Decision Procedures in First Order Logic

Daniel Kroening and Ofer Strichman 1

Decision Procedures in First Order Logic

Propositional Encodings

Decision Procedures An algorithmic point of view 2

Fourier-Motzkin Elimination

nnmnm

n

b

b

b

x

x

x

aa

aa

aaa

:

:

:

:

......

::

::

:

....

2

1

2

1

1

2221

11211

bIA A system of conjoined linear inequalities

m constraints

n variables


1. When eliminating xn, partition the constraints according to the coefficient ai,n:

¨ ai,n > 0: upper bound

¨ ai,n < 0: lower bound nX

j =1ai;j ¢xj · bi

) xn ·bi

ai;n¡

n¡ 1X

j =1

ai;j

ai;n¢xj

) ai;n ¢xn · bi ¡n¡ 1X

j =1ai;j ¢xj


n Example:

(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

Assume we eliminate 1.

Lower bound

Lower bound

Upper bound

Category?


2. For each pair of a lower bound al,n<0 andupper bound au,n>0, we have

3. For each such pair, add a constraint

4. In other words, apply the proof rule:


n Example:(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

(5) 2x3 ≤ 0 (from 1 and 3)

(6) x2 + x3 ≤ 0 (from 2 and 3)

Eliminate x1.


n Example:

(1) x1 – x2 ≤ 0

(2) x1 – x3 ≤ 0

(3) -x1 + x2 + 2x3 ≤ 0

(4) -x3 ≤ -1

(5) 2x3 ≤ 0 (from 1 and 3)

(6) x2 + x3 ≤ 0 (from 2 and 3)

(7) 0 ≤ -1 (from 4 and 5)

Contradiction (the system is unsatisfiable)!

Eliminate x3.


Complexity of Fourier-Motzkin

In verification we typically solve a large number of small linear inequality systems.

The bottleneck: case splitting

Q: Is there an alternative to case-splitting ?


Boolean Fourier-Motzkin (BFM)

x1 – x2 < 0 x1 – x3 < 0 (-x1 + 2x3 + x2 < 0 -x3 < -1)

(x1 – x2 0) x1 – x3 < 0 (-x1 + 2x3 + x2 0 1 x3 )

1. Normalize formula: ¨ Transform to NNF¨ Eliminate negations by reversing inequality signs

(1/2)


: x1 - x2 < 0 x1 - x3 < 0 (-x1 + 2x3 + x2 < 0 -x3 < -1)

2. B

Boolean Fourier-Motzkin (BFM)

3. Derive Btrans: Perform FM on the conjunction of all predicates:

e1 e2 ( e3 e4 )

x1 – 2 < 0-x1 + 2x3 + x2 < 0

2x3 < 0

e1

e3

e5

e1 e3 e5

(2/2)

4. Solve ’ = B Æ (Btrans)


BFM: example

e1 x1 – x2 < 0

e2 x1 – x3 < 0

e3 -x1 + 2x3 + x2 < 0

e4 -x3 < -1

e1 e2 (e3 e4)

e5 2x3 < 0

e6 x2 + x3 < 0

e1 e3 e5

e2 e3 e6

False 0 < -1 e4 e5 False

’ = Bsk Æ Btrans is satisfiable

Btrans

Computing Btrans

Computing Bsk


n A proof rule

n A proof step (r,p,a)¨ r: Rule¨ p: Proposition¨ a: Antecedents


Some proof rules


Let’s prove


Proof-graph of P

A

A

B

:

,:


n Definition (Proof-step Constraint): if A1…Ak are the antecedents of step then

n Example:

():= (=5) Æ (:¸ 0) ! (:5 ¸ 0)

Boolean encoding


n A proof P =(s1,…, sn) is a set of Proof Steps, in which the Antecedence relation is acyclic.

n The Proof Constraint c(P) induced by P is the conjunction of the constraints induced by its steps:


n Propositional skeleton:


n A proof P is said to prove validity of if :sk Æ c(P) is unsatisfiable.

n Normally proofs refer to the Boolean skeleton (the roots are sub-formulas).

n We will consider proofs starting from literals, and, hence, no Boolean structure.


n Prove validity of x 5 Ç x ¸ 0 by using atoms only

Example


Example (cont’d)

:sk Æ (’)


Complete proofs

n Definition (Complete proofs): A proof P is called complete with respect to if


n Proposition (sufficient condition for completeness #1): Let be an unsatisfiable formula, and let A denote the set of full assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A,

TL(): Theory Literals corresponding to


n Proposition (sufficient condition for completeness #2): Let be an unsatisfiable formula, and let A denote the set of minimal assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A,


For a partial assignment s.t. ² , is minimal if 8v. nv 2


n Proposition (sufficient condition for completeness #3): Let be an unsatisfiable formula, and let A denote the set of minimal assignments that satisfy sk.

A proof P is complete with respect to if 8 2 A, for some unsatisfiable core TLuc() µ TL()



Goal: find complete proofs

n We will see a ‘complete’ proof mechanism, based on projection.

n First, let us define projection in terms of proof steps.



Example - projection

n Indeed, ¨ x1 var(x4 > x4)

¨ ’ = (x2 > x3) Æ (x4 > x4) is equisatisfiable to



Example – strong projection

12

n Indeed

are unsatisfiable and do not contain x1.






Examples

n Disjunctive Linear arithmetic:Boolean Fourier-Motzkin

n Equality Logic:¨ For each pair of predicates

of the form xi=xj and xj=xk in , apply:

¨ To each pair of contradicting predicates of the form xi = xj and xi xj, apply

xi = xj xj = xk

xi = xk(T ransitivity of Equality)

xi = xj xi 6= xj

f alse(Contradiction)


Optimizations

n Conjunction Matrices

n Early detection

n Cross-theory learning


Cross-theory learning

n T1:

n T2:

n From T1 we learn z1= z2,which we propagate to T2

n In T2 we get a contradiction on: z1 > 2, z2=1, z1 = z2

n This results in a conflict clause:

n Which represents cross-theory learning

(: e(z1 > 2) _ : e(z2 = 1) _ : e(z1 = z2))

x1 = x2; z1 = f (x1); z2 = f (x2)

z1 > 2;z2 = 1

Decision Procedures in First Order Logic

Documents

x1 x3

x1 x2

x2 x3

x1 x2 2x3

x3 1x1 x2

proof plit

proof constraint cp

set of proof steps