From 2edc04bdfdac32ce899c98c4a8887c037b1f6a3f Mon Sep 17 00:00:00 2001 From: Andrew Reynolds Date: Thu, 8 Oct 2020 17:10:36 -0500 Subject: (proof-new) Fixes and improvements for smt proof postprocessor (#5197) This includes several subtle issues encountered in the past month based on our regressions. It also improves the expansion forms of MACRO_ rules to use EQ_RESOLVE instead of a TRUE_INTRO/TRUE_ELIM scheme. This is both more compact and avoids cyclic proofs for some corner cases of proofs with Boolean constant equalites. --- src/expr/proof_rule.h | 33 ++++++++++++++++++++++++--------- 1 file changed, 24 insertions(+), 9 deletions(-) (limited to 'src/expr/proof_rule.h') diff --git a/src/expr/proof_rule.h b/src/expr/proof_rule.h index 9324f68c2..1583bdc3d 100644 --- a/src/expr/proof_rule.h +++ b/src/expr/proof_rule.h @@ -129,14 +129,21 @@ enum class PfRule : uint32_t // --------------------------------------------------------------- // Conclusion: F // where - // Rewriter{idr}(toWitness(F)*sigma{ids}(Fn)*...*sigma{ids}(F1)) == true + // Rewriter{idr}(F*sigma{ids}(Fn)*...*sigma{ids}(F1)) == true // where ids and idr are method identifiers. // - // Notice that we apply rewriting on the witness form of F, meaning that this + // More generally, this rule also holds when: + // Rewriter::rewrite(toWitness(F')) == true + // where F' is the result of the left hand side of the equality above. Here, + // notice that we apply rewriting on the witness form of F', meaning that this // rule may conclude an F whose Skolem form is justified by the definition of - // its (fresh) Skolem variables. Furthermore, notice that the rewriting and - // substitution is applied only within the side condition, meaning the - // rewritten form of the witness form of F does not escape this rule. + // its (fresh) Skolem variables. For example, this rule may justify the + // conclusion (= k t) where k is the purification Skolem for t, whose + // witness form is (witness ((x T)) (= x t)). + // + // Furthermore, notice that the rewriting and substitution is applied only + // within the side condition, meaning the rewritten form of the witness form + // of F does not escape this rule. MACRO_SR_PRED_INTRO, // ======== Substitution + Rewriting predicate elimination // @@ -165,11 +172,13 @@ enum class PfRule : uint32_t // ---------------------------------------- // Conclusion: G // where - // Rewriter{idr}(toWitness(F)*sigma{ids}(Fn)*...*sigma{ids}(F1)) == - // Rewriter{idr}(toWitness(G)*sigma{ids}(Fn)*...*sigma{ids}(F1)) + // Rewriter{idr}(F*sigma{ids}(Fn)*...*sigma{ids}(F1)) == + // Rewriter{idr}(G*sigma{ids}(Fn)*...*sigma{ids}(F1)) // - // Notice that we apply rewriting on the witness form of F and G, similar to - // MACRO_SR_PRED_INTRO. + // More generally, this rule also holds when: + // Rewriter::rewrite(toWitness(F')) == Rewriter::rewrite(toWitness(G')) + // where F' and G' are the result of each side of the equation above. Here, + // witness forms are used in a similar manner to MACRO_SR_PRED_INTRO above. MACRO_SR_PRED_TRANSFORM, //================================================= Processing rules @@ -224,6 +233,12 @@ enum class PfRule : uint32_t // where F is an existential (exists ((x T)) (P x)) used for introducing // a witness term (witness ((x T)) (P x)). WITNESS_AXIOM, + // where F is an equality (= t t') that holds by a form of rewriting that + // could not be replayed. + TRUST_REWRITE, + // where F is an equality (= t t') that holds by a form of substitution that + // could not be replayed. + TRUST_SUBS, //================================================= Boolean rules // ======== Resolution -- cgit v1.2.3