6.2 Definition-First Search
6.2.2 Bounded Defining Map
Defining maps for sets of FQ-clauses will be called bounded defining maps, as each of the definitions must be stored with its finite domains. These domains must also be preserved between updates and applied to clauses when rewriting with the defini- tions.
Definition 6.2.1 (Ground Equivalent). For an FQ-clause C ∨ ¬∆, define the ground equivalentge(C ∨ ¬∆):= {Cσ∈vsgi(C): TZ |=∆σ}.
The ground equivalent of a set of clauses is the union of the ground equivalents of its members. Because instances that do not satisfy∆areTZ-valid, it follows that
Lemma 6.2.1. vsgi(C ∨ ¬∆)is equivalent toge(C ∨ ¬∆)modulo TZ.
Sufficient completeness requires every relevant subterm of N to have a defini- tion. As in the previous chapter, only a subset of the relevant terms will be defined,
namely, the subset of relevant terms in the ground equivalent clause set of N. Suf- ficient completeness could be recovered immediately by adding arbitrary definitions for relevant terms not in the ground equivalent. It is enough to note that whenever a model exists for the ground equivalent, then there is a model which defines all the relevant terms and is TZ-extending. This is the same as that shown in the previous chapter.
When the input consists of FQ-clauses, each of the free variables in free BG-sorted terms is integer sorted. Definitions introduced as exceptions are formed from non- ground terms in a defining map by instantiating one or more variables with integer values. For example, f(x)≈ α∨ x ∈/[0, 100]can have f(0),f(1)added as exceptions. The following restricted form of substitution is used to relate definition terms and instances added as exceptions.
Definition 6.2.2(Numbering Substitution). Anumberingsubstitution is any substitu- tion such that for allZ-sorted variablesx, eitherxσ =x orxσ∈Z.
A numbering instanceof a term, literal or clause is any instance made by a num- bering substitution.
Example 6.2.1. [x → x+2,y → 4+2],[x → α],[x → y] are all simple substitutions that are not numbering;[x→6]is a numbering substitution.
A defining map for FQ-clauses is represented by a data structure quite similar to a substitution tree used for term indexing, which shares features with the (similarly motivated) defining map used for finite quantifier instantiation in CVC4 [RTG+13], or to a Model Evolution context data structure, described in Baumgartner and Tinelli [BT05]
Definition 6.2.3. A bounded defining map MN for a clause setN is a set of definition
and domain formula pairs(t ≈α,∆)such that 1. t ∈rel(N)
2. αis aZ-sorted parameter not inN 3. all variables int are in∆
4. For every maximal term s ∈ rel(ge(N)), there is a definition (s0 ≈ α,∆) ∈ M wheres≈ α∈ge(s0 ≈α ∨ ¬∆)4
5. Given the pairs(t ≈α,∆),(s ≈β,∆0)∈MN whereα6= βthen (a) t ands are not variants
(b) ifsis a proper numbering instance of t, then∆ ∩ ∆0 =∅
(c) ift,sare not mutual instances or variants, butσ=mgu(t,s)is numbering, then there is(t0 ≈α0,∆2)∈ MN wheretσ=t0 and∆2 ∩ ∆ ∩ ∆0 =∅ 4this will be relaxed later, when terms in rel(N)are known to be defined by other clauses
Example 6.2.2. LetN = {f(g(a,x),y) ≈ y ∨ x,y 6∈ [0, 100]}. One possible defining map forN is
f(g(a,x),y)≈α0, x,y∈[1, 100] f(g(a, 0),y)≈α1, y∈[1, 100] f(g(a,x), 0)≈α2, x∈ [1, 100] f(g(a, 0), 0)≈α3
The definition f(g(a, 0), 0) ≈ α3 is required by property 5.c of the definition of defining maps. Notice that g(a,x) and g(a, 0) are not necessarily defined at this stage. Theclausalprocedure will do this later, and is described in Section 6.2.3
The following lemma shows that a bounded defining map assigns a single pa- rameter to each relevant term. Note thatge(M)is the ground equivalent of the set of FQ-clausest ≈α ∨ ¬∆where(t ≈α,∆)∈M.
Lemma 6.2.2. Let N be a set of FQ-clauses and MN a bounded defining map forN. For
any t∈rel(N), if t≈α1and t≈α2are inge(MN), thenα1= α2.
Proof. Assume for contradiction that α1 6= α2. By property 5a MN cannot contain
both t ≈ α1 and t ≈ α2, so these must be instances of two separate definitions. Specifically, t = s1µ1 = s2µ2 for substitutions µ1,µ2 and (s1 ≈ α1,∆1),(s2 ≈ α2,∆2) are in MN. Hence, s1,s2 are unifiable and, without loss of generality, eithert =s2 or t 6= s2. Ift =s2, then s2 is an instance ofs1, i. e. ,s2= s1µ1. The substitutionµ1must be numbering, otherwise t ≈ α1 is not inge(MN). But domains ∆1, ∆2 are disjoint by property 5b, soµ1 cannot exist. Finally, if t 6= s2, then by property 5ct ≈ β is in MN and has a domain disjoint from both∆1and∆2.
Now that the defining map has been established as actually being a map, an abstract description of fixed definitions can be given.
Definition 6.2.4(Fixed definitions). Definition t ≈αis fixed by defining map M if t is ground, and, if anys ≈αis inge(M), thens= t.
The set of all fixed definitions in M isfixed(M). For bounded defining maps, each fixed definition has a trivial domain (as it is ground) so the setfixed(M)consists of unit clauses.
It is possible that a defining map assigns different parameters to terms t,t0 such that TZ|= t≈t0. For example, the defining map {(f(x)≈α0,x∈ [0, 5]),(f(x+1)≈
α1,x ∈ [0, 5])} entails that f(1) ≈ α0 and f(1) ≈ α1. This particular case could be repaired by transforming the domain predicatex∈[0, 5]using the inverse mapx−1, followed by combining the definitions. However, the general problem, i. e. , finding common subterms modulo TZ, is essentially theory unification. As requirement 5 in Definition 6.2.3 is only there for sake of theorem prover efficiency, this form of overlap can be ignored without sacrificing completeness. This is not to say the construction of a bounded defining map is in vain, as later experiments will show.
Terms in defining maps may contain instances of other relevant terms as sub- terms. For example, the subterm g(a,x) in Example 6.2.2 might have a definition
term. The defining map contains only subterms of the original clause set (i. e. , with- out any defining map parameters), this has the benefit of keeping the update proce- dure rather simple.
Bounded defining maps can be viewed as a constraint on the interpretations con- sidered by the solver. As for domain-first search, definition-first search limits in- stantiation by progressively weakening the constraints imposed by the definitions. Bounded defining maps can be related based on how strict their constraints are: each map organises the relevant terms of a clause set into an equivalence relation, where terms are equivalent if they are assigned the same parameter.
Definition 6.2.5 (Implied Equivalence Relation). A defining map MN implies an
equivalence M=N on a subset of rel(N), defined as M=N := {(t1,t2) : ∃α. t1 ≈ α ∈
ge(MN) ∧ t2≈α∈ge(MN)}.
This is a subset of the congruence closure ofge(MN). For example, if f(g(1), 0)≈
α1,f(g(0), 0) ≈ α2,g(0) ≈ α3,g(1) ≈ α3 are in ge(MN), then (g(0),g(1)) ∈ M=N.
However,(f(g(1), 0),f(g(0), 0))is not in M=N, even though the latter terms are equal in the congruence closure ofge(MN).
This permits a description of bounded defining maps which abstracts the names of parameters used in the defining map, and provides a way to relate successive defining maps. A defining map ismore generalthan another if its implied equivalence relation is a subset of the equivalence relation of the second map. Then the most generaldefining map assigns every relevant term to a unique parameter, equivalently, it only contains ground terms in definitions.
Lemma 6.2.3. The following are equivalent: 1. Mis the most general defining map forN
2. for all t1 ≈α1, t2 ≈α2inge(M), ifα1 =α2then t1=t2 3. for all definitions(t≈α,∆)∈ M, t is ground.
Proof. 1. ⇒2. by definition of the implied equivalence on M. 2. ⇒3. by the fact that all definitions in M are fixed and 3. ⇒1. by property 5 of Definition 6.2.3.
Rather trivially then, the most general map does not affect the satisfiability of a clause set, as it uniquely names all existing terms.
Lemma 6.2.4. LetMbe the most general defining map forN, thenN ∪ MisB-satisfiable iffN isB-satisfiable.
Lemma 6.2.5. IfM1 is more general thanM2andN ∪ M2isB-satisfiable, thenN ∪ M1 isB-satisfiable.
Proof. M2differs from M1by enforcing additional equalities between relevant terms. Hence, a model I for N ∪ M2 is already a model for N ∪ M1 if parameters in definitions are ignored. These can be accommodated by settingαI =tI, as the terms t in definitions already have interpretations under I. This is not a problem so long as the signature allows the extra constants, as they only appear in definitions of M1 anyway.
1 algorithmapply(C ∨ ¬∆,MN):
2 letCS={C ∨ ¬∆}
3 whileD ∈ CShas maximal relevant termt: 4 forall(s ≈ α, ∆2) ∈ MN wheremgu(s, t) = σ
5 CS =(CS \ D) ∪ (D[α] ∨ ¬∆ ∨ ¬∆2)σ 6 returnCS
Figure6.2:applyrewrites clauseC ∨ ¬∆modulo definitions in MN