On deciding satisfiability by DPLL(+T) and unsound theorem...
Transcript of On deciding satisfiability by DPLL(+T) and unsound theorem...
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
On deciding satisfiability by DPLL(Γ+T ) andunsound theorem proving
Maria Paola Bonacina1
Dipartimento di Informatica
Universita degli Studi di Verona
Verona, Italy
August 4, 2009
1Joint work with Chris Lynch (Department of Mathematics and ComputerScience, Clarkson University, NY, USA) and Leonardo de Moura (MicrosoftResearch, Redmond, WA, USA)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Motivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision procedures
DPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systems
Discussion
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Problem statement
◮ Decide satisfiability of first-order formulægenerated by SW verification tools
◮ Satisfiability w.r.t. background theories
(e.g., linear arithmetic, bitvectors)
◮ With quantifiers to write, e.g.,◮ frame conditions over loops◮ auxiliary invariants over heaps◮ axioms of type systems and◮ application-specific theories without decision procedure
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Shape of problem
◮ Background theory T◮ T =
⋃n
i=1 Ti , e.g., linear arithmetic, bit-vectors
◮ Set of formulæ: R∪ P◮ R: set of non-ground clauses without T -symbols◮ P : large ground formula (set of ground clauses)
may contain T -symbols
◮ Determine whether R∪ P is satisfiable modulo T(Equivalently: determine whether T ∪ R ∪ P is satisfiable)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Tools
◮ Davis-Putnam-Logemann-Loveland (DPLL) procedure for SAT
◮ Ti -solvers: Satisfiability procedures for the Ti ’s
◮ DPLL(T )-based SMT-solver: Decision procedure for T withNelson-Oppen combination of the Ti -sat procedures
◮ First-order engine Γ to handle R (additional theory):Resolution+Rewriting+Superposition: Superposition-based
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Combining strengths of different tools
◮ DPLL: SAT-problems; large non-Horn clauses
◮ Theory solvers: linear arithmetic, bitvectors
◮ DPLL(T )-based SMT-solver: efficient, scalable, integratedtheory reasoning
◮ Superposition-based inference system Γ:◮ equalities, Horn clauses, universal quantifiers◮ known to be a sat-procedure for several theories of data
structures
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
How to get decision procedures?
◮ During SW development conjectures are usually false due tomistakes in implementation or specification
◮ Need theorem prover that terminates on satisfiable inputs
◮ Not possible in general:◮ FOL is only semi-decidable◮ First-order formulæ of linear arithmetic with uninterpreted
functions: not even semi-decidable
However we need less than a general solution.
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Problematic axioms do occur in relevant inputs
⊑: subtype relationf : type constructor (e.g., Array-of)
◮ Transitivity
¬(x ⊑ y) ∨ ¬(y ⊑ z) ∨ x ⊑ z
◮ Monotonicity
¬(x ⊑ y) ∨ f (x) ⊑ f (y)
Resolution generates unbounded number of clauses(even with negative selection)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
In practice we need finitely many
Example:
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b generate
3. {f i (a) ⊑ f i(b)}i≥0
In practice f (a) ⊑ f (b) or f 2(a) ⊑ f 2(b) often suffice to showsatisfiability
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Idea: Unsound theorem proving
◮ TP applied to maths: most conjectures are true
◮ Sacrifice completeness for efficiencyRetain soundness: if proof found, input unsatisfiable
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Idea: Unsound theorem proving
◮ TP applied to maths: most conjectures are true
◮ Sacrifice completeness for efficiencyRetain soundness: if proof found, input unsatisfiable
◮ TP applied to verification: most conjectures are false
◮ Sacrifice soundness for terminationRetain completeness: if no proof, input satisfiable
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Idea: Unsound theorem proving
◮ TP applied to maths: most conjectures are true
◮ Sacrifice completeness for efficiencyRetain soundness: if proof found, input unsatisfiable
◮ TP applied to verification: most conjectures are false
◮ Sacrifice soundness for terminationRetain completeness: if no proof, input satisfiable
◮ How do we do it: Additional axioms to enforce termination
◮ Detect unsoundness as conflict + Recover by backtracking
(DPLL framework)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
1. Add f (x) ≃ x
2. Rewrite a ⊑ f (c) into a ⊑ c and get 2: backtrack!
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
1. Add f (x) ≃ x
2. Rewrite a ⊑ f (c) into a ⊑ c and get 2: backtrack!
3. Add f (f (x)) ≃ x
4. a ⊑ b yields only f (a) ⊑ f (b)
5. a ⊑ f (c) yields only f (a) ⊑ c
6. Reach saturated state and detect satisfiability
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
DPLL
State of derivation: M ||F
◮ Decide: guess L is true, add it to M (decided literals)
◮ UnitPropagate: propagate consequences of assignment(implied literals)
◮ Conflict: detect L1 ∨ . . . ∨ Ln all false
◮ Explain: unfold implied literals and detect decided Li inconflict clause
◮ Learn: may learn conflict clause
◮ Backjump: undo assignment for Li
◮ Unsat: conflict clause is 2 (nothing else to try)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
DPLL(T )
State of derivation: M ||F
◮ T -Propagate: add to M an L that is T -consequence of M
◮ T -Conflict: detect that L1, . . . ,Ln in M are T -inconsistent
Since Ti -solvers build T -model:
◮ PropagateEq: add to M a ground s ≃ t true in T -model
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
DPLL(Γ+T ): integrate Γ in DPLL(T )
◮ Idea: literals in M can be premises of Γ-inferences
◮ Stored as hypotheses in inferred clause
◮ Hypothetical clause: H ⊲ C (equivalent to ¬H ∨ C )
◮ Inferred clauses inherit hypotheses from premises
◮ Note: don’t need Γ for ground inferences
◮ Use each engine for what is best for:◮ Γ works on non-ground clauses and ground unit clauses◮ DPLL(T ) works on all and only ground clauses
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
DPLL(Γ+T )
State of derivation: M ||F
F : set of hypothetical clauses
◮ Deduce: Γ-inference, e.g., superposition, using non-ground
clauses in F and literals in M
◮ Backjump: remove hypothetical clauses depending on undoneassignments
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Unsound inferences
◮ Single unsound inference rule: add arbitrary clause C
◮ Simulate many:◮ Suppress literals in long clause C ∨ D:
add C and subsume◮ Replace deep term t by constant a:
add t ≃ a and rewrite
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Controlling unsound inferences
◮ Unsound inferences to induce termination on sat input
◮ What if the unsound inference makes problem unsat?!
◮ Detect conflict and backjump:◮ Keep track by adding ⌈C⌉ ⊲ C◮ ⌈C⌉: new propositional variable (a “name” for C )◮ Treat “unnatural failure” like “natural failure”
◮ Thus unsound inferences are reversible
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Unsound theorem proving in DPLL(Γ+T )
State of derivation: M ||F
Inference rule:
◮ UnsoundIntro: add ⌈C⌉ ⊲ C to F and ⌈C⌉ to M
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example as done by system
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example as done by system
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
1. Add ⌈f (x) ≃ x⌉ ⊲ f (x) ≃ x
2. Rewrite a ⊑ f (c) into ⌈f (x) ≃ x⌉ ⊲ a ⊑ c
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example as done by system
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
1. Add ⌈f (x) ≃ x⌉ ⊲ f (x) ≃ x
2. Rewrite a ⊑ f (c) into ⌈f (x) ≃ x⌉ ⊲ a ⊑ c
3. Generate ⌈f (x) ≃ x⌉ ⊲ 2; Backtrack, learn ¬⌈f (x) ≃ x⌉
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Example as done by system
1. ¬(x ⊑ y) ∨ f (x) ⊑ f (y)
2. a ⊑ b
3. a ⊑ f (c)
4. ¬(a ⊑ c)
1. Add ⌈f (x) ≃ x⌉ ⊲ f (x) ≃ x
2. Rewrite a ⊑ f (c) into ⌈f (x) ≃ x⌉ ⊲ a ⊑ c
3. Generate ⌈f (x) ≃ x⌉ ⊲ 2; Backtrack, learn ¬⌈f (x) ≃ x⌉
4. Add ⌈f (f (x)) ≃ x⌉ ⊲ f (f (x)) ≃ x
5. a ⊑ b yields only f (a) ⊑ f (b)
6. a ⊑ f (c) yields only f (a) ⊑ f (f (c))rewritten to ⌈f (f (x)) = x⌉ ⊲ f (a) ⊑ c
7. Reach saturated state and detect satisfiability
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Issues about completeness
◮ Γ is refutationally complete
◮ Since Γ does not see all the clauses, DPLL(Γ + T ) does notinherit refutational completeness trivially
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Issues about completeness
◮ Γ is refutationally complete
◮ Since Γ does not see all the clauses, DPLL(Γ + T ) does notinherit refutational completeness trivially
◮ DPLL(T ) has depth-first search: complete for ground SMTproblems, not when injecting non-ground inferences
◮ Solution: iterative deepening on inference depth
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Issues about completeness
◮ Γ is refutationally complete
◮ Since Γ does not see all the clauses, DPLL(Γ + T ) does notinherit refutational completeness trivially
◮ DPLL(T ) has depth-first search: complete for ground SMTproblems, not when injecting non-ground inferences
◮ Solution: iterative deepening on inference depth
◮ However refutationally complete only for T emptyExample: R = {x = a ∨ x = b}, P = ∅, T is arithmeticUnsat but can’t tell!
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Solution
◮ Sufficient condition for refutational completeness with T 6= ∅:R be variable-inactive (tested automatically by Γ)
◮ it implies stable-infiniteness(needed for completeness of Nelson-Oppen combination)
◮ it excludes cardinality constraints (e.g., x = a ∨ x = b)
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Solution
◮ Sufficient condition for refutational completeness with T 6= ∅:R be variable-inactive (tested automatically by Γ)
◮ it implies stable-infiniteness(needed for completeness of Nelson-Oppen combination)
◮ it excludes cardinality constraints (e.g., x = a ∨ x = b)
◮ Use iterative deepening on both Deduce and UnsoundIntro
to impose also termination: DPLL(Γ+T ) gets “stuck” at k
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
How to get decision procedures
To decide satisfiability modulo T of R∪ P :
◮ Find sequence of “unsound axioms” U
◮ Show that there exists k s.t. k-bounded DPLL(Γ+T ) isguaranteed to terminate
◮ with Unsat if R∪ P is T -unsat◮ in a state which is not stuck at k if R∪ P is T -sat
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Decision procedures
◮ R has single monadic function symbol f
◮ Essentially finite: if R ∪ P is sat, has model where range of f
is finite
◮ Such a model satisfies f j(x) ≃ f k(x) for some j 6= k
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Decision procedures
◮ R has single monadic function symbol f
◮ Essentially finite: if R ∪ P is sat, has model where range of f
is finite
◮ Such a model satisfies f j(x) ≃ f k(x) for some j 6= k
◮ UnsoundIntro adds “pseudo-axioms” f j(x) ≃ f k(x) for j > k
◮ Use f j(x) ≃ f k(x) as rewrite rule to limit term depth
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Decision procedures
◮ R has single monadic function symbol f
◮ Essentially finite: if R ∪ P is sat, has model where range of f
is finite
◮ Such a model satisfies f j(x) ≃ f k(x) for some j 6= k
◮ UnsoundIntro adds “pseudo-axioms” f j(x) ≃ f k(x) for j > k
◮ Use f j(x) ≃ f k(x) as rewrite rule to limit term depth
◮ Clause length limited by properties of Γ and R
◮ Only finitely many clauses generated: termination withoutgetting stuck
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Situations where clause length is limited
Γ: Superposition, Hyperresolution, Simplification
Negative selection: only positive literals in positive clauses areactive
◮ R is Horn
◮ R is ground-preserving: variables in positive literals appearalso in negative literals;the only positive clauses are ground
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Concrete examples of essentially finite theories
Axiomatizations of type systems:
Reflexivity x ⊑ x (1)
Transitivity ¬(x ⊑ y) ∨ ¬(y ⊑ z) ∨ x ⊑ z (2)
Anti-Symmetry ¬(x ⊑ y) ∨ ¬(y ⊑ x) ∨ x ≃ y (3)
Monotonicity ¬(x ⊑ y) ∨ f (x) ⊑ f (y) (4)
Tree-Property ¬(z ⊑ x) ∨ ¬(z ⊑ y) ∨ x ⊑ y ∨ y ⊑ x (5)
MI = {(1), (2), (3), (4)}: type system with multiple inheritance
SI = MI ∪ {(5)}: type system with single inheritance
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Concrete examples of decision procedures
DPLL(Γ+T ) with UnsoundIntro adding f j(x) ≃ f k(x) for j > k
decides the satisfiability modulo T of problems
◮ MI ∪ P (MI is Horn)
◮ SI ∪ P (all ground-preserving except Reflexivity)
◮ MI ∪ TR ∪ P and SI ∪ TR ∪ P (by combination)
TR = {¬(g(x) ≃ null), h(g(x)) ≃ x}where g represents the type representative of a type.
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem
OutlineMotivation: reasoning for SW verification
Idea: Unsound theorem proving to get decision proceduresDPLL(Γ+T ) with UTP: SMT-solver+Superposition+UTP
Decision procedures for type systemsDiscussion
Summary of contributions and directions for future work
◮ DPLL(Γ+T ) + unsound TP: termination
◮ Decision procedures for type systems with multiple/singleinheritance used in ESC/Java and Spec#
◮ DPLL(Γ+T ) + variable-inactivity: completeness for T 6= ∅and combination of both built-in and axiomatized theories
◮ Extension to more presentations(e.g., y ⊑ x ∧ u ⊑ v ⊃ map(x , u) ⊑ map(y , v))
◮ Avoid duplication of reasoning on ground unit clauses
Maria Paola Bonacina On deciding satisfiability by DPLL(Γ+T ) and unsound theorem