04-Quantifiers-Solutions
.pdf
School
University of British Columbia**We aren't endorsed by this school
Course
CPSC 539S
Subject
Computer Science
Date
Dec 26, 2024
Pages
2
Uploaded by falkirks
Alexander J. SummersProgram Verifiers and Program VerificationExercise Solutions 4: QuantifiersAssignment 1 (Rewriting and Skolemization)Technically, we can simply pull the negation out from under the existential∃z, rewriting∃z.¬(. . .)as¬∀z.(. . .), and we’ll have a formula in extended CNF. However, the intention is to simplifythe formula, and pushing the negations inwards will help, here (especially for Assignment 2).If we push the outermost negation inwards (using the equivalence¬(A⇒B)≡(A∧ ¬B)),we obtain instead:∃z.((∀n.g(n, z)∧ ∃m.(¬n=z⇒s(m) =n))∧c6=z)∧ ∀w.¬s(s(s(w))) =s(s(c))Applying Skolemization to the outer existential, we replacezwith some fresh constant symbolz0in the body, obtaining:(∀n.g(n, z0)∧ ∃m.(¬n=z0⇒s(m) =n))∧c6=z0∧ ∀w.¬s(s(s(w))) =s(s(c))We can similarly apply Skolemization to the∃m., but since it occurs under the∀n.we haveto introduce afunctionf, replacingmwithf(n)to obtain:(∀n.g(n, z0)∧(¬n=z0⇒s(f(n)) =n))∧c6=z0∧ ∀w.¬s(s(s(w))) =s(s(c))This leaves us with three (generalised) unit clauses, conjoined together.Assignment 2 (E-graphs and E-matching)We start from the formula that we computed in the solution for Assignment 1:(∀n.g(n, z0)∧(¬n=z0⇒s(f(n)) =n))∧c6=z0∧ ∀w.¬s(s(s(w))) =s(s(c))The only ground terms arez0,c,s(c)ands(s(c)), and the only known (in)equality facts (afterinitial DPLL search) will be the inequality betweencandz0. Thus, we should get an E-graph:sscz01
A simple choice of triggers would be{s(n)}for the first quantifier, and{s(w)}for the second.In both cases, we would get matching loops (can you see why?). Unfortunately, avoiding matchingloops is difficult for the second quantifier (for the first, choosing e.g.{s(f(n))}might beacceptable): choosing{s(s(s(w)))}as a trigger would avoid matching loops but wouldn’t allowus to make any instantiations of the quantifier for this example.Sticking with the simplest choice of triggers, then, we can instantiate the first quantifierwith e.g.creplacingn, since we have the terms(c)in our E-graph. This yields the assertiong(c, z0)∧(¬c=z0⇒s(f(c)) =c)), which, combined withc6=z0allows us to deduces(f(c)) =c.Now, we can instantiate the second quantifier, replacingwwithf(c)(sinces(f(c))will now bein our E-graph). This gives us¬s(s(s(f(c)))) =s(s(c)), which contradictss(f(c)) =c, givingusunsat.Assignment 3 (Axiomatising Duplicate-Freeness)The only reasonable choice of triggers is the following:∀i: Int, j: Int.{lookup(a, i),lookup(a, j)} ¬i=j⇒ ¬lookup(a, i)=lookup(a, j)This will cause quadratically many instantiations of the axiom in the number of groundlookup(a, k)terms encountered in the problem; one instantiation for each pair of terms (including instantia-tions cause by the same term twice).An alternative is to introduce an “inverse” function forlookup. Since there are no duplicates,there must exist an inverse mapping back from the array elements to the indices. We can makethis assumed inverse explicit by introducing a functionlookupinvfromInttoInt, and using thefollowing quantifiers instead of the one from the question:∀i: Int.{lookup(a, i)}lookupinv(lookup(a, i))=iThis quantifier is sufficient to imply the previous one, but only gets instantiated once per groundlookupterm.It might be tempting to also add the dual axiom:∀j: Int.{lookupinv(j)}lookup(a,lookupinv(j))=jbut this would have the effect of guaranteeing thateveryinteger occurs somewhere in the array.Even for infinite arrays, this is not necessarily true; for example, consider the array which storestwice the value of a location’s index at each location (no odd integers occur in the array). Thissecond axiom would introduce inconsistency in such an example (and is not necessary to expressduplicate-freeness, in any case).2