[PPT] - Matrix-based Inductive Theorem Proving Christoph Kreitz Department PowerPoint Presentation

SLIDE 1

Matrix-based Inductive Theorem Proving

Christoph Kreitz

Department of Computer Science, Cornell University, Ithaca, NY 14853

Brigitte Pientka

Department of Computer Science, Carnegie Mellon University, Pittsburgh, PA 15213

SLIDE 2

Matrix-based Inductive Theorem Proving 1 Introduction

Automated Induction Theorem Proving Necessary for Program Verification & Synthesis

Logical Proof Search Rippling Techniques + Focus on closing atomic goals + Focus on matching induction hypothesis with induction conclusion + Well-understood + Annotated rewriting + Efficient for first-order logic + Termination guarantees – Unification too weak for induction – Encodes logical inference as wave-rules – No rewriting incorporated – Matches whole hypothesis with complete conclusion

⇓ Integrate Rippling into Logical Proof Search

SLIDE 3

Matrix-Based Inductive Theorem Proving 2 Combining Proof Search with Rippling

Combining Proof Search with Rippling Use Matrix Methods for Proof Search

– Fully automated for classical and constructive first-order logic – Compact representation of sequent/tableaux proof search – Emphasis on complementary connections instead of logical connectives

I. Extend Unification by Rippling-based Rewriting

❀ Complementarity with respect to a theory T

II. Exploit Inductive Properties during Proof Search

❀ Orthogonal matrices and connections

III. Integrate Conditional Substitutions

❀ Complementarity under a constraint

⇓ Matrix-based Inductive Theorem Proving

SLIDE 4

Matrix-based Inductive Theorem Proving 3 Matrix Methods

Matrix-Methods: Representation of Formulae

∧ T α

a2

Label Polarity (T, F) Type (α, β, γ, δ) Position

✻ ■ ✛ ✛

⇒ F α a0 ∃

Tyh δ

a1

∧ T α

a2 ¬

T α

a3 x<Fy2

h a4

x<

T(yh+1)2 a5

∃FYc γ a6

∧F β

a7 ¬F α a8 x+1<

TY 2 c a9

x+1<F(Yc+1)2 a10

∃y ¬(x<y2) ∧ x<(y+1)2 ⇒ ∃y ¬(x+1<y2) ∧ x+1<(y+1)2

Formula Tree

– Syntax tree augmented with positions, labels, polarities, and tableaux types

Matrix

– α-related positions side by side – β-related positions on top of each other – γ, δ positions ❀ variables / constants

x<Fy2

h

x<

T(yh+1)2

x+1<

TY 2 c

x+1<F(Yc+1)2

SLIDE 5

Matrix-based Inductive Theorem Proving 4 Matrix Methods

Matrix Characterization of Logical Validity A formula F is valid iff every path through a matrix-representation of some F µ is σ-complementary

Multiplicity µ

– Number of distinct instances of γ-formulae used in proof

Substitution σ

– Admissible mapping from γ-positions to terms

Connection {u, v}

– Pair of atomic positions, same predicate symbol, different polarities – σ-complementary if σ(A) = σ( ¯ A),

where A = label(u), ¯ A = label(v)

– Additional prefix unification required for constructive logics

Path P

– Maximal set of mutually α-related atomic positions – σ-complementary if P contains a σ-complementary connection

SLIDE 6

Matrix-based Inductive Theorem Proving 5 Matrix Methods

Matrix Proof: Integer Square Root Specification

∃y ¬(x<y2) ∧ x<(y+1)2 ⇒ ∃y ¬(x+1<y2) ∧ x+1<(y+1)2

Add Lemmata : ∀z∀t t+1<z ⇒ t<z ∀s∀r s<r2 ⇒ s+1<(r+1)2 Add Case Split: ∀u∀v v<u ∨ ¬(v<u) Increase Multiplicity of Yc Matrix proof

x<Fy2

h

T<

TZ

T+1<FZ x+1<

TY 2 c1

x+1<F(Yc1+1)2 V <FU V <

TU

x+1<

TY 2 c2

x+1<F(Yc2+1)2 S+1<

T(R+1)2

S<FR2 x<

T(yh+1)2

σ = {Z\y2

h, T\x, Yc1\yh, V \x+1, U\(yh+1)2, Yc2\yh+1, S\x, R\yh}

All 32 paths covered by six complementary connections

SLIDE 7

Matrix-based Inductive Theorem Proving 6 Extensions of Matrix Methods

Extension I: Complementarity with respect to T

Extend Unification by Rippling-based Rewriting

Theory implication ⇒ T

– Implication that is valid in the theory T

Directed σ-complementary connection (u

T, vF) – σ(A)=σ( ¯ A) or σ(A) ⇒T σ( ¯ A)

where A=label(u) and ¯ A=label(v)

Unary σ-complementary connection u

T or vF – σ(A) ⇒T False

where A=label(u)

– True ⇒T σ( ¯ A)

where ¯ A=label(v)

⇓

A formula F is valid iff every path through a matrix-representation

f some F µ is σ-complementary with respect to a theory T

SLIDE 8

Matrix-based Inductive Theorem Proving 7 Extensions of Matrix Methods

Extended Match based on Rippling

Arithmetical Implication A ⇒A ¯

A

– A ⇒ ¯ A provable by arithmetic decision procedure, or – There is a rippling sequence ¯ A

R

− → . . .

R

− → A with arithmetical wave rules

Rippling / Reverse Rippling Heuristic

– Given (A, ¯ A) find a rippling sequence R and a substitution σ such that

rippling reverse rippling

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

✯

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

❨

σ( ¯ A)

R

− → C0

R

− → . . .

R

− → Ck

R

− → Ck+1

R

− → . . .

R

− → Cn

R

− → σ(A) where σj(Ck+1) ⇒ σj(Ck) for some σj – Rippling forward from ¯ A – Reverse rippling from A – Rippling-distance strategy – Partial match ❀ candidate σj – Arithmetic decision procedure + equality check proves σj(Ck+1) ⇒ σj(Ck)

SLIDE 9

Matrix-based Inductive Theorem Proving 8 Extensions of Matrix Methods

Extension II: Orthogonal Connections

Exploit Inductive Structure during Proof Search

Orthogonal Formula F ≡ H ⇒ C

– C = H[x\ρ(x)] (or H = C[x\ρ(x)]) for some substitution ρ

Orthogonal connection (u

T, vF) in F – (u

T, vF) is a directed connection

– u ∈H and v ∈C have the same relative position

⇓ An orthogonal formula F is constructively valid if all orthogonal connections in F are complementary under some term substitution σ

SLIDE 10

Matrix-based Inductive Theorem Proving 9 Extensions of Matrix Methods

Extensions III: Constraints

F valid iff there is a complete set of constraints {c1,..,cn} such that F complementary under each ci

{c1, .., cn} complete

– c1∨.. ∨cn valid for all instances of free variables

F complementary under cj

– Every path through F and cj is complementary If all orthogonal connections in F are complementary under an atomic constraint cj then F is complementary under (c1 ∧.. ∧ck)

(u, v) complementary under cj

– (u, v) or cj and either u or v form a complementary connection

⇓

Turn non-complementary connections into constraints (c1 ∧.. ∧ck) Prove complementary of F under each ¬cj

SLIDE 11

Matrix-based Inductive Theorem Proving 10 Extensions of Matrix Methods

Example – Integer Square Root (Input Induction)

x<Fy2

h

x<

T(yh+1)2

x+1<

TY 2 c

x+1<F(Yc+1)2 x+1<F(U+1)2 x+1<

T(U+1)2 1b 1a 2a 2b

First subproof using orthogonality:

1a Rippling heuristic applied to first connection ❀ σ1={Yc\yh+1} 1b Second connection not complementary ❀ constraint x+1<(yh+1)2

Second subproof under constraint c2 = x+1<

T(yh+1)2

2a Connecting c2 ❀ substitution σ2={Yc\yh} 2b Instantiated second connection is complementary

SLIDE 12

Matrix-based Inductive Theorem Proving 11 Proof Method

Matrix-based Inductive Proof Method

1. Decompose F by constructing its matrix representation

– γ-variables become meta-variables, δ-variables become constants

2. Check complementarity of orthogonal connections

– Unification, decision procedure, or rippling – Generate constraints if complementarity test fails ❀ Minimal set of constraints {c1, .., ck} ❀ Substitution σ1 ❀ Proof (c1 ∧.. ∧ck) ⇒ F

3. Prove complementarity of F under the constraints ¬cj
4. Generate sequent proof and extract algorithm

⇓

Efficient Path-checking with Extended Rippling Heuristic

SLIDE 13

Matrix-based Inductive Theorem Proving 12 Proof Method

Integer Square Root (Output Induction) – 1. Case

F 1 ≡ ∀x, y. x−y<k−1 ∧ y2≤x ∧ 0≤y ⇒ ∃n. y≤n ∧ n2≤x ∧ x<(n+1)2 ⇒ ∀x, y. x−y<k

∧ y2≤x ∧ 0≤y ⇒ ∃n. y≤n ∧ n2≤x ∧ x<(n+1)2

X−Y <Fk−1 X<

TY 2

Y <

T0

n<FY X<Fn2 X<

T(n+1)2

x−y<

Tk

x<Fy2 y<F0 N<

Ty

x<

TN 2

x<F(N+1)2

1b 1a 1c 1d 1e 1f 1a Rippling heuristic ❀ σ = {X\x, Y \y+1} 1b x<(y+1)2 ⇒A x<y2

❀ Constraint U <F(V +1)2, σc = {U\x, V \y}

1c Arithmetical decision procedure. 1d Unification

❀ σ = {X\x, Y \y+1, N\n, U\x, V \y}

1e Terms are equal. 1f Arithmetical decision procedure.

SLIDE 14

Matrix-based Inductive Theorem Proving 13 Proof Method

Integer Square Root (Output Induction) – 2. Case

X−Y <Fk−1 X<

TY 2

Y <

T0

n<FY X<Fn2 X<

T(n+1)2

x−y<

Tk

x<Fy2 y<F0 N<

Ty

x<

TN 2

x<F(N+1)2 U<

T(V +1)2

2a

2b 2c 2a Unification ❀ σ = {N\y} 2b Complementary connection 2c Arithmetic decision procedure

SLIDE 15

Matrix-based Inductive Theorem Proving 14 Proof Method

Integer Square Root Proofs: Extracted Algorithms

Output Induction: O(√x)

fun sqrt x = let fun aux x y = if x < (y+1)ˆ2 then y else aux x (y+1) in aux x 0 end

Input Induction: O(x)

fun sqrt x = if x=0 then 0 else let val y = sqrt (x-1) in if x < (y+1)ˆ2 then y else y+1 end

Binary Input Induction would lead to O(log2x)