Instantiation Schemes for Nested Theories

Instan tiation Sc hemes for N ested Theories (researc h rep ort) Mnac ho Ec henim Ensimag/Lab orator y of Informatics of Grenoble Nicolas Pe ltier CNRS/Lab orato ry of Infor matics of Grenoble July 2011 Abstract This pap er in vestigates under whic h conditions instantiatio n-b ased proof procedures ca n be com bined in a nes te d w a y , in order to mechani- cally construct new instantia tion pro cedures for richer theories. Interest- ing applications in the ﬁeld of veriﬁcation are emphasized, particularly for handling extensions of the theory of arrays. 1 In tro duction Proving the satisﬁability or unsatisﬁabilit y of a ﬁrst-o rder f ormula (p os sibly mo dulo so me background theory) is an essential problem in co mputer science – in particular for the automatic veriﬁcation of complex systems, a nd ins t an- tiation schemes can be used for this purpo s e. Such schemes can b e viewed as functions Θ that map a set of formulæ (or clauses) S to a set of g r ound (i.e. without v ariable) instances Θ ( S ) o f S . An instantiation scheme Θ is r efutation- al ly c omplete if for a ll sets of clauses S , Θ( S ) is satisﬁable exactly when S is. Examples of refutationa lly complete insta ntiation schemes include [22, 24, 17, 5]. It is clea r that an instantiation sc heme that is refutatio na lly complete does not alwa ys terminate, as Θ ( S ) may b e inﬁnite, but schemes that are b oth complete and ter minating can be deﬁned for sp eciﬁc classes of clause se ts, that are th us decidable. A trivial and well-kno wn exa mple is the Ber nays-Sc h¨ onﬁnkel class (i.e. the class of purely universal formulæ without function sy mbols o f a rity distinct from 0, see, e.g., [11]), since in this c a se the set of gro und insta nces is ﬁnite. Other examples include the class of s t r atiﬁe d clause sets [1] and ma ny classes o f clause sets of the form G ∪ A , where G is a set of gr ound formulæ and A is the set o f axioms o f a sp eciﬁc theor y , for instance the theo r y of arrays [6 ]. In this last cas e, of course, only the a xioms in A need to b e insta nt iated. 1 Instantiation schemes ca n also b e deﬁned for sp eciﬁc theories for which deci- sion pro cedures exist. Then, the theory is not ax iomatized, but directly ha ndled by a n externa l pr ov er – used as a “ black box”. In this case, the instantiation pro cedure sho uld preserve the v alidit y of the for m ula mo dulo the co nsidered the- ory . Suc h pro ce dur es are app ealing, b ecause it is usually m uch easier to chec k the v alidity of a g round set tha n that of a non-gr ound set (see for insta nce [7]). F requently , one has to handle heter ogeneous problems, deﬁned on co mplex theories for which no instantiation pro cedure exists. Such theories ar e frequen tly obtained by combining s impler theor ies. F or instance the theory describing a data-structure (a rrays, list, etc.) m ay b e combined with the theor y mo deling the elements it contains (e.g., integers). Most systems rely on the Nelson- Opp en metho d (and its numerous reﬁnements) to reaso n on combination of theor ies. This scheme a llows one – under cer tain conditions – to co mbin e indep endent decision pro cedures (see, e.g., [27]), but it is of no use for reasoning o n theor ies that include axioms containing function or predicate sym b ols from b oth theor ies. As an example, consider the follo wing formula: ∀ i, j : nat , i ≤ j ⇒ select( t, i ) ≤ select( t, j ) , that states that an ar r ay t is sorted. This for mula uses symbols from the theor y of integers (the predicate ≤ ) a nd from the theory of a rrays (the function se le ct, which returns the v alue stor ed in a certain array at a certain index). In this pap er, we show how to construc t au t omatic al ly instantiation schemes for such axioms, by combining existing instan tiation schemes. Mor e precisely , from t w o complete ins tantiation pro cedures Θ N and Θ A for the theory of in te- gers and fo r the theory of arrays resp ectively , we construct a new pro cedure Θ which is a ble to handle a particular class of “mixed” a xioms, containing function symbols fr om b oth theories (including fo r instance the axioms for sor ted ar r ays and many others). Θ will be complete and termina ting if both Θ N and Θ A are (as prov en in Section 3.3). This approach is not restricted to sp eciﬁc theor ie s such as Θ N and Θ A ; o n the contrary it is generic and applies to a wide r ange of theories and some examples are provided in Section 4. T he conditions that must be satisﬁed by the co nsidered theories and by their instantiation pro c e dures a re very precis ely ident iﬁed (see Sectio n 3.2). Comparison wit h Related W ork There is an extensive amount of w ork on the combination of (usually disjoin t) theories, using ma inly reﬁnements or extens io ns of the Nelson- Opp en metho d (see, e.g., [27, 8 ]). F o r instance, [14] shows that man y de c idable fragments of ﬁrst-order logic can be combined with any disjoin t theory , even if these fragments do not fulﬁll the s table inﬁniteness condition in general. A re lated res ult is presented in [1 5] for the theory of lists (with a length function). Howev er, these results do not a pply to non-disjoin t theor ies as the ones w e consider in this pap er, and they canno t handle neste d combinations of arbitr ary theories. Reasoning on the combination of theories with mixe d axioms ha s b een rec- ognized as an impor tant pr oblem and n umerous solutions hav e been pro p osed 2 in many sp eciﬁc cases. Mo st existing w or k fo cuses on testing the satisﬁabilit y problem of gr oun d form ulæ in com binations or extensions of existing theories. In contrast, our metho d a ims at reducing non- ground satisﬁability to g round satisﬁability tests, via instan tiation. F o r instance, [7, 6 ] deﬁne a decision pro cedure for extensions of the theory of arrays with integer elements, whic h is able to handle axioms such as the one ab ov e for so rted ar rays. As we shall s ee in Section 4, our appr oach, when a pplied to these par ticula r theories, p ermits to ha ndle a strictly mo r e expressive c la ss of quantiﬁed form ulæ. [19] focus e s on arrays with integer indices and devises a method to combine existing dec ision pro cedures (for Presbur ger arithmetic and for the theory of arrays). This method is able to handle so me impor tant sp eciﬁc fea tures of arrays such a s sortedness or array dimension. Similarly to our approach, theirs is based o n an instant iation of the a xioms. As w e shall see, some o f its featur es can be tackled with our metho d a nd others (such as Injectivity) are out of its scop e. How ever, our method is generic in the sense that it applies to a wide class of theor ie s and ax ioms (in par ticular, it applies to axio ms that are not considered in [19]). It is essentially syntactic, whereas that of [1 9] is more of a semantic natur e. A log ic devoted to reasoning with arr ays of integers is prese nted is [21] and the decidability o f the satisﬁability pro ble m is established by reduction to the emptiness problem for coun ter automata. In Section 4 we sha ll s how that the expressive p ower of this logic is ag ain incomparable w ith the o ne we obtain with our approa ch. [18] prop os e s an instantiation schem e for sets o f clauses p ossibly containing arithmetic literals, which can handle some of the a xioms w e consider. Howev er termination is not gua ranteed for this s cheme, in co ntrast to o urs. Slightly closer to our appro ach is the work describ ed in [25, 2 6], which deﬁnes the no tion of the (stably) lo c al extension of a theo ry a nd s hows that the satisﬁ- ability pro blem in a (stably) loc al extension o f a theory A can be reduced to a mere satisﬁability test in A . The notio n of a lo cal extensio n is a g e neralization of the notion o f a lo ca l theor y [1 6]. The idea is that, for testing the satisﬁa bility of a ground formula G in the lo cal extension of a theor y , it is suﬃcient to instan- tiate the v ariable s oc curring in the new axio ms by ground terms o ccurring either in G or in the axioms. This condition holds for numerous useful extensions of base theories, including for instance extensions with free functions, with s elector functions for an injectiv e constructor, with monotone functions over integers o r reals etc. Our a pproach departs from these results b eca use our goal is not to extend ba sic theories, but rather to combine existing instant iation pro cedures. Note also that the notion of a loca l extension is a seman tic one, and tha t this prop erty m ust b e established separately for ev ery cons idered extension. In our approach we deﬁne conditions on the theories ensuring that they can be safely combined. These c o nditions ca n b e tested onc e and for al l for each theory , and then any combination is allowed. The extensions we consider in this pap er are not necessarily lo cal thu s do not fall under the sco pe o f the metho d in [2 5, 26]. How ev er, an impor tant restr iction of our approach compared to [25, 26] is that 3 the theories must b e c o mbined in a h ier ar chic wa y: intuitiv ely ther e can be function s y mbols mapping element s of the ﬁrst theory B (t he “base” theor y) to elements of the second one N (the “ nesting” theory ), but no function sy m b ols are allow ed from N to B . Extensions of the supe rp osition calculus [3] hav e b een prop o s ed to handle ﬁrst-order extensions of a base theory (see fo r example [4, 2]). The supe r p osi- tion calculus is used to reason on the gener ic pa rt of the formulæ whe r eas the theory-sp eciﬁc part is handled by an external prover. These pr o of pro cedures can b e used to reason on some the formulæ we consider in the pr e sent pa pe r . How ev er, we are not aw ar e of an y termination r esult for these approaches (even completeness requires additional restrictions that are not alw ays satisﬁed in practice). Our approach uses an instantiation-based a pproach instead of super- po sition, and ensures that termination is preserved b y the combination, at the cost of mu ch stronger syntactic restrictions on the considered formulæ. Organization of the Paper The rest of the paper is structured as fo llows. Sectio n 2 contains general def- initions and notations used throughout the present work. Mo st of them are standard, but some a re mo r e particular, suc h a s the notions of ω -clauses o r sp eciﬁcations. Section 3 describes our pro cedure for the nested combination of instantiation schemes, and introduces conditions to e ns ure that co mpleteness is preserved. Section 4 sho ws s ome in teresting applications of these results for theories that are pa rticularly useful in the ﬁeld of veriﬁcation (espe c ia lly for extensions of the theory of a rrays). Section 5 concludes the pap er a nd gives some lines of future work. 2 Preliminaries In this section, we ﬁrst brieﬂy review usual notions and notatio ns about ﬁrst- order claus al logic. Then w e introduce t he rather nonstandard notion of a n ω -clause (a clause with inﬁnitely man y literals ). W e deﬁne the notion of sp e ci- ﬁc ations and pro vide so me examples sho wing how usual theo ries such as tho se for in tegers or ar rays can be enco ded. Finally we introduce the notion of in- stantiation metho ds . 2.1 Syn tax Let S b e a set of sort symb ols and F be a set of fun ction symb ols together with a r anking function r nk : F → S ∗ × S . F o r ev ery f ∈ F , we write f : s 1 ×· · ·× s n → s if rnk ( f ) = s 1 , . . . , s n , s . If n = 0 then f is a c onstant symb ol of sort s . W e assume that F contains at lea st one co nstant symbol of each s ort. T o every sort s ∈ S is a s so ciated a countably inﬁnite set X s of variables of sort s , such that these sets ar e pa irwise disjoint. X = S s ∈ S X s denotes the whole set of 4 v a r iables. F or ev ery s ∈ S , the set of terms of sort s is denoted by T s ( X ) and built inductively as usual on X and F : • X s def ⊆ T s ( X ). • If f : s 1 × . . . × s n → s and for all i ∈ [1 , n ] , t i ∈ T s i ( X ) then f ( t 1 , . . . , t n ) def ∈ T s ( X ). The set of terms is deﬁned by T ( X ) def = S s ∈ S T s ( X ). An atom is an equality t ≃ s b etw een ter ms of the s ame sort. A liter al is either an atom or the nega tion of an atom (written t 6≃ s ). If L is a litera l, then L c denotes its complemen tary: ( t ≃ s ) c def = ( t 6≃ s ) and ( t 6≃ s ) c def = ( t ≃ s ). A clause is a ﬁnite set (written as a disjunction) of literals. W e a ssume that S contains a sort bool and that F contains a constant symbol tr ue o f sort bool . F o r rea dability , a toms of the form p ≃ tr ue will b e simply denoted b y p (thus we write, e.g., a ≤ 2 instead of ( a ≤ 2) ≃ tru e ). A n atom is e quational iﬀ it is of the form t ≃ s whe r e t, s 6 = tru e . The set o f v ariables o ccurr ing in an expre ssion (term, atom, literal or claus e) E is denoted by V ar( E ). E is gr ound iﬀ V ar( E ) = ∅ . The set of gro und ter ms of sort s is denoted by T s and the set of gr o und terms by T def = S s ∈ S T s . A subst itution is a function that maps every v ariable to a term of the sa me sort. The image o f a v a riable x by a substitution σ is denoted b y xσ . The domain of a s ubstitution σ is the set 1 dom ( σ ) def = { x ∈ X | xσ 6 = x } , and its c o domain c o d ( σ ) is the s et of elemen ts the v ariables in the domain are mapp ed to. Substitutions are extended to terms, ato ms , litera ls and clauses as usual: f ( t 1 , . . . , t n ) σ def = f ( t 1 σ , . . . , t n σ ), ( t ≃ s ) σ def = ( tσ ≃ sσ ), ( ¬ L ) σ def = ¬ ( Lσ ) a nd ( W n i =1 L i ) σ def = W n i =1 L i σ . A substitution σ is gr ound if ∀ x ∈ dom ( σ ), V ar( xσ ) = ∅ . A gr oun d instanc e of an expression E is an expression of the form E σ , where σ is a ground substitution of do main V a r( E ). Deﬁnition 1. A substitution σ is pur e iﬀ for all x ∈ X , xσ ∈ X . In this case, for a ny term t , tσ is a pur e instanc e of t . A substitution σ is a re naming if it is pure and injective. ♦ A substitution σ is a un iﬁer of a set of pairs { ( t i , s i ) | i ∈ [1 , n ] } iﬀ ∀ i ∈ [1 , n ] , t i σ = s i σ . It is well-kno wn that all uniﬁable s e ts have a mo s t gener al uniﬁer (mgu), which is unique up to a re na ming. 2.2 Seman t ics An interpr etation I is a function ma pping : • Every sort symbol s ∈ S to a no nempt y set s I . • Every function sym b ol f : s 1 × . . . × s n → s ∈ F to a function f I : s I 1 × . . . × s I n → s I . 1 for technical conv enience we do not assume that dom ( σ ) is ﬁnite. 5 D I denotes the domain of I , i.e., the set S s ∈ S s I . As usual, the v aluation function E 7→ [ E ] I maps every gro und expr ession E to a v alue deﬁned a s follows: • [ f ( t 1 , . . . , t n )] I def = f I ([ t 1 ] I , . . . , [ t n ] I ), • [ t ≃ s ] I = t rue iﬀ [ t ] I = [ s ] I , • [ t 6≃ s ] I = t rue iﬀ [ t ≃ s ] I 6 = true , • [ W n i =1 L i ] I def = tru e iﬀ ∃ i ∈ [1 , n ] , [ L i ] I = t rue . An F -interpretation I satisﬁes an F -cla us e C if fo r every g round instance C σ of C we hav e [ C σ ] I = true . A set of F -clauses S is satisﬁe d b y I if I s a tisﬁes every clause in S . If this is the case, then I is a mo del of S and we write I | = S . A set of clause s S is satisﬁable if it has a mo del; tw o sets of clauses are e quisatisﬁable if one is sa tisﬁable exactly when the other is sa tisﬁable. In the sequel, w e res tr ict our s elves, w.l.o.g ., to in terpretations s uch that, for every s ∈ S , s I = { [ t ] I | t ∈ T s } . 2.3 ω -Clauses F o r technical conv enience, we extend the usual notion of a clause by allowing inﬁnite disjunction of liter als: Deﬁnition 2. An ω -clause is a p oss ibly inﬁnite set of liter als. ♦ The notion of instance extends s traightforwardly to ω -clauses: if C is an ω - clause then C σ denotes the ω - clause { Lσ | L ∈ C } (r e call that the domain of σ may be inﬁnite). Similarly , the seman tics of ω - clauses is identical to that of standard clause s : if C is a ground ω -clause, then [ C ] I def = tr ue iﬀ there exists an L ∈ C such that [ L ] I = true . If C is a non-gr ound ω -clause, then I | = C iﬀ for every gro und s ubstitution of domain V ar( C ), [ C σ ] I = true . The no tions of satisﬁa bilit y , mode ls etc. ar e extended accor dingly . If S, S ′ are tw o sets of ω -cla uses, we write S E S ′ if for every cla use C ′ ∈ S ′ there exists a clause C ∈ S such that C ⊆ C ′ . Prop ositi on 3. If S E S ′ then S ′ is a lo gic al c onse quenc e of S . Of course, most of the usual prop erties of ﬁrst-order lo gic suc h as semi- decidability or compactness fail if ω -clauses a re considered. F or instance, if C stands for the ω -cla use { b ≃ f i ( a ) | i ∈ N } and D j def = { b 6≃ f j ( a ) } fo r j ∈ N , then S def = { D j | j ∈ N } ∪ { C } is unsatisﬁable, although ev ery ﬁnite subset of S is satisﬁable. 2.4 Sp eciﬁcations Usually , theories are deﬁned by sets of axioms and a re closed under logical consequence. In our se tting, we will r estrict either the cla ss of in terpretatio ns 6 (e.g., by ﬁx ing the in terpretatio n of a sort int t o t he na tural num bers ) or the cla s s of clause se ts (e.g., by co nsidering o nly clause sets belonging to so me decidable fragments o r containing certain axioms ). This is why we intro duce the (slightly unusual) notion of sp e ciﬁc ations , of which we provide exa mples in the following sec tio n: Deﬁnition 4. A sp e ciﬁc ation A is a pair ( I , C ), wher e I is a set of in terpreta- tions and C is a class of clause sets. A clause set S ∈ C is A -satisﬁable if ther e exists a n I ∈ I such that I | = S . S and S ′ are A -e quisatisﬁable if they are both A -satisﬁable or b oth A -unsatisﬁable. W e wr ite S | = A S ′ iﬀ every A -mo del of S is also an A -mo del o f S ′ . ♦ F o r the sake o f readability , if A is clea r from the con text, w e will say tha t a set of clauses is satisﬁable, instead o f A -satisﬁable. W e wr ite ( I , C ) ⊆ ( I ′ , C ′ ) iﬀ I = I ′ and C ⊆ C ′ . By a s light abuse of language, w e sa y that C o c curs in A if there exists S ∈ C such that C ∈ S . In ma ny cases, I is simply the set of all in terpretations , which we denote by I fol . But o ur results also a pply to domain-sp eciﬁc instantiation sch emes such as those for Pres burger arithmetic. Of course, res tricting the form o f the clause sets in C is necessar y in many cases for deﬁning instan tiation schemes that ar e bo th terminating and refutationally complete. That is why w e do not assume that C co nt ains every clause set. Note that axioms may be included in C . W e shall simply assume that C is closed under inclusion and ground instant iations, i.e., for all S ∈ C if S ′ ⊆ S and S ′′ only contains ground instances of clauses in S , then S ′ , S ′′ ∈ C . All the classes o f clause s e ts considered in this pa p er satisfy these requirements. W e shall restrict ourselves to a par ticular class of sp eciﬁca tions: those with a set of interpretations that can be deﬁned b y a set of ω -clauses. Deﬁnition 5. A sp eciﬁcation A = ( I , C ) is ω -deﬁnable iﬀ there exists a (pos- sibly inﬁnite) set of ω -clauses Ax( I ) suc h that I = { I | I | = Ax( I ) } . ♦ F r om now on, we assume that all the considered s p ec iﬁca tions are ω -deﬁnable. 2.5 Examples Example 6. T he s p ec iﬁc a tion of ﬁrst- order logic is deﬁned by A fol def = ( I fol , C fol ) where: • I fol is the set of all in terpretations (i.e. Ax( I fol ) def = ∅ ). • C fol is the set of all cla use sets on the co nsidered signatur e. Example 7. T he spe ciﬁcation of Pr esburger arithmetic is deﬁned as follows: A Z def = ( I Z , C Z ) where: • Ax( I Z ) contains the domain axiom: W k ∈ N ( x ≃ s k (0) ∨ x ≃ − s k (0)) and the usual axioms for the function symbols 0 : in t , − : int → i nt , s : 7 int → int , p : in t → int , + : int × in t → int , and for the predic a te symbols ≃ k : in t × i nt → bool (for ev ery k ∈ N ) ≤ : int × i nt → bool and < : i nt × int → b ool : 0 + x ≃ x s ( x ) + y ≃ s ( x + y ) p ( x ) + y ≃ p ( x + y ) p ( s ( x )) ≃ x s ( p ( x )) ≃ x s k (0) ≃ k 0 − 0 ≃ 0 − s ( x ) ≃ p ( − x ) − p ( x ) ≃ s ( − x ) x 6≃ k y ∨ s k ( x ) ≃ k y x 6≃ k y ∨ p k ( x ) ≃ k y x < y ⇔ s ( x ) < s ( y ) x 6 < y ∨ x < s ( y ) x ≤ y ⇔ ( x < y ∨ x ≃ y ) x < s ( x ) ≃ k denotes equality mo dulo k (which will be used in Section 4.1.1); x, y denote v aria bles of sort i nt a nd k is any natural n um b er. Note that the domain axiom is an inﬁnite ω -clause, while the other axioms ca n b e viewed as standard claus es. • C Z is the cla ss of clause sets built o n the set o f function symbols 0 : i nt , s : int → int , p : i nt → int and on the pr e vious set of predicate symbols. In the sequel, the ter ms s k (0) and p k (0) will b e written k and − k resp ectively . Example 8. T he sp eciﬁc a tion of arr ays is A A def = ( I A , C A ) where: • Ax( I A ) def = { select(store( x, z , v ) , z ) ≃ v , z ′ ≃ z ∨ sele c t(store( x, z , v ) , z ′ ) ≃ select( x, z ′ ) } , wher e select : arr ay × ind → elem and sto r e : a rray × i nd × elem → arra y ( x is a v ariable of sor t array , z , z ′ are v a riables of so rt i nd and v is a v ariable of sort ele m ). • C A is the class of gro und cla use sets built on selec t, sto re and a set of constant s y mbols. It should b e noted that rea ls can be also handled by using any axiomatization of real closed ﬁelds. 2.6 Instan tiation P ro cedures An instantiation pro cedure is a fu nction that reduces the A - s atisﬁability pr ob- lem for any set of A -cla uses to that of a (p ossibly inﬁnite) set of gr ound A - clauses. Deﬁnition 9. Let A = ( I , C ) be a sp eciﬁcatio n. An instant iation pr o c e dur e for A is a function Θ fr o m C to C such tha t for every S ∈ C , Θ( S ) is a set of ground instances of claus es in S . Θ is c omplete for A if fo r every S ∈ C , S and Θ( S ) are A -equisatisﬁa ble. It is terminating if Θ ( S ) is ﬁnite fo r ev ery S ∈ C . ♦ 8 If Θ is complete and terminating, a nd if there exists a dec ision pro cedure for c hecking whether a gro und (ﬁnite) cla use set is satisﬁable in I , then the A - satisﬁability problem is clearly decidable. Several e xamples of co mplete ins tan- tiation pro cedures are av ailable in the litera ture [24, 17, 5, 18, 23, 1, 7, 13, 12]. Our go al in this pap er is to pro vide a general mechanism for constructing new complete instantiation pr o cedures by com bining existing ones. 3 Nested Com bination of Sp eciﬁcations 3.1 Deﬁnition Theories are usually co mbin ed b y c o nsidering their (in general disjoint) union. Decision pro cedures for disjo int theories can b e combined (under certain con- ditions) by diﬀerent methods, including the Nelson-Opp en metho d [2 7] or its reﬁnements. In this section w e consider a diﬀerent w ay of combining sp eciﬁca- tions. The idea is to co mbine them in a “ hier archic” w ay , i.e., by considering the formulæ of the ﬁrst sp eciﬁca tion as co ns traints on the formulæ of the second one. F o r instance, if A Z is the sp eciﬁcation o f Pres burger arithmetic and A A is the sp eciﬁcation of arr ays, then: • 0 ≤ x ≤ n is a form ula of A Z ( x d enotes a v ariable and n denotes a constant s y mbol of sor t in t ). • select( t, x ) ≃ a is a for mula o f A A (stating that t is a c onstant a rray). • 0 ≤ x ≤ n ⇒ s e le ct( t, x ) ≃ a (stating that t is a constant on the interv al [0 , n ]) is a form ula obtained by com bining A Z and A A hierarchically . Such a combination cannot be viewed as a union of disjo int sp eciﬁcations, since t he axioms con tain fu nction symbols from both speciﬁca tions. In this example, A Z is a b ase sp e ciﬁc ation a nd A A is a nesting sp e ciﬁc ation . More formally , w e assume tha t the set of sorts S is divided into tw o disjoin t sets S B and S N such tha t for ev ery function f : s 1 × . . . × s n → s , if s ∈ S B , then s 1 , . . . , s n ∈ S B . A term is a b ase term if it is o f a sort s ∈ S B and a nesting term if it is of a so rt s ∈ S N and contains no non-v ar iable base term. In the sequel we let X B def = S s ∈ S B X s (resp. X N def = S s ∈ S N X s ) b e the set of base v a r iables (resp. nesting v ariables ) a nd let F B (resp. F N ) be the set of function symbols whose co-domain is in S B (resp. S N ). An S B -gr ound instanc e of an expr ession E is an expressio n of the form E σ where σ is a gro und substitution of domain V ar( E ) ∩ X B . Intuitiv ely , a n S B -ground instance of E is obtained fro m E by replacing ev ery v ariable of a sort s ∈ S B (and only these v ariables) b y a ground term of the same so rt. Deﬁnition 10. Ω B denotes the set of ω -clauses C suc h that every term o ccur- ring in C is a base term. Ω N denotes the set of ω -clauses C such that: 1. Every non-v a riable term o ccurr ing in C is a nesting term. 9 2. F or every atom t ≃ s o ccurr ing in C , t a nd s are nesting terms. ♦ Notice that it follows from the deﬁnition that Ω B ∩ Ω N = ∅ , since S B and S N are disjoint. Deﬁnition 11. A speciﬁca tion ( I , C ) is a b ase sp e ciﬁc ation if Ax( I ) ⊆ Ω B and for every S ∈ C , S ⊆ Ω B . It is a nesting sp e ciﬁc ation if Ax( I ) ⊆ Ω N and for every S ∈ C , S ⊆ Ω N . ♦ Throughout this section, B = ( I B , C B ) will denote a bas e s pe c iﬁcation and N = ( I N , C N ) denotes a nesting sp eciﬁca tion. Base and nesting speciﬁca tions are combined as follo ws: Deﬁnition 12. The hier ar chic exp ansion of N ove r B is the sp eciﬁca tion N [ B ] = ( I , C ) deﬁned as follows: 1. Ax( I ) def = Ax( I B ) ∪ Ax( I N ). 2. Every claus e s et in C is of the form { C B i ∨ C N i | i ∈ [1 ..n ] } , where { C B i | i ∈ [1 ..n ] } ∈ C B and { C N i | i ∈ [1 ..n ] } ∈ C N . ♦ If C is a clause in C , then C B is the b ase p art of the cla use and C N is its nesting p art . If S is a set of clauses in C , then S B and S N resp ectively denote the sets { C B | C ∈ S } and { C N | C ∈ S } , and a re respectively called the b ase p art and n est ing p art of S . The following pro p o sition shows that the deco mpo sition in Condition 2 is unique. Prop ositi on 13. F or every clause C o c curring in a clause set in C , t her e ex ist two unique clauses C B and C N such that C = C B ∨ C N . Proof. The exis tence of tw o clauses C B , C N is a direct consequence of Con- dition 2 in Deﬁnition 12. Uniqueness follo ws straigh tforwardly from Deﬁnition 11. Example 14. Conside r the follo wing clauses : c 1 { x 6≥ a ∨ select( t, x ) ≃ 1 } ( t is constan t on [ a, ∞ [) c 2 { x 6≥ a ∨ x 6≤ b ∨ select( t, x ) ≃ select ( t ′ , x ) } ( t and t ′ coincide on [ a, b ]) c 3 { select( t, i ) ≃ select( t ′ , i + 1) } ( t and t ′ coincide up to a shift) c 4 { x 6≤ y ∨ sel ect( t, x ) ≤ select( t, y ) } ( t is sorted) c 5 { select( t, x ) ≤ x } ( t is lo w er than t he identit y) Clauses c 1 and c 2 o ccur in A A [ A Z ], and for instance, c N 1 = (selec t( t, x ) ≃ 1) and c B 1 = ( x 6≥ a ). Clause c 3 do es not o ccur in A A [ A Z ] because the atom select( t ′ , i + 1) of the nesting speciﬁca tio n contains the non-v aria ble ter m i + 1 of the base sp eciﬁcation. Ho wev er, c 3 can b e equiv alently written as follows: c ′ 3 { j 6≃ i + 1 ∨ select( t, i ) ≃ select( t ′ , j ) } 10 and c ′ 3 is in A A [ A Z ] 2 . Clause c 4 do es no t o ccur in A A [ A Z ], bec ause s elect( t, x ) ≤ select( t ′ , x ) con tains s ymbols fro m b oth A Z (namely ≤ ) a nd A A (select) which contradicts Condition 2 o f Deﬁnition 12. How ever, c 4 can b e handled in this se t- ting by co nsidering a c opy A ′ Z of A Z (with disjoint s o rts and function s ymbols). In this case, c 4 belo ngs to ( A A ∪ A ′ Z )[ A Z ], where A A ∪ A ′ Z denotes the union of the sp eciﬁcations A A and A ′ Z . Of course A ′ Z can be r eplaced by any other sp eciﬁcation co ntaining an o rdering pre dicate symbo l. The sa me transformation c annot b e us ed on the clause c 5 , since (b eca use of the literal select( t, x ) ≤ x ) the sort of the indice s cannot b e s eparated fro m that o f the elements. Ag ain, this is not surprising beca use, as shown in [6], such axioms (in whic h index v aria bles o ccur out of the s c op e of a select) easily make the theory undecidable. Since S B and S N are disjoint, the b o o lean s ort ca nnot o ccur bo th in S B and S N . How ever, this problem c an easily b e ov ercome by considering t wo copies of this sort ( bool and bo ol ′ ). 3.2 Nested Com bination of Instan tiation S che mes The goa l of this section is to inv estigate how instantiation schemes for B and N can b e co m bined in order to obtain an instant iation scheme for N [ B ]. F or instance, given tw o insta nt iation schemes for integers and arr ays respec tively , we wan t to automatic al ly derive an instantiation scheme handling mixed axioms such as those in Example 14. W e beg in b y imp osing conditio ns o n the sc hemes under consideratio n. 3.2.1 Conditions o n the Nesting Sp eciﬁcation First, w e inv estigate what conditions can be imposed on the instant iation pro- cedure for the nesting sp ec iﬁc a tion N . What is needed is not an instantiation pro cedure that is co mplete fo r N ; indeed, since b y deﬁnition every term of a sort in S B o ccurring in C N is a v ariable, suc h an instantiation would no rmally replace every such v aria ble b y an arbitrary ground term (a constant, for exam- ple). This is not satisfactory because in the current setting, the v a lue of these v a r iables ca n be co nstrained by the base pa rt of the cla use. This is why w e sha ll assume that the co nsidered pro cedure is complete for every clause set that is obtained from cla uses in C N by g rounding the v ariables in X B , n o matter the gr ounding instant iation . Deﬁnition 15. An S B -mapping is a function α from T B to T B . Such a map- ping is extended straightforw ardly in to a function from expr essions to expres- sions: for every express ion (term, atom, literal, claus e or set of clauses) E , α ( E ) denotes the expression obtained from E by replacing every term t ∈ T B o ccur- ring in E by α ( t ). 2 How ev er as we shall see i n Section 4, our m ethod cannot handle such axioms, except in some very particular cases. In fact, adding axioms relating t w o consecutive elements of an array easil y yields undecidable sp eciﬁcations (as sho wn in [6]). 11 An instantiation pro cedure Θ is S B -invariant iﬀ for every S B -mapping α , and every claus e C in a s e t S , C ∈ Θ( S ) ⇒ α ( C ) ∈ Θ( α ( S )). ♦ W e may no w deﬁne nesting-c omplete instan tiation pro cedures . Intuitiv ely , such a pr o cedure m ust be complete on those sets in which the only terms o f a sort in S B that o ccur are ground, the insta nces cannot dep end on the names of the ter ms in T B and the addition o f information cannot mak e the proce dur e less instantiate a c lause set. Deﬁnition 16. An instantiation pro c e dure Θ is nesting-c omplete if the follow- ing conditions hold: 1. F or all sets S ∈ C N and all sets S ′ such that ev ery claus e in S ′ is an S B -ground instance o f a claus e in S , S ′ and Θ( S ′ ) are A -equisa tisﬁable. 2. Θ is S B -inv ariant. 3. Θ is mono tonic: S ′ ⊆ S ⇒ Θ( S ′ ) ⊆ Θ( S ). ♦ 3.2.2 Conditions o n the Base Sp eciﬁcation Second, we imp o se conditions on the instant iation pro cedure for the base sp ec- iﬁcation B . W e need the follo wing deﬁnitions: Deﬁnition 17. Let S be a set of clauses and let G b e a set of terms. W e denote by S ↓ G the set of cla uses o f the form C σ , where C ∈ S and σ maps every v a r iable in C to a term of the same sort in G . ♦ Prop ositi on 18. L et S b e a set of cl auses and l et G and G ′ b e two sets of gr ound terms. If G ⊆ G ′ then S ↓ G ⊆ S ↓ G ′ . Deﬁnition 19. If S is a set of clauses, we denote by S ⋆ ∨ the set o f clauses of the form W i =1 ,...,n C i σ i such that for every i ∈ [1 , n ], C i ∈ S a nd σ i is a pure substitution. ♦ Example 20. Let S = { p ( x, y ) } . Then S ⋆ ∨ contains among others the clauses p ( x, x ) , p ( x, y ), p ( x, y ) ∨ p ( z , u ), p ( x, y ) ∨ p ( y , x ), p ( x , y ) ∨ p ( y , z ) ∨ p ( z , u ), etc. Deﬁnition 21. An ins tantiation pro cedure Θ for B is b ase-c omplete iﬀ the following conditions ho ld: 1. F or ev ery S ∈ C B there exists a ﬁnite set of terms G S such that Θ( S ) = S ↓ G S and Θ( S ) and S a re B -e quisatisﬁable. 2. If S ⊆ S ′ then G S ⊆ G S ′ . 3. F or every clause set S ∈ C , G S ⋆ ∨ ⊆ G S . ♦ Obviously these conditions are mu ch strong er than those of Deﬁnition 16. Informally , Deﬁnition 21 states that: 12 1. All v ariables must b e instan tiated in a uniform 3 wa y by ground terms, and satisﬁa bilit y m ust b e preserved. 2. The insta nt iation pro cedure is monotonic. 3. The consider ed se t o f g round terms do es not change when new c la uses are added to S , provided that these clauses a re obtained from cla uses a lready o ccurring in S by disjunction and pure instant iation only . 3.2.3 Deﬁnition of the Combined Instan ti ation Scheme W e now deﬁne an instan tiation procedur e for N [ B ]. In tuitively this pro cedure is deﬁned as follows. 1. First, the nesting pa rt of each clause in S is extracted and all bas e v ariables are instantiated by ar bitrary constant symbols • (one for ea ch base sor t). 2. The instantiation procedur e for N is applied on the resulting clause set. This instantiates all nesting v a riables (but not the base v ariable s , since they hav e already b een instantiated at Step 1). 3. All the substitutions on nesting v a riables from Step 2 are applied to the initial set of claus es. 4. Assuming the instan tiation proce dure for B is base-complete, if this pro- cedure was applied to the ba s e par t of the clauses, then by Conditio n 1 of Deﬁnition 21, the ba s e v ariables in the base part of the clauses w ould b e uniformly instantiated b y so me set of terms G . All base v aria bles and all o ccurrences of co nstants • a re replaced by all possible terms in G . Example 22. Assume that B = A Z , N = A fol and that F contains the follo w- ing symbols: a : int , b : int , c : s and p : int × s → boo l . Consider the set S = { x 6≤ a ∨ p ( x, y ) , u 6≤ b ∨ ¬ p ( u, c ) } . 1. W e compute the set S N = { p ( x, y ) , ¬ p ( u, c ) } and repla ce every bas e v ari- able by • . This yields the set: { p ( • , y ) , ¬ p ( • , c ) } . 2. W e a pply an instantiation pro cedure for A fol 4 . O bviously , this pro cedure should instantiate the v ar iable y b y c , yielding { p ( • , c ) , ¬ p ( • , c ) } . 3. W e apply the (unique in our case) subs titution y 7→ c to the initial clause s : { x 6≤ a ∨ p ( x, c ) , u 6≤ b ∨ ¬ p ( u, c ) } . No te that at this po int all the remaining v a r iables are in X B . 4. W e compute the set of clauses S B = { x 6≤ a, u 6≤ b } and the set of ter ms G S B . It should be in tuitively clear 5 that x must b e instant iated b y a and u by b , yielding G S B = { a, b } . 3 Of course sort constrain ts must b e take n i nto accoun t. 4 There exist seve ral instan tiation procedures for A fol , one such example is giv en in Section 4.2.1. 5 A formal deﬁnition of an i nstan tiation pro cedure for this fr agmen t of Pr esburger arithmetic will b e given in Section 4.1.1. 13 5. W e thus r eplace all base v aria bles by ev ery term in { a, b } yielding the set { a 6≤ a ∨ p ( a, c ) , b 6≤ a ∨ p ( b, c ) , a 6≤ b ∨ ¬ p ( a, c ) , b 6≤ b ∨ ¬ p ( b, c ) } , i.e., after simpliﬁcatio n, { p ( a, c ) , b 6≤ a ∨ p ( b, c ) , a 6≤ b ∨ ¬ p ( a, c ) , ¬ p ( b , c ) } . It is straightforward to chec k that this set of cla us es is unsa tisﬁable. An y SMT-solver capable of handling ar ithmetic and propo sitional logic can b e employ ed to test the satisﬁability of this set. The formal deﬁnition of the pro cedure is giv en b elow. Let γ • be a substitu- tion mapping every v ariable of a sor t s ∈ S B to an arbitrar y constan t symbol • s of sort s . Deﬁnition 23. Let Θ B be a base-complete instantiation pro ce dure a nd Θ N be a nesting-complete instantiation pro cedure. Θ N [Θ B ]( S ) is deﬁned as the se t of clauses of the form ( C B ∨ C N ) θ ′ σ where: • C ∈ S . • C N γ • θ ∈ Θ N ( S N γ • ). • θ ′ is o btained from θ b y replacing every o ccurrence of a cons tant symbol • s in the co-domain of θ by a fresh v ariable o f the same sort. • σ maps every v ar iable in C θ ′ to a term of the same sort in G S B . ♦ The following prop ositio n is str aightforw ard to prov e and states the sound- ness of this pro cedur e : Prop ositi on 24. L et Θ B b e a b ase-c omplete instantiation pr o c e dur e and let Θ N b e a nesting-c omplete instantiation pr o c e dur e. F or every set of clauses S ∈ C , Θ N [Θ B ]( S ) is a set of gr ound inst anc es of clauses in S . Thus if Θ N [Θ B ]( S ) is N [ B ] -unsatisﬁable, t hen so is S . Several examples of concr ete instan tiation pr o cedures satisfying the condi- tions of Deﬁnitions 1 6 and 21 are provided in Section 4. 3.3 Completeness The remainder o f this section is devoted to the pro of o f the main result of this pap er, namely that the pr o cedure Θ 2 [Θ 1 ] is co mplete for N [ B ]: Theorem 25. Le t Θ B b e a b ase-c omplete inst antiation pr o c e dur e (for B ) and let Θ N b e a nest ing-c omplete instantiation pr o c e dur e (for N ). Then Θ N [Θ B ] is c omplete for N [ B ] ; furthermor e, this p r o c e dur e is monotonic and S B -invariant. The rest of the section (up to Page 21) can be skipp ed entirely by r eaders not interested in the more theoretical asp ects o f the work. The pro o f of this theorem relies on a few in termediate results that are develop e d in what follows. 14 3.3.1 Substitution Decomp osition Deﬁnition 26. A substitution σ is a b ase substitut ion iﬀ dom ( σ ) ⊆ X B . It is a nesting substitution iﬀ dom ( σ ) ⊆ X N and fo r every x ∈ dom ( σ ), xσ contains no non-v ariable base term. ♦ W e show that every gro und substitution can be deco mpo sed into tw o parts: a nesting substitution a nd a base substitution. W e b egin by an example: Example 27. Assume that B = A Z , N = A fol and that F cont ains the fol- lowing symbols: f : s × int → s , c : s . Co nsider the gr ound substitution σ = { x 7→ f ( c, s (0)) , y 7→ f ( f ( c, 0) , 0 ) , n 7→ s (0) } . W e can ex tract fr om σ a nesting substitution b y replac ing all subterm-maximal base terms b y v a riables, th us obtaining σ N = { x 7→ f ( c, n ) , y 7→ f ( f ( c, m ) , m ) } , and then construct the base substitution σ B = { n 7→ s (0) , m 7→ 0 } such tha t σ = σ N σ B . Note that σ N is not gro und a nd that dom ( σ B ) 6⊆ dom ( σ ). The following r esult gener alizes this construction: Prop ositi on 28. Every gro und substitut ion σ c an b e de c omp ose d int o a pr o duct σ = ( σ N σ B ) | dom ( σ ) wher e σ N is a nesting substitu tion, σ B is a b ase su bstitution, and f or al l x ∈ dom ( σ B ) \ dom ( σ ) , • ∀ y ∈ dom ( σ B ) ∩ dom ( σ ) , xσ B 6 = y σ B , • ∀ y ∈ dom ( σ B ) \ dom ( σ ) , y σ = xσ ⇒ x = y . Proof. Let E be the s et of subterm-maxima l base terms o ccurr ing in terms of the form xσ , with x ∈ dom ( σ ). Let ν b e a (partial) function mapping every term t ∈ E ∩ c o d ( σ ) to an a rbitrarily chosen v ariable ν ( t ) such that ν ( t ) σ = t . This function ν is extended in to a to tal function on E by mapping a ll ter ms t for whic h ν ( t ) is undeﬁned to pairwise distinct new v aria bles, not o ccurring in dom ( σ ). Note that ν is injective by construc tio n. The substitutions σ B and σ N are deﬁned as follows: • dom ( σ N ) def = dom ( σ ) ∩ X N and xσ N is the term obtained by replac ing every o ccurrence of a term t ∈ E in xσ b y ν ( t ); • dom ( σ B ) def = [ dom ( σ ) ∩ X B ] ∪ ν ( E ); if x = ν ( t ) for some term t ∈ E , then xσ B def = t ; other wis e, xσ B def = x σ . Note that σ B is well-deﬁned, since b y deﬁnition if ν ( t ) = ν ( s ) then t = s . By construction, σ N is a nesting substitution and σ B is a base substitution. F ur ther more, since ν ( t ) σ B = t , xσ N σ B = xσ for ev ery x ∈ dom ( σ ) ∩ X N . Similarly , for ev ery x ∈ dom ( σ ) ∩ X B , xσ N σ B = xσ B = xσ and therefore σ = ( σ N σ B ) | dom ( σ ) . Let x ∈ dom ( σ B ) \ dom ( σ ). By deﬁnition o f σ B , x is of the form ν ( t ) for some t ∈ E , and there is no v ar iable y ∈ dom ( σ ) s uch that y σ = t , since otherwise ν ( t ) would ha ve b een deﬁned as y . Thus ∀ y ∈ dom ( σ B ) ∩ dom ( σ ) , xσ B 6 = y σ = y σ B . Now if y ∈ dom ( σ B ) \ dom ( σ ) a nd xσ B = y σ B , then y is also of the form ν ( s ) for so me s ∈ E and we have xσ B = t and y σ B = s , hence t = s and x = y . 15 3.3.2 P artial Ev aluations Given a set of cla uses S in N [ B ] and an interpretation I of B , w e consider a set of clauses S ′ of N by selecting those g round ins ta nces of claus es in S whose base part ev alua tes to false in I and adding their nesting pa r t to S ′ . Mor e formally: Deﬁnition 29. F or every clause C ∈ C B and for every in terpretation I ∈ I B , we deno te b y Φ I ( C ) the se t of gro und substitutions η of domain V ar( C ) such that I 6| = C η . Then, fo r ev ery S ∈ C we deﬁne: S | I def = { C N η | C ∈ S, η ∈ Φ I ( C B ) } . Example 30. Let S = { x 6≃ a ∨ P ( x ) , y < 2 ∨ Q ( y , z ) } be a set of cla us es in A fol [ A Z ], where x, y , a ar e of so r t int and z is a v aria ble of a sort distinct from int . Let I be the interpretation of natural n umbers s uch that a I = 1. Then Φ I ( x 6≃ a ) = { x 7→ 1 } and Φ I ( y < 2) = { y 7→ k | k ∈ N , k ≥ 2 } . Therefore S | I = { P (1) } ∪ { Q ( k , z ) | k ∈ N , k ≥ 2 } . The following lemma shows that S | I is N -unsatisﬁable w he n S is N [ B ]- unsatisﬁable. Lemma 31. F or every N [ B ] -unsatisﬁ able set of clauses S ∈ C and for every I ∈ I B , S | I is N -unsatisﬁable. Proof. Let N [ B ] = ( I , C ). Assume that S | I is N -sa tisﬁable, i.e. that ther e exists an interpretation J ∈ I N v a lida ting S | I . W.l.o.g. w e as s ume that the domain of J is disjoin t from that of I . W e construct an in terpre ta tion K ∈ I satisfying S , which will yield a contradiction since S is N [ B ]-unsa tisﬁable by hypothesis. F o r all sort symbols s ∈ S B and for all e ∈ s I , w e deno te b y γ ( e ) an arbitrar ily chosen ground term in T B such tha t [ γ ( e )] I = e 6 . If E is a gro und expression, we denote by E ↓ γ the e xpression obtained fro m E by replacing every term t by γ ([ t ] I ); by co nstruction [ E ] I = [ E ↓ γ ] I . Let ψ : D I ⊎ D J → D J be the function deﬁned for every elemen t e ∈ D I ∪ D J as follows: • if e ∈ s I then ψ ( e ) def = [ γ ( e )] J ; • otherwis e ψ ( e ) def = e . W e deﬁne the in terpreta tio n K by combining I and J as follows: • K coinc ides with I on S B and on ev ery function symbo l whose co -domain is in S B . • K coincides with J on S N . 6 γ ( e ) alwa ys exists since we restricted ourselv es to interpretat ions such that, for every s ∈ S , s I = { [ t ] I | t ∈ T s } . 16 • F or all function symbols f ∈ F N of a rity n , f K ( e 1 , . . . , e n ) def = f J ( ψ ( e 1 ) , . . . , ψ ( e n )). Note that f K is well-deﬁned since by deﬁnition of ψ , if e ∈ s K then ψ ( e ) ∈ s J . Let E b e a ground ex pr ession (t erm, ato m, literal, clause or ω -clause) such that E ↓ γ = E . Assume that E is a ground instance o f a n expression o ccurr ing in a clause in Ω N . W e prov e b y structura l induction on E tha t [ E ] J = ψ ([ E ] K ). • If E is a term o f a sort in S B then since I and K coincide on S B ∪ F B , we hav e [ E ] K = [ E ] I . By hyp o thesis E ↓ γ = E , th us γ ([ E ] I ) = E and by deﬁnition of ψ , ψ ([ E ] K ) = ψ ([ E ] I ) = [ γ ( E )] J = [ E ] J . • If E is of the form f ( t 1 , . . . , t n ) where f ∈ F N , then b y deﬁnition [ E ] J = f J ([ t 1 ] J , . . . , [ t n ] J ) and by the induction hypothesis , [ t i ] J = ψ ([ t i ] K ) for i ∈ [1 , n ]. Again by deﬁnition, [ E ] K = f J ( ψ ([ t 1 ] K ) , . . . , ψ ([ t n ] K )) = f J ([ t 1 ] J , . . . , [ t n ] J ) = [ E ] J . Thus, since the domains of I and J are disjoint, [ E ] J 6∈ S I B , hence ψ ([ E ] J ) = [ E ] J . • If E is a n a tom of the form t 1 ≃ t 2 then t 1 , t 2 6∈ S B . Indeed E o cc ur s in a gr ound instance of a clause C occurring in Ω N and by Deﬁnition 10, such claus e s cannot contain equalities b etw een base terms. Thus w e ha ve ψ ([ t i ] K ) = [ t i ] K (for i = 1 , 2 ) and the pro o f is straightforw ard. • The pr o of is immediate if E is a liter al or a (po s sibly inﬁnite) disjunction of literals. Since J | = S | I and a ll sp eciﬁcatio ns a re a s sumed to b e ω -deﬁna ble (see Deﬁnition 5), w e deduce that K | = S | I ∪ Ax( I N ). Indeed, for the sa ke of contradiction, assume that there exists an ω -claus e C ∈ S | I ∪ Ax( I N ) and a ground substitution θ of domain V ar( C ) such tha t K 6| = C θ . Since K | = t ≃ t ↓ γ for every term t , necessa rily K 6| = C θ ′ where xθ ′ def = xθ ↓ γ . But then C θ ′ ↓ γ = C θ ′ and s ince [ E ] J = ψ ([ E ] K ), w e conclude that J 6| = C θ ′ which is impossible since by hypothesis J is an N -mo del of S | I . W e now prov e that K | = S . Let C ∈ S and η b e a gro und s ubstitution of domain V ar( C ). W.l.o.g. we assume that ∀ x ∈ V ar( C ) , xη ↓ γ = xη . Let η B (resp. η N ) b e the re s triction of η to the v aria bles of a sort in S B (resp. in S N ). If I | = C B η B then K | = C B η B bec ause K and I coincide on S B ∪ F B , a nd consequently K | = C η (since C η ⊇ C B η B ). If I 6| = C B η B then η B ∈ Φ I ( C ), hence C N η B ∈ S | I . Again K | = C η B hence K | = C η ; therefor e K | = S . Finally , since K coincides with I on S B ∪ F B we have K | = Ax( I B ). This prov es that K is a n N [ B ]-mo del of S , which is imposs ible. 3.3.3 Abstraction of Base T erms Lemma 31 r e lates the N [ B ]- unsatisﬁability of a s et of claus e s S to the N - unsatisﬁability of sets of the form S | I . By deﬁnition, S | I is of the form S ′ σ , for some clause set S ′ ∈ C N and for s ome gr ound base substitution σ . Ho wev er, since neither Ax( I N ) nor C N contains symbols o f a sor t in S B , the interpretation 17 of the g round base terms of S ′ in an in terpretation o f I N is ar bitrary: changing the v alues of these terms doe s not aﬀect the N - satisﬁability o f the formula. Th us the actual concr ete v a lues of the ground base ter ms do es no t matter : what is impo rtant is only ho w these terms co mpa re to each other. Example 32. Assume that N = A fol , p : i nt × s → bool , a : s , and let S = { p ( x, z ) , ¬ p ( y , a ) } . Consider σ : { x 7→ 0 , y 7→ 0 } , clearly , S σ | = N  . But also S { x 7→ s (0) , y 7→ s (0) } | = N  and more generally S { x 7→ t, y 7→ t } | = N  . On the other hand, S { x 7→ 0 , y 7→ s (0) } 6| = N  and more generally S { x 7→ t, y 7→ t ′ } 6| = N  if t, t ′ are distinct integers. Therefore, if S σ | = N C σ for so me base substitution σ then actually S θ | = N C θ , for every substitution θ such that xθ = y θ ⇔ xσ = y σ . This will b e fo r malized in the following deﬁnitions and lemma. W e ﬁr s t in tro duce a n un usual no tio n of semantic entailmen t. The int uition is that v aria bles in S B are considered as “r igid” v ariables that must b e insta ntiated by arbitr ary gro und terms: Deﬁnition 33. Let S ∈ C N . W e wr ite S | = r C iﬀ for every ground substitution of domain X B , S σ | = N C σ . ♦ Example 34. Assume that N = A fol . Let a : s , p : int × s → bool and q : int → bool , where in t ∈ S B , s ∈ S N . Let S = { p ( x, y ) , ¬ p ( u, a ) ∨ q ( u ) } , where x, y , u a r e v ariables. Then S | = r q ( x ), but S 6| = r q (0). Note that x deno tes the same v ariable in S a nd q ( x ) (the v ariables are not renamed). Deﬁnition 35. F or every substitution σ w e denote by h σ i a n arbitrar ily chosen pure substitution such that xσ = y σ ⇒ x h σ i = y h σ i , for ev ery x, y ∈ X . ♦ Note that such a substitution always exists. The next lemma can b e viewed as a g eneralizatio n lemma: it shows that the v alues of the gr ound base terms can b e abstracted int o v ariables. Lemma 36. L et S ∈ C N and σ b e a b ase substitution such that dom ( σ ) ⊆ X B . If S σ | = N C σ then S h σ i | = r C h σ i . Proof. Let θ be a substitution of domain X B . W e assume that there exists a n I ∈ I N such that I | = S h σ i θ and I 6| = C h σ i θ , and we show that a contradiction can b e deriv ed. F o r every gr ound term t , we deno te b y Γ( t ) the g round term obtained from t by repla cing every gr ound subter m of the fo r m xσ by x h σ i θ . Γ is well-deﬁned: indeed, if xσ = y σ , then b y deﬁnition of h σ i , x h σ i = y h σ i th us x h σ i θ = y h σ i θ . Let J b e the in terpretation deﬁned a s follows 7 : • If s ∈ S B then s J def = T s . • If f is a sym b ol of r a nk s 1 × . . . × s n → s where s 1 , . . . , s n , s ∈ S B then f J ( t 1 , . . . , t n ) def = f ( t 1 , . . . , t n ). 7 In tuitive ly , J i nt erprets eve ry base term as itself and coincides with I on nesting terms. 18 • If f is a s ymbol of ra nk s 1 × . . . × s n → s where s 6∈ S B then f J ( t 1 , . . . , t n ) def = f I ( t ′ 1 , . . . , t ′ n ) wher e for e very i ∈ [1 , n ], s i ∈ S N ⇒ t ′ i = [ t i ] J and s i ∈ S B ⇒ t ′ i = [Γ( t i )] I . By cons truction, [ s ] J = s for ev ery gr ound bas e term s ; we pro ve that for every ground nesting term t , [ t ] J = [Γ( t )] I , b y induction on t . If t = f ( t 1 , . . . , t n ), then [ t ] J = f I ( t ′ 1 , . . . , t ′ n ) where for every i ∈ [1 , n ], s i ∈ S N ⇒ t ′ i = [ t i ] J and s i ∈ S B ⇒ t ′ i = [Γ( t i )] I . By the induction h yp othesis, s i ∈ S N ⇒ t ′ i = [Γ( t i )] I . Thu s [ t ] J = f I ([Γ( t 1 )] I , . . . , [Γ( t n )] I ) = [Γ( t )] I . Now let σ ′ be a gro und substitution with a domain in X N , and let θ ′ def = Γ ◦ σ ′ . W e prov e that for every express io n E o ccurring in S ∪ { C } that is not a base term, [ E σ σ ′ ] J = [ E h σ i θ θ ′ ] I . • Assume that E is a v ar iable x in X N . Then [ E σ σ ′ ] J = [ xσ ′ ] J , a nd b y the previous rela tion w e get [ E σ σ ′ ] J = [Γ( xσ ′ )] I = [ xθ ′ ] I = [ E h σ i θ θ ′ ] I . • Assume that E is a nesting term of the form f ( t 1 , . . . , t n ). Then by the result abov e, [ E σ σ ′ ] J = [Γ( E σ σ ′ )] I . By deﬁnition of Γ we have Γ( E σ σ ′ ) = f (Γ( t 1 σ σ ′ ) , . . . , Γ( t n σ σ ′ )), therefor e, [ E σ σ ′ ] J = f I ([Γ( t 1 σ σ ′ )] I , . . . , [Γ( t n σ σ ′ )] I ). F or i ∈ [1 , n ], if t i is a nesting term then by the result ab ov e [Γ( t i σ σ ′ )] I = [ t i σ σ ′ ] J and b y the induction h yp othesis, [Γ( t i σ σ ′ )] I = [ t i h σ i θθ ′ ] I . Other wise, t i is a base term, and must ne c es- sarily be a v a riable, th us Γ ( t i σ ) = t i h σ i θ . Therefor e Γ( t i σ σ ′ ) = Γ( t i σ ) = t i h σ i θ = t i h σ i θθ ′ . Therefore [ E σ σ ′ ] J = f I ([ t 1 h σ i θθ ′ ] I , . . . , [ t n h σ i θθ ′ ] I ) = [ E h σ i θ θ ′ ] I . • The pr o of is similar if E is of the for m t ≃ s , t 6≃ s of W n i =1 l i . W e th us conclude that for every clause D ∈ S ∪ { C } ∪ Ax( I ), J | = D σ σ ′ iﬀ I | = D h σ i θ θ ′ . Since I | = S h σ i θ ∪ Ax( I N ), we deduce that J | = S σ ∪ Ax( I N ), which pr ov es that J ∈ I N . Since I 6| = C h σ i θ we have J 6| = C σ , which is impo ssible b ecause J ∈ I N and S σ | = N C σ . 3.3.4 Completenes s of Θ B for ω -C l auses In this section, w e prove that any pro cedure that is base-complete is also com- plete fo r some c la sses of sets of p ossibly inﬁn ite ω -claus es – this is of course not the case in general. W e ﬁrst no tice that the no tation S ⋆ ∨ of Deﬁnition 1 9 can be extended to ω - clauses, by allowing inﬁnite disjunctions: Deﬁnition 37. Given a set of clause s , S , we denote b y S ω ∨ the s e t o f ω -clauses of the form { C i σ | i ∈ N , C i ∈ S, σ i is a pure substitution } . ♦ The no ta tion S ↓ G also extends to ω -cla uses: S ↓ G is the set of claus es C σ such that C ∈ S and σ maps ev ery v ariable in C to a ter m in G . Prop ositi on 38. L et S b e a ﬁnite set of clauses and G b e a ﬁnite set of terms. Then S ω ∨ ↓ G is a ﬁn ite set of clauses. 19 Proof. By deﬁnition, a ny literal o ccurr ing in S ω ∨ is of the fo r m Lσ wher e L is a literal o ccur ring in a cla use C ∈ S and σ is a pure substitution. Thus any literal o ccurring in S ω ∨ ↓ G is of the form Lσ θ where L is liter a l occur ring in a cla use in S , σ is pure and θ maps every v ariable to a term in G . Obviously , since G and S a re ﬁnite, there are ﬁnitely many liter als of this form. Hence all the ω -clauses in S ω ∨ ↓ G are actually ﬁnite, a nd there are only ﬁnitely many po ssible claus e s. Lemma 39. L et S b e a set of cla uses and S ′ a set of ω - clauses with S ′ ⊆ S ω ∨ . If G if a ﬁ nite set of terms, t hen ther e exists a set of clauses S ′′ E S ′ such t hat S ′′ ↓ G = S ′ ↓ G . Proof. Let C b e a clause in S ′ ↓ G ; by Prop os ition 38, C is ﬁnite. By deﬁnition there exists an ω -cla use C ′ ∈ S ′ such that C = C ′ θ , where θ is a substitution mapping all the v ariables in V ar( C ′ ) to a term in G . E very literal in C ′ is of the form Lγ , where litera l L o c curs in S and γ is a pure substitution o f V ar( L ). Since S and G are ﬁnite, there is a ﬁnite n umber of p o ssible pairs ( L , γ θ ). Thus there exists a ﬁnite subset D C ⊆ C ′ such that for every literal Lγ o ccur ring in C ′ , there exists a liter al Lγ ′ ∈ D C with γ θ = γ ′ θ . Every v ariable occur ring in a literal Lγ of C ′ is of the for m xγ , where x ∈ V ar( L ). Let η C be the substitution mapping ev ery v ariable xγ ∈ V ar( C ′ \ D C ) to xγ ′ . T he n for every litera l Lγ ∈ C ′ , we hav e Lγ η C = Lγ ′ ∈ D C . Thus C ′ η C = D C ; furthermore, η C is pure and D C η C = D C . W e deﬁne S ′′ = { D C | C ∈ S ′ ↓ G } ; obviously S ′′ E S ′ and by deﬁnition S ′′ ↓ G ⊇ S ′ ↓ G . Con versely , let E b e a clause in S ′′ ↓ G , E is necessar ily of the form D C θ where C ∈ S ′ ↓ G and θ maps every v ariable to a term in G . But then E is o f the form C ′ η C θ , w her e C ′ ∈ S ′ , and η C θ is a substitution mapping every v a r iable in C ′ to a term in G ; thus E must o ccur in S ′ ↓ G . The next lemma proves the co mpletenes s result for ω - clauses: Lemma 40. L et Θ b e a b ase-c omplete instantiation pr o c e dur e and S b e a set of clauses. If S ′ ⊆ S ω ∨ then S ′ and S ′ ↓ G S ar e B - e quisatisﬁable. Note that the cla uses in S are ﬁnite, but those in S ′ may b e inﬁnit e. Proof. S ′ ↓ G S is a logica l co nsequence of S ′ , thus if S ′ is sa tis ﬁa ble then so is S ′ ↓ G S ; w e now pr ov e the co nv erse. Let I b e an interpretation v a lidating S ′ ↓ G S . By Lemma 39, there exists a se t of clauses S ′′ such that S ′′ E S ′ and S ′ ↓ G S = S ′′ ↓ G S . Since I | = S ′ ↓ G S , we deduce that S ′′ ↓ G S is satisﬁa ble, hence (since b y Condition 1 in Deﬁnition 21, Θ is complete 8 ) so is S ′′ . But S ′′ E S ′ therefore by Prop osition 3, S ′ is satisﬁable. 3.3.5 Main Pro o f W e are now in the p osition to give the pro of of the main theorem. 8 Recall that S ′′ is a set of ﬁnite clauses. 20 Proof (of Theorem 25). Let Θ def = Θ N [Θ B ] a nd let S be an unsatisﬁable clause set in C . W e pr ov e that Θ( S ) is also unsatisﬁable. Let I ∈ I B , by L e mma 31, the set S | I = { C N η | C ∈ S, η ∈ Φ I ( C ) } is N - uns atisﬁable, and by completeness of Θ N , so is Θ N ( S | I ). W e deﬁne A I = n C η θ | C ∈ S, C N η θ ∈ Θ N ( S | I ) o . This set may be inﬁnite, since no assumption was made on the decidabilit y of N . E very clause in A I is of the form C η θ where I 6| = C B η , 9 and by Prop o sition 28, C η θ = C σ σ ′ , where σ is a nes ting substitution and σ ′ is a ba se s ubs titution. In particular , since dom ( σ ) ⊆ X N , C B σ σ ′ = C B σ ′ and I 6| = C B σ ′ . By construction, the set { C N σ σ ′ | ( C N ∨ C B ) σ σ ′ ∈ A I } is N -unsatisﬁable. Thu s for every model J o f A I , there exists a clause ( C N ∨ C B ) σ σ ′ ∈ A I such that J 6| = C N σ σ ′ , hence J | = C B σ σ ′ (since J | = A I we ha ve J | = ( C N ∨ C B ) σ σ ′ ). Since the C B cannot cont ain nesting v aria bles, w e ha ve C B σ σ ′ = C B σ ′ . Hence A I | = N W C σσ ′ ∈ A I C B σ ′ . W e let T = S B and deﬁne: B I = n C σ h σ ′ i | C σ σ ′ ∈ A I o and E I = _ C σσ ′ ∈ A I C B h σ ′ i . Note that since A I may b e inﬁnite, E I is an ω -clause that b elo ng s to T ω ∨ . Lemma 36 g ua rantees that B I | = r E I ; thus by deﬁnition, for all sets of ground base terms G , B I ↓ G | = N E I ↓ G . This is in particular the case for G = G T . Let U = { E I | I ∈ I B } ; by constructio n, for a ll I ∈ I B , I 6| = U ; hence U is B - unsatisﬁable and since U ⊆ T ω ∨ , by Lemma 40, U ↓ G T is also B -unsa tisﬁable. W e hav e shown that B I ↓ G | = N E I ↓ G . This, to gether with the fact that U ↓ G T = S I ∈I B E I ↓ G T per mits to deduce that S I ∈I B B I ↓ G T | = N U ↓ G T . Since U ↓ G T is B -unsatisﬁable (hence als o N [ B ]-unsa tisﬁable), S I ∈I B B I ↓ G T is N [ B ]- unsatisﬁable. There re ma ins to prove that S I ∈I B B I ↓ G T ⊆ Θ ( S ) to o btain the re s ult. Consider the function α that maps every term of a sort s ∈ S B to • s ; it is clear that α ( S | I ) ⊆ S N γ • . In particular, if C N σ σ ′ ∈ Θ N ( S | I ), then by the S B -inv ariance and monoto nicity of Θ N , C N σ h σ ′ i γ • = α ( C B σ σ ′ ) ∈ Θ N ( α ( S | I )) ⊆ Θ N ( S N γ • ) . Therefore, ( C σ h σ ′ i ) ↓ G T ⊆ Θ( S ), hence the r esult. The fact that Θ N [Θ B ] is S B -inv ariant and monotonic follows immediately from the deﬁnition and from the fact that Θ N is S B -inv ariant and that Θ B and Θ N are monotonic. 4 Applications In this section, we show some exa mples of applicatio ns of Theorem 25 that a re particularly relev ant in the con text of program veriﬁcation. 9 Recall that C B η = C B ηθ , since η is a ground base substitution 21 4.1 Examples of Base-Complete Sp eciﬁcations 4.1.1 Presburger Arithm etic No base-co mplete instantiation pr o cedure can be deﬁned for the sp eciﬁcation A Z as deﬁned in Section 2 .5, as e videnced by the following example. Example 41. Assume that a base-complete pro c e dure Θ exists, and consider the clause set S = { x 6≃ y + 1 , y 6≃ 0 } . Since Θ is base-complete by h yp othesis, by Condition 1 of Deﬁnition 21, Θ ( S ) = S ↓ G S for some ﬁnite set of ground terms G S , and b y Condition 3, G S contains G S ⋆ ∨ . But S ⋆ ∨ contains in par ticula r the clause: C n : W n i =1 x i 6≃ x i − 1 + 1 ∨ x 0 6≃ 0. C n is obviously A Z -unsatisﬁable, but the only instance of C n that is A Z -unsatisﬁable is: C n { x i 7→ i | i ∈ [0 , n ] } . Consequently { i | i ∈ [0 , n ] } ⊆ G S hence G S cannot b e ﬁnite, thus contradicting Condition 1. It is howev er po ssible to deﬁne bas e-complete pro cedur es for less general sp eciﬁcations, that a r e still of a practica l v alue. Deﬁnition 42. Let χ b e a sp ecial co nstant symbo l of sort int , let m b e a natural n um b er distinct from 0 and let T B be a set of g round ter ms of sort int not containing χ . W e deno te b y B Z the sp eciﬁcation ( I ′ Z , C ′ Z ) deﬁned a s follows. Ax( I ′ Z ) def = Ax( I Z ) ∪ { χ > t + m | t ∈ T B } , where Ax( I Z ) is deﬁned in Example 7 (Section 2.5). C ′ Z contains every clause set S such that every non-gr ound literal o ccurring in a claus e in S is of one o f the following fo r ms: • x 6≤ t o r t 6≤ x for s o me v ar iable x and for some gr ound term t ∈ T B ; • x 6≤ y for s o me v a r iables x, y ; • x 6≃ k t for so me k ∈ N \ { 0 } that divides m , some gr ound term t ∈ T B and some v a riable x . ♦ Int uitively , the constant χ o ccur ring in Ax( I ′ Z ) is meant to transla te the fact that the terms app earing in S a dmit an upp er b ound (namely χ ). It is c le a r that if S is a n arbitra ry set of ar ithmetic clauses (not containing the sp ecial constant χ ), then the se t T B and the integer m can b e co mputed so that S indeed b elongs to C ′ Z . Deﬁnition 43. F or every set of clauses S ∈ C ′ Z , let B S be the set o f g r ound terms t such that either t = χ o r S contains an ato m of the form x ≤ t . W e deﬁne the instan tiation pro cedure Θ Z by: Θ Z ( S ) def = S ↓ G Z S , where G Z S is deﬁned by: G Z S def = { t − l | t ∈ B S , 0 ≤ l < m } . ♦ The t wo following propo sitions are straightforw ard co nsequences of the def- inition: Prop ositi on 44. If S ⊆ S ′ then G Z S ⊆ G Z S ′ . Prop ositi on 45. G Z S = G Z S ⋆ ∨ . 22 Proof. This is immedia te b ecause the s et of ground terms o ccurring in S ⋆ ∨ is the sa me as that of S , since the atoms in S ⋆ ∨ are pur e instances of atoms in S . Thu s B S ⋆ ∨ = B S . Theorem 46. Θ Z is b ase-c omplete if B = B Z . Proof. W e adopt the following notations for the pro of: given a s e t of ter ms W , w e write x 6≤ W for W t ∈ W x 6≤ t and x 6≥ W for W t ∈ W x 6≥ t . Additionally , if K is a set of pair s ( k , t ) ∈ N × T int then we deno te b y ¬ K ( x ) the disjunction W ( k,t ) ∈ K x 6≃ k t . Let S ∈ C ′ Z and ass ume tha t S is B Z -unsatisﬁable, we prov e that Θ Z ( S ) is also B Z -unsatisﬁable. Let I ∈ I ′ Z , then in pa r ticular, I | = { χ > t + m | t is a gro und term in S ′ } . Let C b e a clause in S such that I 6| = C . By deﬁnition of C ′ Z , C ca n be written as C = D ∨ W n i =1 ( x i 6≤ U i ∨ x i 6≥ L i ∨ ¬ K i ( x i )), where D is g round a nd where the x i ’s (1 ≤ i ≤ n ) denotes distinct v ar iables 10 . Since I 6| = C , there ex ists a ground substitution θ such that I 6| = C θ , i.e., for all i ∈ [1 , n ]: • ∀ u ∈ U i , [ x i θ ] I ≤ [ u ] I ; • ∀ l ∈ L i , [ l ] I ≤ [ x i θ ] I ; • ∀ ( k , t ) ∈ K i , [ x i θ ] I ≃ k [ t ] I . If [ x i θ ] I is such tha t [ x i θ ] I > [ χ ] I , then it is straightforward to verify tha t [ x i θ ] I − m sa tisﬁes the sa me conditions, since for all terms t in U i ∪ L i , [ χ ] I − m > [ t ] I , and since m is a co mmon mult iple of every k o ccurring in K i . W e may therefore assume that [ x i θ ] I ≤ [ χ ] I . W e denote by u i an elemen t in U i ∪ { χ } suc h that [ u i ] I is minimal in { [ u ] I | u ∈ U i ∪ { χ } } , a nd by m i the g reatest integer such that m i ≤ [ u i ] I and for every ( k , t ) ∈ K i , m i ≃ k t holds ; the exis tence of m i is g uaranteed by what pr ecedes and [ x i θ ] I ≤ m i . W e cannot have m i + m ≤ u i , be c ause o therwise m i would not b e the g r eatest integer satisfying the conditions ab ove. Thus, necessarily , m i > [ u i ] I − m , and there must ex ist a term v i ∈ G Z S such that [ v i ] I = m i . Let σ def = { x i 7→ v i | i ∈ [1 , n ] } , w e deduce that I 6| = C σ . Since C σ ∈ S ↓ G Z S , w e conclude that S ↓ G Z S is B Z -unsatisﬁable, hence the re sult. By cons truction, G Z S is ﬁnite, hence Co ndition 1 of Deﬁnition 21 is satisﬁed. By Prop o sitions 44 and 45, Co nditions 2 and 3 ar e s a tisﬁed, res p e c tively , which concludes the pro o f. 4.1.2 T erm Alg ebra with M em b e rship Constrain ts W e give a seco nd exa mple of a sp eciﬁcatio n for whic h a bas e-complete instan- tiation pro c edure can b e deﬁned. W e consider formulæ built over a signature containing: 10 Note that the sets U i , L i and K i could b e empty . 23 • a set o f free function symbo ls Σ; • a set o f constant symbo ls int erpr e ted as ground terms built on Σ; • a set o f monadic predica te symbols P , each predicate p in P is interpreted as a (ﬁxed) set ˆ p of ground terms built on Σ. W e ass ume that the emptiness problem is decidable for any ﬁnite intersection of these sets (for instance ˆ p can b e the set of ter ms acce pted by a reg ular tree automato n, see [9] for details). F r om a more formal p oint of view: Deﬁnition 47. Let Σ ⊆ F B . W e denote b y T (Σ) s the set of ground terms o f sort s built on Σ. Let P b e a ﬁnite set of unary pr edicate sy m b ols, tog ether with a function p 7→ ˆ p mapping every symbol p : s → bool ∈ P to a subset of T (Σ) s . W e denote b y A ∈ the sp eciﬁcation ( I ∈ , C ∈ ) where: • Ax( I ∈ ) contains the fo llowing axioms: W t ∈ T (Σ) s x ≃ t for s ∈ S B , x ∈ X B , x i ≃ y i ∨ f ( x 1 , . . . , x n ) 6≃ f ( y 1 , . . . , y n ) if f ∈ Σ, i ∈ [1 , n ] p ( x ) ∨ t 6∈ ˆ p if p ∈ P , t ∈ ˆ p . • Every non- g round a tom in C ∈ is of the form ¬ p ( x ), or of the fo r m x 6≃ t for some gro und term t . ♦ The axioms of Ax( I ∈ ) entail the following prop erty whic h is prov ed b y a straightforward induction o n the depth o f the terms: Prop ositi on 48. F or al l int erpr et ations I ∈ I ∈ and al l terms t, t ′ o c curring in a cla use in C ∈ , if [ t ] I = [ t ′ ] I then t = t ′ . If the sets in { ˆ p | p ∈ P } are regular then A ∈ is w ell-known to be decidable, see, e.g., [10]. W e deﬁne the follo wing instantiation proce dure for A ∈ : Deﬁnition 49. Let G ∈ S be a set of ground terms containing: • Every ground term t such that S contains an atom of the form x 6≃ t . • An arbitra rily chosen ground term s P ∈ T p ∈ P ˆ p , for each P ⊆ P such that T p ∈ P ˆ p 6 = ∅ (rec a ll that the emptiness problem is assumed to be decidable). Let Θ ∈ def = S ↓ G ∈ S . ♦ Theorem 50. Θ ∈ is b ase-c omplete if B = A ∈ . 24 Proof. Let C be a clause in C ∈ , C is o f the for m W n i =1 x i 6≃ t i ∨ W m i =1 ¬ p i ( y i ) ∨ D where D is ground, x i and y j ( i ∈ [1 , n ], j ∈ [1 , m ]) are v ariables , t i is a ground term fo r i ∈ [1 , n ] a nd p j ∈ P for j ∈ [1 , m ]. Let X = { x 1 , . . . , x n } and Y = { y 1 , . . . , y m } ; note that these sets are no t neces sarily disjoint. F or ev ery v a r iable y ∈ Y we denote by P y the set of predicates p j (1 ≤ j ≤ m ) suc h that y j = y and w e let s y def = s P y . Consider the substitution σ of domain X ∪ Y such that: • x i σ def = t i for every i ∈ [1 , n ]; • if y ∈ Y \ X then y σ def = s y (notice that s y m ust b e deﬁned since y ∈ Y ) W e pro ve that C σ | = A ∈ C . Let I b e an interpretation such that I | = C σ and I 6| = C . Then ther e exists a substitution θ such that I 6| = C θ , which implies that for all i ∈ [1 , n ], [ x i θ ] I = [ t i ] I , and for all j ∈ [1 , m ], [ y j θ ] I ∈ [ ˆ p j ] I . Prop ositio n 48 en tails that x i θ = t i for all i ∈ [1 , n ], and y j θ ∈ ˆ p j for all j ∈ [1 , m ]. Th us, in par ticular, for all x ∈ X , xσ = xθ , and for a ll y ∈ Y \ X , T p ∈ P y ˆ p 6 = ∅ . Since I | = C σ and x i σ = t i for all i ∈ [1 , n ], there must exist a j ∈ [1 , m ] such that [ y j σ ] I 6∈ [ ˆ p j ] I ; and, again by Pro po sition 48, this is equiv alent to y j σ / ∈ ˆ p j . If y j ∈ X , then y j θ = y j σ / ∈ ˆ p j and I | = C θ , which is impos sible. Thu s y j ∈ Y \ X , and since T p ∈ P y j ˆ p 6 = ∅ , by co nstruction, y j σ = s y j ∈ ˆ p j ; this contradicts the a ssumption that y j σ / ∈ ˆ p j . Since C σ | = A ∈ C , we deduce tha t for every clause C ∈ S , there exists a D ∈ S ↓ G ∈ S such that D | = A ∈ C , and therefore, S ≡ A ∈ S ↓ G ∈ S . By construc tio n, G ∈ S is ﬁnite, G ∈ S = G ∈ S ⋆ ∨ and G ∈ S ⊆ G ∈ S ′ if S ⊆ S ′ . Hence all the conditions o f Deﬁnition 21 ar e satisﬁed. 4.2 Com bination of Sp eciﬁcations Building on the results of the previous section, w e now pr ovide so me concrete applications of Theore m 25. 4.2.1 Com bini n g First-order Logi c without Equalit y and Presburger Arithmetic W e b egin with a simple example to illustrate how the metho d w ork s. W e show how to enrich the language of ﬁrst- order predicate log ic with some ar ithmetic constraints. W e assume that F contains no function sy mbol o f co-domain int other than the usual s ymbols 0 , s , + , − intro duced in Section 2.5. Let N fol be the restriction o f the sp eciﬁcatio n A fol deﬁned in Example 6 to non-equationa l clause sets (i.e. to clause sets in whic h all atoms are of the form t ≃ true ). W e c o nsider the combination N fol [ B Z ] of the sp eciﬁcation B Z int ro duced in Section 4.1.1 with N fol . Acco rding to Theorem 46, Θ Z is base- complete for B Z ; thus, in order to apply Theorem 25, we o nly need to ﬁnd a nesting-complete instantiation pro cedure for N fol . W e will use an instantiation 25 pro cedure based on hyp er linking [22]. It is deﬁned by the following inference rule: W n i =1 l i , m 1 ∨ C 1 , . . . , m n ∨ C n W n i =1 l i σ if σ is an mgu. o f the ( l i , m c i )’s. If S is a set o f clauses, we denote by Θ ′ fol ( S ) the set of clauses tha t can be obtained from S by applying the rule a b ove (in any num ber of steps) a nd by Θ fol ( S ) the set of clauses obtained from Θ fol ( S ) b y replacing all re ma ining v a r iables of sort s by a constant symbol ⊥ s of the same so rt. Prop ositi on 51. Θ fol is nesting-c omplete for N fol . Proof. In [2 2], it is proven that S and Θ fol ( S ) are equis a tisﬁable, thus Con- dition 1 of Deﬁnition 1 6 holds; furthermore, by deﬁnition, Θ fol is monotonic. T o verify that Θ fol is S B -inv ariant, it suﬃces to remark that if a clause D is deducible from a set o f clauses S b y the ins ta nt iation rule ab ove, then for every S B -mapping α , α ( D ) must b e deducible from Θ fol ( α ( S )), since the uniﬁer s are not a ﬀected b y the replacement of g round terms: if an mgu maps a v a riable x to a term t in S , then the corresp onding mgu will map x to α ( t ) in α ( S ). Theorem 25 gua rantees that Θ fol [Θ Z ] is co mplete for N fol [ B Z ]. Note that in general, Θ fol [Θ Z ] (and Θ fol ) a re not termina ting . How ever, Θ fol [Θ Z ] is terminat- ing if the set of gr ound terms con taining no subterm o f sort int (and distinct from • int ) is ﬁnite (for instance if F contains no function symbo l of arity gr eater than 0 and of a so rt distinct from int ). Example 52. Conside r the following set of clauses S , where i, j denote v ar i- ables of sort int , x, y de no te v a r iables of s ort s , and F contains the following symbols: a, b : in t , c, d : s , p : int × s → b ool and q : int × s × s → b ool . (1) ¬ p ( i, x ) ∨ ¬ q ( i, y ) ∨ r ( i, x, y ) (2) p ( a, c ) (3) j 6 < b ∨ q ( j, d ) (4) i 6≃ 2 0 ∨ ¬ r ( i, x, y ) Clauses (2 ) and (3 ) are no t in A . Indeed, the no n-arithmetic a tom p ( a, c ) contains a non-v ariable arithmetic subterm a and (3) contains a literal j 6 < b that is not allow ed in B Z (see Deﬁnition 42). Thus these clause s m ust b e reformulated as follows: (2)’ i 6≤ a ∨ a 6≤ i ∨ p ( i, c ) (3)’ j 6≤ b − 1 ∨ q ( j, d ) T o apply the pro cedure Θ fol [Θ Z ], we co mpute the s et S N and replac e ev ery arithmetic v a riable o ccurr ing in it by a sp ecia l consta nt • of sort int : S N =        ¬ p ( • , x ) ∨ ¬ q ( • , y ) ∨ r ( • , x, y ) p ( • , c ) q ( • , d ) ¬ r ( • , x, y ) 26 W e apply the pro cedure Θ fol . The reader can verify tha t we obtain the following clause se t: Θ fol ( S N ) =                ¬ p ( • , ⊥ ) ∨ ¬ q ( • , ⊥ ) ∨ r ( • , ⊥ , ⊥ ) p ( • , c ) q ( • , d ) ¬ r ( • , ⊥ , ⊥ ) ¬ p ( • , c ) ∨ ¬ q ( • , d ) ∨ r ( • , c, d ) ¬ r ( • , c, d ) Next we consider the clauses in S B : { i 6≤ a ∨ a 6≤ i, j 6≤ b − 1 , i 6≃ 2 0 } and compute the set G Z S B Z , accor ding to Deﬁnition 43. The terms occurr ing as the right op erands of a symbol ≤ are { a , b − 1 } . The least c o mmon m ultiple of all the natural n um b ers k such that S B contains a compar ison modulo k is 2. Thus G Z S B Z = { a, b − 1 , a − 1 , b − 2 } . T o get the clause s e t Θ [Θ Z ]( S ), the substitutions generated by Θ ar e combined with a ll ins tantiations of integer v a r iables b y elements of G Z S B Z . This yields: ¬ p ( a, ⊥ ) ∨ ¬ q ( a , ⊥ ) ∨ r ( a , ⊥ , ⊥ ) p ( a, c ) ¬ p ( b − 1 , ⊥ ) ∨ ¬ q ( b − 1 , ⊥ ) ∨ r ( b − 1 , ⊥ , ⊥ ) p ( b − 1 , c ) ¬ p ( a − 1 , ⊥ ) ∨ ¬ q ( a − 1 , ⊥ ) ∨ r ( a − 1 , ⊥ , ⊥ ) p ( a − 1 , c ) ¬ p ( b − 2 , ⊥ ) ∨ ¬ q ( b − 2 , ⊥ ) ∨ r ( b − 2 , ⊥ , ⊥ ) p ( a − 2 , c ) ¬ r ( a, ⊥ , ⊥ ) ¬ r ( a, c, d ) ¬ r ( b − 1 , ⊥ , ⊥ ) ¬ r ( b − 1 , c, d ) ¬ r ( a − 1 , ⊥ , ⊥ ) ¬ r ( a − 1 , c, d ) ¬ r ( b − 2 , ⊥ , ⊥ ) ¬ r ( b − 2 , c, d ) ¬ p ( a, c ) ∨ ¬ q ( a, d ) ∨ r ( a, c, d ) q ( a, d ) ¬ p ( b − 1 , c ) ∨ ¬ q ( b − 1 , d ) ∨ r ( b − 1 , c, d ) q ( b − 1 , d ) ¬ p ( a − 1 , c ) ∨ ¬ q ( a − 1 , d ) ∨ r ( a − 1 , c, d ) q ( a − 1 , d ) ¬ p ( b − 2 , c ) ∨ ¬ q ( b − 2 , d ) ∨ r ( b − 2 , c, d ) q ( b − 2 , d ) The resulting set of cla uses is N fol [ B Z ]-unsatisﬁable, hence, so is S . 4.2.2 Arra ys w i th In teger Indices and Unin terpreted Elements The spe c iﬁc a tion of arrays with integer indice s a nd unin terpreted elements ca n be deﬁned as a hier archic expansion of the base sp eciﬁcatio n B Z deﬁned in Section 4.1.1 with a simple s pe ciﬁcation N A = ( I fol , C A ), whe r e the clauses in C A are built on a set o f v ariables of sort int , on a sig nature containing only c onstant symbols of s o rt arra y or elem and a function s ymbol select : array × i nt → elem . W e hav e a ssumed that C A contains no occur rence o f the function symbol store for conv enience. There is no lo ss of generality: indeed, every deﬁnition of the form s = s to re( t, i, a ) where s, t, i, a ar e gro und terms can be written as the conjunction of the following clauses: select( s, i ) = v i + 1 6≤ z ∨ select( s, z ) ≃ sele c t( t, z ) z 6≤ i − 1 ∨ s e lect( s, z ) ≃ select( t, z ) 27 It is simple to verify that these thre e clauses are in C A . Obviously , the last t wo clauses are equiv alent to z ≃ i ∨ select( s, z ) ≃ select( t, z ). There exis ts a stra ig htf orward nesting-complete insta ntiation pro ce dure for N A : namely the identit y function id ( S ) def = S . This is indeed an insta nt iation pro cedure since all the v a riables o ccurr ing in C A are of type int ; these v ariables will alrea dy b e ins tantiated b y the instantiation pro cedure for B Z and the re- maining clause s et will b e ground. The following result is a direct consequence of Theorem 25: Prop ositi on 53. id [Θ Z ] is c omplete for N A [ B Z ] . W e provide some examples of prop erties that hav e b een consider ed in [6, 21, 20], and can be expres sed in N A [ B Z ] ( t , t ′ denotes constant symbols of sor t array ). (1) ∀ i, a 6≤ i ∨ i 6≤ b ∨ select( t, i ) ≃ v -- t is constant on [ a, b ] . (2) ∀ i, a 6≤ i ∨ i 6≤ b ∨ select( t, i ) ≃ select( t ′ , i ) -- t and t ′ coincide on [ a, b ] . (3) ∀ i, j, a 6≤ i ∨ i 6≤ b ∨ ∨ c 6≤ j ∨ j 6≤ d ∨ select( t, i ) 6≃ select( t ′ , j ) -- The restric tion of t and t ′ to [ a, b ] and [ c, d ] respectively are disjoint. (4) ∀ i, j, i 6≃ 2 0 ∨ j 6≃ 2 1 ∨ select( t, i ) 6≃ select( t , j ) -- The values of t at even indices are disjoint from the ones at odd ones. (5) ∀ i, i 6≃ 2 0 ∨ select( t, i ) ≃ select( t ′ , i ) ∨ select( t, i ) ≃ select( t ′′ , i ) -- For every even index, the value of t is equal to the value of t ′ or t ′′ . (6) ∀ i, i 6≥ 0 ∨ i 6≤ d ∨ select( t, i ) 6≃ ⊥ ∀ i, i 6≥ succ( d ) ∨ select( t, i ) ≃ ⊥ -- Array t has dimension d . (7) ∀ i, select(map( f , t ) , i ) ≃ f (select ( t, i )) -- Array map( f , t ) is obtained from t by iterating function f . Prop erties (1-3) can be e x pressed in the A rr ay pr op erty fr agment (see [6 ]), but not Prop erty (4), b eca use of condition i ≃ 2 0. Prop er t y (4) is expressible in the Lo gic for In te ger Arr ays (LIA) intro duced in [2 1], but not Prop erty (5), bec ause there is a disjunction in the v alue for mula. On the other hand, Pro p er ties such a s Injectivity cannot b e expresse d in o ur setting: (8) ∀ i, j, i ≃ j ∨ select ( t, i ) 6≃ select( t, j ) -- t is injective. (9) ∀ i, j, i ≃ j ∨ select ( t, i ) 6≃ select( t, j ) ∨ select( t, i ) ≃ ⊥ -- t is injective on its domain. Indeed, the litera l i ≃ j is not allowed in C ′ Z . 4.2.3 Arra ys w i th In teger Indices and In terpreted Elements Instead of using the mere sp eciﬁcatio n N A , one can co mbin e the sp eciﬁcation B Z with a richer speciﬁca tion, with function and predic a te symbols o p erating on the 28 elements of the arrays. F or instance, consider the s p ec iﬁca tion N R A = ( I R , C R A ), where Ax( I R ) is so me axiomatizatio n of real closed ﬁelds ov er a signature F R and the clauses occur r ing in C R A are built on a set of v ariable s of sort int and on a signature co nt aining all function sym b ols in F R , constan t symbo ls o f so rt array or re al a nd a function symbol select : array × in t → r eal . Then N R A [ B Z ] is the s p e ciﬁcation o f arr ays with integer indices and real elements, and an immediate application o f Theor em 25 yields: Prop ositi on 54. id [Θ Z ] is c omplete for N R A [ B Z ] . T o mo del ar rays with integer indices and integer elemen ts, it is necessar y to use a com bination of the speciﬁcation B Z with a s p ec iﬁc a tion containing the symbols in B Z : 0 : i nt , s : int → in t , ≤ : in t × int → bool , etc. How ever, this is not p ermitted in our appro ach since the clause sets of the nes ting sp eciﬁca tion would c ontain function symbols who se co - domain would be a so r t of the base sp eciﬁcation (namely i nt ), thus c ontradicting the conditions on S B and S N (see Section 3.1). A solutio n is to use a c opy of the sort int and of every symbol of co -domain int . W e deno te by N Z A the sp eciﬁca tion ( I ′ Z , C Z ) where Ax( I ′ Z ) is the imag e of Ax( I Z ) by the previous transfor mation and where the clause sets in C Z A are built on a set of v ar iables of so rt int and on a signature containing all function sym b ols 0 ′ , s ′ , ≤ ′ ,. . . in Ax( I ′ Z ), constant symbols of sort array or in t ′ and a function symbol sele ct : array × int → int ′ . Then N Z A [ B Z ] is a sp eciﬁcation of arrays with integer indices and integer elements, and by Theorem 25, id [Θ Z ] is complete for N Z A [ B Z ]. Note how ever that, due to the fact that the sort symbols are renamed, eq ua - tions betw een integer ele ments and in teger indices ar e not per mitted: indices cannot b e store d into arrays a nd terms of the form s elect( t, select( t, i )) are for - bidden. Howev er, the sharing of a constant symbol c b etw een the t wo sor ts int and int ′ (as in the equation: selec t( t, c ) ≃ c ) is possible, b y adding ground ax- ioms of the form: k ≃ c ⇒ k ′ ≃ c ′ , wher e c ′ denotes the copy of c , k is any in teger in int and k ′ denotes its copy in in t ′ . Let A denote this set o f axioms; it is o b- vious that A is countably inﬁnite. It is clear that id [Θ Z ]( S ∪ A ) = id [Θ Z ]( S ) ∪ A , so that the instantiation pro cedure is not aﬀected by this addition. Thus these axioms can b e simply r emov ed a fter ward by “merg ing ” int and in t ′ and by re- placing c ′ by c (it is stra ightforw ard to verify tha t this transfor mation preser ves satisﬁability). W e provide some examples. ≤ ′ and + ′ are r enaming o f the sym b ols ≤ and + resp ectively . Notice that the indices o f the arr ays a re of sort in t , wher eas the elements ar e of sort int ′ . The following prop er ties can be expressed in N Z A [ B Z ]: (1) ∀ i, j, i 6≤ j ∨ select( t, i ) ≤ ′ select( t, j ) -- t is sorted. (2) ∀ i, j, a 6≤ i ∨ i 6≤ b ∨ c 6≤ j ∨ j 6≤ c ∨ select( t, i ) ≤ ′ select( t ′ , j ) -- The values of t at [ a, b ] are lower than the ones of t ′ at [ c, d ] . (3) ∀ i, i 6≃ 2 0 ∨ i 6≤ n ∨ select( t, i ) ≃ ′ select( t ′ , i ) + ′ select( t ′′ , i ) -- For every even inde x low er than n , t i s the sum of t ′ and t ′′ . 29 Here ar e some examples of prop er ties that c annot b e handled: (4) ∀ i, select( t, i ) ≃ i -- t is the identi ty. (5) ∀ i, select( t, i ) − select( t, i + 1) ≤ 2 -- The distan ce betw een the values at two consecu tive index -- is at most 2 . Prop erty (4) is not in N Z A [ B Z ] b eca use there is an equation r elating a n e lement of sort in t (i.e. a n index) to an e lement of s ort int ′ 6 = i nt (an element). Pr op erty (5) co uld b e expressed in o ur setting as ∀ i, j, j 6≃ i + 1 ∨ sele ct( t, i ) − select( t, j ) ≤ 2 but the atom j 6≃ i + 1 is no t in B Z . Pro p erty (5) ca n b e expressed in the logic LIA (see [21]). This shows that the expressive p ower of this log ic is not comparable to ours. These res ults ex tend stra ightforw ardly to m ultidimensional a rrays. 4.2.4 Arra ys w i th T ranslations on Arra ys Indices In some case s, prop erties rela ting the v alue of an arr ay at an index i to the v alue at index i + k for some natural n umber k can b e expres sed by refo r mulations. Deﬁnition 55. Let S be a clause set, containing clauses tha t ar e pairwis e v a r iable-disjoint. Let λ b e a function mapping every arr ay constant to a ground term of sort in t . S is shiftable r elatively to λ iﬀ the following conditions hold: 1. Every clause in S is of the form C ∨ D , where D is a clause in N Z A and every literal in C is of one of the following form: i 6≤ j + s , i 6≤ s , s 6≤ i , i 6≃ k s , where i, j are v ariables of sort int , s is a gro und term of sort int and k is a natural num b er. 2. F or every clause C ∈ S and for every literal i 6≤ j + s o ccurring in C , where i, j are v ariables and s is a term of sort int , C contains tw o terms of the for m select( t, i ) and select( t ′ , j ) where λ ( t ′ ) − λ ( t ) is equiv alent to s . 3. If C contains tw o terms o f the fo r m selec t( t, i ) and select( t ′ , i ) then λ ( t ) = λ ( t ′ ). 4. If C contains a equation t ≃ t ′ betw een arr ays then λ ( t ) = λ ( t ′ ). ♦ The existence o f s uch a function λ is easy to determine: conditions (2-4) ab ov e can immediately be tra nslated in to arithmetic c o nstraints on the λ ( t )’s, and the satisﬁability of this set of co nstraints can b e tested b y us ing any decision pro cedure for Presbur ger arithmetic. W e deﬁne the following tr a nsformation of clause sets: Deﬁnition 56. Let t 7→ t ′ be an arbitra r ily chosen function mapping a ll the constants t of sort arra y to pairwise distinct fresh constants t ′ of sor t array . W e denote by shift( S ) the clause set obta ined from S by applying the following rules: 30 • every clause C containing a term of the form se le c t( t, i ) (where i is a v a r iable) is repla ced b y C { i 7→ i − λ ( t ) } ; • then, ev ery term of the form se le ct( t, s ) is r eplaced by select( t ′ , s + λ ( t )). ♦ Lemma 57. L et S b e a shiftable clause set. Then: • shift( S ) and S ar e e quisatisﬁable. • shift( S ) is in N Z A [ B Z ] . Proof. It is clear that for every cla use C in S , C ≡ C { i 7→ i − k } : since i ranges over all integers, i and i − k r ange ov er the same se t. The r eplacement of select( t, s ) by select( t ′ , s + λ ( t )) obviously preserves sat-equiv alence: it suﬃces to int erpre t t ′ as the array deﬁned by the r elation: select( t ′ , i ) def = select( t, i − λ ( t )). Thu s shift( S ) and S are equisatisﬁa ble . W e prov e that shift( S ) is in N Z A [ B Z ]. By Condition 3 of Deﬁnition 55, if a clause C { i 7→ i − λ ( t ) } contains a term o f the form select( s, i − λ ( t )) then we must hav e λ ( s ) = λ ( t ), thus this term is replace d by select( s ′ , i ) whe n the second rule ab ov e is applied. Consequently , the non-a rithmetic part of th e resulting c lause ca nnot con tain a ny non-v ariable term of sort int . Now as s ume that C con tains an ar ithmetic literal of the form i ≤ j + s . Then by condition 2 , C also co ntains ter ms of the for m select( t, i ) and select( t ′ , j ), where λ ( t ′ ) − λ ( t ) is equiv alen t to s . Hence, the cla use in s hift ( S ) corres p o nding to C cont ains the literal i − λ ( t ) ≤ j − λ ( t ′ ) + s ≡ i ≤ j − ( λ ( t ′ ) − λ ( t )) + s ≡ i ≤ j . W e pro vide an example in which this result applies. Example 58. Conside r for ins tance the following clause set: S =                        (1) ∀ i, j, a 6≤ i ∨ i 6≤ b ∨ j 6≃ i − a ∨ select( s, i ) ≃ select( t, j ) -- s is identic al to t up to a shift of length a . (2) ∀ i, j, a 6≤ i ∨ i 6≤ b ∨ j 6≃ i − a ∨ select( u, i ) ≃ select( s, j ) -- u is identic al t o s up to a shift of length a . (3) c ≥ a + a (4) c ≤ b (5) i 6≃ c ∨ j 6≃ c − a − a ∨ select( u, c ) 6≃ s elect( t, j ) -- u is not identic al to t up to a shift of length a + a . It is s imple to chec k tha t S is s hiftable r elatively to the mapping: λ ( u ) = a + a , λ ( s ) = a and λ ( t ) = 0. Accor ding to Deﬁnition 57, S is r eformulated as follo ws: shift( S ) =            (1 ′ ) ∀ i, 0 6≤ i ∨ i 6≤ b − a ∨ j 6≃ i ∨ select( s ′ , i ) ≃ select( t ′ , j ) (2 ′ ) ∀ i, 0 6≤ i ∨ i 6≤ b − a ∨ j 6≃ i ∨ select( u ′ , i ) ≃ s elect( s ′ , j ) (3) c ≥ a + a (4) c ≤ b (5) i 6≃ c ∨ j 6≃ c − a − a ∨ select( u ′ , c ) 6≃ sele c t( t ′ , j ) shift( S ) a nd S are equisatisﬁable, a nd shift ( S ) belongs to N Z A [ B Z ]. The unsat- isﬁability o f shift( S ) can b e pro ven by applying the pro cedur e id [Θ Z ]. 31 4.2.5 Nested Arra ys An interesting feature of this approach is that it can b e a pplied r ecursively , using as base and/ or nesting sp eciﬁcatio ns some nested combination o f other sp eciﬁcations. W e denote by B ′ Z a co py of the sp eciﬁcation B Z in which the symbols i nt , 0, s , ≤ , . . . are renamed into i nt ′ , 0 ′ , s ′ , ≤ ′ , . . . W e deno te by Θ ′ Z the co rresp onding instantiation pro cedure , as deﬁned by Deﬁnition 43. Let N Z A ′ be a cop y o f the sp eciﬁcation N Z A , in which the symbols int ′ , 0 ′ , s ′ , ≤ ′ , select. . . are renamed int o int ′′ , 0 ′′ , s ′′ , ≤ ′′ , select ′ . . . Let A Z 3 def = N Z A ′ [ B ′ Z ][ B Z ]. Prop ositi on 59. id [Θ ′ Z ][Θ Z ] is c omplete for A Z 3 . In A Z 3 , the (integer) indices of a n arr ay t ca n themselves b e stor e d into arrays of integers, but of a diﬀer ent typ e than t . Example 60. The following clause set is A Z 3 -unsatisﬁable (for the sake of read- ability we use t 6≃ s as a shor thand for t 6≤ s ∨ t 6≤ s ): (1) i ≤ j ∨ select( t, i ) ≤ select( t, j ) -- t is sorted. (2) i ′ ≤ j ′ ∨ select ′ ( t ′ , i ′ ) ≤ ′ select ′ ( t ′ , j ′ ) -- t ′ is sorte d. (3) a ≤ b (4) x 6≃ a ∨ y 6≃ b ∨ x ′ 6≃ se le ct( t, x ) ∨ y ′ 6≃ se le ct( t, y ) ∨ select ′ ( t ′ , x ′ ) > select( t ′ , y ′ ). -- t ′ ◦ t i s not sorted . W e describ e the way the pro cedure works o n this very simple but illustrative example. According to the deﬁnition o f id [Θ ′ Z ][Θ Z ], the v ar ia bles i , j , x and y are replaced by a sp ecia l symbol • a nd the instantiation pro cedure id [Θ ′ Z ] is applied. The v ariables i ′ , j ′ , x ′ , y ′ are replaced by a c o nstant symbol • ′ and the pro cedure id is applied on the r esulting clause set (in a triv ial way , since this set is ground). Next, w e apply the pro cedure Θ ′ Z . According to Deﬁnition 43, Θ ′ Z instantiates the v ariables i ′ , j ′ , x ′ , y ′ by select( t, • ). This substitution is applied to the orig inal cla us e set and the pr o cedure Θ Z is inv oked. The v a riables i , j , x and y , and the co ns tant symbol • are replaced by { a, b } . After obvious simpliﬁcations, we o btain the following set of instances: a ≤ b ∨ select( t, a ) ≤ selec t( t, b ) b ≤ a ∨ select( t, b ) ≤ select( t, a ) select( t, a ) ≤ s elect( t, a ) ∨ select ′ ( t ′ , select( t, a )) ≤ ′ select ′ ( t ′ , select( t, a )) select( t, a ) ≤ select( t, b ) ∨ select ′ ( t ′ , select( t, a )) ≤ ′ select ′ ( t ′ , select( t, b )) select( t, b ) ≤ select( t, b ) ∨ select ′ ( t ′ , select( t, b )) ≤ ′ select ′ ( t ′ , select( t, b )) select( t, b ) ≤ select( t, a ) ∨ select ′ ( t ′ , select( t, a )) ≤ ′ select ′ ( t ′ , select( t, a )) a ≤ b select ′ ( t ′ , select( t, a )) > select ′ ( t ′ , select( t, b )) 32 A t this p oint, ≤ ′ may b e simply replaced by ≤ (this op er ation obviously preserves eq uisatisﬁability) and the resulting cla us e set can b e refuted by an y SMT-solver ha ndling ground equality a nd integer a r ithmetic. Such nested a rray reads are o utside the scop e o f the Array property fragment of [6] and o f the Logic LIA o f [21]. T he y are no t subsumed either b y the extensions o f the theory of ar r ays considere d in [20]. Note that, due to the fact that we use distinct r enamings of the sp eciﬁc a tion of integers, equations such as select( t ′ , select( t, a )) ≃ select( t ′ , a ) are forbidden (if arrays a r e viewed as heaps, this mea ns that ther e can be no equation b etw een p ointers and referenced v a lue s ). 5 Discussion In this pap er we hav e intro duced a new combination metho d of instantiation schemes and pr esented suﬃcient conditions that guara ntee the co mpletenes s of the resulting instantiation sc heme. As evidenced by the examples provided in Section 4, this com bination metho d permits to obtain instantiation pr o cedures for several theories that a re quite expressive, at almost no cost. O ne direct consequence of these results is tha t it should b e possible for developers of SMT solvers to fo cus on the de s ign of eﬃcient decisio n pro cedures for a few b asic theories, such as, e.g., the theory o f equality with uninterpreted function sym b ols (EUF) or Pre sburger a r ithmetic, and obtain eﬃcient SMT solvers for a la r ge panel of theories . This combination metho d may seem ineﬃcient, s ince exp onentially many ground clauses may b e genera ted, except for the trivial cas es. An interesting line of research is to inv estigate how incremental techniques ca n b e implemented and the instantiations controlled so that the (un)satisﬁability of the clause s et under considera tio n can b e detected b efore all clauses ar e insta nt iated in a ll po ssible wa ys. F o r instance, we b elieve it is p o ssible – but this will pro bably depe nd on B a nd N – to devise more subtle strategie s tha t begin b y replac ing base v ariables with the c o nstants • s and applying the instantiation pro cedure for N , and der iving additional infor mation fro m the r esulting set o f gro und clauses to avoid having to instantiate a ll ba se v ar iables in all pos sible wa ys. F urther inv estigations in to this line of work could lead to the desig n of more p owerful instantiation pro cedures that could e nla rge the sco p e of mo der n SMT solvers by making them able to handle eﬃciently more expr essive classes of quantiﬁed formulæ. References [1] A. Abadi, A. Rabinovic h, and M. Sagiv. Decidable fragments of ma ny- sorted logic. J ou rn al of Symb olic Computation , 45(2):153 – 172, 2010 . 33 [2] E. Althaus, E. Kruglov, and C. W eidenbac h. Sup erp o s ition mo dulo linear arithmetic sup(la). In S. Ghilardi and R. Sebastiani, editor s, F r oCoS 2009 , volume 5 7 49 of LNCS , pages 8 4 –99. Springer, 2009 . [3] L. Bachmair and H. Ga nzing er. Rewrite-ba sed equatio nal theor em pr ov- ing with selection a nd simpliﬁcation. Journal of L o gic and Computation , 3(4):217– 247, 1 994. [4] L. Ba chmair, H. Ga nz ing er, and U. W aldmann. Refutational theorem prov- ing for hierachic ﬁrst-or der theor ies. Appl. Alg ebr a Eng. Commun. Comput. , 5:193– 212, 1 994. [5] P . Baumgar tner and C. Tinelli. The Mo del Evolution Calculus. In F. Baader, editor, CADE- 19 – The 19th International Confer enc e on Au- tomate d De duction , volume 2741 of LNAI , pag e s 350–364 . Springer, 20 03. [6] A. R. Bra dley and Z. Manna. The Calculus of Computation: De cision Pr o c e dur es with Applic ations t o V eriﬁc ation . Springer-V erlag New Y ork , Inc., Secaucus, NJ, USA , 20 07. [7] A. R. Bradley , Z. Manna , and H. B. Sipma. What’s decidable ab out arrays? In E. A. Emer son a nd K. S. Namjoshi, editors , Pr o c. VMCAI-7 , volume 3855 of LNCS , pag es 427–4 42. Spring e r , 2006. [8] R. Bruttomesso , A. Cimatti, A. F r anz´ en, A. Grigg io, and R. Seba stiani. Delay ed theory combin ation vs . nelson- opp en for satisﬁability mo dulo the- ories: a compar ative a nalysis. Ann. Math. Artif. Intel l. , 5 5(1-2):63 –99, 2009. [9] H. Comon, M. Dauchet, R. Gilleron, F. Jacquema rd, D. Lugiez, S. Tis o n, and M. T o mmasi. T ree automata techniques and applica tions. Av ailable on: htt p://w ww.gr appa.univ-lille3.fr/tata , 1997 . [10] H. Comon and C. Delor. Equationa l form ulae with mem b ership cons traints. Information and Computation , 112(2):167–2 16, August 199 4. [11] B. Dreb en a nd W. D. Goldfarb. The De cisio n Pr oblem, Solvable Classes of Quantiﬁc ational F ormu las . Addison-W esley , 197 9. [12] M. Echenim and N. P eltier. Instantiation o f SMT problems modulo Inte- gers. In AIS C 2010 (10th International Confer enc e on Artiﬁcial Intel ligenc e and Symb olic Computation) , LNCS. Springer , 2010. [13] M. Echenim and N. Peltier. An insta nt iation scheme for satisﬁa bilit y mo d- ulo theories . Journal of Automate d R e asoning , 20 10. [14] P . F ontaine. Com binations of theories for decida ble frag ment s of ﬁrst-o r der logic. In S. Ghila rdi and R. Se ba stiani, editors, F r oCos , volume 57 49 of L e ctu re Notes in Computer Scienc e , pages 2 63–27 8. Spr inger, 2009. 34 [15] P . F ontaine, S. Ra nise, and C. G. Zarba. C o mbining lists with non-stably inﬁnite theories . In F. Baader and A. V oronkov, editors, LP AR , volume 3452 of L e ctur e Notes in Computer Scienc e , pages 51– 6 6. Spr inger, 2004. [16] H. Ganzinger. Relating semantic and pro o f-theoretic c oncepts for p olyno m- inal time de c idability of uniform word problems. In LICS , pages 81 –92, 2001. [17] H. Ganzinger and K. Korovin. New directio ns in instan tiation-base d the- orem pr oving. In Pr o c. 18th IEEE Symp osium on L o gic in Computer Sci- enc e,(LICS’0 3) , pages 55–64. IEEE Computer So ciety Press, 200 3. [18] Y. Ge and L. M. de Moura. Complete instantiation for quantiﬁed formulas in satisﬁabiliby mo dulo theories . In A. Boua jjani and O. Maler, editor s, CA V 200 9 , v olume 564 3 of LNCS , pages 306–3 20. Spr inger, 2009. [19] S. Ghilardi, E . Nicolini, S. Ranise, and D. Zucchelli. Decision pro cedur e s for extensions of the theor y of ar r ays. Annals of Mathematics and A rtiﬁcial Intel ligenc e , 50:231–2 5 4, 2 007. 10.10 07/s 1 0472 -007-9078-x. [20] S. Ghilar di, E. Nicolini, S. Ranis e , a nd D. Zucchelli. Decision pro cedures for extensions of the theory of arrays. Ann. Math. Artif . Intel l. , 50 (3 -4):231 – 254, 200 7. [21] P . Hab ermehl, R. Iosif, a nd T . V o jna r . What else is decidable ab out integer arrays? In R. M. Ama dio , editor, F oSSaCS , volume 4 962 of L e ctur e Notes in Comp uter Scienc e , pages 474 –489 . Spr inger, 200 8. [22] S. Lee a nd D. A. Plaisted. Eliminating duplication with the hyper-linking strategy . Journal of Automate d R e asoning , 9:25–4 2, 19 92. [23] R. Lo os and V. W eispfenning. Applying linear quantiﬁer elimination. Com- put. J. , 36(5):450– 462, 199 3. [24] D. A. Pla isted a nd Y. Zhu. O rdered sema nt ic hyperlinking . Journal of Automate d Re asoning , 25(3 ):167–2 17, Octob er 20 00. [25] V. Sofronie-Stokkermans. Hierar chic reasoning in lo cal theory extensions. In R. Nieuw enhuis, editor, CADE , volume 3 632 of L e ctu r e Notes in Com- puter Scienc e , pa g es 219–23 4. Spring er, 2005. [26] V. Sofronie-Stokkermans. Hiera rchical reas oning for the veriﬁcation o f para- metric systems . In J. Giesl a nd R. H¨ ahnle, edito r s, IJCAR , volume 6173 of L e ctur e Notes in Computer Scienc e , pages 171–18 7. Springer, 2 010. [27] C. Tinelli and M. Harandi. A new c orrectness proo f o f the Nelson-O pp e n combination pro cedur e. In F r ontiers of Combining Systems , volume 3 of Applie d L o gic Series , pag es 103– 120. K luw er Aca demic Publishers , 1996. 35

Instantiation Schemes for Nested Theories

Original Paper

Comments & Academic Discussion

Leave a Comment

Original Paper

Related Papers

Comments & Academic Discussion

Leave a Comment