A Practical Decision Procedure for Arithmetic with Function Symbols

Robert E. Shostak
1979 Journal of the ACM  
A practical procedure is presented for an extension of quantifier-free Presburger arithmetic that permits arbitrary unmterpreted predicate and function symbols This theory includes many of the formulas one tends to encounter in program venficatlon and is powerful enough to encode the semantics of array operators as well as MAX, MIN, and ABSVALUE An implementation of the procedure has proved to be of great value in a program verlficauon system developed at SRI for the United States Air Force KEY
more » ... WORDS AND PHRASES theorem-proving, Presburger anthmeUc, program verification CR CATEGORIES 3 64, 3 66, 5 21 Introduction The procedure described here operates over an extension of the class of unquantified Presburger formulas. Briefly, Presburger formulas are those that can be budt up from integers, integer variables, addmon, l the usual arithmetical relations (<, _<, >, _>, =), and the first-order logical connectwes. The formula (Vx)(3y)3x + y = 2 D x < y, for example, falls within the class. The subclass of unquanufied Presburger formulas consists of those Presburger formulas having no quanttfiers. The extension of unquantified Presburger we shall be dealing with introduces, for each n _> 0, an unlimited number of n-ary function symbols (mterpreted as functions from Z n to Z) and n-ary predicate symbols (interpreted as relations over Zn). The formula x <f~fl) + 1 /kJ~y) _< x ~ (P(x, y) ~ P(f(y), y)), for example, is a member of the extended class. One can easily check that this particular formula is valid, that is, that it evaluates to true for all integers x, y, z, no matter what monadic integer funcuon is assigned tof and dyadic integer relation to P. Function symbols may appear in any term context and may have arbitrary terms as arguments, including expressions containing function symbols. For example, the formula g(x + 2f(y)) = 4 is a member of the class. The extended theory includes a surprisingly large proportion of the formulas encountered m program verification. It is particularly well suited to programs that mampulate arrays and other data structures that can be modeled as uninterpreted functions. The semantics
doi:10.1145/322123.322137 fatcat:kjinrvaiebeqnkp5xer2eonnke