 = f(x, u0)

u = h(v), u2 v2

Ground Interpolation as a Cooperative Game

A-prover B-prover

0. A B

1. u0 = v0

2. u1 = v1

3. u = h(v)

4.

u0 = v0

A = u2 = g(u1, u)

v2 = g(v1, h(v))

u1 = f(x, v0)

B = v1 = f(x, u0)

u = h(v), u2 v2

Ground Interpolation as a Cooperative Game

A-prover B-prover

0. A B

1. u0 = v0

2. u1 = v1

3. u = h(v)

4. u2 = v2

Interpolant: u0 = v0 (u1 = v1 u = h(v) u2 = v2)

u0 = v0

A = u2 = g(u1, u)

v2 = g(v1, h(v))

u1 = f(x, v0)

B = v1 = f(x, u0)

u = h(v), u2 v2

Ground Interpolation as a Cooperative Game

Concrete Result for EUF:

A procedure to retrofit the interpolation game to congruence graphs

Congruence Graph: ExampleL = {x1 = z1, z1 = z2, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z5 = f(z3),

f(z4) = z6, z6 = x4, y1 = z7, z7 = f(x3), f(x4) = z8, z8 = y2} T = {terms in L} x1

y1 z7 z8 y2

x3 z5 z6 x4

z3

f(x1)

z4

z1 z2 x2

f(x2)

f(z3) f(z4)

f(x3) f(x4)

Basic edge

Derived edge

Congruence Graphs and EUF

Fact: decision procedures for EUF essentiallycompute congruence graphs

Prop. Let L = {equalities and disequalities}, T = {all terms in L}.L is inconsistent in EUF iffthere is a CG (T, ) and s t L s.t.

s * t

Congruence Graphs and EUF

Let G be any CG showing that L is inconsistent in EUF

Let L = A B

We can extract an interpolant of A, B from G by first suitably coloring G with{A, B}

The interpolant can be seen as generated from a run of the interpolation game between an A-prover and a B-prover

x1

y1 z7 z8 y2

x3 z5 z6 x4

z3

f(x1)

z4

z1 z2 x2

f(x2)

f(z3) f(z4)

f(x3) f(x4)

Colored Congruence Graph: Example

Coloring scheme: Nodes in A \ B colored A ” ” B \ A ” B ” ” A B ” AB Basic edges in A colored A ” ” ” B ” B Derived edges colored A (B)

if both endpoints are A (B)

A = {x1 = z1, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z6 = x4, z7 = f(x3), f(x4) = z8}

B = { z1 = z2, z5 = f(z3) , f(z4) = z6, y1 = z7, z8 = y2 }

Colored Congruence Graph: Example

A = {x1 = z1, z2 = x2, z3 = f(x1), f(x2) = z4, x3 = z5, z6 = x4, z7 = f(x3), f(x4) = z8}

B = { z1 = z2, z5 = f(z3) , f(z4) = z6, y1 = z7, z8 = y2 }

x1

y1 z7 z8 y2

x3 z5 z6 x4

z3

f(x1)

z4

z1 z2 x2

f(x2)

f(z3) f(z4)

f(x3) f(x4)

Coloring scheme: Nodes in A \ B colored A ” ” B \ A ” B ” ” A B ” AB Basic edges in A colored A ” ” ” B ” B Derived edges colored A (B)

if both endpoints are A (B)

Fixing Uncolorable Graphs

It is possible (and easy) to modify the graph to remove uncolorable edges

Reason: EUF is equality interpolating

Lemma. [YM05] If A, B |= s = t one can compute a AB-term u s.t.

A, B |= s = u u = t

Extracting Interpolants from Colored Congruence Graphs

s

2

r2

s1 r1v1u1r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

CCG for A, B with s r B :

Notation: let xy denote a path from node x to node y

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = I(su) I(uv) I(vr)= I(s1r1) I(uv) = I(s1u1) I(u1v1) I(v1r1) I(uv)= {u1= v1} I(uv)

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = {u1= v1} I(uv)= {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v}

I(v3 = u3) I(v6 = u6) I(v4 = u4) I(u2 = v2)

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = {u1= v1} I(uv)= {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v}

I(u2 = v2)

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} I(u2 = v2)

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} I(s7 = r7)

s2 r2

s1 r1v1u1

r3s3 v2u2

s4 r4v3 v4u3 u4

s6 r2v5u5

s5 r5v6 u6

r7s7 u7v7

s u v r

I(sr) = {u1= v1} { v3 = u3 v6 = u6 v4 = u4 u2 = v2 u = v} {u5 = v5 u7 = v7}

Note: A |= I(sr) and B, I(sr) |= s = r but s r B

Interpolation Function:Formal Definition

{I() | is a factor of st} if st has ≥ 2 factors

I(st) = {I() | is a parent of a link in st} if st is a B-path

{I() | P(st)} {J(st)} if st is a A-path

{P() | is a factor of st} if st has ≥ 2 factors

P(st) = {st} if st is a B-path

{P() | is a parent of a link in st} if st is a A-path

J(st) = {u = v | uv P(st)} s = t

Main Theoretical Result

Lemma. Function I is well defined andcomputable over any CCG, and returns a set of ground Horn clauses.

Theorem. Let G be a CCG for A, B.If sr is a path in G s.t. s r B, thenI(sr) is an EUF-interpolant of A and B.

Note: The paper also defines an I’ for when s r A.

Interpolation Procedure

Given a literal set L inconsistent in EUF and

a partition A, B of L

n run CC to find a CG G over L connecting s, r for some s r L

n modify G as needed to make it colorable and color it (in any allowed way)

n If s r B return I(sr) else return I’(sr)

Main Differences with McMillan’s Procedure

CGs condense inferences by reflexivity, symmetry and transitivity into paths (big step vs. small step proof)

Ex: z1 = x1 = z2 = x2 = f(z3) = x3 = z4 z1

Our interpolant: z1 = z4

McMillan’s: z1 = z2 z2 = f(z3) f(z3) = z4

Main Differences with McMillan’s Procedure

Interpolants with simple Boolean structure

Ex. 7,10 in our paper:

Our interpolant: (z1 = z2 z3 = z4) (z5 = z6 z7 = z8)

McMillan’s: (z1 = z2 (z3 = z4 z5 = z6))

z3 = z4 z7 = z8

Main Differences with McMillan’s Procedure

Minimal number of new, auxiliary terms vs. many new terms produced on-the-fly

Non-deterministic coloring step (2) vs. fully specified annotation mechanism

Overall smaller and simpler interpolants

Experimental Results

Interpolation procedure implemented in SMT-solver DPT

Compared with state-of-the-art implementation of McMillan’s procedure in MathSAT [Cim08] Both systems extend interpolation to general ground

EUF formulas in the same way (relying on similar DPLL-style SAT engines)

Resolution proofs from the two DPLL engines are comparable in size

Same benchset as in [Cim08]

Experimental Results

DTP vs. MathSAT on 45 benchmarks derived from SMT-LIBRuntimes: ComparableInterpolant size: DPT’s 3.8 times smaller on average

Conclusion

New interpolation procedure for EUF Easy to implement on top of CC procedures

within SMT solvers Generates smaller and simpler interpolants Provides basis for further refinements and

implementations Its flexibility could be useful when the notion

of interpolant quality is better understood

Theories with Ground Interpolation

Equality over uninterpreted function symbols (EUF)

Real arithmetic Linear Integer Arithmetic with divisibility

operator … Any FOL theory admitting quantifier

elimination

Theories with Ground Interpolation

Equality over uninterpreted function symbols (EUF)

Real arithmetic Linear Integer Arithmetic with divisibility

operator … Any FOL theory admitting quantifier

elimination

Coloring Congruence Graph

Let A, B be disjoint sets of literals

Every symbol of A (B) is A-colorable (B-colorable) A term is A-colorable (B-colorable) if all of its symbols are

To color a CG for A B, colorn a node with A (resp., B) if it occurs in A (resp., B)- a basic edge with A (resp., B) if it occurs in A (resp., B)- a derived edge with A (alternatively, with B) if its end-

points are both colored with A (with B)

Congruence Graph for L

Any undirected graph G built during this procedure

Input: L = {ground literals}, T = {ground terms}

Let G := (T, ) with := Repeat as long as possible

For each (s, t) TT \ * such that

s = t L or t = s L or

s is f(s1,…,sn), t is f(t1,…,tn) and s1 * t1, …, sn * tn

do add (s, t) to