Deciding Equality with Uninterpreted Functions using Congruence Closure Constantinos Bartzis

The problem Determine the validity of formulas like f(a,b)=a  f(f(a, b), b)=a or, equivalently, satisfiability of f(a,b)=a  f(f(a, b), b)  a In 1954 Ackermann showed it is decidable. In 1976 Nelson and Oppen implemented an O(m 2 ) algorithm based on congruence closure computation.

The algorithm of Nelson and Oppen G. Nelson and D. Oppen, “Fast Decision Procedures Based on Congruence Closure”, JACM 1980

Quantifier Free Theory of Equality with Uninterpreted Function Symbols Also known as QFEUF The language consists of  Variables a, b, c, … (also called constants)  Uninterpreted function symbols f, g, …  Predicate “=“  Boolean connectives Example theorem a=b  f(a)=f(b)

Congruence Closure Let G=(V, E) be a directed graph with n labeled vertices and m edges For vertex v, let (v) denote its label and  (v) denote its outdegree Let v[i] denote the ith successor of v Let R be a relation on V Two vertices u and v are congruent under R, if (u)= (v),  (u)=  (v), and for all 1  i  (u), (u[i], v[i])  R.

Congruence Closure R is closed under congruences, if for all vertices u and v that are congruent under R, (u, v)  R. The congruence closure of R is the unique minimal extension R’ of R that is an equivalence relation and is closed under congruences.

Example f f ab v1v1 v2v2 v3v3 v4v4 Let R={(v 4, v 4 ), (v 2, v 3 )}. Then v 1 and v 2 are congruent under R. The equivalence relation associated with the partition {{v 1, v 2, v 3 }, {v 4 }} is closed under congruences. Note that the nodes represent the (sub)terms of the formula: f(a,b)=a  f(f(a, b), b)=a Deducing that v 1 is equivalent to v 3 is analogous to deducing f(f(a, b), b)=a from f(a,b)=a f

Example 2 f v1v1 f v2v2 f v3v3 f v4v4 f v5v5 a v6v6 Let R={(v 1, v 6 ), (v 3, v 6 )}. Then v 2 and v 5 are congruent under R. The congruence closure should also include (v 1, v 4 ). From transitivity, v 4 is equivalent to v 6 Now v 3 is congruent to v 5 All six vertices are equivalent in the congruence closure. We proved that f(f(f(a)))=a  f(f(f(f(f(a)=a  f(a)=a

Computing the Congruence Closure An equivalence relation is represented by its corresponding partition UNION(u, v) combines the equivalence classes of vertices u and v FIND(u) returns the unique name of the class of vertex u Given a relation R that is closed under congruences, the following procedure MERGE(u, v) constructs the congruence closure of R  {(u,v)}

Merge Procedure MERGE(u, v) 1. If FIND(u) = FIND(v) then return 2. Let P u and P v be the set of predecessors of all nodes in the class of u and v, respectively 3. Call UNION(u, v) 4. For each (x,y) s.t. x  P u and y  P v, if FIND(x)  FIND(y) but CONGRUENT(x, y)=TRUE, then MERGE(x,y) CONGRUENT(u, v) 1. If  (u)  (v) or (u)  (v), then return FALSE 2. For 1  i  (u), if FIND(u[i])  FIND(v[i]), then return FALSE 3. Return TRUE

Deciding QFEUF Suffices to check conjunctive formulas t 1 =u 1  …  t p =u p  r 1  s 1  …  r q  s q Algorithm: 1. Construct the corresponding graph G with a node n(x) for each (sub)term x in the formula 2. Let R be the identity relation on the nodes of G 3. For 1  i  p, call MERGE(n(t i ), n(u i )) 4. For 1  i  q, if n(r i ) is equivalent to n(s i ), then return UNSATISFIABLE 5. Return SATISFIABLE

A modern algorithm R. Nieuwenhuis and A. Olivas, “Fast Congruence Closure and Extensions”, 2006

Theory solvers for DPLL(T) Need to be incremental i.e., at each step receive one new constraint and determine satisfiability of the partial conjunction, doing only the necessary extra work.  Nelson and Oppen’s algorithm is incremental Need to provide explanations for unsatisfiability  Nieuwenhuis and Olivas address this issue

Initial transformations Curryfy  Use only one “apply” function symbol f  E.g. g(a) becomes f(g,a) and g(a, h(b), b) becomes f(f(f(g, a), f(h, b)), b)  Only linear growth in size Flatten  Replace subterms with new variables  E.g. f(f(f(g, a), f(h, b)), b) = b becomes {f(g,a)=c, f(h,b)=d, f(c,d)=e, f(e,b)=b}

Data structures 1. Pending: a list of input equations a=b or pairs of input equations (f(a 1,a 2 )=a, f(b 1,b 2 )=b) where a i and b i are already congruent 2. Representative table: array that stores the class representative of each variable 3. Class lists: store all members of each class 4. Use lists: Uselist(a) contains all f(b 1,b 2 )=b s.t. a is a representative of b 1 or b 2 5. Lookup table: Lookup(b,c) is some f(a 1,a 2 )=a s.t. b and c are representatives of a 1, and a 2

Procedure Merge

Procedure Propagate

Producing explanations Explain(e,e’): If a sequence U of unions of pairs (e 1,e 1 ’)…(e p,e p ’) has taken place, it returns a minimal subset E of U such that (e,e’) belongs to the equivalence relation genetared by E. Example: After this sequence of unions (1,8),(7,2),(3,13),(7,1),(6,7),(9,5),(9,3), (14,11),(10,4)(12,9),(4,11),(10,7) a call to Explain(1,4) returns the explanation {(7,1),(10,7),(10,4)} The returned set is unique

A new data structure We want Explain() to run O(k) time, were k is the size of the proof The graph whose edges are the pairs in the sequence of unions is a forest Explain(e,e’) consists of the edges in the path between e and e’ Easy to find if edges are directed towards the root At each Union(e, e’), where |tree(e)|<|tree(e’)|:  Reverse all edges on the path between e and its root  Add an edge e  e’

Example After this sequence of unions (1,8),(7,2),(3,13),(7,1),(6,7),(9,5),(9,3), (14,11),(10,4)(12,9),(4,11),(10,7) The proof forest could be The explanation of (1,4) consists of this path

The new algorithm (also reverse some edges)

Implementation of Explain f(g,h)=d, c=d, f(g,d)=a, e=c, e=b, b=h adcebh 1,32456 On an Explain(a,b) operation, the equations on the paths a  d and b  d are output From 1 and 3, we need to recursively call Explain(h, d) To maintain complexity, make sure no node is visited twice

Good explanations Shorter and older explanations are good because they lead to better backtracking Finding the shortest explanation is NP-hard, however we can still reduce the size of an explanation by removing redundancies Example: a 1 =b 1, a 1 =c 1, f(a 1,a 1 )=a, f(b 1,b 1 )=b, f(c 1,c 1 )=c Explain(a=c) will return all five equations but first and fourth are redundant abcb1b1 a1a1 c1c1

Minimizing explanations Post-process explanations to remove redundant steps. Theorem: A proof is redundant only if it contains three equations of the form f(a 1,a 2 )=a, f(b 1,b 2 )=b, f(c 1,c 2 )=c, where a i, b i and c i are equivalent. Presence of such equations is checked in O(k). Algorithm: While not all equations are marked as necessary, pick an unmarked one. Remove it, if the remaining explanation is correct. Otherwise mark it as necessary. Complextity O(k 2 logk)