A Combination Method for Generating Interpolants

1
A Combination Method for Generating Interpolants

• Greta Yorsh
• Madan Musuvathi

Tel Aviv University, Israel Microsoft Research,
Redmond, US
CAV05
2
Craig Interpolation Theorem

• A, B first-order formulas
• If A ? B ? ?
• then there exists a first-order formula C
• A ? C
• C ? B ? ?
• C refers only to AB-common symbols
• C is an interpolant for (A,B)

3
Motivation

• Abstraction
• forget some information about the system
• preserve enough information to show that
• an error state is not reachable
• Interpolation
• forget some information about A
• preserve enough information to show that
• B is unsatisfiable

4
Motivation

• Bounded Model Checking McMillan, CAV03
• abstraction of reachable states
• completeness

error
initial
5
Motivation

• Bounded model checking McMillan, CAV03
• propositional (hardware) and first-order
  (software)
• Predicate abstraction refinement HJMS, POPL04
  
• first-order
• Computation of the abstract transition relation
  McMillan et al., CAV05
• propositional
• Exploit provers ability to focus on relevant
  facts

6
Interpolant Generation

• Craig interpolation theorem 57
• (full) first-order logic
• existence of interpolants (cut elimination)
• Pudlak 95, Krajicek 95
• propositional logic
• Pudlak 95
• linear inequalities (LI)
• McMillan TACAS04
• uninterpreted functions (UF)
• the combinated theory of UF and LI (with boolean
  combinations)

7
Nelson-Oppen Combination Method

• Satisfiability in a combined theory 79
• Given
• P1 is a decision procedure for satisfiability in
  T1
• P2 is a decision procedure for satisfiability in
  T2
• Combines P1 and P2 into a decision procedure for
  satisfiability in the combined theory T T1 ? T2

8
Interpolant Generation in Combined Theory

• Given
• P1 interpolant generation procedure for T1
• P2 interpolant generation procedure for T2
• How to combine P1 and P2 into an interpolant
  generation procedure for the combined theory T
  T1 ? T2 ?

9
Outline

• Notations
• Partial interpolants
• Example
• Equality-interpolating theories
• Conclusions

10
First-Order Theory T

• ?T entailment modulo theory T
• ? signature
• constant, function and relation symbols
• equality
• L is a set of ?-formulas
• assume L is (quantifier free) conjunction of
  ?-literals
• ? ? ? interpreted symbols
• theory of linear inequalities , lt
• theory of Lisp structures car, cdr, cons, atom

11
Example Theories

• UF Uninterpreted Functions
• ? contains uninterpreted function symbols
  f,g,...
• ? is empty
• example f(a,b) g(c)
• LI - Linear Inequalities
• ? contains , lt , 0, 1, 2, ...
• example a lt b 2c
• Lisp structures
• ? car, cdr, cons, atom
• example car(a) cons(car(b),cdr(c))

12
Theory-Specific Interpolants

• A, B are formulas in L
• If A ? B ?T ?
• then there exists a formula C in L
• A ?T C
• C ? B ?T ?
• C refers only to AB-common symbols or to symbols
  in ?
• C is an interpolant in theory T for (A,B)

13
Example Lisp Structures

• A-local symbols a, car,cdr,atom
• B-local symbols b, cons
• AB-common symbols c1,c2,c3
• ? is car, cdr, cons, atom

• Interpolant for (A,B) in Lisp theory is c1
  cons(c2,c3)

14
Combined Theory T

• First-order theory T defined as a combination of
  T1 and T2
• T is T1 ? T2
• (union of axioms / intersection of sets of
  models)
• ? is ?1 ? ?1
• ? is ?1 ? ?2
• disjoint signatures ?1 ? ?2 is

15
Interpolants in Combined Theory

• A is (f(x1) x2 x3)?(f(y1) y2 y3)?(y1 ?
  x1)
• B is (x2 g(b))?(y2 g(b))?(x1 ? y1)?(x3 lt y3)

• Purify A and B separately
• AUF ? ALI is the result of purify(A)
• BUF ? BLI is the result of purify(B)

T is UF ? LI
16
Interpolants in Combined Theory

• Find an interpolant C for (A,B)
• C in ?UF ? ?LI
• C uses only AB-common symbols or interpreted
  symbols ?UF ? ?LI
• (,lt, x1,x2,x3,y1,y2,y3)

T is UF ? LI
17
Interpolant Generation in Combined Theory

• Given
• P1 is a decision procedure for T1
• P2 is a decision procedure for T2
• Combine P1 and P2 into an interpolant generation
  procedure for the combined theory T T1 ? T2

18
Requirements

• Requirement on procedure P1 (same for P2)
• P1 is a decision procedure for satisfiability of
  T1
• if input is satisfiable P1 generates a new
  consequence (equality between variables)
• if input of the form A?B is unsatisfiable in T1,
  P1 generates an interpolant for A and B in T1
• Requirement on T1 (and T2)
• stably-infinite
• convex
• equality-interpolating

19
Equality Propagation
PUF
PLI
x2y2
?
CLI
CLI is interpolant for ALI?(a1a2) and
BLI?(x2y2) CLI is x2-y2 x3-y3 CLI is
not an interpolant for (A,B)
20
Observation

• CLI is interpolant for ALI?(a1a2) and
  BLI?(x2y2)
• CLI is not an interpolant for (A,B)
• ALI ? (a1a2) ?T CLI but A ? T CLI
• a1a2 follows from A ? B, but not A alone
• How to lift CLI to an interpolant for (A,B) ?

21
The idea

• Whenever a new equality generated by a component
  procedure P1 (or P2),
• P1 also generates a formula ?
• explains the equality
• uses only AB-common symbol
• partial interpolant
• An interpolant for (A,B) in UF?LI is a boolean
  combination of CLI and ?,...,?

22
Theory-Specific Partial Interpolants
A1 ? B1
? ?

• A1? B1 ?T1 xy
• A1 ? B1 ? ?(xy) ?T1 ?

P1
xy
23
Theory-Specific Partial Interpolants
A1 ? B1
xy
? ?

• A1? B1 ?T1 xy
• A1 ? B1 ? ?(xy) ?T1 ?

• CT1(xy) a theory-specific
• partial interpolant of xy
• for A1 and B1 in theory T1
• interpolant for A1 and B1 ??(xy)
• if x,y ? B-local ? AB-common
• interpolant for A1 ??(xy) and B1
• if x,y ? A-local ? AB-common

P1
CT1
24
Partial Interpolants
(aa)?A1 ? B1?(bb)

• CT1(xy) is a theory-specific
• partial interpolant of xy
• for A1?(aa) and B1?(bb)
• in theory T1
• C(xy) a partial interpolant
• of xy for A and B in T1?T2
• is a boolean combination of
• CT1(xy) and C(aa) and C(bb)

P1
CT1(xy)
?
25
Example
y1 lt x1
PUF
PLI
y1 ? x1
CUF(a1a2) for AUF and BUF?(x1y1) is an
interpolant for AUF??(a1a2) and BUF?(x1y1)
?(x1 y1)
?(x1y1) ? y1 ? x1
C(a1a2) for A and B is CUF(a1a2) ? C(x1y1)
26
Example
y1 lt x1
PUF
PLI
y1 ? x1
CLI(?) interpolant for ALI?(a1a2) and
BLI?(x2y2) CLI(?) is x2-y2 x3-y3
C(?) for A and B is x2-y2x3-y3 ? y1ltx1
27
Example
y1 lt x1
PUF
PLI
y1 ? x1
x2-y2x3-y3 ? y1ltx1
An interpolant C for A and B is
28
Theory-Specific Partial Interpolants
A1 ? B1

• CT1(e) a theory-specific
• partial interpolant of e
• for A1 and B1 in theory T1
• interpolant for A1 and B1 ??e
• if e ? B-local ? AB-common
• interpolant for A1 ??e and B1
• if e ? A-local ? AB-common
• if e is ab
• a is A-local, b is B-local
• interpolant for A1 and B1 ??(ab) ?
• interpolant for A1 ??(ab) and B1 ?

P1
... to B or not to B ?
CT1(e)
29
Equality-Interpolating Theory

• If A ? B ?T (a b)
• a is A-local, b is B-local
• then there exists a term t
• A ? B ?T (a t) ? (t b)
• t refers to AB-common symbols only
• Equality-interpolating UF, LI, Lisp
• easy to extend the existing decision procedures
  to generate such terms t

30
Requirements

• Requirement on P1 (and P2)
• P1 is a decision procedure for satisfiability of
  T1
• if input is satisfiable P1 generates a new
  consequence (equality between variables)
• if input of the form A?B is unsatisfiable in T1,
  P1 generates an interpolant for A and B in T1
• Requirement on T1 (and T2)
• stably-infinite
• convex
• equality-interpolating

31
Summary

• A method for generating interpolants for combined
  theories
• interpolant-generation procedures P1, P2 used as
  black-boxes
• on top of a Nelson-Oppen procedure
• propagate partial interpolants
• equality-interpolating theories
• Can be integrated within existing tools
• Simplify, Verifun, ICS, CVCLite, Zap
• Extensions
• arbitrary quantifier-free formulas, non-convex
  theories, non-disjoint signatures, quantifiers
• Application to software model-checking
• More support for operations modulo theories
• join, widening, predicate abstraction,
  counter-example generation