![Page 1: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/1.jpg)
E-Matching and the Hypertableau Rule in theTheorem Prover Princess
Philipp Rü[email protected]
Wintermeeting of the SET DivisionJanuary 13th 2009
1 / 10
![Page 2: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/2.jpg)
Outline
The theorem prover PrincessE-MatchingHypertableaux
How to simulate e-matching using hypertableaux
2 / 10
![Page 3: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/3.jpg)
1. The Princess theorem prover
Prover for first-order logic with linear integer arithmetic:Tailored to program verificationComplete for first-order logic, Presburger arithmetic, etc.
Classical sequent calculus, non-clausalNo uninterpreted functions→ relational encodingFree variables + unification + constraints
Γ,∀x̄ .φ, [x̄/X̄ ]φ ` ∆
Γ,∀x̄ .φ ` ∆
More information, implementation, paper:http://www.cse.chalmers.se/~philipp/princess/
3 / 10
![Page 4: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/4.jpg)
1. The Princess theorem prover
Prover for first-order logic with linear integer arithmetic:Tailored to program verificationComplete for first-order logic, Presburger arithmetic, etc.
Classical sequent calculus, non-clausalNo uninterpreted functions→ relational encodingFree variables + unification + constraints
Γ,∀x̄ .φ, [x̄/X̄ ]φ ` ∆
Γ, ∀x̄ .φ ` ∆
More information, implementation, paper:http://www.cse.chalmers.se/~philipp/princess/
3 / 10
![Page 5: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/5.jpg)
2. E-Matching
Standard quantifier handling in SMT solvers:Matching of “triggers” (modulo equations):
Γ,∀x̄ .φ[t [x̄ ]], [x̄/s̄]φ[t [x̄ ]] ` ψ[t [s̄]],∆
Γ,∀x̄ .φ[t [x̄ ]] ` ψ[t [s̄]],∆
Triggers t [x̄ ] are often provided by user
\forall int a, i, v;select(store(a, i, v), i) = v
\forall int a, i1, i2, v;(i1 != i2 ->select(store(a, i1, v), i2) = select(a, i2))
4 / 10
![Page 6: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/6.jpg)
2. E-Matching
Standard quantifier handling in SMT solvers:Matching of “triggers” (modulo equations):
Γ,∀x̄ .φ[t [x̄ ]], [x̄/s̄]φ[t [x̄ ]] ` ψ[t [s̄]],∆
Γ,∀x̄ .φ[t [x̄ ]] ` ψ[t [s̄]],∆
Triggers t [x̄ ] are often provided by user
\forall int a, i, v;select(store(a, i, v), i) = v
\forall int a, i1, i2, v;(i1 != i2 ->select(store(a, i1, v), i2) = select(a, i2))
4 / 10
![Page 7: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/7.jpg)
2. E-Matching
Standard quantifier handling in SMT solvers:Matching of “triggers” (modulo equations):
Γ,∀x̄ .φ[t [x̄ ]], [x̄/s̄]φ[t [x̄ ]] ` ψ[t [s̄]],∆
Γ,∀x̄ .φ[t [x̄ ]] ` ψ[t [s̄]],∆
Triggers t [x̄ ] are often provided by user
\forall int a, i, v;select(store(a, i, v), i) = v
\forall int a, i1, i2, v;(i1 != i2 ->select(store(a, i1, v), i2) = select(a, i2))
4 / 10
![Page 8: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/8.jpg)
Comparison
E-Matching Free variables + unification
Heuristic→ incomplete Systematic
Good for “simple” instances Can find “difficult” instances
Quite cheap Quite expensive→ Very nondeterministic
⇒ Combination?
5 / 10
![Page 9: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/9.jpg)
Comparison
E-Matching Free variables + unification
Heuristic→ incomplete Systematic
Good for “simple” instances Can find “difficult” instances
Quite cheap Quite expensive→ Very nondeterministic
⇒ Combination?
5 / 10
![Page 10: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/10.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `
. . . ,p(X ) `
∀x .p(x), ∀x .(p(x)→ q(x) ∨ r(x + 1)
),∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 11: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/11.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `
. . . ,p(X ) `
∀x .p(x), ∀x .(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 12: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/12.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `
. . . ,p(X ) `
∀x .p(x), ∀x .(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 13: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/13.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 14: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/14.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 15: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/15.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `
q(X ) ∨ r(X + 1) `. . . ,p(X ) `
∀x .p(x), ∀x .(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 16: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/16.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 17: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/17.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 18: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/18.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 19: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/19.jpg)
3. Hypertableaux (aka “Model Generation”)
Derive models of clause sets by fixed-point iteration:Clauses without negative literals:⇒ Instantiate with free variablesClauses with negative literals:⇒ Discharge negative literals with unit resolution
q(X ) `
∗false `
r(X + 1) `q(X ) ∨ r(X + 1) `
. . . ,p(X ) `∀x .p(x), ∀x .
(p(x)→ q(x) ∨ r(x + 1)
), ∀x .¬r(x) `
Completeness (Conjecture)If Γ ` ∆ is provable in the ordinary Princess calculus, then it isalso provable with the Hypertableau rule.
6 / 10
![Page 20: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/20.jpg)
Relational encoding of functions
n-ary function f becomes (n + 1)-ary predicate fp:Axioms: Totality + Functionality
∀x̄ .∃y . fp(x̄ , y)
∀x̄ , y1, y2. (fp(x̄ , y1)→ fp(x̄ , y2)→ y1.
= y2)
Two equivalent ways to encode function applications:
φ[f (̄t)] ∀y .(fp (̄t , y)→ φ[y ]) (negative) ∃y .(fp (̄t , y) ∧ φ[y ]) (positive)
All function applications become literals
7 / 10
![Page 21: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/21.jpg)
E-Matching using the Hypertableau rule
∀x̄ .φ[t [x̄ ]]
negative function positive encodingencoding for t [x̄ ] for other
function appl.
E-Matching (almost) like in SMT-solversBut: Choice of triggers has no effect on completeness!
Example:
∀x . f (x) ≥ 0
∀x , y .(fp(x , y)→ y ≥ 0
)∀x .∃y .
(fp(x , y) ∧ y ≥ 0
)
8 / 10
![Page 22: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/22.jpg)
E-Matching using the Hypertableau rule
∀x̄ .φ[t [x̄ ]]
negative function positive encodingencoding for t [x̄ ] for other
function appl.
E-Matching (almost) like in SMT-solversBut: Choice of triggers has no effect on completeness!
Example:
∀x . f (x) ≥ 0
∀x , y .(fp(x , y)→ y ≥ 0
)∀x .∃y .
(fp(x , y) ∧ y ≥ 0
)8 / 10
![Page 23: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/23.jpg)
Conclusion
Relational function encoding + hypertableau = E-MatchingImplementation in progress . . .E-Matching made respectable?
Future work, open questions:Formal completeness proof for Princess hypertableau ruleWhen to use e-matching, when to use free variables?Relational encoding vs. native functionsPartial functions vs. total functions
9 / 10
![Page 24: E-Matching and the Hypertableau Rule in the Theorem Prover ... · 1. The Princess theorem prover Prover for first-order logic with linear integer arithmetic: Tailored to program](https://reader036.vdocuments.net/reader036/viewer/2022070113/605cf76f1a4f00339a160add/html5/thumbnails/24.jpg)
Thanks for your attention!
10 / 10