Deciding a Combination of Theories - Decision Procedure - Changki pswlab Combination of Theories Daniel Kroening, Ofer Strichman Presented by Changki Hong

2 / 24 Decision procedures so far.. The decision procedures so far focus on one specific theory We know how to  Decide Equality logic with Uninterpreted Functions (EUF) :  (x 1 = x 2 ) Æ (f(x 2 ) = x 3 ) Æ …  Decide linear arithmetic :  3x 1 + 5x 2 ¸ 2x 3 Æ x 3 · x 5 How about a combined formula? A combination of linear arithmetic and EUF:  (x 2 ¸ x 1 ) Æ (x 1 - x 3 ¸ x 2 ) Æ f(f(x 1 ) - f(x 2 ))  f(x 3 ) A combination of bit-vectors and uninterpreted functions:  f(a[32], b[1]) = f(b[32], a[1]) Æ a[32] = b[32] Changki pswlab Combination of Theories

3 / 24 Combination of theories Approach 1 : Reduce all theories to a common logic if possible (e.g. Propositional logic) Theories that are in NP can be translated to SAT problem. Approach 2 : Combine decision procedures of the individual theories. Nelson-Oppen method Changki pswlab Combination of Theories

4 / 24 Contents Motivation Preliminaries The Nelson-Oppen Combination Procedure Proof of Correctness of the Nelson-Oppen Combination Procedure Conclusion Changki pswlab Combination of Theories

5 / 24 Preliminaries First order logic variables logical symbols : shared by all theories, such as the Boolean operators ( Ç, Æ, …), quantifiers ( 8, 9 ) and parentheses nonlogical symbols : function and predicates of the specific theory syntax First order theories Axioms and symbols characterizing the theory. The signature  of a theory T holds the set of functions and predicates of the theory. Changki pswlab Combination of Theories

6 / 24 Theory combination Definition 1. (theory combination) Given theories T 1 and T 2 with signatures  1 and  2, the combined theory T 1 © T 2  has signature  1 [  2 and  the axiom set T 1 [ T 2 Definition 2. (theory combination problem) Let Á be a  1 [  2 formula. The theory combination problem is to decide whether the following holds:  T 1 © T 2 ² Á Changki pswlab Combination of Theories

7 / 24 Restrictions The theory combination problem is undecidable for arbitrary theories T 1 and T 2 even though themselves are decidable. Under certain restrictions, it becomes decidable. There is a decision procedure for each of the theories T  … T n T  … T n are quantifier-free first-order theories. Disjoint signatures (other than equality):   Å   = ; Definition 3. (convex theory) A theory T is convex if for all conjunctions Á it holds following:  Á ! Ç i=1.. n x i = y i for some finite n > 1 ) Á ! x i = y i for some i 2 {1.. n }, where x i, y i are some T variables. Changki pswlab Combination of Theories

8 / 24 Example of convex theory Linear arithmetic over R is convex Á : x 1 · 1 Æ x 1 ¸ 1 ! x 1 = 1 implies a singleton Á : x 1 · 1 Æ x 1 > 1 implies empty Á : x 1 · 1 Æ x 1 ¸ 0 implies infinite disjunction of equality  In all three cases, it fits the definition of convexity Linear arithmetic over Z is not convex x 1 = 1 Æ x 2 = 2 Æ 1 · x 3 Æ x 3 · 2 ) (x 3 = x 1 Ç x 3 = x 2 ) holds, but neither  x 1 = 1 Æ x 2 = 2 Æ 1 · x 3 Æ x 3 · 2 ) x 3 = x 1 nor  x 1 = 1 Æ x 2 = 2 Æ 1 · x 3 Æ x 3 · 2 ) x 3 = x 2 holds. Changki pswlab Combination of Theories

9 / 24 Contents Motivation Preliminaries The Nelson-Oppen Combination Procedure Proof of Correctness of the Nelson-Oppen Combination Procedure Conclusion Changki pswlab Combination of Theories

10 / 24 The Nelson-Oppen combination procedure (1/3) Definition 4. (purification) Purification is a satisfiability preserving transformation of the formula, after which each atom is from specific theory. Given a formula Á, purification generates an equisatisfiable formula Á ’ as follows: 1.Let Á ’ := Á 2.For each ‘theory-mixed’ subexpression e in Á ’, a.replace e with a new auxiliary variable a e, and b.constrain Á ’ with a e = e Example Given the formula Á := x 1 · f(x 1 ), Purification results in  Á ’ := x 1 · a Æ a = f(x 1 ) Changki pswlab Combination of Theories mixed linear arithmetic and uninterpreted functions linear arithmetic EUF

11 / 24 The Nelson-Oppen combination procedure (2/3) After purification we are left with several sets of pure expressions F 1 … F n such that: F i belongs to a specific theory. Shared variables are allowed, i.e. it is possible that for some i, j, vars ( F i ) Å vars ( F j )  ;. Á is satisfiable $ F 1 Æ … Æ F n is satisfiable Changki pswlab Combination of Theories

12 / 24 The Nelson-Oppen combination procedure (3/3) Algorithm 1: Nelson-Oppen for convex theories Input : A convex formula Á that mixes convex theories, with restrictions output : “satisfiable” if Á is satisfiable, and “unsatisfiable” otherwise 1.Purify Á into F 1 Æ … Æ F n. 2.Apply the decision procedure for T i to F i. If 9 i. F i is unsatisfiable, return “unsatisfiable”. 3.Equality propagation : If 9 i, j. F i implies an equality not implied by F j, add it to F j and goto step 2. 4.Return “satisfiable”. Changki pswlab Combination of Theories

13 / 24 Example of N.O. (1/2) Consider the formula 1. Purification Changki pswlab Combination of Theories (f(x 1,0) ¸ x 3 ) Æ (f(x 2,0) · x 3 ) Æ (x 1 ¸ x 2 ) Æ (x 2 ¸ x 1 ) Æ (x 3 - f(x 1,0) ¸ 1) F 1 (Arithmetic over R ) a 1 ¸ x 3 a 2 · x 3 x 1 ¸ x 2 x 2 ¸ x 1 x 3 - a 1 ¸ 1 a 0 = 0 F 2 (EUF) a 1 = f(x 1, a 0 ) a 2 = f(x 2, a 0 )

14 / 24 Example of N.O. (2/2) 2. Apply the decision procedure for each theory - Neither F 1 nor F 2 is independently contradictory 3. Equality propagation Changki pswlab Combination of Theories F 1 (Arithmetic over R ) a 1 ¸ x 3 a 2 · x 3 x 1 ¸ x 2 x 2 ¸ x 1 x 3 - a 1 ¸ 1 a 0 = 0 F 2 (EUF) a 1 = f(x 1, a 0 ) a 2 = f(x 2, a 0 ) x 1 = x 2 a 1 = a 2 a 1 = x 3 unsatisfiable x 1 = x 2 a 1 = a 2

15 / 24 Combining nonconvex theories (1/2) It generates a problem when we directly apply algorithm 1 to nonconvex theories. Example After purification Changki pswlab Combination of Theories (1 · x) Æ (x · 2) Æ p(x) Æ : p(1) Æ : p(2) F 1 (Arithmetic over Z ) 1 · x x · 2 a 1 = 1 a 2 = 2 F 2 (EUF) p(x) : p(1) : p(2) Algorithm 1 returns “Satisfiable” However, the original formula is unsatisfiable in the combined theory.

16 / 24 Combining nonconvex theories (2/2) But: 1 · x Æ x · 2 imply the disjunction x = 1 Ç x = 2 Since the theory is non-convex, we cannot propagate either x =1 or x =2. We can only propagate the disjunction itself. Propagate the disjunction and perform case-splitting. Changki pswlab Combination of Theories Arithmetic over Z Uninterpreted predicates 1 · x x · 2 p ( x ) : p (1) Æ: p (2) x = 1 Ç x = 2 h¢i Æ x = 1 False h¢i Æ x = 2 False Split!

17 / 24 Revised N.O. combination procedure Algorithm 2: Revised Nelson-Oppen for convex theories Input : A formula Á that mixes theories, with restrictions output : “satisfiable” if Á is satisfiable, and “unsatisfiable” otherwise 1.Purify Á into Á ’ : F 1 Æ … Æ F n. 2.Apply the decision procedure for T i to F i. If 9 i. F i is unsatisfiable, return “unsatisfiable”. 3.Equality propagation : If 9 i, j. F i implies an equality not implied by F j, add it to F j and goto step 2. 4.If 9 i. F i ! ( x 1 = y 1 Ç … Ç x k = y k ) but 8 j F i 9 x j = y j, apply recursively to  ’ Æ x 1 = y 1, …,  ’ Æ x k = y k. If any of them is satisfiable, return ‘satisfiable’. Otherwise return ‘unsatisfiable’. 5.Return “satisfiable”. Changki pswlab Combination of Theories

18 / 24 Contents Motivation Preliminaries The Nelson-Oppen Combination Procedure Proof of Correctness of the Nelson-Oppen Combination Procedure Conclusion Changki pswlab Combination of Theories

19 / 24 Proof correctness of N.O. algorithm We now prove the correctness of N.O. algorithm for convex theories. Theorem: N.O. returns unsatisfiable if and only if its input formula  is unsatisfiable. We will prove this theorem for the case of combining two convex theories. Changki pswlab Combination of Theories

20 / 24 Proof ( , Soundness) N.O. returns ‘unsatisfiable’ !  is unsatisfiable. Assume  is satisfiable and let  be a satisfying assignment of . Let A = { a 1,…, a n } be the auxiliary variables added as a result of the purification step. We can extend ® to an assignment ® ’ that includes also the variables in A. (recall Æ i F i and  are equisatisfiable) For each equality eq added in step 3, 9 i. F i ! eq. Since  ’ ² F i then also  ’ ² eq. Hence for all j 2 {1,2},  ’ ² F j Æ eq. (recall equality propagation) Thus, N.O. does not return unsat in this case. In other words, if N.O. returns unsat, then  is unsat. Changki pswlab Combination of Theories

21 / 24 Proof ( , Completeness) Definition 5 : (residue) A residue of a formula , denoted Res(  ), is the strongest Equality Logic formula implied by . ex) Res( x = f ( a ) Æ y = f ( b )) is a = b ! x = y Lemma 1: if F 1 and F 2 are formulas with disjoint signatures, Res( F 1 Æ F 2 ) $ (Res( F 1 ) Æ Res( F 2 )). Changki pswlab Combination of Theories

22 / 24 Proof ( , Completeness)  is unsatisfiable ! N.O. returns ‘unsatisfiable’. Now suppose N.O. returns SAT although F 1 Æ F 2 is unsatisfiable. Res( F 1 Æ F 2 ) = false Hence, by Lemma 1, Res( F 1 ) Æ Res( F 2 ) = false On the other hand, if N.O. returns ‘Satisfiable’, we know that  F 1 and F 2 are separately satisfiable  F 1 and F 2 imply exactly the same equalities.  Thus, Res( F 1 ) and Res( F 2 ) are satisfiable and imply the same equalities. Hence, Res( F 1 ) Æ Res( F 2 ) is also satisfiable, i.e. Res( F 1 ) Æ Res( F 2 )  false (contradiction). Changki pswlab Combination of Theories

23 / 24 Contents Motivation Preliminaries The Nelson-Oppen Combination Procedure Proof of Correctness of the Nelson-Oppen Combination Procedure Conclusion Changki pswlab Combination of Theories

24 / 24 Conclusion The theory combination problem is undecidable. The Nelson-Oppen combination procedure solves the theory combination problem for theories that comply with several restrictions. Changki pswlab Combination of Theories