Section: New Results
Automated and Interactive Theorem Proving
Participants : Gabor Alági, Haniel Barbosa, Jasmin Christian Blanchette, Martin Bromberger, Simon Cruanes, Mathias Fleury, Pascal Fontaine, Marek Košta, Stephan Merz, Martin Riener, Martin Strecker, Thomas Sturm, Marco Voigt, Uwe Waldmann, Daniel Wand, Christoph Weidenbach.
IsaFoL: Isabelle Formalization of Logic
Joint work with Heiko Becker (MPISWS Saarbrücken), Peter Lammich (TU München), Andrei Popescu (Middlesex University London), Anders Schlichtkrull (DTU Copenhagen), Dmitriy Traytel (ETH Zürich), and Jørgen Villadsen (DTU Copenhagen).
Researchers in automated reasoning spend a significant portion of their work time specifying logical calculi and proving metatheorems about them. These proofs are typically carried out with pen and paper, which is errorprone and can be tedious. As proof assistants are becoming easier to use, it makes sense to employ them.
In this spirit, we started an effort, called IsaFoL (Isabelle Formalization of Logic), that aims at developing libraries and methodology for formalizing modern research in the field, using the Isabelle/HOL proof assistant.(https://bitbucket.org/jasmin_blanchette/isafol/wiki/Home) Our initial emphasis is on established results about propositional and firstorder logic. In particular, we are formalizing large parts of Weidenbach's forthcoming textbook, tentatively called Automated Reasoning—The Art of Generic Problem Solving.
The objective of formalization work is not to eliminate paper proofs, but to complement them with rich formal companions. Formalizations help catch mistakes, whether superficial or deep, in specifications and theorems; they make it easy to experiment with changes or variants of concepts; and they help clarify concepts left vague on paper.
The repository contains six completed entries and three entries that are still in development. Notably:

Mathias Fleury formalized a SAT solver framework with learn, forget, restart, and incrementality and published the result at a leading conference, together with Jasmin Blanchette and Christoph Weidenbach [25].

Anders Schlichtkrull, remotely cosupervised by Jasmin Blanchette, formalized unordered firstorder resolution in Isabelle and presented the result at ITP 2016 [37].

Together with an intern, Jasmin Blanchette, Uwe Waldmann, and Daniel Wand formalized a generalization for the recursive path order and the transfinite KnuthBendix order to higherorder terms without $\lambda $abstractions. The result is published in the Isabelle Archive of Formal Proofs.
Combination of Satisfiability Procedures
Joint work with Christophe Ringeissen from the PESTO projectteam at Inria Nancy – Grand Est, and Paula Chocron at IIIACSIC, Bellaterra, Catalonia, Spain.
A satisfiability problem is often expressed in a combination of theories, and a natural approach consists in solving the problem by combining the satisfiability procedures available for the component theories. This is the purpose of the combination method introduced by Nelson and Oppen. However, in its initial presentation, the NelsonOppen combination method requires the theories to be signaturedisjoint and stably infinite (to ensure the existence of an infinite model). The design of a generic combination method for nondisjoint unions of theories is clearly a hard task, but it is worth exploring simple nondisjoint combinations that appear frequently in verification. An example is the case of shared sets, where sets are represented by unary predicates. Another example is the case of bridging functions between data structures and a target theory (e.g., a fragment of arithmetic).
In 2015, we defined [42] a sound and complete combination procedure à la NelsonOppen for the theory of absolutely free data structures (including lists and trees) connected to another theory via bridging functions. This combination procedure has also been refined for standard interpretations. The resulting theory has a nice politeness property, enabling combinations with arbitrary decidable theories of elements. We also investigated [43] other theories amenable to similar combinations: this class includes the theory of equality, the theory of absolutely free data structures, and all the theories in between.
More recently, we have been improving the framework and unified both results. A new paper is in preparation.
Quantifier handling in SMT
Joint work with Andrew J. Reynolds, Univ. of Iowa, USA.
SMT solvers generally rely on various instantiation techniques to handle quantifiers. We are building a unifying framework for handling quantified formulas with equality and uninterpreted functions, such that the major instantiation techniques in SMT solving can be cast in that framework. It is based on the problem of $E$ground (dis)unification, a variation of the classic Rigid Eunification problem. We introduced a sound and complete calculus to solve this problem in practice: Congruence Closure with Free Variables (CCFV). Experimental evaluations of implementations of CCFV in the stateoftheart solver CVC4 and in the solver veriT exhibit improvements in the former and makes the latter competitive with stateoftheart solvers in several benchmark libraries stemming from verification efforts. A publication is in preparation.
Nonlinear arithmetic in SMT
In the context of the SMArT ANRDFG (Satisfiability Modulo Arithmetic Theories) and KANASA projects (cf. sections 9.1 and 9.3), we study the theory, design techniques, and implement software to push forward the nonlinear arithmetic (NLA) reasoning capabilities in SMT. This year, we designed a framework to combine interval constraint propagation with other decision procedures for NLA, with promising results. We are also currently studying integration of these procedures into combinations of theories. The ideas are validated within the veriT solver, together with code from the raSAT solver (from JAIST). An article is in preparation.
Encoding SetTheoretic Formulas in FirstOrder Logic
Proof obligations that arise during the verification of highlevel specifications of algorithms in languages such as (Event)B and TLA^{+} mix theories corresponding to sets, functions, arithmetic, tuples, and records. Finding encodings of such formulas in the input languages of automatic firstorder provers (superpositionbased provers or SMT solvers, which are based on multisorted firstorder logic) is paramount for obtaining satisfactory levels of automation. We describe a method, based on a combination of injection of unsorted expressions into sorted languages, simplification by rewriting, and abstraction, that is the kernel of the SMT backend of the TLA^{+} proof system (section 6.4). A paper describing our technique was presented at ABZ 2016 [31] and an extension of that article was invited for a special issue of Science of Computer Programming.
During the internship of Matthieu Lequesne, we experimented with an adaptation of the technique for constructing models of formulas in set theory, which could be useful for understanding why proof attempts fail. A prototype generating input for the Nunchaku model finder (section 6.1) allowed us to validate the idea for a core sublanguage of TLA^{+}.
Modal and Description Logics for Graph Transformations
Graph transformations are a research topic that is interesting in its own right, but with many possible applications ranging from the modification of pointer structures in imperative programs, through model transformations in modeldriven engineering, to schemapreserving transformations of graph databases. Our particular focus is on verifying these transformations.
Modal logics and variants (such as description logics that are the basis for the web ontology language OWL) have turned out to be suitable specification formalisms because graph structures can typically be perceived as models of modal logics, but these logics suffer from some weaknesses when reasoning about transformations. The first aim of our work was therefore to identify and define sufficiently expressive modal logics, while retaining their pleasant properties, in particular decidability [30].
Our next aim is to implement practically useful proof methods. We have first concentrated on the more natural tableau proofs, with a verification of metatheoretic properties of the calculi (such as termination) in the Isabelle proof assistant. We now turn to an investigation of encodings as satisfiability problems that can be handled with SAT and SMT solvers, with the hope to achieve a better performance.
Standard Models with Virtual Substitution
Joint work with A. Dolzmann from LeibnizZentrum für Informatik in Saarbrücken, Germany.
Extended quantifier elimination for the reals using virtual substitution methods have been successfully applied to various problems in science and engineering. Recently they have attracted attention also as theory solvers within SMT. Such solvers typically ask also for models in the satisfiable case. Models obtained with virtual substitution are in general obtained in certain nonarchimedian extension fields of the reals with a corresponding expanded signature. Consequently, the obtained values for the variables include nonstandard symbols such as positive infinitesimals and infinite values.
We introduce a complete postprocessing procedure to convert our models, for fixed values of parameters, into real models [15]. We furthermore demonstrate the successful application of an implementation of our method within Redlog to a number of extended quantifier elimination problems from the scientific literature including computational geometry, motion planning, bifurcation analysis for models of genetic circuits and for mass action, and sizing of electrical networks. This solves a longstanding problem with the virtual substitution method, which had been explicitly criticized in the scientific literature.
Decidability of Fragments of Free FirstOrder Logic
We introduce a new decidable fragment of firstorder logic with equality, the Separated Fragment (SF). It strictly generalizes two already wellknown decidable fragments of firstorder logic: the BernaysSchönfinkelRamsey (BSR) Fragment and the Monadic Fragment. The defining principle is that universally and existentially quantified variables may not occur together in atoms. Thus, our classification neither rests on restrictions of quantifier prefixes (as in the BSR case) nor on restrictions on the arity of predicate symbols (as in the monadic case).
We show that SF exhibits the finite model property and derive a nonelementary upper bound on the computing time required for deciding satisfiability of SF sentences. For the subfragment of prenex sentences with the quantifier prefix ${\exists}^{*}{\forall}^{*}{\exists}^{*}$ the satisfiability problem is shown to be NEXPTIMEcomplete. Furthermore, we discuss how automated reasoning procedures can take advantage of our results [34].
Continuing the work presented in the initial publication, we further investigated the computational complexity of SF satisfiability. It nicely scales across the nondeterministic standard complexity classes, depending on joint occurrences of existentially quantified variables from ${\exists}^{*}$blocks that are separated by nonempty ${\forall}^{+}$blocks.
In another line of work, we relaxed the definition of SF, leading to an even larger fragment for which satisfiability is still decidable. In this fragment, variables of ${\exists}^{*}$blocks and ${\forall}^{+}$blocks may occur together in some atom if the respective quantifiers obey a certain order.
Ordered resolution with dismatching constraints
The identification and algorithmic exploration of decidable logic fragments is key to the automation of logics and to obtaining pushbutton verification technologies. We extend a wellknown decidable fragment, linear monadic shallow Horn theories, with straight dismatching constraints, preserving decidability. Furthermore, we show that the restriction to Horn clauses is not needed. The fragment has various applications in security, automata theory and theorem proving [35].
Undecidable combinations of firstorder logic with background theories
We show that the universal fragment of Presburger arithmetic augmented with a single uninterpreted predicate (or function) symbol is already undecidable. The result has immediate consequences for verification techniques that combine uninterpreted functions or predicate symbols with (fragments of) Presburger arithmetic. For example, data structures such as arrays can be viewed as a collection of uninterpreted functions that obey certain axioms.
Our result is a sharpening of previously known results. In particular, undecidability holds for a fragment with purely universal quantification: no quantifier alternation is necessary. While in this case the set of unsatisfiable sentences is still recursively enumerable, and in fact hierarchic superposition constitutes a semidecision procedure, allowing for one quantifier alternation ($\exists \forall $ or $\forall \exists $) leads to a fragment in which neither the satisfiable sentences nor the unsatisfiable ones form a recursivelyenumerable set. Hence, there cannot be any refutationally complete calculus for such a combined theory.
Novel techniques for linear arithmetic constraint solving
In [26], [27], we investigate new techniques for linear arithmetic constraint solving. They are based on the linear cube transformation, which allows us to efficiently determine whether a system of linear arithmetic constraints contains a hypercube of a given edge length.
Our first findings based on this transformation are two sound tests that find integer solutions for linear arithmetic constraints. While many complete methods search along the problem surface for a solution, these tests use cubes to explore the interior of the problems. The tests are especially efficient for constraints with a large number of integer solutions, e.g., those with infinite lattice width. Inside the SMTLIB benchmarks, we have found almost one thousand problem instances with infinite lattice width. Experimental results confirm that our tests are superior on these instances compared to several stateoftheart SMT solvers.
We also discovered that the linear cube transformation can be used to investigate the equalities implied by a system of linear arithmetic constraints. For this purpose, we developed a method that computes a basis for all implied equalities, i.e., a finite representation of all equalities implied by the linear arithmetic constraints. The equality basis can be used to decide whether a system of linear arithmetic constraints implies a given equality.