Automated Reasoning∗ Marek Kosta Christoph Weidenbach Summer Term 2012 What is Computer Science about? Theory Graphics Data Bases Programming Languages Algorithms Hardware Bioinformatics Verification What is Automated Deduction about? Generic Problem Solving by a Computer Program. ∗This document contains the text of the lecture slides (almost verbatim) plus some additional infor- mation, mostly proofs of theorems that are presented on the blackboard during the course. It is not a full script and does not contain the examples and additional explanations given during the lecture. Moreover it should not be taken as an example how to write a research paper – neither stylistically nor typographically. 1 Introductory Example: Solving 4 × 4 Sudoku 2 1 3 1 1 2 Start 2 1 4 3 3 4 1 2 4 2 3 1 1 3 2 4 Solution Formal Model Represent board by a function f(x, y) mapping cells to their value. 2 1 3 1 1 2 Start N = f(1, 1) ≈ 2 ∧ f(1, 2) ≈ 1∧ f(3, 3) ≈ 3 ∧ f(3, 4) ≈ 1∧ f(4, 1) ≈ 1 ∧ f(4, 3) ≈ 2 ∧ is conjunction and ⊤ the empty conjunction. A state is described by a triple (N; D; r) where • N contains the equations for the starting Sudoku • D a conjunction of further equations computed by the algorithm • r ∈ {⊤, ⊥} Initial state is (N; ⊤; ⊤). A square f(x, y) where x, y ∈{1, 2, 3, 4} is called defined by N ∧ D if there is an equation f(x, y) ≈ z, z ∈{1, 2, 3, 4} in N or D. For otherwise f(x, y) it is called undefined. 2 Rule-Based Algorithm Deduce (N; D; ⊤) ⇒ (N; D ∧ f(x, y) ≈ 1; ⊤) provided f(x, y) is undefined in N ∧ D, for any x, y ∈{1, 2, 3, 4}. Conflict (N; D; ⊤) ⇒ (N; D; ⊥) provided for y = z (i) f(x, y) = f(x, z) for f(x, y), f(x, z) defined in N ∧ D for some x, y, z or (ii) f(y, x) = f(z, x) for f(y, x), f(z, x) defined in N ∧ D for some x, y, z or (iii) f(x, y) = f(x′,y′) for f(x, y), f(x′,y′) defined in N ∧ D and [x, x′ ∈ {1, 2} or x, x′ ∈{3, 4}] and [y,y′ ∈{1, 2} or y,y′ ∈{3, 4}] and x = x′ or y = y′. Backtrack (N; D′ ∧ f(x, y) ≈ z ∧ D′′; ⊥) ⇒ (N; D′ ∧ f(x, y) ≈ z + 1; ⊤) provided z < 4 and D′′ = ⊤ or D′′ contains only equations of the form f(x′,y′) ≈ 4. Fail (N; D; ⊥) ⇒ (N; ⊤; ⊥) provided D = ⊤ and D contains only equations of the form f(x, y) ≈ 4. Properties: Rules are applied don’t care non-deterministically. An algorithm (set of rules) is sound if whenever it declares having found a solution it actually has computed a solution. It is complete if it finds a solution if one exists. It is terminating if it never runs forever. Proposition 0.1 (Soundness) The rules Deduce, Conflict, Backtrack and Fail are sound. Starting from an initial state (N; ⊤; ⊤): (i) for any final state (N; D; ⊤), the equations in N ∧ D are a solution, and, (ii) for any final state (N; ⊤; ⊥) there is no solution to the initial problem. Proof . (i) So assume a final state (N; D; ⊤) such that no rule is applicable. In particu- lar, this means that for all x, y ∈{1, 2, 3, 4} the square f(x, y) is defined in N ∧ D as for otherwise Deduce would be applicable, contradicting that (N; D; ⊤) is a final state. So all squares are defined by N ∧ D. What remains to be shown is that those assignments actually constitute a solution to the Sudoku. However, if some assignment in N ∧ D results in a repetition of a number in some column, row or 2 × 2 box of the Sudoku, then rule Conflict is applicable, contradicting that (N; D; ⊤) is a final state. In sum, 3 (N; D; ⊤) is a solution to the Sudoku and hence the rules Deduce, Conflict, Backtrack and Fail are sound. (ii) So assume that the initial problem (N; ⊤; ⊤) has a solution. We prove that in this case we cannot reach a state (N; ⊤; ⊥). Let (N; D; ⊤) be an arbitrary state still having a solution. This includes the initial state if D = ⊤. We prove that we can correctly decide the next square. Since (N; D; ⊤) still has a solution the only applicable rule is Deduce and we generate (N; D ∧ f(x, y) ≈ 1; ⊤) for some x, y ∈{1, 2, 3, 4}. If(N; D ∧ f(x, y) ≈ 1; ⊤) still has a solution we are done. So assume (N; D ∧ f(x, y) ≈ 1; ⊤) does not have a solution anymore. But then eventually we will apply Conflict and Backtrack to a state (N; D ∧ f(x, y) ≈ 1 ∧ D′; ⊥) where D′ only contains equations of the form f(x′,y′) ≈ 4 resulting in (N; D ∧ f(x, y) ≈ 2; ⊤). Now repeating the argument we will eventually reach a state (N; D ∧ f(x, y) ≈ k; ⊤) that has a solution. Proposition 0.2 (Completeness) The rules Deduce, Conflict, Backtrack and Fail are complete. For any solution N ∧ D of the Sudoku there is a sequence of rule applications such that (N; D; ⊤) is a final state. Proof . A particular strategy for the rule applications is needed to indeed generate (N; D; ⊤) out of (N; ⊤; ⊤) for some solution N ∧ D. Without loss of generality we assume the assignments in D to be sorted such that assignments to a number k ∈ {1, 2, 3, 4} precede any assignment to some number l>k. So if, for example, N does not assign all four values 1, then the first assignment in D is of the form f(x, y) ≈ 1 for some x, y. Now we apply the following strategy, subsequently adding all assignments from D to (N; ⊤; ⊤). Let us assume we have already achieved state (N; D′; ⊤) and the next assignment from D to be established is f(x, y) ≈ k, meaning f(x, y) is not defined in N ∧ D′. Then until l = k we do the following, starting from l = 1. We apply Deduce adding the assignment f(x, y) ≈ l. If Conflict is applicable to this assignment, we apply Backtrack, generating the new assignment f(x, y) ≈ l + 1 and continue. We need to show that this strategy in fact eventually adds f(x, y) ≈ k to D′. As long as l<k any added assignment f(x, y) ≈ l results in rule Conflict applicable, because D is ordered and all four values for all l<k are already established. The eventual assignment f(x, y) ≈ k does not generate a conflict because D is a solution. For the same reason, the rule Fail is never applicable. Therefore, the strategy generates (N; D; ⊤) out of (N; ⊤; ⊤). Proposition 0.3 (Termination) The rules Deduce, Conflict, Backtrack and Fail ter- minate on any input state (N; ⊤; ⊤). Proof . Once the rule Fail is applicable, no other rule is applicable on the result any- more. So we do not need to consider rule Fail for termination. The idea of the proof is that we assign a measure over the natural numbers to every state such that each rule 4 strictly decreases the measure and that the measure cannot get below 0. For any given state S =(N; D; ∗) with ∗∈ {⊤, ⊥} with D = f(x1,y1) ≈ k1 ∧ ... ∧ f(xn,yn) ≈ kn we 49 n 49−3i assign the measure µ(S) by µ(S)=2 − p − i=1 ki · 2 where p = 0 if ∗ = ⊤ and p = 1 otherwise. The measure µ(S) is well-defined and cannot become negative as n ≤ 16, p ≤ 1, and 1 ≤ ki ≤ 4 for any D. In particular, the former holds because the rule Deduce only adds values for undefined squares and the overall number of squares is bound to 16. What remains to be shown is that each rule application decreases µ. We do this by a case analysis over the rules. 49 n 49−3i 49 n 49−3i 49−3(n+1) Deduce: µ((N; D; ⊤))=2 − i=1 ki · 2 > 2 − i=1 ki · 2 − 1 · 2 = µ((N; D ∧ f(x, y) ≈ 1; ⊤)) 49 n 49−3i 49 n 49−3i Conflict: µ((N; D; ⊤))=2 − i=1 ki · 2 > 2 − 1 − i=1 ki · 2 = µ((N; D; ⊥)) ′ ′′ 49 l−1 49−3i Backtrack: µ((N; D ∧ f(xl,yl) ≈ kl ∧ D ; ⊥)) = 2 −1 − ( i=1 ki · 2 ) − kl · 49−3l n 49−3i 49 l−1 49−3i 49−3l ′ 2 − i=l+1 ki · 2 > 2 − ( i=1 ki · 2 ) − (kl + 1) · 2 = µ(N; D ∧ 49−3l n 49−3i f(xl,yl) ≈ kl + 1; ⊤) in particular because 2 > ki · 2 + 1. i=l+1 Confluence Another important property for don’t care non-deterministic rule based definitions of algorithms is confluence. It means that whenever several sequences of rules are applicable to a given states, the respective results can be rejoined by further rule applications to a common problem state. Proposition 0.4 (Deduce and Conflict are Locally Confluent) Given a state (N; D; ⊤) out of which two different states (N; D1; ⊤) and (N; D2; ⊥) can be generated by Deduce and Conflict in one step, respectively, then the two states can be rejoined to a state (N; D′; ∗) via further rule applications. Proof . Consider an application of Deduce and Conflict to a state (N; D; ⊤) resulting in (N; D ∧ f(x, y) ≈ 1; ⊤) and (N; D; ⊥), respectively. We will now show that in fact we can rejoin the two states.