Reductions to LIA*

TU Wien Guest Lectures October 2025

Nikolaj Bjørner
Microsoft Research

Example formula

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{s}~\subseteq \mathid{t}~\wedge |\mathid{s}|~=~1~\wedge |\mathid{t}~\setminus \mathid{s}|~\neq |\mathid{t}|~-~1 \end{mdmathpre}%mdk \]

See (Piskac and Kuncak2008)

Step 1 - rewrite with summations

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{s}~\subseteq \mathid{t}~\wedge |\mathid{s}|~=~1~\wedge |\mathid{t}~\setminus \mathid{s}|~\neq |\mathid{t}|~-~1 \end{mdmathpre}%mdk \]

To

\[\begin{mdmathpre}%mdk \mdmathindent{9}&~~(\sum (\mathid{e}~\in \mathid{s}~\wedge \mathid{e}~\not \in \mathid{t}))~=~0\\ \wedge &~~(\sum \mathid{e}~\in \mathid{s})~=~1~~~~~~~\\ \wedge &~~(\sum (\mathid{e}~\in \mathid{t}~\wedge \mathid{e}~\not \in \mathid{s}))~\neq (\sum \mathid{e}~\in \mathid{t})~-~1 \end{mdmathpre}%mdk \]

Step 2 - Introduce auxiliary variables

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{s}~\subseteq \mathid{t}~\wedge |\mathid{s}|~=~1~\wedge |\mathid{t}~\setminus \mathid{s}|~\neq |\mathid{t}|~-~1 \end{mdmathpre}%mdk \]
\[\begin{mdmathpre}%mdk \mdmathindent{9}\\ \mdmathindent{7}&~~(\sum (\mathid{e}~\in \mathid{s}~\wedge \mathid{e}~\not \in \mathid{t}))~=~0~\\ \wedge &~~(\sum \mathid{e}~\in \mathid{s})~=~1~~~~~~~\\ \mdmathindent{1}\wedge &~~(\sum \mathid{e}~\in \mathid{u})~\neq (\sum \mathid{e}~\in \mathid{t})~-~1\\ \mdmathindent{1}\wedge &~~(\sum \mathid{e}~\in \mathid{u}~\not\leftrightarrow \mathid{e}~\in \mathid{t}~\wedge \mathid{e}~\not \in \mathid{s})~=~0 \end{mdmathpre}%mdk \]

Step 3 - Combine summations

\[\begin{mdmathpre}%mdk \mdmathindent{8}&~\mathid{k}_\mathid{s}~=~1~\\ \mdmathindent{1}\wedge &~\mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1~\\ \mdmathindent{1}\wedge &~(\mathid{k}_\mathid{s},~\mathid{k}_\mathid{t},~\mathid{k}_\mathid{u})~\in \sum (\mathid{e}~\in \mathid{s},~\mathid{e}~\in \mathid{t},~\mathid{e}~\in \mathid{u})~&~\mid (\mathid{e}~\not \in \mathid{s}~\vee \mathid{e}~\in \mathid{t})~\\ \mdmathindent{8}&~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&~\wedge (\mathid{e}~\in \mathid{u}~\leftrightarrow \mathid{e}\in \mathid{t}~\wedge \mathid{e}~\not\in \mathid{s}) \end{mdmathpre}%mdk \]
  • Cardinality constraints added to LIA formula
  • Set constraints are under summations

Step 4 - Boolean reduction

\[\begin{mdmathpre}%mdk \mdmathindent{8}&~\mathid{k}_\mathid{s}~=~1~\\ \mdmathindent{1}\wedge &~\mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1~\\ \mdmathindent{1}\wedge &~\displaystyle (\mathid{k}_\mathid{s},~\mathid{k}_\mathid{t},~\mathid{k}_\mathid{u})~\in \sum_{(\mathid{b}_\mathid{s},~\mathid{b}_\mathid{t},~\mathid{b}_\mathid{u})~\in \mathid{Bool}^3}~&~\mid (\neg \mathid{b}_\mathid{s}~\vee \mathid{b}_\mathid{t})~\\ \mdmathindent{8}&~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~&~\wedge (\mathid{b}_\mathid{u}~\leftrightarrow \mathid{b}_\mathid{t}~\wedge \neg \mathid{b}_\mathid{s}) \end{mdmathpre}%mdk \]

Boolean Reduction - General form

\[\begin{mdmathpre}%mdk \mdmathindent{12}&~\mathid{F}_1(\vec{\mathid{k}})~\land \vec{\mathid{k}}~\in \sum_{\vec{\mathid{b}}}~\mathid{F}_2(\vec{\mathid{b}})\\ \mdmathindent{8}\mathid{F}_1:~&~\mathid{k}_\mathid{s}~=~1~~\wedge \mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1~\\ \mdmathindent{8}\mathid{F}_2:~&~~(\neg \mathid{b}_\mathid{s}~\vee \mathid{b}_\mathid{t})~\wedge (\mathid{b}_\mathid{u}~\leftrightarrow \mathid{b}_\mathid{t}~\wedge \neg \mathid{b}_\mathid{s}) \end{mdmathpre}%mdk \]

Solving B*

Claim: for set cardinalities we are creating sets based on semi-linear combinations of vectors based on Boolean assignments. Thus, the vectors are based on satisfying implicants of the formula $F$ under $\sum$.

General form:

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{F}_1(\vec{\mathid{k}})~\wedge \vec{\mathid{k}}~\in \sum_{\vec{\mathid{b}}}~\mathid{F}_2(\vec{\mathid{b}}) \end{mdmathpre}%mdk \]

Define

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{F}_2^*(\vec{\mathid{k}})~&~:=~&~\vec{\mathid{k}}~\in \sum_{\vec{\mathid{b}}}~\mathid{F}_2(\vec{\mathid{b}}) \end{mdmathpre}%mdk \]

Solving B* with Constrained Horn Clauses (CHC)

\[\begin{mdmathpre}%mdk \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{0})\\ \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}})~\wedge \mathid{F}_2(\vec{\mathid{b}})~&~\implies &~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}}~+~\vec{\mathid{b}})\\ \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}})~~~~~~~~~~~~~~~~~~~~~&~\implies &~\neg \mathid{F}_1(\vec{\mathid{k}}) \end{mdmathpre}%mdk \]

If this is satisfiable with solution $F_2^*$, then $F_1(\vec{k}) \wedge F_2^*(\vec{k})$ is UNSAT.

Justification:

  • if $\widehat{F}_2^*(\vec{k})$ is a solution to CHC, then ${F}_2^*(\vec{k}) \implies \widehat{F}_2^*(\vec{k})$.

Solving B* with CHC

\[\begin{mdmathpre}%mdk \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{0})\\ \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}})~\wedge \mathid{F}_2(\vec{\mathid{b}})~&~\implies &~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}}~+~\vec{\mathid{b}})\\ \mdmathindent{2}&~\widehat{\mathid{F}}_2^*(\vec{\mathid{k}})~~~~~~~~~~~~~~~~~~~~~&~\implies &~\neg \mathid{F}_1(\vec{\mathid{k}}) \end{mdmathpre}%mdk \]

Conversely, if there is some set of assignments $F_2(\vec{b}_1) \wedge \ldots \wedge F_2(\vec{b}_k)$, such that $F_1(\sum \vec{b}_i)$, then it shows that $F_1(\vec{k}) \wedge \vec{k} \in \sum_{\vec{b}} F_2(\vec{b})$.

State reachability - example

\[\begin{mdmathpre}%mdk \mdmathindent{8}\mathid{F}_1:~&~\mathid{k}_\mathid{s}~=~1~~\wedge \mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1~\\ \mdmathindent{8}\mathid{F}_2:~&~~(\neg \mathid{b}_\mathid{s}~\vee \mathid{b}_\mathid{t})~\wedge (\mathid{b}_\mathid{u}~\leftrightarrow \mathid{b}_\mathid{t}~\wedge \neg \mathid{b}_\mathid{s}) \end{mdmathpre}%mdk \]

Solutions to $F_2$ are $\{ (0, 0, 0), (1, 1, 0), (0, 1, 1) \}$.

Set $U^* := (k_s, k_t, k_u) = n_1(1,1,0) + n_2(0,1,1) \wedge n_1 \geq 0 \wedge n_2 \geq 0$.

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{k}_\mathid{s}~=~1~=~\mathid{n}_1~\geq 0~\wedge \mathid{k}_\mathid{t}~=~\mathid{n}_1~+~\mathid{n}_2~\wedge \mathid{k}_\mathid{u}~=~\mathid{n}_2~\wedge \mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1 \end{mdmathpre}%mdk \]

it is unsat

B* represents a special case vector addition system

  • Pretend it as a state-machine where the initial state is $\vec{0}$.

  • $F_2(\vec{b})$ tells us the space of possible increments.

  • The increments are independent of the current state.

  • Each vector fits within a cube (each coordinate is either 0 or 1).

State reachability is decidable

  • Z3 contains an engine for Horn clauses (PDR/SPACER).

  • Simple algorithm: Enumerate all solutions $\vec{b}^i$ to $F_2(\vec{b}^i)$.

  • Check satisfiability of $F_1(\sum n^i \cdot \vec{b}^i) \wedge \bigwedge_k n^i \geq 0$.

From PDR to conflicts

  • Assume we have a set of literals over set constraints and cardinalities of sets.

  • We want to check satisfiability of them.

  • Extract $F_1, F_2^*$, solve for $\widehat{F}^*_2$.

    • If the system is unsat: it means there is some solution for sets that satisfy the cardinality constraints.
    • if the system has a solution: it means the conjunction of set constraints cannot satisfy the cardinality constraints.
      • we could look for a subset of set constraints that are sufficient using the unsat core from cardinality constraints.

State reachability refinements

  • Start with initial state $U := \emptyset, U^*(\vec{k}) := (\vec{k} = \sum_{b^i \in U} n^i \cdot b^i) \wedge \bigwedge_i n^i \geq 0$,
    $O := \true$

  • While $F_1(\vec{k}) \land U^*$ is unsat and $O \wedge \neg F_1(\vec{k})$ is sat:

    • Check sat of $U^*(\vec{k}) \wedge F_2(\vec{b}) \land \neg U^*(\vec{k}+\vec{b})$.
      • Add new solution $U := U \cup \{ \vec{b}^i \}$.
      • If there are no new solutions $U$ is completed.
    • Dual process for strengthening $O$.

Over-approximations

\[\begin{mdmathpre}%mdk \mdmathindent{8}\mathid{F}_1:~&~\mathid{k}_\mathid{s}~=~1~~\wedge \mathid{k}_\mathid{u}~\neq \mathid{k}_\mathid{t}~-~1~\\ \mdmathindent{8}\mathid{F}_2:~&~~(\neg \mathid{b}_\mathid{s}~\vee \mathid{b}_\mathid{t})~\wedge (\mathid{b}_\mathid{u}~\leftrightarrow \mathid{b}_\mathid{t}~\wedge \neg \mathid{b}_\mathid{s}) \end{mdmathpre}%mdk \]
\[\begin{mdmathpre}%mdk \mdmathindent{2}&~\mathid{k}_\mathid{s}~\geq 0\\ \wedge &~\mathid{k}_\mathid{s}~=~0~\implies \mathid{k}_\mathid{u}~=~\mathid{k}_\mathid{t}\\ \wedge &~\mathid{k}_1~=~1~\implies \mathid{k}_\mathid{u}~=~\mathid{k}_\mathid{t}~-~1 \end{mdmathpre}%mdk \]

Solving Over-approximations

(set-logic HORN)
(declare-fun F2Star (Int Int Int) Bool)
(define-fun F2 ((bs Int) (bt Int) (bu Int)) Bool 
    (and (<= 0 bs) (<= bs 1)
         (<= 0 bt) (<= bt 1)
         (<= 0 bu) (<= bu 1)
         (or (= bs 0) (= bt 1))
         (= (= bu 1) (and (= bt 1) (= bs 0)))))
(define-fun F1 ((ks Int) (kt Int) (ku Int)) Bool
    (and (= ks 1) (not (= ku (- kt 1)))))

(assert (F2Star 0 0 0))
(assert (forall ((ks Int) (kt Int) (ku Int) (bs Int) (bt Int) (bu Int))
             (=> (and (F2Star ks kt ku) (F2 bs bt bu)) (F2Star (+ ks bs) (+ kt bt) (+ ku bu)))))


(assert (forall ((ks Int) (kt Int) (ku Int))
(=> (F2Star ks kt ku) (not (F1 ks kt ku)))))

(check-sat)
(get-model)

Theory combination

Not all set constraints are pure.

  • $X = \{ x \}$ means the set $X$ is a singleton set and if $Y = \{ y \}$ with $x \not\simeq y$, then $Y \neq X$.
  • Abstract singleton constraints as sets of size 1 for variables that are distinct. Track distinctness assumptions.

Claim: we can eliminate singleton sets and just consider set variables with cardinality 1 from the point of view of the set solver.

  • Can anything reasonable be done with ranges, subsets, map?

Integration - Outline

  • Set of literals $\mathcal{L}$ over set constraints.
  • All sub-expressions with cardinality operators
  • Sub-terms over sets $s \equiv t \cup v, \ldots$.
  • Introduce fresh variables for sub-term definitions.
  • Define $F_2^*$ for equality constraints.
  • Define $F_1$ for cardinality operators, arithmetic constraints and set disequalities.
  • Check reachability.

The extra mile

What if we want to solve CHC over finite sets (not just Boolean programs)?

\[\begin{mdmathpre}%mdk \mdmathindent{2}\mathid{R}(\emptyset)~\\ \mdmathindent{2}\mathid{R}(\mathid{s})~\wedge \mathid{x}~\in \mathid{s}~&~\implies &~\mathid{R}(\mathid{s}~\cup \{~\mathid{x}~+~2\})\\ \mdmathindent{2}\mathid{R}(\mathid{s})~\wedge \mathid{x}~\in \mathid{s}~&~\implies &~4~\uparrow \mathid{x} \end{mdmathpre}%mdk \]
  • Is there a (non-trivial) class of CHC over finite sets that is solvable?
  • Trivial := finite sets over finite base sorts

Bibliography

Ruzica Piskac, and Viktor Kuncak. “Decision Procedures for Multisets with Cardinality Constraints.” In Verification, Model Checking, and Abstract Interpretation, 9th International   Conference, VMCAI 2008, San Francisco, USA, January 7-9, 2008, Proceedings, edited by Francesco Logozzo, Doron A. Peled, and Lenore D. Zuck, 4905:218–232. Lecture Notes in Computer Science. Springer. 2008. doi:10.1007/978-3-540-78163-9_20🔎