[PPT] - On Shostaks Combination of Decision Procedures H. Rue, N. Shankar, PowerPoint Presentation

SLIDE 1

On Shostak’s Combination of Decision Procedures

H. Rueß, N. Shankar, A. Tiwari
ruess,shankar,tiwari

✁

@csl.sri.com http://www.csl.sri.com/.

Computer Science Laboratory SRI International 333 Ravenswood Menlo Park, CA 94025

Shostak’s Combination (p.1 of 121)

SLIDE 2

The Combination Problem

Verification conditions typically are in combination of many theories.

✂

Theory of equality

✂

Arithmetic constraints

✂

Lists, Arrays, Bitvectors, ... Examples.

✂ ✄ ☎ ✆ ✝ ✞ ✟✡✠ ☛ ✄ ☞ ✆ ✌ ✍ ☛ ✝ ✎ ☎ ✍✏ ✆ ✟ ✝ ✎ ✄ ✑ ✏ ✂ ✟ ✝ ✎ ✑ ✏ ✎ ✑ ✆ ✝ ✑ ✒ ✟ ✄ ✏ ✑ ✆ ✄ ✎ ✑ ✒ ✄ ✑ ✆ ✝ ✞ ✓ ✔✖✕✗ ✂ ✟ ✟ ✄ ✏ ✎ ✟ ✝ ✏ ✏ ✆ ✟✡✘ ✏ ✒ ✝ ✄ ✒ ✝ ✄ ✘ ✒ ✘ ✙ ✚ ✞ ✓ ✔✖✕✗

Shostak’s Combination (p.2 of 121)

SLIDE 3

West-Coast Theorem Proving

Theorem provers which rely heavily on decision procedures for automating proofs. Historical.

✂

Stanford Pascal Verifier

✂

Boyer-Moore Theorem Prover

✂

Shostak’s Theorem Prover (STP)

Current. (Outline)

✂

Simplify, Java/ESC

✂

Stanford Temporal Prover (STeP)

✂

Stanford Validity Checker (SVC)

✂

PVS

Shostak’s Combination (p.3 of 121)

SLIDE 4

Backend Decision Procedures

✂

Decision procedures used as prover backend

✂

Logical context stored in a database

✂

Communication via ask/tell interface

✂

Decision procedure for equality in a combination of theories based on

✛

Nelson and Oppen’s [1979]

✛

Shostak’s [1984]

✂

These combination algorithms use variants of congruence closure algorithms

Shostak’s Combination (p.4 of 121)

SLIDE 5

Outline

✂

Abstract Congruence Closure

✂

Nelson-Oppen Combination (NO)

✛

Various Applications of NO

✛

Shostak Theories

✂

Shostak Combination

✂

Commented Bibliography

Shostak’s Combination (p.5 of 121)

SLIDE 6

Outline

✂

Abstract Congruence Closure

✂

Nelson-Oppen Combination (NO)

✛

Various Applications of NO

✛

Shostak Theories

✂

Shostak Combination

✂

Commented Bibliography

Shostak’s Combination (p.6 of 121)

SLIDE 7

Language: Signatures

A signature, , is a finite set of Function Symbols :

✜ ✆ ✢ ✒ ✣ ✒✤ ✤ ✤ ✥

Predicate Symbols :

✦ ✆ ✢ ✒ ✒ ✤ ✤ ✤ ✥

along with an arity function

✓✧ ★ ✩✫✪ ☞ ✬

. Function symbols with arity

✚

are called constants and denoted by

✠ ✒ ✭ ✒ ✤ ✤ ✤

, with possible subscripts. A countable set

f variables is assumed disjoint of

.

Shostak’s Combination (p.7 of 121)

SLIDE 8

Language: Terms

The set

✟ ✒ ✏

f terms is the smallest set s.t.

✂ ✮ ✟ ✒ ✏

, and

✂ ✟✰✯✲✱ ✒ ✤ ✤ ✤ ✒ ✯✴✳ ✏ ✵ ✟ ✒ ✏

whenever

✯✲✱ ✒ ✤ ✤ ✤ ✒ ✯✴✳ ✵ ✟ ✒ ✏

and

✓ ✧ ★ ✩✫✪ ✟ ✏ ✆ ✶

. The set of ground terms is defined as

✟ ✒ ✷ ✏

.

Shostak’s Combination (p.8 of 121)

SLIDE 9

Language: Atomic Formulas

An atomic formula is an expression of the form

✟✰✯✡✱ ✒ ✤ ✤ ✤ ✒ ✯✸✳ ✏

where is a predicate in s.t.

✓ ✧ ★ ✩✫✪ ✟ ✏ ✆ ✶

and

✯✡✱ ✒✤ ✤ ✤ ✒ ✯ ✳ ✵ ✟ ✒ ✏

. If

✯ ✱ ✒ ✤ ✤ ✤ ✒ ✯✴✳

are ground terms, then

✟ ✯ ✱ ✒ ✤ ✤ ✤ ✒ ✯✴✳ ✏

is called a ground (atomic) formula. Mostly, we assume a special binary predicate

✆

to be present in .

Shostak’s Combination (p.9 of 121)

SLIDE 10

Language: Logical Symbols

The set of quantifier-free formula (over ),

✟ ✒ ✏

, is the smallest set s.t.

✂

Every atomic formula is in

✟ ✒ ✏

,

✂

If

✵ ✟ ✒ ✏

, then

✹ ✵ ✟ ✒ ✏

,

✂

If

✱ ✒ ✺ ✵ ✟ ✒ ✏

, then

✱ ✻ ✺ ✵ ✟ ✒ ✏ ✱ ✼ ✺ ✵ ✟ ✒ ✏ ✱ ✺ ✵ ✟ ✒ ✏ ✱ ✺ ✵ ✟ ✒ ✏ ✤

An atomic formula or its negation is a literal.

Shostak’s Combination (p.10 of 121)

SLIDE 11

Language: Sentence, Theory

The closure of

✟ ✒ ✏

under existential (

✽

) and universal (

✾

) quantification defines the set of (first-order) formulas. A sentence is a FO formula with no free variables. A (first-order) theory (over a signature ) is a set of (deductively closed) set of sentences (over and ). A theory is consistent if

✓ ✔✖✕✗ ✵

. Due to completeness of first-order logic, we can identify a a FO theory with the class of all models of .

Shostak’s Combination (p.11 of 121)

SLIDE 12

Semantic Characterization

A model is defined by a

✂

Domain : set of elements

✂

Interpretation

✿❀☞ ✳ ✬

for each

✵ ✜

with

✓ ✧ ★ ✩ ✪ ✟ ✏ ✆ ✶ ✂

Interpretation

✿ ✳

for each

✵ ✦

with

✓ ✧ ★ ✩ ✪ ✟ ✏ ✆ ✶ ✂

Assignment

✄ ✿ ✵

for each variable

✄ ✵

A formula is true in a model if it evaluates to true under the given interpretations over the domain . If all sentences in a are true in a model , then is a model for the theory .

Shostak’s Combination (p.12 of 121)

SLIDE 13

Satisfiability and Validity

A formula

✟ ❁ ✄ ✏

is satisfiable in a theory if there is a model of

❂ ✢ ✽ ❁ ✄ ✤ ✟ ❁ ✄ ✏ ✥

, i.e., there exists a model for in which evaluates to true, denoted by,

❃ ✆ ❄

This is also called

satisfiability.

A formula

✟ ❁ ✄ ✏

is valid in a theory if

✾ ❁ ✄ ✤ ✟ ❁ ✄ ✏ ✵

, i.e., evaluates to true in every model

f

.

validity is

denoted by

❃ ✆ ❄

. is

unsatisfiable if it is not the case that

❃ ✆ ❄

.

Shostak’s Combination (p.13 of 121)

SLIDE 14

Getting Started

Checking validity of

❅

in a theory

❅

:

❆ ❅

satisfiability of

✹ ❅ ❆ ❅

satisfiability of

❁ ❁ ✄ ✤ ✱

(PNF)

❆ ✱

satisfiability of

✾ ❁ ✄ ✤ ✱

(Skolemize)

❆ ✱

satisfiability of

❇

(Instantiate)

❆ ✱

satisfiability of

❈ ❈

(DNF)

❆ ✱

satisfiability of

❈ ❈

: conjunction of literals

✱

:

❅ ❂

Theory of equality over UIFs

Shostak’s Combination (p.14 of 121)

SLIDE 15

Pure Theory of Equality

=

✜

(uninterpreted) = Deductive closure of axioms of equality Theorem 1 Satisfiability of (quantifier-free) conjunction

f literals is decidable in

✟ ✶ ❉❋❊

✟

✶ ✏ ✏

time.

Shostak’s Combination (p.15 of 121)

SLIDE 16

Pure Theory of Equality

=

✜

(uninterpreted) = Deductive closure of axioms of equality Theorem 1 Satisfiability of (quantifier-free) conjunction

f literals is decidable in

✟ ✶ ❉❋❊

✟

✶ ✏ ✏

time.
Example. Let

✆ ✢ ❍ ✱ ■ ✒ ✣ ❍ ✺ ■ ✒ ✠ ❍ ❅ ■ ✒ ✭ ❍ ❅ ■ ✥

. Consider

✠ ✆ ✣ ✠ ✭ ✻ ✠ ✆ ✣ ✠ ✭ ✻ ✠ ✆ ✠ ✤

Shostak’s Combination (p.15 of 121)

SLIDE 17

Illustration:

rules and
rules

✣ ✠ ✭

rules represent the term DAG:

✠ ❏ ✱ ❏ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ❏ ❇ ❏▲❑ ✭ ❏✰▼ ✣ ❏ ✱ ❏✰▼ ❏✰◆ ❏ ◆ ❏▲❖

Equations are represented as:

✠ ✆ ✣ ✠ ✭ ✻ ✠ ✆ ✣ ✠ ✭ ❏ ✱ ✆ ❏P◆ ✻ ❏▲❑ ✆ ❏▲❖

Shostak’s Combination (p.16 of 121)

SLIDE 18

Illustration:

rules and
rules

❏◗❑ ❏ ❇ ❏▲❖ ❏ ✺ ✣ ❏✰◆ ❏ ✱ ✠ ✭ ❏ ▼

rules represent the term DAG:

✠ ❏ ✱ ❏ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ❏ ❇ ❏▲❑ ✭ ❏✰▼ ✣ ❏ ✱ ❏✰▼ ❏✰◆ ❏ ◆ ❏▲❖

rules represent an

equivalence relation on vertices:

❏ ✱ ✆ ❏P◆ ❏▲❑ ✆ ❏▲❖

Shostak’s Combination (p.16 of 121)

SLIDE 19

Illustration:

rules and
rules

❏◗❑ ❏ ❇ ❏▲❖ ❏ ✺ ✣ ❏✰◆ ❏ ✱ ✠ ✭ ❏ ▼

rules represent the term DAG:

✠ ❏ ✱ ❏ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ❏ ❇ ❏▲❑ ✭ ❏✰▼ ✣ ❏ ✱ ❏✰▼ ❏✰◆ ❏ ◆ ❏▲❖

rules represent an

equivalence relation on vertices:

❏ ✱ ✆ ❏P◆ ❏▲❑ ✆ ❏▲❖

Shostak’s Combination (p.16 of 121)

SLIDE 20

Illustration:

rules and
rules

❏◗❑ ❏ ❇ ❏▲❖ ❏ ✺ ✣ ❏✰◆ ❏ ✱ ✠ ✭ ❏ ▼

rules represent the term DAG:

✠ ❏ ✱ ❏ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ❏ ❇ ❏▲❑ ✭ ❏✰▼ ✣ ❏ ✱ ❏✰▼ ❏✰◆ ❏ ◆ ❏▲❖

rules represent an

equivalence relation on vertices:

❏ ✱ ✆ ❏P◆ ❏▲❑ ✆ ❏▲❖

Thus,

✠ ✆ ✠

, i.e.,

❏◗❑ ✆ ❏ ✺

is a contradiction.

Shostak’s Combination (p.16 of 121)

SLIDE 21

Abstract Congruence Closure

Formalizing the procedure: : set of new constants, denoted by

❏ ✒ ❘

: Subset of used until now

❙

:

rdering on

✒

: Finite sets of ground equations over

❂ ✟ ✒ ✒ ✏

: State of derivation

✟ ✷ ✒ ❅ ✒ ✷ ✏

: Initial state Extension:

✟ ✒ ❂ ✢✡❚ ☛ ✟ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏❱❯ ✏ ✍ ✆ ❲ ✥ ✒ ✏ ✟ ❂ ✢ ❏ ✥ ✒ ❂ ✢✡❚ ☛ ❏ ✍ ✆ ❲ ✥ ✒ ❂ ✢ ✟ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏ ❯ ✏ ❏

if

✵

,

❏ ✵ ✎

, and

❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏❱❯ ✵

.

Shostak’s Combination (p.17 of 121)

SLIDE 22

Other Inference Rules

Simplification:

✟ ✒ ❂ ✢✡❚ ☛ ✯ ✍ ✆ ❲ ✥ ✒ ❂ ✢ ✯ ❏ ✥ ✏ ✟ ✒ ❂ ✢ ❚ ☛ ❏ ✍ ✆ ❲ ✥ ✒ ❂ ✢ ✯ ❏ ✥ ✏

Orientation:

✟ ✒ ❂ ✢ ❏ ✆ ❘ ✥ ✒ ✏ ✟ ✒ ✒ ❂ ✢ ❏ ❘ ✥ ✏

if

❏ ❙ ❘

Deletion:

✟ ✒ ❂ ✢ ✯ ✆ ✯ ✥ ✒ ✏ ✟ ✒ ✒ ✏

Shostak’s Combination (p.18 of 121)

SLIDE 23

Other Inference Rules

Deduction:

✟ ✒ ✒ ❂ ✢ ✯ ❏ ✒ ✯ ❘ ✥ ✏ ✟ ✒ ✒ ❂ ✢ ❏ ❘ ✒ ✯ ❘ ✥ ✏

if

❏ ❙ ❘

Collapse:

✟ ✒ ✒ ❂ ✢✡❚ ☛ ❏ ✍ ❘ ✒ ❏ ❏ ❳ ✥ ✏ ✟ ✒ ✒ ❂ ✢✡❚ ☛ ❏ ❳ ✍ ❘ ✒ ❏ ❏ ❳ ✥ ✏

if

❚ ☛ ❏ ✍ ❆ ❏

Composition:

✟ ✒ ✒ ❂ ✢ ✯ ❏ ✒ ❏ ❘ ✥ ✏ ✟ ✒ ✒ ❂ ✢ ✯ ❘ ✒ ❏ ❘ ✥ ✏

Shostak’s Combination (p.19 of 121)

SLIDE 24

Definition

A ground rewrite system

✆ ❂

is an (abstract) congruence closure (over and

✮

) for if

Shostak’s Combination (p.20 of 121)

SLIDE 25

Definition

A ground rewrite system

✆ ❂

is an (abstract) congruence closure (over and

✮

) for if

1. For every constant

❏ ✵

, there exists a term

✯ ✵ ✟ ✏

s.t.

✯ ❨❬❩ ❏

,

Shostak’s Combination (p.20 of 121)

SLIDE 26

Definition

A ground rewrite system

✆ ❂

is an (abstract) congruence closure (over and

✮

) for if

1. For every constant

❏ ✵

, there exists a term

✯ ✵ ✟ ✏

s.t.

✯ ❨❬❩ ❏

, 2. is a terminating and confluent rewrite system, there is no infinite rewrite sequence using , and whenever

❚ ❨❭❩ ✯

, it is also the case that

❚ ✯ ❪

* * *

Shostak’s Combination (p.20 of 121)

SLIDE 27

Definition

A ground rewrite system

✆ ❂

is an (abstract) congruence closure (over and

✮

) for if

1. For every constant

❏ ✵

, there exists a term

✯ ✵ ✟ ✏

s.t.

✯ ❨❬❩ ❏

, 2. is a terminating and confluent rewrite system, 3. and induce the same equational theory over , i.e., for all terms

❚ ✒ ✯ ✵ ✟ ✏

, we have:

❚ ❨ ❫ ✯

if and only if

❚ ❨ ❩ ✯ ✤

Shostak’s Combination (p.20 of 121)

SLIDE 28

Example: Abstract Closure

Let

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✤

Then,

✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭

Shostak’s Combination (p.21 of 121)

SLIDE 29

Example: Abstract Closure

Let

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✤

Then,

✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏◗❑ ✒ ✭ ❏✰▼ ✒ ✣ ❏ ✱ ❏ ▼ ❏ ◆ ✒ ❏✰◆ ❏◗❖ ✒ ❏ ✱ ❏✰◆ ✒ ❏◗❑ ❏◗❖

Inference Rule Used: Extension, Simplification, Orientation

Shostak’s Combination (p.21 of 121)

SLIDE 30

Example: Abstract Closure

Let

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✤

Then,

✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏◗❑ ✒ ✭ ❏✰▼ ✒ ✣ ❏ ✱ ❏ ▼ ❏ ◆ ✒ ❏✰◆ ❏◗❖ ✒ ❏ ✱ ❏✰◆ ✒ ❏◗❑ ❏◗❖ ❏ ◆ ❏ ✺

Inference Rule Used: Collapse

Shostak’s Combination (p.21 of 121)

SLIDE 31

Example: Abstract Closure

Let

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✤

Then,

✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏◗❑ ✒ ✭ ❏✰▼ ✒ ✣ ❏ ✱ ❏ ▼ ❏ ◆ ✒ ❏✰◆ ❏◗❖ ✒ ❏ ✱ ❏✰◆ ✒ ❏◗❑ ❏◗❖ ❏ ◆ ❏ ✺ ❏ ✺ ❏▲❖

Inference Rule Used: Deduction

Shostak’s Combination (p.21 of 121)

SLIDE 32

Example: Abstract Closure

Let

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✤

Then,

✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏◗❑ ✒ ✭ ❏✰▼ ✒ ✣ ❏ ✱ ❏ ▼ ❏ ◆ ✒ ❏✰◆ ❏◗❖ ✒ ❏ ✱ ❏✰◆ ✒ ❏◗❑ ❏◗❖ ❏ ◆ ❏ ✺ ❏ ✺ ❏▲❖

The final abstract congruence closure

Shostak’s Combination (p.21 of 121)

SLIDE 33

Correctness: Statement

If is a finite set of equations of size

✶

, then

1. Any derivation starting from

✟ ✷ ✒ ❅ ✒ ✷ ✏

reaches a saturated state

✟ ❴ ✒ ✷ ✒ ❴ ✏

in a finite number

✟ ✶ ✏

f

steps.

2. The set

❴

is an abstract congruence closure for

❅

. 3.

❃ ❴ ❃ ✆ ✟ ✶ ✏

and if

❏ ✱ ❙ ❏ ✺ ❙❛❵ ❵ ❵ ❙ ❏❝❜

is the longest chain induced by

❙

ver

❴

, then

✟ ✶ ✏ ✆ ✟ ✶ ❞ ✏

.

4. Using a standard trick,

❞

can be bounded by

✟ ❉❋❊

✟

✶ ✏ ✏

.

5. For special cases,

❞ ✆ ✟ ✑ ✏

.

Size of

❡

is the length of string representing

❡ ❢

is required to successfully orient all generated equations

Shostak’s Combination (p.22 of 121)

SLIDE 34

Correctness: Soundness/Completeness

✂

Extension: If

✟ ❂ ✢ ❏ ✥ ✒ ❳ ✒ ❳ ✏

is obtained from

✟ ✒ ✒ ✏

using Extension, then

✾ ❚ ✒ ✯ ✵ ✟ ❂ ✏ ✤ ❚ ❨❣❫✐❤ ❩ ✯

iff

❚ ❨❣❫ ❥ ❤ ❩ ❥ ✯ ✤ ✂

All other rules are standard Knuth-Bendix completion rules.

✂

Equations in can always be removed by extension,

rientation, or deletion.

✂

Every rewrite rule in is decreasing in a suitable reduction ordering.

✂

By correctness of completion,

❴

is convergent.

Shostak’s Combination (p.23 of 121)

SLIDE 35

Correctness Proof: Complexity

✂

Number of

symbols in

never increases and Extension always decreases it.

❦ ❃ ❴ ❃ ✶

.

✂ ❃ ❂ ❃

is increased by Extension alone.

❦

after all Extension steps,

❃ ❂ ❃ ✆ ✟ ✶ ✏

.

❦ ❃ ❴ ❃ ✆ ✟ ✶ ✏

.

✂

Consider a rewrite rule in .

✟ ❏ ✱ ✒✤ ✤ ✤ ✒ ❏❱❯ ✏ ❏

Superposition, Collapse, Composition inference rules simplify one of

❏ ✱ ✒ ❏ ✺ ✒ ✤ ✤ ✤ ✒ ❏❱❯ ✒ ❏

, or rewrite the LHS.

Shostak’s Combination (p.24 of 121)

SLIDE 36

Correctness Proof: Complexity

✂

Number of

symbols in

never increases and Extension always decreases it.

❦ ❃ ❴ ❃ ✶

.

✂ ❃ ❂ ❃

is increased by Extension alone.

❦

after all Extension steps,

❃ ❂ ❃ ✆ ✟ ✶ ✏

.

❦ ❃ ❴ ❃ ✆ ✟ ✶ ✏

.

✂

Consider a rewrite rule in .

✟ ❏ ✱ ✒✤ ✤ ✤ ✒ ❏❱❯ ✏ ❏

If

❧

inferences are applied at each position, then

❏ ✱ ❙ ❏ ✺ ❙ ❏ ❇ ❙ ✤ ✤ ✤ ❙ ❏♥♠ ♦ ✱ ❦ ❧ ♣ ❞

Shostak’s Combination (p.24 of 121)

SLIDE 37

Correctness Proof: Complexity

✂

Number of

symbols in

never increases and Extension always decreases it.

❦ ❃ ❴ ❃ ✶

.

✂ ❃ ❂ ❃

is increased by Extension alone.

❦

after all Extension steps,

❃ ❂ ❃ ✆ ✟ ✶ ✏

.

❦ ❃ ❴ ❃ ✆ ✟ ✶ ✏

.

✂

Consider a rewrite rule in .

✟ ❏ ✱ ✒✤ ✤ ✤ ✒ ❏❱❯ ✏ ❏

This rule contributes at most

✟ q ☎ ✏ ❞

inferences.

Shostak’s Combination (p.24 of 121)

SLIDE 38

Correctness Proof: Complexity

✂

Number of

symbols in

never increases and Extension always decreases it.

❦ ❃ ❴ ❃ ✶

.

✂ ❃ ❂ ❃

is increased by Extension alone.

❦

after all Extension steps,

❃ ❂ ❃ ✆ ✟ ✶ ✏

.

❦ ❃ ❴ ❃ ✆ ✟ ✶ ✏

.

✂

The set

❃ ❃

can contribute at most

✶ ❞

Superposition, Collapse, and Composition inferences.

Shostak’s Combination (p.24 of 121)

SLIDE 39

Correctness Proof: Complexity

✂

Number of

symbols in

never increases and Extension always decreases it.

❦ ❃ ❴ ❃ ✶

.

✂ ❃ ❂ ❃

is increased by Extension alone.

❦

after all Extension steps,

❃ ❂ ❃ ✆ ✟ ✶ ✏

.

❦ ❃ ❴ ❃ ✆ ✟ ✶ ✏

.

✂

The set

❃ ❃

can contribute at most

✶ ❞

Superposition, Collapse, and Composition inferences.

✂

Number of Extension, Simplification, Orientation, and Deletion steps is

✟ ✶ ✏

.

❦

derivation length =

✟ ✶ ❞ ✏ ✆ ✟ ✶ ✺ ✏

.

Shostak’s Combination (p.24 of 121)

SLIDE 40

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 41

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 42

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏ ✺ ✆ ❏ ❇

,

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 43

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏ ✺ ✆ ❏ ❇

,

❏P▼ ✆ ❏P◆

,

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 44

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏ ✺ ✆ ❏ ❇

,

❏P▼ ✆ ❏P◆

,

❏ ❖ ✆ ❏Pr

,

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 45

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏ ✺ ✆ ❏ ❇

,

❏P▼ ✆ ❏P◆

,

❏ ❖ ✆ ❏Pr

,

❏P◆ ✆ ❏▲❖

,

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Shostak’s Combination (p.25 of 121)

SLIDE 46

Efficient Variants

Choosing

❙

at run-time so that

❞

is small:

✂

Consider the set

✆ ✢ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏✰r ✥

f eight constants.

✂

Say we generate equations, which need to be oriented, in the following order:

❏ ✱ ✆ ❏ ✺

,

❏ ✺ ✆ ❏ ❇

,

❏P▼ ✆ ❏P◆

,

❏ ❖ ✆ ❏Pr

,

❏P◆ ✆ ❏▲❖

,

❏ ✺ ✆ ❏ ◆

.

❏P◆ ❏ ✺ ❏◗❖ ❏ ✱ ❏ ❇ ❏◗❑ ❏✰▼ ❏✰r

Therefore,

❞ ✆ ✟ ❉❋❊

✟

✶ ✏ ✏

.

Shostak’s Combination (p.25 of 121)

SLIDE 47

Specialized Algorithms

✂

Shostak’s dynamic congruence closure:

s t ✉✈ ✆ ☛ ✟ s✇ ❨ ❵ ① ② ❨ ✏ ❨ ❵ ✟ ③ ④ ❂ ⑤ ✇ ✏ ❵ ✟ ✉ ④ ❵ ③ ⑥ ❨ ✏ ❨ ✍ ❨ ✂

Downey-Sethi-Tarjan’s Algorithm: uses the

✟ ✶ ❉ ❊

✟

✶ ✏ ✏

trick with

s ✆ ☛ ✟ ✉ ④ ❵ ✟ ③ ⑥ ❂ ✢⑧⑦ ✥ ✏ ✏ ❨⑨❵ ✟ s✇ ❨ ❵ ✟ ③ ④ ❂ ⑤ ✇ ✏ ✏ ❨ ✍ ❨ ✂

Nelson and Oppen’s Algorithm:

✆ ☛ ✟ s✇ ❨ ❵ ✟ ⑤ ✇ ❂ ③ ④ ✏ ❵ ③ ⑥ ❨ ✍ ❨

where NODed rule corresponds to superposition modulo .

Shostak’s Combination (p.26 of 121)

SLIDE 48

Example: Shostak’s CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭

Shostak’s Combination (p.27 of 121)

SLIDE 49

Example: Shostak’s CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✭ ❏P▼ ✒ ✣ ❏ ✱ ❏P▼ ❏ ✱

Shostak’s Combination (p.27 of 121)

SLIDE 50

Example: Shostak’s CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✭ ❏P▼ ✒ ✣ ❏ ✱ ❏P▼ ❏ ✱ ❏ ✱ ✆ ❏ ✱

Shostak’s Combination (p.27 of 121)

SLIDE 51

Example: Shostak’s CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✭ ❏P▼ ✒ ✣ ❏ ✱ ❏P▼ ❏ ✱ ❏ ✱ ✆ ❏ ✱ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏ ✺

Shostak’s Combination (p.27 of 121)

SLIDE 52

Example: Shostak’s CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✭ ❏P▼ ✒ ✣ ❏ ✱ ❏P▼ ❏ ✱ ❏ ✱ ✆ ❏ ✱ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏ ✺

Final congruence closure

✢ ✠ ❏ ✱ ✒ ✭ ❏P▼ ✒ ✣ ❏ ✱ ❏P▼ ❏ ✱ ✒ ❏ ✱ ❏ ✺ ✒ ❏ ✺ ❏ ❇ ✒ ❏ ❇ ❏ ✺ ✥

Shostak’s Combination (p.27 of 121)

SLIDE 53

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭

Shostak’s Combination (p.28 of 121)

SLIDE 54

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏P◆ ❏ ❖ ✒ ❏ ✱ ✆ ❏ ◆ ✒ ❏▲❑ ✆ ❏ ❖

Shostak’s Combination (p.28 of 121)

SLIDE 55

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏P◆ ❏ ❖ ✒ ❏ ✱ ✆ ❏P◆ ✒ ❏▲❑ ✆ ❏▲❖ ❏ ✱ ❏✰◆ ✒ ❏✰◆ ❏ ✺ ✒ ❏ ✺ ✆ ❏◗❖ ✒ ✣ ❏✰◆ ❏✰▼ ❏✰◆

Shostak’s Combination (p.28 of 121)

SLIDE 56

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏P◆ ❏ ❖ ✒ ❏ ✱ ✆ ❏P◆ ✒ ❏▲❑ ✆ ❏▲❖ ❏ ✱ ❏✰◆ ✒ ❏✰◆ ❏ ✺ ✒ ❏ ✺ ✆ ❏◗❖ ✒ ✣ ❏✰◆ ❏✰▼ ❏✰◆ ❏◗❑ ❏◗❖

Shostak’s Combination (p.28 of 121)

SLIDE 57

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏P◆ ❏ ❖ ✒ ❏ ✱ ✆ ❏P◆ ✒ ❏▲❑ ✆ ❏▲❖ ❏ ✱ ❏✰◆ ✒ ❏✰◆ ❏ ✺ ✒ ❏ ✺ ✆ ❏◗❖ ✒ ✣ ❏✰◆ ❏✰▼ ❏✰◆ ❏◗❑ ❏◗❖ ❏ ✺ ❏▲❖ ✒ ❏▲❖ ❏ ❇

Shostak’s Combination (p.28 of 121)

SLIDE 58

Example: DST CC

❅ ✆ ✢ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✥ ✠ ✆ ✣ ✠ ✭ ✒ ✠ ✆ ✣ ✠ ✭ ✠ ❏ ✱ ✒ ✤ ✤ ✤ ✒ ❏P◆ ❏ ❖ ✒ ❏ ✱ ✆ ❏P◆ ✒ ❏▲❑ ✆ ❏▲❖ ❏ ✱ ❏✰◆ ✒ ❏✰◆ ❏ ✺ ✒ ❏ ✺ ✆ ❏◗❖ ✒ ✣ ❏✰◆ ❏✰▼ ❏✰◆ ❏◗❑ ❏◗❖ ❏ ✺ ❏▲❖ ✒ ❏▲❖ ❏ ❇

Final congruence closure is:

✢ ✠ ❏ ✱ ✒ ❏◗❖ ❏ ❇ ✒ ❏ ❇ ❏◗❑ ✒ ✭ ❏ ▼ ✒ ❏✰◆ ❏✰▼ ❏✰◆ ✒ ❏✰◆ ❏▲❖ ✒ ❏ ✱ ❏P◆ ✒ ❏ ✺ ❏▲❖ ✒ ❏▲❑ ❏▲❖ ✥

Shostak’s Combination (p.28 of 121)

SLIDE 59

Outline

✂

Abstract Congruence Closure

✂

Nelson-Oppen Combination (NO)

✛

Various Applications of NO

✛

Shostak Theories

✂

Shostak Combination

✂

Commented Bibliography

Shostak’s Combination (p.29 of 121)

SLIDE 60

Combination of Theories

=

✱ ❂ ✺ ✱ ✒ ✺

: Theories over

✱

and

✺

= Deductive closure of

✱ ❂ ✺

Problem1. Is

consistent?

Problem2. Given satisfiability procedures for

(quantifier-free) conjunction of literals in

✱

and

✺

, how to decide satisfiability in ?

Problem3. What is the complexity of the combination

procedure?

Shostak’s Combination (p.30 of 121)

SLIDE 61

Stably-Infinite Theories

A theory is stably-infinite if every satisfiable QFF is satisfiable in an infinite model.

Example. Theories with only finite models are not stably
infinite. Thus, theory induced by the axiom

✾ ✄ ✒ ✝ ✒ ✘ ✤ ✟ ✄ ✆ ✝ ✼ ✝ ✆ ✘ ✼ ✘ ✆ ✄ ✏

is not stably-infinite.

Proposition. If

is an equational theory, then

❂ ✢ ✽ ✄ ✒ ✝ ✤ ✄ ✆ ✝ ✥

is stably-infinite.

Proof. If

is a model, then

⑩

is a model as well. Hence, by compactness, there is an infinite model.

Proposition. The union of two consistent, disjoint,

stably-infinite theories is consistent.

Proof. Later!

Shostak’s Combination (p.31 of 121)

SLIDE 62

Convexity

A theory is convex if whenever a conjunction of literals implies a disjunction of atomic formulas, it also implies

ne of the disjuncts.
Example. The theory of integers over a signature

containing

♣

is not convex. The formula

✑ ♣ ✄ ✻ ✄ ♣ ❶

implies

✄ ✆ ☎ ✼ ✄ ✆ ✌

, but it does not imply either

✄ ✆ ☎

r

✄ ✆ ✌

independently.

Example. The theory of rationals over the signature

✢ ✒ ♣ ✥

is convex.

Example. Equational theories are convex, but need not be

stably-infinite.

Shostak’s Combination (p.32 of 121)

SLIDE 63

Convexity: Observation

Proposition. A convex theory

with no trivial models is stably-infinite.

Proof. If not, then for some QFF

,

❂

has only finite

models. Thus,

implies a disjunction

✼ ❈ ❤ ❷ ✄ ❈ ✆ ✄ ❷

, without implying any disjunct.

Example. If

is an equational theory, then

❂ ✢ ✽ ✄ ✒ ✝ ✤ ✄ ✆ ✝ ✥

has no trivial models, and hence it is stably-infinite.

Shostak’s Combination (p.33 of 121)

SLIDE 64

Nelson-Oppen Combination Result

Theorem 1 Let

✱

and

✺

be consistent, stably-infinite theories over disjoint (countable) signatures. Assume satisfiability of (quantifier-free) conjunction of literals can be decided in

✟ ✱ ✟ ✶ ✏ ✏

and

✟ ✺ ✟ ✶ ✏ ✏

time respectively. Then,

1. The combined theory

is consistent and stably infinite.

2. Satisfiability of (quantifier-free) conjunction of literals

in can be decided in

✟ ☎ ✳ ❸❬❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time.

3. If

✱

and

✺

are convex, then so is and satisfiability in is in

✟ ✶ ❑ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time.

Proof. Later.

Shostak’s Combination (p.34 of 121)

SLIDE 65

Examples

Convexity is important for point (3) above.

✱ ✺ ✱ ❂ ✺

Signature

✜ ✢ ✒ ♣ ✥ ✢ ✒ ♣ ✥ ❂ ✜

Satisfiability

✟ ✶ ❉❋❊

✟

✶ ✏ ✏ ✟ ✶ ✺ ✏

NP-complete! Note that

✺

is not convex. We can allow a “add constant” operator in signature of

✺

. Atomic formulae are of the form

✄ ✎ ✝ ♣ ❏

, for some constant

❏

, and satisfiability can be tested by searching for negative cycles in a “difference graph”. For NP-completeness of the union theory, see [Pratt77].

Shostak’s Combination (p.35 of 121)

SLIDE 66

Nelson-Oppen Result: Correctness

Recall the theorem. The combination procedure: Initial State : is a conjunction of literals over

✱ ❂ ✺

. Purification : Preserving satisfiability, transform to

✱ ✻ ✺

, s.t.

❈

is over

❈

. Interaction : Guess a partition of

✟ ✱ ✏ ❺ ✟ ✺ ✏

into disjoint subsets. Express it as a conjunction of literals .

Example. The partition

✢ ✄ ✱ ✥ ✒ ✢ ✄ ✺ ✒ ✄ ❇ ✥

is represented as

✄ ✺ ✆ ✄ ❇ ✻ ✄ ✱ ✆ ✄ ✺ ✻ ✄ ✱ ✆ ✄ ❇

. Component Procedures : Use individual procedures to decide if

❈ ✻

is satisfiable. Return : If both answer yes, return yes. No, otherwise.

Shostak’s Combination (p.36 of 121)

SLIDE 67

Separating Concerns: Purification

Purification:

✻ ✟ ✤ ✤ ✤ ✒ ❚ ☛ ✯ ✍ ✒ ✤ ✤ ✤ ✏ ✻ ✟ ✤ ✤ ✤ ✒ ❚ ☛ ✄ ✍ ✒ ✤ ✤ ✤ ✏ ✻ ✯ ✆ ✄

if

❚ ☛ ✯ ✍

is not a variable.

Proposition. Purification is satisfiability preserving: if

❳

is obtained from by purification, then is satisfiable in the union theory iff

❳

is satisfiable in the union theory.

Proposition. Purification is terminating.
Proposition. Exhaustive application results in conjunction

where each conjunct is over exactly one signature.

Shostak’s Combination (p.37 of 121)

SLIDE 68

Purification: Illustration

✟ ✄ ✎ ✑ ❻ ❼ ❽ ❾ ❿➁➀ ✏ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄

Shostak’s Combination (p.38 of 121)

SLIDE 69

Purification: Illustration

✟ ✄ ✎ ✑ ❻ ❼ ❽ ❾ ❿➁➀ ✏ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✟ ❲ ✏ ❻ ❼ ❽ ❾ ❿ ❸ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✄ ✎ ✑ ✆ ❲ ✱

Shostak’s Combination (p.38 of 121)

SLIDE 70

Purification: Illustration

✟ ✄ ✎ ✑ ❻ ❼ ❽ ❾ ❿➁➀ ✏ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✟ ❲ ✏ ❻ ❼ ❽ ❾ ❿ ❸ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ❲ ✺ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ❻ ❼ ❽ ❾ ❿➃➂ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✄ ✎ ✑ ✆ ❲ ✱

,

✟ ❲ ✏ ✆ ❲ ✺

Shostak’s Combination (p.38 of 121)

SLIDE 71

Purification: Illustration

✟ ✄ ✎ ✑ ❻ ❼ ❽ ❾ ❿➁➀ ✏ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✟ ❲ ✏ ❻ ❼ ❽ ❾ ❿ ❸ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ❲ ✺ ✎ ✑ ✆ ✄ ✑ ✒ ✟ ✝ ✏ ❻ ❼ ❽ ❾ ❿➃➂ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ❲ ✺ ✎ ✑ ✆ ✄ ✑ ✒ ❲ ❇ ✑ ✆ ✝ ✎ ✑ ✒ ✝ ✑ ✆ ✄ ✄ ✎ ✑ ✆ ❲ ✱

,

✟ ❲ ✏ ✆ ❲ ✺

,

✟ ✝ ✏ ✆ ❲ ❇

Shostak’s Combination (p.38 of 121)

SLIDE 72

NO Procedure Soundness

Each step is satisfiability preserving. Say is satisfiable (in the combination).

Shostak’s Combination (p.39 of 121)

SLIDE 73

NO Procedure Soundness

Each step is satisfiability preserving. Say is satisfiable (in the combination).

1. Purification:

❦ ✱ ✻ ✺

is satisfiable.

Shostak’s Combination (p.39 of 121)

SLIDE 74

NO Procedure Soundness

Each step is satisfiability preserving. Say is satisfiable (in the combination).

1. Purification:

❦ ✱ ✻ ✺

is satisfiable.

2. Interaction:

❦

for some partition ,

✱ ✻ ✺ ✻

is satisfiable.

Shostak’s Combination (p.39 of 121)

SLIDE 75

NO Procedure Soundness

Each step is satisfiability preserving. Say is satisfiable (in the combination).

1. Purification:

❦ ✱ ✻ ✺

is satisfiable.

2. Interaction:

❦

for some partition ,

✱ ✻ ✺ ✻

is satisfiable.

3. Components Procedures:

❦

,

✱ ✻

and

✺ ✻

are both satisfiable in component theories. Therefore, if the procedure returns unsatisfiable, then the formula is indeed unsatisfiable.

Shostak’s Combination (p.39 of 121)

SLIDE 76

NO Procedure Correctness

Suppose the procedure returns satisfiable.

Shostak’s Combination (p.40 of 121)

SLIDE 77

NO Procedure Correctness

Suppose the procedure returns satisfiable.

✂

Let be the partition and and be models of

✱ ✻ ✱ ✻

and

✺ ✻ ✺ ✻

.

Shostak’s Combination (p.40 of 121)

SLIDE 78

NO Procedure Correctness

Suppose the procedure returns satisfiable.

✂

Let be the partition and and be models of

✱ ✻ ✱ ✻

and

✺ ✻ ✺ ✻

.

✂

Component theories are stably-infinite,

❦

assume models are infinite (of same cardinality).

✂

Let

➄

be a bijection between and s.t.

➄ ✟ ✄ ✿ ✏ ✆ ✄ ➅

for each shared variable

✄

. We can do this

➆

f

.

Shostak’s Combination (p.40 of 121)

SLIDE 79

NO Procedure Correctness

Suppose the procedure returns satisfiable.

✂

Let be the partition and and be models of

✱ ✻ ✱ ✻

and

✺ ✻ ✺ ✻

.

✂

Component theories are stably-infinite,

❦

assume models are infinite (of same cardinality).

✂

Let

➄

be a bijection between and s.t.

➄ ✟ ✄ ✿ ✏ ✆ ✄ ➅

for each shared variable

✄

. We can do this

➆

f

.

✂

Extend to by interpretations of symbols in

✱

:

➅ ✟ ✭ ✱ ✒✤ ✤ ✤ ✒ ✭ ♠ ✏ ✆ ➄ ✟ ✿ ✟ ➄ ♦ ✱ ✟ ✭ ✱ ✏ ✒✤ ✤ ✤ ✒ ➄ ♦ ✱ ✟ ✭ ♠ ✏ ✏ ✏

Such an extended is a model of

✱ ✻ ✺ ✻ ✱ ✻ ✺ ✻

Shostak’s Combination (p.40 of 121)

SLIDE 80

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 81

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 82

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 83

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 84

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 85

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 86

Model Construction Picture

Consider

❈

models

and

f

❈ ✻

:

✄ ✱ ✠ ✱ ✭ ✱ ✄ ✺ ✄ ✺ ✠ ✺ ✭ ✺ ✄ ✱ ✄ ❇ ✒ ✄ ❑ ✠ ❇ ✭ ❇ ✄ ❇ ✒ ✄ ❑ ✠ ❑ ✭ ❑ ✠ ▼ ✭ ▼

. . . . . .

Shostak’s Combination (p.41 of 121)

SLIDE 87

NO Procedure Complexity

Proposition. The non-deterministic procedure can be

determinised to give a

✟ ☎ ✳ ❸ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time

algorithm. Proof.

Shostak’s Combination (p.42 of 121)

SLIDE 88

NO Procedure Complexity

Proposition. The non-deterministic procedure can be

determinised to give a

✟ ☎ ✳ ❸ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time

algorithm. Proof.

1. Number of purification steps

♣ ✶

and size of resulting

✱ ✻ ✺

is

✟ ✶ ✏

.

Shostak’s Combination (p.42 of 121)

SLIDE 89

NO Procedure Complexity

Proposition. The non-deterministic procedure can be

determinised to give a

✟ ☎ ✳ ❸ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time

algorithm. Proof.

1. Number of purification steps

♣ ✶

and size of resulting

✱ ✻ ✺

is

✟ ✶ ✏

.

2. Number of partition of a set with

✶

variables:

✟ ✶ ✏ ♣ ☎ ✳ ❸

.

Shostak’s Combination (p.42 of 121)

SLIDE 90

NO Procedure Complexity

Proposition. The non-deterministic procedure can be

determinised to give a

✟ ☎ ✳ ❸ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time

algorithm. Proof.

1. Number of purification steps

♣ ✶

and size of resulting

✱ ✻ ✺

is

✟ ✶ ✏

.

2. Number of partition of a set with

✶

variables:

✟ ✶ ✏ ♣ ☎ ✳ ❸

.

3. For each

✟ ✶ ✏

choices, the component procedures take

✱ ✟ ✶ ✏

and

✺ ✟ ✶ ✏

time respectively.

Shostak’s Combination (p.42 of 121)

SLIDE 91

NO Deterministic Procedure

Instead of guessing, we can deduce the equalities to be

shared. The new combination procedure:

Purification : As before. Interaction : Deduce an equality

✄ ✆ ✝

:

✱ ✞ ✟ ✱ ✄ ✆ ✝ ✏

Update

✺ ☞ ✆ ✺ ✻ ✄ ✆ ✝

. And vice-versa. Repeat until no further changes to get

❈ ❴

. Component Procedures : Use individual procedures to decide if

❈ ❴

is satisfiable. Note,

❈ ✞ ✟ ❈ ✄ ✆ ✝ ✏

iff

✱ ✻ ✄ ✆ ✝

is not satisfiable in

❈

.

Shostak’s Combination (p.43 of 121)

SLIDE 92

Deterministic Version: Correctness

Each step is satisfiability preserving,

❦

soundness follows.

Shostak’s Combination (p.44 of 121)

SLIDE 93

Deterministic Version: Correctness

Each step is satisfiability preserving,

❦

soundness follows. Assume that the theories are convex.

✂

Let

❈ ❴

be satisfiable.

Shostak’s Combination (p.44 of 121)

SLIDE 94

Deterministic Version: Correctness

Each step is satisfiability preserving,

❦

soundness follows. Assume that the theories are convex.

✂

Let

❈ ❴

be satisfiable.

✂

If

✢ ✄ ✱ ✒ ✤ ✤ ✤ ✒ ✄ ❯ ✥

is the set of variables not yet identified,

❈ ✞ ❈ ❴ ✟ ✄ ❷ ✆ ✄ ♠ ✏ ✤

Shostak’s Combination (p.44 of 121)

SLIDE 95

Deterministic Version: Correctness

Each step is satisfiability preserving,

❦

soundness follows. Assume that the theories are convex.

✂

Let

❈ ❴

be satisfiable.

✂

If

✢ ✄ ✱ ✒ ✤ ✤ ✤ ✒ ✄ ❯ ✥

is the set of variables not yet identified,

❈ ✞ ❈ ❴ ✟ ✄ ❷ ✆ ✄ ♠ ✏ ✤ ✂

By convexity,

❈ ✞ ❈ ❴ ❷ ➇❋➈ ♠ ✟ ✄ ❷ ✆ ✄ ♠ ✏ ✤

Shostak’s Combination (p.44 of 121)

SLIDE 96

Deterministic Version: Correctness

Each step is satisfiability preserving,

❦

soundness follows. Assume that the theories are convex.

✂

Let

❈ ❴

be satisfiable.

✂

If

✢ ✄ ✱ ✒ ✤ ✤ ✤ ✒ ✄ ❯ ✥

is the set of variables not yet identified,

❈ ✞ ❈ ❴ ✟ ✄ ❷ ✆ ✄ ♠ ✏ ✤ ✂

By convexity,

❈ ✞ ❈ ❴ ❷ ➇❋➈ ♠ ✟ ✄ ❷ ✆ ✄ ♠ ✏ ✤ ✂ ❦ ❈ ❴ ✻ ❷ ➇❋➈ ♠ ✟ ✄ ❷ ✆ ✄ ♠ ✏

is satisfiable.

✂

The proof is now identical to the previous case.

Shostak’s Combination (p.44 of 121)

SLIDE 97

Deterministic Version: Complexity

For convex theories, the combination procedure runs in

✟ ✶ ❑ ❹ ✟ ✱ ✟ ✶ ✏ ✺ ✟ ✶ ✏ ✏ ✏

time:

1. Identifying if an equality

✄ ✆ ✝

is implied by

❈

takes

✟ ✶ ✺ ❹ ❈ ✟ ✶ ✏ ✏

time.

2. Since there are

✟ ✶ ✺ ✏

possible equalities between variables, fixpoint is reached in

✟ ✶ ✺ ✏

iterations. Modularity of convexity: Unsatisfiability is signaled when any one procedures signals unsatisfiable.

Shostak’s Combination (p.45 of 121)

SLIDE 98

NO: Equational Theory Version

1. Equational theories are always consistent.
2. If

❂ ✢ ✽ ✄ ✒ ✝ ✤ ✄ ✆ ✝ ✥

is consistent, then this theory is also stably-infinite.

3. Equational theories are convex. (If

✞ ✟ ➉ ✱ ✼ ➉ ✺ ✏

, then consider the initial algebra induced by

❂

ver

an extended signature.)

4. Often decision procedures based on standard

Knuth-Bendix completion can be used to deduce equalities.

5. Therefore, satisfiability procedures can be combined

with only a polynomial time overhead.

Shostak’s Combination (p.46 of 121)

SLIDE 99

Outline

✂

Abstract Congruence Closure

✂

Nelson-Oppen Combination (NO)

✛

Various Applications of NO

✛

Shostak Theories

✂

Shostak Combination

✂

Commented Bibliography

Shostak’s Combination (p.47 of 121)

SLIDE 100

Application: Theory of Equality

=

✜

(uninterpreted) = Deductive closure of axioms of equality

✂

is a stably-infinite equational theory.

✂

Congruence closure decides satisfiability of QFF in .

✂ ❦

congruence closure for disjoint

❈

can be combined in polynomial time.

✂

If congruence closure algorithm over a singleton

❈

is described using completion, we get an abstract congruence closure for the combination.

Shostak’s Combination (p.48 of 121)

SLIDE 101

Commutative Semigroup

=

✢ ✥

= Axioms of equality + AC axioms for .

✂

Treat as variable arity

✟ ✤ ✤ ✤ ✒ ✟ ✤ ✤ ✤ ✏ ✒✤ ✤ ✤ ✏ ✆ ✟ ✤ ✤ ✤ ✒ ✤ ✤ ✤ ✒ ✤ ✤ ✤ ✏ ✟ ✏ ✟ ✤ ✤ ✤ ✒ ✄ ✒ ✝ ✒ ✤ ✤ ✤ ✏ ✆ ✟ ✤ ✤ ✤ ✒ ✝ ✒ ✄ ✒✤ ✤ ✤ ✏ ✟ ✏ ✂

Flatten all equations and do completion modulo

✟ ❏ ✱ ✒ ❏ ✱ ✏ ❏ ✱ ✟ ❏ ✱ ✒ ❏ ✺ ✏ ✟ ❏ ✺ ✒ ❏ ✺ ✏ ✟ ❏ ✱ ✒ ❏ ✺ ✏ ✆ ✟ ❏ ✱ ✒ ❏ ✺ ✒ ❏ ✺ ✏

Shostak’s Combination (p.49 of 121)

SLIDE 102

Commutative Semigroup

✂

All rules are of the form

✟ ✤ ✤ ✤ ✏ ✟ ✤ ✤ ✤ ✏

.

✂

Collapse guarantees termination of completion via Dickson’s lemma.

✟ ❏ ✱ ✒ ❏ ✱ ✒ ❏ ✺ ✏ ❏ ✱ ✟ ❏ ✱ ✒ ❏ ✺ ✏ ❏ ✱ ✟ ❏ ✱ ✒ ❏ ✱ ✒ ❏ ✺ ✏ ✆ ❏ ✱ ✂

Using an appropriate ordering on multisets, we get a algorithm to construct convergent systems (and decide satisfiability of QFF).

Shostak’s Combination (p.50 of 121)

SLIDE 103

Example: Commutative Semigroup

If

❅ ✆ ✢ ❏ ✺ ✱ ❏ ✺ ✆ ❏ ❇ ✒ ❏ ✱ ❏ ✺ ✺ ✆ ❏ ✱ ❏ ✺ ✥

, we can use orientation, superposition (modulo ), collapse to get a convergent (modulo ) rewrite system

❏ ✺ ✱ ❏ ✺ ❏ ❇ ✒ ❏ ✱ ❏ ✺ ✺ ❏ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ✆ ❏ ✺ ✱ ❏ ✺ ❏ ✺ ✱ ❏ ✺ ❏ ✺ ❏ ❇ ❏ ❇ ✆ ❏ ✺ ❏ ❇ ❏ ✺ ❏ ❇ ❏ ❇ ❏ ✺ ✱ ❏ ❇ ❏ ✺ ❇

Shostak’s Combination (p.51 of 121)

SLIDE 104

Application: Ground AC-theories

=

✜ ❂ ➊ ➋

= Axioms of equality + AC axioms for each

✵ ➊ ➋

.

✂

Use Extension inference rule to purify equations

✂

Use abstract congruence closure on

✎ ➊ ➋ ✂

Use completion modulo

n each

✢ ✥

,

✵ ➊ ➋ ✂

Combine by sharing equations between constants Time Complexity:

✟ ✶ ✺ ❹ ✟ ➊ ➋ ✟ ✶ ✏ ✶ ❉ ❊

✟

✶ ✏ ✏ ✏

. Similarly,

symbols can be added.

Shostak’s Combination (p.52 of 121)

SLIDE 105

Gröbner Bases

=

✢ ✚ ✒ ✑ ✒ ✒ ❵ ✒ ✱ ✒ ✤ ✤ ✤ ✒ ✳ ✥ ❂

= Polynomial ring

☛ ✱ ✒✤ ✤ ✤ ✒ ✳ ✍

ver field

✂

Given a finite set of polynomial equations, new equations (between variables) can be deduced using Gröbner basis construction.

✂

Main inference rules is superposition. For e.g.,

❏ ✺ ✱ ❏ ✺ ✚ ❏ ✱ ❏ ✺ ✺ ✑ ❏ ✺ ❵ ✚ ✆ ❏ ✱ ❵ ✑

The equations are simplified and oriented s.t. the maximal monomial occurs on LHS, for e.g.,

❏ ✱ ✚

.

Shostak’s Combination (p.53 of 121)

SLIDE 106

Gröbner Bases: Contd

✂

Collapse simplifies LHS of rewrite rules.

❏ ✱ ✚ ❏ ✱ ❏ ✺ ✺ ✑ ✚ ❵ ❏ ✺ ✺ ✆ ✑

which simplifies to

✚ ✆ ✑

, a contradiction.

✂

Using suitable ordering on monomials and sums of monomials, a convergent rewrite system (modulo the polynomial ring axioms), called a Gröbner basis, can be constructed in finite steps.

✂

Termination is established using Dickson’s lemma as before.

Shostak’s Combination (p.54 of 121)

SLIDE 107

Application: Gröbner Bases Plus

➌ ➌ ➌

=

✜ ❂ ➊ ➋ ❂ ➊ ➋ ➍ ❂ ➎ ➏

= Union of the respective theories Use NO combination, with the following decision procedures to deduce equalities:

✂

Use abstract congruence closure on

✎ ➊ ➋ ✂

Use completion modulo

n each

✢ ✥

,

✵ ➊ ➋ ✂

Use completion modulo

n each

✢ ✥

,

✵ ➊ ➋ ➍ ✂

Use Gröbner basis algorithm on equations over

➎ ➏

Since each theory is convex and stably-infinite, we get a polynomial time combination over the individual theories.

Shostak’s Combination (p.55 of 121)

SLIDE 108

Summary

The Nelson-Oppen theorem combines satisfiability procedures for conjunctions of literals in disjoint and stably-infinite theories.

✂

This is equivalent to deciding the validity of clauses:

✞ ✾ ❁ ✄ ✤ ✟ ✱ ✺ ✏

where

✱ ➐ ✺

are AND/OR of atomic formulas.

✂

Using Purification, it is easy to see that we can restrict

✺

to contain atomic formulae over variables.

✂

By definition, if is convex and

✆

is the only predicate symbol, then validity above is equivalent to horn validity:

✞ ✾ ❁ ✄ ✤ ✟ ✱ ✄ ✱ ✆ ✄ ✺ ✏

. This motivates the definition of convexity.

Shostak’s Combination (p.56 of 121)

SLIDE 109

Summary

✂

Convexity allows optimization.

✛

Convexity is also necessary for completeness of deterministic version of the NO procedure.

✛

In the second part, additional assumptions grouped under the name Shostak theories, will allow for further optimized implementations of the deterministic NO procedure.

✂

Stably-infiniteness is required for completeness, i.e., if the component procedures return satisfiable, it allows construction of the fusion model.

Shostak’s Combination (p.57 of 121)

SLIDE 110

Special Case: Theory with UIFs

Theorem 1 Let

✱

be a theory over a signature . Let

✜

be a disjoint set of function symbols with pure theory

✺

f

equality over it. If satisfiability of (quantifier-free) conjunction of literals can be decided in

✟ ✱ ✟ ✶ ✏ ✏

time in

✱

, then,

1. The combined theory

is consistent.

2. Satisfiability of (quantifier-free) conjunction of literals

in can be decided in

✟ ☎ ✳ ❸❬❹ ✟ ✱ ✟ ✶ ✏ ✶ ❉❋❊

✟

✶ ✏ ✏ ✏

time.

3. If

✱

and

✺

are convex, then so is and satisfiability in is in

✟ ✶ ❑ ❹ ✟ ✱ ✟ ✶ ✏ ✶ ❉ ❊

✟

✶ ✏ ✏ ✏

time.

Shostak’s Combination (p.58 of 121)

SLIDE 111

Single Theory with UIFs

✂

We modify the deterministic and non-deterministic procedures as follows:

✛

purification is applied until all disequations over terms in

✺

are reduced to disequations between variables

✛

all variables introduced by purification are considered shared between the two theories

✛

rest is identical to the NO procedure

✂

Stably-infiniteness was required to get a bijection between the two models. Since there exist models of any cardinality, above a minimum which is communicated to

✱

, in

✺

, completeness holds.

Shostak’s Combination (p.59 of 121)

SLIDE 112

Combination for the Word Problem

The word problem concerns with validity of an atomic formula.

✂

NO result can be modified to give a modularity result for this case.

✂

NO result can not be used as such, because the generated satisfiability checks may not be equivalent to word problems.

✂

If

✱

and

✺

are non-trivial equational theories over disjoint signatures with decidable word problems, then the word problem for

✱ ❂ ✺

is decidable with a polynomial time overhead.

Shostak’s Combination (p.60 of 121)

SLIDE 113

Non-Disjoint Signatures

Word problem in the union may not be decidable : semigroup presentation with undecidable word problem

✱

: Theory induced by , with

❵

uninterpreted (decided by congruence closure).

✺

: Theory of semigroups (decided by flattening). Satisfiability in the union may not be decidable

✱

:

✢ ✟ ✄ ✒ ✟ ✝ ✒ ✘ ✏ ✏ ✆ ✣ ✟ ✄ ✒ ✝ ✒ ✘ ✏ ✥ ✺

:

✢ ✟ ✟ ✄ ✒ ✝ ✏ ✒ ✘ ✏ ✆ ✣ ✟ ✄ ✒ ✝ ✒ ✘ ✏ ✥

: Theory of semi-groups

Shostak’s Combination (p.61 of 121)

SLIDE 114

Non-Disjoint Signatures

✂

If is a model for theory

✱ ❂ ✺

, then

➑ ➀

and

➑ ❸

is a model for

✱

and

✺

respectively.

✂

Define fusion of models

✱

and

✺

s.t. converse hold as well.

✂

Define a bijection between

✱

and

✺

and give interpretations accordingly.

✂

Generalize “stably-infiniteness”: Identify conditions under which two models can be fused.

✂

Kinds of assumptions:

➑

➀ ➒ ➑ ❸ ✱

is identical to

➑ ➀ ➒ ➑ ❸ ✺

✱

❺ ✺

, or a subset thereof, generates both

✺

and

✺

Examples. Theories which admit constructors

Shostak’s Combination (p.62 of 121)

SLIDE 115

Outline

✂

Abstract Congruence Closure

✂

Nelson-Oppen Combination (NO)

✛

Various Applications of NO

✛

Shostak Theories

✂

Shostak Combination

✂

Commented Bibliography

Shostak’s Combination (p.63 of 121)

SLIDE 116

Shostak theories

✂

A canonizable and solvable theory is a Shostak theory

✂

A canonizer

➓

maps terms to normal form terms s.t. equal terms in the theory are mapped to same form.

✂

A solver

✕➔ ✔✖→ ✗

maps an equation to an equivalent substitution.

✂

e.g., linear arithmetic

✛

Canonizer returns ordered sum-of-monomials

✛

Rational solver isolates, say, largest variable through scaling and cancellation.

✛

Integral solver based on Euclid’s algorithm

✗ ➣↔ ✔ ★ ↕ ✟ ✌ ✄ ➙ ✝ ✆ ✑ ✏ ✆ ✢ ✄ ✆ ✎ ✌ ➙ ❧ ✒ ✝ ✆ ☎ ✎ ✌ ❧ ✥

where

❧

is fresh.

Shostak’s Combination (p.64 of 121)

SLIDE 117

Canonizable Theories

✂

A theory is said to be canonizable if there is a computable

➓ ✟ ✠ ✏

such that

✛ ❃ ✆ ❄ ✠ ✆ ✭

iff

➓ ✟✡✠ ✏ ❆ ➓ ✟ ✭ ✏ ✛ → ✓ ✧ ✕ ✟ ➓ ✟ ✠ ✏ ✏ → ✓ ✧ ✕ ✟✡✠ ✏ ✛ ➓ ✟ ✭ ✏ ❆ ✭

for every subterm

✭

f

➓ ✟✡✠ ✏ ✂

A term

✠

is said to be canonical if

➓ ✟ ✭ ✏ ❆ ✭ ✂

Canonizer for linear arithmetic

➓ ➛ ✟ ✝ ✄ ✄ ✏ ❆ ☎ ✄ ✝

Shostak’s Combination (p.65 of 121)

SLIDE 118

Equality Sets

✂

An equality set is of the form

✢ ✠ ✱ ✆ ✭ ✱ ✒ ✤ ✤ ✤ ✒ ✠ ✳ ✆ ✭ ✳ ✥ ✂

is functional if

✠ ✆ ✭ ✱ ✒ ✠ ✆ ✭ ✺ ✵

implies

✭ ✱ ❆ ✭ ✺

Lookup:

✟✡✠ ✏ ☞ ✆ ✭

:

✠ ✆ ✭ ✵ ✠

:

therwise

Apply:

☛ ✄ ✍ ☞ ✆ ✟ ✄ ✏ ☛ ✟✡✠ ✱ ✒✤ ✤ ✤ ✒ ✠ ✳ ✏ ✍ ☞ ✆ ✟ ✟ ☛ ✠ ✱ ✍ ✒✤ ✤ ✤ ✒ ☛ ✠ ✳ ✍✏ ✏ ✂

A solution set is a functional equality set of the form

✢ ✄ ✱ ✆ ✭ ✱ ✒✤ ✤ ✤ ✒ ✄ ✳ ✆ ✭ ✳ ✥

with

✄ ❈ ✵ → ✓ ✧ ✕ ✟ ✭ ❷ ✏

for

✑ ➜ ✒ ➝ ✶

Shostak’s Combination (p.66 of 121)

SLIDE 119

Preservation

✂

A variable assignment

➞ ❳

extends

➞

if

✛ ↕ ➔ ➟ ✟ ➞ ✏ ↕ ➔ ➟ ✟ ➞ ❳ ✏

and

✛ ➞ ✟ ✄ ✏ ✆ ➞ ❳ ✟ ✄ ✏

for all

✄ ✵ ↕ ➔ ➟ ✟ ➞ ✏ ✂

Let ,

❳

be sets of literals; then:

❳

preserves

if

✛ → ✓ ✧ ✕ ✟ ✏ → ✓ ✧ ✕ ✟ ❳ ✏ ✛

for all

interpretations

and assignments

➞

there is some

➞ ❳

extending

➞

such that

✒ ➞ ❃ ✆ ❄

iff

✒ ➞ ❳ ❃ ✆ ❄ ❳ ✂

In this case:

❃ ✆ ❄

iff

❃ ✆ ❄ ❳ ✂

This notion of preservation is sufficient for our purposes, since no new function symbols introduced.

Shostak’s Combination (p.67 of 121)

SLIDE 120

Solvable Theories

✂

A theory is called solvable if there is a computable procedure

✕➔ ✔✖→ ✗ ✟✡✠ ✆ ✭ ✏ ✛ ✕➔ ✔ → ✗ ✟✡✠ ✆ ✭ ✏ ✆

iff

✠ ✆ ✭

is

unsatisfiable

✛

Otherwise,

✕➔ ✔✖→ ✗ ✟✡✠ ✆ ✭ ✏ ✆ ➠

, where

➠

is a (functional) solution set such that

✛ ↕ ➔ ➟ ✟ ➠ ✏ → ✓ ✧ ✕ ✟ ✠ ✆ ✭ ✏ ✛ ➠

preserves

✠ ✆ ✭ ✂

Notice that fresh variables, that is, variables not in

→ ✓ ✧ ✕ ✟✡✠ ✆ ✭ ✏

might be introduced on right-hand sides.

Shostak’s Combination (p.68 of 121)

SLIDE 121

Theory of Lists

✂

Signature.

➡ ☞ ✆ ✢ ↔ ➔ ➢ ✕ ✟ ✤ ✒✤ ✏

,

↔ ✓ ✧ ✟ ✤ ✏

,

↔ ↕ ✧ ✟ ✤ ✏ ✥ ✂

Theory

f lists contains the initial models of:

↔ ✓ ✧ ✟ ↔ ➔ ➢ ✕ ✟✡✠ ✒ ✭ ✏ ✏ ✆ ✠ ↔ ↕ ✧ ✟ ↔ ➔ ➢ ✕ ✟✡✠ ✒ ✭ ✏ ✏ ✆ ✭ ↔ ➔ ➢ ✕ ✟ ↔ ✓ ✧ ✟✡✠ ✏ ✒ ↔ ↕ ✧ ✟✡✠ ✏ ✏ ✆ ✠ ✂

Canonizer.

➓ ➡ ✟✡✠ ✏

is the normal form of the terminating and confluent TRS above.

Shostak’s Combination (p.69 of 121)

SLIDE 122

List Solver

A configuration

✟ ✒ ➠ ✏

consists of an equality set and a solution set

➠

Decom

❍➥➤➦ ➧➨ ❍➥➩ ❤ ➫ ■ ➈ ➭ ➯ ❫ ❤ ➲ ■ ❍

➩

➈ ➤➳ ➵ ❍ ➭ ■ ❤ ➫ ➈ ➤ ➸ ➵ ❍ ➭ ■ ✁ ➯ ❫ ❤ ➲ ■

Solve

❍ ➤➳ ➵ ❍ ➩ ■ ➈ ➫ ➯ ❫ ❤ ➲ ■ ❍➥➩ ➈ ➤➦ ➧➨ ❍ ➫ ❤ ♠ ■ ➯ ❫✐❤ ➲ ■ ❍➥➤ ➸ ➵ ❍➥➩ ■ ➈ ➫ ➯ ❫ ❤ ➲ ■ ❍ ➩ ➈ ➤➦ ➧ ➨ ❍ ♠ ❤ ➫ ■ ➯ ❫ ❤ ➲ ■ ➺

fresh

VarElim

❍➥➻ ➈ ➩ ➯ ❫ ❤ ➲ ■ ❍➽➼ ➾ ❍ ❫ ➚ ➻ ➪ ➈ ➩ ➶ ■ ❤ ➲✫➹

➻

➈ ➩ ✁ ■ ➘ ➴➬➷➱➮ ✃❐❒ ❮Ï❰ Ð

Triv

❍ ➩ ➈ ➩ ➯ ❫ ❤ ➲ ■ ❍ ❫✐❤ ➲ ■

Bot

❍ ➩ ➈ ➫ ➯ ❫ ❤ ➲ ■ Ñ ❰ ÒÔÓ Õ

,

Õ ➷ Ö Ö ❰ × ×

where

➠ ❪ ➠ ❳Ø☞ ✆ ➠ ❳ ❂ ✢ ✄ ✆ ➓ ➡ ✟ ➠ ❳ ☛ ✭ ✍✏ ❃ ✄ ✆ ✭ ✵ ➠ ✥

Shostak’s Combination (p.70 of 121)

SLIDE 123

Booleans

✂

Signature.

Ù ☞ ✆ ✢ ✩ ✧ ➣ ✗ ✒ ✓ ✔✖✕✗ ✒ Ú ✟ ✤ ✒✤ ✒✤ ✏ ✥ ✂

Canonizer

➓ Ù

returns, e.g., a binary decision diagrams (ordering on variables needed)

✂

Solver. process

✠ ✭

instead of

✠ ✆ ✭ ✕➔ ✔ → ✗ ✟ ✩ ✧ ➣ ✗ ✏ ✆ ✢ ✥ ✕➔ ✔✖→ ✗ ✟ ✓ ✔ ✕ ✗ ✏ ✆ ✕➔ ✔ → ✗ ✟ Ú ✟ ✄ ✒ Û ✒ ✶ ✏ ✏ ✆ ✢ ✄ ✆ ✟ Û ✻ ✟ ✶ ❞ ✏ ✏ ✥ ❂ ✕ ➔ ✔ → ✗ ✟ Û ✼ ✶ ✏

where the

❞

’s are fresh

Shostak’s Combination (p.71 of 121)

SLIDE 124

Example: Boolean Solver

✕ ➔ ✔ → ✗ ✟ ✄ ✻ ✝ ✆ ✹ ✄ ✏ ✆ ✕ ➔ ✔ → ✗ ✟ Ú ✟ ✄ ✒ Ú ✟ ✝ ✒ ✓ ✔✖✕✗ ✒ ✩ ✧ ➣ ✗ ✏ ✒ ✓ ✔ ✕ ✗ ✏ ✏ ✆ ✢ ✄ ✆ ✩ ✧ ➣ ✗ ✥ ❂ ✕ ➔ ✔ → ✗ ✟ Ú ✟ ✝ ✒ ✓ ✔✖✕✗ ✒ ✩ ✧ ➣ ✗ ✏ ✏ ✆ ✢ ✄ ✆ ✩ ✧ ➣ ✗ ✒ ✝ ✆ ✓ ✔ ✕✗ ✥

Shostak’s Combination (p.72 of 121)

SLIDE 125

Deciding a Shostak Theory

✂

Let be a Shostak theory with canonizer

➓ ❄ ✟ ✤ ✏

and solver

✕➔ ✔✖→ ✗ ❄ ✟ ✤ ✏ ✂

We consider the validity problem

❃ ✆ ❄ ✠ ✆ ✭ ✂

Template for decision procedure

1. Build a solution set

➠ ☞ ✆ Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ★ ↕ ❫ ✒ ✏

using a finite number of

preserving transformations.
2. Compute canonical forms

✠ ❳Ø☞ ✆ ➠ Ý Ý ✠ Þ Þ

,

✭ ❳Ø☞ ✆ ➠ Ý Ý ✭ Þ Þ

3. If

✠ ❳ ❆ ✭ ❳

then Yes else No

Shostak’s Combination (p.73 of 121)

SLIDE 126

Deciding a Shostak Theory (Cont.)

✂

Canonization.

➠ Ý Ý ✠ Þ Þ ☞ ✆ ➓ ❄ ✟ ➠ ☛ ✠ ✍✏ ✂

Fusion.

➠Ôß ☞ ✆ ✢ ✠ ✆ Ý Ý ✭ Þ Þ ❃ ✠ ✆ ✭ ✵ ➠ ✥ ✂

Composition.

➠ ❪ ☞ ✆ ❪ ➠ ☞ ✆ ➠ ❪ ☞ ✆ ❂ ✟ ➠Ôß ✏ ✂

For solved forms,

➠ ❪ ➠ ✆ ➠

Shostak’s Combination (p.74 of 121)

SLIDE 127

Deciding a Shostak Theory (Cont.)

✂

Configuration

✟ ➠ ✒ ✏

consists of an equality set and a solution set

➠ ✂

Building a solution set

Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ➠ ✒ ✷ ✏ ✆ ➠ Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ✒ ✏ ✆ Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ➠ ✒ ✠ ✆ ✭ ❂ ✏ ✆ Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ✓ ✕ ✕✗ ✧ ✩ ✟✡✠ ✆ ✭ ✒ ➠ ✏ ✒ ✓ ✕ ✕✗ ✧ ✩ ✟ ✠ ✆ ✭ ✒ ➠ ✏ ✆ ➠ ❪ ✕➔ ✔✖→ ✗ ✟ ➠ Ý Ý ✠ Þ Þ ✆ ➠ Ý Ý ✭ Þ Þ ✏ ✂

For

➠ ❳ ✆ Ü ✧ ➔ ↔ ✗ ✕ ✕ ❨ ✟ ✒ ★ ↕ ❫ ✏ ❃ ✆ ❄ ✟ ✠ ✆ ✭ ✏

iff either

➠ ❳ ✆

r

➠ ❳ Ý Ý ✠ Þ Þ ❆ ➠ ❳ Ý Ý ✭ Þ Þ

Shostak’s Combination (p.75 of 121)

SLIDE 128

Soundness and Completeness

Let

➠ ❳ ☞ ✆ Ü ✧ ➔ ↔ ✗ ✕ ✕ ✟ ★ ↕ ❫ ✒ ✏

;

✂ ➠ ❳

preserves

, that is for every

interpretation

and an assignment

➞ ✒ ➞ ❃ ✆

iff there is a

➞ ❳

extending

➞

(to the variables in

→ ✓ ✧ ✕ ✟ ➠ ❳ ✏

) such that

✒ ➞ ❳ ❃ ✆ ➠ ❳ ✂

Soundness. If

➓ ❄ ✟ ➠ ❳ ☛ ✠ ✍✏ ❆ ➓ ❄ ✟ ➠ ❳ ☛ ✭ ✍✏

, then

à á â ãåä æ â ç ❰ ä æ â è ❰ é ä ê➱ë ❮ æ â è ❰ é Ð ä ê➱ë ❮ æ â è Õ é Ð ä æ â è Õ é ä Õ

Thus,

ì ➞ íïî ð î ñ

.

ò

Completeness. By contraposition. Construct a model

,

ó

such that

ì ó í î

but

ì ó íïî ð î ñ

.

Shostak’s Combination (p.76 of 121)

SLIDE 129

Soundness and Completeness (Cont.)

When

➓õô ö ➠ ÷ ø ð ùú û ü ô ö ý ÷ ø ñ ù ú ò

there is a

model

,

ó

s.t

ì ó í î ý ÷ ø ð ù î ý ÷ ø ñ ù ò þ î ý ÷ ö þ ú

for variables

þ

in

ý ÷ ø ÿ ù ò

Extend

ó

to an assignment

ó ÷

s.t

ó ÷ ö þ ú✁ î ø ø ý ÷ ö þ ú ù ù ó

if

þ î ý ÷ ö þ ú ò ì ó ÷ í î ý ÷ ì ó ÷ í î ð î ý ÷ ø ð ù ì ý ÷ ø ñ ù î ñ ò

Since

ý ÷

preserves

ö ✂ ✄ ☎ ì ú

,

ì ó í î

but

ì ó í î ð î ñ

.

Shostak’s Combination (p.77 of 121)

SLIDE 130

Shostak Theories in a NO Loop

ò

The solver and canonizer can be used to decide satisfiability of

✆

f equalities

and disequalities in convex Shostak theories.

ò

One way to do this:

✝

let

ý ÷ î ✞✟ ✠✡ ☛☞ ☞ ö ✂ ✄ ✌ ✍✎✏ ✑ ☎ ✒✔✓ ✌ ✍✎✏ ✑ ✕ ✒ ì ú

;

✝

if

ý ÷ î

then return unsatisfiable

✝

if there is a disequality

ð î ñ

in s.t.

ý ÷ ✖ ✖ ð ✗ ✗ û ý ÷ ✖ ✖ ñ ✗ ✗

then return unsatisfiable.

✝

Return satisfiable (and set of newly inferred variable equalities).

ò

Thus, convex and stably-infinite Shostak theories can be integrated with other disjoint, convex, stably-infinite theories using the NO result.

Shostak’s Combination (p.78 of 121)

SLIDE 131

Outline

ò

Abstract Congruence Closure

ò

Nelson-Oppen Combination (NO)

✝

Various Applications of NO

✝

Shostak Theories

ò

Shostak Combination

ò

Commented Bibliography

Shostak’s Combination (p.79 of 121)

SLIDE 132

Combining Shostak Theories

ò

Problem. Combination of the theory

✘

f equality
ver UIF with several disjoint Shostak theories

✙

,...,

✚

.

ò

Let

ü ✛

and

☞ ✠ ✜✣✢ ☛ ✛

be the canonizer and solver for theory

✛

.

ò

A term

ö ð ✙ ì ÿ ÿ ÿ ì ð ✚ ú

is an

✤

term if

✥ ✛

.

ò

A term

ð

is a pure

✤

term if every subterm

ñ

f

ð

is an

✤

term.

Shostak’s Combination (p.80 of 121)

SLIDE 133

Composable Shostak Theories

ò

Resolve possible semantic incompatibilities between Shostak theories.

ò

Canonical Term model

✝ ô

î

✦ ð í ü ô ö ð ú û ð ✧ ✝ ô ö ú ö ð ✙ ì ÿ ÿ ÿ ì ð ✚ ú✁ î ü ô ö ö ð ✙ ì ÿ ÿ ÿ ì ð ✚ ú ú ò

Example.

★ ✩ ✪

î

✦ ð î ñ ì ✫ þ ÿ þ î ð ✬ þ î ñ ✧

is canonizable (

ü ö ð ú î ð ì ü ö ñ ú î ñ ì ü ö þ ú î þ

) and

solvable. Its canonical term model is

✦ ð ì ñ ì þ ✙ ì ÿ ÿ ÿ ✧

but it is only satisfiable in a two-element model.

ò

A Shostak theory is composable if the canonical model

ô

is (isomorphic to) a

model.

ò

validity is convex for composable Shostak theories

Shostak’s Combination (p.81 of 121)

SLIDE 134

Convexity of Composable Theories

For a composable Shostak theory

íïî ô ✭ ✙ î ✮ ✙ ✬ ÿ ÿ ÿ ✬ ✭ ✚ î ✮ ✚

implies

íïî ô ✭✰✯ î ✮ ✯

for some

✱

.

✲

Let

✳✵✴ ✶ ✷✸ ✹✺✻ ✼ ✼ ✽ ✾ ✿❁❀ à ❂ ❃

( -preserving)

✲

(wlog

✳ ❄ ✶ ❅

) assume

❄ ❆ ✶ ë ❂ ç ❇ ❈ ✶ ❉ ❈

for all

❊ ✲

then

❄ ❆ ✶ ë ✳ ç ❇ ❈ ✶ ❉ ❈ ✲

Construct

❋✔● ✽■❍ ❃ ✴ ✶ ❏ ❑ ë è è ✳ ✽■❍ ❃ é é ❋

✳

✽■❍ ❃ ❄ ✶ ❍ ❍ ✳ ✽■❍ ❃ ✶ ❍ ✲ ë à ❋✔● ❆ ✶ ✳ ✲ ë à ❋▲● ❄ ❆ ✶ ❇ ❈ ✶ ❉ ❈

for all

❊

(because

ë è è ❇ ❈ é é ❋▲● ✶ ê ✽ ✳ è ❇ ❈ é

))

✲ ë à ❋✔● ❄ ❆ ✶ ✳ ▼ ❇ ❈ ✶ ❉ ❈

for all

❊

Shostak’s Combination (p.82 of 121)

SLIDE 135

Is this good or bad news?

ò

Shostak’s algorithm is complete for Shostak theories but a Shostak-like algorithm is not complete for the combination of

✆ ◆❖P

.

ò

Consider a Shostak theory with nonconvex

validity.

ò

Then

í î ô ð ✙ î ñ ✙ ✬ ÿ ÿ ÿ ✬ ð ✚ î ñ ✚ ò

but

íïî ô ð ✛ î ñ ✛

for

◗ ✤ ❘

.

ò

Consider:

í î ô ì ö ð ✙ ú î ✭ ì ÿ ÿ ÿ ì ö ð ✚ ú î ✭ ì ö ñ ✙ ú î ✮ ì ÿ ÿ ÿ ì ö ñ ✚ ú î ✮ ✭ î ✮ ò

Can be shown to hold by case-splitting, which Shostak does not do...

Shostak’s Combination (p.83 of 121)

SLIDE 136

Combining Canonizers

ò

...is easy: Treat alien terms as variables and apply

ü ✛

to canonize

ö ð ú

when

✥ ✛

.

ò

Let

❙ ✛

be a chosen bijective equality set between the set of variables and

✦ ð í ö ❚ ❯

❯

î ✤ ❱ ð ✥ ❲ ú ✧

.

ò

Individual canonizers for impure terms

ü ÷ ✛ ö ð ú

î

❙ ✛ ø ü ✛ ö ð ÷ ú ù ì

when

ð ÷

❙

✛ ø ð ÷ ù û ð

The combined canonizer

ü ö þ ú î þ ü ö ✛ ö ð ✙ ì ÿ ÿ ÿ ì ð ✚ ú ú î ü ÷ ✛ ö ✛ ö ü ö ð ✙ ú ì ÿ ÿ ÿ ì ü ö ð ✚ ú ú ú

Shostak’s Combination (p.84 of 121)

SLIDE 137

Combining Solvers: The Problem

...already shows up when combining Shostak theories

ò

Consider

❳ ✡❨ ✟ ö þ ❩ ú ❬ ✡ ✄ ✟ ö þ ◗ ú ❭

in

❪ ✆ ❫

.

❴

The individual theories

❪

(arithmetic) and

❫

(lists) have solvers and canonizers.

Shostak’s Combination (p.85 of 121)

SLIDE 138

The Problem (Cont.)

❴

Assume a combined solver which treats alien terms as variables and applies component solvers

☞ ✠ ✜ ✢ ☛ ❪

r

☞ ✠ ✜ ✢ ☛ ❫

according to the top-level symbol.

❴

Example

❳ ✡❨ ✟ ö þ ❩ ú ❬ ✡ ✄ ✟ ö þ ◗ ú ❭ ö ☞ ✠ ✜✣✢ ☛ ❪ ú ❵ ✡❨ ✟ ö þ ❩ ú ❬ ✡ ✄ ✟ ö þ ◗ ú ❛ ❩ ö ☞ ✠ ✜ ✢ ☛ ❫ ú ❵ þ ❩ ❬ ✡ ✠❜ ☞ ö ✡ ✄ ✟ ö þ ◗ ú ❛ ❩ ❝ ✱ ú ö ☞ ✠ ✜✣✢ ☛ ❪ ú ❵ þ ❬ ✡ ✠❜ ☞ ö ✡ ✄ ✟ ö þ ◗ ú ❛ ❩ ❝ ✱ ú ❛ ❩ ❴

but this is not a solved form:

þ

ccurs on the right.

Shostak’s Combination (p.86 of 121)

SLIDE 139

The Solution

❴

Shostak theories can be combined without combining solvers

❴

Key ideas

✝

Maintain theory-wise solution sets

✝

Communicate variable equalities as in NO

✝

Construct combined canonizer (as required in a Shostak combination)

❴

For

❪ ✆ ❫

configurations

ý

❬

ö ý ❞ ❝ ý ❡ ❝ ý ❢ ú

consist

f

✝

variable equalities

ý ❞

in canonical form

✝

a solution set

ý ❡

for the theory

❪ ✝

a solution set

ý ❢

for the theory

❫

Shostak’s Combination (p.87 of 121)

SLIDE 140

Process

✷ ✸ ✹ ✺✻ ✼ ✼ ✽ ✳✵❣ ❤ ❃ ✴ ✶ ✳ ✷ ✸ ✹ ✺✻ ✼ ✼ ✽ ✳✵❣ ✐■❥ ✶ ❦ ❧♥♠ ♦ ❃ ✴ ✶ ✷ ✸ ✹ ✺✻ ✼ ✼ ✽■♣ ✼ ✼ ✻ ✸ q ✽ ✳✵❣ ❥ ✶ ❦ ❃ ❣ ♦ ❃ ♣ ✼ ✼ ✻ ✸ q ✽ ✳ ❣ ❥ ✶ ❦ ❃ ✴ ✶ ✺ r ✹ ✼ ✻ s ✽■t ✻ ✸✉ ✻ ✽■♣ ✈ ✼ q ✸ ♣ ✺ q s ✽ ✳ ❣ ✳ ✇ ✇ ❥ ✶ ❦ é é ❃ ❃ ❃

1. Canonize

❥ ✶ ❦

w.r.t.

✳

to get

❥ ① ✶ ❦ ①

.

2. Variable abstract

❥ ① ✶ ❦ ①

: Replace

② ✽ ❍④③ à⑤ ⑤ ⑤ à ❍■⑥ ❃

by a fresh

❍

, and adding

❍ ✶ ❍

to

✳⑧⑦

and

❍ ✶ ② ✽■❍④③ à⑤ ⑤ ⑤ à ❍■⑥ ❃

to

✳⑩⑨

. Iteration yields

❍ ✶ ❶

from

❥ ① ✶ ❦ ①

.

3. Merge

❍ ✶ ❶

into

✳

to yield

✳ ⑦ ❷ ✐ ❍ ✶ ❶ ❧

, assuming

❍ ❸ ❶

.

4. Close

✳

: When

❍

,

❶

such that

✲ ✳ ⑨ ✽■❍ ❃❺❹ ✳ ⑨ ✽ ❶ ❃

but

✳❻⑦ ✽■❍ ❃ ❄ ❹ ✳ ⑦ ✽ ❶ ❃

, merge

❍ ✶ ❶

into

✳

.

✲ ✳❻⑦ ✽■❍ ❃❺❹ ✳ ⑦ ✽ ❶ ❃

but

✳ ⑨ ✽ ❍ ❃ ❄ ❹ ✳ ⑨ ✽ ❶ ❃

, merge

✼ ✹ r❽❼ ✻ ✽ ✳ ⑨ ✽■❍ ❃ ✶ ✳ ⑨ ✽ ❶ ❃ ❃

into

✳ ⑨

Shostak’s Combination (p.88 of 121)

SLIDE 141

Example

❴

Variable abstract

❳ ✡❨ ✟ ö þ ❩ ú ❬ ✡ ✄ ✟ ö þ ◗ ú ❭

to

❾➀❿ ❬ ❾➀➁ ➂➃➂ ✐ ❍ ✶ ❍ à ➄ ③ ✶ ➄ ③ à ➄♥➅ ✶ ➄ ➅ à ➄♥➆ ✶ ➄♥➇ à ➄➉➈ ✶ ➄ ➈ à ➄♥➊ ✶ ➄♥➊ à ➄ ➇ ✶ ➄♥➇ ❧ ✐ ➄ ③ ✶ ❍ ➋ ➌ à ➄♥➆ ✶ ➄♥➅ ➋ ➍ à ➄➉➈ ✶ ❍ ➋ ➎ à ➄♥➇ ✶ ➄♥➊ ➋ ➏ ❧ ✐ ➄④➅ ✶ ✺ ♣ ✸ ✽ ➄ ③ ❃ à ➄④➊ ✶ ✺ ✿ ✸ ✽ ➄ ➈ ❃ ❧ ➐➃➐ ❴

Since

❾ ❿

and

❾ ➁

are merged in

ý ❞

but not in

ý ❡

, solve

ý ❡ ➑ ❾ ❿ ú ❬ ý ❡ ➑ ❾ ➁ ú

in .

✼ ✹ r❽❼ ✻ ➒ ✽ ➄ ➅ ➋ ➍ ✶ ➄♥➊ ➋ ➏ ❃ ✶ ✐ ➄♥➅ ✶ ➄ ➊ ➓ ➌ ❧

Shostak’s Combination (p.89 of 121)

SLIDE 142

Example (Cont.)

...Result of solve was

✦ ❾➀➔ ❬ ❾➀→ ❛ ❩ ✧ ❴

Compose result

➂➃➂ ✐ ❍ ✶ ❍ à ➄ ③ ✶ ➄ ③ à ➄④➅ ✶ ➄ ➅ à ➄④➆ ✶ ➄④➇ à ➄♥➈ ✶ ➄ ➈ à ➄④➊ ✶ ➄④➊ à ➄ ➇ ✶ ➄④➇ ❧ ✐ ➄ ③ ✶ ❍ ➋ ➌ à ➄♥➆ ✶ ➄♥➊ ➋ ➏ à ➄➉➈ ✶ ❍ ➋ ➎ à ➄ ➇ ✶ ➄♥➊ ➋ ➏ à ➄♥➅ ✶ ➄ ➊ ➓ ➌ ❧ ✐ ➄♥➅ ✶ ✺ ♣ ✸ ✽ ➄ ③ ❃ à ➄♥➊ ✶ ✺ ✿ ✸ ✽ ➄ ➈ ❃ ❧ ➐➃➐ ❴

No new variable equalities to be propagated.

❴

The different solved forms of both

❾ ➔

and

❾➣→

are tolerated, since canonizer picks a solution that is appropriate to the context.

Shostak’s Combination (p.90 of 121)

SLIDE 143

Example (Cont.)

❴

Canonical state

➂➃➂ ✐ ❍ ✶ ❍ à ➄ ③ ✶ ➄ ③ à ➄♥➅ ✶ ➄ ➅ à ➄♥➆ ✶ ➄♥➇ à ➄➉➈ ✶ ➄ ➈ à ➄♥➊ ✶ ➄♥➊ à ➄ ➇ ✶ ➄♥➇ ❧ ✐ ➄ ③ ✶ ❍ ➋ ➌ à ➄♥➆ ✶ ➄♥➊ ➋ ➏ à ➄➉➈ ✶ ❍ ➋ ➎ à ➄ ➇ ✶ ➄♥➊ ➋ ➏ à ➄♥➅ ✶ ➄ ➊ ➓ ➌ ❧ ✐ ➄♥➅ ✶ ✺ ♣ ✸ ✽ ➄ ③ ❃ à ➄♥➊ ✶ ✺ ✿ ✸ ✽ ➄ ➈ ❃ ❧ ➐➃➐ ❴ ❳ ✡❨ ✟ ➑ þ ❩ ú ❵ ❳ ✡❨ ✟ ➑ ❾ ✙ ú ❵ ❳ ❾ ➔ ❵ ❭ ❾ → ❵ ❾ ➁ ❴ ✡ ✄ ✟ ➑ þ ◗ ú ❭ ❵ ✡ ✄ ✟ ➑ ❾④↔ ú ❭ ❵ ❾ → ❭ ❵ ❾ ➁

Shostak’s Combination (p.91 of 121)

SLIDE 144

Canonizer

❴ ü ✛

is only defined for pure

✤

terms.

❴ ü ↕ ✛

is the extension of

ü ✛

that deals with alien terms by treating them as variables.

❴

Canonizer for the combination of Shostak theories

✛

.

✳ ✇ ✇ ❍ é é ✶ ✳❻⑦ ✽■❍ ❃ ✳ ✇ ✇ ② ⑨ ✽ ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ ❃ é é ✶ ✳⑧⑦ ✽■❍ ❃ à

when

❍ ✶ ➙ ① ⑨ ✽ ② ⑨ ✽ ✳➛⑨ ✽ ✳ ✇ ✇ ❥ ③ é é ❃ à⑤ ⑤ ⑤ à ✳ ⑨ ✽ ✳ ✇ ✇ ❥ ⑥ é é ❃ ❃ ❃➝➜ ✳➛⑨ ✳ ✇ ✇ ② ⑨ ✽ ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ ❃ é é ✶ ➙ ① ⑨ ✽ ② ⑨ ✽ ✳ ⑨ ✽ ✳ ✇ ✇ ❥ ③ é é ❃ à⑤ ⑤ ⑤ à ✳ ⑨ ✽ ✳ ✇ ✇ ❥ ⑥ é é ❃ ❃ ❃

Shostak’s Combination (p.92 of 121)

SLIDE 145

Congruence Closure Revisited

=

P

(uninterpreted) = Deductive closure of axioms of equality

❴

Validity problem

➞ ❬ ➟ ❬ ➠ ❴

State consists of

➑ ý ❞ ➡ ý ◆ ➡ ú ✝ ý ❞

contains the variable equalities

þ ❬ ➢ ✝ ý ◆

contains equalities

þ ❬ ➑ þ ✙ ❝ ÿ ÿ ÿ ❝ þ ✚ ú ✝

contains the unprocessed input equalities.

❴ ➑ ý ❞ ➡ ý ◆ ú

together form the solution state

ý ❴ ý ❞

partitions the variables into equivalence classes

❴ þ

,

➢

are in the same equivalence class if

ý ❞ ➑ þ ú

and

ý ❞ ➑ ➢ ú

Shostak’s Combination (p.93 of 121)

SLIDE 146

Template for Shostak CC

❴

Start state

ý ✘

❬

➑ ✂ ✄ ☎ ➡ ➤ ➡ ú ❴

Compute

ý ➥ ❬ ✞ ✟ ✠ ✡ ☛ ☞ ☞ ➑ ý ✘ ú

by iterating

✷ ✸ ✹ ✺✻ ✼ ✼ ✽ ✳✵❣ ❤ ❃ ✶ ✳ ✷ ✸ ✹✺ ✻ ✼ ✼ ✽ ✳✵❣ ✐■❥ ✶ ❦ ❧♥♠ ❂ ❃ ✶ ✷ ✸ ✹ ✺✻ ✼ ✼ ✽■♣ ✼ ✼ ✻ ✸ q ✽ ✳✵❣ ❥ ✶ ❦ ❃ ❣ ❂ ❃ ♣ ✼ ✼ ✻ ✸ q ✽ ✳✵❣ ❥ ✶ ❦ ❃ ✶ ✺ r ✹ ✼ ✻ s ✽■t ✻ ✸✉ ✻ ✽■♣ ✈ ✼ q ✸ ♣ ✺ q s ✽ ✳✵❣ ✳ ✇ ✇ ❥ ✶ ❦ é é ❃ ❃ ❃ ❴

Check canonical forms:

ý ➥ ➦ ➦ ➟ ➧ ➧ û ý ➥ ➦ ➦ ➠ ➧ ➧ ❴

Present treatment a specific strategy of abstract CC.

Shostak’s Combination (p.94 of 121)

SLIDE 147

Congruence Closure Revisited (Cont.)

For each input equality

➟ ❬ ➠

and state

ý

:

1. Canonize

➟ ❬ ➠

w.r.t.

ý

to get

➟ ↕ ❬ ➠ ↕

.

2. Variable abstract

➟ ↕ ❬ ➠ ↕

: Replace

➑ þ ✙ ❝ ÿ ÿ ÿ ❝ þ ✚ ú

by a fresh

þ

, and adding

þ ❬ þ

to

ý ❞

and

þ ❬ ➑ þ ✙ ❝ ÿ ÿ ÿ ❝ þ ✚ ú

to

ý ◆

. Iteration yields

þ ❬ ➢

from

➟ ↕ ❬ ➠ ↕

.

3. Merge

þ ❬ ➢

into

ý

to yield

ý ❞ ➨ ✦ þ ❬ ➢ ✧ ➡ ý ◆ ➩ ✦ þ ❬ ➢ ✧

, assuming

þ ➫ ➢

.

4. Close

ý

: When

þ ❝ ➢

, such that

ý ◆ ➑ þ ú û ý ◆ ➑ ➢ ú

but

ý ❞ ➑ þ ú û ý ❞ ➑ ➢ ú

, merge

þ ❬ ➢

into

ý

.

Shostak’s Combination (p.95 of 121)

SLIDE 148

Example

❴

Validity problem

➞ ❬ ✦ ➑ ➑ ➑ þ ú ú ú ❬ þ ❝ þ ❬ ➑ ➑ þ ú ú ✧ ➑ þ ú ❬ þ ❴

Start state

ý ✘

❬

➑ ✦ þ ❬ þ ✧ ➡ ➤ ➡ ✦ ➑ ➑ ➑ þ ú ú ú ❬ þ ❝ þ ❬ ➑ ➑ þ ú ú ✧ ❴

Abstraction

❨ ➭ ☞ ➯ ✟ ❨ ✡ ➯ ➑ ✦ þ ❬ þ ✧ ➡ ➤ ➡ ➑ ➑ ➑ þ ➲ ➲ ➲ ❬ þ ➲ ❵ ✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾ ➔ ❬ ❾ ➔ ❝ ❾ ❿ ❬ ❾➀❿ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾➳➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾➳❿ ❬ ➑ ❾➳➔ ➲ ✧ ❾ ❿ ❬ þ

Shostak’s Combination (p.96 of 121)

SLIDE 149

Example (Cont.)

✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾ ➔ ❬ ❾ ➔ ❝ ❾ ❿ ❬ ❾➳❿ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾ ➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ ❾ ➔ ➲ ✧ ❾ ❿ ❬ þ ➵ ☛ ✟➸ ☛ ❵ ✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾➳➔ ❬ ❾➳➔ ❝ ❾➳❿ ❬ þ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾ ➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ ❾ ➔ ➲ ✧

Shostak’s Combination (p.97 of 121)

SLIDE 150

Example (Cont.)

❴

Variables

þ

,

➢

are incongruent if

✝ ý ❞ ➑ þ ➲ û ý ❞ ➑ ➢ ➲

and

✝ ý ◆ ➑ þ ➲ û ý ◆ ➑ ➢ ➲ ❴

There are no incongruences in our running example.

✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾ ➔ ❬ ❾➳➔ ❝ ❾ ❿ ❬ þ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾➀➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ ❾➀➔ ➲ ✧

Shostak’s Combination (p.98 of 121)

SLIDE 151

Example (Cont.)

✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾➳➔ ❬ ❾ ➔ ❝ ❾ ❿ ❬ þ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾ ➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾➀❿ ❬ ➑ ❾ ➔ ➲ ✧

Processing of

þ ❬ ➑ ➑ þ ➲ ➲

. Canonization and orientation yield

❾➀➔ ❬ þ

, which is merged

✦ þ ❬ þ ❝ ❾ ✙ ❬ ❾ ✙ ❝ ❾➳➔ ❬ þ ❝ ❾➳❿ ❬ þ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾➀➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ þ ➲ ✧

The incongruence between

❾ ✙

,

❾ ❿

is fixed by close

ý ➥

❬

✦ þ ❬ þ ❝ ❾ ✙ ❬ þ ❝ ❾ ➔ ❬ þ ❝ ❾ ❿ ❬ þ ✧ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾➀➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ þ ➲ ✧

Shostak’s Combination (p.99 of 121)

SLIDE 152

Example (Cont.)

❴

Canonical form

ý ➦ ➦ ➟ ➧ ➧

f a term

➟

with respect to

ý ✳ ✇ ✇ ❍ é é ✶ ✳❻⑦ ✽■❍ ❃ ✳ ✇ ✇ ② ✽ ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ ❃ é é ✶ ✳❻⑦ ✽■❍ ❃ à

when

❍ ✴ ❍ ✶ ② ✽ ✳ ✇ ✇ ❥ ③ é é à⑤ ⑤ ⑤ à ✳ ✇ ✇ ❥ ⑥ é é ❃ ➜ ✳ ✳ ✇ ✇ ② ✽ ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ ❃ é é ✶ ② ✽ ✳ ✇ ✇ ❥ ③ é é à⑤ ⑤ ⑤ à ✳ ✇ ✇ ❥ ⑥ é é ❃ à

therwise.

❴

Example

ý ➥

❬

✦ þ ❬ þ ❝ ❾ ✙ ❬ þ ❝ ❾➳➔ ❬ þ ❝ ❾ ❿ ❬ þ ✧ ➡ ✦ ❾ ✙ ❬ ➑ þ ➲ ❝ ❾ ➔ ❬ ➑ ❾ ✙ ➲ ❝ ❾ ❿ ❬ ➑ þ ➲ ✧ ❴

Now,

ý ➥ ➦ ➦ ➑ þ ➲ ➧ ➧ û þ û ý ➥ ➦ ➦ þ ➧ ➧

Shostak’s Combination (p.100 of 121)

SLIDE 153

Multi-Shostak

❴

Consider the union

❬ ✚ ✛➻➺ ✘ ✛

f the equality theory
f

✘

for UIF and a set of disjoint, composable Shostak theories

✛

(

✤ ❬ ◗ ❝ ÿ ÿ ÿ ❝ ❘

)

❴

An

➼

model of

is a model whose reduct w.r.t

✛

is a

✛

model for every

✤ ❬ ◗ ❝ ÿ ÿ ÿ ❝ ❘

.

❴

Validity problem

➞ ❬ ❖ ➟ ❬ ➠

Shostak’s Combination (p.101 of 121)

SLIDE 154

Multi-Shostak: Process

Decision procedure

1. Compute

ý ➥

❬

✞✟ ✠✡ ☛☞ ☞ ➑ ✂ ✄ ☎ ➡ ➲ ✷ ✸ ✹ ✺✻ ✼ ✼ ✽ ✳✵❣ ❤ ❃ ✶ ✳ ✷✸ ✹✺ ✻ ✼ ✼ ✽ ✳✵❣ ❂ ❃ ✶ ❅ à

when

➽ ✴ ✳ ⑨ ✶ ❅ ✷ ✸ ✹✺ ✻ ✼ ✼ ✽ ✳✵❣ ✐ ❥ ✶ ❦ ❧♥♠ ❂ ❃ ✶ ✷ ✸ ✹✺ ✻ ✼ ✼ ✽■♣ ✼ ✼ ✻ ✸ q ✽ ✳ ❣ ❥ ✶ ❦ ❃ ❣ ❂ ❃ ♣ ✼ ✼ ✻ ✸ q ✽ ✳✵❣ ❥ ✶ ❦ ❃ ✶ ✺ r ✹ ✼ ✻ s ✽ t ✻ ✸✉ ✻ ⑦ ✽■♣ ✈ ✼ q ✸ ♣ ✺ q s ✽ ✳✵❣ ❥ ① ✶ ❦ ① ❃ ❃

where

❥ ① ✶ ✳ ✇ ✇ ❥ é é à ❦ ① ✶ ✳ ✇ ✇ ❦ é é

2. If

ý ➦ ➦ ➟ ➧ ➧ û ý ➦ ➦ ➠ ➧ ➧

then Yes else No

Shostak’s Combination (p.102 of 121)

SLIDE 155

Canonical Solution States

❴

Invariants

✝ ý ❞

is functional and idempotent

✝ ý ✘

is functional and normalized (

ý ✘ ➩ ý ❞ ❬ ý ✘

)

✝ ý ✛

(

✤➀➾ ➚

) are (functional) solution sets, idempotent, normalized (

ý ✛ ➩ ý ❞ ❬ ý ✛

)

❴

A solution state

ý

is confluent if for all

þ ❝ ➢ ✥ ✄ ✠ ➵ ➑ ý ❞ ➲

and

➚ ✤

:

ý ❞ ➑ þ ➲ û ý ❞ ➑ ➢ ➲ ý ✛ ➑ þ ➲ û ý ✛ ➑ ➢ ➲ ❴

A canonical solution state

ý

is confluent and satisfies the invariants above.

Shostak’s Combination (p.103 of 121)

SLIDE 156

Multi-Shostak: Process

❴ ❨ ➭ ☞ ➯ ✟ ❨ ✡ ➯

Replace maximal pure

✤

term

✭

with fresh variable

þ

, adding

þ ❬ ✭

to

ý ✛

.

❴ ➵ ☛ ✟➸ ☛ ❞ ý ❞ ➡ ý ◆ ➡ þ ❬ ➢ ❵ ý ❞ ➨ ✦ þ ❬ ➢ ✧ ➡ ý ◆ ➩ ✦ þ ❬ ➢ ✧ ❴ ➵ ☛ ✟➸ ☛ ✛ ý ✛ ➡ þ ❬ ➢ ❵ ý ✛ ➨ ✛ ☞ ✠ ✜✣✢ ☛ ➑ ý ✛ ➑ þ ➲ ❬ ý ✛ ➑ ➢ ➲ ➲ ❴ ✡ ✜ ✠ ☞ ☛ ➑ ý ➲

Apply

➵ ☛ ✟➸ ☛ ✛

r

➵ ☛ ✟➸ ☛ ❞

to restore canonicity.

Shostak’s Combination (p.104 of 121)

SLIDE 157

Multi-Shostak: Abstraction

♣ ✈ ✼ q ✸ ♣ ✺ q ✽ ✳✵❣ ❍ ✶ ❶ ❃ ✶ ✽ ✳✵❣ ❍ ✶ ❶ ❃ à ♣ ✈ ✼ q ✸ ♣ ✺ q ✽ ✳✵❣ ❥ ✶ ❦ ❃ ✶ ✽ ✳ ① ❣ ✐ ❇ ✶ ❍ ❧ ✇ ❥ é ✶ ✐ ❇ ✶ ❍ ❧ ✇ ❦ é ❃

when

✳ ① à ❇ à ❍ à ➽ ✴ ✽ ❇ ❹ ②➛➪ ✽■❍♥③ à⑤ ⑤ ⑤ à ❍✣⑥ ❃

r

❇ ➜ t ♣➶ ✽➹ ➹ ❥ ✶ ❦ ➘ ➘ ⑨ ❃ ✽ ➽➷➴ ➬ ❍ ❄ ➜ ❼ ♣ ✸ ✼ ✽ ✳ ♠ ❥ ✶ ❦ ❃ à ✳ ① ⑦ ✶ ✳❻⑦ ♠ ✐ ❍ ✶ ❍ ❧ à ✳ ① ⑨ ✶ ✳ ⑨ ♠ ✐ ❍ ✶ ❇ ❧ à ✳ ①➱➮ ✶ ✳ ➮ à

for

à ➽ ❄ ✶ ✃ ❴ ➵ ❨ ❐ ➑❒ ❒ ➟ ❬ ➠ ❮ ❮ ✛ ➲

is a maximal pure

✤

term

❴

If

❰ ➑ÐÏ ➲

in

➑ ❰ ➑ Ï ➲ ➲

is replaced with

➢

and

➑ ➢ ➲

by

Ñ

then { y = g(x), z = f(y) } is not idempotent (

Ò ➾ ➚

).

Shostak’s Combination (p.105 of 121)

SLIDE 158

Multi-Shostak: Close

✺ r ✹ ✼ ✻ ✽ ✳ ❃ ✶ ✳ à

when

➽ ✴ ✳ ⑨ ✶ ❅ ⑨ ✺ r ✹ ✼ ✻ ✽ ✳ ❃ ✶ ✳ ① à

when

✳ ① à ➽ à ❍ à ❶ ✴ ❍ à ❶ ➜ ✿ ✹ t ✽ ✳❻⑦ ❃ à ✽ ➽➷➴ ➬ à ✳⑧⑦ ✽ ❍ ❃ ❹ ✳⑧⑦ ✽ ❶ ❃ à ✳ ⑨ ✽■❍ ❃ ❄ ❹ ✳ ⑨ ✽ ❶ ❃ à

and

✳ ① ✶ t ✻ ✸✉ ✻ ⑨ ✽ ✳✵❣ ❍ ✶ ❶ ❃ ❃

r

✽ ➽ Ó ➬ à ✳❻⑦ ✽■❍ ❃ ❄ ❹ ✳❻⑦ ✽ ❶ ❃ à ✳ ⑨ ✽■❍ ❃❺❹ ✳ ⑨ ✽ ❶ ❃ à

and

✳ ① ✶ t ✻ ✸✉ ✻ ⑦ ✽ ✳✵❣ ✳❻⑦ ✽■❍ ❃ ✶ ✳❻⑦ ✽ ❶ ❃ ❃ ❃ ✺ r ✹ ✼ ✻ ✽ ✳ ❃ ✶ Ô ✹✸ t ♣ r ✾ÖÕ ✻ ✽ ✳ ❃ à

therwise.

Ô ✹ ✸ t ♣ r ✾ Õ ✻ ✽ ✳ ❃ ✶ ✽ ✳ ⑦ ❣ ✳ ➪ ❣ ✳ ③ × ✳❻⑦ ❣ ⑤ ⑤ ⑤ ❣ ✳❻Ø × ✳❻⑦ ❃ ⑤

Shostak’s Combination (p.106 of 121)

SLIDE 159

Multi-Shostak: Merge

t ✻ ✸✉ ✻ ⑨ ✽ ✳ ❣ ❍ ✶ ❶ ❃ ✶ ✳ ① à

where

➽ ➴ ➬ à ✳ ① ⑨ ✶ ✳ ⑨ ❷ ⑨ ✼ ✹ r ❼ ✻ ✽ ✳➛⑨ ✽■❍ ❃ ✶ ✳ ⑨ ✽ ❶ ❃ ❃ à ✳ ①➱➮ ✶ ✳ ➮ à

for

➽ ❄ ✶ ✃ à ✳ ① ⑦ ✶ ✳❻⑦ ⑤ t ✻ ✸✉ ✻ ⑦ ✽ ✳✵❣ ❍ ✶ ❍ ❃ ✶ ✳ t ✻ ✸✉ ✻ ⑦ ✽ ✳ ❣ ❍ ✶ ❶ ❃ ✶ ✽ ✳❻⑦ ❷ Ù ❣ Ú ➪ × Ù ❣ Ú ③ ❣ ⑤ ⑤ ⑤ ❣ Ú❻Ø Û

where

ÙÝÜ Þß àÖá Ô q â■ã Ü ❶ Û ⑤

Shostak’s Combination (p.107 of 121)

SLIDE 160

Multi-Shostak: Canonizer

Given a canonical state

ä ❞ ➡ äæå ➡➛ç ç ç ➡ ä è

, a combined canonizer can be defined as:

Ú ✇ ✇ ã é éëê Ü Ú❻⑦ â■ã Û Ú ✇ ✇ ② ⑨ â ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ Û é é ê Ü Ú⑧⑦ â■ã Û à

when

ã Ü ➙ ① ⑨ â ② ⑨ â Ú➛⑨ â Ú ✇ ✇ ❥ ③ é é Û à⑤ ⑤ ⑤ à Ú ⑨ â Ú ✇ ✇ ❥ ⑥ é é Û Û Û➝➜ Ú ⑨ Ú ✇ ✇ ② ⑨ â ❥ ③ à⑤ ⑤ ⑤ à ❥ ⑥ Û é é ê Ü ➙ ① ⑨ â ② ⑨ â Ú ⑨ â Ú ✇ ✇ ❥ ③ é é Û à⑤ ⑤ ⑤ à Ú➛⑨ â Ú ✇ ✇ ❥ ⑥ é é Û Û Û

with

➙ ➪ â ❥ Û Ü ❥

and

Ú ➪ â ❥ Û Ü ❥

.

Shostak’s Combination (p.108 of 121)

SLIDE 161

Termination

❴ ä ➦ ➦ ➟ ❬ ➠ ➧ ➧

is terminating

❴ ❨ ➭✣ì ➯Öíî ï ➯ ➥ ➑ ä ➡ ➟ñð ➠ ➲

is terminating

❴ ï ò✣ó ìô ➥ ➑ ä ➲

terminates, because the sum of the number

f equivalence classes over variables in

õ ó ➵ ➑ ä ❞ ➲

decreases in each iteration.

Shostak’s Combination (p.109 of 121)

SLIDE 162

Soundness and Completeness

Theorem. Let

with signature be the union of

ö

the theory

å

f UIF

ö

and

÷

(

Ò ð ø ù ç ç ç ù ú

) be disjoint, composable Shostak theories. Furthermore, let

ö ä ➥ û ð ü í ó ï ô ì ì ➥ ➑þý õ ÿ ➡ ➲

and

ö ➼ ð ✁ ø ç ç ç ù ú ✂

; then:

✄ ð ☎ ✆ ð ✝

iff either

ä ✞ ð

r

ä ✞ ✟ ✟ ✆ ✠ ✠ ✡ ä ✞ ✟ ✟ ✝ ✠ ✠

Shostak’s Combination (p.110 of 121)

SLIDE 163

Proof Outline

ö

If

ä ☛ û ð ü í ó ï ô ì ì ☞ ý õ ÿ ✌ ✍

, then

ä ☛ ✎

preserves

.

ö

Soundness. if

ä ✟ ✟ ✆ ✠ ✠ ✡ ä ✟ ✟ ✝ ✠ ✠

, then

✄ ð ☎ ä ☛ ✆ ð ä ☛ ✟ ✟ ✆ ✠ ✠ ð ä ☛ ✟ ✟ ✝ ✠ ✠ ð ✝

Thus,

✄ ð ☎ ✆ ð ✝ ö

Completeness. by contraposition:

if

ä ☛ ✟ ✟ ✆ ✠ ✠ ✡ ä ☛ ✟ ✟ ✝ ✠ ✠

then

✄ ð ☎ ä ☛ ✆ ð ✝

for canonical

ä ☛

.

ö

Construct an

✎

model

✏ ✑

,

✒ ✏ ✑

s.t.

✏ ✑ ù ✒ ✏ ✑ ✄ ð ä ☛

but

✏ ✑ ù ✒ ✏ ✑ ✄ ð ✆ ð ✝

Shostak’s Combination (p.111 of 121)

SLIDE 164

Canonical Term Model

ö

Definition

✓ ✏ ✑ û ð ✁✕✔ ✖ ☞ ù ✗ î í ì ☞ ä ☛ ✍ ✍ ✄ ä ☛ ✟ ✟ ✔ ✠ ✠ ✡ ✔ ✂ ✓ ✏ ✑ ☞ ✍ ☞ ✔✙✘ ù ç ç ç ù ✔ è ✍ û ð ä ☛ ✟ ✟ ☞ ✔ ✘ ù ç ç ç ù ✔ è ✍ ✠ ✠ ✓ ✒ ✏ ✑ ☞ÐÏ ✍ û ð ä✛✚ ☞ÐÏ ✍ ö

Properties

✓ ✏ ✑ ✟ ✟✕✜ ✠ ✠ ✒ ✏ ✑ ð ä ☛ ✟ ✟✕✜ ✠ ✠ ✓ ✏ ✑ ù ✒ ✏ ✑ ✄ ð ä ☛ ✓ ✏ ✑

is an

✎

model, since

✏ ✑

is isomorphic to

÷

for each

Ò

(

ø Ò ú

) and

Ò

is composable.

ö

Corollary:

✎

validity is convex.

Shostak’s Combination (p.112 of 121)

SLIDE 165

Canonical Term Model (Cont.)

The canonical term model

✏

is isomorphic to the canonical

Ò

model

÷ ö

The isomorphism

✢ ÷

is defined between

✏

(all S-canonical terms) and

÷

(all

✣

canonical terms) so

that

✢ ÷ ☞✕✤ ✍ ð ✆ ☛

where

✥ ÷ ☞ ✆ ☛ ✍ ð ä ÷ ☞ ✤ ✍ ✢ ÷ ☞ ÷ ☞ ✦ ✝ ✍ ✍ ð ÷ ☞ ✢ ÷ ☞ ✦ ✝ ✍ ✍ ✢ ÷ ☞ ✧ ☞ ✦ ✝ ✍ ✍ ð ✥ ★ ✘ ÷ ☞ ✧ ☞ ✦ ✝ ✍ ✍ ✩ ð ✣ ö

Need to show that

✢ ÷ ☞ ✏ ☞ ÷ ✍ ☞ ✆ ✍ ✍ ð ÷ ☞ ÷ ✍ ☞ ✢ ÷ ☞ ✆ ✍ ✍

for

✆ ✖ ✏

Shostak’s Combination (p.113 of 121)

SLIDE 166

Summary

ö

Decision procedure based on Shostak’s ideas for the combination of equality over UIF and disjoint, composable Shostak theories.

ö

Key idea: separate solution sets for individual theories.

ö

Variable dependencies can be cyclic across theories.

ö

Shostak combination an instance of NO combination.

ö

Added advantage is a global canonizer.

Shostak’s Combination (p.114 of 121)

SLIDE 167

ICS: Integrated Canonizer and Solver

ö

A variant of the Shostak combination described here is implemented in ICS.

ö

The theory supported by ICS currently includes:

✓

Equality and disequality.

✓

Rational and integer linear arithmetic.

✓

Theory of tuples, S-expressions

✓

Boolean constants.

✓

Array theory

✓

Theory of bitvectors

ö

Available free of charge for noncommercial applications under the ICS license agreement. ics.csl.sri.com

Shostak’s Combination (p.115 of 121)

SLIDE 168

Bibliography

ö

Armando, A., Ranise, S., and Rusinowitch, M., “A rewriting approach to satisfiability procedure”, IC’02. deriving decision procedures

ö

Baader, F. and Tinelli, C., “Deciding the word problem in the union of equational theories”, IC’02. theories sharing constructors

ö

Bachmair, L., Tiwari, A., and Vigneron, L., “Abstract congruence closure”, JAR’02. Abstract CC, specializations, complexity

ö

Barrett, C. W., Dill, D. L., and Stump, A., “A generalization of Shostak’s method for combining decision procedures”, FroCoS’02. Shostak in NO procedure, convexity and stably-infiniteness

Shostak’s Combination (p.116 of 121)

SLIDE 169

Bibliography

ö

Bjorner, N. S., “Integrating decision procedures for temporal verification”, PhD Thesis’98. general results plus proedures for individual theories

ö

Cyrluk, D., Lincoln, P., and Shankar, N., “On Shostak’s decision procedure for combination of theories”, CADE’96. Shostak’s CC, Single theory with UIF

ö

Downey, P. J., Sethi, R., and Tarjan, R. E., “Variations

n the common subexpression problem”, JACM’80.

CC + linear variant

ö

Ganzinger, H., “Shostak Light”, CADE 2002. Th + UIFs, convexity also necessary, stably-infiniteness not required, sigma-models indistinguishable

Shostak’s Combination (p.117 of 121)

SLIDE 170

Bibliography

ö

Halpern, J. Y., “Presburger arithmetic with unary predicates is

✘ ✘

complete”, JSC’91.

undecidability by adding predicates

ö

Kapur, D., “Shostak’s congruence closure as completion”, RTA’97. CC algorithm

ö

Kapur, D., “A rewrite rule based framework for combining decision procedures”, FroCoS’02. Shostak combination

ö

Lynch, C. and Morawska, B., “Automatic decidability”, LICS’02. deriving decision procedures and complexity

Shostak’s Combination (p.118 of 121)

SLIDE 171

Bibliography

ö

Nelson, G. and Oppen, D., “Simplification by cooperating decision procedures”, ACM TOPLAS’79. Combination result, specific theories

ö

Nelson, G. and Oppen, D., “Fast decision procedures based on congruence closure”, JACM’80. CC, theory of lists

ö

Oppen, D. C., “Complexity, convexity, and combination of theories”, TCS’80. NO main theorem, complexity, special theories

ö

Pratt, V. R., “Two easy theories whose combination is hard”, MIT TR’77. validity hard for a combination of non-convex PTIME theories

Shostak’s Combination (p.119 of 121)

SLIDE 172

Bibliography

ö

Rueß, H. and Shankar, N.,“Deconstructing Shostak”, LICS’01. Shostak theory + UIF–the Shostak way

ö

Shankar, N. and Rueß, H., “Combining Shostak theories”, RTA’02. Multiple Shostak theory combination

ö

Shostak, R. E., “An efficient decision procedure for arithmetic with function symbols”, SRI TR’77. arithmetic + UIFs

ö

Shostak, R. E., “Deciding combinations of theories”, JACM’84. Shostak theory + UIF

Shostak’s Combination (p.120 of 121)

SLIDE 173

Bibliography

ö

Stump, A., Dill, D., Barrett, C., and Levitt, J., “A decision procedure for extensional theory of arrays”, LICS’01. theory of arrays

ö

Tinelli, C. and Ringeissen, C., “Unions of non-disjoint theories and combinations of satisfiability procedures”, Elveiser Science’01. New advances for non-disjoint combinations

ö

Tiwari, A., “Decision procedures in automated deduction”, PhD Thesis’00. Shostak theories in NO framework

Shostak’s Combination (p.121 of 121)