Extensional Crisis and Proving Identity Ashutosh Gupta Laura Kovcs - PowerPoint PPT Presentation

Extensional Crisis and Proving Identity Ashutosh Gupta Laura Kovács Bernhard Kragl Andrei Voronkov

Theories + Quantifiers • Applications require theories and quantifiers • Example: verification of sorting algorithm – Sortedness ∀𝑗∀𝑘 𝑗 ≤ 𝑘 → 𝑃𝑉𝑈 𝑗 ≤ 𝑃𝑉𝑈 𝑘 – Value preservation ∀𝑗∃𝑘 𝐽𝑂 𝑗 = 𝑃𝑉𝑈 𝑘 ∀𝑗∃𝑘 𝑃𝑉𝑈 𝑗 = 𝐽𝑂 𝑘 • Major challenge in automated reasoning

Efforts to combine both techniques: E- matching [DNS,J.ACM’05][R,LPAR’12] Hierarchic Superposition [ BGW,AAECC‘94][BW,CADE‘13] Array fragments [BMS,VMCAI’06][HIV,FoSSaCS’08] Instantiation- based TP [GK,LICS’03][GK,LPAR’06] Model based quantifier instantiation [GdM,CAV’09] …

Efforts to combine both techniques: E- matching [DNS,J.ACM’05][R,LPAR’12] Hierarchic Superposition [ BGW,AAECC‘94][BW,CADE‘13] Array fragments [BMS,VMCAI’06][HIV,FoSSaCS’08] Instantiation- based TP [GK,LICS’03][GK,LPAR’06] Model based quantifier instantiation [GdM,CAV’09] …

Contribution 1. Observation: state-of-the-art theorem provers can not handle problems with extensionality axioms 2. Solution: new inference rule extensionality resolution 3. Implementation in the Vampire theorem prover

First-Order Theorem Proving Questions Input Output 𝐵 ⊨ 𝐶 Proof Theorem Set of 𝐵 → 𝐶 valid (of unsat) clauses Prover 𝐵 ∧ ¬𝐶 unsat

Superposition Theorem Proving Superposition calculus + Saturation Algorithm input clauses

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 1. pick clause input clauses

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 1. pick clause input clauses search space 2. find candidates

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 1. pick clause input clauses search space 2. find candidates 3. perform inferences

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 1. pick clause input clauses search space 2. find candidates 3. perform inferences

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 1. pick clause P(X) ∨ Q(X) input clauses search space 2. find candidates ¬P(a) ∨ f(b) = b 3. perform inferences Q(a) ∨ f(b) = b

Superposition Theorem Proving Superposition calculus + Saturation Algorithm input clauses search space

Superposition Theorem Proving Superposition calculus + Saturation Algorithm input clauses search space 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm input clauses search space 2. find candidates 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 3. perform inferences input clauses search space 2. find candidates 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 3. perform inferences input clauses search space 2. find candidates false 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 3. perform inferences input clauses search space 2. find candidates 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm 3. perform inferences input clauses search space 2. find candidates 1. pick clause

Superposition Theorem Proving Superposition calculus + Saturation Algorithm

Superposition Theorem Proving Superposition calculus + Saturation Algorithm Memory

ATP Research

How to organize proof search?

How to organize proof search? Intuition “Generally” pick “small” clauses, select only “most complex” literals in picked clause and candidate clauses, and “simplify” them.

How to organize proof search? Intuition Formal concepts “Generally” Fair inference process pick “small” clauses, Simplification ordering (e.g. KBO) select only “most complex” Literal selection literals in picked clause and candidate clauses, and “simplify” them. Constraints on inference rules

How to organize proof search? Intuition Formal concepts “Generally” Fair inference process pick “small” clauses, Simplification ordering (e.g. KBO) select only “most complex” Literal selection literals in picked clause and candidate clauses, and “simplify” them. Constraints on inference rules Not always optimal, e.g. for theories with extensionality!

Extensionality • An extensionality axiom defines the meaning of equality for certain objects • Examples – Set Extensionality Axiom ∀𝑌∀𝑍 ∀𝑓 𝑓 ∈ 𝑌 ↔ 𝑓 ∈ 𝑍 → 𝑌 = 𝑍 – Array Extensionality Axiom ∀𝑌∀𝑍 ∀𝑗 𝑌 𝑗 = 𝑍[𝑗] → 𝑌 = 𝑍

Reasoning with Extensionality Prove: ∀𝑌∀𝑍 (𝑌 ∪ 𝑍 = 𝑍 ∪ 𝑌) Take two arbitrary sets 𝑏 and 𝑐 . By extensionality, show for arbitrary element 𝑓 : 𝑓 ∈ 𝑏 ∪ 𝑐 ↔ 𝑓 ∈ 𝑐 ∪ 𝑏 • Assume 𝑓 ∈ 𝑏 ∪ 𝑐 , then 𝑓 ∈ 𝑏 or 𝑓 ∈ 𝑐 , (def. of ∪ ) and in both cases 𝑓 ∈ 𝑐 ∪ 𝑏. (commut . of “or”) (def. of ∪ ) • Assume 𝑓 ∈ 𝑐 ∪ 𝑏 ; symmetric. Almost trivial, but …

Extensional Crisis … hard for FO theorem provers. Top provers from CASC-24 competition last year: 𝑌 ∪ 𝑍 = 𝑍 ∪ 𝑌 all tools timeout (1 minute) 𝑌 ∩ 𝑍 ⊆ 𝑎 ⊆ 𝑌 ∪ 𝑍 → 𝑌 ∪ 𝑍 ∩ 𝑌 ∪ 𝑎 = 𝑍 ∪ 𝑎 all tools timeout (1 hour)

Why do all top provers fail?

Why do all top provers fail? Extensionality axioms as clauses Array: ∀𝑌∀𝑍 ∀𝑗 𝑌 𝑗 = 𝑍[𝑗] → 𝑌 = 𝑍 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Clause form

Why do all top provers fail? Extensionality axioms as clauses Array: ∀𝑌∀𝑍 ∀𝑗 𝑌 𝑗 = 𝑍[𝑗] → 𝑌 = 𝑍 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Clause form Set: ∀𝑌∀𝑍 ∀𝑓 𝑓 ∈ 𝑌 ↔ 𝑓 ∈ 𝑍 → 𝑌 = 𝑍 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧

Why do all top provers fail? • Extensionality axioms as clauses 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Array: Set: 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧

Why do all top provers fail? • Extensionality axioms as clauses 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Array: Set: 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧

Why do all top provers fail? • Extensionality axioms as clauses 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Array: Set: 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧 • 𝑦 = 𝑧 is always the smallest literal  will not be selected

Why do all top provers fail? • Extensionality axioms as clauses 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Array: Set: 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧 • 𝑦 = 𝑧 is always the smallest literal  will not be selected • Prover searches in the wrong direction

Why do all top provers fail? Just select 𝑦 = 𝑧 !?! • Extensionality axioms as clauses 𝑦 𝑕 𝑦, 𝑧 ≠ 𝑧 𝑕 𝑦, 𝑧 ∨ 𝑦 = 𝑧 Array: Set: 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 ∨ 𝑦 = 𝑧 • 𝑦 = 𝑧 is always the smallest literal  will not be selected • Prover searches in the wrong direction

OUR SOLUTION Extensionality resolution inference rule Extensionality axiom Selected inequality

OUR SOLUTION Extensionality resolution inference rule Extensionality axiom Selected inequality 𝜄 = {𝑦 ↦ 𝑡, 𝑧 ↦ 𝑢}

OUR SOLUTION Extensionality resolution inference rule Extensionality axiom Selected inequality 𝜄 = {𝑦 ↦ 𝑡, 𝑧 ↦ 𝑢} Example: 𝑦 = 𝑧 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑦 ∨ 𝑔 𝑦, 𝑧 ∉ 𝑧 𝑏 ∪ 𝑐 ≠ 𝑐 ∪ 𝑏 𝑔 𝑏 ∪ 𝑐, 𝑐 ∪ 𝑏 ∉ 𝑏 ∪ 𝑐 ∨ 𝑔 𝑏 ∪ 𝑐, 𝑐 ∪ 𝑏 ∉ 𝑐 ∪ 𝑏

Integration into saturation algorithms Extensionality resolution Super- Reso- . . . . . . position lution Search space

Integration into saturation algorithms Extensionality resolution Super- Reso- . . . . . . Selected position lution Extensionality inequality store store Search space Selected Extensionality inequality axiom? literal?

Integration into saturation algorithms Extensionality resolution Super- Reso- . . . . . . Selected position lution Extensionality inequality store store Search space Selected Extensionality inequality axiom? literal?

Integration into saturation algorithms Extensionality resolution Super- Reso- . . . . . . Selected position lution Extensionality inequality store store Search space Selected Extensionality inequality axiom? literal?