Abstract
Automated reasoning is routinely used in the rigorous construction and analysis of complex systems. Among different theories, arithmetic stands out as one of the most frequently used and at the same time one of the most challenging in the presence of quantifiers and uninterpreted function symbols. Firstorder theorem provers perform very well on quantified problems due to the efficient superposition calculus, but support for arithmetic reasoning is limited to heuristic axioms. In this paper, we introduce the \(\textsc {Alasca}\) calculus that lifts superposition reasoning to the linear arithmetic domain. We show that \(\textsc {Alasca}\) is both sound and complete with respect to an axiomatisation of linear arithmetic. We implemented and evaluated \(\textsc {Alasca}\) using the Vampire theorem prover, solving many more challenging problems compared to stateoftheart reasoners.
You have full access to this open access chapter, Download conference paper PDF
Similar content being viewed by others
Keywords
1 Introduction
Automated reasoning is undergoing a rapid development thanks to its successful use, for example, in mathematical theory formalisation [15], formal verification [16] and web security [13]. The use of automated reasoning in these areas is mostly driven by the application of SMT solving for quantifierfree formulas [6, 12, 29]. However, there exist many use case scenarios, such as expressing arithmetic operations over memory allocation and financial transactions [1, 18, 20, 32], which require complex firstorder quantification. SMT solvers handle quantifiers using heuristic instantiation in domainspecific model construction [10, 28, 30, 36]. While being incomplete in most cases, instantiation requires instances to be produced to perform reasoning, which can lead to an explosion in work required for quantifierheavy problems. What is rather needed to address the above use cases is a reasoning approach able to handle both theories and complex applications of quantifiers. Our work tackles this challenge and designs a practical, lowcost methodology for proving firstorder quantified linear arithmetic properties.
The problem of combining quantifiers with theories, and especially with arithmetic, is recognised as a major challenge in both SMT and firstorder proving communities. In this paper we focus on firstorder, i.e. quantified, reasoning with linear arithmetic and uninterpreted functions. In [26], it is shown that the validity problem for firstorder reasoning with linear arithmetic and uninterpreted functions is \(\varPi _1^1\)complete even when quantifiers are restricted to nontheory sorts. Therefore, there is no sound and complete calculus for this logic.
Quantified Reasoning in Linear Arithmetic – Related Works. In practice, there are two classes of methods of reasoning in firstorder theory reasoning, and in particular with linear real arithmetic. SMT solvers use instancebased methods, where they repeatedly generate ground, that is quantifierfree, instances of quantified formulas and use decision procedures to check satisfiability of the resulting set of ground formulas [10, 28, 36]. Superpositionbased firstorder theorem provers use saturation algorithms [14, 27, 37]. In essense, they start with an initial set of clauses obtained by preprocessing the input formulas (initial search space) and repeatedly apply inference rules (such as superposition) to clauses in the search space, adding their (generally, nonground) consequences to the search space. These two classes of methods are very different in nature and complement each other.
The superposition calculus [4, 31] is a refutationally complete calculus for firstorder logic with equality that is used by modern firstorder provers, for example, Vampire [27], E [37], iProver [17] and Zipperposition [14]. There have been a number of practical extensions to this calculus for reasoning in firstorder theories, in particular for linear arithmetic [9, 11, 24]. Superposition theorem provers have become efficient and powerful on theory reasoning after the introduction of the AVATAR architecture [33, 38], which allows generated ground clauses to be passed to SMT solvers. Yet, superposition theorem provers have a major source of inefficiency. To work with theories, one has to add theory axioms, for example the transitivity of inequality \(\forall x\forall y\forall z(x \le y \wedge y \le z \rightarrow x \le z)\). In clausal form, this formula becomes \(\lnot x \le y \vee \lnot y \le z \vee x \le z\) where \(\lnot x \le y\) can be resolved against every clause in which an inequality literal \(s \le t\) is selected. This, with other prolific theory axioms, results in a very significant growth of the search space. Note that SMT solvers do not use and do not need such theory axioms.
A natural solution is to try to eliminate some theory axioms, but this is notoriously difficult both in theory and in practice. In [26], the Lasca calculus was proposed, which replaced several theory axioms of linear arithmetic, including transitivity of inequality, by a new inference rule inspired by FourierMotzkin elimination and some additional rules. Lasca was shown to be complete for the ground case. But, after 15 years, Lasca is still not implemented, due to its complexity and lack of clear treatment for the nonground case. As we argue in Sect. 5, lifting Lasca to the nonground setting is nearly impossible as a nonground extension of the underlining ordering is missing in [26].
Lifting Lasca to Alasca– Our contributions. In this paper we introduce a new nonground version of Lasca, which we call Abstracting Lasca (\(\textsc {Alasca}\)). Our \(\textsc {Alasca}\) calculus comes with new abstraction mechanisms (Sect. 4), inference rules and orderings (Sect. 5), which all together are proved to yield a sound and complete approach with respect to a natural partial axiomatisation of linear arithmetic (Theorem 5)^{Footnote 1}. In a nutshell, we make \(\textsc {Alasca}\) both work and scale by introducing (i) a novel variable elimination rule within saturationbased proof search (Fig. 3b); (ii) an analogue of unification with abstraction [34] needed for nonground reasoning (Sect. 4); and (iii) a new nonground ordering and powerful background theory for unification, which is not restricted to arithmetic but can be used with arbitrary theories (Sect. 5). As a result, \(\textsc {Alasca}\) improves [26] by ground modifications and lifting of Lasca in a finitary way, and complements [3, 40] with variable elimination rules that are competible with standard saturation algorithms. We also demonstrate the practicality and efficiency of \(\textsc {Alasca}\) (Sect. 6). To this end, we implemented \(\textsc {Alasca}\) in Vampire and show that it solves overall more problems than existing theorem provers.
2 Motivating Example
Consider the following mathematical property:
where f is an uninterpreted function. While property (1) holds, deriving its validity is hard for stateoftheart reasoners: only veriT [2] can solve it. Despite its seeming simplicity, this problem requires nontrivial handling of quantifiers and arithmetic. Namely, one would need to unify (modulo theory) the terms 2x and \(x + 1\) (which can be done by instantiating x with 1) and then derive \(f(2, y)> 2 + y \vee f(2, y) > 1 + 2y\). Further, one also needs to prove that f(2, y) is always greater than the minimum of \(2 + y\) and \(1 + 2y\), for arbitrary y.
Vampire with \(\textsc {Alasca}\) finds a remarkably short proof as shown in Fig. 1. To prove (1) its negation is shown unsatisfiable by first negating and translating into clausal form (by using skolemization and normalisation, which shifts arithmetic terms to be compared to 0), as listed in lines 1–4. Next a lower bound for f(2x, y) is established: In line 5, using our new inequality factoring (IF) rule with unification with abstraction (see Fig. 3a), the constraint \(2x \not \approx x + 1\) is introduced, and establishing thereby that if \(2 x \approx 1 + x\) and \(y + 2x \le 2 y + x\), then \(f(2 x, y) > 2 x + y\). After further normalisation, the inequalities \(sk \ge f(2, y)\) and \(f(2x, y) > 2 x + y\) are used to derive \(sk > 2 x + y\) in line 7, using the FourierMotzkin Elimination rule (FM), while still keeping track of the constraint \(2x \not \approx x + 1\). By applying the Variable Elimination rule (VE) twice, the empty clause \(\Box \) is derived in line 10, showing the unsatisfiability of the negation of (1).
The key steps in the proof (and the reason why it was found in a short time) are: (1) the use of the theory rules (FM), and (IF); (2) the use of the new variable elimination rule (VE), and finally, a consistent use of unification with abstraction. These rules give a significant reduction compared to the number of steps required using theory axioms. In particular, not using (FM) would require the use of transitivity and generation of several intermediate clauses. As well as shortening the proof, we eliminate the fatal impact on proof search from generating a large number of irrellevant formulas from theory axioms.
Indeed, such short proofs are also found quickly. Similar our previous example, \( \forall x, y. \big ( f(g(x) + g(a), y)> 2 x + y \vee f(2 g(x), y)> x + 2 y \big ) \rightarrow \exists k. \forall x \exists z. f( 2 g(k), z ) > x \) has a short proof of 7 steps, excluding CNF transformation and normalisation steps, found by Vampire with \(\textsc {Alasca}\). This proof was found in almost no time (only 37 clauses were generated) but cannot be solved by any other solver. This shows the power of the calculus.
3 Background and Notation
MultiSorted FirstOrder Logic. We assume familiarity with standard firstorder logic with equality, with all standard boolean connectives and quantifiers in the language. We consider a multisorted firstorder language, with sorts \(\tau _{\mathbb {Q}}, {\tau _{1}}, \ldots , {\tau _{n}}\). The sort \(\tau _{\mathbb {Q}}\) is the sort of rationals, whereas \({\tau _{1}}, \ldots , {\tau _{n}}\) are uninterpreted sorts. We write \(\approx _{\tau _{}}\) for the equality predicate of \({\tau _{}}\). We denote the set of all terms as \(\textbf{T}\), variables as \(\textbf{V}\), and literals as \(\textbf{L}\). Throughout this paper, we denote terms by s, t, u, variables by x, y, z, function symbols by f, g, h, all possibly with indices. Given a term t such that t is \(f(\ldots )\), we write \(\textsf{sym} (t)\) for f, referring that f is the top level symbol of t. We write \(t : {\tau _{}}\) to denote that t is a term of sort \({\tau _{}}\). A term, or literal is called ground, when it does not contain any variables. We refer to the sets of all ground terms, and literals as \(\textbf{T}^{\theta }\), and \(\textbf{L}^{\theta }\) respectively.
We denote predicates by P, Q, literals by L, clauses by C, D, formulas by F, G, and sets of formulas (axioms) by \(\mathcal {E}\), possibly with indices. We write \(F\models G\) to denote that whenever F holds in a model, then G does as well. We call a function (similarly, for predicates) f uninterpreted wrt some set of equations \(\mathcal {E}\) if whenever \(\mathcal {E} \models f(s_1 \ldots s_n) \approx f(t_1 \ldots t_n)\), then \(\mathcal {E} \models s_1 \approx t_1 \wedge \ldots \wedge s_n \approx t_n\). A function f is interpreted wrt \(\mathcal {E}\) if it is not uninterpreted.
Rational Sort. We assume the signature contains a countable set of unary functions \(k : \tau _{\mathbb {Q}}\mapsto \tau _{\mathbb {Q}}\) for every \(k \in \mathbb {Q}\) and refer to k as numeral multiplications. In addition, the signature is assumed to also contain a constant \(1: \tau _{\mathbb {Q}}\), a function \(+: \tau _{\mathbb {Q}}\times \tau _{\mathbb {Q}}\mapsto \tau _{\mathbb {Q}}\), and predicate symbols \(>, \ge : \textbf{P}(\tau _{\mathbb {Q}}\times \tau _{\mathbb {Q}})\), as well as an arbitrary number of other function symbols. For every numeral multiplication \(k \in \mathbb {Q} \setminus \{1\}\), we simply write k to denote the term k(1) obtained by the numeral multiplication k applied to 1; in these cases, we refer to k as numerals. Throughout this paper, we use j, k, l to denote numerals, or numeral multiplications, possibly with indices.
We write \(t\) to denote the term \(1(t)\). If j, k are two numeral multiplications, by (jk) and \((j + k)\) we denote the numeral multiplication that corresponds to the result of multiplying and adding the rationals/numerals j and k, respectively. For applications of numeral multiplications j(t) we may omit the parenthesis and write jt instead. If we write \(+k\), or \(k\) for some numeral k, we assume k itself is positive. We write ± (and ) to denote either of the symbols \(+\) or − (and respectively − or \(+\)). For \(q \in \mathbb {Q}\) we define \(\textbf{sign}(q)\) to be 1 if \(q > 0\), \(1\) if \(q < 0\), and 0 otherwise. We call \(+\), \(\ge , >, 1\), and the numeral multiplications the \(\mathbb {Q}\) symbols. Finally, an atomic term is either a logical variable, or the term 1, or a term whose top level function symbol is not a \(\mathbb {Q}\) symbol.
A \(\mathbb {Q}\)model interprets the sort \(\tau _{\mathbb {Q}}\) as \(\mathbb {Q}\), and all \(\mathbb {Q}\) symbols as their corresponding functions/predicates on \(\mathbb {Q}\). We write \(\mathbb {Q} \models C\) iff for every \(\mathbb {Q}\)model M, \(M \models C\) holds. If \(\mathcal {E}\) is a set of formulas, we call a model M a \(\mathcal {E}\)model if \(M \models \mathcal {E}\).
Term Orderings. We write u[s] to denote that s is a subterm of u, where the subterm relation is denoted via \(\mathrel {\trianglelefteq }\). That is, \(s \mathrel {\trianglelefteq }u\); similar notation will also be used for literals L[s] and clauses C[s]. We denote by \(u[s \mapsto t]\) the term resulting from replacing all subterms s of u by t.
Multisets (of term, literals) are denoted with \(\dot{\{}\ldots \dot{\}}\). For a multiset S and natural number \(n \in \mathbb {N}\), we define \(0 * S = \emptyset \), and \(n * S = (n1 * S) \cup S\) for \(n > 0\).
Let \(\prec \) be a relation and \(\mathrel {{\equiv }_{}}\) be an equivalence relation. By \(\mathrel {{\prec }^\textsf{mul}_{\mathrel {{\equiv }_{}}}}\) we denote the multiset extension of \(\prec \), defined as the smallest relation satisfying \(M \cup \dot{\{}s_1,\ldots , s_n\dot{\}} \mathrel {{\prec }^\textsf{mul}_{\mathrel {{\equiv }_{}}}} N \cup \dot{\{}t\dot{\}}\), where \(M \mathrel {{\equiv }_{}} N\), \(n\ge 0\), and \(s_i\prec t\) for \(1\le i\le n\). For \(n,m \in \mathbb {N}\), by \(\mathrel {{\prec }^\textsf{wmul}_{\mathrel {{\equiv }_{}}}}\) we denote the weighted multiset extension, defined by \(\langle \frac{1}{n}, S\rangle \mathrel {{\prec }^\textsf{wmul}_{\mathrel {{\equiv }_{}}}} \langle \frac{1}{m},T\rangle \) iff \(m * S \mathrel {{\prec }^\textsf{mul}_{\mathrel {{\equiv }_{}}}} n * T\). We omit the equivalence relation \(\mathrel {{\equiv }_{}}\) if it is clear in the context.
Let \(s,t,t_i\) be terms, \(\theta , \theta '\) be ground substitutions and \(\mathcal {E}\) be a set of axioms. We write \(s \mathrel {{\equiv }_{\mathcal {E}}} t\) for \(\mathcal {E} \models s \approx t\) and \(\theta \mathrel {{\equiv }_{\mathcal {E}}} \theta '\) iff for all variables x we have \(x\theta \mathrel {{\equiv }_{\mathcal {E}}} x\theta '\). We say that s is a \(\mathcal {E}\)subterm of t (\(s \mathrel {\trianglelefteq }_{\mathcal {E}} t\)) if \(s \mathrel {{\equiv }_{\mathcal {E}}} t\), or \(t \mathrel {{\equiv }_{\mathcal {E}}} f(t_1\ldots t_n)\) and \(s \mathrel {\trianglelefteq }_{\mathcal {E}} t_i\). We also say that s is a strict \(\mathcal {E}\)subterm of t (\(s \mathrel {\triangleleft }_{\mathcal {E}} t\)) if \(s \mathrel {\trianglelefteq }_{\mathcal {E}} t\) and \(s {\mathrel {\not \equiv }_{\mathcal {E}}} t\).
4 Theoretical Foundation for Unification with Abstraction
Our motivating example from Sect. 2 showcases that firstorder arithmetic reasoning requires (i) establishing syntactic difference among terms (e.g. 2x and \(x+1\)), while (ii) deriving they have instances that are semantically equal in models of a background theory \(\mathcal {E}\) (e.g. the theory \(\mathbb {Q}\)).
A naive approach addressing (i)(ii) would be to use an axiomatisation of the background theory \(\mathcal {E}\), and use this axiomatisation for proof search in uninterpreted firstorder logic. Such an approach can however be very costly. For example, even a relatively simple background theory \(\textbf{AC} \) axiomatizing commutativity and associativity of \(\approx \), that is \(\textbf{AC} = \{x+y \approx y + x, x + (y + z) \approx (x + y) + z\}\), would make a superpositionbased theorem prover derive a vast amount of useless/redundant formulas as equational tautologies. An approach to circumvent such inefficient handling of equality reasoning is to use unification modulo \(\textbf{AC} \), or in general unification modulo \(\mathcal {E}\), as already advocated in [22, 34, 40]. In this section we describe the adjustments we made towards unification modulo \(\mathcal {E}\), allowing us to introduce unification with abstraction (Sect. 4.1). We also show under which condition our method can be used to turn a complete superposition calculus using unification modulo \(\mathcal {E}\) into a complete superposition calculus using unification with abstraction. Concretely, we show how this can be used for the specific theory of arithmetic \( {\mathcal {A}_{\textsf{eq}}} \) in the calculus \(\textsc {Alasca}\) (Sect. 4.2).
4.1 Unification with Abstraction – UWA
In a nutshell, unification modulo \(\mathcal {E}\) finds substitutions \(\sigma \) that make two terms s, t equal in the background theory, i.e. \(\mathcal {E} \models s\sigma \approx t\sigma \). While unification modulo \(\mathcal {E}\) removes the need for axiomatisation of \(\mathcal {E}\) during superposition reasoning, it comes with some inefficiencies. Most importantly, in contrast to syntactic unification, there is no unique most general unifier \(\textsf{mgu}(s,t)\) when unifying modulo \(\mathcal {E}\) but only minimal complete sets of unifiers \(\textsf{mcu}_{\mathcal {E}}(s,t)\), which can be very large; for example, unification modulo \(\textbf{AC} \) is doubly exponential in general [22].
Bypassing the need for unification modulo \(\mathcal {E}\), fully abstracted clauses are used in [40], without the need for axiomatisation of the theory \(\mathcal {E}\) and without compromising completeness of the underlining superpositionbased calculus. Our work extends ideas from [40] and adjusts unification with abstraction (\(\textsf{uwa} \)) from [34], allowing us to prove completeness of a calculus using \(\textsf{uwa} \) (Theorem 3).
Example 1
Let us first consider the example of factoring the clause \(p(2x) \vee p(x + 1)\), a simplified version of the unification step performed in line 5 in Fig. 1. That is, unifying the literals p(2x) and \(p(x + 1)\), in order to remove duplicate literals. Within the setting of [40], these literals would only exist in their fully abstracted form, which can be obtained by replacing every subterm \(t: \tau _{\mathbb {Q}}\) that is not a variable by a fresh variable x, and adding the constraint \(x \not \approx t\) to the corresponding clause. Hence, the clause \(p(2x) \vee p(x + 1)\) is transformed to \(p(y) \vee p(z) \vee y \not \approx 2x \vee z \not \approx x + 1\) in [40]. Unification then becomes trivial: we would derive the clause \(p(y) \vee y \not \approx 2x \vee y \not \approx x + 1\) by factoring, from which \(p(2x) \vee 2x \not \approx x + 1\) is inferred using equality factoring and resolution.
Within unification with abstraction, we aim at cutting out intermediate steps of applying abstractions, equality resolution and factoring. As a result, we skip unnecessary consequences of intermediate clauses, and derive the conclusion \(p(2x) \vee 2x \not \approx x + 1\) straight away. To this end, we introduce constraints only for those \(s,t: \tau _{\mathbb {Q}}\) on which unification fails. We thus gain the advantage that clauses are not present in the search space in their abstracted forms, increasing efficiency in proof search. Further, our unification with abstraction approach is parametrized by a predicate \(\textsf{canAbstract}\) to control the application of abstraction, as listed in Algorithm 1. This is yet another significant difference compared to fully abstracted clauses, as in the latter, abstraction is performed for every subterm \(t: \tau _{\mathbb {Q}}\) without considering the terms with which t might be unified later.
Our \(\textsf{uwa}\) method can be seen as a lazy approach of full abstraction from [40]. We compute socalled abstracting unifiers \(\textsf{uwa} (s,t) = \langle \sigma ,\mathcal {C}\rangle \) in Algorithm 1, allowing us to replace unification modulo \(\mathcal {E}\) by unification with abstraction.
Definition 1
(Abstracting Unifier). Let \(\sigma \) be a substitution and \(\mathcal {C}\) a set of literals. A partial function \(\textsf{uwa} \) that maps two terms s, t either to \(\bot \) or to a pair \(\langle \sigma , \mathcal {C}\rangle = \textsf{uwa} (s, t)\) is called an abstracting unifier.
The abstracting unifier \(\textsf{uwa} (s,t) \) computed by Algorithm 1 is parametrized by the relation \(\textsf{canAbstract}\). The intuition of this relation is that \(\textsf{canAbstract}(s,t)\) holds for terms s and t, when \(s \approx t\) might hold in the background theory \(\mathcal {E}\). To ensure that unification with abstraction can replace unification modulo \(\mathcal {E}\), we impose the following additional properties over the abstract unifier \(\textsf{uwa} (s,t)\).
Definition 2
(\(\textsf{uwa} \) Properties). Let \(\sigma \) be a substitution and \(\mathcal {C}\) a set of literals. Consider \(s,t \in \textbf{T}\) be such that \(\textsf{uwa} (s,t) = \langle \sigma , \mathcal {C}\rangle \) and let \(\theta \) be an arbitrary ground substitution. We say \(\textsf{uwa} \) is

\(\mathcal {E}\)sound iff \(\mathcal {E} \models ( s \approx t )\sigma \vee \mathcal {C}\);

\(\mathcal {E}\)general iff \(\forall \mu \in \textsf{mcu}_{\mathcal {E}}(s,t). \exists \rho . \sigma \rho \mathrel {{\equiv }_{\mathcal {E}}}\mu \);

\(\mathcal {E}\)minimal iff \(\mathcal {E} \models (s \approx t)\sigma \theta \Longrightarrow \mathcal {E} \vDash (\lnot \mathcal {C})\theta \);

subtermfounded with respect to the clause ordering \(\prec \), iff for every uninterpreted function or predicate f, every literal \(L[\circ ]\), it holds that \(\mathcal {E} \models (s \approx t) \theta \Longrightarrow \mathcal {C}\theta \prec L[f(s)]\theta \text { or } \mathcal {C}\theta \prec L[f(t)]\theta \).
Further, \(\textsf{uwa} \) is \(\mathcal {E}\)complete if, for all \(s,t \in \textbf{T}\) with \(\textsf{uwa} (s,t) = \bot \), we have \(\textsf{mcu}_{\mathcal {E}}(s,t) = \emptyset \).
Definition 2 is necessary to lift inferences using unification with abstraction. We thereby want to assure that, whenever C does not hold, then s and t are equal; hence abstracting unifiers \(\textsf{uwa} (x, y) = \langle \emptyset , x + y \not \approx y + x\rangle \) would be unsound. The \(\mathcal {E}\)generality property enforces that substitutions introduced by \(\textsf{uwa} \) are general enough in order to still be turned into a complete set of unifiers. As such, \(\mathcal {E}\)generality is needed to rule out cases like \(\textsf{uwa} (x + y, 2) = \langle \{x \mapsto 0, y \mapsto 2\}, \emptyset \rangle \), which would not be able to capture, for example, the substitution \(\{x \mapsto 1, y \mapsto 1\}\). We note that we use \(\textsf{uwa} \) to extend counterexamplereducing inference systems (see Definition 4), allowing inductive completeness proofs. As these inference systems need to derive conclusions that are smaller than the premises, we need the subtermfoundedness property to make sure to only introduce constraints that are smaller than the premises as well. If we have a look at the previous properties, we see that all of them are fulfilled if \(\textsf{uwa} (s,t) = \bot \). Therefore we need to make sure that \(\textsf{uwa} \) only returns \(\bot \) when s and t are not unifiable modulo \(\mathcal {E}\); this is captured by \(\mathcal {E}\)completeness.
In addition to properties of abstract unifiers \(\textsf{uwa} (s,t)\), we also impose conditions over the \(\textsf{canAbstract}\) relation that parametrizes \(\textsf{uwa} (s,t)\). As Algorithm 1 only introduces equality constraints for subterm pairs that should be unified, a resulting abstracting unifier \(\textsf{uwa} (s,t)\) is sound. Further, under the assumption that the clause ordering is defined as in standard superposition (e.g. using multiset extensions of a simplification ordering that fulfills the subterm property), the abstracting unifier \(\textsf{uwa} (s,t)\) is also subtermfounded. However, to ensure that \(\textsf{uwa} (s,t)\) is also minimal, interpreted functions should not be treated as uninterpreted ones; hence the \(\textsf{canAbstract}\) relation needs to always trigger abstraction on interpreted functions. Finally, we require that \(\textsf{canAbstract}\) does not skip terms which are potentially equal modulo \(\mathcal {E}\), in order to guarantee completeness. Hence, we define the following properties for \(\textsf{canAbstract}\).
Definition 3
(\(\textsf{canAbstract}{}\) Properties). Let \(s,t \in \textbf{T}\). The \(\textsf{canAbstract}\) relation

captures \(\mathcal {E}\), iff for all s, t, it holds that \(\exists \rho . \mathcal {E} \vDash (s \approx t)\rho \Longrightarrow \textsf{canAbstract}(s,t)\);

guards interpreted functions, iff for all s, t, where \(\textsf{sym} (s) = \textsf{sym} (t)\) is an interpreted function, \(\textsf{canAbstract}(s,t)\) holds.
Based on the above, we derive the following result.
Theorem 1
The abstracting unifier \(\textsf{uwa} \) computed by Algorithm 1 is subtermfounded and sound. If \(\textsf{canAbstract}\) guards interpreted functions, then \(\textsf{uwa} \) is \(\mathcal {E}\)general and \(\mathcal {E}\)minimal. If \(\textsf{canAbstract}\) guards interpreted functions and captures \(\mathcal {E}\), then \(\textsf{uwa} \) is \(\mathcal {E}\)complete.
4.2 UWA Completeness
We now show how unification with abstraction (\(\textsf{uwa}\)) can be used to replace unification modulo \(\mathcal {E}\) in saturationbased theorem proving [3]. We recall from [3] that in order to show refutational completeness of an inferencesystem \(\varGamma \), one constructs a model functor I that maps sets of ground clauses N to candidate models \(I_N\). In order to show that \(\varGamma \) is refutationally complete, one needs to show that if N is saturated with respect to \(\varGamma \), then \(I_N \vDash N\). For this, the notion of a counterexamplereducing inference system is introduced.
Definition 4
We say an inference system \(\varGamma \) is counterexample reducing, with respect to a model functor I and a wellfounded ordering on ground clauses \(\prec \), if for every ground set of clauses N and every minimal \(C \in N\) such that \(I_N \not \vDash C\), there is an inference
where \(\forall i. I_N \vDash C_i\), \(\forall i. C_i \prec C\), \(D \prec C\), and \(I_N \not \vDash D\).
We then have the following key result.
Theorem 2
(Bachmair &Ganzinger [3]). Let \(\prec \) be a wellfounded ordering on ground clauses and I be a model functor. Then, every inference system that is counterexamplereducing wrt \(\prec \) and I is refutationally complete.
This result also holds for an inference system being refutationally complete wrt \(\mathcal {E}\) if for every N it holds that \(I_N \models \mathcal {E}\). When constructing a refutationally complete calculus, one usually first defines a ground counterexamplereducing inference system and then lifts this calculus to a nonground inference system. Lifting is done such that, if the ground inference system is counterexample reducing, then its lifted nonground version is also counterexample reducing.
We next show how to transform a lifting of a counterexamplereducing inference system that uses unification modulo \(\mathcal {E}\) into a lifting using unification with abstraction. That is, given a counterexamplereducing inferencesystem using unification modulo \(\mathcal {E}\) to define its rules, we construct another counterexamplereducing inference system that uses \(\textsf{uwa}\) instead. As we only transform rules that use unification, we introduce the notion of a unifying rule.
Definition 5
An inference rule \(\gamma \) is a unifying rule if it is of the form
We also define the mapping \(\circ _\textsf{uwa} \) that maps unifying inferences \(\gamma \) to \(\gamma _\textsf{uwa} \) as
Soundness of the unifying rule \(\gamma \) alone however does not suffice to show soundness of \(\gamma _\textsf{uwa} \). Therefore we introduce a stronger notion of soundness that holds for all the rules we will consider to lift.
Definition 6
Let \(\gamma \) be a unifying rule. We say \(\gamma \) is strongly sound iff \(\mathcal {E}, C_1\ldots C_n, C \models s \approx t \rightarrow D\).
Lemma 1
Assume that \(\gamma \) is strongly sound and \(\textsf{uwa} \) is sound. Then, \(\gamma _\textsf{uwa} \) is sound.
We note that not every inference can be transformed using \(\circ _\textsf{uwa} \), without compromising completeness. To circumvent this problem, we consider the notion of compatibility with respect to transformations.
Definition 7
Let \(\gamma \) be a unifying inference. Then, \(\gamma \) unifies strict subterms iff for every grounding \(\theta \), \(u \in \{ s, t\}\) there is an uninterpreted function or predicate f, a literal L[f(u)], and clause \(C' \in \{ C_1 \ldots C_n, C \}\), such that \( L[f(u)]\theta \preceq C'\theta \).
Note that in the above definition we usually have that L[f(s)] or L[f(t)] is some literal of one of the premises.
Definition 8
(\(\textsf{uwa} \)Compatibility). We say an inference \(\gamma \) is \(\textsf{uwa} \) compatible if it is a unifying inference, strongly sound, and unifies strict subterms.
Theorem 3
Let \(\textsf{uwa} \) be a general, compatible, subtermfounded, complete, and minimal abstracting unifier. If \(\varGamma \) is the lifting of a counterexamplereducing inference system \(\varGamma ^\vartheta \) with respect to a model functor I, and clause ordering \(\prec \), then \(\varGamma _\textsf{uwa} = \{ \gamma _\textsf{uwa} \mid \gamma \in \varGamma , \gamma \, is\, \textsf{uwa}compatible\}\) \(\cup \{ \gamma \in \varGamma \mid \gamma \, is\, not\, \textsf{uwa}compatible\} \) is the lifting of an inference system \(\varGamma _\textsf{uwa} ^\vartheta \) that is counterexamplereducing with respect to I and \(\prec \).
Theorem 1 and Theorem 3 together imply that, given a compatible inference system, we need to only specify the right \(\textsf{canAbstract}\) predicate in order to perform a lifting using \(\textsf{uwa} \). In Sect. 5 we introduce the calculus \(\textsc {Alasca}\), a concrete inference system with the desired properties, for which a suitable predicate \(\textsf{canAbstract}\) can easily be found.
5 ALASCA Reasoning
We use the lifting results of Sect. 4 to introduce our \(\textsc {Alasca}\) calculus for reasoning in quantified linear arithmetic, by combining superposition reasoning with FourierMotzkin type inference rules. While an instance of such a combination has been studied in the Lasca calculus of [26], Lasca is restricted to ground, i.e. quantifierfree, clauses. Our \(\textsc {Alasca}\) extends Lasca with \(\textsf{uwa}\) and provides an altered ground version \(\textsc {Alasca} ^\theta \) (Sect. 5.1) which efficiently can be lifted to the quantified domain (Sect. 5.2). As quantified reasoning with linear real arithmetic and uninterpreted functions is inherently incomplete, we provide formal guarantess about what \(\textsc {Alasca}\) can prove. Instead of focusing on completeness with respect to \(\mathbb {Q}\)models as in [26], we show that \(\textsc {Alasca}\) is complete with respect to a partial axiomatisation \(\mathcal {A}_{\mathbb {Q}} \) of \(\mathbb {Q}\)models (Sect. 5.2).
5.1 The ALASCA Calculus – Ground Version
The \(\textsc {Alasca}\) calculus uses a partial axiomatisation \(\mathcal {A}_{\mathbb {Q}} \) of \(\mathbb {Q}\)models, and handles some \(\mathbb {Q}\)axioms via inferences and some via \(\textsf{uwa}\). We therefore split the axiom set \(\mathcal {A}_{\mathbb {Q}} \) into \( {\mathcal {A}_{\textsf{eq}}} \) and \( {\mathcal {A}_{\textsf{ineq}}} \), as listed in Fig. 2.
Our \(\textsc {Alasca}\) calculus modifies the \(\textsc {Lasca} \) framework [26] to enable an efficient lifting for quantified reasoning. For simplicity, we first present the ground version of \(\textsc {Alasca}\), which we refer to \(\textsc {Alasca} ^\theta \), whose one key benefit is illustrated next.
Example 2
One central rule of \(\textsc {Alasca}\) is the FourierMotzkin variable elimination rule (FM). We use (FM) in line 7 of Fig. 1, when proving the motivating example of Sect. 2, given in formula (1). Namely, using (FM), we derive \(2x  y + sk > 0\) from \(f(2x, y)  2x  y > 0\) and \(f(2, y) + sk \ge 0\), under the assumption that \(2x \approx 2\). The (FM) rule can be seen as a version of the inequality chaining rules of [3], chaining the inequalities \(sk \ge f(2,y)\) and \(f(2x, y) > 2x + y\). Moreover, the (FM) rule can also be considered a version of binary resolution, as it resolves the positive summand f(2x, y) with the negative summand \(f(2,y)\), mimicing thus resolution over subterms, instead of literals. The main benefit of (FM) comes with its restricted application to maximal atomic terms in a sum (instead of its naive application whenever possible).
\(\textsc {Alasca} ^\theta \) Normalization and Orderings. Compared to Lasca [26], the major difference of \(\textsc {Alasca} ^\theta \) comes with focusing on which terms are being considered equal within inferences; this in turn requires careful adjustments in the underlying orderings and normalization steps of \(\textsc {Alasca} ^\theta \), and later also in unification within \(\textsc {Alasca}\). In \(\textsc {Lasca} \) terms are rewritten in their socalled \(\mathbb {Q}\)normalized form, while equality inference rules exploit equivalence modulo \(\textbf{AC} \). Lifting such inference rules is however tricky. Consider for example the application of the rewrite rule \(j(k s) \rightarrow (j k)s\) (triggered by \(j(k s)\approx (j k) s\)) over the clause C[jx, x]. In order to lift all instances of this rewrite rule, we would need to derive C[(jk)x, kx] for every \(k \in \mathbb {Q}\), which would yield an infinite number of conclusions. In order to resolve this matter, \(\textsc {Alasca} ^\theta \) takes a different approach to term normalization and handling equivalence. That is, unlike Lasca, we formulate all inference rules using equivalence modulo \( {\mathcal {A}_{\textsf{eq}}} \), and do not consider the normalization of terms as simplification rules.
As \(\textsc {Alasca} ^\theta \) rules use equivalence modulo \( {\mathcal {A}_{\textsf{eq}}} \), we also need to impose that the simplification ordering used by \(\textsc {Alasca} ^\theta \) is \( {\mathcal {A}_{\textsf{eq}}} \)compatible. Intuitively, \( {\mathcal {A}_{\textsf{eq}}} \)compatibility means that terms that are equivalent modulo \( {\mathcal {A}_{\textsf{eq}}} \) are in one equivalence class wrt the ordering. This allows us to replace terms by an arbitrary normal form wrt these equivalence classes before and after applying any inference rules, allowing it to use a normalization similar to \(\mathbb {Q}\)normalization that does not need to be lifted. Hence, we introduce \( {\mathcal {A}_{\textsf{eq}}} \)normalized terms as being terms whose sort is not \(\tau _{\mathbb {Q}}\) or of the form \(\frac{1}{k}(k_1 t_1 + \cdots + k_n t_n)\), such that \(\forall i. k_i \in \mathbb {Z} \setminus 0\), , \(\forall i. t_i\) is atomic, k is positive, and \(\gcd (\{k, k_1 \ldots k_n\}) = 1\). Obviously every term can be turned into a \( {\mathcal {A}_{\textsf{eq}}} \)normalized term. For the rest of this section we assume terms are \( {\mathcal {A}_{\textsf{eq}}} \)normalized, and write \(\mathrel {{\equiv }_{}}\) for \(\mathrel {{\equiv }_{ {\mathcal {A}_{\textsf{eq}}} }}\). We also assume that literals with interpreted predicates \(\diamond \) are being normalized (during preprocessing) and to be of the form \(t \diamond 0\). We write \(s \,\,\hat{\approx }\,\, t\) for equalities, with sorts different from \(\tau _{\mathbb {Q}}\), and for equalities of sort \(\tau _{\mathbb {Q}}\) that can be rewritten to \(s \approx t\) such that s is an atomic term. Finally, \(\textsc {Alasca} ^\theta \) also extends \(\textsc {Lasca} \) by not only handling the predicates > and \(\approx \), but also \(\ge \), and \(\not \approx \), which has the advantage that inequalities are not being introduced in purely equational problems in \(\textsc {Alasca} ^\theta \).
As discussed in Example 2, the (FM) rule of \(\textsc {Alasca} ^\theta \) is similar to binary resolution, as it can be seen as “resolving” atomic subterms instead of literals. To formalize such handling of terms in (FM), we distinguish socalled \(\textsf{atoms}(t)\), atoms of some term t. Doing so, given an \( {\mathcal {A}_{\textsf{eq}}} \)normalized term \(t = \frac{1}{k} (\pm _1 k_1 t_1 + \ldots \pm _n k_n t_n)\), we define \(\textsf{atoms}^{\pm }(t) = \langle k, k_1 * \dot{\{}\pm _1 t_1\dot{\}} \cup \ldots \cup k_n * \dot{\{}\pm _n t_n\dot{\}}\rangle \) and \(\textsf{atoms}(t) = \langle k, k_1 * \dot{\{} t_1\dot{\}} \cup \ldots \cup k_n * \dot{\{} t_n\dot{\}}\rangle \). We extend both of these functions \(f \in \{\textsf{atoms}, \textsf{atoms}^{\pm }\}\) to literals as follows: \(f(t \diamond 0) = f(t)\), assuming that the term t has been normalised to \(\frac{1}{k} = 1\) before. For (dis)equalities \(s \approx t\) (\(s \not \approx t\)) of uninterpreted sorts, we define \(\textsf{atoms}\) to be \(\langle 1, \dot{\{}s,t\dot{\}}\rangle \). Further we define \(\textsf{maxAtoms}(t)\), to be the set of maximal terms in \(\textsf{atoms}(t)\) with respect \(\prec \), and \(\textsf{maxAtom}(t) = t_0\) if \(\textsf{maxAtoms}(t) = \{t_0\}\).
\(\textsc {Alasca} ^\theta \) Inferences. The inference rules of \(\textsc {Alasca} ^\theta \) are summarized in Fig. 3a. All rules are parametrized by a \( {\mathcal {A}_{\textsf{eq}}} \)compatible ordering relation \(\prec \) on ground terms, literals and clauses. Underlining a literal in a clause or an atomic term in a sum means that the underlined expression is nonstrictly maximal wrt to the other literals in the clause, or atomic terms in the sum. We use doubleunderlining to denote that the expression is strictly maximal. We call \(\textbf{L}^{\theta }_+\) the set of potentially productive literals, defined as all equalities and inequalities with strictly maximal atomic term with positive coefficient.
Finding a right ordering relation is nontrivial, as many different requirements, like compatibility, subterm property, wellfoundedness, and stability under substitutions, need to be met [25, 26, 39, 41]. For \(\textsc {Alasca}\), we use a modified version of the \({\textsc {Qkbo}} \) ordering of [26], with the following two modifications.
(i) Firstly, the \(\textsc {Alasca}\) ordering is defined for nonground terms. This means that the ordering needs to handle subterms with sums where there is no maximal atomic summand, like the term \(x + y\). In addition, our ordering needs to be stable under substitutions in order to work with nonground terms. Note however that our atom functions \(\textsf{atoms}\) and \(\textsf{atoms}^{\pm }\) are not stable under substitutions, as the term \(f(x)  f(y)\) and the substitution \(\{x \mapsto y\}\) demonstrates. Therefore, we parametrize our \(\textsc {Alasca}\) ordering by the relation \(\textsf{subsSafe}\). The \(\textsf{subsSafe}\) relation fulfils the property that if \(\textsf{subsSafe}(\frac{1}{k}(\pm _1 k_1 t_1 + \cdots \pm _n k_n t_n))\), then there is no substitution \(\theta \) such that , for any i, j. In general, checking the existence of such a \(\theta \) is as hard as unifying modulo \( {\mathcal {A}_{\textsf{eq}}} \). Nevertheless, we can overapproximate the \(\textsf{subsSafe}\) relation using the \(\textsf{canAbstract}\) predicate.
(ii) Secondly, we adjusted the \(\textsc {Alasca}\) ordering to be \( {\mathcal {A}_{\textsf{eq}}} \)compatible, instead of \(\textbf{AC} \)compatible. We modified the literal ordering of \(\textsc {Alasca}\), such that literals are ordered by all their atoms using the weighted multiset extension of \(\prec \), instead of only using the maximal one of each literal L as in [26].
We define a model functor \(\mathcal {I}_{\infty }^{\cdot }\) mapping clauses to \(\mathcal {A}_{\mathbb {Q}} \)models (see [23] for details) and conclude the following.
Theorem 4
\(\textsc {Alasca} ^\theta \) is a counterexamplereducing inference system with respect to \(\mathcal {I}_{\infty }^{\cdot }\) and \(\prec \).
5.2 ALASCA Lifting and Completeness
Variable Elimination. Theorem 4 establishes completeness of \(\textsc {Alasca} ^\theta \) for ground clauses wrt \(\mathcal {A}_{\mathbb {Q}} \). We next lift this result (and calculus) to nonground clauses.
We introduce the concept of an unshielded variable. We say a term \(t: \tau _{\mathbb {Q}}\) is a top level term of a literal L if \(t \in \textsf{atoms}(L)\). We call a variable x unshielded in some clause C if x is a top level term of a literal in C, and there is no literal with an atomic top level term t[x]. Observe that within the \(\textsc {Alasca} ^\theta \) rules, only maximal atomic terms in sums are being used in rule applications. This means, lifting \(\textsc {Alasca} ^\theta \) to \(\textsc {Alasca}\) is straightforward for clauses where all maximal terms in sums are not variables. Further, due to the subterm property, if a variable is maximal in a sum then it must be unshielded. Hence, the only variables we have to deal within \(\textsc {Alasca}\) rule applications are unshielded ones.
The work of [40] modifies a standard saturation algorithm by integrating it with a variable elimination rule that gets rid of unshielded variables, without compromising completeness of the calculus. Based on [40] and the variable elimination rule of [3], we extend \(\textsc {Alasca} ^\theta \) with the Variable Elimination Rule (VE), as given in Fig. 3b. In what follows, we show that the handling of unshielded variables in Fig. 3b can naturally be done within a standard saturation framework.
The (VE) rules replaces any clause with a set of clauses that is equivalent and does not contain unshielded variables. We assume that the clause is normalized, such that in every inequality x only occurs once with a factor 1 or \(1\), whereas for for equalities, x only occurs with factor 1. A simple example for the application of (VE) is the clause \(a  x> 0 \vee x  b > 0 \vee a + b + x \ge 0\), where \(x\in \textbf{V}\), and a, b are constants. By reasoning about inequalities, it is easy to see that this is equivalent to \(a> x \vee a + b \ge x \vee x > b\), thus further equivalent to \(a > b \vee a + b \ge b\), which illustrates the benefit of variable elimination through (VE).
Lemma 2
The conclusion of (VE) is equivalent to its premise.
\(\textsc {Alasca}\) Calculus  NonGround Version with Unification with Abstraction. We now define our lifted calculus \(\textsc {Alasca} \), as follows. Let \(\textsc {Alasca} ^\) be the calculus \(\textsc {Alasca} ^\theta \) being lifted for clauses without unshielded variables. We define \(\textsc {Alasca} \) to be \(\textsc {Alasca} ^\) chained with the variable elimination rule. That is, the result of every rule application is simplified using (VE) as long as applicable.
Theorem 5
\(\textsc {Alasca} \) is the lifting of a counterexamplereducing inference system for sets of clauses without unshielded variables.
Theorem 5 implies that \(\textsc {Alasca} \) is refutationally complete wrt \(\mathcal {A}_{\mathbb {Q}} \) for sets of clauses without unshielded variables. As (VE) can be used to preprocess arbitrary sets of clauses to eliminate all unshielded variables, we get the following.
Corollary 1
If N is a set of clauses that is unsatisfiable with respect to \(\mathcal {A}_{\mathbb {Q}} \), then N can be refuted using \(\textsc {Alasca} \).
We conclude this section by specifying the lifting of \(\textsc {Alasca} ^\theta \) to get \(\textsc {Alasca} ^\). To this end, we use our \(\textsf{uwa}\) results and properties for unification with abstraction (Sect. 4). We note that using unification modulo \( {\mathcal {A}_{\textsf{eq}}} \) would require us to develop an algorithmic approach that computes a complete set of unifiers modulo \( {\mathcal {A}_{\textsf{eq}}} \), which is a quite challenging task both in theory and in practice. Instead, using Theorem 1 and Theorem 3, we need to only specify a \(\textsf{canAbstract}\) predicate that guards interpreted functions and captures \( {\mathcal {A}_{\textsf{eq}}} \) within \(\textsf{uwa}\) . This is achieved by defining \(\textsf{canAbstract}(s,t)\) if any function symbol \(f \in \{\textsf{sym} (s), \textsf{sym} (t)\}\) is an interpreted function \(f \in \mathbb {Q}\cup \{+\}\).This choice of the \(\textsf{canAbstract}\) predicate is a slight modification of the abstraction strategy one_side_interpreted of [34]. We note that this is not the only choice for the predicate to fulfil the \(\textsf{canAbstract}\) properties. Consider for example the terms \(f(x) + a\), and \(a + b\). There is no substitution that will make these two terms equal, but our abstraction predicate introduces a constraint upon trying to unify them. In order to address this, we introduce an alternative \(\textsf{canAbstract}\) predicate that compares the atoms of a term, instead of only looking at the outer most symbol (Sect. 6).
We believe more precise abstraction predicates can improve proof search, as evidenced by our experiments using second abstraction predicate (Sect. 6).
6 Implementation and Experiments
We implemented \(\textsc {Alasca}\) ^{Footnote 2} in the extension of the Vampire theorem prover [27].
Benchmarks. We evaluated the practicality of \(\textsc {Alasca}\) using the following six sets of benchmarks, resulting all together in 6374 examples, as listed in Table 1 and detailed next. (i) We considered all sets of benchmarks from the SMTLIB repository [7] set that involve real arithmetic and uninterpreted functions, but no other theories. These are the three benchmark sets corresponding to the LRA, NRA, and UFLRA logics in SMTLIB. (ii) We further used Sledgehammer examples generated by [15], using the SMTLIB syntax. From the examples of [15], we selected those benchmarks that involve real arithmetic but no other theories. We refer to this benchmark set as SH. (iii) Finally, we also created two new sets of benchmarks, Triangular, and Limit, exploiting various mathematical properties. The Triangular suite contains variations of our motivating example from Sect. 2, and thus comes with reasoning challenges about triangular inequalities and continuous functions. The Limit benchmark set is comprised of problems that combine various limit properties of realvalued functions.
Experimental Setup. We compared our implementation against the solvers from the Arith (arithmetic) division of the SMTCOMP competition 2022. These solvers, given in columns 3–8 of Table 1, are: Cvc5 [5], Vampire [35], Yices [19], UltElim [8], SmtInt [21], and veriT [2]. We note that Vampire is run in its competition portfolio mode, which includes the work from [34]. \(\textsc {Alasca}\) uses the same portfolio but implements our modified version of unification with abstraction (Sect. 4), disabling the use of theory axioms relying on our new \(\textsc {Alasca}\) rules (Sect. 5). We ran our experiments using the SMTCOMP 2022 competition setup: based on the StarExec Iowa cluster, with a 20 minutes timeout and using 4 cores. Benchmarks, solvers and results are publicly available^{Footnote 3}.
Experimental Results. Table 1 summarizes our experimental findings and indicates the overall best performance of \(\textsc {Alasca}\). For example, \(\textsc {Alasca}\) outperforms the two best arithmetic solvers of SMTCOMP 2022 by solving 118 more problems than Cvc5 and 159 more problems than Vampire.
7 Conclusions and Future Work
We introduced the \(\textsc {Alasca}\) calculus and drastically improved the performance of superposition theorem proving on linear arithmetic. \(\textsc {Alasca}\) eliminates the use of theory axioms by introducing theoryspecific rules such as an analogue of FourierMotzkin elimination. We perform unification with abstraction with a general theoretical foundation, which, together with our variable elimination rules, serves as a replacement for unification modulo theory. Our experiments show that \(\textsc {Alasca} \) is competitive with stateoftheart theorem provers, solving more problems than any prover that entered the arithmetic division in SMTCOMP 2022. Future work includes designing an integer version of \(\textsc {Alasca}\), developing different versions for the \(\textsf{canAbstract}\) predicate, and improving literal/clause selections within \(\textsc {Alasca}\).
Notes
 1.
proofs and further details of our results can be found in [23]
 2.
available at https://github.com/vprover/vampire/tree/alasca
 3.
References
Alt, L., Blicha, M., Hyvärinen, A.E.J., Sharygina, N.: SolCMC: Solidity Compiler’s Model Checker. In: CAV, LNCS, vol. 13371, pp. 325–338, Springer (2022), https://doi.org/10.1007/9783031131851_16
Andreotti, B., Barbosa, H., Fontaine, P., Schurr, H.J.: veriT at SMTCOMP 2022. https://smtcomp.github.io/2022/systemdescriptions/veriT.pdf (2022)
Bachmair, L., Ganzinger, H.: Ordered Chaining Calculi for FirstOrder Theories of Transitive Relations. J. ACM 45(6), 1007–1049 (1998), https://doi.org/10.1145/293347.293352, https://doi.org/10.1145/293347.293352
Bachmair, L., Ganzinger, H.: Resolution Theorem Proving. In: Handbook of Automated Reasoning, pp. 19–99, Elsevier and MIT Press (2001), https://doi.org/10.1016/b9780444508133/500047
Barbosa, H., Barrett, C., Brain, M., Kremer, G., Lachnitt, H., Mohamed, A., Mohamed, M., Niemetz, A., Nötzli, A., Ozdemir, A., Preiner, M., Reynolds, A., Sheng, Y., Tinelli, C., , Zohar, Y.: CVC5 at the SMT Competition 2022. https://smtcomp.github.io/2022/systemdescriptions/cvc5.pdf (2022)
Barbosa, H., Barrett, C.W., Brain, M., Kremer, G., Lachnitt, H., Mann, M., Mohamed, A., Mohamed, M., Niemetz, A., Nötzli, A., Ozdemir, A., Preiner, M., Reynolds, A., Sheng, Y., Tinelli, C., Zohar, Y.: cvc5: A Versatile and IndustrialStrength SMT Solver. In: TACAS, LNCS, vol. 13243, pp. 415–442, Springer (2022), https://doi.org/10.1007/9783030995249_24
Barrett, C., Fontaine, P., Tinelli, C.: The Satisfiability Modulo Theories Library (SMTLIB). www.SMTLIB.org (2016)
Barth, M., Dietsch, D., Heizmann, M., Podelski, A.: Ultimate Eliminator at SMTCOMP 2022. https://smtcomp.github.io/2022/systemdescriptions/UltimateEliminator%2BMathSAT.pdf (2022)
Baumgartner, P., Bax, J., Waldmann, U.: Beagle  A Hierarchic Superposition Theorem Prover. In: CADE, LNCS, vol. 9195, pp. 367–377, Springer (2015), https://doi.org/10.1007/9783319214016_25
Bonacina, M.P., GrahamLengrand, S., Shankar, N.: Satisfiability Modulo Theories and Assignments. In: CADE, LNCS, vol. 10395, pp. 42–59, Springer (2017), https://doi.org/10.1007/9783319630465_4
Bromberger, M., Fleury, M., Schwarz, S., Weidenbach, C.: SPASSSATT  A CDCL(LA) solver. In: CADE, LNCS, vol. 11716, pp. 111–122, Springer (2019), https://doi.org/10.1007/9783030294366_7
Bruttomesso, R., Pek, E., Sharygina, N., Tsitovich, A.: The OpenSMT Solver. In: TACAS, LNCS, vol. 6015, pp. 150–153, Springer (2010), https://doi.org/10.1007/9783642120022_12
Cook, B.: Formal Reasoning About the Security of Amazon Web Services. In: CAV, LNCS, vol. 10981, pp. 38–47, Springer (2018), https://doi.org/10.1007/9783319961453_3
Cruanes, S.: Extending Superposition with Integer Arithmetic, Structural Induction, and Beyond. Ph.D. thesis, Ecole Polytechnique, Paris, France (2015)
Desharnais, M., Vukmirovic, P., Blanchette, J., Wenzel, M.: Seventeen Provers Under the Hammer. In: ITP, LIPIcs, vol. 237, pp. 8:1–8:18 (2022), https://doi.org/10.4230/LIPIcs.ITP.2022.8
Distefano, D., Fähndrich, M., Logozzo, F., O’Hearn, P.W.: Scaling Static Analyses at Facebook. Commun. ACM 62(8), 62–70 (2019), https://doi.org/10.1145/3338112
Duarte, A., Korovin, K.: Implementing Superposition in iProver (System Description). In: IJCAR, LNCS, vol. 12167, pp. 388–397, Springer (2020), https://doi.org/10.1007/9783030510541_24
Elad, N., Rain, S., Immerman, N., Kovács, L., Sagiv, M.: Summing up Smart Transitions. In: CAV, LNCS, vol. 12759, pp. 317–340, Springer (2021), https://doi.org/10.1007/9783030816858_15
GrahamLengrand, S.: YicesQS 2022, an extension of Yices for quantified satisfiability. https://smtcomp.github.io/2022/systemdescriptions/YicesQS.pdf (2022)
Gurfinkel, A.: Program Verification with Constrained Horn Clauses (Invited Paper). In: CAV, LNCS, vol. 13371, pp. 19–29, Springer (2022), https://doi.org/10.1007/9783031131851_2
Hoenicke, J., Schindler, T.: SMTInterpol with Resolution Proofs. https://smtcomp.github.io/2022/systemdescriptions/smtinterpol.pdf (2022)
Kapur, D., Narendran, P.: Doubleexponential Complexity of Computing a Complete Set of ACUnifiers. In: LICS, pp. 11–21, IEEE Computer Society (1992), https://doi.org/10.1109/LICS.1992.185515
Korovin, K., Kovács, L., Schoisswohl, J., Reger, G., Voronkov, A.: ALASCA:Reasoning in Quantified Linear Arithmetic (Extended Version). EasyChair Preprint no. 9606 (2023)
Korovin, K., Tsiskaridze, N., Voronkov, A.: Conflict Resolution. In: CP, LNCS, vol. 5732, pp. 509–523, Springer (2009), https://doi.org/10.1007/9783642042447_41
Korovin, K., Voronkov, A.: An ACCompatible KnuthBendix Order. In: CADE, LNCS, vol. 2741, pp. 47–59, Springer (2003), https://doi.org/10.1007/9783540450856_5
Korovin, K., Voronkov, A.: Integrating Linear Arithmetic into Superposition Calculus. In: CSLs, LNCS, vol. 4646, pp. 223–237, Springer (2007), https://doi.org/10.1007/9783540749158_19
Kovács, L., Voronkov, A.: FirstOrder Theorem Proving and Vampire. In: CAV, LNCS, vol. 8044, pp. 1–35, Springer (2013), https://doi.org/10.1007/9783642397998_1
de Moura, L.M., Bjørner, N.S.: Efficient EMatching for SMT Solvers. In: CADE, LNCS, vol. 4603, pp. 183–198, Springer (2007), https://doi.org/10.1007/9783540735953_13
de Moura, L.M., Bjørner, N.S.: Z3: an efficient SMT solver. In: TACAS, LNCS, vol. 4963, pp. 337–340, Springer (2008), https://doi.org/10.1007/9783540788003_24
de Moura, L.M., Jovanovic, D.: A ModelConstructing Satisfiability Calculus. In: VMCAI, LNCS, vol. 7737, pp. 1–12, Springer (2013), https://doi.org/10.1007/9783642358739_1
Nieuwenhuis, R., Rubio, A.: ParamodulationBased Theorem Proving. In: Handbook of Automated Reasoning, pp. 371–443, Elsevier and MIT Press (2001), https://doi.org/10.1016/b9780444508133/500096
Passmore, G.O.: Some Lessons Learned in the Industrialization of Formal Methods for Financial Algorithms. In: FM, LNCS, vol. 13047, pp. 717–721, Springer (2021), https://doi.org/10.1007/9783030908706_39
Reger, G., Bjørner, N.S., Suda, M., Voronkov, A.: AVATAR Modulo Theories. In: GCAI, EPiC Series in Computing, vol. 41, pp. 39–52, EasyChair (2016), https://doi.org/10.29007/k6tp
Reger, G., Suda, M., Voronkov, A.: Unification with Abstraction and Theory Instantiation in SaturationBased Reasoning. In: TACAS, LNCS, vol. 10805, pp. 3–22, Springer (2018), https://doi.org/10.1007/9783319899602_1
Reger, G., Suda, M., Voronkov, A., Kovács, L., Bhayat, A., Gleiss, B., Hajdu, M., Hozzova, P., Evgeny Kotelnikov, J.R., Rawson, M., Riener, M., Robillard, S., Schoisswohl, J.: Vampire 4.7SMT System Description. https://smtcomp.github.io/2022/systemdescriptions/Vampire.pdf (2022)
Reynolds, A., King, T., Kuncak, V.: Solving Quantified Linear Arithmetic by CounterexampleGuided Instantiation. FMSD 51(3), 500–532 (2017), https://doi.org/10.1007/s107030170290y
Schulz, S., Cruanes, S., Vukmirovic, P.: Faster, Higher, Stronger: E 2.3. In: CADE, LNCS, vol. 11716, pp. 495–507, Springer (2019), https://doi.org/10.1007/9783030294366_29
Voronkov, A.: AVATAR: The Architecture for FirstOrder Theorem Provers. In: CAV, LNCS, vol. 8559, pp. 696–710, Springer (2014), https://doi.org/10.1007/9783319088679_46
Waldmann, U.: Extending Reduction Orderings to ACUCompatible Reduction Orderings. Inf. Process. Lett. 67(1), 43–49 (1998), https://doi.org/10.1016/S00200190(98)000842
Waldmann, U.: Superposition for Divisible TorsionFree Abelian Groups. In: CADE, LNCS, vol. 1421, pp. 144–159, Springer (1998), https://doi.org/10.1007/BFb0054257
Yamada, A., Winkler, S., Hirokawa, N., Middeldorp, A.: ACKBO Revisited. Theory Pract. Log. Program. 16(2), 163–188 (2016), https://doi.org/10.1017/S1471068415000083
Acknowledgements
This work was partially supported by the ERC Consolidator Grant ARTIST 101002685, the TU Wien Doctoral College SecInt, the FWF SFB project SpyCoDe F8504, and the EPSRC grant EP/V000497/1.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2023 The Author(s)
About this paper
Cite this paper
Korovin, K., Kovács, L., Reger, G., Schoisswohl, J., Voronkov, A. (2023). ALASCA: Reasoning in Quantified Linear Arithmetic. In: Sankaranarayanan, S., Sharygina, N. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2023. Lecture Notes in Computer Science, vol 13993. Springer, Cham. https://doi.org/10.1007/9783031308239_33
Download citation
DOI: https://doi.org/10.1007/9783031308239_33
Published:
Publisher Name: Springer, Cham
Print ISBN: 9783031308222
Online ISBN: 9783031308239
eBook Packages: Computer ScienceComputer Science (R0)