Labelled Interpolation Systems for HyperResolution, Clausal, and Local Proofs
 1k Downloads
 1 Citations
Abstract
Craig’s interpolation theorem has numerous applications in model checking, automated reasoning, and synthesis. There is a variety of interpolation systems which derive interpolants from refutation proofs; these systems are adhoc and rigid in the sense that they provide exactly one interpolant for a given proof. In previous work, we introduced a parametrised interpolation system which subsumes existing interpolation methods for propositional resolution proofs and enables the systematic variation of the logical strength and the elimination of nonessential variables in interpolants. In this paper, we generalise this system to propositional hyperresolution proofs as well as clausal proofs. The latter are generated by contemporary SAT solvers. Finally, we show that, when applied to local (or split) proofs, our extension generalises two existing interpolation systems for firstorder logic and relates them in logical strength.
Keywords
Craig interpolation Satisfiability checking Resolution1 Introduction
Craig interpolation [14] has proven to be an effective heuristic in applications such as model checking, where it is used as an approximate method for computing invariants of transition systems [39, 54], and synthesis, where interpolants represent deterministic implementations of specifications given as relations [31]. The intrinsic properties of interpolants enable concise abstractions in verification and smaller circuits in synthesis. Intuitively, stronger interpolants provide more precision [29, 46], and interpolants with fewer variables lead to smaller designs [7, 31]. However, interpolation is mostly treated as a black box, leaving no room for a systematic exploration of the solution space. In addition, the use of different interpolation systems complicates a comparison of their interpolants. We present a novel framework which generalises a number of existing interpolation techniques and supports a systematic variation and comparison of the generated interpolants.
1.1 Contributions

The extended system supports hyperresolution (see Sect. 3) and allows for systematic variation of the logical strength (with an additional degree of freedom over [16]) and the elimination of nonessential literals [15] in interpolants.

We generalise (in Sect. 4) our interpolation system for hyperresolution steps to clausal refutations generated by contemporary SAT solvers such as PicoSAT [5], allowing us to avoid the generation of intermediate interpolants.

When applied to local (or split) proofs [30], the extended interpolation system generalises the existing interpolation systems for firstorder logic presented in [32, 55] and relates them in logical strength (Sect. 5).
2 Background
This section introduces our notation (Sect. 2.1) and restates the main results of our previous paper on labelled interpolation systems [16] in Sect. 2.2.
2.1 Formulae and Proofs
In our setting, the term formula refers to either a propositional logic formula or a formula in standard firstorder logic.
2.1.1 Propositional Formulae
We work in the standard setting of propositional logic over a set X of propositional variables, the logical constants \({\mathsf {T}} \) and \({\mathsf {F}} \) (denoting true and false, respectively), and the standard logical connectives \(\wedge \), \(\vee \), \(\Rightarrow \), and \(\lnot \) (denoting conjunction, disjunction, implication, and negation, respectively).
Moreover, let \(\mathtt {Lit}_X = \{x, \overline{x}\,\vert \, x \in X\}\) be the set of literals over X, where \(\overline{x}\) is short for \(\lnot x\). We write \({\mathrm {var}}(t)\) for the variable occurring in the literal \(t\in \mathtt {Lit}_X\). A clause C is a set of literals. The empty clause \(\Box \) contains no literals and is used interchangeably with \({\mathsf {F}} \). The disjunction of two clauses C and D is their union, denoted \(C \vee D\), which is further simplified to \(C \vee t\) if D is the singleton \(\{t\}\). In clauses, we sometimes omit the disjunction \(\vee \) to save space. A propositional formula in conjunctive normal form (CNF) is a conjunction of clauses, also represented as a set of clauses.
2.1.2 FirstOrder Logic
The logical connectives from propositional logic carry over into firstorder logic. We fix an enumerable set of variables, function and predicate symbols over which formulae are built in the usual manner. The vocabulary of a formula A is the set of its function and predicate symbols. \({\mathcal {L}}({A})\) refers to the set of wellformed formulae which can be built over the vocabulary of A.
Variables may be universally \((\forall )\) or existentially \((\exists )\) quantified. A formula is closed if all its variables are quantified and ground if it contains no variables. As previously, conjunctions of formulae are also represented as sets.
Given a formula A in either firstorder or propositional logic, we use \({\mathrm {Var}}(A)\) to denote the set of free (unquantified) variables in A.
2.1.3 Inference Rules and Proofs
The propositional resolution rule \(({\mathrm {Res}})\), for example, is a sound inference rule stating that an assignment satisfying the clauses \(C \vee x\) and \(D \vee \overline{x}\) also satisfies \(C \vee D\). The clauses \(C \vee x\) and \(D \vee \overline{x}\) are the antecedents, x is the pivot, and the conclusion \(C \vee D\) is called the resolvent. \({\mathrm {Res}}(C,D,x)\) denotes the resolvent of C and D with the pivot x.
Definition 1
(Proof) A proof (or derivation) P in an inference system \({\mathcal {I}}_P\) is a directed acyclic graph \((V_P, E_P, \ell _P, \mathtt {s}_P)\), where \(V_P\) is a set of vertices, \(E_P\) is a set of edges, \(\ell _P\) is a function mapping vertices to formulae, and \(\mathtt {s}_P \in V_P\) is the sink vertex. An initial vertex has indegree 0. All other vertices are internal and have indegree \(\ge 1\). The sink has outdegree 0. Each internal vertex v with edges \((v_1, v), \ldots , (v_m, v) \in E_P\) is associated with an inference rule \({\mathsf {Inf}}\in {\mathcal {I}}_P\) with antecedents \(\ell _P(v_1), \ldots , \ell _P(v_m)\) and conclusion \(\ell _P(v)\).
The subscripts above are dropped if clear. A vertex \(v_i\) in P is a parent of \(v_j\) if \((v_i,v_j) \in E_P\). A proof P is a refutation if \(\ell _P(\mathtt {s}_P)={\mathsf {F}} \). Let A and B be conjunctive formulae. A refutation P of an unsatisfiable formula \(A\wedge B\) is an (A, B)refutation (i.e., for each initial vertex \(v\in V_P\), \(\ell _P(v)\) is a conjunct of A or a conjunct of B). A proof is closed (ground, respectively) if \(\ell _P(v)\) is closed (ground) for all \(v\in V_P\).
In the following, we use the propositional resolution calculus to instantiate Definition 1.
Definition 2
(Resolution Proof) A resolution proof R is a proof in the inference system comprising only the resolution rule \({\mathsf {Res}}\). Consequently, \(\ell _R\) maps each vertex \(v\in V_R\) to a clause, and all internal vertices have indegree 2. Let \({ piv }_R\) be the function mapping internal vertices to pivot variables. For an internal vertex v and \((v_1, v), (v_2, v) \in E_R\), \(\ell _R(v) = {\mathrm {Res}}(\ell _R(v_1), \ell _R(v_2),{ piv }_R(v))\).
Note that the value of \(\ell _R\) at internal vertices is determined by that of \(\ell _R\) at initial vertices and the pivot function \({ piv }_R\). We write \(v^+\) for the parent of v with \({ piv }(v)\) in \(\ell (v^+)\) and \(v^\) for the parent with \(\lnot { piv }(v)\) in \(\ell (v^)\).
A resolution proof R is a resolution refutation if \(\ell _R(\mathtt {s}_R) = \Box \).
2.2 Interpolation Systems and Labelling Functions
There are numerous variants and definitions of Craig’s interpolation Theorem [14]. We use the definition of a Craig interpolant introduced by McMillan [39]:
Definition 3
(Interpolant) A Craig interpolant for a pair of formulae (A, B), where \(A \wedge B\) is unsatisfiable, is a formula I whose free variables, function and predicate symbols occur in both A and B, such that \(A \Rightarrow I\) and \(B \Rightarrow \lnot I\) hold.
Craig’s interpolation theorem guarantees the existence of such an interpolant for unsatisfiable pairs of formulae (A, B) in first order logic. Consequently, it also holds in the propositional setting, where the conditions of Definition 3 reduce to \(A\Rightarrow I\), \(B\Rightarrow \lnot I\), and \({\mathrm {Var}}(I) \subseteq {\mathrm {Var}}(A) \cap {\mathrm {Var}}(B)\).
Example 1
Let \(A=(\overline{x}_0)\wedge (x_0\vee x_2)\wedge (\overline{x}_1\vee \overline{x}_2)\) and \(B=(\overline{x}_2)\wedge (x_1\vee x_2)\). Then \(I=\overline{x}_1\) is an interpolant for (A, B). Intuitively, \(\overline{x}_1\) interpolant acts as a “separator” for the underlying refutation proof (the leftmost proof in Fig. 1). By setting \(\overline{x}_1\) to \({\mathsf {F}} \) we obtain a refutation of the Apartition, as illustrated in Fig. 1. Similarly, setting \(\overline{x}_1\) to \({\mathsf {T}} \) yields a refutation for B—the interpolant can be understood as a multiplexer. Equivalently, I is \({\mathsf {T}}\) if A is \({\mathsf {T}}\), and \(\lnot I\) is \({\mathsf {T}}\) if B is \({\mathsf {T}}\).
Numerous techniques to construct interpolants have been proposed (c.f. Sect. 6). In particular, there is a class of algorithms that derive interpolants from proofs; the first such algorithm for the sequent calculus is presented in Maehara’s constructive proof [37] of Craig’s theorem. In this paper, we focus on interpolation systems that construct an interpolant from an (A, B)refutation by mapping the vertices of a resolution proof to a formula called the partial interpolant.
Formally, an interpolation system \({\mathsf {Itp}}\) is a function that given an (A, B)refutation R yields a function, denoted \({\mathsf {Itp}}(R,A,B)\), from vertices in R to formulae over \({\mathrm {Var}}(A)\cap {\mathrm {Var}}(B)\). An interpolation system is correct if for every (A, B)refutation R with sink \(\mathtt {s}\), it holds that \({\mathsf {Itp}}(R,A,B) (\mathtt {s})\) is an interpolant for (A, B). We write \({\mathsf {Itp}}(R)\) for \({\mathsf {Itp}}(R,A,B) (\mathtt {s})\) when A and B are clear. Let v be a vertex in an (A, B)refutation R. The pair \((\ell (v), {\mathsf {Itp}}(R,A,B) (v))\) is an annotated clause and is written \(\ell (v)\;[{\mathsf {Itp}}(R,A,B) (v)]\) in accordance with [40].
 1.
\(L_R(v,t) = \bot \) iff \(t \notin \ell _R(v)\)
 2.
\(L_R(v,t) = L_R(v_1,t) \sqcup \cdots \sqcup L_R(v_m,t)\) for an internal vertex v, its parents \(\{v_1, \ldots , v_m\}\), and literal \(t \in \ell _R(v)\).
Definition 5
 1.
\({\textsf {a}} \sqsubseteq L(v,t)\) implies that \({\mathrm {var}}(t)\in {\mathrm {Var}}(A)\), and
 2.
\({\textsf {b}} \sqsubseteq L(v,t)\) implies that \({\mathrm {var}}(t)\in {\mathrm {Var}}(B)\).
For a given labelling function L, we define the downward projection of a clause at a vertex v with respect to \({\textsf {c}} \in {\mathcal {S}}\) as \( \ell (v)\downharpoonright _{{\textsf {c}},L} \mathop {=}\limits ^{\tiny def }\{t \in \ell (v)\,\vert \, L(v,t) \sqsubseteq {\textsf {c}} \}\) and the upward projection \( \ell (v)\upharpoonright _{{\textsf {c}},L}\) as \( \ell (v)\upharpoonright _{{\textsf {c}},L} \mathop {=}\limits ^{\tiny def }\{t \in \ell (v)\,\vert \, {\textsf {c}} \sqsubseteq L(v,t)\}\). The subscript L is omitted if clear from the context.
Definition 6
(Labelled Interpolation System for Resolution) Let L be a locality preserving labelling function for an (A, B)refutation R. The labelled interpolation system \({\mathsf {Itp}}(L)\) maps vertices in R to partial interpolants as defined in Fig. 2.
Labelling functions provide control over the interpolants constructed from a resolution proof. Firstly, labelled interpolation systems support the elimination of nonessential (peripheral [50], respectively) variables from interpolants [15]. Secondly, labelled interpolation systems—and their respective interpolants—are ordered by logical strength. A labelled interpolation system \({\mathsf {Itp}}(L)\) is stronger than \({\mathsf {Itp}}(L^{\prime })\) if for all refutations R (for which L and \(L^{\prime }\) are locality preserving labelling functions), \({\mathsf {Itp}}(L,R) \Rightarrow {\mathsf {Itp}}(L^{\prime },R)\). The partial order \(\preceq \) on labelling functions (first introduced in [16]) guarantees an ordering in strength:
Theorem 2 in [16] shows that if L is a stronger labelling function than \(L^{\prime }\), the interpolant obtained from \({\mathsf {Itp}}(L)\) logically implies the one obtained from \({\mathsf {Itp}}(L^{\prime })\).
3 Interpolation for HyperResolution
In this section, we extend labelled interpolation systems to a richer inference system, in particular, the inference system comprising (propositional) hyperresolution [43]. Hyperresolution is a condensation of a derivation consisting of several resolutions and avoids the construction of intermediate clauses. Hyperresolution has several applications in propositional satisfiability checking, such as preprocessing [21] of formulae or as an integral part of the solver (e.g., [2]).
Definition 8
(HyperResolution Proof) A hyperresolution proof R is a proof using only the inference rule \({\mathsf {HyRes}}\). Accordingly, \(\ell _R\) maps each vertex \(v\in V_R\) to a clause, and all internal vertices have indegree \(\ge 2\). Each internal vertex v has \(n\ge 1\) parents \(v^+_1, \ldots , v^+_n\) such that \(\ell _R(v^+_i)=C_i\vee x_i\) and one parent \(v^\) with \(\ell _R(v^)=\overline{x}_1\vee \cdots \vee \overline{x}_n\vee D\), and consequently, \(\ell _R(v)=\bigvee _{i=1}^n C_i\vee D\).
The definition of labelling functions (Definition 4) readily applies to hyperresolution proofs. Note that \(\preceq \) is not a total order on labelling functions. Lemma 1 (a generalisation of Lemma 3 in [16] to hyperresolution proofs) enables a comparison of labelling functions based solely on the values at the initial vertices.
Lemma 1
Let L and \(L^{\prime }\) be labelling functions for an (A, B)refutation R. If \(L(v,t) \preceq L^{\prime }(v,t)\) for all initial vertices v and literals \(t \in \ell (v)\), then \(L \preceq L^{\prime }\).
Definition 9
(Labelled Interpolation System for HyperResolution) Let L be a locality preserving labelling function for an (A, B)refutation R, where R is a hyperresolution proof. The labelled interpolation system \({\mathsf {Itp}}(L)\) maps vertices in R to partial interpolants as defined in Fig. 4.
The interpolation system leaves us a choice for internal nodes \(AB\)HyRes. We will use \({\mathsf {Itp}}_1\) (\({\mathsf {Itp}}_2\), respectively) to refer to the interpolation system that always chooses case 1 (case 2, respectively). Note furthermore that Definitions 6 and 9 are equivalent in the special case where \(n=1\).
Remark 1
Note that unlike the interpolation system for ordinary resolution proofs presented in Definition 6, \({\mathsf {Itp}}\) is not total for hyperresolution proofs: the case split requires the pivots of the hyperresolution step to be uniformly labelled, i.e., the rules \(A\)HyRes, \(AB\)HyRes, and \(B\)HyRes require \(L(v^+_i, x_i)\sqcup L(v^, \overline{x}_i)\) to be \({\textsf {a}} \), Open image in new window , or \({\textsf {b}} \), respectively, for all \(i\in \{1, \ldots , n\}\). This limitation is addressed in Sect. 4.1.
In the following we present a conditional correctness result:
Theorem 1
(Correctness) For any (A, B)refutation R (where R is a hyperresolution proof) and locality preserving labelling function L, \({\mathsf {Itp}}(L,R)\) (if defined) is an interpolant for (A, B).

\(A\wedge \lnot (C\upharpoonright _{{\textsf {a}},L})\Rightarrow I\),

\(B\wedge \lnot (C\upharpoonright _{{\textsf {b}},L})\Rightarrow \lnot I\), and

\(\text {Var}(I)\subseteq \text {Var}(A)\cap \text {Var}(B)\).
We emphasise that Theorem 1 does not constrain the choice for the case \(AB\)HyRes. Since both \({\mathsf {Itp}}_1(L,R)\) and \({\mathsf {Itp}}_2(L,R)\) satisfy the conditions above, this choice does not affect the correctness of the interpolation system. In fact, it is valid to mix both systems by defining a choice function \(\chi : V_R\rightarrow \{1,2\}\) which determines which interpolation system is chosen at each internal node. We use \({\mathsf {Itp}}_{\chi }(L,R)\) to denote the resulting interpolation system. This modification, however, may have an impact on the logical strength of the resulting interpolant.
Theorem 2
Let the hyperresolution proof R be an (A, B)refutation and L be a locality preserving labelling function. Moreover, let \({\mathsf {Itp}}_{\chi }(L,R)\) and \({\mathsf {Itp}}_{\chi ^{\prime }}(L,R)\) be labelled interpolation systems (defined for L, R) with the choice functions \(\chi \) and \(\chi ^{\prime }\), respectively. Then \({\mathsf {Itp}}_{\chi }(L,R)\Rightarrow {\mathsf {Itp}}_{\chi ^{\prime }}(L,R)\) if \(\chi (v)\le \chi ^{\prime }(v)\) for all internal vertices \(v\in V_R\).
Proof sketch
Note that the converse implication does not hold; a simple counterexample for an internal vertex with \(n=2\) is the assignment \(x_1=x_2={\mathsf {F}} \), \(I_1={\mathsf {T}} \), and \(I_2=I_3={\mathsf {F}} \).
The final theorem in this section extends the result of Theorem 2 in [16] to hyperresolution proofs:
Theorem 3
If L and \(L^{\prime }\) are labelling functions for an (A, B)refutation R (R being a hyperresolution proof) and \(L \preceq L^{\prime }\) such that \({\mathsf {Itp}}_i(L,R)\) as well as \({\mathsf {Itp}}_i(L^{\prime },R)\) are defined, then \({\mathsf {Itp}}_i(L,R) \Rightarrow {\mathsf {Itp}}_i(L^{\prime },R)\) (for a fixed \(i\in \{1,2\}\)).
The proof of Theorem 3, provided in Appendix 1, is led by structural induction over R. For any vertex v in R, let \(I_v\) and \(I^{\prime }_v\) be the partial interpolants due to \({\mathsf {Itp}}_i(L,R)\) and \({\mathsf {Itp}}_i(L^{\prime },R)\), respectively. We show that Open image in new window for all vertices v, establishing \(I_v\Rightarrow I_v^{\prime }\) for the sink to show that \({\mathsf {Itp}}_i(L,R) \Rightarrow {\mathsf {Itp}}_i(L^{\prime },R)\).
Theorems 2 and 3 enable us to finetune the strength of interpolants, since the sets of all labelling and choice functions ordered by \(\preceq \) and \(\le \), respectively, form complete lattices (c.f. [16, Theorem 3]). Finally, we remark that the Theorems 2 and 3 are orthogonal. The former fixes the labelling function L, whereas the latter fixes the choice function \(\chi \).
4 Interpolation for Clausal Proofs
Contemporary SAT solvers such as MiniSAT [17] and PicoSAT [5] are based on conflictdriven clause learning (CDCL) [49]. The CDCL algorithm avoids the repeated exploration of conflicting variable assignments by caching the causes of failures in the form of learned clauses. To this end, the solver stores assignments (decisions) and their implications in an implication graph, from which it derives learned clauses in case of a conflict. We refrain from providing a description of CDCL, since numerous excellent expositions are available (e.g., [6, 34]). The following example, borrowed from [38], illustrates the construction of resolution proofs in CDCL solvers.
Example 2
The learned clause in Example 2 is a consequence of clauses of the original instance and previously learned clauses. Each learned clause is the conclusion of a chain of resolution steps.
Definition 10
(Chain) A (resolution) chain of length n is a tuple consisting of an input clause \(D_0\) and an ordered sequence of clausepivot pairs \(\langle C_i, x_i\rangle \) (where \(1\le i\le n\)). The final resolvent \(D_n\) of a resolution chain is defined inductively as \(D_i={\mathrm {Res}}(D_{i1},C_i, x_i)\).

Regularity: each pivot variable is resolved upon at most once in the chain.

Linearity: each intermediate clause \(D_i\) \((1\le i\le n)\) in a chain is obtained by deriving \(D_{i1}\) with an initial clause \(C_j\) (\(2\le j\le n\)) or with a previously derived clause \(D_k\) (\(k<i1\)).

Treelikeness: each derived clause is used exactly once in the chain.
If \(D_0\) is a nucleus and \(C_1, \ldots , C_n\) are suitable satellites, the chain can be replaced by a hyperresolution step assuming its conclusion \(D_n\) satisfies the \({\mathrm {HyRes}}\) rule. In general, this may not be the case: \(D_0=\{x_1,\,x_2\}, C_1=\{\overline{x}_2,\,x_3\}, C_2=\{\overline{x}_3,\,x_4\}\) is a valid resolution chain (with conclusion \(\{x_1,x_4\}\)) that does not match the antecedents \({\mathrm {HyRes}}\) rule.

The pivot literals \(\bigcup _{i=1}^n P_i\) do not occur in the conclusion of the chain.
Remark 2 The algorithm resolves upon pivot literals that are implied but not yet assigned at the respective node in the implication graph. Accordingly, the clauses preceding the node in the implication graph cannot contain the implied literal, since they would otherwise not be unit. Therefore, a pivot literal, once resolved, is never reintroduced in a resolution chain.

The conjunction \(\bigwedge _{i=1}^n P_i\) is unsatisfiable (guaranteed by the existence of a resolution chain).
Definition 11
Analogously to Definition 8, we introduce the notion of a clausal proof.
Definition 12
(Clausal Proof) A clausal proof R is a proof using only the inference rule \({\mathsf {TCRes}}\). Accordingly, \(\ell _R\) maps each vertex \(v \in V_R\) to a clause and every internal vertex v has \(n \ge 2\) parents \(v_1, \ldots , v_n\) such that \(\ell _R(v_i) = C_i \vee P_i\) (as in Definition 11). Consequently, \(\ell _R(v)=\bigvee _{i=1}^n C_i\).
The following definition extends the interpolation system for hyperresolution proofs presented in Sect. 3 to clausal proofs.
Definition 13
(Labelled Interpolation System for Clausal Proofs) Let L be a locality preserving labelling function for an (A, B)refutation R, where R is a clausal proof. The labelled interpolation system \({\mathsf {Itp}}(L)\) maps vertices in R to partial interpolants as defined in Fig. 6.
Note that the interpolation system in Definition 13 is a generalisation of the interpolation system for hyperresolution (Definition 9). Its correctness is established using a similar argument as used for Theorem 1. The proof of the following theorem is provided in Appendix 1.
Theorem 4
(Correctness) For any (A, B)refutation R (where R is a clausal proof) and locality preserving labelling function L, \({\mathsf {Itp}}(L,R)\) (if defined) is an interpolant for (A, B).
The results of Theorems 2 and 3 can be generalised to clausal proofs in a straightforward manner. We omit the discussion of the details.
4.1 Splitting and Reordering Resolution Chains
Just like the interpolation system for hyperresolution proofs, the interpolation system in Definition 13 has the deficiency that the function \({\mathsf {Itp}}(L)\) is not total: there are labelling functions L for which the result of \({\mathsf {Itp}}(L)\) is undefined. This problem arises whenever the pivots in a TraceCheck resolution step are not uniformly labelled, and therefore none of the rules in Fig. 6 is applicable.
Each hyperresolution or TraceCheck resolution step may need to be rewritten into several subsequent uniformly labelled steps, thus changing the proof structure. Note that the results on the relative strength of interpolants in Sect. 3 naturally only apply if both proofs have the same structure. The effect of the order of resolution steps on the strength of interpolants is discussed in [16, Section 5.2] and exceeds the scope of this paper.
The number of resolution steps resulting from splitting depends on the order of the pivots in the given resolution chain, as demonstrated in the following example.
Example 3
The final resolvent of a chain may depend on the order of the ordinary resolution steps: literal \(\overline{x}_2\) is reintroduced after being eliminated in the modified chain, while it is merged and eliminated once and for all in the original chain.
In the absence of merge literals, this issue does not arise. For this reason, [56] prohibits merge literals in resolution chains (in addition to requiring that the premises match the \({\mathrm {HyRes}}\) rule). While this guarantees that a any permutation of the clausepivot sequence still represents a valid resolution chain and leaves the final resolvent unaffected (an immediate consequence of [16, Lemma 4]), the requirement is overly restrictive. In the following, we discuss conditions under which reordering does not invalidate the proof even in the presence of merge literals.
 1.
If \(t_0 \in C_3\) then \(t_0 \in C\), but \(t_0 \notin C^{\prime }\).
 2.
If \(t_1 \in C_2\) then \(t_1 \notin C\), but \(t_1 \in C^{\prime }\).
As explained in Remark 4, the former case does not occur in resolution chains generated by CDCL, since resolved literals are never reintroduced. In the second case, however, the swap introduces a literal into an (intermediate) resolvent. Since the resolution chain is regular, this literal propagates to the final resolvent of the chain, potentially invalidating the clausal proof.
Instead of prohibiting the transformation in general, however, it is possible to analyse the underlying resolution proof R to determine whether the literal introduced by the transformation is eliminated along all paths to the sink of the proof [3, 9, 19]. The set of literals eliminated along all paths from \(v\in V_R\) to \(\mathtt {s}_R\) can be defined as the meetoverallpaths in the terminology of dataflow analysis:
Definition 14
A solution to the dataflow equation in Definition 14 can be computed in linear time since the graph R is acyclic. For the proof to the left of Fig. 9 we obtain \(\sigma (v)=\{x_3\}\) and \(\sigma (w)=\{\overline{x}_2,x_3\}\), for instance.
Let v be the final vertex of the trivial resolution derivation that corresponds to a given resolution chain. A swap of two vertices of the chain that introduces a literal t in \(\ell (v)\) is admissible iff \(t\in \sigma (v)\). Accordingly, the literal t is introduced in the conclusion (final resolvent, respectively) of the chain. The proof remains valid since t is subsequently eliminated.
Example 4
The interpolation system in Definition 13 remains applicable to the transformed clausal proof, since conclusions of TraceCheck resolution steps may always be weakened. The transformation may, however, affect the labelling of the pivots of the subsequent resolution steps. This might be undesirable, if it forces us to split subsequent chains. It is possible to avoid a change of the labelling by computing safe labels for the literals in a proof.
Definition 15
The safe labels \(\varsigma \) are computed in lockstep with \(\sigma \) (Definition 14). Whenever a literal \(t\in \sigma (v)\) introduced into \(\ell (v)\) is labelled such that \(L(v,t)\sqsubseteq \varsigma (v,t)\), then the labelling of the pivots in the subsequent resolution steps remains unchanged [9].
Example 5
For the resolution refutation in Fig. 12 we obtain Open image in new window . Swapping the vertices v and w introduces \(\overline{x}_2\) in \(\ell (p)\) with \(L(p,\overline{x}_2)={\textsf {a}} \). Consequently, the labelling of the pivot in the final resolution step is preserved.
The empirical evaluation in the following section motivates the use of interpolation systems for clausal proofs.
4.2 Empirical Results
We implemented the labelled interpolation system for clausal proofs as an extension to the TraceChecktool.^{2} TraceCheck ’s original purpose is the verification of the output of SAT solvers, based on proof certificates stored in the TraceCheckformat.
Our interpolation system can be easily incorporated into TraceCheck. The only significant change arises from splitting the resolution chains to establish that \({\mathsf {Itp}}(L)\) is defined for a given labelling function L, as described in Sect. 4.1. Our implementation currently does not try to reduce the number of splits by means of reordering.
For the experimental evaluation of our implementation, we use benchmarks from reactive synthesis [8] obtained via the interpolationbased relation determinisation technique presented in [31]. We use PicoSAT 957 [5] to obtain clausal proofs in the TraceCheckformat. We limit the proofs to those with a file size between 100 kB and 10 MB, resulting in 133 benchmarks. We label the literals in Aclauses \({\textsf {a}} \) and the literals in Bclauses \({\textsf {b}} \), which provably results in the introduction of fewer literals than other labellings [9, 15]. All experiments were executed on an Intel Core i5 M560 at 2.67 GHz and with 8 GB of RAM.
0 %  25 %  50 %  75 %  100 %  

split (s)  0.01  0.17  0.52  1.40  4.85 
binary (s)  0.06  0.63  1.79  5.55  54.09 
We use the AndInverterGraph (AIG) library AIGER^{4} to store interpolants. The library performs trivial simplifications and structural hashing to keep the circuit size small. The graph on the left of Fig. 18 shows that the interpolants extracted from clausal proofs are consistently smaller than interpolants generated by the conventional interpolation technique.
5 Local Refutations and HyperResolution
Jhala and McMillan demonstrate in [30, Theorem 3] that the applicability of propositional interpolation systems is not restricted to propositional logic. If a firstorder refutation R has a certain structure, namely if for each inference step in R the antecedents as well as the conclusion are either entirely in \({\mathcal {L}}({A})\) or in \({\mathcal {L}}({B})\), then one can use a propositional interpolation system (such as the ones in Sects. 2.2 and 3) to construct an interpolant that is a Boolean combination of the formulae in R. Kovács and Voronkov subsequently arrived at a similar result [32].
We recapitulate the results from [30, 32] before we proceed to show that our interpolation system from Definition 9 generalises the system of [32] as well as a variation of [32] presented in [55].
Definition 16
(Local Refutation) An (A, B)refutation R in a given inference system for firstorder logic is local if there exists a total partitioning function \(\pi _R: V_R\rightarrow \{A,B\}\) such that for all edges \((v_1,v_2)\in E_R\) we have \(\ell _R(v_1),\ell _R(v_2)\in {\mathcal {L}}({\pi _R(v_2)})\).
While proofs in general do not have this property, there is a variety of decision procedures that yield local (ground) refutations. The construction of local proofs is addressed in [20, 30, 32, 41], to name only a few.
The following operation, which resembles the constructions in [32, Lemma 8], [30, Theorem 3], and [20, Section 5.5]), extracts a premise in \({\mathcal {L}}({A})\) (\({\mathcal {L}}({B})\), respectively) for a vertex \(v\in V_R\) with \(\pi (v)=A\) (\(\pi (v)=B\), respectively) from a local refutation R.
Definition 17
Intuitively, Apremise(v) comprises the leaves of the largest subderivation S rooted at v such that \(\pi (u)=A\) for all internal vertices \(u\in V_S\).^{5} If the underlying inference system is sound, we have \(\{\ell (u)\,\vert \, u\in A\text {premise}(v)\}\models \ell (v)\). If, moreover, \(\ell (v)\) as well as all formulae of Apremise(v) are closed, we make the following observation (c.f. related results in [32, Lemma 1] and [20, Lemma 3]):
Corollary 1
Corollary 1 is a pivotal element in our proof of the following theorem:
Theorem 5
(c.f. [30, Theorem 3]) Let R be a closed local (A, B)refutation in a sound inference system. Then one can extract a Craig interpolant from R using a propositional interpolation system.
Proof
Let \(v\in V_R\) be such that \(\pi (v)=A\). If v is initial, then either A or B contains the unit clause \(C_v=\ell (v)\). Otherwise, according to Corollary 1, the clause \(C_v=(\{\lnot \ell (u)\,\vert \,u\in A\text {premise}(v)\}\vee \ell (v))\) is tautological (and therefore implied by A). Moreover, it follows from Definition 16 that if \(u\in A\)premise(v) is not an initial vertex of R then \(\ell _R(u)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) holds. Accordingly, \(C_v\in {\mathcal {L}}({A})\), and we add \(C_v\) to A. A similar argument holds for \(v\in V_R\) with \(\pi (v)=B\).
By construction, the resulting set of clauses \(C_v\), \(v\in V_R\), is propositionally unsatisfiable [30, 32]; also, each clause is implied by either A or B. Moreover, all literals with \(t\in {\mathcal {L}}({A}){\setminus }{\mathcal {L}}({B})\) (\(t\in {\mathcal {L}}({B}){\setminus }{\mathcal {L}}({A})\), respectively) are local to A (B, respectively). Accordingly, it is possible to construct an interpolant for (A, B) using the interpolation systems presented in Sects. 2.2 and 3. \(\square \)
Example 6
Kovács and Voronkov avoid the explicit construction of a resolution proof by defining their interpolation system directly on the local proof [32, Theorem 11]:
Definition 18
Let R be a local and closed (A, B)refutation. The interpolation system \({\mathsf {Itp}}_{KV}\) maps vertices \(v\in V_R\), for which \(\ell _R(v)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) holds, to partial interpolants as defined in Fig. 20.
Remark
In addition to the condition in Definition 16, Kovács and Voronkov require that for each \(v\in V_R\) with predecessors \(v_1, \ldots , v_n\), \(\ell (v)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) if \(\ell (v_i)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) for all \(i\in \{1, \ldots , n\}\). A local derivation satisfying this condition is symboleliminating, i.e., it does not introduce “irrelevant” symbols. This technical detail allows the leaves of R to be merely implied by A (or B) instead of being actual elements of A (B, respectively), while preserving the correctness of the interpolation system. This effectively enables interpolation for nonclosed formulae (A, B).
We proceed to show one of the main results of this paper, namely that our interpolation system \({\mathsf {Itp}}\) from Definition 9 is able to simulate the interpolation system \({\mathsf {Itp}}_{KV}\).
Theorem 6
Let R be a local and closed (A, B)refutation. Then we can construct a hyperresolution refutation H of (A, B) and a locality preserving labelling function L such that for each \(v\in V_R\) with \(\ell _R(v)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) there exists a corresponding vertex \(u\in V_H\) such that \({\mathsf {Itp}}_{KV}(R) (v)\Leftrightarrow {\mathsf {Itp}}_1(L,H) (u)\).
Proof sketch
 1.
\(\ell _H(u_i)=\ell _R(v_i)\) for \(1\le i\le n\), and
 2.
\({\mathsf {Itp}}_1(L,H) (u_i)\Leftrightarrow {\mathsf {Itp}}_{KV}(R) (v_i)\) for \(1\le i \le m\), and
 3.
\({\mathsf {Itp}}_1(L,H) (u_j)=\left\{ \begin{array}{ll} {\mathsf {F}} &{} \text {if }\ell (v_j)\in A\\ {\mathsf {T}} &{} \text {if }\ell (v_j)\in B \end{array}\right. \) for \(m< j\le n\).
We proceed to show that our system for hyperresolution also generalises another existing interpolation system for local refutations. In [55], we introduced the following variation of the interpolation system in Definition 18:
Definition 19
The following theorem states that the interpolation system in Definition 9 is powerful enough to simulate \({\mathsf {Itp}}_{W}\).
Theorem 7
Let R be a local and closed (A, B)refutation. Then we can construct a hyperresolution refutation H of (A, B) and a locality preserving labelling function L such that for each \(v\in V_R\) with \(\ell _R(v)\in {\mathcal {L}}({A})\cap {\mathcal {L}}({B})\) there exists a corresponding vertex \(u\in V_H\) such that \({\mathsf {Itp}}_{W}(R) (v)\Leftrightarrow {\mathsf {Itp}}_2(L,H) (u)\).
The proof is essentially equivalent to the proof of Theorem 6. Moreover, as a consequence of Theorem 2, \({\mathsf {Itp}}_{KV}\) is stronger than \({\mathsf {Itp}}_{W}\).
Corollary 2
Let R be a closed local (A, B)refutation in a sound inference system. Then \({\mathsf {Itp}}_{KV}(R)\Rightarrow {\mathsf {Itp}}_{W}(R)\).
6 Related Work
There is a vastly growing number of different interpolation techniques; a recent survey of interpolation in decision procedures is provided by [10]. An exposition of interpolation techniques for SMT solvers can be found in [13]. The work of Yorsh and Musuvathi [58] enables the combination of theoryspecific and propositional interpolation techniques [16, 28, 33, 39, 42].
The novel interpolation system presented in Sect. 3 extends our prior work on propositional interpolation systems [16]. The idea of using labelling functions (initially introduced in [50] in the context of LTL vacuity detection to determine the peripherality of variables in resolution proofs) is common to both approaches. In [16], the partial interpolants are determined by the labelling of the literals in the initial vertices, while the system presented in Sect. 3 adds an additional degree of freedom by allowing us to make a choice at each internal node.
Recent work by Vizel and Gurfinkel [24] addresses the construction of interpolants from clausal/DRUP proofs (whose size is reduced by means of trimming [25]). Their interpolation system splits partial interpolants into two components, one of which is kept in CNF. Their algorithm restructures the DRUP proof onthefly in order to increase the size of the component kept in CNF. Earlier work by Vizel et al. [53] targets the construction of interpolants in CNF by first constructing an overapproximation of an interpolant, which is then refined using inductive strengthening [11].
There is a number of techniques to reduce the size of resolution proofs [3, 9, 19]. These techniques target binary resolution proofs, however. The combination of labelled interpolation systems for binary resolution proofs and proof reduction has also been studied extensively by Rollini et al. [44, 45].
A number of interpolation techniques rely on local proofs (e.g., [20, 30, 32, 36, 41]). Not all interpolation techniques are based on local proofs, though: McMillan’s interpolating inference system for equality logic with uninterpreted functions and linear arithmetic [40], for instance, performs an implicit conversion of the proof. In [35], propositional proofs of bitvector formulas are lifted to proofs in equality logic. The approach presented in [47] avoids the construction of proofs altogether and handles theory combination by reduction to a base theory as in [51] or [52]. InterHorn [23] extracts interpolants from firstorder resolution proofs generated by a Hornclause solver. Sharma et al. show how to compute interpolants without proofs using machine learning techniques [48].
Hoder et al. [26] present a technique that enables the variation of interpolants by finetuning the partitioning in Definition 16. In Example 6, for instance, changing \(\pi (w)=B\) to \(\pi (w)=A\) results in propositional proof that does not contain the literal \((\mathtt{z} < \mathtt{x})\). Accordingly, the term does not occur in the resulting interpolant. This approach can be combined with our interpolation system in a straight forward manner.
An extension of [16] to sequence interpolants is presented in [46]. A survey of interpolationbased model checking techniques is provided in [54]. Interpolationbased synthesis is discussed in [27, 31]. Other applications of interpolation algorithms include fault localization [59] and error explanation [18, 57], where the quality of interpolants can impact the utility of the diagnosis.
7 Consequences and Conclusion
We present a novel interpolation system for hyperresolution proofs which generalises our previous work [16]. We subsequently generalise this interpolation system to clausal proofs, generated by contemporary SAT solvers. By defining a rule that addresses hyperresolution or clausal resolution steps (introduced by preprocessing [21] or extracted from resolution chains), we avoid the construction of intermediate partial interpolants, resulting in reduced memory consumption and smaller intermediate interpolants. As future work, we will investigate whether proof restructuring [24] and heuristics based on proof analysis [9] can result in a further reduction of splitting.
By applying our technique to local proofs, we combine a number of firstorder [32, 55] and propositional interpolation techniques [28, 33, 39, 42] into one uniform interpolation approach. As in [30], our approach avoids an explicit theory combination step [58]. Therefore, it enables the variation of interpolant strength and the elimination of nonessential literals across the theory boundary.
Footnotes
 1.
 2.
 3.
Note that this transformation affects the whole proof, resulting in high memory usage. \({\mathsf {TCRes}}\) offers a natural way to compute interpolants for resolution chains without intermediate clauses. Alternatively, one could apply ordinary resolution iteratively on resolution chains and retain only partial interpolants at the end of a chain. We did not experimentally evaluate the latter approach.
 4.
 5.
In particular, it is possible to choose \(\pi _R\) in such a manner that S is the largest subderivation rooted at v in R such that \(\ell _R(u)\in {\mathcal {L}}({A})\) for all \(u\in V_S\). This corresponds to the setting in [32, Lemma 8].
Notes
Acknowledgments
Open access funding provided by Austrian Science Fund (FWF). We would like to thank Armin Biere and his coauthors for providing TraceCheck and AIGER as open source software under a permissive license. We thank Adrián RebolaPardo for his helpful comments.
References
 1.Andrews, P.B.: Resolution with merging. J. ACM 15(3), 367–381 (1968)CrossRefMATHGoogle Scholar
 2.Bacchus, F.: Enhancing davis putnam with extended binary clause reasoning. In: Eighteenth National Conference on Artificial Intelligence, pp. 613–619. American Association for Artificial Intelligence, Menlo Park (2002)Google Scholar
 3.BarIlan, O., Fuhrmann, O., Hoory, S., Shacham, O., Strichman, O.: Lineartime reductions of resolution proofs. Technical Report IE/IS200802, Technion (2008)Google Scholar
 4.Beame, P., Kautz, H., Sabharwal, A.: Towards understanding and harnessing the potential of clause learning. J. Artif. Intell. Res. 22(1), 319–351 (2004)MathSciNetMATHGoogle Scholar
 5.Biere, A.: PicoSAT essentials. JSAT 4(2–4), 75–97 (2008)MATHGoogle Scholar
 6.Biere, A., Heule, M.J.H., van Maaren, H., Walsh, T.: Handbook of Satisfiability, Volume 185 of Frontiers in Artificial Intelligence and Applications. IOS Press (2009)Google Scholar
 7.Bloem, R., Galler, S., Jobstmann, B., Piterman, N., Pnueli, A., Weiglhofer, M.: Specify, compile, run: hardware from psl. Electron. Notes Theor. Comput. Sci. 190(4), 3–16 (2007)CrossRefGoogle Scholar
 8.Bloem, R., Könighofer, R., Seidl, M.: Satbased synthesis methods for safety specs. In: McMillan, K., Rival, X. (eds.) VMCAI, Volume 8318 of LNCS, pp. 1–20. Springer, Berlin (2014)Google Scholar
 9.Bloem, R., Malik, S., Schlaipfer, M., Weissenbacher, G.: Reduction of resolution refutations and interpolants via subsumption. In: Haifa Verification Conference, pp. 188. Springer (2014)Google Scholar
 10.Bonacina, M.P., Johansson, M.: On interpolation in decision procedures. In: TABLEAUX, Volume 6793 of LNCS, pp. 1–16. Springer (2011)Google Scholar
 11.Bradley, A.R.: SATbased model checking without unrolling. In: VMCAI, Volume 6538 of LNCS, pp. 70–87. Springer (2011)Google Scholar
 12.Brayton, R., Mishchenko, A.: ABC: An academic industrialstrength verification tool. In: CAV, Volume 6174 of LNCS, pp. 24–40. Springer (2010)Google Scholar
 13.Cimatti, A., Griggio, A., Sebastiani, R.: Efficient generation of Craig interpolants in satisfiability modulo theories. ACM Trans. Comput. Logic, 12(1), 1–54 (2010)Google Scholar
 14.Craig, W.: Linear reasoning. A new form of the Herbrand–Gentzen theorem. J. Symb. Log. 22(3), 250–268 (1957)MathSciNetCrossRefMATHGoogle Scholar
 15.D’Silva, V.: Propositional interpolation and abstract interpretation. In: European Symposium on Programming, Volume 6012 of LNCS. Springer (2010)Google Scholar
 16.D’Silva, V., Kroening, D., Purandare, M., Weissenbacher, G.: Interpolant strength. In: VMCAI, Volume 5944 of LNCS, pp. 129–145. Springer (2010)Google Scholar
 17.Eén, N., Sörensson, N.: An extensible SATsolver. In: SAT, Volume 2919, pp. 502–518. Springer (2004)Google Scholar
 18.Ermis, E., Schäf, M., Wies, T.: Error invariants. In: Formal Methods, Volume 7436 of LNCS, pp. 187–201. Springer (2012)Google Scholar
 19.Fontaine, P., Merz, S., Paleo, B.W.: Compression of propositional resolution proofs via partial regularization. In: CADE, Volume 6803 of LNCS. Springer (2011)Google Scholar
 20.Fuchs, A., Goel, A., Grundy, J., Krstić, S., Tinelli, C.: Ground interpolation for the theory of equality. In: TACAS, Volume 5005 of LNCS, pp. 413–427. Springer (2009)Google Scholar
 21.Gershman, R., Strichman, O.: Costeffective hyperresolution for preprocessing cnf formulas. In: SAT, Volume 3569 of LNCS, pp. 423–429. Springer (2005)Google Scholar
 22.Goldberg, E., Novikov, Y.: Verification of proofs of unsatisfiability for CNF formulas. In: DATE, pp. 886–891. IEEE (2003)Google Scholar
 23.Gupta, A., Popeea, C., Rybalchenko, A.: Generalised interpolation by solving recursionfree Horn clauses. CoRR, abs/1303.7378 (2013)Google Scholar
 24.Gurfinkel, A., Vizel, Y.: Druping for interpolants. In: Formal Methods in ComputerAided Design, pp. 99–106. FMCAD Inc. (2014)Google Scholar
 25.Heule, M., W.A.H. Jr., Wetzler, N.: Trimming while checking clausal proofs. In: Formal Methods in ComputerAided Design, pp. 181–188. IEEE (2013)Google Scholar
 26.Hoder, K., Kovács, L., Voronkov, A.: Playing in the grey area of proofs. In: Principles of Programming Languages, pp. 259–272. ACM (2012)Google Scholar
 27.Hofferek, G., Gupta, A., Könighofer, B., Jiang, J.R., Bloem, R.: Synthesizing multiple boolean functions using interpolation on a single proof. In: Formal Methods in ComputerAided Design, pp. 77–84. IEEE (2013)Google Scholar
 28.Huang, G.: Constructing Craig interpolation formulas. In: Computing and Combinatorics, Volume 959 of LNCS, pp. 181–190. Springer (1995)Google Scholar
 29.Jhala, R., McMillan, K.L.: Interpolantbased transition relation approximation. In: CAV, Volume 3576 of LNCS, pp. 39–51. Springer (2005)Google Scholar
 30.Jhala, R., McMillan, K.L.: A practical and complete approach to predicate refinement. In: TACAS, Volume 3920 of LNCS, pp. 459–473. Springer (2006)Google Scholar
 31.Jiang, J.H.R., Lin, H.P., Hung, W.L.: Interpolating functions from large Boolean relations. In: ICCAD, pp. 779–784. ACM (2009)Google Scholar
 32.Kovács, L., Voronkov, A.: Interpolation and symbol elimination. In: CADE, Volume 5663 of LNCS, pp. 199–213. Springer (2009)Google Scholar
 33.Krajíček, J.: Interpolation theorems, lower bounds for proof systems, and independence results for bounded arithmetic. J. Symb. Log. 62(2), 457–486 (1997)MathSciNetCrossRefMATHGoogle Scholar
 34.Kroening, D., Strichman, O.: Decision Procedures: An Algorithmic Point of View. Texts in Theoretical Computer Science. Springer (2008)Google Scholar
 35.Kroening, D., Weissenbacher, G.: Lifting propositional interpolants to the wordlevel. In: Formal Methods in ComputerAided Design, pp. 85–89. IEEE (2007)Google Scholar
 36.Kroening, D., Weissenbacher, G.: An interpolating decision procedure for transitive relations with uninterpreted functions. In: Haifa Verification Conference, Volume 6405 of LNCS, pp. 150–168. Springer (2011)Google Scholar
 37.Maehara, S.: On the interpolation theorem of Craig. Sûgaku 12, 235–237 (1961)MathSciNetMATHGoogle Scholar
 38.Malik, S., Weissenbacher, G.: Boolean satisfiability solvers: techniques and extensions. In: Software Safety and Security—Tools for Analysis and Verification, NATO Science for Peace and Security Series. IOS Press (2012)Google Scholar
 39.McMillan, K.L.: Interpolation and SATbased model checking. In: CAV, Volume 2725 of LNCS, pp. 1–13. Springer (2003)Google Scholar
 40.McMillan, K.L.: An interpolating theorem prover. Theor. Comput. Sci. 345(1), 101–121 (2005)MathSciNetCrossRefMATHGoogle Scholar
 41.McMillan, K.L.: Quantified invariant generation using an interpolating saturation prover. In: TACAS, Volume 4963 of LNCS, pp. 413–427. Springer (2008)Google Scholar
 42.Pudlák, P.: Lower bounds for resolution and cutting plane proofs and monotone computations. J. Symb. Log. 62(3), 981–998 (1997)MathSciNetCrossRefMATHGoogle Scholar
 43.Robinson, J.: Automatic deduction with hyperresolution. J. Comput. Math. 1, 227–234 (1965)Google Scholar
 44.Rollini, S.F., Alt, L., Fedyukovich, G., Hyvärinen, A.E.J., Sharygina, N.: PeRIPLO: A framework for producing effective interpolants in SATbased software verification. In: Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), Volume 8312 of LNCS, pp. 683–693. Springer (2013)Google Scholar
 45.Rollini, S.F., Bruttomesso, R., Sharygina, N., Tsitovich, A.: Resolution proof transformation for compression and interpolation. Form. Methods Syst. Des. 45(1), 1–41 (2014)CrossRefMATHGoogle Scholar
 46.Rollini, S.F., Sery, O., Sharygina, N.: Leveraging interpolant strength in model checking. In: CAV, Volume 7358 of LNCS, pp. 193–209. Springer (2012)Google Scholar
 47.Rybalchenko, A., SofronieStokkermans, V.: Constraint solving for interpolation. In: VMCAI, Volume 4349 of LNCS, pp. 346–362. Springer (2007)Google Scholar
 48.Sharma, R., Nori, A., Aiken, A.: Interpolants as classifiers. In: Madhusudan, P., Seshia, S., (eds.) CAV, Volume 7358 of LNCS, pp. 71–87. Springer, Berlin (2012)Google Scholar
 49.Silva, J.P.M., Sakallah, K.A.: GRASP—a new search algorithm for satisfiability. In: ICCAD, pp. 220–227 (1996)Google Scholar
 50.Simmonds, J., Davies, J., Gurfinkel, A., Chechik, M.: Exploiting resolution proofs to speed up LTL vacuity detection for BMC. STTT 12(5), 319–335 (2010)CrossRefGoogle Scholar
 51.SofronieStokkermans, V.: Interpolation in local theory extensions. In: Automated Reasoning, pp. 235–250. Springer (2006)Google Scholar
 52.Totla, N., Wies, T.: Complete instantiationbased interpolation. In: Principles of Programming Languages, pp. 537–548. ACM, New York (2013)Google Scholar
 53.Vizel, Y., Ryvchin, V., Nadel, A: Efficient generation of small interpolants in CNF. In: CAV, Volume 8044 of LNCS, pp. 330–346. Springer (2013)Google Scholar
 54.Vizel, Y., Weissenbacher, G., Malik, S.: Boolean satisfiability solvers and their applications in model checking. Proc. IEEE 103(11), 2021–2035 (2015)CrossRefGoogle Scholar
 55.Weissenbacher, G: Program Analysis with Interpolants. Ph.D. thesis, Oxford (2010)Google Scholar
 56.Weissenbacher, G: Interpolant strength revisited. In: SAT, Volume 7317 of LNCS, pp. 312–326. Springer (2012)Google Scholar
 57.Weissenbacher, G: Explaining heisenbugs. In: Runtime Verification, Volume 9333 of LNCS, p. XV. Springer (2015)Google Scholar
 58.Yorsh, G., Musuvathi, M: A combination method for generating interpolants. In: CADE, Volume 3632 of LNCS, pp. 353–368 (2005)Google Scholar
 59.Zhu, C.S., Weissenbacher, G., Malik, S: Silicon fault diagnosis using sequence interpolation with backbones. In: ICCAD, pp. 348–355. IEEE (2014)Google Scholar
Copyright information
Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made.