Section: New Results

Automated and Interactive Theorem Proving

Participants : Gabor Alági, Haniel Barbosa, Jasmin Christian Blanchette, Martin Bromberger, Simon Cruanes, Mathias Fleury, Pascal Fontaine, Marek Košta, Stephan Merz, Martin Riener, Martin Strecker, Thomas Sturm, Marco Voigt, Uwe Waldmann, Daniel Wand, Christoph Weidenbach.

IsaFoL: Isabelle Formalization of Logic

Joint work with Heiko Becker (MPI-SWS Saarbrücken), Peter Lammich (TU München), Andrei Popescu (Middlesex University London), Anders Schlichtkrull (DTU Copenhagen), Dmitriy Traytel (ETH Zürich), and Jørgen Villadsen (DTU Copenhagen).

Researchers in automated reasoning spend a significant portion of their work time specifying logical calculi and proving metatheorems about them. These proofs are typically carried out with pen and paper, which is error-prone and can be tedious. As proof assistants are becoming easier to use, it makes sense to employ them.

In this spirit, we started an effort, called IsaFoL (Isabelle Formalization of Logic), that aims at developing libraries and methodology for formalizing modern research in the field, using the Isabelle/HOL proof assistant.(https://bitbucket.org/jasmin_blanchette/isafol/wiki/Home) Our initial emphasis is on established results about propositional and first-order logic. In particular, we are formalizing large parts of Weidenbach's forthcoming textbook, tentatively called Automated Reasoning—The Art of Generic Problem Solving.

The objective of formalization work is not to eliminate paper proofs, but to complement them with rich formal companions. Formalizations help catch mistakes, whether superficial or deep, in specifications and theorems; they make it easy to experiment with changes or variants of concepts; and they help clarify concepts left vague on paper.

The repository contains six completed entries and three entries that are still in development. Notably:

• Mathias Fleury formalized a SAT solver framework with learn, forget, restart, and incrementality and published the result at a leading conference, together with Jasmin Blanchette and Christoph Weidenbach [25].

• Anders Schlichtkrull, remotely co-supervised by Jasmin Blanchette, formalized unordered first-order resolution in Isabelle and presented the result at ITP 2016 [37].

• Together with an intern, Jasmin Blanchette, Uwe Waldmann, and Daniel Wand formalized a generalization for the recursive path order and the transfinite Knuth-Bendix order to higher-order terms without $\lambda$-abstractions. The result is published in the Isabelle Archive of Formal Proofs.

Combination of Satisfiability Procedures

Joint work with Christophe Ringeissen from the PESTO project-team at Inria Nancy – Grand Est, and Paula Chocron at IIIA-CSIC, Bellaterra, Catalonia, Spain.

A satisfiability problem is often expressed in a combination of theories, and a natural approach consists in solving the problem by combining the satisfiability procedures available for the component theories. This is the purpose of the combination method introduced by Nelson and Oppen. However, in its initial presentation, the Nelson-Oppen combination method requires the theories to be signature-disjoint and stably infinite (to ensure the existence of an infinite model). The design of a generic combination method for non-disjoint unions of theories is clearly a hard task, but it is worth exploring simple non-disjoint combinations that appear frequently in verification. An example is the case of shared sets, where sets are represented by unary predicates. Another example is the case of bridging functions between data structures and a target theory (e.g., a fragment of arithmetic).

In 2015, we defined [42] a sound and complete combination procedure à la Nelson-Oppen for the theory of absolutely free data structures (including lists and trees) connected to another theory via bridging functions. This combination procedure has also been refined for standard interpretations. The resulting theory has a nice politeness property, enabling combinations with arbitrary decidable theories of elements. We also investigated [43] other theories amenable to similar combinations: this class includes the theory of equality, the theory of absolutely free data structures, and all the theories in between.

More recently, we have been improving the framework and unified both results. A new paper is in preparation.

Quantifier handling in SMT

Joint work with Andrew J. Reynolds, Univ. of Iowa, USA.

SMT solvers generally rely on various instantiation techniques to handle quantifiers. We are building a unifying framework for handling quantified formulas with equality and uninterpreted functions, such that the major instantiation techniques in SMT solving can be cast in that framework. It is based on the problem of $E$-ground (dis)unification, a variation of the classic Rigid E-unification problem. We introduced a sound and complete calculus to solve this problem in practice: Congruence Closure with Free Variables (CCFV). Experimental evaluations of implementations of CCFV in the state-of-the-art solver CVC4 and in the solver veriT exhibit improvements in the former and makes the latter competitive with state-of-the-art solvers in several benchmark libraries stemming from verification efforts. A publication is in preparation.

Non-linear arithmetic in SMT

In the context of the SMArT ANR-DFG (Satisfiability Modulo Arithmetic Theories) and KANASA projects (cf. sections 9.1 and 9.3), we study the theory, design techniques, and implement software to push forward the non-linear arithmetic (NLA) reasoning capabilities in SMT. This year, we designed a framework to combine interval constraint propagation with other decision procedures for NLA, with promising results. We are also currently studying integration of these procedures into combinations of theories. The ideas are validated within the veriT solver, together with code from the raSAT solver (from JAIST). An article is in preparation.

Encoding Set-Theoretic Formulas in First-Order Logic

Proof obligations that arise during the verification of high-level specifications of algorithms in languages such as (Event-)B and TLA⁺ mix theories corresponding to sets, functions, arithmetic, tuples, and records. Finding encodings of such formulas in the input languages of automatic first-order provers (superposition-based provers or SMT solvers, which are based on multi-sorted first-order logic) is paramount for obtaining satisfactory levels of automation. We describe a method, based on a combination of injection of unsorted expressions into sorted languages, simplification by rewriting, and abstraction, that is the kernel of the SMT backend of the TLA⁺ proof system (section 6.4). A paper describing our technique was presented at ABZ 2016 [31] and an extension of that article was invited for a special issue of Science of Computer Programming.

During the internship of Matthieu Lequesne, we experimented with an adaptation of the technique for constructing models of formulas in set theory, which could be useful for understanding why proof attempts fail. A prototype generating input for the Nunchaku model finder (section 6.1) allowed us to validate the idea for a core sublanguage of TLA⁺.

Modal and Description Logics for Graph Transformations

Graph transformations are a research topic that is interesting in its own right, but with many possible applications ranging from the modification of pointer structures in imperative programs, through model transformations in model-driven engineering, to schema-preserving transformations of graph databases. Our particular focus is on verifying these transformations.

Modal logics and variants (such as description logics that are the basis for the web ontology language OWL) have turned out to be suitable specification formalisms because graph structures can typically be perceived as models of modal logics, but these logics suffer from some weaknesses when reasoning about transformations. The first aim of our work was therefore to identify and define sufficiently expressive modal logics, while retaining their pleasant properties, in particular decidability [30].

Our next aim is to implement practically useful proof methods. We have first concentrated on the more natural tableau proofs, with a verification of meta-theoretic properties of the calculi (such as termination) in the Isabelle proof assistant. We now turn to an investigation of encodings as satisfiability problems that can be handled with SAT and SMT solvers, with the hope to achieve a better performance.

Standard Models with Virtual Substitution

Joint work with A. Dolzmann from Leibniz-Zentrum für Informatik in Saarbrücken, Germany.

Extended quantifier elimination for the reals using virtual substitution methods have been successfully applied to various problems in science and engineering. Recently they have attracted attention also as theory solvers within SMT. Such solvers typically ask also for models in the satisfiable case. Models obtained with virtual substitution are in general obtained in certain non-archimedian extension fields of the reals with a corresponding expanded signature. Consequently, the obtained values for the variables include non-standard symbols such as positive infinitesimals and infinite values.

We introduce a complete post-processing procedure to convert our models, for fixed values of parameters, into real models [15]. We furthermore demonstrate the successful application of an implementation of our method within Redlog to a number of extended quantifier elimination problems from the scientific literature including computational geometry, motion planning, bifurcation analysis for models of genetic circuits and for mass action, and sizing of electrical networks. This solves a long-standing problem with the virtual substitution method, which had been explicitly criticized in the scientific literature.

Decidability of Fragments of Free First-Order Logic

We introduce a new decidable fragment of first-order logic with equality, the Separated Fragment (SF). It strictly generalizes two already well-known decidable fragments of first-order logic: the Bernays-Schönfinkel-Ramsey (BSR) Fragment and the Monadic Fragment. The defining principle is that universally and existentially quantified variables may not occur together in atoms. Thus, our classification neither rests on restrictions of quantifier prefixes (as in the BSR case) nor on restrictions on the arity of predicate symbols (as in the monadic case).

We show that SF exhibits the finite model property and derive a non-elementary upper bound on the computing time required for deciding satisfiability of SF sentences. For the subfragment of prenex sentences with the quantifier prefix ${\exists }^{*}{\forall }^{*}{\exists }^{*}$ the satisfiability problem is shown to be NEXPTIME-complete. Furthermore, we discuss how automated reasoning procedures can take advantage of our results [34].

Continuing the work presented in the initial publication, we further investigated the computational complexity of SF satisfiability. It nicely scales across the nondeterministic standard complexity classes, depending on joint occurrences of existentially quantified variables from ${\exists }^{*}$-blocks that are separated by nonempty ${\forall }^{+}$-blocks.

In another line of work, we relaxed the definition of SF, leading to an even larger fragment for which satisfiability is still decidable. In this fragment, variables of ${\exists }^{*}$-blocks and ${\forall }^{+}$-blocks may occur together in some atom if the respective quantifiers obey a certain order.

Ordered resolution with dismatching constraints

The identification and algorithmic exploration of decidable logic fragments is key to the automation of logics and to obtaining push-button verification technologies. We extend a well-known decidable fragment, linear monadic shallow Horn theories, with straight dismatching constraints, preserving decidability. Furthermore, we show that the restriction to Horn clauses is not needed. The fragment has various applications in security, automata theory and theorem proving [35].

Undecidable combinations of first-order logic with background theories

We show that the universal fragment of Presburger arithmetic augmented with a single uninterpreted predicate (or function) symbol is already undecidable. The result has immediate consequences for verification techniques that combine uninterpreted functions or predicate symbols with (fragments of) Presburger arithmetic. For example, data structures such as arrays can be viewed as a collection of uninterpreted functions that obey certain axioms.

Our result is a sharpening of previously known results. In particular, undecidability holds for a fragment with purely universal quantification: no quantifier alternation is necessary. While in this case the set of unsatisfiable sentences is still recursively enumerable, and in fact hierarchic superposition constitutes a semi-decision procedure, allowing for one quantifier alternation ($\exists \forall$ or $\forall \exists$) leads to a fragment in which neither the satisfiable sentences nor the unsatisfiable ones form a recursively-enumerable set. Hence, there cannot be any refutationally complete calculus for such a combined theory.

Novel techniques for linear arithmetic constraint solving

In [26], [27], we investigate new techniques for linear arithmetic constraint solving. They are based on the linear cube transformation, which allows us to efficiently determine whether a system of linear arithmetic constraints contains a hypercube of a given edge length.

Our first findings based on this transformation are two sound tests that find integer solutions for linear arithmetic constraints. While many complete methods search along the problem surface for a solution, these tests use cubes to explore the interior of the problems. The tests are especially efficient for constraints with a large number of integer solutions, e.g., those with infinite lattice width. Inside the SMT-LIB benchmarks, we have found almost one thousand problem instances with infinite lattice width. Experimental results confirm that our tests are superior on these instances compared to several state-of-the-art SMT solvers.

We also discovered that the linear cube transformation can be used to investigate the equalities implied by a system of linear arithmetic constraints. For this purpose, we developed a method that computes a basis for all implied equalities, i.e., a finite representation of all equalities implied by the linear arithmetic constraints. The equality basis can be used to decide whether a system of linear arithmetic constraints implies a given equality.