Producing Conflict Sets for Combinations of Theories

Producing Conflict Sets forCombinations of Theories

S. Ranise, C. Ringeissen, and D.-K. Tran

1LORIA & INRIA-LorraineNancy (France)

2Dipartimento di InformaticaUniversità degli Studi di Milano

Milano (Italia)

Seattle, August 22, 2006

(LORIA–INRIA-Lorraine & UniMi) Conflict Sets for Combinations of Theories PDPAR’06 1 / 15

Outline

1 Context

2 This work

3 First Contribution: conflict sets in combination of theories

4 Second Contribution: “minimality” of conflict sets in combinedtheories

5 Summary

Outline

1 Context

2 This work

5 Summary

Outline

1 Context

2 This work

5 Summary

Outline

1 Context

2 This work

5 Summary

Outline

1 Context

2 This work

5 Summary

Context

Satisfiability Modulo Theory (SMT) Tools

Efficient (in practice) tools to check the satisfiability of arbitraryBoolean combinations of ground atoms modulo a backgroundtheory T

Based on the integration of a Boolean solver (used to enumerateBoolean assignments) and adecision procedure for the background theory T (used to pruneunsatisfiable assignments wrt. T )

Efficiency obtained (among other techniques) by minimizing thenumber of calls to the decision procedure for T ... How?The decision procedure for T is required to compute explanationsof the unsatisfiability of the input set S of ground literals

explanations of the unsatisfiability of S = “small” subset of S whichis still unsatisfiable in T

Context

Computing Conflict Sets

QUESTION : How to lift decision procedures solving thesatisfiability problem in a theory T to also return conflict sets?

PARTIAL ANSWER : Someproposals [Fon04, dMRS04, NO05, ST05] when T is a singletheory (T = “theory of uninterpreted function symbols”)

STILL UNANSWERED : how to compute conflict sets incombinations of theories, e.g. T = T1 ∪ T2?

REMARK : all the proposed solutions compute “small ” but notnecessarely minimal conflict sets

minimal conflict set CS = there is no CS′ ⊂ CS which isunsatisfiable in T to ensure efficiency... NP-hard for the theory ofuninterpreted function symbols!

Context

This work

Two contributions

1 Modular computation of conflict sets in combinations of theoriesby extending the Nelson-Oppen combination schema [NO79] viathe concept of explanation graphs

2 Study of the relationship between the computed “small” conflictsets and minimal ones via the concept of quasi-conflict set

This work

Two contributions

1 Modular computation of conflict sets in combinations of theoriesby extending the Nelson-Oppen combination schema [NO79] viathe concept of explanation graphs

2 Study of the relationship between the computed “small” conflictsets and minimal ones via the concept of quasi-conflict set

First Contribution: conflict sets in combination of theories

Explanation graph

Intuition: a labelled graph (V ,E) whereV is a set of constants (occurring in the input set of literals)E is an elementary equality (i.e., an equality between constants)labels are explanations of elementary equalities

An explanation EX for an elementary equality x = y is such thatEX is satisfiable in the background theory TT ∪ EX |= x = y

An explanation EX for an elementary equality x = y is minimal iffthere is no EX ′ ⊂ EX which is an explanation for x = y

Property

An explanation EX is minimal for x = y iff EX ∪ x 6= y is a minimalconflict set.

Explanation graph

Property

Explanation graph

Property

An explanation graph at work: congruence closure

Init Ω; E ; G `Ω; E ; Insert(G, z = z ′, z = t , z ′ = t)

z = t , z ′ = t ∈ Ωz 6= z ′, (z, z ′) /∈ CP(G)

Ins Ω; E ∪ x = x ′; G `Ω; E ; Insert(G, x = x ′, x = x ′)if x 6= x ′, (x , x ′) /∈ CP(G)

Skip Ω; E ∪ x = x ′; G `Ω; E ; Gif x = x ′ or (x , x ′) ∈ CP(G)

An explanation graph at work: congruence closure(cont’d)

Cong Ω; E ; G `Ω; E ; Insert(G, z = z ′, z = t , z ′ = t ′ ∪

⋃j∈Jyj = y ′

z = t ≡ f (y1, . . . , yn), z ′ = t ′ ≡ f (y ′

1, . . . , y′n) ∈ Ω

z 6= z ′, (z, z ′) /∈ CP(G)I, J is a partition of 1, . . . ,n such that J 6= ∅ and(∀i ∈ I : yi = y ′

i ), (∀j ∈ J : (yj , y ′j ) ∈ CP(G))

Similar to the approach (based on proof forests) in [NO05] ...

Nelson-Oppen schema [NO79] with explanationgraphs

GOAL : compute conflict sets for T1 ∪ T2 whenthe theory Ti is convex, stably-infinite, for which a satisfiabilityprocedure is availableT1 and T2 are signature-disjoint

Intuition : the Nelson-Oppen method consists in exchangingentailed elementary equalities between the two procedures until...Key idea : the unsatisfiability in T1 ∪ T2 can be explainedaccording to two kinds of explanations:

1 the explanation of entailed elementary equalities2 the explanation of the unsatisfiability in a component theory

To combine these explanations, the key idea is to use specializedsatisfiability procedures (called explanation engines ) with thecapability of generating explanation graphs in order to storeentailed equalities

Modular combination of explanation engines: idea

Sat. proc.T1 EG1

Sat. proc.T2EG2EG

Explanation engine for T1 Explanation engine for T2

Modular combination of explanation engines: formally

Explanation engine µEX (Ω,E) = (Ω′,E ′,G)...

Unsat=1 Ω1;∆V ; G; Ω2 `false(Ω′

1,E′1,G

ifµEX1(Ω1,Eq(G)) = (Ω′

1,E′1,G1) & Ω′

1 6= ∅G′ = Merge(G,G1)

Unsat6= Ω1;∆V ; G; Ω2 `false(x 6= y, x = y,G)if (x , y) ∈ CP(G) and x 6= y ∈ ∆V

Deduction1 Ω1;∆V ; G; Ω2 `Ω1;∆V ; G′; Ω2

µEX1(Ω1,Eq(G)) = (∅,E1,G1)G′ = Merge(G,G1)G′ 6= G

Modular combination of explanation engines:refinement

Sat. proc.T1

Sat. proc.T2EG

Second Contribution: “minimality” of conflict sets in combinedtheories

Quasi-conflict sets: informally

The tuple (ψ,E ,G) computed by the previous schema is such thatψ ∪ E is unsatifiable,ψ is a satisfiable subset of the input set, andE is a set of (entailed) elementary equalities explained in G

ψ ∪ E is not a conflict set of the input set ϕ since it may containliterals which are not in ϕ

However, it is easy to extract a “true” conflict set from ψ ∪ E sinceE is entailed by ϕ and the related explanations are encoded in theassociated explanation graph G

We define the tuple (ψ,E ,G) a quasi-conflict set and it ispossible to define an ordering on such tuples which allows us tointroduce the minimality of quasi-conflict sets

Quasi-conflict sets: informally

The tuple (ψ,E ,G) computed by the previous schema is such thatψ ∪ E is unsatifiable,ψ is a satisfiable subset of the input set, andE is a set of (entailed) elementary equalities explained in G

ψ ∪ E is not a conflict set of the input set ϕ since it may containliterals which are not in ϕ

However, it is easy to extract a “true” conflict set from ψ ∪ E sinceE is entailed by ϕ and the related explanations are encoded in theassociated explanation graph G

We define the tuple (ψ,E ,G) a quasi-conflict set and it ispossible to define an ordering on such tuples which allows us tointroduce the minimality of quasi-conflict sets

Quasi-conflict sets: basic properties

Property

If (ψ,E ,G) is a quasi-conflict set of the input set ϕ of literals, thenψ ∪ Lit(G) is a conflict set of ϕ.

Theorem

Let (ψ,E ,G) be a quasi-conflict set of ϕ such that ψ ∪ E is a minimalconflict set. If all edges of G|E are minimally explained then (ψ,E ,G|E)is a minimal quasi-conflict set of ϕ.

Summary

Discussion

Two contributions1 Modular computation of conflict sets in combinations of theories by

combining explanation engines (extension of the Nelson-Oppencombination schema)

2 Quasi-conflict sets as a characterization of the minimality that canbe obtained in practice when combining satisfiability procedures

Delayed Theory Combination [BBC +05] as an alternative to avoidthe computation of conflict sets in combinations of theories...

Summary

Discussion

Two contributions1 Modular computation of conflict sets in combinations of theories by

combining explanation engines (extension of the Nelson-Oppencombination schema)

2 Quasi-conflict sets as a characterization of the minimality that canbe obtained in practice when combining satisfiability procedures

Delayed Theory Combination [BBC +05] as an alternative to avoidthe computation of conflict sets in combinations of theories...

References

Marco Bozzano, Roberto Bruttomesso, Alessandro Cimatti,Tommi A. Junttila, Silvio Ranise, Peter van Rossum, and RobertoSebastiani.Efficient satisfiability modulo theories via delayed theorycombination.In Proc. of Computer Aided Verification, 17th InternationalConference, CAV 2005, Edinburgh, Scotland, UK, July 6-10, pages335–349, 2005.

Leonardo de Moura, Harald Rueß, and Natarajan Shankar.Justifying Equality.In Proc. of the Workshop of the Proceedings of the Pragmatics ofDecision Procedures for Automated Reasoning (PDPAR’04), 2004.

Pascal Fontaine.Techniques for Verification of Concurrent Systems with Invariants.PhD thesis, Université de Liège, 2004.

Greg Nelson and Derek C. Oppen.

References

Simplification by cooperating decision procedures.ACM Trans. on Progr. Lang. and Sys., 1(2):245–257, 1979.

Robert Nieuwenhuis and Albert Oliveras.Proof-Producing Congruence Closure.In Proc. of the 16th Int. Conf. on Rewriting Techniques andApplications (RTA), volume 3467 of LNCS, pages 453–468, 2005.

A. Stump and L.-Y. Tang.The Algebra of Equality Proofs.In Proc. of the 16th Int. Conf. on Rewriting Techniques andApplications (RTA), volume 3467 of LNCS, pages 469–483, 2005.

Producing Conflict Sets for Combinations of Theories

Documents

Transcript of Producing Conflict Sets for Combinations of Theories